Markus Rudy
837b24bf54
versions: generate k8s image patches (incl etcd) ( #2764 )
...
* versions: generate k8s image patches (incl etcd)
2023-12-21 20:56:55 +01:00
Daniel Weiße
8c1972c335
ci: fix artifact upload in image build pipeline ( #2765 )
...
* Fix parameter expansion when uploading multiple files
* On download, ensure target directory exists
* Rename encryption-secret -> encryptionSecret
* Remove incorrect secret access from e2e test action
* Add missing checkout action to workflows using our download action
* Fix spacing
* Fix upload action uploading whole directory structure instead of target files
* Explicitly give write permissions to Azure disk image, since permissions are no longer dropped on upload
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-12-21 19:28:18 +01:00
Malte Poll
66c0b581b2
ci: update bash on darwin to support newer bash features ( #2672 )
2023-12-21 18:12:07 +01:00
Daniel Weiße
6e4c0bd8aa
ci: fix artifacts download/upload for release draft workflow ( #2759 )
...
* Pin upload and download actions by hash
* Dont expect encrypted artifacts in release pipeline
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-12-21 15:52:58 +01:00
Daniel Weiße
945152d049
Revert "deps: update actions/download-artifact action to v4 ( #2753 )" ( #2767 )
...
This reverts commit b550c92ac9
.
2023-12-21 15:44:40 +01:00
renovate[bot]
8644b958ea
deps: update actions/setup-go action to v5 ( #2754 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-21 12:54:39 +01:00
renovate[bot]
37ec431fab
deps: update K8s dependencies ( #2763 )
...
* deps: update K8s dependencies
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
2023-12-21 12:42:04 +01:00
renovate[bot]
b550c92ac9
deps: update actions/download-artifact action to v4 ( #2753 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-21 08:44:52 +01:00
renovate[bot]
5999f9e3a1
deps: update cachix/install-nix-action action to v24 ( #2757 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-21 08:43:44 +01:00
renovate[bot]
1409d4aa3f
deps: update dependency aspect_bazel_lib to v2.0.3 ( #2751 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-20 18:10:49 +01:00
renovate[bot]
ced03202a9
deps: update fedora:38 Docker digest to 3f01c8f ( #2749 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-20 18:07:20 +01:00
renovate[bot]
110bf9103d
deps: update Constellation containers ( #2760 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-20 18:03:44 +01:00
renovate[bot]
dcf1b88a29
deps: update actions/checkout action to v4 ( #2752 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-20 16:10:35 +01:00
renovate[bot]
d0cfd5590d
deps: update dependency cryptography to v41.0.6 [SECURITY] ( #2657 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-20 16:04:15 +01:00
renovate[bot]
ec813b2102
deps: update golang:1.21.5 Docker digest to 1a9d253 ( #2750 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-20 15:59:39 +01:00
renovate[bot]
4f374fbeb2
deps: update module github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4 to v5 ( #2748 )
...
* deps: update module github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4 to v5
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-12-20 15:58:55 +01:00
Moritz Sanft
82e2875927
terraform-provider: add input validation ( #2744 )
...
* terraform-provider: add validation for `constellation_image`
* terraform-provider: add validation for `constellation_cluster`
* image: accept short path versions
* terraform-provider: correct error statement
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* terraform-provider: remove superfluous log statements
* terraform-provider: fix error assertion casing
* terraform-provider: remove superfluous semver check
* Update terraform-provider-constellation/internal/provider/shared_attributes.go
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
---------
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
2023-12-20 15:56:48 +01:00
renovate[bot]
db65f5116d
deps: update dependency rules_python to v0.27.1 ( #2591 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-20 15:42:36 +01:00
miampf
a429ca50e7
ci: encrypt artifacts ( #2567 )
2023-12-20 14:17:49 +00:00
Adrian Stobbe
0e84c6cc3e
update release process ( #2747 )
2023-12-20 14:42:20 +01:00
Markus Rudy
54c2fa1b3d
ci: start v2.15-pre window
2023-12-20 08:52:18 +01:00
Markus Rudy
004aa6c5ed
ci: fix release branch naming
2023-12-20 08:29:50 +01:00
Markus Rudy
85a13fab19
ci: correctly pass branch names in on-release workflow
2023-12-20 08:29:50 +01:00
Markus Rudy
607aa6dbe1
ci: allow on-release workflow to delete branches
2023-12-20 08:29:50 +01:00
Markus Rudy
7f8cfb8f03
operators: fix flaky env test
2023-12-19 20:01:10 +01:00
Markus Rudy
3c05150721
ci: don't run unit tests in integration test workflow
2023-12-19 20:00:21 +01:00
Markus Rudy
441672cbdc
ci: add burgerdev to e2e failure assignees
2023-12-19 19:59:16 +01:00
edgelessci
6b2c00693c
docs: add release v2.14.0 ( #2734 )
...
Co-authored-by: burgerdev <burgerdev@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
2023-12-19 17:05:40 +01:00
Malte Poll
ae6b22a143
deps: update rules_oci to a pre-release version to fix memory leak ( #2729 )
...
rules_oci spawns local container registry processes and in the past,
those would not be cleaned up explicitly, leading to an accumulation
of processes when using remote execution with buildbarn.
This pre-release contains a fix: https://github.com/bazel-contrib/rules_oci/pull/421
Additionally, windows support for rules_oci was removed in this fork,
since it is currently broken.
2023-12-19 15:40:04 +01:00
renovate[bot]
6c5170da79
deps: update module golang.org/x/crypto to v0.17.0 [SECURITY] ( #2736 )
...
