v0.17.0

Deprecation Notices

• We plan to drop support for the experimental Secure Comms mode in the next release.
• We plan to drop support for the vSphere provider in the next release.
• We are moving away from building guest images with packer in favor of mkosi. Support for packer images will be dropped in some future release.

If you require any of these features, please let the upstream community know immediately.

What's Changed

• release: 0.16.0 post release tasks by @stevenhorsman in #2605
• build(deps): bump github/codeql-action from 3.30.3 to 3.30.5 by @dependabot[bot] in #2591
• build(deps): bump actions/cache from 4.2.4 to 4.3.0 by @dependabot[bot] in #2592
• workflows: trigger AWS on 'schedule' event by @wainersm in #2603
• build(deps): bump github.com/klauspost/cpuid/v2 from 2.2.9 to 2.3.0 in /src/cloud-api-adaptor by @dependabot[bot] in #2595
• build(deps): bump actions/stale from 10.0.0 to 10.1.0 by @dependabot[bot] in #2612
• build(deps): bump docker/login-action from 3.5.0 to 3.6.0 by @dependabot[bot] in #2611
• build(deps): bump github/codeql-action from 3.30.5 to 3.30.6 by @dependabot[bot] in #2610
• build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @dependabot[bot] in #2613
• build(deps): bump github.com/vishvananda/netlink from 1.3.1-0.20250303224720-0e7078ed04c8 to 1.3.1 in /src/cloud-api-adaptor by @dependabot[bot] in #2614
• Bump protobuf 1.36.9 by @stevenhorsman in #2601
• build(deps): bump aws-actions/configure-aws-credentials from 4.2.1 to 5.1.0 by @dependabot[bot] in #2623
• build(deps): bump github/codeql-action from 3.30.6 to 4.30.7 by @dependabot[bot] in #2622
• build(deps): bump the protobuf group across 2 directories with 1 update by @dependabot[bot] in #2624
• build(deps): bump github.com/Azure/go-autorest/autorest from 0.11.27 to 0.11.30 in /src/cloud-api-adaptor by @dependabot[bot] in #2615
• build(deps): bump github/codeql-action from 4.30.7 to 4.30.8 by @dependabot[bot] in #2626
• azure: automatically generate ssh keys if missing by @esposem in #2621
• versions: Pin setup-envtest to last release by @stevenhorsman in #2632
• azure: clean SSHKeyPath only if it isn't empty by @esposem in #2630
• e2e: readd tdx to azure e2e tests by @mkulke in #2633
• e2e: remove ssh key from azure e2e-test provisioner by @mkulke in #2631
• build(deps): bump the x-crypto group across 2 directories with 1 update by @dependabot[bot] in #2627
• CI: promote libvirt CRI-O jobs to stable but secure_comms unstable by @wainersm in #2636
• byom: extend VM_POOL_IPS to handle range of IPs by @Amulyam24 in #2620
• build(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.18.2 to 1.19.1 in /src/cloud-api-adaptor by @dependabot[bot] in #2638
• e2e-test: get podvm name from CAA pod by @PrakashMuddana in #2629
• Introduce CI for AWS - part 3 by @wainersm in #2607
• build(deps): bump github/codeql-action from 4.30.8 to 4.30.9 by @dependabot[bot] in #2642
• azure: use Standard SSD for CVM storage by @snir911 in #2646
• Introduce CI for AWS - part 4 by @wainersm in #2645
• workflows: do not persist credentials on checkout by @wainersm in #2643
• e2e-test: address zizmor complaints in azure workflows by @mkulke in #2644
• build(deps): bump the x-extensions group across 2 directories with 2 updates by @dependabot[bot] in #2637
• test/e2e: fix panic in getCaaPodLogForPod() by @wainersm in #2647
• build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in #2650
• build(deps): bump github/codeql-action from 4.30.9 to 4.31.0 by @dependabot[bot] in #2649
• build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @ldoktor in #2655
• fix(gcp): Parse project ID from image path for cross-project support by @mateo-moon in #2654
• build(deps): bump the aws-sdk-go-v2 group across 2 directories with 8 updates by @dependabot[bot] in #2617
• build(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.18.2 to 1.19.1 in /src/cloud-providers by @dependabot[bot] in #2639
• versions: Bump golang to 1.24.9 by @gkurz in #2667
• build(deps): bump github/codeql-action from 4.31.0 to 4.31.2 by @dependabot[bot] in #2665
• versions: Use new golang 1.24.9 image by @gkurz in #2671
• build(deps): bump lycheeverse/lychee-action from 2.6.1 to 2.7.0 by @dependabot[bot] in #2660
• CI: fix latest unstability on AWS job by @wainersm in #2664
• workflows: Switch CAA arch build to use ibm cloud runners by @stevenhorsman in #2673
• Use local go modules by @gkurz in #2659
• docs: SEV deprecation by @arvindskumar99 in #2606
• workflows: Set the ppc64le arch explicitly in setup-go by @stevenhorsman in #2677
• build(deps): bump docker/setup-qemu-action from 3.6.0 to 3.7.0 by @dependabot[bot] in #2679
• podvm-mkosi: Add mention of TEE_PLATFORM env variable by @bpradipt in #2678
• build(deps): bump github/codeql-action from 4.31.2 to 4.31.3 by @dependabot[bot] in #2683
• podvm: fix IMDS setup timeout by @snir911 in #2685
• ibmcloud: introduce custom tag list for peer pods by @Pacho20 in #2618
• Add GCP subnetwork support with flexible format handling by @mateo-moon in #2672
• versions: Bump kata runtime to 3.23.0 ~pre-~release by @stevenhorsman in #2682
• build(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 in /src/cloud-providers by @dependabot[bot] in #2690
• Operator pin 0.17.0 by @stevenhorsman in #2692
• Release/0.17.0 by @stevenhorsman in #2693

New Contributors

• @mateo-moon made their first contribution in #2654
• @gkurz made their first contribution in #2667
• @arvindskumar99 made their first contribution in #2606

