Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-02-02 02:24:56 -05:00
Code Issues Packages Projects Releases Wiki Activity
4,555 Commits 134 Branches 49 Tags
Commit Graph

81 Commits

Author SHA1 Message Date
miampf
2d66ecf8d6
ProxyJump for hosts outside of 10.* range 
removed unnecessary values for proxy host
 2025-01-21 11:43:40 +01:00
miampf
5c24c9d22f
adjust emergency_ssh variable description 2025-01-21 11:43:40 +01:00
miampf
701cb7eb30
add emergency_ssh var to other providers (untested) 2025-01-21 11:43:39 +01:00
miampf
88c33c89c3
terraform ssh setup 2025-01-21 11:43:38 +01:00
miampf
acc5a84f3f
tf ssh access with custom lb 
changed later to use existing load balancer instead of a custom setup
 2025-01-21 11:43:37 +01:00
renovate[bot]
44e898e187
deps: update Terraform dependencies (#3604) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-01-21 10:05:01 +01:00
renovate[bot]
f10376fd44
deps: update Terraform dependencies (#3580) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-01-16 14:21:35 +01:00
renovate[bot]
d9ab8c76e0
deps: update Terraform openstack to v3 (#3539) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-01-16 12:47:29 +01:00
renovate[bot]
b652baa9c2
deps: update Terraform dependencies (#3510) 
* deps: update Terraform dependencies

* Update terraform lock files

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Print module path for lockfile to be generated

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
 2024-12-02 12:04:15 +01:00
renovate[bot]
6dbb8ac56a
deps: update Terraform azuread to v3 (#3432) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-11-28 15:48:29 +01:00
Adrian Stobbe
54058eed2a
terraform: fix security rule reconciliation on Azure (#3454) 
* fix security rule reconciliation on azure
* fix simulated patch version upgrade
 2024-11-04 08:59:16 +01:00
Moritz Sanft
7458d0e892
deps: update terraform-provider-stackit (#3462) 2024-10-29 19:03:19 +01:00
Markus Rudy
96ac7124e3
terraform: upgrade hashicorp/google to 6.7.0 (#3440) 2024-10-21 10:41:33 +02:00
3u13r
2854136192
Allow upgrades on azure without Terraform changes on LBs created from within Kubernetes (#3257) 
* k8s: use separate lb for K8s services on azure

* terraform: introduce local revision variable and data resource

* terraform: azure: dont expose full nodeport range

* docs: add Azure load balancer migration
 2024-10-09 11:31:17 +02:00
3u13r
882d602524
openstack: set region in cluster cloud client (#3375) 2024-09-26 11:08:06 +02:00
Moritz Sanft
d2cbc0adef
terraform: enable serial console by default (#3360) 2024-09-17 15:01:33 +02:00
renovate[bot]
a295ecaffb
cli: add --subscriptionID flag for iam create azure command (#3328) 
* deps: update Terraform azurerm to v4
* Set Azure subscription ID when applying Terraform files
* Upgrade azurerm to v4.1.0
* Mark subscriptionID flag as not required
* deps: tidy all modules

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2024-09-17 12:30:22 +02:00
3u13r
f4e6c910ab
terraform: azure detach unused lb backends (#3270) 2024-07-25 22:53:13 +02:00
renovate[bot]
c2b720ca56
deps: update Terraform dependencies (#3209) 
Co-authored-by: Markus Rudy <mr@edgeless.systems>
 2024-07-12 10:30:37 +02:00
Moritz Sanft
9f28c62793
terraform: update StackIT provider to v0.23.0 (#3232) 2024-07-04 11:34:24 +02:00
renovate[bot]
bdfb74f6ca
deps: update Terraform dependencies (#3200) 
* deps: update Terraform dependencies

