Commit Graph

254 Commits

Author SHA1 Message Date
Malte Poll
2808012c9c
terraform: gcp node groups (#1941)
* terraform: GCP node groups

* cli: marshal GCP node groups to terraform variables

This does not have any side effects for users.
We still strictly create one control-plane and one worker group.
This is a preparation for enabling customizable node groups in the future.
2023-06-19 13:02:01 +02:00
Daniel Weiße
ab74730fd7
Update go-tpm-tools fork (#1910)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-12 15:59:40 +02:00
renovate[bot]
7c345f4503
deps: update github.com/gophercloud/utils digest to de873b9 (#1843)
* deps: update github.com/gophercloud/utils digest to de873b9
* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-09 10:02:59 +02:00
Malte Poll
b3c052e299
operators: cleanup placeholder nodeversion (#1881)
* operators: cleanup placeholder nodeversion
* e2e: improve upgrade test portability
2023-06-06 15:22:06 +02:00
Adrian Stobbe
b51cc52945
config: sign Azure versions on upload & verify on fetch (#1836)
* add SignContent() + integrate into configAPI

* use static client for upload versions tool; fix staticupload calleeReference bug

* use version to get proper cosign pub key.

* mock fetcher in CLI tests

* only provide config.New constructor with fetcher

Co-authored-by: Otto Bittner <cobittner@posteo.net>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2023-06-01 13:55:46 +02:00
renovate[bot]
885febf109
deps: update module github.com/sigstore/rekor to v1.2.0 [SECURITY] (#1842)
* deps: update module github.com/sigstore/rekor to v1.2.0 [SECURITY]

* chore: tidy

* deps: update pseudo version tool hashes

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-31 23:30:27 +02:00
3u13r
fbcbb9a766
deps: align k8s deps (#1841) 2023-05-31 17:10:03 +02:00
Malte Poll
60b125cb59
cli: add windows amd64 build target (#1835) 2023-05-30 12:02:43 +02:00
renovate[bot]
2afddcb0f8
deps: update K8s dependencies (#1599)
* deps: update K8s dependencies

* deps: bump controller runtime

* chore: tidy

* bump helm and migrate controller runtime

* fix helm deprecation

---------

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-24 18:57:45 +02:00
renovate[bot]
be8d993cb7
deps: update module github.com/sigstore/sigstore to v1.6.4 (#1814)
* deps: update module github.com/sigstore/sigstore to v1.6.4

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-23 16:25:26 +02:00
renovate[bot]
13f1eb23d7
deps: update module github.com/stretchr/testify to v1.8.3 (#1815)
* deps: update module github.com/stretchr/testify to v1.8.3

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-22 17:35:28 +02:00
renovate[bot]
6ba461015d
deps: update module github.com/hashicorp/hc-install to v0.5.2 (#1812)
* deps: update module github.com/hashicorp/hc-install to v0.5.2

* deps: tidy all modules

* chore: tidy + update

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-22 16:32:00 +02:00
renovate[bot]
2a721bfa33
deps: update module github.com/mattn/go-isatty to v0.0.19 (#1813)
* deps: update module github.com/mattn/go-isatty to v0.0.19

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-22 16:31:52 +02:00
renovate[bot]
971e814551
deps: update module github.com/google/go-tpm-tools to v0.3.12 (#1811)
* deps: update module github.com/google/go-tpm-tools to v0.3.12

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-22 15:40:42 +02:00
renovate[bot]
624af80f7f
deps: update module cloud.google.com/go/compute to v1.19.3 (#1810)
* deps: update module cloud.google.com/go/compute to v1.19.3

* chore: tidy

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-22 15:29:48 +02:00
renovate[bot]
4ee4423389
deps: update github.com/gophercloud/utils digest to 6eab72e (#1791)
* deps: update github.com/gophercloud/utils digest to 6eab72e

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-19 15:34:20 +02:00
renovate[bot]
12ccfea543
deps: update module golang.org/x/tools to v0.9.1 (#1801)
* deps: update module golang.org/x/tools to v0.9.1

* chore: tidy

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-19 13:18:54 +02:00
renovate[bot]
4c8568963b
deps: update module golang.org/x/crypto to v0.9.0 (#1799)
* deps: update module golang.org/x/crypto to v0.9.0

* chore: tidy

* deps: bump pseudo version tool

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-19 12:00:25 +02:00
Daniel Weiße
dd2da25ebe attestation: tdx issuer/validator (#1265)
* Add TDX validator

* Add TDX issuer

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-17 11:37:26 +02:00
renovate[bot]
53758e65ad
deps: update module github.com/siderolabs/talos/pkg/machinery to v1.4.4 (#1764)
* deps: update module github.com/siderolabs/talos/pkg/machinery to v1.4.4

* deps: tidy all modules

* update pseudo version tool

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-16 22:19:16 +02:00
renovate[bot]
230ea79bcc
deps: update Google SDK (#1748)
* deps: update Google SDK

* deps: fix grpc_testing import

* deps: update pseudo version tool hashes

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-16 18:13:17 +02:00
renovate[bot]
cd28b3a39f
deps: update module github.com/docker/docker to v23.0.3+incompatible [SECURITY] (#1762)
* deps: update module github.com/docker/docker to v23.0.3+incompatible [SECURITY]

