Commit Graph

275 Commits

Author SHA1 Message Date
renovate[bot]
a5aa820d8c
Update Constellation containers (#602)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-21 11:23:06 +01:00
Otto Bittner
bdd9dd922b
AB#2589: Deploy operators via Helm (#575)
* Only deploy operators on GCP/Azure.
* cert-manager is now deployed by default (GCP/Azure)
* remove OLM
2022-11-21 10:35:40 +01:00
Malte Poll
74aabe86fa Move PCR[8] -> PCR[12] 2022-11-18 10:37:45 +01:00
Fabian Kammel
56dccb77b4
Merge back changes from v2.2.2 release (#580)
* prepare v2.2.2 release and update release.md
* Updated QEMU measurements
* Terraform GCP: Always use the local account for resource creation (#571)
* CoreOS is no longer used, change docs to OS.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-11-18 10:24:45 +01:00
Daniel Weiße
b966f57a2f
AB#2554 GCP CSI driver deployment (#532)
* Allow enabling/disabling of CSI driver through config

* Fix inconsistent namespace parsing

* Deploy GCP CSI driver on init

* Update invalid pod tolerations

* Add generate script for CSI charts

* Update generateCilium script

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-18 10:05:02 +01:00
Nils Hanke
4a2cba988c Create separate Terraform workspace directory 2022-11-17 13:49:34 +01:00
Fabian Kammel
ca4764c466
Merge v2.2.1 changes back to main (#563)
* Bump version to v2.2.0

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Fix release detection in pipeline

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Update CHANGELOG for 2.2.1

Signed-off-by: Fabian Kammel <fk@edgeless.systems>

* bump constellation versions to 2.2.1

Signed-off-by: Fabian Kammel <fk@edgeless.systems>

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2022-11-16 11:13:10 +01:00
Fabian Kammel
bb76a4e4c8
AB#2512 Config secrets via env var & config refactoring (#544)
* refactor measurements to use consistent types and less byte pushing
* refactor: only rely on a single multierr dependency
* extend config creation with envar support
* document changes
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-15 15:40:49 +01:00
Leonard Cohnen
c51694a51a kubernetes: add hashes to components 2022-11-15 11:07:46 +01:00
Daniel Weiße
5efe05d933
AB#2525 clean up unused code (#504)
* Rename Metadata->Cloud

* Remove unused methods, functions, and variables

* More privacy for testing stubs

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-15 10:31:55 +01:00
Daniel Weiße
f41c54e837
AB#2524 Refactor Azure metadata/cloud API (#477)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-15 09:08:18 +01:00
renovate[bot]
df0c6159db Update K8s constrained versions 2022-11-14 09:33:42 +01:00
Daniel Weiße
a07cab4b97
Update go-tpm dependency (#533)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-14 09:02:56 +01:00
Fabian Kammel
b92b3772ca
Remove access manager (#470)
* remove access manager from code base
* document new node ssh workflow
* keep config backwards compatible
* slow down link checking to prevent http 429
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-11 08:44:36 +01:00
renovate[bot]
c6f4b2e1a0
Update Constellation containers to v2.3.0-pre.0.20221109145754-0d12e37c9699 (#497)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-09 18:17:31 +01:00
Fabian Kammel
0d12e37c96
Document exported funcs,types,interfaces and enable check. (#475)
* Include EXC0014 and fix issues.
* Include EXC0012 and fix issues.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2022-11-09 15:57:54 +01:00
Daniel Weiße
c9873f2bfb
AB#2523 Refactor GCP metadata/cloud API (#387)
* Refactor GCP metadata/cloud API

* Remove cloud controller manager from metadata package

* Remove PublicIP

* Move shared cloud packages

* Remove dead code

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-09 14:43:48 +01:00
Leonard Cohnen
3c6d59ce7e aws: don't flag release as debug images 2022-11-09 11:20:58 +01:00
Leonard Cohnen
97acdfa297 config: align pre-filled AWS measurements 2022-11-09 11:20:58 +01:00
Daniel Weiße
011f9c597d
Bring in changes from release branch (#479)
* Bump version to v2.2.0

