Daniel Weiße
3a7b829107
internal: use go-kms-wrapping for KMS backends ( #1012 )
...
* Replace external KMS backend logic for AWS, Azure, and GCP with go-kms-wrapping
* Move kms client setup config into its own package for easier parsing
* Update kms integration flag naming
* Error if nil storage is passed to external KMS
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-02-08 12:03:54 +01:00
renovate[bot]
b3495685fb
deps: update AWS SDK ( #1100 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-01 14:02:58 +01:00
renovate[bot]
7b012e72b9
deps: update Azure SDK ( #1004 )
...
* deps: update Azure SDK
* deps: tidy all modules
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-01-20 15:42:06 +01:00
renovate[bot]
645e2445d1
Update module golang.org/x/tools to v0.5.0 ( #1024 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-19 11:44:59 +01:00
renovate[bot]
f5623fee5a
Update module github.com/sigstore/sigstore to v1.5.1 ( #1006 )
...
* Update module github.com/sigstore/sigstore to v1.5.1
* deps: tidy all modules
2023-01-18 10:19:31 +01:00
renovate[bot]
6311b45708
Update module github.com/siderolabs/talos/pkg/machinery to v1.3.2 ( #953 )
...
* Update module github.com/siderolabs/talos/pkg/machinery to v1.3.2
* [bot] Tidy all modules
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-01-13 11:27:52 +01:00
Paul Meyer
4bc191e434
versions: move hash generator into own package
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-11 14:29:32 +01:00
renovate[bot]
efd99975a4
Update Google SDK ( #928 )
2023-01-11 14:28:45 +01:00
Otto Bittner
c19e894d43
Revert "Update Google SDK ( #907 )"
...
This reverts commit e54b2ec95f
.
2023-01-10 11:41:43 +01:00
renovate[bot]
e54b2ec95f
Update Google SDK ( #907 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-09 18:30:19 +01:00
renovate[bot]
1d34c140da
Update module github.com/go-playground/locales to v0.14.1 ( #904 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-06 18:49:45 +01:00
Paul Meyer
f4df4067bd
deps: upgrade Azure sdk ( #887 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-06 16:26:30 +01:00
renovate[bot]
992e318c1c
Update AWS SDK ( #893 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-06 15:45:38 +01:00
renovate[bot]
15873d4959
Update module google.golang.org/api to v0.106.0 ( #896 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-06 15:39:44 +01:00
renovate[bot]
b8a6ab7c70
Update module github.com/schollz/progressbar/v3 to v3.13.0 ( #882 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-05 17:48:15 +01:00
Otto Bittner
e7c7e35f51
cli: create backups for CRDs and their resources
...
These backups could be used in case an upgrade
misbehaves after helm declared it as successful.
The manual backups are required as helm-rollback
won't touch custom resources and changes to CRDs
delete resources of the old version.
2023-01-05 16:52:06 +01:00
renovate[bot]
4803edd4a0
Update module github.com/google/go-tpm-tools to v0.3.10 ( #836 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-01-05 14:42:09 +01:00
renovate[bot]
b09f1ba62a
Update module golang.org/x/crypto to v0.5.0 ( #869 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-05 10:54:07 +01:00
Paul Meyer
053f4552d9
versionsapi: fix semver dependency
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-04 16:00:14 +01:00
Paul Meyer
0011d960f7
versionsapi: implement rm cmd in cli
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-04 11:39:19 +01:00
renovate[bot]
806f6b70dd
Update module github.com/talos-systems/talos/pkg/machinery to v1.3.1 ( #844 )
...
