Commit Graph

372 Commits

Author SHA1 Message Date
Daniel Weiße
3a7b829107
internal: use go-kms-wrapping for KMS backends (#1012)
* Replace external KMS backend logic for AWS, Azure, and GCP with go-kms-wrapping

* Move kms client setup config into its own package for easier parsing

* Update kms integration flag naming

* Error if nil storage is passed to external KMS

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-02-08 12:03:54 +01:00
renovate[bot]
b3495685fb
deps: update AWS SDK (#1100)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-01 14:02:58 +01:00
renovate[bot]
7b012e72b9
deps: update Azure SDK (#1004)
* deps: update Azure SDK
* deps: tidy all modules

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-01-20 15:42:06 +01:00
renovate[bot]
645e2445d1
Update module golang.org/x/tools to v0.5.0 (#1024)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-19 11:44:59 +01:00
renovate[bot]
f5623fee5a
Update module github.com/sigstore/sigstore to v1.5.1 (#1006)
* Update module github.com/sigstore/sigstore to v1.5.1
* deps: tidy all modules
2023-01-18 10:19:31 +01:00
renovate[bot]
6311b45708
Update module github.com/siderolabs/talos/pkg/machinery to v1.3.2 (#953)
* Update module github.com/siderolabs/talos/pkg/machinery to v1.3.2
* [bot] Tidy all modules
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-01-13 11:27:52 +01:00
Paul Meyer
4bc191e434 versions: move hash generator into own package
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-11 14:29:32 +01:00
renovate[bot]
efd99975a4
Update Google SDK (#928) 2023-01-11 14:28:45 +01:00
Otto Bittner
c19e894d43 Revert "Update Google SDK (#907)"
This reverts commit e54b2ec95f.
2023-01-10 11:41:43 +01:00
renovate[bot]
e54b2ec95f
Update Google SDK (#907)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-09 18:30:19 +01:00
renovate[bot]
1d34c140da
Update module github.com/go-playground/locales to v0.14.1 (#904)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-06 18:49:45 +01:00
Paul Meyer
f4df4067bd
deps: upgrade Azure sdk (#887)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-06 16:26:30 +01:00
renovate[bot]
992e318c1c
Update AWS SDK (#893)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-06 15:45:38 +01:00
renovate[bot]
15873d4959
Update module google.golang.org/api to v0.106.0 (#896)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-06 15:39:44 +01:00
renovate[bot]
b8a6ab7c70
Update module github.com/schollz/progressbar/v3 to v3.13.0 (#882)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-05 17:48:15 +01:00
Otto Bittner
e7c7e35f51 cli: create backups for CRDs and their resources
These backups could be used in case an upgrade
misbehaves after helm declared it as successful.
The manual backups are required as helm-rollback
won't touch custom resources and changes to CRDs
delete resources of the old version.
2023-01-05 16:52:06 +01:00
renovate[bot]
4803edd4a0
Update module github.com/google/go-tpm-tools to v0.3.10 (#836)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-01-05 14:42:09 +01:00
renovate[bot]
b09f1ba62a
Update module golang.org/x/crypto to v0.5.0 (#869)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-05 10:54:07 +01:00
Paul Meyer
053f4552d9 versionsapi: fix semver dependency
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-04 16:00:14 +01:00
Paul Meyer
0011d960f7 versionsapi: implement rm cmd in cli
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-04 11:39:19 +01:00
renovate[bot]
806f6b70dd
Update module github.com/talos-systems/talos/pkg/machinery to v1.3.1 (#844)
* Update module github.com/talos-systems/talos/pkg/machinery to v1.3.1
* Rename talos-systems/talos to siderolabs/talos

Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-02 13:33:56 +01:00
renovate[bot]
0e529c91e4
Update module github.com/mattn/go-isatty to v0.0.17 (#841)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-30 14:00:19 +01:00
renovate[bot]
3daa0af9d3
Update module github.com/docker/docker to v20.10.22+incompatible (#834)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-28 18:41:37 +01:00
renovate[bot]
dc5f9bf9ae
Update module cloud.google.com/go/compute/metadata to v0.2.3 (#832)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-28 18:10:38 +01:00
renovate[bot]
1595f83ac6
Update AWS SDK (#789)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-28 14:55:08 +01:00
renovate[bot]
030d2e9bb2
Update module google.golang.org/api to v0.105.0 (#756)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-23 13:46:04 +01:00
renovate[bot]
365da19ddf
Update module helm.sh/helm/v3 to v3.10.3 [SECURITY] (#802)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-15 09:11:10 +01:00
renovate[bot]
122a7339d1
Update module go.uber.org/multierr to v1.9.0 (#801)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-15 08:03:15 +01:00
renovate[bot]
b267fc8f1a
Update module github.com/Azure/azure-sdk-for-go/sdk/storage/azblob to v0.6.1 (#772)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-12 10:27:29 +01:00
renovate[bot]
0655c05d79
Update module github.com/sigstore/sigstore to v1.5.0 (#773)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-09 15:49:50 +01:00
renovate[bot]
1daae77189
Update AWS SDK (#769)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-09 15:28:27 +01:00
Paul Meyer
4c2ffe7905
Update Google SDK (#760)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-09 10:59:18 +01:00
Paul Meyer
9b1551e76a dependencies: migrate go-genproto to google-cloud-go
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-08 13:27:15 +01:00
Paul Meyer
eff3dd8aea dependencies: upgrade containerd module
Fixes CVE-2022-23471.

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-08 13:27:15 +01:00
renovate[bot]
953381848b
Update module golang.org/x/crypto to v0.4.0 (#751)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-07 17:36:27 +01:00
renovate[bot]
e17db4b428
Update module github.com/schollz/progressbar/v3 to v3.12.2 (#739)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-12-07 09:33:57 +01:00
renovate[bot]
63f74f0d65
Update module github.com/go-git/go-git/v5 to v5.5.0 (#735)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-06 18:51:06 +01:00
renovate[bot]
64c6c6b005
Update module github.com/aws/smithy-go to v1.13.5 (#728)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-06 16:27:15 +01:00
renovate[bot]
8bf92bb6e5
Update module golang.org/x/sys to v0.3.0 (#721)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-05 16:56:08 +01:00
renovate[bot]
6e84958b84
Update AWS SDK (#679)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-02 11:10:56 +01:00
renovate[bot]
3e343ed185
Update module go.uber.org/zap to v1.24.0 (#703)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-02 10:53:27 +01:00
renovate[bot]
b20e9b3cd4
Update google.golang.org/genproto digest to e3fa12d (#704)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-02 10:35:32 +01:00
Paul Meyer
b93b24e058 debugd: add logcollector
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-30 16:26:25 +01:00
renovate[bot]
5b23a071ac
Update module github.com/sigstore/sigstore to v1.4.6 (#667)
* Update module github.com/sigstore/sigstore to v1.4.6
* [bot] Tidy all modules

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-30 11:32:59 +01:00
renovate[bot]
a32f9ae752
Update k8s.io/utils digest to 99ec85e (#664)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-29 14:01:29 +01:00
renovate[bot]
6ba9c32f55
Update AWS SDK (#530)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-29 13:45:06 +01:00
Daniel Weiße
f8001efbc0
Refactor enforced/expected PCRs (#553)
* Merge enforced and expected measurements

