containerd 1.7.0-rc.2
Pre-releaseWelcome to the v1.7.0-rc.2 release of containerd!
This is a pre-release of containerd
The eighth major release of containerd includes new functionality alongside many improvements.
This release is intended to be the last major release of containerd 1.x before 2.0.
Some functionality in this release may be considered experimental or unstable, but will become stable or default in 2.0.
This release still adheres to our backwards compatibility guarantees and users who do not use or enable new functionality should use this release with the same stability expectations.
The previous 1.6 release has also become a long term stable release for users who prefer releases with mostly stability improvements and wish to wait a few releases for new functionality.
Highlights
Sandbox API (experimental)
The sandbox API provides a new way of managing containerd's shim, providing more flexibility and functionality for multi-container environments such as Pods and VMs.
This API makes it easier to manage these groups of containers at a higher level and offers new extension points for shim implementations and clients.
Transfer Service (experimental)
- Transfer Service (#7320)
The transfer service provides a simple interface to transfer artifact objects between any source and destination. This allows for
pull and push operations to be done in containerd whether requested from clients or plugins. It is experimental in this release
to allow for further plugin development and integration into existing plugins.
See the Transfer Docs
NRI (experimental)
The Node Resource Interface is a common framework for plugging extensions into OCI-compatible container runtimes. It provides
basic mechanisms for plugins to track the state of containers and to make limited changes to their configuration.
This release introduces NRI v0.3.0 with an updated plugin interface to cover a wide range of use cases.
See the NRI Docs
Platform Support
- Linux containers on FreeBSD (#7000)
Runtime Features
- Add support for CDI device injection (#6654)
- Support for cgroups blockio (#5490)
- Add restart policy for enhanced restart manager (#6744)
gRPC Shim Support (experimental)
- Initial gRPC shim support (#8052)
Adds support for shims to use gRPC in addition to ttrpc. Existing ttrpc shim support is not going
away and will continue to be recommended for the best performance and lowest shim memory overhead.
The gRPC support allows implementation of a wider range of shim implementations which may not
have access to a stable ttrpc library in the implementation language. The shim protocol is also
updated to allow the shims to specify the protocol which is supported.
Road to 2.0
Refactoring
There are multiple places in the code today which are being targeted for refactoring to make long term support easier and to provide more extension points.
The CRI plugin is the most complex containerd plugin with a wide range of functionality. A major effort in this release and before 2.0 involves moving functionality
out of the single CRI plugin into smaller-scoped containerd plugins, such that they can be used and tested independently. The new sandbox and distribution interfaces provide one example of this,
but it also being done for image and network management.
The version of ttrpc has been updated this release to support streaming, allowing existing grpc services to use ttrpc.
Services are being refactored to allow ttrpc implementations, which can be served via shim and accessed using the new sandbox management capability.
- Remove gogoproto.customtype (#6699)
- Remove enumvalue_customname, goproto_enum_prefix and enum_customname (#6708)
- Remove all gogoproto extensions (#6829)
- Migrate off from github.com/gogo/protobuf (#6841)
- ttrpc streaming (ttrpc#107)
- Add unpack interface for client (#6749)
- Add collectible resources to metadata gc (#6804)
- Add version to shim protocol (#8177)
Configuration
Existing CRI configurations will be supported until 2.0.
Any functionality split out of CRI will have their configuration migrated to new plugins.
Deprecated configuration versions and configurations for deprecated features will be removed in 2.0.
Deprecation
The 2.0 release will remove any feature deprecated in 1.x. Features deprecated in this release include.
- Docker Schema 1 Image Deprecation (#6884)
CRI Updates
- Fix CRI plugin to setup pod network after creating the sandbox container (#5904)
- Support image pull progress timeout (#6150)
- Add experimental support for runtime specific snapshotters (#6899)
- Pass all TOML runtime configuration options from CRI to the runtime (#7764)
- Support for user namespaces in stateless pods (KEP-127) (experimental) (#7679)
- Add timeout option for drain exec io (#7832)
- Add network plugin metrics (#7858)
- CRI v1alpha2 is deprecated and will be removed from containerd in containerd v2.0; if you are using the CRI API please move up to CRI v1; Kubernetes supports CRI v1 since Kubernetes 1.23 (#7863)
Other
- Support shallow content copy by adding reader option to local content reader at (#7414)
- Add NoSameOwner option when unpacking tars (#7386)
- Add
FetcherByDigest
for fetching blobs without fetching a manifest (#7460) - Update default seccomp profile to block socket calls to AF_VSOCK (#7510)
- Replace fork on mount logic with CLONE_FS (#7513)
- Add support for default registry host configuration (#7607)
- Use github.com/minio/sha256-simd for more efficient sha256 calculation (#7732)
- Make OCI options cross-platform (#7928)
- Update release builds to build from Ubuntu 20.04 with glibc 2.31 (#8021)
- Use data field from OCI descriptor when provided for fetch (#8076)
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
Contributors
- Derek McGowan
- Kazuyoshi Kato
- Maksym Pavlenko
- Wei Fu
- Phil Estes
- Akihiro Suda
- Sebastiaan van Stijn
- Samuel Karp
- Krisztian Litkey
- Mike Brown
- Stefan Berger
- Danny Canter
- Daniel Canter
- Austin Vazquez
- yanggang
- Iceber Gu
- Ye Sijun
- Ed Bartosh
- Luca Comellini
- Adam Korcz
- Nashwan Azhari
- Tony Fang
- ruiwen-zhao
- xin.li
- Brian Goff
- Gabriel Adrian Samfira
- Paul "TBBle" Hampson
- Henry Wang
- Kevin Parsons
- Rodrigo Campos
- zounengren
- Justin Terry
- Paco Xu
- Shengjing Zhu
- Swagat Bora
- wanglei
- Gavin Inglis
- Akhil Mohan
- Zechun Chen
- guodong
- lengrongfu
- Hsing-Yu (David) Chen
- James Jenkins
- James Sturtevant
- Kirtana Ashok
- Michael Crosby
- Qiutong Song
- Shiming Zhang
- Vincent Batts
- Antonio Ojea
- Cameron Sparr
- Casey Callendrello
- Changwei Ge
- Jian Zeng
- Josh Seba
- Junyu Liu
- Kohei Tokunaga
- Michael Zappa
- Qasim Sarfraz
- Tobias Klauser
- dependabot[bot]
- pigletfly
- yaoyinnan
- Abirdcfly
- Aditi Sharma
- Amit Barve
- Bennett-White
- Bjorn Neergaard
- Cory Snider
- Craig Ingram
- Eng Zer Jun
- Eric Lin
- Ethan Lowman
- Fabian Hoffmann
- Jess
- Jiongchi Yu
- Jonny Stoten
- Juan Hoyos
- Kang.Zhang
- Kay Yan
- Markus Lehtonen
- Mikko Ylinen
- Mohit Sharma
- Paul Cacheux
- Paul S. Schweigert
- Qian Zhang
- Tõnis Tiigi
- Yasin Turan
- Zhang Tianyang
- bin liu
- helen
- yulng
- Aman Sharma
- Anastassios Nanos
- Andrew G. Morgan
- Andrey Klimentyev
- Aniruddha Basak
- Anthony Nandaa
- Antti Kervinen
- Aviral Takkar
- Baoshuo
- Benjamin Elder
- Benjamin Wang
- Brandon Lum