Full Changelog: v0.16.0...v0.17.0

v0.16.0

What's Changed

• workflows: Add scorecard workflow by @stevenhorsman in #2530
• cloud: Prioritise instance type annotation for selection by @bpradipt in #2536
• podvm_mkosi: Update s390x run_mkosi_in_container by @stevenhorsman in #2500
• scratch-space: Update old references by @stevenhorsman in #2541
• Post 0.15.0 tasks by @stevenhorsman in #2538
• test/e2e: Add DoTestPodWithInitContainer to libvirt by @ajaypvictor in #2543
• test/e2e: Run cloud-provider unit tests in CI by @chathuryaadapa in #2544
• aws: add support to use temporary credentials by @wainersm in #2551
• build(deps): bump github/codeql-action from 3.24.9 to 3.30.1 by @dependabot[bot] in #2556
• build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by @dependabot[bot] in #2522
• build(deps): bump actions/cache from 4.2.3 to 4.2.4 by @dependabot[bot] in #2521
• build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 by @dependabot[bot] in #2545
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in #2546
• webhook: Increase cert deployment timeout by @ldoktor in #2553
• test/e2e: fix undefined types.ContainerListOptions error in docker_common.go by @wainersm in #2557
• cloud-providers: fix AWS and docker unit tests by @wainersm in #2558
• build(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.6.0 to 1.11.0 in /src/cloud-providers by @dependabot[bot] in #2526
• e2e: disable tdx e2e tests on azure temporarily by @mkulke in #2559
• Alibaba: add peerpodctrl support by @Xynnn007 in #2560
• entrypoint: ensure that comma-separate options don't have spaces by @esposem in #2529
• e2e: disable remaining tdx e2e jobs in az e2e test by @mkulke in #2562
• build(deps): bump github/codeql-action from 3.30.1 to 3.30.3 by @dependabot[bot] in #2566
• build(deps): bump oras-project/setup-oras from 1.2.3 to 1.2.4 by @dependabot[bot] in #2567
• Actions: Use x.y.z version string for gh actions by @ldoktor in #2571
• versions: Bump golang to 1.24.7 by @stevenhorsman in #2534
• build(deps): bump github.com/avast/retry-go/v4 from 4.5.1 to 4.6.1 in /src/cloud-providers by @dependabot[bot] in #2462
• build(deps): bump actions/stale from 9.1.0 to 10.0.0 by @dependabot[bot] in #2564
• build(deps): bump lycheeverse/lychee-action from 2.5.0 to 2.6.1 by @dependabot[bot] in #2572
• build(deps): bump actions/attest-build-provenance from 2.4.0 to 3.0.0 by @dependabot[bot] in #2573
• build(deps): bump actions/setup-go from 5.5.0 to 6.0.0 by @dependabot[bot] in #2568
• versions: Bump the builder image by @stevenhorsman in #2535
• build(deps): bump golang.org/x/oauth2 from 0.29.0 to 0.31.0 in /src/cloud-providers by @dependabot[bot] in #2569
• test/e2e: adding pvc options and refactoring pvc/secret binding by @ramachandrach in #2555
• build(deps): bump golang.org/x/net from 0.42.0 to 0.44.0 in /src/cloud-api-adaptor in the x-net group across 1 directory by @dependabot[bot] in #2576
• podvm: place scratch-space condition correctly by @mkulke in #2580
• ci: update terraform spec for nvme images on azure by @mkulke in #2582
• Daily e2e test name clarifications by @stevenhorsman in #2583
• test/e2e: Increase memory limit by @stevenhorsman in #2579
• ci(zizmor):adding GHA scan targets for PR events by @eshantatIBM in #2570
• ide: add DevContainer profiles to simplify onboarding by @nmwael in #2574
• build(deps): bump github.com/vishvananda/netlink from 1.2.1-beta.2 to 1.3.1 in /src/cloud-api-adaptor by @dependabot[bot] in #2460
• ci: add azure workflow + infra for podvm release by @mkulke in #2584
• Kata 3.21.0 bump by @stevenhorsman in #2586
• workflows: e2e_docker: Clean up space by @stevenhorsman in #2587
• ci: Check for AGENT_TOOLSDIRECTORY being set by @stevenhorsman in #2589
• Introduce Bring-Your-Own-Machine (BYOM) provider by @bpradipt in #2554
• build(deps): bump zizmorcore/zizmor-action from 0.1.2 to 0.2.0 by @dependabot[bot] in #2593
• ci: Introduce retry mechanism for yq parsing flakiness by @BbolroC in #2588
• Introduce CI for AWS - part 2 by @wainersm in #2552
• e2e-test: fix azure community gallery name by @mkulke in #2598
• versions: Pin operator version by @stevenhorsman in #2599
• release: 0.16.0 release pins & bumps by @stevenhorsman in #2602

New Contributors

• @ramachandrach made their first contribution in #2555
• @eshantatIBM made their first contribution in #2570
• @nmwael made their first contribution in #2574

