Commit Graph

2399 Commits

Author SHA1 Message Date
Daniel Weiße
ba4471a228 AB#2316 Configurable enforced PCRs (#361)
* Add warnings for non enforced, untrusted PCRs

* Fix global state in Config PCR map

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-12 15:59:45 +02:00
3u13r
9478303f80 deploy cilium via helmchart (#321) 2022-08-12 10:20:19 +02:00
Malte Poll
2c7129987a Deploy operator-lifecycle-manager (OLM), node-maintenance-operator (NMO) and constellation-node-operator
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-11 10:48:50 +02:00
Malte Poll
18a89d2881 Add constellation UID retrieval to cloudprovider metadata APIs
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-11 10:48:50 +02:00
Otto Bittner
2f925b5955 Add clone3-workaround to bootstrapper build container
The previously encountered error about misconfigured seccomp
filters is mitigated with the workaround added in this commit.
See the repo in the comment for detailed information on
the bug itself.
2022-08-10 17:17:23 +02:00
Fabian Kammel
c35e85b22b Make E2E cleanup easier (#353)
* Make E2E cleanup easier
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-10 10:13:18 +02:00
Otto Bittner
919a2165ae Run e2e test container on edgserver with privileged
The seccomp filter applied by docker presumably
stops curl from working correctly as the glibc changed the
way it creates processes (switch from clone to clone3).
The backwards compatibility layer of glibc does not work
correctly with docker's seccomp filter, making it necessary to
give the container privileged access.
2022-08-10 09:58:43 +02:00
Otto Bittner
c42e79ecfe AB#2281: Run e2e tests on latest debug image (#354)
* e2e tests now execute on the latest debug image available by default
* e2e-manual workflow now takes an optional image reference to run on
* isDebugImage is a flag that has to be set in case
you are running a debug image
2022-08-09 15:29:39 +02:00
Malte Poll
264e4beac3 Double timeouts for envtests (#355) 2022-08-09 14:48:41 +02:00
Daniel Weiße
8f5f84deb5 AB#2305 Fix missing atls verifier in init call (#352)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-09 14:04:40 +02:00
Malte Poll
aee3f2afa2 Run tests for different projects in parallel 2022-08-09 10:29:04 +02:00
Malte Poll
c3f064fa09 Update CHANGELOG 2022-08-09 10:29:04 +02:00
Malte Poll
d72c18d066 [node-operator] rename constellation-node-operator to node-operator 2022-08-09 10:29:04 +02:00
Malte Poll
1df2a20a36 CI: build and upload node operator 2022-08-09 10:29:04 +02:00
Malte Poll
5871c49390 Update CONTRIBUTING.md 2022-08-09 10:29:04 +02:00
Malte Poll
fb4bc1545f [node operator] case insensitive equality checks for image and scaling group references 2022-08-09 10:29:04 +02:00
Malte Poll
80ebfab164 [node operator] GCP: use canonical references 2022-08-09 10:29:04 +02:00
Malte Poll
51cf638361 [node operator] self-initialize resources
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
1cee319174 [node operator] constellation node operator: hardcode image pull secret
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
86c88a949e [node operator] bundle template
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
0f6de0aa26 [node operator] Update README and samples
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
e267102c92 [node operator] Use environment variable to specify CSP
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
50ed6777c8 [node operator] Read azure config from k8s secret
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
3495ec1c07 [node operator] instantiate Azure client in main.go
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
c74360bf62 [node operator] Add Azure client
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
a50cc2b64d [node operator] Testable poller for Azure client
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
cbbf77248f [node operator] adopt go 1.18
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
717570d00a [node operator] Add GCP client
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
0618a000a7 [node operator] nodeimage controller: remove control-plane nodes from etcd cluster before deleting k8s node object
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
242020e304 [node operator] etcd client implementation
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
bef2bcc4a9 [node operator] helpers: find node vpc IP and check if node is control-plane node
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
de9fa37f63 [node operator] helper: find control plane IPs using kubernetes API
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
bce83c493b [node operator] Prepare for packaging as dockerfile and deployment withing k8s
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
2860fe4eec [node operator] RBAC: add missing permissions
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
b0d93b96dc [node operator] PendingNode: check if node was deleted every 30 seconds after regular deadline expires
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
0b0a3454fa [node operator] main.go: switch over CSP flag to generate cloud provider API client to inject into controllers.
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
904d3cba0a [node operator] Beautify autogenerated log messages
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
4be164dec4 [node operator] NodeImage env test
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
be27de3b71 [node operator] Add nodemaintenance CRD
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
1cc8c36052 [node operator] NodeImage controller unit test
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
12ce267bac [node operator] NodeImage controller impl
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
7b6205e900 [node operator] node image util functions
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
3932581f2a [node operator] patching util functions
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
614447495d [node operator] PendingNode controller env test
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
19568d400b [node operator] PendingNode controller unit test
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
627b9e7ae8 [node operator] PendingNode controller impl
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
df4e8b2c1e [node operator] node state util function
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
d62ae3add3 [node operator] ScalingGroupController env test
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
8bc1db609f [node operator] ScalingGroup controller impl
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
bdb4260912 [node operator] AutoscalingStrategy env test
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00