Commit Graph

187 Commits

Author SHA1 Message Date
Malte Poll
4283601433
operators: infrastructure autodiscovery (#1958)
* helm: configure GCP cloud controller manager to search in all zones of a region

See also: d716fdd452/providers/gce/gce.go (L376-L380)

* operators: add nodeGroupName to ScalingGroup CRD

NodeGroupName is the human friendly name of the node group that will be exposed to customers via the Constellation config in the future.

* operators: support simple executor / scheduler to reconcile on non-k8s resources

* operators: add new return type for ListScalingGroups to support arbitrary node groups

* operators: ListScalingGroups should return additionally created node groups on AWS

* operators: ListScalingGroups should return additionally created node groups on Azure

* operators: ListScalingGroups should return additionally created node groups on GCP

* operators: ListScalingGroups should return additionally created node groups on unsupported CSPs

* operators: implement external scaling group reconciler

This controller scans the cloud provider infrastructure and changes k8s resources accordingly.
It creates ScaleSet resources when new node groups are created and deletes them if the node groups are removed.

* operators: no longer create scale sets when the operator starts

In the future, scale sets are created dynamically.

* operators: watch for node join/leave events using a controller

* operators: deploy new controllers

* docs: update auto scaling documentation with support for node groups
2023-07-05 07:27:34 +02:00
Malte Poll
d43242a55f
deps: upgrade AWS CSI driver to v1.1.1 (#1998) 2023-07-03 16:26:42 +02:00
Daniel Weiße
90dbeae16b
cli: fix duplicate backup creation during upgrade apply (#1997)
* Use CLI to fetch measurements in e2e test

* Abort helm service upgrade early if user confirmation is missing

* Add container push to CLI build action

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-07-03 15:13:36 +02:00
Daniel Weiße
d95ddd01d3
helm: fix upgrade command unintentionally skipping all service upgrades (#1992)
* Fix usage of errors.As in upgrade command implementation

* Use struct pointers when working with custom errors

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-30 16:46:05 +02:00
Daniel Weiße
5a9f9c0a52
bootstraper: delete helm chart on installation failure before retrying installation (#1977)
* Delete helm chart on failure before retrying installation

* Add chart name to debug output

* Remove now unused wait flag from helm Release struct

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-30 15:13:29 +02:00
Moritz Sanft
7ad284d672
cli: deploy aws csi driver per default (#1981)
* add aws csi driver helm chart

* update chart

* add CSI driver to Constellation default deployment

* generate config doc

* update buildfiles

* use upstream chart

* update buildfile

* set `DeployCSIDriver` in default config

* fix helm test

* whitespace
2023-06-30 08:46:32 +02:00
Adrian Stobbe
4546912f11
cli: upgrade apply --force skips all compatibility checks (#1940)
* use force to skip compatibility and upgrade in progress check

* update doc

* fix tests

* add force check for helm and k8s

* add no-op check

* fix errors as
2023-06-21 15:49:42 +02:00
Moritz Sanft
b25228d175
cli: store upgrade files in versioned folders (#1929)
* upgrade versioning

* dont pass upgrade kind as boolean

* whitespace

* fix godot lint check

* clarify upgrade check directory suffix

* cli: dry-run Terraform migrations on `upgrade check` (#1942)

* dry-run Terraform migrations on upgrade check

* clean whole upgrade dir

* clean up check workspace after planning

* fix parsing

* extend upgrade check test

* rename unused parameters

* exclude false positives in test
2023-06-21 09:22:32 +02:00
Adrian Stobbe
07de6482b2
config: drop support for deprecated Azure's service principal authentication (#1906)
* invalidate app client id field for azure and provide info

* remove TestNewWithDefaultOptions case

* fix test

* remove appClientID field

* remove client secret + rename err

* remove from docs

* otto feedback

* update docs

* delete env test in cfg since no envs set anymore

* Update dev-docs/workflows/github-actions.md

Co-authored-by: Otto Bittner <cobittner@posteo.net>

* WARNING to stderr

* fix check

---------

Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-06-14 17:50:57 +02:00
Otto Bittner
6bda62d397
cli: skip k8s upgrade in case of outdated version (#1864)
If an unsupported, outdated k8s patch version is used,
the user should still be able to run upgrade apply.
2023-06-05 09:13:02 +02:00
3u13r
e0285c122e
todo responsibilities and cleanup (#1837)
* chore: add TODO responsibilities

