v1.7.0

2 min read

Release Notes

New Features & Enhancements

PVH support

Add support for allocation of 1 GB and 2 MB pages to improve performance.

Installer

Installer now checks currently mounted host filesystems to dynamically build the correct root filesystem drivers into the initrd for initial boot.

Kubernetes

Basic support for Flannel CNI.

Miscellaneous

  • Report Edera version number as part of CONTAINER-RUNTIME field with kubectl get nodes -o wide.

Bug Fixes

Kubernetes integration

  • Fixed issue where container termination messages were not always compliant with other CRI runtimes.
  • Fixed issue where pod log flushing behavior was not always correct.
  • Fixed issue where containers in the same pod did not share the same IPC namespace by default.
  • Fixed issue where Edera pods in a Kubernetes dual-stack cluster would not report all CNI-assigned IP addresses to Kubernetes.
  • Fixed issue where imagePullPolicy: Always might not fully bust the cache.
  • Fixed issue where Flannel and other CNI plugins did not work, due to incorrect subnet mask mirroring.
  • Ensure protect-cri systemd service starts before kubelet.
  • Fixed issue where Edera-managed pod stderr logs would not propagate correctly via kubectl logs.

Core

  • Fixed issue where PVH shadow pool size was incorrect, leading to PVH zones not starting.
  • Fixed issues with vCPU bring-up order under PVH.
  • Fixed issue where very long symlink targets in OCI images might be incorrectly truncated due to lack of extended PAX attribute propagation.
  • Fixed issue where mksquashfs process might not cleanly terminate in all cases.
  • Fixed issue where a cached image manifest might still prompt an unnecessary remote lookup.
  • Ensure protect-daemon systemd service restart doesn’t unnecessarily restart protect-storage service.

Installer fixes

  • Fixed issue where air-gapped installer was missing some newly added components.
  • Fixed issue where dracut initrd generation might fail silently if /boot is full.

Falco Plugin

  • pid 1 is now excluded by default from kernel syscall event monitoring.
  • Zone kernel 6.16 or newer is no longer required for Falco event streaming—any Edera zone kernel, including the default one, is supported for Falco event streaming.

Known issues

  • PVH support is still in beta:
    • The static resource policy is nonfunctional for PVH zones.
    • K8S manifest resource allocation is nonfunctional under PVH.

Upgrade notes

There are no known breaking changes in this release from the previous release v1.6.0.

Last updated on