Edgelesssys Constellation Versions Save

What's Changed

🎁 New features

• cli: add field docs to the state file by @msanft in https://github.com/edgelesssys/constellation/pull/2453
• cli: generate state file during constellation config generate by @msanft in https://github.com/edgelesssys/constellation/pull/2455
• Support internal load balancers by @3u13r in https://github.com/edgelesssys/constellation/pull/2388
• cli: add constellation apply command to replace init and upgrade apply by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/2484
• cli: state file validation by @msanft in https://github.com/edgelesssys/constellation/pull/2523
• terraform: Terraform module for AWS by @elchead in https://github.com/edgelesssys/constellation/pull/2503
• terraform: Terraform module for GCP by @elchead in https://github.com/edgelesssys/constellation/pull/2553
• terraform: Terraform module for Azure by @msanft in https://github.com/edgelesssys/constellation/pull/2566

🐛 Bug fixes

• helm: add GCP CCM permissions for internal LBs by @3u13r in https://github.com/edgelesssys/constellation/pull/2474
• [Windows] cli: fix incorrect filepath separator causing upgrades to fail by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/2562

🔧 Other changes

• docs: add new page to document s3proxy by @derpsteb in https://github.com/edgelesssys/constellation/pull/2417
• docs: extend filestash example with more regions by @derpsteb in https://github.com/edgelesssys/constellation/pull/2445
• docs: document self-managed infrastructure by @msanft in https://github.com/edgelesssys/constellation/pull/2458
• hack: remove GCP internal LB by @3u13r in https://github.com/edgelesssys/constellation/pull/2502
• docs: refer to apply command instead of init or upgrade apply by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/2487
• docs: align self-managed infrastructure docs with e2e worfklow by @msanft in https://github.com/edgelesssys/constellation/pull/2525

New Contributors

• @etelsv made their first contribution in https://github.com/edgelesssys/constellation/pull/2411

Full Changelog: https://github.com/edgelesssys/constellation/compare/v2.12.0...v2.13.0

What's Changed

🛠 Breaking changes

• cli: new flag for Azure JSON output of constellation verify by @elchead in https://github.com/edgelesssys/constellation/pull/2391

🎁 New features

• cli: perform upgrades in-place in Terraform workspace by @msanft in https://github.com/edgelesssys/constellation/pull/2317
• s3proxy: add initial implementation by @derpsteb in https://github.com/edgelesssys/constellation/pull/2385

🐛 Bug fixes

• cli: temporarily increase AWS ASG creation timeout by @msanft in https://github.com/edgelesssys/constellation/pull/2340
• cli: report log collection failure to user by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/2354

🔧 Other changes

• joinservice: cache certificates for Azure SEV-SNP attestation by @msanft in https://github.com/edgelesssys/constellation/pull/2336
• docs: add observability page by @m1ghtym0 in https://github.com/edgelesssys/constellation/pull/2384
• docs: document gcp permissions needed for upgrade by @3u13r in https://github.com/edgelesssys/constellation/pull/2378
• cli: use state file on init and upgrade by @msanft in https://github.com/edgelesssys/constellation/pull/2395

Full Changelog: https://github.com/edgelesssys/constellation/compare/v2.11.0...v2.12.0

What's Changed

🛠 Breaking changes

• remove deprecated -c and -w flags from constellation create by @3u13r in https://github.com/edgelesssys/constellation/pull/2325

🎁 New features

• attestation: print ordered measurement verification warnings and errors by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/2237
• deps: support Kubernetes 1.28 by @3u13r in https://github.com/edgelesssys/constellation/pull/2242
• cli: add spinner to helm chart installation by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/2270
• cli: save Helm charts to disk before running upgrades by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/2305
• cli: new flag to skip phases of upgrade by @elchead in https://github.com/edgelesssys/constellation/pull/2310

🐛 Bug fixes

• cli: fix incorrect file path for master secret during upgrades when using workspace flag by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/2249
• cli: fix upgrade by passing placeholder values for images by @elchead in https://github.com/edgelesssys/constellation/pull/2250
• cli: fix incorrect actual values for constellation verify on AWS by @3u13r in https://github.com/edgelesssys/constellation/pull/2265
• ci: fix incorrect signing key for sbom signature and wrong public key in release artifacts by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/2296
• cli: correctly trim white spaces for certificates in verify by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/2299
• cli: retry helm apply on any error by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/2322
• node-operator: fix data race in executor by @elchead in https://github.com/edgelesssys/constellation/pull/2326

🔧 Other changes

• deps: limit Terraform version to FOSS releases by @thomasten in https://github.com/edgelesssys/constellation/pull/2241
• docs: document upgrade backup files by @msanft in https://github.com/edgelesssys/constellation/pull/2275
• docs: add vault performance benchmarks by @m1ghtym0 in https://github.com/edgelesssys/constellation/pull/2271
• image: move idle and nosmt to aws-only images by @derpsteb in https://github.com/edgelesssys/constellation/pull/2297

