renovate[bot]
9a5a7d6852
deps: update Terraform google to v4.53.1 ( #1198 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-21 09:21:12 +01:00
Paul Meyer
12c866bcb9
deps: replace multierr with native errors.Join
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-20 12:08:24 -05:00
Moritz Sanft
7410cf8038
cli: fix iam rollback ( #1148 )
...
* AB#2897 rename DestroyCluster
* #AB2897 error if terraform dir exists
* AB#2897 reword DestroyResources
2023-02-13 08:42:54 +01:00
Nils Hanke
0331e2dc78
cli: enable jumbo frames for GCP VPCs
2023-02-06 11:07:45 +01:00
renovate[bot]
a85ba96ac4
deps: update Terraform azurerm to v3.41.0 ( #1097 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-27 16:33:32 +01:00
renovate[bot]
38e9ab8254
deps: update Terraform aws to v4.52.0 ( #1096 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-27 16:14:17 +01:00
renovate[bot]
b47a2f81a2
deps: update Terraform google to v4.50.0 ( #1098 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-27 16:13:44 +01:00
3u13r
6ea6e42519
terraform: make control-planes stateful on gcp ( #1087 )
...
* terraform: make control-planes stateful on gcp
* terraform: lock google-beta provider
2023-01-27 12:59:25 +01:00
Malte Poll
2d326ea3f0
cli: set placeholder uid for QEMU / MiniConstellation ( #1069 )
2023-01-25 14:42:52 +01:00
3u13r
03154c6e64
docs: document terraform support ( #1037 )
2023-01-23 10:37:28 +01:00
Moritz Sanft
b8648261e3
cli: fix Terraform resource group dependencies ( #1048 )
2023-01-20 18:59:59 +01:00
renovate[bot]
d4722b434e
Update Terraform aws to v4.50.0 ( #1015 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-19 17:09:01 +01:00
Daniel Weiße
690b50b29d
dev-docs: Go package docs ( #958 )
...
* Remove unused package
* Add Go package docs to most packages
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Fabian Kammel <fk@edgeless.systems>
2023-01-19 15:57:50 +01:00
Moritz Sanft
ae2db08f3a
ci: add e2e test for constellation recover ( #845 )
...
* AB#2256 Add recover e2e test
* AB#2256 move test & fix minor objections
* AB#2256 fix path
* AB#2256 rename hacky filename
2023-01-19 10:41:07 +01:00
renovate[bot]
4577a5886f
Update Terraform google to v4.48.0 ( #929 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-17 16:01:02 +01:00
Malte Poll
7902dc470f
cli: use non-authoritative methods to manage iam policy memberships ( #989 )
...
- google_project_iam_binding -> google_project_iam_member
2023-01-16 18:08:57 +01:00
Nils Hanke
b3c3c2fa8c
qemu: remove registry_auth for Docker Terraform module ( #957 )
2023-01-12 15:47:50 +01:00
Paul Meyer
fa85150f3e
hack: move terraform readmes into cli
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-09 11:49:00 +01:00
renovate[bot]
3d6b11e7cb
Update Terraform azurerm to v3.38.0 ( #895 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-06 16:28:04 +01:00
renovate[bot]
19b3d68c8a
Update Terraform aws to v4.49.0 ( #894 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-06 16:27:40 +01:00
renovate[bot]
ab626ca311
Update Terraform docker to v2.25.0 ( #880 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-06 15:18:38 +01:00
renovate[bot]
7c017e2b67
Update Terraform azurerm to v3.37.0 ( #849 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-03 14:47:44 +01:00
renovate[bot]
d88f144806
Update Terraform libvirt to v0.7.1 ( #830 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-30 14:24:54 +01:00
renovate[bot]
cbc34b73ec
Update Terraform google to v4.47.0 ( #843 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-30 14:04:00 +01:00
renovate[bot]
320c24e778
Update Terraform aws to v4.48.0 ( #842 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-30 14:02:44 +01:00
renovate[bot]
fd640afe96