* Update module github.com/talos-systems/talos/pkg/machinery to v1.3.1
* Rename talos-systems/talos to siderolabs/talos
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-02 13:33:56 +01:00
renovate[bot]
0e529c91e4
Update module github.com/mattn/go-isatty to v0.0.17 ( #841 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-30 14:00:19 +01:00
renovate[bot]
3daa0af9d3
Update module github.com/docker/docker to v20.10.22+incompatible ( #834 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-28 18:41:37 +01:00
renovate[bot]
dc5f9bf9ae
Update module cloud.google.com/go/compute/metadata to v0.2.3 ( #832 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-28 18:10:38 +01:00
renovate[bot]
1595f83ac6
Update AWS SDK ( #789 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-28 14:55:08 +01:00
renovate[bot]
030d2e9bb2
Update module google.golang.org/api to v0.105.0 ( #756 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-23 13:46:04 +01:00
renovate[bot]
365da19ddf
Update module helm.sh/helm/v3 to v3.10.3 [SECURITY] ( #802 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-15 09:11:10 +01:00
renovate[bot]
122a7339d1
Update module go.uber.org/multierr to v1.9.0 ( #801 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-15 08:03:15 +01:00
renovate[bot]
b267fc8f1a
Update module github.com/Azure/azure-sdk-for-go/sdk/storage/azblob to v0.6.1 ( #772 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-12 10:27:29 +01:00
renovate[bot]
0655c05d79
Update module github.com/sigstore/sigstore to v1.5.0 ( #773 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-09 15:49:50 +01:00
renovate[bot]
1daae77189
Update AWS SDK ( #769 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-09 15:28:27 +01:00
Paul Meyer
4c2ffe7905
Update Google SDK ( #760 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-09 10:59:18 +01:00
Paul Meyer
9b1551e76a
dependencies: migrate go-genproto to google-cloud-go
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-08 13:27:15 +01:00
Paul Meyer
eff3dd8aea
dependencies: upgrade containerd module
...
Fixes CVE-2022-23471.
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-08 13:27:15 +01:00
renovate[bot]
953381848b
Update module golang.org/x/crypto to v0.4.0 ( #751 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-07 17:36:27 +01:00
renovate[bot]
e17db4b428
Update module github.com/schollz/progressbar/v3 to v3.12.2 ( #739 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-12-07 09:33:57 +01:00
renovate[bot]
63f74f0d65
Update module github.com/go-git/go-git/v5 to v5.5.0 ( #735 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-06 18:51:06 +01:00
renovate[bot]
64c6c6b005
Update module github.com/aws/smithy-go to v1.13.5 ( #728 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-06 16:27:15 +01:00
renovate[bot]
8bf92bb6e5
Update module golang.org/x/sys to v0.3.0 ( #721 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-05 16:56:08 +01:00
renovate[bot]
6e84958b84
Update AWS SDK ( #679 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-02 11:10:56 +01:00
renovate[bot]
3e343ed185
Update module go.uber.org/zap to v1.24.0 ( #703 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-02 10:53:27 +01:00
renovate[bot]
b20e9b3cd4
Update google.golang.org/genproto digest to e3fa12d ( #704 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-02 10:35:32 +01:00
Paul Meyer
b93b24e058
debugd: add logcollector
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-30 16:26:25 +01:00
renovate[bot]
5b23a071ac
Update module github.com/sigstore/sigstore to v1.4.6 ( #667 )
...
* Update module github.com/sigstore/sigstore to v1.4.6
* [bot] Tidy all modules
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-30 11:32:59 +01:00
renovate[bot]
a32f9ae752
Update k8s.io/utils digest to 99ec85e ( #664 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-29 14:01:29 +01:00
renovate[bot]
6ba9c32f55
Update AWS SDK ( #530 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-29 13:45:06 +01:00
Daniel Weiße
f8001efbc0
Refactor enforced/expected PCRs ( #553 )
...
* Merge enforced and expected measurements
* Update measurement generation to new format
* Write expected measurements hex encoded by default
* Allow hex or base64 encoded expected measurements
* Allow hex or base64 encoded clusterID
* Allow security upgrades to warnOnly flag
* Upload signed measurements in JSON format
* Fetch measurements either from JSON or YAML
* Use yaml.v3 instead of yaml.v2
* Error on invalid enforced selection
* Add placeholder measurements to config
* Update e2e test to new measurement format
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-24 10:57:58 +01:00
renovate[bot]
22f9e2ed4b
Update module github.com/talos-systems/talos/pkg/machinery to v1.2.7 ( #619 )
...
* Update module github.com/talos-systems/talos/pkg/machinery to v1.2.7
* [bot] Tidy all modules
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-22 14:18:13 +01:00
renovate[bot]
928fdcff76
Update google.golang.org/genproto digest to 1645502 ( #585 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-22 13:32:23 +01:00
renovate[bot]
fad198aa2e
Update module google.golang.org/api to v0.103.0 ( #595 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-21 14:45:48 +01:00
renovate[bot]
d7ace99a66
Update module google.golang.org/grpc to v1.51.0 ( #598 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-21 12:15:02 +01:00
Otto Bittner
bdd9dd922b
AB#2589: Deploy operators via Helm ( #575 )
...
