Commit Graph

120 Commits

Author SHA1 Message Date
Daniel Weiße
1f4fb3feda
Fix manifest url (#128)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-09-12 14:33:08 +02:00
Thomas Tendyck
0952435e25 fix some doc links 2022-09-12 13:09:55 +02:00
Thomas Tendyck
4b36d3a930 cli: minor improvements of output 2022-09-12 12:56:29 +02:00
Thomas Tendyck
d83a5f8693 cli verify: remove ownerid 2022-09-12 08:50:36 +02:00
Thomas Tendyck
53560ca6c5 cli verify: revert flow change to print correct errors again 2022-09-12 08:50:36 +02:00
Thomas Tendyck
ab45d5fbfe tidy config 2022-09-12 08:49:51 +02:00
Leonard Cohnen
7163c161b6 Deploy Konnectivity 2022-09-09 17:26:02 +02:00
Thomas Tendyck
a85777fd02 enforce pcr4 2022-09-08 17:34:12 +02:00
Daniel Weiße
8cb155d5c5
AB#2260 Refactor disk-mapper recovery (#82)
* Refactor disk-mapper recovery

* Adapt constellation recover command to use new disk-mapper recovery API

* Fix Cilium connectivity on rebooting nodes (#89)

* Lower CoreDNS reschedule timeout to 10 seconds (#93)

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-09-08 14:45:27 +02:00
Nils Hanke
ce0edc8c80 Purge provider argument from constellation create and verify 2022-09-08 13:38:24 +02:00
Moritz Eckert
fb5faa681c
Add provider to license check (#88) 2022-09-08 11:02:04 +02:00
Fabian Kammel
e3ede64ae6
Document trusted launch on Azure (#48)
* Document trusted launch usage for Azure

Signed-off-by: Fabian Kammel <fk@edgeless.systems>

* there is no valid link because there is no valid release yet

Signed-off-by: Fabian Kammel <fk@edgeless.systems>

* fix link

Signed-off-by: Fabian Kammel <fk@edgeless.systems>

* fix linter issues

Signed-off-by: Fabian Kammel <fk@edgeless.systems>

* improve

* importAzure.sh: print final image ID

Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
2022-09-07 15:05:24 +02:00
Nils Hanke
30725bb0c6 Warn when a debug cluster is created 2022-09-07 13:27:15 +02:00
Nils Hanke
fe70231f2a Rename IsImageDebug -> IsDebugImage for consistency 2022-09-07 13:27:15 +02:00
Nils Hanke
72d4456b3f GCP: Only create debugd loadbalancer when debugCluster is set 2022-09-07 13:27:15 +02:00
Nils Hanke
d74c7a3769 Azure: Only create debugd loadbalancer when debugCluster is set 2022-09-07 13:27:15 +02:00
Nils Hanke
1a4b4f564a Remove firewall configuration and make it static with a debug flag 2022-09-07 13:27:15 +02:00
Thomas Tendyck
9d264604c0 cli: remove GCP ADC project name check 2022-09-07 10:29:41 +02:00
Malte Poll
47b3195bac
cli: azure scale set poller: check for power state of every instance (#78) 2022-09-06 10:05:51 +02:00
Fabian Kammel
020cf51fc6
AB#2392 Store serial logs in actions (#39)
Co-authored-by: Fabian Kammel <fk@edgeless.systems>
2022-09-05 18:12:46 +02:00
Malte Poll
c38a142d64 Kubernetes 1.25 preview
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-09-05 16:57:28 +02:00
Leonard Cohnen
e80948a263 add tags to cluster id file struct 2022-09-05 16:35:59 +02:00
Leonard Cohnen
7b00005ed6 fix qemu initialization 2022-09-05 16:35:59 +02:00
Otto Bittner
405db3286e AB#2386: TrustedLaunch support for azure attestation
* There are now two attestation packages on azure.
The issuer on the server side is created base on successfully
querying the idkeydigest from the TPM. Fallback on err: Trusted Launch.
* The bootstrapper's issuer choice is validated by the CLI's validator,
which is created based on the local config.
* Add "azureCVM" field to new "internal-config" cm.
This field is populated by the bootstrapper.
* Group attestation OIDs by CSP (#42)
* Bootstrapper now uses IssuerWrapper type to pass
the issuer (and some context info) to the initserver.
* Introduce VMType package akin to cloudprovider. Used by
IssuerWrapper.
* Extend unittests.
* Remove CSP specific attestation integration tests

