Commit Graph

193 Commits

Author SHA1 Message Date
Otto Bittner
c275464634 cli: change upgrade-plan to upgrade-check
Upgrade check is used to find updates for the current cluster.
Optionally the found upgrades can be persisted to the config
for consumption by the upgrade-execute cmd.
The old `upgrade execute` in this commit does not work with
the new `upgrade plan`.
The current versions are read from the cluster.
Supported versions are read from the cli and the versionsapi.
Adds a new config field MicroserviceVersion that will be used
by `upgrade execute` to update the service versions.
The field is optional until 2.7
A deprecation warning for the upgrade key is printed during
config validation.
Kubernetes versions now specify the patch version to make it
explicit for users if an upgrade changes the k8s version.
2023-02-08 12:30:01 +01:00
renovate[bot]
535c359ee7
deps: update Constellation containers to v2.6.0-pre.0.20230131161703-e0354826e058 (#1105)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-31 18:08:40 +01:00
Otto Bittner
6415d80ee4 versions: update constellation operator image 2023-01-31 11:36:49 +01:00
renovate[bot]
11e233e4be
deps: update ghcr.io/edgelesssys/cloud-provider-gcp:v26.0.1 Docker digest to 8708a33 (#1110)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-30 16:54:11 +01:00
renovate[bot]
dcde73b4c4
deps: update Constellation containers to v2.6.0-pre.0.20230127131021-e174146e0c93 (#1091)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-27 16:01:08 +01:00
renovate[bot]
fb1b1f50fd
deps: update K8s version independent containers to v0.1.1 (#1020)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-27 15:25:05 +01:00
Paul Meyer
8364856d55 versions: remove Kubernetes v1.23
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-27 13:32:20 +01:00
renovate[bot]
c758aef1ff
deps: update registry.k8s.io/provider-aws/cloud-controller-manager Docker tag to v1.25.3 (#1082)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-27 11:30:43 +01:00
renovate[bot]
dd1140868e
deps: update Constellation containers to v2.6.0-pre (#1074)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-26 14:58:51 +01:00
github-actions[bot]
9567cc09ce
release: bring back changes from v2.5.0 (#1061)
* deps: update version to v2.5.0

* attestation: hardcode measurements for v2.5.0

* bump operator versions

Co-authored-by: release[bot] <release[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-01-24 11:35:26 +01:00
renovate[bot]
5142497a3d
deps: update dependency containernetworking/plugins to v1.2.0 (#1022)
* Update dependency containernetworking/plugins to v1.2.0

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-01-23 14:56:28 +01:00
renovate[bot]
f688afff3f
Update K8s constrained Azure versions (#1009)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-01-23 14:32:21 +01:00
renovate[bot]
9f05631afd
deps: update Constellation containers (#1052)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-21 20:17:07 +01:00
Paul Meyer
c4d68d1c28 versions: update key-service name
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-21 19:55:14 +01:00
renovate[bot]
6708aff984
deps: update dependency kubernetes/kubernetes to v1.24.10 (#1043)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-20 18:54:10 +01:00
Fabian Kammel
8482d26eef
deps: update cloud provider gcp image for k8s v1.26 (#1051)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-01-20 15:54:24 +01:00
renovate[bot]
9b4dc9b478
Update Constellation containers to v2.5.0-pre.0.20230119145750-690b50b29de5 (#1039)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-20 09:51:29 +01:00
renovate[bot]
99496c3c33
Update Kubernetes versions (#1019)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-19 17:16:00 +01:00
Daniel Weiße
690b50b29d
dev-docs: Go package docs (#958)
* Remove unused package