* Only deploy operators on GCP/Azure.
* cert-manager is now deployed by default (GCP/Azure)
* remove OLM
2022-11-21 10:35:40 +01:00
renovate[bot]
6b7e470983
Update module github.com/talos-systems/talos/pkg/machinery to v1.2.6 ( #582 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-18 09:20:54 +01:00
renovate[bot]
5dc78b677b
Update google.golang.org/genproto digest to 41c2ba7 ( #503 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 18:49:17 +01:00
renovate[bot]
25c3fcd104
Update module github.com/schollz/progressbar/v3 to v3.12.1 ( #581 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 17:12:04 +01:00
renovate[bot]
fe36de8826
Update module golang.org/x/crypto to v0.3.0 ( #569 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 10:18:43 +01:00
renovate[bot]
ee47177029
Update module helm.sh/helm/v3 to v3.10.2 ( #555 )
...
* Update module helm.sh/helm/v3 to v3.10.2
* [bot] Tidy all modules
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-11-15 15:47:53 +01:00
Fabian Kammel
bb76a4e4c8
AB#2512 Config secrets via env var & config refactoring ( #544 )
...
* refactor measurements to use consistent types and less byte pushing
* refactor: only rely on a single multierr dependency
* extend config creation with envar support
* document changes
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-15 15:40:49 +01:00
renovate[bot]
9ef8a0846f
Update module github.com/spf13/afero to v1.9.3 ( #554 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-15 12:18:33 +01:00
renovate[bot]
c71eeffd1e
Update module github.com/sigstore/rekor to v1.0.1 ( #543 )
...
* Update module github.com/sigstore/rekor to v1.0.1
* quotes around string with spaces
* [bot] Tidy all modules
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: datosh <datosh@users.noreply.github.com>
2022-11-15 12:18:01 +01:00
Leonard Cohnen
c51694a51a
kubernetes: add hashes to components
2022-11-15 11:07:46 +01:00
Daniel Weiße
5efe05d933
AB#2525 clean up unused code ( #504 )
...
* Rename Metadata->Cloud
* Remove unused methods, functions, and variables
* More privacy for testing stubs
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-15 10:31:55 +01:00
Daniel Weiße
f41c54e837
AB#2524 Refactor Azure metadata/cloud API ( #477 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-15 09:08:18 +01:00
renovate[bot]
83cbc68cb6
Update module github.com/googleapis/gax-go/v2 to v2.7.0 ( #517 )
...
* Update module github.com/googleapis/gax-go/v2 to v2.7.0
* [bot] Tidy all modules
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-11-14 10:48:28 +01:00
renovate[bot]
5a29172474
Update K8s dependencies
2022-11-14 10:04:04 +01:00
Daniel Weiße
a07cab4b97
Update go-tpm dependency ( #533 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-14 09:02:56 +01:00
Paul Meyer
d025fe1e98
Remove transformers from k8sutil downloader
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-10 17:53:44 +01:00
renovate[bot]
e887dc7fcd
Update module github.com/aws/aws-sdk-go-v2/service/ec2 to v1.69.0 ( #515 )
...
* Update module github.com/aws/aws-sdk-go-v2/service/ec2 to v1.69.0
* [bot] Tidy all modules
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-11-10 11:56:45 +01:00
renovate[bot]
0720f95179
Update module cloud.google.com/go/storage to v1.28.0 ( #498 )
...
* Update module cloud.google.com/go/storage to v1.28.0
* [bot] Tidy all modules
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-11-10 11:43:36 +01:00
renovate[bot]
0c1637c700
Update module github.com/coreos/go-systemd/v22 to v22.5.0 ( #506 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-10 11:38:27 +01:00
renovate[bot]
52140ff7e5
Update module golang.org/x/crypto to v0.2.0 ( #507 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-10 08:01:51 +01:00
renovate[bot]
9af6923756
Update module golang.org/x/mod to v0.7.0 ( #508 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-09 18:44:07 +01:00
renovate[bot]
1c463bf10b
Update Azure SDK ( #493 )
...
