Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity
1,953 Commits 133 Branches 44 Tags 106 MiB
4c5ab7c5e9
Commit Graph

424 Commits

Author SHA1 Message Date
Otto Bittner
c275464634 cli: change upgrade-plan to upgrade-check 
Upgrade check is used to find updates for the current cluster.
Optionally the found upgrades can be persisted to the config
for consumption by the upgrade-execute cmd.
The old `upgrade execute` in this commit does not work with
the new `upgrade plan`.
The current versions are read from the cluster.
Supported versions are read from the cli and the versionsapi.
Adds a new config field MicroserviceVersion that will be used
by `upgrade execute` to update the service versions.
The field is optional until 2.7
A deprecation warning for the upgrade key is printed during
config validation.
Kubernetes versions now specify the patch version to make it
explicit for users if an upgrade changes the k8s version.
 2023-02-08 12:30:01 +01:00
Otto Bittner
f204c24174 cli: add version validation and force flag 
Version validation checks that the configured versions
are not more than one minor version below the CLI's version.
The validation can be disabled using --force.
This is necessary for now during development as the CLI
does not have a prerelease version, as our images do.
 2023-02-08 12:30:01 +01:00
Daniel Weiße
3a7b829107
internal: use go-kms-wrapping for KMS backends (#1012) 
* Replace external KMS backend logic for AWS, Azure, and GCP with go-kms-wrapping

* Move kms client setup config into its own package for easier parsing

* Update kms integration flag naming

* Error if nil storage is passed to external KMS

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-02-08 12:03:54 +01:00
Daniel Weiße
68ce23b909
Enable cryptsetup read/write workqueue bypass (#1150) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-02-08 12:01:14 +01:00
renovate[bot]
535c359ee7
deps: update Constellation containers to v2.6.0-pre.0.20230131161703-e0354826e058 (#1105) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-31 18:08:40 +01:00
Otto Bittner
6415d80ee4 versions: update constellation operator image 2023-01-31 11:36:49 +01:00
renovate[bot]
11e233e4be
deps: update ghcr.io/edgelesssys/cloud-provider-gcp:v26.0.1 Docker digest to 8708a33 (#1110) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-30 16:54:11 +01:00
renovate[bot]
dcde73b4c4
deps: update Constellation containers to v2.6.0-pre.0.20230127131021-e174146e0c93 (#1091) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-27 16:01:08 +01:00
renovate[bot]
fb1b1f50fd
deps: update K8s version independent containers to v0.1.1 (#1020) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-27 15:25:05 +01:00
3u13r
e174146e0c
azure: add new idkeydigest (#1094) 2023-01-27 14:10:21 +01:00
Paul Meyer
8364856d55 versions: remove Kubernetes v1.23 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-27 13:32:20 +01:00
renovate[bot]
c758aef1ff
deps: update registry.k8s.io/provider-aws/cloud-controller-manager Docker tag to v1.25.3 (#1082) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-27 11:30:43 +01:00
renovate[bot]
dd1140868e
deps: update Constellation containers to v2.6.0-pre (#1074) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-26 14:58:51 +01:00
Daniel Weiße
aa3ac82408
Add a bit more logging to attestation and join-service on error (#1076) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-01-26 11:24:29 +01:00
Malte Poll
2d326ea3f0
cli: set placeholder uid for QEMU / MiniConstellation (#1069) 2023-01-25 14:42:52 +01:00
3u13r
e6ac8e2a91
config: fix digest naming (#1064) 
* config: fix digest naming
 2023-01-24 22:20:10 +01:00
github-actions[bot]
9567cc09ce
release: bring back changes from v2.5.0 (#1061) 
* deps: update version to v2.5.0

* attestation: hardcode measurements for v2.5.0

* bump operator versions

Co-authored-by: release[bot] <release[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
 2023-01-24 11:35:26 +01:00
renovate[bot]
5142497a3d
deps: update dependency containernetworking/plugins to v1.2.0 (#1022) 
* Update dependency containernetworking/plugins to v1.2.0

