Commit Graph

94 Commits

Author SHA1 Message Date
Fabian Kammel
0d12e37c96
Document exported funcs,types,interfaces and enable check. (#475)
* Include EXC0014 and fix issues.
* Include EXC0012 and fix issues.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2022-11-09 15:57:54 +01:00
Malte Poll
97bb0f4a91
Update terraform lock files to include hashes for all platforms (#499)
- linux_arm64
- linux_amd64
- darwin_arm64
- darwin_amd64
- windows_amd64
2022-11-09 14:23:51 +01:00
renovate[bot]
9191f8ac61
Update Terraform docker to v2.23.0 (#495)
* Update Terraform docker to v2.23.0
* Readd removed terraform lock hashes

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-11-09 13:35:17 +01:00
renovate[bot]
0e34d35404
Update Terraform google to v4.43.0 (#484)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-09 10:30:02 +01:00
renovate[bot]
b8acb5e448
Update Terraform aws to v4.38.0 (#464)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-08 18:34:45 +01:00
Nils Hanke
ee55584b90 AWS: Apply security group to worker nodes 2022-11-08 11:22:06 +01:00
Malte Poll
41668d50c2 Add recovery loadbalancer on AWS 2022-11-08 00:07:04 +01:00
Nils Hanke
759c626e0f AWS: Don't expose SSH debugging ports on the LB 2022-11-07 13:57:22 +01:00
Malte Poll
fa6dfdff4f
Mark externally managed terraform resources to make infrastructure terraform appliable throughout its lifetime (#442)
* Mark externally managed terraform resources to make infrastructure terraform appliable throughout its lifetime
* Use correct field for nat gateway

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-07 11:04:10 +01:00
renovate[bot]
b89fae8062
Update Terraform azurerm to v3.30.0 (#452)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-04 12:34:03 +01:00
renovate[bot]
f71073a77f
Update Terraform google to v4.42.1 (#434)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-04 10:14:13 +01:00
Leonard Cohnen
0d0191ba4d aws: make CCM work 2022-11-02 23:29:04 +01:00
Leonard Cohnen
be2b38f2ac terraform: use HTTPS health check for AWS 2022-11-02 23:29:04 +01:00
Leonard Cohnen
7e385c4c86 terraform: use AWS launch templates 2022-11-02 23:29:04 +01:00
Leonard Cohnen
741684843c terraform: fix azure password constraints 2022-11-02 09:57:54 +01:00
renovate[bot]
c9e6b4c5b6
Update Terraform azurerm to v3.29.1 (#405)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-31 10:45:56 +01:00
Daniel Weiße
e66cb84d6e
AB#2532 Dont clean up workspace if rollback fails (#360)
* Dont clean up workspace if rollback fails

* Remove dependency on CSP from terminate

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-26 15:57:00 +02:00
Malte Poll
2d121d9243
Replace interface{} -> any (#370) 2022-10-25 15:51:23 +02:00
Malte Poll
52f140a968
Pin terraform provider hashes (#361) 2022-10-25 10:10:46 +02:00
Daniel Weiße
b35b74b772
Use tags for UID and role parsing (#242)
* Apply tags to all applicable GCP resources

* Move GCP UID and role from VM metadata to labels

* Adjust Azure tags to be in line with GCP and AWS

* Dont rely on resource name to find resources

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-24 16:58:21 +02:00
Nils Hanke
04c4cff9f6
AB#2436: Initial support for create/terminate AWS NitroTPM instances
* Add .DS_Store to .gitignore

* Add AWS to config / supported instance types

* Move AWS terraform skeleton to cli/internal/terraform

* Move currently unused IAM to hack/terraform/aws

* Print supported AWS instance types when AWS dev flag is set

* Block everything aTLS related (e.g. init, verify) until AWS attestation is available

* Create/Terminate AWS dev cluster when dev flag is set

* Restrict Nitro instances to NitroTPM supported specifically

* Pin zone for subnets

This is not great for HA, but for now we need to avoid the two subnets
ending up in different zones, causing the load balancer to not be able
to connect to the targets.

Should be replaced later with a better implementation that just uses
multiple subnets within the same region dynamically
based on # of nodes or similar.

* Add AWS/GCP to Terraform TestLoader unit test

* Add uid tag and create log group

Co-authored-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-10-21 12:24:18 +02:00
Malte Poll
f3d78a573f Disable Azure VM agent and report VM as ready 2022-10-21 11:04:25 +02:00
Malte Poll
ed9acef9d4 Upgrade terraform azure provider to 3.28.0 2022-10-21 11:04:25 +02:00
Malte Poll
743f5fa627 Remove all traces of CoreOS from the codebase 2022-10-21 11:04:25 +02:00
Malte Poll
34367ea3cc Create mkosi image build pipeline 2022-10-21 11:04:25 +02:00
renovate[bot]
9af0640aad
Update Terraform azurerm to v3.27.0 (#301)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-18 11:54:29 +02:00
Paul Meyer
01df06e142
Use HTTPS for kube lb health check on Azure (#305)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-18 11:46:22 +02:00
renovate[bot]
c85dc674ba
Update Terraform libvirt to v0.7.0 (#304)
* Update Terraform libvirt to v0.7.0

* Use disk block

* Remove nulled disk options

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-18 11:24:43 +02:00
renovate[bot]
0c0a83550d
Update Terraform google to v4.41.0 (#302)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-18 08:30:24 +02:00
Malte Poll
0c65e41dae Use worker count to create workers on azure (instead of control plane count) 2022-10-14 14:44:08 +02:00
renovate[bot]
b8d8562a6f Update Terraform random to v3.4.3 2022-10-14 09:13:35 +02:00
Paul Meyer
282117666e
Fix Azure Terraform for non-CVMs (#251) 2022-10-13 16:35:55 +02:00
katexochen
1556e239ca Remove state file 2022-10-13 15:29:29 +02:00
katexochen
f4af9c56f5 Use Terraform for create Azure 2022-10-13 15:29:29 +02:00
katexochen
98a16b2b47 Create Terraform module for Azure
Co-authored-by: Benedict Schlueter <bs@edgeless.systems>
2022-10-13 15:29:29 +02:00
katexochen
a4a61e98ee Fix Terraform validation errors 2022-10-13 14:54:19 +02:00
Daniel Weiße
0edae36e43
AB#2426 Mini Constellation (#198)
* Mini Constellation commands to quickly deploy a local Constellation cluster

* Download libvirt container image if not present locally

* Fix libvirt KVM permission issues by creating kvm group using host GID inside container

* Remove QEMU specific values from state file

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Nils Hanke <nils.hanke@outlook.com>
2022-10-07 09:38:43 +02:00
Leonard Cohnen
92618d5284 align load balancer timeout 2022-10-07 03:38:05 +02:00
Daniel Weiße
2ea695896f
AB#2439 Containerized libvirt (#191)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-05 09:11:30 +02:00
katexochen
f69db6f26e Enable serial port in debug mode 2022-09-30 16:50:52 +02:00
katexochen
9a96f2ffe1 No public IPs for GCP instances 2022-09-30 16:50:52 +02:00
katexochen
ccbc3d9123 Remove exposure of qemu ip_range_start value 2022-09-30 16:50:52 +02:00
katexochen
d973740b03 Use Terraform for create on GCP 2022-09-30 16:50:52 +02:00
Daniel Weiße
804c173d52
Use terraform in CLI to create QEMU cluster (#172)
* Use terraform in CLI to create QEMU cluster

* Dont allow qemu creation on os/arch other than linux/amd64

* Allow usage of --name flag for QEMU resources

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-09-26 15:52:31 +02:00