Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-12-28 17:09:30 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,181 Commits 138 Branches 49 Tags 92 MiB
38d80f9608
Commit Graph

62 Commits

Author SHA1 Message Date
Daniel Weiße
c29107f5be
init: create kubeconfig file with unique user/cluster name (#1133) 
* Generate kubeconfig with unique name

* Move create name flag to config

* Add name validation to config

* Move name flag in e2e tests to config generation

* Remove name flag from create

* Update ascii cinema flow

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-02-10 13:27:22 +01:00
Daniel Weiße
690b50b29d
dev-docs: Go package docs (#958) 
* Remove unused package

* Add Go package docs to most packages

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Fabian Kammel <fk@edgeless.systems>
 2023-01-19 15:57:50 +01:00
3u13r
632090c21b
azure: allow a set of idkeydigest values (#991) 2023-01-18 16:49:55 +01:00
Leonard Cohnen
3637909a46 internal: move components into their own package 2023-01-09 12:16:54 +01:00
Leonard Cohnen
25c3a8a1f3 init: add cluster version to kubernetes components 2023-01-05 14:52:09 +01:00
3u13r
0297aed1ea
join: deprecate components migration fallback (#833) 2022-12-29 14:51:26 +01:00
3u13r
d1195d1d5f
join: make Azure instance names k8s compliant (#807) 
join: make Azure instance names k8s compliant
 2022-12-23 18:59:15 +01:00
Leonard Cohnen
a1161ae05d k8supdates: label nodes with k8s component hash 2022-12-08 11:19:22 +01:00
Leonard Cohnen
0c71cc77f6 joinservice: use configmap for k8s components 2022-12-02 14:34:38 +01:00
Otto Bittner
6af54142f2
Remove client pkg from kubectl pkg (#638) 
The nested client pkg was necessary to implement a generator pattern.
The generator was necessary as the Kubewrapper type
expects a k8sapi.Client object during instantiation.
However, the required kubeconfig is not ready during Kubewrapper creation.
This patch relies on an Initialize function to set the Kubeconfig
and hands over an empty struct during Kubewrapper creation.
This allows us to remove the extra Client abstraction.
 2022-11-25 11:19:22 +01:00
Otto Bittner
3e71459898 AB#2635: Deploy Konnectivity via Helm 2022-11-23 12:21:08 +01:00
Otto Bittner
7283eeb798 AB#2636: Deploy gcp-guest-agent via Helm 2022-11-23 12:21:08 +01:00
Leonard Cohnen
1e98b686b6 kubernetes: verify Kubernetes components 2022-11-23 10:48:03 +01:00
Otto Bittner
1362e40f53
Surpress argument-limit errors and add TODO. (#603) 2022-11-21 17:31:01 +01:00
Otto Bittner
adc09a1ad1
AB#2593: Deploy verification service via Helm (#594) 2022-11-21 17:06:41 +01:00
Otto Bittner
bdd9dd922b
AB#2589: Deploy operators via Helm (#575) 
* Only deploy operators on GCP/Azure.
* cert-manager is now deployed by default (GCP/Azure)
* remove OLM
 2022-11-21 10:35:40 +01:00
Daniel Weiße
5efe05d933
AB#2525 clean up unused code (#504) 
* Rename Metadata->Cloud

* Remove unused methods, functions, and variables

* More privacy for testing stubs

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-15 10:31:55 +01:00
Fabian Kammel
b92b3772ca
Remove access manager (#470) 
* remove access manager from code base
* document new node ssh workflow
* keep config backwards compatible
* slow down link checking to prevent http 429
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2022-11-11 08:44:36 +01:00
Daniel Weiße
c9873f2bfb
AB#2523 Refactor GCP metadata/cloud API (#387) 
* Refactor GCP metadata/cloud API

* Remove cloud controller manager from metadata package

* Remove PublicIP

* Move shared cloud packages

* Remove dead code

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-09 14:43:48 +01:00
3u13r
9ad377284d
Wait for kube api during init (#440) 
* kubernetes: wait for KubeAPI to be reachable
 2022-11-04 12:36:26 +01:00
Otto Bittner
f164af29cf
AB#2583: deploy autoscaler via helm (#438) 2022-11-03 16:42:19 +01:00
Leonard Cohnen
dd007f4772 metadata: move subnetCIDR to InstanceMetadata 2022-11-02 23:29:04 +01:00
Otto Bittner
e363f03240
AB#2582: deploy CNM via Helm (#423) 2022-11-02 17:47:10 +01:00
Daniel Weiße
55cfff034a
Remove PublicIP from QEMU metadata (#396) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-02 12:56:16 +01:00
Otto Bittner
091e3b2b2b AB#2538: deploy CCM via Helm 
Also move helmloader interface/stubs
 2022-10-27 18:12:47 +02:00
Malte Poll
2d121d9243
Replace interface{} -> any (#370) 2022-10-25 15:51:23 +02:00
Otto Bittner
c2814aeddb
AB#2504: Deploy join-service via helm (#358) 2022-10-24 12:23:18 +02:00
Otto Bittner
07f02a442c
Refactor Helm deployments (#341) 
* Wrap KMS deployment in one main chart that
deploys all other services. Other services will follow.
* Use .tgz via helm-package as serialization format
* Change Release type to carry chart as byte slice
* Remove KMSConfig
* Use json-schema to validate values
* Extend release.md to mention updating helm charts
 2022-10-21 12:01:28 +02:00
Otto Bittner
c6ccee1250 AB#2490: deploy KMS via Helm 
* Bundle helm-install related code in speparate package
* Move cilium installation to new helm package
 2022-10-18 13:33:37 +02:00
katexochen
ba6e41ed5c Upgrade go module to v2 2022-09-22 09:10:19 +02:00
katexochen
88d200232a Remove autoscaling from CLI and bootstrapper 2022-09-20 13:41:23 +02:00
3u13r
774e300a32
Constellation conformance mode (#161) 
* add conformance mode
 2022-09-20 10:07:55 +02:00
Leonard Cohnen
7163c161b6 Deploy Konnectivity 2022-09-09 17:26:02 +02:00
Daniel Weiße
8cb155d5c5
AB#2260 Refactor disk-mapper recovery (#82) 
* Refactor disk-mapper recovery

