constellation/CHANGELOG.md
Fabian Kammel bb76a4e4c8
AB#2512 Config secrets via env var & config refactoring (#544)
* refactor measurements to use consistent types and less byte pushing
* refactor: only rely on a single multierr dependency
* extend config creation with envar support
* document changes
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-15 15:40:49 +01:00

4.5 KiB

Changelog

All notable changes to Constellation will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Unreleased

Added

  • Environment variable CONSTELL_AZURE_CLIENT_SECRET_VALUE as an alternative way to provide the configuration value provider.azure.clientSecretValue.

Changed

Deprecated

Removed

  • access-manager was removed from code base. K8s native way to SSH into nodes documented.

Security

Vulnerabilities in kube-apiserver fixed by upgrading to v1.23.14, v1.24.8 and v1.25.4:

[2.2.0] - 2022-11-08

Added

  • Sign generated SBOMs and store container image SBOMs in registry for easier usage.
  • Support for Constellation on AWS.
  • Constellation Kubernetes services are now managed using Helm.
  • Use tags to mark all applicable resources using a Constellation's UID on Azure.
  • Use labels to mark all applicable resources using a Constellation's UID on GCP.

Changed

  • Verify measurements using Rekor transparency log.
  • The constellation create on Azure now uses Terraform to create and destroy cloud resources.
  • Constellation OS images are now based on Fedora directly and are built using mkosi.
  • constellation terminate will now prompt the user for confirmation before destroying any resources (can be skipped with --yes).
  • Use the constellation-role tag instead of role to indicate an instance's role on Azure.
  • Use labels instead of metadata to apply the constellation-uid and constellation-role tags on GCP.

Deprecated

  • access-manager is no longer deployed.

Removed

  • endpoint flag of constellation init. IP is now always taken from the constellation-id.json file.
  • constellation-state.json file won't be created anymore. Resources are now managed through Terraform.

Fixed

Security

Internal

2.1.0 - 2022-10-07

Added

  • MiniConstellation: Try out Constellation locally without any cloud subscription required just with one command: constellation mini up
  • Loadbalancer for control-plane recovery
  • K8s conformance mode
  • Local cluster creation based on QEMU
  • Verification of Azure trusted launch attestation keys
  • Kubernetes version v1.25 is now fully supported.
  • Enabled Konnectivity.

Changed

  • Autoscaling is now directly managed inside Kubernetes, by the Constellation node operator.
  • The constellation create on GCP now uses Terraform to create and destroy cloud resources.
  • GCP instances are now created without public IPs by default.
  • Kubernetes default version used in Constellation is now v1.24.

Deprecated

Removed

  • CLI options for autoscaling, as this is now managed inside Kubernetes.
  • Kubernetes version v1.22 is no longer supported.

Fixed

Security

Vulnerability inside the Go standard library fixed by updating to Go 1.19.2:

Internal

2.0.0 - 2022-09-12

Initial release of Constellation.