Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity
1,801 Commits 133 Branches 44 Tags 106 MiB
bbda3d1ecd
Commit Graph

388 Commits

Author SHA1 Message Date
Moritz Sanft
9859b30c4d
AB#2544 add upgrade agent for automatic version updates (#745) 2022-12-25 18:49:45 +01:00
Paul Meyer
8b39d3d368 versionsapi: fix cache invalidation 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-23 10:15:42 +01:00
Otto Bittner
efcd0337b4
Microservice upgrades (#729) 
Run with: constellation upgrade execute --helm.
This will only upgrade the helm charts. No config is needed.

Upgrades are implemented via helm's upgrade action, i.e. they
automatically roll back if something goes wrong. Releases could 
still be managed via helm, even after an upgrade with constellation
has been done.

Currently not user facing as CRD/CR backups are still in progress.
These backups should be automatically created and saved to the 
user's disk as updates may delete CRs. This happens implicitly 
through CRD upgrades, which are part of microservice upgrades.
 2022-12-19 16:52:15 +01:00
renovate[bot]
8ddc8cdb65 Update dependency kubernetes-sigs/cri-tools to v1.26.0 2022-12-16 10:43:33 +01:00
renovate[bot]
7ffbad12be
Update Constellation containers to v2.3.0-pre.0.20221212170906-a77f38efbb31 (#779) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-14 10:46:15 +01:00
Paul Meyer
c741ccfb4b kubernetes: use new registry 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-13 16:08:19 +01:00
Paul Meyer
6862c2587f kubernetes: add v1.26, default to v1.25 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-13 16:08:19 +01:00
Malte Poll
cf0b04291a Embed measurements for v2.3.0 2022-12-12 17:45:35 +01:00
Malte Poll
d6b2e9ea9a Expand PCR selection on AWS 2022-12-12 17:45:35 +01:00
Malte Poll
c3b657de01 Bump version to v2.3.0 2022-12-12 17:45:35 +01:00
renovate[bot]
5eae12778a
Update Constellation containers (#777) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-12-09 18:45:09 +01:00
renovate[bot]
012f739c67
Update Constellation containers (#759) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-09 16:32:58 +01:00
Malte Poll
4a8ebfd921 OS images: use "ref", "stream" and "version" 
Switch azure default region to west us
Update find-image script to work with new API spec
Add version for every os image build
generate measurements: Use new API paths
CLI: config fetch measurements: Use image short versions to fetch measurements
CLI: allows shortnames to specify image in config
Image build pipeline: Change paths to contain "ref" and "stream"
 2022-12-09 13:37:43 +01:00
Paul Meyer
4795fe9695 hack: create latest endpoint in add-version script 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-09 13:37:43 +01:00
Paul Meyer
f23a2fe073 hack: implement new api for add-version script 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-09 13:37:43 +01:00
renovate[bot]
72ba97efcc
Update K8s constrained versions (#762) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-09 13:17:55 +01:00
Paul Meyer
9b1551e76a dependencies: migrate go-genproto to google-cloud-go 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-08 13:27:15 +01:00
renovate[bot]
3435ac216f
Update Constellation containers (#748) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-12-08 11:38:05 +01:00
Leonard Cohnen
a1161ae05d k8supdates: label nodes with k8s component hash 2022-12-08 11:19:22 +01:00
renovate[bot]
bb9122f115
Update Constellation containers to v2.3.0-pre.0.20221207104854-286803fb97a0 (#747) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-12-07 15:12:04 +01:00
Moritz Sanft
286803fb97
AB#2579 Add constellation iam create command (#624) 2022-12-07 11:48:54 +01:00
