Daniel Weiße
aa3ac82408
Add a bit more logging to attestation and join-service on error ( #1076 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-01-26 11:24:29 +01:00
Paul Meyer
94c0184e4d
ci: add workflow for proto code generation check
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-23 12:20:37 +01:00
Paul Meyer
a8cbfd848f
keyservice: use dash in container name ( #1016 )
...
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-01-20 18:51:06 +01:00
Daniel Weiße
690b50b29d
dev-docs: Go package docs ( #958 )
...
* Remove unused package
* Add Go package docs to most packages
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Fabian Kammel <fk@edgeless.systems>
2023-01-19 15:57:50 +01:00
Otto Bittner
90b88e1cf9
kms: rename kms to keyservice
...
In the light of extending our eKMS support it will be helpful
to have a tighter use of the word "KMS".
KMS should refer to the actual component that manages keys.
The keyservice, also called KMS in the constellation code,
does not manage keys itself. It talks to a KMS backend,
which in turn does the actual key management.
2023-01-16 11:56:34 +01:00
Paul Meyer
d0e9f427d1
deps: update Go to v1.19.5 ( #949 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-12 13:36:17 +01:00
renovate[bot]
78fd2abc5f
Update gcr.io/distroless/static Docker digest to ea2ed73 ( #920 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-01-10 07:59:58 +01:00
Leonard Cohnen
3637909a46
internal: move components into their own package
2023-01-09 12:16:54 +01:00
renovate[bot]
200a7e7b92
Update gcr.io/distroless/static Docker digest to be8c71d ( #892 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-06 14:34:48 +01:00
renovate[bot]
3c2dd8f3cd
Update gcr.io/distroless/static Docker digest to 764a31e ( #873 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-05 12:08:24 +01:00
3u13r
f14af0c3eb
upgrade: support Kubernetes components ( #839 )
...
* upgrade: add Kubernetes components to NodeVersion
* update rfc
2023-01-03 12:09:53 +01:00
3u13r
0297aed1ea
join: deprecate components migration fallback ( #833 )
2022-12-29 14:51:26 +01:00
renovate[bot]
67459128c8
Update gcr.io/distroless/static Docker digest to 5b2fa76 ( #824 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-28 14:54:05 +01:00
3u13r
d1195d1d5f
join: make Azure instance names k8s compliant ( #807 )
...
join: make Azure instance names k8s compliant
2022-12-23 18:59:15 +01:00
renovate[bot]
868d911918
Update fedora:37 Docker digest to 99aa891 ( #797 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-14 10:38:00 +01:00
3u13r
c993cd6800
join: synchronize control plane joining ( #776 )
...
* join: synchronize control plane joining
2022-12-09 18:30:20 +01:00
Leonard Cohnen
a1161ae05d
k8supdates: label nodes with k8s component hash
2022-12-08 11:19:22 +01:00
Paul Meyer
3cc2a714a4
dependencies: upgrade to Go v1.19.4 ( #732 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-07 14:27:43 +01:00
Leonard Cohnen
0c71cc77f6
joinservice: use configmap for k8s components
2022-12-02 14:34:38 +01:00
Otto Bittner
6b2d9d16f8
Remove obsolote revive comments
2022-11-23 08:35:12 +01:00
Otto Bittner
1362e40f53
Surpress argument-limit errors and add TODO. ( #603 )
2022-11-21 17:31:01 +01:00
Malte Poll
9d4172002c
Upgrade container images to Fedora 37
2022-11-18 10:37:45 +01:00
Daniel Weiße
5efe05d933
AB#2525 clean up unused code ( #504 )
...
* Rename Metadata->Cloud
* Remove unused methods, functions, and variables
* More privacy for testing stubs
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-15 10:31:55 +01:00
Daniel Weiße
f41c54e837
AB#2524 Refactor Azure metadata/cloud API ( #477 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-15 09:08:18 +01:00
Daniel Weiße
a07cab4b97
Update go-tpm dependency ( #533 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-14 09:02:56 +01:00
Fabian Kammel
0d12e37c96
Document exported funcs,types,interfaces and enable check. ( #475 )
...
* Include EXC0014 and fix issues.
* Include EXC0012 and fix issues.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2022-11-09 15:57:54 +01:00
Daniel Weiße
c9873f2bfb
AB#2523 Refactor GCP metadata/cloud API ( #387 )
...
