Daniel Weiße
e6b1156849
AB#2169 Implement control-plane activation in activation service ( #217 )
...
* Implement Control Plane activation flow
* Rename Activation RPCs
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-21 11:10:32 +02:00
katexochen
b926cf9006
Move aTLS fakes into atls package
2022-06-15 16:31:24 +02:00
katexochen
85ba2657e1
Fix grpc dialer
2022-06-15 16:31:24 +02:00
Daniel Weiße
4842d29aff
AB#2111 Deploy activation service on cluster init ( #205 )
...
* Deploy activation service on cluster init
* Use base image with CA certificates for activation service
* Improve KMS server
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-15 16:00:48 +02:00
Paul Meyer
86d29a4567
Add concurrency tests for atls connections ( #211 )
2022-06-15 13:04:56 +02:00
Thomas Tendyck
e9916a7d3a
atls: make client cfg reusable
2022-06-15 13:04:56 +02:00
Thomas Tendyck
989c128fa6
atls: rename nonce to clientNonce/serverNonce for clarification
2022-06-15 13:04:56 +02:00
Nils Hanke
f0b8412ef8
constellation-access-manager: Persistent SSH as ConfigMap ( #184 )
2022-06-13 16:23:19 +02:00
Daniel Weiße
1e19e64fbc
Dynamic grpc client credentials ( #204 )
...
* Add an aTLS wrapper for grpc credentials
* Move grpc dialers to internal and use aTLS grpc credentials
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-13 11:40:27 +02:00
Fabian Kammel
84552ca8f7
AB#2104 Feat/azure logging ( #198 )
...
implementation for azure early boot logging
2022-06-10 13:18:30 +02:00
Daniel Weiße
691ab84326
Update version variable
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-08 17:17:06 +02:00
Daniel Weiße
3467df6b69
Move attestation, atls and oid packages to internal directory
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-08 17:17:06 +02:00
Daniel Weiße
b461c40c3a
Implement activation service
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-08 17:17:06 +02:00
katexochen
b3a51cca64
Move cli/status to internal/statuswaiter
2022-06-08 11:59:23 +02:00
katexochen
b308db03fe
Move cli/cloud/cloudtypes into /internal
2022-06-08 11:59:23 +02:00
katexochen
6a9419e89c
Remove cli/ec2
2022-06-08 11:59:23 +02:00
katexochen
180d7872dd
Separate shared azure code
2022-06-08 11:59:23 +02:00
katexochen
48b4f10207
Separate shared gcp code
2022-06-08 11:53:55 +02:00
katexochen
21127a4cdc
Remove azure instances
2022-06-08 11:53:55 +02:00
katexochen
3562345da4
Remove gcp instances
2022-06-08 11:53:55 +02:00
katexochen
4b30dd21c8
Remove cli/qemu, use cloudtypes instead
2022-06-08 11:53:55 +02:00
katexochen
67b25d2771
Move cli/cloudprovider into internal/cloud
2022-06-08 11:53:55 +02:00
Leonard Cohnen
791d5564ba
replace flannel with cilium
2022-06-02 13:08:25 +02:00
3u13r
c4f15cd30b
bump images ( #191 )
2022-06-02 10:30:43 +02:00
Christoph Meyer
db5468a886
Deploy KMS server image in Constellation
...
Add image pull secret for ghcr.io
2022-05-31 11:13:26 +02:00
Thomas Tendyck
42fc497477
cli: fix and tweak config file wording
2022-05-27 16:53:04 +02:00
Thomas Tendyck
2ba3c153de
AB#2117 cli: validate config ( #170 )
...
* AB#2117 cli: validate config
* update hack/go.mod
2022-05-23 15:01:39 +02:00
Malte Poll
c16f5391db
bump images 1653299706
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-23 14:26:10 +02:00
Fabian Kammel
135c787001
AB#2098 versioned & strict yaml reading ( #157 )
2022-05-18 18:10:57 +02:00
Fabian Kammel
7c2d1c3490
AB#2094 cloud provider specific configs ( #151 )
...
add argument to generate cloud specific configuration file
2022-05-18 11:39:14 +02:00
Fabian Kammel
08f4f4e0aa
updated images to newest version ( #150 )
2022-05-17 14:24:44 +02:00
Moritz Eckert
772aa66fb4
Set hardcoded file permissions to 0o600 ( #153 )
2022-05-17 13:10:39 +02:00
Fabian Kammel
cfad36720b
Cloned UserKey struct to config so it can be documented. Added examples. ( #149 )
2022-05-17 10:52:37 +02:00
Fabian Kammel
b905c28515
AB#2061 Self Documenting Config File ( #143 )
...
Move firewall up into root config, remove VPC config & autogenerate comments in config file.
2022-05-16 18:54:25 +02:00
Nils Hanke
68092f27dd
AB#2046 : Add option to create SSH users for the first coordinator upon initialization ( #133 )
...
