mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
19871ee422
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
5.8 KiB
5.8 KiB
Changelog
All notable changes to Constellation will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
Unreleased
Added
-
constellation config fetch-measurements
to download and verify measurements, and write them into config file. -
Kubernetes version is configured through an entry in
constellation-config.yaml
. -
Kubernetes version 1.24 is now supported.
-
Kubernetes version 1.22 is now supported.
-
Log the disk UUID to cloud logging for recovery.
-
Configurable disk type for Azure and GCP.
Changed
- Nodes add themselves to the cluster after
constellation init
is done - Owner ID and Unique ID merged into a single value: Cluster ID
Deprecated
Removed
- User facing WireGuard VPN
Fixed
- Correctly wait for
bootstrapper
to come online inconstellation init
Security
- Create Kubernetes CA signed kubelet certificates on activation.
- Add salt to key derivation
- Enable integrity protection of state disks.
Internal
1.3.1 - 2022-07-11
Changed
- Update default CoreOS image to latest version (1657199013).
Fixed
- Add load balancer path to Azure deployment so that PCR values can be read.
- Show correct version number in
constellation version
.
Removed
- Support for Azure
Standard_*_v3
types.
1.3.0 - 2022-07-05
Added
- Early boot logging for GCP and Azure. [Docs]
constellation-access-manager
allows users to manage SSH users over a ConfigMap. Enables persistent and dynamic management of SSH users on multiple nodes, even after a reboot. [Docs]- GCP-native Kubernetes load balancing. [Docs]
constellation version
prints more information to aid in troubleshooting. [Docs]- Standard logging for all services and CLI, allows users to control output in a consistent manner.
constellation-id.json
in Constellation workspace now holds cluster IDs, to reduce required arguments in Constellation commands, e.g.,constellation verify
.
Changed
- New
constellation-activation-service
offloads Kubernetes node activation from monolithic Coordinator to Kubernetes native micro-service. [ReadMe] - Improve user-friendliness of error messages in Constellation CLI.
- Move verification from extracting attestation statements out of aTLS handshake to a dedicated
verify-service
in Kubernetes with gRPC and HTTP endpoints.
Security
- GCP WireGuard encryption via cilium.
Internal
- Refactore folder structure of repository to better reflect
internal
implementation and public API. - Extend
goleak
checks to all tests.
1.2.0 - 2022-06-02
Changed
- Replace flannel CNI with Cilium.
1.1.0 - 2022-06-02
Added
- CLI
- Command
constellation recover
to re-initialize a completely stopped cluster. - Command
constellation config generate
to generate a default configuration file for a specific cloud provider.
- Command
- CSI
- Option to enable dm-integrity in a StorageClass.
- Support volume expansion.
- Support volume snapshots.
- KMS
- Deploy Key Management Service (KMS) in Constellation clusters to handle key derivation.
- Option to add SSH users on init.
Changed
- CLI UX
constellation create
now requires a configuration file. The usual workflow is to runconstellation config generate
first.- Consistent command format with at most one argument and named flags otherwise.
- Display usage when invalid arguments are passed.
- Add list of instance types to command help.
- Wording tweaks.
- CLI config
- Rename dev-config to config.
- Change format to YAML.
- Make it self-documenting.
- Validation.
- Rename PCRs to Measurements.
Removed
- Support for non-CVMs on GCP.
Fixed
- Pin Kubernetes version deployed by
kubeadm init
.
Security
- Replace single, never expiring Kubernetes join token with expiring unique tokens.
- Apply CIS benchmark for kubeadm clusterconf and kubelet conf.
- Enable Kubernetes audit log.
Internal
- Create GCP images in
constellation-images
project so that they can be shared with customers. - Add customer onboarding docs.
- Add E2E test as Github Action.
- Improvements to local QEMU testing.
- Preparations for mutual ATLS.
1.0.0 - 2022-04-28
Initial release of Constellation. With underlying WireGuard and Kubernetes compliant.