Daniel Weiße
869448c3e1
Add mutual aTLS support ( #176 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-24 16:33:44 +02:00
Malte Poll
5d7bf86b30
GCP create: Embed constellation role in instance templates to allow role detection prior to node activation
2022-05-24 10:37:02 +02:00
Thomas Tendyck
2ba3c153de
AB#2117 cli: validate config ( #170 )
...
* AB#2117 cli: validate config
* update hack/go.mod
2022-05-23 15:01:39 +02:00
Fabian Kammel
45bf9f15fb
always try to upload constellation state file ( #173 )
2022-05-23 14:43:32 +02:00
Malte Poll
c16f5391db
bump images 1653299706
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-23 14:26:10 +02:00
Malte Poll
0c244ee2bc
Use cmake to compile debugd / cdbg
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-23 13:15:04 +02:00
Malte Poll
1331ee4077
Install kubernetes on init / join and restart kubelet after reboot
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-23 11:40:22 +02:00
Malte Poll
f67cf2d31f
k8s binary components version map and install directives
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-23 11:40:22 +02:00
Malte Poll
14f6985fe3
Implement binary file installer & extractor
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-23 11:40:22 +02:00
Daniel Weiße
10333def05
Fedora build instructions && and more reproducible builds ( #166 )
...
* Add Fedora build requirements
* Move cmake builds into docker
* Add Docker to requirements
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-05-23 10:35:14 +02:00
Thomas Tendyck
65c387c2b2
remove old e2e test
2022-05-21 14:30:05 +02:00
Moritz Eckert
6dc97590fe
Enable and configure k8s audit-log ( #160 )
...
* Enable and configure k8s audit-log
* Update coordinator/kubernetes/k8sapi/kubeadm_config.go
Co-authored-by: Malte Poll <mp@edgeless.systems>
* add mount point for audit log dir in kubeadm conf
* Mount audit policy into kube-apiserver static pod
* Write default auditpolicy on cluster init / cluster join
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-05-20 17:30:37 +02:00
Moritz Eckert
e4a9be832c
Add cis benchmark to conformance test ( #165 )
...
* Add cis benchmark to conformance docs
* Update e2e workflow to include cis benchmarks
2022-05-19 14:57:21 +02:00
Thomas Tendyck
206dae8fd2
readme: move debugd and local image testing to other files and add a component overview
2022-05-19 08:56:28 +02:00
Daniel Weiße
0a24de24ee
AB#2103 Derive key from LUKS UUID instead of disk name ( #156 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-19 08:47:17 +02:00
Fabian Kammel
daf356d88e
fixed wording ( #162 )
2022-05-18 19:01:11 +02:00
Fabian Kammel
f620d6194d
run go mod tidy in hack folder. ( #161 )
2022-05-18 18:44:40 +02:00
Fabian Kammel
135c787001
AB#2098 versioned & strict yaml reading ( #157 )
2022-05-18 18:10:57 +02:00
Fabian Kammel
7c2d1c3490
AB#2094 cloud provider specific configs ( #151 )
...
add argument to generate cloud specific configuration file
2022-05-18 11:39:14 +02:00
Nils Hanke
54e2e492df
Update authorizedKeys field names for cdbg in README
2022-05-18 10:48:52 +02:00
Nils Hanke
5fa23d4bec
Use "new" config for YAML parsing directives
2022-05-18 10:48:52 +02:00
Nils Hanke
c9982b979c
Add unit test for SSH user creation on nodes
2022-05-17 18:00:21 +02:00
Nils Hanke
ed071d389c
Add SSH users on subsequent coordinators & nodes
2022-05-17 18:00:21 +02:00
Malte Poll
084ed0c4ef
cdbg config: use unified firewall rules
2022-05-17 17:50:52 +02:00
Daniel Weiße
7ba2fdd1a1
Fix proto file generation ( #155 )
...