* Update changelog

* Fix release detection in pipeline

* Fix PKI selection in pipeline

* Set enforced measurements for AWS

* Update default images

* Fix release docs

* Update mini-con defaults

* Fix measurements action

* Fix syft env variable naming

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-08 18:32:59 +01:00
renovate[bot]
9ecc92e35f
Update dependency kubernetes-sigs/cri-tools to v1.25.0 (#458)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-04 17:38:52 +01:00
3u13r
4f4cd4cc67
bump verify image 20221104 (#459) 2022-11-04 13:56:19 +01:00
Leonard Cohnen
6fce8f77d3 join-service: bump image for AWS support 2022-11-03 16:44:54 +01:00
Otto Bittner
f164af29cf
AB#2583: deploy autoscaler via helm (#438) 2022-11-03 16:42:19 +01:00
Otto Bittner
0887bc540f
Fix invalid slice access in validateAk (#437) 2022-11-03 09:57:59 +01:00
Leonard Cohnen
1f9a788c21 aws: name instances for CCM 2022-11-02 23:29:04 +01:00
Leonard Cohnen
3aa0177333 join-service: add AWS attestation 2022-11-02 23:29:04 +01:00
Leonard Cohnen
b69d19c3d6 metadata: clarify networking variables 2022-11-02 23:29:04 +01:00
Leonard Cohnen
0430336fdf metadata: implement GetLoadBalancerEndpoint for AWS 2022-11-02 23:29:04 +01:00
Leonard Cohnen
dd007f4772 metadata: move subnetCIDR to InstanceMetadata 2022-11-02 23:29:04 +01:00
Leonard Cohnen
d59dc82e56 qemu attestation: fix typos 2022-11-02 23:29:04 +01:00
Leonard Cohnen
f199b08068 attestation: make AWS TPM check use the correct region 2022-11-02 23:29:04 +01:00
renovate[bot]
302303f2ea
Update K8s constrained versions (#428)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-02 13:28:41 +01:00
Daniel Weiße
55cfff034a
Remove PublicIP from QEMU metadata (#396)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-02 12:56:16 +01:00
Leonard Cohnen
8f8236a491 bump verification service 2022-10-31 17:00:14 +01:00
renovate[bot]
116736a7b9
Update Constellation containers (#402)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-31 11:00:36 +01:00
renovate[bot]
fd74ef754e
Update K8s version constrained containers (missing v1 prefix) (#399)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-31 10:34:12 +01:00
Daniel Weiße
79f52e67cb
Update go-tpm-tools to fix AWS PCR selection (#390)
* Update go-tpm-tools to fix AWS PCR selection

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Ignore leaking glog go routine

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-28 17:57:24 +02:00
Malte Poll
caadd50056
Use renovate to update versions.go (#388)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-28 15:01:58 +02:00
Nils Hanke
34f729ccd2 Case insensitive replace for every user input that could break azurerm 2022-10-27 11:35:14 +02:00
leongross
d457620941
AB#2458 AWS NitroTPM attestation (#339)
* add aws tpm attestation
* fix typos
* Fix return value issue

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2022-10-27 11:04:23 +02:00
Malte Poll
447f0bbf39 Add AWS CCM versions 2022-10-26 15:07:34 +02:00
Paul Meyer
c05b22f1dc
Remove dead code (#373)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-26 10:29:28 +02:00
Malte Poll
c1e3231848
Preinstall kubelet systemd unit in OS images (#365) 2022-10-25 16:36:03 +02:00
Malte Poll
2d121d9243
Replace interface{} -> any (#370) 2022-10-25 15:51:23 +02:00
Daniel Weiße
6fe750f21b Update operator image
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-25 08:41:42 +02:00
Daniel Weiße
b35b74b772
Use tags for UID and role parsing (#242)
* Apply tags to all applicable GCP resources

* Move GCP UID and role from VM metadata to labels

* Adjust Azure tags to be in line with GCP and AWS

* Dont rely on resource name to find resources

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-24 16:58:21 +02:00
Malte Poll
8ef1400810
Upgrade libvirt container image (#348) 2022-10-24 10:32:37 +02:00
Daniel Weiße
3ccde25584
Implement minimal feature support for bootstrapper on AWS (#333)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-24 09:12:01 +02:00
Daniel Weiße
252a7226a9 Fix ordering of QEMU config values
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-21 16:19:00 +02:00