Otto Bittner
8b7979c500
bootstrapper: retry helm chart installation ( #1151 )
...
Motivation for this change are intermittent
timeout errors while installing cert-manager.
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-09 09:05:43 +01:00
Otto Bittner
c275464634
cli: change upgrade-plan to upgrade-check
...
Upgrade check is used to find updates for the current cluster.
Optionally the found upgrades can be persisted to the config
for consumption by the upgrade-execute cmd.
The old `upgrade execute` in this commit does not work with
the new `upgrade plan`.
The current versions are read from the cluster.
Supported versions are read from the cli and the versionsapi.
Adds a new config field MicroserviceVersion that will be used
by `upgrade execute` to update the service versions.
The field is optional until 2.7
A deprecation warning for the upgrade key is printed during
config validation.
Kubernetes versions now specify the patch version to make it
explicit for users if an upgrade changes the k8s version.
2023-02-08 12:30:01 +01:00
Otto Bittner
f204c24174
cli: add version validation and force flag
...
Version validation checks that the configured versions
are not more than one minor version below the CLI's version.
The validation can be disabled using --force.
This is necessary for now during development as the CLI
does not have a prerelease version, as our images do.
2023-02-08 12:30:01 +01:00
Daniel Weiße
3a7b829107
internal: use go-kms-wrapping for KMS backends ( #1012 )
...
* Replace external KMS backend logic for AWS, Azure, and GCP with go-kms-wrapping
* Move kms client setup config into its own package for easier parsing
* Update kms integration flag naming
* Error if nil storage is passed to external KMS
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-02-08 12:03:54 +01:00
Daniel Weiße
68ce23b909
Enable cryptsetup read/write workqueue bypass ( #1150 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-02-08 12:01:14 +01:00
edgelessci
821f87b7be
deps: update apk package hashes ( #1153 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-02-08 05:03:02 -05:00
renovate[bot]
62f213ef09
deps: update dependency io_bazel_rules_go to v0.38.1 ( #1147 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-06 13:18:25 +01:00
Nils Hanke
0331e2dc78
cli: enable jumbo frames for GCP VPCs
2023-02-06 11:07:45 +01:00
renovate[bot]
a3f8bb30ac
deps: update golang Docker tag to v1.20.0 ( #1145 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-03 18:08:03 +01:00
renovate[bot]
ab4df370b6
deps: update ubuntu:22.04 Docker digest to c985bc3 ( #1142 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-03 18:07:34 +01:00
renovate[bot]
d753c4bb60
deps: update ubuntu:20.04 Docker digest to 4a45212 ( #1141 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-03 18:07:08 +01:00
renovate[bot]
a561d3c08f
deps: update gcr.io/distroless/static:nonroot Docker digest to 6b01107 ( #1140 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-03 18:06:47 +01:00
renovate[bot]
d5f466041a
deps: update gcr.io/distroless/static Docker digest to 390b7a3 ( #1139 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-03 18:06:21 +01:00
Paul Meyer
60254f21f4
ci: fix location of cli docgen output ( #1138 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-03 18:00:16 +01:00
Daniel Weiße
f74f589605
ci: add containerized libvirt build workflow ( #1130 )
...
* Add libvirt container build workflow
* Update release workflow
* Update image libvirt base image
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-02-02 14:40:05 +01:00
Fabian Kammel
64c4b1f766
allow workflow to create pr ( #1132 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-02-01 16:54:12 +01:00
renovate[bot]
b3495685fb
deps: update AWS SDK ( #1100 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-01 14:02:58 +01:00
Malte Poll
0b32f7abb4
build: specify C toolchains correctly ( #1128 )
2023-02-01 12:48:19 +01:00
Moritz Sanft
6166b52f5d
cli: refactor iam create command ( #1034 )
...
