Skip to content

@runcom runcom released this Oct 19, 2018 · 127 commits to release-1.12 since this release

Welcome to the v1.12.0 release of CRI-O!

Kubernetes Runtime Class

Kubernetes Runtime Class introduced in Kubernetes 1.12 is supported. Notice that a feature gate must be enabled in the kubelet in order to leverage Runtime Class.
Users can:

  • Configure alternative runtime handlers with the config option crio.runtime.runtimes, e.g. crio.runtime.runtimes.kata.
  • Use the alternative runtime handler in Kubernetes by creating RuntimeClass for the runtime handler, and specifying RuntimeClassName in the pod spec. (doc)
  • The crio.runtime.runtime_untrusted_wordload config option and io.kubernetes.cri.untrusted-workload pod annotation are still functional, but start being deprecated. It is recommended to migrate to the RuntimeClass api.
  • The crio.runtime.default_workload_trust config option is still functional, but start being deprecated. It is recommended to migrate to the RuntimeClass api.
  • The crio.runtime.runtime config option and associated flag is still functional, but start being deprecated. It is recommended to migrate to the crio.runtime.runtimes config and flag.
  • A new crio.runtime.default_runtime config and flag options have been added to choose the default runtime to use in CRI-O from the list of crio.runtime.runtimes.

Please try out the release binaries and report any issues at
https://github.com/kubernetes-sigs/cri-o/issues.

Contributors

  • Antonio Murdaca
  • Archana Shinde
  • Chris Evich
  • Daniel J Walsh
  • Eric Ernst
  • Giuseppe Scrivano
  • Klaas Demter
  • Mikko Ylinen
  • Miloslav Trmač
  • Mrunal Patel
  • RA489
  • Salvador Fuentes
  • Sebastien Boeuf
  • Urvashi Mohnani
  • Valentin Rothberg
  • Vincent Batts
  • W. Trevor King
  • baude
  • k8s-ci-robot
  • mooncake
  • umohnani8
  • wjiang