* Add Go package docs to most packages

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Fabian Kammel <fk@edgeless.systems>
2023-01-19 15:57:50 +01:00
Otto Bittner
a0ac957227 versions: update join- & keyservice images 2023-01-19 13:14:55 +01:00
Otto Bittner
9a1f52e94e Refactor init/recovery to use kms URI
So far the masterSecret was sent to the initial bootstrapper
on init/recovery. With this commit this information is encoded
in the kmsURI that is sent during init.
For recover, the communication with the recoveryserver is
changed. Before a streaming gRPC call was used to
exchanges UUID for measurementSecret and state disk key.
Now a standard gRPC is made that includes the same kmsURI &
storageURI that are sent during init.
2023-01-19 13:14:55 +01:00
renovate[bot]
90ea35ae35
Update Constellation containers to v2.5.0-pre.0.20230118154955-632090c21b93 (#1014)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-01-18 17:28:04 +01:00
renovate[bot]
41eb533d63
Update Constellation containers (#1003)
https://github.com/edgelesssys/constellation/actions/runs/3943576556/jobs/6748558235
2023-01-18 09:44:36 +01:00
renovate[bot]
bbda3d1ecd
Update registry.k8s.io/provider-aws/cloud-controller-manager Docker tag to v1.25.2 (#979)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-17 16:10:26 +01:00
renovate[bot]
a3035167b6
Update Constellation containers (#965)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-16 16:59:49 +01:00
Otto Bittner
89f075d490 versions: rename KmsImage to KeyServiceImage 2023-01-16 15:14:23 +01:00
Paul Meyer
42135dfdd6 versions: update container images to v2.5.0-pre
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-16 14:54:41 +01:00
Otto Bittner
90b88e1cf9 kms: rename kms to keyservice
In the light of extending our eKMS support it will be helpful
to have a tighter use of the word "KMS".
KMS should refer to the actual component that manages keys.
The keyservice, also called KMS in the constellation code,
does not manage keys itself. It talks to a KMS backend,
which in turn does the actual key management.
2023-01-16 11:56:34 +01:00
Malte Poll
bcd8aa9acc
Use upstream node-maintenance-operator (#115) 2023-01-12 16:01:03 +01:00
Paul Meyer
4bc191e434 versions: move hash generator into own package
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-11 14:29:32 +01:00
Paul Meyer
c081664d03 versions: repair hash generation
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-11 14:29:32 +01:00
renovate[bot]
d24fac00f0
Update Constellation containers (#884)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-01-09 13:15:28 +01:00
Leonard Cohnen
3637909a46 internal: move components into their own package 2023-01-09 12:16:54 +01:00
Paul Meyer
49534d463d
deps: update cluster autoscaler (#835)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-06 16:47:31 +01:00
renovate[bot]
8b11a18239
Update K8s constrained Azure versions (#886)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-06 14:15:16 +01:00
renovate[bot]
f99a3189d8
Update K8s constrained versions (#799)
* Update K8s constrained versions
* Update azure images to v1.26
* Revert upgrade for k8s v1.23

Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-06 10:40:37 +01:00
Paul Meyer
afbd4a3dc1
deps: upgrade AWS cloud controller manager (#863)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-05 16:35:19 +01:00
renovate[bot]
7eae68d4f9 Update Constellation containers 2023-01-05 15:43:11 +01:00
Leonard Cohnen
25c3a8a1f3 init: add cluster version to kubernetes components 2023-01-05 14:52:09 +01:00
renovate[bot]
9c71145862
Update K8s version independent containers to v0.0.35 (#872)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-05 13:26:55 +01:00
renovate[bot]
cf3169cf44
Update Constellation containers (#854)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-05 08:14:57 +01:00
renovate[bot]
324ef42c42
Update Constellation containers (#852)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-01-03 12:30:07 +01:00
Paul Meyer
de6ee412ac deps: update AWS cloud controller manager
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-03 12:14:16 +01:00
Leonard Cohnen
4b43311fbd bump microservice versions 2023-01-03 11:51:29 +01:00
renovate[bot]
8ddc8cdb65 Update dependency kubernetes-sigs/cri-tools to v1.26.0 2022-12-16 10:43:33 +01:00
renovate[bot]
7ffbad12be
Update Constellation containers to v2.3.0-pre.0.20221212170906-a77f38efbb31 (#779)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-14 10:46:15 +01:00
Paul Meyer
c741ccfb4b kubernetes: use new registry
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-13 16:08:19 +01:00
Paul Meyer
6862c2587f kubernetes: add v1.26, default to v1.25
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-13 16:08:19 +01:00
Malte Poll
c3b657de01 Bump version to v2.3.0 2022-12-12 17:45:35 +01:00
renovate[bot]
5eae12778a
Update Constellation containers (#777)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-12-09 18:45:09 +01:00
renovate[bot]
012f739c67
Update Constellation containers (#759)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-09 16:32:58 +01:00
renovate[bot]
72ba97efcc
Update K8s constrained versions (#762)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-09 13:17:55 +01:00
renovate[bot]
3435ac216f
Update Constellation containers (#748)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-12-08 11:38:05 +01:00
renovate[bot]
bb9122f115
Update Constellation containers to v2.3.0-pre.0.20221207104854-286803fb97a0 (#747)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-12-07 15:12:04 +01:00
renovate[bot]
be01cf7129
Update Constellation containers to v2.3.0-pre.0.20221206170532-a9ed8c0191ac (#733)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-07 10:44:45 +01:00
Paul Meyer
cb734a2e66 debugd: pin logcollector container digest
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-06 18:05:32 +01:00
renovate[bot]
1766f0e4b3
Update Constellation containers to v2.3.0-pre.0.20221205155634-0981ab6fa45b (#725)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-06 13:29:54 +01:00
renovate[bot]
0981ab6fa4
Update Constellation containers to v2.3.0-pre.0.20221205121645-176dae317f6c (#719)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-05 16:56:34 +01:00
Paul Meyer
176dae317f debugd: fix logcollector container image naming
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-05 13:16:45 +01:00
Paul Meyer
226a6b6626 debugd: let renovate manage logcollector images
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-02 18:54:24 +01:00
renovate[bot]
3c62b841ed
Update Constellation containers (#705)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-02 18:48:03 +01:00
Leonard Cohnen
0c71cc77f6 joinservice: use configmap for k8s components 2022-12-02 14:34:38 +01:00
renovate[bot]
de77f1d9be
Update ghcr.io/edgelesssys/constellation/qemu-metadata-api Docker tag to v2.3.0-pre.0.20221201105133-8004edcc144d (#700)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-01 18:49:02 +01:00
Malte Poll
e67f65709f
Prepare release checklist for v2.3 (#690) 2022-12-01 10:46:04 +01:00
renovate[bot]
da114519ca
Update Constellation containers (#693)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-01 08:07:09 +01:00
Leonard Cohnen
7e57944cc0 versions: bump qemu metadata image 2022-11-30 18:58:22 +01:00
renovate[bot]
016f7a67c2
Update Constellation containers to v2.3.0-pre.0.20221130104839-9537fb73c015 (#684)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-30 16:53:58 +01:00
Paul Meyer
b93b24e058 debugd: add logcollector
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-30 16:26:25 +01:00
renovate[bot]
8fbc4b9b19
Update ghcr.io/edgelesssys/constellation/node-operator Docker tag to v2.3.0-pre.0.20221129130129-a32f9ae75290 (#671)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-30 11:34:57 +01:00
renovate[bot]
e2673cac29
Update Constellation containers (#663)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-29 13:46:13 +01:00
Leonard Cohnen
c978329839 helm: fix expected helm charts 2022-11-27 16:43:50 +01:00
renovate[bot]
a3661d6c07
Update Constellation containers to v2.3.0-pre.0.20221125110824-89b25f8ebbd7 (#652)
* Update Constellation containers to v2.3.0-pre.0.20221125110824-89b25f8ebbd7
* Update node operator and add hashes back for every container image

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-11-25 15:17:58 +01:00
renovate[bot]
0b85709dd2 Update Constellation containers to v2.3.0-pre.0.20221124095758-f8001efbc0d0 2022-11-24 13:52:44 +01:00
renovate[bot]
8ce954e012
Update Constellation containers to v2.3.0-pre.0.20221123084142-3dc9c6086469 (#636)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-24 09:22:49 +01:00
Leonard Cohnen
1e98b686b6 kubernetes: verify Kubernetes components 2022-11-23 10:48:03 +01:00
renovate[bot]
bc346805aa
Update Constellation containers to v2.3.0-pre.0.20221121163101-1362e40f53ad (#615)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-22 12:39:50 +01:00
renovate[bot]
a5aa820d8c
Update Constellation containers (#602)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-21 11:23:06 +01:00
Otto Bittner
bdd9dd922b
AB#2589: Deploy operators via Helm (#575)
* Only deploy operators on GCP/Azure.
* cert-manager is now deployed by default (GCP/Azure)
* remove OLM
2022-11-21 10:35:40 +01:00
Fabian Kammel
56dccb77b4
Merge back changes from v2.2.2 release (#580)
* prepare v2.2.2 release and update release.md
* Updated QEMU measurements
* Terraform GCP: Always use the local account for resource creation (#571)
* CoreOS is no longer used, change docs to OS.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-11-18 10:24:45 +01:00
Fabian Kammel
ca4764c466
Merge v2.2.1 changes back to main (#563)
* Bump version to v2.2.0

