Commit Graph

463 Commits

Author SHA1 Message Date
Daniel Weiße
869448c3e1 Add mutual aTLS support (#176)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-24 16:33:44 +02:00
Malte Poll
5d7bf86b30 GCP create: Embed constellation role in instance templates to allow role detection prior to node activation 2022-05-24 10:37:02 +02:00
Thomas Tendyck
2ba3c153de AB#2117 cli: validate config (#170)
* AB#2117 cli: validate config

* update hack/go.mod
2022-05-23 15:01:39 +02:00
Fabian Kammel
45bf9f15fb always try to upload constellation state file (#173) 2022-05-23 14:43:32 +02:00
Malte Poll
c16f5391db bump images 1653299706
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-23 14:26:10 +02:00
Malte Poll
0c244ee2bc Use cmake to compile debugd / cdbg
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-23 13:15:04 +02:00
Malte Poll
1331ee4077 Install kubernetes on init / join and restart kubelet after reboot
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-23 11:40:22 +02:00
Malte Poll
f67cf2d31f k8s binary components version map and install directives
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-23 11:40:22 +02:00
Malte Poll
14f6985fe3 Implement binary file installer & extractor
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-23 11:40:22 +02:00
Daniel Weiße
10333def05 Fedora build instructions && and more reproducible builds (#166)
* Add Fedora build requirements

* Move cmake builds into docker

* Add Docker to requirements

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-05-23 10:35:14 +02:00
Thomas Tendyck
65c387c2b2 remove old e2e test 2022-05-21 14:30:05 +02:00
Moritz Eckert
6dc97590fe Enable and configure k8s audit-log (#160)
* Enable and configure k8s audit-log

* Update coordinator/kubernetes/k8sapi/kubeadm_config.go

Co-authored-by: Malte Poll <mp@edgeless.systems>

* add mount point for audit log dir in kubeadm conf

* Mount audit policy into kube-apiserver static pod

* Write default auditpolicy on cluster init / cluster join

Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-05-20 17:30:37 +02:00
Moritz Eckert
e4a9be832c Add cis benchmark to conformance test (#165)
* Add cis benchmark to conformance docs

* Update e2e workflow to include cis benchmarks
2022-05-19 14:57:21 +02:00
Thomas Tendyck
206dae8fd2 readme: move debugd and local image testing to other files and add a component overview 2022-05-19 08:56:28 +02:00
Daniel Weiße
0a24de24ee AB#2103 Derive key from LUKS UUID instead of disk name (#156)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-19 08:47:17 +02:00
Fabian Kammel
daf356d88e fixed wording (#162) 2022-05-18 19:01:11 +02:00
Fabian Kammel
f620d6194d run go mod tidy in hack folder. (#161) 2022-05-18 18:44:40 +02:00
Fabian Kammel
135c787001 AB#2098 versioned & strict yaml reading (#157) 2022-05-18 18:10:57 +02:00
Fabian Kammel
7c2d1c3490 AB#2094 cloud provider specific configs (#151)
add argument to generate cloud specific configuration file
2022-05-18 11:39:14 +02:00
Nils Hanke
54e2e492df Update authorizedKeys field names for cdbg in README 2022-05-18 10:48:52 +02:00
Nils Hanke
5fa23d4bec Use "new" config for YAML parsing directives 2022-05-18 10:48:52 +02:00
Nils Hanke
c9982b979c Add unit test for SSH user creation on nodes 2022-05-17 18:00:21 +02:00
Nils Hanke
ed071d389c Add SSH users on subsequent coordinators & nodes 2022-05-17 18:00:21 +02:00
Malte Poll
084ed0c4ef cdbg config: use unified firewall rules 2022-05-17 17:50:52 +02:00
Daniel Weiße
7ba2fdd1a1 Fix proto file generation (#155)
* Fix kms export path

