kcrypt-challenger/mdns-notes.md

# Prerequisites

Nodes and KMS should be on the same local network (mdns requirement)

# Steps

- Create a cluster with a port bound to the host:

```
k3d cluster create kcrypt -p '30000:30000@server:0' 
```

(we are going to assign this port to the kcrypt challenger server and advertise it over mdns)

- Follow [the instructions to setup the kcrypt challenger server](https://github.com/kairos-io/kcrypt-challenger#installation):

```
helm repo add kairos https://kairos-io.github.io/helm-charts
helm install kairos-crd kairos/kairos-crds
```

Create the following 'kcrypt-challenger-values.yaml` file:


```yaml
service:
  challenger:
    type: "NodePort"
    port: 8082
    nodePort: 30000
```

and deploy the challenger server with it:

```bash
helm install -f kcrypt-challenger-values.yaml kairos-challenger kairos/kairos-challenger
```

- Add the sealedvolume and secret for the tpm chip:

```
apiVersion: v1
kind: Secret
metadata:
  name: example-host-tpm-secret
  namespace: default
type: Opaque
stringData:
  pass: "awesome-passphrase"
---
apiVersion: keyserver.kairos.io/v1alpha1
kind: SealedVolume
metadata:
    name: example-host
    namespace: default
spec:
  TPMHash: "5640e37f4016da16b841a93880dcc44886904392fa3c86681087b77db5afedbe"
  partitions:
    - label: COS_PERSISTENT
      secret:
        name: example-host-tpm-secret
        path: pass
  quarantined: false
```

- Start the [simple-mdns-server](https://github.com/kairos-io/simple-mdns-server)

```
go run . --port 30000 --interfaceName enp121s0 --serviceType _kcrypt._tcp --hostName mychallenger.local
```


- Start a node in manual install mode

- Replace `/system/discovery/kcrypt-discovery-challenger` with a custom build (until we merge)

- Create the following config:

```
#cloud-config

users:
  - name: kairos
    passwd: kairos

install:
  grub_options:
    extra_cmdline: "rd.neednet=1"
  encrypted_partitions:
  - COS_PERSISTENT

# Kcrypt configuration block
kcrypt:
  challenger:
    mdns: true
    challenger_server: "http://mychallenger.local"
```

- Install:

```
kairos-agent manual-install --device auto config.yaml
```
Do an mdns lookup when KMS url ends in .local Part of: https://github.com/kairos-io/kairos/issues/2069 Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> 2023-12-13 17:38:01 +00:00			`# Prerequisites`

			`Nodes and KMS should be on the same local network (mdns requirement)`

			`# Steps`

			`- Create a cluster with a port bound to the host:`

			```
			`k3d cluster create kcrypt -p '30000:30000@server:0'`
			```

			`(we are going to assign this port to the kcrypt challenger server and advertise it over mdns)`

			`- Follow [the instructions to setup the kcrypt challenger server](https://github.com/kairos-io/kcrypt-challenger#installation):`

			```
			`helm repo add kairos https://kairos-io.github.io/helm-charts`
			`helm install kairos-crd kairos/kairos-crds`
			```

Migrate mdns functions from tpm helpers to this repo because tpm has nothing to do with mdns. TODO: Remove the functions from tpm helpers and bump the module here Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> 2024-01-22 17:48:12 +00:00			Create the following 'kcrypt-challenger-values.yaml` file:
Do an mdns lookup when KMS url ends in .local Part of: https://github.com/kairos-io/kairos/issues/2069 Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> 2023-12-13 17:38:01 +00:00
Migrate mdns functions from tpm helpers to this repo because tpm has nothing to do with mdns. TODO: Remove the functions from tpm helpers and bump the module here Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> 2024-01-22 17:48:12 +00:00
			```yaml
			`service:`
			`challenger:`
			`type: "NodePort"`
Do an mdns lookup when KMS url ends in .local Part of: https://github.com/kairos-io/kairos/issues/2069 Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> 2023-12-13 17:38:01 +00:00			`port: 8082`
			`nodePort: 30000`
Migrate mdns functions from tpm helpers to this repo because tpm has nothing to do with mdns. TODO: Remove the functions from tpm helpers and bump the module here Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> 2024-01-22 17:48:12 +00:00			```

			`and deploy the challenger server with it:`

			```bash
			`helm install -f kcrypt-challenger-values.yaml kairos-challenger kairos/kairos-challenger`
Do an mdns lookup when KMS url ends in .local Part of: https://github.com/kairos-io/kairos/issues/2069 Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> 2023-12-13 17:38:01 +00:00			```

