v1.13.5

OS Changes

• Revert runc update to move back to 1.1.5 (#3054)

v1.13.4

OS Changes

• Ensure the first hostname is used when a VPC DHCP option set has multiple domains (#3032)
• Update runc to version 1.1.6 (#3037)

Orchestrator Changes

Kubernetes

• Generate and pass --hostname-override flag to kubelet in aws-k8s-1.26 variants (#3033)

v1.13.3

OS Changes

• Update kernel-5.10 to 5.10.173 and kernel-5.15 to 5.15.102 (#2948, #3002)
• Fix check for rule existence in ip6tables v1.8.9 (#3001)
• Backport systemd fixes for skipped udevd events (#2999)
• Check platform-specific mechanisms for hostname first (#3021)
• Generate 'provider-id' setting for aws-k8s variants (#3026)

v1.13.2

OS Changes

• Update runc to version 1.1.5 (#2946)

Orchestrator Changes

Kubernetes

• Update to Kubernetes v1.26.2 (#2929)
• Update aws-iam-authenticator package to v0.6.8 (#2965)

v1.13.1

OS Changes

• Improve logic around repartitioning and disk expansion by using symlinks to differentiate "fallback" and "preferred" data partitions (#2935)
• Add keyutils package to enable mounting CIFS shares (#2907)

Orchestrator Changes

Kubernetes

• Fix AWS profile rendering in credential provider (#2904)
• Change CredentialProviderConfig api version to v1beta1 for Kubernetes 1.25 variants (#2906)

v1.13.0

OS Changes

• Add ethtool to Bottlerocket (#2829)
• Improve logging in migrator to track ongoing migrations (#2751)
• Improve random-access read performance of root volume on some devices (#2863)
• Add CAP_SYS_MODULE and CAP_CHROOT to bootstrap containers (#2772)
• Add support for cgroup v2 (#2875, #2802)
• Disable IA and SafeSetID LSM for kernel-5.15 (#2789)
• Update kernel-5.10 to 5.10.165 and kernel-5.15 to 5.15.90 (#2795)
• Allow = in bootconfig values (#2806)
• Include systemd-analyze plot for logdog (#2880)
• Update host containers (#2864)
• Update third party packages (#2825, #2842)

Orchestrator Changes

Kubernetes

• Remove Kubernetes 1.21 variants (#2700)
• Add Kubernetes 1.26 variants (#2771, (#2876)
• Change kubelet service to have restart policy always (#2774)
• Update to Kubernetes v1.25.6 (#2782)
• Update to Kubernetes v1.24.10 (#2790)
• Update to Kubernetes v1.23.16 (#2791)
• Update Kubernetes 1.22.17 to include latest EKS-D patches (#2792)

ECS

• Enable FireLens capability in aws-ecs-1 variant (#2819)

Platform Changes

AWS

• Set NVMe IO request timeouts for EBS according to AWS recommendations (#2820)
• Support an alternate data partition on EC2 instances launched with a single volume (#2807, #2879, #2873)
• Update eni-max-pod mappings to include the latest AWS instance types (#2818)

VMware

• Remove k8s.gcr.io in favor of public.ecr.aws (#2861, (#2786)
• Disable UDP offload for primary interface (#2850)

Build Changes

• Ensure empty build/rpms directory is included in build context (#2784)
• Add image feature flag for cgroup v2 (#2845)
• Enable systemd-networkd development via build flag (#2741, #2832, #2750)
• Fix clippy linter warnings in source files and add clippy CI coverage (#2745)
• Use clippy provided in SDK image (#2793) (#2868)
• Remove unnecessary time 0.1.x dependency (#2748, #2851)
• Remove unnecessary patch from containerd (#2755)
• Update Bottlerocket SDK to v0.30.2 (#2866, #2857, #2836)
• Remove outdated rust_2018_idioms enforcement (#2837)
• Update Rust edition to 2021 (#2835)
• Upgraded Rust code dependencies (#2816, #2869, #2851, #2736, #2895)
• Upgraded Go code dependencies (#2828, #2826, #2813)
• Rename ncurses to libncurses (#2769)
• Update schnauzer's registry map (#2867)

Testing Changes

• Add support for Kubernetes workloads in testsys (#2830)
• Add support for a tests directory (#2737, #2775)
• Provide advanced config controls to testsys (#2799)
• Fix incorrect migration starting image for VMware testing in testsys (#2804)
• Use testsys v0.0.6 (#2865)

