Releases: containerd/containerd
containerd 1.7.3
Welcome to the v1.7.3 release of containerd!
The third patch release for containerd 1.7 contains various fixes and updates.
Notable Updates
- RunC: Update runc binary to v1.1.8 (#8843)
- CRI: Fix additionalGids: it should fallback to imageConfig.User when securityContext.RunAsUser,RunAsUsername are empty (#8824)
- CRI: write generated CNI config atomically (#8825)
- Port-Forward: Correctly handle known errors (#8806)
- Resolve docker.NewResolver race condition (#8799)
- Fix net.ipv4.ping_group_range with userns (#8786)
- Runtime/V2/RunC: handle early exits w/o big locks (#8712)
- SecComp: always allow name_to_handle_at (#8753)
- CRI: Windows Pod Stats: Add a check to skip stats for containers that are not running (#8654)
- Task: don't
close()
io beforecancel()
(#8658) - Remove CNI conf_template deprecation (#8638)
- Fix issue for HPC pod metrics (#8634)
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
Contributors
- Akihiro Suda
- Phil Estes
- Sebastiaan van Stijn
- Wei Fu
- Derek McGowan
- Kazuyoshi Kato
- Austin Vazquez
- Samuel Karp
- Shingo Omura
- Jin Dong
- Maksym Pavlenko
- Aditi Sharma
- Danny Canter
- James Sturtevant
- Laura Brehm
- Rodrigo Campos
- Akhil Mohan
- Andrey Epifanov
- Bjorn Neergaard
- Cory Snider
- Madhav Jivrajani
- Mahamed Ali
- Priyanka Saggu
- Qasim Sarfraz
- wangxiang
- zounengren
Changes
63 commits
- [release/1.7] Prepare release notes for v1.7.3 (#8871)
4cb2f1515
[release/1.7] Add release notes for v1.7.3
- [release/1.7] cri: memory.memsw.limit_in_bytes: no such file or directory (#8869)
b461ecacf
cri: memory.memsw.limit_in_bytes: no such file or directory
- [release/1.7] migrate to community owned bucket for node e2e tests (#8875)
14328ae03
migrate to community owned bucket
- [release/1.7 backport] update runc binary to v1.1.8 (#8843)
b985f7ef1
update runc binary to v1.1.8
- [release/1.7 backport] [CRI] fix additionalGids: it should fallback to imageConfig.User when securityContext.RunAsUser,RunAsUsername are empty (#8824)
- [release/1.7 backport] cri: write generated CNI config atomically (#8825)
- [release/1.7 backport] Move logrus setup code to log package (#8831)
f7a20e17c
Move logrus setup code to log package
- [release/1.7 backport] Cirrus CI: configure apt-get to wait for locks (#8814)
60a6db9c2
Cirrus CI: configure apt-get to wait for locks
- [release/1.7 backport] Update Go to 1.20.6,1.19.11 (#8815)
973778193
Update Go to 1.20.6,1.19.11
- [release/1.7 backport] update go to go1.20.5, go1.19.10 (#8716)
403033e52
update go to go1.20.5, go1.19.10
- [release/1.7 backport] bugfix(port-forward): Correctly handle known errors (#8806)
6b6b0c828
bugfix(port-forward): Correctly handle known errors
- [release/1.7] Resolve docker.NewResolver race condition (#8799)
- [release/1.7] Fix net.ipv4.ping_group_range with userns (#8786)
- [release/1.7 backport] vendor: github.com/containerd/zfs v1.1.0 (#8782)
d5639a5a8
vendor: github.com/containerd/zfs v1.1.0
- [release/1.7 backport] ci: remove libseccomp-dev installation for nightly (#8772)
15d65709e
ci: remove libseccomp-dev installation for nightly
- [release/1.7] go.mod: Update cgroups to 3.0.2 (#8769)
a08ae718c
[release/1.7] go.mod: Update cgroups to 3.0.2
- [release/1.7 backport] runtime/v2/runc: handle early exits w/o big locks (#8712)
18c6503d9
runtime/v2/runc: handle early exits w/o big locks
- [release/1.7 backport] integration/client: add timeout to
TestShimOOMScore
(#8750)3bf3996d9
integration/client: add timeout toTestShimOOMScore
- [release/1.7 backport] Update ginkgo to match cri-tools' version (#8760)
c2c54af9d
Update ginkgo to match cri-tools' version
- [release/1.7 backport] seccomp: always allow name_to_handle_at (#8753)
6281d46df
seccomp: always allow name_to_handle_at
- [release/1.7] Pinned image support (#8718)
699d6701a
Pinned image support
- [release/1.7] cherry-pick: No more nondistributable layers in MS registry (#8690)
dafbeb5b1
No more nondistributable layers in MS registry
- [release/1.7] [cri] Windows Pod Stats: Add a check to skip stats for containers that are not running (#8654)
- [
58b6b99cd
](https://github.com...
- [
containerd 1.6.22
Welcome to the v1.6.22 release of containerd!
The twenty-second patch release for containerd 1.6 contains various fixes and updates.
