Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity
1,607 Commits 133 Branches 44 Tags 106 MiB
83f09e1058
Commit Graph

1607 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Malte Poll
ebf852b3ba Add image update API and use for "upgrade plan" 2022-11-30 12:35:12 +01:00
Leonard Cohnen
954cbad214 ci: build qemu-metadata api 2022-11-30 12:28:37 +01:00
Thomas Tendyck
21529d0e9e don't promote Trusted Launch for now 2022-11-30 12:24:37 +01:00
renovate[bot]
fe74c937b9
Update Terraform azurerm to v3.33.0 (#678) 
* Update Terraform azurerm to v3.33.0
* [bot] Update HCL lock files

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-11-30 11:41:31 +01:00
renovate[bot]
8fbc4b9b19
Update ghcr.io/edgelesssys/constellation/node-operator Docker tag to v2.3.0-pre.0.20221129130129-a32f9ae75290 (#671) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-11-30 11:34:57 +01:00
renovate[bot]
5b23a071ac
Update module github.com/sigstore/sigstore to v1.4.6 (#667) 
* Update module github.com/sigstore/sigstore to v1.4.6
* [bot] Tidy all modules

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-11-30 11:32:59 +01:00
renovate[bot]
7c744c0837
Update Terraform aws to v4.43.0 (#672) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-11-30 11:22:09 +01:00
Daniel Weiße
ad7baa667a
CSI driver fixes (#668) 
* Fix invalid key id for resize operations

* Add udev rule for unlabeled disks

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-30 08:35:38 +01:00
Daniel Weiße
6bd62f0f7a
Update docs to new measurement format (#660) 
* Remove fetch-measurements from create workflow

* Explain new measurements format in docs

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-30 08:29:17 +01:00
Paul Meyer
688003cdd9 ci: fix hcl lock files on renovate branch 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-11-29 18:47:30 +01:00
Paul Meyer
48e0b3a9cd ci: check hcl lock files are up to date 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-11-29 18:47:30 +01:00
Paul Meyer
1663b3d795 hack: add script to remove terraform providers 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-11-29 18:47:30 +01:00
renovate[bot]
fffd2b79f2
Update Terraform google to v4.44.1 (#666) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-11-29 14:45:07 +01:00
renovate[bot]
2e2bcb15e1
Update GitHub action dependencies (#665) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-11-29 14:06:18 +01:00
renovate[bot]
a32f9ae752
Update k8s.io/utils digest to 99ec85e (#664) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-11-29 14:01:29 +01:00
renovate[bot]
e2673cac29
Update Constellation containers (#663) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-11-29 13:46:13 +01:00
renovate[bot]
6ba9c32f55
Update AWS SDK (#530) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-11-29 13:45:06 +01:00
renovate[bot]
9d6d9f0a40
Update Terraform docker to v2.23.1 (#645) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-11-29 13:06:36 +01:00
Fabian Kammel
cf49f7d755
Document SLSA adoption and current level (#661) 
* Document SLSA adoption and current level
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2022-11-29 12:56:28 +01:00
3u13r
86bc9f4b38
rfc: include upgrade check command (#646) 
* rfc: include upgrade check command
 2022-11-29 11:45:21 +01:00
Otto Bittner
fc8a2be843 Use ChartLoader to set operator deployment images 
This allows the (operator) unittests to use dummy values instead of
relying on the real image string from versions.go.
 2022-11-29 10:36:55 +01:00
Leonard Cohnen
3b6bc3b28f initserver: add client verification 2022-11-28 19:34:02 +01:00
Moritz Eckert
bffa5c580c
Fix components diagram (#659) 2022-11-28 15:30:46 +01:00
Otto Bittner
038ea5fade Add helm's quote function to various fields 
The constellationUID is sometimes interpreted as integer if it contains
0e, as the yaml parsing interprets that as scientific notation.
Since it is a best practices to quote string fields anyways this patch
also quotes other fields where an actual string is required.
 2022-11-28 11:35:47 +01:00
Thomas Tendyck
64f03cf675
config: sort measurements numerically (#654) 
* config: sort measurements numerically

* add comment to swap
 2022-11-28 11:09:39 +01:00
Daniel Weiße
d52f3db2a3
AB#2644 Fetch measurements from CDN (#653) 
* Fetch measurements from CDN