* upgrade random provider

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2024-06-27 09:14:10 +02:00
Daniel Weiße
8219005587
terraform: only set confidential_instance_type if cc_technology is SEV_SNP (#3085) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-05-14 16:02:30 +02:00
Markus Rudy
c0a39eab89
deps: bump stackit terraform provider to 0.17.0 (#3089) 2024-05-14 09:46:40 +02:00
Markus Rudy
174c3ab48a
terraform: add missing policies for AWS ALB (#3063) 
* terraform: add missing policies for AWS ALB
 2024-05-10 08:51:32 +02:00
3u13r
ecebd607c5
terraform: Allow nodes to join the cluster when using a jump host by removing the constellation-uid tag (#3064) 
* terraform: remove constellation-uid tag from jump-host
 2024-05-06 12:25:52 +02:00
Daniel Weiße
f6999084c9
terraform: set empty default value for additional_tags (#3052) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-05-03 10:27:46 +02:00
Malte Poll
5ec1b1f488
deps: upgrade terraform provider stackit to 0.16.0 (#3046) 2024-04-26 14:02:35 +02:00
Daniel Weiße
46994b7ee0
terraform: simplify additional tagging logic to ensure they are always applied (#3045) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-04-26 11:53:25 +02:00
miampf
b187966581
cli: allow tagging cloud resources with custom tags (#3033) 2024-04-19 09:07:57 +00:00
Moritz Sanft
913b09aeb8
Support SEV-SNP on GCP (#3011) 
* terraform: enable creation of SEV-SNP VMs on GCP

* variant: add SEV-SNP attestation variant

* config: add SEV-SNP config options for GCP

* measurements: add GCP SEV-SNP measurements

* gcp: separate package for SEV-ES

* attestation: add GCP SEV-SNP attestation logic

* gcp: factor out common logic

* choose: add GCP SEV-SNP

* cli: add TF variable passthrough for GCP SEV-SNP variables

* cli: support GCP SEV-SNP for `constellation verify`

* Adjust usage of GCP SEV-SNP throughout codebase

* ci: add GCP SEV-SNP

* terraform-provider: support GCP SEV-SNP

* docs: add GCP SEV-SNP reference

* linter fixes

* gcp: only run test with TPM simulator

* gcp: remove nonsense test

* Update cli/internal/cmd/verify.go

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* Update docs/docs/overview/clouds.md

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* Update terraform-provider-constellation/internal/provider/attestation_data_source_test.go

Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>

* linter fixes

* terraform_provider: correctly pass down CC technology

* config: mark attestationconfigapi as unimplemented

* gcp: fix comments and typos

* snp: use nonce and PK hash in SNP report

* snp: ensure we never use ARK supplied by Issuer (#3025)

* Make sure SNP ARK is always loaded from config, or fetched from AMD KDS
* GCP: Set validator `reportData` correctly

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* attestationconfigapi: add GCP to uploading

* snp: use correct cert

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: enable fetching of attestation config values for GCP SEV-SNP

* linter fixes

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
 2024-04-16 18:13:47 +02:00
Malte Poll
93441fe1ee
terraform: update terraform provider STACKIT (#3007) 2024-04-02 17:17:17 +02:00
Malte Poll
addcfaaaf4 terraform: ignore changes of OpenStack instance image 2024-03-11 16:43:36 +01:00
Malte Poll
923a41ba01 openstack: move credentials to instance user data 2024-03-11 16:43:36 +01:00
Malte Poll
c23f17de41 openstack: read credentials from clouds.yaml 2024-03-11 15:59:23 +01:00
Malte Poll
f5c5413284 terraform: use volumes instead of ephemeral local disks on STACKIT 
Ephemeral local disks are discouraged on STACKIT.
Use volumes instead.
This sets an upper bound of 5GB on the boot disk.
If Constellation OS images ever grow beyond that, we will run into
problems.
 2024-02-28 15:48:53 +01:00
Malte Poll
3ce10eb00f terraform: allow STACKIT / OpenStack instance type to be UUID or name 2024-02-28 15:48:53 +01:00
Malte Poll
7bc4ad5728 deps: update all terraform providers 2024-02-26 13:38:33 +01:00
3u13r
2a61861a1c
stackit: add k8s api load balancer (#2925) 2024-02-22 17:39:34 +01:00
Malte Poll
1e987f6a85 terraform: add subnet for OpenStack LBs 2024-02-22 12:43:04 +01:00
Malte Poll
6f9020d527 cli: use pre-uploaded image on OpenStack 
Before, the terraform infrastructure code would upload an image on the fly.
Now, we upload images in advance and specify the image ID instead.
 2024-02-19 18:16:45 +01:00
Malte Poll
6c8504323f terraform: update OpenStack provider 2024-02-15 12:35:15 +01:00
Malte Poll
b5e848a87e terraform: provide required configuration for yawol on OpenStack 2024-02-12 13:13:48 +01:00
Moritz Sanft
901edd420b
terraform: remove cloud loggers (#2892) 
* terraform: remove cloud logging apps

