Releases: edgelesssys/constellation
Releases · edgelesssys/constellation
v2.14.0
What's Changed
🎁 New features
- terraform-provider: first release of the Terraform provider for full lifecycle cluster management in Terraform by @daniel-weisse, @elchead and @msanft
- Enable Cilium node-to-node strict encryption by @3u13r in #2462
- cli: enable
constellation applyto create new clusters by @daniel-weisse in #2549 - docs: add Helm chart for VPN connectivity by @burgerdev in #2577
- aws: reintroduce SNP-based attestation by @derpsteb in #2601
- Make Kubernetes serviceCIDR configurable in config by @3u13r in #2660
- terraform: Azure Marketplace image support by @msanft in #2651
- image: reproducible builds test by @malt3 in #2707
- deps: update cert manager to 1.12.6 by @3u13r in #2700
- deps: pin cert-manager image to sha256 checksum by @elchead in #2721
- deps: pin Kubernetes container image hashes by @burgerdev in #2719
🐛 Bug fixes
- cli: fix panic in status cmd without conf file by @elchead in #2625
- api: respect
HTTP(S)_PROXYenvironment variable by @msanft in #2635
New Contributors
- @burgerdev made their first contribution in #2576
Full Changelog: v2.13.0...v2.14.0
Contributors
malt3, burgerdev, and 5 other contributors
Assets 17
v2.13.0
What's Changed
🎁 New features
- cli: add field docs to the state file by @msanft in #2453
- cli: generate state file during
constellation config generateby @msanft in #2455 - Support internal load balancers by @3u13r in #2388
- cli: add
constellation applycommand to replaceinitandupgrade applyby @daniel-weisse in #2484 - cli: state file validation by @msanft in #2523
- terraform: Terraform module for AWS by @elchead in #2503
- terraform: Terraform module for GCP by @elchead in #2553
- terraform: Terraform module for Azure by @msanft in #2566
🐛 Bug fixes
- helm: add GCP CCM permissions for internal LBs by @3u13r in #2474
- [Windows] cli: fix incorrect filepath separator causing upgrades to fail by @daniel-weisse in #2562
🔧 Other changes
- docs: add new page to document s3proxy by @derpsteb in #2417
- docs: extend filestash example with more regions by @derpsteb in #2445
- docs: document self-managed infrastructure by @msanft in #2458
- hack: remove GCP internal LB by @3u13r in #2502
- docs: refer to apply command instead of
initorupgrade applyby @daniel-weisse in #2487 - docs: align self-managed infrastructure docs with e2e worfklow by @msanft in #2525
New Contributors
Full Changelog: v2.12.0...v2.13.0
Contributors
derpsteb, 3u13r, and 4 other contributors
Assets 17
v2.12.0
What's Changed
🛠 Breaking changes
🎁 New features
- cli: perform upgrades in-place in Terraform workspace by @msanft in #2317
- s3proxy: add initial implementation by @derpsteb in #2385
🐛 Bug fixes
- cli: temporarily increase AWS ASG creation timeout by @msanft in #2340
- cli: report log collection failure to user by @daniel-weisse in #2354
🔧 Other changes
- joinservice: cache certificates for Azure SEV-SNP attestation by @msanft in #2336
- docs: add observability page by @m1ghtym0 in #2384
- docs: document gcp permissions needed for upgrade by @3u13r in #2378
- cli: use state file on init and upgrade by @msanft in #2395
Full Changelog: v2.11.0...v2.12.0
Contributors
m1ghtym0, derpsteb, and 4 other contributors
Assets 16
v2.11.0
What's Changed
🛠 Breaking changes
🎁 New features
- attestation: print ordered measurement verification warnings and errors by @daniel-weisse in #2237
- deps: support Kubernetes 1.28 by @3u13r in #2242
- cli: add spinner to helm chart installation by @daniel-weisse in #2270
- cli: save Helm charts to disk before running upgrades by @daniel-weisse in #2305
- cli: new flag to skip phases of upgrade by @elchead in #2310
🐛 Bug fixes
- cli: fix incorrect file path for master secret during upgrades when using workspace flag by @daniel-weisse in #2249
- cli: fix upgrade by passing placeholder values for images by @elchead in #2250
- cli: fix incorrect actual values for constellation verify on AWS by @3u13r in #2265
- ci: fix incorrect signing key for sbom signature and wrong public key in release artifacts by @daniel-weisse in #2296
- cli: correctly trim white spaces for certificates in
verifyby @daniel-weisse in #2299 - cli: retry helm apply on any error by @daniel-weisse in #2322
- node-operator: fix data race in executor by @elchead in #2326
🔧 Other changes
- deps: limit Terraform version to FOSS releases by @thomasten in #2241
- docs: document upgrade backup files by @msanft in #2275
- docs: add vault performance benchmarks by @m1ghtym0 in #2271
- image: move idle and nosmt to aws-only images by @derpsteb in #2297
Full Changelog: v2.10.1...v2.11.0
Contributors
m1ghtym0, derpsteb, and 5 other contributors
Assets 16
v2.10.1
What's Changed
🐛 Bug fixes
- cli: fix upgrade by passing placeholder values for images by @3u13r and @elchead in #2250
- cli: fix incorrect file path for master secret during upgrades when using workspace flag by @daniel-weisse in #2249
