Commit Graph

267 Commits

Author SHA1 Message Date
katexochen
238a3c222b image: update measurements and image version 2023-10-30 11:23:12 +01:00
katexochen
5eb6cc6d08 image: update measurements and image version 2023-10-25 10:54:56 +02:00
Daniel Weiße
671cf36f0a
cli: common backend for init and upgrade apply commands (#2449)
* Use common 'apply' backend for init and upgrades
* Move unit tests to new apply backend
* Only perform Terraform migrations if state exists in cwd (#2457)
* Rework skipPhases logic

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-10-24 15:39:18 +02:00
edgelessci
5cd70ac58a
image: update measurements and image version (#2482)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-10-20 08:10:51 +02:00
edgelessci
43ee0791c6
image: update measurements and image version (#2477)
Co-authored-by: 3u13r <3u13r@users.noreply.github.com>
2023-10-19 14:50:52 +02:00
3u13r
0c89f57ac5
Support internal load balancers (#2388)
* arch: support internal lb on Azure

* arch: support internal lb on GCP

* helm: remove lb svc from verify deployment

* arch: support internal lb on AWS

* terraform: add jump hosts for internal lb

* cli: expose internalLoadBalancer in config

* ci: add e2e-manual-internal

* add in-cluster endpoint to terraform output
2023-10-17 15:46:15 +02:00
edgelessci
e231a24916
image: update measurements and image version (#2428)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-10-11 10:33:54 +02:00
katexochen
957f8ad203 image: update measurements and image version 2023-10-06 08:09:28 +02:00
edgelessci
7e899d09c4
image: update measurements and image version (#2405)
Co-authored-by: malt3 <malt3@users.noreply.github.com>
2023-10-04 14:24:57 +02:00
Moritz Sanft
a5021c52d3
joinservice: cache certificates for Azure SEV-SNP attestation (#2336)
* add ASK caching in joinservice

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use cached ASK in Azure SEV-SNP attestation

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* update test charts

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix linter

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix typ

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* make caching mechanism less provider-specific

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* update buildfiles

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add `omitempty` flag

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* frontload certificate getter

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* rename frontloaded function

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* pass cached certificates to constructor

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix race condition

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix marshalling of empty certs

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix validator usage

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* [wip] add certcache tests

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add certcache tests

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* tidy

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix validator test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove unused fields in validator

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix certificate precedence

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use separate context

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* tidy

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* linter fixes

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* linter fixes

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* Remove unnecessary comment

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* use background context

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* Use error format directive

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* `azure` -> `Azure`

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* improve error messages

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add x509 -> PEM util function

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use crypto util functions

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix certificate replacement logic

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* only require ASK from certcache

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* tidy

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix comment typo

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-09-29 14:29:50 +02:00
edgelessci
f543922944
image: update measurements and image version (#2383)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-09-27 08:28:32 +02:00
Adrian Stobbe
118f789c2f
cli: fix Azure SEV-SNP latest version logic (#2343) 2023-09-25 11:53:02 +02:00
edgelessci
df77696620
image: update measurements and image version (#2351)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-09-25 10:18:55 +02:00
katexochen
f3f4944239 image: update measurements and image version 2023-09-20 10:52:13 +02:00
Adrian Stobbe
22c2a73ae2
cli: store kubernetes version as strong type in config (#2287)
Co-authored-by: Otto Bittner <cobittner@posteo.net>
Co-authored-by: 3u13r <lc@edgeless.systems>
2023-09-19 13:50:00 +02:00
katexochen
83cfc86df1 image: update measurements and image version 2023-09-15 08:37:08 +02:00
katexochen
9c54ff06e0 image: update measurements and image version 2023-09-14 10:16:45 +02:00
edgelessci
4813296062
image: update measurements and image version (#2320)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-09-09 15:19:24 +02:00
3u13r
a25c90e9bb
remove deprecated constellation create flags (#2325)
* chore: clean-up TODOs

