docs: update README for all phases complete, add CHANGELOG

README.md rewritten to reflect all 5 design-doc phases complete with
sections for custom kernel, cloud-init, atomic updates, monitoring,
full make targets table, and documentation links.

CHANGELOG.md created with detailed v0.1.0 release notes covering
all features across all phases.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

CHANGELOG.md

@@ -0,0 +1,80 @@
+# Changelog
+
+All notable changes to KubeSolo OS are documented in this file.
+
+Format based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+versioning follows [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [0.1.0] - 2026-02-12
+
+First release with all 5 design-doc phases complete. ISO boots and runs K8s pods.
+
+### Added
+
+#### Custom Kernel
+- Custom kernel build (6.18.2-tinycore64) with container-critical configs
+- Added CONFIG_CGROUP_BPF, CONFIG_DEVTMPFS, CONFIG_DEVTMPFS_MOUNT, CONFIG_MEMCG, CONFIG_CFS_BANDWIDTH
+- Stripped unnecessary subsystems (sound, GPU, wireless, Bluetooth, etc.)
+- Selective kernel module install — only modules.list + transitive deps in initramfs
+
+#### Init System (Phase 1)
+- POSIX sh init system with staged boot (00-early-mount through 90-kubesolo)
+- switch_root from initramfs to SquashFS root
+- Persistent data partition mount with bind-mounts for K8s state
+- Kernel module loading, sysctl tuning, network, hostname, NTP
+- Emergency shell fallback on boot failure
+- Device node creation via mknod fallback from sysfs
+
+#### Cloud-Init (Phase 2)
+- Go-based cloud-init parser (~2.7 MB static binary)
+- Network configuration: DHCP and static IP modes
+- Hostname and machine-id generation
+- KubeSolo configuration (node-name, extra flags)
+- Portainer Edge Agent integration via K8s manifest injection
+- Persistent config saved to /mnt/data/ for next-boot fast path
+- 22 Go tests
+
+#### A/B Atomic Updates (Phase 3)
+- 4-partition GPT disk image: EFI + System A + System B + Data
+- GRUB 2 bootloader with A/B slot selection and boot counter rollback
+- Go update agent (~6.0 MB static binary) with check, apply, activate, rollback commands
+- Health check: containerd + K8s API + node Ready verification
+- Update server protocol: HTTP serving latest.json + image files
+- K8s CronJob for automated update checks (every 6 hours)
+- Zero external Go dependencies — uses kubectl/ctr exec commands
+
+#### Production Hardening (Phase 4)
+- Ed25519 image signing with pure Go stdlib (zero external deps)
+- Key generation, signing, and verification CLI commands
+- Portainer Edge Agent deployment via cloud-init
+- SSH extension injection for debugging (hack/inject-ssh.sh)
+- Boot time and resource usage benchmarks
+- Deployment guide documentation
+
+#### Distribution & Fleet Management (Phase 5)
+- Gitea Actions CI/CD (test + build + shellcheck on push, release on tags)
+- OCI container image packaging (scratch-based)
+- Prometheus metrics endpoint (zero-dependency text exposition format)
+- USB provisioning script with cloud-init injection
+- ARM64 cross-compilation support
+
+#### Build System
+- Makefile with full build orchestration
+- Dockerized reproducible builds (build/Dockerfile.builder)
+- Component fetching with version pinning
+- ISO and raw disk image creation
+- Fast rebuild path (`make quick`)
+
+#### Documentation
+- Architecture design document
+- Boot flow reference
+- A/B update flow reference
+- Cloud-init configuration reference
+- Deployment and operations guide
+
+### Fixed
+- Replaced `grep -oP` with POSIX-safe `sed` in functions.sh (BusyBox compatibility)
+- Replaced `grep -qiE` with `grep -qi -e` pattern (POSIX compliance)
+- Fixed KVM flag handling in dev-vm.sh (bash array context)
+- Added iptables table pre-initialization before kube-proxy start (nf_tables issue)
+- Added /dev/kmsg and /etc/machine-id creation for kubelet