edgelessci
2acbd10ef7
image: update measurements and image version ( #2831 )
...
Co-authored-by: malt3 <malt3@users.noreply.github.com>
2024-01-17 18:55:10 +01:00
Malte Poll
b8933560be
image upload: use unique blob name for AWS images uploaded to S3 ( #2830 )
...
When uploading images to AWS, they need to be uploaded to S3 first.
Since blob names are not unique between attestation variants, there
was a possibility for one S3 upload to be used for the wrong AMI.
2024-01-17 17:09:07 +01:00
edgelessci
6259815869
image: update measurements and image version ( #2828 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2024-01-17 08:11:53 +01:00
Malte Poll
9d6321faa3
uplosi: use separate galleries for Azure TDX and TDX
2024-01-16 17:34:44 +01:00
Malte Poll
336ba6bc34
attestation: add Azure TDX variant
...
Only a stub for now.
2024-01-16 17:34:44 +01:00
Malte Poll
5063b815f1
config: allow Azure TDX instance types
2024-01-16 17:34:44 +01:00
Markus Rudy
e29ea77d23
helm: bump Cilium chart version ( #2822 )
...
* helm: bump Cilium chart version
* helm: generate Cilium chart
2024-01-16 14:49:24 +01:00
Malte Poll
b7bab7c3c8
image: replace "upload {aws|azure|gcp}" with uplosi
2024-01-15 13:53:15 +01:00
Malte Poll
fb392c2d50
image: add image uploader that uses uplosi in the background
...
This implementation will replace the custom Go code in
internal/osimage/{aws|azure|gcp} and still conforms to the same interface.
2024-01-15 13:53:15 +01:00
Malte Poll
181b8f64d2
image: add static (per-CSP) measurements during "measurement envelope"
...
This logic was previously performed in a GitHub Actions workflow
using yq.
Since every step should now be performed in Bazel, this now needs to happen here.
2024-01-15 13:53:15 +01:00
edgelessci
2fea43a320
image: update measurements and image version ( #2817 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2024-01-12 08:20:15 +01:00
Adrian Stobbe
baad7d8310
aws sev snp resolves latest version values on GetAttestationConfig ( #2810 )
2024-01-10 13:32:13 +01:00
edgelessci
c61507f220
image: update measurements and image version ( #2812 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2024-01-10 08:13:30 +01:00
Markus Rudy
ef6f63dc48
Fix various small things throughout the codebase ( #2800 )
...
* bootstrapper: remove obsolete log statement
* ci: simplify variable usage
Co-authored-by: Daniel Weiße <daniel-weisse@users.noreply.github.com>
* cli: add missing formatting directive
* helm: fix rm invocation
* ci: document reproducible-builds workflow
* constants: use variables for measurement files
* constants: use variables for CDN distribution ID
* ci: make Helm version explicit
* api: prettify versionsapi-list output
* ci: remove obsolete docstring
---------
Co-authored-by: Daniel Weiße <daniel-weisse@users.noreply.github.com>
2024-01-09 19:37:56 +01:00
3u13r
badcdcb764
deps: bump cilium to v1.15.0-pre.3-edg.1 ( #2808 )
2024-01-09 16:45:56 +01:00
renovate[bot]
bacb8ff886
deps: update AWS SDK ( #2809 )
...
* deps: update AWS SDK
* deps: fix AWS SDK upgrade breakage
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Markus Rudy <mr@edgeless.systems>
2024-01-09 16:18:33 +01:00
Malte Poll
a8bca88eeb
k8s: add 1.29, remove 1.26, default 1.28 ( #2803 )
...
undefined
2024-01-08 16:53:12 +01:00
Moritz Sanft
e691e26bd3
cli: support for GCP marketplace images ( #2792 )
...
* cli: support GCP marketplace images
* ci: support GCP marketplace images
* docs: support GCP marketplace images
* bazel: generate
* ci: allow GCP for mpi e2e test
* Update docs/docs/overview/license.md
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* terraform-provider: allow GCP MPIs
* terraform-provider: fix error message
---------
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2024-01-08 15:51:39 +01:00
Daniel Weiße
90f3336c8e
deps: remove go.mod
files from submodules ( #2769 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-08 13:19:38 +01:00
edgelessci
cbf744a095
image: update measurements and image version ( #2795 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2024-01-05 09:27:11 +01:00
3u13r
15cc7b919b
Add pod disruption budgets so the cluster-autoscaler is able to move kube-admin namespaced resources ( #2781 )
...
