Commit Graph

4062 Commits

Author SHA1 Message Date
malt3
c4f27f62ee docs: add release v2.16.0 2024-02-29 17:22:19 +01:00
Malte Poll
93eb8f0694
release: use cosign sign-blob in non-interative mode (#2953) 2024-02-29 09:40:13 +01:00
Malte Poll
0b6eeb3747
ci: match version of actions/download-artifact for slsa provenance (#2957) 2024-02-29 09:39:41 +01:00
Malte Poll
f5c5413284 terraform: use volumes instead of ephemeral local disks on STACKIT
Ephemeral local disks are discouraged on STACKIT.
Use volumes instead.
This sets an upper bound of 5GB on the boot disk.
If Constellation OS images ever grow beyond that, we will run into
problems.
2024-02-28 15:48:53 +01:00
Malte Poll
5e40f49ca4 docs: update STACKIT instance types 2024-02-28 15:48:53 +01:00
Malte Poll
3ce10eb00f terraform: allow STACKIT / OpenStack instance type to be UUID or name 2024-02-28 15:48:53 +01:00
edgelessci
79aaa77b6b
image: update measurements and image version (#2950)
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-02-28 10:02:33 +01:00
Daniel Weiße
80518379c4
ci: fix artifact naming problems in e2e test (#2948)
* Fix potentially artifact naming in weekly tests
* Use e2e prefix for artifact naming in e2e-benchmark

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-02-27 08:59:22 +01:00
Malte Poll
6f60cee6f9
deps: update Linux LTS and mainline kernel (#2947)
LTS: 6.1.79
Mainline: 6.7.6
2024-02-26 16:59:34 +01:00
Malte Poll
7bc4ad5728 deps: update all terraform providers 2024-02-26 13:38:33 +01:00
edgelessci
0336cd4faa
image: update locked rpms (#2946)
Co-authored-by: malt3 <1780588+malt3@users.noreply.github.com>
2024-02-25 09:54:09 +01:00
Malte Poll
4b3d9e15a5 docs: add STACKIT 2024-02-23 13:32:22 +01:00
edgelessci
b2ab5869b3
image: update measurements and image version (#2943)
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-02-23 09:33:12 +01:00
renovate[bot]
ae0e00383b
deps: update module helm.sh/helm/v3 to v3.14.2 [SECURITY] (#2944)
* deps: update module helm.sh/helm/v3 to v3.14.2 [SECURITY]

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2024-02-23 09:26:36 +01:00
Malte Poll
ae4b2a9182 docs: point to new URL for rocket chat blog post 2024-02-23 08:57:57 +01:00
Thomas Tendyck
31baba2d4b docs: remove broken links and publish removal of cloud logging 2024-02-23 08:57:57 +01:00
3u13r
2a61861a1c
stackit: add k8s api load balancer (#2925) 2024-02-22 17:39:34 +01:00
renovate[bot]
62acec17f6
deps: update Constellation containers (#2921)
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2024-02-22 14:04:42 +01:00
Malte Poll
00d39ff7fa helm: update edgelesssys cinder-csi-plugin 2024-02-22 12:43:04 +01:00
Malte Poll
31f65fb486 openstack: find node CIDR with multiple subnets 2024-02-22 12:43:04 +01:00
Malte Poll
d8185fdafb helm: use patched yawol with support for subnet choice
Constellation requires a CIDR that only Kubernetes nodes live in.
This is needed for cilium encryption.
To make yawol LBs work, they need to be placed in a different subnet
with their own CIDR.
This patched version supports that.
2024-02-22 12:43:04 +01:00
Malte Poll
1e987f6a85 terraform: add subnet for OpenStack LBs 2024-02-22 12:43:04 +01:00
Malte Poll
9d164de18b
helm: avoid waiting for non-essential services (#2939)
In our e2e tests, we see a lot of "etcd-leader changed" errors
while deploying non-essential helm charts.
If this transient error occurs, helm gets into a broken state
where it cannot uninstall cleanly and thus any retry attempts fail.
By not waiting for the installation of helm charts to succeed,
we can avoid making most of the kubernetes API calls while
control-plane nodes are joining.
This makes "constellation apply" faster and more resilient.
2024-02-22 12:18:55 +01:00
renovate[bot]
5674d9742a
deps: update Constellation containers (#2936)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-22 09:12:18 +01:00
Malte Poll
522f2858c6 proto: update generated protobuf sources 2024-02-21 18:40:16 +01:00
Malte Poll
71c8a27539 deps: replace use of deprecated module azsecrets
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets -> github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets
2024-02-21 18:40:16 +01:00
Malte Poll
8541365341 sigstore: replace use of deprecated module go-tuf 2024-02-21 18:40:16 +01:00
Malte Poll
ffdf23e3f2 libvirt: replace use of deprecated types 2024-02-21 18:40:16 +01:00
Malte Poll
6a467e5594 deps: update all Go deps 2024-02-21 18:40:16 +01:00
Malte Poll
65903459a0 chore: fix unused parameter lint in new golangcilint version 2024-02-21 17:54:07 +01:00
Malte Poll
68fc2b0811 deps: update all Bazel toolchains / rule deps 2024-02-21 17:54:07 +01:00
Malte Poll
2300a31276 deps: update all 3rdparty github actions 2024-02-21 17:53:53 +01:00
renovate[bot]
cdd80a4f3f
deps: update dependency containernetworking/plugins to v1.4.0 (#2896)
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2024-02-21 17:42:48 +01:00
miampf
96c5980651
cli: collect debug logs in file (#2906) 2024-02-21 15:39:12 +00:00
Daniel Weiße
7edd6259d1
ci: fix duplicate benchmark artificat name (#2934)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-02-21 15:34:30 +01:00
Markus Rudy
98a1cfa2ca
ci: fetch latest console logs on aws (#2926) 2024-02-21 13:46:25 +01:00
renovate[bot]
abf6b4924a deps: update Python dependencies 2024-02-21 13:32:15 +01:00
Malte Poll
59faa2b692 attestation: add hardcoded OpenStack enterprise measurements 2024-02-21 13:31:32 +01:00
katexochen
70ff097e12 image: update measurements and image version 2024-02-21 08:49:20 +01:00
Malte Poll
38ef546362 deps: update Go to 1.22.0 2024-02-20 18:27:16 +01:00
Markus Rudy
fe85877679
debugd: enable debug logging for systemd units (#2923) 2024-02-20 14:44:14 +01:00
Malte Poll
889677c795 image: update mkosi and use package directory feature 2024-02-20 12:50:13 +01:00
Malte Poll
5ef12895fa bazel: remove deprecated Bazel container
It doesn't work properly with nix and a nix shell exists for all developers.
2024-02-20 12:50:13 +01:00
Malte Poll
77ecd8d4ce nix: fix bazel under NixOS 2024-02-20 12:50:13 +01:00
Malte Poll
a4d25646f5 deps: update to bazel 7 2024-02-20 12:50:13 +01:00
Malte Poll
c6e0714a42 deps: update go-git 2024-02-20 10:00:38 +01:00
Malte Poll
980b2f0e87 ci: login to OpenStack provider 2024-02-19 18:16:45 +01:00
Malte Poll
75f16ce87b image: upload OpenStack images to OpenStack 2024-02-19 18:16:45 +01:00
Malte Poll
6f9020d527 cli: use pre-uploaded image on OpenStack
Before, the terraform infrastructure code would upload an image on the fly.
Now, we upload images in advance and specify the image ID instead.
2024-02-19 18:16:45 +01:00
renovate[bot]
3b2da12781
deps: update Constellation containers (#2919)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-19 16:14:05 +01:00