Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-12-25 23:49:37 -05:00
Code Issues Packages Projects Releases Wiki Activity
3,803 Commits 137 Branches 49 Tags 92 MiB
65d28f913f
Commit Graph

884 Commits

Author SHA1 Message Date
Markus Rudy
597a923a7f
cilium: performance fixes and reproducible images (#2855) 
* helm: bump cilium version

* helm: patch Cilium chart version
 2024-01-26 17:03:40 +01:00
Daniel Weiße
78b9b0fc96
terraform-provider: enable Azure TDX (#2854) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-01-26 15:46:21 +01:00
edgelessci
49a806a874
image: update measurements and image version (#2859) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-01-26 08:15:43 +01:00
Markus Rudy
9fb6c3216e
helm: remove kube-rbac-proxy (#2849) 2024-01-25 10:06:40 +01:00
Daniel Weiße
e350ca0f57
attestation: add Azure TDX attestation (#2827) 
* Implement Azure TDX attestation primitives
* Add default measurements and claims for Azure TDX
* Enable Constellation on Azure TDX

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-01-24 15:10:15 +01:00
edgelessci
6ae59bb986
image: update measurements and image version (#2848) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-01-24 08:22:48 +01:00
Malte Poll
c8ffba0366 measurements: update expected PCR[1] on GCP 2024-01-23 21:55:12 +01:00
Malte Poll
a2e2f0387c measurements: correctly override validation options 2024-01-23 21:55:12 +01:00
3u13r
2a7a9dc2aa
helm: re-enable native routing for gcp (#2842) 2024-01-23 14:46:24 +01:00
Malte Poll
3a5753045e goleak: ignore rules_go SIGTERM handler 
rules_go added a SIGTERM handler that has a goroutine that survives the scope of the goleak check.
Currently, the best known workaround is to ignore this goroutine.

https://github.com/uber-go/goleak/issues/119
https://github.com/bazelbuild/rules_go/pull/3749
https://github.com/bazelbuild/rules_go/pull/3827#issuecomment-1894002120
 2024-01-22 13:11:58 +01:00
edgelessci
3b02edcc48
image: update measurements and image version (#2833) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-01-19 09:12:24 +01:00
edgelessci
2acbd10ef7
image: update measurements and image version (#2831) 
Co-authored-by: malt3 <malt3@users.noreply.github.com>
 2024-01-17 18:55:10 +01:00
Malte Poll
b8933560be
image upload: use unique blob name for AWS images uploaded to S3 (#2830) 
When uploading images to AWS, they need to be uploaded to S3 first.
Since blob names are not unique between attestation variants, there
was a possibility for one S3 upload to be used for the wrong AMI.
 2024-01-17 17:09:07 +01:00
edgelessci
6259815869
image: update measurements and image version (#2828) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-01-17 08:11:53 +01:00
Malte Poll
9d6321faa3 uplosi: use separate galleries for Azure TDX and TDX 2024-01-16 17:34:44 +01:00
Malte Poll
336ba6bc34 attestation: add Azure TDX variant 
Only a stub for now.
 2024-01-16 17:34:44 +01:00
Malte Poll
5063b815f1 config: allow Azure TDX instance types 2024-01-16 17:34:44 +01:00
Markus Rudy
e29ea77d23
helm: bump Cilium chart version (#2822) 
* helm: bump Cilium chart version

