Otto Bittner
075a0e0ad6
cli: ask user to confirm cert-manager upgrades
2023-01-05 17:19:05 +01:00
Leonard Cohnen
25c3a8a1f3
init: add cluster version to kubernetes components
2023-01-05 14:52:09 +01:00
Paul Meyer
f9458950cb
versionsapi: change image path ( #856 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-04 17:07:16 +01:00
Paul Meyer
35d720e657
cli: deactivate spinner for debug logging
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-04 12:17:08 +01:00
Paul Meyer
3c24e3fa01
cli: move image package into cli
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-04 11:39:19 +01:00
Paul Meyer
22f43d32dd
versionsapi: use new fetcher in upgrade-plan cmd
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-04 11:39:19 +01:00
Paul Meyer
f43b653231
versionsapi: backup old API
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-04 11:39:19 +01:00
Alex Darby
97c72f5f32
cli: add verbose debug logging ( #809 )
...
* feat: add debug logging for init command
* feat: add debug logging to recover command
* feat: add debug logging for configfetchmeasurements
* feat: add debug logging for config generate
* feat: added debug logging for miniup command
* feat: add debug logging for upgrade command
* feat: add debug logging for create command
2023-01-04 10:46:29 +01:00
renovate[bot]
806f6b70dd
Update module github.com/talos-systems/talos/pkg/machinery to v1.3.1 ( #844 )
...
* Update module github.com/talos-systems/talos/pkg/machinery to v1.3.1
* Rename talos-systems/talos to siderolabs/talos
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-02 13:33:56 +01:00
Otto Bittner
efcd0337b4
Microservice upgrades ( #729 )
...
Run with: constellation upgrade execute --helm.
This will only upgrade the helm charts. No config is needed.
Upgrades are implemented via helm's upgrade action, i.e. they
automatically roll back if something goes wrong. Releases could
still be managed via helm, even after an upgrade with constellation
has been done.
Currently not user facing as CRD/CR backups are still in progress.
These backups should be automatically created and saved to the
user's disk as updates may delete CRs. This happens implicitly
through CRD upgrades, which are part of microservice upgrades.
2022-12-19 16:52:15 +01:00
Malte Poll
4a8ebfd921
OS images: use "ref", "stream" and "version"
...
Switch azure default region to west us
Update find-image script to work with new API spec
Add version for every os image build
generate measurements: Use new API paths
CLI: config fetch measurements: Use image short versions to fetch measurements
CLI: allows shortnames to specify image in config
Image build pipeline: Change paths to contain "ref" and "stream"
2022-12-09 13:37:43 +01:00
Paul Meyer
f23a2fe073
hack: implement new api for add-version script
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-09 13:37:43 +01:00
Moritz Sanft
286803fb97
AB#2579 Add constellation iam create command ( #624 )
2022-12-07 11:48:54 +01:00
Moritz Sanft
85e7b836a3
AB#2651 Compatibility warning for MiniConstellation ( #713 )
2022-12-07 10:20:01 +01:00
Paul Meyer
9c9c8e3d46
versionsapi: rename package
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-02 18:49:17 +01:00
Leonard Cohnen
0c71cc77f6
joinservice: use configmap for k8s components
2022-12-02 14:34:38 +01:00
Malte Poll
9537fb73c0
use constants for default CDN paths
2022-11-30 12:35:12 +01:00
Malte Poll
9bccf26ccf
move update api
2022-11-30 12:35:12 +01:00
Malte Poll
ebf852b3ba
Add image update API and use for "upgrade plan"
2022-11-30 12:35:12 +01:00
Leonard Cohnen
3b6bc3b28f
initserver: add client verification
2022-11-28 19:34:02 +01:00
Daniel Weiße
d52f3db2a3
AB#2644 Fetch measurements from CDN ( #653 )
...
* Fetch measurements from CDN
* Perform metadata validation on fetched measurements
* Remove deprecated public bucket
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-28 10:27:33 +01:00
Daniel Weiße
1968dfe70c
Add warning about non retriable error during init ( #644 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-25 10:02:12 +01:00
Daniel Weiße
67d0424f0e
AB#2639 Add functions to fetch k8s and helm version of Constellation ( #637 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-24 16:39:33 +01:00
Daniel Weiße
f8001efbc0
Refactor enforced/expected PCRs ( #553 )
...
* Merge enforced and expected measurements
* Update measurement generation to new format
* Write expected measurements hex encoded by default
* Allow hex or base64 encoded expected measurements
* Allow hex or base64 encoded clusterID
* Allow security upgrades to warnOnly flag
* Upload signed measurements in JSON format
* Fetch measurements either from JSON or YAML
* Use yaml.v3 instead of yaml.v2
* Error on invalid enforced selection
* Add placeholder measurements to config
* Update e2e test to new measurement format
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-24 10:57:58 +01:00
Malte Poll
575b6e93f6
CLI: use global image version field
...
