Markus Rudy
1a10cf645d
ci: query identity directly instead of searching in list ( #2985 )
...
* ci: add debug information when UAMI is missing
* ci: query identity directly instead of searching in list
2024-03-18 08:40:15 +01:00
3u13r
0b13c5bca9
operator: escape dots in url ( #2990 )
2024-03-15 22:44:10 +01:00
Moritz Eckert
c40e1a9bbd
docs: change to inter font ( #2989 )
2024-03-15 15:38:34 +01:00
Thomas Tendyck
9e3d605cf2
Add STACKIT to readme ( #2988 )
...
* Add STACKIT to readme
and sort CSPs alphabetically in sentences
* fix links
2024-03-15 11:53:13 +01:00
Moritz Eckert
912575eb31
docs: order csp strictly alphabetically ( #2986 )
2024-03-15 10:13:57 +01:00
edgelessci
e0bbb447a9
image: update measurements and image version ( #2987 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-03-15 07:54:20 +01:00
Markus Rudy
54af083da3
helm: retry uninstall manually if atomic install failed ( #2984 )
2024-03-14 10:52:11 +01:00
Adrian Stobbe
1334b84c2e
Update docs ( #2982 )
...
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2024-03-13 14:09:51 +01:00
Markus Rudy
85b44f7f57
ci: make waiting for nodes more robust ( #2981 )
...
* ci: make waiting for nodes more robust
After initializing the cluster, a lot of things happen in parallel and
are potentially getting in each others' way: nodes are joining,
daemonsets are proliferating, the network is being set up. During this
period, it's not unusual that the Kubernetes API server is unavailable
for a short time, e.g. due to etcd loosing quorum or load balancing
changes.
This period of instability has the potential to affect all kubectl
commands negatively, leading to problems especially for tests, where
command failures often lead to test failures. On the other hand, we'd
expect everything to be quite stable after the initial dust settles.
Therefore, this commit changes how we wait after initializing a cluster.
Until we have a reasonable expectation of readiness, we ignore command
failures and wait for things to stabilize. The cluster is considered
stable once all configured nodes and all API servers report ready.
2024-03-13 09:42:18 +01:00
edgelessci
3b8fa95648
image: update measurements and image version ( #2983 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-03-13 09:08:44 +01:00
Daniel Weiße
1077b7a48e
bootstrapper: wipe disk and reboot on non-recoverable error ( #2971 )
...
* Let JoinClient return fatal errors
* Mark disk for wiping if JoinClient or InitServer return errors
* Reboot system if bootstrapper detects an error
* Refactor joinClient start/stop implementation
* Fix joining nodes retrying kubeadm 3 times in all cases
* Write non-recoverable failures to syslog before rebooting
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-03-12 11:43:38 +01:00
Malte Poll
1b973bf23f
docs: remove steps for STACKIT credentials in config ( #2980 )
...
The OpenStack credentials (username and password) can now be retrieved
from the "clouds.yaml" by the Constellation CLI and terraform code.
This simplifies the configuration for end-users.
2024-03-12 07:27:45 +01:00
Malte Poll
25624e91e8
docs: add runtime measurement table for Constellation v2.16 ( #2979 )
2024-03-12 07:27:26 +01:00
Malte Poll
35260a4455
docs: document OpenStack related config files on Windows
2024-03-11 16:43:36 +01:00
Malte Poll
353b02c17c
docs: document STACKIT CC features
...