- Chao Dai
- Chuanying Du
- Claudiu Belu
- Daniel Lenar
- Danielle Lancashire
- Dat Nguyen
- Davanum Srinivas
- Dave
- David Leadbeater
- David Porter
- Dmitry Shurupov
- Edgar Lee
- Eric Ernst
- Fahed Dorgaa
- Gabriela Cervantes
- Gijs Peskens
- Hamza El-Saawy
- Ikko Ashimine
- Jeff Widman
- Jeff Zvier
- Jeremi Piotrowski
- Jimmy Hsiao
- Jin Dong
- Jordan Karaze
- Joseph Sheng
- Joyce Brum
- Jukka Rissanen
- Justin Chadwell
- Kate
- Kathryn Baldauf
- Kyle L Frisbie
- LongtaoZhang
- Manuel Alejandro de Brito Fontes
- Marc Schwind
- Mark Rossetti
- Mark Zhang
- Marvin Giessing
- Mathis Michel
- Merlin Ran
- Nabeel Rana
- Nathan
- Nguyen Phan Huy
- Nikita Rybak
- Nobel Barakat
- Oleg Atamanenko
- Oleg Zhurakivskyy
- Oliver Radwell
- Quan Tian
- Roy Yang
- Samuel Ortiz
- Serge Logvinov
- Shane Jennings
- Shaun Lawrie
- Shinichi Morimoto
- SilverSoldier
- Sophie Liu
- Su Fei
- Taeho Nam
- Takumasa Sakao
- Tiger Kaovilai
- Tom Godkin
- Tomoya.Fujita
- Xinlin Ma
- Yakul Garg
- Zhongming Chang
- Zhuchen Wang
- austinvazquez
- cardy.tang
- chaunceyjiang
- dabaooline
- guiyong.ou
- huoqifeng
- jianfei.zhang
- liyuxuan.darfux
- ningmingxiao
- shi yixue
- shuaichang
- songjiang han
- wen chen
- wusong
- xiaoyang zhu
- yanghesong
- yaozhenxiu
- zhang he
Changes
1729 commits
- Add release notes for v1.7.0-rc.2 (#8216)
- go.mod: {hcsshim, containerd/, go-restful/v3, mergo, klauspost/compress, opencontainers/}@latest (#8221)
- Bump k8s.io deps (#8131)
- Update imgcrypt to v1.1.7 (#8217)
- Add ArgsEscaped support for CRI (#8198)
- Sandbox: Delete shim+shutdown sandbox on create failure (#8204)
- [Feature] Transfer tag image (#8205)
- docs: fix typo of shim.RunManager's function comment (#8214)
- [cri] Implement CRI Pod and Container stats for Windows (#7099)
- Sandbox: Fix/enhance error messages for Create (#8203)
- epoch: fix unit test when SOURCE_DATE_EPOCH is set (#8202)
- pkg/cri: add timeout to drain exec io (#7832)
- Prepare release notes for v1.7.0-rc.1 (#8192)
- Transfer export image (#8191)
- Create config struct to take user input (#8193)
- ctr/tasks: support remapped UID/GID (#7864)
- Add experimental section to RELEASES.md (#8119)
- Fix streaming manager deadlock on collection (#8188)
- Update CRI guide link (#8190)
- Add max shim version environment variable (#8189)
- Update README with location of security audits (#8187)
- docs: fix typos in historical/design/data-flow.md (#8181)
- Increase CI workflow timeout on Windows. (#8183)
- releases: mark 1.5 as EOL (#8178)
- Add version to shim protocol (#8177)
- Rework install-protobuf script and add new targets (#8164)
- bump go-cni to v1.1.9 (#8173)
- Treat sandboxes as root gc resources and scan referenced objects (#8172)
- update CDI version to v0.5.4 (#8152)
- Prepare release notes for v1.7.0-rc.0 (#8162)
- pkg/nri: pull in latest NRI, update NRI configuration. (#8140)
- [transfer]Config options followup (#8165)
- Add configuration options to local transfer service (#8062)
- docs: Show how to select GRPC for shims (#8134)
- CRI: remove duplicated snapshotters code (#8154)
- docs: add more comment to logging.LoggerFunc (#8142)
- contrib/apparmor: remove code related to apparmor_parser version (#8069)
- runtime/v2: Call onCloseWithShimLog for grpc shims (#8120)
- Add Fields type alias to log package (#8143)
- Migrate from k8s.gcr.io to registry.k8s.io (#8125)
- sandbox: start sandbox with options (#8129)
- Add macOS build note (#8115)
- Fix concurrent writes for UpdateContainerStats (#8130)
- dependency: bump go.etcd.io/bbolt to v1.3.7 (#8128)
- runtime/v2: Log BootstrapParams (#8124)
- Prepare release notes for v1.7.0 beta.4 (#8110)
- Go 1.20.1 (#8103)
- ctr version: add args check (#8096)
- pkg/cri/config: fix Mirrors deprecation comment (#8041)
- docs: fix function names in fuzzing test documentation (#8044)
- fix: 'go routine' should be 'goroutine' (#8051)
- Github Security Advisory GHSA-hmfx-3pcx-653p
- Github Security Advisory GHSA-259w-8hf6-59c2
- pkg/cri/sbserver: experimental NRI integration for CRI. (#7954)
- Clean up error strings that start with uppercase (#8114)
- Clean up repeated package import (#8113)
- Go 1.19.6 (#8109)
- Initial GRPC shims support (#8052)
- CRI: Pass sandbox annotations to _other platforms (#8060)
- cmd/ctr/commands/images: support usage subcommand (#8105)
- cni: pass in the cgroupPath capability argument (#8067)
- Add fallback for windows platforms without osversion (#8101)
- release: xx v1.2.1 (#8104)
- [transfer] update imagestore interface to support multiple references (#7964)
- [sandbox] Use options to pass PodSandboxConfig to shims (#8100)
- Send container events with nil PodSandboxStatus (#8047)
- test: add hostNetwork tests for both windows and linux (#7984)
- loadConfig pre-inspection in advance (#8097)
- contrib/apparmor: remove version-dependent rules (#8068)
- *: introduce wrapper pkgs for blockio and rdt (#8066)
- Extract CRI instrument into separate package (#8093)
- CRI: Mirror generic toml runtime config under server (#8091)
- go.mod: github.com/containerd/typeurl/v2 v2.1.0 (#8092)
- Revert
apparmor_parser
regression (#8086) - [sandbox] refactor controller interface (#7981)
- btrfs: depend on kernel UAPI instead of libbtrfs (#7933)
- CI: skip some jobs when
repo != containerd/containerd
(#8082) - chore: clean up repeated package import (#8078)
- fetch: Use data from descriptor when available. (#8076)
- chore: use http constants instead of string (#8077)
- Fix retry logic within devmapper device deactivation (#8075)
- Clean CI yaml (#8071)
- Add critest.exe in $PATH (#8074)
- keep the uppercase letter for flag info (#7976)
- go.mod: Bump hcsshim to v0.10.0-rc.5 (#8049)
- Fix sandbox exit monitor (#8045)
- Generate GRPC contracts for runtime APIs (#7979)
- Make argument validation of
mount.UnmountRecursive
compatible tomount.UnmountAll
(#8035) - Export remote snapshotter label handler (#8036)
- Adding support to run install hcsshim from local clone (#7989)
- go.mod: github.com/urfave/cli v1.22.12 (#8040)
- cmd/ctr/commands: clean up the func IntToInt32Array in utils.go (#8039)
- pkg/epoch: drop timezone (#8037)
- go.mod: update github.com/containerd/nri. (#8034)
- fix(docs): minor fix on the windows installation steps (#8013)
- Add integration test to opentelemetry tracing on image pull (#7847)
- Use mount.Target to specify subdirectory of rootfs mount (#7840)
- cri: mkdir /etc/cni with 0755, not 0700 (#8020)
- log/logtest: add
testcase
as debug field (#8025) - go.mod: github.com/containerd/cgroups/v3 v3.0.0 (#8027)
- Update CNI plugins to 1.2.0 (#7977)
- go.mod: go.opentelemetry.io/otel v1.12.0 (#8026)
- Move PLEG events for pause container under podsandbox package (#8007)
- runtime docs: Clarify delete cwd behavior (#8012)
- release: Add "cri-containerd.DEPRECATED.txt" in the deprecated cri-containerd-* bundles (#8019)
- RELEASES.md: update release status (#8022)
- deflake: TestContainerPids (#8023)
- release: Ubuntu 18.04 -> 20.04 (glibc 2.27 -> 2.31) (#8021)
- Update the EOL date for 1.5 release (#8015)
- Prepare release notes for v1.7.0-beta.3 (#8014)
- Fix Memory Limit test (#7959)
- Reused package errdefs for not supported error (#8005)
- pkg/cri: optimize slice initialization (#7994)
- go.mod: update goresctrl to v0.3.0 (#7987)
- pushWriter: correctly propagate errors (#7985)