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-01-23 14:56:28 +01:00
renovate[bot]
f688afff3f
Update K8s constrained Azure versions (#1009) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-01-23 14:32:21 +01:00
Paul Meyer
4f9ed08061 versionsapi: fix single version deletion in cli 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-23 14:15:05 +01:00
Otto Bittner
3b59ebfd53
config: detailed validation errors for k8s version (#1018) 
These extended error messages help users in understanding
what is wrong with the current configuration and how to
remediate the issue.
 2023-01-23 11:21:06 +01:00
renovate[bot]
9f05631afd
deps: update Constellation containers (#1052) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-21 20:17:07 +01:00
Paul Meyer
c4d68d1c28 versions: update key-service name 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-21 19:55:14 +01:00
renovate[bot]
6708aff984
deps: update dependency kubernetes/kubernetes to v1.24.10 (#1043) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-20 18:54:10 +01:00
Paul Meyer
a8cbfd848f
keyservice: use dash in container name (#1016) 
Co-authored-by: Otto Bittner <cobittner@posteo.net>
 2023-01-20 18:51:06 +01:00
Fabian Kammel
8482d26eef
deps: update cloud provider gcp image for k8s v1.26 (#1051) 
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2023-01-20 15:54:24 +01:00
renovate[bot]
9b4dc9b478
Update Constellation containers to v2.5.0-pre.0.20230119145750-690b50b29de5 (#1039) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-20 09:51:29 +01:00
renovate[bot]
99496c3c33
Update Kubernetes versions (#1019) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-19 17:16:00 +01:00
Daniel Weiße
690b50b29d
dev-docs: Go package docs (#958) 
* Remove unused package

* Add Go package docs to most packages

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Fabian Kammel <fk@edgeless.systems>
 2023-01-19 15:57:50 +01:00
Otto Bittner
a0ac957227 versions: update join- & keyservice images 2023-01-19 13:14:55 +01:00
Otto Bittner
9a1f52e94e Refactor init/recovery to use kms URI 
So far the masterSecret was sent to the initial bootstrapper
on init/recovery. With this commit this information is encoded
in the kmsURI that is sent during init.
For recover, the communication with the recoveryserver is
changed. Before a streaming gRPC call was used to
exchanges UUID for measurementSecret and state disk key.
Now a standard gRPC is made that includes the same kmsURI &
storageURI that are sent during init.
 2023-01-19 13:14:55 +01:00
Otto Bittner
0e71322e2e keyservice: move kms code to internal/kms 
Recovery (disk-mapper) and init (bootstrapper)
will have to work with multiple external KMSes
in the future.
 2023-01-19 13:14:55 +01:00
renovate[bot]
90ea35ae35
Update Constellation containers to v2.5.0-pre.0.20230118154955-632090c21b93 (#1014) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-01-18 17:28:04 +01:00
3u13r
632090c21b
azure: allow a set of idkeydigest values (#991) 2023-01-18 16:49:55 +01:00
renovate[bot]
41eb533d63
Update Constellation containers (#1003) 
https://github.com/edgelesssys/constellation/actions/runs/3943576556/jobs/6748558235
 2023-01-18 09:44:36 +01:00
Thomas Tendyck
f0f109a1ea verify: use fixed user data 2023-01-17 16:14:00 +01:00
renovate[bot]
bbda3d1ecd
Update registry.k8s.io/provider-aws/cloud-controller-manager Docker tag to v1.25.2 (#979) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-17 16:10:26 +01:00
renovate[bot]
a3035167b6
Update Constellation containers (#965) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-16 16:59:49 +01:00
Otto Bittner
89f075d490 versions: rename KmsImage to KeyServiceImage 2023-01-16 15:14:23 +01:00
Paul Meyer
42135dfdd6 versions: update container images to v2.5.0-pre 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-16 14:54:41 +01:00
Paul Meyer
467c3f501c versionsapi: add implementation of json flag 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-16 13:52:11 +01:00
Otto Bittner
90b88e1cf9 kms: rename kms to keyservice 
In the light of extending our eKMS support it will be helpful
to have a tighter use of the word "KMS".
KMS should refer to the actual component that manages keys.
The keyservice, also called KMS in the constellation code,
does not manage keys itself. It talks to a KMS backend,
which in turn does the actual key management.
 2023-01-16 11:56:34 +01:00
Malte Poll
bcd8aa9acc
Use upstream node-maintenance-operator (#115) 2023-01-12 16:01:03 +01:00
Malte Poll
75fb61e001 attestation: codegen for hardcoded measurements in go 2023-01-12 13:24:07 +01:00
Fabian Kammel
82a0fcbb9d
upgrade: fix broken reference from constellation-os to constellation-version (#939) 
* update constellation-os to constellation-version references
* update nodeimage to nodeversion in CRD type name
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Malte Poll <mp@edgeless.systems>
 2023-01-11 16:07:07 +01:00
Paul Meyer
4bc191e434 versions: move hash generator into own package 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-11 14:29:32 +01:00
Paul Meyer
c081664d03 versions: repair hash generation 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-11 14:29:32 +01:00
Malte Poll
fe8518a4e3 release: update measurements 2023-01-11 11:10:44 +01:00
release[bot]
e8fad4b7f9 Update version to v2.4.0 2023-01-11 11:10:44 +01:00
Paul Meyer
ef086bf02d versionsapi: log aws region 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-10 17:02:01 +01:00