Commit Graph

913 Commits

Author SHA1 Message Date
Daniel Weiße
4151d365fb AB#2286 Return only primary IPs for instance metadata operations (#335)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-04 11:08:20 +02:00
Daniel Weiße
5c00dafe9b Fix CoreOS pipeline (#336)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-04 09:24:21 +02:00
Daniel Weiße
5da92d9d8b AB#2249 Rework image build pipeline (#326)
* Rework image build pipeline

* Dont cancel workflow runs on main

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-03 16:01:36 +02:00
Malte Poll
d3435b06a2 AB#2283 Build CCM GCP from github actions in constellation repo (#334)
* Build CCM GCP from github actions in constellation repo
* Deploy correct version of GCP CCM
2022-08-03 11:46:11 +02:00
Otto Bittner
70336e4c9b AB#2289: Release v1.4.0 2022-08-03 08:06:05 +02:00
Otto Bittner
a13d1d8bd8 Bump coreos-img version 2022-08-03 08:06:05 +02:00
Otto Bittner
ba9555033d Bump service-image versions to v1.4.0 2022-08-03 08:06:05 +02:00
Fabian Kammel
985585f578 fix linter issues (#329)
* fix linter issues
* replace fmt with logger
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2022-08-02 16:25:47 +02:00
Otto Bittner
1859dc1718 AB#2288: Fix/kernel panic (#328)
* More debug info & don't use guestfish
* Sync image runner script with deployed code
* Add missing = for --wait in sonobuoy action

Co-authored-by: <mp@edgeless.systems>
2022-08-02 15:34:17 +02:00
Daniel Weiße
19871ee422 Enable integrity protection on boot (#300)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-02 12:35:23 +02:00
Daniel Weiße
aa7fcce8af Add configurable node disk type (#317)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-02 12:24:55 +02:00
Malte Poll
6a84bb5b4b go pseudo version hack script: update main
- use correct default major version
- Warn (but do not fail) if no version tag exists yet.
2022-08-02 11:02:48 +02:00
Malte Poll
f9dc21685f go pseudo version hack script: use correct commit hash length 2022-08-02 11:02:48 +02:00
Fabian Kammel
a705fabf43 wait at most 5 hours (#322) 2022-08-01 21:44:12 +02:00
Fabian Kammel
ffc3097c10 [RFC] Secure Software Distribution (#234)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2022-08-01 16:52:32 +02:00
Fabian Kammel
19b731b5f7 Add node name to early boot logging (#323)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-01 12:32:28 +02:00
Fabian Kammel
050e8fdc4a AB#2159 Feat/cli/fetch measurements (#301)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-01 09:37:05 +02:00
Daniel Weiße
7baf98f014 Add test vectors for key derivation functions (#320)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-01 09:11:13 +02:00
Fabian Kammel
87083ca624 Awesome README.md badges (#316)
awesome readme badges
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-29 16:37:35 +02:00
Daniel Weiße
e0ae4e1fe6 Bump kms, joinservice, and verification service image to latest (#319)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-07-29 10:42:23 +02:00
Daniel Weiße
9a3bd38912 Generate random salt for key derivation on init (#309)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-07-29 09:52:47 +02:00
3u13r
e0ce2e8a51 add namespace to kubectl requests (#315)
* add namespace to kubectl requests

* Add tests for missing/wrong namespace

Co-authored-by: Otto Bittner <cobittner@posteo.net>
2022-07-28 16:07:29 +02:00
katexochen
c37fab0a4c Add cdbg warning for non-debug image 2022-07-28 13:11:55 +02:00
Otto Bittner
5d87b48769 Bump image version 2022-07-28 09:57:11 +02:00
Otto Bittner
5a2809aca2 Disable automatic image builds (#310)
We only need new images for bootstrapper changes
for each release. Between releases we can use debug images.
For releases we have to build images manually anyway.
Therefore, let's not build these images unnecessarily.
2022-07-28 09:56:49 +02:00
Daniel Weiße
a3a85b31cf Remove mentions of unique ID (#311)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-07-27 16:10:50 +02:00
katexochen
ed5f64dc0a Fix stateservice test and increase speed 2022-07-27 15:07:53 +02:00
katexochen
d43ee053ed Log disk uuid to cloud logging 2022-07-27 14:25:31 +02:00
katexochen
d6b5e954e7 Tidy hack go.mod 2022-07-27 13:56:40 +02:00
Otto Bittner
44b5e042ea AB#2077: Kubernetes 1.22.12 support (#302)
* Necessary changes to build join-service image
* Reference new join-service image

Tested on GCP and Azure using microservice-demo.
2022-07-27 13:38:14 +02:00
Otto Bittner
83d2c7b6a3 AB#2077: add v1.24.3 support (#298)
This is a squashed commit. 
* Necessary changes for 1.24 support. Trigger join-service build.
* Update joinservice version. Image was created 
by manually triggered workflow, based on now squashed commit.