Full Changelog: v0.15.0...v0.16.0

v0.15.0

What's Changed

• aws: Update sdk to fix imds issue on EKS by @bpradipt in #2438
• bump the x-net group across 5 directories with 1 update by @dependabot[bot] in #2428
• workflows: Pin action hashes by @stevenhorsman in #2445
• podvm: fix Makefile not working by @frankbu in #2444
• V0.14.0 post release tasks by @stevenhorsman in #2440
• workflows: Remove docker hub support by @stevenhorsman in #2452
• caa: handle unavailable VM IPs by @squarti in #2454
• workflows: Delete daily ibmcloud results by @stevenhorsman in #2451
• podvm: Wait for net ready before setup-nat-for-imds by @ldoktor in #2450
• azure: implement root-volume-size support by @snir911 in #2465
• gcp: adding ability to bind tags to instances by @beraldoleal in #2422
• caa: allow docker image pull secrets with username/password only by @squarti in #2456
• workflows: Remove inherit secrets by @stevenhorsman in #2457
• build(deps): bump the x-net group across 5 directories with 1 update by @dependabot[bot] in #2459
• Golang 1.23.10 part 1 by @stevenhorsman in #2467
• Golang 1.23.10 part2 by @stevenhorsman in #2468
• ibmcloud-powervs: install iptables during podvm image build by @Amulyam24 in #2470
• build(deps): bump actions/attest-build-provenance from 2.3.0 to 2.4.0 by @dependabot[bot] in #2472
• build(deps): bump github/codeql-action from 3.28.19 to 3.29.0 by @dependabot[bot] in #2473
• build(deps): bump the aws-sdk-go-v2 group across 1 directory with 6 updates by @dependabot[bot] in #2476
• build(deps): bump github.com/moby/sys/mountinfo from 0.7.1 to 0.7.2 in /src/cloud-api-adaptor by @dependabot[bot] in #2475
• workflows: Add default permissions by @stevenhorsman in #2443
• aws: deprecate centos image by @msalman-abid in #2449
• tests/e2e : to verify caa logs with expected string by @PrakashMuddana in #2389
• podvm: Extract podvm smoke test into shell script by @ldoktor in #2376
• e2e-test: add id-token: write when invoking wf's by @mkulke in #2477
• build(deps): bump github.com/vishvananda/netns from 0.0.4 to 0.0.5 in /src/cloud-api-adaptor by @dependabot[bot] in #2474
• build(deps): bump docker/setup-buildx-action from 3.10.0 to 3.11.1 by @dependabot[bot] in #2484
• build(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.6.0 to 1.10.1 in /src/cloud-api-adaptor by @dependabot[bot] in #2482
• ibmcloud: add VPE gateway SG rule to ROKS setup doc by @frankbu in #2478
• azure: add az-copy-image tool by @mkulke in #2469
• podvm: add OCICRYPT CONFIG for image pulling by @Xynnn007 in #2489
• aws: Use dmi data for detecting AWS by @bpradipt in #2491
• ibmcloud-powervs: remove trailing zeros while printing instance details by @Amulyam24 in #2490
• build(deps): bump github/codeql-action from 3.29.0 to 3.29.1 by @dependabot[bot] in #2487
• Add disk storage support for container image store by @bpradipt in #2480
• agent-protocol-forwarder: daemon.json => apf.json by @mkulke in #2494
• scratch-space: only allow encrypted scratch space by @mkulke in #2495
• build(deps): bump github/codeql-action from 3.29.1 to 3.29.2 by @dependabot[bot] in #2497
• ibmcloud: add tip to use Trusted Profile to ROKS setup doc by @Pacho20 in #2499
• gcp: avoid printing credentials to log by @snir911 in #2498
• versions: Bump umoci to 0.5.0 by @ajaypvictor in #2507
• versions: Bump to kata 3.18.0 by @stevenhorsman in #2479
• versions: Bump kcli by @stevenhorsman in #2511
• ibmcloud: modify SG rule setup in ROKS setup doc by @Pacho20 in #2504
• build(deps): bump github/codeql-action from 3.29.2 to 3.29.4 by @dependabot[bot] in #2513
• build(deps): bump github/codeql-action from 3.29.4 to 3.29.5 by @dependabot[bot] in #2517
• podvm: backport setup-nat-for-imds.service configuration by @snir911 in #2518
• Readme: add openssf badge by @mkulke in #2519
• build(deps): bump github/codeql-action from 3.29.7 to 3.29.8 by @dependabot[bot] in #2524
• tests/e2e: libvirt: Attempts to stablise the libvirt e2e tests and resolve the webhook install issues by @stevenhorsman in #2515
• build(deps): bump golang.org/x/oauth2 from 0.12.0 to 0.27.0 in /src/webhook by @dependabot[bot] in #2508
• Kata 3.19.1 bump by @stevenhorsman in #2510
• versions: Bump github.com/docker/docker by @stevenhorsman in #2531
• build(deps): bump github/codeql-action from 3.29.8 to 3.29.9 by @dependabot[bot] in #2532
• build(deps): bump lycheeverse/lychee-action from 2.4.1 to 2.5.0 by @dependabot[bot] in #2523
• build(deps): bump docker/login-action from 3.4.0 to 3.5.0 by @dependabot[bot] in #2520
• 0.15.0 release by @stevenhorsman in #2533

New Contributors

• @msalman-abid made their first contribution in #2449
• @Pacho20 made their first contribution in #2499

