- Add metricdog to support sending anonymous metrics (#1006, #1322)
- Add a vmware-dev variant (#1292, #1288, #1290)
- Add Kubernetes static pods support (#1317)
- Add high-level 'set' subcommand for changing settings using apiclient (#1278)
- Allow admin container to use SSH public keys from user data (#1331, #1358, #19)
- Add support for kubelet in standalone mode and TLS auth (#1338)
- Add https-proxy and no-proxy settings to updog (#1324)
- Add support for pulling host-containers from ECR Public (#1296)
- Add network proxy support to aws-k8s-1.19 (#1337)
- Modify default SELinux label for containers to align with upstream (#1318)
- Add aliases for container-selinux types to align with community (#1316)
- Update default versions of admin and control containers (#1347, #1344)
- Update ecs-agent to 1.50.2 (#1353)
- logdog: Add eni logs for Kubernetes (#1327)
- Add the ability to output vmdk via qemu-img (#1289)
- Add support for kmod kits to ease building of third-party kernel modules (#1287, #1286, #1285, #1357)
- storewolf: Declare dependencies on model and defaults files (#1319)
- storewolf: Refactor default settings files to allow sharing (#1303, #1329)
- Switch from TermLogger to SimpleLogger (#1282, thanks @hencrice!)
- Allow overriding the "pretty" name of the OS inside the image (#1330)
- Specify bash in link-variant task for use of bash features (#1323)
- Fix invalid symlinks when the BUILDSYS_NAME variable is set (#1312)
- Track and clean output files for builds (#1291)
- Update third-party software packages (#1340, #1336, #1334, #1333, #1335, #1190, #1265, #1315, #1352, #1356)
- Add lockdown notes to SECURITY_GUIDANCE.md (#1281)
- Clarify use case for update repos (#1339)
- Fix broken link from API docs to top-level docs (#1306)
Note for aws-ecs-1 variant: due to a change in the ECS agent's data store schema, the aws-ecs-1 variant cannot be downgraded after updating to v1.0.5. Attempts to downgrade may result in inconsistencies between ECS and the Bottlerocket container instance.
- Add aws-k8s-1.19 variant with Kubernetes 1.19 (#1256)
- Update ecs-agent to 1.48.1 (#1201)
- Add high-level update subcommands to apiclient (#1219, #1232)
- Add kernel lockdown settings (#1223, #1279)
- Add restart-commands for docker, kubelet, containerd (#1231, #1262, #1258)
- Add proper restarts for host-containers (#1230, #1235, #1242, #1258)
- Fix SELinux policy (#1236)
- Set version and revision strings for containerd (#1248)
- Add host-container user-data setting (#1244, #1247)
- Add network proxy settings (#1204, #1262, #1258)
- Update kernel to 5.4.80-40.140 (#1257)
- Update third-party software packages (#1264)
- Update Rust dependencies (#1267)
- Improve support for out-of-tree kernel modules (#1220)
- Fix message in partition size check condition (#1233, thanks @pranavek!)
- Split the datastore module into its own crate (#1249)
- Update SDK to v0.15.0 (#1263)
- Update Github Actions to ignore changes that only include .md files (#1274)
- Add documentation comments to Dockerfile (#1254)
- Add a note about CPU usage during builds (#1266)
- Update README to point to discussions (#1273)
- Patch containerd for CVE-2020-15257 (f3677c1406)
- Support setting Linux kernel parameters (sysctl) via settings (see README) (#1158, #1171)
- Create links under
/dev/disk/ephemeralfor ephemeral storage devices (#1173) - Set default RLIMIT_NOFILE in CRI to 65536 soft limit and a 1048576 hard limit (#1180)
- Add rtcsync directive to chrony config file (#1184, thanks @errm!)
