containerd 1.7.0-rc.0

Welcome to the v1.7.0-rc.0 release of containerd!
This is a pre-release of containerd

The eighth major release of containerd includes new functionality alongside many improvements.
This release is intended to be the last major release of containerd 1.x before 2.0.
Some functionality in this release may be considered experimental or unstable, but will become stable or default in 2.0.
This release still adheres to our backwards compability guarantees and users who do not use or enable new functionality should use this release with the same stability expectations.
The previous 1.6 release has also become a long term stable release for users who prefer releases with mostly stability improvements and wish to wait a few releases for new functionality.

Highlights

Sandbox API (experimental)

The sandbox API provides a new way of managing containerd's shim, providing more flexibility and functionality for multi-container environments such as Pods and VMs.
This API makes it easier to manage these groups of containers at a higher level and offers new extension points for shim implementations and clients.

• Sandbox API (#6703)
• CRI Sandbox API Implementation (#7228)

Transfer Service (experimental)

• Transfer Service (#7320)

The transfer service provides a simple interface to transfer artifact objects between any source and destination. This allows for
pull and push operations to be done in containerd whether requested from clients or plugins. It is experimental in this release
to allow for further plugin development and integration into existing plugins.

See the Transfer Docs

NRI (experimental)

• Extend NRI scope (nri#16)
• Support for updated NRI (#6019)

The Node Resource Interface is a common framework for plugging extensions into OCI-compatible container runtimes. It provides
basic mechanisms for plugins to track the state of containers and to make limited changes to their configuration.

This release introduces NRI v0.3.0 with an updated plugin interface to cover a wide range of use cases.

See the NRI Docs

Platform Support

• Linux containers on FreeBSD (#7000)

Runtime Features

• Add support for CDI device injection (#6654)
• Support for cgroups blockio (#5490)
• Add restart policy for enhanced restart manager (#6744)

gRPC Shim Support (experimental)

• Initial gRPC shim support (#8052)

Adds support for shims to use gRPC in addition to ttrpc. Existing ttrpc shim support is not going
away and will continue to be recommended for the best performance and lowest shim memory overhead.
The gRPC support allows implementation of a wider range of shim implementations which may not
have access to a stable ttrpc library in the implementation language. The shim protocol is also
updated to allow the shims to specify the protocol which is supported.

Road to 2.0

Refactoring

There are multiple places in the code today which are being targeted for refactoring to make long term support easier and to provide more extension points.

The CRI plugin is the most complex containerd plugin with a wide range of functionality. A major effort in this release and before 2.0 involves moving functionality
out of the single CRI plugin into smaller-scoped containerd plugins, such that they can be used and tested independently. The new sandbox and distribution interfaces provide one example of this,
but it also being done for image and network management.

The version of ttrpc has been updated this release to support streaming, allowing existing grpc services to use ttrpc.
Services are being refactored to allow ttrpc implementations, which can be served via shim and accessed using the new sandbox management capability.

• Remove gogoproto.customtype (#6699)

• Remove enumvalue_customname, goproto_enum_prefix and enum_customname (#6708)

• Remove all gogoproto extensions (#6829)

• Migrate off from github.com/gogo/protobuf (#6841)

• ttrpc streaming (ttrpc#107)

• Add unpack interface for client (#6749)

• Add collectible resources to metadata gc (#6804)

Configuration

Existing CRI configurations will be supported until 2.0.
Any functionality split out of CRI will have their configuration migrated to new plugins.
Deprecated configuration versions and configurations for deprecated features will be removed in 2.0.

Deprecation

The 2.0 release will remove any feature deprecated in 1.x. Features deprecated in this release include.

• Docker Schema 1 Image Deprecation (#6884)

CRI Updates

• Fix CRI plugin to setup pod network after creating the sandbox container (#5904)
• Support image pull progress timeout (#6150)
• Add experimental support for runtime specific snapshotters (#6899)
• Pass all TOML runtime configuration options from CRI to the runtime (#7764)
• Support for user namespaces in stateless pods (KEP-127) (experimental) (#7679)
• Add network plugin metrics (#7858)
• CRI v1alpha2 is deprecated and will be removed from containerd in containerd v2.0; if you are using the CRI API please move up to CRI v1; Kubernetes supports CRI v1 since Kubernetes 1.23 (#7863)

