v2.0.0
With Kairos you can build immutable, bootable Kubernetes and OS images for your edge devices as easily as writing a Dockerfile. Optional P2P mesh with distributed ledger automates node bootstrapping and coordination. Updating nodes is as easy as CI/CD: push a new image to your container registry and let secure, risk-free A/B atomic upgrades do the rest.
Documentation |
Contribute |
---|---|
📚 Getting started with Kairos |
Kairos is a cloud-native meta-Linux distribution that brings the power of public cloud to your on-premises environment. With Kairos, you can build your own cloud with complete control and no vendor lock-in. It allows you to easily spin up a Kubernetes cluster with the Linux distribution of your choice, and manage the entire cluster lifecycle with Kubernetes.
For releases with k3s embedded, see here.
🔦 Highlights
This is a major releases as #877 is a core change of the Kairos boot process.
We replaced the former dracut modules (a set of bash scripts/dracut/systemd services), which were responsible for the immutability management of Kairos, with https://github.com/kairos-io/immucore, a self-contained binary which doesn't have dependencies and can run without dracut and systemd.
This allows us to:
- not depend anymore on systemd while set up immutability on boot ( allowing us to unblock #653 )
- have hybrid images (#656), that boots both UKI as a single file image, and as well as pivoting (as we are doing currently)
- pave the way for things like #873 #119 and much more
- debug things more cleanly, have a better testbed, and allow to integrate easily with golang
Besides, we have now full SBOM list attached to images, as part of the release process, and in-toto
attestation, allowing you to verify attestation also of SBOM lists, and have full audit of images. We also have integrated grype
and trivy
in our pipelines, and as such now releases contains also CVE reports, and finally we upload the generated reports as sarif file to GitHub to have notifications and see with more ease the impact of CVEs to the images.
There were also fixes to the Debian flavor (thanks to the community for reporting issues!) and now manual upgrades with private registries are supported, too.
Finally, it is also now possible to specify custom bind mounts path to overlay on top of the persistent partition, allowing to easily specify paths that you want to be persistent in the system via the cloud config file: https://kairos.io/docs/advanced/customizing/#customizing-the-file-system-hierarchy-using-custom-mounts .
What's Changed
- 🌱 Detect more information about runtime by @mudler in #956
- 📖 Add v1.6.0 announcement blog post by @mudler in #968
- 🔧 Use ci-robbot to open cloud config schema updates by @mauromorales in #971
- 📖 Add cloud-config.json for v1.6.0 by @mauromorales in #977
- 📖 Add documentation about schema validation by @mauromorales in #978
- 🐛 Backport dracut patch for ubuntu 20 iscsi by @Itxaka in #979
- 🌱 Create framework images for each flavor by @mudler in #973
- 🐛 remove kcrypt hook after reset by @paynejacob in #982
⚠️ 🎨 ✨ Use immucore 🦔 by @Itxaka in #877- ⬆️ Update repositories by @ci-robbot in #981
- 🐛 Update state.go (#987 by @Itxaka in #987
- 📖 Add airgap docs by @mudler in #986
- 🔧 Upgrade earthly action for nodejs deprecations by @mauromorales in #985
- 📖 Improve documentation on how to create a SealedVolume by @jimmykarily in #995
- 🔧 Use random free port for Spice display and SSH by @oz123 in #832
- 🤖 Add SBOM artifacts to CI pipelines by @mudler in #998
- 🤖 Fix cosign signing by @jimmykarily in #1015
- 🤖 Add test for #491dd04 by @jimmykarily in #962
- 🤖 Fix some tests rebuilding the iso by @Itxaka in #980
- Update earthly/earthly Docker tag to v0.7.1 by @renovate in #1000
- ⬆️ Update earthly/actions-setup digest to cce953f by @renovate in #1001
- 🤖 Allow testing immucore from branches by @Itxaka in #989
- Update Getting started Index with typo fixes by @Princesso in #993
- 🤖 Use VARIANT, output SBOM to build by @mudler in #1017
