Commit Graph

3426 Commits

Author SHA1 Message Date
renovate[bot]
bac7e8b4f9
deps: update module helm.sh/helm/v3 to v3.13.1 (#2521)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-27 13:31:54 +02:00
renovate[bot]
cd93eb6886
deps: update module google.golang.org/api to v0.148.0 (#2519)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-27 09:59:26 +02:00
Moritz Sanft
402a8834ca
ci: add e2e test for self-managed infrastructure (#2472)
* add self-managed infra e2e test

* self-managed terminatio

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix upgrade test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix indentation

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use -r when copying dir

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add terraform variable parsing

* copy constellation conf

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove unnecessary line breaks

* add missing value

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add image fetching for CSP

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix quoting

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add missing input to internal lb test

* normalize Azure URLs.. Of course

* tidy

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix expressions

* initsecret to hex

* update hexdump cmd

* add build test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add node / pod cidr outputs

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* explicitly delete the state file

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add missing license header

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* always write all outputs

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix list output

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove state-file and admin-conf on destroy

* dont use test payload

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* [remove] use self managed infra in manual e2e for testing

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* init: always skip infrastructure phase

* patch maa in workflow

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* default to Constellation-created infra in e2e test

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-10-27 09:37:26 +02:00
Daniel Weiße
f4bfbe3564
docs: refer to apply command instead of init or upgrade apply (#2487)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-10-27 08:30:59 +02:00
renovate[bot]
fff35bdb2a
deps: update module google.golang.org/grpc to v1.59.0 (#2520)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-26 16:59:11 +02:00
Daniel Weiße
149fedb90f
cli: add constellation apply command to replace init and upgrade apply (#2484)
* Add apply command
* Mark init and upgrade apply as deprecated
* Use apply command in CI
* Add skippable phases for attestation config and cert SANs

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-10-26 15:59:13 +02:00
Daniel Weiße
a7eb3b119a
cli: retry fetching of JoinConfig during init process (#2515)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-10-26 15:55:12 +02:00
renovate[bot]
0030280d1b
deps: update module github.com/fsnotify/fsnotify to v1.7.0 (#2518)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-26 15:33:23 +02:00
Adrian Stobbe
278edfa2f9
cli: init should not call terraform (#2522) 2023-10-26 14:30:11 +02:00
Daniel Weiße
ec424b260d
cli: refactor terraform code to be update/create agnostic (#2501)
* Move upgrade specific functions out of Terraform module
* Always allow overwriting Terraform files
* Ensure constellation-terraform dir does not exist on create

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-10-26 10:55:50 +02:00
renovate[bot]
f9989728f7
deps: update module google.golang.org/grpc to v1.56.3 [SECURITY] (#2514)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-26 08:20:40 +02:00
renovate[bot]
e445dac590
deps: update docker/metadata-action action to v5 (#2512)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-26 08:19:55 +02:00
renovate[bot]
3a8296b2f3
deps: update Terraform docker to v3 (#2508)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-26 08:19:08 +02:00
renovate[bot]
0563ce7336
deps: update aws-actions/configure-aws-credentials action to v4 (#2510)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-26 08:18:37 +02:00
renovate[bot]
cb11c8e297
deps: update Terraform google-beta to v5 (#2507)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-26 08:18:07 +02:00
renovate[bot]
37cda7f4f2
deps: update Terraform google to v5 (#2506)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-26 08:17:32 +02:00
renovate[bot]
0e7462728a
deps: update docker/login-action action to v3 (#2511)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-25 17:40:25 +02:00
renovate[bot]
936f55f4b0
deps: update module go.uber.org/goleak to v1.3.0 (#2509)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-25 17:39:41 +02:00
katexochen
5eb6cc6d08 image: update measurements and image version 2023-10-25 10:54:56 +02:00
renovate[bot]
06014c58ba
deps: update Kubernetes versions (#2491)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-25 10:13:42 +02:00
renovate[bot]
4afe5940b6
deps: update registry.k8s.io/provider-aws/cloud-controller-manager Docker tag to v1.28.1 (#2492)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-25 09:01:52 +02:00
Daniel Weiße
671cf36f0a
cli: common backend for init and upgrade apply commands (#2449)
* Use common 'apply' backend for init and upgrades
* Move unit tests to new apply backend
* Only perform Terraform migrations if state exists in cwd (#2457)
* Rework skipPhases logic

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-10-24 15:39:18 +02:00
renovate[bot]
15d249092c
deps: update github.com/gophercloud/utils digest to 80377ec (#2495)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-24 15:35:59 +02:00
renovate[bot]
ecbf6dcd14
deps: update bufbuild/buf to v1.27.1 (#2497)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-24 15:34:34 +02:00
Paul Meyer
1261ccb569 Revert "ci: execute unit tests and tidy check against merge of PR branch and main (#2452)"
This reverts commit 43f7d9f736.
2023-10-24 14:43:09 +02:00
Moritz Sanft
a104936bc6
validation: add generic validation framework (#2480)
* [wip] validation framework

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* [wip] wip

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* working for shallow structs!!!

