Malte Poll
9d6321faa3
uplosi: use separate galleries for Azure TDX and TDX
2024-01-16 17:34:44 +01:00
Malte Poll
52dec77508
nix: update uplosi to support Azure TDX
2024-01-16 17:34:44 +01:00
Malte Poll
336ba6bc34
attestation: add Azure TDX variant
...
Only a stub for now.
2024-01-16 17:34:44 +01:00
Malte Poll
5063b815f1
config: allow Azure TDX instance types
2024-01-16 17:34:44 +01:00
Malte Poll
403acf75aa
image: add mainline kernel and azure tdx image target
2024-01-16 17:34:44 +01:00
Markus Rudy
e29ea77d23
helm: bump Cilium chart version ( #2822 )
...
* helm: bump Cilium chart version
* helm: generate Cilium chart
2024-01-16 14:49:24 +01:00
Markus Rudy
16c63d57cd
dev-docs: Helm chart for full L3 VPN connectivity ( #2620 )
...
* dev-docs: add 'things to try' section to VPN howto
* dev-docs: full L3 connectivity in VPN chart
2024-01-16 13:59:33 +01:00
Malte Poll
9181705299
ci: use sonobuoy 0.57.1 ( #2821 )
2024-01-16 13:19:46 +01:00
Markus Rudy
2d3996d5b3
ci: don't check Wireguard weblinks ( #2823 )
2024-01-15 15:45:45 +01:00
Moritz Sanft
bf02680477
ci: mirror GCP images to MPI project on release ( #2820 )
2024-01-15 13:58:30 +01:00
Malte Poll
9a27e7bf77
image: only archive release images + QEMU / OpenStack image
2024-01-15 13:53:15 +01:00
Malte Poll
8a74893461
ci: build and upload OS image in single job
2024-01-15 13:53:15 +01:00
Malte Poll
5ec03c5b9d
image: add upload rules for images
2024-01-15 13:53:15 +01:00
Malte Poll
f237ae8ae2
bazel: add upload_os_images rule
...
This rule combines uplosi, the upload command, measurement code and cosign
to upload OS images, extract measurements, sign them and upload the measurements.
2024-01-15 13:53:15 +01:00
Malte Poll
b7bab7c3c8
image: replace "upload {aws|azure|gcp}" with uplosi
2024-01-15 13:53:15 +01:00
Malte Poll
fb392c2d50
image: add image uploader that uses uplosi in the background
...
This implementation will replace the custom Go code in
internal/osimage/{aws|azure|gcp} and still conforms to the same interface.
2024-01-15 13:53:15 +01:00
Malte Poll
181b8f64d2
image: add static (per-CSP) measurements during "measurement envelope"
...
This logic was previously performed in a GitHub Actions workflow
using yq.
Since every step should now be performed in Bazel, this now needs to happen here.
2024-01-15 13:53:15 +01:00
Malte Poll
f7b22f3705
bazel: add tool dependencies for image upload
2024-01-15 13:53:15 +01:00
Markus Rudy
711dff37a4
ci: fetch OpenSearch password from e2e test project ( #2818 )
2024-01-15 13:25:15 +01:00
edgelessci
84a90bb5bd
image: update locked rpms ( #2819 )
...
Co-authored-by: malt3 <malt3@users.noreply.github.com>
2024-01-15 10:46:50 +01:00
Adrian Stobbe
60a0a6020e
ci: add upgrade to provider example test ( #2775 )
2024-01-13 13:13:10 +01:00
edgelessci
2fea43a320
image: update measurements and image version ( #2817 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2024-01-12 08:20:15 +01:00
Markus Rudy
bdca822d8a
ci: remove derpsteb from e2e assignee list ( #2816 )
2024-01-12 08:09:38 +01:00
3u13r
120ae9d227
image: lower file limit for containerd ( #2815 )
2024-01-11 12:47:38 +01:00
Adrian Stobbe
9a814f91b1
terraform-provider: validate microservice and image version during plan ( #2814 )
2024-01-11 12:04:21 +01:00
Adrian Stobbe
baad7d8310
aws sev snp resolves latest version values on GetAttestationConfig ( #2810 )
2024-01-10 13:32:13 +01:00
Markus Rudy
b267457541
ci: fix OpenSearch link for e2e notifications ( #2813 )
...
* ci: fix OpenSearch link for e2e notifications
2024-01-10 09:49:47 +01:00
edgelessci
c61507f220
image: update measurements and image version ( #2812 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2024-01-10 08:13:30 +01:00
Markus Rudy
49ecb2415f
ci: remove reference to absent go.mod file ( #2811 )
2024-01-09 23:07:16 +01:00
Malte Poll
e618050c7a
bazel: add directories to ignore ( #2805 )
2024-01-09 21:46:53 +01:00
Markus Rudy
ef6f63dc48
Fix various small things throughout the codebase ( #2800 )
...