Changes

  • 774a29e version: bump to v1.12.0
  • 70d5f53 docs: tweak crio and crio.conf man pages
  • 70d1af3 config: provide a default runtime and deprecate the runtime option
  • 74bf699 Fix typos issues
  • 7b7f745 cri: Implement runtime handler support
  • 075c2c4 Don't use runc kill -all
  • 32875a2 sandbox_run: skip sctp protocol hostport mapping
  • b1f9231 container_create: honor readonly and masked paths from the CRI
  • 8474b0f vendor: update to kube 1.12
  • f90cdc4 Merge pull request #1828 from runcom/nodev-1.12
  • 38ba6a0 BACKPORT: Add nodev to options of bind mounts from kube
  • 7c2e747 Merge pull request #1846 from runcom/sigpipe-sigusr1
  • 14bea82 Merge pull request #1844 from runcom/ulimits-1.12
  • ec2714a Write crio goroutine stacks to a file on SIGUSR1
  • b7d3737 utils: Add function to write goroutine stacks to a file
  • d927396 utils: Add function to write goroutine stacks
  • 47a645c cmd: crio: catch and ignore SIGPIPE
  • f48d6d5 Merge pull request #1845 from mrunalp/fix_sync_1.12
  • 9ca60a5 Use fsync instead of sync for stateful set tests
  • c0fe672 *: implement default ulimits for containers
  • 2cbe48b Merge pull request #1817 from mythi/leak
  • 3f0532b runPodSandbox: clean up containers on error path
  • 1feff83 Merge pull request #1814 from umohnani8/vendor
  • 11315cb Vendor in latest containers/image and containers/storage
  • 3b00e35 Merge pull request #1754 from mrunalp/ctr_status_info
  • 6e39d0c Merge pull request #1748 from amshinde/cni-results
  • 855a361 container_status: Add debug info for container
  • 2c42334 Merge pull request #1807 from mrunalp/tty_logs_crictl_master
  • 71f8460 Merge pull request #1803 from mrunalp/fix_list_create_race
  • 82ddcec test: Use crictl logs for parsing log file in tty test
  • 7ca2f91 sandbox: Don't return sandboxes that aren't created
  • d16f817 sandbox: Add a created flag with getter/setters
  • 3fa004a sandbox: Rename Sandbox created to createdAt
  • 980300c container: Don't return a container that isn't created
  • 86ffce2 oci: Add a created flag and getter/setter for container
  • 8afc340 Merge pull request #1799 from umohnani8/test
  • f3625e6 Pick up new tests for critest
  • ade2898 Merge pull request #1772 from runcom/e2e-parallel
  • 220612d cni: Add CNI result JSON as an annotation
  • 95c7b21 vendor: fixes from 1783
  • d6e0e40 *: move to bats-core/bats-core
  • 3eafb47 contrib: test: remove critest benchmarks
  • 50513b7 contib: test: enable critest junit reports
  • 7fe7ee2 contrib: test: use release-* branches, not master
  • 0cca478 server: don't wipe out the selinux mount label if privileged
  • 9130c8f sandbox_list: use in memory created time
  • 52f0336 ctr status: rely on memory, not runc state
  • fb1095a image_pull: fix variable shadowing
  • ad5f6af contrib: test: skip pod readiness gates test
  • a3041d8 contrib: test: run e2e in parallel
  • 7402a30 Merge pull request #1786 from mrunalp/rename_fixup
  • e26db4c sandbox_status: Use simple key->value for debug info
  • 4d584dc test: Fixup kubernetes-incubator to kubernetes-sigs
  • c53ff7d Merge pull request #1788 from mrunalp/add_crio_sigs_dir
  • 05c1e8d test: Add directory for kubernetes-sigs
  • 4cd5a7c Merge pull request #1783 from mrunalp/move_to_sigs
  • f11cad3 Fixups for cri-o repo move to kubernetes-sigs
  • 0db4c4d Merge pull request #1773 from Klaas-/klaas-fixman
  • 6fd7702 Fix manpage to correctly state default storage driver
  • 9246d35 Merge pull request #1749 from vrothberg/conf-manpage
  • 63860a4 Merge pull request #1579 from cevich/int_with_userns
  • 50539c3 crio.conf(5): update manpage to the latest state
  • 3fc75c5 Merge pull request #1721 from umohnani8/sysctl
  • ea19b02 Merge pull request #1761 from runcom/redunant-image-check
  • 03cdc9c image_pull: remove redunant CanPull check
  • 2376343 Merge pull request #1759 from mrunalp/go_1.11_travis
  • 0214898 Fix formatting for Warnf
  • b2bc34a travis: Switch to go 1.11
  • decbac9 Merge pull request #1758 from runcom/ignore-server-closed-stream
  • ca3d2ca Merge pull request #1756 from mrunalp/go_1.11
  • 6e093f1 server: ignore server closed error
  • 92297ca test: Switch to go 1.11
  • 841539d Remove sysctl parsing code from cri-o
  • 0337ab8 Add default_systcls option to crio.conf
  • aa4f63c Merge pull request #1755 from mrunalp/update_runc
  • 6c4e857 Update runc to latest
  • c71d473 Merge pull request #1743 from vrothberg/use-libpod-pkg-apparmor
  • 2d93070 apparmor: use github.com/containers/libpod/pkg/apparmor
  • b6c5caf Merge pull request #1696 from sboeuf/issue_1695
  • 93f44c2 oci: Define a timeout for WaitContainerStateStopped()
  • 2accad9 Merge pull request #1729 from giuseppe/rootless
  • df9f176 Merge pull request #1744 from giuseppe/fix-reboot
  • 65c41c1 crio: basic support for rootless mode
  • 4781927 crio: revert 9699d24
  • 6e03ced oci: fix segfault if cgroupfs cannot be configured
  • ef4367d oci: propagate XDG_RUNTIME_DIR to conmon
  • 7390e9c config: allow to override attach socket dir
  • 26253ad config: add missing container_exits_dir to the config template
  • eea99fa config: allow to override file_locking_path
  • 099237f Merge pull request #1739 from rhatdan/podman
  • 3ae1121 Merge pull request #1741 from mrunalp/low_mem_test_latest