Update Terraform google to v4.46.0 ( #798 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-14 19:15:51 +01:00
renovate[bot]
85f9d62a9f
Update Terraform azurerm to v3.35.0 ( #768 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-09 15:21:13 +01:00
renovate[bot]
4ec2fceeef
Update Terraform aws to v4.46.0 ( #767 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-09 15:13:09 +01:00
renovate[bot]
9d0d561726
Update Terraform google to v4.45.0 ( #742 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-08 15:59:15 +01:00
Moritz Sanft
286803fb97
AB#2579 Add constellation iam create command ( #624 )
2022-12-07 11:48:54 +01:00
renovate[bot]
364db78420
Update Terraform azurerm to v3.34.0 ( #726 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-06 13:42:49 +01:00
renovate[bot]
59076b0664
Update Terraform aws to v4.45.0 ( #710 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-05 16:35:38 +01:00
renovate[bot]
68bf23b760
Update Terraform aws to v4.44.0 ( #702 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-01 18:46:31 +01:00
Paul Meyer
b93b24e058
debugd: add logcollector
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-30 16:26:25 +01:00
renovate[bot]
fe74c937b9
Update Terraform azurerm to v3.33.0 ( #678 )
...
* Update Terraform azurerm to v3.33.0
* [bot] Update HCL lock files
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-30 11:41:31 +01:00
renovate[bot]
7c744c0837
Update Terraform aws to v4.43.0 ( #672 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-30 11:22:09 +01:00
renovate[bot]
fffd2b79f2
Update Terraform google to v4.44.1 ( #666 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-29 14:45:07 +01:00
renovate[bot]
9d6d9f0a40
Update Terraform docker to v2.23.1 ( #645 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-29 13:06:36 +01:00
Leonard Cohnen
3b6bc3b28f
initserver: add client verification
2022-11-28 19:34:02 +01:00
renovate[bot]
d8c553207b
Update Terraform google to v4.44.0 ( #622 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-22 14:30:40 +01:00
renovate[bot]
54ef6d21f4
Update Terraform aws to v4.40.0 ( #586 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-18 15:41:02 +01:00
renovate[bot]
86b03bf08e
Update Terraform azurerm to v3.32.0 ( #588 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-18 14:57:34 +01:00
renovate[bot]
b7852665f3
Update Terraform google to v4.43.1 ( #576 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 16:44:33 +01:00
Nils Hanke
6e5895f200
User-friendlier errors
2022-11-17 13:49:34 +01:00
Nils Hanke
e1d8926395
Terraform: Only rollback after we fully created the workspace
2022-11-17 13:49:34 +01:00
Nils Hanke
158dfe0e2b
Remove unused name parameter in CreateCluster
2022-11-17 13:49:34 +01:00
Nils Hanke
b9b618a1f0
Terraform: Try to init before destroy
2022-11-17 13:49:34 +01:00
Nils Hanke
f27af5b588
Terraform: Make variables writing retryable
2022-11-17 13:49:34 +01:00
Nils Hanke
e93527144e
Terraform: Try to use existing files on partially unpacked workspace
2022-11-17 13:49:34 +01:00
Nils Hanke
4a2cba988c
Create separate Terraform workspace directory
2022-11-17 13:49:34 +01:00
Malte Poll
df0cd43f92
Terraform GCP: Always use local account for resource creation ( #571 )
...
* Terraform GCP: Always use local account for resource creation
* Update CHANGELOG
2022-11-17 10:33:36 +01:00
renovate[bot]
5009de823f
Update Terraform aws to v4.39.0 ( #538 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-14 10:35:26 +01:00
renovate[bot]
7bcd4b2f73
Update Terraform azurerm to v3.31.0 ( #539 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-14 10:34:54 +01:00
Fabian Kammel
0d12e37c96
Document exported funcs,types,interfaces and enable check. ( #475 )
...
