Releases: edgelesssys/constellation
Releases Β· edgelesssys/constellation
v2.14.3
What's Changed
π Bug fixes
- helm: masq traffic to the mini-qemu-metadata container so that the join-service can retrieve it's metadata by @3u13r in #2782
- node-operator: allow the upgrade process to succeed by correctly setting the communityGallery VM image in Azure by @elchead in #2788
Full Changelog: v2.14.2...v2.14.3
Contributors
3u13r and elchead
Assets 17
v2.14.2
Contributors
elchead
Assets 17
v2.14.1
Contributors
3u13r and elchead
Assets 17
v2.14.0
What's Changed
π New features
- terraform-provider: first release of the Terraform provider for full lifecycle cluster management in Terraform by @daniel-weisse, @elchead and @msanft
- Enable Cilium node-to-node strict encryption by @3u13r in #2462
- cli: enable
constellation applyto create new clusters by @daniel-weisse in #2549 - docs: add Helm chart for VPN connectivity by @burgerdev in #2577
- aws: reintroduce SNP-based attestation by @derpsteb in #2601
- Make Kubernetes serviceCIDR configurable in config by @3u13r in #2660
- terraform: Azure Marketplace image support by @msanft in #2651
- image: reproducible builds test by @malt3 in #2707
- deps: update cert manager to 1.12.6 by @3u13r in #2700
- deps: pin cert-manager image to sha256 checksum by @elchead in #2721
- deps: pin Kubernetes container image hashes by @burgerdev in #2719
π Bug fixes
- cli: fix panic in status cmd without conf file by @elchead in #2625
- api: respect
HTTP(S)_PROXYenvironment variable by @msanft in #2635
New Contributors
- @burgerdev made their first contribution in #2576
Full Changelog: v2.13.0...v2.14.0
Contributors
malt3, burgerdev, and 5 other contributors
Assets 17
v2.13.0
What's Changed
π New features
- cli: add field docs to the state file by @msanft in #2453
- cli: generate state file during
constellation config generateby @msanft in #2455 - Support internal load balancers by @3u13r in #2388
- cli: add
constellation applycommand to replaceinitandupgrade applyby @daniel-weisse in #2484 - cli: state file validation by @msanft in #2523
- terraform: Terraform module for AWS by @elchead in #2503
- terraform: Terraform module for GCP by @elchead in #2553
- terraform: Terraform module for Azure by @msanft in #2566
π Bug fixes
- helm: add GCP CCM permissions for internal LBs by @3u13r in #2474
- [Windows] cli: fix incorrect filepath separator causing upgrades to fail by @daniel-weisse in #2562
π§ Other changes
- docs: add new page to document s3proxy by @derpsteb in #2417
- docs: extend filestash example with more regions by @derpsteb in #2445
- docs: document self-managed infrastructure by @msanft in #2458
- hack: remove GCP internal LB by @3u13r in #2502
- docs: refer to apply command instead of
initorupgrade applyby @daniel-weisse in #2487 - docs: align self-managed infrastructure docs with e2e worfklow by @msanft in #2525
New Contributors
Full Changelog: v2.12.0...v2.13.0
Contributors
derpsteb, 3u13r, and 4 other contributors
Assets 17
v2.12.0
What's Changed
π Breaking changes
π New features
- cli: perform upgrades in-place in Terraform workspace by @msanft in #2317
- s3proxy: add initial implementation by @derpsteb in #2385
π Bug fixes
- cli: temporarily increase AWS ASG creation timeout by @msanft in #2340
- cli: report log collection failure to user by @daniel-weisse in #2354
π§ Other changes
- joinservice: cache certificates for Azure SEV-SNP attestation by @msanft in #2336
- docs: add observability page by @m1ghtym0 in #2384
- docs: document gcp permissions needed for upgrade by @3u13r in #2378
- cli: use state file on init and upgrade by @msanft in #2395
Full Changelog: v2.11.0...v2.12.0
Contributors
m1ghtym0, derpsteb, and 4 other contributors
Assets 16
v2.11.0
What's Changed
π Breaking changes
π New features