* Update measurement generation to new format

* Write expected measurements hex encoded by default

* Allow hex or base64 encoded expected measurements

* Allow hex or base64 encoded clusterID

* Allow security upgrades to warnOnly flag

* Upload signed measurements in JSON format

* Fetch measurements either from JSON or YAML

* Use yaml.v3 instead of yaml.v2

* Error on invalid enforced selection

* Add placeholder measurements to config

* Update e2e test to new measurement format

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-24 10:57:58 +01:00
renovate[bot]
22f9e2ed4b
Update module github.com/talos-systems/talos/pkg/machinery to v1.2.7 (#619)
* Update module github.com/talos-systems/talos/pkg/machinery to v1.2.7
* [bot] Tidy all modules
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-22 14:18:13 +01:00
renovate[bot]
928fdcff76
Update google.golang.org/genproto digest to 1645502 (#585)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-22 13:32:23 +01:00
renovate[bot]
fad198aa2e
Update module google.golang.org/api to v0.103.0 (#595)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-21 14:45:48 +01:00
renovate[bot]
d7ace99a66
Update module google.golang.org/grpc to v1.51.0 (#598)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-21 12:15:02 +01:00
Otto Bittner
bdd9dd922b
AB#2589: Deploy operators via Helm (#575)
* Only deploy operators on GCP/Azure.
* cert-manager is now deployed by default (GCP/Azure)
* remove OLM
2022-11-21 10:35:40 +01:00
renovate[bot]
6b7e470983
Update module github.com/talos-systems/talos/pkg/machinery to v1.2.6 (#582)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-18 09:20:54 +01:00
renovate[bot]
5dc78b677b
Update google.golang.org/genproto digest to 41c2ba7 (#503)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 18:49:17 +01:00
renovate[bot]
25c3fcd104
Update module github.com/schollz/progressbar/v3 to v3.12.1 (#581)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 17:12:04 +01:00
renovate[bot]
fe36de8826
Update module golang.org/x/crypto to v0.3.0 (#569)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 10:18:43 +01:00
renovate[bot]
ee47177029
Update module helm.sh/helm/v3 to v3.10.2 (#555)
* Update module helm.sh/helm/v3 to v3.10.2

* [bot] Tidy all modules

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-11-15 15:47:53 +01:00
Fabian Kammel
bb76a4e4c8
AB#2512 Config secrets via env var & config refactoring (#544)
* refactor measurements to use consistent types and less byte pushing
* refactor: only rely on a single multierr dependency
* extend config creation with envar support
* document changes
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-15 15:40:49 +01:00
renovate[bot]
9ef8a0846f
Update module github.com/spf13/afero to v1.9.3 (#554)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-15 12:18:33 +01:00
renovate[bot]
c71eeffd1e
Update module github.com/sigstore/rekor to v1.0.1 (#543)
* Update module github.com/sigstore/rekor to v1.0.1
* quotes around string with spaces
* [bot] Tidy all modules
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: datosh <datosh@users.noreply.github.com>
2022-11-15 12:18:01 +01:00
Leonard Cohnen
c51694a51a kubernetes: add hashes to components 2022-11-15 11:07:46 +01:00
Daniel Weiße
5efe05d933
AB#2525 clean up unused code (#504)
* Rename Metadata->Cloud

* Remove unused methods, functions, and variables

* More privacy for testing stubs

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-15 10:31:55 +01:00
Daniel Weiße
f41c54e837
AB#2524 Refactor Azure metadata/cloud API (#477)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-15 09:08:18 +01:00
renovate[bot]
83cbc68cb6
Update module github.com/googleapis/gax-go/v2 to v2.7.0 (#517)
* Update module github.com/googleapis/gax-go/v2 to v2.7.0

* [bot] Tidy all modules

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-11-14 10:48:28 +01:00
renovate[bot]
5a29172474 Update K8s dependencies 2022-11-14 10:04:04 +01:00
Daniel Weiße
a07cab4b97
Update go-tpm dependency (#533)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-14 09:02:56 +01:00
Paul Meyer
d025fe1e98 Remove transformers from k8sutil downloader
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-10 17:53:44 +01:00
renovate[bot]
e887dc7fcd
Update module github.com/aws/aws-sdk-go-v2/service/ec2 to v1.69.0 (#515)
* Update module github.com/aws/aws-sdk-go-v2/service/ec2 to v1.69.0

* [bot] Tidy all modules

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-11-10 11:56:45 +01:00
renovate[bot]
0720f95179
Update module cloud.google.com/go/storage to v1.28.0 (#498)
* Update module cloud.google.com/go/storage to v1.28.0

