Daniel Weiße
8895693ae2
AB#2251 Parallel Azure scale set creation ( #318 )
...
* Parallel Azure scale set creation
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-05 10:35:38 +02:00
Malte Poll
081dfb5037
Upgrade Azure SDK
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-05 10:35:38 +02:00
Daniel Weiße
19871ee422
Enable integrity protection on boot ( #300 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-02 12:35:23 +02:00
Daniel Weiße
aa7fcce8af
Add configurable node disk type ( #317 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-02 12:24:55 +02:00
Fabian Kammel
050e8fdc4a
AB#2159 Feat/cli/fetch measurements ( #301 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-01 09:37:05 +02:00
Daniel Weiße
7baf98f014
Add test vectors for key derivation functions ( #320 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-01 09:11:13 +02:00
Daniel Weiße
9a3bd38912
Generate random salt for key derivation on init ( #309 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-07-29 09:52:47 +02:00
Daniel Weiße
a3a85b31cf
Remove mentions of unique ID ( #311 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-07-27 16:10:50 +02:00
Moritz Eckert
ad02249b9a
Add VerifyService port to GCP LB ( #291 )
...
* Add VerifyService port to GCP LB
* cli verify command: Use verify service port by default
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-07-26 16:35:14 +02:00
Daniel Weiße
db79784045
AB#2200 Merge Owner and Cluster ID ( #282 )
...
* Merge Owner and Cluster ID into single value
* Remove aTLS from KMS, as it is no longer used for cluster external communication
* Update verify command to use cluster-id instead of unique-id flag
* Remove owner ID from init output
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-07-26 10:58:39 +02:00
Otto Bittner
c743398a23
AB#2181: retry k8s downloads ( #286 )
...
Generalize retrier:
* Generalize Do to use a supplied 'retriable' function
* Make clock an optional argument in NewIntervalRetrier
* Move grpc/retrier to interal package
* Update existing unittests to not use retry feature
Add retryDownloadToTempDir:
* Wrap downloadToTempDir with retrier.
* Retry if TCP connection is reset.
* Abort by canceling the context.
* Use a mock server in the unit test that serves responses
depending on the state received through a state channel.
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2022-07-21 15:20:12 +02:00
Fabian Kammel
ba5a3aefe3
fix ci-lint issues ( #287 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-20 16:44:41 +02:00
Otto Bittner
a68ee817ff
AB#2074: Choosable K8S Version ( #277 )
...
AB#2074: Add configurable k8s version
Configurable version flow:
* cli config holds/validates k8sVersion
* InitCluster receive a k8sVersion arg
* InitCluster creates CM "k8s-version"
* kubeadm's InitConfiguration receives k8sVersion
* joinservice spec mounts/reads k8s-version CM
* joinservice supplies k8sVersion via JoinTicketResponse
Other changes:
* Remove unused test code (FakeK8SClient)
* move VersionConfig map to /internal/versions
* installk8sComponents is now a function instead of a method
2022-07-18 12:28:02 +02:00
Fabian Kammel
a931f6692f
Fix/bootstrapper regressions ( #274 )
...
* remove wireguard from e2e tests, conformance docs & config
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-15 11:53:14 +02:00
Malte Poll
260d2571c1
Only upload kubeadm certs if key is rotated
...
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: 3u13r <lc@edgeless.systems>
2022-07-14 17:25:18 +02:00
Malte Poll
5d54ce689b
Print kubeadm init/join output on success
2022-07-14 17:25:18 +02:00
katexochen
66b573ea5d
Bootstrapper
2022-07-14 17:25:18 +02:00
katexochen
dea23604fb
Bootstrapper
2022-07-14 17:25:18 +02:00
katexochen
916e5d6b55
Rename coordinator to bootstrapper and rename roles
2022-07-14 17:25:18 +02:00
Malte Poll
3280ed200c
Test IntervalRetrier
2022-07-14 17:25:18 +02:00
katexochen
f79674cbb8
Bootstrapper
2022-07-14 17:25:18 +02:00
katexochen
32f1f5fd3e
Delete Coordinator core and apis
2022-07-14 17:25:18 +02:00
Nils Hanke
14a15e131a
Modify accepted list of Azure VM types ( #250 )
...
