v1.9.0

3 min read

Release Notes

These release notes describe all changes since the previous minor release, v1.8.0, not since the most recent 1.8.x patch. Some of the fixes and enhancements listed below were also delivered in the v1.8.1 through v1.8.8 patch releases; they are repeated here so this page is a complete record of what changed across the 1.8 line.

New Features & Enhancements

NVIDIA GPU support for Kubernetes

Added preliminary support for NVIDIA GPU accelerators in Edera zones on Kubernetes.

Kubernetes

  • Added a CRI sandbox backpressure system to keep the runtime stable under high pod churn.
  • The CNI plugin path is now configurable.
  • CNI config loading now falls back to the deprecated .conf extension, if no .conflists are present.
  • Added support for the ReopenContainerLog CRI RPC.
  • protect-cri now validates the node’s configured CNI plugins and configuration list on startup, and gates its own readiness on all CNI plugins being properly discovered and configured.

Observability

  • protect-monitor now supports node-type modes and alternate meminfo shims.
  • Refactored the protect-orchestrator metrics service.

Core

  • Reworked IDM transport to be lossless, with backpressure and ring buffer reuse that survives daemon restarts.
  • Improved Xen channel throughput by separating output handler feeds.
  • Improved throughput when many workload logs are being streamed from workloads.

Installer

  • The installer now integrates edera-debug-report.

Bug Fixes

Core

  • Reworked multicast channels to be more reliable and robust.
  • Fixed an issue where a workload with no standard in would repeatedly hammer the IDM buffer with end-of-file messages.
  • Route IDM stream-response cancellation through the same priority queue as data.
  • Avoid an excessive 200 ms wait for block device unloop that could stall zone destroy unnecessarily.

Kubernetes

  • Filter out link-local addresses during CNI scraping.
  • Added support for ipvlan CNI in L2, L3, and L3S modes, including same-subnet peer handling and additional IPv4/IPv6 corner cases in L3s mode.
  • Handle the case where no routes are defined in the ipvlan CNI config.
  • Fixed zone route accounting (fixes cilium with IPv6).
  • Align in-zone container exec capabilities with runtime defaults.
  • Ensure CreateContainer RPC waits until the workload is cleaned up, to correctly backpressure kubelet CRI RPC invocations.
  • Removed the protect-cri systemd Requires dependency on containerd, so a containerd restart no longer restarts protect-cri.

Miscellaneous

  • edera-check now detects Ubuntu’s snap-based Docker runtime and flags it as incompatible with Edera’s installer.
  • Include stderr output when reporting failed nft invocations.
  • Ensure OCI temporary files are removed in all cases.

Upgrade notes

There are no known breaking changes in this release from the previous minor or patch release.

Last updated on