Releases: bottlerocket-os/bottlerocket
Releases · bottlerocket-os/bottlerocket
v1.6.0
Deprecation Notice
The Kubernetes 1.18 variant, aws-k8s-1.18, will lose support in March 2022. Kubernetes 1.18 is no longer receiving support upstream. We recommend replacing aws-k8s-1.18 nodes with a later variant, preferably aws-k8s-1.21 if your cluster supports it. See this issue for more details.
Security Fixes
- Apply patch to the kernel for CVE-2022-0492 (#1943)
OS Changes
- Add aws-k8s-1.21-nvidia variant with Nvidia driver support (#1859, #1860, #1861, #1862, #1900, #1912, #1915, #1916, #1928)
- Add metal-k8s-1.21 variant with support for running on bare metal (#1904)
- Update host containers to the latest version (#1939)
- Add driverdog, a configuration-driven utility for linking kernel modules at runtime (#1867)
- Kubernetes: Fix a potential inconsistency with IPv6 node-ip comparisons (#1932)
- Allow setting multiple Kubernetes node taints with the same key (#1906)
- Fix a bug which would prevent Bottlerocket from booting when setting
container-registryto an empty table (#1910) - Add
/etc/bottlerocket-releaseto host containers (#1883) - Send grub output to the local console on BIOS systems (#1894)
- Fix minor issues with systemd units (#1889)
Build Changes
- Update third-party packages (#1936)
- Update Rust dependencies (#1940)
- Update Go dependencies of
host-ctr(#1938) - Add the ability to fetch licenses at build time (#1901)
- Pin tuftool to a specific version (#1940)
Documentation Changes
- Add a no-proxy setting example to the README (#1765 thanks, @mrajashree!)
- Document variant
image-layoutoptions in the README (#1896)
Contributors
mrajashree
Assets 2
v1.5.3
Security Fixes
- Update Bottlerocket SDK to 0.25.1 for Rust 1.58.1 (#1918)
- Update kernel-5.4 and kernel-5.10 to include recent security fixes (#1921)
- Migrate host-container to the latest version for vmware variants (#1898)
OS Changes
- Fix an issue which could impair nodes in Kubernetes 1.21 IPv6 clusters (#1925)
v1.5.2
Security Fixes
- Update containerd for CVE-2021-43816 (8f085929588a)
v1.5.1
v1.5.0
Security Enhancements
- Add the ability to hotpatch log4j for CVE-2021-44228 in running containers (#1872, #1871, #1869)
OS Changes
- Enable configuration for OCI hooks in the container lifecycle (#1868)
- Retry all failed requests to IMDS (#1841)
- Enable node feature discovery for Kubernetes device plugins (#1863)
- Add
apiclient getsubcommand for simple API retrieval (#1836) - Add support for CPU microcode updates (#1827)
- Consistently support API prefix queries (#1835)
Build Changes
- Add support for custom image sizes (#1826)
- Add support for unifying the OS and data partitions on a single disk (#1870)
Documentation Changes
- Fixed typo in the README (#1847 thanks, @PascalBourdier!)
Contributors
PascalBourdier
Assets 2
v1.4.2
v1.4.1
v1.4.0
OS Changes
- Add 'apiclient exec' for running commands in host containers (#1802, #1790)
- Improve boot performance (#1809)
- Add support for wildcard container registry mirrors (#1791, #1818)
- Wait up to 300s for a DHCP lease at boot (#1800)
- Retry if fetching the IMDS session token fails (#1801)
- Add ECR account IDs for pulling host containers in GovCloud (#1793)
- Filter sensitive API settings from
logdogdump (#1777) - Fix kubelet standalone mode (#1783)
Build Changes
- Remove aws-k8s-1.17 variant (#1807)
- Update Bottlerocket SDK to 0.23 (#1779)
- Update third-party packages (#1816)
- Update Rust dependencies (#1810)
- Update Go dependencies of
host-ctr(#1775, #1774) - Prevent spurious rebuilds of the model package (#1808)
- Add disk image files to TUF repo (#1787)
- Vendor wicked service units (#1798)
- Add CI check for Rust code formatting (#1782)
- Allow overriding the AMI data file suffix (#1784)
Documentation Changes
- Update cargo-make commands to work with newest cargo-make (#1797)
v1.3.0
Deprecation Notice
The Kubernetes 1.17 variant, aws-k8s-1.17, will lose support in November, 2021. Kubernetes 1.17 is no longer receiving support upstream. We recommend replacing aws-k8s-1.17 nodes with a later variant, preferably aws-k8s-1.21 if your cluster supports it. See this issue for more details.
Security Fixes
- Apply patches to docker and containerd for CVE-2021-41089, CVE-2021-41091, CVE-2021-41092, and CVE-2021-41103 (#1769)
OS Changes
- Add MCS constraints to the SELinux policy (#1733)
- Support IPv6 in kubelet and pluto (#1710)
- Add region flag to aws-iam-authenticator command (#1762)
- Restart modified host containers (#1722)
- Add more detail to /etc/os-release (#1749)
- Add an entry to
/etc/hostsfor the current hostname (#1713, #1746) - Update default control container to v0.5.2 (#1730)
- Fix various SELinux policy issues (#1729)
- Update eni-max-pods with new instance types (#1724, thanks @samjo-nyang!)
- Add cilium device filters to open-vm-tools (#1718)
- Implement hybrid boot support for x86_64 (#1701)
- Include
/var/log/kdumpin logdog tarballs (#1695) - Use runtime.slice and system.slice cgroup settings in k8s variants (#1684, thanks @cyrus-mc!)
Build Changes
- Update third-party packages (#1701, #1716, #1732, #1755, #1763, #1767)
- Update Rust dependencies (#1707, #1750, #1751)
- Add wave definition for slow deployment (#1734)
- Add 'infrasys' for creating TUF infra in AWS (#1723)
- Make OVF file first in the OVA bundle (#1719)
- Raise pubsys messages to 'warn' if AMI exists or repo doesn't (#1708)
- Add constants crate (#1709)
- Add release URLs to package definitions (#1748)
- Add *.src.rpm to packages/.gitignore (#1768)
- Archive old migrations (#1699)
Documentation Changes
- Mention static pods in the security guidance around API access (#1766)
- Fix link to issue labels (#1764, thanks @andrewhsu!)
- Fix broken link for TLS bootstrapping (#1758)
- Update hash for v3 root.json (#1757)
- Update example version to v1.2.0 in QUICKSTART-VMWARE (#1741, thanks @yuvalk!)
- Clarify default kernel lockdown settings per variant (#1704)
Contributors
andrewhsu, yuvalk, and 2 other contributors