Commit Graph

121 Commits

Author SHA1 Message Date
Daniel Weiße
423e29e3ab Update to latest grpc generator
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-04 08:48:31 +02:00
Daniel Weiße
29206ac845 Use any instead of interface
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-04 08:48:31 +02:00
Malte Poll
17d73813a9 Force lowercase luks disk UUID in disk-mapper, disk-rekeying and recovery
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-04 08:41:32 +02:00
Daniel Weiße
10e9faab10 Remove GCP non CVMs
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-02 16:03:36 +02:00
Malte Poll
3817a57a83 disable tpm simulator in coordinator release binary
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-29 13:44:09 +02:00
Daniel Weiße
483f65175e Add OID doc comments
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-28 14:46:24 +02:00
Daniel Weiße
d9940fddae Only set cloud-provider as external if supported by the CSP
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-28 14:46:24 +02:00
Daniel Weiße
dcdfae141d Add qemu CSP for Coordinator
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-28 14:46:24 +02:00
Daniel Weiße
956ced6e3d Add qemu vTPM issuer and validator
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-28 14:46:24 +02:00
Malte Poll
f5aafd8178 Implement reinitialization of the coordinator after reboot
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-28 14:35:35 +02:00
Malte Poll
ffb471d023 Add GetVPNPeers pubapi endpoint
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-28 14:35:35 +02:00
Malte Poll
f827e479b1 Add VPNIP to nodestate
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-28 14:35:35 +02:00
Malte Poll
f2b3fc328b pubapi: extract StartVPNAPIServer and StartUpdateLoop as separate functions
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-28 14:35:35 +02:00
Malte Poll
77b0237dd5 extract shared grpcutil dialer from pubapi
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-28 14:35:35 +02:00
Thomas Tendyck
87efa50c1d clarify TestConcurrent purpose, limitations, and error expectations 2022-04-26 17:28:08 +02:00
Thomas Tendyck
2ef41d193f revert actNode in TestConcurrent 2022-04-26 17:28:08 +02:00
datosh
51068abc27 Ref/want err from err expected (#82)
consistent naming for test values using 'want' instead of 'expect/ed'
2022-04-26 16:54:05 +02:00
katexochen
482f675dac Capitalize Kubernetes 2022-04-26 12:02:17 +02:00
Benedict Schlueter
86178df205 coordinator-core: add multi coordinator Kubernetes integration (#39)
Signed-off-by: Benedict Schlueter <bs@edgeless.systems>
2022-04-25 17:39:18 +02:00
Benedict Schlueter
0ac9617dac kubernetes: support for certKey request / support for control-plane join
Signed-off-by: Benedict Schlueter <bs@edgeless.systems>
2022-04-25 17:39:18 +02:00
Benedict Schlueter
d8241a1b38 proto: add new functions / modify ActivateAsCoordinatorRequest
Signed-off-by: Benedict Schlueter <bs@edgeless.systems>
2022-04-25 17:39:18 +02:00
Daniel Weiße
e5e5161520 Move simulated TPM to own package
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-22 16:11:54 +02:00
Leonard Cohnen
2fb4c15753 remove aws nitro attestation 2022-04-21 14:50:22 +02:00
Daniel Weiße
37aff14cab AB#1903 Push keys to restarting nodes on trigger RPC
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-21 13:08:02 +02:00
Malte Poll
3ce3978063 update state disk passphrase on activation
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-21 11:45:54 +02:00
Malte Poll
1b6ecf27ee add cryptsetup wrapper to core
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-21 11:45:54 +02:00
Malte Poll
bb56b46e21 implement cryptsetup wrapper to change disk passphrase of constellation state disk
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-21 11:45:54 +02:00
Malte Poll
98aced1b36 remove AWS nitro dependencies & add libcryptsetup
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-21 11:45:54 +02:00
Benedict Schlüter
938beec2ef add KMS to multi-coordinator (#68) 2022-04-20 15:22:39 +02:00
Benedict Schlüter
990ca20469 increase gRPC error message verbosity (#62) 2022-04-16 20:57:33 +02:00
Benedict
8d5c50014d coordinator: add new multi-coord gRPC functions 2022-04-13 14:05:20 +02:00
Benedict
f0e35a43d4 peer: save PublicIP instead of publicEndpoint / add multi-coord gRPCs 2022-04-13 14:05:20 +02:00
Malte Poll
55a1aa783f Persist Node State to disk after node activation
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-13 13:07:10 +02:00
Malte Poll
0501d07f4a VPN: Add method to retrieve wireguard private key
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-13 13:07:10 +02:00
Malte Poll
e10a47f255 file handler: Add "mkdirAll" flag
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-13 13:07:10 +02:00
Daniel Weiße
49a1a07049 AB#1902 Ping Coordinator from initramfs for key (#53)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-12 14:24:36 +02:00
Malte Poll
4c73c5076e Integration tests: use simulated TPM in debug coordinator
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-12 14:11:07 +02:00
Malte Poll
bcd8c36777 Coordinator start: add skeleton to check for pre-existing node state
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-12 14:11:07 +02:00
Malte Poll
462052427f Add constellation node state
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-12 14:11:07 +02:00
Malte Poll
be004c971d Coordinator vTPM: add method to check for previous node initialization
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-12 14:11:07 +02:00
Malte Poll
af1aca4b34 Coordinator Role: json marshaling as string 2022-04-12 14:11:07 +02:00
datosh
4abb483902 Ref/store ectd (#45)
Improved unit & integration tests for store, by making them independent and test a single thing.
