Commit Graph

1241 Commits

Author SHA1 Message Date
Malte Poll
ac5ad7c378
Clarify Azure Secure Boot / VMGS settings when uploading images (#488) 2022-11-09 10:11:23 +01:00
Thomas Tendyck
d3150a80ac
add brief instructions to AWS IAM Terraform script (#478)
* add brief instructions to AWS IAM Terraform script

* Update README.md
2022-11-08 18:40:30 +01:00
renovate[bot]
34435e4396
Update k8s.io/utils digest to 1a15be2 (#483)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-08 18:39:51 +01:00
renovate[bot]
05f4b8698b
Update ludeeus/action-shellcheck digest to 6d3f514 (#485)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-08 18:38:48 +01:00
renovate[bot]
b8acb5e448
Update Terraform aws to v4.38.0 (#464)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-08 18:34:45 +01:00
Daniel Weiße
011f9c597d
Bring in changes from release branch (#479)
* Bump version to v2.2.0

* Update changelog

* Fix release detection in pipeline

* Fix PKI selection in pipeline

* Set enforced measurements for AWS

* Update default images

* Fix release docs

* Update mini-con defaults

* Fix measurements action

* Fix syft env variable naming

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-08 18:32:59 +01:00
Fabian Kammel
2b64f31104
release docs for v2.2 (#482)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-08 18:25:56 +01:00
Fabian Kammel
598761541b
AWS Docs (#446)
* document AWS support
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2022-11-08 18:21:09 +01:00
Paul Meyer
46e4ddd8c6 ci: don't run cli reference gen on release branch
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-08 17:07:29 +01:00
Malte Poll
499d7a1fdd
AB#2566 RFC for image discoverability (description of image version uid) (#416)
Co-authored-by: Nils Hanke <Nirusu@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2022-11-08 14:04:14 +01:00
Nils Hanke
ee55584b90 AWS: Apply security group to worker nodes 2022-11-08 11:22:06 +01:00
Malte Poll
41668d50c2 Add recovery loadbalancer on AWS 2022-11-08 00:07:04 +01:00
Malte Poll
e07c6ada5c Backport systemd-resolved fixes for Fedora 36 2022-11-08 00:07:04 +01:00
Malte Poll
899ca91aa3 Move enforced measurement for clusterID to PCR[15] in e2e tests 2022-11-08 00:07:04 +01:00
Malte Poll
2171b9fb31 Install CA certificates in initrd 2022-11-08 00:07:04 +01:00
Malte Poll
0d7e0b44b8 Wait for nss-lookup in initrd 2022-11-08 00:07:04 +01:00
Malte Poll
3e996efb3f Pass azure image offer from build variable action 2022-11-08 00:07:04 +01:00
Malte Poll
86001daf7f Install systemd-resolved in dracut to enable DNS 2022-11-08 00:07:04 +01:00
Leonard Cohnen
f09ce515e2 docs: remove constellation-state.json 2022-11-07 19:09:24 +01:00
Leonard Cohnen
152978045c docker: cache go compiler 2022-11-07 16:17:28 +01:00
Nils Hanke
759c626e0f AWS: Don't expose SSH debugging ports on the LB 2022-11-07 13:57:22 +01:00
Malte Poll
fa6dfdff4f
Mark externally managed terraform resources to make infrastructure terraform appliable throughout its lifetime (#442)
* Mark externally managed terraform resources to make infrastructure terraform appliable throughout its lifetime
* Use correct field for nat gateway

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-07 11:04:10 +01:00
Otto Bittner
a70161730f
Explain unenforced measurements in config (#445) 2022-11-07 08:56:57 +01:00
renovate[bot]
efa2fb2fd0
Update anchore/sbom-action action to v0.13.1 (#463)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-04 17:42:09 +01:00
renovate[bot]
9ecc92e35f
Update dependency kubernetes-sigs/cri-tools to v1.25.0 (#458)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-04 17:38:52 +01:00
Malte Poll
ed58fcccd3
CI: Add secure boot prod keys (#462)
* Add production secure boot keys
* Refactor OS build and upload settings
2022-11-04 16:48:52 +01:00
renovate[bot]
5ffdbc9bd6
Update module sigs.k8s.io/controller-runtime to v0.13.1 (#455)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-04 15:57:46 +01:00
3u13r
309a4b5196
cli: remove debug env check for AWS (#460) 2022-11-04 15:31:51 +01:00
Fabian Kammel
cf36b85ff9
extend permissions to allow logging (#461)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-04 14:56:13 +01:00
Moritz Eckert
69644add5d
Add plausbile to docusaurus (#456) 2022-11-04 14:15:34 +01:00
Fabian Kammel
668b4d000b
document usage of iamlive (#443)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-04 14:01:23 +01:00
3u13r
4f4cd4cc67
bump verify image 20221104 (#459) 2022-11-04 13:56:19 +01:00
Fabian Kammel
04d0c770af
limit aws cluster name len (#454)
* limit aws cluster name len down to 10, 32-character name limit in AWS
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-04 13:35:32 +01:00
renovate[bot]
934d173650
Update AWS SDK (#412)
* Update AWS SDK

* [bot] Tidy all modules

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-11-04 13:17:27 +01:00
Nils Hanke
b24c799c80 Replace specific Azure/GCP credentials with secrets 2022-11-04 12:57:24 +01:00
Nils Hanke
ee20ff8950 Replace E2E Azure RM credentials with secrets 2022-11-04 12:57:24 +01:00
Nils Hanke
19fd3a351a Make azureCVMRxp in upgradeplan.go case-insensitive 2022-11-04 12:57:24 +01:00
Nils Hanke
4d9fbdb3d3 CI: Use lowercase image name for fetching measurements 2022-11-04 12:57:24 +01:00
Nils Hanke
a535ca1901 CI: Use lowercase image name for S3 upload 2022-11-04 12:57:24 +01:00
Nils Hanke
af08ffbb16 CI: Add group for building pcr-reader for better output 2022-11-04 12:57:24 +01:00
Nils Hanke
28b2d84684 Add AzureRM authentication environment variables for PCR action 2022-11-04 12:57:24 +01:00
Nils Hanke
3ca88d6043 Fix Constellation measure CI action 2022-11-04 12:57:24 +01:00
Nils Hanke
4e93c1a6c2 Add .idea to .gitignore 2022-11-04 12:57:24 +01:00
renovate[bot]
8e44eb7ea5
Update module github.com/sigstore/rekor to v1 (#453)
* Update module github.com/sigstore/rekor to v1
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-11-04 12:45:45 +01:00
3u13r
9ad377284d
Wait for kube api during init (#440)
* kubernetes: wait for KubeAPI to be reachable
2022-11-04 12:36:26 +01:00
renovate[bot]
b89fae8062
Update Terraform azurerm to v3.30.0 (#452)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-04 12:34:03 +01:00
renovate[bot]
88110ff5f3
Update github actions dependencies (#450)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-04 11:58:54 +01:00
renovate[bot]
add245a2f8
Update ubuntu:22.04 Docker digest to 817cfe4 (#451)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-04 11:58:01 +01:00
renovate[bot]
653a1062e6
Update gcr.io/distroless/static:nonroot Docker digest to ed05c7a (#449)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-04 11:53:55 +01:00
renovate[bot]
da3fe3de94
Update gcr.io/distroless/static Docker digest to ebd8cc3 (#448)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-04 11:52:06 +01:00