Commit Graph

552 Commits

Author SHA1 Message Date
Moritz Eckert
6dc97590fe Enable and configure k8s audit-log (#160)
* Enable and configure k8s audit-log

* Update coordinator/kubernetes/k8sapi/kubeadm_config.go

Co-authored-by: Malte Poll <mp@edgeless.systems>

* add mount point for audit log dir in kubeadm conf

* Mount audit policy into kube-apiserver static pod

* Write default auditpolicy on cluster init / cluster join

Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-05-20 17:30:37 +02:00
Moritz Eckert
e4a9be832c Add cis benchmark to conformance test (#165)
* Add cis benchmark to conformance docs

* Update e2e workflow to include cis benchmarks
2022-05-19 14:57:21 +02:00
Thomas Tendyck
206dae8fd2 readme: move debugd and local image testing to other files and add a component overview 2022-05-19 08:56:28 +02:00
Daniel Weiße
0a24de24ee AB#2103 Derive key from LUKS UUID instead of disk name (#156)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-19 08:47:17 +02:00
Fabian Kammel
daf356d88e fixed wording (#162) 2022-05-18 19:01:11 +02:00
Fabian Kammel
f620d6194d run go mod tidy in hack folder. (#161) 2022-05-18 18:44:40 +02:00
Fabian Kammel
135c787001 AB#2098 versioned & strict yaml reading (#157) 2022-05-18 18:10:57 +02:00
Fabian Kammel
7c2d1c3490 AB#2094 cloud provider specific configs (#151)
add argument to generate cloud specific configuration file
2022-05-18 11:39:14 +02:00
Nils Hanke
54e2e492df Update authorizedKeys field names for cdbg in README 2022-05-18 10:48:52 +02:00
Nils Hanke
5fa23d4bec Use "new" config for YAML parsing directives 2022-05-18 10:48:52 +02:00
Nils Hanke
c9982b979c Add unit test for SSH user creation on nodes 2022-05-17 18:00:21 +02:00
Nils Hanke
ed071d389c Add SSH users on subsequent coordinators & nodes 2022-05-17 18:00:21 +02:00
Malte Poll
084ed0c4ef cdbg config: use unified firewall rules 2022-05-17 17:50:52 +02:00
Daniel Weiße
7ba2fdd1a1 Fix proto file generation (#155)
* Fix kms export path

* Regenerate proto files

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-17 15:02:14 +02:00
Fabian Kammel
08f4f4e0aa updated images to newest version (#150) 2022-05-17 14:24:44 +02:00
Moritz Eckert
772aa66fb4 Set hardcoded file permissions to 0o600 (#153) 2022-05-17 13:10:39 +02:00
Paul Meyer
8e0f9491af Create hack folder with independent modules (#131) 2022-05-17 11:14:23 +02:00
Fabian Kammel
cfad36720b Cloned UserKey struct to config so it can be documented. Added examples. (#149) 2022-05-17 10:52:37 +02:00
Fabian Kammel
b905c28515 AB#2061 Self Documenting Config File (#143)
Move firewall up into root config, remove VPC config & autogenerate comments in config file.
2022-05-16 18:54:25 +02:00
Nils Hanke
cdfd962fcc Add --cdbg-config next to --config for cdbg 2022-05-16 17:57:51 +02:00
Nils Hanke
68092f27dd AB#2046 : Add option to create SSH users for the first coordinator upon initialization (#133)
* Move `file`, `ssh` and `user` packages to internal
* Rename `SSHKey` to `(ssh.)UserKey`
* Rename KeyValue / Publickey to PublicKey
* Rename SSH key file from "debugd" to "ssh-keys"
* Add CreateSSHUsers function to Core
* Call CreateSSHUsers users on first control-plane node, when defined in config

