Commit Graph

1453 Commits

Author SHA1 Message Date
Malte Poll
9e12e004bb
Set SELinux from disabled to permissive (#474) 2022-11-09 12:04:58 +01:00
renovate[bot]
46a8e8d424
Update google.golang.org/genproto digest to 2d38753 (#408)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-09 12:03:01 +01:00
renovate[bot]
cf9693af24
Update Google cloud SDK (#457)
* Update Google cloud SDK
* [bot] Tidy all modules
* migrate from google.golang.org/genproto/googleapis/cloud/kms/v1 to cloud.google.com/go/kms/apiv1/kmspb
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
Co-authored-by: Fabian Kammel <fk@edgeless.systems>
2022-11-09 11:48:56 +01:00
Leonard Cohnen
3c6d59ce7e aws: don't flag release as debug images 2022-11-09 11:20:58 +01:00
Leonard Cohnen
97acdfa297 config: align pre-filled AWS measurements 2022-11-09 11:20:58 +01:00
renovate[bot]
c18feaaace
Update lycheeverse/lychee-action action to v1.5.4 (#492)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-09 11:10:46 +01:00
renovate[bot]
ce0b3a8867
Update module golang.org/x/sys to v0.2.0 (#491)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-09 11:09:07 +01:00
renovate[bot]
18439fc69b
Update module github.com/docker/docker to v20.10.21+incompatible (#322)
* Update module github.com/docker/docker to v20.10.21+incompatible

* [bot] Tidy all modules

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-11-09 11:07:15 +01:00
renovate[bot]
cb7b53a9c9
Update AWS SDK (#490)
* Update AWS SDK
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-11-09 11:03:06 +01:00
renovate[bot]
5f170709d6
Update k8s.io/utils digest to 8e77b1f (#489)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-09 10:46:47 +01:00
renovate[bot]
0e34d35404
Update Terraform google to v4.43.0 (#484)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-09 10:30:02 +01:00
Paul Meyer
d3bad39223
e2e: fix deletion of persisten volumes (#476)
Co-authored-by: Christoph Meyer <cme@edgeless.systems>
2022-11-09 10:28:34 +01:00
Malte Poll
ac5ad7c378
Clarify Azure Secure Boot / VMGS settings when uploading images (#488) 2022-11-09 10:11:23 +01:00
Thomas Tendyck
d3150a80ac
add brief instructions to AWS IAM Terraform script (#478)
* add brief instructions to AWS IAM Terraform script

* Update README.md
2022-11-08 18:40:30 +01:00
renovate[bot]
34435e4396
Update k8s.io/utils digest to 1a15be2 (#483)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-08 18:39:51 +01:00
renovate[bot]
05f4b8698b
Update ludeeus/action-shellcheck digest to 6d3f514 (#485)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-08 18:38:48 +01:00
renovate[bot]
b8acb5e448
Update Terraform aws to v4.38.0 (#464)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-08 18:34:45 +01:00
Daniel Weiße
011f9c597d
Bring in changes from release branch (#479)
* Bump version to v2.2.0