Notable Updates
- RunC: Update runc binary to v1.1.8 (#8842)
- CRI: Fix additionalGids: it should fallback to imageConfig.User when securityContext.RunAsUser,RunAsUsername are empty (#8823)
- CRI: Write generated CNI config atomically (#8826)
- Fix concurrent writes for
UpdateContainerStats
(#8819) - Make checkContainerTimestamps less strict on Windows (#8827)
- Port-Forward: Correctly handle known errors (#8805)
- Resolve docker.NewResolver race condition (#8800)
- SecComp: Always allow
name_to_handle_at
(#8754) - Adding support to run hcsshim from local clone (#8713)
- Pinned image support (#8720)
- Runtime/V2/RunC: Handle early exits w/o big locks (#8695)
- CRITool: Move up to CRI-TOOLS v1.27.0 (#7997)
- Fix cpu architecture detection issue on emulated ARM platform (#8533)
- Task: Don't
close()
io beforecancel()
(#8659) - Fix panic when remote differ returns empty result (#8640)
- Plugins: Notify readiness when registered plugins are ready (#8583)
- Unwrap io errors in server connection receive error handling (ttrpc#143)
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
Contributors
- Akihiro Suda
- Phil Estes
- Sebastiaan van Stijn
- Derek McGowan
- Wei Fu
- Kazuyoshi Kato
- Austin Vazquez
- Samuel Karp
- dependabot[bot]
- Jin Dong
- Maksym Pavlenko
- Mike Brown
- Shingo Omura
- Akhil Mohan
- Bjorn Neergaard
- Laura Brehm
- Tony Fang
- Aditi Sharma
- Andrey Epifanov
- Benjamin Wang
- Brian Goff
- Cory Snider
- Daniel Canter
- Daniel Lenar
- Henry Wang
- Luca Comellini
- Madhav Jivrajani
- Mahamed Ali
- Mohit Sharma
- Oliver Radwell
- Priyanka Saggu
- Qasim Sarfraz
- Takumasa Sakao
- wangxiang
- zounengren
Changes
95 commits
- [release/1.6] Prepare release notes for v1.6.22 (#8863)
0770a4601
[release/1.6] Add release notes for v1.6.22
- [release/1.6] migrate to community owned bucket for node e2e tests (#8876)
512a672af
migrate to community owned bucket
- [release/1.6] cri: memory.memsw.limit_in_bytes: no such file or directory (#8870)
b585ff155
cri: memory.memsw.limit_in_bytes: no such file or directory
- [release/1.6] Update go-restful to v3.10.1 (#8412)
a322077bf
go.mod: github.com/emicklei/go-restful/v3 v3.10.1
- [release/1.6 backport] update runc binary to v1.1.8 (#8842)
b3ac068eb
update runc binary to v1.1.8
- [release/1.6 backport] ci: remove libseccomp-dev installation for nightly (#8773)
6e2bcb6dd
ci: remove libseccomp-dev installation for nightly
- [release/1.6 backport] [CRI] fix additionalGids: it should fallback to imageConfig.User when securityContext.RunAsUser,RunAsUsername are empty (#8823)
- [release/1.6 backport] cri: write generated CNI config atomically (#8826)
- [release/1.6 backport] Fix concurrent writes for UpdateContainerStats (#8819)
9f650143f
Fix concurrent writes for UpdateContainerStats
- [release/1.6 backport] Make checkContainerTimestamps less strict on Windows (#8827)
568ce91ca
Make checkContainerTimestamps less strict on Windows
- [release/1.6 backport] dependency: bump go.etcd.io/bbolt to v1.3.7 (#8817)
- [release/1.6 backport] Move logrus setup code to log package (#8832)
7fbd5dc89
Move logrus setup code to log package
- [release/1.6 backport] release: Add "cri-containerd.DEPRECATED.txt" in the deprecated cri-containerd-* bundles (#8820)
59a143670
release: Add "cri-containerd.DEPRECATED.txt" in the deprecated cri-containerd-* bundles
- [release/1.6 backport] Use version 2 configuration format in docs (#8821)
- [release/1.6] update go to go1.19.11 (#8816)
81aa14718
[release/1.6] update go to go1.19.11
- [release/1.6] update go to go1.19.10 (#8715)
17cd86629
[release/1.6] update go to go1.19.10
- [release/1.6 backport] bugfix(port-forward): Correctly handle known errors (#8805)
fdb65f214
bugfix(port-forward): Correctly handle known errors
- [release/1.6] Resolve docker.NewResolver race condition (#8800)
- [release/1.6 backport] vendor: github.com/containerd/zfs v1.1.0 (#8781)
be6406ca6
vendor: github.com/containerd/zfs v1.1.0- [
9f1260074
](https://github.com/containerd/conta...
containerd 1.7.2
Welcome to the v1.7.2 release of containerd!
The second patch release for containerd 1.7 includes enhancements to CRI sandbox mode,
Windows snapshot mounting support, and CRI and container IO bug fixes.
CRI/Sandbox Updates
Other Notable Updates
- Mount snapshots on Windows (#8616)
- Notify readiness when registered plugins are ready (#8584)
- Fix cio.Cancel() should close pipes (#8624)
- CDI: Use CRI Config.CDIDevices field for CDI injection (#8519)
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
Contributors
- Gabriel Adrian Samfira
- Derek McGowan
- Paul "TBBle" Hampson
- Maksym Pavlenko
- Phil Estes
- Austin Vazquez
- Akihiro Suda
- Kazuyoshi Kato
- Danny Canter
- Samuel Karp
- Sebastiaan van Stijn
- Ed Bartosh
- Henry Wang
- Hsing-Yu (David) Chen
- Jan Dubois
- Mike Brown
- Wei Fu
- helen
Changes
59 commits
- [release/1.7] Prepare release notes for v1.7.2 (#8629)
0e41daaea
[release/1.7] Prepare release notes for v1.7.2
- [1.7 backport] Fix panic when remote differ returns empty result (#8631)
e134b6393
Fix panic when remote differ returns empty result
- [release/1.7 backport] Mount snapshots on Windows (#8616)
313c226b8
Update continuity to a tagged version8dd16285a
UnmountAll is a no-op for missing mount pointsacff3eefa
Improve error messages and remove checkb4dd3bf4e
Make ReadOnly() available on all platforms08d8baf3f
Increase integration test tmieout to 20m1f0dbd011
Remove bind code path in mount()8f37b1c63
Remove "bind" code path from diff9139208b3
Properly mount base layerse61e7b312
Skip parent layer options on bind mountse4307926f
Add ReadOnly() function0277b9b01
Remove escalated privilegesd5c18dfb7
Use DefaultSnapshotter853179366
use t.Fatal if we cannot enable process privileges5b3ee413f
Update continuity375172604
Fix go.mod, simplify boolean logic, add logging600abd137
Ignore ERROR_NOT_FOUND error when removing mountdf7295dcd
Update continuity, go-winio and hcsshim0db78c482
Remove unused function219058766
Grant needed privileges for snapshotter tests96fbe5bc8
Fix layer comparison and enable read-only checks279e0d3c9
Use bind filer for mounts93e94da40
Enable TestSnapshotterClient on Windows3a3da693a
Run Windows snapshotter through the test suitee7b62322f
Fix misspelling of 'Native' as 'Naive'e1f999a18
Add paired 'mount' log for 'unmount'5788d6e52
Don't use all-upper-case filenames in snapshot tests3cdcb2f10
Skip tests that do not apply to WCOW on Windowsb0968b8bb
Ensure mounts are unmounted before leaving the testb57424851
Unify testutil.Unmount on Windows and Unixb9a8aad45
Implement Windows mounting for bind and windows-layer mounts1a64ee183
Implement WCOW parentless active snapshots and view snapshots
- [release/1.7] fix: cio.Cancel() should close the pipes (#8624)
99582fb1a
fix: cio.Cancel() should close the pipes
- [release/1.7 backport] remotes/docker: ResolverOptions: fix deprecation comments (#8621)
eeda70fb0
remotes/docker: ResolverOptions: fix deprecation comments
- [release/1.7] Publish sandbox events (#8613)
- [release/1.7] notify readiness when registered plugins are ready (#8584)
2c38cad77
notify readiness when registered plugins are ready
- [release/1.7] Backport CRI sandbox server stats changes (#8604)
- [release/1.7] Cherry-pick: Update volume-ownership image with latest hashes (#8574)
08de6e7b8
Update volume-ownership image with latest hashes
- [release/1.7] CDI: Use CRI Config.CDIDevices field for CDI injection (#8519)
6a5e54c15
Get CDI devices from CRI Config.CDIDevices field
- [release/1.7 backport] snapshots/testsuite: Rename: fix fuse-overlayfs incompatibility (#8510)
9e60300ea
snapshots/testsuite: Rename: fix fuse-overlayfs incompatibility
#...
containerd 1.7.1
Welcome to the v1.7.1 release of containerd!
