Commit Graph

2195 Commits

Author SHA1 Message Date
Otto Bittner
6f9d76dd6e compatibility: allow newer patch versions for images
Validation incorrectly prevented newer patch versions for images.
2023-02-15 13:36:16 +01:00
Otto Bittner
2a0b56f7b8 config: improve error message for outdated CLIs 2023-02-15 13:36:16 +01:00
renovate[bot]
e600795239
deps: update gcr.io/distroless/static Docker digest to 0511233 (#1193)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-02-15 13:34:27 +01:00
edgelessci
d60eb63671
deps: update apk package hashes (#1181)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-02-15 13:29:41 +01:00
renovate[bot]
1732795345
deps: update fedora:37 Docker digest (#1192)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-02-15 13:28:53 +01:00
renovate[bot]
a7b3a9876b
deps: update Constellation containers to v2.6.0-pre.0.20230215104228-2042e6b3382f (#1185)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-02-15 13:13:54 +01:00
Otto Bittner
2042e6b338 config: only print upgrade deprecation msg if key is set 2023-02-15 11:42:28 +01:00
Otto Bittner
7454b69f13 cli: helm: prepare values for upgrade correctly
Previously the chart's values were not set, relying on the
values that are already present in the cluster and reusing
those. This does not work as e.g. the image values
are only set while loading the charts. Also, the templates
are not rendered correctly without all values set.
2023-02-15 11:41:54 +01:00
Otto Bittner
4855b20093 cli: helm: move csp into ChartLoader object 2023-02-15 11:41:54 +01:00
Otto Bittner
1728633646 cli: helm: separate user input from static loading
Because values in the charts might change in the future and
some values (like the image) are part of a valid upgrade we
need to load all values for an upgrade.
However, during upgrades we don't want to reapply user
input like the masterSecret. Therefore this patch splits the
application of user input and the static loading of chart values.
2023-02-15 11:41:54 +01:00
Otto Bittner
69a384d978 compatibility: error message wording
The new description represents the error condition more accurately.
2023-02-15 11:41:54 +01:00
Otto Bittner
03de71fdd2 ci: do not overwrite warnOnly measurements flag
The image-api's measurement.json includes a setting for warnOnly
that should be followed by default. Enforcing all measurments is
currently not possible as some of them are unstable.
2023-02-15 10:35:30 +01:00
Otto Bittner
f97d351ad2 ci: add force flag to remaining constellation cmds
In the CI most configs use prerelease images. Config validation
prevents this. Therefore we need to use the force flag for now.
2023-02-15 10:35:30 +01:00
renovate[bot]
449d0e5b7a
deps: update golang Docker tag to v1.20.1 (#1190)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-02-15 10:14:38 +01:00
Malte Poll
77216f7492
deps: vendor node-maintenance-operator api (#1172)
* deps: go generate script to vendor node-maintenance-operator api folder

* deps: vendor node-maintenance-operator api folder

* operators: use vendored node-maintenance-operator api

* ci: ignore 3rdparty dir for license check
2023-02-14 18:46:48 +01:00
renovate[bot]
241d667758
deps: update K8s constrained Azure versions (#1129)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-02-14 15:18:55 +01:00
Paul Meyer
c7465eaf81 apko: remove unused libcrypt base image
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-14 09:16:59 -05:00
Paul Meyer
2456a5d29a ko: update base image
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-14 09:16:59 -05:00
Otto Bittner
1c977b3105
cli: add missing logger to versionCollector object (#1183)
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2023-02-14 14:46:30 +01:00
renovate[bot]
b8112f3dc2
deps: update module golang.org/x/tools to v0.6.0 (#1180)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-02-14 14:33:53 +01:00
Paul Meyer
84a787b538
cli: add name of build type to version cmd output (#1179)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-14 14:30:10 +01:00
Paul Meyer
34142cbf05 renovate: group hashicorp/go-kms-wrapping upgrades
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-13 12:38:49 -05:00
Paul Meyer
b46e2b1681 ci: better naming for spelling check workflow
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-13 11:42:12 -05:00
edgelessci
86ab0bcfe2
deps: update apk package hashes (#1169)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-02-13 17:26:59 +01:00
Thomas Tendyck
5a142748bc ci: update vale action 2023-02-13 16:43:56 +01:00
Otto Bittner
8a72df89ad
cli: fix init with k8s version without v prefix (#1174) 2023-02-13 11:54:38 +01:00
Otto Bittner
aa422bb648
operators: move api into a dedicated submodule (#1164)
This allows external modules to import the API types more cleanly.
2023-02-13 11:52:36 +01:00
Otto Bittner
74c569cba0 ci: fix yq command for new k8s version format
The string "1.25" does not need quotes to work in the replace.
"1.25.6" or "v1.25.6", however, do.
2023-02-13 10:19:59 +01:00
Moritz Sanft
7410cf8038
cli: fix iam rollback (#1148)
* AB#2897 rename DestroyCluster

