Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity
3,954 Commits 133 Branches 44 Tags 106 MiB
0b13c5bca9
Commit Graph

530 Commits

Author SHA1 Message Date
Markus Rudy
85b44f7f57
ci: make waiting for nodes more robust (#2981) 
* ci: make waiting for nodes more robust

After initializing the cluster, a lot of things happen in parallel and
are potentially getting in each others' way: nodes are joining,
daemonsets are proliferating, the network is being set up. During this
period, it's not unusual that the Kubernetes API server is unavailable
for a short time, e.g. due to etcd loosing quorum or load balancing
changes.

This period of instability has the potential to affect all kubectl
commands negatively, leading to problems especially for tests, where
command failures often lead to test failures. On the other hand, we'd
expect everything to be quite stable after the initial dust settles.

Therefore, this commit changes how we wait after initializing a cluster.
Until we have a reasonable expectation of readiness, we ignore command
failures and wait for things to stabilize. The cluster is considered
stable once all configured nodes and all API servers report ready.
 2024-03-13 09:42:18 +01:00
Malte Poll
5e241bcb45 deps: update Go to v1.22.1 2024-03-06 14:50:01 +01:00
Malte Poll
93eb8f0694
release: use cosign sign-blob in non-interative mode (#2953) 2024-02-29 09:40:13 +01:00
Daniel Weiße
80518379c4
ci: fix artifact naming problems in e2e test (#2948) 
* Fix potentially artifact naming in weekly tests
* Use e2e prefix for artifact naming in e2e-benchmark

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-02-27 08:59:22 +01:00
renovate[bot]
62acec17f6
deps: update Constellation containers (#2921) 
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
 2024-02-22 14:04:42 +01:00
Malte Poll
2300a31276 deps: update all 3rdparty github actions 2024-02-21 17:53:53 +01:00
Daniel Weiße
7edd6259d1
ci: fix duplicate benchmark artificat name (#2934) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-02-21 15:34:30 +01:00
Markus Rudy
98a1cfa2ca
ci: fetch latest console logs on aws (#2926) 2024-02-21 13:46:25 +01:00
renovate[bot]
abf6b4924a deps: update Python dependencies 2024-02-21 13:32:15 +01:00
Malte Poll
38ef546362 deps: update Go to 1.22.0 2024-02-20 18:27:16 +01:00
Malte Poll
980b2f0e87 ci: login to OpenStack provider 2024-02-19 18:16:45 +01:00
renovate[bot]
3765cb0762
deps: update actions/upload-artifact and actions/download-artifact action to v4 (#2756) 
* deps: update actions/upload-artifact action to v4
* deps: update actions/download-artifacts action to v4

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-07 14:50:15 +01:00
Moritz Sanft
dde3430da8
terraform: support AWS marketplace images (#2888) 
* terraform: support AWS marketplace images

* terraform-provider: support AWS marketplace images

* docs: add instructions on AWS marketplace images

* ci: adapt marketplace image test for AWS

* Update internal/config/config.go

Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>

* docs: update config

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* docs: update license information

* docs: use CSP tabs for marketplace overview

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

---------

Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2024-02-06 12:13:59 +01:00
Markus Rudy
c020f7ac20
cleanup: various minor debugging improvements (#2889) 
* ci: improve constellation_create error message

When we hit a timeout due to nodes not coming up, the actual error
message is hard to make out because it's buried in a group. With the
right formatting, the error message will be highlighted in the UI.

Another improvement is to output the state of nodes, which helps
debugging the cause of nodes not joining or not becoming ready.

* cleanup: use NodeVersionResourceName constant

... instead of literal strings.

* ci: correctly notify on e2e upgrade error

* atls: report cert extension OIDs on mismatch

If the certificate contains an attestation document for SEV-SNP, but the
given validator is for Nitro, verifyEmbeddedReport should not claim that
there is no attestation document, but that there is no _compatible_ one
and what the incompatible ones were.
 2024-02-02 16:46:28 +01:00
Moritz Sanft
d5e4435e3d
ci: reduce amount of regular tests (#2885) 
* .github: add e2e test to pr checklist

* ci: use sonobuoy quick where possible

* ci: run malicious join test on release

* ci: remove self managed infra test

* ci: remove non-example terraform test from weekly

* ci: run Sonobuoy full on the latest k8s version weekly

* ci: run weekly sonobuoy quick on all k8s versions

* ci: don't run double sonobuoy tests on latest k8s version
 2024-02-01 15:05:07 +01:00
Daniel Weiße
befc7cdf63
ci: don't delete local cached providers when uploading Terraform state (#2884) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-02-01 09:54:40 +01:00
Adrian Stobbe
9b547bced0
ci: v2.15 post-release cleanup (#2881) 
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
 2024-01-31 16:45:20 +01:00
miampf
eabcdbe931
ci: Upload e2e terraform state as artifact (#2853) 2024-01-31 15:22:05 +00:00
Adrian Stobbe
d873ddb09d
fix self managed azure tdx (#2878) 2024-01-31 08:18:51 +01:00
Daniel Weiße
40c4109dc2
ci: fix empty run-id in OpenSearch URL (#2876) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-01-30 08:57:27 +01:00
Markus Rudy
f78f5540bc
ci: pin the kube-bench plugin definitions for sonobuoy (#2861) 2024-01-29 14:50:27 +01:00
Daniel Weiße
d372130bfd
ci: safely set attestation variant in OpenSearch URL (#2864) 
* Add attestation variant to notify hooks
* Quote all inputs in OpenSearch URL
* Add clusterCreation field to OpenSearch URL
* Omit empty fields in OpenSearch URL

