Commit Graph

187 Commits

Author SHA1 Message Date
Nils Hanke
ad871d1993 Prompt before termination 2022-11-02 18:18:30 +01:00
Nils Hanke
c922136cd4 Fix typos 2022-11-02 18:18:30 +01:00
Otto Bittner
e363f03240
AB#2582: deploy CNM via Helm (#423) 2022-11-02 17:47:10 +01:00
Leonard Cohnen
741684843c terraform: fix azure password constraints 2022-11-02 09:57:54 +01:00
Otto Bittner
30bdbd9b85
Add helm unittests (#380) 2022-10-31 19:25:02 +01:00
renovate[bot]
c9e6b4c5b6
Update Terraform azurerm to v3.29.1 (#405)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-31 10:45:56 +01:00
Daniel Weiße
79f52e67cb
Update go-tpm-tools to fix AWS PCR selection (#390)
* Update go-tpm-tools to fix AWS PCR selection

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Ignore leaking glog go routine

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-28 17:57:24 +02:00
Paul Meyer
86906ac536 Use atomic.Bool, added in Go 1.19
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-28 16:06:53 +02:00
Otto Bittner
091e3b2b2b AB#2538: deploy CCM via Helm
Also move helmloader interface/stubs
2022-10-27 18:12:47 +02:00
Otto Bittner
009b2e67e3 Use .Release.Namespace instead of namespace value 2022-10-27 18:12:47 +02:00
Nils Hanke
34f729ccd2 Case insensitive replace for every user input that could break azurerm 2022-10-27 11:35:14 +02:00
Daniel Weiße
e66cb84d6e
AB#2532 Dont clean up workspace if rollback fails (#360)
* Dont clean up workspace if rollback fails

* Remove dependency on CSP from terminate

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-26 15:57:00 +02:00
Paul Meyer
c05b22f1dc
Remove dead code (#373)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-26 10:29:28 +02:00
Malte Poll
fa63e51370
Fix "enforceIdKeyDigest" capitalization (#369)
* Fix "enforceIdKeyDigest" capitalization
* Convert "enforceIdKeyDigest" to string for config map
2022-10-25 16:29:28 +02:00
Malte Poll
2d121d9243
Replace interface{} -> any (#370) 2022-10-25 15:51:23 +02:00
Malte Poll
7592143a69
Join-service helm chart: use correct casing for provider name (#368) 2022-10-25 13:21:27 +02:00
Malte Poll
52f140a968
Pin terraform provider hashes (#361) 2022-10-25 10:10:46 +02:00
Daniel Weiße
b35b74b772
Use tags for UID and role parsing (#242)
* Apply tags to all applicable GCP resources

* Move GCP UID and role from VM metadata to labels

* Adjust Azure tags to be in line with GCP and AWS

* Dont rely on resource name to find resources

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-24 16:58:21 +02:00
Otto Bittner
c2814aeddb
AB#2504: Deploy join-service via helm (#358) 2022-10-24 12:23:18 +02:00
Daniel Weiße
c82d5ccba9
Hide cursor and fix dots (#217)
* Hide cursor and fix dots spinner

* Allow restarting of spinner

* Don't spin on non TTY output

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-21 14:26:42 +02:00
Nils Hanke
04c4cff9f6
AB#2436: Initial support for create/terminate AWS NitroTPM instances
* Add .DS_Store to .gitignore

* Add AWS to config / supported instance types

* Move AWS terraform skeleton to cli/internal/terraform

* Move currently unused IAM to hack/terraform/aws

* Print supported AWS instance types when AWS dev flag is set

* Block everything aTLS related (e.g. init, verify) until AWS attestation is available

* Create/Terminate AWS dev cluster when dev flag is set

* Restrict Nitro instances to NitroTPM supported specifically

* Pin zone for subnets

This is not great for HA, but for now we need to avoid the two subnets
ending up in different zones, causing the load balancer to not be able
to connect to the targets.

Should be replaced later with a better implementation that just uses
multiple subnets within the same region dynamically
based on # of nodes or similar.