The first patch release for containerd 1.7 includes many fixes to CRI
sandbox mode, various other fixes, runc update, and important fixes in
core dependencies such as ttrpc and typeurl.
CRI/Sandbox Updates
- Throw not supported error when UID or GID mappings provided (#8211)
- Cleanup shim on start failure (#8282)
- Fix premature close of CRI service when there are no CNI configuration monitors (#8282)
- Avoid UID lookup from mount on Darwin (#8314)
- Keep Linux mounts for Linux sandboxes on non-Linux hosts (#8331)
- Add
noexec
,nodev
,nosuid
to/etc/resolv.conf
bind mount (#8336) - Remove entry for container from container store on error (#8457)
- Fix unmarshal in container metrics (#8472)
Other Notable Updates
- Use readonly for temporary mounts (#8300 #8358)
- Fix skip docker manifest option on image exporter (#8344)
- Update runc binary to v1.1.7 (#8451)
- Fix runtime path task option (#8453)
- Fix panic from nil checkpoint options (#8475)
- Fix transfer service configuration options (#8491)
- Fix server-side goroutine leak on receive message error (ttrpc#141)
- Fix panic caused by race to close send channel (ttrpc#140)
- Fix unmarshal to return non-nil object when nil value (ttrpc#140)
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
Contributors
- Derek McGowan
- Sebastiaan van Stijn
- Akihiro Suda
- Iceber Gu
- Phil Estes
- Maksym Pavlenko
- Wei Fu
- Danny Canter
- Kirtana Ashok
- Rodrigo Campos
- Samuel Karp
- Vinayak Goyal
- Austin Vazquez
- Justin Chadwell
- Kazuyoshi Kato
- Brad Davidson
- Djordje Lukic
- Ethan Lowman
- Laura Brehm
- Michael Crosby
Changes
68 commits
- [release/1.7] Prepare release notes for v1.7.1 (#8501)
27a0d957b
Prepare release notes for v1.7.1
- [release/1.7] Update ttrpc v1.2.2 (#8499)
7b288e2d7
Update ttrpc to v1.2.2
- [release/1.7] runtime/shim: fix the nil checkpoint options (#8475)
3ef5b689a
runtime/shim: fix the nil checkpoint options
- [release/1.7] bump typeurl to v2.1.1 (#8495)
0e0532eb2
bump typeurl to v2.1.1
- [release/1.7] Transfer service backports (#8491)
- [release/1.7]Update hcsshim tag to v0.10.0-rc.8 (#8480)
aaa65e8c1
Update hcsshim tag to v0.10.0-rc.8
- [release/1.7] cri: Fix umarshal metrics (#8472)
95ef67e19
Fix umarshal metrics for CRI server
- [release/1.7 backport] update go to go1.20.4, go1.19.9 (#8471)
021bba28b
update go to go1.20.4, go1.19.9
- [release/1.7] fix the task setting the runtime path (#8453)
- [release/1.7] Remove entry for container from container store on error (#8457)
6b3ae0129
Remove entry for container from container store on error
- [release/1.7 backport] update runc binary to v1.1.7 (#8451)
fae4b6223
update runc binary to v1.1.7
- [release/1.7] cri: Vendor v0.27.1 (#8444)
571715a9d
cri: Vendor v0.27.1
- [release/1.7 backport] oci: partially restore comment on read-only mounts for uid/gid uses (#8404)
1bbf98e53
oci: partially restore comment on read-only mounts for uid/gid uses
- [release/1.7] Fix argsEscaped tests (#8405)
a6d336c1f
Fix argsEscaped tests
- [release/1.7] Throw an error if the kubelet requests mounts with uid/gid mappings (#8211)
- [release/1.7] go.mod: remove redundant replace, and some cleaning-up (#8396)
- [release/1.7 backport] update runc binary to v1.1.6 (#8386)
dec2595af
update runc binary to v1.1.6
- [release/1.7 backport] oci: Use WithReadonlyTempMount when adding users/groups (#8358)
54d12b872
oci: Use WithReadonlyTempMount when adding users/groups
- [release/1.7 backport] update go to go1.20.3, go1.19.8 (#8354)
624327651
update go to go1.20.3, go1.19.8
- [release/1.7] archive: consistently respect value of WithSkipDockerManifest (#8344)
- [release/1.7] Add noexec nodev and nosuid to sandbox /etc/resolv.conf mount bind. (#8336)
9b4935d86
Update sbserver to add noexec nodev and nosuid to /etc/resolv.conf mount bind.- ...
containerd 1.6.21
Welcome to the v1.6.21 release of containerd!
The twenty-first patch release for containerd 1.6 contains various fixes and updates.
Notable Updates
- **update runc binary to v1.1.7 (#8450)
- **Remove entry for container from container store on error (#8456)
- **oci: partially restore comment on read-only mounts for uid/gid uses (#8403)
- **windows: Add ArgsEscaped support for CRI (#8247)
- **oci: Use WithReadonlyTempMount when adding users/groups (#8357)
- **archive: consistently respect value of WithSkipDockerManifest (#8345)
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
Contributors
- Derek McGowan
- Sebastiaan van Stijn
- Iceber Gu
- Kirtana Ashok
- Justin Chadwell
- Phil Estes
- Akihiro Suda
- Djordje Lukic
- Kazuyoshi Kato
- Mike Brown
- Wei Fu
- kiashok
Changes
26 commits
- [release/1.6] Prepare release notes for v1.6.21 (#8463)
9226c362a
Add release notes for v1.6.21
- [release/1.6] update go to go1.19.9 (#8469)
39566aade
[release/1.6] update go to go1.19.9
- [release/1.6] fix the task setting the runtime path (#8454)
- [release/1.6 backport] update runc binary to v1.1.7 (#8450)
ccb51ff26
update runc binary to v1.1.7
- [release/1.6] Remove entry for container from container store on error (#8456)
95d31551d
Remove entry for container from container store on error
- [release/1.6 backport] oci: partially restore comment on read-only mounts for uid/gid uses (#8403)
c33eb574d
oci: partially restore comment on read-only mounts for uid/gid uses
- [release/1.6 ] Add ArgsEscaped support for CRI (#8247)
- [release/1.6 backport] update runc binary to v1.1.6 (#8385)
57d953482
update runc binary to v1.1.6
- [release/1.6 backport] oci: Use WithReadonlyTempMount when adding users/groups (#8357)
fb5e663d0
oci: Use WithReadonlyTempMount when adding users/groups
- [release/1.6] update go to go1.19.8 (#8353)
26efb8fd5
[release/1.6] update go to go1.19.8
- [release/1.6] archive: consistently respect value of WithSkipDockerManifest (#8345)
Dependency Changes
This release has no dependency changes
Previous release can be found at v1.6.20
containerd 1.6.20
Welcome to the v1.6.20 release of containerd!
