v2.15.0

What's Changed

🛠 Breaking changes

• terraform-provider: require kubernetes and microservice version by @elchead in #2791

Important

An upgrade from v2.14.0 to v2.15.0 will require you to explicitly specify the microservice version in your Terraform configuration and re-apply the changed configuration while still on provider version v2.14.0 before upgrading to the provider version v2.15.0.

🎁 New features

• Add pod disruption budgets so the cluster-autoscaler is able to move kube-admin namespaced resources by @3u13r in #2781
• cli: support for GCP marketplace images by @msanft in #2792
• attestation: enable Constellation for Azure TDX by @daniel-weisse in #2827

🐛 Bug fixes

• terraform-provider: fix parsing api_server_cert_sans by @3u13r in #2758
• helm: masq traffic to the mini-qemu-metadata container so that the join-service can retrieve its metadata by @3u13r in #2782
• cli: fix AWS SEV-SNP latest version resolution in cluster by @elchead in #2810
• terraform-provider: validate microservice and image version during plan by @elchead in #2814
• operator: fix node upgrades when using Azure marketplace images by @msanft in #2846
• cilium: performance fixes and reproducible images by @burgerdev @3u13r in #2855

🔧 Other changes

• Add Azure region Germany West Central by @m1ghtym0 in #2858

Full Changelog: v2.14.3...v2.15.0

v2.14.3

What's Changed

🐛 Bug fixes

• helm: masq traffic to the mini-qemu-metadata container so that the join-service can retrieve it's metadata by @3u13r in #2782
• node-operator: allow the upgrade process to succeed by correctly setting the communityGallery VM image in Azure by @elchead in #2788

Full Changelog: v2.14.2...v2.14.3

v2.14.2

⚠️ Please use v2.14.3.

What's Changed

🐛 Bug fixes

• terraform-provider: give execution permission to the provider binaries by @elchead in #2779

Full Changelog: v2.14.1...v2.14.2

v2.14.1

⚠️ Please use v2.14.2.

What's Changed

🐛 Bug fixes

• terraform-provider: fix the broken provider release in the Terraform registry by @elchead in #2778
• terraform-provider: fix parsing api_server_cert_sans by @3u13r in #2758

Full Changelog: v2.14.0...v2.14.1

v2.14.0

What's Changed

🎁 New features

• terraform-provider: first release of the Terraform provider for full lifecycle cluster management in Terraform by @daniel-weisse, @elchead and @msanft
• Enable Cilium node-to-node strict encryption by @3u13r in #2462
• cli: enable constellation apply to create new clusters by @daniel-weisse in #2549
• docs: add Helm chart for VPN connectivity by @burgerdev in #2577
• aws: reintroduce SNP-based attestation by @derpsteb in #2601
• Make Kubernetes serviceCIDR configurable in config by @3u13r in #2660
• terraform: Azure Marketplace image support by @msanft in #2651
• image: reproducible builds test by @malt3 in #2707
• deps: update cert manager to 1.12.6 by @3u13r in #2700
• deps: pin cert-manager image to sha256 checksum by @elchead in #2721
• deps: pin Kubernetes container image hashes by @burgerdev in #2719

🐛 Bug fixes

• cli: fix panic in status cmd without conf file by @elchead in #2625
• api: respect HTTP(S)_PROXY environment variable by @msanft in #2635

New Contributors

• @burgerdev made their first contribution in #2576

Full Changelog: v2.13.0...v2.14.0

v2.13.0

What's Changed

🎁 New features

• cli: add field docs to the state file by @msanft in #2453
• cli: generate state file during constellation config generate by @msanft in #2455
• Support internal load balancers by @3u13r in #2388
• cli: add constellation apply command to replace init and upgrade apply by @daniel-weisse in #2484
• cli: state file validation by @msanft in #2523
• terraform: Terraform module for AWS by @elchead in #2503
• terraform: Terraform module for GCP by @elchead in #2553
• terraform: Terraform module for Azure by @msanft in #2566

🐛 Bug fixes

• helm: add GCP CCM permissions for internal LBs by @3u13r in #2474
• [Windows] cli: fix incorrect filepath separator causing upgrades to fail by @daniel-weisse in #2562

🔧 Other changes

• docs: add new page to document s3proxy by @derpsteb in #2417
• docs: extend filestash example with more regions by @derpsteb in #2445
• docs: document self-managed infrastructure by @msanft in #2458
• hack: remove GCP internal LB by @3u13r in #2502
• docs: refer to apply command instead of init or upgrade apply by @daniel-weisse in #2487
• docs: align self-managed infrastructure docs with e2e worfklow by @msanft in #2525

