Deprecation Notice
The Kubernetes 1.17 variant, aws-k8s-1.17
, will lose support in November, 2021. Kubernetes 1.17 is no longer receiving support upstream. We recommend replacing aws-k8s-1.17
nodes with a later variant, preferably aws-k8s-1.21
if your cluster supports it. See this issue for more details.
Security Fixes
- Apply patches to docker and containerd for CVE-2021-41089, CVE-2021-41091, CVE-2021-41092, and CVE-2021-41103 (#1769)
OS Changes
- Add MCS constraints to the SELinux policy (#1733)
- Support IPv6 in kubelet and pluto (#1710)
- Add region flag to aws-iam-authenticator command (#1762)
- Restart modified host containers (#1722)
- Add more detail to /etc/os-release (#1749)
- Add an entry to
/etc/hosts
for the current hostname (#1713, #1746) - Update default control container to v0.5.2 (#1730)
- Fix various SELinux policy issues (#1729)
- Update eni-max-pods with new instance types (#1724, thanks @samjo-nyang!)
- Add cilium device filters to open-vm-tools (#1718)
- Implement hybrid boot support for x86_64 (#1701)
- Include
/var/log/kdump
in logdog tarballs (#1695) - Use runtime.slice and system.slice cgroup settings in k8s variants (#1684, thanks @cyrus-mc!)
Build Changes
- Update third-party packages (#1701, #1716, #1732, #1755, #1763, #1767)
- Update Rust dependencies (#1707, #1750, #1751)
- Add wave definition for slow deployment (#1734)
- Add 'infrasys' for creating TUF infra in AWS (#1723)
- Make OVF file first in the OVA bundle (#1719)
- Raise pubsys messages to 'warn' if AMI exists or repo doesn't (#1708)
- Add constants crate (#1709)
- Add release URLs to package definitions (#1748)
- Add *.src.rpm to packages/.gitignore (#1768)
- Archive old migrations (#1699)
Documentation Changes
- Mention static pods in the security guidance around API access (#1766)
- Fix link to issue labels (#1764, thanks @andrewhsu!)
- Fix broken link for TLS bootstrapping (#1758)
- Update hash for v3 root.json (#1757)
- Update example version to v1.2.0 in QUICKSTART-VMWARE (#1741, thanks @yuvalk!)
- Clarify default kernel lockdown settings per variant (#1704)