What's Changed
🛠 Breaking changes
- config: remove deprecated
upgradeConfig
and requirename
andmicroserviceVersion
fields by @daniel-weisse in #1541
🎁 New features
- attestation: add options to the
EnforceIDKeyDigest
config field to enable Microsoft Azure Attestation fallback when verifying AMD SNP-SEV id key digest by @daniel-weisse in #1257 - cli:
upgrade apply
now allows upgrading measurements only by @derpsteb in #1432 - config: deprecate
confidentialVM
config option for Azure clusters in favor ofattestationVariant
by @daniel-weisse in #1539 - docs: list minimal permissions set required for Constellation setup by @msanft in #1442
- cli: add
status
command to print upgrade and version status of cluster by @derpsteb in #1520 - cli: show available cli upgrades with
upgrade check
command by @msanft in #1394 - cli: print attestation document during verification with
constellation verify
by @msanft in #1577
🐛 Bug fixes
- bootstrapper: mitigate timeout issue during Cilium deployment by @Nirusu in #1403
- cli: prevent double initialization in cases where an error was mistakenly retried by @Nirusu in #1404
- cli: fix
upgrade apply
for image-only upgrades by @derpsteb in #1468 - ci: correctly determine PCR5 value by measuring it during build time by @derpsteb in #1521
🔧 Other changes
- attestation: create issuer based on kernel cmd line by @daniel-weisse in #1355
- docs: embedd asciinema casts by @datosh in #1154
- cli: only create resource backups if upgrade is executed by @derpsteb in #1437
- cli: grant Azure user-assigned managed identities all permissions previously granted to app registration by @malt3 in #1334
- experimental support for OpenStack by @malt3 in #1443
- cli: warn about missing support for upgrades on AWS, OpenStack, QEMU by @derpsteb in #1518
Full Changelog: v2.6.0...v2.7.0