Commit Graph

1024 Commits

Author SHA1 Message Date
Nils Hanke
1a4b4f564a Remove firewall configuration and make it static with a debug flag 2022-09-07 13:27:15 +02:00
Otto Bittner
23bf4aa665
AB#2379: Validate version in SNP report (#80)
* AB#2379: Validate version in SNP report

* Check that TCB version in VCEK matches COMMITTED_TCB
* Check that LAUNCH, CURRENT and REPORTED TCB are at least
at the same security level as we are currently.
* Rename variables in snpReport struct
* Use default values in validator_test.go

Signed-off-by: Otto Bittner <cobittner@posteo.net>
2022-09-07 10:39:38 +02:00
Thomas Tendyck
9d264604c0 cli: remove GCP ADC project name check 2022-09-07 10:29:41 +02:00
Felix Schuster
35cded6261
Update "Product features" and re-arrange "Confidential Kubernetes" (#81)
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
2022-09-07 09:41:35 +02:00
Malte Poll
47b3195bac
cli: azure scale set poller: check for power state of every instance (#78) 2022-09-06 10:05:51 +02:00
Fabian Kammel
020cf51fc6
AB#2392 Store serial logs in actions (#39)
Co-authored-by: Fabian Kammel <fk@edgeless.systems>
2022-09-05 18:12:46 +02:00
Malte Poll
50acded80b
Bump join service (#79) 2022-09-05 17:23:11 +02:00
Malte Poll
bd6c6ce836 e2e-tests: include k8s 1.25 2022-09-05 16:57:28 +02:00
Malte Poll
f3b9d0402b Update Kubernetes version support docs
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-09-05 16:57:28 +02:00
Malte Poll
c1185241bb temporarily upgrade join-service
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-09-05 16:57:28 +02:00
Malte Poll
38f461fdee join-service: do not check if kubernetes version is valid
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-09-05 16:57:28 +02:00
Malte Poll
c38a142d64 Kubernetes 1.25 preview
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-09-05 16:57:28 +02:00
Malte Poll
571b4ff36f Switch default Kubernetes version 1.24 -> 1.23
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-09-05 16:57:28 +02:00
Malte Poll
57e77ee53f kubernetes version: rename latest -> default
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-09-05 16:57:28 +02:00
Malte Poll
d995558ffd
kubernetes server side apply: start counting resources at 1 (#74) 2022-09-05 16:50:22 +02:00
Malte Poll
ab5f00ba32
Docs: recommend latest version of azure cli (#77)
Prevent users from running az versions < 2.25.0 and experience https://github.com/Azure/azure-cli/issues/19892
2022-09-05 16:46:05 +02:00
Leonard Cohnen
e80948a263 add tags to cluster id file struct 2022-09-05 16:35:59 +02:00
Leonard Cohnen
7b00005ed6 fix qemu initialization 2022-09-05 16:35:59 +02:00
Thomas Tendyck
a09c53a700
tidy link checking (#63)
* tidy link checking

* Update .github/docs/release.md

Co-authored-by: Nils Hanke <Nirusu@users.noreply.github.com>

Co-authored-by: Nils Hanke <Nirusu@users.noreply.github.com>
2022-09-05 16:08:00 +02:00
Otto Bittner
1b810da331 Bump service versions.
Signed-off-by: Otto Bittner <cobittner@posteo.net>
2022-09-05 12:46:40 +02:00
Malte Poll
1c1b29637f e2e-test gcp: Fix quoting in gcp config rewrite 2022-09-05 12:13:24 +02:00
Malte Poll
3c0e2239d2 e2e-test azure: ignore unused parameter
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-09-05 12:13:24 +02:00
Nils Hanke
b6385ad3bc Move serviceAccountKey.json creation before create
The printed config does not contain the path
since it's printed before injection, so let's inject it before.
2022-09-05 12:13:24 +02:00
katexochen
1741c2d941 e2e: Fix machine type 2022-09-05 12:13:24 +02:00
katexochen
d0a3c2d3d1 e2e: Fix reintroduced Azure error 2022-09-05 12:13:24 +02:00
Malte Poll
45a1134915
Change default branch of constellation-fedora-coreos-config repo (#72) 2022-09-05 12:12:34 +02:00
Otto Bittner
405db3286e AB#2386: TrustedLaunch support for azure attestation
* There are now two attestation packages on azure.
The issuer on the server side is created base on successfully
querying the idkeydigest from the TPM. Fallback on err: Trusted Launch.
* The bootstrapper's issuer choice is validated by the CLI's validator,
which is created based on the local config.
* Add "azureCVM" field to new "internal-config" cm.
This field is populated by the bootstrapper.
* Group attestation OIDs by CSP (#42)
* Bootstrapper now uses IssuerWrapper type to pass
the issuer (and some context info) to the initserver.
* Introduce VMType package akin to cloudprovider. Used by
IssuerWrapper.
* Extend unittests.
* Remove CSP specific attestation integration tests