* Regenerate proto files

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-17 15:02:14 +02:00
Fabian Kammel
08f4f4e0aa updated images to newest version (#150) 2022-05-17 14:24:44 +02:00
Moritz Eckert
772aa66fb4 Set hardcoded file permissions to 0o600 (#153) 2022-05-17 13:10:39 +02:00
Paul Meyer
8e0f9491af Create hack folder with independent modules (#131) 2022-05-17 11:14:23 +02:00
Fabian Kammel
cfad36720b Cloned UserKey struct to config so it can be documented. Added examples. (#149) 2022-05-17 10:52:37 +02:00
Fabian Kammel
b905c28515 AB#2061 Self Documenting Config File (#143)
Move firewall up into root config, remove VPC config & autogenerate comments in config file.
2022-05-16 18:54:25 +02:00
Nils Hanke
cdfd962fcc Add --cdbg-config next to --config for cdbg 2022-05-16 17:57:51 +02:00
Nils Hanke
68092f27dd AB#2046 : Add option to create SSH users for the first coordinator upon initialization (#133)
* Move `file`, `ssh` and `user` packages to internal
* Rename `SSHKey` to `(ssh.)UserKey`
* Rename KeyValue / Publickey to PublicKey
* Rename SSH key file from "debugd" to "ssh-keys"
* Add CreateSSHUsers function to Core
* Call CreateSSHUsers users on first control-plane node, when defined in config

Tests:
* Make StubUserCreator add entries to /etc/passwd
* Add NewLinuxUserManagerFake for unit tests
* Add unit tests & adjust existing ones to changes
2022-05-16 17:32:00 +02:00
Fabian Kammel
5dc2e71d80 generate constellation config in e2e pipeline (#147) 2022-05-16 16:44:53 +02:00
Malte Poll
baa7dbc1ef Move debugd config to separate file
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-16 15:20:23 +02:00
Nils Hanke
25b0ca2a06 Use filename from input instead of hardcoded name 2022-05-16 15:15:05 +02:00
Malte Poll
3b30291360 QEMU CSP Config: PCRs -> Measurements
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-13 13:36:03 +02:00
Malte Poll
c679526bae Remove ConstellationPort from config file
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-13 13:36:03 +02:00
Fabian Kammel
83857b142c AB#2064 Feat/config/dev config to config (#139)
Renamed dev-config to config, additionally changed cdbg config to yaml.
2022-05-13 11:56:43 +02:00
Thomas Tendyck
fde7304d78 Update validargs.go 2022-05-13 11:43:48 +02:00
Daniel Weiße
9c5590bbce Add LUKS2 header size constant (#140)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-13 09:24:54 +02:00
Moritz Eckert
5ad34e0425 Apply CIS benchmark to kubelet conf
Signed-off-by: Malte Poll <mp@edgeless.systems>
Co-authored-by: Moritz Eckert <me@edgeless.systems>
2022-05-12 17:25:45 +02:00
Moritz Eckert
adda637609 Apply CIS benchmark for kubeadm clusterconf
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-12 17:25:45 +02:00
Malte Poll
1d69ed5cd8 CoreOS build pipeline: Cleanup azure disk and image after converting to SIG (#137) 2022-05-12 17:16:57 +02:00
Fabian Kammel
094a8b7659 Feat/config/generate (#136)
Implement config command & generate verb to write default configuration to file or stdout.
2022-05-12 15:14:52 +02:00
Malte Poll
49ee05b680 debugd README: lowercase firewall rules (#138) 2022-05-12 14:21:22 +02:00
Daniel Weiße
437de8bcb1 Add function to retrieve real device path of mapped device
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-12 13:53:39 +02:00
Daniel Weiße
f8c9c0f17f Fix static check
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-12 13:53:39 +02:00
Daniel Weiße
61afce37fd Clean up interface
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-12 13:53:39 +02:00
Daniel Weiße
6b3d45dd09 Add resize functions
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-12 13:53:39 +02:00
Daniel Weiße
2b80341d99 Reorder to be more readable
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-12 13:53:39 +02:00