Daniel Weiße
ba4471a228
AB#2316 Configurable enforced PCRs ( #361 )
...
* Add warnings for non enforced, untrusted PCRs
* Fix global state in Config PCR map
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-12 15:59:45 +02:00
3u13r
9478303f80
deploy cilium via helmchart ( #321 )
2022-08-12 10:20:19 +02:00
Malte Poll
2c7129987a
Deploy operator-lifecycle-manager (OLM), node-maintenance-operator (NMO) and constellation-node-operator
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-11 10:48:50 +02:00
Malte Poll
18a89d2881
Add constellation UID retrieval to cloudprovider metadata APIs
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-11 10:48:50 +02:00
Otto Bittner
2f925b5955
Add clone3-workaround to bootstrapper build container
...
The previously encountered error about misconfigured seccomp
filters is mitigated with the workaround added in this commit.
See the repo in the comment for detailed information on
the bug itself.
2022-08-10 17:17:23 +02:00
Fabian Kammel
c35e85b22b
Make E2E cleanup easier ( #353 )
...
* Make E2E cleanup easier
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-10 10:13:18 +02:00
Otto Bittner
919a2165ae
Run e2e test container on edgserver with privileged
...
The seccomp filter applied by docker presumably
stops curl from working correctly as the glibc changed the
way it creates processes (switch from clone to clone3).
The backwards compatibility layer of glibc does not work
correctly with docker's seccomp filter, making it necessary to
give the container privileged access.
2022-08-10 09:58:43 +02:00
Otto Bittner
c42e79ecfe
AB#2281: Run e2e tests on latest debug image ( #354 )
...
* e2e tests now execute on the latest debug image available by default
* e2e-manual workflow now takes an optional image reference to run on
* isDebugImage is a flag that has to be set in case
you are running a debug image
2022-08-09 15:29:39 +02:00
Malte Poll
264e4beac3
Double timeouts for envtests ( #355 )
2022-08-09 14:48:41 +02:00
Daniel Weiße
8f5f84deb5
AB#2305 Fix missing atls verifier in init call ( #352 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-09 14:04:40 +02:00
Malte Poll
aee3f2afa2
Run tests for different projects in parallel
2022-08-09 10:29:04 +02:00
Malte Poll
c3f064fa09
Update CHANGELOG
2022-08-09 10:29:04 +02:00
Malte Poll
d72c18d066
[node-operator] rename constellation-node-operator to node-operator
2022-08-09 10:29:04 +02:00
Malte Poll
1df2a20a36
CI: build and upload node operator
2022-08-09 10:29:04 +02:00
Malte Poll
5871c49390
Update CONTRIBUTING.md
2022-08-09 10:29:04 +02:00
Malte Poll
fb4bc1545f
[node operator] case insensitive equality checks for image and scaling group references
2022-08-09 10:29:04 +02:00
Malte Poll
80ebfab164
[node operator] GCP: use canonical references
2022-08-09 10:29:04 +02:00
Malte Poll
51cf638361
[node operator] self-initialize resources
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
1cee319174
[node operator] constellation node operator: hardcode image pull secret
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
86c88a949e
[node operator] bundle template
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
0f6de0aa26
[node operator] Update README and samples
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
e267102c92
[node operator] Use environment variable to specify CSP
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
50ed6777c8
[node operator] Read azure config from k8s secret
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
3495ec1c07
[node operator] instantiate Azure client in main.go
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
c74360bf62
[node operator] Add Azure client
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
a50cc2b64d
[node operator] Testable poller for Azure client
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
cbbf77248f
[node operator] adopt go 1.18
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
717570d00a
[node operator] Add GCP client
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
0618a000a7
[node operator] nodeimage controller: remove control-plane nodes from etcd cluster before deleting k8s node object
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
242020e304
[node operator] etcd client implementation
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
bef2bcc4a9
[node operator] helpers: find node vpc IP and check if node is control-plane node
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
de9fa37f63
[node operator] helper: find control plane IPs using kubernetes API
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
bce83c493b
[node operator] Prepare for packaging as dockerfile and deployment withing k8s
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
2860fe4eec
[node operator] RBAC: add missing permissions
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
b0d93b96dc
[node operator] PendingNode: check if node was deleted every 30 seconds after regular deadline expires
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
0b0a3454fa
[node operator] main.go: switch over CSP flag to generate cloud provider API client to inject into controllers.
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
904d3cba0a
[node operator] Beautify autogenerated log messages
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
4be164dec4
[node operator] NodeImage env test
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
be27de3b71
[node operator] Add nodemaintenance CRD
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
1cc8c36052
[node operator] NodeImage controller unit test
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
12ce267bac
[node operator] NodeImage controller impl
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
7b6205e900
[node operator] node image util functions
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
3932581f2a
[node operator] patching util functions
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
614447495d
[node operator] PendingNode controller env test
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
19568d400b
[node operator] PendingNode controller unit test
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
627b9e7ae8
[node operator] PendingNode controller impl
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
df4e8b2c1e
[node operator] node state util function
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
d62ae3add3
[node operator] ScalingGroupController env test
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
8bc1db609f
[node operator] ScalingGroup controller impl
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
bdb4260912
[node operator] AutoscalingStrategy env test
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00