* Adapt constellation recover command to use new disk-mapper recovery API

* Fix Cilium connectivity on rebooting nodes (#89)

* Lower CoreDNS reschedule timeout to 10 seconds (#93)

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-09-08 14:45:27 +02:00
Malte Poll
57e77ee53f kubernetes version: rename latest -> default 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-09-05 16:57:28 +02:00
Otto Bittner
405db3286e AB#2386: TrustedLaunch support for azure attestation 
* There are now two attestation packages on azure.
The issuer on the server side is created base on successfully
querying the idkeydigest from the TPM. Fallback on err: Trusted Launch.
* The bootstrapper's issuer choice is validated by the CLI's validator,
which is created based on the local config.
* Add "azureCVM" field to new "internal-config" cm.
This field is populated by the bootstrapper.
* Group attestation OIDs by CSP (#42)
* Bootstrapper now uses IssuerWrapper type to pass
the issuer (and some context info) to the initserver.
* Introduce VMType package akin to cloudprovider. Used by
IssuerWrapper.
* Extend unittests.
* Remove CSP specific attestation integration tests

Co-authored-by: <dw@edgeless.systems>
Signed-off-by: Otto Bittner <cobittner@posteo.net>
 2022-09-05 12:03:48 +02:00
Thomas Tendyck
bd63aa3c6b add license headers 
sed -i '1i/*\nCopyright (c) Edgeless Systems GmbH\n\nSPDX-License-Identifier: AGPL-3.0-only\n*/\n' `grep -rL --include='*.go' 'DO NOT EDIT'`
gofumpt -w .
 2022-09-05 09:17:25 +02:00
Otto Bittner
4adc19b7f5 AB#2350: Configurably enforce idkeydigest on Azure 
* Add join-config entry for "enforceIdKeyDigest" bool
* Add join-config entry for "idkeydigest"
* Initially filled with TPM value from bootstrapper
* Add config entries for idkeydigest and enforceIdKeyDigest
* Extend azure attestation validator to check idkeydigest,
if configured.
* Update unittests
* Add logger to NewValidator for all CSPs
* Add csp to Updateable type

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
 2022-08-31 15:26:04 +02:00
Fabian Kammel
22c912a56d move nodestate and role 
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2022-08-29 16:07:55 +02:00
Malte Poll
26e9c67a00 Move cloud metadata packages and kubernetes resources marshaling to internal 
Decouples cloud provider metadata packages from kubernetes related code

Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-08-29 16:07:55 +02:00
katexochen
a02a46e454 Use multiple loadbalancers on GCP 2022-08-23 18:11:20 +02:00
Daniel Weiße
ba4471a228 AB#2316 Configurable enforced PCRs (#361) 
* Add warnings for non enforced, untrusted PCRs

* Fix global state in Config PCR map

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-08-12 15:59:45 +02:00
3u13r
9478303f80 deploy cilium via helmchart (#321) 2022-08-12 10:20:19 +02:00
Malte Poll
2c7129987a Deploy operator-lifecycle-manager (OLM), node-maintenance-operator (NMO) and constellation-node-operator 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-08-11 10:48:50 +02:00
Daniel Weiße
4151d365fb AB#2286 Return only primary IPs for instance metadata operations (#335) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-08-04 11:08:20 +02:00
Fabian Kammel
985585f578 fix linter issues (#329) 
* fix linter issues
* replace fmt with logger
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
 2022-08-02 16:25:47 +02:00
Daniel Weiße
9a3bd38912 Generate random salt for key derivation on init (#309) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-07-29 09:52:47 +02:00
3u13r
e0ce2e8a51 add namespace to kubectl requests (#315) 
* add namespace to kubectl requests

* Add tests for missing/wrong namespace

Co-authored-by: Otto Bittner <cobittner@posteo.net>
 2022-07-28 16:07:29 +02:00
Otto Bittner
ff5100f332 AB#2234: Introduce AddNodeSelectorsToDeployment 
Add the above function to the different client interfaces.
Remove previously used Command.Exec call.
 2022-07-26 16:53:41 +02:00
Otto Bittner
6b6a3ee976 AB#2234: Introduce AddTolerationsToDeployment 
Add the above function to the different client interfaces.
Update adjacent functions to provided needed ctx and client
objects.
 2022-07-26 16:53:41 +02:00