Moritz Eckert
db942ee4b5
Update references to docs ( #36 )
2022-09-01 09:27:25 +02:00
Otto Bittner
4adc19b7f5
AB#2350: Configurably enforce idkeydigest on Azure
...
* Add join-config entry for "enforceIdKeyDigest" bool
* Add join-config entry for "idkeydigest"
* Initially filled with TPM value from bootstrapper
* Add config entries for idkeydigest and enforceIdKeyDigest
* Extend azure attestation validator to check idkeydigest,
if configured.
* Update unittests
* Add logger to NewValidator for all CSPs
* Add csp to Updateable type
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2022-08-31 15:26:04 +02:00
Malte Poll
c84e44913b
Fork node maintenance operator and deploy it on all supported k8s versions
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-31 14:53:06 +02:00
katexochen
10e5249631
Manual client secrets on azure
2022-08-31 14:10:08 +02:00
katexochen
69abe17c96
Refactor Azure IMDS client and metadata
2022-08-31 14:10:08 +02:00
katexochen
f15605cb45
Manually manage resource group on Azure
2022-08-31 14:10:08 +02:00
Daniel Weiße
ce02878019
AB#2308 / AB#2317 constellation upgrade plan ( #3 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-31 11:59:07 +02:00
Daniel Weiße
b27e205399
Use 4 vCPU instances by default ( #24 )
...
* Use 4 vcpu instances by default
* Remove 2 vcpu instance type option
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-31 10:33:33 +02:00
Fabian Kammel
66d8c8037b
Release/v0.0.1 ( #20 )
...
* bump images to 0.0.1
* add gh cli commands
* varibale with default value should not be required
* update release docs
* build and upload version manifest as part of release
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-30 15:54:35 +02:00
Thomas Tendyck
650ab76fe7
Update measurements.go
2022-08-30 15:50:40 +02:00
Fabian Kammel
778952e07c
AB#2287 support community image IDs ( #9 )
...
* support community image IDs
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-30 15:15:51 +02:00
Fabian Kammel
e0a457b6ff
change default image to new format of public images for next release ( #19 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-30 13:42:22 +02:00
Otto Bittner
2343c91bc7
Update service image versions
2022-08-30 09:42:18 +02:00
Daniel Weiße
7c832273fd
AB#2309 constellation upgrade execute ( #2 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-29 16:49:44 +02:00
Otto Bittner
7c5556864b
AB#2333: Add AMD SNP-based attestation
...
Currently only available on Azure CVMs.
* Get the public attestation key from the TPM.
* Get the snp report from the TPM.
* Get the VCEK and ASK certificate from the metadata api.
* Verify VCEK using hardcoded root key (ARK)
* Verify SNP report using VCEK
* Verify HCLAkPub using SNP report by comparing
AK with runtimeData
* Extend unittest
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2022-08-29 16:29:33 +02:00
Fabian Kammel
22c912a56d
move nodestate and role
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-29 16:07:55 +02:00
Malte Poll
26e9c67a00
Move cloud metadata packages and kubernetes resources marshaling to internal
...
Decouples cloud provider metadata packages from kubernetes related code
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-29 16:07:55 +02:00
Thomas Tendyck
6b8a2a0063
remove image pull secret
2022-08-28 15:57:08 +02:00
Malte Poll
716ba52588
create on Azure: Allow toggling between CVMs / Trusted Launch VMs ( #401 )
2022-08-25 15:24:31 +02:00
Fabian Kammel
45beec15f5
AB#2360 enterprise build tag ( #397 )
...
* enterprise build switch to disable license checking in default (OSS) version
* remove community license quota
* empty image references on OSS build in config
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-25 14:06:29 +02:00
katexochen
35a5d34497
Remove legacy build tags
2022-08-24 14:56:30 +02:00
katexochen
e761c9bf97
Manually manage GCP service accounts
2022-08-24 11:44:05 +02:00
katexochen
d770957975
Add debugd ssh key distribution
2022-08-23 18:11:20 +02:00
katexochen
a02a46e454
Use multiple loadbalancers on GCP
2022-08-23 18:11:20 +02:00
katexochen
c2faa20d6e
Fix naming in state file
2022-08-23 18:11:20 +02:00
Moritz Eckert
94460654e7
Apply feedback for readme ( #389 )
...