- Add
/etc/ssl/certssymlink to the CA certificate bundle for compatibility with the cluster autoscaler (#1207) - Add procps dependency to docker-engine so that
docker topworks (#1210)
- Align optimization level for crate and dependency builds (#1155)
- pubsys no longer requires an Infra.toml file for basic usage (#1166)
- Makefile: Check that $BUILDSYS_ARCH has a supported value (#1167)
- Build migrations in parallel (#1192)
- Allow file URLs for role in pubsys-setup (#1194)
- Update Rust dependencies (#1196)
- Update SDK to v0.14.0 (#1198)
- Fix an occasional issue with KMS signing in pubsys (#1205)
- Backport selected fixes from containerd 1.4 (#1216)
- Update third-party package dependencies (#1176, #1195)
- Switch to SDK v0.14.0 (#1198)
- pubsys: automate setup of role and key (#1133, #1146)
- Store repos under repo name so you can build multiple (#1135)
Note: these changes do not impact users of Bottlerocket AMIs or repos, only those who build Bottlerocket themselves.
If you use an Infra.toml file to automate publishing, you'll need to update the format of the file.
The root role and signing key definitions now live inside a repo definition, rather than at the top level of the file.
Please see the updated Infra.toml.example file for a commented explanation of the new role and key configuration.
- Add aws-k8s-1.18 variant with Kubernetes 1.18 (#1150)
- Update kernel to 5.4.50-25.83 (#1148)
- Update glibc to 2.32 (#1092)
- Add e2fsprogs (#1147)
- pluto: add regional map of pause container source accounts (#1142)
- Add option to enable spot instance draining (#1100, thanks @mkulke!)
- Add 2.root.json + pubsys KMS support (#1122)
- docker: add default nofiles ulimits for containers (#1119)
- Fix AVC denial for
docker run --init(#1085)
- Pass Go module proxy variables through docker-go (#1121)
- Set buildmode to pie and drop pie and debuginfo patches for Kubernetes (#1103, thanks @bnrjee!)
- pubsys: use requested size for volume, keeping snapshot to minimum size (#1118)
- Switch to SDK v0.13.0 (#1092)
- Add
cargo make grant-amiandrevoke-amitasks (#1087) - Allow specifying AMI name with PUBLISH_AMI_NAME (#1091)
- Makefile.toml: clean up clean actions (#1089)
- pubsys: check for copied AMIs in parallel (#1086)
- Add PUBLISHING.md guide explaining pubsys and related tools (#1138)
- README: relocate update API instructions and example (#1124, #1127)
- Fix grammar issues in README.md (#1098, thanks @jweissig!)
- Add documentation for the aws-ecs-1 variant (#1053)
- Update suggested Kubernetes version in sample eksctl config files (#1090)
- Update BUILDING.md to incorporate dependencies (#1107, thanks @troyaws!)
- Patch kernel for CVE-2020-14386 (#1108)
Welcome to Bottlerocket 1.0! Since the first public preview, we've added new variants for Amazon ECS and Kubernetes 1.16 and 1.17, support for ARM instances and more EC2 regions, along with many new features and security improvements. We appreciate all the feedback and contributions so far and look forward to working with the community on even wider support.
🥳 😸
- The
aws-ecs-1variant is now available as a preview.- ecs-agent: upgrade to v1.43.0 (#1043)
- aws-ecs-1: add ecs.loglevel setting (#1062)
- aws-ecs-1: remove unsupported capabilities (#1052)
- aws-ecs-1: constrain ephemeral port range (#1051)
- aws-ecs-1: enable awslogs execution role support (#1044)
- ecs-agent: don't start if not configured (#1049)
- ecs-agent: bind introspection to localhost (#1071)
- Update logdog to pull ECS-related log files (#1054)
- Add documentation for the aws-ecs-1 variant (#1053)
- apiclient: accept -s for --socket-path, as per usage message (#1069)
- Fix growpart to avoid race in partition table reload (#1058)
- Added patch for EC2 IMDSv2 support in Docker (#1055)
- schnauzer: add a helper for ecr repos (#1032)
- Add
cargo make ami-publicandami-privatetargets (#1033, #1065, #1064) - Add
cargo make ssmandpromote-ssmtargets for publishing parameters (#1060, #1070, #1067, #1066) - Use per-checkout cache directories for builds (#1050)
- Fix rust build caching and tune rpm compression (#1045)
- Add official builds in 16 more EC2 regions. (aws/containers-roadmap#827)
- Revise security guidance (#1072)
- README: add supported architectures (#1048)
- Update supported region list after 0.5.0 release (#1046)
- Removed aws-cli v1 requirement in docs (#1073)
- Update BUILDING.md for new coldsnap-based amiize.sh (#1047)
Special thanks to first-time contributor @spoonofpower (#988)!