* internal/cloud: remove loggers

* bootstrapper: remove logging

* qemu-metadata-api: remove logging endpoint

* docs: add instructions on how to get boot logs

* bazel: tidy

* docs: fix typo

* cloud: remove unused types

* Update go.mod

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* bazel: tidy

* Update docs/docs/workflows/troubleshooting.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/workflows/troubleshooting.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/workflows/troubleshooting.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* docs: elaborate on how to get boot logs

* bazel: tidy

---------

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2024-02-06 14:27:30 +01:00
Moritz Sanft
dde3430da8
terraform: support AWS marketplace images (#2888) 
* terraform: support AWS marketplace images

* terraform-provider: support AWS marketplace images

* docs: add instructions on AWS marketplace images

* ci: adapt marketplace image test for AWS

* Update internal/config/config.go

Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>

* docs: update config

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* docs: update license information

* docs: use CSP tabs for marketplace overview

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

---------

Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2024-02-06 12:13:59 +01:00
Moritz Sanft
2140fa5452
deps: update GCP to 5.13.0 (#2872) 2024-01-31 15:29:59 +01:00
Moritz Sanft
d525be4a49
terraform: add module deprecation notice (#2739) 2024-01-07 22:44:08 +01:00
Adrian Stobbe
9667dfff58
terraform: align infrastructure module attributes (#2703) 
* all vars have snail_case

* make iam schema consistent

* infrastructure schema

* terraform: update AWS infrastructure module

* fix ci

* terraform: update AWS infrastructure module

* terraform: update AWS IAM module

* terraform: update Azure Infrastructure module inputs

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update Azure IAM module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update GCP infrastructure module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update GCP IAM module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update OpenStack Infrastructure module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update QEMU Infrastructure module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-module: fix input name

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: tidy

* cli: ignore whitespace in Terraform variable tests

* terraform-module: fix AWS output names

* terraform-module: fix output references

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: rename `api_server_cert_sans`

* Update terraform/infrastructure/aws/modules/public_private_subnet/variables.tf

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* fix self-managed

* terraform: revert AWS modules output file renaming

* terraform: remove duplicate varable declaration

* terraform: rename Azure location field

* ci: adjust output name in self-managed e2e test

* e2e: continuously print output in upgrade test

* e2e: write to output variables

* cli: migrate IAM variable names

* cli: make `location` field optional

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
 2023-12-15 10:36:58 +01:00
Adrian Stobbe
37580009fe
terraform-provider: cleanup and improve docs (#2685) 
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
 2023-12-14 15:47:55 +01:00
3u13r
1d6e5ca3ea
terraform: use correct security group option for jump host (#2715) 2023-12-13 18:05:25 +01:00
Moritz Sanft
0a593bec18
terraform: upgrade random provider to v3.6.0 (#2704) 
* terraform: upgrade `random` provider to `v3.6.0`

* terraform: update lockfiles

* ci: fix Terraform lock exclude directories
 2023-12-12 16:00:16 +01:00