Key Transparency now works with Google Cloud Spanner on GKE

Observed performance on a small scale load test of 3M fake users:

• 50 QPS of Key Updates

Bux Fixes:

• Removes a dependency on Trillian

This release supports Google Cloud MySQL on Google Kubernetes Engine (GKE).

Changelog

• Support Kubernetes Egress with Managed TLS Certificates
  • Liveness and Readiness probes
  • Serve health checks over HTTP2
• Support for Google Cloud MySQL
• Support for IPv6
• Integration tests for Kubernetes and Docker Compose
• Update dependencies
• Update documentation

This release supports Google Cloud MySQL on Google Kubernetes Engine (GKE).

Changelog

• Support Kubernetes Egress with Managed TLS Certificates
  • Liveness and Readiness probes
  • Serve health checks over HTTP2
• Support for Google Cloud MySQL
• Support for IPv6
• Integration tests for Kubernetes and Docker Compose
• Update dependencies
• Update documentation

Commits

5e555fdd New Design Doc (#1469) 3bb12894 Acknowledgements (#1490) c6ef70f6 Use cases (#1489) 2747f89a Bump github.com/prometheus/client_golang from 1.4.1 to 1.5.0 (#1486) 98eada61 README.md # Related (#1485) 5c77bf8e Explain authorized keys (#1484) 227f1137 Use new prometheus sidecar deployment (#1483) 260f9dcf don't overwrite the ReplicaSet service label (#1482) b14c3ebd Update encrypted creds (#1481) 9ea84e6b Pickup DB_HOST env variable (#1480) c870922c Fix credential encryption (#1479) 28fc8fdf Use Cloud MySQL in GKE (#1473) fdba48b9 Update client_secrets.json.enc (#1478) 80113883 Bump github.com/golang/mock from 1.4.0 to 1.4.1 (#1477) ba1c7e0f Refactor: Move kustomize set image to it's own script (#1475) 843f369d Remove old key generation scripts (#1447) 299594e1 Bump github.com/spf13/cobra from 0.0.5 to 0.0.6 (#1470) 1ca14a61 Bump github.com/google/tink from 1.3.0-rc3 to 1.3.0-rc4 (#1471) 3a7cbeb9 Bump github.com/go-sql-driver/mysql from 1.4.1 to 1.5.0 (#1458) 8d37aca5 Remove dependency on kr/pretty (#1467) 7f8264c9 Avoid race condition in election test (#1460) 668a377f (origin/fix) Set tags for init and prometheus docker images (#1468) cd0b76c7 go mod tidy (#1466) 557aa849 (origin/master, origin/HEAD) Bump github.com/grpc-ecosystem/go-grpc-middleware from 1.1.0 to 1.2.0 (#1463) e8b6eba5 Bump github.com/golang/protobuf from 1.3.2 to 1.3.3 (#1456) a6b90612 Bump github.com/prometheus/client_golang from 1.2.1 to 1.4.1 (#1457) b821681f Bump github.com/golang/mock from 1.3.1 to 1.4.0 (#1455) 170bf261 Use a real public key in the example (#1454) 2de5509c Explain directories (#1451) 3b442e29 Use fake authentication in example (#1452) abd69677 ForceMaster election library (#1453) 128f290e GO111MODULE install directions (#1450) a9b296fd Use sandbox.keytransparency.dev as example server (#1449) 57ba06e2 Use K8 ingress for TLS termination (#1443) ab27b747 Portable docker images cleanup script (#1445) 50329f26 Split kt-secrets into kt-tls and kt-monitor (#1444) 69dad1cf Serve HTTP2 health check (#1442) d8831a26 Remove objecthash dependency (#1441) ad57ca85 Add ipv6 localhost address to self-signed-cert (#1436) b53823d7 set fresh TRAVIS_COMMIT (#1438) ac3b6cf3 Don't double encrypt (#1439) c0be6975 Use linux date format (#1437) ef79a0aa Use cmux (#1435) 9b523b6c Explicitly block until server exit 3e17ef57 return error in listern 6c71826b go runSequencer bc37ddd4 Serve HTTP2 2c8e035d Move TLS setup to listener 447bea11 rename addr 2bcb5e8c Finish comment f3c2337f Keep glog.Exit in main.go a428f0c1 Move listen to serverutil d7ee542b Use errgroup to lauch listeners 66e16754 Update heathz paths da38eb4b ServeHTTPMetrics on a separate port c99a25e9 TODO for picking a trillian release image d07737a9 travis docker swarm init be3f4f63 Fix wait scripts eac808e0 Removed unused restart param f022cd07 attachable network 9f25373c Move init to deploy script 387e1697 move build defs to dev compose file 2dd8e990 Update wait-for invocation 55bc23f1 Remove prometheus-to-sd ec244a92 Use docker-stack-wait d6471a83 docker-stack-wait.sh 7a0177de docker stack deploy e48c2570 Remove deprecated container_name option f7c27c53 Less flakey codecov (#1421) 93eafc94 Cleanup old docker images (#1430) 68e4b31a Fix Docker HEALTHCHECK (#1427) ceecf10d Fix scripts to not depend on KT being in $GOPATH (#1428) 610bdd33 Fix permissions on Prometheus config files (#1429) 926eef1f Setup liveness and readiness k8 probes (#1418) 214c0cf3 Remove kompose k8 cruft (#1425) 5c733f7c Turn on monitor integration tests (#1423) 2559372a Copy backoff module from Trillian (#1424) 850d311c Set TRAVIS_COMMIT if unset (#1422) e5421fbb Test against fresh builds (#1420)

This revision contains a variety of performance tweaks: PublishRevisions: 4s -> 1s

Technical changes:

• PublishRevisions usesAddSequencedLeaves to publish map revisions in a batch.

This release allows the Key Transparency sequencer to safely crash at any point.

The process of creating a new revision has been broken into discrete steps, each of which are check pointed to storage and will be retried if a failure occurs.

https://github.com/google/keytransparency/milestone/17 https://github.com/google/keytransparency/projects/3