* Update changelog

* Fix release detection in pipeline

* Fix PKI selection in pipeline

* Set enforced measurements for AWS

* Update default images

* Fix release docs

* Update mini-con defaults

* Fix measurements action

* Fix syft env variable naming

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-08 18:32:59 +01:00
Fabian Kammel
2b64f31104
release docs for v2.2 (#482)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-08 18:25:56 +01:00
Fabian Kammel
598761541b
AWS Docs (#446)
* document AWS support
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2022-11-08 18:21:09 +01:00
Paul Meyer
46e4ddd8c6 ci: don't run cli reference gen on release branch
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-08 17:07:29 +01:00
Malte Poll
499d7a1fdd
AB#2566 RFC for image discoverability (description of image version uid) (#416)
Co-authored-by: Nils Hanke <Nirusu@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2022-11-08 14:04:14 +01:00
Nils Hanke
ee55584b90 AWS: Apply security group to worker nodes 2022-11-08 11:22:06 +01:00
Malte Poll
41668d50c2 Add recovery loadbalancer on AWS 2022-11-08 00:07:04 +01:00
Malte Poll
e07c6ada5c Backport systemd-resolved fixes for Fedora 36 2022-11-08 00:07:04 +01:00
Malte Poll
899ca91aa3 Move enforced measurement for clusterID to PCR[15] in e2e tests 2022-11-08 00:07:04 +01:00
Malte Poll
2171b9fb31 Install CA certificates in initrd 2022-11-08 00:07:04 +01:00
Malte Poll
0d7e0b44b8 Wait for nss-lookup in initrd 2022-11-08 00:07:04 +01:00
Malte Poll
3e996efb3f Pass azure image offer from build variable action 2022-11-08 00:07:04 +01:00
Malte Poll
86001daf7f Install systemd-resolved in dracut to enable DNS 2022-11-08 00:07:04 +01:00
Leonard Cohnen
f09ce515e2 docs: remove constellation-state.json 2022-11-07 19:09:24 +01:00
Leonard Cohnen
152978045c docker: cache go compiler 2022-11-07 16:17:28 +01:00
Nils Hanke
759c626e0f AWS: Don't expose SSH debugging ports on the LB 2022-11-07 13:57:22 +01:00
Malte Poll
fa6dfdff4f
Mark externally managed terraform resources to make infrastructure terraform appliable throughout its lifetime (#442)
* Mark externally managed terraform resources to make infrastructure terraform appliable throughout its lifetime
* Use correct field for nat gateway

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-07 11:04:10 +01:00
Otto Bittner
a70161730f
Explain unenforced measurements in config (#445) 2022-11-07 08:56:57 +01:00
renovate[bot]
efa2fb2fd0
Update anchore/sbom-action action to v0.13.1 (#463)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-04 17:42:09 +01:00
renovate[bot]
9ecc92e35f
Update dependency kubernetes-sigs/cri-tools to v1.25.0 (#458)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-04 17:38:52 +01:00
Malte Poll
ed58fcccd3
CI: Add secure boot prod keys (#462)
* Add production secure boot keys
* Refactor OS build and upload settings
2022-11-04 16:48:52 +01:00
renovate[bot]
5ffdbc9bd6
Update module sigs.k8s.io/controller-runtime to v0.13.1 (#455)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-04 15:57:46 +01:00
3u13r
309a4b5196
cli: remove debug env check for AWS (#460) 2022-11-04 15:31:51 +01:00
Fabian Kammel
cf36b85ff9
extend permissions to allow logging (#461)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-04 14:56:13 +01:00
Moritz Eckert
69644add5d
Add plausbile to docusaurus (#456) 2022-11-04 14:15:34 +01:00
Fabian Kammel
668b4d000b
document usage of iamlive (#443)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-04 14:01:23 +01:00
3u13r
4f4cd4cc67
bump verify image 20221104 (#459) 2022-11-04 13:56:19 +01:00
Fabian Kammel
04d0c770af
limit aws cluster name len (#454)
* limit aws cluster name len down to 10, 32-character name limit in AWS
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-04 13:35:32 +01:00
renovate[bot]
934d173650
Update AWS SDK (#412)
* Update AWS SDK

* [bot] Tidy all modules

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-11-04 13:17:27 +01:00
Nils Hanke
b24c799c80 Replace specific Azure/GCP credentials with secrets 2022-11-04 12:57:24 +01:00
Nils Hanke
ee20ff8950 Replace E2E Azure RM credentials with secrets 2022-11-04 12:57:24 +01:00
Nils Hanke
19fd3a351a Make azureCVMRxp in upgradeplan.go case-insensitive 2022-11-04 12:57:24 +01:00
Nils Hanke
4d9fbdb3d3 CI: Use lowercase image name for fetching measurements 2022-11-04 12:57:24 +01:00