Commit Graph

2324 Commits

Author SHA1 Message Date
Moritz Sanft
f2ce9518a3
cli: support custom attestation policies for maa (#1375)
* create and update maa attestation policy

* use interface to allow unit testing

* fix test csp

* http request for policy patch

* go mod tidy

* remove hyphen

* go mod tidy

* wip: adapt to feedback

* linting fixes

* remove csp from tf call

* fix type assertion

* Add MAA URL to instance tags (#1409)

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* conditionally create maa provider

* only set instance tag when maa is created

* fix azure unit test

* bazel tidy

* remove AzureCVM const

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* encode policy at runtime

* remove policy arg

* fix unit test

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-03-20 13:33:04 +01:00
Nils Hanke
119bf02435 bootstarpper: "Restart Cilium" -> "Restarting Cilium" 2023-03-20 11:35:02 +01:00
Nils Hanke
914eacb4a3
e2e: use macOS for building Linux artifacts and remove caching steps (#1446) 2023-03-20 11:04:44 +01:00
Thomas Tendyck
43fbb06426 cli: remove ctx parameter from rollbackOnError to prevent wrong use 2023-03-20 08:49:46 +01:00
renovate[bot]
4d618a4b99
deps: update fedora:37 Docker digest (#1448)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-17 18:47:36 +01:00
renovate[bot]
82cd6bb692
deps: update ubuntu:20.04 Docker digest to 24a0df4 (#1451)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-17 18:40:03 +01:00
renovate[bot]
79395ddd20
deps: update ubuntu:22.04 Docker digest to 7a57c69 (#1452)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-17 18:31:20 +01:00
renovate[bot]
35526f996b
deps: update gcr.io/distroless/static:nonroot Docker digest to ddde70b (#1450)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-17 18:30:51 +01:00
renovate[bot]
a268a37d81
deps: update gcr.io/distroless/static Docker digest to 1268080 (#1449)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-17 18:30:22 +01:00
renovate[bot]
a6021be714
deps: update K8s dependencies (#1401)
* deps: update K8s dependencies
* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-03-17 15:55:44 +01:00
Malte Poll
3fd9a34025
ci: disable upload of Azure TrustedLaunch image (#1440) 2023-03-17 10:51:44 +01:00
renovate[bot]
540978bc98
deps: update Constellation containers (#1417)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-03-17 07:48:19 +01:00
Paul Meyer
3a04786412 bazel: add actionlint to //:check
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-16 13:02:11 -04:00
Malte Poll
62e2e70699
bazel: use host platform by default (#1434) 2023-03-16 16:13:48 +01:00
Paul Meyer
0fc15b2393 bazel: add shellcheck to //:check
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-16 11:13:14 -04:00
Paul Meyer
e72e544444 codeowners: own bazel ci
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-16 11:13:14 -04:00
renovate[bot]
b03ead589f
deps: update Terraform azuread to v2.36.0 (#1421)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-16 14:30:17 +01:00
renovate[bot]
03d2232321
deps: update Terraform google-beta to v4.57.0 (#1423)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-16 13:45:43 +01:00
renovate[bot]
f8f3f00595
deps: update Terraform azurerm to v3.47.0 (#1422)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-16 13:45:08 +01:00
renovate[bot]
95d6618b9d
deps: update Terraform google to v4.57.0 (#1420)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-16 12:06:53 +01:00
renovate[bot]
0db034db5b
deps: update Terraform aws to v4.58.0 (#1419)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-16 11:43:52 +01:00
Paul Meyer
a0fddd44eb bazel: refactor shell rules into own package
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-16 04:39:45 -04:00
Paul Meyer
e3f37e9a38 bazel: add shfmt to tidy target
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-16 04:39:45 -04:00
Paul Meyer
88c2e14c64 bazel: add gofumpt to tidy target
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-16 04:39:45 -04:00
Paul Meyer
33fbac87fb tools: version tools in tools.go
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-16 04:39:45 -04:00
Nils Hanke
70ca69f6bc e2e: print K8s Pods and Events when kubectl wait fails 2023-03-15 18:36:32 +01:00
Nils Hanke
de86bb025f e2e: Temporarily bump kubectl wait timeout from 10 mins to 20 mins 2023-03-15 18:36:32 +01:00
Nils Hanke
c1112addff bootstrapper: calculate duration for all Helm charts 2023-03-15 18:36:32 +01:00
Nils Hanke
4bf2498793 bootstrapper: use zap.Duration to log durations 2023-03-15 18:36:32 +01:00
Nils Hanke
13b15368d7 bootstrapper: more logging 2023-03-15 18:36:32 +01:00
Nils Hanke
764846a32d bootstrapper: bump Helm timeout to 10 minutes 2023-03-15 18:36:32 +01:00
Nils Hanke
97d95bd48c bootstrapper: move fixing & waiting for Cilium to earlier stage 2023-03-15 18:36:32 +01:00
Malte Poll
122b5ff0a0
deps: upgrade rules_oci to v0.3.3 (#1402)
Release: https://github.com/bazel-contrib/rules_oci/releases/tag/v0.3.3
2023-03-15 13:10:05 +01:00
Moritz Eckert
16f2f9bb64
docs: simplify readme svg (#1418) 2023-03-15 12:11:54 +01:00
Paul Meyer
d16f01d810 docs: pin base image of screencast container
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-14 13:08:19 -04:00
Nils Hanke
c7e7fba4c6 bootstrapper: create /etc/kubernetes/manifests for all nodes 2023-03-14 15:59:05 +01:00
Nils Hanke
6bb6f1c288 ci: remove Go setup where Bazel is used for building 2023-03-14 15:28:36 +01:00
3u13r
fe767ba78e
introduce version.txt (#1412) 2023-03-14 14:53:33 +01:00
Malte Poll
bdff0d1d08
bazel: format devbuild files (#1428) 2023-03-14 14:37:58 +01:00
Malte Poll
a73cdb9b14
bazel: command to prepare development workspace (#1425)
This command symlinks all binaries into the current working directory (or the path specified by the first argument)