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Fix release detection in pipeline

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Update CHANGELOG for 2.2.1

Signed-off-by: Fabian Kammel <fk@edgeless.systems>

* bump constellation versions to 2.2.1

Signed-off-by: Fabian Kammel <fk@edgeless.systems>

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2022-11-16 11:13:10 +01:00
Leonard Cohnen
c51694a51a kubernetes: add hashes to components 2022-11-15 11:07:46 +01:00
renovate[bot]
df0c6159db Update K8s constrained versions 2022-11-14 09:33:42 +01:00
Fabian Kammel
b92b3772ca
Remove access manager (#470)
* remove access manager from code base
* document new node ssh workflow
* keep config backwards compatible
* slow down link checking to prevent http 429
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-11 08:44:36 +01:00
renovate[bot]
c6f4b2e1a0
Update Constellation containers to v2.3.0-pre.0.20221109145754-0d12e37c9699 (#497)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-09 18:17:31 +01:00
Fabian Kammel
0d12e37c96
Document exported funcs,types,interfaces and enable check. (#475)
* Include EXC0014 and fix issues.
* Include EXC0012 and fix issues.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2022-11-09 15:57:54 +01:00
Daniel Weiße
011f9c597d
Bring in changes from release branch (#479)
* Bump version to v2.2.0

* Update changelog

* Fix release detection in pipeline

* Fix PKI selection in pipeline

* Set enforced measurements for AWS

* Update default images

* Fix release docs

* Update mini-con defaults

* Fix measurements action

* Fix syft env variable naming

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-08 18:32:59 +01:00
renovate[bot]
9ecc92e35f
Update dependency kubernetes-sigs/cri-tools to v1.25.0 (#458)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-04 17:38:52 +01:00
3u13r
4f4cd4cc67
bump verify image 20221104 (#459) 2022-11-04 13:56:19 +01:00
Leonard Cohnen
6fce8f77d3 join-service: bump image for AWS support 2022-11-03 16:44:54 +01:00
renovate[bot]
302303f2ea
Update K8s constrained versions (#428)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-02 13:28:41 +01:00
Leonard Cohnen
8f8236a491 bump verification service 2022-10-31 17:00:14 +01:00
renovate[bot]
116736a7b9
Update Constellation containers (#402)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-31 11:00:36 +01:00
renovate[bot]
fd74ef754e
Update K8s version constrained containers (missing v1 prefix) (#399)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-31 10:34:12 +01:00
Malte Poll
caadd50056
Use renovate to update versions.go (#388)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-28 15:01:58 +02:00
Malte Poll
447f0bbf39 Add AWS CCM versions 2022-10-26 15:07:34 +02:00
Malte Poll
c1e3231848
Preinstall kubelet systemd unit in OS images (#365) 2022-10-25 16:36:03 +02:00
Daniel Weiße
6fe750f21b Update operator image
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-25 08:41:42 +02:00
Daniel Weiße
b35b74b772
Use tags for UID and role parsing (#242)
* Apply tags to all applicable GCP resources

* Move GCP UID and role from VM metadata to labels

* Adjust Azure tags to be in line with GCP and AWS

* Dont rely on resource name to find resources

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-24 16:58:21 +02:00
Malte Poll
8ef1400810
Upgrade libvirt container image (#348) 2022-10-24 10:32:37 +02:00
Malte Poll
c16f5a976d
AB#2365 Upgrade k8s base deployments (add full support for k8s 1.25) (#277)
* Add container image release for CCM GCP v25.2.0
* Upgrade versions of kubernetes base components
2022-10-17 08:58:13 +02:00