* [bot] Tidy all modules

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-11-10 11:43:36 +01:00
renovate[bot]
0c1637c700
Update module github.com/coreos/go-systemd/v22 to v22.5.0 (#506)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-10 11:38:27 +01:00
renovate[bot]
52140ff7e5
Update module golang.org/x/crypto to v0.2.0 (#507)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-10 08:01:51 +01:00
renovate[bot]
9af6923756
Update module golang.org/x/mod to v0.7.0 (#508)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-09 18:44:07 +01:00
renovate[bot]
1c463bf10b
Update Azure SDK (#493)
* Update Azure SDK
* [bot] Tidy all modules
* fix breaking changes around New function in Azure SDK
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
Co-authored-by: Fabian Kammel <fk@edgeless.systems>
2022-11-09 12:09:22 +01:00
renovate[bot]
cf9693af24
Update Google cloud SDK (#457)
* Update Google cloud SDK
* [bot] Tidy all modules
* migrate from google.golang.org/genproto/googleapis/cloud/kms/v1 to cloud.google.com/go/kms/apiv1/kmspb
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
Co-authored-by: Fabian Kammel <fk@edgeless.systems>
2022-11-09 11:48:56 +01:00
renovate[bot]
ce0b3a8867
Update module golang.org/x/sys to v0.2.0 (#491)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-09 11:09:07 +01:00
renovate[bot]
18439fc69b
Update module github.com/docker/docker to v20.10.21+incompatible (#322)
* Update module github.com/docker/docker to v20.10.21+incompatible

* [bot] Tidy all modules

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-11-09 11:07:15 +01:00
renovate[bot]
cb7b53a9c9
Update AWS SDK (#490)
* Update AWS SDK
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-11-09 11:03:06 +01:00
renovate[bot]
5f170709d6
Update k8s.io/utils digest to 8e77b1f (#489)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-09 10:46:47 +01:00
renovate[bot]
34435e4396
Update k8s.io/utils digest to 1a15be2 (#483)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-08 18:39:51 +01:00
renovate[bot]
934d173650
Update AWS SDK (#412)
* Update AWS SDK

* [bot] Tidy all modules

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-11-04 13:17:27 +01:00
renovate[bot]
8e44eb7ea5
Update module github.com/sigstore/rekor to v1 (#453)
* Update module github.com/sigstore/rekor to v1
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-11-04 12:45:45 +01:00
Leonard Cohnen
0430336fdf metadata: implement GetLoadBalancerEndpoint for AWS 2022-11-02 23:29:04 +01:00
renovate[bot]
4b257616e4
Update k8s.io/utils digest to 61b03e2 (#427)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-02 16:04:19 +01:00
renovate[bot]
67a99434e9
Update module github.com/sigstore/sigstore to v1.4.5 (#383)
* Update module github.com/sigstore/sigstore to v1.4.5
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-11-01 12:14:55 +01:00
Daniel Weiße
79f52e67cb
Update go-tpm-tools to fix AWS PCR selection (#390)
* Update go-tpm-tools to fix AWS PCR selection

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Ignore leaking glog go routine

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-28 17:57:24 +02:00
Paul Meyer
256f0e64b3 Upgrade Go version to 1.19
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-28 16:06:53 +02:00
renovate[bot]
4ef94834ed
Update module github.com/googleapis/gax-go/v2 to v2.6.0 (#330)
* Update module github.com/googleapis/gax-go/v2 to v2.6.0
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-28 09:33:29 +02:00
leongross
d457620941
AB#2458 AWS NitroTPM attestation (#339)
* add aws tpm attestation
* fix typos
* Fix return value issue

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2022-10-27 11:04:23 +02:00
renovate[bot]
8d82d8c0fa
Update module github.com/stretchr/testify to v1.8.1 (#385)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-27 08:39:45 +02:00
renovate[bot]
8c01a6647f
Update module github.com/spf13/cobra to v1.6.1 (#384)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-27 08:25:21 +02:00
renovate[bot]
9210ae5d04
Update google.golang.org/genproto digest to 527a21c (#320)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-26 15:47:16 +02:00
renovate[bot]
c452f17ca2
Update module golang.org/x/mod to v0.6.0 (#335)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-24 18:44:03 +02:00
Daniel Weiße
c82d5ccba9
Hide cursor and fix dots (#217)
* Hide cursor and fix dots spinner

* Allow restarting of spinner

* Don't spin on non TTY output

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-21 14:26:42 +02:00
renovate[bot]
56981a709e
Update module github.com/aws/aws-sdk-go-v2/service/kms to v1.18.13 (#346)
* Update module github.com/aws/aws-sdk-go-v2/service/kms to v1.18.13

