Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity
946 Commits 133 Branches 44 Tags 106 MiB
49f233246c
Commit Graph

946 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nils Hanke
cf107f5925 Update asciicinema SVG (now with 3x speed) 2022-09-08 13:38:24 +02:00
Nils Hanke
3e579315fe Update Conformance docs for cluster creation with latest CLI 2022-09-08 13:38:24 +02:00
Nils Hanke
c9c954c675 Remove service provider in CLI commands in docs 2022-09-08 13:38:24 +02:00
Nils Hanke
46c461c23e E2E: Don't use cloudProvider in constellation create 2022-09-08 13:38:24 +02:00
Nils Hanke
ce0edc8c80 Purge provider argument from constellation create and verify 2022-09-08 13:38:24 +02:00
Nils Hanke
7aded65ea8 Add validation for zero or more than one provider 2022-09-08 13:38:24 +02:00
Moritz Eckert
fb5faa681c
Add provider to license check (#88) 2022-09-08 11:02:04 +02:00
Malte Poll
765c097beb
AB#2399 Add GCP service account script (#95) 2022-09-08 09:53:16 +02:00
Daniel Weiße
03148c6706
Add Service Account User as required GCP permission (#91) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-09-08 09:08:29 +02:00
Felix Schuster
0286a83dfa
Re-write Intro/Welcome (#97) 
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
 2022-09-08 08:43:40 +02:00
Thomas Tendyck
e3c5a5ab78 docs: remove discarded verify feature 2022-09-07 18:16:07 +02:00
Felix Schuster
6aec009aaf
Re-word (#92) 2022-09-07 18:08:13 +02:00
Moritz Eckert
23b9319809
Add search functionality to the docs (#90) 2022-09-07 17:57:45 +02:00
Fabian Kammel
e3ede64ae6
Document trusted launch on Azure (#48) 
* Document trusted launch usage for Azure

Signed-off-by: Fabian Kammel <fk@edgeless.systems>

* there is no valid link because there is no valid release yet

Signed-off-by: Fabian Kammel <fk@edgeless.systems>

* fix link

Signed-off-by: Fabian Kammel <fk@edgeless.systems>

* fix linter issues

Signed-off-by: Fabian Kammel <fk@edgeless.systems>

* improve

* importAzure.sh: print final image ID

Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
 2022-09-07 15:05:24 +02:00
Otto Bittner
611ec25f22 AB#2380: Add unittest for validateAk 
Signed-off-by: Otto Bittner <cobittner@posteo.net>
 2022-09-07 13:59:09 +02:00
Nils Hanke
9e20ea15ce Add firewall / debugCluster changes to README.md 2022-09-07 13:27:15 +02:00
Nils Hanke
86a1153cff cdbg: Warn user when debugCluster is false 2022-09-07 13:27:15 +02:00
Nils Hanke
30725bb0c6 Warn when a debug cluster is created 2022-09-07 13:27:15 +02:00
Nils Hanke
fe70231f2a Rename IsImageDebug -> IsDebugImage for consistency 2022-09-07 13:27:15 +02:00
Nils Hanke
dd4ccdd390 E2E / debugd: Replace remains of ingressFirewall with debugCluster flag 2022-09-07 13:27:15 +02:00
Nils Hanke
72d4456b3f GCP: Only create debugd loadbalancer when debugCluster is set 2022-09-07 13:27:15 +02:00
Nils Hanke
d74c7a3769 Azure: Only create debugd loadbalancer when debugCluster is set 2022-09-07 13:27:15 +02:00
Nils Hanke
1a4b4f564a Remove firewall configuration and make it static with a debug flag 2022-09-07 13:27:15 +02:00
Otto Bittner
23bf4aa665
AB#2379: Validate version in SNP report (#80) 
* AB#2379: Validate version in SNP report

* Check that TCB version in VCEK matches COMMITTED_TCB
* Check that LAUNCH, CURRENT and REPORTED TCB are at least
at the same security level as we are currently.
* Rename variables in snpReport struct
* Use default values in validator_test.go

