Skip to content
This repository has been archived by the owner on Jan 10, 2023. It is now read-only.

Commit

Permalink
Run metatron certificate refresh periodically inside containers
Browse files Browse the repository at this point in the history 
This includes:

- Pulling the metatron container code from a docker image, and mounting
  the executable into the user container, similar to how this is done
  for ssh containers
- Metatron systemd service (titus-metatron-sync) and timer for running
  the sync executable every N minutes
- A Netflix-specific endpoint for the executable to query to verify the
  identity of the current task. This data is signed using the agent's
  private Metatron credentials.
- Writing of the task identity struct to
  /var/lib/titus-environments/$cid.id.json to pass it off to the
  metadata service
  • Loading branch information
@rgulewich
rgulewich committed Jan 3, 2019
1 parent 1ea0346 commit b08cf82
Show file tree
Hide file tree
Showing 21 changed files with 1,219 additions and 660 deletions.
486 changes: 344 additions & 142 deletions api/netflix/titus/agent.pb.go
View file

Large diffs are not rendered by default.

56 changes: 28 additions & 28 deletions api/netflix/titus/titus_agent_api.pb.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit b08cf82

Please sign in to comment.