Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity
1,431 Commits 133 Branches 44 Tags 106 MiB
c978329839
Commit Graph

289 Commits

Author SHA1 Message Date
Leonard Cohnen
c978329839 helm: fix expected helm charts 2022-11-27 16:43:50 +01:00
Nils Hanke
878d66dcda
Remove SSHUsers and UserKey from config v2 (#650) 
* Remove SSHUsers and UserKey as part of configVersion v2

* Add migration nodes to docs

* Update CHANGELOG.md
 2022-11-25 15:27:34 +01:00
renovate[bot]
a3661d6c07
Update Constellation containers to v2.3.0-pre.0.20221125110824-89b25f8ebbd7 (#652) 
* Update Constellation containers to v2.3.0-pre.0.20221125110824-89b25f8ebbd7
* Update node operator and add hashes back for every container image

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
 2022-11-25 15:17:58 +01:00
Nils Hanke
89b25f8ebb
Add new generate measurements matrix CI/CD action (now with AWS support) (#641) 2022-11-25 12:08:24 +01:00
Daniel Weiße
c2ea937fb5
Fix potential data race when accessing a validators OID (#640) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-24 15:50:59 +01:00
renovate[bot]
0b85709dd2 Update Constellation containers to v2.3.0-pre.0.20221124095758-f8001efbc0d0 2022-11-24 13:52:44 +01:00
Daniel Weiße
f8001efbc0
Refactor enforced/expected PCRs (#553) 
* Merge enforced and expected measurements

* Update measurement generation to new format

* Write expected measurements hex encoded by default

* Allow hex or base64 encoded expected measurements

* Allow hex or base64 encoded clusterID

* Allow security upgrades to warnOnly flag

* Upload signed measurements in JSON format

* Fetch measurements either from JSON or YAML

* Use yaml.v3 instead of yaml.v2

* Error on invalid enforced selection

* Add placeholder measurements to config

* Update e2e test to new measurement format

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-24 10:57:58 +01:00
renovate[bot]
8ce954e012
Update Constellation containers to v2.3.0-pre.0.20221123084142-3dc9c6086469 (#636) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-11-24 09:22:49 +01:00
Malte Poll
1331c171c3 Upgrade config to v2 2022-11-23 15:47:46 +01:00
Malte Poll
575b6e93f6 CLI: use global image version field 
- Restructure config by removing CSP-specific image references
- Add global image field
- Download image lookup table on create
- Download QEMU image on QEMU create
 2022-11-23 15:47:46 +01:00
Leonard Cohnen
1e98b686b6 kubernetes: verify Kubernetes components 2022-11-23 10:48:03 +01:00
Otto Bittner
6b2d9d16f8 Remove obsolote revive comments 2022-11-23 08:35:12 +01:00
renovate[bot]
bc346805aa
Update Constellation containers to v2.3.0-pre.0.20221121163101-1362e40f53ad (#615) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-11-22 12:39:50 +01:00
Otto Bittner
1362e40f53
Surpress argument-limit errors and add TODO. (#603) 2022-11-21 17:31:01 +01:00
renovate[bot]
a5aa820d8c
Update Constellation containers (#602) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-11-21 11:23:06 +01:00
Otto Bittner
bdd9dd922b
AB#2589: Deploy operators via Helm (#575) 
* Only deploy operators on GCP/Azure.
* cert-manager is now deployed by default (GCP/Azure)
* remove OLM
 2022-11-21 10:35:40 +01:00
Malte Poll
74aabe86fa Move PCR[8] -> PCR[12] 2022-11-18 10:37:45 +01:00
Fabian Kammel
56dccb77b4
Merge back changes from v2.2.2 release (#580) 
* prepare v2.2.2 release and update release.md
* Updated QEMU measurements
* Terraform GCP: Always use the local account for resource creation (#571)
* CoreOS is no longer used, change docs to OS.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Malte Poll <mp@edgeless.systems>
 2022-11-18 10:24:45 +01:00
Daniel Weiße
b966f57a2f
AB#2554 GCP CSI driver deployment (#532) 
* Allow enabling/disabling of CSI driver through config

* Fix inconsistent namespace parsing

* Deploy GCP CSI driver on init

* Update invalid pod tolerations

* Add generate script for CSI charts

* Update generateCilium script

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-18 10:05:02 +01:00
Nils Hanke
4a2cba988c Create separate Terraform workspace directory 2022-11-17 13:49:34 +01:00
Fabian Kammel
ca4764c466
Merge v2.2.1 changes back to main (#563) 
* Bump version to v2.2.0

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Fix release detection in pipeline

