Releases: edgelesssys/contrast
Releases · edgelesssys/contrast
v0.9.0
What's Changed
🛠 Breaking changes
- meshapi: follow best practice for metric names by @katexochen in #722
- genpolicy: hide logs by default by @Freax13 in #771
- manifest: add WorkloadSecretID field by @3u13r in #785
🎁 New features
- node-installer: configure and run tardev-snapshotter by @katexochen in #697
🐛 Bug fixes
- coordinator: use random key for intermediate CA by @burgerdev in #732
- telemetry: only send cli version by @miampf in #751
- cli: always write the coordinator policy hash file by @burgerdev in #763
- coordinator: correct shutdown, report serve errors by @katexochen in #779
📖 Documentation
- docs: update persistent volume limitation by @burgerdev in #737
Upgrading
Contrast currently doesn't come with an upgrade path. To use the newest version of Contrast, undeploy your existing Contrast deployment, install the new CLI and setup a fresh Contrast deployment.
Full Changelog: v0.8.1...v0.9.0
Contributors
burgerdev, Freax13, and 3 other contributors
Assets 6
v0.8.1
What's Changed
🐛 Bug fixes
- [release/v0.8] coordinator: use random key for intermediate CA by @edgelessci in #733
Full Changelog: v0.8.0...v0.8.1
Contributors
edgelessci
Assets 6
v0.8.0
What's Changed
🛠 Breaking changes
- treewide: rename environment variables from
EDG_*toCONTRAST_*by @miampf in #572 - generate: add flag for aks reference values by @davidweisse in #612
- cli: remove runtime subcommand by @davidweisse in #626
- generate: rename --workload-owner-key to --add-workload-owner-key by @Freax13 in #670
🎁 New features
- cli: add recover command by @katexochen in #634
🐛 Bug fixes
- cli: fix autocomplete by @m1ghtym0 in #597
- atls: fix CommonName of temporary cert by @blenessy in #599
- genpolicy-msft: revert problematic tarindex commit by @burgerdev in #619
- ca: include SubjectKeyId and AuthorityKeyId in certificates by @burgerdev in #655
- microsoft.genpolicy: drop revert tarindex symlink handling patch by @katexochen in #667
- cli: change key file permissions to 0600 by @burgerdev in #709
🔧 Other changes
- genpolicy: allow contrast env vars for coordinator by @davidweisse in #587
- coordinator: uniform gRPC metric prefix by @burgerdev in #583
- cli: use manifest reference values for attestation by @davidweisse in #608
- cli/version: print launch digest, images and other version information by @miampf in #542
- generate: translate genpolicy logs, show warnings by @katexochen in #633
- verify: verify active manifest at Coordinator by @davidweisse in #615
📖 Documentation
- docs: add troubleshooting page by @davidweisse in #571
- docs: verify command takes in manifest file by @davidweisse in #625
- docs: extend troubleshooting guide by @katexochen in #614
- docs: add recovery by @burgerdev in #696
New Contributors
- @Freax13 made their first contribution in #656
- @daniel-weisse made their first contribution in #710
Upgrading
Contrast currently doesn't come with an upgrade path. To use the newest version of Contrast, undeploy your existing Contrast deployment, install the new CLI and setup a fresh Contrast deployment.
Full Changelog: v0.7.3...v0.8.0
Contributors
burgerdev, blenessy, and 6 other contributors
Assets 6
v0.7.3
What's Changed
🐛 Bug fixes
- [release/v0.7] microsoft.genpolicy: drop revert tarindex symlink handling patch by @edgelessci in #669
Compatibility
This Contrast release is compatible with AKS node image version AKSCBLMariner-V2katagen2-202406.19.0. There is a breaking change between this node image and earlier node image versions. The node image version can be requested with the following command:
az aks nodepool show \
--resource-group "<resource-group-name>" \
--cluster-name "<cluster-name>" \
--name "<node-pool-name>" \
| jq -r '.nodeImageVersion'If you observe a lower node image version, either upgrade the node manually or use the previous version of Contrast. This version does not include any changes beside providing compatibility to the new node image.
