v2.19.2

What's Changed

🐛 Bug fixes

• terraform: fix security rule reconciliation on Azure by @elchead in #3454

🔧 Other changes

• config: only allow confidential instances on stackit by @h3adex in #3463

Full Changelog: v2.19.0...v2.19.2

v2.19.1

⚠️ Please use v2.19.2.

What's Changed

🐛 Bug fixes

• terraform: fix security rule reconciliation on Azure by @elchead in #3454

🔧 Other changes

• docs: clarify for Azure TDX with Terraform provider by @elchead in #3449
• config: only allow confidential instances on stackit by @h3adex in #3463
• docs: how to reproduce released artifacts by @burgerdev in #3451

New Contributors

• @h3adex made their first contribution in #3463

Full Changelog: v2.19.0...v2.19.1

v2.19.0

⚠️ Please use v2.19.2.

What's Changed

🐛 Bug fixes

• image: improve AWS performance by retiring idle=poll option by @burgerdev in #3387

🔧 Other changes

• helm: manage CoreDNS addon as Helm chart by @burgerdev in #3388

Full Changelog: v2.18.0...v2.19.0

v2.18.0

What's Changed

🛠 Breaking changes

• ci: mirror GCP SEV-SNP marketplace images by @msanft in #3274

🎁 New features

• Make SEV-SNP the default attestation variant on GCP by @thomasten in #3267
• terraform-provider-constellation: make kubeconfig output fine-grained by @msanft in #3334

🐛 Bug fixes

• helm: cilium: allow multiple default routes by @burgerdev in #3344
• openstack: Fix a crash in the bootstrapper during node join discovery by @3u13r in #3375

🔧 Other changes

• docs: fix broken links by @daniel-weisse in #3359

New Contributors

• @laralaske made their first contribution in #3255
• @Mearman made their first contribution in #3317

Full Changelog: v2.17.0...v2.18.0

v2.17.0

What's Changed

🛠 Breaking changes

• helm: upgrade cert-manager from v1.12.6 to v1.15.0 by @daniel-weisse in #3177
  • See the cert-manager upgrade instructions
• Remove support for k8s v1.27 by @burgerdev in #3173

🎁 New features

• Add support for k8s v1.30 by @burgerdev in #3173
• terraform-provider-constellation: openstack support by @malt3 in #2974
• Support SEV-SNP on GCP by @msanft in #3011
• cli: allow tagging cloud resources with custom tags by @miampf in #3033
• cli: enable JSON output for constellation verify on Azure TDX by @daniel-weisse in #3164
• config: allow "latest" pseudo-version for Azure TDX config values by @daniel-weisse in #3166

🐛 Bug fixes

• cli: retry auth handshake deadline exceeded errors in CLI and Terraform by @daniel-weisse in #2976
• bootstrapper: wipe disk and reboot on non-recoverable error by @daniel-weisse in #2971
• bazel: patch Go SDK to increase TLS maxHandshake size by @malt3 in #3009
• kubecmd: retry any k8s errors in CLI and Terraform by @daniel-weisse in #3028
• helm: Restore the ability to start a cluster in conformance mode by disabling the cilium ipmasq agent when in conformance mode by @3u13r in #3062
• terraform: add missing policies for AWS ALB by @burgerdev in #3063
• operators: ignore node deletion errors on absence by @burgerdev in #3113
• cli: fix constellation verify depending on an initialized constellation-state.yaml file by @daniel-weisse in #3184

🔧 Other changes

• attestation: dont set a default for TDX MRSEAM by @daniel-weisse in #3038
• deps: upgrade terraform provider stackit to 0.16.0 by @malt3 in #3046
• image: update to Fedora 40 by @msanft in #3104
• bootstrapper: prioritize etcd disk I/O by @msanft in #3114
• helm: update AWS CSI driver by @msanft in #3121
• attestation: enable Azure TDX CRL checking by @daniel-weisse in #3160
• renovate: allow major version upgrades of GitHub action dependencies by @daniel-weisse in #3217

New Contributors

• @davidweisse made their first contribution in #3018

Full Changelog: v2.16.4...v2.17.0

v2.16.4

Whats changed

This patch release adds optional IAM permissions to support AWS Application Load Balancers.
Run constellation iam upgrade apply to add these permissions to an existing Constellation.

🐛 Bug fixes

• helm: disable cilium ipmasq agent when in conformance mode by @3u13r
• terraform: add missing policies for AWS ALB by @burgerdev
• attestation: dont set a default for TDX MRSEAM by @daniel-weisse
• deps: upgrade terraform provider stackit to 0.17.0 by @malt3 and @burgerdev
• snp: ensure we never use ARK supplied by Issuer by @daniel-weisse
• kubecmd: retry any k8s errors in CLI and Terraform by @daniel-weisse

Full Changelog: v2.16.3...v2.16.4

v2.16.3

This release patches the following security vulnerability in Constellation:

• Pods exposed to peers in VPC (severity: high)

Whats changed

🐛 Bug fixes

• helm: firewall pods by @burgerdev in 5507982

Full Changelog: v2.16.2...v2.16.3

v2.16.2

This release fixes an issue which could prevent Constellation cluster creation with Azure SEV-SNP.

Whats changed

🐛 Bug fixes

• increase TLS maxHandshake size to fix deployments on Azure SEV-SNP by @malt3 in #3009
• helm: manually retry uninstalling a failed release during constellation apply by @burgerdev in #2984

🔧 Other changes

• terraform: update terraform provider STACKIT to v0.15.1 by @burgerdev in #3007

Full Changelog: v2.16.1...v2.16.2

v2.16.1

This release improves the user experience on STACKIT. Users on other platforms can safely skip this version.

What's Changed

🎁 New features

• terraform-provider-constellation: support STACKIT by @malt3 in #2974

🐛 Bug fixes

• fix default config generated for STACKIT by @malt3 in #2965

🔧 Other changes

• simplify configuration by reading STACKIT related credentials from canonical locations
• improve STACKIT related documentation

Full Changelog: v2.16.0...v2.16.1

v2.16.0

What's Changed

🛠 Breaking changes

• terraform: remove cloud loggers by @msanft in #2892

🎁 New features

• terraform: support AWS marketplace images by @msanft in #2888
• Support STACKIT as cloud provider by @malt3 in #2899
• STACKIT Kubernetes API load balancing by @3u13r in #2925

Full Changelog: v2.15.1...v2.16.0