microservice-demo can be deployed successfully.
No errors during cluster setup.
2022-07-26 17:08:57 +02:00
Otto Bittner
ff5100f332 AB#2234: Introduce AddNodeSelectorsToDeployment
Add the above function to the different client interfaces.
Remove previously used Command.Exec call.
2022-07-26 16:53:41 +02:00
Otto Bittner
6b6a3ee976 AB#2234: Introduce AddTolerationsToDeployment
Add the above function to the different client interfaces.
Update adjacent functions to provided needed ctx and client
objects.
2022-07-26 16:53:41 +02:00
Moritz Eckert
ad02249b9a Add VerifyService port to GCP LB (#291)
* Add VerifyService port to GCP LB

* cli verify command: Use verify service port by default

Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-07-26 16:35:14 +02:00
Thomas Tendyck
244426305d fix integration test workflow 2022-07-26 15:59:04 +02:00
Thomas Tendyck
aa0a07592b check licenses (#297)
* AB#2222 check licenses of dependencies

* AB#2222 check-licenses: use setup-go
2022-07-26 11:49:13 +02:00
Daniel Weiße
db79784045 AB#2200 Merge Owner and Cluster ID (#282)
* Merge Owner and Cluster ID into single value

* Remove aTLS from KMS, as it is no longer used for cluster external communication

* Update verify command to use cluster-id instead of unique-id flag

* Remove owner ID from init output

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-07-26 10:58:39 +02:00
Thomas Tendyck
48d614c959 AB#2222 replace unlicensed passwd package with own implementation 2022-07-25 15:10:29 +02:00
dependabot[bot]
f57a7e3ed0 Bump docker/setup-buildx-action from 1.7.0 to 2 (#285)
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 1.7.0 to 2.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](f211e3e9de...dc7b9719a9)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-25 12:14:17 +02:00
Fabian Kammel
3a52bcabeb First suggestion for issue and pr templates. (#289)
* First suggestion for issue and pr templates.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-25 12:13:02 +02:00
Fabian Kammel
ae13163fb7 kubectl wait is not supported for daemonset (#296)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-25 11:07:21 +02:00
Malte Poll
aacbf9dc70 Bump coreos images to 1658499095 (#295) 2022-07-25 09:03:51 +02:00
Otto Bittner
566b40699f AB#2255: Bump joinservice version (#294) 2022-07-22 15:44:27 +02:00
Otto Bittner
52ceced223 AB#2255: Fix kubeadm version incompatibility (#293)
* Update image version
* Introduce 'ValidK8sVersion' type. Ensures that consumers
of the k8sVersion receive a valid version, without
having to do their own validation.
* Add testcase to check that kubeadm accepts the currently provided
version.
2022-07-22 15:05:04 +02:00
Malte Poll
ebf76ae7e3 kubernetes binary download: retry downloads for every error during download (after preparing the destination tempfile) (#290)
kubernetes binary download: retry downloads for every error during download (after preparing the destination tempfile)

Signed-off-by: Malte Poll <mp@edgeless.systems>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-07-22 11:10:39 +02:00
Otto Bittner
c743398a23 AB#2181: retry k8s downloads (#286)
Generalize retrier:
* Generalize Do to use a supplied 'retriable' function
* Make clock an optional argument in NewIntervalRetrier
* Move grpc/retrier to interal package
* Update existing unittests to not use retry feature

Add retryDownloadToTempDir:
* Wrap downloadToTempDir with retrier.
* Retry if TCP connection is reset.
* Abort by canceling the context.
* Use a mock server in the unit test that serves responses
depending on the state received through a state channel.

Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2022-07-21 15:20:12 +02:00
Otto Bittner
741384158a AB#2076: version specific images (#288)
KubernetesVersion sent by the init command now controls
all downloaded binaries, if they depend on the k8s version.

* Move all download links into /internal/versions.
* Unify files in /internal/versions package
* Move image download links into VersionConfigs
and thus make them dependant on the k8s version,
where the image version is specific to the k8s version.
* Don't specify patch version in k8sVersion
2022-07-21 14:41:07 +02:00
dependabot[bot]
b57e9cf92a Bump docker/login-action from 1.14.1 to 2 (#284)
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.14.1 to 2.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](dd4fa0671b...49ed152c8e)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-21 09:45:54 +02:00
Fabian Kammel
ba5a3aefe3 fix ci-lint issues (#287)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-20 16:44:41 +02:00
Fabian Kammel
085f548333 GitHub action pin-by-hash & dependabot (#283)
* remove Sunday and Monday morning runs, little value
* run test lint on main, as we do for all linters
* fixup outdated instructions
* use version hash instead of tags
* use dependabot for github actions
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-20 10:48:01 +02:00