Other

• Support shallow content copy by adding reader option to local content reader at (#7414)
• Add NoSameOwner option when unpacking tars (#7386)
• Add FetcherByDigest for fetching blobs without fetching a manifest (#7460)
• Update default seccomp profile to block socket calls to AF_VSOCK (#7510)
• Replace fork on mount logic with CLONE_FS (#7513)
• Add support for default registry host configuration (#7607)
• Use github.com/minio/sha256-simd for more efficient sha256 calculation (#7732)
• Make OCI options cross-platform (#7928)
• Update release builds to build from Ubuntu 20.04 with glibc 2.31 (#8021)
• Use data field from OCI descriptor when provided for fetch (#8076)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Kazuyoshi Kato
• Maksym Pavlenko
• Phil Estes
• Wei Fu
• Akihiro Suda
• Sebastiaan van Stijn
• Samuel Karp
• Krisztian Litkey
• Mike Brown
• Danny Canter
• Daniel Canter
• Austin Vazquez
• yanggang
• Ye Sijun
• Iceber Gu
• Adam Korcz
• Ed Bartosh
• Luca Comellini
• Stefan Berger
• ruiwen-zhao
• xin.li
• Brian Goff
• Gabriel Adrian Samfira
• Nashwan Azhari
• Paul "TBBle" Hampson
• Rodrigo Campos
• Henry Wang
• Justin Terry
• Kevin Parsons
• Paco Xu
• Shengjing Zhu
• Swagat Bora
• wanglei
• zounengren
• Gavin Inglis
• Tony Fang
• Akhil Mohan
• Zechun Chen
• guodong
• lengrongfu
• James Jenkins
• Michael Crosby
• Qiutong Song
• Shiming Zhang
• Vincent Batts
• Antonio Ojea
• Cameron Sparr
• Casey Callendrello
• Changwei Ge
• Josh Seba
• Junyu Liu
• Kirtana Ashok
• Kohei Tokunaga
• Michael Zappa
• Qasim Sarfraz
• Tobias Klauser
• Tony Fang
• pigletfly
• yaoyinnan
• Abirdcfly
• Amit Barve
• Bjorn Neergaard
• Craig Ingram
• Eng Zer Jun
• Eric Lin
• Ethan Lowman
• Hsing-Yu (David) Chen
• James Sturtevant
• Jess
• Jiongchi Yu
• Jonny Stoten
• Juan Hoyos
• Kang.Zhang
• Kay Yan
• Markus Lehtonen
• Mikko Ylinen
• Mohit Sharma
• Paul Cacheux
• Paul S. Schweigert
• Qian Zhang
• Yasin Turan
• Zhang Tianyang
• bin liu
• dependabot[bot]
• helen
• yulng
• Aditi
• Aditi Sharma
• Aman Sharma
• Anastassios Nanos
• Andrew G. Morgan
• Andrey Klimentyev
• Aniruddha Basak
• Anthony Nandaa
• Antti Kervinen
• Aviral Takkar
• Baoshuo
• Benjamin Elder
• Benjamin Wang
• Bennett-White
• Chao Dai
• Chuanying Du
• Claudiu Belu
• Cory Snider
• Daniel Lenar
• Danielle Lancashire
• Dat Nguyen
• Davanum Srinivas
• Dave
• David Leadbeater
• David Porter
• Dmitry Shurupov
• Edgar Lee
• Eric Ernst
• Fabian Hoffman
• Fabian Hoffmann
• Fahed Dorgaa
• Gabriela Cervantes
  ...

containerd 1.6.19

Welcome to the v1.6.19 release of containerd!

The nineteenth patch release for containerd 1.6 contains runtime fixes and additions for Windows platforms

Notable Updates

• Update hcsshim to v0.9.7 to include fix for graceful termination and pause containers (#8153)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Kirtana Ashok
• Derek McGowan
• Wei Fu

Changes

4 commits

• [release/1.6] Prepare release notes for v1.6.19 (#8157)
  • 23e94075a Add release notes for v1.6.19
• [release/1.6] go.mod: Bump hcsshim to v0.9.7 (#8153)
  • f488a6241 Update hcsshim tag to v0.9.7

Dependency Changes

• github.com/Microsoft/hcsshim v0.9.6 -> v0.9.7

Previous release can be found at v1.6.18

containerd 1.7.0-beta.4

Welcome to the v1.7.0-beta.4 release of containerd!
This is a pre-release of containerd

The eighth major release of containerd includes new functionality alongside many improvements.
This release is intended to be the last major release of containerd 1.x before 2.0.
Some functionality in this release may be considered experimental or unstable, but will become stable or default in 2.0.
This release still adheres to our backwards compability guarantees and users who do not use or enable new functionality should use this release with the same stability expectations.
The previous 1.6 release has also become a long term stable release for users who prefer releases with mostly stability improvements and wish to wait a few releases for new functionality.