* deps: update module golang.org/x/crypto to v0.17.0 [SECURITY]
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-12-19 08:53:15 +01:00
Markus Rudy
1d05f438ff
ci: remove Windows Terraform provider
2023-12-18 17:57:00 +01:00
Moritz Sanft
9414f29b51
terraform-provider: lock-step microservice version ( #2733 )
2023-12-18 14:21:19 +01:00
Markus Rudy
615e731855
upgrade-agent: pass patches to kubeadm
2023-12-18 14:17:35 +01:00
Markus Rudy
ce9e25c150
bootstrapper: pass patches to kubeadm
2023-12-18 14:17:35 +01:00
Markus Rudy
070c23f876
operators: pass additional components to upgrade-agent
2023-12-18 14:17:35 +01:00
Markus Rudy
6f1b6b532f
upgrade-agent: allow more than one KubernetesComponent
2023-12-18 14:17:35 +01:00
Markus Rudy
4ba483ec0e
versions: add Kubernetes image patches to components
2023-12-18 14:17:35 +01:00
Markus Rudy
b740a1a75b
versions: designate components for upgrades
2023-12-18 14:17:35 +01:00
Moritz Sanft
7c5b95bbcc
terraform-provider: warn about microservice version changes ( #2730 )
...
* terraform-provider: update data source examples
* terraform-provider: warn about destructive microservice changes
* terraform-provider: use `name` variable
* terraform-provider: only perform pre-apply checks on upgrades
* terraform-provider: fix conditional
* terraform-provider: remove obsolete version checks
2023-12-18 13:55:44 +01:00
Daniel Weiße
f2c1bdbf82
ci: remove conditional from AWS login in e2e verify test ( #2727 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-12-18 11:51:50 +01:00
edgelessci
086b42b08f
image: update locked rpms ( #2726 )
...
Co-authored-by: malt3 <malt3@users.noreply.github.com>
2023-12-18 11:02:42 +01:00
Moritz Sanft
af791bd221
terraform-provider: add usage examples ( #2713 )
...
* terraform-provider: add usage example for Azure
* terraform-provider: add usage example for AWS
* terraform-provider: add usage example for GCP
* terraform-provider: update usage example for Azure
* terraform-provider: update generated documentation
* docs: adjust creation on Azure and link to examples
* terraform-provider: unify image in-/output (#2725 )
* terraform-provider: check for returned error when converting microservices
* terraform-provider: use state values for outputs after creation
* terraform-provider: ignore invalid upgrades (#2728 )
---------
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-12-18 10:15:54 +01:00
Adrian Stobbe
88d626d302
feat: pin cert-manager image to sha256 checksum ( #2721 )
2023-12-18 09:28:50 +01:00
3u13r
183c564483
cilium: enable bpf masquerading ( #2723 )
...
* cilium: enable bpf masquerading
* cilium: also enable ipMasqAgent
* cilium: remove custom Azure masqing
2023-12-15 23:07:03 +01:00
3u13r
0111b6d718
deps: Update cert manager to 1.12.6 ( #2700 )
...
* deps: bump cert manager to 1.13.2
* helm: allow minor jump for cert-manager
2023-12-15 17:44:00 +01:00
Daniel Weiße
a1f67d0884
cli: fix upgrades when using outdated Kubernetes patch version ( #2718 )
...
* Fix missing image for Constellation operators in our Helm charts if the desired Kubernetes patch version is no longer supported (but Kubernetes upgrades are skipped)
* Correctly unmarshal Kubernetes Components list if the list uses an old format
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-12-15 15:45:52 +01:00
Daniel Weiße
724ee44466
ci: Terraform provider e2e tests ( #2712 )
...
* Refactor selfManagedInfra input to clusterCreation in e2e tests
* Run e2e test using terraform provider
* Allow insecure measurement fetching in Terraform provider
* Run Terraform provider test instead of module test in weekly runs
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-12-15 10:37:29 +01:00
Adrian Stobbe
9667dfff58
terraform: align infrastructure module attributes ( #2703 )
...
* all vars have snail_case
* make iam schema consistent
* infrastructure schema
* terraform: update AWS infrastructure module
* fix ci
* terraform: update AWS infrastructure module
* terraform: update AWS IAM module
* terraform: update Azure Infrastructure module inputs
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform: update Azure IAM module
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform: update GCP infrastructure module
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform: update GCP IAM module
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform: update OpenStack Infrastructure module
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform: update QEMU Infrastructure module
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform-module: fix input name
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform: tidy
* cli: ignore whitespace in Terraform variable tests
* terraform-module: fix AWS output names
* terraform-module: fix output references
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform: rename `api_server_cert_sans`
* Update terraform/infrastructure/aws/modules/public_private_subnet/variables.tf
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* fix self-managed
* terraform: revert AWS modules output file renaming
* terraform: remove duplicate varable declaration
* terraform: rename Azure location field
* ci: adjust output name in self-managed e2e test
* e2e: continuously print output in upgrade test
* e2e: write to output variables
* cli: migrate IAM variable names
* cli: make `location` field optional
---------
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2023-12-15 10:36:58 +01:00
edgelessci
6f6f28b8cc
image: update measurements and image version ( #2722 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-12-15 08:18:25 +01:00
edgelessci
2c50abcc91
image: update measurements and image version ( #2720 )
...
Co-authored-by: malt3 <malt3@users.noreply.github.com>
2023-12-14 19:35:40 +01:00