Container-Optimized OS Release Notes: Milestone 81

This is LTS Refresh Release.

Updated docker to v19.03.15.

Updated containerd to v1.3.10.

Updated the Linux kernel to v4.19.197.

This is LTS Refresh Release.

Fixed an authentication error when using go-dbus to connect systemd.

Updated the Linux kernel to v4.19.188.

Updated the built-in kubectl/kubelet to 1.17.17.

Upgraded tar to 1.34.

Fixed an out-of-bounds write issue in the Linux kernel.

Fixed an issue where firewall initialization would fail because ip6tables was not waiting to claim the xtables lock.

Fixed 32x truesize under-estimation for tiny skbs in the Linux kernel.

This is LTS Refresh Release.

Updated the Linux kernel to upstream/v4.19.167.

Updated Docker to v19.03.14.

Updated containerd to v1.3.9.

Updated the built-in kubectl/kubelet to v1.17.15.

Created /var/lib/chrony for chrony to work accurately.

Updated the Linux kernel to v4.19.150.

Added PPP loadable modules back, which were removed in cos-81-12871-1185-0.

Moved Docker's "registry-mirrors" configuration to the dockerd command line to address Kubernetes cluster provisioning errors.

Fixed an issue in containerd that can cause the Kubelet on master VMs to fail to restart containers in static pods.

Fixed an issue in containerd that can cause the Kubelet on master VMs to fail to restart containers in static pods.

Moved the configuration of Docker's "registry-mirrors" option from the dockerd command line to /etc/docker/daemon.json. This should allow users to configure a custom registry mirror, which can be useful when responding to recent Docker Hub free tier changes.

Reverted the change that enforcing kernel modules must be signed.

Removed cos-extensions utility. Users should use cos-gpu-installer to install GPU drivers on COS milestone 81.

Enabled utmp in systemd to allow creation of utmp files.

Upgraded default GPU driver version to 450.51.06.

Added the cos-extensions-manager package. Click here to learn more about cos-extensions.

Updated docker-credential-gcr to v2.0.2.

Removed the metrics daemon to address an issue where it would periodically cause CPU usage spikes in some cases.

Changed kernel command line to enforce kernel module must be signed.

Updated node problem detector to 0.8.1

Added rsync back into the image, which was removed in cos-dev-77-12293-0-0.

Mount /var/lib/containerd with exec option.

Enabled support for Confidential VMs.

Made dioread_nolock non-default.

Updated the built-in kubectl/kubelet to v1.17.6 to fix a bug that could result in the inability to start a cluster.

Added package sys-apps/acl.

Fixed a kernel bug where eBPF programs can cause softlockups.

Disabled `accept_ra` on all interfaces by default.

Upgraded the Linux kernel to v4.19.112.

Backported systemd patch ba0d56f55 to address an issue that resulted in leaked mount units.

Upgraded dev-db/sqlite to 3.31.1.

Moved kernel repository to cos.googlesource.com/third_party/kernel.

Backported necessary ext4 patches and made dioread_nolock default.

Added support for new Google Compute Engine virtual network interface (GVNIC).

Added support for AMD's Secure Encrypted Virtualization.

Added support to implement SCSI devices in user space.

Added support for snapshotting any block device without massive copying.

Enhanced security by reducing the predictability of the kernel slab allocator against heap overflows and providing a lightweight support for detecting buffer overflow.

Added chrony package for time synchronization.

Disabled multicast protocol LLMNR and MDNS by default.

Upgraded docker to v19.03.6.

Upgraded containerd to v1.3.2.

Upgraded runc to v1.0.0.

Upgraded docker-credential-gcr to v2.0.0.

Upgraded the built-in kubectl/kubelet to v1.17.3.

Upgraded node-problem-detector to v0.8.0.

Upgraded cos-toolbox to 20191218-00.

Upgraded openssl to 1.0.2u.

Upgraded oslogin to v20190315.

Upgraded compute-image-packages to v20190801.

Changed the MTU of the default docker network to 1460 to make it consistent with Google Compute Engine's default MTU value.

Fixed a regression that blocks user-level statically defined tracking probes (requires a semaphore) to work.