- CI: test release.yml on every PR (#7968)
- fix incorrect namespace of event when create/update namespace (#7129)
- Backport changes to sandboxed CRI (#7973)
- Fix syntax errors in the document (#7970)
- release/Dockerfile: set DEBIAN_FRONTEND=noninteractive (#7969)
- use local variable for rt when iterating collectors (#7963)
- Add basic spec and mounts for Darwin (#7960)
- go.mod: Bump hcsshim to v0.10.0-rc.4 (#7810)
- Use specs Platform instead of generated API (#7958)
- Make OCI options cross-platform (#7928)
- update to go1.19.5, go1.18.10 (#7948)
- fuzzing: improve archive fuzzer (#7957)
- shim: enable debug logging for delete (#7943)
- cri: Fix TestUpdateOCILinuxResource for host w/o swap controller (#7946)
- ctr/run: flags --detach and --rm cannot be specified together (#7929)
- Fix Flaky Windows CRI Integration test on TestContainerConsumedStats (#7935)
- Refactor snapshotters metastore transaction (#7917)
- mod: update github.com/pelletier/go-toml@v1.9.5 (#7932)
- archive: improve TestSourceDateEpoch (#7927)
- Add tracing plugin test (#7883)
- docs/content-flow: update the description of the content labels (#7925)
- Add cleanup package for context management during cleanup (#7861)
- Fix race between stream registration and use (#7886)
- Prepare release notes for v1.7.0-beta.2 (#7903)
- Cirrus CI (Fedora 37, Rocky 8): enable cri-integration (#7892)
- contrib/Dockerfile.test: add "integration", "cri-integration", "critest" stages (#7891)
- docs: fix a typo in tracing documentation (#7914)
- CI: Pass GITHUB_TOKEN to containerd/project-checks (#7913)
- Enable dupword linter (#7911)
- ctr: Add platform flag to 'oci spec' command (#7905)
- Vagrantfile: fix disk resize error with VirtualBox (#7907)
- Vagrantfile: fix comments about SELinux (#7908)
- Use the const labels.LabelUncompressed (#7906)
- [sandbox] Add sandbox store plugin type (#7850)
- Fix TestUpdateContainerResources_Memory* on cgroup v2 hosts (#7893)
- CRI: Comment cleanup/misc fixes (#7904)
- Move snapshot event publishing into metadata store (#5674)
- Vagrantfile: install-rootless-podman: remove
setenforce 0
(#7887) - reused package errdefs for error (#7894)
- integration/images: switch away from Docker Hub to avoid rate limit (#7888)
- Validate userns container config is consistent with sandbox userns config (#7882)
ctr contents ls
sorts the labels of the content (#7881)- chore: use
go fix
to cleanup old +build buildtag (#7879) - cri: Shadow variables to avoid t.Parallel() issues (#7880)
- Add support for user namespaces in stateless pods (KEP-127) (#7679)
- Refactor metastore transaction (#7529)
- oci: appendOSMounts(): remove unused error, and move (#7874)
- add kube v1.26: remove v1alph2 cri support (#7863)
- make runc 1.1 for oss_fuzz_build.sh (#7875)
- CRI sbserver: Prevent server reuse after Shutdown (#7872)
- Fix incorrect defer usage and refactor judgement (#7521)
- oci: Add WithDomainname (#7869)
- Reused errdefs define error (#7871)
- fix
ctr tasks kill
does not remove cni network under windows (#7866) - add network plugin metrics (#7858)
- Avoid using canceled context in unpacker cleanup (#7859)
- image/label: print more characters of label keys (#7618)
- prevent Server reuse after a Shutdown (#7165)
- Check containerd's readiness before calling critest (#7851)
- Fix grammatical errors in Readme (#7837)
- Fix cpu architecture detection issue on linux/arm (#7636)
- CRI: Fix no CNI info for pod sandbox on restart (#7845)
- Enable checkRename test (#7081)
- metastore: Add WithTransaction convenience method (#7781)
- Prevent a race condition in testHook (#7831)
- cri: fix
memory.memsw.limit_in_bytes: no such file or directory
(#7836) - go.mod: update fuzz-headers and fuzz-build (#7824)
- Remove github.com/gogo/protobuf again (#7825)
- CRI: Add host networking helper (#7814)
- Support sandbox shutdown in shim runtimes (#7792)
- move up to CRI-TOOLS v1.26.0 (#7818)
- Minor fix when querying pod sandbox status (#7812)
- nil check to avoid panic on upgrade (#7809)
- Bump grpc to v1.51.0 (#7709)
- fatal error: concurrent map iteration and map write (#7805)
- Bump golangci-lint to v1.50.1 (#7804)
- cri: make swapping disabled with memory limit (#7783)
- add metrics for image pulling: error; in progress count; thoughput (#7313)
- Prepare release notes for v1.7.0-beta.1 (#7793)
- support fetching containerd from non public GCS buckets (#7771)
- images: support specifying SourceDateEpoch via ctx (#7651)
- fuzzing: improve archive fuzzer (#7718)
- fix sdNotify func when debug level (#7798)
- Upgrade GitHub actions packages in release workflow (#7794)
- Enable GitHub Actions local Linux CI runs (#7796)
- integration: increase timeout in container_event_test.go (#7791)
- digest: use github.com/minio/sha256-simd (#7732)
- allow client to remove created tasks with PID 0 (#7787)
- Add container event support to containerd (#7073)
- docs: Authorizer.Authorize could return ErrUnexpectedStatus (#7786)
- fix: check for tmpfs when evaluating if userxattr is needed (#7772)
- Pass TOML configuration options for runtimes CRI is not aware of (#7764)
- Cleanup build constraints (#7776)
- There is no way to disable debug endpoint on Darwin (#7775)
- CI: Vagrant: pin rockylinux/8 to v5.0.0 (#7777)
- vendor: golang.org/x/net v0.4.0 (#7774)
- Fix context when waiting sandbox (#7773)
- Github Security Advisory GHSA-2qjp-425j-52j9
- update to go1.19.4, go1.18.9 (#7765)
- Change PushContent to require only Provider (#7763)
- sbserver bug fixing (#7768)
- Add unit test to Opentelemetry tracing (#7671)
- remove some (aliases for) deprecated functions (#7525)
- Refactor ctr restore to allow for tty allocation (#7673)
- fix panic when containerd-stress density --count 0 (#7748)
- Unwrap proto errors in streaming client (#7753)
- Fix process_vm_* syscall names in seccomp (#7755)
- upgrade the ops.md output for current 1.7 version . (#7747)
- docs: Add extra security instructions (#7743)
- go.mod: re-vendor NRI from the official repo. (#7744)
- [Sandbox API] CRI status cleanup (#7731)
- Transfer service (#7320)
- NRI: add support for NRI with extended scope. (#6019)
- archive: set WithModTimeUpperBound when WithSourceDateEpoch is set (#7710)
- Fix order of operations when setting lease labels (#7702)
- Add ctr image prune command (#7730)
- Check for nullptr before dereferencing (#7708)
- use MaxConcurrentDownloads instead of MaxConcurrentUploadedLayers (#7736)
- introspection: expose the daemon's PID and PIDNS (#7694)
- reference/docker: synchronize fork with upstream distribution/distribution (#7635)
- go.mod: golang_protobuf_extensions v1.0.4 - prevent incompatible versions (#7721)
- Add ptrace readby and tracedby to default AppArmor profile (#7714)
- Fix sandbox API when calling sandboxed shims (#7684)
- make status more readable and update easy. (#7669)
- integration/client: fix go.mod grouping, containerd to v1.7.0-beta.0, cgroups back to v1.0.4 (#7720)
- Resolve warnings in Windows GitHub Actions periodic workflows (#7706)
- Sandbox API: implement Controller.Status for SandboxAPI (#7470)
- [port #5904 to sbserver] Setup pod network after creating the sandbox container (#7426)
- fix for OSS-Fuzz infra changes (#7677)
- runtime/v2/shim: clean up the use of containerdBinary (#7499)
