renovate[bot]
a5aa820d8c
Update Constellation containers ( #602 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-21 11:23:06 +01:00
Otto Bittner
bdd9dd922b
AB#2589: Deploy operators via Helm ( #575 )
...
* Only deploy operators on GCP/Azure.
* cert-manager is now deployed by default (GCP/Azure)
* remove OLM
2022-11-21 10:35:40 +01:00
Malte Poll
74aabe86fa
Move PCR[8] -> PCR[12]
2022-11-18 10:37:45 +01:00
Fabian Kammel
56dccb77b4
Merge back changes from v2.2.2 release ( #580 )
...
* prepare v2.2.2 release and update release.md
* Updated QEMU measurements
* Terraform GCP: Always use the local account for resource creation (#571 )
* CoreOS is no longer used, change docs to OS.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-11-18 10:24:45 +01:00
Daniel Weiße
b966f57a2f
AB#2554 GCP CSI driver deployment ( #532 )
...
* Allow enabling/disabling of CSI driver through config
* Fix inconsistent namespace parsing
* Deploy GCP CSI driver on init
* Update invalid pod tolerations
* Add generate script for CSI charts
* Update generateCilium script
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-18 10:05:02 +01:00
Nils Hanke
4a2cba988c
Create separate Terraform workspace directory
2022-11-17 13:49:34 +01:00
Fabian Kammel
ca4764c466
Merge v2.2.1 changes back to main ( #563 )
...
* Bump version to v2.2.0
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Fix release detection in pipeline
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Update CHANGELOG for 2.2.1
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
* bump constellation versions to 2.2.1
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2022-11-16 11:13:10 +01:00
Fabian Kammel
bb76a4e4c8
AB#2512 Config secrets via env var & config refactoring ( #544 )
...
* refactor measurements to use consistent types and less byte pushing
* refactor: only rely on a single multierr dependency
* extend config creation with envar support
* document changes
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-15 15:40:49 +01:00
Leonard Cohnen
c51694a51a
kubernetes: add hashes to components
2022-11-15 11:07:46 +01:00
Daniel Weiße
5efe05d933
AB#2525 clean up unused code ( #504 )
...
* Rename Metadata->Cloud
* Remove unused methods, functions, and variables
* More privacy for testing stubs
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-15 10:31:55 +01:00
Daniel Weiße
f41c54e837
AB#2524 Refactor Azure metadata/cloud API ( #477 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-15 09:08:18 +01:00
renovate[bot]
df0c6159db
Update K8s constrained versions
2022-11-14 09:33:42 +01:00
Daniel Weiße
a07cab4b97
Update go-tpm dependency ( #533 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-14 09:02:56 +01:00
Fabian Kammel
b92b3772ca
Remove access manager ( #470 )
...
* remove access manager from code base
* document new node ssh workflow
* keep config backwards compatible
* slow down link checking to prevent http 429
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-11 08:44:36 +01:00
renovate[bot]
c6f4b2e1a0
Update Constellation containers to v2.3.0-pre.0.20221109145754-0d12e37c9699 ( #497 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-09 18:17:31 +01:00
Fabian Kammel
0d12e37c96
Document exported funcs,types,interfaces and enable check. ( #475 )
...
* Include EXC0014 and fix issues.
* Include EXC0012 and fix issues.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2022-11-09 15:57:54 +01:00
Daniel Weiße
c9873f2bfb
AB#2523 Refactor GCP metadata/cloud API ( #387 )
...
* Refactor GCP metadata/cloud API
* Remove cloud controller manager from metadata package
* Remove PublicIP
* Move shared cloud packages
* Remove dead code
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-09 14:43:48 +01:00
Leonard Cohnen
3c6d59ce7e
aws: don't flag release as debug images
2022-11-09 11:20:58 +01:00
Leonard Cohnen
97acdfa297
config: align pre-filled AWS measurements
2022-11-09 11:20:58 +01:00
Daniel Weiße
011f9c597d
Bring in changes from release branch ( #479 )
...
