Markus Rudy
f78f5540bc
ci: pin the kube-bench plugin definitions for sonobuoy ( #2861 )
2024-01-29 14:50:27 +01:00
Moritz Eckert
2413356375
image: replicate to us-east-1 for aws marketplace ( #2870 )
2024-01-29 14:44:33 +01:00
Daniel Weiße
f5a2b58a76
ci: run provider upgrade test only once ( #2869 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-29 12:59:38 +01:00
Daniel Weiße
d372130bfd
ci: safely set attestation variant in OpenSearch URL ( #2864 )
...
* Add attestation variant to notify hooks
* Quote all inputs in OpenSearch URL
* Add clusterCreation field to OpenSearch URL
* Omit empty fields in OpenSearch URL
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-29 11:52:41 +01:00
edgelessci
6d4a8d594e
image: update measurements and image version ( #2866 )
...
Co-authored-by: malt3 <malt3@users.noreply.github.com>
2024-01-29 11:27:13 +01:00
edgelessci
b9f33fc05b
image: update locked rpms ( #2863 )
...
Co-authored-by: malt3 <malt3@users.noreply.github.com>
2024-01-29 09:19:39 +01:00
edgelessci
0d69e4e645
image: update measurements and image version ( #2856 )
...
Co-authored-by: malt3 <malt3@users.noreply.github.com>
2024-01-26 18:05:29 +01:00
Malte Poll
e2e3935896
image: use different replication regions for SNP and TDX
2024-01-26 17:58:08 +01:00
Malte Poll
d205c15dff
flake: update to incorporate uplosi updates
2024-01-26 17:58:08 +01:00
Daniel Weiße
64e5efb49d
Fix evaluation statement
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-26 17:06:28 +01:00
Daniel Weiße
d17e7459db
Choose TDX supported region for TDX tests
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-26 17:06:28 +01:00
Daniel Weiße
ecae1c8f9a
Fix default instanceType generation
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-26 17:06:28 +01:00
Daniel Weiße
65d28f913f
Allow starting e2e tests based on attestation variant instead of csp
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-26 17:06:28 +01:00
Markus Rudy
597a923a7f
cilium: performance fixes and reproducible images ( #2855 )
...
* helm: bump cilium version
* helm: patch Cilium chart version
2024-01-26 17:03:40 +01:00
Daniel Weiße
78b9b0fc96
terraform-provider: enable Azure TDX ( #2854 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-26 15:46:21 +01:00
renovate[bot]
d58d888f54
deps: update dependency Pillow to v10.2.0 [SECURITY]
2024-01-26 15:41:44 +01:00
Moritz Eckert
d6639f7788
add azure region germany west central
2024-01-26 10:04:59 +01:00
edgelessci
49a806a874
image: update measurements and image version ( #2859 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2024-01-26 08:15:43 +01:00
Moritz Eckert
26f6fd074f
ci: fix e2e_benchmark comparison
2024-01-25 11:12:32 +01:00
Adrian Stobbe
77276cb4ca
add provider example test to weekly ( #2840 )
2024-01-25 11:09:27 +01:00
Markus Rudy
9fb6c3216e
helm: remove kube-rbac-proxy ( #2849 )
2024-01-25 10:06:40 +01:00
Adrian Stobbe
4431ac3233
ci: fix missing quotes in Opensearch link ( #2852 )
2024-01-24 17:29:19 +01:00
Malte Poll
d3cffa9fee
image: update Linux to 6.1.74 ( #2851 )
2024-01-24 17:10:56 +01:00
Daniel Weiße
e350ca0f57
attestation: add Azure TDX attestation ( #2827 )
...
* Implement Azure TDX attestation primitives
* Add default measurements and claims for Azure TDX
* Enable Constellation on Azure TDX
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-24 15:10:15 +01:00
Moritz Sanft
e07ea4b40f
operator: fix get-handling of Azure marketplace images ( #2846 )
...
* operator: support getting MP images
* operator: support getting MP node image
* operator: refactorings
2024-01-24 10:22:40 +01:00
Moritz Eckert
da26daeb49
docs: update clouds and marketplaces
...