* Add AWS/GCP to Terraform TestLoader unit test

* Add uid tag and create log group

Co-authored-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-10-21 12:24:18 +02:00
Otto Bittner
07f02a442c
Refactor Helm deployments (#341)
* Wrap KMS deployment in one main chart that
deploys all other services. Other services will follow.
* Use .tgz via helm-package as serialization format
* Change Release type to carry chart as byte slice
* Remove KMSConfig
* Use json-schema to validate values
* Extend release.md to mention updating helm charts
2022-10-21 12:01:28 +02:00
Malte Poll
f3d78a573f Disable Azure VM agent and report VM as ready 2022-10-21 11:04:25 +02:00
Malte Poll
ed9acef9d4 Upgrade terraform azure provider to 3.28.0 2022-10-21 11:04:25 +02:00
Malte Poll
743f5fa627 Remove all traces of CoreOS from the codebase 2022-10-21 11:04:25 +02:00
Malte Poll
3b6ee703f5 Move PCR indices for owner ID and cluster ID 2022-10-21 11:04:25 +02:00
Malte Poll
34367ea3cc Create mkosi image build pipeline 2022-10-21 11:04:25 +02:00
Daniel Weiße
085f7b1a2a Prompt user for confirmation before overwriting config
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-20 15:35:31 +02:00
Otto Bittner
c6ccee1250 AB#2490: deploy KMS via Helm
* Bundle helm-install related code in speparate package
* Move cilium installation to new helm package
2022-10-18 13:33:37 +02:00
Otto Bittner
62168bbf98 AB#2490: Add KMS helm chart
* Also run helm-lint in CI now
2022-10-18 13:33:37 +02:00
renovate[bot]
9af0640aad
Update Terraform azurerm to v3.27.0 (#301)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-18 11:54:29 +02:00
Paul Meyer
01df06e142
Use HTTPS for kube lb health check on Azure (#305)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-18 11:46:22 +02:00
renovate[bot]
c85dc674ba
Update Terraform libvirt to v0.7.0 (#304)
* Update Terraform libvirt to v0.7.0

* Use disk block

* Remove nulled disk options

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-18 11:24:43 +02:00
renovate[bot]
0c0a83550d
Update Terraform google to v4.41.0 (#302)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-18 08:30:24 +02:00
Daniel Weiße
f068e50dee
Attestation logging (#275)
* Add section for checking joinservice logs

* Add logging for attestation validation

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-14 16:29:21 +02:00
Malte Poll
0c65e41dae Use worker count to create workers on azure (instead of control plane count) 2022-10-14 14:44:08 +02:00
github-actions[bot]
74c3c93dec
Update CLI reference (#248)
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2022-10-14 10:48:20 +02:00
renovate[bot]
b8d8562a6f Update Terraform random to v3.4.3 2022-10-14 09:13:35 +02:00
Paul Meyer
282117666e
Fix Azure Terraform for non-CVMs (#251) 2022-10-13 16:35:55 +02:00
katexochen
4b2dd1317a Normalize URIs for azurerm Terraform provider 2022-10-13 15:29:29 +02:00
katexochen
1556e239ca Remove state file 2022-10-13 15:29:29 +02:00
katexochen
0d1fd8fb2a Remove Azure client from CLI 2022-10-13 15:29:29 +02:00
katexochen
f4af9c56f5 Use Terraform for create Azure 2022-10-13 15:29:29 +02:00
katexochen
98a16b2b47 Create Terraform module for Azure
Co-authored-by: Benedict Schlueter <bs@edgeless.systems>
2022-10-13 15:29:29 +02:00
katexochen
a4a61e98ee Fix Terraform validation errors 2022-10-13 14:54:19 +02:00
Fabian Kammel
57b8efd1ec
Improve measurements verification with Rekor (#206)
Fetched measurements are now verified using Rekor in addition to a signature check.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-10-11 13:57:52 +02:00
Paul Meyer
1c29638421
Use env to find bash in shebang (#225) 2022-10-10 14:21:17 +02:00
katexochen
10004875f4 Add spinner interrrupt for rollback 2022-10-10 13:43:15 +02:00
Daniel Weiße
0edae36e43
AB#2426 Mini Constellation (#198)
* Mini Constellation commands to quickly deploy a local Constellation cluster

* Download libvirt container image if not present locally

* Fix libvirt KVM permission issues by creating kvm group using host GID inside container

* Remove QEMU specific values from state file

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Nils Hanke <nils.hanke@outlook.com>
2022-10-07 09:38:43 +02:00
Leonard Cohnen
92618d5284 align load balancer timeout 2022-10-07 03:38:05 +02:00