Full Changelog: v0.14.0...v0.15.0

v0.14.0

What's Changed

• V0.13.0 post release tasks by @stevenhorsman in #2359
• workflow: podvm_mkosi: Fix docker image registry by @stevenhorsman in #2358
• tests/e2e: Add option to override CAA namespace by @stevenhorsman in #2329
• ibmcloud: add INITDATA to CLI peerpod properties by @frankbu in #2364
• ibmcloud: update vpc-go-sdk to v0.66.0 release by @frankbu in #2362
• podvm: support aarch64/ARM64 build by @xutao323 in #2357
• versions: Bump kcli to 99.0.202504041449 by @BbolroC in #2321
• ibmcloud-powervs: pass instance ID instead of instance while fetching VM IP by @Amulyam24 in #2368
• podvm: provide attested measurements in OCI by @mkulke in #2363
• version: Bump golang version in builder by @stevenhorsman in #2370
• Golang bump 1.23.8 by @stevenhorsman in #2371
• nvidia: set Nvidia's CDI annotation based on default_gpus by @snir911 in #2302
• Doc changes by @bpradipt in #2369
• tests/e2e : Add initdata related test cases, invalied initdata by @rafsalr in #2337
• podvm: Remove libtdx library install by @stevenhorsman in #2374
• build(deps): bump actions/attest-build-provenance from 1 to 2 by @dependabot in #2375
• caa: Enable running without Kubernetes by @spotlesstofu in #2301
• versions: Bump golang.org/x/net to v0.38.0 by @stevenhorsman in #2383
• ibmcloud: add Trustee instructions to ROKS demo doc by @frankbu in #2379
• ibmcloud: pod annotation to override image id by @frankbu in #2380
• ibmcloud: improve image selection logging by @frankbu in #2390
• podvm: remove --no-verify by @ANJANA-A-R-K in #2352
• ibmcloud: use SDK constant for TDX confidential compute mode. by @frankbu in #2391
• podvm-mkosi: Add a few useful remarks to README by @ldoktor in #2377
• ibmcloud: add instructions to deploy a sample Trustee. by @frankbu in #2394
• initdata: gunzip body by @mkulke in #2388
• azure-e2e: fix truncated digest test by @mkulke in #2398
• ibmcloud: gzip INITDATA in ROKS setup instructions. by @frankbu in #2399
• podvm: fix GO_ARCH env by @Xynnn007 in #2401
• podvm: add dependency and default images to rhel Dockerfiles by @frankbu in #2403
• ci: Skip checklinks job by @stevenhorsman in #2407
• ibmcloud-powervs: install oras and modify copy-files.sh for image build by @Amulyam24 in #2366
• caa: Refactor DISABLECVM setting by @stevenhorsman in #2360
• Bump: golang.org/x/oauth2 to address CVE by @chathuryaadapa in #2404
• gcp: improved image source format detection by @pawelpros in #2393
• ibmcloud: update ROKS demo doc image instructions by @frankbu in #2408
• Revert "ci: add yq shim for v3/v4 support" by @stevenhorsman in #2411
• docs: added gzip + base64 encoding info by @pawelpros in #2413
• caa: publish the cloud-api-adaptor image with ibmcloud_powervs provider by @Amulyam24 in #2410
• caa: update versions for IBM go dependencies by @Amulyam24 in #2418
• podvm-mkosi: update podvm image to fedora 41 by @mkulke in #2419
• 3.17.0 dependency bump by @stevenhorsman in #2421
• Add support for Alibaba Cloud by @Xynnn007 in #2396
• Dependabot go configuration by @stevenhorsman in #2402
• libvirt: Add podvm instance cpu and mem size support for libvirt by @savitrilh in #2116
• workflows: dependabot commit check skip by @stevenhorsman in #2432
• caa: Fix typo in initdata documentation by @c3d in #2417
• docker: bump fedora image to 41 by @spotlesstofu in #2330
• alibaba: update Community image id by @Xynnn007 in #2433
• tests/e2e:running all testcommands, erroring if pod not found by @PrakashMuddana in #2361
• caa: add map mutex in PeerPodService by @squarti in #2431
• peerpod-ctrl: Support multiple providers in peerpod-ctrl by @squarti in #2381
• AlibabaCloud: document and kustomization update by @Xynnn007 in #2434
• 0.14.0 release by @stevenhorsman in #2435

New Contributors

• @rafsalr made their first contribution in #2337
• @spotlesstofu made their first contribution in #2301
• @Xynnn007 made their first contribution in #2401
• @pawelpros made their first contribution in #2393
• @savitrilh made their first contribution in #2116
• @c3d made their first contribution in #2417
• @PrakashMuddana made their first contribution in #2361

Full Changelog: v0.13.0...v0.14.0

v0.13.0

What's Changed

• test/aws: disable, enable and fix tests by @wainersm in #2262
• gcp: add note on discard_unpacked_layers for GKE by @beraldoleal in #2257
• Docker provider e2e test by @stevenhorsman in #2188
• workflow: podvm_mkosi: Update registry by @stevenhorsman in #2271
• podvm: Add --pull option to import.sh and download-image.sh by @frankbu in #2268
• V0.12.0 post release tasks by @stevenhorsman in #2270
• gcp: handle image in two formats by @beraldoleal in #2282
• gcp: allow users to set podvm disk-type and align CLI options by @beraldoleal in #2281
• workflow: Add test_e2e_docker trigger by @stevenhorsman in #2277
• docker: Use iptables-wrapper in pod VM container image by @yoheiueda in #2275
• version: Bump golang to 1.22.12 by @stevenhorsman in #2286
• versions: Bump golang-fedora image version by @stevenhorsman in #2287
• Fix incorrect assignment of Image ID by @bpradipt in #2291
• ibmcloud: update vpc-go-sdk to v0.64.0 release by @frankbu in #2289
• ibmcloud: fix import.sh bucket selection by @frankbu in #2280
• Paremetrise peerpods socket and pods dir param by @bpradipt in #2292
• ibmcloud: add option to enable/disable confidential VM by @frankbu in #2295
• AWS: improve logging for clarity by @EmmEff in #2288
• ibmcloud: disable confidential VM in ROKS demo doc by @frankbu in #2298
• ibmcloud: Improvements to ROKS demo instructions by @gcoon151 in #2253
• libvirt: Remove SEV code by @stevenhorsman in #2299
• GCP: introducing provisioning code and tests by @beraldoleal in #2290
• version: Bump golang version in builder by @stevenhorsman in #2308
• Introduce CI for AWS - part 1 by @wainersm in #2274
• versions: Bump golang.org/x/crypto by @stevenhorsman in #2307
• workflow: e2e_libvirt running out of space by @stevenhorsman in #2309
• mkosi: fix Fedora GPG key issue in mkosi build by @beraldoleal in #2303
• ibmcloud: Use beta go vpc sdk to enable TDX configuration by @frankbu in #2306
• ci: add delay on podvm smoke-test by @mkulke in #2269
• test/e2e: Update testcases for HTTPS KBS by @chathuryaadapa in #2285
• workflow:e2e_run_all: Switch s390x image build runner by @stevenhorsman in #2312
• workflow: podvm_mkosi: Switch s390x image build runner by @stevenhorsman in #2313
• Update CLOUD_PROVIDER for iptables installation by @ajaypvictor in #2305
• adaptor: log error causing agent proxy connection failure by @frankbu in #2315
• podvm_mkosi: Use container to run mkosi on s390x by @BbolroC in #2317
• ibmcloud: add confidential mode instructions to ROKS demo doc by @frankbu in #2318
• ibmcloud: add another security group in ROKS demo instructions by @frankbu in #2319
• ibmcloud-powervs: fix processors config by @squarti in #2324
• GHA: Use 390x runners again for building libvirt test artifacts by @BbolroC in #2322
• Fixes for RHEL/s390x PODVM builds by @ifireball in #2320
• versions: Attempt to use Ubuntu 24.04 in packer by @stevenhorsman in #2293
• podvm: Set PROTOC_ARCH for s390x to s390_64 by @BbolroC in #2328
• ibmcloud: Move away from Ubuntu 20.04 by @stevenhorsman in #2326
• e2e: fix initdata templating by @mkulke in #2332
• ibmcloud-powervs: Set PodVM name maximum length to 47 by @squarti in #2334
• gcp: implement DISABLECVM logic by @beraldoleal in #2327
• CAA: add support to look up imagePullSecrets for pods by @squarti in #2232
• Misc fixes by @bpradipt in #2351
• ibmcloud-powervs: fix podvm image build by @Amulyam24 in #2339
• gcp: fetch disk image size dynamically and avoid using node's metadata service creds by @beraldoleal in #2345
• Support external network connectivity for the pod via pod VM network by @bpradipt in #2273
• ibmcloud-powervs: add powervs adaptor to peerpod controller by @squarti in #2347
• 3.15.0 dependency bump by @stevenhorsman in #2340
• ibmcloud-powervs: adjust systemType/processors/memory from annotations by @squarti in #2343
• ibmcloud: remove unneeded ns delete from ROKS doc by @frankbu in #2344
• provisioner: fix caa-provisioner-cli uninstall failures by @frankbu in #2341
• Go mod security bumps pre 0.13.0 by @stevenhorsman in #2355
• 0.13.0 release by @stevenhorsman in #2356

