renovate[bot]
0e7462728a
deps: update docker/login-action action to v3 ( #2511 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-25 17:40:25 +02:00
renovate[bot]
936f55f4b0
deps: update module go.uber.org/goleak to v1.3.0 ( #2509 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-25 17:39:41 +02:00
katexochen
5eb6cc6d08
image: update measurements and image version
2023-10-25 10:54:56 +02:00
renovate[bot]
06014c58ba
deps: update Kubernetes versions ( #2491 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-25 10:13:42 +02:00
renovate[bot]
4afe5940b6
deps: update registry.k8s.io/provider-aws/cloud-controller-manager Docker tag to v1.28.1 ( #2492 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-25 09:01:52 +02:00
Daniel Weiße
671cf36f0a
cli: common backend for init
and upgrade apply
commands ( #2449 )
...
* Use common 'apply' backend for init and upgrades
* Move unit tests to new apply backend
* Only perform Terraform migrations if state exists in cwd (#2457 )
* Rework skipPhases logic
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-10-24 15:39:18 +02:00
renovate[bot]
15d249092c
deps: update github.com/gophercloud/utils digest to 80377ec ( #2495 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-24 15:35:59 +02:00
renovate[bot]
ecbf6dcd14
deps: update bufbuild/buf to v1.27.1 ( #2497 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-24 15:34:34 +02:00
Paul Meyer
1261ccb569
Revert "ci: execute unit tests and tidy check against merge of PR branch and main ( #2452 )"
...
This reverts commit 43f7d9f736
.
2023-10-24 14:43:09 +02:00
Moritz Sanft
a104936bc6
validation: add generic validation framework ( #2480 )
...
* [wip] validation framework
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* [wip] wip
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* working for shallow structs!!!
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix needle pointer deref
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add comment
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix nested structs
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix nested struct pointers
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add tests
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix slices / arrays
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix struct parsing
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* extend tests
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* expose API
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* extend in-package documentation
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* linter fixes
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix naming
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add missing license headers
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* align with review
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
---------
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2023-10-24 11:38:05 +02:00
Etel Sverdlov
2f745a2edb
Update README.md
...
Updated some links to go to the main website now, updated the blog link, and "Getting started with Constellation" playlist link. Replace twitter with LInkedIn link.
2023-10-24 10:20:16 +02:00
Daniel Weiße
d218f296ad
cli: increase kubecmd retry limit ( #2500 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-10-24 08:10:43 +02:00
3u13r
a1b4db4175
remove gcp internal LB from hack folder ( #2502 )
2023-10-23 16:26:07 +02:00
3u13r
e053d1fa71
terraform: always output node cidr ( #2481 )
...
* terraform: always output node cidr
2023-10-23 15:06:48 +02:00
Adrian Stobbe
5d640ff4f9
ci: fix win build ( #2499 )
2023-10-23 14:39:45 +02:00
Moritz Sanft
19ca4e6ec9
docs: document self-managed infrastructure ( #2458 )
...
* add minimal docs for self-managed infrastructure
* Update docs/docs/getting-started/first-steps.md
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* Update docs/docs/workflows/create.md
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* Update docs/docs/workflows/create.md
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* Update docs/docs/workflows/create.md
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* default to yq
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* Update docs/docs/workflows/create.md
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* don't tie self-managed infrastructure to Terraform
* silence the review-dog
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* Update docs/docs/workflows/create.md
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* Update docs/docs/workflows/create.md
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* Update docs/docs/workflows/create.md
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* Update docs/docs/workflows/create.md
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* [broken] add docs for filling tfvars file
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix docs
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* remove unnecessary linebreaks
* add missing value
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix quoting
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* document endpoint separation
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
---------
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-10-23 11:53:08 +02:00
renovate[bot]
5b70654489
deps: update ghcr.io/edgelesssys/gcp-guest-agent Docker tag to v20231016 ( #2490 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-23 10:37:37 +02:00
Daniel Weiße
d154703c9a
cli: remove unnecessary check from QEMU rollbacker ( #2489 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-10-23 10:20:25 +02:00
edgelessci
9c89b75a53
image: update locked rpms ( #2498 )
2023-10-22 10:10:48 +02:00
renovate[bot]
e5ead09801
deps: update ubuntu:22.04 Docker digest to 2b7412e ( #2496 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-20 18:22:34 +02:00
Malte Poll
5d4af05e79
nix: flake update ( #2488 )
2023-10-20 17:17:59 +02:00
renovate[bot]
0d27a2add2
deps: update Constellation containers to v2.13.0-pre.0.20231017104710-b2f3f72488db ( #2444 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-20 16:55:24 +02:00
Adrian Stobbe
9c1c876830
pick random azure region ( #2483 )
2023-10-20 13:38:08 +02:00
Daniel Weiße
37e5cbeaf6
Update link to our blog
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-10-20 12:13:18 +02:00
Malte Poll
c3a0a7e156
cli: set image version in tests to stamped binary version ( #2485 )
2023-10-20 11:41:56 +02:00
edgelessci
5cd70ac58a
image: update measurements and image version ( #2482 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-10-20 08:10:51 +02:00
Daniel Weiße
eeaba28d02
ci: remove force flag from CLI commands ( #2479 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-10-20 08:10:26 +02:00
3u13r
6c0a3b8efa
fix joining over lb ( #2478 )
2023-10-19 16:28:07 +02:00
edgelessci
43ee0791c6
image: update measurements and image version ( #2477 )
...