- Add process_vm read and write calls to default seccomp profile (#7693)
- Resolve Scorecards GitHub Actions workflow warnings (#7707)
- cri: add pod uid annotation (#7697)
- Missed out
platform interface
when reused the conn for Client. (#7699) - overlayfs: remove duplicated tx rollback (#7700)
- go.mod: update some dependencies (#7704)
- update github.com/cpuguy83/go-md2man/v2 to v2.0.2 (#7705)
- Fsnotify bump and change code (#7703)
- fix build containerd in centos9 (#7683)
- Bump urfave-cli to v1.22.10 (#7701)
- can set up the network serially by CNI plugins (#7685)
- Update cri-api dependency to v0.26.0-beta.0 (#7656)
- overlay: Remove unused method param (#7696)
- CI: update Fedora to 37 (#7691)
- tx rollback when GetInfo return error (#7678)
- Upgrade github.com/containerd/cgroups from v1 to v3 (#7601)
- Remove OpenTelementry imports from remotes/docker package (#7675)
- Expose Done and Err in Shutdown service (#7686)
- gotestsum match go version 1.19 (#7688)
- complement sub-command note for containerd-main (#7670)
- keep the lower case letter for flag info (#7668)
- bump critools into ca1571e6edd116b2c95f52e3dfa0b4779b74223a (#7666)
- Fix broken link for CRI plugin in docs (#7667)
- add option to resolve symlinks in WithLinuxDevice (#7523)
- Bump k8s.io deps to v0.25.4 (#7663)
- Release: add static binaries (#7659)
- Bump OpenTelemetry contrib to v0.36.4 (#7662)
- Fix slice append error (
spec.Linux.Resources.HugepageLimits
) (#7661) - Bump OpenTelemetry to v1.11.1 (#7660)
- feature: add gc scheduler metrics collection count (#5263)
- Add
--debug
args to all subcommands ofctr pprof
(#7629) - Add a thin wrapper around otel Span object (#7655)
- Bump grpc to v1.50.1 (#7643)
- replace strings.Split(N) for strings.Cut() or alternatives (#7631)
- add oci.WithCPURT (#7642)
- Sandbox API: Add a new mode config for sandbox controller impls (#7590)
- fuzzing: bump go-fuzz-headers (#7625)
- Bump k8s.io deps to v0.25.3 (#7637)
- Remove uses of deprecated go-digest.NewDigestFromHex, go-digest.Digest.Hex (#7641)
- Extra documentation for content interfaces (#7640)
- Fix shim socket permissions on Darwin (#7638)
- s390x: build and package s390x bin in release assets (#7614)
- Replace mount fork hack with CLONE_FS (#7513)
- remotes: add
FetcherByDigest
for fetching blobs without foreknown descriptors (useful for general-purpose CAS) (#7460) - Fix "getCPUInfo for OS freebsd: not implemented" on FreeBSD/arm64 (#7403)
- Support default hosts.toml configuration (#7607)
- Add tracing spans in CRI image service and pull.go (#7453)
- Fix missing closed fifo (#7604)
- fix comments (#7624)
- docs: add additional info in backport process (#7626)
- go.mod: golang.org/x/*: use tagged versions (#7621)
- Bump go version to 1.19.3 (#7620)
- ctr export strictly matching (#7615)
- Fix ctr crash when pulling with --http-dump and --http-trace simultaneously (#7617)
- Harden GITHUB_TOKEN permissions for OSSF Scorecard (#7599)
- overlayutils: Add fastpath for userxattr check (#7611)
- Add sequence diagram for shim runtime v2 (#7606)
- Sandbox API: Move remote impls to /sandbox/proxy (#7600)
- fuzzing: improve archive fuzzer (#7588)
- Retry client connection in waitForStart (#7537)
- Add Workflow for running critest with Hyper-V Containers on Windows. (#7025)
- Add release notes for v1.7.0-beta.0 (#7575)
- Cleanup sandbox interfaces (#7576)
- Update GitHub actions release workflow set output (#7581)
- Fix LogURI generation-related tests on Windows. (#7569)
- maintenance: Remove WithWindowsNetworkNamespace from pkg/cri (#7577)
- CRI: implement Controller.Delete for SandboxAPI (#7457)
- Configure CDI registry only on start (#7419)
- update codeql-action to v2 (#7568)
- Add logging related metrics to Containerd CRI plugin (#7546)
- sys: optimize and refactor MkdirAllWithACL() (#7531)
- fix install cni script (#7484)
- Update 1.5 release support timeframe (#7560)
- bump go-fuzz-headers (#7503)
- Add long term stable release branches (#7454)
- fix pusher concurrent close channel (#7473)
- Make tests on GitHub less noisy (#7530)
- containerd should not print error log that failed to init a tracing processor while the tracing plugin is not loaded (#7541)
- Update required Go version in BUILDING.md (#7544)
- go.mod: matttproud/golang_protobuf_extensions v1.0.2 (use tag) (#7522)
- Use
go env
to determine GOPATH in Makefile. (#7542) - clean-up "nolint" comments, remove unused ones, update golangci-lint (#7349)
- Don't unmount on Darwin when deleting bundle (#7534)
- Add timeouts to all CI jobs (#7538)
- Vagrantfile: explicitly specify rsync as the shared folder driver (#7539)
- sys: remove unused IsAbs() (windows) (#7527)
- cri: PodSandboxStatus should tolerate missing task (#7535)
- CI: update GHA instances from Ubuntu 18.04 to 20.04 (#7489)
- fix the --no-pivot flag being ignored by
ctr tasks start
(#7519) - Update the default seccomp to block socket calls to AF_VSOCK (#7510)
- cmd/containerd: use golang.org/x/sys/windows.SetStdHandle() (#7511)
- Stats() shouldn't assume s.container is non-nil (#7517)
- Move up actions versions to prep for NodeJS 12 deprecation (#7516)
- cmd/containerd: use golang.org/x/sys Service.SetRecoveryActions() (#7512)
- Updates oci image config to support upstream ArgsEscaped (#7483)
- cmd/containerd: replace deprecated windows.IsAnInteractiveSession() (#7497)
- Update container with sandbox metadata after NetNS is created (#7481)
- archive: add WithSourceDateEpoch() for whiteouts (#7478)
- TestTaskResize must use a terminal (#7492)
- diff/apply.readCounter: check negative size (#7494)
- Add new ctr option for discarding unpacked layers (#7425)
- archive: windows: chtimes(): remove redundant conversion (#7491)
- archive: validate digests before use (#7488)
- vendor: github.com/opencontainers/selinux v1.10.2 (#7482)
- fuzzing: create structured tar bytes in archive fuzzer (#7477)
- Update to go 1.19.2 to address CVE-2022-2879, CVE-2022-2880, CVE-2022-41715 (#7474)
- use raw link to containerd.service config (#7463)
- cri doc: Update kata containers reference (#7466)
- Setup pod network after creating the sandbox container (#5904)
- Swap to net.ErrClosed checks for services (#7446)
- go.mod: Bump go-winio to v0.6.0 (#7443)
- fix retry when writer is reset on push (#6995)
- CI: Output a summary using GITHUB_SUMMARY (#7192)
- Fix missing close (#7430)
- Add test flag for skipping shim cgroup test (#7424)
- Refactor CRI fuzzers (#7405)
- Fix LogURIGenerator on Windows (#7351)
- Set grpc code for unimplemented cri-api methods (#7417)
- Add reader option to local content reader at (#7414)
- Sandbox API: implement Controller.Wait and Controller.Stop (#7401)
- remove stray .zuul.yaml (#7416)
- reference CDI configuration details (#7408)
- cri-integration: propagate ENABLE_CRI_SANDBOXES (#7413)
- Enable OpenSSF Scorecard Github Action (#7404)
- Add ext2 fs support to devmapper snapshotter (#7402)
- Fuzzing: Instrument with new sanitizers (#7396)
- Upgrade fuzzing-related packages to reduce dependencies (#7397)
- remotes/docker/config: Skipping TLS verification for localhost (#7393)
- Replace github.com/emicklei/go-restful package, versions <2.16.0 (#7395)
- Add NoSameOwner option when unpacking tars (#7386)
- ctr: add privileged-without-host-devices for run command (#7328)