* chore: remove not needed TODOs

* chore: remove outdated migrations

* chore: remove resolved goleak exception

* chore: remove not needed cosign env

* config: add link to our Azure snp docs
2023-06-01 12:33:06 +02:00
Otto Bittner
3b3be85841 cli: fix supportedVersions during upgrade check
Previously the service version was always 0.0.0
2023-05-23 07:44:37 +02:00
Moritz Sanft
c69e6777bd
cli: Terraform migrations on upgrade (#1685)
* add terraform planning

* overwrite terraform files in upgrade workspace

* Revert "overwrite terraform files in upgrade workspace"

This reverts commit 8bdacfb8bef23ef2cdbdb06bad0855b3bbc42df0.

* prepare terraform workspace

* test upgrade integration

* print upgrade abort

* rename plan file

* write output to file

* add show plan test

* add upgrade tf workdir

* fix workspace preparing

* squash to 1 command

* test

* bazel build

* plan test

* register flag manually

* bazel tidy

* fix linter

* remove MAA variable

* fix workdir

* accept tf variables

* variable fetching

* fix resource indices

* accept Terraform targets

* refactor upgrade command

* Terraform migration apply unit test

* pass down image fetcher to test

* use new flags in e2e test

* move file name to constant

* update buildfiles

* fix version constant

* conditionally create MAA

* move interface down

* upgrade dir

* update buildfiles

* fix interface

* fix createMAA check

* fix imports

* update buildfiles

* wip: workspace backup

* copy utils

* backup upgrade workspace

* remove debug print

* replace old state after upgrade

* check if flag exists

* prepare test workspace

* remove prefix

Co-authored-by: Otto Bittner <cobittner@posteo.net>

* respect file permissions

* refactor tf upgrader

* check workspace before upgrades

* remove temp upgrade dir after completion

* clean up workspace after abortion

* fix upgrade apply test

* fix linter

---------

Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-05-22 13:31:20 +02:00
Moritz Eckert
6252193879 cli: deploy cinder as OpenStack CSI plugin 2023-05-17 15:20:39 +02:00
Moritz Eckert
9607f01510 cli: add cinder csi helm charts 2023-05-17 15:20:39 +02:00
Nils Hanke
9e987778e0 measurements: Add length field for WithAllBytes 2023-05-17 11:37:26 +02:00
Malte Poll
56635c3993 cli: deploy yawol as OpenStack loadbalancer 2023-05-03 21:45:59 +02:00
Malte Poll
0ebe6e669d cli: add yawol helm charts 2023-05-03 21:45:59 +02:00
Otto Bittner
d5fa614df1
cli: remove ambiguity in path for CR backups (#1719)
During upgrade all custom resources are backed up to files on the
local file system. Since old versions are also backed up, we need to
reflect the version in the name.
2023-05-03 14:36:57 +02:00
Daniel Weiße
d7a2ddd939
config: add separate option for handling attestation parameters (#1623)
* Add attestation options to config

* Add join-config migration path for clusters with old measurement format

* Always create MAA provider for Azure SNP clusters

* Remove confidential VM option from provider in favor of attestation options

* cli: add config migrate command to handle config migration (#1678)

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-03 11:11:53 +02:00
Otto Bittner
3770cada91 cli: create namespaced folders for upgrade backups
Resource names are only unique per kind+ns. Without this patch it
might happen that there are two resources with the same name
in different namespaces. Upgrade might fail in that case.
2023-05-02 11:08:40 +02:00
Otto Bittner
4a0d531821 upgrade: fix 2.6 -> 2.7 migration for 2.7.1 patch
Also correctly set microservice version from config.
Previously the key was ignored and microservices were always
tried for an upgrade.
2023-04-28 15:48:12 +02:00
3u13r
1bdf410b52
bazel: allow custom container_prefix (#1693)
* build: allow custom container registry

* build: fix .bazeloverwriterc import
2023-04-27 11:52:02 +02:00
Daniel Weiße
1ebc553365
kubernetes: update CSI driver versions to v1.2.0 (#1657)
* Update CSI charts