2022-04-12 09:38:10 +02:00
Thomas Tendyck
ea4b9d2d85 coordinator: send additional status log messages to cli in ActivateAsCoordinator 2022-04-05 16:23:48 +02:00
Malte Poll
f77536b38b Use containerd CRI socket in kubernetes 2022-04-04 10:57:54 +02:00
Daniel Weiße
f1299a40f4 Update GCP KMS tests and implementation
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-01 09:41:15 +02:00
Benedict
8a6825c429 refactor storewrapper IP handling / add coordinator IP-Block 2022-03-30 14:37:43 +02:00
Benedict
04be09d5d3 store: new error type (noElementsLeft) 2022-03-30 14:37:43 +02:00
Benedict
0718452bf9 etcdstore: fix missing errorcheck 2022-03-30 14:37:43 +02:00
Daniel Weiße
3282995bda AB#1877 Set location in azure cloud config
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-03-30 09:04:59 +02:00
Benedict Schlüter
719b6d5f6f separate addPeer into VPN- and store-add (#18) 2022-03-29 16:49:11 +02:00
Malte Poll
cf738bb973 Cloud provider Azure: add Secrets / Volumes / VolumeMounts / Env to cluster-autoscaler deployment 2022-03-29 15:13:30 +02:00
Malte Poll
97685648a4 Cloud provider GCP: add Secrets / Volumes / VolumeMounts / Env to cluster-autoscaler deployment 2022-03-29 15:13:30 +02:00
Malte Poll
203ae6df96 Cloud provider AWS: add Secrets / Volumes / VolumeMounts / Env to cluster-autoscaler deployment 2022-03-29 15:13:30 +02:00
Malte Poll
1e7794b4c2 Add Secrets / Volumes / VolumeMounts / Env to cluster-autoscaler deployment 2022-03-29 15:13:30 +02:00
Malte Poll
efdd88459b fix cloud-node-manager stub 2022-03-29 15:13:30 +02:00
Daniel Weiße
71b5a0c6c0 Set vmType in azure cloud config
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-03-29 13:40:40 +02:00
Malte Poll
391e36c0ac create and use kubeadm join token with no expiry 2022-03-28 13:58:09 +02:00
Malte Poll
037569cd85 Cloud provider fake: adopt changes to CCM / CNM for debug_coordinator 2022-03-28 13:35:21 +02:00
Malte Poll
20811794c2 Cloud provider Azure: adopt changes to CCM / CNM for Azure 2022-03-28 13:35:21 +02:00
Malte Poll
3c1ddfb94e Cloud provider GCP: adopt changes to CCM / CNM for GCP 2022-03-28 13:35:21 +02:00
Malte Poll
a59ce30e7b Cloud provider AWS: adopt changes to CCM / CNM for AWS 2022-03-28 13:35:21 +02:00
Malte Poll
78d2358b9c k8s: Use cloud provider ip as kubelet node-ip (if available) 2022-03-28 13:35:21 +02:00
Malte Poll
f5eddf8af0 Cloud providers: Add CloudNodeManager 2022-03-28 13:35:21 +02:00
Malte Poll
2158377f9f Cloud providers: Extend CCM with ExtraArgs / ConfigMaps / Secrets / Volumes / VolumeMounts and provide CloudServiceAccountURI 2022-03-28 13:35:21 +02:00
Malte Poll
bf726ebd87 k8s resource marshaler tests 2022-03-28 13:35:21 +02:00
Malte Poll
2ab846dd1a Extend k8s resource marshaling to slices 2022-03-28 13:35:21 +02:00
Benedict Schlüter
6f695892bf move updatePeers directly to the VPN and omit the store layer (#4) 2022-03-25 16:05:17 +01:00
Thomas Tendyck
2503d6e132 remove unused helpers in storewrapper 2022-03-25 13:35:08 +01:00
Thomas Tendyck
b1818ba089 fix stuttering StoreValueUnsetError 2022-03-25 13:35:08 +01:00
Daniel Weiße
f8e9c70337 Rework kms folder structure
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-03-25 09:38:16 +01:00
Leonard Cohnen
2d8fcd9bf4 monorepo
Co-authored-by: Malte Poll <mp@edgeless.systems>
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
Co-authored-by: Benedict Schlueter <bs@edgeless.systems>
Co-authored-by: leongross <leon.gross@rub.de>
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
2022-03-22 16:09:39 +01:00