Releases: edgelesssys/constellation
v2.19.0
What's Changed
🐛 Bug fixes
- image: improve AWS performance by retiring idle=poll option by @burgerdev in #3387
🔧 Other changes
- helm: manage CoreDNS addon as Helm chart by @burgerdev in #3388
Full Changelog: v2.18.0...v2.19.0
v2.18.0
What's Changed
🛠 Breaking changes
🎁 New features
- Make SEV-SNP the default attestation variant on GCP by @thomasten in #3267
- terraform-provider-constellation: make kubeconfig output fine-grained by @msanft in #3334
🐛 Bug fixes
- helm: cilium: allow multiple default routes by @burgerdev in #3344
- openstack: Fix a crash in the bootstrapper during node join discovery by @3u13r in #3375
🔧 Other changes
- docs: fix broken links by @daniel-weisse in #3359
New Contributors
- @laralaske made their first contribution in #3255
- @Mearman made their first contribution in #3317
Full Changelog: v2.17.0...v2.18.0
v2.17.0
What's Changed
🛠 Breaking changes
- helm: upgrade cert-manager from v1.12.6 to v1.15.0 by @daniel-weisse in #3177
- See the cert-manager upgrade instructions
- Remove support for k8s v1.27 by @burgerdev in #3173
🎁 New features
- Add support for k8s v1.30 by @burgerdev in #3173
- terraform-provider-constellation: openstack support by @malt3 in #2974
- Support SEV-SNP on GCP by @msanft in #3011
- cli: allow tagging cloud resources with custom tags by @miampf in #3033
- cli: enable JSON output for
constellation verify
on Azure TDX by @daniel-weisse in #3164 - config: allow "latest" pseudo-version for Azure TDX config values by @daniel-weisse in #3166
🐛 Bug fixes
- cli: retry auth handshake deadline exceeded errors in CLI and Terraform by @daniel-weisse in #2976
- bootstrapper: wipe disk and reboot on non-recoverable error by @daniel-weisse in #2971
- bazel: patch Go SDK to increase TLS maxHandshake size by @malt3 in #3009
- kubecmd: retry any k8s errors in CLI and Terraform by @daniel-weisse in #3028
- helm: Restore the ability to start a cluster in conformance mode by disabling the cilium ipmasq agent when in conformance mode by @3u13r in #3062
- terraform: add missing policies for AWS ALB by @burgerdev in #3063
- operators: ignore node deletion errors on absence by @burgerdev in #3113
- cli: fix
constellation verify
depending on an initializedconstellation-state.yaml
file by @daniel-weisse in #3184
🔧 Other changes
- attestation: dont set a default for TDX MRSEAM by @daniel-weisse in #3038
- deps: upgrade terraform provider stackit to 0.16.0 by @malt3 in #3046
- image: update to Fedora 40 by @msanft in #3104
- bootstrapper: prioritize etcd disk I/O by @msanft in #3114
- helm: update AWS CSI driver by @msanft in #3121
- attestation: enable Azure TDX CRL checking by @daniel-weisse in #3160
- renovate: allow major version upgrades of GitHub action dependencies by @daniel-weisse in #3217
New Contributors
- @davidweisse made their first contribution in #3018
Full Changelog: v2.16.4...v2.17.0
v2.16.4
Whats changed
This patch release adds optional IAM permissions to support AWS Application Load Balancers.
Run constellation iam upgrade apply
to add these permissions to an existing Constellation.
🐛 Bug fixes
- helm: disable cilium ipmasq agent when in conformance mode by @3u13r
- terraform: add missing policies for AWS ALB by @burgerdev
- attestation: dont set a default for TDX MRSEAM by @daniel-weisse
- deps: upgrade terraform provider stackit to 0.17.0 by @malt3 and @burgerdev
- snp: ensure we never use ARK supplied by Issuer by @daniel-weisse
- kubecmd: retry any k8s errors in CLI and Terraform by @daniel-weisse
Full Changelog: v2.16.3...v2.16.4
v2.16.3
This release patches the following security vulnerability in Constellation:
Whats changed
🐛 Bug fixes
- helm: firewall pods by @burgerdev in 5507982
Full Changelog: v2.16.2...v2.16.3
v2.16.2
This release fixes an issue which could prevent Constellation cluster creation with Azure SEV-SNP.
Whats changed
🐛 Bug fixes
- increase TLS maxHandshake size to fix deployments on Azure SEV-SNP by @malt3 in #3009
- helm: manually retry uninstalling a failed release during
constellation apply
by @burgerdev in #2984
🔧 Other changes
- terraform: update terraform provider STACKIT to v0.15.1 by @burgerdev in #3007
Full Changelog: v2.16.1...v2.16.2
v2.16.1
This release improves the user experience on STACKIT. Users on other platforms can safely skip this version.
What's Changed
🎁 New features
🐛 Bug fixes
🔧 Other changes
- simplify configuration by reading STACKIT related credentials from canonical locations
- improve STACKIT related documentation
Full Changelog: v2.16.0...v2.16.1
v2.16.0
v2.15.1
What's Changed
🛠 Breaking changes
- Prepare for EOL of classic Azure Application insights by removing cloud loggers, by @msanft in #2892
Full Changelog: v2.15.0...v2.15.1
v2.15.0
What's Changed
🛠 Breaking changes
Important
An upgrade from v2.14.0
to v2.15.0
will require you to explicitly specify the microservice version in your Terraform configuration and re-apply the changed configuration while still on provider version v2.14.0
before upgrading to the provider version v2.15.0
.
🎁 New features
- Add pod disruption budgets so the cluster-autoscaler is able to move kube-admin namespaced resources by @3u13r in #2781
- cli: support for GCP marketplace images by @msanft in #2792
- attestation: enable Constellation for Azure TDX by @daniel-weisse in #2827
🐛 Bug fixes
- terraform-provider: fix parsing
api_server_cert_sans
by @3u13r in #2758 - helm: masq traffic to the mini-qemu-metadata container so that the join-service can retrieve its metadata by @3u13r in #2782
- cli: fix AWS SEV-SNP latest version resolution in cluster by @elchead in #2810
- terraform-provider: validate microservice and image version during plan by @elchead in #2814
- operator: fix node upgrades when using Azure marketplace images by @msanft in #2846
- cilium: performance fixes and reproducible images by @burgerdev @3u13r in #2855
🔧 Other changes
Full Changelog: v2.14.3...v2.15.0