v1.9.0

3 min read

Release Notes

These release notes describe all changes since the previous minor release, v1.8.0, not since the most recent 1.8.x patch. Some of the fixes and enhancements listed below were also delivered in the v1.8.1 through v1.8.8 patch releases; they are repeated here so this page is a complete record of what changed across the 1.8 line.

New Features & Enhancements

KVM backend (Early Access)

This release introduces support for KVM as a hypervisor backend for Edera Protect, alongside the existing Xen backend. KVM support ships as Early Access: the feature is supported, but its install surface, error messages, and defaults may change before general availability. The Xen backend is unaffected; existing Xen-based installs continue to behave the same way they did before this release.

Xen remains the default. To install with KVM, set HYPERVISOR=kvm when running the installer. For the full install walkthrough, see Install Edera with KVM.

What the KVM install path does differently from Xen:

  • Checks /dev/kvm during preflight instead of checking for a Xen-enabled host kernel.
  • Does not modify GRUB.
  • Does not reboot the node. When the installer exits, the daemon is already running.

Scope of this Early Access:

  • Covered: x86_64 Linux hosts, zone launch, lifecycle, console, memory ballooning, disk hotplug, PCI passthrough, and virtio-fs mounts on the KVM backend.
  • Not yet covered: ARM64, AMI-specific packaging, daemon restart support (restarting protect-daemon implicitly kills running zones on KVM), full-stack NUMA support, I/O and CPU performance tuning, deadline scheduling, comprehensive testing and validation.

NVIDIA GPU support for Kubernetes

Added preliminary support for NVIDIA GPU accelerators in Edera zones on Kubernetes.

Kubernetes

  • Added a CRI sandbox backpressure system to keep the runtime stable under high pod churn.
  • The CNI plugin path is now configurable.
  • CNI config loading now falls back to the deprecated .conf extension, if no .conflists are present.
  • Added support for the ReopenContainerLog CRI RPC.
  • protect-cri now validates the node’s configured CNI plugins and configuration list on startup, and gates its own readiness on all CNI plugins being properly discovered and configured.

Observability

  • protect-monitor now supports node-type modes and alternate meminfo shims.
  • Refactored the protect-orchestrator metrics service.

Core

  • Reworked IDM transport to be lossless, with backpressure and ring buffer reuse that survives daemon restarts.
  • Improved Xen channel throughput by separating output handler feeds.
  • Improved throughput when many workload logs are being streamed from workloads.

Installer

  • The installer now integrates edera-debug-report.

Bug Fixes

Core

  • Reworked multicast channels to be more reliable and robust.
  • Fixed an issue where a workload with no standard in would repeatedly hammer the IDM buffer with end-of-file messages.
  • Route IDM stream-response cancellation through the same priority queue as data.
  • Avoid an excessive 200 ms wait for block device unloop that could stall zone destroy unnecessarily.

Kubernetes

  • Filter out link-local addresses during CNI scraping.
  • Added support for ipvlan CNI in L2, L3, and L3S modes, including same-subnet peer handling and additional IPv4/IPv6 corner cases in L3s mode.
  • Handle the case where no routes are defined in the ipvlan CNI config.
  • Fixed zone route accounting (fixes cilium with IPv6).
  • Align in-zone container exec capabilities with runtime defaults.
  • Ensure CreateContainer RPC waits until the workload is cleaned up, to correctly backpressure kubelet CRI RPC invocations.
  • Removed the protect-cri systemd Requires dependency on containerd, so a containerd restart no longer restarts protect-cri.

Miscellaneous

  • edera-check now detects Ubuntu’s snap-based Docker runtime and flags it as incompatible with Edera’s installer.
  • Include stderr output when reporting failed nft invocations.
  • Ensure OCI temporary files are removed in all cases.

Upgrade notes

There are no known breaking changes in this release from the previous minor or patch release. Existing Xen-based installs do not require changes.

Last updated on