* [bot] Tidy all modules

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-10-21 14:08:36 +02:00
renovate[bot]
02f1f5109a Update module google.golang.org/grpc to v1.50.1 2022-10-21 13:28:03 +02:00
renovate[bot]
8cf6189cf0
Update module github.com/fsnotify/fsnotify to v1.6.0 (#325)
* Update module github.com/fsnotify/fsnotify to v1.6.0

* [bot] Tidy all modules

* Use event.Has function

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-10-20 10:16:20 +02:00
renovate[bot]
1d417029bf Update module github.com/google/tink/go to v1.7.0 2022-10-19 13:37:16 +02:00
renovate[bot]
38ff8b70c7
Update module github.com/spf13/cobra to v1.6.0 (#326)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-19 11:07:00 +02:00
renovate[bot]
37a9dbfad2
Update k8s dependencies (#308)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-19 10:37:40 +02:00
renovate[bot]
f05bccb670
Update module github.com/Azure/azure-sdk-for-go/sdk/storage/azblob to v0.5.1 (#269)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-19 08:57:09 +02:00
renovate[bot]
3e209b9456
Update module github.com/coreos/go-systemd/v22 to v22.4.0 (#321)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-19 08:51:58 +02:00
renovate[bot]
9a1d795597
Update module github.com/Azure/azure-sdk-for-go/sdk/keyvault (#267)
* Update module github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys to v0.8.1

* Update module github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets to v0.10.1

* Adjust Azure KMS opts struct

* Update kms readme formatting

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-18 12:08:59 +02:00
renovate[bot]
ecdf5d5165
Update module golang.org/x/text to v0.3.8 (#297)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-17 18:12:19 +02:00
renovate[bot]
71d4aac3f2
Update module github.com/docker/docker to v20.10.19+incompatible (#271)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-17 15:40:59 +02:00
renovate[bot]
a998745e91
Update google.golang.org/genproto digest to 99cd37c (#253)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-17 15:36:21 +02:00
renovate[bot]
51a0c746ca
Update golang.org/x/sys digest to 95e765b (#257)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-17 11:12:04 +02:00
Malte Poll
397e61700d
Use upstream go-attestation (#286)
The reason for replacing the module was waiting for https://github.com/google/go-attestation/pull/284 to be merged.
2022-10-17 09:44:05 +02:00
Daniel Weiße
623cb6cdb5
AB#2479 Implement AWS cloud logging (#232)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-17 09:05:45 +02:00
Daniel Weiße
19b67dc622 Update module github.com/aws/aws-sdk-go-v2/feature/s3/manager to v1.11.34
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-14 11:09:44 +02:00
renovate[bot]
0858117920 Update module github.com/aws/aws-sdk-go-v2/service/kms to v1.18.12 2022-10-14 10:51:00 +02:00
renovate[bot]
84a9f0bfb4 Update module github.com/aws/aws-sdk-go-v2/config to v1.17.8 2022-10-14 10:47:38 +02:00
renovate[bot]
def598a154 Update module github.com/Azure/azure-sdk-for-go/sdk/azcore to v1.1.4 2022-10-14 10:03:17 +02:00
renovate[bot]
c378cb19e1
Update golang.org/x/sys digest to 090e330 (#252)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-13 17:24:48 +02:00
renovate[bot]
97a4778f0d
Update golang.org/x/crypto digest to 56aed06 (#244)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-13 16:47:53 +02:00
katexochen
4c0ef09346 Tidy Go mods 2022-10-13 15:29:29 +02:00
Daniel Weiße
23afccb975
AB#2474 Implement List and Self method for AWS (#229)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-12 13:40:38 +02:00
Fabian Kammel
57b8efd1ec
Improve measurements verification with Rekor (#206)
Fetched measurements are now verified using Rekor in addition to a signature check.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-10-11 13:57:52 +02:00
Daniel Weiße
0edae36e43
AB#2426 Mini Constellation (#198)
* Mini Constellation commands to quickly deploy a local Constellation cluster

* Download libvirt container image if not present locally

* Fix libvirt KVM permission issues by creating kvm group using host GID inside container