* Update CSI tests

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-04-21 11:03:35 +02:00
Malte Poll
9dfad32e33 cli: use Bazel container images 2023-04-18 15:35:15 +02:00
Daniel Weiße
ec01c57661
internal: use config to create attestation validators (#1561)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-04-06 17:00:56 +02:00
Malte Poll
69de06dd1f
image: OpenStack vTPM (#1616)
* cli: allow vpc traffic between nodes on OpenStack
* image: enable vTPM on OpenStack
* cli: add create tests for OpenStack
2023-04-05 16:49:03 +02:00
Malte Poll
d15968bed7
bootstrapper: make Azure auth method configurable on cluster init (#1346)
* bootstrapper: make Azure auth method configurable on cluster init
* azure: convert uami resource ID to clientID


Co-authored-by: 3u13r <lc@edgeless.systems>
2023-04-03 15:01:25 +02:00
Otto Bittner
c8c2953d7b cli: add status cmd
The new command allows checking the status of an upgrade
and which versions are installed.
Also remove the unused restclient.
And make GetConstellationVersion a function.
2023-04-03 12:03:41 +02:00
Paul Meyer
909bfb9274 bazel: add go generate to //:generate target
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 12:51:40 -04:00
Daniel Weiße
b57413cfa7
cli: set cluster's initial measurements from user's config using Helm (#1540)
* Remove using measurements from the initial control-plane node for the cluster's initial measurements

* Add using measurements from the user's config for the cluster's initial measurements to align behavior with upgrade command

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-29 11:16:56 +02:00
Daniel Weiße
99b12e4035
internal: refactor oid package to variant package (#1538)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-29 09:30:13 +02:00
Otto Bittner
c057fac315 cli: idkeycfg upgrade migration
TODO: revert this commit after v2.7 is released.
2023-03-23 14:57:38 +01:00
Otto Bittner
cac43a1dd0 ci: add e2e-upgrade test
The test is implemented as a go test.
It can be executed as a bazel target.
The general workflow is to setup a cluster,
point the test to the workspace in which to
find the kubeconfig and the constellation config
and specify a target image, k8s and
service version. The test will succeed
if it detects all target versions in the cluster
within the configured timeout.
The CI automates the above steps.
A separate workflow is introduced as there
are multiple input fields to the test.
Adding all of these to the manual e2e test
seemed confusing.

Co-authored-by: Fabian Kammel <fk@edgeless.systems>
2023-03-23 14:57:38 +01:00
Paul Meyer
02fc3dc635
measurements: refactor validation option (#1462)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-22 11:47:39 +01:00
Daniel Weiße
5a0234b3f2
attestation: add option for MAA fallback to verify azure's snp-sev id key digest (#1257)
* Convert enforceIDKeyDigest setting to enum

* Use MAA fallback in Azure SNP attestation

* Only create MAA provider if MAA fallback is enabled

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
2023-03-21 12:46:49 +01:00
Malte Poll
8559a1ef8b helm: deploy node operator on OpenStack 2023-03-21 10:51:09 +01:00
Malte Poll
7d4ab07163 helm: add tests for AWS and OpenStack 2023-03-21 10:51:09 +01:00
Malte Poll
e5124d1a97 helm: add OpenStack charts 2023-03-21 10:51:09 +01:00
Otto Bittner
5a82c3cef2
cli: add attestationVariant migration (#1467)
Temporarily add the attestationVariant key to the service
values during upgrade. Normally this should not be
modified during upgrade. However, since the field is introduced
in v2.7, we need to add the field manually.
2023-03-21 10:04:48 +01:00
Otto Bittner
1b12147d83
cli: minor restructuring for loading helm charts (#1441)
Use one loadRelease function instead of one function for each
release.
2023-03-20 17:05:58 +01:00
Otto Bittner
9e13b0f917
cli: only create resource backups if upgrade is executed (#1437)
Previously backups were created even if no service upgrades were
executed. To allow this some things are restructured:
* new chartInfo type that holds release name, path and chart name
* upgrade execution and version validity are checked separately
2023-03-20 14:49:04 +01:00
Paul Meyer
0036b24266 go: remove unused parameters
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-20 08:41:01 -04:00
Daniel Weiße
6ea5588bdc
config: add attestation variant (#1413)
* Add attestation type to config (optional for now)