renovate[bot]
be01cf7129
Update Constellation containers to v2.3.0-pre.0.20221206170532-a9ed8c0191ac (#733) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-07 10:44:45 +01:00
Paul Meyer
cb734a2e66 debugd: pin logcollector container digest 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-06 18:05:32 +01:00
renovate[bot]
1766f0e4b3
Update Constellation containers to v2.3.0-pre.0.20221205155634-0981ab6fa45b (#725) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-06 13:29:54 +01:00
renovate[bot]
0981ab6fa4
Update Constellation containers to v2.3.0-pre.0.20221205121645-176dae317f6c (#719) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-05 16:56:34 +01:00
Paul Meyer
176dae317f debugd: fix logcollector container image naming 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-05 13:16:45 +01:00
Paul Meyer
226a6b6626 debugd: let renovate manage logcollector images 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-02 18:54:24 +01:00
Paul Meyer
8c5fc7a890 versionsapi: allow debug stream 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-02 18:49:17 +01:00
Paul Meyer
9c9c8e3d46 versionsapi: rename package 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-02 18:49:17 +01:00
renovate[bot]
3c62b841ed
Update Constellation containers (#705) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-02 18:48:03 +01:00
Leonard Cohnen
0c71cc77f6 joinservice: use configmap for k8s components 2022-12-02 14:34:38 +01:00
renovate[bot]
de77f1d9be
Update ghcr.io/edgelesssys/constellation/qemu-metadata-api Docker tag to v2.3.0-pre.0.20221201105133-8004edcc144d (#700) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-01 18:49:02 +01:00
Paul Meyer
8004edcc14
image: add version and debug field to lookup table (#682) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-01 11:51:33 +01:00
Malte Poll
e67f65709f
Prepare release checklist for v2.3 (#690) 2022-12-01 10:46:04 +01:00
renovate[bot]
da114519ca
Update Constellation containers (#693) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-01 08:07:09 +01:00
Leonard Cohnen
7e57944cc0 versions: bump qemu metadata image 2022-11-30 18:58:22 +01:00
renovate[bot]
016f7a67c2
Update Constellation containers to v2.3.0-pre.0.20221130104839-9537fb73c015 (#684) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-11-30 16:53:58 +01:00
Malte Poll
85d723ccbd Change path for version API: 
- Rename "updates" -> "versions"
- Add explicit "stream" in path to make API self-describing
 2022-11-30 16:36:12 +01:00
Paul Meyer
b93b24e058 debugd: add logcollector 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-11-30 16:26:25 +01:00
Malte Poll
9537fb73c0 use constants for default CDN paths 2022-11-30 12:35:12 +01:00
Malte Poll
3aa51df74d Add release trigger to make image versions available via CDN 2022-11-30 12:35:12 +01:00
Malte Poll
9bccf26ccf move update api 2022-11-30 12:35:12 +01:00
Malte Poll
ebf852b3ba Add image update API and use for "upgrade plan" 2022-11-30 12:35:12 +01:00
Thomas Tendyck
21529d0e9e don't promote Trusted Launch for now 2022-11-30 12:24:37 +01:00
renovate[bot]
8fbc4b9b19
Update ghcr.io/edgelesssys/constellation/node-operator Docker tag to v2.3.0-pre.0.20221129130129-a32f9ae75290 (#671) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-11-30 11:34:57 +01:00
renovate[bot]
e2673cac29
Update Constellation containers (#663) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-11-29 13:46:13 +01:00
Leonard Cohnen
3b6bc3b28f initserver: add client verification 2022-11-28 19:34:02 +01:00
Thomas Tendyck
64f03cf675
config: sort measurements numerically (#654) 
* config: sort measurements numerically