* cli: make OpenStack error explicit

* cli: remove deprecated flags

* config: require DeployCSIDriver field
2023-09-08 21:15:02 +02:00
edgelessci
4b48b5fdef
image: update measurements and image version (#2309)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-09-06 08:40:59 +02:00
edgelessci
463833433c
image: update measurements and image version (#2295)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-09-01 08:19:37 +02:00
edgelessci
eed2be0aa3
image: update measurements and image version (#2294)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-08-30 14:03:35 +02:00
edgelessci
0f4bd8296b
image: update measurements and image version (#2284)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-08-25 08:45:50 +02:00
edgelessci
3d5d291891
image: update measurements and image version (#2274)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-08-23 09:38:12 +02:00
3u13r
8325f99b09
deps: support Kubernetes 1.28 (#2242) 2023-08-18 11:13:24 +02:00
edgelessci
04ece90172
image: update measurements and image version (#2247)
Co-authored-by: malt3 <malt3@users.noreply.github.com>
2023-08-17 08:17:28 +02:00
edgelessci
f270e91724
image: update measurements and image version (#2238)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-08-16 09:41:01 +02:00
edgelessci
aa787a3ea6
image: update measurements and image version (#2206)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-08-11 11:19:57 +02:00
Daniel Weiße
c9cae643e2
internal: fix unmarshalling attestation version numbers from JSON (#2187)
* Fix unmarshalling attestation version numbers from JSON

* Add unit test for UnmarshalJSON

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-09 15:11:14 +02:00
Adrian Stobbe
d8db9d0add
strict input validation on attestation version numbers (#2180) 2023-08-09 11:41:04 +02:00
edgelessci
81a13319b7
image: update measurements and image version (#2183)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-08-09 10:14:39 +02:00
3u13r
4564017b13
config: fix aws instance type validation (#2171) 2023-08-04 18:16:49 +02:00
Malte Poll
15bb9588d7
cli: update config migration to migrate v3 -> v4 (#2166) 2023-08-04 15:57:36 +02:00
Malte Poll
7bfcb0bd5d cli: remove old config migration from v2 to v3 2023-08-04 12:36:45 +02:00
Malte Poll
c0177c565f config: update tests 2023-08-04 12:36:45 +02:00
Malte Poll
b61deb6a03 config: update validation to work with nodeGroups 2023-08-04 12:36:45 +02:00
Malte Poll
2246c31b7b config: define lists of valid disk types 2023-08-04 12:36:45 +02:00
Malte Poll
15bb3b31fd config: add nodeGroups 2023-08-04 12:36:45 +02:00
edgelessci
75c49b6515
image: update measurements and image version (#2163)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-08-04 09:58:31 +02:00
edgelessci
d71422667e
image: update measurements and image version (#2157)
Co-authored-by: daniel-weisse <daniel-weisse@users.noreply.github.com>
2023-08-04 08:35:19 +02:00
Daniel Weiße
86c5fb5fab
config: reorder values (#2154)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-02 16:01:10 +02:00
edgelessci
da1376cd90
image: update measurements and image version (#2151)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-08-02 10:13:56 +02:00
Otto Bittner
dac690656e
api: add functions to transparently handle signatures upon API interaction (#2142) 2023-08-01 16:48:13 +02:00
Otto Bittner
1d5a8283e0
cli: use Semver type to represent microservice versions (#2125)
Previously we used strings to pass microservice versions. This invited
bugs due to missing input validation.
2023-07-25 14:20:25 +02:00
Malte Poll
8da6a23aa5
bootstrapper: add fallback endpoint and custom endpoint to SAN field (#2108)
terraform: collect apiserver cert SANs and support custom endpoint

constants: add new constants for cluster configuration and custom endpoint

cloud: support apiserver cert sans and prepare for endpoint migration on AWS

config: add customEndpoint field

bootstrapper: use per-CSP apiserver cert SANs

cli: route customEndpoint to terraform and add migration for apiserver cert SANs

bootstrapper: change interface of GetLoadBalancerEndpoint to return host and port separately
2023-07-21 16:43:51 +02:00
edgelessci
3324a4eba2
image: update measurements and image version (#2124)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-07-21 16:20:41 +02:00
edgelessci
2660c1aa87
image: update measurements and image version (#2116)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-07-19 08:35:56 +02:00
Otto Bittner
ff4b5db74c
config: make deployCSIDriver backwards compatible (#2088)
We added the field in 2.9 but can only require it in 2.10.
2023-07-12 15:08:37 +02:00
Adrian Stobbe
7e83991154
feat: status shows attestation config (#2056)
* init

* update doc

* fix tests

* unmarshal typed attestation config for consistent yaml formatting

* fix comments

* marshal numerical attestation values in join-config

* GetAttestationConfig marshals numerical value
2023-07-07 17:02:01 +02:00
edgelessci
b71d5cdc17
image: update measurements and image version (#2054)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-07-07 08:13:54 +02:00