* Get attestation variant from config in CLI

* Set attestation variant for Constellation services in helm deployments

* Remove AzureCVM variable from helm deployments

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-14 11:46:27 +01:00
Malte Poll
bdba9d8ba6
bazel: add build files for go (#1186)
* build: correct toolchain order
* build: gazelle-update-repos
* build: use pregenerated proto for dependencies
* update bazeldnf
* deps: tpm simulator
* Update Google trillian module
* cli: add stamping as alternative build info source
* bazel: add go_test wrappers, mark special tests and select testing deps
* deps: add libvirt deps
* deps: go-libvirt patches
* deps: cloudflare circl patches
* bazel: add go_test wrappers, mark special tests and select testing deps
* bazel: keep gazelle overrides
* bazel: cleanup bazelrc
* bazel: switch CMakeLists.txt to use bazel
* bazel: fix injection of version information via stamping
* bazel: commit all build files
* dev-docs: document bazel usage
* deps: upgrade zig-cc for go 1.20
* bazel: update Perl for macOS arm64 & Linux arm64 support
* bazel: use static perl toolchain for OpenSSL
* bazel: use static protobuf (protoc) toolchain
* deps: add git and go to nix deps

Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-09 15:23:42 +01:00
Paul Meyer
64fc43f276
use any instead of interface{} (#1354)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-08 10:31:20 +01:00
Otto Bittner
b94d23a3e8 cli: create backups before upgrading microservices 2023-03-03 15:02:22 +01:00
Otto Bittner
3cef9ee74d cli: add doc comments for helm 2023-03-03 15:02:22 +01:00
Otto Bittner
f0db5d0395
cli: restructure upgrade apply (#1319)
Applies the updated NodeVersion object with one request
instead of two. This makes sure that the first request does
not accidentially put the cluster into a "updgrade in progress"
status. Which would lead users to having to run apply twice.
2023-03-03 09:38:23 +01:00
Malte Poll
fc33a74c78
constants: make VersionInfo readonly (#1316)
The variable VersionInfo is supposed to be set by `go build -X ...` during link time but should not be modified at runtime.
This change ensures the underlying var is private and can only be accessed by a public getter.
2023-03-01 11:55:12 +01:00
Otto Bittner
984f0589d2
cli: upgrade errors for microservice (#1259)
Handle invalid upgrade errors similarly as for images and k8s.
2023-02-28 10:23:09 +01:00
Otto Bittner
08ee56911b cli: overwrite chart versions during install/upgrade
* As charts receive information like the container image from
the cli it makes sense to also version the charts based on the cli
version.
* The pseudoversion is recalculated when running cmake.
* When merging changes from release branch to main,
a new commit is introduced to set the PROJECT_VERSION back
to 0.0.0, so that builds include a pseudoversion.
2023-02-27 16:06:35 +01:00
Otto Bittner
7454b69f13 cli: helm: prepare values for upgrade correctly
Previously the chart's values were not set, relying on the
values that are already present in the cluster and reusing
those. This does not work as e.g. the image values
are only set while loading the charts. Also, the templates
are not rendered correctly without all values set.
2023-02-15 11:41:54 +01:00
Otto Bittner
4855b20093 cli: helm: move csp into ChartLoader object 2023-02-15 11:41:54 +01:00
Otto Bittner
1728633646 cli: helm: separate user input from static loading
Because values in the charts might change in the future and
some values (like the image) are part of a valid upgrade we
need to load all values for an upgrade.
However, during upgrades we don't want to reapply user
input like the masterSecret. Therefore this patch splits the
application of user input and the static loading of chart values.
2023-02-15 11:41:54 +01:00
Otto Bittner
c275464634 cli: change upgrade-plan to upgrade-check
Upgrade check is used to find updates for the current cluster.
Optionally the found upgrades can be persisted to the config
for consumption by the upgrade-execute cmd.
The old `upgrade execute` in this commit does not work with
the new `upgrade plan`.
The current versions are read from the cluster.
Supported versions are read from the cli and the versionsapi.
Adds a new config field MicroserviceVersion that will be used
by `upgrade execute` to update the service versions.
The field is optional until 2.7
A deprecation warning for the upgrade key is printed during
config validation.
Kubernetes versions now specify the patch version to make it
explicit for users if an upgrade changes the k8s version.
2023-02-08 12:30:01 +01:00
Otto Bittner
3038b374da cli: update helm chart render expectations
testdata is now expecting the charts to render for ko images.
2023-01-31 11:36:49 +01:00
Otto Bittner
9fc88797d1 cli: use /manager as binary path
The change to /ko-app/v2 is incorrect as we are
currently not building ko images for this operator.
2023-01-31 10:35:26 +01:00
leongross
2187aa6cb0
ci: reproducible builds integration (#1108)
* remove `-ko` suffix from workflows
* integrate into `release.yaml`
* adjust helm charts to use hard coded `ko` binary path
2023-01-30 16:58:49 +01:00
github-actions[bot]
9567cc09ce
release: bring back changes from v2.5.0 (#1061)
* deps: update version to v2.5.0

