Daniel Weiße
52a65c20ac
Move upload/delete code to its own package
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-06-27 09:09:13 +02:00
edgelessci
5654e76f7e
image: update measurements and image version ( #3204 )
...
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2024-06-27 08:00:56 +02:00
renovate[bot]
5f9e970ebd
deps: update Constellation containers to v2.17.0-pre.0.20240619151941-9cd11842442d ( #3179 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-06-24 15:03:21 +02:00
renovate[bot]
e71819eb62
deps: update Go dependencies ( #3185 )
...
* deps: update Go dependencies
* deps: tidy all modules
* Replace deprecated `grpc.DialContext` with `grpc.NewClient`
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2024-06-21 10:05:57 +02:00
edgelessci
bd80ab89cb
image: update measurements and image version ( #3189 )
...
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2024-06-21 08:28:27 +02:00
renovate[bot]
afd6b35f18
deps: update ghcr.io/edgelesssys/gcp-guest-agent Docker tag to v20240611 ( #3180 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-06-20 13:28:21 +02:00
Daniel Weiße
a36e1a79f0
helm: upgrade cert-manager from v1.12.6 to v1.15.0 ( #3177 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-06-20 10:49:00 +02:00
Daniel Weiße
0368047939
helm: update Azure CSI, GCP CSI, and CSI snapshotter charts ( #3175 )
...
* Update GCP CSI chart to v1.4.0
* Update Azure CSI chart to v1.4.0
* Update CSI snapshotter from v6.2.2 to v8.0.1
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-06-20 08:41:46 +02:00
Markus Rudy
c911eb4e3a
versions: default to k8s v1.29, support k8s v1.30, EOL v1.27 ( #3173 )
...
* versions: remove k8s 1.27 and patch-upgrade the others
* versions: add support for k8s 1.30.2
* versions: upgrade cloud provider images
2024-06-19 17:34:34 +02:00
edgelessci
1975a10721
image: update measurements and image version ( #3172 )
...
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2024-06-19 08:26:57 +02:00
edgelessci
63dc0c79af
image: update measurements and image version ( #3167 )
...
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2024-06-14 08:14:39 +02:00
Daniel Weiße
daaa7755a7
cli: enable JSON output for constellation verify
on Azure TDX ( #3164 )
...
* Remove formatter factory
* Enable `constellation verify` with JSON output for Azure TDX
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-06-12 13:18:27 +02:00
edgelessci
305bc692e9
image: update measurements and image version ( #3162 )
...
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2024-06-12 08:03:25 +02:00
Daniel Weiße
8b76dd68ca
attetstation: enable Azure TDX CRL checking ( #3160 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-06-12 08:02:47 +02:00
Markus Rudy
fddad83eb4
helm: upgrade Cilium to v1.15.5-edg.1 ( #3149 )
2024-06-11 11:53:00 +02:00
renovate[bot]
85c4f9be2a
deps: update ghcr.io/edgelesssys/gcp-guest-agent Docker tag to v20240528 ( #3143 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-06-09 11:05:02 +02:00
Moritz Sanft
095a66fb83
cli: return a more helpful error message on MAA patch failure ( #3153 )
...
* cli: return a more helpful error message on maa patch failure
* Update internal/maa/patch.go
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
---------
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2024-06-07 15:18:34 +02:00
edgelessci
2c03a16a68
image: update measurements and image version ( #3151 )
...
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2024-06-07 07:59:55 +02:00
Moritz Sanft
1b7b80673c
image: update measurements and image version ( #3144 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-06-05 09:22:32 +02:00
Markus Rudy
5a100d1fc9
helm: use Cilium chart from fork ( #3130 )
2024-06-05 07:56:11 +02:00
renovate[bot]
aa910cfc25
deps: update Kubernetes versions ( #3102 )
...
