2022-07-05 10:07:15 -04:00
|
|
|
<!--
|
|
|
|
|
|
|
|
Styleguide for this document:
|
|
|
|
|
|
|
|
- Sentences should end with a period.
|
|
|
|
- This is the keepachangelog style, whereas the Microsoft Style Guide we use for other docs omits periods for short list items.
|
|
|
|
- Omit the verb if possible.
|
|
|
|
- "Early boot logging ..." instead of "Add early boot logging ...".
|
|
|
|
- If you need a verb, it should usually be imperative mood (Add instead of Added).
|
|
|
|
- Items should start with a capital letter.
|
|
|
|
|
|
|
|
-->
|
|
|
|
|
2022-05-27 10:53:16 -04:00
|
|
|
# Changelog
|
2022-07-29 03:52:47 -04:00
|
|
|
|
2022-05-27 10:53:16 -04:00
|
|
|
All notable changes to Constellation will be documented in this file.
|
|
|
|
|
|
|
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
|
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
2022-08-12 09:59:45 -04:00
|
|
|
|
2022-05-27 10:53:16 -04:00
|
|
|
## [Unreleased]
|
2022-08-12 09:59:45 -04:00
|
|
|
|
2022-10-07 11:51:19 -04:00
|
|
|
### Added
|
|
|
|
|
|
|
|
### Changed
|
|
|
|
<!-- For changes in existing functionality. -->
|
2022-11-08 12:32:59 -05:00
|
|
|
|
|
|
|
### Deprecated
|
|
|
|
<!-- For soon-to-be removed features. -->
|
|
|
|
|
|
|
|
### Removed
|
|
|
|
<!-- For now removed features. -->
|
2022-11-11 02:44:36 -05:00
|
|
|
- `access-manager` was removed from code base. K8s native way to SSH into nodes documented.
|
|
|
|
|
2022-11-14 03:28:06 -05:00
|
|
|
### Security
|
|
|
|
|
|
|
|
Vulnerabilities in `kube-apiserver` fixed by upgrading to v1.23.14, v1.24.8 and v1.25.4:
|
|
|
|
- [CVE-2022-3162](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3162)
|
|
|
|
- [CVE-2022-3294](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3294)
|
|
|
|
|
2022-11-08 12:32:59 -05:00
|
|
|
|
|
|
|
## [2.2.0] - 2022-11-08
|
|
|
|
|
|
|
|
### Added
|
|
|
|
|
|
|
|
- Sign generated SBOMs and store container image SBOMs in registry for easier usage.
|
|
|
|
- Support for Constellation on AWS.
|
|
|
|
- Constellation Kubernetes services are now managed using Helm.
|
|
|
|
- Use tags to mark all applicable resources using a Constellation's UID on Azure.
|
|
|
|
- Use labels to mark all applicable resources using a Constellation's UID on GCP.
|
|
|
|
|
|
|
|
### Changed
|
|
|
|
|
2022-10-11 07:57:52 -04:00
|
|
|
- Verify measurements using [Rekor](https://github.com/sigstore/rekor) transparency log.
|
2022-10-06 05:52:19 -04:00
|
|
|
- The `constellation create` on Azure now uses Terraform to create and destroy cloud resources.
|
2022-10-13 11:27:25 -04:00
|
|
|
- Constellation OS images are now based on Fedora directly and are built using [mkosi](https://github.com/systemd/mkosi).
|
2022-10-31 12:01:50 -04:00
|
|
|
- `constellation terminate` will now prompt the user for confirmation before destroying any resources (can be skipped with `--yes`).
|
2022-11-08 12:32:59 -05:00
|
|
|
- Use the `constellation-role` tag instead of `role` to indicate an instance's role on Azure.
|
|
|
|
- Use labels instead of metadata to apply the `constellation-uid` and `constellation-role` tags on GCP.
|
2022-10-11 07:57:52 -04:00
|
|
|
|
2022-10-07 11:51:19 -04:00
|
|
|
### Deprecated
|
2022-11-08 12:32:59 -05:00
|
|
|
|
|
|
|
- `access-manager` is no longer deployed.
|
|
|
|
|
2022-10-07 11:51:19 -04:00
|
|
|
### Removed
|
2022-11-08 12:32:59 -05:00
|
|
|
|
2022-10-06 11:20:02 -04:00
|
|
|
- `endpoint` flag of `constellation init`. IP is now always taken from the `constellation-id.json` file.