* helm: refactor cilium helm values
* helm: add pod disruption budgets
2024-01-03 18:00:42 +01:00
3u13r
0167a4a286
helm: remove konnectivity agents ( #2790 )
2024-01-03 14:09:32 +01:00
edgelessci
3d8e548dcd
image: update measurements and image version ( #2789 )
...
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2024-01-03 13:08:45 +01:00
3u13r
45479b307e
helm: masq traffic to the mini-qemu-metadata container so that the join-service can retrieve it's metadata ( #2782 )
...
* helm: masq traffic to the mini-qemu-metadata container
* ci: fix waiting for nodes in miniconstellation e2e test
2024-01-02 14:33:03 +01:00
renovate[bot]
c8fc04d991
deps: update Kubernetes versions ( #2762 )
...
* deps: update Kubernetes versions
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-12-22 14:10:39 +01:00
Adrian Stobbe
436e7c6d3b
terraform-provider: validate image and microservice version ( #2766 )
2023-12-22 10:24:13 +01:00
Daniel Weiße
519efe637d
constellation-lib: run license check in Terraform provider and refactor code ( #2740 )
...
* Clean up license checker code
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Create license check depending on init/upgrade actions
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Run license check in Terraform provider
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* fix license integration test action
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Run tests with enterprise tag
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Allow b64 encoding for license ID
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Update checker_enterprise.go
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-12-22 10:16:36 +01:00
Markus Rudy
837b24bf54
versions: generate k8s image patches (incl etcd) ( #2764 )
...
* versions: generate k8s image patches (incl etcd)
2023-12-21 20:56:55 +01:00
renovate[bot]
37ec431fab
deps: update K8s dependencies ( #2763 )
...
* deps: update K8s dependencies
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
2023-12-21 12:42:04 +01:00
renovate[bot]
110bf9103d
deps: update Constellation containers ( #2760 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-20 18:03:44 +01:00
renovate[bot]
4f374fbeb2
deps: update module github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4 to v5 ( #2748 )
...
* deps: update module github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4 to v5
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-12-20 15:58:55 +01:00
Markus Rudy
4ba483ec0e
versions: add Kubernetes image patches to components
2023-12-18 14:17:35 +01:00
Markus Rudy
b740a1a75b
versions: designate components for upgrades
2023-12-18 14:17:35 +01:00
Moritz Sanft
af791bd221
terraform-provider: add usage examples ( #2713 )
...
* terraform-provider: add usage example for Azure
* terraform-provider: add usage example for AWS
* terraform-provider: add usage example for GCP
* terraform-provider: update usage example for Azure
* terraform-provider: update generated documentation
* docs: adjust creation on Azure and link to examples
* terraform-provider: unify image in-/output (#2725 )
* terraform-provider: check for returned error when converting microservices
* terraform-provider: use state values for outputs after creation
* terraform-provider: ignore invalid upgrades (#2728 )
---------
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-12-18 10:15:54 +01:00
Adrian Stobbe
88d626d302
feat: pin cert-manager image to sha256 checksum ( #2721 )
2023-12-18 09:28:50 +01:00
3u13r
183c564483
cilium: enable bpf masquerading ( #2723 )
...
* cilium: enable bpf masquerading
* cilium: also enable ipMasqAgent
* cilium: remove custom Azure masqing
2023-12-15 23:07:03 +01:00
3u13r
0111b6d718
deps: Update cert manager to 1.12.6 ( #2700 )
...
* deps: bump cert manager to 1.13.2
* helm: allow minor jump for cert-manager
2023-12-15 17:44:00 +01:00
Daniel Weiße
a1f67d0884
cli: fix upgrades when using outdated Kubernetes patch version ( #2718 )
...
* Fix missing image for Constellation operators in our Helm charts if the desired Kubernetes patch version is no longer supported (but Kubernetes upgrades are skipped)
* Correctly unmarshal Kubernetes Components list if the list uses an old format
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-12-15 15:45:52 +01:00
Adrian Stobbe
9667dfff58
terraform: align infrastructure module attributes ( #2703 )
...