Co-authored-by: <dw@edgeless.systems>
Signed-off-by: Otto Bittner <cobittner@posteo.net>
2022-09-05 12:03:48 +02:00
Nils Hanke
4bfb98d35a Fix typo in sidebar 2022-09-05 11:10:57 +02:00
Thomas Tendyck
b9db172fcf Update pull_request_template.md 2022-09-05 11:10:40 +02:00
Nirusu
76896ac190 CLI reference was updated by edgelesssys/constellation@3c7d76f5 2022-09-05 10:45:03 +02:00
Nils Hanke
3c7d76f5a6 Run link checker only when Markdown & HTML files have been changed 2022-09-05 10:36:14 +02:00
Nils Hanke
2dfa591c41
clidocgen: Support nested commands properly (#58) 2022-09-05 10:34:46 +02:00
Daniel Weiße
f8c01a0298
AB#2394 Change KMS to be deployed as DaemonSet (#69)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-09-05 10:22:40 +02:00
Nils Hanke
71fb62fe31 Remove note to instance types specifically 2022-09-05 09:36:58 +02:00
Thomas Tendyck
bd63aa3c6b add license headers
sed -i '1i/*\nCopyright (c) Edgeless Systems GmbH\n\nSPDX-License-Identifier: AGPL-3.0-only\n*/\n' `grep -rL --include='*.go' 'DO NOT EDIT'`
gofumpt -w .
2022-09-05 09:17:25 +02:00
Thomas Tendyck
95ff987bfc add license 2022-09-05 09:17:25 +02:00
Malte Poll
e24808e936
e2e: Write service account key path for GCP (#67)
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-09-05 09:17:18 +02:00
Thomas Tendyck
517302e4dc limit workflows to paths or filetypes 2022-09-05 08:51:36 +02:00
Daniel Weiße
4db837d7f9
Rename mount package to csi (#47)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-09-05 08:42:55 +02:00
Felix Schuster
d06d403d1d
Add page on CSPs (#56)
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
2022-09-04 22:11:10 +02:00
katexochen
43924c7318 e2e: Silence curl 2022-09-02 19:08:33 +02:00
katexochen
9076404b06 Fix manual e2e test 2022-09-02 19:08:33 +02:00
Malte Poll
bdb57387c7
Update pull_request_template.md (#57) 2022-09-02 17:17:44 +02:00
Fabian Kammel
106635a9ee
Restructure config docs (#44)
* more guided UX when generating and filling in config
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-09-02 17:11:06 +02:00
Fabian Kammel
2f871578b2
first implementation of SBOM generation (#50)
* first implementation of SBOM generation
* updated dependencies as per grype report
* hack: go mod tidy
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-09-02 16:49:59 +02:00
Nirusu
913711a0fe CLI reference was updated by edgelesssys/constellation@50bde917 2022-09-02 07:18:38 -07:00
Felix Schuster
f733ba5d6e
Update README (#46)
* Update README

* Update images

* Add security policy
2022-09-02 16:10:27 +02:00
Nils Hanke
50bde9173f Remove --instance-type from constellation create in docs 2022-09-02 07:04:11 -07:00
Nils Hanke
c0bfb9b61e Add 'constellation config instance-types' 2022-09-02 07:04:11 -07:00
Nils Hanke
39eb58b403 E2E: Use default VM machine type when not overriden 2022-09-02 07:04:11 -07:00