New:
- The provisioner now supports high-availability deployments: with multiple replicas, one is elected leader and standbys take over automatically on failover.
- Uninstalling the Helm release now scales the VM pool down to zero before deletion, so runner VMs are cleaned up automatically.
- Runner logs are now forwarded to each VM’s serial console, making runner output visible through the virtualization layer for troubleshooting.
- AWS EKS now supports nested virtualization, and runner-provisioner has been validated against it. Bare metal nodes are no longer required to run runner VMs.
Improvements:
- Pool VMs now install the
circleci-runnerpackages from a bundled containerDisk image at boot instead of fetching from packagecloud each time. This speeds up boots once the image is cached and enables air-gapped clusters, since the bundle can be rehosted on an internal registry. Configurable viarunnerBundle.image; enabled by default. - Provisioned VMs now default to masquerade networking.
- The container image pull policy now defaults to
Always. imagePullSecretsis no longer set by default on the provisioner deployment.
Dependency updates: routine dependency and security bumps, including a moderate-severity HTTP/3 fix in quic-go (CVE-2026-40898).