Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity
4,210 Commits 133 Branches 44 Tags 106 MiB
7b6c3a710e
Commit Graph

362 Commits

Author SHA1 Message Date
edgelessci
7b6c3a710e
docs: add release v2.17.0 (#3221) 
Co-authored-by: msanft <58110325+msanft@users.noreply.github.com>
 2024-07-03 14:11:59 +02:00
Moritz Eckert
ca8d11861d
docs: add policy troubleshooting tip (#3212) 
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
 2024-06-27 16:47:23 +02:00
renovate[bot]
f1f61ffd51
deps: update ubuntu:22.04 Docker digest to 19478ce (#3187) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-06-27 10:34:30 +02:00
Daniel Weiße
09d19fec22
cli: fix constellation verify depending on an initialized constellation-state.yaml file (#3184) 
* Ignore missing state file if flags are provided
* Update verify docs to include requirement for config file

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-06-21 10:09:01 +02:00
Markus Rudy
c911eb4e3a
versions: default to k8s v1.29, support k8s v1.30, EOL v1.27 (#3173) 
* versions: remove k8s 1.27 and patch-upgrade the others

* versions: add support for k8s 1.30.2

* versions: upgrade cloud provider images
 2024-06-19 17:34:34 +02:00
Moritz Sanft
7d4e7eff65
docs: adjust MAA updating (#3152) 
* docs: adjust MAA updating

* versioned-docs: backport fix
 2024-06-07 13:56:10 +02:00
renovate[bot]
aa910cfc25
deps: update Kubernetes versions (#3102) 
* deps: update Kubernetes versions

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
 2024-06-03 15:08:09 +02:00
Felix Schuster
7197a9b719
Rewrite "chain of trust" section (#3066) 
Co-authored-by: 3u13r <lc@edgeless.systems>
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
 2024-05-27 18:21:27 +02:00
renovate[bot]
dda426a51e
deps: update ubuntu:22.04 Docker digest to a6d2b38 (#3084) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-05-13 10:18:56 +02:00
Markus Rudy
174c3ab48a
terraform: add missing policies for AWS ALB (#3063) 
* terraform: add missing policies for AWS ALB
 2024-05-10 08:51:32 +02:00
renovate[bot]
fffc9db2b5
deps: update Kubernetes versions (#3072) 
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
 2024-05-09 13:38:01 +02:00
Felix Schuster
7d46d0f7d6
Small changes in docs/README (#3050) 
* Change concept image

* Add sentence to "first steps"
 2024-04-30 16:01:56 +02:00
miampf
b187966581
cli: allow tagging cloud resources with custom tags (#3033) 2024-04-19 09:07:57 +00:00
Moritz Sanft
913b09aeb8
Support SEV-SNP on GCP (#3011) 
* terraform: enable creation of SEV-SNP VMs on GCP

* variant: add SEV-SNP attestation variant

* config: add SEV-SNP config options for GCP

* measurements: add GCP SEV-SNP measurements

* gcp: separate package for SEV-ES

* attestation: add GCP SEV-SNP attestation logic

* gcp: factor out common logic

* choose: add GCP SEV-SNP

* cli: add TF variable passthrough for GCP SEV-SNP variables

* cli: support GCP SEV-SNP for `constellation verify`

* Adjust usage of GCP SEV-SNP throughout codebase

* ci: add GCP SEV-SNP

* terraform-provider: support GCP SEV-SNP

* docs: add GCP SEV-SNP reference

* linter fixes

* gcp: only run test with TPM simulator

* gcp: remove nonsense test

* Update cli/internal/cmd/verify.go

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* Update docs/docs/overview/clouds.md

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* Update terraform-provider-constellation/internal/provider/attestation_data_source_test.go

Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>

* linter fixes

* terraform_provider: correctly pass down CC technology

* config: mark attestationconfigapi as unimplemented

* gcp: fix comments and typos

* snp: use nonce and PK hash in SNP report

* snp: ensure we never use ARK supplied by Issuer (#3025)

* Make sure SNP ARK is always loaded from config, or fetched from AMD KDS
* GCP: Set validator `reportData` correctly

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* attestationconfigapi: add GCP to uploading

* snp: use correct cert

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: enable fetching of attestation config values for GCP SEV-SNP

