prysm-pulse/tools/cluster-pk-manager
Preston Van Loon eb2abbdd8b
libfuzz based tests (#5095)
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* use opt for fuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge branch 'go-1.14-libfuzz' of github.com:prysmaticlabs/prysm into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* use ubuntu as the default build image
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge branch 'master' of github.com:prysmaticlabs/prysm into go-1.14-libfuzz
* Move fuzz tests
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge branch 'go-1.14-libfuzz' of github.com:prysmaticlabs/prysm into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* making progress on p2p fuzz
* Merge branch 'go-1.14-libfuzz' of github.com:prysmaticlabs/prysm into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* use a single stream repeatedly
* use a single stream repeatedly
* use many streams
* fixes
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge branch 'master' of github.com:prysmaticlabs/prysm into go-1.14-libfuzz
* Merge branch 'master' of github.com:prysmaticlabs/prysm into go-1.14-libfuzz
* Add basic test for ssz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge branch 'master' of github.com:prysmaticlabs/prysm into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge branch 'master' of github.com:prysmaticlabs/prysm into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Use a custom go_library to add libfuzzer
* delete old corpus, fix rpc_status_fuzz
* move fuzz.bzl
* minor fixes
* Merge branch 'go-1.14-libfuzz' of github.com:prysmaticlabs/prysm into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* add c-shared library (doesnt work)
* Merge branch 'go-1.14-libfuzz' of github.com:prysmaticlabs/prysm into go-1.14-libfuzz
* fix build
* fixes
* Merge refs/heads/master into go-1.14-libfuzz
* lint
* more lint
* Merge branch 'go-1.14-libfuzz' of github.com:prysmaticlabs/prysm into go-1.14-libfuzz
* more lint
* allow environment variable
* Merge refs/heads/master into go-1.14-libfuzz
* Add a fuzzit image with the beacon_states
* Merge branch 'go-1.14-libfuzz' of github.com:prysmaticlabs/prysm into go-1.14-libfuzz
* lint
* readme
* lint
* fix lint again i think
* gaz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* breakup deps
* Merge branch 'go-1.14-libfuzz' of github.com:prysmaticlabs/prysm into go-1.14-libfuzz
* don't panic on failure
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* panic if no beacon states to read
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* update rules_foreign_cc
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* remove c_shared target, manually tag tests
* Add readme to fuzz package
* delete a few comments
* delete a few comments
* lint
* gaz
* gaz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
* Merge refs/heads/master into go-1.14-libfuzz
2020-05-05 07:22:26 +00:00
..
2020-05-05 07:22:26 +00:00
2020-05-05 07:22:26 +00:00

Cluster private key management tool

This is a primative tool for managing and delegating validator private key assigments within the kubernetes cluster.

Design

When a validator pod is initializing within the cluster, it requests a private key for a deposited validator. Since pods are epheremal, scale up/down quickly, there needs to be some service to manage private key allocations, validator deposits, and re-allocations of previously in-use private keys from terminated pods.

Workflow for bootstraping a validator pod

  1. Request n private keys from the pk manager.
  2. If unallocated private keys exist (from previously terminated pods), assign to the requesting pod.
  3. If there are not at least n keys not in use, generate new private keys, and make the deposits on behalf of these newly generated private keys.
  4. Write the key allocations to a persistent datastore and fulfill the request.
  5. The client uses these private keys to act as deposited validators in the system.

Server

The server manages the private key database, allocates new private keys, makes validator deposits, and fulfills requests from pods for private key allocation.

Database structure

There are two buckets for the server, unallocated keys and allocated keys.

Unallocated keys bucket:

key value
private key nil

Allocated keys bucket:

key value
pod name list of private keys

Key management design

There are two types of operations with regards to private keys:

  • Allocate(podName, keys)
  • UnallocateAllKeys(podName)

Allocating keys will first check and attempt to recycle existing, unused keys. If there are no unused keys available (or not enough), new keys are deposited.

Unallocating keys happens when a pod is destroyed. This should return all of that's pods' keys to the unallocated keys bucket.

Assignments HTTP Page /assignments

The server exposes an HTTP page which maps pod names to public keys. This may be useful for determining which logs to follow for a given validator.

Client

The client makes the private key request with a given pod name and generates a keystore with the server response.