* Perform metadata validation on fetched measurements

* Remove deprecated public bucket

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-28 10:27:33 +01:00
Leonard Cohnen
c978329839 helm: fix expected helm charts 2022-11-27 16:43:50 +01:00
Leonard Cohnen
865cd53856 helm: remove non-existent field in operator 2022-11-27 16:43:34 +01:00
Otto Bittner
18fe34c58b loader_test now compares all documents in one file 
Previously only the first document was compared due to
an issue in testify.
Also update testdata to match the adjusted expectations.
 2022-11-25 18:07:40 +01:00
Fabian Kammel
c71fd89e80
Provenance for CLI (#647) 
* provenance generation for cli
* document provenance generation for CLI
* include CLI SBOM in provenance
Co-authored-by: 3u13r <lc@edgeless.systems>
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2022-11-25 16:13:20 +01:00
Nils Hanke
878d66dcda
Remove SSHUsers and UserKey from config v2 (#650) 
* Remove SSHUsers and UserKey as part of configVersion v2

* Add migration nodes to docs

* Update CHANGELOG.md
 2022-11-25 15:27:34 +01:00
renovate[bot]
a3661d6c07
Update Constellation containers to v2.3.0-pre.0.20221125110824-89b25f8ebbd7 (#652) 
* Update Constellation containers to v2.3.0-pre.0.20221125110824-89b25f8ebbd7
* Update node operator and add hashes back for every container image

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
 2022-11-25 15:17:58 +01:00
Malte Poll
1af3ff00ad
Constellation Operator: Add image version field (#649) 2022-11-25 14:49:26 +01:00
Nils Hanke
89b25f8ebb
Add new generate measurements matrix CI/CD action (now with AWS support) (#641) 2022-11-25 12:08:24 +01:00
Otto Bittner
6af54142f2
Remove client pkg from kubectl pkg (#638) 
The nested client pkg was necessary to implement a generator pattern.
The generator was necessary as the Kubewrapper type
expects a k8sapi.Client object during instantiation.
However, the required kubeconfig is not ready during Kubewrapper creation.
This patch relies on an Initialize function to set the Kubeconfig
and hands over an empty struct during Kubewrapper creation.
This allows us to remove the extra Client abstraction.
 2022-11-25 11:19:22 +01:00
Daniel Weiße
1968dfe70c
Add warning about non retriable error during init (#644) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-25 10:02:12 +01:00
Paul Meyer
e76a87fcfc deps: disable major upgrades for k8s.io/client-go 
There are older versions tagged like v12.0.0, but latest version
is v.0.25.4.

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-11-24 17:45:46 +01:00
Paul Meyer
92a17bcc69
Revert "deps: only upgrade to errata-ai/vale-action >2.0.1" (#642) 
This reverts commit 9222468d3b.
 2022-11-24 17:43:06 +01:00
Daniel Weiße
67d0424f0e
AB#2639 Add functions to fetch k8s and helm version of Constellation (#637) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-24 16:39:33 +01:00
Daniel Weiße
c2ea937fb5
Fix potential data race when accessing a validators OID (#640) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-24 15:50:59 +01:00
Otto Bittner
594b43e629 Remove kubernetesServicesVersion from upgrade RFC. 
Tracking two sets of versions would require us to have two versioning patterns
inside the Helm charts. It also complicates
the decision making for the user.
 2022-11-24 15:50:37 +01:00
renovate[bot]
0b85709dd2 Update Constellation containers to v2.3.0-pre.0.20221124095758-f8001efbc0d0 2022-11-24 13:52:44 +01:00
Daniel Weiße
f8001efbc0
Refactor enforced/expected PCRs (#553) 
* Merge enforced and expected measurements

* Update measurement generation to new format

* Write expected measurements hex encoded by default

* Allow hex or base64 encoded expected measurements

* Allow hex or base64 encoded clusterID

* Allow security upgrades to warnOnly flag

* Upload signed measurements in JSON format

* Fetch measurements either from JSON or YAML

* Use yaml.v3 instead of yaml.v2

* Error on invalid enforced selection

* Add placeholder measurements to config

* Update e2e test to new measurement format

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-24 10:57:58 +01:00
renovate[bot]
8ce954e012
Update Constellation containers to v2.3.0-pre.0.20221123084142-3dc9c6086469 (#636) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-11-24 09:22:49 +01:00
Otto Bittner
da1af3f37e Fix type for cert-manager verbose flag 2022-11-23 18:37:36 +01:00
Malte Poll
3dc9c60864 e2e tests: use new image versions 2022-11-23 15:47:46 +01:00
Malte Poll
457ff442ce Update CHANGELOG 2022-11-23 15:47:46 +01:00
Malte Poll
8d9254e050 Docs: document breaking changes in the config file 2022-11-23 15:47:46 +01:00
Malte Poll
1331c171c3 Upgrade config to v2 2022-11-23 15:47:46 +01:00
Malte Poll
575b6e93f6 CLI: use global image version field 
- Restructure config by removing CSP-specific image references
- Add global image field
- Download image lookup table on create
- Download QEMU image on QEMU create
 2022-11-23 15:47:46 +01:00