2022-07-05 14:07:15 +00:00
<!--
Styleguide for this document:
- Sentences should end with a period.
- This is the keepachangelog style, whereas the Microsoft Style Guide we use for other docs omits periods for short list items.
- Omit the verb if possible.
- "Early boot logging ..." instead of "Add early boot logging ...".
- If you need a verb, it should usually be imperative mood (Add instead of Added).
- Items should start with a capital letter.
-->
2022-05-27 14:53:16 +00:00
# Changelog
2022-07-29 07:52:47 +00:00
2022-05-27 14:53:16 +00:00
All notable changes to Constellation will be documented in this file.
The format is based on [Keep a Changelog ](https://keepachangelog.com/en/1.0.0/ ),
and this project adheres to [Semantic Versioning ](https://semver.org/spec/v2.0.0.html ).
2022-08-12 13:59:45 +00:00
2022-05-27 14:53:16 +00:00
## [Unreleased]
2022-08-12 13:59:45 +00:00
2022-10-07 15:51:19 +00:00
### Added
2022-11-15 14:40:49 +00:00
- Environment variable `CONSTELL_AZURE_CLIENT_SECRET_VALUE` as an alternative way to provide the configuration value `provider.azure.clientSecretValue` .
2022-10-07 15:51:19 +00:00
2022-11-18 14:47:01 +00:00
- Automatic CSI driver deployment for Azure and GCP during Constellation init
2022-11-18 09:05:02 +00:00
2022-11-14 18:09:49 +00:00
- Improve reproducibility by pinning the Kubernetes components.
2022-10-07 15:51:19 +00:00
### Changed
<!-- For changes in existing functionality. -->
2022-11-21 09:35:40 +00:00
- Constellation operators are now deployed using Helm.
2022-11-22 16:27:29 +00:00
- OS images are now configured globally in the `images` field of the configuration file.
2022-11-08 17:32:59 +00:00
### Deprecated
<!-- For soon - to - be removed features. -->
### Removed
<!-- For now removed features. -->
2022-11-11 07:44:36 +00:00
- `access-manager` was removed from code base. K8s native way to SSH into nodes documented.
2022-11-18 09:24:45 +00:00
### Fixed
2022-11-16 10:13:10 +00:00
### Security
<!-- For security related changes. -->
2022-11-17 09:33:36 +00:00
### Fixed
- `constellation create` on GCP now always uses the local default credentials.
2022-11-16 10:13:10 +00:00
2022-11-18 09:24:45 +00:00
## [2.2.2] - 2022-11-17
### Fixed
- `constellation create` on GCP now always uses the local default credentials.
- A release process error encountered in v2.2.1. This led to a broken QEMU-based Constellation deployment, where PCR[8] didn't match.
## [2.2.1] - 2022-11-16
2022-11-16 10:13:10 +00:00
### Changed
- Increase timeout for `constellation config fetch-measurements` from 3 seconds to 60 seconds.
- Consistently log CLI warnings and errors to `stderr` .
2022-11-14 08:28:06 +00:00
### Security
Vulnerabilities in `kube-apiserver` fixed by upgrading to v1.23.14, v1.24.8 and v1.25.4:
- [CVE-2022-3162 ](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3162 )
- [CVE-2022-3294 ](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3294 )
2022-11-08 17:32:59 +00:00
## [2.2.0] - 2022-11-08
### Added
- Sign generated SBOMs and store container image SBOMs in registry for easier usage.
- Support for Constellation on AWS.
- Constellation Kubernetes services are now managed using Helm.
- Use tags to mark all applicable resources using a Constellation's UID on Azure.
- Use labels to mark all applicable resources using a Constellation's UID on GCP.
### Changed
2022-10-11 11:57:52 +00:00
- Verify measurements using [Rekor ](https://github.com/sigstore/rekor ) transparency log.
2022-10-06 09:52:19 +00:00
- The `constellation create` on Azure now uses Terraform to create and destroy cloud resources.
2022-10-13 15:27:25 +00:00
- Constellation OS images are now based on Fedora directly and are built using [mkosi ](https://github.com/systemd/mkosi ).
