Commit Graph

3781 Commits

Author SHA1 Message Date
Malte Poll
3a5753045e goleak: ignore rules_go SIGTERM handler
rules_go added a SIGTERM handler that has a goroutine that survives the scope of the goleak check.
Currently, the best known workaround is to ignore this goroutine.

https://github.com/uber-go/goleak/issues/119
https://github.com/bazelbuild/rules_go/pull/3749
https://github.com/bazelbuild/rules_go/pull/3827#issuecomment-1894002120
2024-01-22 13:11:58 +01:00
Malte Poll
66faa5493f deps: Go 1.21.6 2024-01-22 13:11:58 +01:00
Malte Poll
f465356ace nix: update flake.lock 2024-01-22 13:11:58 +01:00
Malte Poll
64a4a2230d deps: update gazelle and rules_go 2024-01-22 13:11:58 +01:00
Malte Poll
e40d1e56d8 deps: update hermetic_cc_toolchain 2024-01-22 13:11:58 +01:00
Malte Poll
00eacdf9e8 image: mark image upload as manual bazel target 2024-01-22 13:11:58 +01:00
Moritz Sanft
0030a26eaf
ci: parallelize upgrade e2e test (#2724)
* ci: parallelize upgrade e2e test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* ci: revert name change

* ci: upgrade checkout action

* ci: add target version before building target cli

* ci: rename input

* ci: upload service account key

* ci: download sa key on GCP

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2024-01-19 16:34:47 +01:00
edgelessci
3b02edcc48
image: update measurements and image version (#2833)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2024-01-19 09:12:24 +01:00
edgelessci
2acbd10ef7
image: update measurements and image version (#2831)
Co-authored-by: malt3 <malt3@users.noreply.github.com>
2024-01-17 18:55:10 +01:00
Malte Poll
b8933560be
image upload: use unique blob name for AWS images uploaded to S3 (#2830)
When uploading images to AWS, they need to be uploaded to S3 first.
Since blob names are not unique between attestation variants, there
was a possibility for one S3 upload to be used for the wrong AMI.
2024-01-17 17:09:07 +01:00
edgelessci
6259815869
image: update measurements and image version (#2828)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2024-01-17 08:11:53 +01:00
Malte Poll
9d6321faa3 uplosi: use separate galleries for Azure TDX and TDX 2024-01-16 17:34:44 +01:00
Malte Poll
52dec77508 nix: update uplosi to support Azure TDX 2024-01-16 17:34:44 +01:00
Malte Poll
336ba6bc34 attestation: add Azure TDX variant
Only a stub for now.
2024-01-16 17:34:44 +01:00
Malte Poll
5063b815f1 config: allow Azure TDX instance types 2024-01-16 17:34:44 +01:00
Malte Poll
403acf75aa image: add mainline kernel and azure tdx image target 2024-01-16 17:34:44 +01:00
Markus Rudy
e29ea77d23
helm: bump Cilium chart version (#2822)
* helm: bump Cilium chart version

* helm: generate Cilium chart
2024-01-16 14:49:24 +01:00
Markus Rudy
16c63d57cd
dev-docs: Helm chart for full L3 VPN connectivity (#2620)
* dev-docs: add 'things to try' section to VPN howto