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2024-01-24 09:57:35 +01:00
Thomas Tendyck
ad5ff6e1bb
ci: update vale
2024-01-24 09:07:19 +01:00
edgelessci
6ae59bb986
image: update measurements and image version ( #2848 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2024-01-24 08:22:48 +01:00
Malte Poll
c8ffba0366
measurements: update expected PCR[1] on GCP
2024-01-23 21:55:12 +01:00
Malte Poll
a2e2f0387c
measurements: correctly override validation options
2024-01-23 21:55:12 +01:00
3u13r
2a7a9dc2aa
helm: re-enable native routing for gcp ( #2842 )
2024-01-23 14:46:24 +01:00
Moritz Sanft
5faa374ede
terraform-provider: validate pod ip cidr only on gcp ( #2838 )
2024-01-23 09:08:23 +01:00
Adrian Stobbe
4db0662b06
ci: remove broken label from OpenSearch query link ( #2839 )
2024-01-23 08:32:02 +01:00
edgelessci
fc1c9b7c1a
image: update locked rpms ( #2835 )
...
Co-authored-by: malt3 <malt3@users.noreply.github.com>
2024-01-22 14:07:26 +01:00
Malte Poll
3a5753045e
goleak: ignore rules_go SIGTERM handler
...
rules_go added a SIGTERM handler that has a goroutine that survives the scope of the goleak check.
Currently, the best known workaround is to ignore this goroutine.
https://github.com/uber-go/goleak/issues/119
https://github.com/bazelbuild/rules_go/pull/3749
https://github.com/bazelbuild/rules_go/pull/3827#issuecomment-1894002120
2024-01-22 13:11:58 +01:00
Malte Poll
66faa5493f
deps: Go 1.21.6
2024-01-22 13:11:58 +01:00
Malte Poll
f465356ace
nix: update flake.lock
2024-01-22 13:11:58 +01:00
Malte Poll
64a4a2230d
deps: update gazelle and rules_go
2024-01-22 13:11:58 +01:00
Malte Poll
e40d1e56d8
deps: update hermetic_cc_toolchain
2024-01-22 13:11:58 +01:00
Malte Poll
00eacdf9e8
image: mark image upload as manual bazel target
2024-01-22 13:11:58 +01:00
Moritz Sanft
0030a26eaf
ci: parallelize upgrade e2e test ( #2724 )
...
* ci: parallelize upgrade e2e test
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* ci: revert name change
* ci: upgrade checkout action
* ci: add target version before building target cli
* ci: rename input
* ci: upload service account key
* ci: download sa key on GCP
---------
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2024-01-19 16:34:47 +01:00
edgelessci
3b02edcc48
image: update measurements and image version ( #2833 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2024-01-19 09:12:24 +01:00
edgelessci
2acbd10ef7
image: update measurements and image version ( #2831 )
...
Co-authored-by: malt3 <malt3@users.noreply.github.com>
2024-01-17 18:55:10 +01:00
Malte Poll
b8933560be
image upload: use unique blob name for AWS images uploaded to S3 ( #2830 )
...
When uploading images to AWS, they need to be uploaded to S3 first.
Since blob names are not unique between attestation variants, there
was a possibility for one S3 upload to be used for the wrong AMI.
2024-01-17 17:09:07 +01:00
edgelessci
6259815869
image: update measurements and image version ( #2828 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2024-01-17 08:11:53 +01:00
Malte Poll
9d6321faa3
uplosi: use separate galleries for Azure TDX and TDX
2024-01-16 17:34:44 +01:00
Malte Poll
52dec77508
nix: update uplosi to support Azure TDX
2024-01-16 17:34:44 +01:00
Malte Poll
336ba6bc34
attestation: add Azure TDX variant
...
Only a stub for now.
2024-01-16 17:34:44 +01:00
Malte Poll
5063b815f1
config: allow Azure TDX instance types
2024-01-16 17:34:44 +01:00
Malte Poll
403acf75aa
image: add mainline kernel and azure tdx image target
2024-01-16 17:34:44 +01:00