Commit Graph

174 Commits

Author SHA1 Message Date
Otto Bittner
a0ac957227 versions: update join- & keyservice images 2023-01-19 13:14:55 +01:00
Otto Bittner
9a1f52e94e Refactor init/recovery to use kms URI
So far the masterSecret was sent to the initial bootstrapper
on init/recovery. With this commit this information is encoded
in the kmsURI that is sent during init.
For recover, the communication with the recoveryserver is
changed. Before a streaming gRPC call was used to
exchanges UUID for measurementSecret and state disk key.
Now a standard gRPC is made that includes the same kmsURI &
storageURI that are sent during init.
2023-01-19 13:14:55 +01:00
renovate[bot]
90ea35ae35
Update Constellation containers to v2.5.0-pre.0.20230118154955-632090c21b93 (#1014)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-01-18 17:28:04 +01:00
renovate[bot]
41eb533d63
Update Constellation containers (#1003)
https://github.com/edgelesssys/constellation/actions/runs/3943576556/jobs/6748558235
2023-01-18 09:44:36 +01:00
renovate[bot]
bbda3d1ecd
Update registry.k8s.io/provider-aws/cloud-controller-manager Docker tag to v1.25.2 (#979)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-17 16:10:26 +01:00
renovate[bot]
a3035167b6
Update Constellation containers (#965)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-16 16:59:49 +01:00
Otto Bittner
89f075d490 versions: rename KmsImage to KeyServiceImage 2023-01-16 15:14:23 +01:00
Paul Meyer
42135dfdd6 versions: update container images to v2.5.0-pre
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-16 14:54:41 +01:00
Otto Bittner
90b88e1cf9 kms: rename kms to keyservice
In the light of extending our eKMS support it will be helpful
to have a tighter use of the word "KMS".
KMS should refer to the actual component that manages keys.
The keyservice, also called KMS in the constellation code,
does not manage keys itself. It talks to a KMS backend,
which in turn does the actual key management.
2023-01-16 11:56:34 +01:00
Malte Poll
bcd8aa9acc
Use upstream node-maintenance-operator (#115) 2023-01-12 16:01:03 +01:00
Paul Meyer
4bc191e434 versions: move hash generator into own package
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-11 14:29:32 +01:00
Paul Meyer
c081664d03 versions: repair hash generation
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-11 14:29:32 +01:00
renovate[bot]
d24fac00f0
Update Constellation containers (#884)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-01-09 13:15:28 +01:00
Leonard Cohnen
3637909a46 internal: move components into their own package 2023-01-09 12:16:54 +01:00
Paul Meyer
49534d463d
deps: update cluster autoscaler (#835)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-06 16:47:31 +01:00
renovate[bot]
8b11a18239
Update K8s constrained Azure versions (#886)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-06 14:15:16 +01:00
renovate[bot]
f99a3189d8
Update K8s constrained versions (#799)
* Update K8s constrained versions
* Update azure images to v1.26
* Revert upgrade for k8s v1.23

Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-06 10:40:37 +01:00
Paul Meyer
afbd4a3dc1
deps: upgrade AWS cloud controller manager (#863)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-05 16:35:19 +01:00
renovate[bot]
7eae68d4f9 Update Constellation containers 2023-01-05 15:43:11 +01:00
Leonard Cohnen
25c3a8a1f3 init: add cluster version to kubernetes components 2023-01-05 14:52:09 +01:00
renovate[bot]
9c71145862
Update K8s version independent containers to v0.0.35 (#872)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-05 13:26:55 +01:00
renovate[bot]
cf3169cf44
Update Constellation containers (#854)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-05 08:14:57 +01:00
renovate[bot]
324ef42c42
Update Constellation containers (#852)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-01-03 12:30:07 +01:00
Paul Meyer
de6ee412ac deps: update AWS cloud controller manager
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-03 12:14:16 +01:00
Leonard Cohnen
4b43311fbd bump microservice versions 2023-01-03 11:51:29 +01:00
renovate[bot]
8ddc8cdb65 Update dependency kubernetes-sigs/cri-tools to v1.26.0 2022-12-16 10:43:33 +01:00
renovate[bot]
7ffbad12be
Update Constellation containers to v2.3.0-pre.0.20221212170906-a77f38efbb31 (#779)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-14 10:46:15 +01:00
Paul Meyer
c741ccfb4b kubernetes: use new registry
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-13 16:08:19 +01:00
Paul Meyer
6862c2587f kubernetes: add v1.26, default to v1.25
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-13 16:08:19 +01:00
Malte Poll
c3b657de01 Bump version to v2.3.0 2022-12-12 17:45:35 +01:00
renovate[bot]
5eae12778a
Update Constellation containers (#777)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-12-09 18:45:09 +01:00
renovate[bot]
012f739c67
Update Constellation containers (#759)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-09 16:32:58 +01:00
renovate[bot]
72ba97efcc
Update K8s constrained versions (#762)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-09 13:17:55 +01:00
renovate[bot]
3435ac216f
Update Constellation containers (#748)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-12-08 11:38:05 +01:00
renovate[bot]
bb9122f115
Update Constellation containers to v2.3.0-pre.0.20221207104854-286803fb97a0 (#747)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-12-07 15:12:04 +01:00
renovate[bot]
be01cf7129
Update Constellation containers to v2.3.0-pre.0.20221206170532-a9ed8c0191ac (#733)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-07 10:44:45 +01:00
Paul Meyer
cb734a2e66 debugd: pin logcollector container digest
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-06 18:05:32 +01:00
renovate[bot]
1766f0e4b3
Update Constellation containers to v2.3.0-pre.0.20221205155634-0981ab6fa45b (#725)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-06 13:29:54 +01:00
renovate[bot]
0981ab6fa4
Update Constellation containers to v2.3.0-pre.0.20221205121645-176dae317f6c (#719)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-05 16:56:34 +01:00
Paul Meyer
176dae317f debugd: fix logcollector container image naming
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-05 13:16:45 +01:00
Paul Meyer
226a6b6626 debugd: let renovate manage logcollector images
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-02 18:54:24 +01:00
renovate[bot]
3c62b841ed
Update Constellation containers (#705)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-02 18:48:03 +01:00
Leonard Cohnen
0c71cc77f6 joinservice: use configmap for k8s components 2022-12-02 14:34:38 +01:00
renovate[bot]
de77f1d9be
Update ghcr.io/edgelesssys/constellation/qemu-metadata-api Docker tag to v2.3.0-pre.0.20221201105133-8004edcc144d (#700)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-01 18:49:02 +01:00
Malte Poll
e67f65709f
Prepare release checklist for v2.3 (#690) 2022-12-01 10:46:04 +01:00
renovate[bot]
da114519ca
Update Constellation containers (#693)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-01 08:07:09 +01:00
Leonard Cohnen
7e57944cc0 versions: bump qemu metadata image 2022-11-30 18:58:22 +01:00
renovate[bot]
016f7a67c2
Update Constellation containers to v2.3.0-pre.0.20221130104839-9537fb73c015 (#684)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-30 16:53:58 +01:00
Paul Meyer
b93b24e058 debugd: add logcollector
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-30 16:26:25 +01:00
renovate[bot]
8fbc4b9b19
Update ghcr.io/edgelesssys/constellation/node-operator Docker tag to v2.3.0-pre.0.20221129130129-a32f9ae75290 (#671)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-30 11:34:57 +01:00
renovate[bot]
e2673cac29
Update Constellation containers (#663)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-29 13:46:13 +01:00
Leonard Cohnen
c978329839 helm: fix expected helm charts 2022-11-27 16:43:50 +01:00
renovate[bot]
a3661d6c07
Update Constellation containers to v2.3.0-pre.0.20221125110824-89b25f8ebbd7 (#652)
* Update Constellation containers to v2.3.0-pre.0.20221125110824-89b25f8ebbd7
* Update node operator and add hashes back for every container image

