Commit Graph

3955 Commits

Author SHA1 Message Date
Markus Rudy
1a10cf645d
ci: query identity directly instead of searching in list (#2985)
* ci: add debug information when UAMI is missing

* ci: query identity directly instead of searching in list
2024-03-18 08:40:15 +01:00
3u13r
0b13c5bca9
operator: escape dots in url (#2990) 2024-03-15 22:44:10 +01:00
Moritz Eckert
c40e1a9bbd
docs: change to inter font (#2989) 2024-03-15 15:38:34 +01:00
Thomas Tendyck
9e3d605cf2
Add STACKIT to readme (#2988)
* Add STACKIT to readme

and sort CSPs alphabetically in sentences

* fix links
2024-03-15 11:53:13 +01:00
Moritz Eckert
912575eb31
docs: order csp strictly alphabetically (#2986) 2024-03-15 10:13:57 +01:00
edgelessci
e0bbb447a9
image: update measurements and image version (#2987)
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-03-15 07:54:20 +01:00
Markus Rudy
54af083da3
helm: retry uninstall manually if atomic install failed (#2984) 2024-03-14 10:52:11 +01:00
Adrian Stobbe
1334b84c2e
Update docs (#2982)
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2024-03-13 14:09:51 +01:00
Markus Rudy
85b44f7f57
ci: make waiting for nodes more robust (#2981)
* ci: make waiting for nodes more robust

After initializing the cluster, a lot of things happen in parallel and
are potentially getting in each others' way: nodes are joining,
daemonsets are proliferating, the network is being set up. During this
period, it's not unusual that the Kubernetes API server is unavailable
for a short time, e.g. due to etcd loosing quorum or load balancing
changes.

This period of instability has the potential to affect all kubectl
commands negatively, leading to problems especially for tests, where
command failures often lead to test failures. On the other hand, we'd
expect everything to be quite stable after the initial dust settles.

Therefore, this commit changes how we wait after initializing a cluster.
Until we have a reasonable expectation of readiness, we ignore command
failures and wait for things to stabilize. The cluster is considered
stable once all configured nodes and all API servers report ready.
2024-03-13 09:42:18 +01:00
edgelessci
3b8fa95648
image: update measurements and image version (#2983)
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-03-13 09:08:44 +01:00
Daniel Weiße
1077b7a48e
bootstrapper: wipe disk and reboot on non-recoverable error (#2971)
* Let JoinClient return fatal errors
* Mark disk for wiping if JoinClient or InitServer return errors
* Reboot system if bootstrapper detects an error
* Refactor joinClient start/stop implementation
* Fix joining nodes retrying kubeadm 3 times in all cases
* Write non-recoverable failures to syslog before rebooting