- chore: matching the casing of other flags for ctr's pull command (#7341)
- windows: Add runhcs-wcow-hypervisor runtimeclass to the default config (#6901)
- Fix missing close (#7370)
- CRI: update cdi version to v0.5.1 (#7374)
- Update to go 1.19.1, 1.18.6 to address CVE-2022-27664, CVE-2022-32190 (#7372)
- vendor: golang.org/x/net v0.0.0-20220906165146-f3363e06e74c (#7373)
- Remove unused variable from images action (#7371)
- feature: use client default namespace (#7291)
- integration: TestUpdateContainerResources_MemoryLimit: remove TODO comment (#7367)
- feature: upgrade registry.k8s.io/pause version (#7359)
- metrics/cgroups/v1: Remove unused event parameter (#7361)
- .zuul: remove the zuul because it is offline (#7369)
- Update golangci-lint timeout to match config (#7356)
- delete redundent import alias and and type conversion (#7345)
- Make checkContainerTimestamps less strict on Windows (#7350)
- Make oss-fuzz mandatory (#7346)
- Add kubernetes v1.25 supported version as v1.24 (#7326)
- sys: move ForceRemoveAll to integration/client (#7335)
- chore: remove duplicate word in comments (#7338)
- Use ioctl helpers from x/sys/unix (#7342)
- archive: replace tarName() with filepath.ToSlash() (#7344)
- mount: remove unused ErrNotImplementOnWindows (#7339)
- replace sys Sequential funcs with moby/sys/sequential (#7334)
- Clarify containerd 1.5.0+ for k8s 1.20,1.21 (#7324)
- update runc binary to v1.1.4 (#7315)
- Upgrade github.com/klauspost/compress from v1.11.13 to v1.15.9 (#7325)
- Update k8s.io/cri-api to v0.25.0 (#7287)
- script/setup: handle cnidir with SUDO (#7322)
- ContainerStatus to return container resources (#6517)
- migrate from k8s.gcr.io to registry.k8s.io (#7038)
- Do not rename test files on-the-fly to share functions (#7309)
- ctr import: strictly match platform (#6906)
- Revert "Downgrade MinGW to version 10.2.0" (#7308)
- Follow up #7254 (Switch to Go 1.19) (#7286)
- Upgrade containerd/cgroups to remove github.com/cilium/ebpf's fuzzer (#7304)
- Adding support of CAP_BPF and CAP_PERFMON (#7301)
- go.mod: Bump hcsshim to v0.10.0-rc.1 (#7284)
- Don't fail test when GOOGLE_APPLICATION_CREDENTIALS is unset (#7306)
- ci: remove GOPROXY environment variable due to go-yaml/yaml#887 (#7293)
- Runtime cleanup (Shim manager and task service) (#7280)
- containerd-stress: add support for running through CRI (#6931)
- Switch to Go 1.19 (#7254)
- Vagrantfile: dump containerd log after critest (#7265)
- oci: skip checking group id for WithAppendAdditionalGroups (#7257)
- release workflow: increase timeout to 30 minutes & remove Go setup action (#7259)
- release: rollback Ubuntu to 18.04 (except for riscv64) (#7258)
- Initial sandbox API CRI integration (implement Controller.Start) (#7228)
- Use environment variable to specify Go version on CI (#7251)
- Update golang to 1.18.5, 1.17.13 (#7243)
- Change os.Stderr reassign for Windows service (#7023)
- script/setup: fix protobuf for aarch64 (#7237)
- Fix cleanup in critest (#7232)
- fix: support simultaneous create diff for same parent snapshot (#7204)
- Windows HostProcess container CRI stats test (#7223)
- Regenerate protos with updated protoc-gen-go (#7226)
- test: error strings should not be capitalized (#7195)
- Add extra context to error when push unauthorized (#7220)
- replace with selinux label (#7207)
- Use
httputil.DumpRequestOut
for dumping client req (#7221) - Fix CRI image pull timeout test for ppc64le (#7215)
- test: introduce failpoint control to runc-shimv2 and cni (#7069)
- chore: bump macos runner version (#7206)
- Use image lists form integration/client tests (#7210)
- go.mod: Bump hcsshim to v0.9.4 (#7212)
- Drop deprecated
ioutil
(#7203) - Make getServicesOpts a helper (#7201)
- adds an env var commented out for sandboxed mode (#7183)
- cri_stats: handle missing cpu stats (#7198)
- using ContextDialer instead (#7189)
- test: Add ability to switch between cgroupv1 or cgroupv2 for node e2e (#7173)
- code cleanup (#7182)
- Update k8s.io/cri-api to v0.25.0-alpha2 (#7114)
- Refactor usageNanoCores be to used for all OSes (#7186)
- adds support for using env file for systemd boot (#7191)
- go.mod: github.com/stretchr/testify v1.8.0 (#7185)
- ctr: support --user for run/create (#7145)
- docs: Fix sample config.toml syntax (#7174)
- seccomp: seccomp: add syscalls related to PKU in default policy (#7163)
- Update and align golangci-lint version (#7168)
- adds a comment explaining how to disable experimental sbserver (#7169)
- ci: workaround Cirrus CI's INVALID_ARGUMENT (#7177)
- Update install-protobuf script to install protobuf on Darwin (#7153)
- Fork CRI server for Sandbox API integration work (#7164)
- seccomp: add get_mempolicy, mbind, set_mempolicy, with CAP_SYS_NICE (#7167)
- cri doc: fix formatting for CDI options (#7158)
- update golang to 1.18.4, 1.17.12 (#7159)
- Fix out of date comments for CRI store packages (#7152)
- update some devmapper docs (#7124)
- seccomp: allow clock_settime64 when CAP_SYS_TIME is added (#7149)
- Copy fuzzers from github.com/cncf/cncf-fuzzing (#7123)
- fix can't edit object by using ctr content edit command (#6847)
- integration/client: fix typo in export_test.go (#7130)
- Fix WWW-Authenticate parsing (#7126)
- LCOW differ return ErrNotImplemented for wrong mount type (#7112)
- Update go-restful/v3 to latest release (#7117)
- pkg/cri: use marshal wrapper for version convertor (#7108)
- Remove hacks around contrib/fuzz (#7087)
- Fix missing closed HTTP Body (#7107)
- Cleanup metadata tests (#7105)
- Downgrade MinGW to version 10.2.0 (#7106)
- ctr: Fix
ctr c create
fails to parse arguments (#7098) - Fix Documentation Issue (#7103)
- refactor: reduce duplicate code (#7100)
- make xattr EPERM non-fatal in createTarFile (#7094)
- Move metadata plugin registration to seperate package (#7096)
- fix: missing sudo for devmapper doc (#7092)
- Ensure Windows Periodic workflow errors out while still uploading results. (#7085)
- Add snapshotter key to snapshot events (#7084)
- add WithAdditionalGIDs test (#7072)
- Forward ctr snapshotter flags on Windows (#7086)
- add WithAppendAdditionalGroups helper (#7070)
- Make CI Fuzz less noisy (#7065)
- ctr: add --hostname flag to create, run (#7082)
- improve content-flow (#7077)
- Make CI Fuzz optional (#7067)
- Use Go 1.18's testing.F on simple fuzzers (#7056)
- Downgrade MinGW in Windows setup scripts. (#7062)
- Make test path a constant (#7057)
- Run fuzzers in CI (#7052)
- CRI: Improve the /dev/shm mount options in Sandbox. (#6913)
- fix:userattr-unmount unexpected timeout (#7008)
- Port (some) unit tests to FreeBSD (#7042)
- Bump Golang and MinGW versions in Windows setup script. (#6888)
- Windows snapshotter touch ups and new functionality (#6918)
- Improve naming consistencies in comments in snapshotter.go (#7032)
- Make building static binaries simpler (#7022)
- Allow CRI on Darwin (#7033)
- update runc binary to v1.1.3 (#7034)
- Linux containers on FreeBSD (#7000)
- go.mod: github.com/moby/sys/mountinfo v0.6.2 (#7026)
- fix minor spelling mistake: lablel -> label (#7031)
- go.mod: github.com/containerd/cgroups v1.0.4 (#7027)
- go.mod: github.com/containerd/continuity v0.3.0 (#7028)
- Correct spelling mistake ("sanbdox" to "sandbox") (#7029)
- Github Security Advisory GHSA-5ffw-gxpp-mxpf
- Bump grpc to v1.47.0 (#7018)
- Bump k8s.io deps to v0.24.1 (#7017)
