# Changelog All notable changes to KubeSolo OS are documented in this file. Format based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), versioning follows [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [0.2.0] - 2026-02-12 ### Added - Cloud-init: support all documented KubeSolo CLI flags (`--local-storage-shared-path`, `--debug`, `--pprof-server`, `--portainer-edge-id`, `--portainer-edge-key`, `--portainer-edge-async`) - Cloud-init: `full-config.yaml` example showing all supported parameters - Cloud-init: KubeSolo configuration reference table in docs/cloud-init.md - Security hardening: mount hardening, sysctl, kernel module lock, AppArmor profiles - ARM64 Raspberry Pi support with A/B boot via tryboot - BootEnv abstraction for GRUB and RPi boot environments - Go 1.25.5 installed on host for native builds ## [0.1.0] - 2026-02-12 First release with all 5 design-doc phases complete. ISO boots and runs K8s pods. ### Added #### Custom Kernel - Custom kernel build (6.18.2-tinycore64) with container-critical configs - Added CONFIG_CGROUP_BPF, CONFIG_DEVTMPFS, CONFIG_DEVTMPFS_MOUNT, CONFIG_MEMCG, CONFIG_CFS_BANDWIDTH - Stripped unnecessary subsystems (sound, GPU, wireless, Bluetooth, etc.) - Selective kernel module install — only modules.list + transitive deps in initramfs #### Init System (Phase 1) - POSIX sh init system with staged boot (00-early-mount through 90-kubesolo) - switch_root from initramfs to SquashFS root - Persistent data partition mount with bind-mounts for K8s state - Kernel module loading, sysctl tuning, network, hostname, NTP - Emergency shell fallback on boot failure - Device node creation via mknod fallback from sysfs #### Cloud-Init (Phase 2) - Go-based cloud-init parser (~2.7 MB static binary) - Network configuration: DHCP and static IP modes - Hostname and machine-id generation - KubeSolo configuration (node-name, extra flags) - Portainer Edge Agent integration via K8s manifest injection - Persistent config saved to /mnt/data/ for next-boot fast path - 22 Go tests #### A/B Atomic Updates (Phase 3) - 4-partition GPT disk image: EFI + System A + System B + Data - GRUB 2 bootloader with A/B slot selection and boot counter rollback - Go update agent (~6.0 MB static binary) with check, apply, activate, rollback commands - Health check: containerd + K8s API + node Ready verification - Update server protocol: HTTP serving latest.json + image files - K8s CronJob for automated update checks (every 6 hours) - Zero external Go dependencies — uses kubectl/ctr exec commands #### Production Hardening (Phase 4) - Ed25519 image signing with pure Go stdlib (zero external deps) - Key generation, signing, and verification CLI commands - Portainer Edge Agent deployment via cloud-init - SSH extension injection for debugging (hack/inject-ssh.sh) - Boot time and resource usage benchmarks - Deployment guide documentation #### Distribution & Fleet Management (Phase 5) - Gitea Actions CI/CD (test + build + shellcheck on push, release on tags) - OCI container image packaging (scratch-based) - Prometheus metrics endpoint (zero-dependency text exposition format) - USB provisioning script with cloud-init injection - ARM64 cross-compilation support #### Build System - Makefile with full build orchestration - Dockerized reproducible builds (build/Dockerfile.builder) - Component fetching with version pinning - ISO and raw disk image creation - Fast rebuild path (`make quick`) #### Documentation - Architecture design document - Boot flow reference - A/B update flow reference - Cloud-init configuration reference - Deployment and operations guide ### Fixed - Replaced `grep -oP` with POSIX-safe `sed` in functions.sh (BusyBox compatibility) - Replaced `grep -qiE` with `grep -qi -e` pattern (POSIX compliance) - Fixed KVM flag handling in dev-vm.sh (bash array context) - Added iptables table pre-initialization before kube-proxy start (nf_tables issue) - Added /dev/kmsg and /etc/machine-id creation for kubelet - Added CA certificates bundle to initramfs (containerd TLS verification for Docker Hub) - Added DNS fallback (10.0.2.3 + 8.8.8.8) when DHCP client doesn't populate resolv.conf - Added headless Service to Portainer Edge Agent manifest (agent peer discovery DNS) - Added kubesolo.edge_id/edge_key kernel boot parameters for Portainer Edge - Added auto-format of unformatted data disks on first boot - Rewrote dev-vm.sh for macOS: bsdtar ISO extraction, Homebrew mkfs.ext4 detection, direct kernel boot, TCG acceleration, port 8080 forwarding - Kubeconfig now served via HTTP on port 8080 (serial console truncates base64 lines) - Added 127.0.0.1 and 10.0.2.15 to API server SANs for QEMU port forwarding - dev-vm.sh now works on Linux: fallback ISO extraction via isoinfo or loop mount, KVM auto-detection, platform-aware error messages