2022-10-31 16:01:50 +00:00
- `constellation terminate` will now prompt the user for confirmation before destroying any resources (can be skipped with `--yes` ).
2022-11-08 17:32:59 +00:00
- Use the `constellation-role` tag instead of `role` to indicate an instance's role on Azure.
- Use labels instead of metadata to apply the `constellation-uid` and `constellation-role` tags on GCP.
2022-10-11 11:57:52 +00:00
2022-10-07 15:51:19 +00:00
### Deprecated
2022-11-08 17:32:59 +00:00
- `access-manager` is no longer deployed.
2022-10-07 15:51:19 +00:00
### Removed
2022-11-08 17:32:59 +00:00
2022-10-06 15:20:02 +00:00
- `endpoint` flag of `constellation init` . IP is now always taken from the `constellation-id.json` file.
2022-10-11 10:24:33 +00:00
- `constellation-state.json` file won't be created anymore. Resources are now managed through Terraform.
2022-10-06 15:20:02 +00:00
2022-10-07 15:51:19 +00:00
### Fixed
### Security
### Internal
## [2.1.0] - 2022-10-07
2022-08-02 16:49:55 +00:00
### Added
2022-08-09 07:13:05 +00:00
2022-10-14 08:48:20 +00:00
- MiniConstellation: Try out Constellation locally without any cloud subscription required just with one command: `constellation mini up`
2022-09-14 11:25:42 +00:00
- Loadbalancer for control-plane recovery
2022-09-20 08:07:55 +00:00
- K8s conformance mode
2022-09-26 13:52:31 +00:00
- Local cluster creation based on QEMU
2022-10-04 14:44:44 +00:00
- Verification of Azure trusted launch attestation keys
2022-10-06 08:43:46 +00:00
- Kubernetes version v1.25 is now fully supported.
2022-09-28 08:49:13 +00:00
- Enabled Konnectivity.
2022-09-14 11:25:42 +00:00
2022-08-19 12:58:07 +00:00
### Changed
2022-08-16 16:48:33 +00:00
<!-- For changes in existing functionality. -->
2022-09-19 13:09:35 +00:00
- Autoscaling is now directly managed inside Kubernetes, by the Constellation node operator.
2022-09-27 07:22:29 +00:00
- The `constellation create` on GCP now uses Terraform to create and destroy cloud resources.
- GCP instances are now created without public IPs by default.
2022-10-06 08:43:46 +00:00
- Kubernetes default version used in Constellation is now v1.24.
2022-08-19 12:58:07 +00:00
### Deprecated
<!-- For soon - to - be removed features. -->
### Removed
<!-- For now removed features. -->
2022-09-19 13:09:35 +00:00
- CLI options for autoscaling, as this is now managed inside Kubernetes.
2022-10-06 08:43:46 +00:00
- Kubernetes version v1.22 is no longer supported.
2022-08-29 12:43:01 +00:00
2022-08-19 12:58:07 +00:00
### Fixed
### Security
2022-10-06 17:31:12 +00:00
Vulnerability inside the Go standard library fixed by updating to Go 1.19.2:
- [GO-2022-1037 ](https://pkg.go.dev/vuln/GO-2022-1037 ) ([CVE-2022-2879](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879))
- [GO-2022-1038 ](https://pkg.go.dev/vuln/GO-2022-1038 ) ([CVE-2022-2880](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880))
- [GO-2022-0969 ](https://pkg.go.dev/vuln/GO-2022-0969 ) ([CVE-2022-27664](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664))
2022-08-19 12:58:07 +00:00
### Internal
2022-09-12 13:17:27 +00:00
## [2.0.0] - 2022-09-12
2022-07-29 07:52:47 +00:00
2022-09-12 13:17:27 +00:00
Initial release of Constellation.
2022-05-27 14:53:16 +00:00
2022-10-07 15:51:19 +00:00
[Unreleased]: https://github.com/edgelesssys/constellation/compare/v2.1.0...HEAD
[2.1.0]: https://github.com/edgelesssys/constellation/compare/v2.0.0...v2.1.0
2022-09-12 13:17:27 +00:00
[2.0.0]: https://github.com/edgelesssys/constellation/releases/tag/v2.0.0