* bazel: command to prepare development workspace
* bazel: set malt3 as codeowner
2023-03-14 13:57:39 +01:00
Malte Poll
e4b5ef0ed4
bazel: remove java toolchain (#1427)
I thought we needed this since we saw issues on nixOS where we couldn't find a jdk.
It turns out this is not actually required.
2023-03-14 13:55:33 +01:00
Daniel Weiße
6ea5588bdc
config: add attestation variant (#1413)
* Add attestation type to config (optional for now)

* Get attestation variant from config in CLI

* Set attestation variant for Constellation services in helm deployments

* Remove AzureCVM variable from helm deployments

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-14 11:46:27 +01:00
Paul Meyer
8679988b6c fixup! bazel: add tidy and check
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-14 03:43:51 -04:00
Paul Meyer
02c97fac03 bazel: add tidy and check
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-14 03:43:51 -04:00
Paul Meyer
9b3af5af76 bazel: move toolchains into bazel folder
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-14 03:43:51 -04:00
Thomas Tendyck
1a4c1f34bc
docs: refer to known issues (#1414)
* docs: refer to known issues

* publish
2023-03-14 08:27:06 +01:00
renovate[bot]
fb83c1dbc4
deps: update Constellation containers to v2.7.0-pre.0.20230313143044-114ac53872c6 (#1333)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-13 18:49:59 +01:00
Nils Hanke
05e39d98c8 debugd: update Filebeat Dockerfile to 8.6.2 2023-03-13 18:39:33 +01:00
Nils Hanke
1d9d8af92a debugd: update Logstash Dockerfile to 8.6.1 2023-03-13 18:39:33 +01:00
Nils Hanke
2335d429a9 debugd: Enable ordered logs in Logstash 2023-03-13 18:39:33 +01:00