New Contributors

• @gcoon151 made their first contribution in #2253
• @ifireball made their first contribution in #2320

Full Changelog: v0.12.0...v0.13.0

v0.12.0

What's Changed

• release: v0.11.0 post-release work by @mkulke in #2175
• Podnetwork: removal of unused tunneler code and clean up by @yoheiueda in #2176
• process-user-data: create generic file provider for userdata by @mkulke in #2172
• ibmcloud: make image import.sh work on Mac by @frankbu in #2173
• csi: Fix AWS example for CSI wrapper by @bpradipt in #2178
• workflows: Add new mkosi e2e flow by @stevenhorsman in #2019
• azure: Install qemu-utils by @stevenhorsman in #2181
• workflows: Add workflow to close stale PRs by @stevenhorsman in #2167
• webhook: Fix undeploy target by @bpradipt in #2184
• workflow: Temporarily skip the s390x e2e tests by @stevenhorsman in #2185
• CI: run e2e tests for libvirt with CRI-O by @wainersm in #2068
• e2e-test: Add curl-jq test image by @mkulke in #2187
• workflow: Actually temporarily skip the s390x e2e tests by @stevenhorsman in #2191
• Kustomize: parameterize tunnel type by @yoheiueda in #2192
• test/e2e: Fix cri-o auth tests by @stevenhorsman in #2196
• aws: Update pre-built AMI id for 0.11.0 by @bpradipt in #2189
• podvm: mount cloud-config disk via ExecStartPre by @mkulke in #2195
• build(deps): bump actions/attest-build-provenance from 1 to 2 by @dependabot in #2200
• ibmcloud: PeerPod demo instructions for OpenShift clusters by @frankbu in #2180
• Makefile: support aarch64/arm64 build by @xutao323 in #2194
• providers/libvirt: add support for aarch64 host by @xutao323 in #2193
• podvm: truncate initdata digest to 32 bytes on az by @mkulke in #2186
• workflows: mksoi: Remove mid-build caching by @stevenhorsman in #2198
• S390x runner testing by @stevenhorsman in #2203
• test/e2e: improve nginx deployment test by @wainersm in #2044
• podvm-ci: un-restrict user ns on ubuntu 24.04 by @mkulke in #2199
• Try unskipping the previously flakey libvirt tests to check them by @stevenhorsman in #2183
• workflows: Switch s390x e2e runner by @stevenhorsman in #2206
• ci: re-order sysctl step for podvm_mkosi wf by @mkulke in #2209
• podvm: remove sudo if not required in Makefile by @mkulke in #2197
• webhook: Skip flakey e2e test by @stevenhorsman in #2205
• libvirt: Support Ubuntu 23.04+ by @stevenhorsman in #2005
• libvirt: Fix shell reload by @stevenhorsman in #2211
• versions: Bump golang.org/x/crypto by @stevenhorsman in #2208
• podvm_mkosi: multistage binaries by @stevenhorsman in #2204
• podvm_mkosi: Remove remaining references to builder by @stevenhorsman in #2215
• SecureComms: E2e Test SecureComms without KBS by @davidhadas in #2089
• doc: Add KinD create steps by @lysliu in #2225
• test/e2e: Add debug of failed pods by @stevenhorsman in #2216
• tests/e2e: Skip tests after analysis by @stevenhorsman in #2226
• versions: Bump golang.org/x/net by @stevenhorsman in #2221
• docker: Fix userdata bind mount path inside the container by @bpradipt in #2222
• caa: remove option to configure agent via userdata by @mkulke in #2201
• ci: install mkosi from repository by @mkulke in #2233
• build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 in /src/cloud-api-adaptor by @dependabot in #2236
• ci: bump azure podvm build workflow to 24.04 by @mkulke in #2238
• CI: don't install uefi deps on s390x podvm builds by @mkulke in #2235
• podvm: aws: set shutdown_behavior to terminate by @snir911 in #2230
• CI: build mkosi in docker + downgrade podvm to f39 by @mkulke in #2243
• ci: add podvm-smoketest workflow by @mkulke in #2247
• caa: Re-add ppc64le support to build by @stevenhorsman in #2237
• Small fixes on GCP deployment by @beraldoleal in #2239
• tests/e2e: Add kbs logs by @stevenhorsman in #2251
• Kata 3.13.0 dependency bump by @stevenhorsman in #2240
• Use logger instead of fmt.Printf() by @EmmEff in #2244
• gcp: fix block code in README by @beraldoleal in #2250
• podvm: Fix debug image build issue on s390x by @yoheiueda in #2260
• ibmcloud: Fixes and improvements to ROKS demo instructions by @frankbu in #2248
• ci: remove deprecated golangci-lint warnings by @EmmEff in #2245
• ibmcloud-powervs: fix timeout creating PowerVS (DHCP request) by @squarti in #2252
• Resolve golangci-lint warnings by @EmmEff in #2256
• version: Pin operator version by @stevenhorsman in #2261
• workflow: Downgrade github runner by @stevenhorsman in #2263
• version: Bump golang to 1.22.11 by @stevenhorsman in #2264
• versions: Bump golang-fedora image version by @stevenhorsman in #2265
• 0.12.0 release tasks by @stevenhorsman in #2266