- Support runtime level snapshotter for issue 6657 (#6899)
- update golang to 1.18.3, 1.17.11 (#7012)
- Fix containerd-stress duration flag (#7004)
- update go-cni/for cni update fixing plugins that don't respond with version (#7009)
- Add validations for Windows HostProcess CRI configs (#6996)
- Move docker reference logic to reference/docker package (#7007)
- promote pause image to 3.7 (sync with kube v1.24) (#7003)
- Makefile: use urfave_cli_no_docs for binaries that don't need it (#6998)
- CRI: cleanup cri/store package (#6993)
- Use t.Run for /pkg/cri tests (#7001)
- vendor: github.com/urfave/cli v1.22.9 and fix "verify-vendor" script (#6997)
- sandbox: replace github.com/pkg/errors with native errors (#6937)
- build: Fix references to check-protos target in Makefile (#6983)
- ctr: fix label args used in NewContainer (#6954)
- ctr sandbox: handle sandbox config (#6959)
- Fix broken oss-fuzz build (#6975)
- archive: add human-readable hint to Lchown error (#6982)
- Fix tx closed error when upperdirlabel specified (#6978)
- config: improve config v1 deprecation message (#6972)
- Fix Windows install powershell script (#6969)
- fix comments on metadata schema and update namespace doc (#6955)
- adjust format in comment (#6956)
- Restore decompression benchmarks (#6957)
- cmd/ctr/commands/content: fix typo in fetch command usage (#6960)
- fix some confusing typos (#6950)
- update doc url about k8s (#6952)
- Separate windows-2019 and windows-2022 test results (#6946)
- shim: fix debug flag not working (#6910)
- Reverts removal of parallel run from critest (#6938)
- Bump OpenTelemetry dependencies (#6932)
- update runc binary and vendor to v1.1.2 (#6934)
- oci: WithDefaultUnixDevices(): remove tun/tap from the default devices (#6923)
- update golang to 1.18.2, 1.17.10 (#6926)
- CI: update Fedora to 36 (#6925)
- Add
Wait
tobinaryProcessor
(#6916) - go.mod: Bump k8s deps to v0.24.0 (#6905)
- (Vagrant CI) Enable git commands due to git CVE fix (#6915)
- Pass explicit JUnit outfile to critest.exe in Windows workflow. (#6912)
- Update critools to v1.24 (#6894)
- devmapper docs: small fixes (#6904)
- move report dir option to end of line for vagrant cri tests (#6900)
- Update Kubernetes version matrix in release docs (#6892)
- Share container images between TestRestartMonitor and TestRestartMonitorWithOnFailurePolicy (#6889)
- containerd 1.6.4 k8s 1.24 readme announce (#6890)
- Cleanup leaked shim process (#6866)
- Add collectible resources to metadata gc (#6804)
- Update k8 docurl in file (#6881)
- Support RISC-V 64 (#6882)
- docs: minor fixes in snapshots.Snapshotter comments (#6885)
- Officially deprecate Schema 1 (#6884)
- Make Cirrus CI tests more stable (#6880)
- docs: Adding windows installation steps to getting-started.md (#6875)
- Add ctr support for CPUMax and CPUShares (#6809)
- Support for cgroups blockio (#5490)
- Fix comment for metadata/db.go (#6871)
- Remove github.com/gogo/protobuf and github.com/golang/protobuf from containerd's direct dependencies (#6867)
- Update go-cni to v1.1.5 (#6868)
- Bump opencontainers/selinux from 1.10.0 to 1.10.1 (#6865)
- Upgrade google.golang.org/grpc and google.golang.org/protobuf (#6864)
- Don't use "uname -a" as Cirrus CI's cache key (#6863)
- remove duplicate (#6856)
- Create ppc64le release (#6858)
- Move Vagrant-based tests from GitHub Actions to Cirrus CI (#6854)
- feature: support image pull progress timeout (#6150)
- Add unpack interface to be used by client (#6749)
- Fix undefined error in use of errors package (#6855)
- Migrate off from github.com/gogo/protobuf (#6841)
- images/image.go: typo (#6851)
- Add flag to allow oci.WithAllDevicesAllowed on PrivilegedWithoutHostDevices (#5686)
- integration: Adds Windows equivalent for TestSandboxRemoveWithoutIPLeakage (#6180)
- fix incorrect syntax in comments (#6845)
- cri: close fifos when container is deleted (#6842)
- diff: hide types.Any from clients (#6832)
- Add Container-Optimized OS into Adopters (#6838)
- Prepare for google.golang.org/protobuf (#6835)
- fix the restart desired to running when task not found (#6833)
- Remove all gogoproto extensions (#6829)
- fix nil pointer panic for monitor (#6830)
- remotes/docker: log registry URLs as info instead of debug (#5681)
- Rename runtime/v2/task to api/runtime (#6827)
- Fix protoc-gen-go-fieldpath (#6828)
- Consolidate gogo/protobuf dependencies under our own protobuf package (#6826)
- Add restart policy for enhanced restart manager (#6744)
- Remove gogoproto.stdtime (#6821)
- Set timeout when collecting metrics from shim's Stat (#6781)
- Fuzz filter package with Go 1.18's fuzzer (#6819)
- allow ptrace(2) by default for kernel >= 4.8 (#6810)
- Build bin/gen-manpages instead of using "go run" (#6820)
- update golang to 1.18.1, 1.17.9 (#6822)
- Sandbox API (#6703)
- Move lease manager plugin to separate package (#6811)
- fix pool_device_test (#6807)
- check for duplicate nspath possibilities (#6806)
- Do not append []string{""} to command to preserve Docker compatibility (#6805)
- tracing: fix panic on startup when configured (#6789)
- Optimize loading performance for cri recover (#6680)
- Change architecture path in README.md (#6798)
- make consistent for checkpoint path (#6792)
- metrics/cgroups: fix deadlock issue in Add during Collect (#6788)
- ADOPTERS: Update AKS Info (#6794)
- Pin upload-cloud-storage action to 0.8.0 in Windows workflow. (#6790)
- docs: add Deckhouse to the list of adopters (#6785)
- Add
docs/snapshotters
; simplifydocs/cri
(#6778) - Turn paths from cmdline into absolute paths (#6672)
- CRI: add support for CDI device injection (#6654)
- Disable writing freelist to make the file robust against data corruptions (#6761)
- mv design docs/historical/design (#6777)
- CRI: improve image pulling performance (#6702)
- docs: remove runtime v1; migrate config v1 to v2 (#6776)
- Skip flaky test on Windows (#6779)
- docs/getting-started.md: typo (#6775)
- Add no_tracing tag (#6750)
- Move historical docs to
docs/historical
(#6754) - Run go mod tidy in integration tests (#6768)
- go.mod: move indirects, and update integration go.mod to 1.18 (#6765)
- Drop gotest.tools (#6762)
- Use t.Setenv instead of os.Setenv (#6760)
- Upgrade to Go 1.18 (#6709)
- Adding multi-arch support for the configure.sh script (#6751)
- docs/getting-started.md: massive update (#6758)
- Remove unmaintained contrib/linuxkit (#6755)
- [Windows CI] Address some timeout issues (#6757)
- BUILDING.md: update supported Go versions (#6756)
- update runc to 1.1.1 (#6753)
- CI: add Rocky Linux 8 (#6747)
- CI: bump up crun to 1.4.4 (#6748)
- added make help for cri integration (#6743)
- Update README.md cncf landscape url (#6740)
- Fix error message in TestNewBinaryIO (#6738)
- Use typeurl.Any instead of github.com/gogo/protobuf/types.Any (#6706)
- Use cgroups.AddProc() for cgroups v1 (#5738)
- fix: ctr images mount with snapshotter option can't get snapshotter (#6713)
- cgroup2: monitor OOMKill instead of OOM to prevent missing container events (#6323)
- moving up to go-cni v1.1.4 (#6721)
- native: fix deadlock from leaving transactions open (#6722)
- go.mod: remove replace, and update github.com/gogo/googleapis v1.4.1 (#5390)
- Github Security Advisory GHSA-c9cp-9c75-9v8c
- runtime: deprecate runc --criu / -criu-path option (#6496)
