Daniel Weiße
dd2da25ebe
attestation: tdx issuer/validator ( #1265 )
...
* Add TDX validator
* Add TDX issuer
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-17 11:37:26 +02:00
Malte Poll
d104af6e51
image: support intel TDX direct linux boot under TDX OVMF
2023-05-17 11:37:26 +02:00
Malte Poll
79986a2b25
cli: implement qemu direct linux boot
2023-05-17 11:37:26 +02:00
renovate[bot]
fdcb74e171
deps: update Terraform aws to v4.67.0 ( #1775 )
...
* deps: update Terraform aws to v4.67.0
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-16 17:39:55 +02:00
renovate[bot]
6c1f7a4758
deps: update Terraform azuread to v2.39.0 ( #1776 )
...
* deps: update Terraform azuread to v2.39.0
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-16 17:15:57 +02:00
renovate[bot]
f9b4f1765d
deps: update Terraform azurerm to v3.56.0 ( #1777 )
...
* deps: update Terraform azurerm to v3.56.0
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-16 17:15:25 +02:00
renovate[bot]
fd3c93660e
deps: update Terraform google to v4.65.1 ( #1778 )
...
* deps: update Terraform google to v4.65.1
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-16 16:07:21 +02:00
renovate[bot]
0ce01cbad3
deps: update Terraform random to v3.5.1 ( #1779 )
...
* deps: update Terraform random to v3.5.1
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-16 16:01:47 +02:00
renovate[bot]
780fa9a238
deps: update Terraform google-beta to v4.64.0 ( #1767 )
...
* deps: update Terraform google-beta to v4.64.0
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-16 15:26:26 +02:00
renovate[bot]
87bf36d757
deps: update Terraform google to v4.64.0 ( #1766 )
...
* deps: update Terraform google to v4.64.0
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-16 15:11:59 +02:00
3u13r
4024b9cf71
ci: fix minicon e2e test ( #1763 )
...
* ci: push containers during minicon e2e
* cli: set testing nvram for pre images in minicon
2023-05-12 17:14:32 +02:00
renovate[bot]
81f79d943a
deps: update Terraform azurerm to v3.55.0 ( #1668 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-05-08 13:43:18 +02:00
Malte Poll
6694eabebd
cli: allow any well formatted zone in iam create
2023-05-05 12:06:44 +02:00
Malte Poll
653bf3621d
image: replicate AWS images to eu-west-1 and eu-west-3
2023-05-05 12:06:44 +02:00
Malte Poll
56635c3993
cli: deploy yawol as OpenStack loadbalancer
2023-05-03 21:45:59 +02:00
Malte Poll
0ebe6e669d
cli: add yawol helm charts
2023-05-03 21:45:59 +02:00
Otto Bittner
d5fa614df1
cli: remove ambiguity in path for CR backups ( #1719 )
...
During upgrade all custom resources are backed up to files on the
local file system. Since old versions are also backed up, we need to
reflect the version in the name.
2023-05-03 14:36:57 +02:00
Daniel Weiße
d7a2ddd939
config: add separate option for handling attestation parameters ( #1623 )
...
* Add attestation options to config
* Add join-config migration path for clusters with old measurement format
* Always create MAA provider for Azure SNP clusters
* Remove confidential VM option from provider in favor of attestation options
* cli: add config migrate command to handle config migration (#1678 )
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-03 11:11:53 +02:00
Otto Bittner
3770cada91
cli: create namespaced folders for upgrade backups
...
Resource names are only unique per kind+ns. Without this patch it
might happen that there are two resources with the same name
in different namespaces. Upgrade might fail in that case.
2023-05-02 11:08:40 +02:00
Otto Bittner
4a0d531821
upgrade: fix 2.6 -> 2.7 migration for 2.7.1 patch
...
Also correctly set microservice version from config.
Previously the key was ignored and microservices were always
tried for an upgrade.
2023-04-28 15:48:12 +02:00
3u13r
074844d0cb
terraform: fix aws worker node permission ( #1683 )
2023-04-27 11:52:32 +02:00
3u13r
1bdf410b52
bazel: allow custom container_prefix ( #1693 )
...
* build: allow custom container registry
* build: fix .bazeloverwriterc import
2023-04-27 11:52:02 +02:00
Malte Poll
c11a3f4460
cli: configurable state disk type on OpenStack ( #1686 )
2023-04-27 09:08:43 +02:00
Malte Poll
ded8abeacc
ci: limit prefix length of AWS IAM resources ( #1674 )
2023-04-25 13:29:07 +02:00
Daniel Weiße
1ebc553365
kubernetes: update CSI driver versions to v1.2.0 ( #1657 )
...
* Update CSI charts
* Update CSI tests
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-04-21 11:03:35 +02:00
Moritz Sanft
3031d395a9
cli: force-delete Azure resource group ( #1667 )
...
* force-delete Azure resource group
* were not -> weren't
* fix typo
2023-04-19 08:30:11 +02:00
Malte Poll
5145f806ea
bazel: remove apko and Dockerfile where Bazel is used to build container images
2023-04-18 15:35:15 +02:00
Malte Poll
9dfad32e33
cli: use Bazel container images
2023-04-18 15:35:15 +02:00
Malte Poll
1f81763a27
cli: convert libvirt container image to Bazel
2023-04-18 15:35:15 +02:00
3u13r
14d26e1af4
terraform: use nat gateway on azure ( #1655 )
...
