edgelesssys/constellation v2.3.0

on GitHub

Changes

Added

• constellation iam create can be used to automatically create service accounts and set permissions for Constellation
• Automatic CSI driver deployment for Azure and GCP during Constellation init
• Release CLI with SLSA Level 3 requirements.
• Improve reproducibility by pinning the Kubernetes components.
• Client verification during constellation init
• Environment variable CONSTELL_AZURE_CLIENT_SECRET_VALUE as an alternative way to provide the configuration value provider.azure.clientSecretValue.

Changed

• Constellation operators are now deployed using Helm.
• Updated the config version to v2. Check how to migrate your config.
• OS images are now configured globally in the images field of the configuration file.
• The measurements entry in the CLI now uses an updated format, merging enforcedMeasurements and old measurements into one
• Expected measurements in the config and Constellation's Cluster-ID are now hex encoded by default. Base64 is still supported.

Removed

• access-manager was removed from code base. K8s native way to SSH into nodes documented.
• SSHUsers has been removed from the user configuration following the removal of access-manager.
• Azure Trusted Launch support. May come back in the future.

Fixed

• constellation create on GCP now always uses the local default credentials.