katexochen
1556e239ca
Remove state file
2022-10-13 15:29:29 +02:00
katexochen
0d1fd8fb2a
Remove Azure client from CLI
2022-10-13 15:29:29 +02:00
katexochen
f4af9c56f5
Use Terraform for create Azure
2022-10-13 15:29:29 +02:00
Daniel Weiße
23afccb975
AB#2474 Implement List and Self method for AWS ( #229 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-12 13:40:38 +02:00
Fabian Kammel
57b8efd1ec
Improve measurements verification with Rekor ( #206 )
...
Fetched measurements are now verified using Rekor in addition to a signature check.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-10-11 13:57:52 +02:00
katexochen
eb700fb2ce
Release changelog
2022-10-10 13:43:15 +02:00
Daniel Weiße
0edae36e43
AB#2426 Mini Constellation ( #198 )
...
* Mini Constellation commands to quickly deploy a local Constellation cluster
* Download libvirt container image if not present locally
* Fix libvirt KVM permission issues by creating kvm group using host GID inside container
* Remove QEMU specific values from state file
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Nils Hanke <nils.hanke@outlook.com>
2022-10-07 09:38:43 +02:00
Leonard Cohnen
2e3176f87c
enable konnectivity
2022-10-07 03:38:05 +02:00
Nils Hanke
803209b12b
Update Go to 1.19.2 ( #219 )
2022-10-06 19:31:12 +02:00
katexochen
9edfc2f6ba
Move k8s version window up
2022-10-06 19:16:20 +02:00
Daniel Weiße
acdcb535c0
AB#2444 Verify Azure trusted launch attestation keys ( #203 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-04 16:44:44 +02:00
katexochen
d973740b03
Use Terraform for create on GCP
2022-09-30 16:50:52 +02:00
Daniel Weiße
804c173d52
Use terraform in CLI to create QEMU cluster ( #172 )
...
* Use terraform in CLI to create QEMU cluster
* Dont allow qemu creation on os/arch other than linux/amd64
* Allow usage of --name flag for QEMU resources
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-09-26 15:52:31 +02:00
katexochen
a040921e94
Update changelog
2022-09-20 13:41:23 +02:00
3u13r
774e300a32
Constellation conformance mode ( #161 )
...
* add conformance mode
2022-09-20 10:07:55 +02:00
Daniel Weiße
e367e1a68b
AB#2261 Add loadbalancer for control-plane recovery ( #151 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-09-14 13:25:42 +02:00
Leonard Cohnen
2d8f2af91b
prepare release v2.0.0
2022-09-12 19:03:01 +02:00
Leonard Cohnen
7163c161b6
Deploy Konnectivity
2022-09-09 17:26:02 +02:00
Daniel Weiße
8cb155d5c5
AB#2260 Refactor disk-mapper recovery ( #82 )
...
* Refactor disk-mapper recovery
* Adapt constellation recover command to use new disk-mapper recovery API
* Fix Cilium connectivity on rebooting nodes (#89 )
* Lower CoreDNS reschedule timeout to 10 seconds (#93 )
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-09-08 14:45:27 +02:00
Nils Hanke
8d7bb9905c
Add CLI create & verify changes to CHANGELOG.md
2022-09-08 13:38:24 +02:00
Nils Hanke
9e20ea15ce
Add firewall / debugCluster changes to README.md
2022-09-07 13:27:15 +02:00
Nils Hanke
0aefe2c0ba
Move instanceType from CLI to config
2022-09-02 07:04:11 -07:00
Moritz Eckert
db942ee4b5
Update references to docs ( #36 )
2022-09-01 09:27:25 +02:00
3u13r
f649219cbf
Feat/cilium strict mode2.0 ( #25 )
...
* bump cilium helm charts
* integrate cilium strict mode v2
2022-08-31 15:37:07 +02:00
katexochen
7d402f4e79
Update changelog
2022-08-31 14:10:08 +02:00
Nils Hanke
fc10b3419d
Build release CLI for Linux arm64 ( #29 )
2022-08-31 12:27:26 +02:00
Nils Hanke
1ecc56b69f
Remove cdbg-config.yaml ( #26 )
...
This removes systemd service upload support in cdbg,
but keeps it in the protobuf protocol.