Tests:
* Make StubUserCreator add entries to /etc/passwd
* Add NewLinuxUserManagerFake for unit tests
* Add unit tests & adjust existing ones to changes
2022-05-16 17:32:00 +02:00
Fabian Kammel
5dc2e71d80 generate constellation config in e2e pipeline (#147) 2022-05-16 16:44:53 +02:00
Malte Poll
baa7dbc1ef Move debugd config to separate file
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-16 15:20:23 +02:00
Nils Hanke
25b0ca2a06 Use filename from input instead of hardcoded name 2022-05-16 15:15:05 +02:00
Malte Poll
3b30291360 QEMU CSP Config: PCRs -> Measurements
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-13 13:36:03 +02:00
Malte Poll
c679526bae Remove ConstellationPort from config file
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-13 13:36:03 +02:00
Fabian Kammel
83857b142c AB#2064 Feat/config/dev config to config (#139)
Renamed dev-config to config, additionally changed cdbg config to yaml.
2022-05-13 11:56:43 +02:00
Thomas Tendyck
fde7304d78 Update validargs.go 2022-05-13 11:43:48 +02:00
Daniel Weiße
9c5590bbce Add LUKS2 header size constant (#140)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-13 09:24:54 +02:00
Moritz Eckert
5ad34e0425 Apply CIS benchmark to kubelet conf
Signed-off-by: Malte Poll <mp@edgeless.systems>
Co-authored-by: Moritz Eckert <me@edgeless.systems>
2022-05-12 17:25:45 +02:00
Moritz Eckert
adda637609 Apply CIS benchmark for kubeadm clusterconf
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-12 17:25:45 +02:00
Malte Poll
1d69ed5cd8 CoreOS build pipeline: Cleanup azure disk and image after converting to SIG (#137) 2022-05-12 17:16:57 +02:00
Fabian Kammel
094a8b7659 Feat/config/generate (#136)
Implement config command & generate verb to write default configuration to file or stdout.
2022-05-12 15:14:52 +02:00
Malte Poll
49ee05b680 debugd README: lowercase firewall rules (#138) 2022-05-12 14:21:22 +02:00
Daniel Weiße
437de8bcb1 Add function to retrieve real device path of mapped device
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-12 13:53:39 +02:00
Daniel Weiße
f8c9c0f17f Fix static check
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-12 13:53:39 +02:00
Daniel Weiße
61afce37fd Clean up interface
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-12 13:53:39 +02:00
Daniel Weiße
6b3d45dd09 Add resize functions
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-12 13:53:39 +02:00
Daniel Weiße
2b80341d99 Reorder to be more readable
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-12 13:53:39 +02:00
Fabian Kammel
14103e4f89 Fix/config/measurements in yaml (#135)
Custom type & marshal implementation for measurements to write base64 instead of single bytes
2022-05-12 10:15:00 +02:00
Malte Poll
19394e5563 Fix case sensitive YAML keys in debugd config (#134)
Fix case sensitive YAML keys in debugd config

Co-authored-by: Fabian Kammel <fabian@kammel.dev>
2022-05-11 16:06:40 +02:00
Fabian Kammel
b8d1cc2b75 converted config file from JSON to YAML. (#132)
converted config file from JSON to YAML
2022-05-11 13:53:02 +02:00
Malte Poll
eb9a959353 Document k8s upgrade procedure
Signed-off-by: Malte Poll <mp@edgeless.systems>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2022-05-11 10:02:41 +02:00
Thomas Tendyck
d76703061b cli: add minimal doc generator (#129)
* cli: add minimal doc generator

* fixup! cli: add
2022-05-11 09:20:37 +02:00
Malte Poll
2fc9129b9f Fix typo in image creation 2022-05-10 15:45:34 +02:00
Malte Poll
4ea00ac684 Update debugd README to incorporate new image location
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-10 13:58:10 +02:00
Malte Poll
1101b5f60f Document customer onboarding (images -> customer)
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-10 13:58:10 +02:00
Malte Poll
748eb0f96b Create GCP images in "constellation-images" project
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-10 13:58:10 +02:00
Thomas Tendyck
9575d01ed3 cli: sort CSPs in create cmd 2022-05-10 13:53:57 +02:00
Thomas Tendyck
69d0ecd26d cli: show instance types on help and usage 2022-05-10 12:59:42 +02:00