* deps: update Kubernetes versions
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2024-06-03 15:08:09 +02:00
renovate[bot]
93cabbe0b2
deps: update Constellation containers to v2.17.0-pre.0.20240524110423-80917921e3d6 ( #3106 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-06-03 13:13:48 +02:00
edgelessci
ce3b00668b
image: update measurements and image version ( #3131 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-06-03 08:53:59 +02:00
edgelessci
79d3781f3e
image: update measurements and image version ( #3128 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-05-29 08:18:27 +02:00
Moritz Sanft
d14ee6ba1d
helm: update AWS CSI driver chart ( #3121 )
2024-05-27 16:22:56 +02:00
edgelessci
be3f555573
image: update measurements and image version ( #3119 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-05-24 08:08:42 +02:00
Malte Poll
2c8a16294e
bazel: migrate rules_proto to bzlmod
2024-05-23 09:48:04 +02:00
Malte Poll
d960121cba
bazel: update BUILD files for rules_go bzlmod migration
2024-05-23 09:48:04 +02:00
edgelessci
4434a85a51
image: update measurements and image version ( #3110 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-05-17 08:12:51 +02:00
Daniel Weiße
036a4f2ee1
deps: remove obsolete Go replace to upgrade go-sev-guest ( #3107 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-05-16 15:48:44 +02:00
renovate[bot]
fe65a6da76
deps: update Constellation containers
2024-05-16 13:11:53 +02:00
Malte Poll
7eedd0e3de
cli: simplify log message on init call ( #3105 )
2024-05-15 16:17:12 +02:00
edgelessci
36141b149c
image: update measurements and image version ( #3100 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-05-15 09:36:01 +02:00
Daniel Weiße
4f1768e660
cloud: hide kubernetes iptables usage behind linux build tag ( #3088 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-05-13 13:22:22 +02:00
Malte Poll
cfaba0b1c3
misc: update golangci-lint related changes
2024-05-13 08:47:15 +02:00
edgelessci
d0bb738607
image: update measurements and image version ( #3074 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-05-13 08:39:52 +02:00
renovate[bot]
1ead19e69a
deps: update ghcr.io/edgelesssys/cloud-provider-gcp Docker tag to v29.0.1 ( #3073 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-05-10 09:57:07 +02:00
renovate[bot]
fffc9db2b5
deps: update Kubernetes versions ( #3072 )
...
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2024-05-09 13:38:01 +02:00
3u13r
0325483504
helm: disable cilium ipmasq agent when in conformance mode ( #3062 )
2024-05-08 18:51:12 +02:00
Daniel Weiße
9def35ed06
deps: update all Go dependencies ( #3071 )
...
* Upgrade Go dependencies
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Group Go dependency upgrades
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Remove usage of deprecated docker types
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Fix usage of invalid validation tags
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Regenerate bazel files
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Keep github.com/bazelbuild/buildtools at old version to not break other dependencies
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-05-08 17:31:47 +02:00
Daniel Weiße
47fbbd42a9
Fix tool not generating measurements for gcp-sev-snp ( #3061 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-05-03 09:52:57 +02:00
edgelessci
96b71b0205
image: update measurements and image version ( #3060 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-05-03 09:28:57 +02:00
edgelessci
3d2a023ccf
image: update measurements and image version ( #3057 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-05-02 08:20:51 +02:00
Moritz Sanft
002c6fa5a4
snp: don't print warning if no ASK is present ( #3048 )
...
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2024-04-29 14:38:34 +02:00
renovate[bot]
c1740b17d9
deps: update ghcr.io/edgelesssys/gcp-guest-agent Docker tag to v20240314 ( #3042 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-04-29 11:01:21 +02:00
edgelessci
0df26c0e9b
image: update measurements and image version ( #3043 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-04-26 08:05:44 +02:00
renovate[bot]
3ea0e3a487
deps: update K8s constrained AWS versions ( #2938 )
...
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2024-04-25 15:49:50 +02:00
renovate[bot]
0f6491f3c7
deps: update K8s constrained Azure versions ( #2941 )
...
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2024-04-25 15:48:46 +02:00
renovate[bot]
f00890ab1e
deps: update module k8s.io/kubernetes to v1.29.4 [SECURITY] ( #3039 )
...
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2024-04-25 14:03:24 +02:00
edgelessci
591aba99fd
image: update measurements and image version ( #3040 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-04-24 08:16:45 +02:00
Daniel Weiße
4635a6c8b1
attestation: dont set a default for TDX MRSEAM ( #3038 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-04-22 14:07:24 +02:00
miampf
b187966581
cli: allow tagging cloud resources with custom tags ( #3033 )
2024-04-19 09:07:57 +00:00
edgelessci
f60c133724
image: update measurements and image version ( #3034 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-04-19 08:30:06 +02:00
edgelessci
ea17af3dcc
image: update measurements and image version ( #3030 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-04-17 08:18:39 +02:00
Moritz Sanft
913b09aeb8
Support SEV-SNP on GCP ( #3011 )
...
