Releases: bottlerocket-os/bottlerocket
Releases · bottlerocket-os/bottlerocket
v1.9.0
OS Changes
- SELinux policy now suppresses audit for tmpfs relabels (#2222)
- Restrict permissions for
/boot
andSystem.map
(#2223) - Remove unused crates
growpart
andservicedog
(#2238) - New mount in host containers for system logs (#2295)
- Apply strict mount options and enforce execution rules (#2239)
- Switch to a more commonly used syntax for disabling kernel config settings (#2290)
- Respect proxy settings when running setting generators (#2227)
- Add
NET_CAP_ADMIN
to bootstrap containers (#2266) - Reduce log output for DHCP services (#2260)
- Fix invalid kernel config options (#2269)
- Improve support for container storage mounts (#2240)
- Disable uncommon filesystems and network protocols (#2255)
- Add support for blocking kernel modules (#2274)
- Fix
ntp
service restart when settings change (#2270) - Add kernel 5.15 sources (#2226)
- Defer
squashfs
mounts to later in the boot process (#2276) - Improve boot speed and rootfs size (#2296)
- Add "quiet" kernel parameter for some variants (#2277)
Orchestrator Changes
Kubernetes
- Make new instance types available (#2221 , thanks @cablespaghetti)
- Update Kubernetes versions (#2230, #2232, #2262, #2263, thanks @kschumy)
- Add kubelet image GC threshold settings (#2219)
ECS
- Add iptables rules for ECS introspection server (#2267)
Platform Changes
AWS
- Add support for AWS China regions (#2224, #2242, #2247, #2285)
- Migrate to using
aws-sdk-rust
for first-party OS Rust packages (#2300)
VMWare
- Remove
console=ttyS0
from kernel params (#2248)
Metal
- Enable Mellanox modules in 5.10 kernel (#2241)
- Add bnxt module for Broadcom 10/25Gb network adapters in 5.10 kernel (#2243)
- Split out baremetal specific config options (#2264)
- Add driver support for Cisco UCS platforms (#2271)
- Only build baremetal variant specific drivers for baremetal variants (#2279)
- Enable the metal-dev build for the ARM architecture (#2272)
Build Changes
- Add Makefile targets to create and validate Boot Configuration (#2189)
- Create symlinks to images with friendly names (#2215)
- Add
start-local-vm
script (#2194) - Add the testsys CLI and new cargo make tasks for testing aws-k8s variants (#2165)
- Update Rust and Go dependencies (#2303, #2299)
- Update third-party packages (#2309)
Documentation Changes
v1.8.0
OS Changes
General
- Update admin and control containers (#2191)
- Update to containerd 1.6.x (#2158)
- Restart container runtimes when certificates store changes (#2076)
- Add support for providing kernel parameters via Boot Configuration (#1980)
- Restart long-running systemd services on exit (#2162)
- Ignore zero blocks on dm-verity root (#2169)
- Add support for static DNS mappings in
/etc/hosts
(#2129) - Enable network configuration generation via
netdog
(#2066) - Add support for non-
eth0
default interfaces (#2144) - Update to IMDS schema
2021-07-15
(#2190)
Kubernetes
- Add support for Kubernetes 1.23 variants (#2188)
- Improve Kubernetes pod start times by unsetting
configMapAndSecretChangeDetectionStrategy
in kubelet config (#2166) - Add new setting for configuring kubelet's
provider-id
configuration (#2192) - Add new setting for configuring kubelet's
podPidsLimit
configuration (#2138) - Allow a list of IP addresses in
settings.kubernetes.cluster-dns-ip
(#2176) - Set the default for
settings.kubernetes.cloud-provider
on metal variants to an empty string (#2188) - Add c7g instance data for max pods calculation in AWS variants (#2107, thanks, @lizthegrey!)
ECS
- Add aws-ecs-1-nvidia variant with Nvidia driver support (#2128, #2100, #2098, #2167, #2097, #2090, #2099)
- Add support for ECS ImagePullBehavior and WarmPoolsSupport (#2063, thanks, @mello7tre!)
Hardware
- Build smartpqi driver for Microchip Smart Storage devices into 5.10 kernel (#2184)
- Add support for Broadcom ethernet cards in 5.10 kernel (#2143)
- Add support for MegaRAID SAS in 5.10 kernel (#2133)
Build Changes
- Remove aws-k8s-1.18 variant (#2044, #2092)
- Update third-party packages (#2178, #2187, #2145)
- Update Rust and Go dependencies (#2183, #2181, #2180, #2085, #2110, #2068, #2075, #2074, #2048, #2059, #2049, #2036, #2033)
- Update Bottlerocket SDK to 0.26.0 (#2157)
- Speed up kernel builds by installing headers and modules in parallel (#2185)
- Removed unused patch from Docker CLI (#2030, thanks, @thaJeztah!)