Co-authored-by: 3u13r <3u13r@users.noreply.github.com>
2023-10-19 14:50:52 +02:00
3u13r
498b5d68f6
helm: add gcp ccm permissions for internal LBs ( #2474 )
...
* helm: add gcp ccm permissions
2023-10-19 10:57:59 +02:00
3u13r
0bfb4f7e11
align tf output vars with CLI parsing ( #2475 )
2023-10-19 10:03:22 +02:00
Malte Poll
ee54b71a9e
ci: build rpmdb explicitly ( #2476 )
2023-10-19 08:34:17 +02:00
Adrian Stobbe
5819a11d25
api: for Azure attestationconfigapi use TCB values from SNP report instead of MAA token ( #2429 )
2023-10-17 17:36:50 +02:00
3u13r
0c89f57ac5
Support internal load balancers ( #2388 )
...
* arch: support internal lb on Azure
* arch: support internal lb on GCP
* helm: remove lb svc from verify deployment
* arch: support internal lb on AWS
* terraform: add jump hosts for internal lb
* cli: expose internalLoadBalancer in config
* ci: add e2e-manual-internal
* add in-cluster endpoint to terraform output
2023-10-17 15:46:15 +02:00
Daniel Weiße
fe7e16e1cc
cli: create or read state file during constellation create
( #2470 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-10-17 14:37:09 +02:00
Malte Poll
1a141c3972
image: add rpm database as build output ( #2442 )
...
For reproducibility reasons, the final OS image does not ship the rpm database in sqlite format.
For supply chain security and license compliance reasons, we want to keep the rpm database of os images as a detached build artifact.
We now ship a reproducible, human readable manifest of installed rpms in the image under "/usr/share/constellation/packagemanifest" and upload the full rpm database as a build artifact (rpmdb.tar).
2023-10-17 14:04:41 +02:00
Malte Poll
e93de82c0b
image: use systemd-dissect from the host when calculating measurements ( #2473 )
...
* image: use systemd-dissect from the host when calculating measurements
* ci: setup bazel and nix toolchains before merging os image measurements
2023-10-17 13:26:07 +02:00
renovate[bot]
ac8a464d7e
deps: update K8s constrained Azure versions ( #2465 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-10-17 13:15:08 +02:00
Malte Poll
bad9edb99b
image: move mkosi settings into their actual sections ( #2471 )
...
mkosi now warns about what settings are defined in what sections.
Soon, the config parsing might fail when settings are in the wrong sections.
2023-10-17 12:44:19 +02:00
renovate[bot]
abbe3853cb
deps: update cachix/install-nix-action action to v23 ( #2469 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-10-17 10:48:52 +02:00
renovate[bot]
4fbf94ceb8
deps: update golang:1.21.3 Docker digest to 24a0937 ( #2468 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-10-17 10:48:38 +02:00
renovate[bot]
63ebdd9292
deps: update docker.io/k8scloudprovider/openstack-cloud-controller-manager Docker tag to v1.26.4 ( #2466 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-10-17 10:47:48 +02:00
renovate[bot]
b2f3f72488
deps: update fedora:38 Docker digest to 8285246 ( #2467 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-10-17 10:47:10 +02:00
Moritz Sanft
a8605d7294
cli: use custom byte-slice marshalling for state file ( #2460 )
...
* custom byte slice marshalling
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* byte slice compatibility
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* other byte slice compat test
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add missing dep
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* export byte type alias
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* regenerate exported type
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* test marshal and unmarshal together
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
---------
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-10-17 10:35:54 +02:00
Malte Poll
c424ec8825
ci: fix PR label for rpm updates ( #2464 )
2023-10-17 09:46:37 +02:00
edgelessci
d9bd870dbd
image: update locked rpms ( #2463 )
...
Co-authored-by: malt3 <malt3@users.noreply.github.com>
2023-10-17 09:42:00 +02:00
Malte Poll
a9f245752c
ci: update rpm lockfile once per week
2023-10-17 09:23:56 +02:00
Malte Poll
8bc1d80d86
image: install rpms from lockfile
2023-10-17 09:23:56 +02:00
Moritz Sanft
25b23689ad
cli: generate state file during constellation config generate
( #2455 )
...
* create state file during config generate
* use written file in `constellation create`
* document creation of state file
* remove accidentally added test
* check error when writing state file
2023-10-16 20:18:59 +02:00
Moritz Sanft
e5513f14e6
cli: add field docs to the state file ( #2453 )
...
* add field docs to the state file
* mark only optional fields
* tidy
* use talos encoder
2023-10-16 16:49:07 +02:00