Full Changelog: https://github.com/edgelesssys/constellation/compare/v2.10.1...v2.11.0

What's Changed

🐛 Bug fixes

• cli: fix upgrade by passing placeholder values for images by @3u13r and @elchead in #2250
• cli: fix incorrect file path for master secret during upgrades when using workspace flag by @daniel-weisse in #2249

Full Changelog: https://github.com/edgelesssys/constellation/compare/v2.10.0...v2.10.1

What's Changed

🛠 Breaking changes

• Use new aws-load-balancer-controller to fix SecurityGroup cleanup on K8s service deletion by @elchead in https://github.com/edgelesssys/constellation/pull/2090
• cli: add --workspace flag to set base directory for Constellation workspace by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/2148

🎁 New features

• Create additional node groups with custom instance types, disk settings and independent scaling #2152
• Placement of node groups in different zones for high availability #2152
• Enable volume snapshot support if CSI drivers are deployed to the cluster by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/1964
• bootstrapper: add fallback endpoint and custom endpoint to apiserver certificate SAN field by @malt3 in https://github.com/edgelesssys/constellation/pull/2108
• cli: add iam upgrade apply by @elchead in https://github.com/edgelesssys/constellation/pull/2132
• cli: output CSI driver versions on status by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/2128
• cli: print vcek certificate extensions and snp attestation report during verify by @katexochen in https://github.com/edgelesssys/constellation/pull/2140
• cli: add maa token to the output of verify command by @katexochen in https://github.com/edgelesssys/constellation/pull/2172

🐛 Bug fixes

• cli: do not recreate os disk during upgrade by keeping Azure ConfidentialVM setting during upgrade by @malt3 in https://github.com/edgelesssys/constellation/pull/2113
• image: fix deadlock on boot by using AWS linux kernel by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/2115
• disk-mapper: allow rebooted but uninitialized node to join the cluster by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/2083
• cli: do not recreate LB IP during 2.9 upgrade on Azure by @derpsteb in https://github.com/edgelesssys/constellation/pull/2117
• image: synchronize time via ntp by @malt3 in https://github.com/edgelesssys/constellation/pull/2118
• cli: retry during upgrade when node image update fails due to conflict error by @elchead in https://github.com/edgelesssys/constellation/pull/2123
• cli: fix version check for CSI chart by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/2209

🔧 Other changes

• doc: add iam:DeletePolicyVersion by @elchead in https://github.com/edgelesssys/constellation/pull/2111

Full Changelog: https://github.com/edgelesssys/constellation/compare/v2.9.0...v2.10.0

What's Changed

🐛 Bug fixes

• cli: do not recreate os disk during upgrade by keeping Azure ConfidentialVM setting during upgrade by @malt3 in https://github.com/edgelesssys/constellation/pull/2113
• image: fix deadlock on boot by using AWS linux kernel on AWS by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/2115
• cli: do not recreate LB IP during 2.9 upgrade on Azure by @derpsteb in https://github.com/edgelesssys/constellation/pull/2117
• image: synchronize time via ntp by @malt3 in https://github.com/edgelesssys/constellation/pull/2118

Full Changelog: https://github.com/edgelesssys/constellation/compare/v2.9.0...v2.9.1

What's Changed

🛠 Breaking changes

• config: drop support for deprecated Azure's service principal authentication by @elchead in https://github.com/edgelesssys/constellation/pull/1906
• cli: change generate-config flag to update-config flag by @miampf in https://github.com/edgelesssys/constellation/pull/1897

🎁 New features

• attestation: add awsSEVSNP as new variant by @derpsteb in https://github.com/edgelesssys/constellation/pull/1900
• cli: status shows attestation config by @elchead in https://github.com/edgelesssys/constellation/pull/2056
• experimental Windows variant of the Constellation cli by @malt3 in https://github.com/edgelesssys/constellation/pull/2075
• config: support 'latest' as TCB version value for Azure SEV-SNP by @elchead in https://github.com/edgelesssys/constellation/pull/1899

🐛 Bug fixes

• bootstraper: fix 'cannot re-use a name that is still in use' error during init by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/1977

🔧 Other changes

• cli: store upgrade files in versioned folders by @msanft in https://github.com/edgelesssys/constellation/pull/1929
• cli: upgrade apply --force skips all compatibility checks by @elchead in https://github.com/edgelesssys/constellation/pull/1940
• cli: deploy aws csi driver per default by @msanft in https://github.com/edgelesssys/constellation/pull/1981
• csi: add required policies for aws csi driver by @msanft in https://github.com/edgelesssys/constellation/pull/1945
• cli: fail fast when CLI and Constellation versions don't match by @elchead in https://github.com/edgelesssys/constellation/pull/1972
• docs: explain the role of PCR[10] and why it is not reproducible by @malt3 in https://github.com/edgelesssys/constellation/pull/2011

