Moritz Sanft
a0dea7e69b
make imagefetcher visible to all subpackages ( #1832 )
2023-05-26 12:05:02 +02:00
3u13r
661f084ffa
cli: use uami for in-cluter authentication ( #1820 )
2023-05-26 11:45:03 +02:00
renovate[bot]
9502bc8ff4
deps: update K8s constrained GCP versions ( #1829 )
...
* deps: update K8s constrained GCP versions
* deps: bump autoscaler image to 1.27
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-26 11:24:12 +02:00
Adrian Stobbe
0a6e5ec02e
config: dynamic attestation configuration through S3 backed API ( #1808 )
2023-05-25 17:43:44 +01:00
Malte Poll
217a744606
image: add go code to upload image info and measurements
2023-05-25 15:01:15 +02:00
Malte Poll
b8751f35f9
image: add intermediate "image" verb to upload tool
2023-05-25 15:01:15 +02:00
Malte Poll
0a7349ca41
attestation: merging of ImageMeasurementsV2
2023-05-25 15:01:15 +02:00
Malte Poll
874c4b76cf
versionsapi: merging of ImageInfo
2023-05-25 15:01:15 +02:00
Malte Poll
d0e53cbb59
cli: image info (v2)
2023-05-25 15:01:15 +02:00
Malte Poll
cd7b116794
cli: image measurements (v2)
2023-05-25 15:01:15 +02:00
Malte Poll
e5b394db87
cli: image measurements (v2)
2023-05-25 15:01:15 +02:00
Malte Poll
9a1ee8697e
osimage: advertise SEV SNP support for gcp images
2023-05-25 15:01:15 +02:00
Leonard Cohnen
c98644df2b
ci: use bazel for unittests
2023-05-23 15:11:10 +02:00
Malte Poll
c1dbbf34c3
cryptsetup: Provide implementation without cgo
2023-05-23 13:44:56 +02:00
renovate[bot]
66ff0b0b78
deps: update registry.k8s.io/provider-aws/cloud-controller-manager Docker tag to v1.27.1 ( #1754 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-23 13:30:38 +02:00
3u13r
6062b10035
cli: split image into oss and enterprise ( #1788 )
2023-05-23 10:49:47 +02:00
Adrian Stobbe
cfef384f36
config: support latest as version value for Azure SEVSNP ( #1786 )
...
* support latest as version value
2023-05-23 08:55:49 +01:00
Moritz Sanft
c69e6777bd
cli: Terraform migrations on upgrade ( #1685 )
...
* add terraform planning
* overwrite terraform files in upgrade workspace
* Revert "overwrite terraform files in upgrade workspace"
This reverts commit 8bdacfb8bef23ef2cdbdb06bad0855b3bbc42df0.
* prepare terraform workspace
* test upgrade integration
* print upgrade abort
* rename plan file
* write output to file
* add show plan test
* add upgrade tf workdir
* fix workspace preparing
* squash to 1 command
* test
* bazel build
* plan test
* register flag manually
* bazel tidy
* fix linter
* remove MAA variable
* fix workdir
* accept tf variables
* variable fetching
* fix resource indices
* accept Terraform targets
* refactor upgrade command
* Terraform migration apply unit test
* pass down image fetcher to test
* use new flags in e2e test
* move file name to constant
* update buildfiles
* fix version constant
* conditionally create MAA
* move interface down
* upgrade dir
* update buildfiles
* fix interface
* fix createMAA check
* fix imports
* update buildfiles
* wip: workspace backup
* copy utils
* backup upgrade workspace
* remove debug print
* replace old state after upgrade
* check if flag exists
* prepare test workspace
* remove prefix
Co-authored-by: Otto Bittner <cobittner@posteo.net>
* respect file permissions
* refactor tf upgrader
* check workspace before upgrades
* remove temp upgrade dir after completion
* clean up workspace after abortion
* fix upgrade apply test
* fix linter
---------
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-05-22 13:31:20 +02:00
edgelessci
87b9d85669
image: update measurements and image version ( #1798 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-05-19 18:17:53 +02:00
edgelessci
2754d7817d
image: update measurements and image version ( #1795 )
...
Co-authored-by: 3u13r <3u13r@users.noreply.github.com>
2023-05-17 19:39:32 +02:00
Adrian Stobbe
f99e06b63b
cli: new flag to set the attestation type for config generate
( #1769 )
...
