Malte Poll
a660af05f1
Use same name for k8s config map key and filename of k8s config map version in joinservice
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-07-19 09:27:23 +02:00
Malte Poll
9f31e0a539
Update join-service image after proto definition change
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-07-18 17:38:07 +02:00
Fabian Kammel
193a91d911
fix reference for statefile field and unwrap errors ( #278 )
...
* fix reference for statefile field
* unwrap errors before checking status
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-18 14:00:57 +02:00
Otto Bittner
a68ee817ff
AB#2074: Choosable K8S Version ( #277 )
...
AB#2074: Add configurable k8s version
Configurable version flow:
* cli config holds/validates k8sVersion
* InitCluster receive a k8sVersion arg
* InitCluster creates CM "k8s-version"
* kubeadm's InitConfiguration receives k8sVersion
* joinservice spec mounts/reads k8s-version CM
* joinservice supplies k8sVersion via JoinTicketResponse
Other changes:
* Remove unused test code (FakeK8SClient)
* move VersionConfig map to /internal/versions
* installk8sComponents is now a function instead of a method
2022-07-18 12:28:02 +02:00
Fabian Kammel
a931f6692f
Fix/bootstrapper regressions ( #274 )
...
* remove wireguard from e2e tests, conformance docs & config
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-15 11:53:14 +02:00
Malte Poll
49e98286a9
bump coreos 1657814939
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-07-15 09:15:55 +02:00
Malte Poll
260d2571c1
Only upload kubeadm certs if key is rotated
...
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: 3u13r <lc@edgeless.systems>
2022-07-14 17:25:18 +02:00
katexochen
1af18e990d
Rename all activation
2022-07-14 17:25:18 +02:00
katexochen
15adba9235
Simplify joinproto
2022-07-14 17:25:18 +02:00
katexochen
dea23604fb
Bootstrapper
2022-07-14 17:25:18 +02:00
katexochen
916e5d6b55
Rename coordinator to bootstrapper and rename roles
2022-07-14 17:25:18 +02:00
Malte Poll
3280ed200c
Test IntervalRetrier
2022-07-14 17:25:18 +02:00
katexochen
f79674cbb8
Bootstrapper
2022-07-14 17:25:18 +02:00
katexochen
09e86e6c5d
Refactor provider metadata
2022-07-14 17:25:18 +02:00
katexochen
32f1f5fd3e
Delete Coordinator core and apis
2022-07-14 17:25:18 +02:00
Malte Poll
7e6ad541c6
Bump coreos images to 1657199013
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-07-08 14:28:04 +02:00
Nils Hanke
259c88fa1a
IDsFilename -> ClusterIDsFilename
2022-07-05 14:41:58 +02:00
Daniel Weiße
0a874496b3
Add verbosity flag to all services ( #244 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-07-01 16:17:06 +02:00
cm
3177b2fdb7
AB#2032 Write IDs to disk and read when verifying ( #212 )
...
* AB#2032 Write IDs to disk and read when verifying
* Update CHANGELOG.md
* update changelog
* update changelog
* cli verify: prefer flag values
* Rename fid file
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
2022-07-01 10:57:29 +02:00
Otto Bittner
7cada2c9e8
Add goleak to all tests ( #227 )
...
* Run goleak as part of all tests
We are already using goleak in various tests.
This commit adds a TestMain to all remaining tests
and calls goleak.VerifyTestMain in them.
* Add goleak to debugd/deploy package and fix bug.
* Run go mod tidy
* Fix integration tests
* Move goleak invocation for mount integration test
* Ignore leak in state integration tests
Co-authored-by: Fabian Kammel <fk@edgelss.systems>
2022-06-30 15:24:36 +02:00
Daniel Weiße
f9a581f329
Add aTLS endpoint to KMS ( #236 )
...
* Move file watcher and validator to internal
* Add aTLS endpoint to KMS for Kubernetes external requests
* Update Go version in Dockerfiles
* Move most KMS packages to internal
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-29 16:13:01 +02:00
Daniel Weiße
042f668d20
AB#2190 Verification service ( #232 )
...