Co-Authored-By: Moritz Eckert <m1gh7ym0@gmail.com>
2024-03-11 16:43:36 +01:00
Malte Poll
63b9761962
docs: explain recovery steps on STACKIT
2024-03-11 16:43:36 +01:00
Malte Poll
220f292181
docs: mention all zones where STACKIT instances are available
2024-03-11 16:43:36 +01:00
Malte Poll
addcfaaaf4
terraform: ignore changes of OpenStack instance image
2024-03-11 16:43:36 +01:00
Malte Poll
923a41ba01
openstack: move credentials to instance user data
2024-03-11 16:43:36 +01:00
Malte Poll
7fb2a357d9
docs: add STACKIT to the terraform provider page
2024-03-11 15:59:23 +01:00
Malte Poll
c23f17de41
openstack: read credentials from clouds.yaml
2024-03-11 15:59:23 +01:00
Malte Poll
d69673fab7
terraform-provider: Add support for STACKIT / OpenStack
2024-03-11 15:59:23 +01:00
Malte Poll
1670d977c6
openstack: vendor clouds.yaml Go type definitions from gophercloud v2 beta
2024-03-11 15:59:23 +01:00
Malte Poll
6ddabd025d
openstack: rename client type
2024-03-11 15:59:23 +01:00
malt3
9c5f231f4a
image: update locked rpms
2024-03-11 09:35:10 +01:00
Daniel Weiße
27330490f3
cli: retry auth handshake deadline exceeded errors in CLI and Terraform ( #2976 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-03-08 13:15:06 +01:00
Malte Poll
52e4e64316
docs: add installation instructions for the Windows CLI variant
2024-03-08 10:45:36 +01:00
edgelessci
483c888a3c
image: update measurements and image version ( #2975 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-03-08 08:40:29 +01:00
Malte Poll
108784c580
openstack: improve error message on IMDS failures
2024-03-07 11:47:51 +01:00
Malte Poll
7f262d18a8
imagefetcher: allow any marketplace image for OpenStack
2024-03-07 11:47:51 +01:00
Malte Poll
56460f0d63
image: special case OpenStack serial console to include ttyS1
2024-03-07 11:47:51 +01:00
Malte Poll
f94b00fe7c
disk-mapper: write failure message to syslog and sleep before reboot
2024-03-07 11:47:51 +01:00
Malte Poll
5e241bcb45
deps: update Go to v1.22.1
2024-03-06 14:50:01 +01:00
Malte Poll
281c7c320c
deps: update protobuf to v1.33.0
2024-03-06 14:50:01 +01:00
Markus Rudy
03fbcafe68
bootstrapper: bounded retry of k8s join ( #2968 )
2024-03-05 09:14:01 +01:00
Malte Poll
8b41bcaecc
cli: correct measurements in config generate stackit
2024-03-04 18:17:26 +01:00
Malte Poll
f94c6ca0d4
misc: skip message about community license with marketplace image
2024-03-04 18:17:26 +01:00
Malte Poll
1c8a7e4c22
cli: add STACKIT to constellation config instance-types
2024-03-04 18:17:26 +01:00
Daniel Weiße
d5b3d4fd6f
ci: use collision resistant name for Terraform e2e test ( #2967 )
...
* Use collision resistant name for Terraform e2e test
* Remove test suffix from Terraform provider examples
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-03-04 13:48:30 +01:00
malt3
06da526fe0
image: update locked rpms
2024-03-04 10:23:14 +01:00
Malte Poll
fc08e50605
docs: update STACKIT flavors ( #2964 )
2024-03-01 10:59:06 +01:00
edgelessci
d8a8d9b6b9
image: update measurements and image version ( #2963 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-03-01 08:31:34 +01:00
Malte Poll
c513c3f40c
ci: v2.16 post-release cleanup
2024-02-29 18:36:07 +01:00
malt3
c4f27f62ee
docs: add release v2.16.0
2024-02-29 17:22:19 +01:00
Malte Poll
93eb8f0694
release: use cosign sign-blob in non-interative mode ( #2953 )
2024-02-29 09:40:13 +01:00
Malte Poll
0b6eeb3747
ci: match version of actions/download-artifact for slsa provenance ( #2957 )
2024-02-29 09:39:41 +01:00
Malte Poll
f5c5413284
terraform: use volumes instead of ephemeral local disks on STACKIT
...
Ephemeral local disks are discouraged on STACKIT.
Use volumes instead.
This sets an upper bound of 5GB on the boot disk.
If Constellation OS images ever grow beyond that, we will run into
problems.
2024-02-28 15:48:53 +01:00
Malte Poll
5e40f49ca4
docs: update STACKIT instance types
2024-02-28 15:48:53 +01:00
Malte Poll
3ce10eb00f
terraform: allow STACKIT / OpenStack instance type to be UUID or name
2024-02-28 15:48:53 +01:00
edgelessci
79aaa77b6b
image: update measurements and image version ( #2950 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-02-28 10:02:33 +01:00