This is a beta release and includes some functionality which is not yet complete. While most APIs are finalized before merge, they are subject to change until the official release.

Highlights

Sandbox API (experimental)

The sandbox API provides a new way of managing containerd's shim, providing more flexibility and functionality for multi-container environments such as Pods and VMs.
This API makes it easier to manage these groups of containers at a higher level and offers new extension points for shim implementations and clients.

• Sandbox API (#6703)
• CRI Sandbox API Implementation (#7228)

Transfer Service (experimental)

• Transfer Service (#7320)

The transfer service provides a simple interface to transfer artifact objects between any source and destination. This allows for
pull and push operations to be done in containerd whether requested from clients or plugins. It is experimental in this release
to allow for further plugin development and integration into existing plugins.

See the Transfer Docs

NRI (experimental)

• Extend NRI scope (nri#16)
• Support for updated NRI (#6019)

The Node Resource Interface is a common framework for plugging extensions into OCI-compatible container runtimes. It provides
basic mechanisms for plugins to track the state of containers and to make limited changes to their configuration.

This release introduces NRI v0.2.0 with an updated plugin interface to cover a wide range of use cases.

See the NRI Docs

Platform Support

• Linux containers on FreeBSD (#7000)

Runtime Features

• Add support for CDI device injection (#6654)
• Support for cgroups blockio (#5490)
• Add restart policy for enhanced restart manager (#6744)

gRPC Shim Support (experimental)

• Initial gRPC shim support (#8052)

Adds support for shims to use gRPC in addition to ttrpc. Existing ttrpc shim support is not going
away and will continue to be recommended for the best performance and lowest shim memory overhead.
The gRPC support allows implementation of a wider range of shim implementations which may not
have access to a stable ttrpc library in the implementation language. The shim protocol is also
updated to allow the shims to specify the protocol which is supported.

Road to 2.0

Refactoring

There are multiple places in the code today which are being targeted for refactoring to make long term support easier and to provide more extension points.

The CRI plugin is the most complex containerd plugin with a wide range of functionality. A major effort in this release and before 2.0 involves moving functionality
out of the single CRI plugin into smaller-scoped containerd plugins, such that they can be used and tested independently. The new sandbox and distribution interfaces provide one example of this,
but it also being done for image and network management.

The version of ttrpc has been updated this release to support streaming, allowing existing grpc services to use ttrpc.
Services are being refactored to allow ttrpc implementations, which can be served via shim and accessed using the new sandbox management capability.

• Remove gogoproto.customtype (#6699)

• Remove enumvalue_customname, goproto_enum_prefix and enum_customname (#6708)

• Remove all gogoproto extensions (#6829)

• Migrate off from github.com/gogo/protobuf (#6841)

• ttrpc streaming (ttrpc#107)

• Add unpack interface for client (#6749)

• Add collectible resources to metadata gc (#6804)

Configuration

Existing CRI configurations will be supported until 2.0.
Any functionality split out of CRI will have their configuration migrated to new plugins.
Deprecated configuration versions and configurations for deprecated features will be removed in 2.0.

Deprecation

The 2.0 release will remove any feature deprecated in 1.x. Features deprecated in this release include.

• Docker Schema 1 Image Deprecation (#6884)

CRI Updates

• Fix CRI plugin to setup pod network after creating the sandbox container (#5904)
• Support image pull progress timeout (#6150)
• Add experimental support for runtime specific snapshotters (#6899)
• Pass all TOML runtime configuration options from CRI to the runtime (#7764)
• Support for user namespaces in stateless pods (KEP-127) (experimental) (#7679)
• Add network plugin metrics (#7858)
• CRI v1alpha2 is deprecated and will be removed from containerd in containerd v2.0; if you are using the CRI API please move up to CRI v1; Kubernetes supports CRI v1 since Kubernetes 1.23 (#7863)

