v1.14.2

OS Changes

• Improve the reliability of acquiring a DHCPv6 lease (#3211, #3212)
• Update kernel-5.10 to 5.10.184 and kernel-5.15 to 5.15.117 (#3238)
• Update eni-max-pods with new instance types (#3193)
• Make pluto outbound API requests more resilient to intermittent network errors (#3214)
• Update runc to 1.1.6 (#3249)

Orchestrator Changes

ECS

• Add image cleanup settings to control task image cleanup frequency (#3231)

Kubernetes

• Update to Kubernetes v1.24.15 (#3234)
• Update to Kubernetes v1.25.11 (#3235)
• Update to Kubernetes v1.26.6 (#3236)
• Update to Kubernetes v1.27.3 (#3237)

Build Changes

• Updated Bottlerocket SDK version to v0.33.0 (#3213)

v1.14.1

OS Changes

• Apply patches to 5.10 and 5.15 kernels to address CVE-2023-32233 (#3128)
• Add fallback container image source parsing for regions not yet supported by the aws-go-sdk in host-ctr (#3138)
• Increase default max_dgram_qlen sysctl value to 512 for both 5.10 and 5.15 kernels (#3139)

Orchestrator Changes

Kubernetes

• Kubernetes package updates
  • Update Kubernetes v1.22.17 to include latest EKS-D patches (#3108)
  • Update Kubernetes v1.23.17 to include latest EKS-D patches (#3119)
  • Update to Kubernetes v1.24.14 (#3119)
  • Update to Kubernetes v1.25.9 (#3119)
  • Update to Kubernetes v1.26.4 (#3119)
  • Update Kubernetes v1.27.1 to include latest EKS-D patches (#3119)
• Change nvidia-k8s-device-plugin service dependency on kubelet (#3141)

Build Changes

• Fix pubsys bug preventing multiple SSM parameter promotions in promote-ssm Makefile target (#3137)

v1.14.0

OS Changes

• Update kernel-5.10 to 5.10.178 and kernel-5.15 to 5.15.108 (#3077)
• Update admin and control containers (#3090)
• Update third party packages and dependencies (#2991, #3082)
• Enable SCSI_VIRTIO driver for better hypervisor support (#3047)
• Disable panic on hung task for kernel 5.15 (#3091)
• Create symlink to inventory path using Storewolf (#3035)

Orchestrator Changes

ECS

• Add support for ECS Exec (#3075)

Kubernetes

• Add Kubernetes 1.27 variants (#3046)
  • Switch to using Kubernetes default values for kube-api-burst and kube-api-qps (#3094)
• Add more Kubernetes settings (#2930, #2986)
  • Soft eviction policy
  • Graceful shutdown
  • CPU quota enforcement
  • Memory manager policy
  • CPU manager policy
• Fix Kubernetes 1.26 credential provider apiVersion (#3070)
• Add ability to pass environment variables to image credential providers (#2934)

Build Changes

• Upgrade to Bottlerocket SDK v0.32.0 (#3071)
• Add AMI validation to PubSys (#3020)
• Add SSM parameter validation to PubSys (#2969)
• Add validate-ami and validate-ssm Makefile targets (#3043)
• Add check-migrations Makefile target to check for common migration problems (#3051)

Testing Changes

• Update testsys to v0.0.7 (#3065)
• Add support for node provisioning with Karpenter (#3067)
• Enable using custom Sonobuoy images (#3068)

v1.13.5

OS Changes

• Revert runc update to move back to 1.1.5 (#3054)

v1.13.4

OS Changes

• Ensure the first hostname is used when a VPC DHCP option set has multiple domains (#3032)
• Update runc to version 1.1.6 (#3037)

Orchestrator Changes

Kubernetes

• Generate and pass --hostname-override flag to kubelet in aws-k8s-1.26 variants (#3033)

v1.13.3

OS Changes

• Update kernel-5.10 to 5.10.173 and kernel-5.15 to 5.15.102 (#2948, #3002)
• Fix check for rule existence in ip6tables v1.8.9 (#3001)
• Backport systemd fixes for skipped udevd events (#2999)
• Check platform-specific mechanisms for hostname first (#3021)
• Generate 'provider-id' setting for aws-k8s variants (#3026)

v1.13.2

OS Changes

• Update runc to version 1.1.5 (#2946)

Orchestrator Changes

Kubernetes

• Update to Kubernetes v1.26.2 (#2929)
• Update aws-iam-authenticator package to v0.6.8 (#2965)

v1.13.1

OS Changes

• Improve logic around repartitioning and disk expansion by using symlinks to differentiate "fallback" and "preferred" data partitions (#2935)
• Add keyutils package to enable mounting CIFS shares (#2907)