* Include EXC0014 and fix issues.
* Include EXC0012 and fix issues.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2022-11-09 15:57:54 +01:00
Malte Poll
97bb0f4a91
Update terraform lock files to include hashes for all platforms ( #499 )
...
- linux_arm64
- linux_amd64
- darwin_arm64
- darwin_amd64
- windows_amd64
2022-11-09 14:23:51 +01:00
renovate[bot]
9191f8ac61
Update Terraform docker to v2.23.0 ( #495 )
...
* Update Terraform docker to v2.23.0
* Readd removed terraform lock hashes
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-11-09 13:35:17 +01:00
renovate[bot]
0e34d35404
Update Terraform google to v4.43.0 ( #484 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-09 10:30:02 +01:00
renovate[bot]
b8acb5e448
Update Terraform aws to v4.38.0 ( #464 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-08 18:34:45 +01:00
Nils Hanke
ee55584b90
AWS: Apply security group to worker nodes
2022-11-08 11:22:06 +01:00
Malte Poll
41668d50c2
Add recovery loadbalancer on AWS
2022-11-08 00:07:04 +01:00
Nils Hanke
759c626e0f
AWS: Don't expose SSH debugging ports on the LB
2022-11-07 13:57:22 +01:00
Malte Poll
fa6dfdff4f
Mark externally managed terraform resources to make infrastructure terraform appliable throughout its lifetime ( #442 )
...
* Mark externally managed terraform resources to make infrastructure terraform appliable throughout its lifetime
* Use correct field for nat gateway
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-07 11:04:10 +01:00
renovate[bot]
b89fae8062
Update Terraform azurerm to v3.30.0 ( #452 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-04 12:34:03 +01:00
renovate[bot]
f71073a77f
Update Terraform google to v4.42.1 ( #434 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-04 10:14:13 +01:00
Leonard Cohnen
0d0191ba4d
aws: make CCM work
2022-11-02 23:29:04 +01:00
Leonard Cohnen
be2b38f2ac
terraform: use HTTPS health check for AWS
2022-11-02 23:29:04 +01:00
Leonard Cohnen
7e385c4c86
terraform: use AWS launch templates
2022-11-02 23:29:04 +01:00
Leonard Cohnen
741684843c
terraform: fix azure password constraints
2022-11-02 09:57:54 +01:00
renovate[bot]
c9e6b4c5b6
Update Terraform azurerm to v3.29.1 ( #405 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-31 10:45:56 +01:00
Daniel Weiße
e66cb84d6e
AB#2532 Dont clean up workspace if rollback fails ( #360 )
...
* Dont clean up workspace if rollback fails
* Remove dependency on CSP from terminate
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-26 15:57:00 +02:00
Malte Poll
2d121d9243
Replace interface{} -> any ( #370 )
2022-10-25 15:51:23 +02:00
Malte Poll
52f140a968
Pin terraform provider hashes ( #361 )
2022-10-25 10:10:46 +02:00
Daniel Weiße
b35b74b772
Use tags for UID and role parsing ( #242 )
...
* Apply tags to all applicable GCP resources
* Move GCP UID and role from VM metadata to labels
* Adjust Azure tags to be in line with GCP and AWS
* Dont rely on resource name to find resources
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-24 16:58:21 +02:00
Nils Hanke
04c4cff9f6
AB#2436: Initial support for create/terminate AWS NitroTPM instances
...
* Add .DS_Store to .gitignore
* Add AWS to config / supported instance types
* Move AWS terraform skeleton to cli/internal/terraform
* Move currently unused IAM to hack/terraform/aws
* Print supported AWS instance types when AWS dev flag is set
* Block everything aTLS related (e.g. init, verify) until AWS attestation is available
* Create/Terminate AWS dev cluster when dev flag is set
* Restrict Nitro instances to NitroTPM supported specifically
* Pin zone for subnets
This is not great for HA, but for now we need to avoid the two subnets
ending up in different zones, causing the load balancer to not be able
to connect to the targets.