- 🤖 Attach trivy scan reports by @mudler in #1019
- 🤖 Update workflow permissions by @mudler in #1021
- 🤖 Run framework build on self-hosted by @mudler in #1022
- 🤖 Use sudo to move generated sarif files by @mudler in #1028
- 🌱 Make sure to remove generated keys during setup by @mudler in #1027
- 🤖 Fixup test targets by @mudler in #1034
- 🐧 Drop removed packages from opensuse-tumbleweed-arm-rpi by @mudler in #1041
- 🐧 Add systemd-resolved to Debian images by @mudler in #1043
- 🐛 Fix link to QR code by @oz123 in #1046
- Add missing repository in tumbleweed by @jimmykarily in #1052
- ⬆️ Update repositories by @ci-robbot in #1058
- 🤖 Add grype scan reports by @mudler in #1057
- 📖 Extend documentation with framework images by @mudler in #1054
- 📖 align versions in docs by @oz123 in #1050
- 🔧 try and fix path exclusion in CI by @oz123 in #1063
- 🤖 Add wildcard also on master workflow by @mudler in #1064
- 🐧 added zfs packages to all images by @paynejacob in #677
- 🐛 Improve network stage by @Itxaka in #1062
- 🤖 Add state check on netboot tests by @mudler in #1060
- 🐛 Fix manual install not supporting configuration url by @paynejacob in #963
- Update earthly/actions-setup digest to 2181cb2 by @renovate in #1024
- 🤖 Consistently install earthly from our packages repository by @mudler in #1071
- 🤖 Be consistent and install earthly in the CI by @mudler in #1072
- Bump ghw and fix state by @Itxaka in #1073
- 🤖 Fix ARM builds by @mudler in #1076
- 🤖 Update immucore dev testing by @Itxaka in #1059
- 🐛 Bump yip by @Itxaka in #1082
- 🤖 Pin trivy version by @mudler in #1090
- 🤖 Delete duplicate test suite registration by @mudler in #1091
- 🐛 downgrade yip by @Itxaka in #1088
- 📖 add post about KCD Amsterdam and Paris 2023 by @mauromorales in #1080
- ✨ Bump repos to get immucore v0.0.13 by @Itxaka in #1092
- 🐛 Schema for groups is not working by @Itxaka in #1077
- 🤖 Fixup trivy scans by @mudler in #1093
- 🤖 Fix users schema test by @Itxaka in #1101
- ✨ Drop system/shim package by @Itxaka in #1103
- 🤖 Various enhancement to security scans by @mudler in #1100
- ⬆️ Update repositories by @ci-robbot in #1107
- 🤖 Push proper framework tag by @Itxaka in #1108
- 🤖 Use earhly script for ARM builds by @mudler in #1110
- 🤖 Drop -P when calling earthly from the script by @mudler in #1112
- Update kubernetes.md: fix typo by @Princesso in #1119
- Update renovate/renovate Docker tag to v35 by @renovate in #1105
- Update quay.io/kairos/osbuilder-tools Docker tag to v0.5.3 by @renovate in #1095
- Update module golang.org/x/oauth2 to v0.6.0 by @renovate in #1104
- 🐧 Drop zfs from alpine-arm images by @mudler in #1128
- Update aquasec/trivy Docker tag to v0.38.3 by @renovate in #1096
- Update module github.com/onsi/gomega to v1.27.4 by @renovate in #1129
- Update module github.com/urfave/cli/v2 to v2.25.0 by @renovate in #1098
- Update module github.com/pterm/pterm to v0.12.55 by @renovate in #1086
- Update module github.com/swaggest/jsonschema-go to v0.3.48 by @renovate in #1094
- 🐛 Fix configuration not being merge by @oz123 in #1117
- 📖 Add collaboration announcement blog post by @mudler in #1126
- ⬆️ Update repositories by @ci-robbot in #1127
- 📖 "Guiding user stories" in contributor guidelines by @jbalonso in #1047
- 🌱 remove duplicate installation of
which
package in opensuse-leap Dockerfile by @flesser in #1137 - Update earthly/earthly Docker tag to v0.7.2 by @renovate in #1136
- Update module github.com/itchyny/gojq to v0.12.12 by @renovate in #1085
- 📖 Add documentation on how to gate upgrades with kyverno by @mudler in #1135
- ✨ Use kairos-sdk module by @Itxaka in #1140
- Update dependency alpinejs to v3.12.0 by @renovate in #1143
- Update actions/setup-go action to v4 by @renovate in #1147
- 📖 Add development notes for debugging stations by @mudler in #1145
- 📖 Clarify Auroraboot status in other OSes by @Itxaka in #1139
- 📖 Add newsletter link in community section by @Princesso in #1149
- Update module github.com/imdario/mergo to v0.3.14 by @renovate in #1148
- 📖 Add clarifications on reset and encryption configurations by @mudler in #1158
