Commit Graph

111 Commits

Author SHA1 Message Date
Daniel Weiße
aa7fcce8af Add configurable node disk type (#317)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-02 12:24:55 +02:00
Fabian Kammel
050e8fdc4a AB#2159 Feat/cli/fetch measurements (#301)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-01 09:37:05 +02:00
Daniel Weiße
7baf98f014 Add test vectors for key derivation functions (#320)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-01 09:11:13 +02:00
Daniel Weiße
e0ae4e1fe6 Bump kms, joinservice, and verification service image to latest (#319)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-07-29 10:42:23 +02:00
Daniel Weiße
9a3bd38912 Generate random salt for key derivation on init (#309)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-07-29 09:52:47 +02:00
Otto Bittner
5d87b48769 Bump image version 2022-07-28 09:57:11 +02:00
Otto Bittner
44b5e042ea AB#2077: Kubernetes 1.22.12 support (#302)
* Necessary changes to build join-service image
* Reference new join-service image

Tested on GCP and Azure using microservice-demo.
2022-07-27 13:38:14 +02:00
Otto Bittner
83d2c7b6a3 AB#2077: add v1.24.3 support (#298)
This is a squashed commit. 
* Necessary changes for 1.24 support. Trigger join-service build.
* Update joinservice version. Image was created 
by manually triggered workflow, based on now squashed commit.

microservice-demo can be deployed successfully.
No errors during cluster setup.
2022-07-26 17:08:57 +02:00
Daniel Weiße
db79784045 AB#2200 Merge Owner and Cluster ID (#282)
* Merge Owner and Cluster ID into single value

* Remove aTLS from KMS, as it is no longer used for cluster external communication

* Update verify command to use cluster-id instead of unique-id flag

* Remove owner ID from init output

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-07-26 10:58:39 +02:00
Thomas Tendyck
48d614c959 AB#2222 replace unlicensed passwd package with own implementation 2022-07-25 15:10:29 +02:00
Malte Poll
aacbf9dc70 Bump coreos images to 1658499095 (#295) 2022-07-25 09:03:51 +02:00
Otto Bittner
566b40699f AB#2255: Bump joinservice version (#294) 2022-07-22 15:44:27 +02:00
Otto Bittner
52ceced223 AB#2255: Fix kubeadm version incompatibility (#293)
* Update image version
* Introduce 'ValidK8sVersion' type. Ensures that consumers
of the k8sVersion receive a valid version, without
having to do their own validation.
* Add testcase to check that kubeadm accepts the currently provided
version.
2022-07-22 15:05:04 +02:00
Otto Bittner
c743398a23 AB#2181: retry k8s downloads (#286)
Generalize retrier:
* Generalize Do to use a supplied 'retriable' function
* Make clock an optional argument in NewIntervalRetrier
* Move grpc/retrier to interal package
* Update existing unittests to not use retry feature

Add retryDownloadToTempDir:
* Wrap downloadToTempDir with retrier.
* Retry if TCP connection is reset.
* Abort by canceling the context.
* Use a mock server in the unit test that serves responses
depending on the state received through a state channel.

Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2022-07-21 15:20:12 +02:00
Otto Bittner
741384158a AB#2076: version specific images (#288)
KubernetesVersion sent by the init command now controls
all downloaded binaries, if they depend on the k8s version.

* Move all download links into /internal/versions.
* Unify files in /internal/versions package
* Move image download links into VersionConfigs
and thus make them dependant on the k8s version,
where the image version is specific to the k8s version.
* Don't specify patch version in k8sVersion
2022-07-21 14:41:07 +02:00
Fabian Kammel
ba5a3aefe3 fix ci-lint issues (#287)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-20 16:44:41 +02:00
Malte Poll
a660af05f1 Use same name for k8s config map key and filename of k8s config map version in joinservice
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-07-19 09:27:23 +02:00
Malte Poll
9f31e0a539 Update join-service image after proto definition change
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-07-18 17:38:07 +02:00
Fabian Kammel
193a91d911 fix reference for statefile field and unwrap errors (#278)
* fix reference for statefile field
* unwrap errors before checking status
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-18 14:00:57 +02:00
Otto Bittner
a68ee817ff AB#2074: Choosable K8S Version (#277)
AB#2074: Add configurable k8s version