The twentieth patch release for containerd 1.6 contains various fixes and updates.
Notable Updates
- Disable looking up usernames and groupnames on host (#8230)
- Add support for Windows ArgsEscaped images (#8273)
- Update hcsshim to v0.9.8 (#8274)
- Fix debug flag in shim (#8288)
- Add
WithReadonlyTempMount
to support readonly temporary mounts (#8299) - Update ttrpc to fix file descriptor leak (#8308)
- Update runc binary to v1.1.5 (#8324)
- Update image config to support ArgsEscaped (#8306)
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
Contributors
- Sebastiaan van Stijn
- Derek McGowan
- Maksym Pavlenko
- Akihiro Suda
- Phil Estes
- Eng Zer Jun
- Justin Terry
- Kazuyoshi Kato
- Wei Fu
- Abirdcfly
- Gabriel Adrian Samfira
- Henry Wang
- Kang.Zhang
- Kirtana Ashok
- Laura Brehm
- Luca Comellini
- Paul "TBBle" Hampson
- liyuxuan.darfux
- ningmingxiao
- wanglei
Changes
48 commits
- [release/1.6] Prepare release notes for v1.6.20 (#8310)
a039a2b9c
Prepare release notes for v1.6.20
- [release/1.6]Updates oci image config to support upstream ArgsEscaped (#8306)
5dd94a7e6
Updates oci image config to support upstream ArgsEscaped
- [release/1.6] update runc binary to v1.1.5 (#8324)
- [release/1.6] Update ttrpc to v1.1.1 (#8308)
50a6be0b4
Update ttrpc to v1.1.1
- [release/1.6 backport] Add
WithReadonlyTempMount
to create readonly temporary mounts (#8299)8cead6594
AddWithReadonlyTempMount
to create readonly temporary mounts
- [release/1.6] Adds support for Windows ArgsEscaped images (#8273)
f0dc0297d
Adds support for Windows ArgsEscaped images
- [release/1.6]go.mod: Bump hcsshim tag to v0.9.8 (#8274)
5981a24e2
Update hcsshim tag to v0.9.8
- [1.6] shim: fix debug flag not working (#8288)
28f1e32e3
shim: fix debug flag not working
- [release/1.6] cherry-pick: Update go-restful to v3 (#8271)
- [release/1.6] Go 1.19.7 (#8238)
86e0bd9e3
Go 1.19.7
- [release/1.6 backport] archive: disable looking up usernames and groupnames on the host (#8230)
063ad2f19
archive: disable looking up usernames and groupnames on the host
- [release/1.6 backport] assorted linting, and golang update-related changes (#8229)
9cbea6fe7
Enable dupword linterc73f1abff
Bump golangci-lint to v1.50.1f198f7724
update golangci-lint to v1.49.0e6179af1e
remove unneeded nolint-comments (nolintlint), disable deprecated linters77160e6b5
[release/1.6] adjust some nolint comments95655f4ce
clean-up "nolint" comments, remove unused ones9f0617ecc
pkg/cri/(server|sbserver): criService.getTLSConfig() add TODO to verify nolinte66397d83
golangci-lint: sort linters in config file682a567e9
linting: address gosec G112/G114627f563e6
chore: remove duplicate word in commentsefb88a8bb
pkg/cri/streaming: increase ReadHeaderTimeout45f055df6
Update protobuf definitions584707524
Run gofmt 1.19f33e38572
Switch to Go 1.19fc10cd23a
remove duplicate7cbb9e746
Update linters to use t.Setenv4347a3265
Use t.Setenv instead of os.Setenv10357eab5
Address some timeout issues in the Windows CI977ce8ef5
Enable gosec linter for golangci-lintc23945c5f
test: remove redundantmountPoint
588ed91d3
test: useT.TempDir
to create temporary test directoryc2ed63c86
Remove hardcoded /tmp in tempfile paths7e382c516
fix Implicit memory aliasing in for loop
Changes from containerd/ttrpc
2 commits
Dependency Changes
- github.com/Microsoft/hcsshim v0.9.7 -> v0.9.8
- github.com/containerd/ttrpc v1.1.0 -> v1.1.1
- github.com/emicklei/go-restful/v3 v3.7.3 new
- github.com/opencontainers/image-spec c5a74bcca799 -> 3a7f492d3f1b
- github.com/opencontainers/runc v1.1.2 -> v1.1.5
Previous release can be found at v1.6.19
containerd 1.7.0
Welcome to the v1.7.0 release of containerd!
The eighth major release of containerd includes new functionality alongside many improvements.
This release is the last major release of containerd 1.x before 2.0.
Some functionality in this release may be considered experimental or unstable, but will become stable or default in 2.0.
This release still adheres to our backwards compatibility guarantees and users who do not use or enable new functionality should use this release with the same stability expectations.
The previous 1.6 release has also become a long term stable release for users who prefer releases with mostly stability improvements and wish to wait a few releases for new functionality.
Highlights
Sandbox API (experimental)
The sandbox API provides a new way of managing containerd's shim, providing more flexibility and functionality for multi-container environments such as Pods and VMs.
This API makes it easier to manage these groups of containers at a higher level and offers new extension points for shim implementations and clients.
Transfer Service (experimental)
- Transfer Service (#7320)
The transfer service provides a simple interface to transfer artifact objects between any source and destination. This allows for
pull and push operations to be done in containerd whether requested from clients or plugins. It is experimental in this release
to allow for further plugin development and integration into existing plugins.
See the Transfer Docs
NRI (experimental)
The Node Resource Interface is a common framework for plugging extensions into OCI-compatible container runtimes. It provides
basic mechanisms for plugins to track the state of containers and to make limited changes to their configuration.
This release introduces NRI v0.3.0 with an updated plugin interface to cover a wide range of use cases.
See the NRI Docs
Platform Support
- Linux containers on FreeBSD (#7000)
Runtime Features
- Add support for CDI device injection (#6654)
- Support for cgroups blockio (#5490)
- Add restart policy for enhanced restart manager (#6744)
gRPC Shim Support (experimental)
- Initial gRPC shim support (#8052)
Adds support for shims to use gRPC in addition to ttrpc. Existing ttrpc shim support is not going
away and will continue to be recommended for the best performance and lowest shim memory overhead.
The gRPC support allows implementation of a wider range of shim implementations which may not
have access to a stable ttrpc library in the implementation language. The shim protocol is also
updated to allow the shims to specify the protocol which is supported.