Full Changelog: v0.11.0...v0.12.0

v0.11.0

What's Changed

• V0.10.0 post release tasks by @stevenhorsman in #2081
• build(deps): bump actions/upload-artifact from 2 to 4 by @dependabot in #2054
• build(deps): bump actions/download-artifact from 3 to 4 by @dependabot in #2052
• build(deps): bump docker/build-push-action from 3 to 6 by @dependabot in #2051
• podvm: Make download-image.sh always pull by @stevenhorsman in #2078
• build(deps): bump docker/login-action from 2 to 3 by @dependabot in #2069
• build(deps): bump nick-fields/retry from 2 to 3 by @dependabot in #2070
• Revert upload artifacts bump by @stevenhorsman in #2082
• build(deps): bump azure/login from 1 to 2 by @dependabot in #2087
• APF: Rename KataAgentNamespace by @davidhadas in #2067
• CI: adjust azure nightly workflow for actions/upload-artifact@4 by @mkulke in #2088
• Bump artifact versions in caa multi arch build by @stevenhorsman in #2090
• azure: switch nightly podvm to mkosi-based image by @mkulke in #2064
• checklinks: add link to exclude by @wainersm in #2091
• ci: fix azure nightly mkosi build by @mkulke in #2098
• kbs: Remove oci.kbs version and references by @stevenhorsman in #2077
• build(deps): bump actions/checkout from 2 to 4 by @dependabot in #2085
• build(deps): bump cachix/install-nix-action from 22 to 30 by @dependabot in #2083
• build(deps): bump actions/setup-go from 4 to 5 by @dependabot in #2086
• workflows: Install gh cli on self-hosted runner by @stevenhorsman in #2103
• ci: fix passing of image-id to e2e test by @mkulke in #2102
• workflows: Install kustomize on e2e workflows by @stevenhorsman in #2104
• test: Add checkout kbs helper script by @stevenhorsman in #2105
• test: don't use gh cli in kbs checkout by @mkulke in #2107
• Fix kustomize install for non root by @stevenhorsman in #2109
• SecureComms: Fix needed following changes in other components by @davidhadas in #2073
• util: verify provenance by @mkulke in #2110
• workflow: Fix kustomize permission issue by @stevenhorsman in #2111
• ci: add eastus2 region in azure nightly build by @ksandowi in #2118
• libvirt: Enable multiple PodVM image scenario by @ajaypvictor in #2061
• build(deps): bump actions/cache from 3 to 4 by @dependabot in #2113
• build(deps): bump lycheeverse/lychee-action from 1 to 2 by @dependabot in #2115
• build(deps): bump tim-actions/get-pr-commits from 1.2.0 to 1.3.1 by @dependabot in #2114
• build(deps): bump docker/setup-buildx-action from 1 to 3 by @dependabot in #2112
• ci: Pin the terraform lint runner by @stevenhorsman in #2120
• test: Update Trustee deployment to match the simplifed deployment overlays by @stevenhorsman in #2099
• caa: fixing toolchain not available by @beraldoleal in #2080
• csi-wrapper: pass PublishContext from ControllerPublishVolume to NodeStageVolume by @daniel-weisse in #2108
• csi-wrapper: add support for creating peerpod volumes with manually created persistent volumes by @daniel-weisse in #2106
• Deploy webhook by default and enable e2e by @bpradipt in #2066
• podvm: retrieve guest-components via ORAS by @mkulke in #2074
• workflow: e2e_libvirt fix rust version error by @stevenhorsman in #2125
• test/e2e: kbs: Use the cached kbs-client by @stevenhorsman in #2121
• ci: set golang cache key as **/go.sum glob by @mkulke in #2127
• workflows: Cancel previous jobs if PR/branch is updated by @stevenhorsman in #2129
• GitHub hosted runner support by @stevenhorsman in #2130
• ci: disable concurrency for child workflows by @mkulke in #2133
• versions: Bump fedora base image to f40 by @stevenhorsman in #2135
• workflow: Switch libvirt e2e test to gh-runnner by @stevenhorsman in #2134
• Assessment runner refactors by @stevenhorsman in #2123
• versions: Bump golang-fedora image version by @stevenhorsman in #2136
• podvm_builder: Add s390x gh install support by @stevenhorsman in #2137
• versions: Fix csi-wrapper's base image by @stevenhorsman in #2139
• Misc security related fixes for AWS and Azure by @bpradipt in #2141
• csi-wrapper: azuredisk-csi-driver support by @daniel-weisse in #2122
• podvm: re-arrange service order for sealed secrets by @mkulke in #2143
• SecureComms: Add support for inbound network namespace by @davidhadas in #2048
• SecureComms: Add testing facility for e2e tests by @davidhadas in #2124
• Misc updates to AWS and generic install doc by @bpradipt in #2148
• Docker hub mirror switch by @stevenhorsman in #1900
• podvm: Add --platform option to download-image.sh by @frankbu in #2151
• workflow: Add actionlint workflows by @stevenhorsman in #2146
• e2e: Add sealed secret test by @mkulke in #2147
• workflows: Switch to pin ubuntu runners by @stevenhorsman in #2152
• Enable pod VM image selection via pod annotation by @bpradipt in #2155
• Add support for selecting GPU instance based on Kata pod annotations by @bpradipt in #2132
• ci: install oras specifically for azure e2e tests by @mkulke in #2156
• podvm-mkosi: bump to fedora 40 by @mkulke in #2157
• workflows: enable CodeQL checks by @mythi in #2158
• daemonset: reduce log volume by @mkulke in #2159
• SecComms: Fix flaky tests by @davidhadas in #2154
• Kata 3.11.0 bump by @stevenhorsman in #2162
• optimize process-user-data startup time by @mkulke in #21...