- attestation: print ordered measurement verification warnings and errors by @daniel-weisse in #2237
- deps: support Kubernetes 1.28 by @3u13r in #2242
- cli: add spinner to helm chart installation by @daniel-weisse in #2270
- cli: save Helm charts to disk before running upgrades by @daniel-weisse in #2305
- cli: new flag to skip phases of upgrade by @elchead in #2310
π Bug fixes
- cli: fix incorrect file path for master secret during upgrades when using workspace flag by @daniel-weisse in #2249
- cli: fix upgrade by passing placeholder values for images by @elchead in #2250
- cli: fix incorrect actual values for constellation verify on AWS by @3u13r in #2265
- ci: fix incorrect signing key for sbom signature and wrong public key in release artifacts by @daniel-weisse in #2296
- cli: correctly trim white spaces for certificates in
verifyby @daniel-weisse in #2299 - cli: retry helm apply on any error by @daniel-weisse in #2322
- node-operator: fix data race in executor by @elchead in #2326
π§ Other changes
- deps: limit Terraform version to FOSS releases by @thomasten in #2241
- docs: document upgrade backup files by @msanft in #2275
- docs: add vault performance benchmarks by @m1ghtym0 in #2271
- image: move idle and nosmt to aws-only images by @derpsteb in #2297
Full Changelog: v2.10.1...v2.11.0
Contributors
m1ghtym0, derpsteb, and 5 other contributors
Assets 16
v2.10.1
What's Changed
π Bug fixes
- cli: fix upgrade by passing placeholder values for images by @3u13r and @elchead in #2250
- cli: fix incorrect file path for master secret during upgrades when using workspace flag by @daniel-weisse in #2249
Full Changelog: v2.10.0...v2.10.1
Contributors
3u13r, elchead, and daniel-weisse
Assets 16
v2.10.0
What's Changed
π Breaking changes
- Use new
aws-load-balancer-controllerto fix SecurityGroup cleanup on K8s service deletion by @elchead in #2090 - cli: add
--workspaceflag to set base directory for Constellation workspace by @daniel-weisse in #2148
π New features
- Create additional node groups with custom instance types, disk settings and independent scaling #2152
- Placement of node groups in different zones for high availability #2152
- Enable volume snapshot support if CSI drivers are deployed to the cluster by @daniel-weisse in #1964
- bootstrapper: add fallback endpoint and custom endpoint to apiserver certificate SAN field by @malt3 in #2108
- cli: add
iam upgrade applyby @elchead in #2132 - cli: output CSI driver versions on
statusby @daniel-weisse in #2128 - cli: print vcek certificate extensions and snp attestation report during verify by @katexochen in #2140
- cli: add maa token to the output of
verifycommand by @katexochen in #2172
π Bug fixes
- cli: do not recreate os disk during upgrade by keeping Azure ConfidentialVM setting during upgrade by @malt3 in #2113
- image: fix deadlock on boot by using AWS linux kernel by @daniel-weisse in #2115
- disk-mapper: allow rebooted but uninitialized node to join the cluster by @daniel-weisse in #2083
- cli: do not recreate LB IP during 2.9 upgrade on Azure by @derpsteb in #2117
- image: synchronize time via ntp by @malt3 in #2118
- cli: retry during upgrade when node image update fails due to conflict error by @elchead in #2123
- cli: fix version check for CSI chart by @daniel-weisse in #2209
π§ Other changes
Full Changelog: v2.9.0...v2.10.0
Contributors
malt3, derpsteb, and 3 other contributors
Assets 16
v2.9.1
What's Changed
π Bug fixes
- cli: do not recreate os disk during upgrade by keeping Azure ConfidentialVM setting during upgrade by @malt3 in #2113
- image: fix deadlock on boot by using AWS linux kernel on AWS by @daniel-weisse in #2115
- cli: do not recreate LB IP during 2.9 upgrade on Azure by @derpsteb in #2117
- image: synchronize time via ntp by @malt3 in #2118
Full Changelog: v2.9.0...v2.9.1
Contributors
malt3, derpsteb, and daniel-weisse