- Remove support for unsigned datastore migrations (#976)
- Add
aws-ecs-1variant prototype for running containers in ECS clusters (#946, #1005, #1007, #1008, #1009, #1017) - Configurable
clusterDomainkubelet setting viasettings.kubernetes.cluster-domain(#988, #1036) - Make update position within waves consistent (#993)
- Fix kubelet configuration for
MaxPods(#994) - Update
eni-max-podswith new instance types (#994) - Fix
max_versionsunit test inupdata(#998) - Remove injection of
label:disableoption for privileged containers in Docker (#1013) - Add
policycoreutilsand related tools (#1016) - Update third-party software packages (#1018, #1023, #1025, #1026)
- Update Rust dependencies (#1019, #1021)
- Update
host-ctr's dependencies (#1020) - Update the host-containers' default versions (#1030, #1040)
- Allow access to all device nodes for superpowered host-containers (#1037)
- Add
pubsys(cargo make repo,cargo make ami) for repo and AMI creation (#964, #1010, #1028, #1034) - Require
updata initbefore creating a new repo manifest (#991) - Exclude README.md files from cargo change tracking (#995, #996)
- Build
aws-k8s-1.17variant by default withcargo make(#1002) - Update comments to be more accurate in Infra.toml (#1004)
- Update
amiizeto usecoldsnap(#1012) - Update Bottlerocket SDK to v0.12.0 (#1014)
- Fix warnings for use of deprecated items in
common_migrations(#1022)
- Removed instructions to manually apply the manifest for aws-vpc-cni-k8s (#1029)
- Add a new
aws-k8s-1.17variant for Kubernetes 1.17 (#973) - Confine
chrony,wicked, anddbus-brokervia SELinux, and persist their state to disk (#970) - Persist
systemdjournal to disk (#970) - Add an API for OS updates (#942, #959, #986)
- Add migration helpers to add / remove multiple settings at once (#958)
- Fix SELinux policy to allow CSI driver mounts and transition used by Kaniko (#983)
- Update to new repo URL via migration to ensure signed migration support (#980)
- Fix environment variable override for build output directory (#963)
- Update
.dockerignoreto account for the new build output directory structure (#967) - Remove the
preview-docstask fromMakefile(#969)
- Document new update APIs and add associated diagrams (#962)
- Add
ap-south-1to supported regions (#965) - Fix
storewolf's documentation and usage message as it expects a semver value (#957)
- Remove all permissive types from the SELinux policy (#945). Actions that were not allowed by the SELinux policy now fail instead of only being logged.
- Use update repository metadata and signatures to run settings migrations (#930)
- Mount debugfs in superpowered host containers, such as the admin container, to support tools like
bccandbpftrace(#934) - Protect container snapshot layers in SELinux policy (#935)
- Add
POST /actions/rebootAPI path (#936) - Update
toughto v0.6.0 (#944) - Fix behavior of
signpost cancel-upgrade(#950) - Update to kernel 5.4.46 (#953)
- Canonicalize architecture names in amiize.sh (#932)
- Split build output directories by variant and architecture (#948)
- Move intermediate RPM output from
build/packagestobuild/rpms(#948) - Fix
chmodusage for building on macOS (#951)
- Document platform-specific settings in README.md (#941)
- Add a new Kubernetes 1.16 variant (#919)
- Use SELinux to restrict datastore modifications (#917)
- Add variant override to updog arguments (#923)
- Update systemd to v245 (#916)
- Update build SDK to v0.11.0 (#926)
- Allow specifying a start time for waves in updata (#927)
- Update
toughdependencies to v0.5.0 (#928)
- Security: update kernel to 5.4.38 (#924)
Special thanks to our first contributors, @inductor (#853), @smoser (#871), and @gliptak (#870)!