* Add more instances types for Azure (with commented out entries)
* Remove commented out entries
* Only AMD VMs
* Comment out CVMs (not supported yet)
* Adjust comments
2022-07-10 13:27:05 +02:00
Fabian Kammel
b4fd4fbacd
Fix/add verify grpc port to lb ( #262 )
...
* Add verify port to lb
* Use correct health probe
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-08 18:18:23 +02:00
Nils Hanke
bc5471e9b3
Delete cluster IDs file on terminate
2022-07-05 14:41:58 +02:00
Nils Hanke
259c88fa1a
IDsFilename -> ClusterIDsFilename
2022-07-05 14:41:58 +02:00
Thomas Tendyck
70efb92adc
cli: fix vale lint errors in verify description
2022-07-04 12:19:38 +02:00
cm
3177b2fdb7
AB#2032 Write IDs to disk and read when verifying ( #212 )
...
* AB#2032 Write IDs to disk and read when verifying
* Update CHANGELOG.md
* update changelog
* update changelog
* cli verify: prefer flag values
* Rename fid file
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
2022-07-01 10:57:29 +02:00
Otto Bittner
7cada2c9e8
Add goleak to all tests ( #227 )
...
* Run goleak as part of all tests
We are already using goleak in various tests.
This commit adds a TestMain to all remaining tests
and calls goleak.VerifyTestMain in them.
* Add goleak to debugd/deploy package and fix bug.
* Run go mod tidy
* Fix integration tests
* Move goleak invocation for mount integration test
* Ignore leak in state integration tests
Co-authored-by: Fabian Kammel <fk@edgelss.systems>
2022-06-30 15:24:36 +02:00
Daniel Weiße
f9a581f329
Add aTLS endpoint to KMS ( #236 )
...
* Move file watcher and validator to internal
* Add aTLS endpoint to KMS for Kubernetes external requests
* Update Go version in Dockerfiles
* Move most KMS packages to internal
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-29 16:13:01 +02:00
Daniel Weiße
042f668d20
AB#2190 Verification service ( #232 )
...
* Add verification service
* Update verify command to use new Constellation verification service
* Deploy verification service on cluster init
* Update pcr-reader to use verification service
* Add verification service build workflow
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-28 17:03:28 +02:00
Nils Hanke
e3f78a5bff
Remove passing context seperately to initialize
2022-06-28 13:55:50 +02:00
Leonard Cohnen
e13f4d84c3
add gcp loadbalancer
2022-06-23 14:00:20 +02:00
Christoph Meyer
1e11188dac
AB#2033 User-friendly wrap and reword errors
...
fix: readOrGenerated function signature
2022-06-22 12:02:10 +01:00
Christoph Meyer
9441e46e4b
AB#2033 Remove redundant "failed" in error wrapping
...
Remove "failed" from wrapped errors
Where appropriate rephrase "unable to/could not" to "failed" in root
errors
Start error log messages with "Failed"
2022-06-22 12:02:10 +01:00
Fabian Kammel
0c9ca50be8
Feat/more version info ( #224 )
2022-06-21 15:12:27 +02:00
Fabian Kammel
392ad7fe45
Create Application Insights early so they are ready when VM needs them. ( #213 )
2022-06-15 12:19:41 +02:00
Daniel Weiße
1e19e64fbc
Dynamic grpc client credentials ( #204 )
...
* Add an aTLS wrapper for grpc credentials
* Move grpc dialers to internal and use aTLS grpc credentials
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-13 11:40:27 +02:00
Fabian Kammel
84552ca8f7
AB#2104 Feat/azure logging ( #198 )
...