* linter fixes

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
 2024-04-16 18:13:47 +02:00
Moritz Eckert
c3eae84fbb
docs: update images with inter font (#2995) 2024-04-08 07:28:01 +02:00
Moritz Eckert
c40e1a9bbd
docs: change to inter font (#2989) 2024-03-15 15:38:34 +01:00
Thomas Tendyck
9e3d605cf2
Add STACKIT to readme (#2988) 
* Add STACKIT to readme

and sort CSPs alphabetically in sentences

* fix links
 2024-03-15 11:53:13 +01:00
Moritz Eckert
912575eb31
docs: order csp strictly alphabetically (#2986) 2024-03-15 10:13:57 +01:00
Adrian Stobbe
1334b84c2e
Update docs (#2982) 
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2024-03-13 14:09:51 +01:00
Malte Poll
1b973bf23f
docs: remove steps for STACKIT credentials in config (#2980) 
The OpenStack credentials (username and password) can now be retrieved
from the "clouds.yaml" by the Constellation CLI and terraform code.
This simplifies the configuration for end-users.
 2024-03-12 07:27:45 +01:00
Malte Poll
25624e91e8
docs: add runtime measurement table for Constellation v2.16 (#2979) 2024-03-12 07:27:26 +01:00
Malte Poll
35260a4455 docs: document OpenStack related config files on Windows 2024-03-11 16:43:36 +01:00
Malte Poll
353b02c17c docs: document STACKIT CC features 
Co-Authored-By: Moritz Eckert <m1gh7ym0@gmail.com>
 2024-03-11 16:43:36 +01:00
Malte Poll
63b9761962 docs: explain recovery steps on STACKIT 2024-03-11 16:43:36 +01:00
Malte Poll
220f292181 docs: mention all zones where STACKIT instances are available 2024-03-11 16:43:36 +01:00
Malte Poll
7fb2a357d9 docs: add STACKIT to the terraform provider page 2024-03-11 15:59:23 +01:00
Malte Poll
52e4e64316 docs: add installation instructions for the Windows CLI variant 2024-03-08 10:45:36 +01:00
Malte Poll
fc08e50605
docs: update STACKIT flavors (#2964) 2024-03-01 10:59:06 +01:00
malt3
c4f27f62ee docs: add release v2.16.0 2024-02-29 17:22:19 +01:00
Malte Poll
5e40f49ca4 docs: update STACKIT instance types 2024-02-28 15:48:53 +01:00
Malte Poll
4b3d9e15a5 docs: add STACKIT 2024-02-23 13:32:22 +01:00
Thomas Tendyck
31baba2d4b docs: remove broken links and publish removal of cloud logging 2024-02-23 08:57:57 +01:00
Moritz Sanft
901edd420b
terraform: remove cloud loggers (#2892) 
* terraform: remove cloud logging apps

* internal/cloud: remove loggers

* bootstrapper: remove logging

* qemu-metadata-api: remove logging endpoint

* docs: add instructions on how to get boot logs

* bazel: tidy

* docs: fix typo

* cloud: remove unused types

* Update go.mod

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* bazel: tidy

* Update docs/docs/workflows/troubleshooting.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/workflows/troubleshooting.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/workflows/troubleshooting.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* docs: elaborate on how to get boot logs

* bazel: tidy

---------

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2024-02-06 14:27:30 +01:00
Moritz Sanft
dde3430da8
terraform: support AWS marketplace images (#2888) 
* terraform: support AWS marketplace images

* terraform-provider: support AWS marketplace images

* docs: add instructions on AWS marketplace images

* ci: adapt marketplace image test for AWS

* Update internal/config/config.go

Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>

* docs: update config

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* docs: update license information

* docs: use CSP tabs for marketplace overview

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

---------

Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2024-02-06 12:13:59 +01:00
edgelessci
fafb9886b0
docs: add release v2.15.0 (#2875) 
Co-authored-by: elchead <elchead@users.noreply.github.com>
 2024-01-31 15:29:01 +01:00
Moritz Eckert
d6639f7788
add azure region germany west central 2024-01-26 10:04:59 +01:00
Daniel Weiße
e350ca0f57
attestation: add Azure TDX attestation (#2827) 
* Implement Azure TDX attestation primitives
* Add default measurements and claims for Azure TDX
* Enable Constellation on Azure TDX

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-01-24 15:10:15 +01:00
Moritz Eckert
da26daeb49
docs: update clouds and marketplaces 
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2024-01-24 09:57:35 +01:00
Thomas Tendyck
ad5ff6e1bb ci: update vale 2024-01-24 09:07:19 +01:00
Malte Poll
a8bca88eeb
k8s: add 1.29, remove 1.26, default 1.28 (#2803) 
undefined
 2024-01-08 16:53:12 +01:00
Moritz Sanft
e691e26bd3
cli: support for GCP marketplace images (#2792) 
* cli: support GCP marketplace images

