Constellation - v2.6.0


What's Changed

🛡 Security improvements

  • Fix a vulnerability where an attacker with access to the victim's cloud subscription could gain code execution on a booting node through the initramfs emergency shell. See the accompanying security advisory for more information.

🎁 New features

  • cli: refactor upgrade commands to support Kubernetes, microservice and image upgrades. Previously only supported image upgrades by @derpsteb in https://github.com/edgelesssys/constellation/pull/1109, https://github.com/edgelesssys/constellation/pull/1160
  • cli: add iam destroy command to delete resources created by iam create by @miampf in https://github.com/edgelesssys/constellation/pull/946
  • cli: add basic support for constellation create on OpenStack by @malt3 in https://github.com/edgelesssys/constellation/pull/1283
  • Enable cryptsetup read/write workqueue bypass by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/1150
  • cli: add option to automatically merge new Constellation kubeconfig file into default configuration at $HOME/.kube/config on init by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/1136
  • init: create kubeconfig file with unique user/cluster name by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/1133
  • cli: add --kubernetes flag to config generate to let CLI extend the correct Kubernetes patch version by @derpsteb in https://github.com/edgelesssys/constellation/pull/1226
  • cli: add --kubernetes flag to iam create (when used with --create-config) by @Nirusu in https://github.com/edgelesssys/constellation/pull/1326
  • cli: add config kubernetes-versions subcommand to print supported Kubernetes versions by @derpsteb in https://github.com/edgelesssys/constellation/pull/1224
  • ci: build microservices reproducibly using ko by @leongross in https://github.com/edgelesssys/constellation/pull/1108
  • apko: build apko base images with fixed packages by @katexochen in https://github.com/edgelesssys/constellation/pull/1090
  • join-service: more logging on error by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/1076
  • cli: add debug logging to iam create command by @msanft in https://github.com/edgelesssys/constellation/pull/1127
  • cli: add name of build type to version cmd output by @katexochen in https://github.com/edgelesssys/constellation/pull/1179
  • cli: option to disable spinner via environment variable by @datosh in https://github.com/edgelesssys/constellation/pull/1207
  • cli: add support for GCP C2D confidential VMs by @Nirusu in https://github.com/edgelesssys/constellation/pull/1225
  • cli: add debug logging to attestation validator/issuer by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/1262, https://github.com/edgelesssys/constellation/pull/1264
  • image: add verbose service logging for debug images by @leongross in https://github.com/edgelesssys/constellation/pull/1159
  • attestation: validate GCP machine state instead of PCR 0 by @thomasten in https://github.com/edgelesssys/constellation/pull/1343

🐛 Bug fixes

  • config: fix digest naming by @3u13r in https://github.com/edgelesssys/constellation/pull/1064
  • cli: set uid output for QEMU / MiniConstellation so Constellation on QEMU can be created correctly by @malt3 in https://github.com/edgelesssys/constellation/pull/1069
  • terraform: make control-planes stateful on gcp so the control-plane does not break when VMs are stopped and later restarted by @3u13r in https://github.com/edgelesssys/constellation/pull/1087
  • bootstrapper: retry helm chart installation so slow Konnectivity startup does not break cluster initialization by @derpsteb in https://github.com/edgelesssys/constellation/pull/1151
  • cli: error when executing iam create twice in the same workspace. This prevents cases where existing IAM resources are mistakenly rolled back by @msanft in https://github.com/edgelesssys/constellation/pull/1148
  • cli: print previously hidden, but required GCP values (zone, region, projectID) to config/stdout when running iam create by @msanft in https://github.com/edgelesssys/constellation/pull/1149
  • cli: fix pluralization in create output by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/1209
  • iam: correctly assign uami role to base resource group by @3u13r in https://github.com/edgelesssys/constellation/pull/1247
  • bootstrapper: retry helm chart installation on connection refused errors by @3u13r in https://github.com/edgelesssys/constellation/pull/1245
  • cli: allow existing config for IAM creation without --generate-config by @Nirusu in https://github.com/edgelesssys/constellation/pull/1285
  • cli: upgrade libtpms in libvirt container by @malt3 in https://github.com/edgelesssys/constellation/pull/1338
  • bootstrapper: stop join-client earlier by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/1268
  • bootstrapper: make sure InitServer is only shut down after Init has returned by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/1347

🔧 Other changes

  • versions: remove Kubernetes v1.23 by @katexochen in https://github.com/edgelesssys/constellation/pull/1080
  • azure: add new idkeydigest by @3u13r in https://github.com/edgelesssys/constellation/pull/1094
  • cli: enable jumbo frames for GCP VPCs by @Nirusu in https://github.com/edgelesssys/constellation/pull/1146
  • cli: use pseudoversion and forward it into helm charts by @derpsteb in https://github.com/edgelesssys/constellation/pull/1281
  • docs: add docs on general Terraform usage by @msanft in https://github.com/edgelesssys/constellation/pull/1263
  • docs: adjust wording for resource provider troubleshooting by @Nirusu in https://github.com/edgelesssys/constellation/pull/1317
  • docs: upgrade docs now reflect the new upgrade commands by @derpsteb in https://github.com/edgelesssys/constellation/pull/1331

New Contributors

  • @miampf made their first contribution in https://github.com/edgelesssys/constellation/pull/946

Full Changelog: https://github.com/edgelesssys/constellation/compare/v2.5.0...v2.6.0


Details

date
March 9, 2023, 8:51 a.m.
name
v2.6.0
type
Minor
👇
Register or login to:
  • 🔍View and search all Constellation releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or