Daniel Weiße
d7a2ddd939
config: add separate option for handling attestation parameters ( #1623 )
...
* Add attestation options to config
* Add join-config migration path for clusters with old measurement format
* Always create MAA provider for Azure SNP clusters
* Remove confidential VM option from provider in favor of attestation options
* cli: add config migrate command to handle config migration (#1678 )
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-03 11:11:53 +02:00
Moritz Sanft
478b6ddb72
add terraform debug docs ( #1627 )
2023-04-21 08:43:27 +02:00
Moritz Sanft
3031d395a9
cli: force-delete Azure resource group ( #1667 )
...
* force-delete Azure resource group
* were not -> weren't
* fix typo
2023-04-19 08:30:11 +02:00
3u13r
14d26e1af4
terraform: use nat gateway on azure ( #1655 )
...
* terraform: use nat gateway on azure
* docs: add new azure permission
2023-04-17 11:00:35 +02:00
Moritz Sanft
1d0ee796e8
cli: add Terraform log support ( #1620 )
...
* add Terraform logging
* add TF logging to CLI
* fix path
* only create file if logging is enabled
* update bazel files
* register persistent flags manually
* clidocgen
* move logging code to separate file
* reword yes flag parsing error
* update bazel buildfile
* factor out log level setting
2023-04-14 14:15:07 +02:00
Moritz Eckert
af9e03f66b
docs: update versioned benchmarks
2023-04-11 14:28:21 +02:00
Moritz Eckert
0b66119a41
docs: group perf graphics by csp
2023-04-11 14:28:21 +02:00
Moritz Eckert
db32251daa
docs: update benchmarks with v2.6.0
...
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-04-11 14:28:21 +02:00
Moritz Eckert
a1f5e0e53d
ci: Add tooling to create benchmark figures
2023-04-11 14:28:21 +02:00
edgelessci
06bbdda9dc
docs: add release v2.7.0 ( #1592 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-04-05 10:33:16 +02:00
Moritz Sanft
e71c33c88d
cli: print attestation document with constellation verify ( #1577 )
...
* wip: verification output
* wip: Azure cert parsing
* wip: print actual PCRs
* wip: use string builder for output formatting
* compare PCR expected with actual
* tests
* change naming
* update cli reference
* update bazel buildfile
* bazel update
* change loop signature
2023-04-03 15:06:27 +02:00
Paul Meyer
176d32599f
terraform: add missing permission to AWS iam
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-03 07:23:00 -04:00
Paul Meyer
63b07ede8a
terraform: sort permissions
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-03 07:23:00 -04:00
Otto Bittner
c8c2953d7b
cli: add status cmd
...
The new command allows checking the status of an upgrade
and which versions are installed.
Also remove the unused restclient.
And make GetConstellationVersion a function.
2023-04-03 12:03:41 +02:00
Paul Meyer
b8d6b110b1
cli: add missing -y short flag to iam create ( #1572 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-31 17:26:14 +02:00
Moritz Sanft
1f7acf8dfb
docs: list minimal permissions for Constellation setup ( #1442 )
...
* add required Azure perms
* add minimal aws permissions
* add minimal gcp permissions
* [wip] split Azure perms by iam create/create step
* Update docs/docs/getting-started/install.md
Co-authored-by: Nils Hanke <Nirusu@users.noreply.github.com>
* Update docs/docs/getting-started/install.md
Co-authored-by: Nils Hanke <Nirusu@users.noreply.github.com>
* minimal gcp permissions for iam create/create step
* escape footnote bracket
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* active voice
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* link to config step
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* add predefined roles for Azure
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* add AWS and GCP predefined min roles
* add Azure attestationprovider perm
* footnote for attestation mode
* Update docs/docs/getting-started/install.md
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* accept superset
* fix negation
Co-authored-by: Nils Hanke <Nirusu@users.noreply.github.com>
* update footnote
---------
Co-authored-by: Nils Hanke <Nirusu@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-03-30 10:16:57 +02:00
Thomas Tendyck
6fabb2a84b
docs: rearrange troubleshooting
2023-03-29 10:57:17 +02:00
Otto Bittner
861bc84f94
cli: only apply upgrades on gcp/azure ( #1518 )
...
The constellation-operator currently doesn't support the
necessary operations for AWS, OpenStack and QEMU.
2023-03-24 17:07:14 +01:00
derpsteb
870182987c
docs: update cli reference
2023-03-24 08:47:53 +01:00
Otto Bittner
55067b12cd
docs: explain how to change cluster measurements
...
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
2023-03-23 18:08:18 +01:00
Malte Poll
44db16b42e
cli: give Azure uami all perms previously given to app registration ( #1334 )
...