* helm: generate Cilium chart
 2024-01-16 14:49:24 +01:00
Malte Poll
b7bab7c3c8 image: replace "upload {aws|azure|gcp}" with uplosi 2024-01-15 13:53:15 +01:00
Malte Poll
fb392c2d50 image: add image uploader that uses uplosi in the background 
This implementation will replace the custom Go code in
internal/osimage/{aws|azure|gcp} and still conforms to the same interface.
 2024-01-15 13:53:15 +01:00
Malte Poll
181b8f64d2 image: add static (per-CSP) measurements during "measurement envelope" 
This logic was previously performed in a GitHub Actions workflow
using yq.
Since every step should now be performed in Bazel, this now needs to happen here.
 2024-01-15 13:53:15 +01:00
edgelessci
2fea43a320
image: update measurements and image version (#2817) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-01-12 08:20:15 +01:00
Adrian Stobbe
baad7d8310
aws sev snp resolves latest version values on GetAttestationConfig (#2810) 2024-01-10 13:32:13 +01:00
edgelessci
c61507f220
image: update measurements and image version (#2812) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-01-10 08:13:30 +01:00
Markus Rudy
ef6f63dc48
Fix various small things throughout the codebase (#2800) 
* bootstrapper: remove obsolete log statement

* ci: simplify variable usage

Co-authored-by: Daniel Weiße <daniel-weisse@users.noreply.github.com>

* cli: add missing formatting directive

* helm: fix rm invocation

* ci: document reproducible-builds workflow

* constants: use variables for measurement files

* constants: use variables for CDN distribution ID

* ci: make Helm version explicit

* api: prettify versionsapi-list output

* ci: remove obsolete docstring

---------

Co-authored-by: Daniel Weiße <daniel-weisse@users.noreply.github.com>
 2024-01-09 19:37:56 +01:00
3u13r
badcdcb764
deps: bump cilium to v1.15.0-pre.3-edg.1 (#2808) 2024-01-09 16:45:56 +01:00
renovate[bot]
bacb8ff886
deps: update AWS SDK (#2809) 
* deps: update AWS SDK

* deps: fix AWS SDK upgrade breakage

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Markus Rudy <mr@edgeless.systems>
 2024-01-09 16:18:33 +01:00
Malte Poll
a8bca88eeb
k8s: add 1.29, remove 1.26, default 1.28 (#2803) 
undefined
 2024-01-08 16:53:12 +01:00
Moritz Sanft
e691e26bd3
cli: support for GCP marketplace images (#2792) 
* cli: support GCP marketplace images

* ci: support GCP marketplace images

* docs: support GCP marketplace images

* bazel: generate

* ci: allow GCP for mpi e2e test

* Update docs/docs/overview/license.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* terraform-provider: allow GCP MPIs

* terraform-provider: fix error message

---------

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2024-01-08 15:51:39 +01:00
Daniel Weiße
90f3336c8e
deps: remove go.mod files from submodules (#2769) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-01-08 13:19:38 +01:00
edgelessci
cbf744a095
image: update measurements and image version (#2795) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-01-05 09:27:11 +01:00
3u13r
15cc7b919b
Add pod disruption budgets so the cluster-autoscaler is able to move kube-admin namespaced resources (#2781) 
* helm: refactor cilium helm values

* helm: add pod disruption budgets
 2024-01-03 18:00:42 +01:00
3u13r
0167a4a286
helm: remove konnectivity agents (#2790) 2024-01-03 14:09:32 +01:00
edgelessci
3d8e548dcd
image: update measurements and image version (#2789) 
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
 2024-01-03 13:08:45 +01:00
3u13r
45479b307e
helm: masq traffic to the mini-qemu-metadata container so that the join-service can retrieve it's metadata (#2782) 
* helm: masq traffic to the mini-qemu-metadata container

* ci: fix waiting for nodes in miniconstellation e2e test
 2024-01-02 14:33:03 +01:00
renovate[bot]
c8fc04d991
deps: update Kubernetes versions (#2762) 
* deps: update Kubernetes versions

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2023-12-22 14:10:39 +01:00
Adrian Stobbe
436e7c6d3b
terraform-provider: validate image and microservice version (#2766) 2023-12-22 10:24:13 +01:00
Daniel Weiße
519efe637d
constellation-lib: run license check in Terraform provider and refactor code (#2740) 
* Clean up license checker code

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Create license check depending on init/upgrade actions

