Commit Graph

21 Commits

Author SHA1 Message Date
Adrian Stobbe
22d82a59ed
terraform: Terraform module for GCP (#2553) 2023-11-10 13:32:18 +01:00
Adrian Stobbe
cea6204b37
terraform: Terraform module for AWS (#2503) 2023-11-08 19:10:01 +01:00
Nils Hanke
04c4cff9f6
AB#2436: Initial support for create/terminate AWS NitroTPM instances
* Add .DS_Store to .gitignore

* Add AWS to config / supported instance types

* Move AWS terraform skeleton to cli/internal/terraform

* Move currently unused IAM to hack/terraform/aws

* Print supported AWS instance types when AWS dev flag is set

* Block everything aTLS related (e.g. init, verify) until AWS attestation is available

* Create/Terminate AWS dev cluster when dev flag is set

* Restrict Nitro instances to NitroTPM supported specifically

* Pin zone for subnets

This is not great for HA, but for now we need to avoid the two subnets
ending up in different zones, causing the load balancer to not be able
to connect to the targets.

Should be replaced later with a better implementation that just uses
multiple subnets within the same region dynamically
based on # of nodes or similar.

* Add AWS/GCP to Terraform TestLoader unit test

* Add uid tag and create log group

Co-authored-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-10-21 12:24:18 +02:00
renovate[bot]
b8d8562a6f Update Terraform random to v3.4.3 2022-10-14 09:13:35 +02:00
katexochen
ba6d707b46 Fix Terraform fmt 2022-10-13 14:54:19 +02:00
katexochen
d973740b03 Use Terraform for create on GCP 2022-09-30 16:50:52 +02:00
katexochen
f990c4d692 Create Terraform module for GCP 2022-09-30 16:50:52 +02:00
3u13r
130c61ffcf
initial AWS terraform (#180)
* initial AWS terraform
2022-09-27 14:02:56 +02:00
Daniel Weiße
804c173d52
Use terraform in CLI to create QEMU cluster (#172)
* Use terraform in CLI to create QEMU cluster

* Dont allow qemu creation on os/arch other than linux/amd64

* Allow usage of --name flag for QEMU resources

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-09-26 15:52:31 +02:00
Daniel Weiße
d0ba2eb6b7
Remove exporting of PCRs from QEMU metadata API (#169)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-09-19 14:29:21 +02:00
Otto Bittner
ef26917c5e AB#2369: Use contributing.md as ToC for dev docs.
* Structure content into typical sections and
split into separate files.
* Also document how to locally create measurements

Signed-off-by: Otto Bittner <cobittner@posteo.net>
2022-09-08 16:08:42 +02:00
Moritz Eckert
b95f3dbc91
Add docs to repo (#38) 2022-09-02 11:52:42 +02:00
Otto Bittner
0892525915 Switch to Azure CVMs 2022-08-19 14:39:36 +02:00
Malte Poll
af99f91fec update qemu metadata image version and use correct CSP name in qemu state (#377) 2022-08-18 15:59:01 +02:00
Malte Poll
f63c99a1bd Use go pseudo versions for container images
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-07-14 17:34:33 +02:00
Malte Poll
260d2571c1 Only upload kubeadm certs if key is rotated
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: 3u13r <lc@edgeless.systems>
2022-07-14 17:25:18 +02:00
Daniel Weiße
4be29b04dc AB#1915 Local PCR calculation (#243)
* Add QEMU cloud-logging

* Add QEMU metadata endpoints to collect logs during cluster boot

* Send PCRs to QEMU metadata if boot fails on Azure or GCP

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-07-04 12:59:43 +02:00
Daniel Weiße
040e498b42 AB#2114 Add QEMU metadata API (#237)
* Add QEMU metadata API

* API server is started automatically when using terraform to deploy a QEMU cluster

* Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-30 11:14:26 +02:00
leongross
15e668d09b Add machine variable to terraform module (#179)
* add variable machine to enable/disable secure boot

* add role description
2022-05-30 10:29:34 +02:00
Malte Poll
88ec7397c9 terraform libvirt: document usage
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-25 10:30:58 +02:00
Malte Poll
ff657a2ee7 terraform template libvirt
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-25 10:30:58 +02:00