Commit Graph

652 Commits

Author SHA1 Message Date
Daniel Weiße
19bb65338d Update AWS KMS unit tests
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-01 09:41:15 +02:00
katexochen
ed45ba2777 Rename things in vpn package 2022-03-31 15:43:25 +02:00
katexochen
66fe34ee32 Write WireGuard config file on init 2022-03-31 15:43:25 +02:00
katexochen
5cf8f83ed8 Remove pubkey flag from init 2022-03-31 15:43:25 +02:00
Malte Poll
7275f318f8 Switch GCP default zone to europe 2022-03-30 18:30:34 +02:00
Malte Poll
8d7253ca75 Bump coreos images to 1648560610 2022-03-30 17:14:34 +02:00
Benedict
8a6825c429 refactor storewrapper IP handling / add coordinator IP-Block 2022-03-30 14:37:43 +02:00
Benedict
04be09d5d3 store: new error type (noElementsLeft) 2022-03-30 14:37:43 +02:00
Benedict
0718452bf9 etcdstore: fix missing errorcheck 2022-03-30 14:37:43 +02:00
Daniel Weiße
3282995bda AB#1877 Set location in azure cloud config
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-03-30 09:04:59 +02:00
Benedict Schlüter
719b6d5f6f separate addPeer into VPN- and store-add (#18) 2022-03-29 16:49:11 +02:00
Malte Poll
cf738bb973 Cloud provider Azure: add Secrets / Volumes / VolumeMounts / Env to cluster-autoscaler deployment 2022-03-29 15:13:30 +02:00
Malte Poll
97685648a4 Cloud provider GCP: add Secrets / Volumes / VolumeMounts / Env to cluster-autoscaler deployment 2022-03-29 15:13:30 +02:00
Malte Poll
203ae6df96 Cloud provider AWS: add Secrets / Volumes / VolumeMounts / Env to cluster-autoscaler deployment 2022-03-29 15:13:30 +02:00
Malte Poll
1e7794b4c2 Add Secrets / Volumes / VolumeMounts / Env to cluster-autoscaler deployment 2022-03-29 15:13:30 +02:00
Malte Poll
efdd88459b fix cloud-node-manager stub 2022-03-29 15:13:30 +02:00
Malte Poll
f04765dab5 re-enable azure node groups in statefile and send azure scaleset as autoscaling group 2022-03-29 15:13:30 +02:00
Daniel Weiße
71b5a0c6c0 Set vmType in azure cloud config
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-03-29 13:40:40 +02:00
Daniel Weiße
eb3411f2c1 Allow waiting for multiple states (#11)
* Simplify `fetch_pcrs.sh` script

* Allow waiting for multiple states

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-03-29 09:10:22 +02:00
Benedict Schlüter
9df71da33f coordinator-integrationtest: docker-build cache go dependencies (#19) 2022-03-28 20:28:00 +02:00
Malte Poll
aac6e0b239 debugd: prevent deadlock by checking if file exists before aquiring read lock and cleanup downloaded coordinator binary if download fails 2022-03-28 16:12:40 +02:00
Malte Poll
391e36c0ac create and use kubeadm join token with no expiry 2022-03-28 13:58:09 +02:00
Malte Poll
037569cd85 Cloud provider fake: adopt changes to CCM / CNM for debug_coordinator 2022-03-28 13:35:21 +02:00
Malte Poll
20811794c2 Cloud provider Azure: adopt changes to CCM / CNM for Azure 2022-03-28 13:35:21 +02:00
Malte Poll
3c1ddfb94e Cloud provider GCP: adopt changes to CCM / CNM for GCP 2022-03-28 13:35:21 +02:00
Malte Poll
a59ce30e7b Cloud provider AWS: adopt changes to CCM / CNM for AWS 2022-03-28 13:35:21 +02:00
Malte Poll
78d2358b9c k8s: Use cloud provider ip as kubelet node-ip (if available) 2022-03-28 13:35:21 +02:00
Malte Poll
f5eddf8af0 Cloud providers: Add CloudNodeManager 2022-03-28 13:35:21 +02:00
Malte Poll
2158377f9f Cloud providers: Extend CCM with ExtraArgs / ConfigMaps / Secrets / Volumes / VolumeMounts and provide CloudServiceAccountURI 2022-03-28 13:35:21 +02:00
Malte Poll
bf726ebd87 k8s resource marshaler tests 2022-03-28 13:35:21 +02:00
Malte Poll
2ab846dd1a Extend k8s resource marshaling to slices 2022-03-28 13:35:21 +02:00
Malte Poll
009e186b69 CoreOS dm-verity: do not compress GCP images twice 2022-03-25 16:41:39 +01:00
Benedict Schlüter
6f695892bf move updatePeers directly to the VPN and omit the store layer (#4) 2022-03-25 16:05:17 +01:00
Thomas Tendyck
6bbb783af8 misc lint 2022-03-25 13:35:08 +01:00
Thomas Tendyck
cece88b6a0 lint debugd 2022-03-25 13:35:08 +01:00
Thomas Tendyck
2503d6e132 remove unused helpers in storewrapper 2022-03-25 13:35:08 +01:00
Thomas Tendyck
b1818ba089 fix stuttering StoreValueUnsetError 2022-03-25 13:35:08 +01:00
Daniel Weiße
5660f813f0 Remove kekID from cryptmapper
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-03-25 09:38:16 +01:00
Daniel Weiße
7626765d87 Rework mount folder structure
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-03-25 09:38:16 +01:00
Daniel Weiße
f8e9c70337 Rework kms folder structure
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-03-25 09:38:16 +01:00
Daniel Weiße
1f856878e8 PCR notes (#13)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-03-25 09:11:21 +01:00
Benedict Schlüter
5a85a7adfc coordinator-integrationtest: remove unnecessary port-binding (#2) 2022-03-24 21:12:17 +01:00
Leonard Cohnen
0dfeb04fb3 use manual workflow input 2022-03-24 17:23:45 +01:00
Daniel Weiße
1f843d4593 AB#1770 (semi)automatic PCR updates (#7)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-03-23 14:10:58 +01:00
Daniel Weiße
752571bbf8 Upgrade go-cryptsetup to latest version
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-03-23 11:48:15 +01:00
Leonard Cohnen
656ad704d2 remove unused CI secrets 2022-03-23 11:40:54 +01:00
Leonard Cohnen
559133f40d fix call-aws-enclave 2022-03-23 11:40:54 +01:00
Malte Poll
d772e46667 Use parallel gzip implementation (pigz) to repack GCP image after recalculating dm-verity hashtree (#1) 2022-03-23 11:23:10 +01:00
Leonard Cohnen
f9136cfbe1 add aws blobs to gitignore 2022-03-23 09:58:30 +01:00
Leonard Cohnen
ee331e91ba fix aws build pipeline 2022-03-23 09:58:30 +01:00