Full Changelog: https://github.com/edgelesssys/constellation/compare/v2.8.0...v2.9.0

What's Changed

🛠 Breaking changes

• config: add separate option for handling attestation parameters by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/1623

🎁 New features

• Terraform log support by @msanft in https://github.com/edgelesssys/constellation/pull/1620
• OpenStack service type loadbalancer (yawol) by @malt3 in https://github.com/edgelesssys/constellation/pull/1705
• deps: add Kubernetes v1.27, remove Kubernetes v1.24 by @katexochen in https://github.com/edgelesssys/constellation/pull/1669
• cli: OpenStack encrypted csi block storage (cinder) by @m1ghtym0 in https://github.com/edgelesssys/constellation/pull/1771
• cli: new flag to set the attestation type for config generate by @elchead in https://github.com/edgelesssys/constellation/pull/1769
• Add autoscaling and cluster upgrade support for AWS by @3u13r in https://github.com/edgelesssys/constellation/pull/1758
• cli: Terraform migrations on upgrade by @msanft in https://github.com/edgelesssys/constellation/pull/1685

🐛 Bug fixes

• cli: fix misleading error while applying kubernetes-only upgrade by @derpsteb in https://github.com/edgelesssys/constellation/pull/1630

🔧 Other changes

• docs: add short explanation on attestation config options by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/1654
• docs: update state of clouds by @m1ghtym0 in https://github.com/edgelesssys/constellation/pull/1732

New Contributors

• @elchead made their first contribution in https://github.com/edgelesssys/constellation/pull/1769

Full Changelog: https://github.com/edgelesssys/constellation/compare/v2.7.1...v2.8.0

What's Changed

🐛 Bug fixes

• fix broken configuration generation in the macOS CLI by @malt3 in https://github.com/edgelesssys/constellation/pull/1632
• cli: fix misleading error while applying kubernetes-only upgrade by @derpsteb in https://github.com/edgelesssys/constellation/pull/1630
• cli: fix constellation iam destroy error on Azure by force-deleting resource group by @msanft in https://github.com/edgelesssys/constellation/pull/1667
• upgrade: fix 2.6 -> 2.7 migration for 2.7.1 patch by @derpsteb in https://github.com/edgelesssys/constellation/pull/1649
• cli: create namespaced folders for upgrade backups in upgrade apply by @derpsteb in https://github.com/edgelesssys/constellation/pull/1702

Full Changelog: https://github.com/edgelesssys/constellation/compare/v2.7.0...v2.7.1

What's Changed

🛠 Breaking changes

• config: remove deprecated upgradeConfig and require name and microserviceVersion fields by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/1541

🎁 New features

• attestation: add options to the EnforceIDKeyDigest config field to enable Microsoft Azure Attestation fallback when verifying AMD SNP-SEV id key digest by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/1257
• cli: upgrade apply now allows upgrading measurements only by @derpsteb in https://github.com/edgelesssys/constellation/pull/1432
• config: deprecate confidentialVM config option for Azure clusters in favor of attestationVariant by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/1539
• docs: list minimal permissions set required for Constellation setup by @msanft in https://github.com/edgelesssys/constellation/pull/1442
• cli: add status command to print upgrade and version status of cluster by @derpsteb in https://github.com/edgelesssys/constellation/pull/1520
• cli: show available cli upgrades with upgrade check command by @msanft in https://github.com/edgelesssys/constellation/pull/1394
• cli: print attestation document during verification with constellation verify by @msanft in https://github.com/edgelesssys/constellation/pull/1577

🐛 Bug fixes

• bootstrapper: mitigate timeout issue during Cilium deployment by @Nirusu in https://github.com/edgelesssys/constellation/pull/1403
• cli: prevent double initialization in cases where an error was mistakenly retried by @Nirusu in https://github.com/edgelesssys/constellation/pull/1404
• cli: fix upgrade apply for image-only upgrades by @derpsteb in https://github.com/edgelesssys/constellation/pull/1468
• ci: correctly determine PCR5 value by measuring it during build time by @derpsteb in https://github.com/edgelesssys/constellation/pull/1521

🔧 Other changes

• attestation: create issuer based on kernel cmd line by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/1355
• docs: embedd asciinema casts by @datosh in https://github.com/edgelesssys/constellation/pull/1154
• cli: only create resource backups if upgrade is executed by @derpsteb in https://github.com/edgelesssys/constellation/pull/1437
• cli: grant Azure user-assigned managed identities all permissions previously granted to app registration by @malt3 in https://github.com/edgelesssys/constellation/pull/1334
• experimental support for OpenStack by @malt3 in https://github.com/edgelesssys/constellation/pull/1443
• cli: warn about missing support for upgrades on AWS, OpenStack, QEMU by @derpsteb in https://github.com/edgelesssys/constellation/pull/1518

Full Changelog: https://github.com/edgelesssys/constellation/compare/v2.6.0...v2.7.0