Other

• Support shallow content copy by adding reader option to local content reader at (#7414)
• Add NoSameOwner option when unpacking tars (#7386)
• Add FetcherByDigest for fetching blobs without fetching a manifest (#7460)
• Update default seccomp profile to block socket calls to AF_VSOCK (#7510)
• Replace fork on mount logic with CLONE_FS (#7513)
• Add support for default registry host configuration (#7607)
• Use github.com/minio/sha256-simd for more efficient sha256 calculation (#7732)
• Make OCI options cross-platform (#7928)
• Update release builds to build from Ubuntu 20.04 with glibc 2.31 (#8021)
• Use data field from OCI descriptor when provided for fetch (#8076)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Kazuyoshi Kato
• Maksym Pavlenko
• Phil Estes
• Wei Fu
• Akihiro Suda
• Sebastiaan van Stijn
• Samuel Karp
• Mike Brown
• Krisztian Litkey
• Daniel Canter
• Danny Canter
• yanggang
• Austin Vazquez
• Ye Sijun
• Iceber Gu
• Adam Korcz
• Ed Bartosh
• Luca Comellini
• Stefan Berger
• ruiwen-zhao
• xin.li
• Brian Goff
• Gabriel Adrian Samfira
• Nashwan Azhari
• Paul "TBBle" Hampson
• Rodrigo Campos
• Henry Wang
• Justin Terry
• Kevin Parsons
• Paco Xu
• Shengjing Zhu
• Swagat Bora
• wanglei
• zounengren
• Gavin Inglis
• Tony Fang
• Akhil Mohan
• Zechun Chen
• guodong
• lengrongfu
• James Jenkins
• Michael Crosby
• Qiutong Song
• Shiming Zhang
• Vincent Batts
• Antonio Ojea
• Cameron Sparr
• Casey Callendrello
• Josh Seba
• Junyu Liu
• Kirtana Ashok
• Kohei Tokunaga
• Michael Zappa
• Qasim Sarfraz
• Tobias Klauser
• pigletfly
• yaoyinnan
• Abirdcfly
• Amit Barve
• Bjorn Neergaard
• Changwei Ge
• Craig Ingram
• Eng Zer Jun
• Eric Lin
• Ethan Lowman
• James Sturtevant
• Jess
• Jonny Stoten
• Juan Hoyos
• Kang.Zhang
• Kay Yan
• Markus Lehtonen
• Mikko Ylinen
• Mohit Sharma
• Paul Cacheux
• Paul S. Schweigert
• Qian Zhang
• TTFISH
• Yasin Turan
• bin liu
• dependabot[bot]
• helen
• yulng
• Aditi
• Aditi Sharma
• Aman Sharma
• Anastassios Nanos
• Andrew G. Morgan
• Andrey Klimentyev
• Anthony Nandaa
• Antti Kervinen
• Aviral Takkar
• Baoshuo
• Benjamin Elder
• Chao Dai
• Chuanying Du
• Claudiu Belu
• Cory Snider
• Danielle Lancashire
• Dat Nguyen
• Davanum Srinivas
• Dave
• David Leadbeater
• David Porter
• Dmitry Shurupov
• Edgar Lee
• Eric Ernst
• Fabian...

containerd 1.6.18

Welcome to the v1.6.18 release of containerd!

The eighteenth patch release for containerd 1.6 includes fixes for CVE-2023-25153 and CVE-2023-25173
along with a security update for Go.

Notable Updates

• Fix OCI image importer memory exhaustion (GHSA-259w-8hf6-59c2)
• Fix supplementary groups not being set up properly (GHSA-hmfx-3pcx-653p)
• Revert removal of /sbin/apparmor_parser check (#8087)
• Update Go to 1.19.6 (#8111)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Akihiro Suda
• Derek McGowan
• Ye Sijun
• Samuel Karp
• Bjorn Neergaard
• Wei Fu
• Brian Goff
• Iceber Gu
• Kazuyoshi Kato
• Phil Estes
• Swagat Bora

Changes

24 commits

• [release/1.6] Prepare release notes for v1.6.18 (#8118)
  • 44e61d764 Add release notes for v1.6.18
• Github Security Advisory GHSA-hmfx-3pcx-653p
  • 286a01f35 oci: fix additional GIDs
  • 301823453 oci: fix loop iterator aliasing
  • 0070ab70f oci: skip checking gid for WithAppendAdditionalGroups
  • 16d52de64 refactor: reduce duplicate code
  • b45e30292 add WithAdditionalGIDs test
  • 0a06c284a add WithAppendAdditionalGroups helper
• Github Security Advisory GHSA-259w-8hf6-59c2
  • 84936fd1f importer: stream oci-layout and manifest.json
• [1.6] Add fallback for windows platforms without osversion (#8106)
  • b327af6a4 Add fallback for windows platforms without osversion
• [release/1.6] Go 1.19.6 (#8111)
  • 54ead5b7b Go 1.19.6
• [release/1.6] ctr/run: flags --detach and --rm cannot be specified together (#8094)
  • 2b4b35ab4 ctr/run: flags --detach and --rm cannot be specified together
• [release/1.6] Fix retry logic within devmapper device deactivation (#8088)
  • d5284157b Fix retry logic within devmapper device deactivation
• [release/1.6 backport] Revert apparmor_parser regression (#8087)
  • 624ff636b pkg/apparmor: clarify Godoc
  • 3a0a35b36 Revert "Don't check for apparmor_parser to be present"
• [release/1.6] CI: skip some jobs when repo != containerd/containerd (#8083)
  • 664a938a3 CI: skip some jobs when repo != containerd/containerd

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.6.17

containerd 1.5.18

Welcome to the v1.5.18 release of containerd!