* Remove QEMU specific values from state file

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Nils Hanke <nils.hanke@outlook.com>
2022-10-07 09:38:43 +02:00
Daniel Weiße
acdcb535c0
AB#2444 Verify Azure trusted launch attestation keys (#203)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-04 16:44:44 +02:00
Fabian Kammel
88a57fdb36
upgrade k8s 1.24.3 -> 1.24.6 (#201)
* upgrade k8s 1.24.3 -> 1.24.6
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-09-30 17:10:16 +02:00
katexochen
d973740b03 Use Terraform for create on GCP 2022-09-30 16:50:52 +02:00
Daniel Weiße
804c173d52
Use terraform in CLI to create QEMU cluster (#172)
* Use terraform in CLI to create QEMU cluster

* Dont allow qemu creation on os/arch other than linux/amd64

* Allow usage of --name flag for QEMU resources

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-09-26 15:52:31 +02:00
katexochen
97ef965a80 Tidy go mods 2022-09-22 09:10:19 +02:00
katexochen
ba6e41ed5c Upgrade go module to v2 2022-09-22 09:10:19 +02:00
Malte Poll
c6f85ec4b6
Upgrade go-tuf in main go.mod (#167) 2022-09-16 20:08:50 +02:00
katexochen
f394183da7 Run go mod tidy 2022-09-13 15:58:38 +02:00
Fabian Kammel
2f871578b2
first implementation of SBOM generation (#50)
* first implementation of SBOM generation
* updated dependencies as per grype report
* hack: go mod tidy
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-09-02 16:49:59 +02:00
Daniel Weiße
ce02878019
AB#2308 / AB#2317 constellation upgrade plan (#3)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-31 11:59:07 +02:00
Daniel Weiße
7c832273fd
AB#2309 constellation upgrade execute (#2)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-29 16:49:44 +02:00
Fabian Kammel
0a3a4e9c7f move util
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-29 16:07:55 +02:00
Fabian Kammel
9e43701d3c Remove klog (#376)
* remove logging altogether
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-25 17:01:54 +02:00
katexochen
a02a46e454 Use multiple loadbalancers on GCP 2022-08-23 18:11:20 +02:00
Malte Poll
7575f7688a replace github.com/google/go-attestation
workaround for https://github.com/google/go-attestation/issues/283
2022-08-19 14:39:36 +02:00
Fabian Kammel
059a3eacc0 Use consistent k8s version (#373)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-17 15:25:05 +02:00
Malte Poll
397c9013ea Remove azure-sdk-for-go/armnetwork replace directive (#371)
https: //github.com/Azure/azure-sdk-for-go/issues/18704 was resolved
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-17 11:19:40 +02:00
3u13r
9478303f80 deploy cilium via helmchart (#321) 2022-08-12 10:20:19 +02:00
Malte Poll
2c7129987a Deploy operator-lifecycle-manager (OLM), node-maintenance-operator (NMO) and constellation-node-operator
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-11 10:48:50 +02:00
Malte Poll
f5fe4fe885 Replace armnetworks module until https://github.com/Azure/azure-sdk-for-go/issues/18704 is fixed 2022-08-05 10:35:38 +02:00
Malte Poll
081dfb5037 Upgrade Azure SDK
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-05 10:35:38 +02:00
Fabian Kammel
050e8fdc4a AB#2159 Feat/cli/fetch measurements (#301)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-01 09:37:05 +02:00
Thomas Tendyck
48d614c959 AB#2222 replace unlicensed passwd package with own implementation 2022-07-25 15:10:29 +02:00
Fabian Kammel
a931f6692f Fix/bootstrapper regressions (#274)
* remove wireguard from e2e tests, conformance docs & config
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-15 11:53:14 +02:00
katexochen
66b573ea5d Bootstrapper 2022-07-14 17:25:18 +02:00
katexochen
dea23604fb Bootstrapper 2022-07-14 17:25:18 +02:00
katexochen
32f1f5fd3e Delete Coordinator core and apis 2022-07-14 17:25:18 +02:00
Daniel Weiße
24cba8d91a Use Constellation KMS instead of deprecated vpn API for requesting keys (#248)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-07-05 09:48:47 +02:00
Nils Hanke
0653c20792 Upgrade to Cobra v1.5.0 & go mod tidy 2022-06-28 13:55:50 +02:00
Daniel Weiße
4842d29aff AB#2111 Deploy activation service on cluster init (#205)
* Deploy activation service on cluster init

