Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity
4,043 Commits 133 Branches 44 Tags 106 MiB
ccdc87ad74
Commit Graph

4043 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Malte Poll
31f65fb486 openstack: find node CIDR with multiple subnets 2024-02-22 12:43:04 +01:00
Malte Poll
d8185fdafb helm: use patched yawol with support for subnet choice 
Constellation requires a CIDR that only Kubernetes nodes live in.
This is needed for cilium encryption.
To make yawol LBs work, they need to be placed in a different subnet
with their own CIDR.
This patched version supports that.
 2024-02-22 12:43:04 +01:00
Malte Poll
1e987f6a85 terraform: add subnet for OpenStack LBs 2024-02-22 12:43:04 +01:00
Malte Poll
9d164de18b
helm: avoid waiting for non-essential services (#2939) 
In our e2e tests, we see a lot of "etcd-leader changed" errors
while deploying non-essential helm charts.
If this transient error occurs, helm gets into a broken state
where it cannot uninstall cleanly and thus any retry attempts fail.
By not waiting for the installation of helm charts to succeed,
we can avoid making most of the kubernetes API calls while
control-plane nodes are joining.
This makes "constellation apply" faster and more resilient.
 2024-02-22 12:18:55 +01:00
renovate[bot]
5674d9742a
deps: update Constellation containers (#2936) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-22 09:12:18 +01:00
Malte Poll
522f2858c6 proto: update generated protobuf sources 2024-02-21 18:40:16 +01:00
Malte Poll
71c8a27539 deps: replace use of deprecated module azsecrets 
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets -> github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets
 2024-02-21 18:40:16 +01:00
Malte Poll
8541365341 sigstore: replace use of deprecated module go-tuf 2024-02-21 18:40:16 +01:00
Malte Poll
ffdf23e3f2 libvirt: replace use of deprecated types 2024-02-21 18:40:16 +01:00
Malte Poll
6a467e5594 deps: update all Go deps 2024-02-21 18:40:16 +01:00
Malte Poll
65903459a0 chore: fix unused parameter lint in new golangcilint version 2024-02-21 17:54:07 +01:00
Malte Poll
68fc2b0811 deps: update all Bazel toolchains / rule deps 2024-02-21 17:54:07 +01:00
Malte Poll
2300a31276 deps: update all 3rdparty github actions 2024-02-21 17:53:53 +01:00
renovate[bot]
cdd80a4f3f
deps: update dependency containernetworking/plugins to v1.4.0 (#2896) 
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
 2024-02-21 17:42:48 +01:00
miampf
96c5980651
cli: collect debug logs in file (#2906) 2024-02-21 15:39:12 +00:00
Daniel Weiße
7edd6259d1
ci: fix duplicate benchmark artificat name (#2934) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-02-21 15:34:30 +01:00
Markus Rudy
98a1cfa2ca
ci: fetch latest console logs on aws (#2926) 2024-02-21 13:46:25 +01:00
renovate[bot]
abf6b4924a deps: update Python dependencies 2024-02-21 13:32:15 +01:00
Malte Poll
59faa2b692 attestation: add hardcoded OpenStack enterprise measurements 2024-02-21 13:31:32 +01:00
katexochen
70ff097e12 image: update measurements and image version 2024-02-21 08:49:20 +01:00
Malte Poll
38ef546362 deps: update Go to 1.22.0 2024-02-20 18:27:16 +01:00
Markus Rudy
fe85877679
debugd: enable debug logging for systemd units (#2923) 2024-02-20 14:44:14 +01:00
Malte Poll
889677c795 image: update mkosi and use package directory feature 2024-02-20 12:50:13 +01:00
Malte Poll
5ef12895fa bazel: remove deprecated Bazel container 
It doesn't work properly with nix and a nix shell exists for all developers.
 2024-02-20 12:50:13 +01:00
Malte Poll
77ecd8d4ce nix: fix bazel under NixOS 2024-02-20 12:50:13 +01:00
Malte Poll
a4d25646f5 deps: update to bazel 7 2024-02-20 12:50:13 +01:00
Malte Poll
c6e0714a42 deps: update go-git 2024-02-20 10:00:38 +01:00
Malte Poll
980b2f0e87 ci: login to OpenStack provider 2024-02-19 18:16:45 +01:00
Malte Poll
75f16ce87b image: upload OpenStack images to OpenStack 2024-02-19 18:16:45 +01:00
Malte Poll
6f9020d527 cli: use pre-uploaded image on OpenStack 
Before, the terraform infrastructure code would upload an image on the fly.
Now, we upload images in advance and specify the image ID instead.
 2024-02-19 18:16:45 +01:00
renovate[bot]
3b2da12781
deps: update Constellation containers (#2919) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-19 16:14:05 +01:00
Moritz Sanft
ffb1ef9185
ci: fix artifact overwriting in upgrade test (#2913) 2024-02-19 15:12:04 +01:00
renovate[bot]
cdf1282996
deps: update dependency cryptography to v42.0.2 [SECURITY] (#2916) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-19 15:11:19 +01:00
edgelessci
a337e323a5
image: update locked rpms (#2917) 
Co-authored-by: malt3 <malt3@users.noreply.github.com>
 2024-02-18 11:12:28 +01:00
Moritz Sanft
68cfa0addf
ci: update fromVersion to v2.15.1 (#2914) 2024-02-16 13:35:57 +01:00
renovate[bot]
75f1c0b3e1
deps: update registry.k8s.io/autoscaling/cluster-autoscaler Docker tag to v1.27.5 (#2761) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-16 13:26:59 +01:00
edgelessci
bc4d514fb1
image: update measurements and image version (#2912) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-02-16 08:49:16 +01:00
renovate[bot]
7980689e82
deps: update module helm.sh/helm/v3 to v3.14.1 [SECURITY] (#2911) 
* deps: update module helm.sh/helm/v3 to v3.14.1 [SECURITY]

