Releases: edgelesssys/constellation
v2.16.4
Whats changed
This patch release adds optional IAM permissions to support AWS Application Load Balancers.
Run constellation iam upgrade apply
to add these permissions to an existing Constellation.
🐛 Bug fixes
- helm: disable cilium ipmasq agent when in conformance mode by @3u13r
- terraform: add missing policies for AWS ALB by @burgerdev
- attestation: dont set a default for TDX MRSEAM by @daniel-weisse
- deps: upgrade terraform provider stackit to 0.17.0 by @malt3 and @burgerdev
- snp: ensure we never use ARK supplied by Issuer by @daniel-weisse
- kubecmd: retry any k8s errors in CLI and Terraform by @daniel-weisse
Full Changelog: v2.16.3...v2.16.4
v2.16.3
This release patches the following security vulnerability in Constellation:
Whats changed
🐛 Bug fixes
- helm: firewall pods by @burgerdev in 5507982
Full Changelog: v2.16.2...v2.16.3
v2.16.2
This release fixes an issue which could prevent Constellation cluster creation with Azure SEV-SNP.
Whats changed
🐛 Bug fixes
- increase TLS maxHandshake size to fix deployments on Azure SEV-SNP by @malt3 in #3009
- helm: manually retry uninstalling a failed release during
constellation apply
by @burgerdev in #2984
🔧 Other changes
- terraform: update terraform provider STACKIT to v0.15.1 by @burgerdev in #3007
Full Changelog: v2.16.1...v2.16.2
v2.16.1
This release improves the user experience on STACKIT. Users on other platforms can safely skip this version.
What's Changed
🎁 New features
🐛 Bug fixes
🔧 Other changes
- simplify configuration by reading STACKIT related credentials from canonical locations
- improve STACKIT related documentation
Full Changelog: v2.16.0...v2.16.1
v2.16.0
v2.15.1
What's Changed
🛠 Breaking changes
- Prepare for EOL of classic Azure Application insights by removing cloud loggers, by @msanft in #2892
Full Changelog: v2.15.0...v2.15.1
v2.15.0
What's Changed
🛠 Breaking changes
Important
An upgrade from v2.14.0
to v2.15.0
will require you to explicitly specify the microservice version in your Terraform configuration and re-apply the changed configuration while still on provider version v2.14.0
before upgrading to the provider version v2.15.0
.
🎁 New features
- Add pod disruption budgets so the cluster-autoscaler is able to move kube-admin namespaced resources by @3u13r in #2781
- cli: support for GCP marketplace images by @msanft in #2792
- attestation: enable Constellation for Azure TDX by @daniel-weisse in #2827
🐛 Bug fixes
- terraform-provider: fix parsing
api_server_cert_sans
by @3u13r in #2758 - helm: masq traffic to the mini-qemu-metadata container so that the join-service can retrieve its metadata by @3u13r in #2782
- cli: fix AWS SEV-SNP latest version resolution in cluster by @elchead in #2810
- terraform-provider: validate microservice and image version during plan by @elchead in #2814
- operator: fix node upgrades when using Azure marketplace images by @msanft in #2846
- cilium: performance fixes and reproducible images by @burgerdev @3u13r in #2855
🔧 Other changes
Full Changelog: v2.14.3...v2.15.0
v2.14.3
What's Changed
🐛 Bug fixes
- helm: masq traffic to the mini-qemu-metadata container so that the join-service can retrieve it's metadata by @3u13r in #2782
- node-operator: allow the upgrade process to succeed by correctly setting the communityGallery VM image in Azure by @elchead in #2788
Full Changelog: v2.14.2...v2.14.3