* attestation: hardcode measurements for v2.5.0

* bump operator versions

Co-authored-by: release[bot] <release[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-01-24 11:35:26 +01:00
Paul Meyer
a8cbfd848f
keyservice: use dash in container name (#1016)
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-01-20 18:51:06 +01:00
3u13r
632090c21b
azure: allow a set of idkeydigest values (#991) 2023-01-18 16:49:55 +01:00
Otto Bittner
90b88e1cf9 kms: rename kms to keyservice
In the light of extending our eKMS support it will be helpful
to have a tighter use of the word "KMS".
KMS should refer to the actual component that manages keys.
The keyservice, also called KMS in the constellation code,
does not manage keys itself. It talks to a KMS backend,
which in turn does the actual key management.
2023-01-16 11:56:34 +01:00
release[bot]
e8fad4b7f9 Update version to v2.4.0 2023-01-11 11:10:44 +01:00
Leonard Cohnen
2700d5182b operator: reconcile kubernetesClusterVersion 2023-01-09 12:16:54 +01:00
Otto Bittner
075a0e0ad6 cli: ask user to confirm cert-manager upgrades 2023-01-05 17:19:05 +01:00
Otto Bittner
e7c7e35f51 cli: create backups for CRDs and their resources
These backups could be used in case an upgrade
misbehaves after helm declared it as successful.
The manual backups are required as helm-rollback
won't touch custom resources and changes to CRDs
delete resources of the old version.
2023-01-05 16:52:06 +01:00
Leonard Cohnen
620436626b operator: add cluster version to nodeversion 2023-01-05 14:52:09 +01:00
Leonard Cohnen
9bfe2a81ed cli: fix nodeversion crd name 2023-01-05 14:52:09 +01:00
3u13r
f14af0c3eb
upgrade: support Kubernetes components (#839)
* upgrade: add Kubernetes components to NodeVersion

* update rfc
2023-01-03 12:09:53 +01:00
3u13r
473e16feb2
image: add upgrade-agent (#827) 2022-12-29 17:50:11 +01:00
3u13r
0297aed1ea
join: deprecate components migration fallback (#833) 2022-12-29 14:51:26 +01:00
Daniel Weiße
942d11a4c8
Only upgrade helm releases if versions changed (#818)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-12-22 12:30:04 +01:00
Otto Bittner
efcd0337b4
Microservice upgrades (#729)
Run with: constellation upgrade execute --helm.
This will only upgrade the helm charts. No config is needed.

Upgrades are implemented via helm's upgrade action, i.e. they
automatically roll back if something goes wrong. Releases could 
still be managed via helm, even after an upgrade with constellation
has been done.

