constellation/CHANGELOG.md
Fabian Kammel 95e2c91821 Prepare for v1.3.0 (#242)
Update CHANGELOG.md & versions.
2022-07-05 16:07:15 +02:00

4.7 KiB

Changelog

All notable changes to Constellation will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Unreleased

Added

Changed

Deprecated

Removed

Fixed

Security

  • Create Kubernetes CA signed kubelet certificates on activation.

Internal

1.3.0 - 2022-07-05

Added

  • Early boot logging for GCP and Azure. [Docs]
  • constellation-access-manager allows users to manage SSH users over a ConfigMap. Enables persistent and dynamic management of SSH users on multiple nodes, even after a reboot. [Docs]
  • GCP-native Kubernetes load balancing. [Docs]
  • constellation version prints more information to aid in troubleshooting. [Docs]
  • Standard logging for all services and CLI, allows users to control output in a consistent manner.
  • constellation-id.json in Constellation workspace now holds cluster IDs, to reduce required arguments in Constellation commands, e.g., constellation verify.

Changed

  • New constellation-activation-service offloads Kubernetes node activation from monolithic Coordinator to Kubernetes native micro-service. [ReadMe]
  • Improve user-friendliness of error messages in Constellation CLI.
  • Move verification from extracting attestation statements out of aTLS handshake to a dedicated verify-service in Kubernetes with gRPC and HTTP endpoints.

Security

  • GCP WireGuard encryption via cilium.

Internal

  • Refactore folder structure of repository to better reflect internal implementation and public API.
  • Extend goleak checks to all tests.

1.2.0 - 2022-06-02

Changed

  • Replace flannel CNI with Cilium.

1.1.0 - 2022-06-02

Added

  • CLI
    • Command constellation recover to re-initialize a completely stopped cluster.
    • Command constellation config generate to generate a default configuration file for a specific cloud provider.
  • CSI
    • Option to enable dm-integrity in a StorageClass.
    • Support volume expansion.
    • Support volume snapshots.
  • KMS
    • Deploy Key Management Service (KMS) in Constellation clusters to handle key derivation.
  • Option to add SSH users on init.

Changed

  • CLI UX
    • constellation create now requires a configuration file. The usual workflow is to run constellation config generate first.
    • Consistent command format with at most one argument and named flags otherwise.
    • Display usage when invalid arguments are passed.
    • Add list of instance types to command help.
    • Wording tweaks.
  • CLI config
    • Rename dev-config to config.
    • Change format to YAML.
    • Make it self-documenting.
    • Validation.
    • Rename PCRs to Measurements.

Removed

  • Support for non-CVMs on GCP.

Fixed

  • Pin Kubernetes version deployed by kubeadm init.

Security

  • Replace single, never expiring Kubernetes join token with expiring unique tokens.
  • Apply CIS benchmark for kubeadm clusterconf and kubelet conf.
  • Enable Kubernetes audit log.

Internal

  • Create GCP images in constellation-images project so that they can be shared with customers.
  • Add customer onboarding docs.
  • Add E2E test as Github Action.
  • Improvements to local QEMU testing.
  • Preparations for mutual ATLS.

1.0.0 - 2022-04-28

Initial release of Constellation. With underlying WireGuard and Kubernetes compliant.