* add comment to swap
 2022-11-28 11:09:39 +01:00
Daniel Weiße
d52f3db2a3
AB#2644 Fetch measurements from CDN (#653) 
* Fetch measurements from CDN

* Perform metadata validation on fetched measurements

* Remove deprecated public bucket

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-28 10:27:33 +01:00
Leonard Cohnen
c978329839 helm: fix expected helm charts 2022-11-27 16:43:50 +01:00
Nils Hanke
878d66dcda
Remove SSHUsers and UserKey from config v2 (#650) 
* Remove SSHUsers and UserKey as part of configVersion v2

* Add migration nodes to docs

* Update CHANGELOG.md
 2022-11-25 15:27:34 +01:00
renovate[bot]
a3661d6c07
Update Constellation containers to v2.3.0-pre.0.20221125110824-89b25f8ebbd7 (#652) 
* Update Constellation containers to v2.3.0-pre.0.20221125110824-89b25f8ebbd7
* Update node operator and add hashes back for every container image

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
 2022-11-25 15:17:58 +01:00
Nils Hanke
89b25f8ebb
Add new generate measurements matrix CI/CD action (now with AWS support) (#641) 2022-11-25 12:08:24 +01:00
Daniel Weiße
c2ea937fb5
Fix potential data race when accessing a validators OID (#640) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-24 15:50:59 +01:00
renovate[bot]
0b85709dd2 Update Constellation containers to v2.3.0-pre.0.20221124095758-f8001efbc0d0 2022-11-24 13:52:44 +01:00
Daniel Weiße
f8001efbc0
Refactor enforced/expected PCRs (#553) 
* Merge enforced and expected measurements

* Update measurement generation to new format

* Write expected measurements hex encoded by default

* Allow hex or base64 encoded expected measurements

* Allow hex or base64 encoded clusterID

* Allow security upgrades to warnOnly flag

* Upload signed measurements in JSON format

* Fetch measurements either from JSON or YAML

* Use yaml.v3 instead of yaml.v2

* Error on invalid enforced selection

* Add placeholder measurements to config

* Update e2e test to new measurement format

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-24 10:57:58 +01:00
renovate[bot]
8ce954e012
Update Constellation containers to v2.3.0-pre.0.20221123084142-3dc9c6086469 (#636) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-11-24 09:22:49 +01:00
Malte Poll
1331c171c3 Upgrade config to v2 2022-11-23 15:47:46 +01:00
Malte Poll
575b6e93f6 CLI: use global image version field 
- Restructure config by removing CSP-specific image references
- Add global image field
- Download image lookup table on create
- Download QEMU image on QEMU create
 2022-11-23 15:47:46 +01:00
Leonard Cohnen
1e98b686b6 kubernetes: verify Kubernetes components 2022-11-23 10:48:03 +01:00
Otto Bittner
6b2d9d16f8 Remove obsolote revive comments 2022-11-23 08:35:12 +01:00
renovate[bot]
bc346805aa
Update Constellation containers to v2.3.0-pre.0.20221121163101-1362e40f53ad (#615) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-11-22 12:39:50 +01:00
Otto Bittner
1362e40f53
Surpress argument-limit errors and add TODO. (#603) 2022-11-21 17:31:01 +01:00
renovate[bot]
a5aa820d8c
Update Constellation containers (#602) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-11-21 11:23:06 +01:00
Otto Bittner
bdd9dd922b
AB#2589: Deploy operators via Helm (#575) 
* Only deploy operators on GCP/Azure.
* cert-manager is now deployed by default (GCP/Azure)
* remove OLM
 2022-11-21 10:35:40 +01:00
Malte Poll
74aabe86fa Move PCR[8] -> PCR[12] 2022-11-18 10:37:45 +01:00
Fabian Kammel
56dccb77b4
Merge back changes from v2.2.2 release (#580) 
* prepare v2.2.2 release and update release.md
* Updated QEMU measurements
* Terraform GCP: Always use the local account for resource creation (#571)
* CoreOS is no longer used, change docs to OS.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Malte Poll <mp@edgeless.systems>
 2022-11-18 10:24:45 +01:00
Daniel Weiße
b966f57a2f
AB#2554 GCP CSI driver deployment (#532) 
* Allow enabling/disabling of CSI driver through config

* Fix inconsistent namespace parsing

* Deploy GCP CSI driver on init

* Update invalid pod tolerations

* Add generate script for CSI charts

* Update generateCilium script

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-18 10:05:02 +01:00
Nils Hanke
4a2cba988c Create separate Terraform workspace directory 2022-11-17 13:49:34 +01:00
Fabian Kammel
ca4764c466
Merge v2.2.1 changes back to main (#563) 
* Bump version to v2.2.0

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Fix release detection in pipeline

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Update CHANGELOG for 2.2.1

Signed-off-by: Fabian Kammel <fk@edgeless.systems>

* bump constellation versions to 2.2.1

Signed-off-by: Fabian Kammel <fk@edgeless.systems>

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-16 11:13:10 +01:00
Fabian Kammel
bb76a4e4c8
AB#2512 Config secrets via env var & config refactoring (#544) 
* refactor measurements to use consistent types and less byte pushing
* refactor: only rely on a single multierr dependency
* extend config creation with envar support
* document changes
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2022-11-15 15:40:49 +01:00
Leonard Cohnen
c51694a51a kubernetes: add hashes to components 2022-11-15 11:07:46 +01:00
Daniel Weiße
5efe05d933
AB#2525 clean up unused code (#504) 
* Rename Metadata->Cloud