* Fix kms export path
* Regenerate proto files
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-17 15:02:14 +02:00
Fabian Kammel
08f4f4e0aa
updated images to newest version ( #150 )
2022-05-17 14:24:44 +02:00
Moritz Eckert
772aa66fb4
Set hardcoded file permissions to 0o600 ( #153 )
2022-05-17 13:10:39 +02:00
Paul Meyer
8e0f9491af
Create hack folder with independent modules ( #131 )
2022-05-17 11:14:23 +02:00
Fabian Kammel
cfad36720b
Cloned UserKey struct to config so it can be documented. Added examples. ( #149 )
2022-05-17 10:52:37 +02:00
Fabian Kammel
b905c28515
AB#2061 Self Documenting Config File ( #143 )
...
Move firewall up into root config, remove VPC config & autogenerate comments in config file.
2022-05-16 18:54:25 +02:00
Nils Hanke
cdfd962fcc
Add --cdbg-config next to --config for cdbg
2022-05-16 17:57:51 +02:00
Nils Hanke
68092f27dd
AB#2046 : Add option to create SSH users for the first coordinator upon initialization ( #133 )
...
* Move `file`, `ssh` and `user` packages to internal
* Rename `SSHKey` to `(ssh.)UserKey`
* Rename KeyValue / Publickey to PublicKey
* Rename SSH key file from "debugd" to "ssh-keys"
* Add CreateSSHUsers function to Core
* Call CreateSSHUsers users on first control-plane node, when defined in config
Tests:
* Make StubUserCreator add entries to /etc/passwd
* Add NewLinuxUserManagerFake for unit tests
* Add unit tests & adjust existing ones to changes
2022-05-16 17:32:00 +02:00
Fabian Kammel
5dc2e71d80
generate constellation config in e2e pipeline ( #147 )
2022-05-16 16:44:53 +02:00
Malte Poll
baa7dbc1ef
Move debugd config to separate file
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-16 15:20:23 +02:00
Nils Hanke
25b0ca2a06
Use filename from input instead of hardcoded name
2022-05-16 15:15:05 +02:00
Malte Poll
3b30291360
QEMU CSP Config: PCRs -> Measurements
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-13 13:36:03 +02:00
Malte Poll
c679526bae
Remove ConstellationPort from config file
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-13 13:36:03 +02:00
Fabian Kammel
83857b142c
AB#2064 Feat/config/dev config to config ( #139 )
...
Renamed dev-config to config, additionally changed cdbg config to yaml.
2022-05-13 11:56:43 +02:00
Thomas Tendyck
fde7304d78
Update validargs.go
2022-05-13 11:43:48 +02:00
Daniel Weiße
9c5590bbce
Add LUKS2 header size constant ( #140 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-13 09:24:54 +02:00
Moritz Eckert
5ad34e0425
Apply CIS benchmark to kubelet conf
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
Co-authored-by: Moritz Eckert <me@edgeless.systems>
2022-05-12 17:25:45 +02:00
Moritz Eckert
adda637609
Apply CIS benchmark for kubeadm clusterconf
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-12 17:25:45 +02:00
Malte Poll
1d69ed5cd8
CoreOS build pipeline: Cleanup azure disk and image after converting to SIG ( #137 )
2022-05-12 17:16:57 +02:00
Fabian Kammel
094a8b7659
Feat/config/generate ( #136 )
...
Implement config command & generate verb to write default configuration to file or stdout.
2022-05-12 15:14:52 +02:00
Malte Poll
49ee05b680
debugd README: lowercase firewall rules ( #138 )
2022-05-12 14:21:22 +02:00
Daniel Weiße
437de8bcb1
Add function to retrieve real device path of mapped device
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-12 13:53:39 +02:00
Daniel Weiße
f8c9c0f17f
Fix static check
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-12 13:53:39 +02:00
Daniel Weiße
61afce37fd
Clean up interface
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-12 13:53:39 +02:00
Daniel Weiße
6b3d45dd09
Add resize functions
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-12 13:53:39 +02:00
Daniel Weiße
2b80341d99
Reorder to be more readable
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-12 13:53:39 +02:00