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Run license check in Terraform provider

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* fix license integration test action

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Run tests with enterprise tag

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Allow b64 encoding for license ID

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Update checker_enterprise.go

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2023-12-22 10:16:36 +01:00
Markus Rudy
837b24bf54
versions: generate k8s image patches (incl etcd) (#2764) 
* versions: generate k8s image patches (incl etcd)
 2023-12-21 20:56:55 +01:00
renovate[bot]
37ec431fab
deps: update K8s dependencies (#2763) 
* deps: update K8s dependencies

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
 2023-12-21 12:42:04 +01:00
renovate[bot]
110bf9103d
deps: update Constellation containers (#2760) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-12-20 18:03:44 +01:00
renovate[bot]
4f374fbeb2
deps: update module github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4 to v5 (#2748) 
* deps: update module github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4 to v5
* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2023-12-20 15:58:55 +01:00
Markus Rudy
4ba483ec0e versions: add Kubernetes image patches to components 2023-12-18 14:17:35 +01:00
Markus Rudy
b740a1a75b versions: designate components for upgrades 2023-12-18 14:17:35 +01:00
Moritz Sanft
af791bd221
terraform-provider: add usage examples (#2713) 
* terraform-provider: add usage example for Azure

* terraform-provider: add usage example for AWS

* terraform-provider: add usage example for GCP

* terraform-provider: update usage example for Azure

* terraform-provider: update generated documentation

* docs: adjust creation on Azure and link to examples

* terraform-provider: unify image in-/output (#2725)

* terraform-provider: check for returned error when converting microservices

* terraform-provider: use state values for outputs after creation

* terraform-provider: ignore invalid upgrades (#2728)

---------

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2023-12-18 10:15:54 +01:00
Adrian Stobbe
88d626d302
feat: pin cert-manager image to sha256 checksum (#2721) 2023-12-18 09:28:50 +01:00
3u13r
183c564483
cilium: enable bpf masquerading (#2723) 
* cilium: enable bpf masquerading

* cilium: also enable ipMasqAgent

* cilium: remove custom Azure masqing
 2023-12-15 23:07:03 +01:00
3u13r
0111b6d718
deps: Update cert manager to 1.12.6 (#2700) 
* deps: bump cert manager to 1.13.2

* helm: allow minor jump for cert-manager
 2023-12-15 17:44:00 +01:00
Daniel Weiße
a1f67d0884
cli: fix upgrades when using outdated Kubernetes patch version (#2718) 
* Fix missing image for Constellation operators in our Helm charts if the desired Kubernetes patch version is no longer supported (but Kubernetes upgrades are skipped)
* Correctly unmarshal Kubernetes Components list if the list uses an old format

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-12-15 15:45:52 +01:00
Adrian Stobbe
9667dfff58
terraform: align infrastructure module attributes (#2703) 
* all vars have snail_case

* make iam schema consistent

* infrastructure schema

* terraform: update AWS infrastructure module

* fix ci

* terraform: update AWS infrastructure module

* terraform: update AWS IAM module

* terraform: update Azure Infrastructure module inputs

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update Azure IAM module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update GCP infrastructure module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update GCP IAM module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update OpenStack Infrastructure module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update QEMU Infrastructure module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-module: fix input name

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: tidy

* cli: ignore whitespace in Terraform variable tests

* terraform-module: fix AWS output names

* terraform-module: fix output references

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: rename `api_server_cert_sans`

* Update terraform/infrastructure/aws/modules/public_private_subnet/variables.tf

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* fix self-managed

* terraform: revert AWS modules output file renaming

* terraform: remove duplicate varable declaration

* terraform: rename Azure location field

* ci: adjust output name in self-managed e2e test

* e2e: continuously print output in upgrade test

* e2e: write to output variables

* cli: migrate IAM variable names

* cli: make `location` field optional

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
 2023-12-15 10:36:58 +01:00