Commit Graph

850 Commits

Author SHA1 Message Date
Paul Meyer
abd5cdf362 ci: fix ccm build when no new version are found
Previous output of findvers.sh would be [""] in case no version were
found, now the output is []. Also, GitHub cannot handle empty arrays
in the matrix field, so we add an if and check if the array is empty.

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-23 15:05:22 +02:00
Moritz Sanft
54c52f17f6
ci: fix Windows e2e test (#2255)
* fix Windows e2e test

* check if caller workflow was scheduled

* inherit secrets
2023-08-21 14:36:28 +02:00
Malte Poll
d6624a472d
bazel: correctly set buildbuddy api key (#2262) 2023-08-21 12:14:47 +02:00
Moritz Sanft
60bf770e62
ci: logcollection to OpenSearch in non-debug clusters (#2080)
* refactor `debugd` file structure

* create `hack`-tool to deploy logcollection to non-debug clusters

* integrate changes into CI

* update fields

* update workflow input names

* use `working-directory`

* add opensearch creds to upgrade workflow

* make template func generic

* make templating func generic

* linebreaks

* remove magic defaults

* move `os.Exit` to main package

* make logging index configurable

* make templating generic

* remove excess brace

* update fields

* copy fields

* fix flag name

* fix linter warnings

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>

* remove unused workflow inputs

* remove makefiles

* fix command

* bazel: fix output paths of container

This fixes the output paths of builds within the container by mounting
directories to paths that exist on the host. We also explicitly set the
output path in a .bazelrc to the user specific path. The rc file is
mounted into the container and overrides the host rc.
Also adding automatic stop in case start is called and a containers
is already running.
Sym links like bazel-out and paths bazel outputs should generally work
with this change.

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>

* tabs -> spaces

---------

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-21 08:01:33 +02:00
Malte Poll
6c6e2ca2f4 bazel: adopt best practices for bazelrc
Options adapted from https://docs.aspect.build/guides/bazelrc

bazel: adopt best practices for bazelrc

Options adapted from https://docs.aspect.build/guides/bazelrc
2023-08-18 16:36:13 +02:00
Malte Poll
339492f314
ci: add aspect workflows (#2258) 2023-08-18 11:31:24 +02:00
3u13r
8325f99b09
deps: support Kubernetes 1.28 (#2242) 2023-08-18 11:13:24 +02:00
3u13r
38dcb3dbab
ci: fix recover wait condition (#2257) 2023-08-18 10:43:51 +02:00
Paul Meyer
c6819b8d31 ci: automatically build GCP CCM container
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-16 16:31:04 +02:00
Paul Meyer
001219d26a ci: remove azure-cvm runner
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-16 11:41:02 +02:00
Paul Meyer
f43888bb6f ci: remove azure-snp-reporter workflow
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-16 11:41:02 +02:00
Paul Meyer
f604a8dfd2 e2e: upload TCB versions in verify test
The TCP versions are extracted from the MAA token, that itself is taken
from the verify command output. The configapi is adapted to directly
work on the MAA claims JSON.

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-16 11:41:02 +02:00
Adrian Stobbe
5574092bcf
ref: update code for 2.11 (#2239)
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2023-08-16 11:34:58 +02:00
renovate[bot]
841463d11e
deps: update GitHub action dependencies (#2234)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-15 14:38:48 +02:00
Malte Poll
5c1bca5928
ci: set bazlrc options for "common" instead of "build" if they should always apply (#2227)
Most flags set in the bazelrc in CI are always applicable, so we set them with the common prefix.
2023-08-15 10:34:42 +02:00
Malte Poll
b12f2867dd
ci: set bazel build event stream timeout to 600s (#2223) 2023-08-14 14:26:59 +02:00
Daniel Weiße
ef4d789dc8
ci: fix notify trigger in e2e upgrade workflow (#2221)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-14 11:45:04 +02:00
Adrian Stobbe
c7bbf90989
ci: add e2e-mini to daily test (#2217) 2023-08-14 08:13:29 +02:00
Paul Meyer
de9e841853 e2e: use Kubernetes 1.26 in daily test
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-11 14:06:35 +02:00
renovate[bot]
d4e8d25636
deps: update golang:1.20.7 Docker digest to 37c7d85 (#2213)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-11 13:44:55 +02:00
Daniel Weiße
066fff951f
ci: correctly default to false for upgrade e2e notifications (#2208)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-11 09:05:44 +02:00
Daniel Weiße
154d1cc3cf Make kubernetes version optional in e2e tests
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-10 15:46:59 +02:00
Daniel Weiße
0dd62fc59d
ci: allow setting region/zone for e2e tests (#2205)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-10 12:53:40 +02:00
Paul Meyer
670c20b18c e2e: cleanup test inputs
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-09 18:42:04 +02:00
Paul Meyer
e466ce2f26 e2e: detect changing idKeyDigests on azure
by setting the Azure SNP enforcement policy to equal in the weekly e2e.
The run should fail when there are unexpected ID Key digests used.

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-09 16:45:42 +02:00
3u13r
c43210c90b
ci: fix recover test (#2162)
* ci: fix recover test
Previously the test failed if not all nodes were recovered by the cli.

* ci: refactor recover test
2023-08-09 16:01:43 +02:00
Otto Bittner
d5e88115a0
ci: replace mastersecret flag in recover (#2186) 2023-08-09 13:00:27 +02:00
Paul Meyer
29dcb72bea e2e: remove existingConfig field
The existingConfig field is always set to true during create, as we use
the IAM create step to generate the config in all cases. Accordingly,
secret injection into config isn't needed anymore in create.
This fixes a bug where other parameters like Kubernetes version and
cluster name wouldn't be injected into the config due to existingConfig
being true.