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-12 18:07:20 +02:00
renovate[bot]
fe115bdb16
deps: update module github.com/sigstore/rekor to v1.1.1 [SECURITY] (#1729)
* deps: update module github.com/sigstore/rekor to v1.1.1 [SECURITY]

* deps: bump oras

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-11 17:23:17 +02:00
renovate[bot]
0db7f68093
deps: update Azure SDK (#1747)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-05-05 15:12:25 +02:00
Malte Poll
ee91d8b1cc image: implement idempotent upload of os images 2023-05-05 12:06:44 +02:00
renovate[bot]
1ae39703d1
deps: update module golang.org/x/tools to v0.8.0 (#1642)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-04-12 17:31:48 +02:00
renovate[bot]
326460c037
deps: update module golang.org/x/mod to v0.10.0 (#1640)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-04-12 16:48:50 +02:00
renovate[bot]
44dc127036
deps: update module github.com/spf13/cobra to v1.7.0 (#1638)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-04-12 16:46:16 +02:00
renovate[bot]
ee7ca3428a
deps: update module golang.org/x/crypto to v0.8.0 (#1639)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-04-12 15:41:01 +02:00
renovate[bot]
aa3b49aced
deps: update module github.com/hashicorp/terraform-exec to v0.18.1 (#1615)
* deps: update module github.com/hashicorp/terraform-exec to v0.18.1

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-04-06 10:45:25 +02:00
renovate[bot]
509b3d5d58
deps: update module github.com/docker/docker to v20.10.24+incompatible [SECURITY] (#1614)
* deps: update module github.com/docker/docker to v20.10.24+incompatible [SECURITY]
* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-04-05 12:14:19 +02:00
renovate[bot]
13365d7272
deps: update module github.com/mattn/go-isatty to v0.0.18 (#1601)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-04-03 21:15:59 +02:00
renovate[bot]
7a8c4727f5
deps: update AWS SDK (#1594)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-04-03 18:36:53 +02:00
renovate[bot]
d3587a34d7
deps: update github.com/gophercloud/utils digest to 5bd5e1d (#1586)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-03 17:42:01 +02:00
renovate[bot]
d260007672
deps: update module github.com/docker/docker to v20.10.23+incompatible (#1589)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-03 17:01:48 +02:00
renovate[bot]
661cf922ec
deps: update module helm.sh/helm/v3 to v3.11.2 (#1590)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-03 16:40:49 +02:00
Otto Bittner
c8c2953d7b cli: add status cmd
The new command allows checking the status of an upgrade
and which versions are installed.
Also remove the unused restclient.
And make GetConstellationVersion a function.
2023-04-03 12:03:41 +02:00
renovate[bot]
b12858660e
deps: update github.com/gophercloud/utils digest to 05e9e7f (#1549)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 15:42:34 +02:00
renovate[bot]
52e85862b0
deps: update AWS SDK (#1508)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-23 18:40:06 +01:00
renovate[bot]
dc52038dbc
deps: update Azure SDK (#1498)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-23 09:50:09 +01:00
renovate[bot]
3f35a6c904
deps: update K8s dependencies (#1496)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-23 08:53:06 +01:00
renovate[bot]
be94710f5b
deps: update Google SDK (#1500)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-23 08:16:52 +01:00
renovate[bot]
7d899d7aa5
deps: update module github.com/schollz/progressbar/v3 to v3.13.1 (#1497)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-22 18:11:50 +01:00
renovate[bot]
e95d79f97e
deps: update github.com/gophercloud/utils digest to e15d7ee (#1486)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-22 10:33:43 +01:00
Daniel Weiße
5a0234b3f2
attestation: add option for MAA fallback to verify azure's snp-sev id key digest (#1257)
* Convert enforceIDKeyDigest setting to enum

* Use MAA fallback in Azure SNP attestation

* Only create MAA provider if MAA fallback is enabled

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
2023-03-21 12:46:49 +01:00
Moritz Sanft
f2ce9518a3
cli: support custom attestation policies for maa (#1375)
* create and update maa attestation policy

* use interface to allow unit testing

* fix test csp

* http request for policy patch

* go mod tidy

* remove hyphen

* go mod tidy

* wip: adapt to feedback

* linting fixes

* remove csp from tf call

* fix type assertion

* Add MAA URL to instance tags (#1409)

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* conditionally create maa provider

* only set instance tag when maa is created

* fix azure unit test

* bazel tidy

* remove AzureCVM const

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* encode policy at runtime

* remove policy arg

* fix unit test

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-03-20 13:33:04 +01:00
renovate[bot]
a6021be714
deps: update K8s dependencies (#1401)
* deps: update K8s dependencies
* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-03-17 15:55:44 +01:00
renovate[bot]
cb2d2b0b89
deps: update module github.com/spf13/afero to v1.9.5 (#1396)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-10 18:40:17 +01:00
Paul Meyer
acbd70c741 openstack: implement api client and metadata list
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-08 09:04:57 -05:00
Daniel Weiße
5eb73706f5
internal: refactor storage credentials (#1071)
* Move storage clients to separate packages

* Allow setting of client credentials for AWS S3

* Use managed identity client secret or default credentials for Azure Blob Storage

* Use credentials file to authorize GCS client

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-02 15:08:31 +01:00