Commit Graph

35 Commits

Author SHA1 Message Date
miampf
77b28cb5e7
cli: change generate-config flag to update-config flag (#1897) 2023-06-28 12:47:44 +00:00
Adrian Stobbe
3fde118b33
config: enable azure snp version fetcher again + minimum age for latest version (#1899)
* fetch latest version when older than 2 weeks

* extend hack upload tool to pass an upload date

* Revert "config: disable user-facing version Azure SEV SNP fetch for v2.8  (#1882)"

This reverts commit c7b22d314a.

* fix tests

* use NewAzureSEVSNPVersionList for type guarantees

* Revert "use NewAzureSEVSNPVersionList for type guarantees"

This reverts commit 942566453f4b4a2b6dc16f8689248abf1dc47db4.

* assure list is sorted

* improve root.go style

* daniel feedback
2023-06-09 12:48:12 +02:00
Otto Bittner
3e583946a1
rfc: specify how to handle launchmeasurements (#1894)
* Describes how to keep the values in the API up-to-date.
* Describes API object structure.
* Describe user config options.

Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2023-06-09 08:45:27 +02:00
Malte Poll
e5b394db87 cli: image measurements (v2) 2023-05-25 15:01:15 +02:00
miampf
e7b7a544f0
docs: add a qemu section (#1724) 2023-05-17 13:21:35 +00:00
Moritz Eckert
08b37ad59a
rfc: fix broken link (#1757) 2023-05-11 14:48:23 +02:00
Malte Poll
7d8e36a853 rfc: define measurements v2
The old measurements.json (v1) was contain one set of measurements and had a path scoped for every CSP.
The new version is less structured, allowing for future extensions.
2023-05-05 14:36:45 +02:00
Malte Poll
45e67d9d22 rfc: define image info v2
The version v1 of the image/info.json file is not capable to encode multiple regions and
attestation variants for a given csp.
This is why a v2 is needed with a more extensible structure.
2023-05-05 14:36:45 +02:00
Daniel Weiße
eed533932e
rfc: attestation config options (#1436)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-03-29 14:58:57 +02:00
Malte Poll
b79f7d0c8c
cli: add basic support for constellation create on OpenStack (#1283)
* image: support OpenStack image build / upload

* cli: add OpenStack terraform template

* config: add OpenStack as CSP

* versionsapi: add OpenStack as CSP

* cli: add OpenStack as provider for `config generate` and `create`

* disk-mapper: add basic support for boot on OpenStack

* debugd: add placeholder for OpenStack

* image: fix config file sourcing for image upload
2023-02-27 18:19:52 +01:00
Moritz Sanft
c3347f2eb5
rfc: specify cli version api (#1175)
* add cli compatibility api rfc

* fix typos

* rewording
2023-02-17 10:32:48 +01:00
Fabian Kammel
4c5ab7c5e9
ci: refactor image measurement generation (#1152)
* Merge measurements.image.json and measurements.json into latter.
* Use static (known) measurement values for the ones we cannot precompute.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-02-09 13:33:17 +01:00
Otto Bittner
b14a09f04e
rfc: extend updates rfc with constraints section (#1001)
Co-authored-by: 3u13r <lc@edgeless.systems>
2023-01-24 14:02:56 +01:00
Otto Bittner
90b88e1cf9 kms: rename kms to keyservice
In the light of extending our eKMS support it will be helpful
to have a tighter use of the word "KMS".
KMS should refer to the actual component that manages keys.
The keyservice, also called KMS in the constellation code,
does not manage keys itself. It talks to a KMS backend,
which in turn does the actual key management.
2023-01-16 11:56:34 +01:00
Otto Bittner
b89a30130f rfc: mention required iam secrets for recovery 2023-01-11 11:58:55 +01:00
Otto Bittner
43afb86e33
rfc: add recovery section to eKMS rfc (#919)
This new section describes how recovery currently depends on
the mastersecret and how that will change.

Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2023-01-10 11:36:11 +01:00
Paul Meyer
f9458950cb
versionsapi: change image path (#856)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-04 17:07:16 +01:00
Paul Meyer
baa1b37681
rfc: update documentation of new versions API (#788)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2023-01-03 15:49:58 +01:00
3u13r
f14af0c3eb
upgrade: support Kubernetes components (#839)
* upgrade: add Kubernetes components to NodeVersion

* update rfc
2023-01-03 12:09:53 +01:00
Leonard Cohnen
1466c12972 rfc: use hash annotation during upgrades 2022-12-08 11:08:37 +01:00
Malte Poll
d2c6e833e5
Write version API RFC (#635) 2022-12-05 17:02:49 +01:00
Paul Meyer
8004edcc14
image: add version and debug field to lookup table (#682)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-01 11:51:33 +01:00
leongross
61dec913ec
rfc: reproducible-builds (#465) 2022-12-01 10:08:48 +01:00
Malte Poll
fb2b1fbaff
Update RFC: use current config format in examples (#688) 2022-11-30 18:50:26 +01:00
3u13r
86bc9f4b38
rfc: include upgrade check command (#646)
* rfc: include upgrade check command
2022-11-29 11:45:21 +01:00
Nils Hanke
89b25f8ebb
Add new generate measurements matrix CI/CD action (now with AWS support) (#641) 2022-11-25 12:08:24 +01:00
Otto Bittner
594b43e629 Remove kubernetesServicesVersion from upgrade RFC.
Tracking two sets of versions would require us to have two versioning patterns
inside the Helm charts. It also complicates
the decision making for the user.
2022-11-24 15:50:37 +01:00
Malte Poll
78481b32e8
Move image artifacts "/v1/" => "/constellation/v1" (#579) 2022-11-17 16:14:38 +01:00
Malte Poll
cdaf1fc476
OS Image Build pipeline: prepare lookup tables and additional artifacts (#560) 2022-11-16 15:45:10 +01:00
Fabian Kammel
b92b3772ca
Remove access manager (#470)
* remove access manager from code base
* document new node ssh workflow
* keep config backwards compatible
* slow down link checking to prevent http 429
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-11 08:44:36 +01:00
Malte Poll
499d7a1fdd
AB#2566 RFC for image discoverability (description of image version uid) (#416)
Co-authored-by: Nils Hanke <Nirusu@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2022-11-08 14:04:14 +01:00
Thomas Tendyck
7ad55af07c
RFC: external KMS (#395)
* RFC: external KMS

* fixup! RFC: external

* fixup! RFC: external
2022-11-03 13:52:04 +01:00
Leonard Cohnen
1f8eba37c8 RFC: update updates RFC 2022-10-26 15:51:43 +02:00
3u13r
90c94ec53e
initial draft for automatic updates (#334)
* draft for automatic updates
2022-10-21 15:02:20 +02:00
Moritz Eckert
b95f3dbc91
Add docs to repo (#38) 2022-09-02 11:52:42 +02:00