2022-08-31 12:25:27 +02:00
Daniel Weiße
7c832273fd
AB#2309 constellation upgrade execute ( #2 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-29 16:49:44 +02:00
Otto Bittner
7c5556864b
AB#2333: Add AMD SNP-based attestation
...
Currently only available on Azure CVMs.
* Get the public attestation key from the TPM.
* Get the snp report from the TPM.
* Get the VCEK and ASK certificate from the metadata api.
* Verify VCEK using hardcoded root key (ARK)
* Verify SNP report using VCEK
* Verify HCLAkPub using SNP report by comparing
AK with runtimeData
* Extend unittest
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2022-08-29 16:29:33 +02:00
Nils Hanke
6da228758c
GCP: Add more N2D VMs to supported list ( #6 )
2022-08-29 09:50:40 +02:00
Fabian Kammel
d972f053f9
AB#2287 Public image sharing in Azure ( #350 )
...
Trusted launch VM images in original SIG, additional SIG for community images for CVM
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-26 17:34:46 +02:00
katexochen
e761c9bf97
Manually manage GCP service accounts
2022-08-24 11:44:05 +02:00
katexochen
2b25862c33
Update changelog
2022-08-23 18:11:20 +02:00
Moritz Eckert
94460654e7
Apply feedback for readme ( #389 )
...
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2022-08-23 13:46:06 +02:00
Fabian Kammel
33626986fe
Feat/cli multi os arch ( #390 )
...
* Implement multi arch/os pipeline
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-23 13:43:20 +02:00
Malte Poll
7d94ffee28
Updated CHANGELOG
2022-08-19 18:22:55 +02:00
Malte Poll
5216de0803
Update CHANGELOG
2022-08-19 14:39:36 +02:00
3u13r
29a1b5de42
increase helm install timeout ( #381 )
2022-08-19 13:28:16 +02:00
Fabian Kammel
170a8bf5e0
AB#2306 Public image sharing in Google ( #358 )
...
* document how to publicly share images in gcloud
* Write disclamer in debugd
* Add disclamer about debug images to contributing file
* Print debug banner on startup
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-16 15:53:54 +02:00
Daniel Weiße
ba4471a228
AB#2316 Configurable enforced PCRs ( #361 )
...
* Add warnings for non enforced, untrusted PCRs
* Fix global state in Config PCR map
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-12 15:59:45 +02:00
3u13r
9478303f80
deploy cilium via helmchart ( #321 )
2022-08-12 10:20:19 +02:00
Otto Bittner
c42e79ecfe
AB#2281: Run e2e tests on latest debug image ( #354 )
...
* e2e tests now execute on the latest debug image available by default
* e2e-manual workflow now takes an optional image reference to run on
* isDebugImage is a flag that has to be set in case
you are running a debug image
2022-08-09 15:29:39 +02:00
Malte Poll
c3f064fa09
Update CHANGELOG
2022-08-09 10:29:04 +02:00
Otto Bittner
1b9600c307
AB#2266: Test all supported version with e2e-tests
...
* e2e-test workflows execute two hours earlier.
* Run quick-mode e2e tests for the two older versions we support.
This triggers every night, together with the existing e2e tests.
Idea here is that we know that a cluster can be setup and initialized.
* Run full e2e tests for the two older versions each sunday.
* Do not abort manual e2e runs. This allows for parallel runs.
* Run unprivileged container
2022-08-09 10:02:15 +02:00
Otto Bittner
70336e4c9b
AB#2289: Release v1.4.0
2022-08-03 08:06:05 +02:00
Daniel Weiße
19871ee422
Enable integrity protection on boot ( #300 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-02 12:35:23 +02:00
Fabian Kammel
050e8fdc4a
AB#2159 Feat/cli/fetch measurements ( #301 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-01 09:37:05 +02:00
Daniel Weiße
9a3bd38912
Generate random salt for key derivation on init ( #309 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-07-29 09:52:47 +02:00
katexochen
d43ee053ed
Log disk uuid to cloud logging
2022-07-27 14:25:31 +02:00
Otto Bittner
44b5e042ea
AB#2077: Kubernetes 1.22.12 support ( #302 )
...
* Necessary changes to build join-service image
* Reference new join-service image
Tested on GCP and Azure using microservice-demo.
2022-07-27 13:38:14 +02:00