* #AB2897 error if terraform dir exists

* AB#2897 reword DestroyResources
2023-02-13 08:42:54 +01:00
thomasten
94245416ca docs: update cli reference 2023-02-13 08:39:40 +01:00
Thomas Tendyck
a076587956 cli: adapt "upgrade check" reference to conventions 2023-02-13 08:34:34 +01:00
renovate[bot]
77bd537fb4
deps: update module golang.org/x/mod to v0.8.0 (#1167)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-10 18:33:18 +01:00
renovate[bot]
acf0e27b49
deps: update module golang.org/x/crypto to v0.6.0 (#1166)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-10 18:12:20 +01:00
Fabian Kammel
50522cb73c
expand variables (#1161)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-02-10 17:57:26 +01:00
Paul Meyer
278031b066 ci: fix workdir of apko base image build
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-10 11:24:17 -05:00
renovate[bot]
f60f967bd8
deps: update Constellation containers to v2.6.0-pre.0.20230210122722-c29107f5be7b (#1126)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-10 16:06:46 +01:00
stdoutput
e46f4280e7 update default k8s version in manual e2e test 2023-02-10 15:13:34 +01:00
Otto Bittner
a7ea85c738 ci: update k8s versions in e2e tests
The accepted format has been changed for upgrade support.
2023-02-10 15:13:34 +01:00
Daniel Weiße
90ce320bf5
cli: add option to automatically merge kubeconfig file on init (#1136)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-02-10 14:59:44 +01:00
Otto Bittner
091f6fd13a bootstrapper: fix loglevel in helm install retry
One needs to set a different log verbosity to see logs logged with
Debugf.
2023-02-10 13:49:41 +01:00
Daniel Weiße
c29107f5be
init: create kubeconfig file with unique user/cluster name (#1133)
* Generate kubeconfig with unique name

* Move create name flag to config

* Add name validation to config

* Move name flag in e2e tests to config generation

* Remove name flag from create

* Update ascii cinema flow

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-02-10 13:27:22 +01:00
Otto Bittner
fd860ddb91
config: fix incorrect kubernetes version validation (#1155)
Fix incorrect string comparison by replacing it with
call to semver.Compare.
Also add handling to check for missing v prefix.
2023-02-09 17:38:02 +01:00
Fabian Kammel
4c5ab7c5e9
ci: refactor image measurement generation (#1152)
* Merge measurements.image.json and measurements.json into latter.
* Use static (known) measurement values for the ones we cannot precompute.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-02-09 13:33:17 +01:00
Moritz Sanft
e01ddc08c2
cli: add debug logging to iam create command (#1127)
* AB#2787 add debug logging to iam create command

* AB#2787 add test logger

* AB#2787 reword log

* separate debug output with empty line

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

---------

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2023-02-09 10:37:22 +01:00
Otto Bittner
8b7979c500
bootstrapper: retry helm chart installation (#1151)
Motivation for this change are intermittent
timeout errors while installing cert-manager.

Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-09 09:05:43 +01:00
Otto Bittner
c275464634 cli: change upgrade-plan to upgrade-check
Upgrade check is used to find updates for the current cluster.
Optionally the found upgrades can be persisted to the config
for consumption by the upgrade-execute cmd.
The old `upgrade execute` in this commit does not work with
the new `upgrade plan`.
The current versions are read from the cluster.
Supported versions are read from the cli and the versionsapi.
Adds a new config field MicroserviceVersion that will be used
by `upgrade execute` to update the service versions.
The field is optional until 2.7
A deprecation warning for the upgrade key is printed during
config validation.
Kubernetes versions now specify the patch version to make it
explicit for users if an upgrade changes the k8s version.
2023-02-08 12:30:01 +01:00
Otto Bittner
f204c24174 cli: add version validation and force flag
Version validation checks that the configured versions
are not more than one minor version below the CLI's version.
The validation can be disabled using --force.
This is necessary for now during development as the CLI
does not have a prerelease version, as our images do.
2023-02-08 12:30:01 +01:00
Daniel Weiße
3a7b829107
internal: use go-kms-wrapping for KMS backends (#1012)
* Replace external KMS backend logic for AWS, Azure, and GCP with go-kms-wrapping

* Move kms client setup config into its own package for easier parsing

* Update kms integration flag naming

* Error if nil storage is passed to external KMS

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-02-08 12:03:54 +01:00
Daniel Weiße
68ce23b909
Enable cryptsetup read/write workqueue bypass (#1150)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-02-08 12:01:14 +01:00
edgelessci
821f87b7be
deps: update apk package hashes (#1153)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-02-08 05:03:02 -05:00