implementation for azure early boot logging
2022-06-10 13:18:30 +02:00
Daniel Weiße
691ab84326
Update version variable
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-08 17:17:06 +02:00
Daniel Weiße
3467df6b69
Move attestation, atls and oid packages to internal directory
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-08 17:17:06 +02:00
katexochen
b3a51cca64
Move cli/status to internal/statuswaiter
2022-06-08 11:59:23 +02:00
katexochen
0627b14445
Move cli/cloud/cloudcmd into cli/internal
2022-06-08 11:59:23 +02:00
katexochen
b308db03fe
Move cli/cloud/cloudtypes into /internal
2022-06-08 11:59:23 +02:00
katexochen
c3ebd3d3cd
Move cli/cmd into cli/internal
2022-06-08 11:59:23 +02:00
katexochen
d71e97a940
Move ScalingGroup to cloudtypes
2022-06-08 11:59:23 +02:00
katexochen
6a9419e89c
Remove cli/ec2
2022-06-08 11:59:23 +02:00
katexochen
064151a956
Move cli/azure to cli/internal/azure
2022-06-08 11:59:23 +02:00
katexochen
180d7872dd
Separate shared azure code
2022-06-08 11:59:23 +02:00
katexochen
6cd93e4179
Move cli/gcp to cli/internal/gcp
2022-06-08 11:53:55 +02:00
katexochen
48b4f10207
Separate shared gcp code
2022-06-08 11:53:55 +02:00
katexochen
21127a4cdc
Remove azure instances
2022-06-08 11:53:55 +02:00
katexochen
3562345da4
Remove gcp instances
2022-06-08 11:53:55 +02:00
katexochen
4b30dd21c8
Remove cli/qemu, use cloudtypes instead
2022-06-08 11:53:55 +02:00
katexochen
f9b471e3c0
Create general cloudtypes instances
2022-06-08 11:53:55 +02:00
katexochen
4912ab0195
Move command sorting setting into cli/cmd
2022-06-08 11:53:55 +02:00
katexochen
67b25d2771
Move cli/cloudprovider into internal/cloud
2022-06-08 11:53:55 +02:00
katexochen
aee4d44b45
Create cli/internal package
2022-06-08 11:53:55 +02:00
Leonard Cohnen
791d5564ba
replace flannel with cilium
2022-06-02 13:08:25 +02:00
katexochen
aaa5d2ab66
Replace deprecated strings.Title
2022-06-01 12:12:33 +02:00
Christoph Meyer
db5468a886
Deploy KMS server image in Constellation
...
Add image pull secret for ghcr.io
2022-05-31 11:13:26 +02:00
Thomas Tendyck
42fc497477
cli: fix and tweak config file wording
2022-05-27 16:53:04 +02:00
Thomas Tendyck
9f0c751f1b
cli: fix command order and minor wording tweaks in config cmd
2022-05-27 16:53:04 +02:00
Daniel Weiße
869448c3e1
Add mutual aTLS support ( #176 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-24 16:33:44 +02:00
Malte Poll
5d7bf86b30
GCP create: Embed constellation role in instance templates to allow role detection prior to node activation
2022-05-24 10:37:02 +02:00
Thomas Tendyck
2ba3c153de
AB#2117 cli: validate config ( #170 )
...
* AB#2117 cli: validate config
* update hack/go.mod
2022-05-23 15:01:39 +02:00
Fabian Kammel
daf356d88e
fixed wording ( #162 )
2022-05-18 19:01:11 +02:00
Fabian Kammel
7c2d1c3490
AB#2094 cloud provider specific configs ( #151 )
...
add argument to generate cloud specific configuration file
2022-05-18 11:39:14 +02:00
Fabian Kammel
cfad36720b
Cloned UserKey struct to config so it can be documented. Added examples. ( #149 )
2022-05-17 10:52:37 +02:00
Fabian Kammel
b905c28515
AB#2061 Self Documenting Config File ( #143 )
...
Move firewall up into root config, remove VPC config & autogenerate comments in config file.
2022-05-16 18:54:25 +02:00
Nils Hanke
68092f27dd
AB#2046 : Add option to create SSH users for the first coordinator upon initialization ( #133 )
...
* Move `file`, `ssh` and `user` packages to internal
* Rename `SSHKey` to `(ssh.)UserKey`
* Rename KeyValue / Publickey to PublicKey
* Rename SSH key file from "debugd" to "ssh-keys"
* Add CreateSSHUsers function to Core
* Call CreateSSHUsers users on first control-plane node, when defined in config
Tests:
* Make StubUserCreator add entries to /etc/passwd
* Add NewLinuxUserManagerFake for unit tests
* Add unit tests & adjust existing ones to changes
2022-05-16 17:32:00 +02:00
Malte Poll
3b30291360
QEMU CSP Config: PCRs -> Measurements
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-13 13:36:03 +02:00
Malte Poll
c679526bae
Remove ConstellationPort from config file
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-13 13:36:03 +02:00
Fabian Kammel
83857b142c
AB#2064 Feat/config/dev config to config ( #139 )
...
Renamed dev-config to config, additionally changed cdbg config to yaml.