* Bump version to v2.2.0
* Update changelog
* Fix release detection in pipeline
* Fix PKI selection in pipeline
* Set enforced measurements for AWS
* Update default images
* Fix release docs
* Update mini-con defaults
* Fix measurements action
* Fix syft env variable naming
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-08 18:32:59 +01:00
renovate[bot]
9ecc92e35f
Update dependency kubernetes-sigs/cri-tools to v1.25.0 ( #458 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-04 17:38:52 +01:00
3u13r
4f4cd4cc67
bump verify image 20221104 ( #459 )
2022-11-04 13:56:19 +01:00
Leonard Cohnen
6fce8f77d3
join-service: bump image for AWS support
2022-11-03 16:44:54 +01:00
Otto Bittner
f164af29cf
AB#2583: deploy autoscaler via helm ( #438 )
2022-11-03 16:42:19 +01:00
Otto Bittner
0887bc540f
Fix invalid slice access in validateAk ( #437 )
2022-11-03 09:57:59 +01:00
Leonard Cohnen
1f9a788c21
aws: name instances for CCM
2022-11-02 23:29:04 +01:00
Leonard Cohnen
3aa0177333
join-service: add AWS attestation
2022-11-02 23:29:04 +01:00
Leonard Cohnen
b69d19c3d6
metadata: clarify networking variables
2022-11-02 23:29:04 +01:00
Leonard Cohnen
0430336fdf
metadata: implement GetLoadBalancerEndpoint for AWS
2022-11-02 23:29:04 +01:00
Leonard Cohnen
dd007f4772
metadata: move subnetCIDR to InstanceMetadata
2022-11-02 23:29:04 +01:00
Leonard Cohnen
d59dc82e56
qemu attestation: fix typos
2022-11-02 23:29:04 +01:00
Leonard Cohnen
f199b08068
attestation: make AWS TPM check use the correct region
2022-11-02 23:29:04 +01:00
renovate[bot]
302303f2ea
Update K8s constrained versions ( #428 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-02 13:28:41 +01:00
Daniel Weiße
55cfff034a
Remove PublicIP from QEMU metadata ( #396 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-02 12:56:16 +01:00
Leonard Cohnen
8f8236a491
bump verification service
2022-10-31 17:00:14 +01:00
renovate[bot]
116736a7b9
Update Constellation containers ( #402 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-31 11:00:36 +01:00
renovate[bot]
fd74ef754e
Update K8s version constrained containers (missing v1 prefix) ( #399 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-31 10:34:12 +01:00
Daniel Weiße
79f52e67cb
Update go-tpm-tools to fix AWS PCR selection ( #390 )
...
* Update go-tpm-tools to fix AWS PCR selection
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Ignore leaking glog go routine
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-28 17:57:24 +02:00
Malte Poll
caadd50056
Use renovate to update versions.go ( #388 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-28 15:01:58 +02:00
Nils Hanke
34f729ccd2
Case insensitive replace for every user input that could break azurerm
2022-10-27 11:35:14 +02:00
leongross
d457620941
AB#2458 AWS NitroTPM attestation ( #339 )
...
* add aws tpm attestation
* fix typos
* Fix return value issue
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2022-10-27 11:04:23 +02:00
Malte Poll
447f0bbf39
Add AWS CCM versions
2022-10-26 15:07:34 +02:00
Paul Meyer
c05b22f1dc
Remove dead code ( #373 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-26 10:29:28 +02:00
Malte Poll
c1e3231848
Preinstall kubelet systemd unit in OS images ( #365 )
2022-10-25 16:36:03 +02:00
Malte Poll
2d121d9243
Replace interface{} -> any ( #370 )
2022-10-25 15:51:23 +02:00
Daniel Weiße
6fe750f21b
Update operator image
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-25 08:41:42 +02:00
Daniel Weiße
b35b74b772
Use tags for UID and role parsing ( #242 )
...
* Apply tags to all applicable GCP resources
* Move GCP UID and role from VM metadata to labels
* Adjust Azure tags to be in line with GCP and AWS
* Dont rely on resource name to find resources
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-24 16:58:21 +02:00
Malte Poll
8ef1400810
Upgrade libvirt container image ( #348 )
2022-10-24 10:32:37 +02:00
Daniel Weiße
3ccde25584
Implement minimal feature support for bootstrapper on AWS ( #333 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-24 09:12:01 +02:00
Daniel Weiße
252a7226a9
Fix ordering of QEMU config values
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-21 16:19:00 +02:00