* terraform: enable creation of SEV-SNP VMs on GCP
* variant: add SEV-SNP attestation variant
* config: add SEV-SNP config options for GCP
* measurements: add GCP SEV-SNP measurements
* gcp: separate package for SEV-ES
* attestation: add GCP SEV-SNP attestation logic
* gcp: factor out common logic
* choose: add GCP SEV-SNP
* cli: add TF variable passthrough for GCP SEV-SNP variables
* cli: support GCP SEV-SNP for `constellation verify`
* Adjust usage of GCP SEV-SNP throughout codebase
* ci: add GCP SEV-SNP
* terraform-provider: support GCP SEV-SNP
* docs: add GCP SEV-SNP reference
* linter fixes
* gcp: only run test with TPM simulator
* gcp: remove nonsense test
* Update cli/internal/cmd/verify.go
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* Update docs/docs/overview/clouds.md
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* Update terraform-provider-constellation/internal/provider/attestation_data_source_test.go
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
* linter fixes
* terraform_provider: correctly pass down CC technology
* config: mark attestationconfigapi as unimplemented
* gcp: fix comments and typos
* snp: use nonce and PK hash in SNP report
* snp: ensure we never use ARK supplied by Issuer (#3025 )
* Make sure SNP ARK is always loaded from config, or fetched from AMD KDS
* GCP: Set validator `reportData` correctly
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* attestationconfigapi: add GCP to uploading
* snp: use correct cert
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform-provider: enable fetching of attestation config values for GCP SEV-SNP
* linter fixes
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
2024-04-16 18:13:47 +02:00
Daniel Weiße
485ebb151e
kubecmd: retry any k8s errors in CLI and Terraform ( #3028 )
...
* Retry any k8s errors in CLI and Terraform
* Use structured logging in `kubecmd` package
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-04-16 15:12:42 +02:00
edgelessci
41e4f144ed
image: update measurements and image version ( #3023 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-04-12 08:24:28 +02:00
Markus Rudy
f6dfea2a79
helm: unbreak helm test after Cilium version bump ( #3022 )
2024-04-11 09:38:15 +02:00
Markus Rudy
550798279a
Merge pull request from GHSA-g8fc-vrcg-8vjg
...
* helm: firewall pods
* helm: bump cilium chart version
---------
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2024-04-10 13:48:32 +02:00
edgelessci
7bdd4c2449
image: update measurements and image version ( #3019 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-04-10 08:25:16 +02:00
edgelessci
249148abe2
image: update measurements and image version ( #3013 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-04-05 15:23:44 +02:00
miampf
840f460bac
logging: unify debug log message format ( #2997 )
2024-04-03 13:49:03 +00:00
edgelessci
638a94c7c6
image: update measurements and image version ( #3008 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-04-03 08:28:45 +02:00
edgelessci
d6ac1967c5
image: update measurements and image version ( #3004 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-04-02 08:44:25 +02:00
edgelessci
367b278002
image: update measurements and image version ( #3000 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-03-25 08:19:58 +01:00
edgelessci
89f311dac1
image: update measurements and image version ( #2996 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-03-20 08:35:26 +01:00
edgelessci
e0bbb447a9
image: update measurements and image version ( #2987 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-03-15 07:54:20 +01:00
Markus Rudy
54af083da3
helm: retry uninstall manually if atomic install failed ( #2984 )
2024-03-14 10:52:11 +01:00
edgelessci
3b8fa95648
image: update measurements and image version ( #2983 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-03-13 09:08:44 +01:00
Malte Poll
923a41ba01
openstack: move credentials to instance user data
2024-03-11 16:43:36 +01:00
Malte Poll
c23f17de41
openstack: read credentials from clouds.yaml