Road to 2.0
Refactoring
There are multiple places in the code today which are being targeted for refactoring to make long term support easier and to provide more extension points.
The CRI plugin is the most complex containerd plugin with a wide range of functionality. A major effort in this release and before 2.0 involves moving functionality
out of the single CRI plugin into smaller-scoped containerd plugins, such that they can be used and tested independently. The new sandbox and distribution interfaces provide one example of this,
but it also being done for image and network management.
The version of ttrpc has been updated this release to support streaming, allowing existing grpc services to use ttrpc.
Services are being refactored to allow ttrpc implementations, which can be served via shim and accessed using the new sandbox management capability.
- Remove gogoproto.customtype (#6699)
- Remove enumvalue_customname, goproto_enum_prefix and enum_customname (#6708)
- Remove all gogoproto extensions (#6829)
- Migrate off from github.com/gogo/protobuf (#6841)
- ttrpc streaming (ttrpc#107)
- Add unpack interface for client (#6749)
- Add collectible resources to metadata gc (#6804)
- Add version to shim protocol (#8177)
Configuration
Existing CRI configurations will be supported until 2.0.
Any functionality split out of CRI will have their configuration migrated to new plugins.
Deprecated configuration versions and configurations for deprecated features will be removed in 2.0.
Deprecation
The 2.0 release will remove any feature deprecated in 1.x. Features deprecated in this release include.
- Docker Schema 1 Image Deprecation (#6884)
CRI Updates
- Fix CRI plugin to setup pod network after creating the sandbox container (#5904)
- Support image pull progress timeout (#6150)
- Add experimental support for runtime specific snapshotters (#6899)
- Pass all TOML runtime configuration options from CRI to the runtime (#7764)
- Support for user namespaces in stateless pods (KEP-127) (experimental) (#7679)
- Add timeout option for drain exec io (#7832)
- Add network plugin metrics (#7858)
- CRI v1alpha2 is deprecated and will be removed from containerd in containerd v2.0; if you are using the CRI API please move up to CRI v1; Kubernetes supports CRI v1 since Kubernetes 1.23 (#7863)
Other
- Support shallow content copy by adding reader option to local content reader at (#7414)
- Add NoSameOwner option when unpacking tars (#7386)
- Add
FetcherByDigest
for fetching blobs without fetching a manifest (#7460) - Update default seccomp profile to block socket calls to AF_VSOCK (#7510)
- Replace fork on mount logic with CLONE_FS (#7513)
- Add support for default registry host configuration (#7607)
- Use github.com/minio/sha256-simd for more efficient sha256 calculation (#7732)
- Make OCI options cross-platform (#7928)
- Update release builds to build from Ubuntu 20.04 with glibc 2.31 (#8021)
- Use data field from OCI descriptor when provided for fetch (#8076)
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
Contributors
- Derek McGowan
- Kazuyoshi Kato
- Maksym Pavlenko
- Wei Fu
- Phil Estes
- Akihiro Suda
- Sebastiaan van Stijn
- Samuel Karp
- Krisztian Litkey
- Mike Brown
- Stefan Berger
- Danny Canter
- Austin Vazquez
- Daniel Canter
- yanggang
- Iceber Gu
- Ye Sijun
- Ed Bartosh
- Luca Comellini
- Adam Korcz
- Nashwan Azhari
- Tony Fang
- ruiwen-zhao
- xin.li
- Brian Goff
- Gabriel Adrian Samfira
- Paul "TBBle" Hampson
- Henry Wang
- Kevin Parsons
- Rodrigo Campos
- zounengren
- Justin Terry
- Paco Xu
- Shengjing Zhu
- Swagat Bora
- wanglei
- Gavin Inglis
- Akhil Mohan
- Hsing-Yu (David) Chen
- Zechun Chen
- guodong
- lengrongfu
- James Jenkins
- James Sturtevant
- Kirtana Ashok
- Michael Crosby
- Qiutong Song
- Shiming Zhang
- Vincent Batts
- Antonio Ojea
- Cameron Sparr
- Casey Callendrello
- Changwei Ge
- Jian Zeng
- Josh Seba
- Junyu Liu
- Kohei Tokunaga
- Michael Zappa
- Qasim Sarfraz
- Tobias Klauser
- Zhang Tianyang
- pigletfly
- yaoyinnan
- Abirdcfly
- Aditi Sharma
- Amit Barve
- Bennett-White
- Bjorn Neergaard
- Cory Snider
- Craig Ingram
- Eng Zer Jun
- Eric Lin
- Ethan Lowman
- Fabian Hoffmann
- Jess
- Jiongchi Yu
- Jonny Stoten
- Juan Hoyos
- Kang.Zhang
- Kay Yan
- Markus Lehtonen
- Mikko Ylinen
- Mohit Sharma
- Paul Cacheux
- Paul S. Schweigert
- Qian Zhang
- Tõnis Tiigi
- Yasin Turan
- bin liu
- helen
- yulng
- Aman Sharma
- Anastassios Nanos
- Andrew G. Morgan
- Andrey Klimentyev
- Ani...
containerd 1.7.0-rc.3
Welcome to the v1.7.0-rc.3 release of containerd!
This is a pre-release of containerd
The eighth major release of containerd includes new functionality alongside many improvements.
This release is the last major release of containerd 1.x before 2.0.
Some functionality in this release may be considered experimental or unstable, but will become stable or default in 2.0.
This release still adheres to our backwards compatibility guarantees and users who do not use or enable new functionality should use this release with the same stability expectations.
The previous 1.6 release has also become a long term stable release for users who prefer releases with mostly stability improvements and wish to wait a few releases for new functionality.
Highlights
Sandbox API (experimental)
The sandbox API provides a new way of managing containerd's shim, providing more flexibility and functionality for multi-container environments such as Pods and VMs.
This API makes it easier to manage these groups of containers at a higher level and offers new extension points for shim implementations and clients.
Transfer Service (experimental)
- Transfer Service (#7320)
The transfer service provides a simple interface to transfer artifact objects between any source and destination. This allows for
pull and push operations to be done in containerd whether requested from clients or plugins. It is experimental in this release
to allow for further plugin development and integration into existing plugins.
See the Transfer Docs
NRI (experimental)
The Node Resource Interface is a common framework for plugging extensions into OCI-compatible container runtimes. It provides
basic mechanisms for plugins to track the state of containers and to make limited changes to their configuration.
This release introduces NRI v0.3.0 with an updated plugin interface to cover a wide range of use cases.
See the NRI Docs
Platform Support
- Linux containers on FreeBSD (#7000)
Runtime Features
- Add support for CDI device injection (#6654)
- Support for cgroups blockio (#5490)
- Add restart policy for enhanced restart manager (#6744)
gRPC Shim Support (experimental)
- Initial gRPC shim support (#8052)
Adds support for shims to use gRPC in addition to ttrpc. Existing ttrpc shim support is not going
away and will continue to be recommended for the best performance and lowest shim memory overhead.