Co-authored-by: <dw@edgeless.systems>
Signed-off-by: Otto Bittner <cobittner@posteo.net>
2022-09-05 12:03:48 +02:00
Nils Hanke
71fb62fe31 Remove note to instance types specifically 2022-09-05 09:36:58 +02:00
Thomas Tendyck
bd63aa3c6b add license headers
sed -i '1i/*\nCopyright (c) Edgeless Systems GmbH\n\nSPDX-License-Identifier: AGPL-3.0-only\n*/\n' `grep -rL --include='*.go' 'DO NOT EDIT'`
gofumpt -w .
2022-09-05 09:17:25 +02:00
Fabian Kammel
106635a9ee
Restructure config docs (#44)
* more guided UX when generating and filling in config
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-09-02 17:11:06 +02:00
Nils Hanke
c0bfb9b61e Add 'constellation config instance-types' 2022-09-02 07:04:11 -07:00
Nils Hanke
0aefe2c0ba Move instanceType from CLI to config 2022-09-02 07:04:11 -07:00
Moritz Eckert
b95f3dbc91
Add docs to repo (#38) 2022-09-02 11:52:42 +02:00
Leonard Cohnen
cce2575d68 remove broken test: create azure service account 2022-09-01 17:06:01 +02:00
Leonard Cohnen
00e72db5d8 write master secret after config verification 2022-09-01 16:43:54 +02:00
Fabian Kammel
6440904865
Ref/update cosign key (#31)
* use new cosign keypair
* use community images for production image heuristic
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-09-01 12:58:31 +02:00
3u13r
f649219cbf
Feat/cilium strict mode2.0 (#25)
* bump cilium helm charts

* integrate cilium strict mode v2
2022-08-31 15:37:07 +02:00
Otto Bittner
4adc19b7f5 AB#2350: Configurably enforce idkeydigest on Azure
* Add join-config entry for "enforceIdKeyDigest" bool
* Add join-config entry for "idkeydigest"
* Initially filled with TPM value from bootstrapper
* Add config entries for idkeydigest and enforceIdKeyDigest
* Extend azure attestation validator to check idkeydigest,
if configured.
* Update unittests
* Add logger to NewValidator for all CSPs
* Add csp to Updateable type

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2022-08-31 15:26:04 +02:00
katexochen
10e5249631 Manual client secrets on azure 2022-08-31 14:10:08 +02:00
katexochen
1861dc2744 Tag Azure resources with UID 2022-08-31 14:10:08 +02:00
katexochen
f15605cb45 Manually manage resource group on Azure 2022-08-31 14:10:08 +02:00
Daniel Weiße
ce02878019
AB#2308 / AB#2317 constellation upgrade plan (#3)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-31 11:59:07 +02:00
Daniel Weiße
b27e205399
Use 4 vCPU instances by default (#24)
* Use 4 vcpu instances by default

* Remove 2 vcpu instance type option

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-31 10:33:33 +02:00
Fabian Kammel
778952e07c
AB#2287 support community image IDs (#9)
* support community image IDs
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-30 15:15:51 +02:00
Daniel Weiße
7c832273fd
AB#2309 constellation upgrade execute (#2)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-29 16:49:44 +02:00
Fabian Kammel
22c912a56d move nodestate and role
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-29 16:07:55 +02:00
Nils Hanke
6da228758c
GCP: Add more N2D VMs to supported list (#6) 2022-08-29 09:50:40 +02:00
Malte Poll
708c6e057e Remove azure single instance support (#402) 2022-08-26 11:45:32 +02:00
Malte Poll
716ba52588 create on Azure: Allow toggling between CVMs / Trusted Launch VMs (#401) 2022-08-25 15:24:31 +02:00
Fabian Kammel
45beec15f5 AB#2360 enterprise build tag (#397)
* enterprise build switch to disable license checking in default (OSS) version
* remove community license quota
* empty image references on OSS build in config
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-25 14:06:29 +02:00
katexochen
6b1c20792a Use the correct context package 2022-08-24 14:56:30 +02:00
katexochen
e761c9bf97 Manually manage GCP service accounts 2022-08-24 11:44:05 +02:00
Malte Poll
f9c70d5c5a constellation create azure: use custom poller to check for scale set creation (#394)
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-24 11:31:43 +02:00