  • 149d71e test: Add a test for low memory configured
  • f9ce540 Merge pull request #1722 from mrunalp/check_min_memory
  • 2a7ac79 Merge pull request #1735 from rhatdan/volume
  • f480b55 Begin shifting to use podman rather then docker
  • 6ceadd8 Merge pull request #1718 from vrothberg/fix-aa-build
  • d6dfba3 config: move file_locking to the correct place
  • c541e7c Merge pull request #1724 from giuseppe/fix-segfault-conmon
  • 27eb4ac Image Volumes should be bind mounted as private
  • c4f232a Merge pull request #1731 from mtrmac/c-image-vendor
  • 4e7f71b Update containers/image
  • 59f037f Merge pull request #1720 from RA489/addlicense
  • 52d9c79 Create LICENSE
  • d5c3b25 container_create: Set a minimum memory limit
  • 3c30a2f conmon: fix segfault when --log-level is not specified
  • d724f3d Merge pull request #1719 from mrunalp/update_k8s_latest
  • 896b284 vendor: Update k8s dependencies to latest
  • acc0ee7 Merge pull request #1717 from wjiangjay/conmon_typo
  • 73b6901 Fix AppArmor build
  • 4640cc4 fix typo
  • 909d63b Merge pull request #1716 from runcom/ipv6-fix
  • 1c0a87d Merge pull request #1693 from umohnani8/logs
  • 7225e6c sandbox_network: allow ipv6 addresses
  • 4c587e6 Merge pull request #1714 from runcom/stream-localhost-random-port
  • cda282e Merge pull request #1517 from wking/upstream-hook-schema
  • a546088 server: serve streaming on localhost on a random port
  • 662dbb3 Add log-level option to conmon and crio.conf
  • 3961eb3 Merge pull request #1705 from chavafg/topic/add-stream-port
  • ec7245b Merge pull request #1707 from runcom/fix-caps-error-invalid
  • d2bcd76 server/container_create: error out if capability is unknown
  • 36e1f95 tests: Add the possibility to change stream_port
  • 99fe854 vendor: Bump libpod to v0.6.2 and vendor x/text/collate
  • 50d4993 lib: Use libpod's hooks package
  • 59f9418 Merge pull request #1701 from egernst/kata-priv
  • dd88b2d Merge pull request #1699 from umohnani8/tutorial
  • 49844dc oci: update privilege/trust handling
  • cc96565 Remove "--log-level debug" from service file
  • 121d5aa Secondary run of int. tests w/ userNS
  • 57c4053 Merge pull request #1698 from giuseppe/conmon-close-fds-before-exit
  • 569bb53 Fixes based on review feedback
  • 19fa4a9 conmon: close extra files before exit
  • f81a88f Simplify definition of STORAGE_OPTIONS
  • 001ef63 Allow running int. tests with userns enabled
  • ad14032 Merge pull request #1655 from vbatts/platform-015
  • 965cf18 server: isolate linux only functions
  • 891c825 server: clean up the intermediate steps in createContainer
  • 2062d90 server: Listen named pipe on windows
  • f7aeb28 server: paths updates for server socket
  • f606604 server: shuffle platform dependent operations
  • 1af50d7 Merge pull request #1672 from rhatdan/maxint32
  • b68ada4 Merge pull request #1682 from wking/mask-proc-keys
  • 50bac1d server/container_create: Mask /proc/keys
  • 3374df8 Merge pull request #1677 from chavafg/topic/remove-sleep
  • 25055c0 Merge pull request #1679 from rhatdan/acpi
  • 722fc52 Block use of /proc/acpi from inside containers
  • e2f8d97 tests: remove more sleeps from ctr.bats
  • 14c22de Merge pull request #1676 from baude/vendorruntimetools
  • c8062b3 4294967295 does not fit in an int on 32 bit systems
  • 0d1078d vendor in new opencontainers/runtime-tools
  • 9a46eba Merge pull request #1675 from mrunalp/change_version
  • 09aa3e6 version: v1.12.0-dev
  • c1c2cf1 Merge pull request #1670 from mrunalp/remove_extra_config
  • 9699d24 server: Don't make additional copy of config.json
  • 3b86cde Merge pull request #1665 from mrunalp/readme_update_1.11
  • e49b4cd readme: Add 1.11 to compatibility matrix
  • 168d532 Merge pull request #1649 from rhatdan/vendor
  • bbf55c0 Merge pull request #1654 from wking/phony-pattern-rules
  • 0bd3087 Vendor in latest go-selinux so that it supports non linux builds
  • 45ccf08 Merge pull request #1660 from vbatts/platform-017
  • 0758fc0 vendor: update github.com/cri-o/ocicni
  • 41667a3 Merge pull request #1630 from vbatts/seccomp-pkg
  • ec535f6 Merge pull request #1634 from vbatts/platform-014
  • 1bf8625 Merge pull request #1656 from chavafg/topic/fix-rc
  • d7c5b56 tests: Add timeout before stop container.
  • ffc167d Makefile: Add .explicit_phony target for bin/crio.cross.%
  • 1a11fe2 seccomp: package not limited to server
  • f9f8a53 Merge pull request #1651 from umohnani8/logs
  • 4c3ca18 *: windows default paths
  • 768c779 Merge pull request #1645 from giuseppe/sc-change-centos-repo
  • aa4994b Reduce amount of logs being printed by default
  • 887d3a8 system-container: change repo for CentOS
  • 953f837 Merge pull request #1506 from vbatts/platform-010
  • 9419abb Merge pull request #1646 from giuseppe/sc-maintainer
  • 9a1890c system-container, fedora: update maintainer
  • dbfd062 system-container, centos: update maintainer
  • 049d941 Merge pull request #1643 from mrunalp/update_ocicni
  • f9ae39e Merge pull request #1641 from giuseppe/conmon-dont-unset-env
  • d1fbcf8 Update ocicni to latest
  • 0acf849 conmon: do not use an empty env when running the exit command
  • ec671e3 travis: test cross platform compile
  • e5031fc Makefile: target to for cross platform