v0.10.0

What's Changed

• e2e-tests: add option to deploy kbs with custom pccs_url by @mkulke in #1968
• podvm:Enable se image build for s390x rhel podvm by @Saripalli-lavanya in #1924
• e2e-test: Remove naming conflicts by @mkulke in #1974
• podnetwork: Support CNI plugins like PTP and GKE by @yoheiueda in #1920
• podvm: support use different pause image when build podvm image by @liudalibj in #1971
• e2e-test: test result from ibm by @liudalibj in #1977
• e2e-tests: remove service naming conflicts by @mkulke in #1978
• e2e-test: assert job condition on job tests by @mkulke in #1969
• e2e-tests: resolve ambiguous service labels by @mkulke in #1980
• initdata: use annotation to provision config files by @huoqifeng in #1912
• aws: image building minor fixes by @snir911 in #1982
• build(deps): bump github.com/docker/docker from 25.0.5+incompatible to 25.0.6+incompatible in /src/cloud-api-adaptor by @dependabot in #1986
• build(deps): bump github.com/docker/docker from 25.0.5+incompatible to 25.0.6+incompatible in /src/cloud-providers by @dependabot in #1984
• initdata: don't fail process-user-data if absent by @mkulke in #1994
• e2e tests: consolidate azure nightly builds by @mkulke in #1993
• policy: symlink default policy to /run/peerpod by @mkulke in #1998
• podvm-mkosi: set IMAGE_NAME instead of cp .git by @mkulke in #1997
• initdata: update doc for digest usage by @huoqifeng in #1991
• initdata: measure initdata digest into rt register by @mkulke in #1999
• test/e2e: docker: Fix KBS test that doesn't compile by @stevenhorsman in #2000
• 0.9.0 post release updates by @stevenhorsman in #2001
• ibmcloud: Use ibm-cloud.kubernetes.io/subnet-id to look up VPC details by @squarti in #2010
• ibmcloud: Fix arch suport for selectImage by @skaegi in #1995
• cloud-api-adaptor: Update Secure-Comms readme file by @davidhadas in #2013
• Minor cloud-api-adaptor logging enhancements by @EmmEff in #2011
• Explicitly set proxy dialer timeout by @EmmEff in #2007
• Adding initial support for GCP by @beraldoleal in #1926
• cloud-api-adaptor: SecureComms fix panic for closing chan twice by @davidhadas in #2014
• Support EKS CNI plugin by @yoheiueda in #1983
• Install iptables in cloud-api-adaptor daemonset by @yoheiueda in #2016
• initdata: migrate key release test cases to initdata by @huoqifeng in #2006
• ibmcloud: Fix slow VM startup by @squarti in #2022
• Podvm image caching kata agent by @stevenhorsman in #2026
• docs: redirect users to use make targets on builds by @beraldoleal in #1990
• IBMCloud-Powervs docs and pre-req update by @Vaibhav-Nazare in #1942
• podvm: Fix a build break of fedora-binaries-builder by @yoheiueda in #2029
• podnetwork: Disable connection tracking of VXLAN UDP packets by @yoheiueda in #2023
• Peerpodconfig removal by @bpradipt in #2027
• golang-image: Update to 1.22.7 by @bpradipt in #2031
• Fix script_dir in import.sh by @squarti in #2020
• Kata 3.8.0 versions bump by @stevenhorsman in #2017
• golang: upgrade to 1.22.7 by @bpradipt in #2030
• Podvm builder version removal by @stevenhorsman in #2008
• libvirt: support aarch64 arch VM by @xutao323 in #2037
• ci: Update azure podvm image build to use oras by @mkulke in #2039
• workflows: Increase libvirt e2e test timeout by @stevenhorsman in #2040
• Libvirt install latest update and post-release update part II by @stevenhorsman in #2004
• test/e2e: fixes and improvements to AWS by @wainersm in #1975
• Docker: podvm image: remove systemd tmpfiles setup delete by @stevenhorsman in #2043
• gh: add CODEOWNERS by @mythi in #2034
• ci: set initdata in remote-attestation test by @mkulke in #2042
• test/e2e: Skip nginx deployment test by @stevenhorsman in #2047
• .github: dependabot: Check github actions by @stevenhorsman in #2049
• tests/e2e: Add auth registry libvirt tests by @stevenhorsman in #1932
• build(deps): bump tim-actions/commit-message-checker-with-regex from 0.3.1 to 0.3.2 by @dependabot in #2053
• build(deps): bump docker/setup-qemu-action from 2 to 3 by @dependabot in #2050
• podvm: Update hardcoded value for oras on podvm-builder by @ajaypvictor in #2060
• azure: implicit nic creation + public ip support by @mkulke in #2056
• workflow/libvirt: improve debug step post-failure by @wainersm in #2063
• Webhook changes by @bpradipt in #2062
• versions: Bump components to match kata 3.9.0 by @stevenhorsman in #2036
• 0.10.0 pre release version updates by @stevenhorsman in #2071
• 0.10.0 release tasks by @stevenhorsman in #2079

New Contributors

• @squarti made their first contribution in #2010
• @skaegi made their first contribution in #1995
• @Vaibhav-Nazare made their first contribution in #1942
• @xutao323 made their first contribution in #2037
• @mythi made their first contribution in #2034
• @ajaypvictor made their first contribution in #2060

Full Changelog: v0.9.0...v0.10.0

v0.10.0-alpha.1

release: Update go modules for v.0.10.0 pre-release

We are working on the `v0.10.0` pre-release, so bump
the go modules to use the new tag we will create once they are merged.

