Commit Graph

66 Commits

Author SHA1 Message Date
katexochen
1556e239ca Remove state file 2022-10-13 15:29:29 +02:00
katexochen
0d1fd8fb2a Remove Azure client from CLI 2022-10-13 15:29:29 +02:00
katexochen
f4af9c56f5 Use Terraform for create Azure 2022-10-13 15:29:29 +02:00
Daniel Weiße
23afccb975
AB#2474 Implement List and Self method for AWS (#229)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-12 13:40:38 +02:00
Fabian Kammel
57b8efd1ec
Improve measurements verification with Rekor (#206)
Fetched measurements are now verified using Rekor in addition to a signature check.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-10-11 13:57:52 +02:00
katexochen
eb700fb2ce Release changelog 2022-10-10 13:43:15 +02:00
Daniel Weiße
0edae36e43
AB#2426 Mini Constellation (#198)
* Mini Constellation commands to quickly deploy a local Constellation cluster

* Download libvirt container image if not present locally

* Fix libvirt KVM permission issues by creating kvm group using host GID inside container

* Remove QEMU specific values from state file

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Nils Hanke <nils.hanke@outlook.com>
2022-10-07 09:38:43 +02:00
Leonard Cohnen
2e3176f87c enable konnectivity 2022-10-07 03:38:05 +02:00
Nils Hanke
803209b12b
Update Go to 1.19.2 (#219) 2022-10-06 19:31:12 +02:00
katexochen
9edfc2f6ba Move k8s version window up 2022-10-06 19:16:20 +02:00
Daniel Weiße
acdcb535c0
AB#2444 Verify Azure trusted launch attestation keys (#203)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-04 16:44:44 +02:00
katexochen
d973740b03 Use Terraform for create on GCP 2022-09-30 16:50:52 +02:00
Daniel Weiße
804c173d52
Use terraform in CLI to create QEMU cluster (#172)
* Use terraform in CLI to create QEMU cluster

* Dont allow qemu creation on os/arch other than linux/amd64

* Allow usage of --name flag for QEMU resources

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-09-26 15:52:31 +02:00
katexochen
a040921e94 Update changelog 2022-09-20 13:41:23 +02:00
3u13r
774e300a32
Constellation conformance mode (#161)
* add conformance mode
2022-09-20 10:07:55 +02:00
Daniel Weiße
e367e1a68b
AB#2261 Add loadbalancer for control-plane recovery (#151)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-09-14 13:25:42 +02:00
Leonard Cohnen
2d8f2af91b prepare release v2.0.0 2022-09-12 19:03:01 +02:00
Leonard Cohnen
7163c161b6 Deploy Konnectivity 2022-09-09 17:26:02 +02:00
Daniel Weiße
8cb155d5c5
AB#2260 Refactor disk-mapper recovery (#82)
* Refactor disk-mapper recovery

* Adapt constellation recover command to use new disk-mapper recovery API

* Fix Cilium connectivity on rebooting nodes (#89)

* Lower CoreDNS reschedule timeout to 10 seconds (#93)

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-09-08 14:45:27 +02:00
Nils Hanke
8d7bb9905c Add CLI create & verify changes to CHANGELOG.md 2022-09-08 13:38:24 +02:00
Nils Hanke
9e20ea15ce Add firewall / debugCluster changes to README.md 2022-09-07 13:27:15 +02:00
Nils Hanke
0aefe2c0ba Move instanceType from CLI to config 2022-09-02 07:04:11 -07:00
Moritz Eckert
db942ee4b5
Update references to docs (#36) 2022-09-01 09:27:25 +02:00
3u13r
f649219cbf
Feat/cilium strict mode2.0 (#25)
* bump cilium helm charts

* integrate cilium strict mode v2
2022-08-31 15:37:07 +02:00
katexochen
7d402f4e79 Update changelog 2022-08-31 14:10:08 +02:00
Nils Hanke
fc10b3419d
Build release CLI for Linux arm64 (#29) 2022-08-31 12:27:26 +02:00
Nils Hanke
1ecc56b69f
Remove cdbg-config.yaml (#26)
This removes systemd service upload support in cdbg,
but keeps it in the protobuf protocol.
2022-08-31 12:25:27 +02:00
Daniel Weiße
7c832273fd
AB#2309 constellation upgrade execute (#2)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-29 16:49:44 +02:00
Otto Bittner
7c5556864b AB#2333: Add AMD SNP-based attestation
Currently only available on Azure CVMs.

