Commit Graph

3988 Commits

Author SHA1 Message Date
Daniel Weiße
485ebb151e
kubecmd: retry any k8s errors in CLI and Terraform (#3028)
* Retry any k8s errors in CLI and Terraform
* Use structured logging in `kubecmd` package

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-04-16 15:12:42 +02:00
Markus Rudy
f189aa186f
dev-docs: document security advisory process (#3024)
* dev-docs: document security advisory process
2024-04-15 11:49:23 +02:00
edgelessci
456279c896
image: update locked rpms (#3026)
Co-authored-by: malt3 <1780588+malt3@users.noreply.github.com>
2024-04-15 07:44:24 +02:00
edgelessci
41e4f144ed
image: update measurements and image version (#3023)
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-04-12 08:24:28 +02:00
davidweisse
e89d8e4d72
ci: add error handling to e2e windows liveness probe (#3018)
* workflows: add error handling to e2e windows liveness probe

* update retry condition in last iteration

* Update liveness probe to check for correct number of nodes

* ci: fix Windows e2e test not pushing required container images (#3021)

* More output when waiting for nodes to get ready
* Create unique resource group name for Windows e2e test
* Push container images on windows CLI build to fix e2e test

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Fix resource group naming

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2024-04-11 11:27:12 +02:00
Markus Rudy
f6dfea2a79
helm: unbreak helm test after Cilium version bump (#3022) 2024-04-11 09:38:15 +02:00
Markus Rudy
550798279a
Merge pull request from GHSA-g8fc-vrcg-8vjg
* helm: firewall pods

* helm: bump cilium chart version

---------

Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2024-04-10 13:48:32 +02:00
Daniel Weiße
6e31223ff9
ci: suppress license check on windows e2e (#3020)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-04-10 10:51:09 +02:00
edgelessci
7bdd4c2449
image: update measurements and image version (#3019)
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-04-10 08:25:16 +02:00
Daniel Weiße
cddbba1898
ci: bump fromVersion for e2e tests to v2.16.2 (#3016)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-04-08 11:13:44 +02:00
Moritz Eckert
c3eae84fbb
docs: update images with inter font (#2995) 2024-04-08 07:28:01 +02:00
edgelessci
2c70867bc2
image: update locked rpms (#3017)
Co-authored-by: malt3 <1780588+malt3@users.noreply.github.com>
2024-04-07 10:30:01 +02:00
Daniel Weiße
a2737e8f61
ci: bump slsa-verifier to v2.5.1 (#3015)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-04-05 21:00:33 +02:00
edgelessci
249148abe2
image: update measurements and image version (#3013)
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-04-05 15:23:44 +02:00
Daniel Weiße
408eb31422
ci: fix slsa generator action by updating to new version (#3014)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-04-05 14:29:52 +02:00
Malte Poll
2a226fd8e9
deps: update Go toolchain to 1.22.2 (#3010)
* deps: update Go toolchain to 1.22.2
* deps: update vulnerable dependencies (govulncheck)
2024-04-05 12:14:48 +02:00
Moritz Sanft
b38a8f4d49
rfc: remove broken link (#3012) 2024-04-05 11:42:36 +02:00
miampf
840f460bac
logging: unify debug log message format (#2997) 2024-04-03 13:49:03 +00:00
Malte Poll
24c346c657
bazel: patch Go SDK to increase tls maxHandshake size (#3009) 2024-04-03 14:08:45 +02:00
edgelessci
638a94c7c6
image: update measurements and image version (#3008)
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-04-03 08:28:45 +02:00
Thomas Tendyck
d8d2cd48c1 ci: disable license check for minicon e2e 2024-04-02 17:21:22 +02:00
Malte Poll
93441fe1ee
terraform: update terraform provider STACKIT (#3007) 2024-04-02 17:17:17 +02:00
edgelessci
3ebf66554f
image: update locked rpms (#3005)
Co-authored-by: malt3 <1780588+malt3@users.noreply.github.com>
2024-04-02 09:23:39 +02:00
edgelessci
d6ac1967c5
image: update measurements and image version (#3004)
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-04-02 08:44:25 +02:00
miampf
febe8f0801
ci: add a delete artifact action (#2999) 2024-03-25 13:36:09 +00:00
renovate[bot]
4ca9db156b
deps: update module github.com/docker/docker to v25.0.5+incompatible [SECURITY] (#2998)
* deps: update module github.com/docker/docker to v25.0.5+incompatible [SECURITY]

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2024-03-25 09:35:56 +01:00
edgelessci
367b278002
image: update measurements and image version (#3000)
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-03-25 08:19:58 +01:00
edgelessci
309bc83831
image: update locked rpms (#3002)
Co-authored-by: malt3 <1780588+malt3@users.noreply.github.com>
2024-03-24 19:59:45 +01:00
Thomas Tendyck
b97f2b905a
ci: fix unwanted license checks for some e2e test configs (#3001)
* ci: fix unwanted license checks for some e2e test configs