Currently not user facing as CRD/CR backups are still in progress.
These backups should be automatically created and saved to the 
user's disk as updates may delete CRs. This happens implicitly 
through CRD upgrades, which are part of microservice upgrades.
2022-12-19 16:52:15 +01:00
Paul Meyer
c741ccfb4b kubernetes: use new registry
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-13 16:08:19 +01:00
Malte Poll
c3b657de01 Bump version to v2.3.0 2022-12-12 17:45:35 +01:00
3u13r
c993cd6800
join: synchronize control plane joining (#776)
* join: synchronize control plane joining
2022-12-09 18:30:20 +01:00
renovate[bot]
4e6f88c355 Update gcr.io/kubebuilder/kube-rbac-proxy Docker tag to v0.13.1 2022-12-09 14:30:39 +01:00
Daniel Weiße
d356a40bc3
Pull in CSI chart from release tag (#757)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-12-09 08:32:58 +01:00
Leonard Cohnen
a1161ae05d k8supdates: label nodes with k8s component hash 2022-12-08 11:19:22 +01:00
Daniel Weiße
dea05c45bc
Use csi chart from release tag (#727)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-12-07 08:19:44 +01:00
Leonard Cohnen
0c71cc77f6 joinservice: use configmap for k8s components 2022-12-02 14:34:38 +01:00
Otto Bittner
a20b5461aa Make loader tests more precise
Until now the loader tests did not detect if a file in testdata existed,
but was missing from the actual results. This patch fixes the problem.
It also removes various files that are not needed.
The testdata folder now represents which files end up in a cluster 1:1.
2022-12-01 12:15:32 +01:00
Otto Bittner
c05d1589f8 Bring in CSI driver changes from upstream 2022-12-01 12:15:32 +01:00
Otto Bittner
fc8a2be843 Use ChartLoader to set operator deployment images
This allows the (operator) unittests to use dummy values instead of
relying on the real image string from versions.go.
2022-11-29 10:36:55 +01:00
Otto Bittner
038ea5fade Add helm's quote function to various fields
The constellationUID is sometimes interpreted as integer if it contains
0e, as the yaml parsing interprets that as scientific notation.
Since it is a best practices to quote string fields anyways this patch
also quotes other fields where an actual string is required.
2022-11-28 11:35:47 +01:00
Leonard Cohnen
c978329839 helm: fix expected helm charts 2022-11-27 16:43:50 +01:00
Leonard Cohnen
865cd53856 helm: remove non-existent field in operator 2022-11-27 16:43:34 +01:00
Otto Bittner
18fe34c58b loader_test now compares all documents in one file
Previously only the first document was compared due to
an issue in testify.
Also update testdata to match the adjusted expectations.
2022-11-25 18:07:40 +01:00
Malte Poll
1af3ff00ad
Constellation Operator: Add image version field (#649) 2022-11-25 14:49:26 +01:00
Daniel Weiße
67d0424f0e
AB#2639 Add functions to fetch k8s and helm version of Constellation (#637)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-24 16:39:33 +01:00
Daniel Weiße
f8001efbc0
Refactor enforced/expected PCRs (#553)
* Merge enforced and expected measurements

* Update measurement generation to new format

* Write expected measurements hex encoded by default

* Allow hex or base64 encoded expected measurements

* Allow hex or base64 encoded clusterID

* Allow security upgrades to warnOnly flag

* Upload signed measurements in JSON format

* Fetch measurements either from JSON or YAML

* Use yaml.v3 instead of yaml.v2

* Error on invalid enforced selection

* Add placeholder measurements to config

* Update e2e test to new measurement format

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-24 10:57:58 +01:00
Otto Bittner
da1af3f37e Fix type for cert-manager verbose flag 2022-11-23 18:37:36 +01:00
Otto Bittner
3e71459898 AB#2635: Deploy Konnectivity via Helm 2022-11-23 12:21:08 +01:00
Otto Bittner
7283eeb798 AB#2636: Deploy gcp-guest-agent via Helm 2022-11-23 12:21:08 +01:00
Otto Bittner
9b75d651fc Run cert-manager startupapicheck with verbose flag 2022-11-23 11:16:16 +01:00
Otto Bittner
2c9ddbc6e7 Remove unused LoadConfig type 2022-11-23 08:49:22 +01:00
Daniel Weiße
b915d03487
AB#2615 Update docs to new CSI installation method (#606)
* Update docs to new CSI installation method

* Fix invalid volume expansion option

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
2022-11-22 09:36:08 +01:00
Otto Bittner
adc09a1ad1
AB#2593: Deploy verification service via Helm (#594) 2022-11-21 17:06:41 +01:00
Otto Bittner
bdd9dd922b
AB#2589: Deploy operators via Helm (#575)
* Only deploy operators on GCP/Azure.
* cert-manager is now deployed by default (GCP/Azure)
* remove OLM
2022-11-21 10:35:40 +01:00