This is the first step for deprecating app registrations on Azure.
The user-assigned managed identity (uami) should first gain all permissions that are currently held by the app registration.
* cli: give Azure uami all permissions previously given to app registratio
* docs: document required owner role for user-assigned managed identity on Azure
2023-03-21 10:00:13 +01:00
renovate[bot]
79395ddd20
deps: update ubuntu:22.04 Docker digest to 7a57c69 ( #1452 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-17 18:31:20 +01:00
Moritz Eckert
16f2f9bb64
docs: simplify readme svg ( #1418 )
2023-03-15 12:11:54 +01:00
Paul Meyer
d16f01d810
docs: pin base image of screencast container
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-14 13:08:19 -04:00
Thomas Tendyck
1a4c1f34bc
docs: refer to known issues ( #1414 )
...
* docs: refer to known issues
* publish
2023-03-14 08:27:06 +01:00
Thomas Tendyck
d8895446de
docs: remove pcr warning from asciinema casts
2023-03-13 08:26:56 +01:00
Fabian Kammel
566924caf8
docs: embedd asciinema casts ( #1154 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
Co-authored-by: 3u13r <lc@edgeless.systems>
2023-03-11 00:13:32 +01:00
derpsteb
02694c0648
docs: add release v2.6.0
2023-03-09 13:14:28 +01:00
edgelessci
ff7ac40590
docs: update cli reference ( #1378 )
...
Co-authored-by: daniel-weisse <daniel-weisse@users.noreply.github.com>
2023-03-08 15:53:25 +01:00
Thomas Tendyck
c94d1db76d
attestation: remove PCR 0 and 10 on GCP
2023-03-06 13:09:57 +01:00
Thomas Tendyck
3471d73c6c
docs: publish
2023-03-06 10:43:49 +01:00
Thomas Tendyck
c7f0cf1e79
docs: few fixes and rewording
2023-03-06 10:43:49 +01:00
Thomas Tendyck
420fecb986
docs: publish minor fixes ( #1220 )
2023-03-03 16:45:00 +01:00
Otto Bittner
67a58bcc56
docs: rename components to microservices
...
Since we now have a config value called microserviceVersion
it hopefully makes it easier for users to understand what
this value controls if we also use the term microservice
in the docs.
2023-03-03 15:40:57 +01:00
Otto Bittner
273225968f
docs: rewrite upgrade docs for new commands
...
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-03-03 15:40:57 +01:00
Nirusu
9867faaf7e
docs: update cli reference
2023-03-03 09:12:34 +01:00
Nils Hanke
f67594a5ea
docs: adjust wording for resource provider troubleshooting
2023-03-01 16:10:06 +01:00
Nils Hanke
b327287577
docs: mention resource provider registration for Azure ( #1308 )
...
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-03-01 14:35:46 +01:00
Paul Meyer
483c0b47fe
docs: update cli reference ( #1293 )
...
Co-authored-by: derpsteb <derpsteb@users.noreply.github.com>
2023-02-28 18:40:10 +01:00
Moritz Sanft
a2096c2e33
docs: add docs on general Terraform usage ( #1263 )
...
* add docs on general tf usage
* reminder to not delete terraform dir
* fix spelling check
* add to sidebar
* reference terraform page
* embed link into natural language
* mention iam folder
* separate hack tools from official tf docs
* assume familiarity with tf
2023-02-28 10:36:20 +01:00
Paul Meyer
ca1a594f04
docs: update cli reference ( #1292 )
2023-02-28 09:31:44 +01:00
github-actions[bot]
95a6bd8030
docs: update cli reference ( #1254 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-02-27 15:36:45 +01:00
miampf
5137e9fa57
cli: iam destroy ( #946 )
2023-02-24 11:36:41 +01:00
Nils Hanke
3c24fa37e8
docs: specify requirement of 4 vCPUs more clearly
2023-02-22 15:25:51 +01:00
Nils Hanke
573de3191e
docs: add support for GCP C2D VMs
2023-02-22 15:25:51 +01:00
Otto Bittner
d78d22f95a
cli: add config kubernetes-versions
subcommand ( #1224 )
...
Allows users to learn which k8s versions are supported by the
current CLI.
Extend respective docs section.
2023-02-22 09:52:47 +01:00
leongross
ff31f20488
docs: update cli reference
2023-02-21 18:52:28 +01:00
Thomas Tendyck
91c251090f
Fix links and clean lycheeignore ( #1219 )
...