Signed-off-by: Otto Bittner <cobittner@posteo.net>
 2022-09-07 10:39:38 +02:00
Thomas Tendyck
9d264604c0 cli: remove GCP ADC project name check 2022-09-07 10:29:41 +02:00
Felix Schuster
35cded6261
Update "Product features" and re-arrange "Confidential Kubernetes" (#81) 
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
 2022-09-07 09:41:35 +02:00
Malte Poll
47b3195bac
cli: azure scale set poller: check for power state of every instance (#78) 2022-09-06 10:05:51 +02:00
Fabian Kammel
020cf51fc6
AB#2392 Store serial logs in actions (#39) 
Co-authored-by: Fabian Kammel <fk@edgeless.systems>
 2022-09-05 18:12:46 +02:00
Malte Poll
50acded80b
Bump join service (#79) 2022-09-05 17:23:11 +02:00
Malte Poll
bd6c6ce836 e2e-tests: include k8s 1.25 2022-09-05 16:57:28 +02:00
Malte Poll
f3b9d0402b Update Kubernetes version support docs 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-09-05 16:57:28 +02:00
Malte Poll
c1185241bb temporarily upgrade join-service 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-09-05 16:57:28 +02:00
Malte Poll
38f461fdee join-service: do not check if kubernetes version is valid 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-09-05 16:57:28 +02:00
Malte Poll
c38a142d64 Kubernetes 1.25 preview 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-09-05 16:57:28 +02:00
Malte Poll
571b4ff36f Switch default Kubernetes version 1.24 -> 1.23 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-09-05 16:57:28 +02:00
Malte Poll
57e77ee53f kubernetes version: rename latest -> default 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-09-05 16:57:28 +02:00
Malte Poll
d995558ffd
kubernetes server side apply: start counting resources at 1 (#74) 2022-09-05 16:50:22 +02:00
Malte Poll
ab5f00ba32
Docs: recommend latest version of azure cli (#77) 
Prevent users from running az versions < 2.25.0 and experience https://github.com/Azure/azure-cli/issues/19892
 2022-09-05 16:46:05 +02:00
Leonard Cohnen
e80948a263 add tags to cluster id file struct 2022-09-05 16:35:59 +02:00
Leonard Cohnen
7b00005ed6 fix qemu initialization 2022-09-05 16:35:59 +02:00
Thomas Tendyck
a09c53a700
tidy link checking (#63) 
* tidy link checking

* Update .github/docs/release.md

Co-authored-by: Nils Hanke <Nirusu@users.noreply.github.com>

Co-authored-by: Nils Hanke <Nirusu@users.noreply.github.com>
 2022-09-05 16:08:00 +02:00
Otto Bittner
1b810da331 Bump service versions. 
Signed-off-by: Otto Bittner <cobittner@posteo.net>
 2022-09-05 12:46:40 +02:00
Malte Poll
1c1b29637f e2e-test gcp: Fix quoting in gcp config rewrite 2022-09-05 12:13:24 +02:00
Malte Poll
3c0e2239d2 e2e-test azure: ignore unused parameter 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-09-05 12:13:24 +02:00
Nils Hanke
b6385ad3bc Move serviceAccountKey.json creation before create 
The printed config does not contain the path
since it's printed before injection, so let's inject it before.
 2022-09-05 12:13:24 +02:00
katexochen
1741c2d941 e2e: Fix machine type 2022-09-05 12:13:24 +02:00
katexochen
d0a3c2d3d1 e2e: Fix reintroduced Azure error 2022-09-05 12:13:24 +02:00
Malte Poll
45a1134915
Change default branch of constellation-fedora-coreos-config repo (#72) 2022-09-05 12:12:34 +02:00
Otto Bittner
405db3286e AB#2386: TrustedLaunch support for azure attestation 
* There are now two attestation packages on azure.
The issuer on the server side is created base on successfully
querying the idkeydigest from the TPM. Fallback on err: Trusted Launch.
* The bootstrapper's issuer choice is validated by the CLI's validator,
which is created based on the local config.
* Add "azureCVM" field to new "internal-config" cm.
This field is populated by the bootstrapper.
* Group attestation OIDs by CSP (#42)
* Bootstrapper now uses IssuerWrapper type to pass
the issuer (and some context info) to the initserver.
* Introduce VMType package akin to cloudprovider. Used by
IssuerWrapper.
* Extend unittests.
* Remove CSP specific attestation integration tests

Co-authored-by: <dw@edgeless.systems>
Signed-off-by: Otto Bittner <cobittner@posteo.net>
 2022-09-05 12:03:48 +02:00
Nils Hanke
4bfb98d35a Fix typo in sidebar 2022-09-05 11:10:57 +02:00