Commit Graph

472 Commits

Author SHA1 Message Date
Malte Poll
c88dc8f59a Write images README with instructions on how to build constellation images locally ()
Write images README with instructions on how to build constellation images locally

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2022-05-30 11:38:06 +02:00
leongross
15e668d09b Add machine variable to terraform module ()
* add variable machine to enable/disable secure boot

* add role description
2022-05-30 10:29:34 +02:00
Thomas Tendyck
b84d8add73 Create CHANGELOG.md ()
* Create CHANGELOG.md

* Update CHANGELOG.md
2022-05-27 16:53:16 +02:00
Thomas Tendyck
42fc497477 cli: fix and tweak config file wording 2022-05-27 16:53:04 +02:00
Thomas Tendyck
9f0c751f1b cli: fix command order and minor wording tweaks in config cmd 2022-05-27 16:53:04 +02:00
Malte Poll
88ec7397c9 terraform libvirt: document usage
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-25 10:30:58 +02:00
Malte Poll
24bf1d21f7 hack: script to transform terraform state to constellation state
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-25 10:30:58 +02:00
Malte Poll
6bb393fcb7 cdbg: allow parsing state to query QEMU instances for cdbg deploy
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-25 10:30:58 +02:00
Malte Poll
ff657a2ee7 terraform template libvirt
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-25 10:30:58 +02:00
Daniel Weiße
869448c3e1 Add mutual aTLS support ()
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-24 16:33:44 +02:00
Malte Poll
5d7bf86b30 GCP create: Embed constellation role in instance templates to allow role detection prior to node activation 2022-05-24 10:37:02 +02:00
Thomas Tendyck
2ba3c153de AB#2117 cli: validate config ()
* AB#2117 cli: validate config

* update hack/go.mod
2022-05-23 15:01:39 +02:00
Fabian Kammel
45bf9f15fb always try to upload constellation state file () 2022-05-23 14:43:32 +02:00
Malte Poll
c16f5391db bump images 1653299706
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-23 14:26:10 +02:00
Malte Poll
0c244ee2bc Use cmake to compile debugd / cdbg
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-23 13:15:04 +02:00
Malte Poll
1331ee4077 Install kubernetes on init / join and restart kubelet after reboot
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-23 11:40:22 +02:00
Malte Poll
f67cf2d31f k8s binary components version map and install directives
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-23 11:40:22 +02:00
Malte Poll
14f6985fe3 Implement binary file installer & extractor
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-23 11:40:22 +02:00
Daniel Weiße
10333def05 Fedora build instructions && and more reproducible builds ()
* Add Fedora build requirements

* Move cmake builds into docker

* Add Docker to requirements

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-05-23 10:35:14 +02:00
Thomas Tendyck
65c387c2b2 remove old e2e test 2022-05-21 14:30:05 +02:00
Moritz Eckert
6dc97590fe Enable and configure k8s audit-log ()
* Enable and configure k8s audit-log

* Update coordinator/kubernetes/k8sapi/kubeadm_config.go

Co-authored-by: Malte Poll <mp@edgeless.systems>

* add mount point for audit log dir in kubeadm conf

* Mount audit policy into kube-apiserver static pod

* Write default auditpolicy on cluster init / cluster join

Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-05-20 17:30:37 +02:00
Moritz Eckert
e4a9be832c Add cis benchmark to conformance test ()
* Add cis benchmark to conformance docs

