v1.8.0

2 min read

Release Notes

New Features & Enhancements

Improved OCI Handling

Adopt the ocirender Rust library for OCI image handling for improved image compatibility, conformance, and performance.

Initial vNUMA placement optimization

Added support for automatic vNUMA locality optimization for DomU zones.

Installer

  • Many improvements to support different Linux distributions and EFI/bootloader configurations.
  • Xen GRUB bootloader entry generation and entry selection improvements.
  • A new standalone binary named edera-check has been introduced to validate your system readiness before running the Edera installer. See docs for details.

Kubernetes

  • Initial support for ipvlan CNI in L2/L3/L3S modes
  • Initial support for IPv6 clusters using flannel and ipvlan CNIs.
  • Added /var/lib/edera/protect/cni.toml file to support custom site-local CNI binary and configuration paths.
  • Added support for configuring pod sysctls via securityContext.sysctls

Miscellaneous

  • Zones now default to Linux 6.18 LTS kernel.
  • Added a debug bundle reporting tool to Edera AMIs, located at /var/lib/edera/protect/support on the AMI root filesystem.
  • Edera host kernel artifacts (image, config, module directories) are now suffixed with -edera.

Bug Fixes

Kubernetes integration

  • Align default in-zone container capabilities with other runtime defaults.
  • Fix issue where protect-daemon restarts during pod termination could leave stale workloads
  • Fix issue where, if multiple CNI config files are present on the node, the first lexically sorted filename would not be chosen.
  • Fix issue where fsGroup GIDs are not auto applied to the container UID.
  • Fix issue where securityContext.runAsXX fields were not used for kubectl exec process invocations.
  • Fix issue where K8S authenticated pulls would break when used with images with the latest tag.
  • Fix issue where container UID, if defined, was ignored.
  • Fix issue where container processes would receive an incorrect OOMKILL score.
  • Fix issue where kubectl port-forward would not terminate correctly.

Core

  • Improve raw block device mounting defaults under Xen, which should increase disk performance in some cases.
  • Fix issue where non-k8s networking initial packet latency was abnormally high.
  • Improve systemd unit dependency defaults.
  • Fix issue where the HOSTNAME environment variable was not always set in workloads.

Installer fixes

  • Fixed issue where the protect -> protect-ctl symlink might not be created
  • Fixed issue where some variant Linux distributions with unique EFI/GRUB configurations (CentOS, SUSE) might not be properly detected.

Known issues

  • PVH support is still in beta:

    • K8S manifest resource allocation is nonfunctional under PVH.

  • Xen channel resource exhaustion under certain scenarios:

    • This will be fixed in a subsequent release.

Upgrade notes

There are no known breaking changes in this release from the previous release v1.7.2.

Last updated on