Commit Graph

1424 Commits

Author SHA1 Message Date
Moritz Sanft
b8d991f84c
AB#2577 Implement GCP IAM in terraform (#567)
* AB#2577 Add GCP TF Config & Documentation

[no ci] wip

AB#2577 Add GCP TF config & Docs

* Download lockfile

* Remove IAM input variables from output
2022-11-21 08:43:13 +01:00
Daniel Weiße
7b3cb5362a
Fix disk-mapper version injection (#592)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-18 16:43:44 +01:00
Nils Hanke
ade8fa323f Remove case-sensitive duplicate file 2022-11-18 16:07:29 +01:00
renovate[bot]
b4653152ee
Update libvirt.org/go to v1.8009.0 (#593)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-18 15:56:39 +01:00
Daniel Weiße
9aa9c1bb49
AB#2275 Add azuredisk CSI driver (#548)
* Add azuredisk CSI driver

* Update Changelog

* Update chart using go generate

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-18 15:47:01 +01:00
renovate[bot]
54ef6d21f4
Update Terraform aws to v4.40.0 (#586)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-18 15:41:02 +01:00
renovate[bot]
86b03bf08e
Update Terraform azurerm to v3.32.0 (#588)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-18 14:57:34 +01:00
Malte Poll
786264edbc Add hack script to locate latest debug image 2022-11-18 12:08:34 +01:00
Malte Poll
9d4172002c Upgrade container images to Fedora 37 2022-11-18 10:37:45 +01:00
Malte Poll
efaa0622a8 Include image version in mkosi builds 2022-11-18 10:37:45 +01:00
Malte Poll
74aabe86fa Move PCR[8] -> PCR[12] 2022-11-18 10:37:45 +01:00
Malte Poll
239b9f6c26 Upgrade images to Fedora 37 2022-11-18 10:37:45 +01:00
Fabian Kammel
56dccb77b4
Merge back changes from v2.2.2 release (#580)
* prepare v2.2.2 release and update release.md
* Updated QEMU measurements
* Terraform GCP: Always use the local account for resource creation (#571)
* CoreOS is no longer used, change docs to OS.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-11-18 10:24:45 +01:00
Daniel Weiße
b966f57a2f
AB#2554 GCP CSI driver deployment (#532)
* Allow enabling/disabling of CSI driver through config