* Update Azure SDK
* [bot] Tidy all modules
* fix breaking changes around New function in Azure SDK
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
Co-authored-by: Fabian Kammel <fk@edgeless.systems>
2022-11-09 12:09:22 +01:00
renovate[bot]
cf9693af24
Update Google cloud SDK ( #457 )
...
* Update Google cloud SDK
* [bot] Tidy all modules
* migrate from google.golang.org/genproto/googleapis/cloud/kms/v1 to cloud.google.com/go/kms/apiv1/kmspb
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
Co-authored-by: Fabian Kammel <fk@edgeless.systems>
2022-11-09 11:48:56 +01:00
renovate[bot]
ce0b3a8867
Update module golang.org/x/sys to v0.2.0 ( #491 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-09 11:09:07 +01:00
renovate[bot]
18439fc69b
Update module github.com/docker/docker to v20.10.21+incompatible ( #322 )
...
* Update module github.com/docker/docker to v20.10.21+incompatible
* [bot] Tidy all modules
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-11-09 11:07:15 +01:00
renovate[bot]
cb7b53a9c9
Update AWS SDK ( #490 )
...
* Update AWS SDK
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-11-09 11:03:06 +01:00
renovate[bot]
5f170709d6
Update k8s.io/utils digest to 8e77b1f ( #489 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-09 10:46:47 +01:00
renovate[bot]
34435e4396
Update k8s.io/utils digest to 1a15be2 ( #483 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-08 18:39:51 +01:00
renovate[bot]
934d173650
Update AWS SDK ( #412 )
...
* Update AWS SDK
* [bot] Tidy all modules
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-11-04 13:17:27 +01:00
renovate[bot]
8e44eb7ea5
Update module github.com/sigstore/rekor to v1 ( #453 )
...
* Update module github.com/sigstore/rekor to v1
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-11-04 12:45:45 +01:00
Leonard Cohnen
0430336fdf
metadata: implement GetLoadBalancerEndpoint for AWS
2022-11-02 23:29:04 +01:00
renovate[bot]
4b257616e4
Update k8s.io/utils digest to 61b03e2 ( #427 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-02 16:04:19 +01:00
renovate[bot]
67a99434e9
Update module github.com/sigstore/sigstore to v1.4.5 ( #383 )
...
* Update module github.com/sigstore/sigstore to v1.4.5
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-11-01 12:14:55 +01:00
Daniel Weiße
79f52e67cb
Update go-tpm-tools to fix AWS PCR selection ( #390 )
...
* Update go-tpm-tools to fix AWS PCR selection
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Ignore leaking glog go routine
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-28 17:57:24 +02:00
Paul Meyer
256f0e64b3
Upgrade Go version to 1.19
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-28 16:06:53 +02:00
renovate[bot]
4ef94834ed
Update module github.com/googleapis/gax-go/v2 to v2.6.0 ( #330 )
...
* Update module github.com/googleapis/gax-go/v2 to v2.6.0
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-28 09:33:29 +02:00
leongross
d457620941
AB#2458 AWS NitroTPM attestation ( #339 )
...
* add aws tpm attestation
* fix typos
* Fix return value issue
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2022-10-27 11:04:23 +02:00
renovate[bot]
8d82d8c0fa
Update module github.com/stretchr/testify to v1.8.1 ( #385 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-27 08:39:45 +02:00
renovate[bot]
8c01a6647f
Update module github.com/spf13/cobra to v1.6.1 ( #384 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-27 08:25:21 +02:00
renovate[bot]
9210ae5d04
Update google.golang.org/genproto digest to 527a21c ( #320 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-26 15:47:16 +02:00
renovate[bot]
c452f17ca2
Update module golang.org/x/mod to v0.6.0 ( #335 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-24 18:44:03 +02:00
Daniel Weiße
c82d5ccba9
Hide cursor and fix dots ( #217 )
...
* Hide cursor and fix dots spinner
* Allow restarting of spinner
* Don't spin on non TTY output
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-21 14:26:42 +02:00
renovate[bot]
56981a709e
Update module github.com/aws/aws-sdk-go-v2/service/kms to v1.18.13 ( #346 )
...
