constellation/CHANGELOG.md
Fabian Kammel ca4764c466
Merge v2.2.1 changes back to main (#563)
* Bump version to v2.2.0

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Fix release detection in pipeline

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Update CHANGELOG for 2.2.1

Signed-off-by: Fabian Kammel <fk@edgeless.systems>

* bump constellation versions to 2.2.1

Signed-off-by: Fabian Kammel <fk@edgeless.systems>

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2022-11-16 11:13:10 +01:00

4.7 KiB

Changelog

All notable changes to Constellation will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Unreleased

Added

  • Environment variable CONSTELL_AZURE_CLIENT_SECRET_VALUE as an alternative way to provide the configuration value provider.azure.clientSecretValue.

Changed

Deprecated

Removed

  • access-manager was removed from code base. K8s native way to SSH into nodes documented.

Security

[2.2.1] - 2022-11-14

Changed

  • Increase timeout for constellation config fetch-measurements from 3 seconds to 60 seconds.
  • Consistently log CLI warnings and errors to stderr.

Security

Vulnerabilities in kube-apiserver fixed by upgrading to v1.23.14, v1.24.8 and v1.25.4:

[2.2.0] - 2022-11-08

Added

  • Sign generated SBOMs and store container image SBOMs in registry for easier usage.
  • Support for Constellation on AWS.
  • Constellation Kubernetes services are now managed using Helm.
  • Use tags to mark all applicable resources using a Constellation's UID on Azure.
  • Use labels to mark all applicable resources using a Constellation's UID on GCP.

Changed

  • Verify measurements using Rekor transparency log.
  • The constellation create on Azure now uses Terraform to create and destroy cloud resources.
  • Constellation OS images are now based on Fedora directly and are built using mkosi.
  • constellation terminate will now prompt the user for confirmation before destroying any resources (can be skipped with --yes).
  • Use the constellation-role tag instead of role to indicate an instance's role on Azure.
  • Use labels instead of metadata to apply the constellation-uid and constellation-role tags on GCP.

Deprecated

  • access-manager is no longer deployed.

Removed

  • endpoint flag of constellation init. IP is now always taken from the constellation-id.json file.
  • constellation-state.json file won't be created anymore. Resources are now managed through Terraform.

Fixed

Security

Internal

2.1.0 - 2022-10-07

Added

  • MiniConstellation: Try out Constellation locally without any cloud subscription required just with one command: constellation mini up
  • Loadbalancer for control-plane recovery
  • K8s conformance mode
  • Local cluster creation based on QEMU
  • Verification of Azure trusted launch attestation keys
  • Kubernetes version v1.25 is now fully supported.
  • Enabled Konnectivity.

Changed

  • Autoscaling is now directly managed inside Kubernetes, by the Constellation node operator.
  • The constellation create on GCP now uses Terraform to create and destroy cloud resources.
  • GCP instances are now created without public IPs by default.
  • Kubernetes default version used in Constellation is now v1.24.

Deprecated

Removed

  • CLI options for autoscaling, as this is now managed inside Kubernetes.
  • Kubernetes version v1.22 is no longer supported.

Fixed

Security

Vulnerability inside the Go standard library fixed by updating to Go 1.19.2:

Internal

2.0.0 - 2022-09-12

Initial release of Constellation.