Commit Graph

1665 Commits

Author SHA1 Message Date
Daniel Weiße
f8001efbc0
Refactor enforced/expected PCRs (#553)
* Merge enforced and expected measurements

* Update measurement generation to new format

* Write expected measurements hex encoded by default

* Allow hex or base64 encoded expected measurements

* Allow hex or base64 encoded clusterID

* Allow security upgrades to warnOnly flag

* Upload signed measurements in JSON format

* Fetch measurements either from JSON or YAML

* Use yaml.v3 instead of yaml.v2

* Error on invalid enforced selection

* Add placeholder measurements to config

* Update e2e test to new measurement format

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-24 10:57:58 +01:00
renovate[bot]
8ce954e012
Update Constellation containers to v2.3.0-pre.0.20221123084142-3dc9c6086469 (#636)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-24 09:22:49 +01:00
Otto Bittner
da1af3f37e Fix type for cert-manager verbose flag 2022-11-23 18:37:36 +01:00
Malte Poll
3dc9c60864 e2e tests: use new image versions 2022-11-23 15:47:46 +01:00
Malte Poll
457ff442ce Update CHANGELOG 2022-11-23 15:47:46 +01:00
Malte Poll
8d9254e050 Docs: document breaking changes in the config file 2022-11-23 15:47:46 +01:00
Malte Poll
1331c171c3 Upgrade config to v2 2022-11-23 15:47:46 +01:00
Malte Poll
575b6e93f6 CLI: use global image version field
- Restructure config by removing CSP-specific image references
- Add global image field
- Download image lookup table on create
- Download QEMU image on QEMU create
2022-11-23 15:47:46 +01:00
Paul Meyer
9222468d3b deps: only upgrade to errata-ai/vale-action >2.0.1
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-23 15:07:55 +01:00
Otto Bittner
3e71459898 AB#2635: Deploy Konnectivity via Helm 2022-11-23 12:21:08 +01:00
Otto Bittner
7283eeb798 AB#2636: Deploy gcp-guest-agent via Helm 2022-11-23 12:21:08 +01:00
Otto Bittner
9b75d651fc Run cert-manager startupapicheck with verbose flag 2022-11-23 11:16:16 +01:00
Leonard Cohnen
1e98b686b6 kubernetes: verify Kubernetes components 2022-11-23 10:48:03 +01:00
Otto Bittner
2c9ddbc6e7 Remove unused LoadConfig type 2022-11-23 08:49:22 +01:00
Otto Bittner
6b2d9d16f8 Remove obsolote revive comments 2022-11-23 08:35:12 +01:00
renovate[bot]
6c0509e34d
Update etcd dependencies to v3.5.6 (#618)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-22 14:54:26 +01:00
renovate[bot]
d8c553207b
Update Terraform google to v4.44.0 (#622)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-22 14:30:40 +01:00
Paul Meyer
947920d4f5
Revert "warn about function argument count over 5 (#558)" (#620)
This reverts commit 1110ccd270.
2022-11-22 14:20:11 +01:00
renovate[bot]
22f9e2ed4b
Update module github.com/talos-systems/talos/pkg/machinery to v1.2.7 (#619)
* Update module github.com/talos-systems/talos/pkg/machinery to v1.2.7
* [bot] Tidy all modules
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-22 14:18:13 +01:00
Daniel Weiße
e7ee4d6e59
Remove manual installation of csi drivers (#600)
* Remove manual installation of csi drivers