The eighteenth patch release for containerd 1.5 includes fixes for CVE-2023-25153 and CVE-2023-25173
along with a security update for Go.

Notable Updates

• Fix supplementary groups not being set up properly (GHSA-hmfx-3pcx-653p)
• Fix OCI image importer memory exhaustion (GHSA-259w-8hf6-59c2)
• Update Go to 1.19.6 (#8112)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Akihiro Suda
• Derek McGowan
• Ye Sijun
• Samuel Karp
• Phil Estes
• Swagat Bora
• Wei Fu

Changes

17 commits

• [release/1.5] Prepare release notes for v1.5.18 (#8117)
  • ddf9de6cb Prepare release notes for v1.5.18
• Github Security Advisory GHSA-hmfx-3pcx-653p
  • a62c38bf2 oci: fix additional GIDs
  • 3b89da580 oci: fix loop iterator aliasing
  • b07ec6b25 oci: skip checking gid for WithAppendAdditionalGroups
  • 356672cb5 refactor: reduce duplicate code
  • 6a7b7617c add WithAdditionalGIDs test
  • 832bcf300 add WithAppendAdditionalGroups helper
• Github Security Advisory GHSA-259w-8hf6-59c2
  • 19a347e45 importer: stream oci-layout and manifest.json
• [release/1.5] Go 1.19.6 (#8112)
  • 4209dc243 Go 1.19.6
• [release/1.5] Fix retry logic within devmapper device deactivation (#8089)
  • 0d16d045d Fix retry logic within devmapper device deactivation
• [release/1.5] CI: skip some jobs when repo != containerd/containerd (#8084)
  • 34451bc66 CI: skip some jobs when repo != containerd/containerd

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.5.17

containerd 1.6.17

Welcome to the v1.6.17 release of containerd!

The seventeenth patch release for containerd 1.6 includes various updates.

Notable Updates

• Add network plugin metrics (#8018)
• Update mkdir permission on /etc/cni to 0755 instead of 0700 (#8030)
• Export remote snapshotter label handler (#8054)
• Add support for default hosts.toml configuration (#8065)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Akihiro Suda
• Jess
• Antonio Ojea
• Kohei Tokunaga
• Phil Estes
• Wei Fu

Changes

11 commits

• [release/1.6] Prepare release notes for v1.6.17 (#8080)
  • a1aa9b900 Prepare release notes for v1.6.17
• [1.6] Backport default registry hosts config (#8065)
  • 1436641b8 Support default hosts.toml configuration
  • 87acecd04 Update hosts doc
• [release/1.6 backport] Export remote snapshotter label handler (#8054)
  • a6544ed7d Export remote snapshotter label handler
• [release/1.6] cri: mkdir /etc/cni with 0755, not 0700 (#8030)
  • ae02a24a3 cri: mkdir /etc/cni with 0755, not 0700
• [release/1.6] add network plugin metrics (#8018)
  • 6c6cc5ec1 add network plugin metrics

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.6.16

containerd 1.7.0-beta.3

Welcome to the v1.7.0-beta.3 release of containerd!
This is a pre-release of containerd

The eighth major release of containerd includes new functionality alongside many improvements.
This release is intended to be the last major release of containerd 1.x before 2.0.
Some functionality in this release may be considered experimental or unstable, but will become stable or default in 2.0.
This release still adheres to our backwards compability guarantees and users who do not use or enable new functionality should use this release with the same stability expectations.
The previous 1.6 release has also become a long term stable release for users who prefer releases with mostly stability improvements and wish to wait a few releases for new functionality.

This is a beta release and includes some functionality which is not yet complete. While most APIs are finalized before merge, they are subject to change until the official release.

Highlights

Sandbox API (experimental)

The sandbox API provides a new way of managing containerd's shim, providing more flexibility and functionality for multi-container environments such as Pods and VMs.
This API makes it easier to manage these groups of containers at a higher level and offers new extension points for shim implementations and clients.

