Daniel Weiße
ba4471a228
AB#2316 Configurable enforced PCRs ( #361 )
...
* Add warnings for non enforced, untrusted PCRs
* Fix global state in Config PCR map
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-12 15:59:45 +02:00
Daniel Weiße
ab536ae3c8
AB#2278 Remove hardcoded values from config ( #346 )
...
* Update file handler to avoid incorrect usage of file.Option
* Remove hardcoded values
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-08 11:04:17 +02:00
Malte Poll
bf5816cc00
linter cleanup ( #344 )
...
* go fmt
* static check
2022-08-05 15:30:23 +02:00
Otto Bittner
a13d1d8bd8
Bump coreos-img version
2022-08-03 08:06:05 +02:00
Daniel Weiße
aa7fcce8af
Add configurable node disk type ( #317 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-02 12:24:55 +02:00
Fabian Kammel
050e8fdc4a
AB#2159 Feat/cli/fetch measurements ( #301 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-01 09:37:05 +02:00
Otto Bittner
5d87b48769
Bump image version
2022-07-28 09:57:11 +02:00
Malte Poll
aacbf9dc70
Bump coreos images to 1658499095 ( #295 )
2022-07-25 09:03:51 +02:00
Otto Bittner
52ceced223
AB#2255: Fix kubeadm version incompatibility ( #293 )
...
* Update image version
* Introduce 'ValidK8sVersion' type. Ensures that consumers
of the k8sVersion receive a valid version, without
having to do their own validation.
* Add testcase to check that kubeadm accepts the currently provided
version.
2022-07-22 15:05:04 +02:00
Otto Bittner
741384158a
AB#2076: version specific images ( #288 )
...
KubernetesVersion sent by the init command now controls
all downloaded binaries, if they depend on the k8s version.
* Move all download links into /internal/versions.
* Unify files in /internal/versions package
* Move image download links into VersionConfigs
and thus make them dependant on the k8s version,
where the image version is specific to the k8s version.
* Don't specify patch version in k8sVersion
2022-07-21 14:41:07 +02:00
Otto Bittner
a68ee817ff
AB#2074: Choosable K8S Version ( #277 )
...
AB#2074: Add configurable k8s version
Configurable version flow:
* cli config holds/validates k8sVersion
* InitCluster receive a k8sVersion arg
* InitCluster creates CM "k8s-version"
* kubeadm's InitConfiguration receives k8sVersion
* joinservice spec mounts/reads k8s-version CM
* joinservice supplies k8sVersion via JoinTicketResponse
Other changes:
* Remove unused test code (FakeK8SClient)
* move VersionConfig map to /internal/versions
* installk8sComponents is now a function instead of a method
2022-07-18 12:28:02 +02:00
Fabian Kammel
a931f6692f
Fix/bootstrapper regressions ( #274 )
...
* remove wireguard from e2e tests, conformance docs & config
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-15 11:53:14 +02:00
Malte Poll
49e98286a9
bump coreos 1657814939
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-07-15 09:15:55 +02:00
katexochen
916e5d6b55
Rename coordinator to bootstrapper and rename roles
2022-07-14 17:25:18 +02:00
Malte Poll
7e6ad541c6
Bump coreos images to 1657199013
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-07-08 14:28:04 +02:00
katexochen
67b25d2771
Move cli/cloudprovider into internal/cloud
2022-06-08 11:53:55 +02:00
Leonard Cohnen
791d5564ba
replace flannel with cilium
2022-06-02 13:08:25 +02:00
3u13r
c4f15cd30b
bump images ( #191 )
2022-06-02 10:30:43 +02:00
Thomas Tendyck
42fc497477
cli: fix and tweak config file wording
2022-05-27 16:53:04 +02:00
Thomas Tendyck
2ba3c153de
AB#2117 cli: validate config ( #170 )
...
* AB#2117 cli: validate config
* update hack/go.mod
2022-05-23 15:01:39 +02:00
Malte Poll
c16f5391db
bump images 1653299706
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-23 14:26:10 +02:00
Fabian Kammel
135c787001
AB#2098 versioned & strict yaml reading ( #157 )
2022-05-18 18:10:57 +02:00
Fabian Kammel
7c2d1c3490
AB#2094 cloud provider specific configs ( #151 )
...
add argument to generate cloud specific configuration file
2022-05-18 11:39:14 +02:00
Fabian Kammel
08f4f4e0aa
updated images to newest version ( #150 )
2022-05-17 14:24:44 +02:00
Fabian Kammel
cfad36720b
Cloned UserKey struct to config so it can be documented. Added examples. ( #149 )
2022-05-17 10:52:37 +02:00
Fabian Kammel
b905c28515
AB#2061 Self Documenting Config File ( #143 )
...