|
2022-10-11 06:24:33 -04:00
|
|
|
- `constellation-state.json` file won't be created anymore. Resources are now managed through Terraform.
|
2022-10-06 11:20:02 -04:00
|
|
|
|
2022-10-07 11:51:19 -04:00
|
|
|
### Fixed
|
|
|
|
|
|
|
|
### Security
|
|
|
|
|
|
|
|
### Internal
|
|
|
|
|
|
|
|
## [2.1.0] - 2022-10-07
|
|
|
|
|
2022-08-02 12:49:55 -04:00
|
|
|
### Added
|
2022-08-09 03:13:05 -04:00
|
|
|
|
2022-10-14 04:48:20 -04:00
|
|
|
- MiniConstellation: Try out Constellation locally without any cloud subscription required just with one command: `constellation mini up`
|
2022-09-14 07:25:42 -04:00
|
|
|
- Loadbalancer for control-plane recovery
|
2022-09-20 04:07:55 -04:00
|
|
|
- K8s conformance mode
|
2022-09-26 09:52:31 -04:00
|
|
|
- Local cluster creation based on QEMU
|
2022-10-04 10:44:44 -04:00
|
|
|
- Verification of Azure trusted launch attestation keys
|
2022-10-06 04:43:46 -04:00
|
|
|
- Kubernetes version v1.25 is now fully supported.
|
2022-09-28 04:49:13 -04:00
|
|
|
- Enabled Konnectivity.
|
2022-09-14 07:25:42 -04:00
|
|
|
|
2022-08-19 08:58:07 -04:00
|
|
|
### Changed
|
2022-08-16 12:48:33 -04:00
|
|
|
<!-- For changes in existing functionality. -->
|
2022-09-19 09:09:35 -04:00
|
|
|
- Autoscaling is now directly managed inside Kubernetes, by the Constellation node operator.
|
2022-09-27 03:22:29 -04:00
|
|
|
- The `constellation create` on GCP now uses Terraform to create and destroy cloud resources.
|
|
|
|
- GCP instances are now created without public IPs by default.
|
2022-10-06 04:43:46 -04:00
|
|
|
- Kubernetes default version used in Constellation is now v1.24.
|
2022-08-19 08:58:07 -04:00
|
|
|
|
|
|
|
### Deprecated
|
|
|
|
<!-- For soon-to-be removed features. -->
|
|
|
|
### Removed
|
|
|
|
<!-- For now removed features. -->
|
2022-09-19 09:09:35 -04:00
|
|
|
- CLI options for autoscaling, as this is now managed inside Kubernetes.
|
2022-10-06 04:43:46 -04:00
|
|
|
- Kubernetes version v1.22 is no longer supported.
|
2022-08-29 08:43:01 -04:00
|
|
|
|
2022-08-19 08:58:07 -04:00
|
|
|
### Fixed
|
|
|
|
|
|
|
|
### Security
|
2022-10-06 13:31:12 -04:00
|
|
|
Vulnerability inside the Go standard library fixed by updating to Go 1.19.2:
|
|
|
|
- [GO-2022-1037](https://pkg.go.dev/vuln/GO-2022-1037) ([CVE-2022-2879](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879))
|
|
|
|
- [GO-2022-1038](https://pkg.go.dev/vuln/GO-2022-1038) ([CVE-2022-2880](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880))
|
|
|
|
- [GO-2022-0969](https://pkg.go.dev/vuln/GO-2022-0969) ([CVE-2022-27664](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664))
|
|
|
|
|
2022-08-19 08:58:07 -04:00
|
|
|
### Internal
|
|
|
|
|
2022-09-12 09:17:27 -04:00
|
|
|
## [2.0.0] - 2022-09-12
|
2022-07-29 03:52:47 -04:00
|
|
|
|
2022-09-12 09:17:27 -04:00
|
|
|
Initial release of Constellation.
|
2022-05-27 10:53:16 -04:00
|
|
|
|
2022-10-07 11:51:19 -04:00
|
|
|
[Unreleased]: https://github.com/edgelesssys/constellation/compare/v2.1.0...HEAD
|
|
|
|
[2.1.0]: https://github.com/edgelesssys/constellation/compare/v2.0.0...v2.1.0
|
2022-09-12 09:17:27 -04:00
|
|
|
[2.0.0]: https://github.com/edgelesssys/constellation/releases/tag/v2.0.0
|