• Sandbox API (#6703)
• CRI Sandbox API Implementation (#7228)

Transfer Service (experimental)

• Transfer Service (#7320)

The transfer service provides a simple interface to transfer artifact objects between any source and destination. This allows for
pull and push operations to be done in containerd whether requested from clients or plugins. It is experimental in this release
to allow for further plugin development and integration into existing plugins.

See the Transfer Docs

NRI (experimental)

• Extend NRI scope (nri#16)
• Support for updated NRI (#6019)

The Node Resource Interface is a common framework for plugging extensions into OCI-compatible container runtimes. It provides
basic mechanisms for plugins to track the state of containers and to make limited changes to their configuration.

This release introduces NRI v0.2.0 with an updated plugin interface to cover a wide range of use cases.

See the NRI Docs

Platform Support

• Linux containers on FreeBSD (#7000)

Runtime Features

• Add support for CDI device injection (#6654)
• Support for cgroups blockio (#5490)
• Add restart policy for enhanced restart manager (#6744)

Road to 2.0

Refactoring

There are multiple places in the code today which are being targeted for refactoring to make long term support easier and to provide more extension points.

The CRI plugin is the most complex containerd plugin with a wide range of functionality. A major effort in this release and before 2.0 involves moving functionality
out of the single CRI plugin into smaller-scoped containerd plugins, such that they can be used and tested independenty. The new sandbox and distribution interfaces provide one example of this,
but it also being done for image and network management.

The version of ttrpc has been updated this release to support streaming, allowing existing grpc services to use ttrpc.
Services are being refactored to allow ttrpc implementations, which can be served via shim and accessed using the new sandbox management capability.

• Remove gogoproto.customtype (#6699)

• Remove enumvalue_customname, goproto_enum_prefix and enum_customname (#6708)

• Remove all gogoproto extensions (#6829)

• Migrate off from github.com/gogo/protobuf (#6841)

• ttrpc streaming (ttrpc#107)

• Add unpack interface for client (#6749)

• Add collectible resources to metadata gc (#6804)

Configuration

Existing CRI configurations will be supported until 2.0.
Any functionality split out of CRI will have their configuration migrated to new plugins.
Deprecated configuration versions and configurations for deprecated features will be removed in 2.0.

Deprecation

The 2.0 release will remove any feature deprecated in 1.x. Features deprecated in this release include.

• Docker Schema 1 Image Deprecation (#6884)

CRI Updates

• Support image pull progress timeout (#6150)
• Fix CRI plugin to setup pod network after creating the sandbox container (#5904)
• Pass all TOML runtime configuration options from CRI to the runtime (#7764)
• Support for user namespaces in stateless pods (KEP-127) (experimental) (#7679)
• Add network plugin metrics (#7858)
• CRI v1alpha2 is deprecated and will be removed from containerd in containerd v2.0; if you are using the CRI API please move up to CRI v1; Kubernetes supports CRI v1 since Kubernetes 1.23 (#7863)