The gRPC support allows implementation of a wider range of shim implementations which may not
have access to a stable ttrpc library in the implementation language. The shim protocol is also
updated to allow the shims to specify the protocol which is supported.
Road to 2.0
Refactoring
There are multiple places in the code today which are being targeted for refactoring to make long term support easier and to provide more extension points.
The CRI plugin is the most complex containerd plugin with a wide range of functionality. A major effort in this release and before 2.0 involves moving functionality
out of the single CRI plugin into smaller-scoped containerd plugins, such that they can be used and tested independently. The new sandbox and distribution interfaces provide one example of this,
but it also being done for image and network management.
The version of ttrpc has been updated this release to support streaming, allowing existing grpc services to use ttrpc.
Services are being refactored to allow ttrpc implementations, which can be served via shim and accessed using the new sandbox management capability.
- Remove gogoproto.customtype (#6699)
- Remove enumvalue_customname, goproto_enum_prefix and enum_customname (#6708)
- Remove all gogoproto extensions (#6829)
- Migrate off from github.com/gogo/protobuf (#6841)
- ttrpc streaming (ttrpc#107)
- Add unpack interface for client (#6749)
- Add collectible resources to metadata gc (#6804)
- Add version to shim protocol (#8177)
Configuration
Existing CRI configurations will be supported until 2.0.
Any functionality split out of CRI will have their configuration migrated to new plugins.
Deprecated configuration versions and configurations for deprecated features will be removed in 2.0.
Deprecation
The 2.0 release will remove any feature deprecated in 1.x. Features deprecated in this release include.
- Docker Schema 1 Image Deprecation (#6884)
CRI Updates
- Fix CRI plugin to setup pod network after creating the sandbox container (#5904)
- Support image pull progress timeout (#6150)
- Add experimental support for runtime specific snapshotters (#6899)
- Pass all TOML runtime configuration options from CRI to the runtime (#7764)
- Support for user namespaces in stateless pods (KEP-127) (experimental) (#7679)
- Add timeout option for drain exec io (#7832)
- Add network plugin metrics (#7858)
- CRI v1alpha2 is deprecated and will be removed from containerd in containerd v2.0; if you are using the CRI API please move up to CRI v1; Kubernetes supports CRI v1 since Kubernetes 1.23 (#7863)
Other
- Support shallow content copy by adding reader option to local content reader at (#7414)
- Add NoSameOwner option when unpacking tars (#7386)
- Add
FetcherByDigest
for fetching blobs without fetching a manifest (#7460) - Update default seccomp profile to block socket calls to AF_VSOCK (#7510)
- Replace fork on mount logic with CLONE_FS (#7513)
- Add support for default registry host configuration (#7607)
- Use github.com/minio/sha256-simd for more efficient sha256 calculation (#7732)
- Make OCI options cross-platform (#7928)
- Update release builds to build from Ubuntu 20.04 with glibc 2.31 (#8021)
- Use data field from OCI descriptor when provided for fetch (#8076)
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
Contributors
- Derek McGowan
- Kazuyoshi Kato
- Maksym Pavlenko
- Wei Fu
- Phil Estes
- Akihiro Suda
- Sebastiaan van Stijn
- Samuel Karp
- Krisztian Litkey
- Mike Brown
- Stefan Berger
- Danny Canter
- Austin Vazquez
- Daniel Canter
- yanggang
- Iceber Gu
- Ye Sijun
- Ed Bartosh
- Luca Comellini
- Adam Korcz
- Nashwan Azhari
- Tony Fang
- ruiwen-zhao
- xin.li
- Brian Goff
- Gabriel Adrian Samfira
- Paul "TBBle" Hampson
- Henry Wang
- Kevin Parsons
- Rodrigo Campos
- zounengren
- Justin Terry
- Paco Xu
- Shengjing Zhu
- Swagat Bora
- wanglei
- Gavin Inglis
- Akhil Mohan
- Zechun Chen
- guodong
- lengrongfu
- Hsing-Yu (David) Chen
- James Jenkins
- James Sturtevant
- Kirtana Ashok
- Michael Crosby
- Qiutong Song
- Shiming Zhang
- Vincent Batts
- dependabot[bot]
- Antonio Ojea
- Cameron Sparr
- Casey Callendrello
- Changwei Ge
- Jian Zeng
- Josh Seba
- Junyu Liu
- Kohei Tokunaga
- Michael Zappa
- Qasim Sarfraz
- Tobias Klauser
- Zhang Tianyang
- pigletfly
- yaoyinnan
- Abirdcfly
- Aditi Sharma
- Amit Barve
- Bennett-White
- Bjorn Neergaard
- Cory Snider
- Craig Ingram
- Eng Zer Jun
- Eric Lin
- Ethan Lowman
- Fabian Hoffmann
- Jess
- Jiongchi Yu
- Jonny Stoten
- Juan Hoyos
- Kang.Zhang
- Kay Yan
- Markus Lehtonen
- Mikko Ylinen
- Mohit Sharma
- Paul Cacheux
- Paul S. Schweigert
- Qian Zhang
- Tõnis Tiigi
- Yasin Turan
- bin liu
- helen
- yulng
- Aman Sharma
- Anastassios Nanos
- Andrew G. Morgan
- Andrey Klimentyev
- Aniruddha Basak
- Anthony Nandaa
- Antti Kervinen
- Aviral Takkar
- Baoshuo
- Benjamin Elder
- Benjamin Wang
- Brandon Lum
- Chao Dai
- Chuanying Du
- Claudiu Bel...
containerd 1.7.0-rc.2
Welcome to the v1.7.0-rc.2 release of containerd!
This is a pre-release of containerd
The eighth major release of containerd includes new functionality alongside many improvements.
This release is intended to be the last major release of containerd 1.x before 2.0.
Some functionality in this release may be considered experimental or unstable, but will become stable or default in 2.0.
This release still adheres to our backwards compatibility guarantees and users who do not use or enable new functionality should use this release with the same stability expectations.
The previous 1.6 release has also become a long term stable release for users who prefer releases with mostly stability improvements and wish to wait a few releases for new functionality.
Highlights
Sandbox API (experimental)
The sandbox API provides a new way of managing containerd's shim, providing more flexibility and functionality for multi-container environments such as Pods and VMs.
This API makes it easier to manage these groups of containers at a higher level and offers new extension points for shim implementations and clients.
Transfer Service (experimental)
- Transfer Service (#7320)
The transfer service provides a simple interface to transfer artifact objects between any source and destination. This allows for
pull and push operations to be done in containerd whether requested from clients or plugins. It is experimental in this release
to allow for further plugin development and integration into existing plugins.
See the Transfer Docs
NRI (experimental)
The Node Resource Interface is a common framework for plugging extensions into OCI-compatible container runtimes. It provides
basic mechanisms for plugins to track the state of containers and to make limited changes to their configuration.
