|
| 1 | +# commit to be tagged for new release |
| 2 | +commit = "HEAD" |
| 3 | + |
| 4 | +project_name = "containerd" |
| 5 | +github_repo = "containerd/containerd" |
| 6 | +match_deps = "^github.com/(containerd/[a-zA-Z0-9-]+)$" |
| 7 | + |
| 8 | +# previous release |
| 9 | +previous = "v1.1.0" |
| 10 | + |
| 11 | +pre_release = true |
| 12 | + |
| 13 | +preface = """\ |
| 14 | +The third major release of containerd brings both a mix of boring and |
| 15 | +exciting changes. While fixing many bugs and continuing support for the |
| 16 | +containerd 1.0 API, new APIs and interfaces have been added to allow |
| 17 | +containerd to be more extensible and cover more use cases. |
| 18 | +
|
| 19 | +## New V2 Runtime |
| 20 | +
|
| 21 | +A new v2 runtime has been added with a stable gRPC interface for managing |
| 22 | +containers through external shims. |
| 23 | +
|
| 24 | +This allows runtime authors to easily integrate with containerd over a stable |
| 25 | +API. |
| 26 | +
|
| 27 | +Various runtimes can be selected on a per container basis using the `WithRuntime` opt |
| 28 | +or to test via ctr `ctr run --runtime io.containerd.runc.v1`. |
| 29 | +
|
| 30 | +[Documentation](https://github.com/containerd/containerd/blob/master/runtime/v2/README.md) |
| 31 | +
|
| 32 | +## Updated CRI Plugin |
| 33 | +
|
| 34 | +Containerd 1.2 is validated against Kubernetes v1.11 and v1.12, but it is also compatible with Kubernetes v1.10. |
| 35 | +
|
| 36 | +***To use containerd 1.2 with Kubernetes v1.10, be sure to run the stream server on an address accessible to the apiserver. A simple way is to set `stream_server_address=""` in the `[plugins.cri]` section of `containerd.toml`, so that `cri` plugin will automatically select a routable node address.*** |
| 37 | +
|
| 38 | +### Kubernetes Runtime Class |
| 39 | +[Kubernetes Runtime Class](https://github.com/kubernetes/community/blob/master/keps/sig-node/0014-runtime-class.md) introduced in Kubernetes 1.12 is supported. |
| 40 | +
|
| 41 | +Users can: |
| 42 | +* Configure alternative runtime handlers with the config option `plugins.cri.containerd.runtimes.runtime_handler_name`, e.g. `plugins.cri.containerd.runtimes.kata`. ([config.md](https://github.com/containerd/cri/blob/release/1.2/docs/config.md)) |
| 43 | +* Use the alternative runtime handler in Kubernetes by creating `RuntimeClass` for the runtime handler, and specifying `RuntimeClassName` in the pod spec. ([examples](https://github.com/kubernetes/community/blob/master/keps/sig-node/0014-runtime-class.md#examples)) |
| 44 | +
|
| 45 | +***The `plugins.cri.containerd.untrusted_workload_runtime` config option and `io.kubernetes.cri.untrusted-workload` pod annotation are still functional, but start being deprecated. It is recommended to migrate to the `RuntimeClass` api.*** |
| 46 | +
|
| 47 | +### Other Features |
| 48 | +* Supported [`ProcMount`](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/auth/proc-mount-type.md) option introduced in Kubernetes 1.12. |
| 49 | +* Added a new config option `plugins.cri.registry.auths` for user to config default credentials for specific registries. ([doc](https://github.com/containerd/cri/blob/release/1.2/docs/registry.md#configure-registry-credentials)) |
| 50 | +* Added a new config option `plugins.cri.x509_key_pair_streaming` for user to config a valid certificate for the stream server. ([config.md](https://github.com/containerd/cri/blob/release/1.2/docs/config.md)) |
| 51 | +
|
| 52 | +### Notable Changes |
| 53 | +* `cri` plugin can see images pulled/imported into containerd by `ctr images pull` and `ctr images import`. |
| 54 | +* CNI config is now dynamically reloaded when changed. |
| 55 | +* IPv4 address is guaranteed to be selected, when there are both IPv4 and IPv6 addresses for a pod. |
| 56 | +* Privileged untrusted workload is allowed, the workload will get privilege inside the sandbox. |
| 57 | +* `cri` plugin stream server serves on `http://localhost:0` by default. This is to work with the [kubelet streaming proxy](https://github.com/kubernetes/kubernetes/pull/64006) introduced in Kubernetes 1.11. |
| 58 | +* Fixed an issue that a container can't be stopped when container processes are accidentally moved out of the container cgroups. |
| 59 | +* `cluster/health-monitor.sh` in the release tarball will be deprecated next release. Please use Kubernetes [health-monitor.sh](https://github.com/kubernetes/kubernetes/blob/release-1.12/cluster/gce/gci/health-monitor.sh) instead. |
| 60 | +
|
| 61 | +## New Proxy Plugins |
| 62 | +
|
| 63 | +A new proxy plugin configuration has been added to allow external snapshotters |
| 64 | +be connected to containerd using gRPC. |
| 65 | +
|
| 66 | +[Documentation](https://github.com/containerd/containerd/blob/master/PLUGINS.md) |
| 67 | +
|
| 68 | +## Managed /opt directory |
| 69 | +
|
| 70 | +A new `Install` method on the containerd client allows users to publish host level |
| 71 | +binaries using standard container build tooling and container distribution tooling |
| 72 | +to download containerd related binaries on their systems. |
| 73 | +
|
| 74 | +This can be used for v2 runtime authors to get their runtime shims on an existing |
| 75 | +containerd system. It can also be used to install `runc` and other related tools. |
| 76 | +
|
| 77 | +```bash |
| 78 | +> ctr content fetch docker.io/crosbymichael/runc:latest |
| 79 | +> ctr install docker.io/crosbymichael/runc:latest |
| 80 | +``` |
| 81 | +
|
| 82 | +[Documentation](https://github.com/containerd/containerd/blob/master/docs/managed-opt.md) |
| 83 | +
|
| 84 | +## Garbage Collection |
| 85 | +
|
| 86 | +Add support for cleaning up leases and content ingests to garbage collections. |
| 87 | +
|
| 88 | +Add expiration label to clean up temporary resources. |
| 89 | +
|
| 90 | +## API Changes |
| 91 | +
|
| 92 | +Minor API additions |
| 93 | +
|
| 94 | +## Other Improvements |
| 95 | +
|
| 96 | +Improved multi-arch image support using more precise matching and ranking""" |
| 97 | + |
| 98 | +# notable prs to include in the release notes, 1234 is the pr number |
| 99 | +[notes] |
| 100 | + |
| 101 | +[breaking] |
| 102 | + |
| 103 | +[rename_deps] |
| 104 | + [rename_deps.ttrpc] |
| 105 | + old = "github.com/stevvooe/ttrpc" |
| 106 | + new = "github.com/containerd/ttrpc" |
0 commit comments