Other

• Support shallow content copy by adding reader option to local content reader at (#7414)
• Add NoSameOwner option when unpacking tars (#7386)
• Add FetcherByDigest for fetching blobs without fetching a manifest (#7460)
• Update default seccomp profile to block socket calls to AF_VSOCK (#7510)
• Replace fork on mount logic with CLONE_FS (#7513)
• Add support for default registry host configuration (#7607)
• Use github.com/minio/sha256-simd for more efficient sha256 calculation (#7732)
• Make OCI options cross-platform (#7928)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Kazuyoshi Kato
• Maksym Pavlenko
• Phil Estes
• Wei Fu
• Akihiro Suda
• Sebastiaan van Stijn
• Samuel Karp
• Mike Brown
• Krisztian Litkey
• Daniel Canter
• yanggang
• Danny Canter
• Ye Sijun
• Iceber Gu
• Adam Korcz
• Ed Bartosh
• Luca Comellini
• Stefan Berger
• xin.li
• Gabriel Adrian Samfira
• Nashwan Azhari
• Paul "TBBle" Hampson
• Rodrigo Campos
• ruiwen-zhao
• zounengren
• Austin Vazquez
• Brian Goff
• Henry Wang
• Shengjing Zhu
• Gavin Inglis
• Justin Terry
• Kevin Parsons
• Paco Xu
• Swagat Bora
• wanglei
• Akhil Mohan
• Tony Fang
• lengrongfu
• James Jenkins
• Michael Crosby
• Qiutong Song
• Shiming Zhang
• Antonio Ojea
• Junyu Liu
• Michael Zappa
• Qasim Sarfraz
• Tobias Klauser
• guodong
• pigletfly
• Amit Barve
• Cameron Sparr
• Changwei Ge
• Craig Ingram
• Eng Zer Jun
• Eric Lin
• James Sturtevant
• Jess
• Jonny Stoten
• Juan Hoyos
• Kang.Zhang
• Kirtana Ashok
• Markus Lehtonen
• Mikko Ylinen
• Paul Cacheux
• Paul S. Schweigert
• Qian Zhang
• Vincent Batts
• Yasin Turan
• bin liu
• dependabot[bot]
• Abirdcfly
• Aditi Sharma
• Aman Sharma
• Anastassios Nanos
• Andrew G. Morgan
• Andrey Klimentyev
• Antti Kervinen
• Aviral Takkar
• Baoshuo
• Benjamin Elder
• Chao Dai
• Chuanying Du
• Claudiu Belu
• Cory Snider
• Danielle Lancashire
• Dat Nguyen
• Davanum Srinivas
• Dave
• David Leadbeater
• David Porter
• Dmitry Shurupov
• Eric Ernst
• Ethan Lowman
• Fabian Hoffman
• Fabian Hoffmann
• Fahed Dorgaa
• Fish-pro
• Gabriela Cervantes
• Gijs Peskens
• Hamza El-Saawy
• Hsing-Yu (David) Chen
• Ikko Ashimine
• Jeff Widman
• Jeff Zvier
• Jeremi Piotrowski
• Jin Dong
• Jordan Karaze
• Joseph Sheng
• Joyce Brum
• Jukka Rissanen
• Justin Chadwell
• Kate
• Kathryn Baldauf
• Kohei Tokunaga
• Kyle L Frisbie
• LongtaoZhang
• Manuel Alejandro de Brito Fontes
• Marc Schwind
• Mark Rossetti
• Mark Zhang
• Marvin Giessing
• Mathis Michel
• Merlin Ran
• Nabeel Rana
• Nguyen Phan Huy
• Nikita Rybak
• Nobel Barakat
• Oleg Atamanenko
• Oleg Zhurakivskyy
• Oliver Radwell
• Quan Tian
• Roy Yang
• Serge Logvinov
• Shane Jennings
• Shaun Lawrie
• Shinichi Morimoto
• SilverSoldier
• Sophie Liu
• Su Fei
• Taeho Nam
• Takumasa Sakao
• Tiger Kaovilai
• Tom Godkin
• Tomoya.Fujita
• Tõnis Tiigi
• Xinlin Ma
• Yakul Garg
• Zhang Tianyang
• Zhongming Chang
• Zhuchen Wang
• austinvazquez
• cardy.tang
• chaunceyjiang
• dabaooline
• guiyong.ou
• huoqifeng
• jianfei.zhang
• ningmingxiao
• shi yixue
• shuaichang
• songjiang han
• wen chen
• wusong
• xiaoyang zhu
• yanghesong
• yaozhenxiu
• zhang he

Changes

1453 commit...

containerd 1.6.16

Welcome to the v1.6.16 release of containerd!

The sixteenth patch release for containerd 1.6 includes various bug fixes and updates.

Notable Updates

• Fix push error propagation (#7990)
• Fix slice append error with HugepageLimits for Linux (#7995)
• Update default seccomp profile for PKU and CAP_SYS_NICE (#8001)
• Fix overlayfs error when upperdirlabel option is set (#8002)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Akihiro Suda
• Derek McGowan
• Samuel Karp
• Sebastiaan van Stijn
• Phil Estes
• Craig Ingram
• Justin Chadwell
• Qasim Sarfraz
• Wei Fu
• bin liu
• cardy.tang
• rongfu.leng