- Bug fix for mount path handling (#6651)
- Upgrade containerd/imgcrypt and opencontainers/image-spec (#6711)
- Remove enumvalue_customname, goproto_enum_prefix and enum_customname (#6708)
- Remove gogoproto.customtype (#6699)
- Skip tty critest testcase on Windows Server 2022 (#6698)
- Build with Go 1.18 (#6605)
- Update prometheus client vendor (#6690)
- vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd (#6687)
- Make the temp mount as ready only in container WithVolumes (#6593)
- fix:
ctr run --cni
get failed (#6670) - test: use
T.TempDir
to create temporary test directory (#6681) - Make OpenLab's CI jobs blocking (#6679)
- document log level and format (#6683)
- Add shared content label to namespaces (#6660)
- Add protoc-gen-go-fieldpath (#6562)
- Enable gosec linter for golangci-lint (#6669)
- Make mkfs.xfs available on OpenLab's CI environment (#6668)
- ctr: improve error relative shim path error msg (#6519)
- typo fixes under cmd. (#6674)
- Handle CRI Device.HostPath on Windows (#6618)
- Upgrade golangci-lint and its GitHub Action (#6666)
- Don't build a second copy of containerd-shim-runhcs-v1.exe (#6661)
- Update TestNormalize to only test Windows platform (#6569)
- Fix link in getting-started.md (#6663)
- Fuzzing: refactor metadata fuzzers (#6423)
- Two xfs file systems with same UUID can not be mounted on the same sy… (#6650)
- [Windows] Fix deadline exceeded in daemon restart (#6635)
- Use temp file for export/import test (#6658)
- strip path-info from
-v
(version) output, and implement -v flag for containerd-shim (#6495) - Improve unexpected response error handling in resolver (#6617)
- Use the latest tag for azure images (#6601)
- Run CRI integration tests in GitHub Actions (Windows) (#6626)
- cri: fix integration test on cgroupsv2 system (#6595)
- Use version 2 configuration format in docs/PLUGINS.md (#6613)
- update to go 1.16.15, 1.17.8 to address CVE-2022-24921 (#6619)
- Update status of 1.4 release (#6614)
- Update TestContainerSymlinkVolumes to use windows path (#6568)
- Add --user support for ctr run Windows (#6603)
- Update releases (#6608)
- Github Security Advisory GHSA-crp2-qrr5-8pq7
- Adds support for Windows ArgsEscaped images (#6479)
- Do not use weak import (#6558)
- cri: relax test for system without hugetlb (#6596)
- Use containerd/protobuild instead of stevvooe/protobuild (#6578)
- integration: remove duplicated util pkg (#6597)
- go.mod: update to github.com/tchap/go-patricia/v2 v2.3.1 (#6591)
- Update Go version recommendation in getting started (#6585)
- go.mod: update to github.com/emicklei/go-restful/v3 v3.7.3 (#6337)
- fix Implicit memory aliasing in for loop (#6331)
- Fix build with gccgo (#6579)
- Replace golang.org/x/net/context with std library (#6580)
- containerd-shim-runc-v1: return init pid when clean dead shim (#6571)
- Use Windows matcher when on Windows platform in all code paths (#6491)
- containerd-shim-runc-v2: return init pid when clean dead shim (#6452)
- [Windows][Integration] Enable TestRestartMonitor (#6515)
- go.mod: fsnotify v1.5.1, moby/sys/mountinfo v0.6.0, moby/sys/signal v0.7.0 (#6554)
Changes from containerd/cgroups
49 commits
- Upgrade GitHub actions CI workflow (#249)
- Upgrade Go compiler to 1.19 (#248)
- Don't use ioutil (#246)
- Check that cgroup is empty before deleting (#228)
- Support cgroup.AddThread in cgroupv2 manager (#243)
- Support to handle more than 4 fields in cpuacct.stat (#231)
- typo shoulld -> should (#236)
- Upgrade github.com/cilium/ebpf from v0.4.0 to v0.9.1 (#241)
- go.mod: github.com/stretchr/testify v1.8.0 (#240)
- .github: use ubuntu-22.04 to test cgroupv2 (#237)
- feat(v2): Support cgroup.MoveTo in cgroupv2 manager (#235)
- Update README to include usage examples of v2 client (#233)
- ParseCgroupFile: fix wrong comment about unified hierarchy ; add ParseCgroupFileUnified to get the unified path (#232)
- Bump go version to 1.17 in go.mod (#230)
- make cmd/ a separate module (as it's only for testing) (#226)
- feat(v2): add Update method for v2.Manager (#225)
- feat: add memory.min param (#211)
- modified the dereference null pointer value. (#218)
- update readme for cpu cgroup demo (#217)
- Fix systemd full path (#221)
- Update Go version and fedora base (#223)
- Fix panic in NewSystemd on nil values (#219)
Changes from containerd/continuity
28 commits
- go.mod: update dependencies (take 2) (#204)
- Revert "go.mod: update dependencies" (#205)
- Various small fix-ups (#202)
- update authors and mailmap (#201)
- move cmd/continuity to its own go module (#200)
- CI: resolve Go path before sudoing ; Remove deprecated io/ioutil (except ioutil.ReadDir) (#198)
- fs.CopyDir: support sockets and pipes (#197)
- Fix wrapping errors (#196)
Changes from containerd/fifo
26 commits
- Update Go vers, x/sys vendor (#51)
- chore: cleanup old buildtags by
go fix
(#49) - Return nil when openFifo returns nil (#47)
- Resolve golangci-lint-action package warnings (#48)
- Remove references to io/ioutil package (#45)
- Update GitHub actions CI workflow (#46)
- go.mod: github.com/stretchr/testify v1.8.0, golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8, go 1.18 (#44)
- fifo_test: Add 2 tests for closing after reading (#42)
- replace pkg/errors (#41)
- fifo.Close(): prevent possible panic if fifo is nil (#32)
- Update branch name in GitHub Actions (#40)
Changes from containerd/go-cni
38 commits
- Add Go 1.20 support (#111)
- opts: add cgroupPath capability (#110)
- go.mod: github.com/containernetworking/cni v1.1.2 (#109)
- Remove references to io/ioutil package (#106)
- Update golangci/golangci-lint package (#108)
- Update GitHub actions CI workflow (#107)
- Add support for Windows default conf paths (#103)
- go.mod: github.com/stretchr/testify v1.8.0 (#104)
- go.mod: update libcni to v1.1.1 (#101)
- add in some serial setup tests; a little make cleanup (#100)
- Re-introduce serial network setup (#99)
- bump github.com/containernetworking/cni v1.1.0 (#98)
- Revert "Update loopback version to support check" (#96)
- Use revive instead of golint (#92)
- Bump go verion to 1.17 (#91)
- moving up to latest CNI plugin release (#90)
- Fix Loopback Version (#88)
- Update comment for capabilities (#89)
- Add integration test for linux and update go version from 1.16 to 1.17 (#84)
Changes from containerd/imgcrypt
49 commits
- CHANGES: Updated CHANGES document for 1.1.7 release (#97)
- Update to ocicrypt 1.1.6 and add support for zstd type of compressed layers (#96)
- build(deps): Update to containerd 1.6.8 (#92)
- tests: Add -traditional to OpenSSL command line when OSSL v3 is used (#90)
- chore: fix readme typo (#87)
- Update to min golang 1.18 (#88)
- CHANGES: Updated CHANGES document for 1.1.6 release (#85)
- build(deps): bump github.com/containerd/containerd from 1.6.1 to 1.6.6 (#83)
- CI: Upgrade to golangci-lint v1.46.2 (#84)
- CICD: Rename master branch to main (#79)
- Rename any to pbAny (#78)
- Use reflect to support diff.ApplyConfig with/without gogo's types.Any (#75)
- Upgrade golangci-lint-action and golangci-lint (#76)
- CHANGES: Updated CHANGES document for 1.1.4 release (#74)
- Bump github.com/containerd/containerd from 1.5.10 to 1.6.1 (#73)
- images: prepare for typeurl.Any (#72)
- Bump ocicrypt to 1.1.3 (#71)
- Bump github.com/containerd/containerd from 1.5.8 to 1.5.9 (#67)