* bootstrapper: remove obsolete log statement
* ci: simplify variable usage
Co-authored-by: Daniel Weiße <daniel-weisse@users.noreply.github.com>
* cli: add missing formatting directive
* helm: fix rm invocation
* ci: document reproducible-builds workflow
* constants: use variables for measurement files
* constants: use variables for CDN distribution ID
* ci: make Helm version explicit
* api: prettify versionsapi-list output
* ci: remove obsolete docstring
---------
Co-authored-by: Daniel Weiße <daniel-weisse@users.noreply.github.com>
2024-01-09 19:37:56 +01:00
3u13r
badcdcb764
deps: bump cilium to v1.15.0-pre.3-edg.1 ( #2808 )
2024-01-09 16:45:56 +01:00
renovate[bot]
bacb8ff886
deps: update AWS SDK ( #2809 )
...
* deps: update AWS SDK
* deps: fix AWS SDK upgrade breakage
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Markus Rudy <mr@edgeless.systems>
2024-01-09 16:18:33 +01:00
Malte Poll
a8bca88eeb
k8s: add 1.29, remove 1.26, default 1.28 ( #2803 )
...
undefined
2024-01-08 16:53:12 +01:00
Moritz Sanft
e691e26bd3
cli: support for GCP marketplace images ( #2792 )
...
* cli: support GCP marketplace images
* ci: support GCP marketplace images
* docs: support GCP marketplace images
* bazel: generate
* ci: allow GCP for mpi e2e test
* Update docs/docs/overview/license.md
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* terraform-provider: allow GCP MPIs
* terraform-provider: fix error message
---------
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2024-01-08 15:51:39 +01:00
Malte Poll
d3b951300d
ci: explicitly build s3proxy container image tag before referencing ( #2806 )
...
Otherwise, the file might not exist.
2024-01-08 14:32:08 +01:00
Daniel Weiße
7d778d1b5b
Add required kubernetes_version attribute to example
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-08 13:52:55 +01:00
Daniel Weiße
1271e95c0c
Fix missing Kubernetes version for Terraform e2e test
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-08 13:52:55 +01:00
Daniel Weiße
90f3336c8e
deps: remove go.mod
files from submodules ( #2769 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-08 13:19:38 +01:00
Malte Poll
0dae7908a7
bazel: remove stale bash completion file
2024-01-08 10:44:38 +01:00
Malte Poll
362d07fc52
nix: allow dev setup via direnv
2024-01-08 10:44:38 +01:00
edgelessci
a23e838a01
image: update locked rpms ( #2802 )
...
Co-authored-by: malt3 <malt3@users.noreply.github.com>
2024-01-08 08:52:52 +01:00
Moritz Eckert
2af34ceaf4
docs: update asciinema videos ( #2777 )
2024-01-08 07:35:48 +01:00
Moritz Sanft
d525be4a49
terraform: add module deprecation notice ( #2739 )
2024-01-07 22:44:08 +01:00
Malte Poll
c936ec510d
ci: reproducible builds test on artifacts v2 ( #2801 )
...
* ci: test download-artifacts@v4 for reproducible builds test
* ci: reproducible builds test: use unique artifact names and patterns
2024-01-05 16:57:21 +01:00
Markus Rudy
8e8e861d5f
ci: ignore Wireguard pdf in lychee ( #2797 )
...
* ci: use a config file for lychee
* ci: don't pass token to lychee action
* ci: ignore wireguard.pdf in lychee
2024-01-05 14:07:33 +01:00
Malte Poll
3a4f6ef9d1
bazel: use prebuilt Go toolchain (go.dev/dl) ( #2796 )
...
We had to switch to a Go toolchain from nixpkgs,
since prebuilt Go toolchain versions were not usable on NixOS.
Since Go 1.21, the prebuilt Go toolchain is statically linked
and works out of the box.
Reference: https://github.com/golang/go/issues/57007
2024-01-05 11:52:22 +01:00
Markus Rudy
c23aef344d
ci: don't export e2e metrics to OpenSearch ( #2794 )
...
* ci: don't export e2e metrics to OpenSearch
* debugd: don't export metrics
2024-01-05 10:15:53 +01:00
renovate[bot]
136a69e7c8
deps: update actions/setup-python action to v5 ( #2755 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-01-05 09:29:16 +01:00
edgelessci
cbf744a095
image: update measurements and image version ( #2795 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2024-01-05 09:27:11 +01:00