* all vars have snail_case
* make iam schema consistent
* infrastructure schema
* terraform: update AWS infrastructure module
* fix ci
* terraform: update AWS infrastructure module
* terraform: update AWS IAM module
* terraform: update Azure Infrastructure module inputs
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform: update Azure IAM module
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform: update GCP infrastructure module
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform: update GCP IAM module
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform: update OpenStack Infrastructure module
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform: update QEMU Infrastructure module
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform-module: fix input name
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform: tidy
* cli: ignore whitespace in Terraform variable tests
* terraform-module: fix AWS output names
* terraform-module: fix output references
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform: rename `api_server_cert_sans`
* Update terraform/infrastructure/aws/modules/public_private_subnet/variables.tf
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* fix self-managed
* terraform: revert AWS modules output file renaming
* terraform: remove duplicate varable declaration
* terraform: rename Azure location field
* ci: adjust output name in self-managed e2e test
* e2e: continuously print output in upgrade test
* e2e: write to output variables
* cli: migrate IAM variable names
* cli: make `location` field optional
---------
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2023-12-15 10:36:58 +01:00
edgelessci
6f6f28b8cc
image: update measurements and image version ( #2722 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-12-15 08:18:25 +01:00
edgelessci
2c50abcc91
image: update measurements and image version ( #2720 )
...
Co-authored-by: malt3 <malt3@users.noreply.github.com>
2023-12-14 19:35:40 +01:00
Markus Rudy
ae00b0a198
installer: add support for data URLs
...
RFC 015 proposes the introduction of data URLs to materialize static
content to files on disk. This commit adds support for data URLs to the
installer. The corresponding content will be added to versions.go in a
subsequent commit.
2023-12-13 09:35:19 +01:00
edgelessci
8d8853ef31
image: update measurements and image version ( #2711 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-12-13 09:23:38 +01:00
3u13r
53516c105b
Revert "helm: deprioritize Cilium tc filters" ( #2709 )
...
This reverts commit a3de1d95d9
.
2023-12-12 16:56:41 +01:00
Moritz Sanft
367136add2
terraform-provider: support importing Constellation clusters ( #2702 )
...
* terraform-provider: support importing Constellation clusters
* bazel: shfmt exclusion for import script
* ci: fix godot check
* bazel: shellcheck exclusion for import script
* Update dev-docs/workflows/terraform-provider.md
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
* ci: fix Terraform lock exclude directories
---------
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
2023-12-12 16:00:03 +01:00
Daniel Weiße
d08e75bf9c
constellation-lib: fix incorrect encoding and ordering of Init response ( #2708 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-12-12 15:01:56 +01:00
Moritz Sanft
60fc73e0e7
terraform-provider: implement constellation_cluster
resource ( #2691 )
...
* terraform: move module to legacy-directory
* constellation-lib: refactor service account marshalling
* terraform-provider: normalize Azure image URIs
* constellation-lib: refactor Kubeconfig endpoint rewriting
* terraform-provider: add conversion functions for AWS and GCP
* terraform-provider: implement `constellation_cluster` resource
* terraform-provider: refactor conversion
* terraform-provider: implement image and k8s upgrades
* terraform-provider: fix linter checks
* terraform-provider: refactor to bundle init & upgrade method
* constellation-lib: rewrite Kubeconfig endpoint in init
* terraform-provider: bind logger and dialer constructors to struct
* terraform-provider: move applier to function pointer
* terraform-provider: gcp conversion fixes
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform-provider: fix Azure UAMI input
* terraform-provider: rename Kubeconfig variable
* terraform-provider: tidy
* terraform-provider: regenerate docs
* constellation-lib: provide Kubeconfig in testing initserver
---------
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-12-11 15:55:44 +01:00
Markus Rudy
767bac4766
installer: fix old-style Components references
2023-12-11 15:13:00 +01:00
Markus Rudy
138057a2ee
installer: make hash checking optional
2023-12-11 14:28:19 +01:00
Markus Rudy
a1dbd13f95
versions: consolidate various types of Components
...
There used to be three definitions of a Component type, and conversion
routines between the three. Since the use case is always the same, and
the Component semantics are defined by versions.go and the installer, it
seems appropriate to define the Component type there and import it in
the necessary places.
2023-12-11 14:26:54 +01:00