Dependency Changes

Previous release can be found at v1.11.0

  • 258e2a2fa64568210fbd6267cf1d8fd87c3cb86e -> 045dc31ee5c40e8240241ce28dc24d7b56130373 k8s.io/utils
  • -> release-1.12 k8s.io/csi-api
  • fdbc3d6d9507f699bbfd557dce0640c02b5f60e4 -> 1c243a8a8eb44d491790798afc9b634c6f6a6380 github.com/opencontainers/runtime-tools
  • -> a6bd8cefa1811bd24b86f8902872e4e8225f74c4 golang.org/x/oauth2
  • release-1.11 -> release-1.12 k8s.io/kubernetes
  • release-8.0 -> release-9.0 k8s.io/client-go
  • release-1.11 -> release-1.12 k8s.io/api
  • release-1.11 -> release-1.12 k8s.io/apimachinery
  • -> 05fbef0ca5da472bbf96c9322b84a53edc03c9fd github.com/modern-go/reflect2
  • bf40560368791a7dddfeea9b3cfcf89b34139f44 -> e3762e86a74c878ffed47484592986685639c2cd k8s.io/kube-openapi
  • 1.0.0 -> f2b4162afba35581b6d4a50d3b8f34e33c144682 github.com/json-iterator/go
  • v2.1.3 -> 89060dee6a84df9a4dae49f676f0c755037834f1 gopkg.in/square/go-jose.v2
  • -> bacd9c7ef1dd9b15be4a9909b8ac7a4e313eec94 github.com/modern-go/concurrent
  • -> v0.8.3 github.com/containers/libpod
  • a763f065e909662a2a71e8c5b72f87d998720526 -> 8f11f3ad8912d8bc43a7d25992b8f313ffefd430 github.com/containers/image
  • 6ccd0b50d53ae771fe5259ff7a4039110777aa2d -> b6fa367ed7f534f9ba25391cc2d467085dbb445a github.com/opencontainers/selinux
  • 7374120527ddb7edb1c946579413a6f8a3585407 -> 84aa158d2bacf95147b2b0a89615dd665630f440 github.com/cri-o/ocicni
  • 88d80428f9b146f8f9fe7e2e8cc8688a5aae1a4e -> 68332c059156eae970a03245cfcd4d717fb66ecd github.com/containers/storage
  • release-1.11 -> release-1.12 k8s.io/apiserver
  • ce80fa0a64803d52883955cb77b2708b438a0b28 -> 459bfaec1fc6c17d8bfb12d0a0f69e7e7271ed2a github.com/opencontainers/runc
  • -> v0.5.4 github.com/ulikunitz/xz
  • release-1.11 -> release-1.12 k8s.io/apiextensions-apiserver
Assets 2
You can’t perform that action at this time.