* docs: fix links to cilium docs
* docs: clean lycheeignore
* docs: remove link to no longer existing blog post
2023-02-19 21:45:20 +01:00
stdoutput
013be33143
fix terminate docs filename
2023-02-19 16:23:15 +01:00
Moritz Sanft
782b4ec680
extend docs on terraform iam resource destruction ( #1217 )
2023-02-19 13:17:26 +01:00
derpsteb
d0daf26da7
docs: update cli reference
2023-02-16 08:54:47 +01:00
thomasten
94245416ca
docs: update cli reference
2023-02-13 08:39:40 +01:00
Daniel Weiße
c29107f5be
init: create kubeconfig file with unique user/cluster name ( #1133 )
...
* Generate kubeconfig with unique name
* Move create name flag to config
* Add name validation to config
* Move name flag in e2e tests to config generation
* Remove name flag from create
* Update ascii cinema flow
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-02-10 13:27:22 +01:00
github-actions[bot]
35d9efd351
docs: generate docs for v2.5.0 ( #1059 )
...
Co-authored-by: release[bot] <release[bot]@users.noreply.github.com>
2023-01-23 20:13:24 +01:00
Moritz Eckert
aa1b2f8d30
docs: add missing asterisk reference ( #970 )
2023-01-23 13:19:51 +01:00
3u13r
03154c6e64
docs: document terraform support ( #1037 )
2023-01-23 10:37:28 +01:00
Moritz Sanft
88bbfb2065
docs: add docs for automatic config filling of iam values ( #1000 )
...
* AB#2821 iam config filling docs
* AB#2821 rephrasing
2023-01-19 10:24:58 +01:00
github-actions[bot]
8664e57c36
docs: update cli reference ( #951 )
...
* CLI reference was updated by edgelesssys/constellation@64ec0408
* CLI reference was updated by edgelesssys/constellation@e844ceb2
Co-authored-by: stdoutput <stdoutput@users.noreply.github.com>
2023-01-17 14:39:13 +01:00
Otto Bittner
90b88e1cf9
kms: rename kms to keyservice
...
In the light of extending our eKMS support it will be helpful
to have a tighter use of the word "KMS".
KMS should refer to the actual component that manages keys.
The keyservice, also called KMS in the constellation code,
does not manage keys itself. It talks to a KMS backend,
which in turn does the actual key management.
2023-01-16 11:56:34 +01:00
Thomas Tendyck
c66119fe93
docs: remove disclaimer about resolved Azure performance issue ( #944 )
...
* docs: remove disclaimer about resolved Azure performance issue
* Update first-steps.md
* Update first-steps.md
2023-01-11 17:29:29 +01:00
release[bot]
0d1b2283f6
Generate docs for v2.4.0
2023-01-11 16:26:07 +01:00
github-actions[bot]
6dad94137b
CLI reference was updated by edgelesssys/constellation@075a0e0a ( #883 )
...
Co-authored-by: derpsteb <derpsteb@users.noreply.github.com>
2023-01-05 18:21:23 +01:00
Fabian Kammel
6323bd774d
fix linter issues ( #820 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-12-22 09:35:10 +01:00
Fabian Kammel
f1bee6dab8
Azure disclaimer ( #805 )
...
* make flxflx code owner of docs
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
* add azure disclaimer
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-12-20 17:07:56 +01:00
github-actions[bot]
edabdb025e
CLI reference was updated by edgelesssys/constellation@efcd0337 ( #814 )
...
Co-authored-by: derpsteb <derpsteb@users.noreply.github.com>
2022-12-19 16:59:16 +01:00
Thomas Tendyck
5fcc81538c
docs: publish gcp zone fix ( #810 )
2022-12-19 12:15:44 +01:00
Moritz Sanft
6e961997ac
fix wrong GCP zone ( #804 )
2022-12-16 09:41:19 +01:00
Malte Poll
92fcba118a
Release docs for v2.3
2022-12-12 17:52:29 +01:00
Thomas Tendyck
5ecf945226
docs: few fixes and rewording
2022-12-12 14:34:59 +01:00
Moritz Sanft
dd4fc0d869
AB#2685 Add documentation for automatic IAM creation ( #711 )
2022-12-12 13:33:19 +01:00
Otto Bittner
e461b6385a
Document cert-manager installation. ( #752 )
2022-12-09 13:28:29 +01:00
Daniel Weiße
7e50f871bf
Update CSI installation instructions in versioned docs ( #741 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-12-09 08:48:33 +01:00
Moritz Sanft
d03abfa45e
AB#2652 Add supported CP regions to Azure & GCP Docs ( #715 )
...