* Update module github.com/aws/aws-sdk-go-v2/service/kms to v1.18.13
* [bot] Tidy all modules
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-10-21 14:08:36 +02:00
renovate[bot]
02f1f5109a
Update module google.golang.org/grpc to v1.50.1
2022-10-21 13:28:03 +02:00
renovate[bot]
8cf6189cf0
Update module github.com/fsnotify/fsnotify to v1.6.0 ( #325 )
...
* Update module github.com/fsnotify/fsnotify to v1.6.0
* [bot] Tidy all modules
* Use event.Has function
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-10-20 10:16:20 +02:00
renovate[bot]
1d417029bf
Update module github.com/google/tink/go to v1.7.0
2022-10-19 13:37:16 +02:00
renovate[bot]
38ff8b70c7
Update module github.com/spf13/cobra to v1.6.0 ( #326 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-19 11:07:00 +02:00
renovate[bot]
37a9dbfad2
Update k8s dependencies ( #308 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-19 10:37:40 +02:00
renovate[bot]
f05bccb670
Update module github.com/Azure/azure-sdk-for-go/sdk/storage/azblob to v0.5.1 ( #269 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-19 08:57:09 +02:00
renovate[bot]
3e209b9456
Update module github.com/coreos/go-systemd/v22 to v22.4.0 ( #321 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-19 08:51:58 +02:00
renovate[bot]
9a1d795597
Update module github.com/Azure/azure-sdk-for-go/sdk/keyvault ( #267 )
...
* Update module github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys to v0.8.1
* Update module github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets to v0.10.1
* Adjust Azure KMS opts struct
* Update kms readme formatting
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-18 12:08:59 +02:00
renovate[bot]
ecdf5d5165
Update module golang.org/x/text to v0.3.8 ( #297 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-17 18:12:19 +02:00
renovate[bot]
71d4aac3f2
Update module github.com/docker/docker to v20.10.19+incompatible ( #271 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-17 15:40:59 +02:00
renovate[bot]
a998745e91
Update google.golang.org/genproto digest to 99cd37c ( #253 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-17 15:36:21 +02:00
renovate[bot]
51a0c746ca
Update golang.org/x/sys digest to 95e765b ( #257 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-17 11:12:04 +02:00
Malte Poll
397e61700d
Use upstream go-attestation ( #286 )
...
The reason for replacing the module was waiting for https://github.com/google/go-attestation/pull/284 to be merged.
2022-10-17 09:44:05 +02:00
Daniel Weiße
623cb6cdb5
AB#2479 Implement AWS cloud logging ( #232 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-17 09:05:45 +02:00
Daniel Weiße
19b67dc622
Update module github.com/aws/aws-sdk-go-v2/feature/s3/manager to v1.11.34
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-14 11:09:44 +02:00
renovate[bot]
0858117920
Update module github.com/aws/aws-sdk-go-v2/service/kms to v1.18.12
2022-10-14 10:51:00 +02:00
renovate[bot]
84a9f0bfb4
Update module github.com/aws/aws-sdk-go-v2/config to v1.17.8
2022-10-14 10:47:38 +02:00
renovate[bot]
def598a154
Update module github.com/Azure/azure-sdk-for-go/sdk/azcore to v1.1.4
2022-10-14 10:03:17 +02:00
renovate[bot]
c378cb19e1
Update golang.org/x/sys digest to 090e330 ( #252 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-13 17:24:48 +02:00
renovate[bot]
97a4778f0d
Update golang.org/x/crypto digest to 56aed06 ( #244 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-13 16:47:53 +02:00
katexochen
4c0ef09346
Tidy Go mods
2022-10-13 15:29:29 +02:00
Daniel Weiße
23afccb975
AB#2474 Implement List and Self method for AWS ( #229 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-12 13:40:38 +02:00
Fabian Kammel
57b8efd1ec
Improve measurements verification with Rekor ( #206 )
...
Fetched measurements are now verified using Rekor in addition to a signature check.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-10-11 13:57:52 +02:00
Daniel Weiße
0edae36e43
AB#2426 Mini Constellation ( #198 )
...
