Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-09-19 15:56:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
a9ed8c0191
constellation/CHANGELOG.md
Thomas Tendyck 92d97e117a docs: improve wording
2022-12-01 12:07:04 +01:00

6.0 KiB
Raw Blame History

Changelog

All notable changes to Constellation will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Unreleased

Added

  • Environment variable CONSTELL_AZURE_CLIENT_SECRET_VALUE as an alternative way to provide the configuration value provider.azure.clientSecretValue.

  • Automatic CSI driver deployment for Azure and GCP during Constellation init

  • Improve reproducibility by pinning the Kubernetes components.

  • Client verification during constellation init

  • Release CLI with SLSA Level 3 requirements.

Changed

  • Constellation operators are now deployed using Helm.
  • Updated the config version to v2. Check how to migrate your config.
  • OS images are now configured globally in the images field of the configuration file.
  • The measurements entry in the CLI now uses an updated format, merging enforcedMeasurements and old measurements into one
  • Expected measurements in the config and Constellation's Cluster-ID are now hex encoded by default. Base64 is still supported.

Deprecated

Removed

  • access-manager was removed from code base. K8s native way to SSH into nodes documented.
  • SSHUsers has been removed from the user configuration following the removal of access-manager.
  • Azure Trusted Launch support. May come back in the future.

Fixed

Security

Fixed

  • constellation create on GCP now always uses the local default credentials.

[2.2.2] - 2022-11-17

Fixed

  • constellation create on GCP now always uses the local default credentials.
  • A release process error encountered in v2.2.1. This led to a broken QEMU-based Constellation deployment, where PCR[8] didn't match.

[2.2.1] - 2022-11-16

Changed

  • Increase timeout for constellation config fetch-measurements from 3 seconds to 60 seconds.
  • Consistently log CLI warnings and errors to stderr.

Security

Vulnerabilities in kube-apiserver fixed by upgrading to v1.23.14, v1.24.8 and v1.25.4:

[2.2.0] - 2022-11-08

Added

  • Sign generated SBOMs and store container image SBOMs in registry for easier usage.
  • Support for Constellation on AWS.
  • Constellation Kubernetes services are now managed using Helm.
  • Use tags to mark all applicable resources using a Constellation's UID on Azure.
  • Use labels to mark all applicable resources using a Constellation's UID on GCP.

Changed

  • Verify measurements using Rekor transparency log.
  • The constellation create on Azure now uses Terraform to create and destroy cloud resources.
  • Constellation OS images are now based on Fedora directly and are built using mkosi.
  • constellation terminate will now prompt the user for confirmation before destroying any resources (can be skipped with --yes).
  • Use the constellation-role tag instead of role to indicate an instance's role on Azure.
  • Use labels instead of metadata to apply the constellation-uid and constellation-role tags on GCP.

Deprecated

  • access-manager is no longer deployed.

Removed

  • endpoint flag of constellation init. IP is now always taken from the constellation-id.json file.
  • constellation-state.json file won't be created anymore. Resources are now managed through Terraform.

Fixed

Security

Internal

2.1.0 - 2022-10-07

Added

  • MiniConstellation: Try out Constellation locally without any cloud subscription required just with one command: constellation mini up
  • Loadbalancer for control-plane recovery
  • K8s conformance mode
  • Local cluster creation based on QEMU
  • Verification of Azure trusted launch attestation keys
  • Kubernetes version v1.25 is now fully supported.
  • Enabled Konnectivity.

Changed

  • Autoscaling is now directly managed inside Kubernetes, by the Constellation node operator.
  • The constellation create on GCP now uses Terraform to create and destroy cloud resources.
  • GCP instances are now created without public IPs by default.
  • Kubernetes default version used in Constellation is now v1.24.

Deprecated

Removed

  • CLI options for autoscaling, as this is now managed inside Kubernetes.
  • Kubernetes version v1.22 is no longer supported.

Fixed

Security

Vulnerability inside the Go standard library fixed by updating to Go 1.19.2:

Internal

2.0.0 - 2022-09-12

Initial release of Constellation.