* terraform: use nat gateway on azure
* docs: add new azure permission
2023-04-17 11:00:35 +02:00
Moritz Sanft
1d0ee796e8
cli: add Terraform log support ( #1620 )
...
* add Terraform logging
* add TF logging to CLI
* fix path
* only create file if logging is enabled
* update bazel files
* register persistent flags manually
* clidocgen
* move logging code to separate file
* reword yes flag parsing error
* update bazel buildfile
* factor out log level setting
2023-04-14 14:15:07 +02:00
Otto Bittner
d2967fff6b
cli: fix misleading error while applying kubernetes-only upgrade ( #1630 )
...
* The check would previously fail if e.g. `apply` did not upgrade the
image, but a new image was specified in the config. This could
happen if the specified image was too new, but a valid Kuberentes
upgrade was specified.
* ci: fix variable expansion in e2e-upgrade call
* e2e: do not verify measurement signature
2023-04-13 15:58:37 +02:00
Daniel Weiße
ec01c57661
internal: use config to create attestation validators ( #1561 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-04-06 17:00:56 +02:00
renovate[bot]
d95a764b65
deps: update golangci/golangci-lint to v1.52.2 ( #1598 )
...
* deps: update golangci/golangci-lint to v1.52.2
* deps: tidy all modules
* fix linting issues
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2023-04-05 18:40:35 +02:00
Malte Poll
69de06dd1f
image: OpenStack vTPM ( #1616 )
...
* cli: allow vpc traffic between nodes on OpenStack
* image: enable vTPM on OpenStack
* cli: add create tests for OpenStack
2023-04-05 16:49:03 +02:00
Moritz Sanft
e71c33c88d
cli: print attestation document with constellation verify ( #1577 )
...
* wip: verification output
* wip: Azure cert parsing
* wip: print actual PCRs
* wip: use string builder for output formatting
* compare PCR expected with actual
* tests
* change naming
* update cli reference
* update bazel buildfile
* bazel update
* change loop signature
2023-04-03 15:06:27 +02:00
Malte Poll
d15968bed7
bootstrapper: make Azure auth method configurable on cluster init ( #1346 )
...
* bootstrapper: make Azure auth method configurable on cluster init
* azure: convert uami resource ID to clientID
Co-authored-by: 3u13r <lc@edgeless.systems>
2023-04-03 15:01:25 +02:00
Moritz Sanft
46f5b1734e
cli: show available cli upgrades on upgrade check command ( #1394 )
...
* cli: upgrade check show cli upgrades
* only check compatibility for valid upgrades
* use semver.Sort
* extend unit tests
* add unit test for new compatible cli versions
* adapt to feedback
* fix rebase
* rework output
* minor -> major
Co-authored-by: Otto Bittner <cobittner@posteo.net>
* minor -> major
Co-authored-by: Otto Bittner <cobittner@posteo.net>
* dynamic major version
Co-authored-by: Otto Bittner <cobittner@posteo.net>
* remove currentK8sVer argument
* bazel gen & tidy
* bazel update
---------
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-04-03 14:31:17 +02:00
Paul Meyer
176d32599f
terraform: add missing permission to AWS iam
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-03 07:23:00 -04:00
Paul Meyer
63b07ede8a
terraform: sort permissions
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-03 07:23:00 -04:00
Otto Bittner
7c8215e507
cli: add kubernetes pkg to interface with cluster
...
Previously the content of files status and upgrade within the
cloudcmd pkg did not fit cloudcmd's pkg description.
This patch introduces a separate pkg to fix that.
2023-04-03 12:03:41 +02:00
Otto Bittner
c8c2953d7b
cli: add status cmd
...
The new command allows checking the status of an upgrade
and which versions are installed.
Also remove the unused restclient.
And make GetConstellationVersion a function.
2023-04-03 12:03:41 +02:00
Daniel Weiße
62c165750f
config: remove deprecated upgradeConfig and require name and microserviceVersion fields ( #1541 )
...
* Remove deprecated fields
* Remove warning for not setting attestationVariant
* Dont write attestationVariant to config
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-31 19:19:10 +02:00
Paul Meyer
b8d6b110b1
cli: add missing -y short flag to iam create ( #1572 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-31 17:26:14 +02:00
Paul Meyer
66ee24b5b2
cli: remove duplicated print ( #1568 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-31 14:43:39 +02:00
Paul Meyer
909bfb9274
bazel: add go generate to //:generate target
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 12:51:40 -04:00
Daniel Weiße
fc0efb6309
config: deprecate confidentialVM option for Azure clusters in favor of using attestationVariant option ( #1539 )
...
* Remove confidentialVM option from azure provider config
* Fix cloudcmd creator test
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-29 14:04:37 +02:00
Daniel Weiße
b57413cfa7
cli: set cluster's initial measurements from user's config using Helm ( #1540 )
...
* Remove using measurements from the initial control-plane node for the cluster's initial measurements
* Add using measurements from the user's config for the cluster's initial measurements to align behavior with upgrade command
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-29 11:16:56 +02:00
Daniel Weiße
99b12e4035
internal: refactor oid package to variant package ( #1538 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-29 09:30:13 +02:00
Daniel Weiße
db5660e3d6
attestation: add context to Issue and Validate methods ( #1532 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-29 09:06:10 +02:00