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-01-29 11:52:41 +01:00
Daniel Weiße
d17e7459db Choose TDX supported region for TDX tests 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-01-26 17:06:28 +01:00
Daniel Weiße
65d28f913f Allow starting e2e tests based on attestation variant instead of csp 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-01-26 17:06:28 +01:00
Daniel Weiße
78b9b0fc96
terraform-provider: enable Azure TDX (#2854) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-01-26 15:46:21 +01:00
renovate[bot]
d58d888f54 deps: update dependency Pillow to v10.2.0 [SECURITY] 2024-01-26 15:41:44 +01:00
Moritz Eckert
26f6fd074f
ci: fix e2e_benchmark comparison 2024-01-25 11:12:32 +01:00
Adrian Stobbe
4431ac3233
ci: fix missing quotes in Opensearch link (#2852) 2024-01-24 17:29:19 +01:00
Adrian Stobbe
4db0662b06
ci: remove broken label from OpenSearch query link (#2839) 2024-01-23 08:32:02 +01:00
Malte Poll
66faa5493f deps: Go 1.21.6 2024-01-22 13:11:58 +01:00
Malte Poll
9181705299
ci: use sonobuoy 0.57.1 (#2821) 2024-01-16 13:19:46 +01:00
Markus Rudy
bdca822d8a
ci: remove derpsteb from e2e assignee list (#2816) 2024-01-12 08:09:38 +01:00
Markus Rudy
b267457541
ci: fix OpenSearch link for e2e notifications (#2813) 
* ci: fix OpenSearch link for e2e notifications
 2024-01-10 09:49:47 +01:00
Markus Rudy
49ecb2415f
ci: remove reference to absent go.mod file (#2811) 2024-01-09 23:07:16 +01:00
Markus Rudy
ef6f63dc48
Fix various small things throughout the codebase (#2800) 
* bootstrapper: remove obsolete log statement

* ci: simplify variable usage

Co-authored-by: Daniel Weiße <daniel-weisse@users.noreply.github.com>

* cli: add missing formatting directive

* helm: fix rm invocation

* ci: document reproducible-builds workflow

* constants: use variables for measurement files

* constants: use variables for CDN distribution ID

* ci: make Helm version explicit

* api: prettify versionsapi-list output

* ci: remove obsolete docstring

---------

Co-authored-by: Daniel Weiße <daniel-weisse@users.noreply.github.com>
 2024-01-09 19:37:56 +01:00
Moritz Sanft
e691e26bd3
cli: support for GCP marketplace images (#2792) 
* cli: support GCP marketplace images

* ci: support GCP marketplace images

* docs: support GCP marketplace images

* bazel: generate

* ci: allow GCP for mpi e2e test

* Update docs/docs/overview/license.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* terraform-provider: allow GCP MPIs

* terraform-provider: fix error message

---------

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2024-01-08 15:51:39 +01:00
Malte Poll
d3b951300d
ci: explicitly build s3proxy container image tag before referencing (#2806) 
Otherwise, the file might not exist.
 2024-01-08 14:32:08 +01:00
Daniel Weiße
1271e95c0c Fix missing Kubernetes version for Terraform e2e test 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-01-08 13:52:55 +01:00
Markus Rudy
c23aef344d
ci: don't export e2e metrics to OpenSearch (#2794) 
* ci: don't export e2e metrics to OpenSearch
* debugd: don't export metrics
 2024-01-05 10:15:53 +01:00
renovate[bot]
136a69e7c8
deps: update actions/setup-python action to v5 (#2755) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-01-05 09:29:16 +01:00
Adrian Stobbe
8730e72319
ci: e2e test for Terraform provider examples (#2745) 2024-01-04 10:00:21 +01:00
3u13r
07c884b945
ci: remove artifact encryption for public artifacts (#2776) 
* ci: remove artifact encryption for public artifacts

* revert parts of  #2765

* ci: add unused action exception for encrypted artifact download
 2023-12-29 11:02:37 +01:00
Daniel Weiße
8c1972c335
ci: fix artifact upload in image build pipeline (#2765) 
* Fix parameter expansion when uploading multiple files
* On download, ensure target directory exists
* Rename encryption-secret -> encryptionSecret
* Remove incorrect secret access from e2e test action
* Add missing checkout action to workflows using our download action
* Fix spacing
* Fix upload action uploading whole directory structure instead of target files
* Explicitly give write permissions to Azure disk image, since permissions are no longer dropped on upload

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-12-21 19:28:18 +01:00
Malte Poll
66c0b581b2
ci: update bash on darwin to support newer bash features (#2672) 2023-12-21 18:12:07 +01:00
Daniel Weiße
6e4c0bd8aa
ci: fix artifacts download/upload for release draft workflow (#2759) 
* Pin upload and download actions by hash
* Dont expect encrypted artifacts in release pipeline

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-12-21 15:52:58 +01:00
Daniel Weiße
945152d049
Revert "deps: update actions/download-artifact action to v4 (#2753)" (#2767) 
This reverts commit b550c92ac9.
 2023-12-21 15:44:40 +01:00
renovate[bot]
b550c92ac9
deps: update actions/download-artifact action to v4 (#2753) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-12-21 08:44:52 +01:00
renovate[bot]
5999f9e3a1
deps: update cachix/install-nix-action action to v24 (#2757) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-12-21 08:43:44 +01:00
renovate[bot]
dcf1b88a29
deps: update actions/checkout action to v4 (#2752) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-12-20 16:10:35 +01:00
renovate[bot]
ec813b2102
deps: update golang:1.21.5 Docker digest to 1a9d253 (#2750) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-12-20 15:59:39 +01:00