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2022-08-23 13:46:06 +02:00
Malte Poll
ec548a6d17
Update image references for v1.5.0
2022-08-19 18:22:55 +02:00
Malte Poll
fdcdd5fb78
Update versions
2022-08-19 18:22:55 +02:00
Paul Meyer
0969ff4ac3
Fix tests and linting ( #370 )
...
* Fix license integration test
* Fix build tags in lint config
* Fix missing error checks
* Fix use of MarkNodeAsInitialized
* Fix attestation tests
* Add license integration test to cmake list
2022-08-17 13:50:43 +02:00
Fabian Kammel
82eb9f4544
AB#2299 License check in CLI during init ( #366 )
...
* license server interaction
* logic to read from license file
* print license information during init
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
2022-08-16 16:06:38 +02:00
Fabian Kammel
170a8bf5e0
AB#2306 Public image sharing in Google ( #358 )
...
* document how to publicly share images in gcloud
* Write disclamer in debugd
* Add disclamer about debug images to contributing file
* Print debug banner on startup
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-16 15:53:54 +02:00
Malte Poll
abb4fb4f0f
Build GCP guest agent from github actions in constellation repo
2022-08-16 08:47:58 +02:00
Daniel Weiße
ba4471a228
AB#2316 Configurable enforced PCRs ( #361 )
...
* Add warnings for non enforced, untrusted PCRs
* Fix global state in Config PCR map
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-12 15:59:45 +02:00
3u13r
9478303f80
deploy cilium via helmchart ( #321 )
2022-08-12 10:20:19 +02:00
Malte Poll
2c7129987a
Deploy operator-lifecycle-manager (OLM), node-maintenance-operator (NMO) and constellation-node-operator
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-11 10:48:50 +02:00
Daniel Weiße
ab536ae3c8
AB#2278 Remove hardcoded values from config ( #346 )
...
* Update file handler to avoid incorrect usage of file.Option
* Remove hardcoded values
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-08 11:04:17 +02:00
Otto Bittner
129caae0e4
AB#2258: Fix flacky retry_test.go
...
Co-authored-by: <mp@edgeless.systems>
Co-authored-by: <pm@edgeless.systems>
2022-08-05 18:58:47 +02:00
Malte Poll
bf5816cc00
linter cleanup ( #344 )
...
* go fmt
* static check
2022-08-05 15:30:23 +02:00
Malte Poll
081dfb5037
Upgrade Azure SDK
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-05 10:35:38 +02:00
Daniel Weiße
4151d365fb
AB#2286 Return only primary IPs for instance metadata operations ( #335 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-04 11:08:20 +02:00
Malte Poll
d3435b06a2
AB#2283 Build CCM GCP from github actions in constellation repo ( #334 )
...
* Build CCM GCP from github actions in constellation repo
* Deploy correct version of GCP CCM
2022-08-03 11:46:11 +02:00
Otto Bittner
a13d1d8bd8
Bump coreos-img version
2022-08-03 08:06:05 +02:00
Otto Bittner
ba9555033d
Bump service-image versions to v1.4.0
2022-08-03 08:06:05 +02:00
Fabian Kammel
985585f578
fix linter issues ( #329 )
...
* fix linter issues
* replace fmt with logger
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2022-08-02 16:25:47 +02:00
Daniel Weiße
aa7fcce8af
Add configurable node disk type ( #317 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-02 12:24:55 +02:00
Fabian Kammel
050e8fdc4a
AB#2159 Feat/cli/fetch measurements ( #301 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-01 09:37:05 +02:00
Daniel Weiße
7baf98f014
Add test vectors for key derivation functions ( #320 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-01 09:11:13 +02:00
Daniel Weiße
e0ae4e1fe6
Bump kms, joinservice, and verification service image to latest ( #319 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-07-29 10:42:23 +02:00
Daniel Weiße
9a3bd38912
Generate random salt for key derivation on init ( #309 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-07-29 09:52:47 +02:00
Otto Bittner
5d87b48769
Bump image version
2022-07-28 09:57:11 +02:00