malt3
c4f27f62ee
docs: add release v2.16.0
2024-02-29 17:22:19 +01:00
Malte Poll
93eb8f0694
release: use cosign sign-blob in non-interative mode ( #2953 )
2024-02-29 09:40:13 +01:00
Malte Poll
0b6eeb3747
ci: match version of actions/download-artifact for slsa provenance ( #2957 )
2024-02-29 09:39:41 +01:00
Malte Poll
f5c5413284
terraform: use volumes instead of ephemeral local disks on STACKIT
...
Ephemeral local disks are discouraged on STACKIT.
Use volumes instead.
This sets an upper bound of 5GB on the boot disk.
If Constellation OS images ever grow beyond that, we will run into
problems.
2024-02-28 15:48:53 +01:00
Malte Poll
5e40f49ca4
docs: update STACKIT instance types
2024-02-28 15:48:53 +01:00
Malte Poll
3ce10eb00f
terraform: allow STACKIT / OpenStack instance type to be UUID or name
2024-02-28 15:48:53 +01:00
edgelessci
79aaa77b6b
image: update measurements and image version ( #2950 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-02-28 10:02:33 +01:00
Daniel Weiße
80518379c4
ci: fix artifact naming problems in e2e test ( #2948 )
...
* Fix potentially artifact naming in weekly tests
* Use e2e prefix for artifact naming in e2e-benchmark
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-02-27 08:59:22 +01:00
Malte Poll
6f60cee6f9
deps: update Linux LTS and mainline kernel ( #2947 )
...
LTS: 6.1.79
Mainline: 6.7.6
2024-02-26 16:59:34 +01:00
Malte Poll
7bc4ad5728
deps: update all terraform providers
2024-02-26 13:38:33 +01:00
edgelessci
0336cd4faa
image: update locked rpms ( #2946 )
...
Co-authored-by: malt3 <1780588+malt3@users.noreply.github.com>
2024-02-25 09:54:09 +01:00
Malte Poll
4b3d9e15a5
docs: add STACKIT
2024-02-23 13:32:22 +01:00
edgelessci
b2ab5869b3
image: update measurements and image version ( #2943 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-02-23 09:33:12 +01:00
renovate[bot]
ae0e00383b
deps: update module helm.sh/helm/v3 to v3.14.2 [SECURITY] ( #2944 )
...
* deps: update module helm.sh/helm/v3 to v3.14.2 [SECURITY]
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2024-02-23 09:26:36 +01:00
Malte Poll
ae4b2a9182
docs: point to new URL for rocket chat blog post
2024-02-23 08:57:57 +01:00
Thomas Tendyck
31baba2d4b
docs: remove broken links and publish removal of cloud logging
2024-02-23 08:57:57 +01:00
3u13r
2a61861a1c
stackit: add k8s api load balancer ( #2925 )
2024-02-22 17:39:34 +01:00
renovate[bot]
62acec17f6
deps: update Constellation containers ( #2921 )
...
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2024-02-22 14:04:42 +01:00
Malte Poll
00d39ff7fa
helm: update edgelesssys cinder-csi-plugin
2024-02-22 12:43:04 +01:00
Malte Poll
31f65fb486
openstack: find node CIDR with multiple subnets
2024-02-22 12:43:04 +01:00
Malte Poll
d8185fdafb
helm: use patched yawol with support for subnet choice
...
Constellation requires a CIDR that only Kubernetes nodes live in.
This is needed for cilium encryption.
To make yawol LBs work, they need to be placed in a different subnet
with their own CIDR.
This patched version supports that.
2024-02-22 12:43:04 +01:00
Malte Poll
1e987f6a85
terraform: add subnet for OpenStack LBs
2024-02-22 12:43:04 +01:00
Malte Poll
9d164de18b
helm: avoid waiting for non-essential services ( #2939 )
...
In our e2e tests, we see a lot of "etcd-leader changed" errors
while deploying non-essential helm charts.
