v1.9.1

OS Changes

• Change kernel module compression from zstd to xz (#2323)
• Update ECR registry map for new AWS regions (#2336)
• Add new regions to pause registry map (#2349)
• Update tough to v0.8.1 (#2338)

v1.9.0

OS Changes

• SELinux policy now suppresses audit for tmpfs relabels (#2222)
• Restrict permissions for /boot and System.map (#2223)
• Remove unused crates growpart and servicedog (#2238)
• New mount in host containers for system logs (#2295)
• Apply strict mount options and enforce execution rules (#2239)
• Switch to a more commonly used syntax for disabling kernel config settings (#2290)
• Respect proxy settings when running setting generators (#2227)
• Add NET_CAP_ADMIN to bootstrap containers (#2266)
• Reduce log output for DHCP services (#2260)
• Fix invalid kernel config options (#2269)
• Improve support for container storage mounts (#2240)
• Disable uncommon filesystems and network protocols (#2255)
• Add support for blocking kernel modules (#2274)
• Fix ntp service restart when settings change (#2270)
• Add kernel 5.15 sources (#2226)
• Defer squashfs mounts to later in the boot process (#2276)
• Improve boot speed and rootfs size (#2296)
• Add "quiet" kernel parameter for some variants (#2277)

Orchestrator Changes

Kubernetes

• Make new instance types available (#2221 , thanks @cablespaghetti)
• Update Kubernetes versions (#2230, #2232, #2262, #2263, thanks @kschumy)
• Add kubelet image GC threshold settings (#2219)

ECS

• Add iptables rules for ECS introspection server (#2267)

Platform Changes

AWS

• Add support for AWS China regions (#2224, #2242, #2247, #2285)
• Migrate to using aws-sdk-rust for first-party OS Rust packages (#2300)

VMWare

• Remove console=ttyS0 from kernel params (#2248)

Metal

• Enable Mellanox modules in 5.10 kernel (#2241)
• Add bnxt module for Broadcom 10/25Gb network adapters in 5.10 kernel (#2243)
• Split out baremetal specific config options (#2264)
• Add driver support for Cisco UCS platforms (#2271)
• Only build baremetal variant specific drivers for baremetal variants (#2279)
• Enable the metal-dev build for the ARM architecture (#2272)

Build Changes

• Add Makefile targets to create and validate Boot Configuration (#2189)
• Create symlinks to images with friendly names (#2215)
• Add start-local-vm script (#2194)
• Add the testsys CLI and new cargo make tasks for testing aws-k8s variants (#2165)
• Update Rust and Go dependencies (#2303, #2299)
• Update third-party packages (#2309)

Documentation Changes

• Add NVIDIA ECS variant to README (#2244)
• Add documentation for metal variants (#2205)
• Add missing step in building packages guide (#2259)
• Add quickstart for running Bottlerocket in QEMU/KVM VMs (#2280)
• Address lints in README markdown caught by markdownlint (#2283)

v1.8.0

OS Changes

General

• Update admin and control containers (#2191)
• Update to containerd 1.6.x (#2158)
• Restart container runtimes when certificates store changes (#2076)
• Add support for providing kernel parameters via Boot Configuration (#1980)
• Restart long-running systemd services on exit (#2162)
• Ignore zero blocks on dm-verity root (#2169)
• Add support for static DNS mappings in /etc/hosts (#2129)
• Enable network configuration generation via netdog (#2066)
• Add support for non-eth0 default interfaces (#2144)
• Update to IMDS schema 2021-07-15 (#2190)

Kubernetes

• Add support for Kubernetes 1.23 variants (#2188)
• Improve Kubernetes pod start times by unsetting configMapAndSecretChangeDetectionStrategy in kubelet config (#2166)
• Add new setting for configuring kubelet's provider-id configuration (#2192)
• Add new setting for configuring kubelet's podPidsLimit configuration (#2138)
• Allow a list of IP addresses in settings.kubernetes.cluster-dns-ip (#2176)
• Set the default for settings.kubernetes.cloud-provider on metal variants to an empty string (#2188)
• Add c7g instance data for max pods calculation in AWS variants (#2107, thanks, @lizthegrey!)

ECS

• Add aws-ecs-1-nvidia variant with Nvidia driver support (#2128, #2100, #2098, #2167, #2097, #2090, #2099)
• Add support for ECS ImagePullBehavior and WarmPoolsSupport (#2063, thanks, @mello7tre!)

Hardware

• Build smartpqi driver for Microchip Smart Storage devices into 5.10 kernel (#2184)
• Add support for Broadcom ethernet cards in 5.10 kernel (#2143)
• Add support for MegaRAID SAS in 5.10 kernel (#2133)

Build Changes

• Remove aws-k8s-1.18 variant (#2044, #2092)
• Update third-party packages (#2178, #2187, #2145)
• Update Rust and Go dependencies (#2183, #2181, #2180, #2085, #2110, #2068, #2075, #2074, #2048, #2059, #2049, #2036, #2033)
• Update Bottlerocket SDK to 0.26.0 (#2157)
• Speed up kernel builds by installing headers and modules in parallel (#2185)
• Removed unused patch from Docker CLI (#2030, thanks, @thaJeztah!)