- Restructure config by removing CSP-specific image references
- Add global image field
- Download image lookup table on create
- Download QEMU image on QEMU create
2022-11-23 15:47:46 +01:00
Leonard Cohnen
1e98b686b6
kubernetes: verify Kubernetes components
2022-11-23 10:48:03 +01:00
Otto Bittner
6b2d9d16f8
Remove obsolote revive comments
2022-11-23 08:35:12 +01:00
Otto Bittner
1362e40f53
Surpress argument-limit errors and add TODO. ( #603 )
2022-11-21 17:31:01 +01:00
Daniel Weiße
1f9b6ba90f
Add debug logging for verify command ( #610 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-21 17:02:33 +01:00
Malte Poll
74aabe86fa
Move PCR[8] -> PCR[12]
2022-11-18 10:37:45 +01:00
Daniel Weiße
b966f57a2f
AB#2554 GCP CSI driver deployment ( #532 )
...
* Allow enabling/disabling of CSI driver through config
* Fix inconsistent namespace parsing
* Deploy GCP CSI driver on init
* Update invalid pod tolerations
* Add generate script for CSI charts
* Update generateCilium script
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-18 10:05:02 +01:00
Fabian Kammel
feae4a86bc
reserve enough time for stable tests ( #564 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-17 17:30:35 +01:00
Nils Hanke
6e5895f200
User-friendlier errors
2022-11-17 13:49:34 +01:00
Nils Hanke
4a2cba988c
Create separate Terraform workspace directory
2022-11-17 13:49:34 +01:00
Fabian Kammel
bb76a4e4c8
AB#2512 Config secrets via env var & config refactoring ( #544 )
...
* refactor measurements to use consistent types and less byte pushing
* refactor: only rely on a single multierr dependency
* extend config creation with envar support
* document changes
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-15 15:40:49 +01:00
Daniel Weiße
a07cab4b97
Update go-tpm dependency ( #533 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-14 09:02:56 +01:00
Nils Hanke
db27a6a0dd
Increase timeout for fetch-measurements
2022-11-11 11:38:50 +01:00
Fabian Kammel
b92b3772ca
Remove access manager ( #470 )
...
* remove access manager from code base
* document new node ssh workflow
* keep config backwards compatible
* slow down link checking to prevent http 429
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-11 08:44:36 +01:00
Nils Hanke
d41174659b
Print "Initializing cluster..." on stderr
2022-11-10 17:51:14 +01:00
Nils Hanke
bc584d61fa
Switch spinner TTY detection to stderr
2022-11-10 17:51:14 +01:00
Fabian Kammel
81a5907f26
consistently use stdout and stderr ( #502 )
...
* consistently use stdout and stderr
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-10 10:27:24 +01:00
Fabian Kammel
0d12e37c96
Document exported funcs,types,interfaces and enable check. ( #475 )
...
* Include EXC0014 and fix issues.
* Include EXC0012 and fix issues.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2022-11-09 15:57:54 +01:00
Daniel Weiße
c9873f2bfb
AB#2523 Refactor GCP metadata/cloud API ( #387 )
...
* Refactor GCP metadata/cloud API
* Remove cloud controller manager from metadata package
* Remove PublicIP
* Move shared cloud packages
* Remove dead code
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-09 14:43:48 +01:00
Daniel Weiße
011f9c597d
Bring in changes from release branch ( #479 )
...
* Bump version to v2.2.0
* Update changelog
* Fix release detection in pipeline
* Fix PKI selection in pipeline
* Set enforced measurements for AWS
* Update default images
* Fix release docs
* Update mini-con defaults
* Fix measurements action
* Fix syft env variable naming
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-08 18:32:59 +01:00
3u13r
309a4b5196
cli: remove debug env check for AWS ( #460 )
2022-11-04 15:31:51 +01:00
Fabian Kammel
04d0c770af
limit aws cluster name len ( #454 )
...
* limit aws cluster name len down to 10, 32-character name limit in AWS
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-04 13:35:32 +01:00
Nils Hanke
19fd3a351a
Make azureCVMRxp in upgradeplan.go case-insensitive
2022-11-04 12:57:24 +01:00
Nils Hanke
4d9fbdb3d3
CI: Use lowercase image name for fetching measurements
2022-11-04 12:57:24 +01:00
Leonard Cohnen
cc38506ffa
cli: AWS does not use a service account
2022-11-02 23:29:04 +01:00
Leonard Cohnen
015b12d8ff
attestation: use AWS attestation
2022-11-02 23:29:04 +01:00