Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-12-30 23:10:27 -05:00
Code Issues Projects Releases Packages Wiki Activity
4842 commits 154 branches 56 tags 107 MiB
Commit graph

314 commits

Author SHA1 Message Date
renovate[bot]
7ba2f5b99a
deps: update Kubernetes versions (#3918) 
* deps: update Kubernetes versions

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2025-08-21 16:21:44 +02:00
Moritz Sanft
31b8ff9dea
versions: add K8s v1.32; remove K8s v1.29 (#3895) 
* versions: remove K8s v1.29

* versions: add K8s v1.32

* versions: default to K8s v1.31

* docs: add k8s v1.32

* versions: update microservice versions for k8s v1.32

* ci: bump k8s versions

* dev-docs: mention ci k8s bump

* bazel: ignore GO-2025-3770
 2025-07-30 18:41:12 +02:00
renovate[bot]
64a0bcb3dc
deps: update Kubernetes versions (#3879) 
* deps: update Kubernetes versions

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2025-07-24 09:16:13 +02:00
Thomas Tendyck
f99dd8251f license: change to BUSL 2025-07-15 23:34:48 +02:00
miampf
7ea5c41f9b
feat: use SSH host certificates (#3786) 2025-07-01 12:47:04 +02:00
renovate[bot]
3c1ff17f2e
deps: update Kubernetes versions (#3833) 
* deps: update Kubernetes versions

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2025-05-19 08:57:56 +02:00
Adrian Stobbe
8d2e9b90dd
docs: GCP iam migration (#3778) 2025-05-07 13:20:32 +02:00
renovate[bot]
fcd0a4803f
deps: update Kubernetes versions (#3781) 
* deps: update Kubernetes versions

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2025-04-28 08:47:26 +02:00
Thomas Tendyck
a5a7cec11b docs: change exemplary GCP zones to ones that provide SNP machines 2025-04-16 12:08:35 +02:00
Leonard Cohnen
66815a4a47
gcp: support projects with no default permissions (#3656) 
* helm/gcp: use service account in operator and joinservice

* helm: format operator testdata

* terraform/iam: create additional service account for VMs

This service account is used in the following commits and is attached to the VMs

* config: pass VM service account from iam create to cluster create via config

* cli/iamcreate: limit name prefix length

* docs: add minimal gcp IAM permissions
 2025-03-25 14:13:38 +01:00
miampf
3cc930fa97
feat: implement RFC 16 to allow emergency node access (#3557) 2025-03-25 11:28:48 +00:00
renovate[bot]
a67818f447
deps: update Kubernetes versions (#3696) 
* deps: update Kubernetes versions

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2025-03-23 18:06:34 +01:00
Moritz Sanft
a491cac57a
terraform: update AWS LB permissions (#3681) 
* bazel: add download rules for AWS LB policy

* docs: add migration notice

* terraform: re-download lb policy
 2025-03-06 16:44:49 +01:00
renovate[bot]
e95c60c3fc
deps: update Kubernetes versions (#3660) 
* deps: update Kubernetes versions

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2025-02-28 09:38:00 +01:00
Markus Rudy
473b04abd5
versions: add k8s 1.31, remove k8s 1.28 (#3396) 
* constellation-node-operator: upgrade control plane nodes first (#3663)

* versions: add k8s 1.31, remove k8s 1.28

* e2e: set default k8s version for daily to 1.30

* e2e: remove defaults for required arguments

* versions: move 1.31 to the end of the list

* kubernetes: set feature gate ControlPlaneKubeletLocalMode

Co-Authored-By: Leonard Cohnen <lc@edgeless.systems>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
 2025-02-26 14:07:42 +01:00
miampf
706d1dff15
cli: add ssh command to securely connect with nodes over ssh (#3568) 2025-01-30 12:08:59 +00:00
renovate[bot]
e3f29ecf4d
deps: update Kubernetes versions (#3578) 
* deps: update Kubernetes versions

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2025-01-16 14:22:02 +01:00
renovate[bot]
44612b1d93
deps: update Kubernetes versions (#3553) 
* deps: update Kubernetes versions

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2024-12-23 14:01:26 +01:00
Moritz Sanft
1495a7f6dd
docs: correct STACKIT IDs (#3545) 
We got OpenStack and STACKIT IDs mixed up in our documentation previously. The OpenStack project ID is required in the `clouds.yaml` file, while the STACKIT project ID is required in the Constellation config. This fixes the warning for the OpenStack project ID in `clouds.yaml`, and adds an additional warning for the STACKIT project ID in the configuration section.
 2024-12-12 09:45:24 +01:00
renovate[bot]
fc0b3cc4a2
deps: update Kubernetes versions (#3516) 
* deps: update Kubernetes versions

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2024-12-02 14:26:59 +01:00
renovate[bot]
6ebfa28e6d
deps: update Kubernetes versions (#3472) 
* deps: update Kubernetes versions