* Remove unused methods, functions, and variables

* More privacy for testing stubs

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-15 10:31:55 +01:00
Daniel Weiße
f41c54e837
AB#2524 Refactor Azure metadata/cloud API (#477) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-15 09:08:18 +01:00
renovate[bot]
df0c6159db Update K8s constrained versions 2022-11-14 09:33:42 +01:00
Daniel Weiße
a07cab4b97
Update go-tpm dependency (#533) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-14 09:02:56 +01:00
Fabian Kammel
b92b3772ca
Remove access manager (#470) 
* remove access manager from code base
* document new node ssh workflow
* keep config backwards compatible
* slow down link checking to prevent http 429
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2022-11-11 08:44:36 +01:00
renovate[bot]
c6f4b2e1a0
Update Constellation containers to v2.3.0-pre.0.20221109145754-0d12e37c9699 (#497) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-11-09 18:17:31 +01:00
Fabian Kammel
0d12e37c96
Document exported funcs,types,interfaces and enable check. (#475) 
* Include EXC0014 and fix issues.
* Include EXC0012 and fix issues.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Otto Bittner <cobittner@posteo.net>
 2022-11-09 15:57:54 +01:00
Daniel Weiße
c9873f2bfb
AB#2523 Refactor GCP metadata/cloud API (#387) 
* Refactor GCP metadata/cloud API

* Remove cloud controller manager from metadata package

* Remove PublicIP

* Move shared cloud packages

* Remove dead code

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-09 14:43:48 +01:00
Leonard Cohnen
3c6d59ce7e aws: don't flag release as debug images 2022-11-09 11:20:58 +01:00
Leonard Cohnen
97acdfa297 config: align pre-filled AWS measurements 2022-11-09 11:20:58 +01:00
Daniel Weiße
011f9c597d
Bring in changes from release branch (#479) 
* Bump version to v2.2.0

* Update changelog

* Fix release detection in pipeline

* Fix PKI selection in pipeline

* Set enforced measurements for AWS

* Update default images

* Fix release docs

* Update mini-con defaults

* Fix measurements action

* Fix syft env variable naming

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-08 18:32:59 +01:00
renovate[bot]
9ecc92e35f
Update dependency kubernetes-sigs/cri-tools to v1.25.0 (#458) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-11-04 17:38:52 +01:00
3u13r
4f4cd4cc67
bump verify image 20221104 (#459) 2022-11-04 13:56:19 +01:00
Leonard Cohnen
6fce8f77d3 join-service: bump image for AWS support 2022-11-03 16:44:54 +01:00
Otto Bittner
f164af29cf
AB#2583: deploy autoscaler via helm (#438) 2022-11-03 16:42:19 +01:00
Otto Bittner
0887bc540f
Fix invalid slice access in validateAk (#437) 2022-11-03 09:57:59 +01:00
Leonard Cohnen
1f9a788c21 aws: name instances for CCM 2022-11-02 23:29:04 +01:00
Leonard Cohnen
3aa0177333 join-service: add AWS attestation 2022-11-02 23:29:04 +01:00
Leonard Cohnen
b69d19c3d6 metadata: clarify networking variables 2022-11-02 23:29:04 +01:00
Leonard Cohnen
0430336fdf metadata: implement GetLoadBalancerEndpoint for AWS 2022-11-02 23:29:04 +01:00
Leonard Cohnen
dd007f4772 metadata: move subnetCIDR to InstanceMetadata 2022-11-02 23:29:04 +01:00
Leonard Cohnen
d59dc82e56 qemu attestation: fix typos 2022-11-02 23:29:04 +01:00
Leonard Cohnen
f199b08068 attestation: make AWS TPM check use the correct region 2022-11-02 23:29:04 +01:00
renovate[bot]
302303f2ea
Update K8s constrained versions (#428) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-11-02 13:28:41 +01:00
Daniel Weiße
55cfff034a
Remove PublicIP from QEMU metadata (#396) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-02 12:56:16 +01:00
Leonard Cohnen
8f8236a491 bump verification service 2022-10-31 17:00:14 +01:00
renovate[bot]
116736a7b9
Update Constellation containers (#402) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-10-31 11:00:36 +01:00
renovate[bot]
fd74ef754e
Update K8s version constrained containers (missing v1 prefix) (#399) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-10-31 10:34:12 +01:00