Changes from containerd/nri
56 commits
- Add Go 1.20 support to CI (#30)
- Add CodeQL Security scan workflow (#31)
- fixes: sort final adjusted mount slice. (#29)
- fixes: fix resource adjustment to properly ignore unset/unadjusted fields. (#28)
- adaptation: fix mount and device adjustment. (#27)
- Make plugin timeouts configurable, adjust default socket path. (#26)
- pkg/adaptation: eliminate configuration file. (#24)
- stub: fix a potential plugin crash. (#25)
- adaptation: fix a panic for unsolicited updates. (#23)
- pkg/adaptaton: log errors with %v not %w. (#22)
- chore: cleanup old buildtags by
go fix
(#21) - add back project info (#20)
- Extend scope to enable common pluggable runtime extensions. (#16)
- Update GitHub actions CI workflow (#19)
- replace pkg/errors (#17)
- Update the examples in README.md (#15)
- Rename branch from master to main (#12)
- Update to containerd 1.5.1 (#11)
Changes from containerd/ttrpc
56 commits
- Make checkServerShutdown verbose (#128)
- server: Fix connection issues when receiving ECONNRESET (#123)
- README: protobuild is in containerd org now (#125)
- stream: fix the map of streams leak (#120)
- Regenerated pb.go files to fix mismatches (#122)
- build: Fix references to check-protos target in Makefile (#118)
- Add service prefix option to generator (#116)
- doc: ttrpc supports stream (#121)
- *: remove codecov (#114)
- Only generate a Go file if the file has some services (#112)
- *.go: organize errors to one spot (#113)
- PROTOCOL: slight markdown touchup (#111)
- Introduce streaming (#107)
- Update checkout and lint actions (#109)
- Add Makefile and update protobuf (#106)
- Add ttrpc protocol definition (#102)
- Enable Codecov again (#105)
- Use CR+LF instead of LF regardless of OS (#103)
- Log the error's underyling errno if there is (#104)
- Use google.golang.org/protobuf instead of github.com/gogo/protobuf (#99)
- Wrap correct error on unix.GetsockoptUcred failure (#100)
- Update CI project checks to use containerd project action (#101)
Dependency Changes
- github.com/AdaLogics/go-fuzz-headers 6c3934b029d8 -> 1f10f66a31bf
- github.com/AdamKorcz/go-118-fuzz-build 5330a85ea652 new
- github.com/Microsoft/go-winio v0.5.1 -> v0.6.0
- github.com/Microsoft/hcsshim v0.9.2 -> v0.10.0-rc.7
- github.com/blang/semver/v4 v4.0.0 new
- github.com/cenkalti/backoff/v4 v4.1.2 -> v4.2.0
- github.com/cespare/xxhash/v2 v2.1.2 -> v2.2.0
- github.com/cilium/ebpf v0.7.0 -> v0.9.1
- github.com/container-orchestrated-devices/container-device-interface v0.5.4 new
- github.com/containerd/btrfs/v2 v2.0.0 new
- github.com/containerd/cgroups v1.0.3 -> v1.1.0
- github.com/containerd/cgroups/v3 v3.0.1 new
- github.com/containerd/continuity v0.2.2 -> v0.3.0
- github.com/containerd/fifo v1.0.0 -> v1.1.0
- github.com/containerd/go-cni v1.1.3 -> v1.1.9
- github.com/containerd/imgcrypt v1.1.3 -> v1.1.7
- github.com/containerd/nri v0.1.0 -> v0.3.0
- github.com/containerd/ttrpc v1.1.0 -> v1.2.0
- github.com/containerd/typeurl/v2 v2.1.0 new
- github.com/containernetworking/cni v1.0.1 -> v1.1.2
- github.com/containernetworking/plugins v1.0.1 -> v1.2.0
- github.com/containers/ocicrypt v1.1.2 -> v1.1.6
- github.com/coreos/go-systemd/v22 v22.3.2 -> v22.5.0
- github.com/cpuguy83/go-md2man/v2 v2.0.0 -> v2.0.2
- github.com/cyphar/filepath-securejoin v0.2.3 new
- github.com/docker/go-units v0.4.0 -> v0.5.0
- github.com/emicklei/go-restful/v3 v3.10.1 new
- github.com/fsnotify/fsnotify v1.4.9 -> v1.6.0
- github.com/go-logr/logr v1.2.2 -> v1.2.3
- github.com/godbus/dbus/v5 v5.0.6 -> v5.1.0
- github.com/google/go-cmp v0.5.6 -> v0.5.9
- github.com/google/uuid v1.2.0 -> v1.3.0
- github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 new
- github.com/imdario/mergo v0.3.12 -> v0.3.13
- github.com/intel/goresctrl v0.2.0 -> v0.3.0
- github.com/klauspost/compress v1.11.13 -> v1.16.0
- github.com/klauspost/cpuid/v2 v2.0.4 new
- github.com/miekg/pkcs11 v1.0.3 -> v1.1.1
- github.com/minio/sha256-simd v1.0.0 new
- github.com/moby/sys/mountinfo v0.5.0 -> v0.6.2
- github.com/moby/sys/sequential v0.5.0 new
- github.com/moby/sys/signal v0.6.0 -> v0.7.0
- github.com/opencontainers/image-spec 693428a734f5 -> 3a7f492d3f1b
- github.com/opencontainers/runc v1.1.0 -> v1.1.4
- github.com/opencontainers/runtime-spec 1c3f411f0417 -> v1.1.0-rc.1
- github.com/opencontainers/runtime-tools 946c877fa809 new
- github.com/opencontainers/selinux v1.10.0 -> v1.11.0
- github.com/pelletier/go-toml v1.9.3 -> v1.9.5
- github.com/prometheus/client_golang v1.11.0 -> v1.14.0
- github.com/prometheus/client_model v0.2.0 -> v0.3.0
- github.com/prometheus/common v0.30.0 -> v0.37.0
- github.com/prometheus/procfs v0.7.3 -> v0.8.0
- github.com/russross/blackfriday/v2 v2.0.1 -> v2.1.0
- github.com/sirupsen/logrus v1.8.1 -> v1.9.0
- github.com/stretchr/testify v1.7.0 -> v1.8.2
- github.com/syndtr/gocapability 42c35b437635 new
- github.com/tchap/go-patricia/v2 v2.3.1 new
- github.com/urfave/cli v1.22.1 -> v1.22.12
- github.com/vishvananda/netlink f5de75959ad5 -> v1.2.1-beta.2
- go.etcd.io/bbolt v1.3.6 -> v1.3.7
- go.opencensus.io v0.23.0 -> v0.24.0
- go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.28.0 -> v0.37.0
- go.opentelemetry.io/otel v1.3.0 -> v1.12.0
- go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0 -> v1.12.0
- go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.3.0 -> v1.12.0
- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.3.0 -> v1.12.0
- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.3.0 -> v1.12.0
- go.opentelemetry.io/otel/metric v0.34.0 new
- go.opentelemetry.io/otel/sdk v1.3.0 -> v1.12.0
- go.opentelemetry.io/otel/trace v1.3.0 -> v1.12.0
- go.opentelemetry.io/proto/otlp v0.11.0 -> v0.19.0
- golang.org/x/crypto 32db794688a5 -> v0.1.0
- golang.org/x/mod v0.7.0 new
- golang.org/x/net fe4d6282115f -> v0.7.0
- golang.org/x/oauth2 2bc19b11175f -> v0.4.0
- golang.org/x/sync 036812b2e83c -> v0.1.0
- golang.org/x/sys 1d35b9e2eb4e -> v0.6.0
- golang.org/x/term 6886f2dfbf5b -> v0.5.0
- golang.org/x/text v0.3.7 -> v0.7.0
- golang.org/x/time 1f47c861a9ac -> 90d013bbcef8
- golang.org/x/tools v0.5.0 new
- google.golang.org/genproto e50cd9704f63 -> 7f2fa6fef1f4
- google.golang.org/grpc v1.43.0 -> v1.53.0
- google.golang.org/protobuf v1.27.1 -> v1.28.1
- gopkg.in/yaml.v3 496545a6307b -> v3.0.1
- k8s.io/api v0.22.5 -> v0.26.2
- k8s.io/apimachinery v0.22.5 -> v0.26.2
- k8s.io/apiserver v0.22.5 -> v0.26.2
- k8s.io/client-go v0.22.5 -> v0.26.2
- k8s.io/component-base v0.22.5 -> v0.26.2
- k8s.io/cri-api v0.23.1 -> v0.26.2
- k8s.io/klog/v2 v2.30.0 -> v2.90.1
- k8s.io/utils cb0fa318a74b -> a5ecb0141aa5
- sigs.k8s.io/json f223a00ba0e2 new
- sigs.k8s.io/structured-merge-diff/v4 v4.1.2 -> v4.2.3
- sigs.k8s.io/yaml v1.2.0 -> v1.3.0
Previous release can be found at v1.6.0
Which file should I download?
containerd-<VERSION>-<OS>-<ARCH>.tar.gz
: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04).containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz
: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent.cri-containerd-<VERSION>-<OS>-<ARCH>.tar.gz
: (Deprecated)cri-containerd-cni-<VERSION>-<OS>-<ARCH>.tar.gz
: (Deprecated)
In addition to containerd, typically you will have to install runc
and CNI plugins from their official sites too.
See also the Getting Started documentation.