* Move `file`, `ssh` and `user` packages to internal
* Rename `SSHKey` to `(ssh.)UserKey`
* Rename KeyValue / Publickey to PublicKey
* Rename SSH key file from "debugd" to "ssh-keys"
* Add CreateSSHUsers function to Core
* Call CreateSSHUsers users on first control-plane node, when defined in config
Tests:
* Make StubUserCreator add entries to /etc/passwd
* Add NewLinuxUserManagerFake for unit tests
* Add unit tests & adjust existing ones to changes
2022-05-16 17:32:00 +02:00
Malte Poll
baa7dbc1ef
Move debugd config to separate file
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-16 15:20:23 +02:00
Nils Hanke
25b0ca2a06
Use filename from input instead of hardcoded name
2022-05-16 15:15:05 +02:00
Malte Poll
3b30291360
QEMU CSP Config: PCRs -> Measurements
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-13 13:36:03 +02:00
Malte Poll
c679526bae
Remove ConstellationPort from config file
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-13 13:36:03 +02:00
Fabian Kammel
83857b142c
AB#2064 Feat/config/dev config to config ( #139 )
...
Renamed dev-config to config, additionally changed cdbg config to yaml.
2022-05-13 11:56:43 +02:00
Fabian Kammel
094a8b7659
Feat/config/generate ( #136 )
...
Implement config command & generate verb to write default configuration to file or stdout.
2022-05-12 15:14:52 +02:00
Fabian Kammel
14103e4f89
Fix/config/measurements in yaml ( #135 )
...
Custom type & marshal implementation for measurements to write base64 instead of single bytes
2022-05-12 10:15:00 +02:00
Fabian Kammel
b8d1cc2b75
converted config file from JSON to YAML. ( #132 )
...
converted config file from JSON to YAML
2022-05-11 13:53:02 +02:00
Malte Poll
748eb0f96b
Create GCP images in "constellation-images" project
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-10 13:58:10 +02:00
cm
c63d7126e7
AB#1943 Extract KMS package ( #56 )
...
* Extract kmsapi from coordinator
* Add kmsapi cmd server
2022-05-10 12:35:17 +02:00
Daniel Weiße
a953df60b6
Rename in config: PCRs->Measurements
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-09 08:24:21 +02:00
Malte Poll
c9226de9ab
Create kubernetes join token on demand
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-06 12:12:44 +02:00
Malte Poll
ddcb4dc95f
Pin kubernetes version deployed by kubeadm init
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-05 09:15:41 +02:00
katexochen
1189078c5a
Replace mutiple args with flags
...
AB#1955
2022-05-04 17:14:03 +02:00
Daniel Weiße
8444d5c515
Add qemu cloudprovider for activation calls
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-04 08:57:43 +02:00
Malte Poll
e13ec3f914
"constellation recover" CLI command
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-04 08:41:32 +02:00
Daniel Weiße
10e9faab10
Remove GCP non CVMs
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-02 16:03:36 +02:00
Malte Poll
3621c7af9a
Bump images
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-28 21:48:38 +02:00
Daniel Weiße
7619e1dee7
Remove kernel panic function
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-28 15:10:55 +02:00
datosh
2a766a3ab5
Feat/conformity test ( #79 )
...
* Added files required to request conformance with kubernetes
* Extended firewall implementation to allow port ranges
* Added default nodeport range to vpc network config
2022-04-26 17:09:03 +02:00
Benedict Schlueter
6265b307af
bump images
...
Signed-off-by: Benedict Schlueter <bs@edgeless.systems>
2022-04-26 15:22:51 +02:00
Leonard Cohnen
daba25c3d4
bump images
2022-04-25 10:30:28 +02:00
katexochen
1a9b33d738
Restructure config and constants
2022-04-21 09:06:35 +02:00
Benedict
d869e10a85
Bump coordinator images to 1649852687
2022-04-13 20:30:57 +02:00
Malte Poll
e10a47f255
file handler: Add "mkdirAll" flag
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-13 13:07:10 +02:00
Daniel Weiße
0e2025b67c
Add state disk volume mounter
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-11 15:41:51 +02:00
Daniel Weiße
4b156be15e
Add kernel panic util function
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-11 15:41:51 +02:00
Malte Poll
daf2280e3f
create state disk on constellation create
2022-04-05 15:08:55 +02:00
Malte Poll
2cd8d580d8
Bump coreos images to 1649063903
2022-04-04 12:51:00 +02:00
Leonard Cohnen
f74d7e22eb
update aws image
2022-04-01 17:18:07 +02:00
katexochen
66fe34ee32
Write WireGuard config file on init
2022-03-31 15:43:25 +02:00
Malte Poll
8d7253ca75
Bump coreos images to 1648560610
2022-03-30 17:14:34 +02:00
Leonard Cohnen
2d8fcd9bf4
monorepo
...
Co-authored-by: Malte Poll <mp@edgeless.systems>
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
Co-authored-by: Benedict Schlueter <bs@edgeless.systems>
Co-authored-by: leongross <leon.gross@rub.de>
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
2022-03-22 16:09:39 +01:00