* AB#2652 Add supported CP regions to Azure & GCP Docs
* AB#2652 fix numeration
2022-12-07 12:12:05 +01:00
Moritz Sanft
85e7b836a3
AB#2651 Compatibility warning for MiniConstellation ( #713 )
2022-12-07 10:20:01 +01:00
Paul Meyer
516e33bee6
docs: update dependencies
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-07 10:17:48 +01:00
Thomas Tendyck
e91b60c577
AB#2686 docs: rephrase cluster identity ( #723 )
...
* AB#2686 docs: rephrase cluster identity
* clarify clusterID measurement
* publish
2022-12-05 17:48:26 +01:00
Thomas Tendyck
92d97e117a
docs: improve wording
2022-12-01 12:07:04 +01:00
Malte Poll
e67f65709f
Prepare release checklist for v2.3 ( #690 )
2022-12-01 10:46:04 +01:00
Fabian Kammel
f3e9a83000
improve wording ( #677 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-30 12:41:07 +01:00
Thomas Tendyck
21529d0e9e
don't promote Trusted Launch for now
2022-11-30 12:24:37 +01:00
Daniel Weiße
6bd62f0f7a
Update docs to new measurement format ( #660 )
...
* Remove fetch-measurements from create workflow
* Explain new measurements format in docs
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-30 08:29:17 +01:00
Fabian Kammel
cf49f7d755
Document SLSA adoption and current level ( #661 )
...
* Document SLSA adoption and current level
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2022-11-29 12:56:28 +01:00
Moritz Eckert
bffa5c580c
Fix components diagram ( #659 )
2022-11-28 15:30:46 +01:00
Fabian Kammel
c71fd89e80
Provenance for CLI ( #647 )
...
* provenance generation for cli
* document provenance generation for CLI
* include CLI SBOM in provenance
Co-authored-by: 3u13r <lc@edgeless.systems>
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-25 16:13:20 +01:00
Nils Hanke
878d66dcda
Remove SSHUsers and UserKey from config v2 ( #650 )
...
* Remove SSHUsers and UserKey as part of configVersion v2
* Add migration nodes to docs
* Update CHANGELOG.md
2022-11-25 15:27:34 +01:00
Malte Poll
8d9254e050
Docs: document breaking changes in the config file
2022-11-23 15:47:46 +01:00
github-actions[bot]
d8463e984b
Update CLI reference ( #613 )
...
* CLI reference was updated by edgelesssys/constellation@9f64fdad
* CLI reference was updated by edgelesssys/constellation@1f9b6ba9
Co-authored-by: daniel-weisse <daniel-weisse@users.noreply.github.com>
2022-11-22 10:06:22 +01:00
Daniel Weiße
b915d03487
AB#2615 Update docs to new CSI installation method ( #606 )
...
* Update docs to new CSI installation method
* Fix invalid volume expansion option
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
2022-11-22 09:36:08 +01:00
Malte Poll
74aabe86fa
Move PCR[8] -> PCR[12]
2022-11-18 10:37:45 +01:00
Nils Hanke
4a2cba988c
Create separate Terraform workspace directory
2022-11-17 13:49:34 +01:00
Fabian Kammel
bb76a4e4c8
AB#2512 Config secrets via env var & config refactoring ( #544 )
...
* refactor measurements to use consistent types and less byte pushing
* refactor: only rely on a single multierr dependency
* extend config creation with envar support
* document changes
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-15 15:40:49 +01:00
leongross
366b7ffed4
AB#2606 add default 'EnforcedMeasurements' for AWSConfig, add aws tab… ( #471 )
...
* AB#2606 add AWS to attestation documentation
2022-11-14 12:48:17 +01:00
Thomas Tendyck
cf82794b1d
docs: publish access manager removal
2022-11-14 10:42:30 +01:00
Fabian Kammel
b92b3772ca
Remove access manager ( #470 )
...
* remove access manager from code base
* document new node ssh workflow
* keep config backwards compatible
* slow down link checking to prevent http 429
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-11 08:44:36 +01:00
Thomas Tendyck
4f710528bc
docs: publish
2022-11-09 16:30:05 +01:00
Thomas Tendyck
01fbfeebb9
docs: misc fixes and rewording
2022-11-09 16:30:05 +01:00
Fabian Kammel
2b64f31104
release docs for v2.2 ( #482 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-08 18:25:56 +01:00
Fabian Kammel
598761541b
AWS Docs ( #446 )
...
* document AWS support
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2022-11-08 18:21:09 +01:00
Leonard Cohnen
f09ce515e2
docs: remove constellation-state.json
2022-11-07 19:09:24 +01:00
Otto Bittner
a70161730f
Explain unenforced measurements in config ( #445 )
2022-11-07 08:56:57 +01:00