* Mini Constellation commands to quickly deploy a local Constellation cluster
* Download libvirt container image if not present locally
* Fix libvirt KVM permission issues by creating kvm group using host GID inside container
* Remove QEMU specific values from state file
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Nils Hanke <nils.hanke@outlook.com>
2022-10-07 09:38:43 +02:00
Daniel Weiße
acdcb535c0
AB#2444 Verify Azure trusted launch attestation keys ( #203 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-04 16:44:44 +02:00
Fabian Kammel
88a57fdb36
upgrade k8s 1.24.3 -> 1.24.6 ( #201 )
...
* upgrade k8s 1.24.3 -> 1.24.6
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-09-30 17:10:16 +02:00
katexochen
d973740b03
Use Terraform for create on GCP
2022-09-30 16:50:52 +02:00
Daniel Weiße
804c173d52
Use terraform in CLI to create QEMU cluster ( #172 )
...
* Use terraform in CLI to create QEMU cluster
* Dont allow qemu creation on os/arch other than linux/amd64
* Allow usage of --name flag for QEMU resources
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-09-26 15:52:31 +02:00
katexochen
97ef965a80
Tidy go mods
2022-09-22 09:10:19 +02:00
katexochen
ba6e41ed5c
Upgrade go module to v2
2022-09-22 09:10:19 +02:00
Malte Poll
c6f85ec4b6
Upgrade go-tuf in main go.mod ( #167 )
2022-09-16 20:08:50 +02:00
katexochen
f394183da7
Run go mod tidy
2022-09-13 15:58:38 +02:00
Fabian Kammel
2f871578b2
first implementation of SBOM generation ( #50 )
...
* first implementation of SBOM generation
* updated dependencies as per grype report
* hack: go mod tidy
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-09-02 16:49:59 +02:00
Daniel Weiße
ce02878019
AB#2308 / AB#2317 constellation upgrade plan ( #3 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-31 11:59:07 +02:00
Daniel Weiße
7c832273fd
AB#2309 constellation upgrade execute ( #2 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-29 16:49:44 +02:00
Fabian Kammel
0a3a4e9c7f
move util
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-29 16:07:55 +02:00
Fabian Kammel
9e43701d3c
Remove klog ( #376 )
...
* remove logging altogether
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-25 17:01:54 +02:00
katexochen
a02a46e454
Use multiple loadbalancers on GCP
2022-08-23 18:11:20 +02:00
Malte Poll
7575f7688a
replace github.com/google/go-attestation
...
workaround for https://github.com/google/go-attestation/issues/283
2022-08-19 14:39:36 +02:00
Fabian Kammel
059a3eacc0
Use consistent k8s version ( #373 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-17 15:25:05 +02:00
Malte Poll
397c9013ea
Remove azure-sdk-for-go/armnetwork replace directive ( #371 )
...
https: //github.com/Azure/azure-sdk-for-go/issues/18704 was resolved
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-17 11:19:40 +02:00
3u13r
9478303f80
deploy cilium via helmchart ( #321 )
2022-08-12 10:20:19 +02:00
Malte Poll
2c7129987a
Deploy operator-lifecycle-manager (OLM), node-maintenance-operator (NMO) and constellation-node-operator
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-11 10:48:50 +02:00
Malte Poll
f5fe4fe885
Replace armnetworks module until https://github.com/Azure/azure-sdk-for-go/issues/18704 is fixed
2022-08-05 10:35:38 +02:00
Malte Poll
081dfb5037
Upgrade Azure SDK
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-05 10:35:38 +02:00
Fabian Kammel
050e8fdc4a
AB#2159 Feat/cli/fetch measurements ( #301 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-01 09:37:05 +02:00
Thomas Tendyck
48d614c959
AB#2222 replace unlicensed passwd package with own implementation
2022-07-25 15:10:29 +02:00
Fabian Kammel
a931f6692f
Fix/bootstrapper regressions ( #274 )
...
* remove wireguard from e2e tests, conformance docs & config
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-15 11:53:14 +02:00
katexochen
66b573ea5d
Bootstrapper
2022-07-14 17:25:18 +02:00
katexochen
dea23604fb
Bootstrapper
2022-07-14 17:25:18 +02:00
katexochen
32f1f5fd3e
Delete Coordinator core and apis
2022-07-14 17:25:18 +02:00
Daniel Weiße
24cba8d91a
Use Constellation KMS instead of deprecated vpn API for requesting keys ( #248 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-07-05 09:48:47 +02:00
Nils Hanke
0653c20792
Upgrade to Cobra v1.5.0 & go mod tidy
2022-06-28 13:55:50 +02:00
Daniel Weiße
4842d29aff
AB#2111 Deploy activation service on cluster init ( #205 )
...