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix needle pointer deref

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add comment

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix nested structs

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix nested struct pointers

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add tests

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix slices / arrays

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix struct parsing

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* extend tests

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* expose API

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* extend in-package documentation

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* linter fixes

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix naming

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add missing license headers

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* align with review

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2023-10-24 11:38:05 +02:00
Etel Sverdlov
2f745a2edb Update README.md
Updated some links to go to the main website now, updated the blog link, and "Getting started with Constellation" playlist link. Replace twitter with LInkedIn link.
2023-10-24 10:20:16 +02:00
Daniel Weiße
d218f296ad
cli: increase kubecmd retry limit (#2500)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-10-24 08:10:43 +02:00
3u13r
a1b4db4175
remove gcp internal LB from hack folder (#2502) 2023-10-23 16:26:07 +02:00
3u13r
e053d1fa71
terraform: always output node cidr (#2481)
* terraform: always output node cidr
2023-10-23 15:06:48 +02:00
Adrian Stobbe
5d640ff4f9
ci: fix win build (#2499) 2023-10-23 14:39:45 +02:00
Moritz Sanft
19ca4e6ec9
docs: document self-managed infrastructure (#2458)
* add minimal docs for self-managed infrastructure

* Update docs/docs/getting-started/first-steps.md

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* Update docs/docs/workflows/create.md

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* Update docs/docs/workflows/create.md

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* Update docs/docs/workflows/create.md

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* default to yq

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* Update docs/docs/workflows/create.md

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* don't tie self-managed infrastructure to Terraform

* silence the review-dog

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* Update docs/docs/workflows/create.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/workflows/create.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/workflows/create.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/workflows/create.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* [broken] add docs for filling tfvars file

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix docs

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove unnecessary linebreaks

* add missing value

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix quoting

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* document endpoint separation

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-10-23 11:53:08 +02:00
renovate[bot]
5b70654489
deps: update ghcr.io/edgelesssys/gcp-guest-agent Docker tag to v20231016 (#2490)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-23 10:37:37 +02:00
Daniel Weiße
d154703c9a
cli: remove unnecessary check from QEMU rollbacker (#2489)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-10-23 10:20:25 +02:00
edgelessci
9c89b75a53
image: update locked rpms (#2498) 2023-10-22 10:10:48 +02:00
renovate[bot]
e5ead09801
deps: update ubuntu:22.04 Docker digest to 2b7412e (#2496)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-20 18:22:34 +02:00
Malte Poll
5d4af05e79
nix: flake update (#2488) 2023-10-20 17:17:59 +02:00
renovate[bot]
0d27a2add2
deps: update Constellation containers to v2.13.0-pre.0.20231017104710-b2f3f72488db (#2444)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-20 16:55:24 +02:00
Adrian Stobbe
9c1c876830
pick random azure region (#2483) 2023-10-20 13:38:08 +02:00
Daniel Weiße
37e5cbeaf6 Update link to our blog
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-10-20 12:13:18 +02:00
Malte Poll
c3a0a7e156
cli: set image version in tests to stamped binary version (#2485) 2023-10-20 11:41:56 +02:00
edgelessci
5cd70ac58a
image: update measurements and image version (#2482)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-10-20 08:10:51 +02:00
Daniel Weiße
eeaba28d02
ci: remove force flag from CLI commands (#2479)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-10-20 08:10:26 +02:00
3u13r
6c0a3b8efa
fix joining over lb (#2478) 2023-10-19 16:28:07 +02:00
edgelessci
43ee0791c6
image: update measurements and image version (#2477)
Co-authored-by: 3u13r <3u13r@users.noreply.github.com>
2023-10-19 14:50:52 +02:00
3u13r
498b5d68f6
helm: add gcp ccm permissions for internal LBs (#2474)
* helm: add gcp ccm permissions
2023-10-19 10:57:59 +02:00
3u13r
0bfb4f7e11
align tf output vars with CLI parsing (#2475) 2023-10-19 10:03:22 +02:00
Malte Poll
ee54b71a9e
ci: build rpmdb explicitly (#2476) 2023-10-19 08:34:17 +02:00
Adrian Stobbe
5819a11d25
api: for Azure attestationconfigapi use TCB values from SNP report instead of MAA token (#2429) 2023-10-17 17:36:50 +02:00
3u13r
0c89f57ac5
Support internal load balancers (#2388)
* arch: support internal lb on Azure

* arch: support internal lb on GCP

* helm: remove lb svc from verify deployment

* arch: support internal lb on AWS

* terraform: add jump hosts for internal lb

* cli: expose internalLoadBalancer in config

* ci: add e2e-manual-internal

* add in-cluster endpoint to terraform output
2023-10-17 15:46:15 +02:00