Configurable version flow:
* cli config holds/validates k8sVersion
* InitCluster receive a k8sVersion arg
* InitCluster creates CM "k8s-version"
* kubeadm's InitConfiguration receives k8sVersion
* joinservice spec mounts/reads k8s-version CM
* joinservice supplies k8sVersion via JoinTicketResponse
Other changes:
* Remove unused test code (FakeK8SClient)
* move VersionConfig map to /internal/versions
* installk8sComponents is now a function instead of a method
2022-07-18 12:28:02 +02:00
Fabian Kammel
a931f6692f Fix/bootstrapper regressions (#274)
* remove wireguard from e2e tests, conformance docs & config
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-15 11:53:14 +02:00
Malte Poll
49e98286a9 bump coreos 1657814939
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-07-15 09:15:55 +02:00
Malte Poll
260d2571c1 Only upload kubeadm certs if key is rotated
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: 3u13r <lc@edgeless.systems>
2022-07-14 17:25:18 +02:00
katexochen
1af18e990d Rename all activation 2022-07-14 17:25:18 +02:00
katexochen
15adba9235 Simplify joinproto 2022-07-14 17:25:18 +02:00
katexochen
dea23604fb Bootstrapper 2022-07-14 17:25:18 +02:00
katexochen
916e5d6b55 Rename coordinator to bootstrapper and rename roles 2022-07-14 17:25:18 +02:00
Malte Poll
3280ed200c Test IntervalRetrier 2022-07-14 17:25:18 +02:00
katexochen
f79674cbb8 Bootstrapper 2022-07-14 17:25:18 +02:00
katexochen
09e86e6c5d Refactor provider metadata 2022-07-14 17:25:18 +02:00
katexochen
32f1f5fd3e Delete Coordinator core and apis 2022-07-14 17:25:18 +02:00
Malte Poll
7e6ad541c6 Bump coreos images to 1657199013
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-07-08 14:28:04 +02:00
Nils Hanke
259c88fa1a IDsFilename -> ClusterIDsFilename 2022-07-05 14:41:58 +02:00
Daniel Weiße
0a874496b3 Add verbosity flag to all services (#244)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-07-01 16:17:06 +02:00
cm
3177b2fdb7 AB#2032 Write IDs to disk and read when verifying (#212)
* AB#2032 Write IDs to disk and read when verifying

* Update CHANGELOG.md

* update changelog

* update changelog

* cli verify: prefer flag values

* Rename fid file

Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
2022-07-01 10:57:29 +02:00
Otto Bittner
7cada2c9e8 Add goleak to all tests (#227)
* Run goleak as part of all tests
We are already using goleak in various tests.
This commit adds a TestMain to all remaining tests
and calls goleak.VerifyTestMain in them.
* Add goleak to debugd/deploy package and fix bug.
* Run go mod tidy
* Fix integration tests
* Move goleak invocation for mount integration test
* Ignore leak in state integration tests

Co-authored-by: Fabian Kammel <fk@edgelss.systems>
2022-06-30 15:24:36 +02:00
Daniel Weiße
f9a581f329 Add aTLS endpoint to KMS (#236)
* Move file watcher and validator to internal

* Add aTLS endpoint to KMS for Kubernetes external requests

* Update Go version in Dockerfiles

* Move most KMS packages to internal

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-29 16:13:01 +02:00
Daniel Weiße
042f668d20 AB#2190 Verification service (#232)
* Add verification service

* Update verify command to use new Constellation verification service

* Deploy verification service on cluster init

* Update pcr-reader to use verification service

* Add verification service build workflow

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-28 17:03:28 +02:00
Daniel Weiße
b10b13b173 Replace logging with default logging interface (#233)
* Add test logger

* Refactor access manager logging

* Refactor activation service logging

* Refactor debugd logging

* Refactor kms server logging

* Refactor disk-mapper logging

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-28 16:51:30 +02:00
Daniel Weiße
1dcb6ed142 Add unified logging interface (#223)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-23 16:42:33 +02:00
Leonard Cohnen
e13f4d84c3 add gcp loadbalancer 2022-06-23 14:00:20 +02:00
Christoph Meyer
9441e46e4b AB#2033 Remove redundant "failed" in error wrapping
Remove "failed" from wrapped errors
Where appropriate rephrase "unable to/could not" to "failed" in root
errors
Start error log messages with "Failed"
2022-06-22 12:02:10 +01:00
Daniel Weiße
3b92b52611 Fix endless wait if handshake fails
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-21 15:02:20 +02:00
Daniel Weiße
e6b1156849 AB#2169 Implement control-plane activation in activation service (#217)
* Implement Control Plane activation flow

* Rename Activation RPCs

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-21 11:10:32 +02:00
katexochen
b926cf9006 Move aTLS fakes into atls package 2022-06-15 16:31:24 +02:00
katexochen
85ba2657e1 Fix grpc dialer 2022-06-15 16:31:24 +02:00
Daniel Weiße
4842d29aff AB#2111 Deploy activation service on cluster init (#205)
* Deploy activation service on cluster init

* Use base image with CA certificates for activation service

* Improve KMS server 

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-15 16:00:48 +02:00
Paul Meyer
86d29a4567 Add concurrency tests for atls connections (#211) 2022-06-15 13:04:56 +02:00
Thomas Tendyck
e9916a7d3a atls: make client cfg reusable 2022-06-15 13:04:56 +02:00
Thomas Tendyck
989c128fa6 atls: rename nonce to clientNonce/serverNonce for clarification 2022-06-15 13:04:56 +02:00