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-03-12 11:43:38 +01:00
Malte Poll
1b973bf23f
docs: remove steps for STACKIT credentials in config (#2980)
The OpenStack credentials (username and password) can now be retrieved
from the "clouds.yaml" by the Constellation CLI and terraform code.
This simplifies the configuration for end-users.
2024-03-12 07:27:45 +01:00
Malte Poll
25624e91e8
docs: add runtime measurement table for Constellation v2.16 (#2979) 2024-03-12 07:27:26 +01:00
Malte Poll
35260a4455 docs: document OpenStack related config files on Windows 2024-03-11 16:43:36 +01:00
Malte Poll
353b02c17c docs: document STACKIT CC features
Co-Authored-By: Moritz Eckert <m1gh7ym0@gmail.com>
2024-03-11 16:43:36 +01:00
Malte Poll
63b9761962 docs: explain recovery steps on STACKIT 2024-03-11 16:43:36 +01:00
Malte Poll
220f292181 docs: mention all zones where STACKIT instances are available 2024-03-11 16:43:36 +01:00
Malte Poll
addcfaaaf4 terraform: ignore changes of OpenStack instance image 2024-03-11 16:43:36 +01:00
Malte Poll
923a41ba01 openstack: move credentials to instance user data 2024-03-11 16:43:36 +01:00
Malte Poll
7fb2a357d9 docs: add STACKIT to the terraform provider page 2024-03-11 15:59:23 +01:00
Malte Poll
c23f17de41 openstack: read credentials from clouds.yaml 2024-03-11 15:59:23 +01:00
Malte Poll
d69673fab7 terraform-provider: Add support for STACKIT / OpenStack 2024-03-11 15:59:23 +01:00
Malte Poll
1670d977c6 openstack: vendor clouds.yaml Go type definitions from gophercloud v2 beta 2024-03-11 15:59:23 +01:00
Malte Poll
6ddabd025d openstack: rename client type 2024-03-11 15:59:23 +01:00
malt3
9c5f231f4a image: update locked rpms 2024-03-11 09:35:10 +01:00
Daniel Weiße
27330490f3
cli: retry auth handshake deadline exceeded errors in CLI and Terraform (#2976)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-03-08 13:15:06 +01:00
Malte Poll
52e4e64316 docs: add installation instructions for the Windows CLI variant 2024-03-08 10:45:36 +01:00
edgelessci
483c888a3c
image: update measurements and image version (#2975)
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-03-08 08:40:29 +01:00
Malte Poll
108784c580 openstack: improve error message on IMDS failures 2024-03-07 11:47:51 +01:00
Malte Poll
7f262d18a8 imagefetcher: allow any marketplace image for OpenStack 2024-03-07 11:47:51 +01:00
Malte Poll
56460f0d63 image: special case OpenStack serial console to include ttyS1 2024-03-07 11:47:51 +01:00
Malte Poll
f94b00fe7c disk-mapper: write failure message to syslog and sleep before reboot 2024-03-07 11:47:51 +01:00
Malte Poll
5e241bcb45 deps: update Go to v1.22.1 2024-03-06 14:50:01 +01:00
Malte Poll
281c7c320c deps: update protobuf to v1.33.0 2024-03-06 14:50:01 +01:00
Markus Rudy
03fbcafe68
bootstrapper: bounded retry of k8s join (#2968) 2024-03-05 09:14:01 +01:00
Malte Poll
8b41bcaecc cli: correct measurements in config generate stackit 2024-03-04 18:17:26 +01:00
Malte Poll
f94c6ca0d4 misc: skip message about community license with marketplace image 2024-03-04 18:17:26 +01:00
Malte Poll
1c8a7e4c22 cli: add STACKIT to constellation config instance-types 2024-03-04 18:17:26 +01:00
Daniel Weiße
d5b3d4fd6f
ci: use collision resistant name for Terraform e2e test (#2967)
* Use collision resistant name for Terraform e2e test
* Remove test suffix from Terraform provider examples

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-03-04 13:48:30 +01:00
malt3
06da526fe0 image: update locked rpms 2024-03-04 10:23:14 +01:00
Malte Poll
fc08e50605
docs: update STACKIT flavors (#2964) 2024-03-01 10:59:06 +01:00
edgelessci
d8a8d9b6b9
image: update measurements and image version (#2963)
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-03-01 08:31:34 +01:00
Malte Poll
c513c3f40c ci: v2.16 post-release cleanup 2024-02-29 18:36:07 +01:00
malt3
c4f27f62ee docs: add release v2.16.0 2024-02-29 17:22:19 +01:00
Malte Poll
93eb8f0694
release: use cosign sign-blob in non-interative mode (#2953) 2024-02-29 09:40:13 +01:00
Malte Poll
0b6eeb3747
ci: match version of actions/download-artifact for slsa provenance (#2957) 2024-02-29 09:39:41 +01:00
Malte Poll
f5c5413284 terraform: use volumes instead of ephemeral local disks on STACKIT
Ephemeral local disks are discouraged on STACKIT.
Use volumes instead.
This sets an upper bound of 5GB on the boot disk.
If Constellation OS images ever grow beyond that, we will run into
problems.
2024-02-28 15:48:53 +01:00
Malte Poll
5e40f49ca4 docs: update STACKIT instance types 2024-02-28 15:48:53 +01:00
Malte Poll
3ce10eb00f terraform: allow STACKIT / OpenStack instance type to be UUID or name 2024-02-28 15:48:53 +01:00
edgelessci
79aaa77b6b
image: update measurements and image version (#2950)
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-02-28 10:02:33 +01:00