mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-25 23:49:37 -05:00
95e2c91821
Update CHANGELOG.md & versions.
4.7 KiB
4.7 KiB
Changelog
All notable changes to Constellation will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
Unreleased
Added
Changed
Deprecated
Removed
Fixed
Security
- Create Kubernetes CA signed kubelet certificates on activation.
Internal
1.3.0 - 2022-07-05
Added
- Early boot logging for GCP and Azure. [Docs]
constellation-access-manager
allows users to manage SSH users over a ConfigMap. Enables persistent and dynamic management of SSH users on multiple nodes, even after a reboot. [Docs]- GCP-native Kubernetes load balancing. [Docs]
constellation version
prints more information to aid in troubleshooting. [Docs]- Standard logging for all services and CLI, allows users to control output in a consistent manner.
constellation-id.json
in Constellation workspace now holds cluster IDs, to reduce required arguments in Constellation commands, e.g.,constellation verify
.
Changed
- New
constellation-activation-service
offloads Kubernetes node activation from monolithic Coordinator to Kubernetes native micro-service. [ReadMe] - Improve user-friendliness of error messages in Constellation CLI.
- Move verification from extracting attestation statements out of aTLS handshake to a dedicated
verify-service
in Kubernetes with gRPC and HTTP endpoints.
Security
- GCP WireGuard encryption via cilium.
Internal
- Refactore folder structure of repository to better reflect
internal
implementation and public API. - Extend
goleak
checks to all tests.
1.2.0 - 2022-06-02
Changed
- Replace flannel CNI with Cilium.
1.1.0 - 2022-06-02
Added
- CLI
- Command
constellation recover
to re-initialize a completely stopped cluster. - Command
constellation config generate
to generate a default configuration file for a specific cloud provider.
- Command
- CSI
- Option to enable dm-integrity in a StorageClass.
- Support volume expansion.
- Support volume snapshots.
- KMS
- Deploy Key Management Service (KMS) in Constellation clusters to handle key derivation.
- Option to add SSH users on init.
Changed
- CLI UX
constellation create
now requires a configuration file. The usual workflow is to runconstellation config generate
first.- Consistent command format with at most one argument and named flags otherwise.
- Display usage when invalid arguments are passed.
- Add list of instance types to command help.
- Wording tweaks.
- CLI config
- Rename dev-config to config.
- Change format to YAML.
- Make it self-documenting.
- Validation.
- Rename PCRs to Measurements.
Removed
- Support for non-CVMs on GCP.
Fixed
- Pin Kubernetes version deployed by
kubeadm init
.
Security
- Replace single, never expiring Kubernetes join token with expiring unique tokens.
- Apply CIS benchmark for kubeadm clusterconf and kubelet conf.
- Enable Kubernetes audit log.
Internal
- Create GCP images in
constellation-images
project so that they can be shared with customers. - Add customer onboarding docs.
- Add E2E test as Github Action.
- Improvements to local QEMU testing.
- Preparations for mutual ATLS.
1.0.0 - 2022-04-28
Initial release of Constellation. With underlying WireGuard and Kubernetes compliant.