- Update kernel to 5.4.20 (#898)
- Expand SELinux policy to include all classes and actions in 5.4 kernel (#888)
- Include error messages in apiserver error responses (#897)
- Add "logdog" to help users collect debug logs (#880)
- Include objtool in kernel-devel for compiling external modules (#874)
- Ignore termination signals in updog right before initiating reboot (#869)
- Pass
--containerdflag to kubelet to specify containerd socket path, fixing some cAdvisor metrics (#868) - Fix delay on reboot or power off (#859)
- Add
systemd.log_color=0to remove ANSI color escapes from console log (#836) - Reduce containerd logging when no errors have occurred (#886)
- Update admin container to v0.5.0 (#903)
- Set up GitHub Actions to test OS builds for PRs (#837)
- Update SDK to v0.10.1 (#866)
- Move built RPMs to
build/packages(#863) - Bump cargo-make to 0.30.0 (#870)
- Pass proxy environment variables through to docker containers (#871)
- Add parse-datetime crate (#875)
- Update third-party software packages (#895)
- Update Rust dependencies (#896)
- Remove unused Rust dependencies (#894)
- Add upstream fix for arm64 in coreutils (#879)
- Add ability to add waves using TOML files (#883)
- Add default wave files (#881)
- Fix migrations builds (#906)
- QUICKSTART: Clarify which setup is optional (#902)
- QUICKSTART: add easier setup instructions using new eksctl release (#849)
- QUICKSTART: add note about allowing SSH access (#839)
- QUICKSTART: add section on finding AMIs through SSM parameters (#838)
- QUICKSTART: Add supported region list (73d120c9)
- QUICKSTART: Add info about persistent volume CSI plugin (#899)
- QUICKSTART and README: Add appropriate ECR policy guidance (#856)
- README: Fix feedback link to point at existing section (#833)
- README: Add sentence about preview phase with feedback link (#832)
- README: Fixes and updates (#831)
- Update name of early-boot-config in API system diagram (#840)
- Fix updater README's reference to data store version (#844)
- Fix example wave files (#908)
- Log migration errors to console (#795)
- Enable BTF debug info (
CONFIG_DEBUG_INFO_BTF) (#799) - Move migrations from private partition to data partition (#818)
- Add top-level model struct (#824)
- Update ca-certificates, cni-plugins, coreutils, dbus-broker, iproute, kmod, libcap, libxcrypt, ncurses, socat, and wicked (#826)
- Update Rust dependencies (#798, #806, #809, #810)
- Add additional cleanup steps to amiize.sh (#804)
- Work around warnings for unused licenses (#827)
- Add GLOSSARY.md, SECURITY_FEATURES.md, and SECURITY_GUIDANCE.md (#800, #807, #821)
- Add additional information to top section of README.md (#802)
- Add license information to OpenAPI specification (#803)
- Add description of source mirroring (#817)
- Update CHARTER.md wording (#823)
Welcome to Bottlerocket! Bottlerocket is the new name for the OS.
In preparation for public preview, v0.3.0 includes a number of breaking changes that mean upgrades from previous versions are not possible. This is not done lightly, but had to be done to accommodate all we've learned during private preview.
- Rename to Bottlerocket (#722, #740).
- Change partition labels to
BOTTLEROCKET-*(#726). - Switch to new updates repository URIs under
updates.bottlerocket.aws(#778). - Update Kubernetes to 1.15 (#749).
- Rename aws-k8s variant to aws-k8s-1.15 to enable versioning (#785).
- Update Linux kernel to 5.4.16-8.72.amzn2 (#731).
- Rename
settings.target-base-urltosettings.targets-base-url(#788).
- Mount kernel modules and development headers into containers from a squashfs file on the host (#701).
- Include third-party licenses at
/usr/share/licenses(#723). - Add initial implementation of SELinux (#683, #724).
- Support transactions in the API (#715, #727).
- Add support for platform-specific settings like AWS region (#636).
- Support templated settings with new tool 'schnauzer' (#637).
- Generate container image URIs with parameterized regions using schnauzer (#638).
- Respect update release waves when using
updog check-updates(#615). - Fix an issue with failed updates through certain https connections (#730).
- Add support for EC2 IMDSv2 (#705, #706, #709).