* Remove explicit storage class

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-22 14:02:31 +01:00
Otto Bittner
048ab94123 Use config structs to limit nr of function args 2022-11-22 13:33:57 +01:00
renovate[bot]
928fdcff76
Update google.golang.org/genproto digest to 1645502 (#585)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-22 13:32:23 +01:00
renovate[bot]
bc346805aa
Update Constellation containers to v2.3.0-pre.0.20221121163101-1362e40f53ad (#615)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-22 12:39:50 +01:00
Paul Meyer
063162c205 deps: upgrade sonobuoy version
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-22 12:32:50 +01:00
Malte Poll
29ff6cb786 Move hardcoded all zero PCR[12] to PCR[8] 2022-11-22 11:37:53 +01:00
renovate[bot]
b6d7289dfe
Update dependency numpy to v1.23.5 (#604)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-22 10:07:44 +01:00
github-actions[bot]
d8463e984b
Update CLI reference (#613)
* CLI reference was updated by edgelesssys/constellation@9f64fdad
* CLI reference was updated by edgelesssys/constellation@1f9b6ba9
Co-authored-by: daniel-weisse <daniel-weisse@users.noreply.github.com>
2022-11-22 10:06:22 +01:00
Daniel Weiße
b915d03487
AB#2615 Update docs to new CSI installation method (#606)
* Update docs to new CSI installation method

* Fix invalid volume expansion option

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
2022-11-22 09:36:08 +01:00
Leonard Cohnen
0232c835ca bootstrapper: fix GracefulStop of InitServer
Let joinclient stop initserver only when itself initializes the node.
2022-11-21 18:22:23 +01:00
Otto Bittner
1362e40f53
Surpress argument-limit errors and add TODO. (#603) 2022-11-21 17:31:01 +01:00
Otto Bittner
adc09a1ad1
AB#2593: Deploy verification service via Helm (#594) 2022-11-21 17:06:41 +01:00
Daniel Weiße
1f9b6ba90f
Add debug logging for verify command (#610)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-21 17:02:33 +01:00
Paul Meyer
e98feab57f deps: prioritize renovate PRs
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-21 16:58:53 +01:00
Paul Meyer
06fa19f54d Remove unused package-lock.json
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-21 16:58:53 +01:00
Leonard Cohnen
fa0b880cb8 build: fix ignoring image folder 2022-11-21 16:40:19 +01:00
renovate[bot]
fa2919e285
Update softprops/action-gh-release action to v0.1.15 (#607)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-21 15:08:53 +01:00
renovate[bot]
fad198aa2e
Update module google.golang.org/api to v0.103.0 (#595)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-21 14:45:48 +01:00
renovate[bot]
d7ace99a66
Update module google.golang.org/grpc to v1.51.0 (#598)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-21 12:15:02 +01:00
renovate[bot]
a5aa820d8c
Update Constellation containers (#602)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-21 11:23:06 +01:00
Malte Poll
58e01de16b
Use semantic versioning to allow upgrades between constellation container pseudo-versions (#599) 2022-11-21 11:19:01 +01:00
Otto Bittner
bdd9dd922b
AB#2589: Deploy operators via Helm (#575)
* Only deploy operators on GCP/Azure.
* cert-manager is now deployed by default (GCP/Azure)
* remove OLM
2022-11-21 10:35:40 +01:00
Moritz Sanft
b8d991f84c
AB#2577 Implement GCP IAM in terraform (#567)
* AB#2577 Add GCP TF Config & Documentation

[no ci] wip

AB#2577 Add GCP TF config & Docs

* Download lockfile

* Remove IAM input variables from output
2022-11-21 08:43:13 +01:00
Daniel Weiße
7b3cb5362a
Fix disk-mapper version injection (#592)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-18 16:43:44 +01:00
Nils Hanke
ade8fa323f Remove case-sensitive duplicate file 2022-11-18 16:07:29 +01:00
renovate[bot]
b4653152ee
Update libvirt.org/go to v1.8009.0 (#593)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-18 15:56:39 +01:00
Daniel Weiße
9aa9c1bb49
AB#2275 Add azuredisk CSI driver (#548)
* Add azuredisk CSI driver

* Update Changelog

* Update chart using go generate

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-18 15:47:01 +01:00
renovate[bot]
54ef6d21f4
Update Terraform aws to v4.40.0 (#586)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-18 15:41:02 +01:00
renovate[bot]
86b03bf08e
Update Terraform azurerm to v3.32.0 (#588)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-18 14:57:34 +01:00
Malte Poll
786264edbc Add hack script to locate latest debug image 2022-11-18 12:08:34 +01:00
Malte Poll
9d4172002c Upgrade container images to Fedora 37 2022-11-18 10:37:45 +01:00