Constellation - v2.6.0
What's Changed
🛡 Security improvements
- Fix a vulnerability where an attacker with access to the victim's cloud subscription could gain code execution on a booting node through the initramfs emergency shell. See the accompanying security advisory for more information.
🎁 New features
- cli: refactor upgrade commands to support Kubernetes, microservice and image upgrades. Previously only supported image upgrades by @derpsteb in https://github.com/edgelesssys/constellation/pull/1109, https://github.com/edgelesssys/constellation/pull/1160
- cli: add
iam destroy
command to delete resources created byiam create
by @miampf in https://github.com/edgelesssys/constellation/pull/946 - cli: add basic support for
constellation create
on OpenStack by @malt3 in https://github.com/edgelesssys/constellation/pull/1283 - Enable cryptsetup read/write workqueue bypass by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/1150
- cli: add option to automatically merge new Constellation kubeconfig file into default configuration at
$HOME/.kube/config
on init by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/1136 - init: create kubeconfig file with unique user/cluster name by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/1133
- cli: add
--kubernetes
flag toconfig generate
to let CLI extend the correct Kubernetes patch version by @derpsteb in https://github.com/edgelesssys/constellation/pull/1226 - cli: add
--kubernetes
flag toiam create
(when used with--create-config
) by @Nirusu in https://github.com/edgelesssys/constellation/pull/1326 - cli: add
config kubernetes-versions
subcommand to print supported Kubernetes versions by @derpsteb in https://github.com/edgelesssys/constellation/pull/1224 - ci: build microservices reproducibly using ko by @leongross in https://github.com/edgelesssys/constellation/pull/1108
- apko: build apko base images with fixed packages by @katexochen in https://github.com/edgelesssys/constellation/pull/1090
- join-service: more logging on error by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/1076
- cli: add debug logging to
iam create
command by @msanft in https://github.com/edgelesssys/constellation/pull/1127 - cli: add name of build type to version cmd output by @katexochen in https://github.com/edgelesssys/constellation/pull/1179
- cli: option to disable spinner via environment variable by @datosh in https://github.com/edgelesssys/constellation/pull/1207
- cli: add support for GCP C2D confidential VMs by @Nirusu in https://github.com/edgelesssys/constellation/pull/1225
- cli: add debug logging to attestation validator/issuer by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/1262, https://github.com/edgelesssys/constellation/pull/1264
- image: add verbose service logging for debug images by @leongross in https://github.com/edgelesssys/constellation/pull/1159
- attestation: validate GCP machine state instead of PCR 0 by @thomasten in https://github.com/edgelesssys/constellation/pull/1343
🐛 Bug fixes
- config: fix digest naming by @3u13r in https://github.com/edgelesssys/constellation/pull/1064
- cli: set uid output for QEMU / MiniConstellation so Constellation on QEMU can be created correctly by @malt3 in https://github.com/edgelesssys/constellation/pull/1069
- terraform: make control-planes stateful on gcp so the control-plane does not break when VMs are stopped and later restarted by @3u13r in https://github.com/edgelesssys/constellation/pull/1087
- bootstrapper: retry helm chart installation so slow Konnectivity startup does not break cluster initialization by @derpsteb in https://github.com/edgelesssys/constellation/pull/1151
- cli: error when executing
iam create
twice in the same workspace. This prevents cases where existing IAM resources are mistakenly rolled back by @msanft in https://github.com/edgelesssys/constellation/pull/1148 - cli: print previously hidden, but required GCP values (zone, region, projectID) to config/stdout when running
iam create
by @msanft in https://github.com/edgelesssys/constellation/pull/1149 - cli: fix pluralization in
create
output by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/1209 - iam: correctly assign uami role to base resource group by @3u13r in https://github.com/edgelesssys/constellation/pull/1247
- bootstrapper: retry helm chart installation on connection refused errors by @3u13r in https://github.com/edgelesssys/constellation/pull/1245
- cli: allow existing config for IAM creation without
--generate-config
by @Nirusu in https://github.com/edgelesssys/constellation/pull/1285 - cli: upgrade libtpms in libvirt container by @malt3 in https://github.com/edgelesssys/constellation/pull/1338
- bootstrapper: stop join-client earlier by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/1268
- bootstrapper: make sure InitServer is only shut down after Init has returned by @daniel-weisse in https://github.com/edgelesssys/constellation/pull/1347
🔧 Other changes
- versions: remove Kubernetes v1.23 by @katexochen in https://github.com/edgelesssys/constellation/pull/1080
- azure: add new idkeydigest by @3u13r in https://github.com/edgelesssys/constellation/pull/1094
- cli: enable jumbo frames for GCP VPCs by @Nirusu in https://github.com/edgelesssys/constellation/pull/1146
- cli: use pseudoversion and forward it into helm charts by @derpsteb in https://github.com/edgelesssys/constellation/pull/1281
- docs: add docs on general Terraform usage by @msanft in https://github.com/edgelesssys/constellation/pull/1263
- docs: adjust wording for resource provider troubleshooting by @Nirusu in https://github.com/edgelesssys/constellation/pull/1317
- docs: upgrade docs now reflect the new upgrade commands by @derpsteb in https://github.com/edgelesssys/constellation/pull/1331
New Contributors
- @miampf made their first contribution in https://github.com/edgelesssys/constellation/pull/946
Full Changelog: https://github.com/edgelesssys/constellation/compare/v2.5.0...v2.6.0
Details
date
March 9, 2023, 8:51 a.m.
name
v2.6.0
type
Minor
👇
Register or login to:
- 🔍View and search all Constellation releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!