If this transient error occurs, helm gets into a broken state
where it cannot uninstall cleanly and thus any retry attempts fail.
By not waiting for the installation of helm charts to succeed,
we can avoid making most of the kubernetes API calls while
control-plane nodes are joining.
This makes "constellation apply" faster and more resilient.
2024-02-22 12:18:55 +01:00
renovate[bot]
5674d9742a
deps: update Constellation containers ( #2936 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-22 09:12:18 +01:00
Malte Poll
522f2858c6
proto: update generated protobuf sources
2024-02-21 18:40:16 +01:00
Malte Poll
71c8a27539
deps: replace use of deprecated module azsecrets
...
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets -> github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets
2024-02-21 18:40:16 +01:00
Malte Poll
8541365341
sigstore: replace use of deprecated module go-tuf
2024-02-21 18:40:16 +01:00
Malte Poll
ffdf23e3f2
libvirt: replace use of deprecated types
2024-02-21 18:40:16 +01:00
Malte Poll
6a467e5594
deps: update all Go deps
2024-02-21 18:40:16 +01:00
Malte Poll
65903459a0
chore: fix unused parameter lint in new golangcilint version
2024-02-21 17:54:07 +01:00
Malte Poll
68fc2b0811
deps: update all Bazel toolchains / rule deps
2024-02-21 17:54:07 +01:00
Malte Poll
2300a31276
deps: update all 3rdparty github actions
2024-02-21 17:53:53 +01:00
renovate[bot]
cdd80a4f3f
deps: update dependency containernetworking/plugins to v1.4.0 ( #2896 )
...
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2024-02-21 17:42:48 +01:00
miampf
96c5980651
cli: collect debug logs in file ( #2906 )
2024-02-21 15:39:12 +00:00
Daniel Weiße
7edd6259d1
ci: fix duplicate benchmark artificat name ( #2934 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-02-21 15:34:30 +01:00
Markus Rudy
98a1cfa2ca
ci: fetch latest console logs on aws ( #2926 )
2024-02-21 13:46:25 +01:00
renovate[bot]
abf6b4924a
deps: update Python dependencies
2024-02-21 13:32:15 +01:00
Malte Poll
59faa2b692
attestation: add hardcoded OpenStack enterprise measurements
2024-02-21 13:31:32 +01:00
katexochen
70ff097e12
image: update measurements and image version
2024-02-21 08:49:20 +01:00
Malte Poll
38ef546362
deps: update Go to 1.22.0
2024-02-20 18:27:16 +01:00
Markus Rudy
fe85877679
debugd: enable debug logging for systemd units ( #2923 )
2024-02-20 14:44:14 +01:00
Malte Poll
889677c795
image: update mkosi and use package directory feature
2024-02-20 12:50:13 +01:00
Malte Poll
5ef12895fa
bazel: remove deprecated Bazel container
...
It doesn't work properly with nix and a nix shell exists for all developers.
2024-02-20 12:50:13 +01:00
Malte Poll
77ecd8d4ce
nix: fix bazel under NixOS
2024-02-20 12:50:13 +01:00
Malte Poll
a4d25646f5
deps: update to bazel 7
2024-02-20 12:50:13 +01:00
Malte Poll
c6e0714a42
deps: update go-git
2024-02-20 10:00:38 +01:00
Malte Poll
980b2f0e87
ci: login to OpenStack provider
2024-02-19 18:16:45 +01:00
Malte Poll
75f16ce87b
image: upload OpenStack images to OpenStack
2024-02-19 18:16:45 +01:00
Malte Poll
6f9020d527
cli: use pre-uploaded image on OpenStack
...
Before, the terraform infrastructure code would upload an image on the fly.
Now, we upload images in advance and specify the image ID instead.
2024-02-19 18:16:45 +01:00
renovate[bot]
3b2da12781
deps: update Constellation containers ( #2919 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-19 16:14:05 +01:00