2024-03-11 15:59:23 +01:00
Malte Poll
d69673fab7
terraform-provider: Add support for STACKIT / OpenStack
2024-03-11 15:59:23 +01:00
Malte Poll
1670d977c6
openstack: vendor clouds.yaml Go type definitions from gophercloud v2 beta
2024-03-11 15:59:23 +01:00
Malte Poll
6ddabd025d
openstack: rename client type
2024-03-11 15:59:23 +01:00
Daniel Weiße
27330490f3
cli: retry auth handshake deadline exceeded errors in CLI and Terraform ( #2976 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-03-08 13:15:06 +01:00
edgelessci
483c888a3c
image: update measurements and image version ( #2975 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-03-08 08:40:29 +01:00
Malte Poll
108784c580
openstack: improve error message on IMDS failures
2024-03-07 11:47:51 +01:00
Malte Poll
7f262d18a8
imagefetcher: allow any marketplace image for OpenStack
2024-03-07 11:47:51 +01:00
Malte Poll
281c7c320c
deps: update protobuf to v1.33.0
2024-03-06 14:50:01 +01:00
Malte Poll
8b41bcaecc
cli: correct measurements in config generate stackit
2024-03-04 18:17:26 +01:00
Malte Poll
f94c6ca0d4
misc: skip message about community license with marketplace image
2024-03-04 18:17:26 +01:00
Malte Poll
1c8a7e4c22
cli: add STACKIT to constellation config instance-types
2024-03-04 18:17:26 +01:00
edgelessci
d8a8d9b6b9
image: update measurements and image version ( #2963 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-03-01 08:31:34 +01:00
Malte Poll
3ce10eb00f
terraform: allow STACKIT / OpenStack instance type to be UUID or name
2024-02-28 15:48:53 +01:00
edgelessci
79aaa77b6b
image: update measurements and image version ( #2950 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-02-28 10:02:33 +01:00
edgelessci
b2ab5869b3
image: update measurements and image version ( #2943 )
...
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-02-23 09:33:12 +01:00
3u13r
2a61861a1c
stackit: add k8s api load balancer ( #2925 )
2024-02-22 17:39:34 +01:00
renovate[bot]
62acec17f6
deps: update Constellation containers ( #2921 )
...
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2024-02-22 14:04:42 +01:00
Malte Poll
00d39ff7fa
helm: update edgelesssys cinder-csi-plugin
2024-02-22 12:43:04 +01:00
Malte Poll
31f65fb486
openstack: find node CIDR with multiple subnets
2024-02-22 12:43:04 +01:00
Malte Poll
d8185fdafb
helm: use patched yawol with support for subnet choice
...
Constellation requires a CIDR that only Kubernetes nodes live in.
This is needed for cilium encryption.
To make yawol LBs work, they need to be placed in a different subnet
with their own CIDR.
This patched version supports that.
2024-02-22 12:43:04 +01:00
Malte Poll
1e987f6a85
terraform: add subnet for OpenStack LBs
2024-02-22 12:43:04 +01:00
Malte Poll
9d164de18b
helm: avoid waiting for non-essential services ( #2939 )
...
In our e2e tests, we see a lot of "etcd-leader changed" errors
while deploying non-essential helm charts.
If this transient error occurs, helm gets into a broken state
where it cannot uninstall cleanly and thus any retry attempts fail.
By not waiting for the installation of helm charts to succeed,
we can avoid making most of the kubernetes API calls while
control-plane nodes are joining.
This makes "constellation apply" faster and more resilient.
2024-02-22 12:18:55 +01:00
Malte Poll
522f2858c6
proto: update generated protobuf sources
2024-02-21 18:40:16 +01:00
Malte Poll
8541365341
sigstore: replace use of deprecated module go-tuf
2024-02-21 18:40:16 +01:00
Malte Poll
65903459a0
chore: fix unused parameter lint in new golangcilint version
2024-02-21 17:54:07 +01:00
renovate[bot]
cdd80a4f3f
deps: update dependency containernetworking/plugins to v1.4.0 ( #2896 )
...
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2024-02-21 17:42:48 +01:00
miampf
96c5980651
cli: collect debug logs in file ( #2906 )
2024-02-21 15:39:12 +00:00
Malte Poll
59faa2b692
attestation: add hardcoded OpenStack enterprise measurements
2024-02-21 13:31:32 +01:00
katexochen
70ff097e12
image: update measurements and image version
2024-02-21 08:49:20 +01:00