* AB#2788 refactor iam create
* AB#2788 go mod tidy
* AB#2788 encode b64 at runtime
* AB#2788 rename receiver
2023-02-01 11:32:01 +01:00
renovate[bot]
39b8d4e396
deps: update ubuntu:20.04 Docker digest to b872b03 ( #1124 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-31 18:23:15 +01:00
renovate[bot]
535c359ee7
deps: update Constellation containers to v2.6.0-pre.0.20230131161703-e0354826e058 ( #1105 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-31 18:08:40 +01:00
Paul Meyer
076103b7ac
build: set test timeout
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-31 17:55:09 +01:00
Paul Meyer
51e4f23fe0
build: add shell.nix
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-31 17:55:09 +01:00
Malte Poll
b7d3f3972b
ci: add bazel tests
2023-01-31 17:55:09 +01:00
Malte Poll
a722f911b7
build: convert buildifier check to bazel test
2023-01-31 17:55:09 +01:00
Malte Poll
311c9b2c8b
build: pin java toolchain
2023-01-31 17:55:09 +01:00
Malte Poll
f25c1c07de
build: pin bazel version
2023-01-31 17:55:09 +01:00
Malte Poll
731b316766
build: add Bazel workspace and toolchains
2023-01-31 17:55:09 +01:00
renovate[bot]
bec82c2328
deps: update GitHub action dependencies ( #1112 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-31 17:38:44 +01:00
Paul Meyer
e5a2e519a3
ci: fix hasher permissions
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-31 17:36:45 +01:00
Paul Meyer
e0354826e0
ci: trigger builds on workflow change
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-31 17:17:03 +01:00
Otto Bittner
176f366c53
ci: fix manual keyservice build workflow
2023-01-31 16:53:46 +01:00
Paul Meyer
4f1a4ecb9e
ci: don't use k-bench install script
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-31 15:06:29 +01:00
Paul Meyer
c00004a321
ci: fix oras download in package hasher
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-31 15:06:13 +01:00
Fabian Kammel
c14e551af5
fix permissions ( #1119 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-01-31 14:30:36 +01:00
Otto Bittner
24409fe6ee
ci: ensure that unittests are run when touching helm charts
...
In case the helm charts are changed only yaml files are touched.
Thus the unit test workflow was not triggered.
2023-01-31 11:36:49 +01:00
Otto Bittner
3038b374da
cli: update helm chart render expectations
...
testdata is now expecting the charts to render for ko images.
2023-01-31 11:36:49 +01:00
Otto Bittner
6415d80ee4
versions: update constellation operator image
2023-01-31 11:36:49 +01:00
Fabian Kammel
c65b677f58
fix path for qemu/image.raw in S3/CDN ( #1106 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-01-31 10:44:19 +01:00
Otto Bittner
9fc88797d1
cli: use /manager as binary path
...
The change to /ko-app/v2 is incorrect as we are
currently not building ko images for this operator.
2023-01-31 10:35:26 +01:00
Otto Bittner
88e3da750e
ci: adjust tags in build_ko
...
Currently tags can be empty when building a ko image.
However, --bare may not work in case --tags is empty,
as per ko docs.
Also remove redundant build step in release pipeline.
Co-authored-by: Malte Poll <mp@edgeless.systems>
2023-01-31 10:16:20 +01:00
Fabian Kammel
b21393ddb1
authorize purge branch ( #1113 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-01-30 17:55:41 +01:00
leongross
2187aa6cb0
ci: reproducible builds integration ( #1108 )
...
* remove `-ko` suffix from workflows
* integrate into `release.yaml`
* adjust helm charts to use hard coded `ko` binary path
2023-01-30 16:58:49 +01:00
renovate[bot]
11e233e4be
deps: update ghcr.io/edgelesssys/cloud-provider-gcp:v26.0.1 Docker digest to 8708a33 ( #1110 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-30 16:54:11 +01:00
Fabian Kammel
48c8a66114
Minimal GitHub Action token permissions. ( #1104 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-01-30 16:11:27 +01:00
3u13r
32848db0b1
operator: log awaitingAnnotationNodes ( #1107 )
2023-01-30 16:08:39 +01:00
Paul Meyer
fa99daff0c
codeowners: own apko
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-30 16:05:00 +01:00
Paul Meyer
d095f08cd4
apko: build base image with pinned packages
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-30 16:05:00 +01:00
Paul Meyer
32a540bff4
ci: tag apko base images
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-30 16:05:00 +01:00
Paul Meyer
8268b6e23f
ci: don't build apko base images on release branch
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-30 16:05:00 +01:00