Move firewall up into root config, remove VPC config & autogenerate comments in config file.
2022-05-16 18:54:25 +02:00
Nils Hanke
68092f27dd
AB#2046 : Add option to create SSH users for the first coordinator upon initialization ( #133 )
...
* Move `file`, `ssh` and `user` packages to internal
* Rename `SSHKey` to `(ssh.)UserKey`
* Rename KeyValue / Publickey to PublicKey
* Rename SSH key file from "debugd" to "ssh-keys"
* Add CreateSSHUsers function to Core
* Call CreateSSHUsers users on first control-plane node, when defined in config
Tests:
* Make StubUserCreator add entries to /etc/passwd
* Add NewLinuxUserManagerFake for unit tests
* Add unit tests & adjust existing ones to changes
2022-05-16 17:32:00 +02:00
Nils Hanke
25b0ca2a06
Use filename from input instead of hardcoded name
2022-05-16 15:15:05 +02:00
Malte Poll
3b30291360
QEMU CSP Config: PCRs -> Measurements
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-13 13:36:03 +02:00
Malte Poll
c679526bae
Remove ConstellationPort from config file
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-13 13:36:03 +02:00
Fabian Kammel
83857b142c
AB#2064 Feat/config/dev config to config ( #139 )
...
Renamed dev-config to config, additionally changed cdbg config to yaml.
2022-05-13 11:56:43 +02:00
Fabian Kammel
14103e4f89
Fix/config/measurements in yaml ( #135 )
...
Custom type & marshal implementation for measurements to write base64 instead of single bytes
2022-05-12 10:15:00 +02:00
Fabian Kammel
b8d1cc2b75
converted config file from JSON to YAML. ( #132 )
...
converted config file from JSON to YAML
2022-05-11 13:53:02 +02:00
Malte Poll
748eb0f96b
Create GCP images in "constellation-images" project
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-10 13:58:10 +02:00
Daniel Weiße
a953df60b6
Rename in config: PCRs->Measurements
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-09 08:24:21 +02:00
Daniel Weiße
8444d5c515
Add qemu cloudprovider for activation calls
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-04 08:57:43 +02:00
Daniel Weiße
10e9faab10
Remove GCP non CVMs
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-02 16:03:36 +02:00
Malte Poll
3621c7af9a
Bump images
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-28 21:48:38 +02:00
datosh
2a766a3ab5
Feat/conformity test ( #79 )
...
* Added files required to request conformance with kubernetes
* Extended firewall implementation to allow port ranges
* Added default nodeport range to vpc network config
2022-04-26 17:09:03 +02:00
Benedict Schlueter
6265b307af
bump images
...
Signed-off-by: Benedict Schlueter <bs@edgeless.systems>
2022-04-26 15:22:51 +02:00
Leonard Cohnen
daba25c3d4
bump images
2022-04-25 10:30:28 +02:00
katexochen
1a9b33d738
Restructure config and constants
2022-04-21 09:06:35 +02:00
Benedict
d869e10a85
Bump coordinator images to 1649852687
2022-04-13 20:30:57 +02:00
Malte Poll
daf2280e3f
create state disk on constellation create
2022-04-05 15:08:55 +02:00
Malte Poll
2cd8d580d8
Bump coreos images to 1649063903
2022-04-04 12:51:00 +02:00
Leonard Cohnen
f74d7e22eb
update aws image
2022-04-01 17:18:07 +02:00
katexochen
66fe34ee32
Write WireGuard config file on init
2022-03-31 15:43:25 +02:00
Malte Poll
8d7253ca75
Bump coreos images to 1648560610
2022-03-30 17:14:34 +02:00
Leonard Cohnen
2d8fcd9bf4
monorepo
...
Co-authored-by: Malte Poll <mp@edgeless.systems>
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
Co-authored-by: Benedict Schlueter <bs@edgeless.systems>
Co-authored-by: leongross <leon.gross@rub.de>
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
2022-03-22 16:09:39 +01:00