Signed-off-by: stevenhorsman <steven@uk.ibm.com>

v0.9.0

What's Changed

• podvm-mkosi: build and push images with s390x runner in workflow by @genjuro214 in #1788
• Release process: small changes by @beraldoleal in #1802
• Bump google.golang.org/protobuf 1.33 by @stevenhorsman in #1805
• Add load cloud providers as runtime plugins feature to CAA and Peerpod-ctrl by @liudalibj in #1706
• test/e2e: update assessment_runner.go by @chathuryaadapa in #1808
• Docs/libvirt: small improvements by @beraldoleal in #1803
• peerpodconfig-ctrl: Handle updating the CAA DS spec by @bpradipt in #1814
• 0.8.2 post release tasks by @stevenhorsman in #1813
• Resolve kustomize warnings by @ldoktor in #1752
• Revert "Revert 1789 and 1796" by @kartikjoshi21 in #1815
• provisioner: Add support to fetch kbs nodeport service ip by @kartikjoshi21 in #1812
• podvm-mkosi: build s390x fedora image with SE enabled by @genjuro214 in #1818
• README: add CI badge for azure by @kartikjoshi21 in #1817
• Docker provider by @bpradipt in #1743
• ci: add yq shim for v3/v4 support by @mkulke in #1819
• podvm-mkosi: sshd failed for s390x fedora image by @genjuro214 in #1820
• podvm: podvm_binaries - Revert s390x breakage by @stevenhorsman in #1823
• Provisioner: Add kbs provisioning steps in CI by @kartikjoshi21 in #1684
• libvirt: update script to config libvirt on RHEL. by @wyuany in #1822
• libvirt: Fix config_libvirt to not exit by @stevenhorsman in #1826
• versions: Update version file with new nodeport changes by @kartikjoshi21 in #1827
• azure-e2e-test: Add test for key release in kbs by @kartikjoshi21 in #1735
• libvirt: fix default IP logic by @beraldoleal in #1806
• Cloud-Api-Adaptor: PP Secure Comms by @davidhadas in #1776
• security: bump golang 1.21.10 to fix GO-2024-2824 by @huoqifeng in #1836
• workflows: e2e: Add the CAA image setup by @stevenhorsman in #1828
• libvirt: e2e test for attestation for sample tee by @huoqifeng in #1824
• libvirt: Bump Kubernetes version by @stevenhorsman in #1834
• test/e2e: Skip unstable libvirt test by @stevenhorsman in #1838
• libvirt: use AA_KBC=cc_kbc as default for peerpod binaries by @huoqifeng in #1841
• libvirt: enable e2e test for attestation case in gha by @huoqifeng in #1840
• Switch to use kata-containers main branch by @stevenhorsman in #1754
• podvm: rhel: Qemu plugin build for s390x by @Saripalli-lavanya in #1830
• mkosi-podvm: Add debug variant tweaks by @mkulke in #1849
• gpu: install kernel-modules on rhel by @snir911 in #1851
• versions: Bump Golang to 1.21.11 by @stevenhorsman in #1857
• podvm: launch guest-components as systemd units by @mkulke in #1858
• fedora: bump fedora to version 39 by @huoqifeng in #1859
• fedora: add dnf and openssh-clients for debug by @huoqifeng in #1862
• versions: Bump fedora base image versions by @stevenhorsman in #1860
• test/e2e: Skip all libvirt env tests by @stevenhorsman in #1861
• versions: Bump golang-fedora image version by @stevenhorsman in #1864
• guest-components: Bump guest-components dependency by @mkulke in #1865
• Kata agent config cleanup by @stevenhorsman in #1856
• Kcli version pinning by @stevenhorsman in #1866
• ibmse: bump guest components commit to support se-attester by @huoqifeng in #1873
• versions: Update the kata versions to 3.6.0 by @stevenhorsman in #1872
• podvm: Remove OPA from build by @stevenhorsman in #1869
• doc: update s390x mkosi build doc by @huoqifeng in #1877
• ci: fix azure image build by @mkulke in #1867
• 1879: fix LegacyKeyValueFormat warnings when build docker images by @liudalibj in #1880
• azure: enable azure e2e test on tdx machines by @kartikjoshi21 in #1837
• attestation-agent-config: generate attestation-agent config when createVM instance by @huoqifeng in #1868
• azure: set northeurope as default replication loc by @mkulke in #1883
• forwarder: remove aa_kbc_params from daemon.jsom by @mkulke in #1884
• doc: Remove references to CCv0 by @stevenhorsman in #1885
• Enable support for embedding custom pause image from authenticated registry in the pod VM image by @bpradipt in #1887
• config_libvirt.sh: detect also rhel-like distros by @esposem in #1888
• doc: Release process by @stevenhorsman in #1871
• release: Pick operator release in install by @stevenhorsman in #1889
• mkosi-podvm: Remove NetworkManager from s390x fedora image by @yoheiueda in #1894
• release: Update go modules for pre-release by @stevenhorsman in #1892
• Fixes vulnerabilities identified via dependabot by @bpradipt in #1897
• versions: Bump to golang 1.21.12 by @stevenhorsman in #1901
• v0.9.0-alpha1 release by @stevenhorsman in #1904
• Post release updates by @stevenhorsman in #1905
• Add e2e tests for docker by @bpradipt in #1845
• ci: delete dangling vms in azure e2e test by @mkulke in #1902
• azure: Delete network interface synchronously by @kartikjoshi21 in #1854
• libvirt: Bump to kcli 99.0.202407031308 by @yoheiueda in #1908
• podvm: bump RHEL version to 9.4 by @snir911 in #1906
• test/e2e: libvirt: Add policy tests by @stevenhorsman in #1876
• ibmcloud: revise ibmcloud README by @genjuro214 in #1914
• docker: Switch to fedora and mkosi based binaries by @bpradipt in #1916
• build: Fix ...