Commit Graph

21 Commits

Author SHA1 Message Date
Paul Meyer
02fc3dc635
measurements: refactor validation option (#1462)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-22 11:47:39 +01:00
Otto Bittner
f0db5d0395
cli: restructure upgrade apply (#1319)
Applies the updated NodeVersion object with one request
instead of two. This makes sure that the first request does
not accidentially put the cluster into a "updgrade in progress"
status. Which would lead users to having to run apply twice.
2023-03-03 09:38:23 +01:00
Otto Bittner
984f0589d2
cli: upgrade errors for microservice (#1259)
Handle invalid upgrade errors similarly as for images and k8s.
2023-02-28 10:23:09 +01:00
Otto Bittner
50646b2a10 cli: refactor upgrade apply cmd to match name
* `upgrade apply` will try to make the locally configured and
actual version in the cluster match by appling necessary
upgrades.
* Skip image or kubernetes upgrades if one is already
in progress.
* Skip downgrades/equal-as-running versions
* Move NodeVersionResourceName constant from operators
to internal as its needed in the CLI.
2023-02-15 16:44:47 +01:00
Otto Bittner
7db584a88e cli: move upgradeApply logic into separate functions
* introduce handleImageUpgrade & handleServiceUpgrade
* rename cloudUpgrader.Upgrade to UpgradeImage
* remove helm flag
* remove hint about development status
2023-02-15 16:44:47 +01:00
Otto Bittner
c275464634 cli: change upgrade-plan to upgrade-check
Upgrade check is used to find updates for the current cluster.
Optionally the found upgrades can be persisted to the config
for consumption by the upgrade-execute cmd.
The old `upgrade execute` in this commit does not work with
the new `upgrade plan`.
The current versions are read from the cluster.
Supported versions are read from the cli and the versionsapi.
Adds a new config field MicroserviceVersion that will be used
by `upgrade execute` to update the service versions.
The field is optional until 2.7
A deprecation warning for the upgrade key is printed during
config validation.
Kubernetes versions now specify the patch version to make it
explicit for users if an upgrade changes the k8s version.
2023-02-08 12:30:01 +01:00
Fabian Kammel
82a0fcbb9d
upgrade: fix broken reference from constellation-os to constellation-version (#939)
* update constellation-os to constellation-version references
* update nodeimage to nodeversion in CRD type name
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2023-01-11 16:07:07 +01:00
Otto Bittner
075a0e0ad6 cli: ask user to confirm cert-manager upgrades 2023-01-05 17:19:05 +01:00
Otto Bittner
e7c7e35f51 cli: create backups for CRDs and their resources
These backups could be used in case an upgrade
misbehaves after helm declared it as successful.
The manual backups are required as helm-rollback
won't touch custom resources and changes to CRDs
delete resources of the old version.
2023-01-05 16:52:06 +01:00
Daniel Weiße
942d11a4c8
Only upgrade helm releases if versions changed (#818)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-12-22 12:30:04 +01:00
Otto Bittner
efcd0337b4
Microservice upgrades (#729)
Run with: constellation upgrade execute --helm.
This will only upgrade the helm charts. No config is needed.

Upgrades are implemented via helm's upgrade action, i.e. they
automatically roll back if something goes wrong. Releases could 
still be managed via helm, even after an upgrade with constellation
has been done.

Currently not user facing as CRD/CR backups are still in progress.
These backups should be automatically created and saved to the 
user's disk as updates may delete CRs. This happens implicitly 
through CRD upgrades, which are part of microservice upgrades.
2022-12-19 16:52:15 +01:00
Malte Poll
ebf852b3ba Add image update API and use for "upgrade plan" 2022-11-30 12:35:12 +01:00
Daniel Weiße
67d0424f0e
AB#2639 Add functions to fetch k8s and helm version of Constellation (#637)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-24 16:39:33 +01:00
Daniel Weiße
f8001efbc0
Refactor enforced/expected PCRs (#553)
* Merge enforced and expected measurements

* Update measurement generation to new format

* Write expected measurements hex encoded by default

* Allow hex or base64 encoded expected measurements

* Allow hex or base64 encoded clusterID

* Allow security upgrades to warnOnly flag

* Upload signed measurements in JSON format

* Fetch measurements either from JSON or YAML

* Use yaml.v3 instead of yaml.v2

* Error on invalid enforced selection

* Add placeholder measurements to config

* Update e2e test to new measurement format

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-24 10:57:58 +01:00
Fabian Kammel
bb76a4e4c8
AB#2512 Config secrets via env var & config refactoring (#544)
* refactor measurements to use consistent types and less byte pushing
* refactor: only rely on a single multierr dependency
* extend config creation with envar support
* document changes
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-15 15:40:49 +01:00
Fabian Kammel
81a5907f26
consistently use stdout and stderr (#502)
* consistently use stdout and stderr
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-10 10:27:24 +01:00
Malte Poll
743f5fa627 Remove all traces of CoreOS from the codebase 2022-10-21 11:04:25 +02:00
katexochen
ba6e41ed5c Upgrade go module to v2 2022-09-22 09:10:19 +02:00
Thomas Tendyck
bd63aa3c6b add license headers
sed -i '1i/*\nCopyright (c) Edgeless Systems GmbH\n\nSPDX-License-Identifier: AGPL-3.0-only\n*/\n' `grep -rL --include='*.go' 'DO NOT EDIT'`
gofumpt -w .
2022-09-05 09:17:25 +02:00
Daniel Weiße
ce02878019
AB#2308 / AB#2317 constellation upgrade plan (#3)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-31 11:59:07 +02:00
Daniel Weiße
7c832273fd
AB#2309 constellation upgrade execute (#2)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-29 16:49:44 +02:00