* ci: support GCP marketplace images

* docs: support GCP marketplace images

* bazel: generate

* ci: allow GCP for mpi e2e test

* Update docs/docs/overview/license.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* terraform-provider: allow GCP MPIs

* terraform-provider: fix error message

---------

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2024-01-08 15:51:39 +01:00
Moritz Eckert
2af34ceaf4
docs: update asciinema videos (#2777) 2024-01-08 07:35:48 +01:00
Markus Rudy
8e8e861d5f
ci: ignore Wireguard pdf in lychee (#2797) 
* ci: use a config file for lychee

* ci: don't pass token to lychee action

* ci: ignore wireguard.pdf in lychee
 2024-01-05 14:07:33 +01:00
Thomas Tendyck
2895766d02 docs: mention TF provider more prominently 2023-12-30 15:44:11 +01:00
renovate[bot]
c8fc04d991
deps: update Kubernetes versions (#2762) 
* deps: update Kubernetes versions

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2023-12-22 14:10:39 +01:00
edgelessci
6b2c00693c
docs: add release v2.14.0 (#2734) 
Co-authored-by: burgerdev <burgerdev@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
 2023-12-19 17:05:40 +01:00
Moritz Sanft
af791bd221
terraform-provider: add usage examples (#2713) 
* terraform-provider: add usage example for Azure

* terraform-provider: add usage example for AWS

* terraform-provider: add usage example for GCP

* terraform-provider: update usage example for Azure

* terraform-provider: update generated documentation

* docs: adjust creation on Azure and link to examples

* terraform-provider: unify image in-/output (#2725)

* terraform-provider: check for returned error when converting microservices

* terraform-provider: use state values for outputs after creation

* terraform-provider: ignore invalid upgrades (#2728)

---------

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2023-12-18 10:15:54 +01:00
Adrian Stobbe
9667dfff58
terraform: align infrastructure module attributes (#2703) 
* all vars have snail_case

* make iam schema consistent

* infrastructure schema

* terraform: update AWS infrastructure module

* fix ci

* terraform: update AWS infrastructure module

* terraform: update AWS IAM module

* terraform: update Azure Infrastructure module inputs

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update Azure IAM module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update GCP infrastructure module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update GCP IAM module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update OpenStack Infrastructure module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update QEMU Infrastructure module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-module: fix input name

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: tidy

* cli: ignore whitespace in Terraform variable tests

* terraform-module: fix AWS output names

* terraform-module: fix output references

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: rename `api_server_cert_sans`

* Update terraform/infrastructure/aws/modules/public_private_subnet/variables.tf

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* fix self-managed

* terraform: revert AWS modules output file renaming

* terraform: remove duplicate varable declaration

* terraform: rename Azure location field

* ci: adjust output name in self-managed e2e test

* e2e: continuously print output in upgrade test

* e2e: write to output variables

* cli: migrate IAM variable names

* cli: make `location` field optional

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
 2023-12-15 10:36:58 +01:00
Adrian Stobbe
37580009fe
terraform-provider: cleanup and improve docs (#2685) 
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
 2023-12-14 15:47:55 +01:00
Moritz Sanft
60fc73e0e7
terraform-provider: implement constellation_cluster resource (#2691) 
* terraform: move module to legacy-directory

* constellation-lib: refactor service account marshalling

* terraform-provider: normalize Azure image URIs

* constellation-lib: refactor Kubeconfig endpoint rewriting

* terraform-provider: add conversion functions for AWS and GCP

* terraform-provider: implement `constellation_cluster` resource

* terraform-provider: refactor conversion

* terraform-provider: implement image and k8s upgrades

* terraform-provider: fix linter checks

* terraform-provider: refactor to bundle init & upgrade method

* constellation-lib: rewrite Kubeconfig endpoint in init

* terraform-provider: bind logger and dialer constructors to struct

* terraform-provider: move applier to function pointer

* terraform-provider: gcp conversion fixes

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: fix Azure UAMI input

* terraform-provider: rename Kubeconfig variable

* terraform-provider: tidy

* terraform-provider: regenerate docs

* constellation-lib: provide Kubeconfig in testing initserver

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
 2023-12-11 15:55:44 +01:00