github bottlerocket-os/bottlerocket v1.1.0

Deprecation Notice

The Kubernetes 1.16 variant, aws-k8s-1.16, will lose support in July, 2021. Kubernetes 1.16 is no longer receiving support upstream. We recommend replacing aws-k8s-1.16 nodes with a later variant, preferably aws-k8s-1.19 if your cluster supports it. See this issue for more details.

Important Notes

New variants with new defaults

This release introduces two new variants, aws-k8s-1.20 and vmware-k8s-1.20. We plan for all new variants, including these, to contain the following changes:

  • The kernel is Linux 5.10 rather than 5.4.
  • The kernel lockdown mode is set to "integrity" rather than "none".

The ECS preview variant, aws-ecs-1, has also been updated with these changes.

Existing aws-k8s variants will not receive these changes as they could affect existing workloads.

ECS task networking

The aws-ecs-1 variant now supports the awsvpc mode of ECS task networking. This allocates an elastic network interface and private IP address to each task.

OS Changes

  • Add Linux kernel 5.10 for use in new variants (#1526)
  • Add aws-k8s-1.20 variant with Kubernetes 1.20 support (#1437, #1533)
  • Add vmware-k8s-1.20 variant with Kubernetes 1.20 for VMware (#1511, #1529, #1523, #1502, #1554)
  • Remove aws-k8s-1.15 variant (#1487, #1492)
  • Constrain ephemeral port range (#1560)
  • Support awsvpc networking mode in ECS (#1246)
  • Add settings for QPS and burst limits of Kubernetes registry pulls, event records, and API (#1527, #1532, #1541)
  • Add setting to allow configuration of Kubernetes TLS bootstrap (#1485)
  • Add setting for configuring Kubernetes cloudProvider to allow usage outside AWS (#1494)
  • Make Kubernetes cluster-dns-ip optional to support usage outside of AWS (#1482)
  • Change parameters to support healthy CIS scan (#1295) (Thanks, @felipeac!)
  • Generate stable machine IDs for VMware and ARM KVM guests (#1506, #1537)
  • Enable "integrity" kernel lockdown mode for aws-ecs-1 preview variant (#1530)
  • Remove override for default service start timeout (#1483)
  • Restrict access to bootstrap container user data with SELinux (#1496)
  • Split SELinux policy rules for trusted subjects (#1558)
  • Add symlink to allow usage of secrets store CSI drivers (#1544)
  • Prevent bootstrap containers from restarting (#1508)
  • Add udev rules to mount CD-ROM only when media is present (#1516)
  • Add resize2fs binary to sbin (#1519) (Thanks, @samjo-nyang!)
  • Only restart a host container if affected by settings change (#1480)
  • Support file patterns when specifying log files in logdog (#1509)
  • Daemonize thar-be-settings to avoid zombie processes (#1507)
  • Add support for AWS region ap-northeast-3: Osaka (#1504)
  • Generate pause container URI with standard template variables (#1551)
  • Get cluster DNS IP from cluster when available (#1547)

Build Changes

  • Use kernel 5.10 in aws-ecs-1 variant (#1555)
  • Build only the packages needed for the current variant (#1408, #1520)
  • Use a friendly name for VMware OVA files in build outputs (#1535)
  • Update SDK to 0.21.0 (#1497, #1529)
  • Allow variants to specify extra kernel parameters (#1491)
  • Move kernel console settings to variant definitions (#1513)
  • Update vmw_backdoor dependency (#1498) (Thanks, @lucab!)
  • Archive old migrations (#1540)
  • Refactor default settings and containerd configs to shared files (#1538, #1542)
  • Check cargo version at start of build so we have a clear error when it's too low (#1503)
  • Fix concurrency issue in validate-repo that led to hangs (#1521)
  • Update third-party package dependencies (#1543, #1556)
  • Update Rust dependencies in the tools/ workspace (#1548)
  • Update tokio-related Rust dependencies in the sources/ workspace (#1479)
  • Add upstream runc patches addressing container scheduling failure (#1546)
  • Retry builds on known BuildKit internal errors (#1557, #1561)

Documentation Changes

  • Document the deprecation of the aws-k8s-1.15 variant (#1476)
  • Document the need to quote most Kubernetes labels/taints (#1550) (Thanks, @ellistarn!)
  • Fix VMware spelling and document user data sources (#1534)
latest releases: v1.1.4, v1.1.3, v1.1.2...
2 months ago