v1.2.0

2 min read

Release overview

This release contains important fixes for existing features, support for mounting host block devices, and new host and zone metrics.

What’s new

  • Initial zone CPU utilization metrics added to the Protect /metrics Prometheus endpoint.
  • Initial host CPU and memory utilization metrics added to the Protect /metrics Prometheus endpoint.
  • Zone status metrics added to the Protect /metrics Prometheus endpoint.
  • Support for mounting block devices from the host into workloads.

Fixes and improvements

  • Fixes for privileged mode.
  • Fixes for non-Kubernetes workload networking.
  • Pulling very large OCI images is more reliable and consumes fewer host resources.
  • The Protect Installer now supports appending custom Linux and Xen command line arguments via EDERA_PROTECT_INSTALLER_LINUX_CMDLINE_APPEND and EDERA_PROTECT_INSTALLER_XEN_CMDLINE_APPEND.
  • The Protect Installer now more accurately detects kubelet config on some RPM-based distributions.

Changes to behavior

  • A Protect zone no longer scrapes or stores process environment variables.
  • /dev/shm is now mounted in Protect zones and visible to workloads (currently limited to half of configured zone RAM size).
  • OCI image fetch and unpack now uses /var/lib/edera/protect/tmp on the host. Host-mounted tmpfs is no longer used to avoid large image fetches exhausting RAM.

Mounting host block devices

To make host devices available to workloads:

# /var/lib/edera/protect/daemon.toml
[block.devices]
[block.devices.disk0]
path = "/dev/sdb"

Then run:

systemctl restart protect-daemon
protect device list
protect zone launch -n test --attach-scratch-disk disk0
protect workload launch -z test -n test alpine:latest --mount-scratch-disk /workload/mount/path

You should be able to exec into the workload and validate the volume is mounted on /workload/mount/path.

Security updates

  • A Protect zone no longer scrapes or stores process environment variables.

Known issues

None reported in this release.

Upgrade notes

There are no known breaking changes in this release from the previous release v1.1.0.

Last updated on