* Refactor GCP metadata/cloud API
* Remove cloud controller manager from metadata package
* Remove PublicIP
* Move shared cloud packages
* Remove dead code
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-09 14:43:48 +01:00
Leonard Cohnen
152978045c
docker: cache go compiler
2022-11-07 16:17:28 +01:00
renovate[bot]
da3fe3de94
Update gcr.io/distroless/static Docker digest to ebd8cc3 ( #448 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-04 11:52:06 +01:00
renovate[bot]
44b1a92d6b
Update fedora Docker digest to 455fec9 ( #447 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Nirusu <Nirusu@users.noreply.github.com>
2022-11-04 11:49:41 +01:00
Leonard Cohnen
3aa0177333
join-service: add AWS attestation
2022-11-02 23:29:04 +01:00
Nils Hanke
6d2ec109d0
Update to Go 1.19.3
2022-11-02 11:53:52 +01:00
Leonard Cohnen
7a6a0766e8
undefine more -v flags due to glog
2022-10-30 22:13:58 +01:00
Leonard Cohnen
477a06789f
update grpc
2022-10-21 13:28:03 +02:00
Malte Poll
743f5fa627
Remove all traces of CoreOS from the codebase
2022-10-21 11:04:25 +02:00
renovate[bot]
5a95fbee0e
Update gcr.io/distroless/static Docker digest to f6ba6e4 ( #243 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-17 14:58:02 +02:00
katexochen
39341e5f6b
Fix CLI version injection in cmake
2022-10-12 11:04:07 +02:00
Nils Hanke
803209b12b
Update Go to 1.19.2 ( #219 )
2022-10-06 19:31:12 +02:00
katexochen
53c8c9e9a6
Update proto files to v2
2022-09-22 09:10:19 +02:00
katexochen
ba6e41ed5c
Upgrade go module to v2
2022-09-22 09:10:19 +02:00
Nils Hanke
c51dec6d00
Use distroless images for JoinService & KMS
2022-09-09 18:11:33 +02:00
Nils Hanke
0949393dbb
Update build environment to Fedora 36 & Go 1.19.1
2022-09-09 18:11:33 +02:00
Nils Hanke
9bedaf20ea
Use CMake project version across all places & remove obsolete build tags
2022-09-09 15:33:16 +02:00
Malte Poll
38f461fdee
join-service: do not check if kubernetes version is valid
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-09-05 16:57:28 +02:00
Malte Poll
57e77ee53f
kubernetes version: rename latest -> default
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-09-05 16:57:28 +02:00
Otto Bittner
405db3286e
AB#2386: TrustedLaunch support for azure attestation
...
* There are now two attestation packages on azure.
The issuer on the server side is created base on successfully
querying the idkeydigest from the TPM. Fallback on err: Trusted Launch.
* The bootstrapper's issuer choice is validated by the CLI's validator,
which is created based on the local config.
* Add "azureCVM" field to new "internal-config" cm.
This field is populated by the bootstrapper.
* Group attestation OIDs by CSP (#42 )
* Bootstrapper now uses IssuerWrapper type to pass
the issuer (and some context info) to the initserver.
* Introduce VMType package akin to cloudprovider. Used by
IssuerWrapper.
* Extend unittests.
* Remove CSP specific attestation integration tests
Co-authored-by: <dw@edgeless.systems>
Signed-off-by: Otto Bittner <cobittner@posteo.net>
2022-09-05 12:03:48 +02:00
Thomas Tendyck
bd63aa3c6b
add license headers
...
sed -i '1i/*\nCopyright (c) Edgeless Systems GmbH\n\nSPDX-License-Identifier: AGPL-3.0-only\n*/\n' `grep -rL --include='*.go' 'DO NOT EDIT'`
gofumpt -w .
2022-09-05 09:17:25 +02:00
katexochen
5d63150bed
Silence wget output
2022-09-02 15:20:25 +02:00
Moritz Eckert
b95f3dbc91
Add docs to repo ( #38 )
2022-09-02 11:52:42 +02:00
Otto Bittner
7c5556864b
AB#2333: Add AMD SNP-based attestation
...
Currently only available on Azure CVMs.
* Get the public attestation key from the TPM.
* Get the snp report from the TPM.
* Get the VCEK and ASK certificate from the metadata api.
* Verify VCEK using hardcoded root key (ARK)
* Verify SNP report using VCEK
* Verify HCLAkPub using SNP report by comparing
AK with runtimeData
* Extend unittest
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2022-08-29 16:29:33 +02:00