This release introduces NRI v0.3.0 with an updated plugin interface to cover a wide range of use cases.
See the NRI Docs
Platform Support
- Linux containers on FreeBSD (#7000)
Runtime Features
- Add support for CDI device injection (#6654)
- Support for cgroups blockio (#5490)
- Add restart policy for enhanced restart manager (#6744)
gRPC Shim Support (experimental)
- Initial gRPC shim support (#8052)
Adds support for shims to use gRPC in addition to ttrpc. Existing ttrpc shim support is not going
away and will continue to be recommended for the best performance and lowest shim memory overhead.
The gRPC support allows implementation of a wider range of shim implementations which may not
have access to a stable ttrpc library in the implementation language. The shim protocol is also
updated to allow the shims to specify the protocol which is supported.
Road to 2.0
Refactoring
There are multiple places in the code today which are being targeted for refactoring to make long term support easier and to provide more extension points.
The CRI plugin is the most complex containerd plugin with a wide range of functionality. A major effort in this release and before 2.0 involves moving functionality
out of the single CRI plugin into smaller-scoped containerd plugins, such that they can be used and tested independently. The new sandbox and distribution interfaces provide one example of this,
but it also being done for image and network management.
The version of ttrpc has been updated this release to support streaming, allowing existing grpc services to use ttrpc.
Services are being refactored to allow ttrpc implementations, which can be served via shim and accessed using the new sandbox management capability.
- Remove gogoproto.customtype (#6699)
- Remove enumvalue_customname, goproto_enum_prefix and enum_customname (#6708)
- Remove all gogoproto extensions (#6829)
- Migrate off from github.com/gogo/protobuf (#6841)
- ttrpc streaming (ttrpc#107)
- Add unpack interface for client (#6749)
- Add collectible resources to metadata gc (#6804)
- Add version to shim protocol (#8177)
Configuration
Existing CRI configurations will be supported until 2.0.
Any functionality split out of CRI will have their configuration migrated to new plugins.
Deprecated configuration versions and configurations for deprecated features will be removed in 2.0.
Deprecation
The 2.0 release will remove any feature deprecated in 1.x. Features deprecated in this release include.
- Docker Schema 1 Image Deprecation (#6884)
CRI Updates
- Fix CRI plugin to setup pod network after creating the sandbox container (#5904)
- Support image pull progress timeout (#6150)
- Add experimental support for runtime specific snapshotters (#6899)
- Pass all TOML runtime configuration options from CRI to the runtime (#7764)
- Support for user namespaces in stateless pods (KEP-127) (experimental) (#7679)
- Add timeout option for drain exec io (#7832)
- Add network plugin metrics (#7858)
- CRI v1alpha2 is deprecated and will be removed from containerd in containerd v2.0; if you are using the CRI API please move up to CRI v1; Kubernetes supports CRI v1 since Kubernetes 1.23 (#7863)
Other
- Support shallow content copy by adding reader option to local content reader at (#7414)
- Add NoSameOwner option when unpacking tars (#7386)
- Add
FetcherByDigest
for fetching blobs without fetching a manifest (#7460) - Update default seccomp profile to block socket calls to AF_VSOCK (#7510)
- Replace fork on mount logic with CLONE_FS (#7513)
- Add support for default registry host configuration (#7607)
- Use github.com/minio/sha256-simd for more efficient sha256 calculation (#7732)
- Make OCI options cross-platform (#7928)
- Update release builds to build from Ubuntu 20.04 with glibc 2.31 (#8021)
- Use data field from OCI descriptor when provided for fetch (#8076)
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
Contributors
- Derek McGowan
- Kazuyoshi Kato
- Maksym Pavlenko
- Wei Fu
- Phil Estes
- Akihiro Suda
- Sebastiaan van Stijn
- Samuel Karp
- Krisztian Litkey
- Mike Brown
- Stefan Berger
- Danny Canter
- Daniel Canter
- Austin Vazquez
- yanggang
- Iceber Gu
- Ye Sijun
- Ed Bartosh
- Luca Comellini
- Adam Korcz
- Nashwan Azhari
- Tony Fang
- ruiwen-zhao
- xin.li
- Brian Goff
- Gabriel Adrian Samfira
- Paul "TBBle" Hampson
- Henry Wang
- Kevin Parsons
- Rodrigo Campos
- zounengren
- Justin Terry
- Paco Xu
- Shengjing Zhu
- Swagat Bora
- wanglei
- Gavin Inglis
- Akhil Mohan
- Zechun Chen
- guodong
- lengrongfu
- Hsing-Yu (David) Chen
- James Jenkins
- James Sturtevant
- Kirtana Ashok
- Michael Crosby
- Qiutong Song
- Shiming Zhang
- Vincent Batts
- Antonio Ojea
- Cameron Sparr
- Casey Callendrello
- Changwei Ge
- Jian Zeng
- Josh Seba
- Junyu Liu
- Kohei Tokunaga
- Michael Zappa
- Qasim Sarfraz
- Tobias Klauser
- dependabot[bot]
- pigletfly
- yaoyinnan
- Abirdcfly
- Aditi Sharma
- Amit Barve
- Bennett-White
- Bjorn Neergaard
- Cory Snider
- Craig Ingram
- Eng Zer Jun
- Eric Lin
- Ethan Lowman
- Fabian Hoffmann
- Jess
- Jiongchi Yu
- Jonny Stoten
- Juan Hoyos
- Kang.Zhang
- Kay Yan
- Markus Lehtonen
- Mikko Ylinen
- Mohit Sharma
- Paul Cacheux
- Paul S. Schweigert
- Qian Zhang
- Tõnis Tiigi
- Yasin Turan
- Zhang Tianyang
- bin liu
- helen
- yulng
- Aman Sharma
- Anastassios Nanos
- Andrew G. Morgan
- Andrey Klimentyev
- Aniruddha Basak
- Anthony Nandaa
- Antti Kervinen
- Aviral Takkar
- Baoshuo
- Benjamin Elder
- Benjamin Wang
- Brandon Lum
- Chao Dai
- Chuanying D...
containerd 1.7.0-rc.1
Welcome to the v1.7.0-rc.1 release of containerd!
This is a pre-release of containerd
The eighth major release of containerd includes new functionality alongside many improvements.
This release is intended to be the last major release of containerd 1.x before 2.0.
Some functionality in this release may be considered experimental or unstable, but will become stable or default in 2.0.
This release still adheres to our backwards compability guarantees and users who do not use or enable new functionality should use this release with the same stability expectations.
The previous 1.6 release has also become a long term stable release for users who prefer releases with mostly stability improvements and wish to wait a few releases for new functionality.
Highlights
Sandbox API (experimental)
The sandbox API provides a new way of managing containerd's shim, providing more flexibility and functionality for multi-container environments such as Pods and VMs.