* Deploy activation service on cluster init
* Use base image with CA certificates for activation service
* Improve KMS server
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-15 16:00:48 +02:00
Fabian Kammel
84552ca8f7
AB#2104 Feat/azure logging ( #198 )
...
implementation for azure early boot logging
2022-06-10 13:18:30 +02:00
Daniel Weiße
b461c40c3a
Implement activation service
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-08 17:17:06 +02:00
Fabian Kammel
a15605475e
AB#2104 early boot logging ( #175 )
2022-06-03 11:55:18 +02:00
Leonard Cohnen
791d5564ba
replace flannel with cilium
2022-06-02 13:08:25 +02:00
Thomas Tendyck
2ba3c153de
AB#2117 cli: validate config ( #170 )
...
* AB#2117 cli: validate config
* update hack/go.mod
2022-05-23 15:01:39 +02:00
Malte Poll
14f6985fe3
Implement binary file installer & extractor
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-23 11:40:22 +02:00
Moritz Eckert
6dc97590fe
Enable and configure k8s audit-log ( #160 )
...
* Enable and configure k8s audit-log
* Update coordinator/kubernetes/k8sapi/kubeadm_config.go
Co-authored-by: Malte Poll <mp@edgeless.systems>
* add mount point for audit log dir in kubeadm conf
* Mount audit policy into kube-apiserver static pod
* Write default auditpolicy on cluster init / cluster join
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-05-20 17:30:37 +02:00
Paul Meyer
8e0f9491af
Create hack folder with independent modules ( #131 )
2022-05-17 11:14:23 +02:00
Fabian Kammel
b905c28515
AB#2061 Self Documenting Config File ( #143 )
...
Move firewall up into root config, remove VPC config & autogenerate comments in config file.
2022-05-16 18:54:25 +02:00
Daniel Weiße
437de8bcb1
Add function to retrieve real device path of mapped device
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-12 13:53:39 +02:00
Daniel Weiße
6b3d45dd09
Add resize functions
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-12 13:53:39 +02:00
Thomas Tendyck
d76703061b
cli: add minimal doc generator ( #129 )
...
* cli: add minimal doc generator
* fixup! cli: add
2022-05-11 09:20:37 +02:00
cm
c63d7126e7
AB#1943 Extract KMS package ( #56 )
...
* Extract kmsapi from coordinator
* Add kmsapi cmd server
2022-05-10 12:35:17 +02:00
katexochen
d83bc8727b
Replace k8s.io/klog with k8s.io/klog/v2
2022-05-04 17:16:40 +02:00
katexochen
d6eee42436
Bump k8s.io from v1.23.5 to v1.24.0
2022-05-04 17:16:40 +02:00
Daniel Weiße
901c783bc5
Remove replace directive for go-cryptsetup
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-22 08:58:49 +02:00
Malte Poll
98aced1b36
remove AWS nitro dependencies & add libcryptsetup
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-21 11:45:54 +02:00
Daniel Weiße
49a1a07049
AB#1902 Ping Coordinator from initramfs for key ( #53 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-12 14:24:36 +02:00
3u13r
1c0f52e04e
refactor cli vpn config ( #46 )
...
* refactor cli vpn config
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2022-04-12 14:20:46 +02:00
Thomas Tendyck
7315e80374
cli: add output before long-running actions
2022-04-05 16:23:48 +02:00
Daniel Weiße
ef5c85dad2
Add Azure storage tests
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-01 09:41:15 +02:00
katexochen
66fe34ee32
Write WireGuard config file on init
2022-03-31 15:43:25 +02:00
Daniel Weiße
752571bbf8
Upgrade go-cryptsetup to latest version
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-03-23 11:48:15 +01:00
Leonard Cohnen
2d8fcd9bf4
monorepo
...
Co-authored-by: Malte Poll <mp@edgeless.systems>
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
Co-authored-by: Benedict Schlueter <bs@edgeless.systems>
Co-authored-by: leongross <leon.gross@rub.de>
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
2022-03-22 16:09:39 +01:00