			`- Add the sealedvolume and secret for the tpm chip:`

			```
			`apiVersion: v1`
			`kind: Secret`
			`metadata:`
			`name: example-host-tpm-secret`
			`namespace: default`
			`type: Opaque`
			`stringData:`
			`pass: "awesome-passphrase"`
			`---`
			`apiVersion: keyserver.kairos.io/v1alpha1`
			`kind: SealedVolume`
			`metadata:`
			`name: example-host`
			`namespace: default`
			`spec:`
			`TPMHash: "5640e37f4016da16b841a93880dcc44886904392fa3c86681087b77db5afedbe"`
			`partitions:`
Migrate mdns functions from tpm helpers to this repo because tpm has nothing to do with mdns. TODO: Remove the functions from tpm helpers and bump the module here Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> 2024-01-22 17:48:12 +00:00			`- label: COS_PERSISTENT`
Do an mdns lookup when KMS url ends in .local Part of: https://github.com/kairos-io/kairos/issues/2069 Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> 2023-12-13 17:38:01 +00:00			`secret:`
			`name: example-host-tpm-secret`
			`path: pass`
			`quarantined: false`
			```

			`- Start the [simple-mdns-server](https://github.com/kairos-io/simple-mdns-server)`

			```
Migrate mdns functions from tpm helpers to this repo because tpm has nothing to do with mdns. TODO: Remove the functions from tpm helpers and bump the module here Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> 2024-01-22 17:48:12 +00:00			`go run . --port 30000 --interfaceName enp121s0 --serviceType _kcrypt._tcp --hostName mychallenger.local`
Do an mdns lookup when KMS url ends in .local Part of: https://github.com/kairos-io/kairos/issues/2069 Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> 2023-12-13 17:38:01 +00:00			```


			`- Start a node in manual install mode`

			- Replace `/system/discovery/kcrypt-discovery-challenger` with a custom build (until we merge)

			`- Create the following config:`

			```
			`#cloud-config`

			`users:`
			`- name: kairos`
			`passwd: kairos`

			`install:`
Add neednet grub setting to mdns notes (it's needed) Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> 2024-01-25 10:36:58 +00:00			`grub_options:`
			`extra_cmdline: "rd.neednet=1"`
Do an mdns lookup when KMS url ends in .local Part of: https://github.com/kairos-io/kairos/issues/2069 Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> 2023-12-13 17:38:01 +00:00			`encrypted_partitions:`
			`- COS_PERSISTENT`

			`# Kcrypt configuration block`
			`kcrypt:`
			`challenger:`
Implement a test for discoverable KMS Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> 2024-01-25 07:39:17 +00:00			`mdns: true`
Migrate mdns functions from tpm helpers to this repo because tpm has nothing to do with mdns. TODO: Remove the functions from tpm helpers and bump the module here Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> 2024-01-22 17:48:12 +00:00			`challenger_server: "http://mychallenger.local"`
Do an mdns lookup when KMS url ends in .local Part of: https://github.com/kairos-io/kairos/issues/2069 Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> 2023-12-13 17:38:01 +00:00			```

			`- Install:`

			```
Remove instructions that don't work after rebase Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> 2023-12-20 12:47:19 +00:00			`kairos-agent manual-install --device auto config.yaml`
Do an mdns lookup when KMS url ends in .local Part of: https://github.com/kairos-io/kairos/issues/2069 Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> 2023-12-13 17:38:01 +00:00			```