- Remove update-checking boot service (#772).
- Remove old migrations and mitigations that no longer apply (#774).
- Add /os API to expose variant, arch, version, etc. (#777).
- Update host container packages (#707).
- Allow removing settings in migrations (#644).
- Create abstractions for creating common migrations (#712, #717).
- Remove the datastore version, instead use Bottlerocket version (#760).
- Improve datastore migration naming convention and build migrations during cargo make (#704, #716).
- Update dependencies of third-party packages in base OS (#691, #696, #698, #699, #700, #708, #728, #786).
- Update dependencies of Rust packages (#738, #730).
- Rename
moondogtoearly-boot-config(#757). - Update admin and control containers to v0.4.0 (#789).
- Update container runtime socket path to more common
/run/dockershim.sock(#796)
- Add copyright statement and Bottlerocket license (#746).
- General documentation improvements (#681, #693, #736, #761, #762).
- Added READMEs for packages and variants (#773).
- Split INSTALL guide into BUILDING and QUICKSTART (#780).
- Update CNI plugin in documentation and conformance test scripts (#739).
- General improvements to third-party license scanning (#686, #719, #768).
- Add policycoreutils, secilc, and squashfs-tools to SDK (#678, #690).
- Update to Rust 1.41 and Go 1.13.8 (#711, #733).
- Disallow upstream source fallback by default (#735).
- Move host, operator, and SDK containers to their own git repos (#743, #751, #775).
- Improve the syntax of migrations listed in Release.toml (#687).
- Add arm64 builds for host-containers (#694).
- Build stable image paths using symlinks in
build/latest/(#767). - Add a
set-migrationssubcommand to theupdatatool (#756). - Remove
rpm_crashtracebacktag from go builds (#779). - Rename built artifacts to specify variant before arch (#776).
- Update SDK to v0.9.0 (#790).
- Fix architecture conditional in glibc spec (#787).
- Rename the
workspacesdirectory tosourcesand theworkspacespackage toos. (#770).
- Make
signpostusage clearer to avoid updating into empty partition (#444). - Fix handling of wave bounds in
updogthat could result in seeing an update but not accepting it (#539). - Add support for query parameters in repo requests to allow for basic telemetry (#542).
- Enable support for SELinux in OS packages (not yet enforcing) (#579).
- Make grub reboot when config or kernel loading fails so it can try other partition sets (#585).
- Add support for image "variants" with separate API models (#578, #588, #589, #591, #597, #613, #625, #626, #627, #653). The default variant is "aws-k8s" for Kubernetes usage, and an "aws-dev" variant can be built that has a local Docker daemon and debug tools.
- Remove unused cri-tools package (#602).
- Update Linux kernel to 4.19.75-28.73.amzn2 (#622).
- Make containerd.service stop containerd-shims to fix shutdown/reboot delay (#652).
- Ensure
updogonly removes known extensions from migration filenames (#662). - Add OS version to "pretty name" so it's visible in console log (#663).
- Reorganize "getting started" documentation for clarity (#581).
- Fix formatting of kube-proxy options in install guide (#584).
- Specify compatible cargo-deny version in install guide (#631).
- Fix typos and improve clarity of install guide (#639).
- Add scripts to ease Kubernetes conformance testing through Sonobuoy (#530).
- Add release metadata file to be used in future automation (#556, #594).
- Update dependencies of third-party packages in base OS (#595).
- Update dependencies of Rust packages (#598).
- Update SDK container to include Rust 1.40.0, GCC 9.2, and other small fixes (#603, #628).
- Fix aarch64 build failure for libcap (#621).
- Add initial container definitions and scripts for CI process (#619, #624, #633, #646, #647, #651, #654, #658).
- Several settings now have added validation for their contents. Upgrades from v0.1 that use invalid settings values will result in a broken system.
- Host container names (e.g.
admininsettings.host-containers.admin) are restricted to ASCII alphanumeric characters and hyphens (#450). settings.kubernetes.api-server,settings.updates.metadata-base-urlandtarget-base-url,settings.host-containers.*.sources, andsettings.ntp.time-serversare now validated to be URIs (#549).settings.kubernetes.cluster_name,settings.kubernetes.node-labels, andsettings.kubernetes.node-taintsare now verified to fit Kubernetes naming conventions (#549).- Most settings values disallow multi-line strings (#453, #483).
