README:
- Status line bumped from v0.3.0 to v0.3.1 with the actually-validated
framing (K8s Ready under QEMU virt+HVF, CoreDNS + local-path +
nginx all Running) and a link to CHANGELOG.md for full notes.
- Roadmap: Phase 7 (generic ARM64) flipped to "Complete (v0.3.1, K8s
Ready under QEMU virt+HVF)". OCI cosign verification, LABEL=KSOLODATA
on ARM64, and real-hardware ARM64 validation move from "Planned for
v0.3.1" to "Planned for v0.3.2" — they didn't make this release.
CHANGELOG:
- New "[Unreleased]" section covering the four post-v0.3.1 CI / repo
housekeeping commits: drop tag trigger on build-arm64.yaml (04a5cd2),
gitignore .env/credentials (48267e1), fix gated x86 job staying
"queued" instead of "skipped" (fb24e64), and paths-ignore on
build-arm64.yaml so workflow/docs-only commits skip the 60-minute
kernel rebuild (e1b8a69).
No runtime changes.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
VERSION 0.3.0 -> 0.3.1. Append CHANGELOG entry covering the eight fix
commits since v0.3.0 (dual-glibc, nft binary, NF_TABLES_IPV4 family,
NFT_NUMGEN expressions, modules.list parser, banner+motd, port 8080
hostfwd, and the release.yaml workflow rewrite).
End-to-end validated on Apple Silicon Mac under QEMU virt + HVF:
- kubectl get nodes -> kubesolo-XXXXXX Ready
- kube-system/coredns 1/1 Running
- local-path-storage/local-path-prov 1/1 Running
- default/nginx-test (user workload) 1/1 Running (pulled+started 11s)
Tagging this release is also the first real exercise of the rewritten
release.yaml workflow. If it works as designed, the v0.3.1 release page
should populate automatically with: x86 ISO + .img.xz, ARM64 .arm64.img.xz,
Go binaries (cloudinit + update, amd64 + arm64), and SHA256SUMS.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Promote VERSION from 0.3.0-dev to 0.3.0. Finalise CHANGELOG entry with
phases 5-8 work (state machine + metrics, channels + maintenance windows,
OCI multi-arch distribution, pre-flight gates + deeper healthcheck +
auto-rollback). Refresh README quick-start to show both x86_64 and generic
ARM64 paths; update the roadmap status table to mark all v0.3 phases
complete and explicitly track the v0.3.1 follow-ups (OCI cosign,
LABEL=KSOLODATA on ARM64, real-hardware validation).
Add docs/release-notes-0.3.0.md as the operator-facing summary, including a
v0.2.x -> v0.3.0 migration section (non-breaking on live systems) and the
known-limitations list copied from CHANGELOG.
All tests green: cloud-init module, all 10 update-module packages,
shellcheck across init / build / test / hack scripts under the v0.3
severity policy.
Tagging is intentionally NOT done from this commit — that's a manual step
so the operator can decide when v0.3.0 is final. After tagging:
git tag -a v0.3.0 -m "KubeSolo OS v0.3.0"
git push origin v0.3.0
The push triggers .gitea/workflows/build-arm64.yaml which runs the full
ARM64 build on the Odroid runner.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Phase 4 of v0.3 — KubeSolo version bump and CI gating.
KubeSolo v1.1.0 → v1.1.5 brings:
- New flag --disable-ipv6 (v1.1.5)
- New flag --db-wal-repair (v1.1.5) — important for power-loss resilience
on edge appliances; surfaced as kubesolo.db-wal-repair in cloud-init
- New flag --full (v1.1.4) — disables edge-optimised k8s overrides
- Pod egress connectivity fix after reboot (v1.1.4)
- Registry config persistence fix (v1.1.5)
- k8s 1.34.7, CoreDNS 1.14.3, Go 1.26.2
All three new flags wired into cloud-init: config.go fields, kubesolo.go
extra-flag emission, full-config.yaml example.
Supply-chain hygiene:
- Per-arch checksums: KUBESOLO_SHA256_AMD64 and KUBESOLO_SHA256_ARM64 in
versions.env. Replaces the single shared KUBESOLO_SHA256 that couldn't
meaningfully verify both binaries at once.
- Checksum now applied to the tarball (the immutable upstream artifact)
rather than the post-extract binary.
CI:
- New .gitea/workflows/build-arm64.yaml routes the full kernel + rootfs +
disk-image build to the Odroid arm64-linux runner. Triggers on push to
main, tags, and manual workflow_dispatch. The boot smoke test is
continue-on-error because KubeSolo's first-boot image import deadline
fires under QEMU TCG on the Odroid.
VERSION bumped to 0.3.0-dev. CHANGELOG entry under [0.3.0-dev] captures all
Phase 1-4 work + the known limitations documented in arm64-status.md.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Includes cloud-init full flag support, security hardening, AppArmor,
and ARM64 Raspberry Pi support.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add missing flags (--local-storage-shared-path, --debug, --pprof-server,
--portainer-edge-id, --portainer-edge-key, --portainer-edge-async) so all
10 documented KubeSolo parameters can be configured via cloud-init YAML.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
README.md rewritten to reflect all 5 design-doc phases complete with
sections for custom kernel, cloud-init, atomic updates, monitoring,
full make targets table, and documentation links.
CHANGELOG.md created with detailed v0.1.0 release notes covering
all features across all phases.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