- Removed redundant kernel install by @areitz86 in #1160
- Removed redunant kernel install by @areitz86 in #1161
- ⬆️ Bump repositories by @Itxaka in #1163
- 🤖 Improve golang CI runs by @Itxaka in #1165
- Bump to newer sdk by @Itxaka in #1166
- 📖 Make sample systemd networking filename work out of the box by @robarnold in #1168
- ⬆️ Update repositories by @ci-robbot in #1169
- Update dependency jquery to v3.6.4 by @renovate in #1146
- Update dependency @fortawesome/fontawesome-free to v6.3.0 by @renovate in #1142
- ⬆️ Bump repositories by @Itxaka in #1174
- 📖 Understanding immutability by @mudler in #1081
- 🤖 Move repo bump to earthly by @Itxaka in #1183
- ⬆️ Update repositories by @ci-robbot in #1182
- Update module github.com/onsi/ginkgo/v2 to v2.9.2 by @renovate in #1184
- Update module github.com/onsi/gomega to v1.27.5 by @renovate in #1185
- ⬆️ Update repositories by @ci-robbot in #1186
- 🌱 Add auth flags to upgrade by @Itxaka in #1179
- Update module github.com/imdario/mergo to v0.3.15 by @renovate in #1190
- ⬆️ Update repositories by @ci-robbot in #1193
- 🤖 Push arm images in their own repo with img suffix by @mauromorales in #1033
- 🐛 Fix validator on long strings by @Itxaka in #1194
- 🤖 Copy sarif files from proper folder by @Itxaka in #1203
- 🐛 Pass version to build of kairos agent by @mauromorales in #1205
- Update module github.com/pterm/pterm to v0.12.57 by @renovate in #1206
- Update dependency @fortawesome/fontawesome-free to v6.4.0 by @renovate in #1198
- Update module github.com/urfave/cli/v2 to v2.25.1 by @renovate in #1195
- 🤖 Fix schema job to get tags and include missing schemas from alpha releases by @mauromorales in #1207
- ✨ Custom partitioning refactor config by @mauromorales in #1180
- Update module github.com/onsi/gomega to v1.27.6 by @renovate in #1219
- Change module path according to Go docs by @jimmykarily in #1220
- Update module github.com/kairos-io/kcrypt to v0.5.2 by @renovate in #1218
- ⬆️ Bump go in Earthly and workflows to ^1.20 by @mauromorales in #1213
- ⬆️ Update repositories by @ci-robbot in #1217
- 🌱 🐛 Run kcrypt in rootfs stage by @Itxaka in #1224
- 🤖 Attach and sign SBOM by @mudler in #1226
- Revert ":robot: Attach and sign SBOM" by @mudler in #1229
- ⬆️ Update repositories by @ci-robbot in #1230
- Remove dracut/kcrypt by @Itxaka in #1231
- 1197 - Add blog post about wireguard+kairos home lab setup by @jimmykarily in #1212
- 🤖 Attach and sign SBOM by @mudler in #1235
- Update aquasec/trivy Docker tag to v0.39.0 by @renovate in #1236
- 🤖 Build framework images on self-hosted during release by @mudler in #1241
- 🤖 Disable push from Earthly for framework images by @mudler in #1245
- 🤖 Disable push from Earthly for master by @mudler in #1246
- 📖 Add navbar on top of homepage by @mauromorales in #1242
- Update module github.com/pterm/pterm to v0.12.58 by @renovate in #1247
- 📖 Add a note on how to set a hardcoded k3s node name by @jimmykarily in #1244
- ⬆️ Update repositories by @ci-robbot in #1237
- Add instructions on how to use the
coco
bundle by @jimmykarily in #1243 - 🤖 Add version to goreleaser by @mauromorales in #1252
- Update peter-evans/create-pull-request action to v5 by @renovate in #1253
- 🐛 Add yaml extension to temp file created by webui by @mauromorales in #1260
- 🐛 Do not merge all cmdline arguments to generic config by @mauromorales in #1256
- Update module golang.org/x/net to v0.9.0 by @renovate in #1266
- Update aquasec/trivy Docker tag to v0.39.1 by @renovate in #1268
- ⬆️ Bump repositories by @Itxaka in #1272
- 📖 Update Schema by @ci-robbot in #1238
- ⬆️ Update repositories by @ci-robbot in #1280
- Update module github.com/swaggest/jsonschema-go to v0.3.49 by @renovate in #1279
- 📖 Update Schema by @ci-robbot in #1281
New Contributors
- @jbalonso made their first contribution in #1047
- @flesser made their first contribution in #1137
- @areitz86 made their first contribution in #1160
- @robarnold made their first contribution in #1168
Full Changelog: v1.6.0...v2.0.0