related is #52 (for adjusting / decreasing the resources for a specific person)
@TheLortex tried to use the remote-tls endpoint and the albatross-client-remote-tls. Noteworthy things:
albatross-provision-ca sign of an intermediary (sub)CA is allowed even if there are no CPU -- which is slightly useless
it could as well check there to be at least one VM
Also, the albatross-client-remote-tls takes in a (client) certificate and the CA certificate -- but it expects an entire client CA chain and could locally verify that it's a good certificate before connecting to the remote (and transferring the entire unikernel). The "CA sign" could output a bundle instead of a single certifcate (though it may not know the entire chain... if there's more than one level of delegation involved).
hannesm
commented
1 year ago
related is #52 (for adjusting / decreasing the resources for a specific person)
@TheLortex tried to use the remote-tls endpoint and the albatross-client-remote-tls. Noteworthy things:
Also, the albatross-client-remote-tls takes in a (client) certificate and the CA certificate -- but it expects an entire client CA chain and could locally verify that it's a good certificate before connecting to the remote (and transferring the entire unikernel). The "CA sign" could output a bundle instead of a single certifcate (though it may not know the entire chain... if there's more than one level of delegation involved).