* Add verification service
* Update verify command to use new Constellation verification service
* Deploy verification service on cluster init
* Update pcr-reader to use verification service
* Add verification service build workflow
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-28 17:03:28 +02:00
Daniel Weiße
b10b13b173
Replace logging with default logging interface ( #233 )
...
* Add test logger
* Refactor access manager logging
* Refactor activation service logging
* Refactor debugd logging
* Refactor kms server logging
* Refactor disk-mapper logging
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-28 16:51:30 +02:00
Daniel Weiße
1dcb6ed142
Add unified logging interface ( #223 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-23 16:42:33 +02:00
Leonard Cohnen
e13f4d84c3
add gcp loadbalancer
2022-06-23 14:00:20 +02:00
Christoph Meyer
9441e46e4b
AB#2033 Remove redundant "failed" in error wrapping
...
Remove "failed" from wrapped errors
Where appropriate rephrase "unable to/could not" to "failed" in root
errors
Start error log messages with "Failed"
2022-06-22 12:02:10 +01:00
Daniel Weiße
3b92b52611
Fix endless wait if handshake fails
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-21 15:02:20 +02:00
Daniel Weiße
e6b1156849
AB#2169 Implement control-plane activation in activation service ( #217 )
...
* Implement Control Plane activation flow
* Rename Activation RPCs
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-21 11:10:32 +02:00
katexochen
b926cf9006
Move aTLS fakes into atls package
2022-06-15 16:31:24 +02:00
katexochen
85ba2657e1
Fix grpc dialer
2022-06-15 16:31:24 +02:00
Daniel Weiße
4842d29aff
AB#2111 Deploy activation service on cluster init ( #205 )
...
* Deploy activation service on cluster init
* Use base image with CA certificates for activation service
* Improve KMS server
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-15 16:00:48 +02:00
Paul Meyer
86d29a4567
Add concurrency tests for atls connections ( #211 )
2022-06-15 13:04:56 +02:00
Thomas Tendyck
e9916a7d3a
atls: make client cfg reusable
2022-06-15 13:04:56 +02:00
Thomas Tendyck
989c128fa6
atls: rename nonce to clientNonce/serverNonce for clarification
2022-06-15 13:04:56 +02:00
Nils Hanke
f0b8412ef8
constellation-access-manager: Persistent SSH as ConfigMap ( #184 )
2022-06-13 16:23:19 +02:00
Daniel Weiße
1e19e64fbc
Dynamic grpc client credentials ( #204 )
...
* Add an aTLS wrapper for grpc credentials
* Move grpc dialers to internal and use aTLS grpc credentials
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-13 11:40:27 +02:00
Fabian Kammel
84552ca8f7
AB#2104 Feat/azure logging ( #198 )
...
implementation for azure early boot logging
2022-06-10 13:18:30 +02:00
Daniel Weiße
691ab84326
Update version variable
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-08 17:17:06 +02:00
Daniel Weiße
3467df6b69
Move attestation, atls and oid packages to internal directory
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-08 17:17:06 +02:00
Daniel Weiße
b461c40c3a
Implement activation service
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-08 17:17:06 +02:00
katexochen
b3a51cca64
Move cli/status to internal/statuswaiter
2022-06-08 11:59:23 +02:00
katexochen
b308db03fe
Move cli/cloud/cloudtypes into /internal
2022-06-08 11:59:23 +02:00
katexochen
6a9419e89c
Remove cli/ec2
2022-06-08 11:59:23 +02:00
katexochen
180d7872dd
Separate shared azure code
2022-06-08 11:59:23 +02:00
katexochen
48b4f10207
Separate shared gcp code
2022-06-08 11:53:55 +02:00
katexochen
21127a4cdc
Remove azure instances
2022-06-08 11:53:55 +02:00
katexochen
3562345da4
Remove gcp instances
2022-06-08 11:53:55 +02:00
katexochen
4b30dd21c8
Remove cli/qemu, use cloudtypes instead
2022-06-08 11:53:55 +02:00
katexochen
67b25d2771
Move cli/cloudprovider into internal/cloud
2022-06-08 11:53:55 +02:00
Leonard Cohnen
791d5564ba
replace flannel with cilium
2022-06-02 13:08:25 +02:00