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Update CHANGELOG for 2.2.1

Signed-off-by: Fabian Kammel <fk@edgeless.systems>

* bump constellation versions to 2.2.1

Signed-off-by: Fabian Kammel <fk@edgeless.systems>

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-16 11:13:10 +01:00
Fabian Kammel
bb76a4e4c8
AB#2512 Config secrets via env var & config refactoring (#544) 
* refactor measurements to use consistent types and less byte pushing
* refactor: only rely on a single multierr dependency
* extend config creation with envar support
* document changes
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2022-11-15 15:40:49 +01:00
Leonard Cohnen
c51694a51a kubernetes: add hashes to components 2022-11-15 11:07:46 +01:00
Daniel Weiße
5efe05d933
AB#2525 clean up unused code (#504) 
* Rename Metadata->Cloud

* Remove unused methods, functions, and variables

* More privacy for testing stubs

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-15 10:31:55 +01:00
Daniel Weiße
f41c54e837
AB#2524 Refactor Azure metadata/cloud API (#477) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-15 09:08:18 +01:00
renovate[bot]
df0c6159db Update K8s constrained versions 2022-11-14 09:33:42 +01:00
Daniel Weiße
a07cab4b97
Update go-tpm dependency (#533) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-14 09:02:56 +01:00
Fabian Kammel
b92b3772ca
Remove access manager (#470) 
* remove access manager from code base
* document new node ssh workflow
* keep config backwards compatible
* slow down link checking to prevent http 429
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2022-11-11 08:44:36 +01:00
renovate[bot]
c6f4b2e1a0
Update Constellation containers to v2.3.0-pre.0.20221109145754-0d12e37c9699 (#497) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-11-09 18:17:31 +01:00
Fabian Kammel
0d12e37c96
Document exported funcs,types,interfaces and enable check. (#475) 
* Include EXC0014 and fix issues.
* Include EXC0012 and fix issues.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Otto Bittner <cobittner@posteo.net>
 2022-11-09 15:57:54 +01:00
Daniel Weiße
c9873f2bfb
AB#2523 Refactor GCP metadata/cloud API (#387) 
* Refactor GCP metadata/cloud API

* Remove cloud controller manager from metadata package

* Remove PublicIP

* Move shared cloud packages

* Remove dead code

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-09 14:43:48 +01:00
Leonard Cohnen
3c6d59ce7e aws: don't flag release as debug images 2022-11-09 11:20:58 +01:00
Leonard Cohnen
97acdfa297 config: align pre-filled AWS measurements 2022-11-09 11:20:58 +01:00
Daniel Weiße
011f9c597d
Bring in changes from release branch (#479) 
* Bump version to v2.2.0

* Update changelog

* Fix release detection in pipeline

* Fix PKI selection in pipeline

* Set enforced measurements for AWS

* Update default images

* Fix release docs

* Update mini-con defaults

* Fix measurements action

* Fix syft env variable naming

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-08 18:32:59 +01:00
renovate[bot]
9ecc92e35f
Update dependency kubernetes-sigs/cri-tools to v1.25.0 (#458) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-11-04 17:38:52 +01:00
3u13r
4f4cd4cc67
bump verify image 20221104 (#459) 2022-11-04 13:56:19 +01:00
Leonard Cohnen
6fce8f77d3 join-service: bump image for AWS support 2022-11-03 16:44:54 +01:00
Otto Bittner
f164af29cf
AB#2583: deploy autoscaler via helm (#438) 2022-11-03 16:42:19 +01:00
Otto Bittner
0887bc540f
Fix invalid slice access in validateAk (#437) 2022-11-03 09:57:59 +01:00
Leonard Cohnen
1f9a788c21 aws: name instances for CCM 2022-11-02 23:29:04 +01:00
Leonard Cohnen
3aa0177333 join-service: add AWS attestation 2022-11-02 23:29:04 +01:00
Leonard Cohnen
b69d19c3d6 metadata: clarify networking variables 2022-11-02 23:29:04 +01:00
Leonard Cohnen
0430336fdf metadata: implement GetLoadBalancerEndpoint for AWS 2022-11-02 23:29:04 +01:00
Leonard Cohnen
dd007f4772 metadata: move subnetCIDR to InstanceMetadata 2022-11-02 23:29:04 +01:00
Leonard Cohnen
d59dc82e56 qemu attestation: fix typos 2022-11-02 23:29:04 +01:00
Leonard Cohnen
f199b08068 attestation: make AWS TPM check use the correct region 2022-11-02 23:29:04 +01:00
renovate[bot]
302303f2ea
Update K8s constrained versions (#428) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-11-02 13:28:41 +01:00
Daniel Weiße
55cfff034a
Remove PublicIP from QEMU metadata (#396) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-02 12:56:16 +01:00
Leonard Cohnen
8f8236a491 bump verification service 2022-10-31 17:00:14 +01:00
renovate[bot]
116736a7b9
Update Constellation containers (#402) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-10-31 11:00:36 +01:00