This API makes it easier to manage these groups of containers at a higher level and offers new extension points for shim implementations and clients.
Transfer Service (experimental)
- Transfer Service (#7320)
The transfer service provides a simple interface to transfer artifact objects between any source and destination. This allows for
pull and push operations to be done in containerd whether requested from clients or plugins. It is experimental in this release
to allow for further plugin development and integration into existing plugins.
See the Transfer Docs
NRI (experimental)
The Node Resource Interface is a common framework for plugging extensions into OCI-compatible container runtimes. It provides
basic mechanisms for plugins to track the state of containers and to make limited changes to their configuration.
This release introduces NRI v0.3.0 with an updated plugin interface to cover a wide range of use cases.
See the NRI Docs
Platform Support
- Linux containers on FreeBSD (#7000)
Runtime Features
- Add support for CDI device injection (#6654)
- Support for cgroups blockio (#5490)
- Add restart policy for enhanced restart manager (#6744)
gRPC Shim Support (experimental)
- Initial gRPC shim support (#8052)
Adds support for shims to use gRPC in addition to ttrpc. Existing ttrpc shim support is not going
away and will continue to be recommended for the best performance and lowest shim memory overhead.
The gRPC support allows implementation of a wider range of shim implementations which may not
have access to a stable ttrpc library in the implementation language. The shim protocol is also
updated to allow the shims to specify the protocol which is supported.
Road to 2.0
Refactoring
There are multiple places in the code today which are being targeted for refactoring to make long term support easier and to provide more extension points.
The CRI plugin is the most complex containerd plugin with a wide range of functionality. A major effort in this release and before 2.0 involves moving functionality
out of the single CRI plugin into smaller-scoped containerd plugins, such that they can be used and tested independently. The new sandbox and distribution interfaces provide one example of this,
but it also being done for image and network management.
The version of ttrpc has been updated this release to support streaming, allowing existing grpc services to use ttrpc.
Services are being refactored to allow ttrpc implementations, which can be served via shim and accessed using the new sandbox management capability.
- Remove gogoproto.customtype (#6699)
- Remove enumvalue_customname, goproto_enum_prefix and enum_customname (#6708)
- Remove all gogoproto extensions (#6829)
- Migrate off from github.com/gogo/protobuf (#6841)
- ttrpc streaming (ttrpc#107)
- Add unpack interface for client (#6749)
- Add collectible resources to metadata gc (#6804)
- Add version to shim protocol (#8177)
Configuration
Existing CRI configurations will be supported until 2.0.
Any functionality split out of CRI will have their configuration migrated to new plugins.
Deprecated configuration versions and configurations for deprecated features will be removed in 2.0.
Deprecation
The 2.0 release will remove any feature deprecated in 1.x. Features deprecated in this release include.
- Docker Schema 1 Image Deprecation (#6884)
CRI Updates
- Fix CRI plugin to setup pod network after creating the sandbox container (#5904)
- Support image pull progress timeout (#6150)
- Add experimental support for runtime specific snapshotters (#6899)
- Pass all TOML runtime configuration options from CRI to the runtime (#7764)
- Support for user namespaces in stateless pods (KEP-127) (experimental) (#7679)
- Add network plugin metrics (#7858)
- CRI v1alpha2 is deprecated and will be removed from containerd in containerd v2.0; if you are using the CRI API please move up to CRI v1; Kubernetes supports CRI v1 since Kubernetes 1.23 (#7863)
Other
- Support shallow content copy by adding reader option to local content reader at (#7414)
- Add NoSameOwner option when unpacking tars (#7386)
- Add
FetcherByDigest
for fetching blobs without fetching a manifest (#7460) - Update default seccomp profile to block socket calls to AF_VSOCK (#7510)
- Replace fork on mount logic with CLONE_FS (#7513)
- Add support for default registry host configuration (#7607)
- Use github.com/minio/sha256-simd for more efficient sha256 calculation (#7732)
- Make OCI options cross-platform (#7928)
- Update release builds to build from Ubuntu 20.04 with glibc 2.31 (#8021)
- Use data field from OCI descriptor when provided for fetch (#8076)
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
Contributors
- Derek McGowan
- Kazuyoshi Kato
- Maksym Pavlenko
- Phil Estes
- Wei Fu
- Akihiro Suda
- Sebastiaan van Stijn
- Samuel Karp
- Krisztian Litkey
- Mike Brown
- Danny Canter
- Daniel Canter
- Austin Vazquez
- yanggang
- Iceber Gu
- Ye Sijun
- Ed Bartosh
- Adam Korcz
- Luca Comellini
- Nashwan Azhari
- Stefan Berger
- Tony Fang
- ruiwen-zhao
- xin.li
- Brian Goff
- Gabriel Adrian Samfira
- Paul "TBBle" Hampson
- Henry Wang
- Rodrigo Campos
- Justin Terry
- Kevin Parsons
- Paco Xu
- Shengjing Zhu
- Swagat Bora
- wanglei
- zounengren
- Gavin Inglis
- Akhil Mohan
- Zechun Chen
- guodong
- lengrongfu
- James Jenkins
- Michael Crosby
- Qiutong Song
- Shiming Zhang
- Vincent Batts
- Antonio Ojea
- Cameron Sparr
- Casey Callendrello
- Changwei Ge
- Hsing-Yu (David) Chen
- Josh Seba
- Junyu Liu
- Kirtana Ashok
- Kohei Tokunaga
- Michael Zappa
- Qasim Sarfraz
- Tobias Klauser
- pigletfly
- yaoyinnan
- Abirdcfly
- Aditi Sharma
- Amit Barve
- Bennett-White
- Bjorn Neergaard
- Craig Ingram
- Eng Zer Jun
- Eric Lin
- Ethan Lowman
- Fabian Hoffmann
- James Sturtevant
- Jess
- Jian Zeng
- Jiongchi Yu
- Jonny Stoten
- Juan Hoyos
- Kang.Zhang
- Kay Yan
- Markus Lehtonen
- Mikko Ylinen
- Mohit Sharma
- Paul Cacheux
- Paul S. Schweigert
- Qian Zhang
- Yasin Turan
- Zhang Tianyang
- bin liu
- dependabot[bot]
- helen
- yulng
- Aman Sharma
- Anastassios Nanos
- Andrew G. Morgan
- Andrey Klimentyev
- Aniruddha Basak
- Anthony Nandaa
- Antti Kervinen
- Aviral Takkar
- Baoshuo
- Benjamin Elder
- Benjamin Wang
- Chao Dai
- Chuanying Du
- Claudiu Belu
- Cory Snider
- Daniel Lenar
- Danielle Lancashire
- Dat Nguyen
- Davanum Srinivas
- Dave
- David Leadbeater
- David Porter
- Dmitry...