Orchestrator Changes

Kubernetes

• Fix AWS profile rendering in credential provider (#2904)
• Change CredentialProviderConfig api version to v1beta1 for Kubernetes 1.25 variants (#2906)

v1.13.0

OS Changes

• Add ethtool to Bottlerocket (#2829)
• Improve logging in migrator to track ongoing migrations (#2751)
• Improve random-access read performance of root volume on some devices (#2863)
• Add CAP_SYS_MODULE and CAP_CHROOT to bootstrap containers (#2772)
• Add support for cgroup v2 (#2875, #2802)
• Disable IA and SafeSetID LSM for kernel-5.15 (#2789)
• Update kernel-5.10 to 5.10.165 and kernel-5.15 to 5.15.90 (#2795)
• Allow = in bootconfig values (#2806)
• Include systemd-analyze plot for logdog (#2880)
• Update host containers (#2864)
• Update third party packages (#2825, #2842)

Orchestrator Changes

Kubernetes

• Remove Kubernetes 1.21 variants (#2700)
• Add Kubernetes 1.26 variants (#2771, (#2876)
• Change kubelet service to have restart policy always (#2774)
• Update to Kubernetes v1.25.6 (#2782)
• Update to Kubernetes v1.24.10 (#2790)
• Update to Kubernetes v1.23.16 (#2791)
• Update Kubernetes 1.22.17 to include latest EKS-D patches (#2792)

ECS

• Enable FireLens capability in aws-ecs-1 variant (#2819)

Platform Changes

AWS

• Set NVMe IO request timeouts for EBS according to AWS recommendations (#2820)
• Support an alternate data partition on EC2 instances launched with a single volume (#2807, #2879, #2873)
• Update eni-max-pod mappings to include the latest AWS instance types (#2818)

VMware

• Remove k8s.gcr.io in favor of public.ecr.aws (#2861, (#2786)
• Disable UDP offload for primary interface (#2850)

Build Changes

• Ensure empty build/rpms directory is included in build context (#2784)
• Add image feature flag for cgroup v2 (#2845)
• Enable systemd-networkd development via build flag (#2741, #2832, #2750)
• Fix clippy linter warnings in source files and add clippy CI coverage (#2745)
• Use clippy provided in SDK image (#2793) (#2868)
• Remove unnecessary time 0.1.x dependency (#2748, #2851)
• Remove unnecessary patch from containerd (#2755)
• Update Bottlerocket SDK to v0.30.2 (#2866, #2857, #2836)
• Remove outdated rust_2018_idioms enforcement (#2837)
• Update Rust edition to 2021 (#2835)
• Upgraded Rust code dependencies (#2816, #2869, #2851, #2736, #2895)
• Upgraded Go code dependencies (#2828, #2826, #2813)
• Rename ncurses to libncurses (#2769)
• Update schnauzer's registry map (#2867)

Testing Changes

• Add support for Kubernetes workloads in testsys (#2830)
• Add support for a tests directory (#2737, #2775)
• Provide advanced config controls to testsys (#2799)
• Fix incorrect migration starting image for VMware testing in testsys (#2804)
• Use testsys v0.0.6 (#2865)

Documentation Changes

• Add boot sequence documentation (#2735)
• Update Bottlerocket version in provisioning step in PROVISIONING-METAL.md (#2785)
• Add user-data example for setting container registry credentials in README.md (#2803)
• Fix missing trailing backslashes on ami commands in TESTING.md (#2838)

v1.12.0

OS Changes

• Disable strict aliasing for c-utf-8 library strict aliasing in dbus-broker (#2730)
• Add /sys/firmware to privileged mounts in host-ctr (#2714)
• Use user-provided registry credentials for public.ecr.aws in host-ctr (#2676)
• Build masked paths list dynamically in host-ctr (#2637)
• Enable EFI option in systemd (#2714)
• Allow simple enums as map keys in datastore (#2687)
• Improve reliability of settings.network.hostname generator (#2647)
• Add support for bonding and VLANS in net.toml (#2596)
• Keep only one intermediate datastore during migration (#2589)
• Widen access to filesystem relabel in SELinux policy (#2738)
• Update hotdog to 1.05 (#2728)
• Update systemd to 250.9 (#2718)
• Update third party packages and dependencies (#2588, #2717)
• Update host containers (#2739)
• Update eksd (#2690, #2693, #2694, thanks @rcrozean)

Orchestrator Changes

Kubernetes

• Add support for Kubernetes 1.25 variants (#2699)
• Allow access to public kubelet certificates (#2639)
• During kubelet prestart, skip pause image pull if image exists (#2587)
• Delay kubelet.service until after warm-pool-wait service runs (#2562)
• Add OCI default spec and settings to containerd (#2697)

Platform Changes

VMware

• Downgrade iopl warning when fetching guestinfo in early-boot-config (#2732)

Build Changes

• Treat alias warning as errors (#2730)
• Suppress "missing changelog" warning in build (#2730)
• Update Bottlerocket SDK version to 0.29.0 (#2730)
• Improve error messages for publish-ami command (#2695)
• Disallow private AMIs in public SSM parameters (#2680)
• Rework start-local-vm image selection to use latest symlink (#2696)
• Improve integration testing through cargo make test (#2560, #2592, #2618, #2646, #2653, #2683, #2674, #2723, #2724, #2725)