Documentation Changes
v1.7.2
Security Fixes
- Update kernel-5.4 to patch CVE-2022-1015, CVE-2022-1016, CVE-2022-25636, CVE-2022-26490, CVE-2022-27666, CVE-2022-28356 (a3b4674f7108)
- Update kernel-5.10 to patch CVE-2022-1015, CVE-2022-1016, CVE-2022-25636, CVE-2022-1048, CVE-2022-26490, CVE-2022-27666, CVE-2022-28356 (37095415bab6)
OS Changes
v.1.7.1
Security Fixes
- Apply patch to hotdog for CVE-2022-0071 (1a3f35b2fe8e)
OS Changes
- Enable checkpoint restore (
CONFIG_CHECKPOINT_RESTORE
) for aarch64 (6e3d6ed4b83e)
v1.7.0
With this release, an inventory of software installed in Bottlerocket will now be reported to SSM if the control container is in use and inventorying has been enabled.
OS Changes
- Generate host software inventory and make it available to host containers (#1996)
- Update admin and control containers (#2014)
Build Changes
- Update third-party packages (#1977, #1983, #1987, #1992, #2022)
- Update Rust and Go dependencies (#2016, #2019)
- Makefile: lock tuftool version (#2009)
- Fix tmpfilesd configuration for kmod-5.10-nvidia (#2020)
Documentation Changes
v1.6.2
With this release, the vmware-k8s variants have graduated from preview status and are now generally available. 🎉
Security Fixes
- Update kernel-5.4 and kernel-5.10 to include recent security fixes (a8e4a20ca7d1, 3d0c10abeecb)
OS Changes
- Add support for Kubernetes 1.22 variants (#1962)
- Add settings support for registry credentials (#1955)
- Add support for AWS CloudFormation signaling (#1728, thanks, @mello7tre!)
- Add TCMU support to the kernel (#1953, thanks, @cvlc!)
- Fix issue with closing frame construction in apiserver (#1948)
Build Changes
- Fix dead code warning during build in netdog (#1949)
Documentation Changes
- Correct variable name in bootstrap-containers/README.md (#1959, thanks, @dangen-effy!)
- Add art to the console (#1970)
v1.6.1
Security Fixes
- Apply patch to containerd for CVE-2022-23648 (0de1b39efa64)
- Update kernel-5.4 and kernel-5.10 to include recent security fixes (#1973)
v1.6.0
Deprecation Notice
The Kubernetes 1.18 variant, aws-k8s-1.18
, will lose support in March 2022. Kubernetes 1.18 is no longer receiving support upstream. We recommend replacing aws-k8s-1.18
nodes with a later variant, preferably aws-k8s-1.21
if your cluster supports it. See this issue for more details.
Security Fixes
- Apply patch to the kernel for CVE-2022-0492 (#1943)
OS Changes
- Add aws-k8s-1.21-nvidia variant with Nvidia driver support (#1859, #1860, #1861, #1862, #1900, #1912, #1915, #1916, #1928)
- Add metal-k8s-1.21 variant with support for running on bare metal (#1904)
- Update host containers to the latest version (#1939)
- Add driverdog, a configuration-driven utility for linking kernel modules at runtime (#1867)
- Kubernetes: Fix a potential inconsistency with IPv6 node-ip comparisons (#1932)
- Allow setting multiple Kubernetes node taints with the same key (#1906)
- Fix a bug which would prevent Bottlerocket from booting when setting
container-registry
to an empty table (#1910) - Add
/etc/bottlerocket-release
to host containers (#1883) - Send grub output to the local console on BIOS systems (#1894)
- Fix minor issues with systemd units (#1889)
Build Changes
- Update third-party packages (#1936)
- Update Rust dependencies (#1940)
- Update Go dependencies of
host-ctr
(#1938) - Add the ability to fetch licenses at build time (#1901)
- Pin tuftool to a specific version (#1940)
Documentation Changes
- Add a no-proxy setting example to the README (#1765 thanks, @mrajashree!)
- Document variant
image-layout
options in the README (#1896)
v1.5.3
Security Fixes
- Update Bottlerocket SDK to 0.25.1 for Rust 1.58.1 (#1918)
- Update kernel-5.4 and kernel-5.10 to include recent security fixes (#1921)
- Migrate host-container to the latest version for vmware variants (#1898)
OS Changes
- Fix an issue which could impair nodes in Kubernetes 1.21 IPv6 clusters (#1925)
v1.5.2
Security Fixes
- Update containerd for CVE-2021-43816 (8f085929588a)