* Use base image with CA certificates for activation service

* Improve KMS server 

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-15 16:00:48 +02:00
Fabian Kammel
84552ca8f7 AB#2104 Feat/azure logging (#198)
implementation for azure early boot logging
2022-06-10 13:18:30 +02:00
Daniel Weiße
b461c40c3a Implement activation service
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-08 17:17:06 +02:00
Fabian Kammel
a15605475e AB#2104 early boot logging (#175) 2022-06-03 11:55:18 +02:00
Leonard Cohnen
791d5564ba replace flannel with cilium 2022-06-02 13:08:25 +02:00
Thomas Tendyck
2ba3c153de AB#2117 cli: validate config (#170)
* AB#2117 cli: validate config

* update hack/go.mod
2022-05-23 15:01:39 +02:00
Malte Poll
14f6985fe3 Implement binary file installer & extractor
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-23 11:40:22 +02:00
Moritz Eckert
6dc97590fe Enable and configure k8s audit-log (#160)
* Enable and configure k8s audit-log

* Update coordinator/kubernetes/k8sapi/kubeadm_config.go

Co-authored-by: Malte Poll <mp@edgeless.systems>

* add mount point for audit log dir in kubeadm conf

* Mount audit policy into kube-apiserver static pod

* Write default auditpolicy on cluster init / cluster join

Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-05-20 17:30:37 +02:00
Paul Meyer
8e0f9491af Create hack folder with independent modules (#131) 2022-05-17 11:14:23 +02:00
Fabian Kammel
b905c28515 AB#2061 Self Documenting Config File (#143)
Move firewall up into root config, remove VPC config & autogenerate comments in config file.
2022-05-16 18:54:25 +02:00
Daniel Weiße
437de8bcb1 Add function to retrieve real device path of mapped device
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-12 13:53:39 +02:00
Daniel Weiße
6b3d45dd09 Add resize functions
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-12 13:53:39 +02:00
Thomas Tendyck
d76703061b cli: add minimal doc generator (#129)
* cli: add minimal doc generator

* fixup! cli: add
2022-05-11 09:20:37 +02:00
cm
c63d7126e7 AB#1943 Extract KMS package (#56)
* Extract kmsapi from coordinator

* Add kmsapi cmd server
2022-05-10 12:35:17 +02:00
katexochen
d83bc8727b Replace k8s.io/klog with k8s.io/klog/v2 2022-05-04 17:16:40 +02:00
katexochen
d6eee42436 Bump k8s.io from v1.23.5 to v1.24.0 2022-05-04 17:16:40 +02:00
Daniel Weiße
901c783bc5 Remove replace directive for go-cryptsetup
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-22 08:58:49 +02:00
Malte Poll
98aced1b36 remove AWS nitro dependencies & add libcryptsetup
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-21 11:45:54 +02:00
Daniel Weiße
49a1a07049 AB#1902 Ping Coordinator from initramfs for key (#53)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-12 14:24:36 +02:00
3u13r
1c0f52e04e refactor cli vpn config (#46)
* refactor cli vpn config

Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2022-04-12 14:20:46 +02:00
Thomas Tendyck
7315e80374 cli: add output before long-running actions 2022-04-05 16:23:48 +02:00
Daniel Weiße
ef5c85dad2 Add Azure storage tests
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-01 09:41:15 +02:00
katexochen
66fe34ee32 Write WireGuard config file on init 2022-03-31 15:43:25 +02:00
Daniel Weiße
752571bbf8 Upgrade go-cryptsetup to latest version
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-03-23 11:48:15 +01:00
Leonard Cohnen
2d8fcd9bf4 monorepo
Co-authored-by: Malte Poll <mp@edgeless.systems>
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
Co-authored-by: Benedict Schlueter <bs@edgeless.systems>
Co-authored-by: leongross <leon.gross@rub.de>
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
2022-03-22 16:09:39 +01:00