Malte Poll
7575f7688a
replace github.com/google/go-attestation
...
workaround for https://github.com/google/go-attestation/issues/283
2022-08-19 14:39:36 +02:00
Malte Poll
5883278d4a
Enable secure boot on Azure CVMs
2022-08-19 14:39:36 +02:00
Malte Poll
da41cb6962
disk-mapper: systemd cryptsetup unit for state disk
2022-08-19 14:39:36 +02:00
Otto Bittner
0892525915
Switch to Azure CVMs
2022-08-19 14:39:36 +02:00
3u13r
29a1b5de42
increase helm install timeout ( #381 )
2022-08-19 13:28:16 +02:00
Malte Poll
402fc7761b
Disable l7 proxy on QEMU ( #378 )
2022-08-19 08:44:36 +02:00
Malte Poll
af99f91fec
update qemu metadata image version and use correct CSP name in qemu state ( #377 )
2022-08-18 15:59:01 +02:00
Malte Poll
f050a301d0
[node-operator] autoscalingstrategy-controller: improve test robustness ( #372 )
2022-08-17 18:38:54 +02:00
Fabian Kammel
4176f038df
Generate CLI reference also for sub-commands ( #374 )
...
* include all subcommands
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-17 16:58:36 +02:00
Fabian Kammel
059a3eacc0
Use consistent k8s version ( #373 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-17 15:25:05 +02:00
Paul Meyer
0969ff4ac3
Fix tests and linting ( #370 )
...
* Fix license integration test
* Fix build tags in lint config
* Fix missing error checks
* Fix use of MarkNodeAsInitialized
* Fix attestation tests
* Add license integration test to cmake list
2022-08-17 13:50:43 +02:00
Malte Poll
397c9013ea
Remove azure-sdk-for-go/armnetwork replace directive ( #371 )
...
https: //github.com/Azure/azure-sdk-for-go/issues/18704 was resolved
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-17 11:19:40 +02:00
Fabian Kammel
6a29dcea9c
AB#2323 Update release docs ( #367 )
...
* update release docs since release images are no longer build automatically
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-17 10:59:10 +02:00
Fabian Kammel
82eb9f4544
AB#2299 License check in CLI during init ( #366 )
...
* license server interaction
* logic to read from license file
* print license information during init
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
2022-08-16 16:06:38 +02:00
Fabian Kammel
170a8bf5e0
AB#2306 Public image sharing in Google ( #358 )
...
* document how to publicly share images in gcloud
* Write disclamer in debugd
* Add disclamer about debug images to contributing file
* Print debug banner on startup
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-16 15:53:54 +02:00
Malte Poll
abb4fb4f0f
Build GCP guest agent from github actions in constellation repo
2022-08-16 08:47:58 +02:00
Malte Poll
23dfc5549b
[node-operator] nodeimage-controller: improve test robustness
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-16 08:47:34 +02:00
Otto Bittner
aee432ed6f
Fix syntax in yq command
...
Fixes syntax error in 4db5ea3b164e8e762693035cb06d643f711a3d39
2022-08-15 11:41:48 +02:00
Fabian Kammel
97c985a7f4
provide commands for all new image schemas ( #363 )
...
* provide commands for all new image schemas
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-15 11:09:10 +02:00
Otto Bittner
3018bfa03e
Add enforcedMeasurements default value to config
...
A previous change started enforcing PCR values.
This makes it necessary to update the respective config
values before running init.
2022-08-15 09:37:18 +02:00
Daniel Weiße
ba4471a228
AB#2316 Configurable enforced PCRs ( #361 )
...
* Add warnings for non enforced, untrusted PCRs
* Fix global state in Config PCR map
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-12 15:59:45 +02:00
3u13r
9478303f80
deploy cilium via helmchart ( #321 )
2022-08-12 10:20:19 +02:00
Malte Poll
2c7129987a
Deploy operator-lifecycle-manager (OLM), node-maintenance-operator (NMO) and constellation-node-operator
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-11 10:48:50 +02:00
Malte Poll
18a89d2881
Add constellation UID retrieval to cloudprovider metadata APIs
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-11 10:48:50 +02:00
Otto Bittner
2f925b5955
Add clone3-workaround to bootstrapper build container
...
The previously encountered error about misconfigured seccomp
filters is mitigated with the workaround added in this commit.
See the repo in the comment for detailed information on
the bug itself.
2022-08-10 17:17:23 +02:00
Fabian Kammel
c35e85b22b
Make E2E cleanup easier ( #353 )
...
* Make E2E cleanup easier
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-10 10:13:18 +02:00
Otto Bittner
919a2165ae
Run e2e test container on edgserver with privileged
...
The seccomp filter applied by docker presumably
stops curl from working correctly as the glibc changed the
way it creates processes (switch from clone to clone3).
The backwards compatibility layer of glibc does not work
correctly with docker's seccomp filter, making it necessary to
give the container privileged access.
2022-08-10 09:58:43 +02:00
Otto Bittner
c42e79ecfe
AB#2281: Run e2e tests on latest debug image ( #354 )
...
* e2e tests now execute on the latest debug image available by default
* e2e-manual workflow now takes an optional image reference to run on
* isDebugImage is a flag that has to be set in case
you are running a debug image
2022-08-09 15:29:39 +02:00
Malte Poll
264e4beac3
Double timeouts for envtests ( #355 )
2022-08-09 14:48:41 +02:00
Daniel Weiße
8f5f84deb5
AB#2305 Fix missing atls verifier in init call ( #352 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-09 14:04:40 +02:00
Malte Poll
aee3f2afa2
Run tests for different projects in parallel
2022-08-09 10:29:04 +02:00
Malte Poll
c3f064fa09
Update CHANGELOG
2022-08-09 10:29:04 +02:00
Malte Poll
d72c18d066
[node-operator] rename constellation-node-operator to node-operator
2022-08-09 10:29:04 +02:00
Malte Poll
1df2a20a36
CI: build and upload node operator
2022-08-09 10:29:04 +02:00
Malte Poll
5871c49390
Update CONTRIBUTING.md
2022-08-09 10:29:04 +02:00
Malte Poll
fb4bc1545f
[node operator] case insensitive equality checks for image and scaling group references
2022-08-09 10:29:04 +02:00
Malte Poll
80ebfab164
[node operator] GCP: use canonical references
2022-08-09 10:29:04 +02:00
Malte Poll
51cf638361
[node operator] self-initialize resources
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
1cee319174
[node operator] constellation node operator: hardcode image pull secret
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
86c88a949e
[node operator] bundle template
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
0f6de0aa26
[node operator] Update README and samples
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
e267102c92
[node operator] Use environment variable to specify CSP
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
50ed6777c8
[node operator] Read azure config from k8s secret
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
3495ec1c07
[node operator] instantiate Azure client in main.go
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
c74360bf62
[node operator] Add Azure client
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
a50cc2b64d
[node operator] Testable poller for Azure client
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
cbbf77248f
[node operator] adopt go 1.18
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
717570d00a
[node operator] Add GCP client
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
0618a000a7
[node operator] nodeimage controller: remove control-plane nodes from etcd cluster before deleting k8s node object
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00
Malte Poll
242020e304
[node operator] etcd client implementation
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-09 10:29:04 +02:00