Documentation Changes

• Standardize README generation in buildsys (#2134)
• Clarify migration README (#2141)
• Fix typos in BUILDING.md and QUICKSTART-VMWARE.md (#2159, thanks, @ryanrussell!)
• Add additional documentation for using GPUs with Kubernetes variants (#2078)
• Document examples for using enter-admin-container (#2028)

v1.7.2

Security Fixes

• Update kernel-5.4 to patch CVE-2022-1015, CVE-2022-1016, CVE-2022-25636, CVE-2022-26490, CVE-2022-27666, CVE-2022-28356 (a3b4674f7108)
• Update kernel-5.10 to patch CVE-2022-1015, CVE-2022-1016, CVE-2022-25636, CVE-2022-1048, CVE-2022-26490, CVE-2022-27666, CVE-2022-28356 (37095415bab6)

OS Changes

• Update eni-max-pods with new instance types (#2079)
• Add support for AWS region ap-southeast-3: Jakarta (#2080)

v.1.7.1

Security Fixes

• Apply patch to hotdog for CVE-2022-0071 (1a3f35b2fe8e)

OS Changes

• Enable checkpoint restore (CONFIG_CHECKPOINT_RESTORE) for aarch64 (6e3d6ed4b83e)

v1.7.0

With this release, an inventory of software installed in Bottlerocket will now be reported to SSM if the control container is in use and inventorying has been enabled.

OS Changes

• Generate host software inventory and make it available to host containers (#1996)
• Update admin and control containers (#2014)

Build Changes

• Update third-party packages (#1977, #1983, #1987, #1992, #2022)
• Update Rust and Go dependencies (#2016, #2019)
• Makefile: lock tuftool version (#2009)
• Fix tmpfilesd configuration for kmod-5.10-nvidia (#2020)

Documentation Changes

• Fix tuftool download instruction in VMWare Quickstart (#1994)
• Explain data partition extension (#2013)

v1.6.2

With this release, the vmware-k8s variants have graduated from preview status and are now generally available. 🎉

Security Fixes

• Update kernel-5.4 and kernel-5.10 to include recent security fixes (a8e4a20ca7d1, 3d0c10abeecb)

OS Changes

• Add support for Kubernetes 1.22 variants (#1962)
• Add settings support for registry credentials (#1955)
• Add support for AWS CloudFormation signaling (#1728, thanks, @mello7tre!)
• Add TCMU support to the kernel (#1953, thanks, @cvlc!)
• Fix issue with closing frame construction in apiserver (#1948)

Build Changes

• Fix dead code warning during build in netdog (#1949)

Documentation Changes

• Correct variable name in bootstrap-containers/README.md (#1959, thanks, @dangen-effy!)
• Add art to the console (#1970)

v1.6.1

Security Fixes

• Apply patch to containerd for CVE-2022-23648 (0de1b39efa64)
• Update kernel-5.4 and kernel-5.10 to include recent security fixes (#1973)

v1.6.0

Deprecation Notice

The Kubernetes 1.18 variant, aws-k8s-1.18, will lose support in March 2022. Kubernetes 1.18 is no longer receiving support upstream. We recommend replacing aws-k8s-1.18 nodes with a later variant, preferably aws-k8s-1.21 if your cluster supports it. See this issue for more details.

Security Fixes

• Apply patch to the kernel for CVE-2022-0492 (#1943)

OS Changes

• Add aws-k8s-1.21-nvidia variant with Nvidia driver support (#1859, #1860, #1861, #1862, #1900, #1912, #1915, #1916, #1928)
• Add metal-k8s-1.21 variant with support for running on bare metal (#1904)
• Update host containers to the latest version (#1939)
• Add driverdog, a configuration-driven utility for linking kernel modules at runtime (#1867)
• Kubernetes: Fix a potential inconsistency with IPv6 node-ip comparisons (#1932)
• Allow setting multiple Kubernetes node taints with the same key (#1906)
• Fix a bug which would prevent Bottlerocket from booting when setting container-registry to an empty table (#1910)
• Add /etc/bottlerocket-release to host containers (#1883)
• Send grub output to the local console on BIOS systems (#1894)
• Fix minor issues with systemd units (#1889)

Build Changes

• Update third-party packages (#1936)
• Update Rust dependencies (#1940)
• Update Go dependencies of host-ctr (#1938)
• Add the ability to fetch licenses at build time (#1901)
• Pin tuftool to a specific version (#1940)

Documentation Changes

• Add a no-proxy setting example to the README (#1765 thanks, @mrajashree!)
• Document variant image-layout options in the README (#1896)

v1.5.3

Security Fixes

• Update Bottlerocket SDK to 0.25.1 for Rust 1.58.1 (#1918)
• Update kernel-5.4 and kernel-5.10 to include recent security fixes (#1921)
• Migrate host-container to the latest version for vmware variants (#1898)

OS Changes

• Fix an issue which could impair nodes in Kubernetes 1.21 IPv6 clusters (#1925)