* fixup! ci: fix unwanted
2024-03-22 20:45:45 +01:00
edgelessci
89f311dac1
image: update measurements and image version (#2996)
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-03-20 08:35:26 +01:00
Daniel Weiße
0da6f0d014
ci: fix pvc clean-up on non deletable namespaces (#2994)
* Only delete namespace if its deletable
  * For "default" namespace, delete all resources in that namespace
  * For "kube-system" namespace, delete all PVCs in that namespace
* Don't abort terminate action if PVC deletion fails

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-03-19 14:53:58 +01:00
Daniel Weiße
dc86a30988
provider: Add build tag for Terraform provider (#2992)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-03-18 14:30:56 +01:00
edgelessci
6a2dffc379
image: update locked rpms (#2991)
Co-authored-by: malt3 <1780588+malt3@users.noreply.github.com>
2024-03-18 09:44:44 +01:00
Markus Rudy
1a10cf645d
ci: query identity directly instead of searching in list (#2985)
* ci: add debug information when UAMI is missing

* ci: query identity directly instead of searching in list
2024-03-18 08:40:15 +01:00
3u13r
0b13c5bca9
operator: escape dots in url (#2990) 2024-03-15 22:44:10 +01:00
Moritz Eckert
c40e1a9bbd
docs: change to inter font (#2989) 2024-03-15 15:38:34 +01:00
Thomas Tendyck
9e3d605cf2
Add STACKIT to readme (#2988)
* Add STACKIT to readme

and sort CSPs alphabetically in sentences

* fix links
2024-03-15 11:53:13 +01:00
Moritz Eckert
912575eb31
docs: order csp strictly alphabetically (#2986) 2024-03-15 10:13:57 +01:00
edgelessci
e0bbb447a9
image: update measurements and image version (#2987)
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-03-15 07:54:20 +01:00
Markus Rudy
54af083da3
helm: retry uninstall manually if atomic install failed (#2984) 2024-03-14 10:52:11 +01:00
Adrian Stobbe
1334b84c2e
Update docs (#2982)
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2024-03-13 14:09:51 +01:00
Markus Rudy
85b44f7f57
ci: make waiting for nodes more robust (#2981)
* ci: make waiting for nodes more robust

After initializing the cluster, a lot of things happen in parallel and
are potentially getting in each others' way: nodes are joining,
daemonsets are proliferating, the network is being set up. During this
period, it's not unusual that the Kubernetes API server is unavailable
for a short time, e.g. due to etcd loosing quorum or load balancing
changes.

This period of instability has the potential to affect all kubectl
commands negatively, leading to problems especially for tests, where
command failures often lead to test failures. On the other hand, we'd
expect everything to be quite stable after the initial dust settles.

Therefore, this commit changes how we wait after initializing a cluster.
Until we have a reasonable expectation of readiness, we ignore command
failures and wait for things to stabilize. The cluster is considered
stable once all configured nodes and all API servers report ready.
2024-03-13 09:42:18 +01:00
edgelessci
3b8fa95648
image: update measurements and image version (#2983)
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-03-13 09:08:44 +01:00
Daniel Weiße
1077b7a48e
bootstrapper: wipe disk and reboot on non-recoverable error (#2971)
* Let JoinClient return fatal errors
* Mark disk for wiping if JoinClient or InitServer return errors
* Reboot system if bootstrapper detects an error
* Refactor joinClient start/stop implementation
* Fix joining nodes retrying kubeadm 3 times in all cases
* Write non-recoverable failures to syslog before rebooting

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-03-12 11:43:38 +01:00
Malte Poll
1b973bf23f
docs: remove steps for STACKIT credentials in config (#2980)
The OpenStack credentials (username and password) can now be retrieved
from the "clouds.yaml" by the Constellation CLI and terraform code.
This simplifies the configuration for end-users.
2024-03-12 07:27:45 +01:00
Malte Poll
25624e91e8
docs: add runtime measurement table for Constellation v2.16 (#2979) 2024-03-12 07:27:26 +01:00
Malte Poll
35260a4455 docs: document OpenStack related config files on Windows 2024-03-11 16:43:36 +01:00
Malte Poll
353b02c17c docs: document STACKIT CC features
Co-Authored-By: Moritz Eckert <m1gh7ym0@gmail.com>
2024-03-11 16:43:36 +01:00
Malte Poll
63b9761962 docs: explain recovery steps on STACKIT 2024-03-11 16:43:36 +01:00
Malte Poll
220f292181 docs: mention all zones where STACKIT instances are available 2024-03-11 16:43:36 +01:00