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2024-12-01 13:13:48 +01:00
3u13r
4026752e89
docs: remove mentioning of Cilium's key rotation for IPSec since it does not apply to WireGuard (#3489) 2024-11-21 09:03:05 +01:00
Moritz Eckert
1c5fe3fe24
docs: update azure firmware with openhcl (#3473) 
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2024-11-11 12:50:18 +01:00
Moritz Eckert
36024f20ae
docs: change wording contrast with comparison (#3476) 2024-11-11 12:45:30 +01:00
Moritz Eckert
887b9c5fae
docs: stackit improve clouds.yaml description (#3470) 2024-11-07 09:30:41 +01:00
Adrian Stobbe
54058eed2a
terraform: fix security rule reconciliation on Azure (#3454) 
* fix security rule reconciliation on azure
* fix simulated patch version upgrade
 2024-11-04 08:59:16 +01:00
Markus Rudy
bff8bce88f
docs: how to reproduce released artifacts (#3451) 
* ci: test reproducability with different dependency installation methods

* nix: mitigate nix store optimisiation

* docs: reproducible builds

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* ci: upgrade ubuntu runners for reproducible builds

---------

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2024-10-29 14:04:59 +01:00
Adrian Stobbe
53caa86cb8
docs: clarify for Azure TDX with Terraform provider (#3449) 2024-10-25 14:00:44 +02:00
renovate[bot]
810f86582d
deps: update Kubernetes versions (#3358) 
* deps: update Kubernetes versions

* e2e: run vale with python venv

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Markus Rudy <mr@edgeless.systems>
 2024-10-11 19:23:31 +02:00
3u13r
2854136192
Allow upgrades on azure without Terraform changes on LBs created from within Kubernetes (#3257) 
* k8s: use separate lb for K8s services on azure

* terraform: introduce local revision variable and data resource

* terraform: azure: dont expose full nodeport range

* docs: add Azure load balancer migration
 2024-10-09 11:31:17 +02:00
Felix Schuster
622406de2c
Add overview of security protocols (#3376) 2024-10-02 10:22:27 +02:00
Daniel Weiße
7bb6ad6cc2
docs: fix broken links (#3359) 
* Update cosign installation guide link
* Update cosign overview link
* Update cosign sbom link

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-09-17 15:33:08 +02:00
renovate[bot]
a295ecaffb
cli: add --subscriptionID flag for iam create azure command (#3328) 
* deps: update Terraform azurerm to v4
* Set Azure subscription ID when applying Terraform files
* Upgrade azurerm to v4.1.0
* Mark subscriptionID flag as not required
* deps: tidy all modules

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2024-09-17 12:30:22 +02:00
renovate[bot]
6e6ea1a9d5
deps: update Kubernetes versions (#3325) 
* deps: update Kubernetes versions

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2024-08-26 13:46:46 +02:00
Moritz Eckert
a54b59ab25
docs: remove deprecated master-secret flag from recovery (#3326) 2024-08-26 12:54:58 +02:00
renovate[bot]
cf5d9c2f12
deps: update Kubernetes versions (#3298) 
* deps: update Kubernetes versions

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2024-08-26 09:18:56 +02:00
Thomas Tendyck
e2ee775483 docs: update Tab tags 2024-08-23 22:45:37 +02:00
Thomas Tendyck
ded559a3fe docs: update AsciinemaWidget tags 2024-08-23 22:45:37 +02:00
Thomas Tendyck
abe0397e0d docs: replace angle bracket links, which aren't supported by new mdx version 2024-08-23 22:45:37 +02:00
Moritz Eckert
ec7b40d933
docs: sort clouds table alphabetical (#3315) 2024-08-20 10:35:41 +02:00
Thomas Tendyck
0551a862b3 docs: remove date from "feature status of clouds" page 2024-08-13 22:28:57 +02:00
Thomas Tendyck
399376d3e3
Make SEV-SNP the default attestation variant on GCP (#3267) 
* Make SNP the default on GCP

* fixup! Make SNP

* fixup! Make SNP
 2024-07-22 13:29:27 +02:00
Thomas Tendyck
1826801f0a docs: move compute benchmarks to own page 2024-07-12 09:16:44 +02:00
Moritz Eckert
ca8d11861d
docs: add policy troubleshooting tip (#3212) 
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
 2024-06-27 16:47:23 +02:00
Daniel Weiße
09d19fec22
cli: fix constellation verify depending on an initialized constellation-state.yaml file (#3184) 
* Ignore missing state file if flags are provided
* Update verify docs to include requirement for config file

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-06-21 10:09:01 +02:00
Markus Rudy
c911eb4e3a
versions: default to k8s v1.29, support k8s v1.30, EOL v1.27 (#3173) 
* versions: remove k8s 1.27 and patch-upgrade the others

* versions: add support for k8s 1.30.2

* versions: upgrade cloud provider images
 2024-06-19 17:34:34 +02:00
Moritz Sanft
7d4e7eff65
docs: adjust MAA updating (#3152) 
* docs: adjust MAA updating

* versioned-docs: backport fix
 2024-06-07 13:56:10 +02:00
renovate[bot]
aa910cfc25
deps: update Kubernetes versions (#3102) 
* deps: update Kubernetes versions

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
 2024-06-03 15:08:09 +02:00
Felix Schuster
7197a9b719
Rewrite "chain of trust" section (#3066) 
Co-authored-by: 3u13r <lc@edgeless.systems>
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
 2024-05-27 18:21:27 +02:00
Markus Rudy
174c3ab48a
terraform: add missing policies for AWS ALB (#3063) 
* terraform: add missing policies for AWS ALB
 2024-05-10 08:51:32 +02:00