Full Changelog: v0.7.2...v0.7.3
Contributors
edgelessci
Assets 6
v0.7.2
What's Changed
🐛 Bug fixes
- [release/v0.7] ca: include SubjectKeyId and AuthorityKeyId in certificates by @edgelessci in #657
Full Changelog: v0.7.1...v0.7.2
Contributors
edgelessci
Assets 6
v0.7.1
What's Changed
🐛 Bug fixes
- [release/v0.7]: genpolicy-msft: revert problematic tarindex commit by @katexochen in #621
Full Changelog: v0.7.0...v0.7.1
Contributors
katexochen
Assets 6
v0.7.0
What's Changed
🎁 New features
- coordinator: export grpc prometheus metrics by @davidweisse in #460
- genpolicy-msft: add support for volumeDevices by @burgerdev in #496
- cli: inject initializer with
contrast generateby @davidweisse in #510 - cli: inject service mesh with
contrast generateby @davidweisse in #529
🐛 Bug fixes
- kuberesource: remove namespace when patching with empty string by @katexochen in #465
- resourcegen: use docker.io registry for emojivoto images by @katexochen in #540
- cli: wait 180s for the coordinator on
contrast setby @blenessy in #544
🔧 Other changes
- cmd/generate: decrease RUST_LOG to info by @katexochen in #459
- coordinator: add manifest generation metric by @davidweisse in #477
- coordinator: add metric for attestation failures with error string by @davidweisse in #484
- coordinator: add grpc latency metrics by @davidweisse in #501
- coordinator: make metrics endpoint configurable by @davidweisse in #491
- logging: enable subsystem warn level by default by @davidweisse in #565
📖 Documentation
- docs: removed all mentions of the preview bundle by @miampf in #461
- docs: harden curl invocation in installation instruction by @blenessy in #498
- docs: better error message when forgetting to set variables by @blenessy in #515
New Contributors
- @laralaske made their first contribution in #481
- @blenessy made their first contribution in #498
- @flxflx made their first contribution in #513
Upgrading
Contrast currently doesn't come with an upgrade path. To use the newest version of Contrast, undeploy your existing Contrast deployment, install the new CLI and setup a fresh Contrast deployment.
Full Changelog: v0.6.1...v0.7.0
Contributors
flxflx, burgerdev, and 5 other contributors
Assets 6
v0.6.1
What's Changed
🐛 Bug fixes
- [release/v0.6] kuberesource: remove namespace when patching with empty string by @edgelessci in #467
🔧 Other changes
- [release/v0.6] release: publish emojivoto-demo with prepared service mesh by @katexochen in #469
Full Changelog: v0.6.0...v0.6.1
Contributors
katexochen and edgelessci
Assets 6
v0.6.0
Reproducible and fully verifiable runtime
This is the first release of Contrast that comes with a bit-by-bit reproducible and fully verifiable runtime! 🎉
What's Changed
🛠 Breaking changes
🎁 New features
- cli: add telemetry wrapper for cli commands by @davidweisse in #333
- use custom runtime "contrast-cc" by @malt3 in #344
- generate: patch runtime class name by @malt3 in #385
- use self-built runtime by @malt3 in #444
🐛 Bug fixes
- attestation: use THIM instead of KDS to request vcek + cert chain by @malt3 in #363
- cli: fix policy name collisions in manifest by @davidweisse in #373
- embedbin: implement fallback for missing memfd by @malt3 in #399
- runtime: update guest image to fix bug where
getdentsin image layers with many files loops indefinitely by @malt3 in #444
🔧 Other changes
- attestation: use KDS as fallback if THIM retrieval fails by @davidweisse in #390
- generate: better error message on missing runtimeClass by @katexochen in #405
- cli: set retry loop aborts early on attestation failure by @davidweisse in #401
📖 Documentation
- docs: add components overview by @m1ghtym0 in #347
- docs: add security benefits by @m1ghtym0 in #283
- docs: fix resource group cleanup command by @katexochen in #386
- docs: add site about certificates by @3u13r in #324
- docs: add site about service mesh by @3u13r in #402
- docs: add attestation page by @m1ghtym0 in #393
- docs: add known limitations by @m1ghtym0 in #416
- docs: add detailed policy documentation by @burgerdev in #419
- docs: describe the Contrast runtime by @malt3 in #397
- docs: add service mesh steps to deployment guide by @burgerdev in #428
- docs: add
runtime.yamlto installation steps by @malt3 in #454
New Contributors
- @davidweisse made their first contribution in #333
- @thomasten made their first contribution in #364
- @miampf made their first contribution in #387
Full Changelog: v0.5.1...v0.6.0
Contributors
malt3, burgerdev, and 6 other contributors
Assets 6
v0.5.1
What's Changed
🐛 Bug fixes
- [release/v0.5] attestation: use THIM instead of KDS to request vcek + cert chain by @edgelessci in #365
🔧 Other changes
- [release/v0.5] prepare 0.5.1 release by @burgerdev in #370
Full Changelog: v0.5.0...v0.5.1
Contributors
burgerdev and edgelessci