Should be replaced later with a better implementation that just uses
multiple subnets within the same region dynamically
based on # of nodes or similar.
* Add AWS/GCP to Terraform TestLoader unit test
* Add uid tag and create log group
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-10-21 12:24:18 +02:00
Malte Poll
f3d78a573f
Disable Azure VM agent and report VM as ready
2022-10-21 11:04:25 +02:00
Malte Poll
ed9acef9d4
Upgrade terraform azure provider to 3.28.0
2022-10-21 11:04:25 +02:00
Malte Poll
743f5fa627
Remove all traces of CoreOS from the codebase
2022-10-21 11:04:25 +02:00
Malte Poll
34367ea3cc
Create mkosi image build pipeline
2022-10-21 11:04:25 +02:00
renovate[bot]
9af0640aad
Update Terraform azurerm to v3.27.0 ( #301 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-18 11:54:29 +02:00
Paul Meyer
01df06e142
Use HTTPS for kube lb health check on Azure ( #305 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-18 11:46:22 +02:00
renovate[bot]
c85dc674ba
Update Terraform libvirt to v0.7.0 ( #304 )
...
* Update Terraform libvirt to v0.7.0
* Use disk block
* Remove nulled disk options
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-18 11:24:43 +02:00
renovate[bot]
0c0a83550d
Update Terraform google to v4.41.0 ( #302 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-18 08:30:24 +02:00
Malte Poll
0c65e41dae
Use worker count to create workers on azure (instead of control plane count)
2022-10-14 14:44:08 +02:00
renovate[bot]
b8d8562a6f
Update Terraform random to v3.4.3
2022-10-14 09:13:35 +02:00
Paul Meyer
282117666e
Fix Azure Terraform for non-CVMs ( #251 )
2022-10-13 16:35:55 +02:00
katexochen
1556e239ca
Remove state file
2022-10-13 15:29:29 +02:00
katexochen
f4af9c56f5
Use Terraform for create Azure
2022-10-13 15:29:29 +02:00
katexochen
98a16b2b47
Create Terraform module for Azure
...
Co-authored-by: Benedict Schlueter <bs@edgeless.systems>
2022-10-13 15:29:29 +02:00
katexochen
a4a61e98ee
Fix Terraform validation errors
2022-10-13 14:54:19 +02:00
Daniel Weiße
0edae36e43
AB#2426 Mini Constellation ( #198 )
...
* Mini Constellation commands to quickly deploy a local Constellation cluster
* Download libvirt container image if not present locally
* Fix libvirt KVM permission issues by creating kvm group using host GID inside container
* Remove QEMU specific values from state file
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Nils Hanke <nils.hanke@outlook.com>
2022-10-07 09:38:43 +02:00
Leonard Cohnen
92618d5284
align load balancer timeout
2022-10-07 03:38:05 +02:00
Daniel Weiße
2ea695896f
AB#2439 Containerized libvirt ( #191 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-05 09:11:30 +02:00
katexochen
f69db6f26e
Enable serial port in debug mode
2022-09-30 16:50:52 +02:00
katexochen
9a96f2ffe1
No public IPs for GCP instances
2022-09-30 16:50:52 +02:00
katexochen
ccbc3d9123
Remove exposure of qemu ip_range_start value
2022-09-30 16:50:52 +02:00
katexochen
d973740b03
Use Terraform for create on GCP
2022-09-30 16:50:52 +02:00
Daniel Weiße
804c173d52
Use terraform in CLI to create QEMU cluster ( #172 )
...
* Use terraform in CLI to create QEMU cluster
* Dont allow qemu creation on os/arch other than linux/amd64
* Allow usage of --name flag for QEMU resources
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-09-26 15:52:31 +02:00