* add attestation flag to specify type in config
2023-05-17 16:53:56 +02:00
Moritz Eckert
6252193879
cli: deploy cinder as OpenStack CSI plugin
2023-05-17 15:20:39 +02:00
Daniel Weiße
1d5af5f0f4
Rebase fixes
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-17 11:37:26 +02:00
Nils Hanke
e80474ff7f
oid: add missing String() for QEMUTDX
2023-05-17 11:37:26 +02:00
Daniel Weiße
c478df36fa
Add TDX bazel files
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-17 11:37:26 +02:00
Nils Hanke
9e987778e0
measurements: Add length field for WithAllBytes
2023-05-17 11:37:26 +02:00
Nils Hanke
fe3622d982
cli/attestation: use const for PCR/TDX lengths
2023-05-17 11:37:26 +02:00
Daniel Weiße
dd2da25ebe
attestation: tdx issuer/validator ( #1265 )
...
* Add TDX validator
* Add TDX issuer
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-17 11:37:26 +02:00
renovate[bot]
230ea79bcc
deps: update Google SDK ( #1748 )
...
* deps: update Google SDK
* deps: fix grpc_testing import
* deps: update pseudo version tool hashes
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-16 18:13:17 +02:00
Malte Poll
f596a13188
image: include stream in gcp image name ( #1768 )
2023-05-16 12:38:38 +02:00
Daniel Weiße
c834911be1
config: fix migration for v2.7 idkeydigest enforcement format ( #1770 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-16 10:32:01 +02:00
edgelessci
f30e0c9bdd
image: update measurements and image version ( #1756 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-05-12 18:51:47 +02:00
renovate[bot]
a1fddd312c
deps: update K8s constrained GCP versions ( #1565 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-05 14:30:48 +02:00
renovate[bot]
5301534aee
deps: update K8s constrained Azure versions ( #1687 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-05-05 13:58:50 +02:00
Paul Meyer
30cd024076
deps: add Kubernetes v1.27, remove Kubernetes v1.24 ( #1669 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-05-05 13:22:53 +02:00
Paul Meyer
b48866a756
ci: fix measurement generation on scheduled build ( #1741 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-05-05 13:13:51 +02:00
Malte Poll
653bf3621d
image: replicate AWS images to eu-west-1 and eu-west-3
2023-05-05 12:06:44 +02:00
Malte Poll
ad8a3eec4a
versionsapi: increase cloudfront cache invalidation timeout
2023-05-05 12:06:44 +02:00
Malte Poll
ee91d8b1cc
image: implement idempotent upload of os images
2023-05-05 12:06:44 +02:00
Malte Poll
56635c3993
cli: deploy yawol as OpenStack loadbalancer
2023-05-03 21:45:59 +02:00
Daniel Weiße
d7a2ddd939
config: add separate option for handling attestation parameters ( #1623 )
...
* Add attestation options to config
* Add join-config migration path for clusters with old measurement format
* Always create MAA provider for Azure SNP clusters
* Remove confidential VM option from provider in favor of attestation options
* cli: add config migrate command to handle config migration (#1678 )
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-03 11:11:53 +02:00
renovate[bot]
e9103cad0a
deps: update Constellation containers to v2.7.0-pre.0.20230405123345-6bf3c63115a5 ( #1563 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-05-02 15:04:31 +02:00
edgelessci
1ea060e873
image: update measurements and image version ( #1700 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-04-28 08:02:19 +02:00
renovate[bot]
84c7550f37
deps: update Kubernetes versions ( #1688 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-27 18:04:01 +02:00
3u13r
1bdf410b52
bazel: allow custom container_prefix ( #1693 )
...
* build: allow custom container registry
* build: fix .bazeloverwriterc import
2023-04-27 11:52:02 +02:00
Paul Meyer
bf051174f6
ci: update measurements and image version
...
on scheduled build
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-27 10:20:27 +02:00
Malte Poll
c11a3f4460
cli: configurable state disk type on OpenStack ( #1686 )
2023-04-27 09:08:43 +02:00
Malte Poll
9dfad32e33
cli: use Bazel container images
2023-04-18 15:35:15 +02:00
Moritz Sanft
1d0ee796e8
cli: add Terraform log support ( #1620 )
...
* add Terraform logging
* add TF logging to CLI
* fix path
* only create file if logging is enabled
* update bazel files
* register persistent flags manually
* clidocgen
* move logging code to separate file
* reword yes flag parsing error
* update bazel buildfile
* factor out log level setting
2023-04-14 14:15:07 +02:00
Daniel Weiße
ec01c57661
internal: use config to create attestation validators ( #1561 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-04-06 17:00:56 +02:00