Full Changelog: v2.10.0...v2.10.1
Contributors
3u13r, elchead, and daniel-weisse
Assets 16
v2.10.0
What's Changed
🛠 Breaking changes
- Use new
aws-load-balancer-controllerto fix SecurityGroup cleanup on K8s service deletion by @elchead in #2090 - cli: add
--workspaceflag to set base directory for Constellation workspace by @daniel-weisse in #2148
🎁 New features
- Create additional node groups with custom instance types, disk settings and independent scaling #2152
- Placement of node groups in different zones for high availability #2152
- Enable volume snapshot support if CSI drivers are deployed to the cluster by @daniel-weisse in #1964
- bootstrapper: add fallback endpoint and custom endpoint to apiserver certificate SAN field by @malt3 in #2108
- cli: add
iam upgrade applyby @elchead in #2132 - cli: output CSI driver versions on
statusby @daniel-weisse in #2128 - cli: print vcek certificate extensions and snp attestation report during verify by @katexochen in #2140
- cli: add maa token to the output of
verifycommand by @katexochen in #2172
🐛 Bug fixes
- cli: do not recreate os disk during upgrade by keeping Azure ConfidentialVM setting during upgrade by @malt3 in #2113
- image: fix deadlock on boot by using AWS linux kernel by @daniel-weisse in #2115
- disk-mapper: allow rebooted but uninitialized node to join the cluster by @daniel-weisse in #2083
- cli: do not recreate LB IP during 2.9 upgrade on Azure by @derpsteb in #2117
- image: synchronize time via ntp by @malt3 in #2118
- cli: retry during upgrade when node image update fails due to conflict error by @elchead in #2123
- cli: fix version check for CSI chart by @daniel-weisse in #2209
🔧 Other changes
Full Changelog: v2.9.0...v2.10.0
Contributors
malt3, derpsteb, and 3 other contributors
Assets 16
v2.9.1
What's Changed
🐛 Bug fixes
- cli: do not recreate os disk during upgrade by keeping Azure ConfidentialVM setting during upgrade by @malt3 in #2113
- image: fix deadlock on boot by using AWS linux kernel on AWS by @daniel-weisse in #2115
- cli: do not recreate LB IP during 2.9 upgrade on Azure by @derpsteb in #2117
- image: synchronize time via ntp by @malt3 in #2118
Full Changelog: v2.9.0...v2.9.1
Contributors
malt3, derpsteb, and daniel-weisse
Assets 16
v2.9.0
What's Changed
🛠 Breaking changes
- config: drop support for deprecated Azure's service principal authentication by @elchead in #1906
- cli: change generate-config flag to update-config flag by @miampf in #1897
🎁 New features
- attestation: add
awsSEVSNPas new variant by @derpsteb in #1900 - cli:
statusshows attestation config by @elchead in #2056 - experimental Windows variant of the Constellation cli by @malt3 in #2075
- config: support 'latest' as TCB version value for Azure SEV-SNP by @elchead in #1899
🐛 Bug fixes
- bootstraper: fix 'cannot re-use a name that is still in use' error during init by @daniel-weisse in #1977
🔧 Other changes
- cli: store upgrade files in versioned folders by @msanft in #1929
- cli:
upgrade apply --forceskips all compatibility checks by @elchead in #1940 - cli: deploy aws csi driver per default by @msanft in #1981
- csi: add required policies for aws csi driver by @msanft in #1945
- cli: fail fast when CLI and Constellation versions don't match by @elchead in #1972
- docs: explain the role of PCR[10] and why it is not reproducible by @malt3 in #2011
Full Changelog: v2.8.0...v2.9.0
Contributors
malt3, derpsteb, and 4 other contributors
Assets 16
v2.8.0
What's Changed
🛠 Breaking changes
- config: add separate option for handling attestation parameters by @daniel-weisse in #1623
🎁 New features
- Terraform log support by @msanft in #1620
- OpenStack service type loadbalancer (yawol) by @malt3 in #1705
- deps: add Kubernetes v1.27, remove Kubernetes v1.24 by @katexochen in #1669
- cli: OpenStack encrypted csi block storage (cinder) by @m1ghtym0 in #1771
- cli: new flag to set the attestation type for
config generateby @elchead in #1769 - Add autoscaling and cluster upgrade support for AWS by @3u13r in #1758
- cli: Terraform migrations on upgrade by @msanft in #1685
🐛 Bug fixes
🔧 Other changes
- docs: add short explanation on attestation config options by @daniel-weisse in #1654
- docs: update state of clouds by @m1ghtym0 in #1732
New Contributors
Full Changelog: v2.7.1...v2.8.0
Contributors
malt3, m1ghtym0, and 6 other contributors
Assets 14
v2.7.1
What's Changed
🐛 Bug fixes
- fix broken configuration generation in the macOS CLI by @malt3 in #1632
- cli: fix misleading error while applying kubernetes-only upgrade by @derpsteb in #1630
- cli: fix
constellation iam destroyerror on Azure by force-deleting resource group by @msanft in #1667 - upgrade: fix 2.6 -> 2.7 migration for 2.7.1 patch by @derpsteb in #1649
- cli: create namespaced folders for upgrade backups in
upgrade applyby @derpsteb in #1702
Full Changelog: v2.7.0...v2.7.1
Contributors
malt3, derpsteb, and msanft