Skip to content

v1.3.0
Compare
Choose a tag to compare
@tjkirch tjkirch released this 06 Oct 17:38
· 3607 commits to develop since this release
v1.3.0
395b459
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Deprecation Notice

The Kubernetes 1.17 variant, aws-k8s-1.17, will lose support in November, 2021. Kubernetes 1.17 is no longer receiving support upstream. We recommend replacing aws-k8s-1.17 nodes with a later variant, preferably aws-k8s-1.21 if your cluster supports it. See this issue for more details.

Security Fixes

OS Changes

  • Add MCS constraints to the SELinux policy (#1733)
  • Support IPv6 in kubelet and pluto (#1710)
  • Add region flag to aws-iam-authenticator command (#1762)
  • Restart modified host containers (#1722)
  • Add more detail to /etc/os-release (#1749)
  • Add an entry to /etc/hosts for the current hostname (#1713, #1746)
  • Update default control container to v0.5.2 (#1730)
  • Fix various SELinux policy issues (#1729)
  • Update eni-max-pods with new instance types (#1724, thanks @samjo-nyang!)
  • Add cilium device filters to open-vm-tools (#1718)
  • Implement hybrid boot support for x86_64 (#1701)
  • Include /var/log/kdump in logdog tarballs (#1695)
  • Use runtime.slice and system.slice cgroup settings in k8s variants (#1684, thanks @cyrus-mc!)

Build Changes

  • Update third-party packages (#1701, #1716, #1732, #1755, #1763, #1767)
  • Update Rust dependencies (#1707, #1750, #1751)
  • Add wave definition for slow deployment (#1734)
  • Add 'infrasys' for creating TUF infra in AWS (#1723)
  • Make OVF file first in the OVA bundle (#1719)
  • Raise pubsys messages to 'warn' if AMI exists or repo doesn't (#1708)
  • Add constants crate (#1709)
  • Add release URLs to package definitions (#1748)
  • Add *.src.rpm to packages/.gitignore (#1768)
  • Archive old migrations (#1699)

Documentation Changes

  • Mention static pods in the security guidance around API access (#1766)
  • Fix link to issue labels (#1764, thanks @andrewhsu!)
  • Fix broken link for TLS bootstrapping (#1758)
  • Update hash for v3 root.json (#1757)
  • Update example version to v1.2.0 in QUICKSTART-VMWARE (#1741, thanks @yuvalk!)
  • Clarify default kernel lockdown settings per variant (#1704)

Contributors

andrewhsu, yuvalk, and 2 other contributors
Assets 2
Loading