* dev-docs: full L3 connectivity in VPN chart
2024-01-16 13:59:33 +01:00
Malte Poll
9181705299
ci: use sonobuoy 0.57.1 (#2821) 2024-01-16 13:19:46 +01:00
Markus Rudy
2d3996d5b3
ci: don't check Wireguard weblinks (#2823) 2024-01-15 15:45:45 +01:00
Moritz Sanft
bf02680477
ci: mirror GCP images to MPI project on release (#2820) 2024-01-15 13:58:30 +01:00
Malte Poll
9a27e7bf77 image: only archive release images + QEMU / OpenStack image 2024-01-15 13:53:15 +01:00
Malte Poll
8a74893461 ci: build and upload OS image in single job 2024-01-15 13:53:15 +01:00
Malte Poll
5ec03c5b9d image: add upload rules for images 2024-01-15 13:53:15 +01:00
Malte Poll
f237ae8ae2 bazel: add upload_os_images rule
This rule combines uplosi, the upload command, measurement code and cosign
to upload OS images, extract measurements, sign them and upload the measurements.
2024-01-15 13:53:15 +01:00
Malte Poll
b7bab7c3c8 image: replace "upload {aws|azure|gcp}" with uplosi 2024-01-15 13:53:15 +01:00
Malte Poll
fb392c2d50 image: add image uploader that uses uplosi in the background
This implementation will replace the custom Go code in
internal/osimage/{aws|azure|gcp} and still conforms to the same interface.
2024-01-15 13:53:15 +01:00
Malte Poll
181b8f64d2 image: add static (per-CSP) measurements during "measurement envelope"
This logic was previously performed in a GitHub Actions workflow
using yq.
Since every step should now be performed in Bazel, this now needs to happen here.
2024-01-15 13:53:15 +01:00
Malte Poll
f7b22f3705 bazel: add tool dependencies for image upload 2024-01-15 13:53:15 +01:00
Markus Rudy
711dff37a4
ci: fetch OpenSearch password from e2e test project (#2818) 2024-01-15 13:25:15 +01:00
edgelessci
84a90bb5bd
image: update locked rpms (#2819)
Co-authored-by: malt3 <malt3@users.noreply.github.com>
2024-01-15 10:46:50 +01:00
Adrian Stobbe
60a0a6020e
ci: add upgrade to provider example test (#2775) 2024-01-13 13:13:10 +01:00
edgelessci
2fea43a320
image: update measurements and image version (#2817)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2024-01-12 08:20:15 +01:00
Markus Rudy
bdca822d8a
ci: remove derpsteb from e2e assignee list (#2816) 2024-01-12 08:09:38 +01:00
3u13r
120ae9d227
image: lower file limit for containerd (#2815) 2024-01-11 12:47:38 +01:00
Adrian Stobbe
9a814f91b1
terraform-provider: validate microservice and image version during plan (#2814) 2024-01-11 12:04:21 +01:00
Adrian Stobbe
baad7d8310
aws sev snp resolves latest version values on GetAttestationConfig (#2810) 2024-01-10 13:32:13 +01:00
Markus Rudy
b267457541
ci: fix OpenSearch link for e2e notifications (#2813)
* ci: fix OpenSearch link for e2e notifications
2024-01-10 09:49:47 +01:00
edgelessci
c61507f220
image: update measurements and image version (#2812)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2024-01-10 08:13:30 +01:00
Markus Rudy
49ecb2415f
ci: remove reference to absent go.mod file (#2811) 2024-01-09 23:07:16 +01:00
Malte Poll
e618050c7a
bazel: add directories to ignore (#2805) 2024-01-09 21:46:53 +01:00
Markus Rudy
ef6f63dc48
Fix various small things throughout the codebase (#2800)
* bootstrapper: remove obsolete log statement

* ci: simplify variable usage

Co-authored-by: Daniel Weiße <daniel-weisse@users.noreply.github.com>

* cli: add missing formatting directive

* helm: fix rm invocation

* ci: document reproducible-builds workflow

* constants: use variables for measurement files

* constants: use variables for CDN distribution ID

* ci: make Helm version explicit

* api: prettify versionsapi-list output

* ci: remove obsolete docstring

---------

Co-authored-by: Daniel Weiße <daniel-weisse@users.noreply.github.com>
2024-01-09 19:37:56 +01:00
3u13r
badcdcb764
deps: bump cilium to v1.15.0-pre.3-edg.1 (#2808) 2024-01-09 16:45:56 +01:00
renovate[bot]
bacb8ff886
deps: update AWS SDK (#2809)
* deps: update AWS SDK

* deps: fix AWS SDK upgrade breakage

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Markus Rudy <mr@edgeless.systems>
2024-01-09 16:18:33 +01:00
Malte Poll
a8bca88eeb
k8s: add 1.29, remove 1.26, default 1.28 (#2803)
undefined
2024-01-08 16:53:12 +01:00
Moritz Sanft
e691e26bd3
cli: support for GCP marketplace images (#2792)
* cli: support GCP marketplace images

* ci: support GCP marketplace images

* docs: support GCP marketplace images

* bazel: generate

* ci: allow GCP for mpi e2e test

* Update docs/docs/overview/license.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* terraform-provider: allow GCP MPIs

* terraform-provider: fix error message

---------

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2024-01-08 15:51:39 +01:00
Malte Poll
d3b951300d
ci: explicitly build s3proxy container image tag before referencing (#2806)
Otherwise, the file might not exist.
2024-01-08 14:32:08 +01:00
Daniel Weiße
7d778d1b5b Add required kubernetes_version attribute to example
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-08 13:52:55 +01:00
Daniel Weiße
1271e95c0c Fix missing Kubernetes version for Terraform e2e test
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-08 13:52:55 +01:00
Daniel Weiße
90f3336c8e
deps: remove go.mod files from submodules (#2769)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-08 13:19:38 +01:00