2022-05-13 11:56:43 +02:00
Thomas Tendyck
fde7304d78
Update validargs.go
2022-05-13 11:43:48 +02:00
Fabian Kammel
094a8b7659
Feat/config/generate ( #136 )
...
Implement config command & generate verb to write default configuration to file or stdout.
2022-05-12 15:14:52 +02:00
Fabian Kammel
14103e4f89
Fix/config/measurements in yaml ( #135 )
...
Custom type & marshal implementation for measurements to write base64 instead of single bytes
2022-05-12 10:15:00 +02:00
Fabian Kammel
b8d1cc2b75
converted config file from JSON to YAML. ( #132 )
...
converted config file from JSON to YAML
2022-05-11 13:53:02 +02:00
Thomas Tendyck
d76703061b
cli: add minimal doc generator ( #129 )
...
* cli: add minimal doc generator
* fixup! cli: add
2022-05-11 09:20:37 +02:00
Malte Poll
748eb0f96b
Create GCP images in "constellation-images" project
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-10 13:58:10 +02:00
Thomas Tendyck
9575d01ed3
cli: sort CSPs in create cmd
2022-05-10 13:53:57 +02:00
Thomas Tendyck
69d0ecd26d
cli: show instance types on help and usage
2022-05-10 12:59:42 +02:00
cm
c63d7126e7
AB#1943 Extract KMS package ( #56 )
...
* Extract kmsapi from coordinator
* Add kmsapi cmd server
2022-05-10 12:35:17 +02:00
Nils Hanke
2a6b1e2277
Display usage when args are defined in an invalid way
2022-05-10 12:33:49 +02:00
Nils Hanke
4459766b58
Set defaults to 0
2022-05-10 12:33:49 +02:00
Thomas Tendyck
bbfd84729d
cli: minor wording tweaks
2022-05-09 17:16:36 +02:00
Thomas Tendyck
1872d52a49
cli: add default value to master-secret flag in recover
2022-05-09 16:54:17 +02:00
Thomas Tendyck
19bd097864
cli: format UI strings as suggested by cobra
2022-05-09 16:54:17 +02:00
Daniel Weiße
a953df60b6
Rename in config: PCRs->Measurements
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-09 08:24:21 +02:00
Thomas Tendyck
3318126363
cli: unify verify/recover endpoint flag
2022-05-08 16:45:20 +02:00
katexochen
0e63ee0c4a
Use 'Constellation cluster' in UI
2022-05-04 17:14:03 +02:00
katexochen
1189078c5a
Replace mutiple args with flags
...
AB#1955
2022-05-04 17:14:03 +02:00
katexochen
469b2ff46c
Rename to contol plane/workers
...
AB#1954
2022-05-04 17:14:03 +02:00
Daniel Weiße
8444d5c515
Add qemu cloudprovider for activation calls
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-04 08:57:43 +02:00
Daniel Weiße
f2305b3ce6
Regenerate cloudprovider strings
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-04 08:57:43 +02:00
Daniel Weiße
29206ac845
Use any instead of interface
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-04 08:48:31 +02:00
Malte Poll
e13ec3f914
"constellation recover" CLI command
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-04 08:41:32 +02:00
katexochen
9d31c9637b
Replace bytes.BufferString with bytes.Buffer
2022-05-04 08:07:14 +02:00
Thomas Tendyck
1408b36db7
cli: minor cleanup in root cmd init
2022-05-03 08:40:26 +02:00
Thomas Tendyck
8d73aab0ce
cli: sort cmds by workflow instead of alphabetically
2022-05-03 08:40:26 +02:00
Daniel Weiße
10e9faab10
Remove GCP non CVMs
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-02 16:03:36 +02:00
katexochen
d5c7bb6078
Fix error that occured in e2e test
2022-04-27 18:31:31 +02:00
katexochen
1317fc2bb2
Refactor verify command
2022-04-27 13:25:18 +02:00
katexochen
019003337f
Add getState to protoClient
2022-04-27 13:25:18 +02:00
katexochen
c08787ce80
Update proto client naming
2022-04-27 13:25:18 +02:00
Daniel Weiße
ddf94c7373
Error when no validators provided on status waiter initialization
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-27 08:41:16 +02:00
datosh
2a766a3ab5
Feat/conformity test ( #79 )
...