Changes

30 commits

• [release/1.6] Prepare v1.6.16 (#8016)
  • d3c595aa3 Prepare release notes for v1.6.16
• [release/1.6 backport] Fix tx closed error when upperdirlabel specified (#8002)
  • 8c704036a Fix tx closed error when upperdirlabel specified
• [release/1.6 backport] assorted test-fixes (#8000)
  • 91a68edd7 cri: Fix TestUpdateOCILinuxResource for host w/o swap controller
  • 5594f706e Fix TestUpdateContainerResources_Memory* on cgroup v2 hosts
• [release/1.6 backport] seccomp updates (#8001)
  • 7037f5313 seccomp: add get_mempolicy, mbind, set_mempolicy, with CAP_SYS_NICE
  • d22919a1c seccomp: seccomp: add syscalls related to PKU in default policy
• [release/1.6 backport] Harden GITHUB_TOKEN permissions (#7999)
  • 8b8a21fe4 Harden GITHUB_TOKEN permissions
• [release/1.6 backport] assorted updates to Vagrantfile (#7996)
  • 8009948bb Vagrantfile: fix comments about SELinux
  • 550424f92 Vagrantfile: install-rootless-podman: remove setenforce 0
  • 2c32f8559 CI: update Fedora to 37
  • 556bb0cc8 Vagrantfile: explicitly specify rsync as the shared folder driver
  • edfac1834 fix install cni script
  • 91d5e53fb Vagrantfile: dump containerd log after critest
• [release/1.6 backport] Fix slice append error (#7995)
  • ab193eb20 pkg/cri: optimize slice initialization
  • e6cf5ec58 Fix slice append error
• [release/1.6] update to go1.18.10 (#7992)
  • 6a8a6531f [release/1.6] update to go1.18.10
• [release/1.6 backport] release/Dockerfile: set DEBIAN_FRONTEND=noninteractive (#7991)
  • d0dc7988a release/Dockerfile: set DEBIAN_FRONTEND=noninteractive
• [release/1.6 backport] pushWriter: correctly propagate errors (#7990)
  • 1584c2581 pushWriter: correctly propagate errors
• [release/1.6] mod: update github.com/pelletier/go-toml@v1.9.5 (#7942)
  • 545f22091 mod: update github.com/pelletier/go-toml@v1.9.5

Dependency Changes

• github.com/pelletier/go-toml v1.9.3 -> v1.9.5

Previous release can be found at v1.6.15

containerd 1.5.17

Welcome to the v1.5.17 release of containerd!

The seventeenth patch release for containerd 1.5 includes various fixes and updates.

Notable Updates

• Update shim to fail fast on dial error (#7953)
• Fix no CNI info for pod sandbox on restart (#7849)
• Fix push error propagation (#7998)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Akihiro Suda
• Wei Fu
• Danny Canter
• Justin Chadwell
• Kirtana Ashok
• Phil Estes
• Samuel Karp
• Sebastiaan van Stijn

Changes

14 commits

• [release/1.5] Prepare release notes for v1.5.17 (#8017)
  • 40a4d58de Prepare release notes for v1.5.17
• [release/1.5] integration/images: switch away from Docker Hub to avoid rate limit (#8009)
  • d44769ad6 integration/images: switch away from Docker Hub to avoid rate limit
• [release/1.5 backport] pushWriter: correctly propagate errors (#7998)
  • 1e848038d pushWriter: correctly propagate errors
• [release/1.5] update to go1.18.10 (#7993)
  • 464c2fb7a [release/1.5] update to go1.18.10
• [release/1.5] runtime: should fail fast if dial error on shim (#7953)
  • 7473711de runtime: should fail fast if dial error on shim
• [release/1.5] CRI: Fix no CNI info for pod sandbox on restart (#7849)
  • 23c2a863e CRI: Fix no CNI info for pod sandbox on restart
• [release/1.5] go.mod: Bump hcsshim to v0.8.25 (#7817)
  • 1c5d8d142 [release/1.5] Bump shim tag to v0.8.25

Dependency Changes

• github.com/Microsoft/hcsshim v0.8.24 -> v0.8.25

Previous release can be found at v1.5.16

containerd 1.6.15

Welcome to the v1.6.15 release of containerd!

The fifteenth patch release for containerd 1.6 fixes an issue with CNI in the CRI plugin

Notable Updates

• Fix no CNI info for pod sandbox on restart in CRI plugin (#7848)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Akihiro Suda
• Danny Canter
• Kevin Parsons
• Samuel Karp
• Wei Fu

Changes

8 commits

• [release/1.6] Prepare release notes for v1.6.15 (#7924)
  • 883899eae Prepare release notes for v1.6.15
• [release/1.6] CI: Pass GITHUB_TOKEN to containerd/project-checks (#7919)
  • b57367020 CI: Pass GITHUB_TOKEN to containerd/project-checks
• [release/1.6] integration/images: switch away from Docker Hub to avoid rate limit (#7900)
  • 0f4062c9b integration/images: switch away from Docker Hub to avoid rate limit
• [release/1.6] CRI: Fix no CNI info for pod sandbox on restart (#7848)
  • f16447e2d CRI: Fix no CNI info for pod sandbox on restart

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.6.14