* Update e2e workflow to include cis benchmarks
2022-05-19 14:57:21 +02:00
Thomas Tendyck
206dae8fd2 readme: move debugd and local image testing to other files and add a component overview 2022-05-19 08:56:28 +02:00
Daniel Weiße
0a24de24ee AB#2103 Derive key from LUKS UUID instead of disk name ()
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-19 08:47:17 +02:00
Fabian Kammel
daf356d88e fixed wording () 2022-05-18 19:01:11 +02:00
Fabian Kammel
f620d6194d run go mod tidy in hack folder. () 2022-05-18 18:44:40 +02:00
Fabian Kammel
135c787001 AB#2098 versioned & strict yaml reading () 2022-05-18 18:10:57 +02:00
Fabian Kammel
7c2d1c3490 AB#2094 cloud provider specific configs ()
add argument to generate cloud specific configuration file
2022-05-18 11:39:14 +02:00
Nils Hanke
54e2e492df Update authorizedKeys field names for cdbg in README 2022-05-18 10:48:52 +02:00
Nils Hanke
5fa23d4bec Use "new" config for YAML parsing directives 2022-05-18 10:48:52 +02:00
Nils Hanke
c9982b979c Add unit test for SSH user creation on nodes 2022-05-17 18:00:21 +02:00
Nils Hanke
ed071d389c Add SSH users on subsequent coordinators & nodes 2022-05-17 18:00:21 +02:00
Malte Poll
084ed0c4ef cdbg config: use unified firewall rules 2022-05-17 17:50:52 +02:00
Daniel Weiße
7ba2fdd1a1 Fix proto file generation ()
* Fix kms export path

* Regenerate proto files

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-17 15:02:14 +02:00
Fabian Kammel
08f4f4e0aa updated images to newest version () 2022-05-17 14:24:44 +02:00
Moritz Eckert
772aa66fb4 Set hardcoded file permissions to 0o600 () 2022-05-17 13:10:39 +02:00
Paul Meyer
8e0f9491af Create hack folder with independent modules () 2022-05-17 11:14:23 +02:00
Fabian Kammel
cfad36720b Cloned UserKey struct to config so it can be documented. Added examples. () 2022-05-17 10:52:37 +02:00
Fabian Kammel
b905c28515 AB#2061 Self Documenting Config File ()
Move firewall up into root config, remove VPC config & autogenerate comments in config file.
2022-05-16 18:54:25 +02:00
Nils Hanke
cdfd962fcc Add --cdbg-config next to --config for cdbg 2022-05-16 17:57:51 +02:00
Nils Hanke
68092f27dd AB#2046 : Add option to create SSH users for the first coordinator upon initialization ()
* Move `file`, `ssh` and `user` packages to internal
* Rename `SSHKey` to `(ssh.)UserKey`
* Rename KeyValue / Publickey to PublicKey
* Rename SSH key file from "debugd" to "ssh-keys"
* Add CreateSSHUsers function to Core
* Call CreateSSHUsers users on first control-plane node, when defined in config

Tests:
* Make StubUserCreator add entries to /etc/passwd
* Add NewLinuxUserManagerFake for unit tests
* Add unit tests & adjust existing ones to changes
2022-05-16 17:32:00 +02:00
Fabian Kammel
5dc2e71d80 generate constellation config in e2e pipeline () 2022-05-16 16:44:53 +02:00
Malte Poll
baa7dbc1ef Move debugd config to separate file
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-16 15:20:23 +02:00
Nils Hanke
25b0ca2a06 Use filename from input instead of hardcoded name 2022-05-16 15:15:05 +02:00
Malte Poll
3b30291360 QEMU CSP Config: PCRs -> Measurements
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-13 13:36:03 +02:00
Malte Poll
c679526bae Remove ConstellationPort from config file
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-13 13:36:03 +02:00
Fabian Kammel
83857b142c AB#2064 Feat/config/dev config to config ()
Renamed dev-config to config, additionally changed cdbg config to yaml.
2022-05-13 11:56:43 +02:00
Thomas Tendyck
fde7304d78 Update validargs.go 2022-05-13 11:43:48 +02:00
Daniel Weiße
9c5590bbce Add LUKS2 header size constant ()
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-13 09:24:54 +02:00
Moritz Eckert
5ad34e0425 Apply CIS benchmark to kubelet conf
Signed-off-by: Malte Poll <mp@edgeless.systems>
Co-authored-by: Moritz Eckert <me@edgeless.systems>
2022-05-12 17:25:45 +02:00