New Contributors

• @etelsv made their first contribution in #2411

Full Changelog: v2.12.0...v2.13.0

v2.12.0

What's Changed

🛠 Breaking changes

• cli: new flag for Azure JSON output of constellation verify by @elchead in #2391

🎁 New features

• cli: perform upgrades in-place in Terraform workspace by @msanft in #2317
• s3proxy: add initial implementation by @derpsteb in #2385

🐛 Bug fixes

• cli: temporarily increase AWS ASG creation timeout by @msanft in #2340
• cli: report log collection failure to user by @daniel-weisse in #2354

🔧 Other changes

• joinservice: cache certificates for Azure SEV-SNP attestation by @msanft in #2336
• docs: add observability page by @m1ghtym0 in #2384
• docs: document gcp permissions needed for upgrade by @3u13r in #2378
• cli: use state file on init and upgrade by @msanft in #2395

Full Changelog: v2.11.0...v2.12.0

v2.11.0

What's Changed

🛠 Breaking changes

• remove deprecated -c and -w flags from constellation create by @3u13r in #2325

🎁 New features

• attestation: print ordered measurement verification warnings and errors by @daniel-weisse in #2237
• deps: support Kubernetes 1.28 by @3u13r in #2242
• cli: add spinner to helm chart installation by @daniel-weisse in #2270
• cli: save Helm charts to disk before running upgrades by @daniel-weisse in #2305
• cli: new flag to skip phases of upgrade by @elchead in #2310

🐛 Bug fixes

• cli: fix incorrect file path for master secret during upgrades when using workspace flag by @daniel-weisse in #2249
• cli: fix upgrade by passing placeholder values for images by @elchead in #2250
• cli: fix incorrect actual values for constellation verify on AWS by @3u13r in #2265
• ci: fix incorrect signing key for sbom signature and wrong public key in release artifacts by @daniel-weisse in #2296
• cli: correctly trim white spaces for certificates in verify by @daniel-weisse in #2299
• cli: retry helm apply on any error by @daniel-weisse in #2322
• node-operator: fix data race in executor by @elchead in #2326

🔧 Other changes

• deps: limit Terraform version to FOSS releases by @thomasten in #2241
• docs: document upgrade backup files by @msanft in #2275
• docs: add vault performance benchmarks by @m1ghtym0 in #2271
• image: move idle and nosmt to aws-only images by @derpsteb in #2297

Full Changelog: v2.10.1...v2.11.0

v2.10.1

What's Changed

🐛 Bug fixes

• cli: fix upgrade by passing placeholder values for images by @3u13r and @elchead in #2250
• cli: fix incorrect file path for master secret during upgrades when using workspace flag by @daniel-weisse in #2249

Full Changelog: v2.10.0...v2.10.1

v2.10.0

What's Changed

🛠 Breaking changes

• Use new aws-load-balancer-controller to fix SecurityGroup cleanup on K8s service deletion by @elchead in #2090
• cli: add --workspace flag to set base directory for Constellation workspace by @daniel-weisse in #2148

🎁 New features

• Create additional node groups with custom instance types, disk settings and independent scaling #2152
• Placement of node groups in different zones for high availability #2152
• Enable volume snapshot support if CSI drivers are deployed to the cluster by @daniel-weisse in #1964
• bootstrapper: add fallback endpoint and custom endpoint to apiserver certificate SAN field by @malt3 in #2108
• cli: add iam upgrade apply by @elchead in #2132
• cli: output CSI driver versions on status by @daniel-weisse in #2128
• cli: print vcek certificate extensions and snp attestation report during verify by @katexochen in #2140
• cli: add maa token to the output of verify command by @katexochen in #2172

🐛 Bug fixes

• cli: do not recreate os disk during upgrade by keeping Azure ConfidentialVM setting during upgrade by @malt3 in #2113
• image: fix deadlock on boot by using AWS linux kernel by @daniel-weisse in #2115
• disk-mapper: allow rebooted but uninitialized node to join the cluster by @daniel-weisse in #2083
• cli: do not recreate LB IP during 2.9 upgrade on Azure by @derpsteb in #2117
• image: synchronize time via ntp by @malt3 in #2118
• cli: retry during upgrade when node image update fails due to conflict error by @elchead in #2123
• cli: fix version check for CSI chart by @daniel-weisse in #2209

🔧 Other changes

• doc: add iam:DeletePolicyVersion by @elchead in #2111

Full Changelog: v2.9.0...v2.10.0