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-09 12:36:36 +02:00
Adrian Stobbe
d1febd7276
fix e2e upgrade config migration (#2179) 2023-08-09 10:28:13 +02:00
Paul Meyer
eb2f3c3021 ci: verify all pods in verify e2e
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-08 18:46:13 +02:00
Adrian Stobbe
9dcad0ed16
fix upgrade test by only setting nodeGroup for >v2.9 (#2176) 2023-08-07 11:02:00 +02:00
renovate[bot]
cc10613252
deps: update dependency cryptography to v41.0.3 [SECURITY] (#2150)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-08-07 09:23:18 +02:00
Adrian Stobbe
3ea7fddb03
fix upgrade test by adding deprecated flags(#2173) 2023-08-07 08:38:14 +02:00
Malte Poll
92b0cd5a21 ci: update actions to use nodeGroups and remove deprecated flags 2023-08-04 12:36:45 +02:00
Moritz Sanft
af05e17f49
ci: keep embedded measurements if stable image is used (#2109)
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2023-08-04 09:43:32 +02:00
Paul Meyer
dccb1dfde9 ci: remove unused actions
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-03 16:09:06 +02:00
3u13r
a983b08262
deps: bump go version (#2156) 2023-08-03 12:07:27 +02:00
Daniel Weiße
321474c356
ci: remove old incompatible test option (#2149)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-02 08:18:55 +02:00
Otto Bittner
002c3a9a32
ci: upgrade fromVersion for upgrade tests (#2145)
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
2023-08-01 10:34:11 +02:00
Otto Bittner
867f7490a2
ci: clone constellation repo into separate dir (#2143) 2023-08-01 10:13:10 +02:00
renovate[bot]
5fa50c7fcc
deps: update dependency certifi to v2023.7.22 [SECURITY] (#2139)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-07-31 15:59:28 +02:00
Otto Bittner
583d3021fa
ci: parse ovmf binaries from metadata (#1962)
Subsequently the metadata will be uploaded to the
attestationconfigapi so the CLI can use the data to
precalculate measurements.
2023-07-27 13:29:43 +02:00
Adrian Stobbe
a3184af7a2
cli: add iam upgrade apply (#2132)
* add new iam upgrade apply

* remove iam tf plan from upgrade apply check

* add iam migration warning to upgrade apply

* update release process

* document migration

* Apply suggestions from code review

Co-authored-by: Otto Bittner <cobittner@posteo.net>

* add iam upgrade

* remove upgrade dir check in test

* ask only without --yes

* make iam upgrade provider specific

* test without seperate logins

* remove csi and only add conditionally

* Revert "test without seperate logins"

This reverts commit 05a12e59c9.

* fix msising cred

* support iam migration for all csps

* add iam upgrade label

---------

Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-07-26 17:29:03 +02:00
Paul Meyer
342a71fa36 bazel: fix container versioning
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-07-26 13:46:27 +02:00
Paul Meyer
c8bc3ea5ee ci: build bazel container
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-07-25 15:41:55 +02:00
Adrian Stobbe
a87b7894db
aws: use new LB controller to fix SecurityGroup cleanup on K8s service deletion (#2090)
* add current chart

add current helm chart

* disable service controller for aws ccm

* add new iam roles

* doc AWS internet LB + add to LB test

* pass clusterName to helm for AWS LB

* fix update-aws-lb chart to also include .helmignore

* move chart outside services

* working state

* add subnet tags for AWS subnet discovery

* fix .helmignore load rule with file in subdirectory

* upgrade iam profile

* revert new loader impl since cilium is not correctly loaded

* install chart if not already present during `upgrade apply`

* cleanup PR + fix build + add todos

cleanup PR + add todos

* shared helm pkg for cli install and bootstrapper

* add link to eks docs

* refactor iamMigrationCmd

* delete unused helm.symwallk

* move iammigrate to upgrade pkg

* fixup! delete unused helm.symwallk

* add to upgradecheck

* remove nodeSelector from go code (Otto)

* update iam docs and sort permission + remove duplicate roles

* fix bug in `upgrade check`

* better upgrade check output when svc version upgrade not possible

* pr feedback

* remove force flag in upgrade_test

* use upgrader.GetUpgradeID instead of extra type

* remove todos + fix check

* update doc lb (leo)

* remove bootstrapper helm package

* Update cli/internal/cmd/upgradecheck.go

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* final nits

* add docs for e2e upgrade test setup

* Apply suggestions from code review

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* Update cli/internal/helm/loader.go

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* Update cli/internal/cmd/tfmigrationclient.go

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* fix daniel review

* link to the iam permissions instead of manually updating them (agreed with leo)

* disable iam upgrade in upgrade apply

---------

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Malte Poll
2023-07-24 10:30:53 +02:00
Otto Bittner
c58d03a7b8
ci: fix ahead-check for working branch (#2120)
Also list remote branches during on-release
2023-07-19 17:48:29 +02:00
renovate[bot]
dc373971b2
deps: update dependency cryptography to v41.0.2 [SECURITY] (#2106)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-07-18 15:33:23 +02:00
Daniel Weiße
f52c6752e2
ci: update failure tasks (#2087)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-07-17 13:46:20 +02:00
Daniel Weiße
484b6c5c24
ci: combine node count inputs into one (#2084)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-07-17 13:45:53 +02:00