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2024-02-15 18:01:36 +01:00
Markus Rudy
473001be55
vpn: ship our own container image (#2909) 
* vpn: ship our own container image

The container image used in the VPN chart should be reproducible and
stable. We're sticking close to the original nixery.dev version by
building the image with nix ourselves, and then publishing the single
layer from the result with Bazel OCI rules. The resulting image should
be handled similar to s3proxy: it's built as a part of the Constellation
release process and then consumed from a Helm chart in our registry.

Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
 2024-02-15 13:08:27 +01:00
Malte Poll
896f68c26d helm: update edgelesssys cinder-csi-plugin 2024-02-15 12:35:15 +01:00
Malte Poll
92589a80e2 helm: update yawol 2024-02-15 12:35:15 +01:00
Malte Poll
6c8504323f terraform: update OpenStack provider 2024-02-15 12:35:15 +01:00
Daniel Weiße
f9442cecb1
helm: fix log formatting (#2905) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-02-14 08:52:46 +01:00
edgelessci
6829c27178
image: update measurements and image version (#2908) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-02-14 08:25:10 +01:00
Malte Poll
270497ef62
helm: move yawol into a separate release (#2904) 2024-02-12 14:26:22 +01:00
Malte Poll
b5e848a87e terraform: provide required configuration for yawol on OpenStack 2024-02-12 13:13:48 +01:00
Malte Poll
bab27fbc69 openstack: remove unused code 2024-02-12 13:13:48 +01:00
Daniel Weiße
c5b17fb828
ci: prevent duplicate artifact naming in same workflow (#2903) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-02-12 09:56:53 +01:00
edgelessci
d3b3f45534
image: update locked rpms (#2902) 
Co-authored-by: malt3 <malt3@users.noreply.github.com>
 2024-02-11 10:57:51 +01:00
Malte Poll
dba835bdf4
openstack: prepare for normal users (#2899) 
* image: disable serial console autologin on OpenStack
* cli: remove requirement for CONSTELLATION_OPENSTACK_DEV env var
 2024-02-09 14:48:41 +01:00