* Fix inconsistent namespace parsing

* Deploy GCP CSI driver on init

* Update invalid pod tolerations

* Add generate script for CSI charts

* Update generateCilium script

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-18 10:05:02 +01:00
renovate[bot]
6b7e470983
Update module github.com/talos-systems/talos/pkg/machinery to v1.2.6 (#582)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-18 09:20:54 +01:00
renovate[bot]
f5f6be1c56
Update actions/download-artifact action to v3 (#583)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-18 08:55:56 +01:00
renovate[bot]
5dc78b677b
Update google.golang.org/genproto digest to 41c2ba7 (#503)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 18:49:17 +01:00
Paul Meyer
8628b8f880 deps: bundle libvirt dependencies
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 18:10:20 +01:00
Fabian Kammel
1110ccd270
warn about function argument count over 5 (#558)
* warn about function argument count over 5
* only on new code
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-17 17:31:00 +01:00
Fabian Kammel
feae4a86bc
reserve enough time for stable tests (#564)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-17 17:30:35 +01:00
renovate[bot]
25c3fcd104
Update module github.com/schollz/progressbar/v3 to v3.12.1 (#581)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 17:12:04 +01:00
renovate[bot]
b7852665f3
Update Terraform google to v4.43.1 (#576)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 16:44:33 +01:00
Malte Poll
78481b32e8
Move image artifacts "/v1/" => "/constellation/v1" (#579) 2022-11-17 16:14:38 +01:00
Paul Meyer
9c405ceb02 ci: use shfmt fork
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 16:10:13 +01:00
renovate[bot]
ba899060fd
Update module github.com/onsi/gomega to v1.24.1 (#556)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 15:28:19 +01:00
Nils Hanke
6e5895f200 User-friendlier errors 2022-11-17 13:49:34 +01:00
Nils Hanke
e1d8926395 Terraform: Only rollback after we fully created the workspace 2022-11-17 13:49:34 +01:00
Nils Hanke
19fb6f1233 Make AWS vars passing consistent with other CSPs 2022-11-17 13:49:34 +01:00
Nils Hanke
158dfe0e2b Remove unused name parameter in CreateCluster 2022-11-17 13:49:34 +01:00
Nils Hanke
b9b618a1f0 Terraform: Try to init before destroy 2022-11-17 13:49:34 +01:00
Nils Hanke
f27af5b588 Terraform: Make variables writing retryable 2022-11-17 13:49:34 +01:00
Nils Hanke
e93527144e Terraform: Try to use existing files on partially unpacked workspace 2022-11-17 13:49:34 +01:00
Nils Hanke
4a2cba988c Create separate Terraform workspace directory 2022-11-17 13:49:34 +01:00
Paul Meyer
7f5a1dd901 ci: use /usr/bin/env instead of /bin/env
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 12:01:29 +01:00
renovate[bot]
827b62c2be
Update GitHub action dependencies (#568)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-11-17 11:37:00 +01:00
Paul Meyer
cca02597c8 image: remove bash options from sourced scripts
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 11:28:49 +01:00
Paul Meyer
4847b71faa image: use bash shebang
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 11:28:49 +01:00
Paul Meyer
c61f6211f9 ci: use fixed renovate bot email for commits
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 11:28:49 +01:00
Paul Meyer
3fd678492f ci: fix shellfmt workflow name
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 11:28:49 +01:00
Malte Poll
df0cd43f92
Terraform GCP: Always use local account for resource creation (#571)
* Terraform GCP: Always use local account for resource creation
* Update CHANGELOG
2022-11-17 10:33:36 +01:00
renovate[bot]
fe36de8826
Update module golang.org/x/crypto to v0.3.0 (#569)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 10:18:43 +01:00
renovate[bot]
57c0a09f88
Update golang:1.19.3 Docker digest to d388153 (#570)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 10:03:00 +01:00
Moritz Sanft
dfe7f855cd
AB#2578 Implement Azure IAM in terraform (#562)
* AB#2578 Azure IAM init

* AB#2578 Fixed application owner privileges, added docs

* Add all supported providers to TF lockfile

* Using service principal for role assignment in cluster resource group

Co-authored-by: Malte Poll <mp@edgeless.systems>

* Rephrased header for Azure

Co-authored-by: Malte Poll <mp@edgeless.systems>

* Registry -> Registration typo

Co-authored-by: Malte Poll <mp@edgeless.systems>

* Download lockfile

* File name casing

Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-11-16 20:19:10 +01:00
Malte Poll
cdaf1fc476
OS Image Build pipeline: prepare lookup tables and additional artifacts (#560) 2022-11-16 15:45:10 +01:00
Fabian Kammel
ca4764c466
Merge v2.2.1 changes back to main (#563)
* Bump version to v2.2.0

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Fix release detection in pipeline

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Update CHANGELOG for 2.2.1

Signed-off-by: Fabian Kammel <fk@edgeless.systems>

* bump constellation versions to 2.2.1

Signed-off-by: Fabian Kammel <fk@edgeless.systems>

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2022-11-16 11:13:10 +01:00
Leonard Cohnen
2f0b1a0f32 ci: add go generate check 2022-11-15 18:24:07 +01:00
Leonard Cohnen
d86d82d2d4 helm: go generate 2022-11-15 18:24:07 +01:00
Leonard Cohnen
9b89e5cf10 ci: don't check cilium links 2022-11-15 18:24:07 +01:00
renovate[bot]
ee47177029
Update module helm.sh/helm/v3 to v3.10.2 (#555)
* Update module helm.sh/helm/v3 to v3.10.2

* [bot] Tidy all modules

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-11-15 15:47:53 +01:00
Fabian Kammel
bb76a4e4c8
AB#2512 Config secrets via env var & config refactoring (#544)
* refactor measurements to use consistent types and less byte pushing
* refactor: only rely on a single multierr dependency
* extend config creation with envar support
* document changes
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-15 15:40:49 +01:00