* Get the public attestation key from the TPM.
* Get the snp report from the TPM.
* Get the VCEK and ASK certificate from the metadata api.
* Verify VCEK using hardcoded root key (ARK)
* Verify SNP report using VCEK
* Verify HCLAkPub using SNP report by comparing
AK with runtimeData
* Extend unittest

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2022-08-29 16:29:33 +02:00
Nils Hanke
6da228758c
GCP: Add more N2D VMs to supported list (#6) 2022-08-29 09:50:40 +02:00
Fabian Kammel
d972f053f9 AB#2287 Public image sharing in Azure (#350)
Trusted launch VM images in original SIG, additional SIG for community images for CVM
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-26 17:34:46 +02:00
katexochen
e761c9bf97 Manually manage GCP service accounts 2022-08-24 11:44:05 +02:00
katexochen
2b25862c33 Update changelog 2022-08-23 18:11:20 +02:00
Moritz Eckert
94460654e7 Apply feedback for readme (#389)
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2022-08-23 13:46:06 +02:00
Fabian Kammel
33626986fe Feat/cli multi os arch (#390)
* Implement multi arch/os pipeline
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-23 13:43:20 +02:00
Malte Poll
7d94ffee28 Updated CHANGELOG 2022-08-19 18:22:55 +02:00
Malte Poll
5216de0803 Update CHANGELOG 2022-08-19 14:39:36 +02:00
3u13r
29a1b5de42 increase helm install timeout (#381) 2022-08-19 13:28:16 +02:00
Fabian Kammel
170a8bf5e0 AB#2306 Public image sharing in Google (#358)
* document how to publicly share images in gcloud
* Write disclamer in debugd
* Add disclamer about debug images to contributing file
* Print debug banner on startup
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-16 15:53:54 +02:00
Daniel Weiße
ba4471a228 AB#2316 Configurable enforced PCRs (#361)
* Add warnings for non enforced, untrusted PCRs

* Fix global state in Config PCR map

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-12 15:59:45 +02:00
3u13r
9478303f80 deploy cilium via helmchart (#321) 2022-08-12 10:20:19 +02:00
Otto Bittner
c42e79ecfe AB#2281: Run e2e tests on latest debug image (#354)
* e2e tests now execute on the latest debug image available by default
* e2e-manual workflow now takes an optional image reference to run on
* isDebugImage is a flag that has to be set in case
you are running a debug image
2022-08-09 15:29:39 +02:00
Malte Poll
c3f064fa09 Update CHANGELOG 2022-08-09 10:29:04 +02:00
Otto Bittner
1b9600c307 AB#2266: Test all supported version with e2e-tests
* e2e-test workflows execute two hours earlier.
* Run quick-mode e2e tests for the two older versions we support.
This triggers every night, together with the existing e2e tests.
Idea here is that we know that a cluster can be setup and initialized.
* Run full e2e tests for the two older versions each sunday.
* Do not abort manual e2e runs. This allows for parallel runs.
* Run unprivileged container
2022-08-09 10:02:15 +02:00
Otto Bittner
70336e4c9b AB#2289: Release v1.4.0 2022-08-03 08:06:05 +02:00
Daniel Weiße
19871ee422 Enable integrity protection on boot (#300)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-02 12:35:23 +02:00
Fabian Kammel
050e8fdc4a AB#2159 Feat/cli/fetch measurements (#301)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-01 09:37:05 +02:00
Daniel Weiße
9a3bd38912 Generate random salt for key derivation on init (#309)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-07-29 09:52:47 +02:00
katexochen
d43ee053ed Log disk uuid to cloud logging 2022-07-27 14:25:31 +02:00
Otto Bittner
44b5e042ea AB#2077: Kubernetes 1.22.12 support (#302)
* Necessary changes to build join-service image
* Reference new join-service image

Tested on GCP and Azure using microservice-demo.
2022-07-27 13:38:14 +02:00