- Host container names (e.g.
- Additional characters are permitted in API keys; for example, dots and slashes in Kubernetes labels. Downgrades from v0.2 that use dots and slashes in API keys will result in a broken system (#511).
- Add
dogswatch, a Kubernetes operator for managing OS upgrades (#239). - More accurately represent data type of update seed (#430).
- Retry host container pulls with exponential backoff (#433).
- Better model startup dependencies in systemd units (#442).
- Enable panic on disk corruption detected with dm_verity (#445).
- Add persistent storage for host containers, mapped to
/.bottlerocket/host-containers/[CONTAINER_NAME](#450, #555). - Persist SSH host keys for admin container (#450).
- Use admin container v0.2 by default (#450, #536).
- Use control container v0.2 by default (#472, #536).
- Print most critical errors to the console to aid debugging (#476, #479, #546).
- Update Linux kernel to 4.19.75-27.58.amzn2 (#478).
- Updated partitions are marked
successfulafter services start (#481). - Kernel config is available at
/proc/config.gz(#482). - Prepare
toughfor separate release, including: - Simplify representation of default metadata (#491).
apiclient(available via the host containers) exits non-zero on HTTP response errors (#498).apiclientbuilds as a static binary (#552)./proc/kheaders.tar.xzis enabled in the kernel (#557).settings-committerno longer errors at boot when there are no changes to commit (#559).migratorandupdogset migrations executable before running to work around a v0.1.6 bug (#561, #567).
- Document how to use Bottlerocket's default for the
nf_conntrack_maxkernel parameter when usingkube-proxy(#391). - Fix example user data for enabling admin container (#448).
- Update build documentation for using Docker instead of
buildkitd(#506). - Update recommended CNI plugin version (#507).
- Document
settings.ntp.time-servers(#550). - Update INSTALL.md to use the instance role created by
eksctlinstead of creating a new one (#569).
- Add
updatatool, which builds update repository metadata (#265). - Create versioned symlinks to output images (#434).
- Add code and CloudFormation template for TUF repository canary (#490).
- Move the TUF client library,
tough, to its own repository and crates.io packages (#499). - Remove build dependency on the BuildKit daemon (#506).
- Switch to SDK container as toolchain for builds, rather than requiring local build of toolchain (#525).
- Turn
buildsysinto a binary and remove thecascadefeature (#562).
- The system fetches the pause container from ECR before starting
kubelet(#382). - New settings:
settings.kubernetes.node-labelsandsettings.kubernetes.node-taints(#390, #408). - The control container has an
enable-admin-containerhelper (#405, #413). Made default in v0.2.0 (#472). - Rust dependencies updated (#410).
thar-be-settingsadded trace-level messages in the client module (#411).updogno longer checks for migrations from new root images (#416).plutowas cleaned up to create an HTTP connection more consistently (#419).- Settings that are usually generated may have defaults, and
settings.kubernetes.max-podsdefaults to110if the EC2 instance type cannot be determined (#420). - The admin container MOTD is clearer about where the host's filesystem is mounted (#424).
block-party(used ingrowpartandsignpost) errors are better structured (#425).thar-be-settingslogs render errors when running in--allmode (#427).- Recommended
sysctlsettings from the Kernel Self Protection Project are now used (#435). acpidis enabled by default to handle power button signals sent by EC2 on stop/restart/terminate events (#437).host-ctrcorrectly fetches images from non-ECR registries (#439; this regression occurred after v0.1.5).
- amiize uses a short connection timeout when testing SSH connectivity (#409).
tuftoolonly downloads an arbitraryroot.jsonwith--allow-root-download(#421).- BuildKit updated to v0.6.2 (#423, #429).
- First-party Rust code is built in the same
rpmbuildinvocation to improve build times (#428). tuftoolcorrectly uses the--timestamp-{version,expires}arguments instead of the--snapshot-{version,expires}arguments in the timestamp role (#438).tuftoolaccepts relative dates (#438).