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-11-25 15:17:58 +01:00
renovate[bot]
0b85709dd2 Update Constellation containers to v2.3.0-pre.0.20221124095758-f8001efbc0d0 2022-11-24 13:52:44 +01:00
renovate[bot]
8ce954e012
Update Constellation containers to v2.3.0-pre.0.20221123084142-3dc9c6086469 (#636)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-24 09:22:49 +01:00
Leonard Cohnen
1e98b686b6 kubernetes: verify Kubernetes components 2022-11-23 10:48:03 +01:00
renovate[bot]
bc346805aa
Update Constellation containers to v2.3.0-pre.0.20221121163101-1362e40f53ad (#615)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-22 12:39:50 +01:00
renovate[bot]
a5aa820d8c
Update Constellation containers (#602)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-21 11:23:06 +01:00
Otto Bittner
bdd9dd922b
AB#2589: Deploy operators via Helm (#575)
* Only deploy operators on GCP/Azure.
* cert-manager is now deployed by default (GCP/Azure)
* remove OLM
2022-11-21 10:35:40 +01:00
Fabian Kammel
56dccb77b4
Merge back changes from v2.2.2 release (#580)
* prepare v2.2.2 release and update release.md
* Updated QEMU measurements
* Terraform GCP: Always use the local account for resource creation (#571)
* CoreOS is no longer used, change docs to OS.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-11-18 10:24:45 +01:00
Fabian Kammel
ca4764c466
Merge v2.2.1 changes back to main (#563)
* Bump version to v2.2.0

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Fix release detection in pipeline

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Update CHANGELOG for 2.2.1

Signed-off-by: Fabian Kammel <fk@edgeless.systems>

* bump constellation versions to 2.2.1

Signed-off-by: Fabian Kammel <fk@edgeless.systems>

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2022-11-16 11:13:10 +01:00
Leonard Cohnen
c51694a51a kubernetes: add hashes to components 2022-11-15 11:07:46 +01:00
renovate[bot]
df0c6159db Update K8s constrained versions 2022-11-14 09:33:42 +01:00
Fabian Kammel
b92b3772ca
Remove access manager (#470)
* remove access manager from code base
* document new node ssh workflow
* keep config backwards compatible
* slow down link checking to prevent http 429
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-11 08:44:36 +01:00
renovate[bot]
c6f4b2e1a0
Update Constellation containers to v2.3.0-pre.0.20221109145754-0d12e37c9699 (#497)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-09 18:17:31 +01:00
Fabian Kammel
0d12e37c96
Document exported funcs,types,interfaces and enable check. (#475)
* Include EXC0014 and fix issues.
* Include EXC0012 and fix issues.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2022-11-09 15:57:54 +01:00
Daniel Weiße
011f9c597d
Bring in changes from release branch (#479)
* Bump version to v2.2.0