Documentation Changes

• Add boot sequence documentation (#2735)
• Update Bottlerocket version in provisioning step in PROVISIONING-METAL.md (#2785)
• Add user-data example for setting container registry credentials in README.md (#2803)
• Fix missing trailing backslashes on ami commands in TESTING.md (#2838)

v1.12.0

OS Changes

• Disable strict aliasing for c-utf-8 library strict aliasing in dbus-broker (#2730)
• Add /sys/firmware to privileged mounts in host-ctr (#2714)
• Use user-provided registry credentials for public.ecr.aws in host-ctr (#2676)
• Build masked paths list dynamically in host-ctr (#2637)
• Enable EFI option in systemd (#2714)
• Allow simple enums as map keys in datastore (#2687)
• Improve reliability of settings.network.hostname generator (#2647)
• Add support for bonding and VLANS in net.toml (#2596)
• Keep only one intermediate datastore during migration (#2589)
• Widen access to filesystem relabel in SELinux policy (#2738)
• Update hotdog to 1.05 (#2728)
• Update systemd to 250.9 (#2718)
• Update third party packages and dependencies (#2588, #2717)
• Update host containers (#2739)
• Update eksd (#2690, #2693, #2694, thanks @rcrozean)

Orchestrator Changes

Kubernetes

• Add support for Kubernetes 1.25 variants (#2699)
• Allow access to public kubelet certificates (#2639)
• During kubelet prestart, skip pause image pull if image exists (#2587)
• Delay kubelet.service until after warm-pool-wait service runs (#2562)
• Add OCI default spec and settings to containerd (#2697)

Platform Changes

VMware

• Downgrade iopl warning when fetching guestinfo in early-boot-config (#2732)

Build Changes

• Treat alias warning as errors (#2730)
• Suppress "missing changelog" warning in build (#2730)
• Update Bottlerocket SDK version to 0.29.0 (#2730)
• Improve error messages for publish-ami command (#2695)
• Disallow private AMIs in public SSM parameters (#2680)
• Rework start-local-vm image selection to use latest symlink (#2696)
• Improve integration testing through cargo make test (#2560, #2592, #2618, #2646, #2653, #2683, #2674, #2723, #2724, #2725)

v1.11.1

Security Fixes

• Update NVIDIA driver for 5.10 and 5.15 to include recent security fixes (74d2c5c, 64f3967)
• Apply patch to systemd for CVE-2022-3821 (#2611)

v1.11.0

OS Changes

• Prevent a panic in early-boot-config when there is no IMDS region (#2493)
• Update grub to 2.06-42 (#2503)
• Bring back wicked support for matching interfaces via hardware address (#2519)
• Allow bootstrap containers to manage swap (#2537)
• Add systemd-analyze commands to troubleshooting log collection tool (#2550)
• Allow bootstrap containers to manage network configuration (#2558)
• Serialize bootconfig values correctly when the value is empty (#2565)
• Update zlib, libexpat, libdbus, docker-cli (#2583)
• Update host containers (#2574)
• Unmask /sys/firmware from host containers (#2573)

Orchestrator Changes

ECS

• Add additional ECS API configurations (#2527)
  • ECS_CONTAINER_STOP_TIMEOUT
  • ECS_ENGINE_TASK_CLEANUP_WAIT_DURATION
  • ECS_TASK_METADATA_RPS_LIMIT
  • ECS_RESERVED_MEMORY

Kubernetes

• Add a timeout when calling EKS for configuration values (#2566)
• Enable IAM Roles Anywhere with the k8s ecr-credential-provider plugin (#2377, #2553)
• Kubernetes EKS-D updates
  • v1.24.6 (#2582)
  • v1.23.13 (#2578)
  • v1.22.15 (#2580, #2490)

Platform Changes

AWS

• Add driver support for AWS variants in hybrid environments (#2554)

Build Changes

• Add support for publishing to AWS organizations (#2484)
• Remove unnecessary dependencies when building grub (#2495)
• Switch to the latest Dockerfile frontend for builds (#2496)
• Prepare foundations for Secure Boot and image re-signing (#2505)
• Fix EFI file system to fit partition size (#2528)
• Add ShellCheck to check-lints for build scripts (#2532)
• Update the SDK to v0.28.0 (#2543)
• Use rustls-native-certs instead of webpki-roots (#2551)
• Handle absolute paths for output directory in kernel build script (#2563)

Documentation Changes

• Add a Roadmap markdown file (#2549)

v1.10.1

OS Changes

• Support container runtime settings: enable-unprivileged-icmp, enable-unprivileged-ports, max-concurrent-downloads, max-container-log-line-size (#2494)
• Update EKS-D to 1.22-11 (#2490)
• Update EKS-D to 1.23-6 (#2488)