* Added files required to request conformance with kubernetes
* Extended firewall implementation to allow port ranges
* Added default nodeport range to vpc network config
2022-04-26 17:09:03 +02:00
datosh
51068abc27
Ref/want err from err expected ( #82 )
...
consistent naming for test values using 'want' instead of 'expect/ed'
2022-04-26 16:54:05 +02:00
katexochen
482f675dac
Capitalize Kubernetes
2022-04-26 12:02:17 +02:00
katexochen
0518e6ff0a
Delete CLI Readme
2022-04-26 12:02:17 +02:00
Benedict Schlueter
49def1e97f
cli: add support for multiple coordinators
...
Signed-off-by: Benedict Schlueter <bs@edgeless.systems>
2022-04-25 17:39:18 +02:00
katexochen
4e29c38027
Move validators to cloudcmd
2022-04-21 09:06:35 +02:00
katexochen
dad9a97ee2
Rename provider
2022-04-21 09:06:35 +02:00
katexochen
4496755c64
Fix PCR handling
2022-04-21 09:06:35 +02:00
katexochen
de52bf14da
Split cmd package
2022-04-21 09:06:35 +02:00
katexochen
63898c42bf
Move rollback out of cmd
2022-04-21 09:06:35 +02:00
katexochen
1a9b33d738
Restructure config and constants
2022-04-21 09:06:35 +02:00
katexochen
66bb632a69
Generalized arg validation
2022-04-21 09:06:35 +02:00
Benedict
f0e35a43d4
peer: save PublicIP instead of publicEndpoint / add multi-coord gRPCs
2022-04-13 14:05:20 +02:00
Malte Poll
e10a47f255
file handler: Add "mkdirAll" flag
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-13 13:07:10 +02:00
3u13r
1c0f52e04e
refactor cli vpn config ( #46 )
...
* refactor cli vpn config
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2022-04-12 14:20:46 +02:00
Thomas Tendyck
b30101aba6
AB#1898 cli: fix create aws node count
2022-04-07 14:14:26 +02:00
Thomas Tendyck
f0dc48e3c7
AB#1898 cli: fix create aws arg validation
2022-04-07 11:09:40 +02:00
Thomas Tendyck
393c1f7dd1
cli: fix coordinator/node count order
2022-04-06 14:20:19 +02:00
Leonard Cohnen
8b7bafb482
add coordinator count to cli
2022-04-06 11:24:22 +02:00
Thomas Tendyck
dbfbdfe3cd
cli: format output in writeOutput
2022-04-05 16:23:48 +02:00
Thomas Tendyck
7315e80374
cli: add output before long-running actions
2022-04-05 16:23:48 +02:00
Malte Poll
daf2280e3f
create state disk on constellation create
2022-04-05 15:08:55 +02:00
Thomas Tendyck
c0105a59aa
cli: set MTU in wg-quick conf
2022-04-01 09:58:26 +02:00
katexochen
ed45ba2777
Rename things in vpn package
2022-03-31 15:43:25 +02:00
katexochen
66fe34ee32
Write WireGuard config file on init
2022-03-31 15:43:25 +02:00
katexochen
5cf8f83ed8
Remove pubkey flag from init
2022-03-31 15:43:25 +02:00
Malte Poll
7275f318f8
Switch GCP default zone to europe
2022-03-30 18:30:34 +02:00
Daniel Weiße
3282995bda
AB#1877 Set location in azure cloud config
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-03-30 09:04:59 +02:00
Malte Poll
f04765dab5
re-enable azure node groups in statefile and send azure scaleset as autoscaling group
2022-03-29 15:13:30 +02:00
Daniel Weiße
eb3411f2c1
Allow waiting for multiple states ( #11 )
...
* Simplify `fetch_pcrs.sh` script
* Allow waiting for multiple states
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-03-29 09:10:22 +02:00
Malte Poll
20811794c2
Cloud provider Azure: adopt changes to CCM / CNM for Azure
2022-03-28 13:35:21 +02:00
Thomas Tendyck
6bbb783af8
misc lint
2022-03-25 13:35:08 +01:00
Leonard Cohnen
2d8fcd9bf4
monorepo
...
Co-authored-by: Malte Poll <mp@edgeless.systems>
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
Co-authored-by: Benedict Schlueter <bs@edgeless.systems>
Co-authored-by: leongross <leon.gross@rub.de>
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
2022-03-22 16:09:39 +01:00