* Update changelog

* Fix release detection in pipeline

* Fix PKI selection in pipeline

* Set enforced measurements for AWS

* Update default images

* Fix release docs

* Update mini-con defaults

* Fix measurements action

* Fix syft env variable naming

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-08 18:32:59 +01:00
renovate[bot]
9ecc92e35f
Update dependency kubernetes-sigs/cri-tools to v1.25.0 (#458)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-04 17:38:52 +01:00
3u13r
4f4cd4cc67
bump verify image 20221104 (#459) 2022-11-04 13:56:19 +01:00
Leonard Cohnen
6fce8f77d3 join-service: bump image for AWS support 2022-11-03 16:44:54 +01:00
renovate[bot]
302303f2ea
Update K8s constrained versions (#428)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-02 13:28:41 +01:00
Leonard Cohnen
8f8236a491 bump verification service 2022-10-31 17:00:14 +01:00
renovate[bot]
116736a7b9
Update Constellation containers (#402)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-31 11:00:36 +01:00
renovate[bot]
fd74ef754e
Update K8s version constrained containers (missing v1 prefix) (#399)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-31 10:34:12 +01:00
Malte Poll
caadd50056
Use renovate to update versions.go (#388)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-28 15:01:58 +02:00
Malte Poll
447f0bbf39 Add AWS CCM versions 2022-10-26 15:07:34 +02:00
Malte Poll
c1e3231848
Preinstall kubelet systemd unit in OS images (#365) 2022-10-25 16:36:03 +02:00
Daniel Weiße
6fe750f21b Update operator image
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-25 08:41:42 +02:00
Daniel Weiße
b35b74b772
Use tags for UID and role parsing (#242)
* Apply tags to all applicable GCP resources

* Move GCP UID and role from VM metadata to labels

* Adjust Azure tags to be in line with GCP and AWS

* Dont rely on resource name to find resources

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-24 16:58:21 +02:00
Malte Poll
8ef1400810
Upgrade libvirt container image (#348) 2022-10-24 10:32:37 +02:00
Malte Poll
c16f5a976d
AB#2365 Upgrade k8s base deployments (add full support for k8s 1.25) (#277)
* Add container image release for CCM GCP v25.2.0
* Upgrade versions of kubernetes base components
2022-10-17 08:58:13 +02:00
katexochen
263c700e73 Update operator version 2022-10-13 16:38:35 +02:00
katexochen
87adf66708 Update qemu image 2022-10-10 13:43:15 +02:00
katexochen
eb340c1e1f Build microservices on release branch 2022-10-10 13:43:15 +02:00
Daniel Weiße
0edae36e43
AB#2426 Mini Constellation (#198)
* Mini Constellation commands to quickly deploy a local Constellation cluster

* Download libvirt container image if not present locally

* Fix libvirt KVM permission issues by creating kvm group using host GID inside container

* Remove QEMU specific values from state file

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Nils Hanke <nils.hanke@outlook.com>
2022-10-07 09:38:43 +02:00
katexochen
4ccd96bf64 Pin container image hashes 2022-10-06 19:16:20 +02:00
katexochen
884c46179a Bump konnectivity version 2022-10-06 19:16:20 +02:00
katexochen
bede530de7 Bump k8s versions 2022-10-06 19:16:20 +02:00
katexochen
9edfc2f6ba Move k8s version window up 2022-10-06 19:16:20 +02:00
Fabian Kammel
369480a50b
Feat/revive (#212)
* enable revive as linter
* fix var-naming revive issues
* fix blank-imports revive issues
* fix receiver-naming revive issues
* fix exported revive issues
* fix indent-error-flow revive issues
* fix unexported-return revive issues
* fix indent-error-flow revive issues
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-10-05 15:02:46 +02:00
Daniel Weiße
acdcb535c0
AB#2444 Verify Azure trusted launch attestation keys (#203)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-04 16:44:44 +02:00
katexochen
a60e76e91f Upgrade operator version 2022-09-30 17:51:49 +02:00
katexochen
6401c345f0 Upgrade node operator 2022-09-20 14:41:54 +02:00
Leonard Cohnen
2d8f2af91b prepare release v2.0.0 2022-09-12 19:03:01 +02:00
Nils Hanke
c51dec6d00 Use distroless images for JoinService & KMS 2022-09-09 18:11:33 +02:00
Malte Poll
b8b169c93d
Bump node-operator (#114) 2022-09-09 17:33:55 +02:00
Leonard Cohnen
7163c161b6 Deploy Konnectivity 2022-09-09 17:26:02 +02:00
Malte Poll
50acded80b
Bump join service (#79) 2022-09-05 17:23:11 +02:00
Malte Poll
c1185241bb temporarily upgrade join-service
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-09-05 16:57:28 +02:00
Malte Poll
c38a142d64 Kubernetes 1.25 preview
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-09-05 16:57:28 +02:00