Skip to content

containerd 1.3.0

Choose a tag to compare

View all tags
@dmcgowan dmcgowan released this 27 Sep 01:10
v1.3.0
This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Verified
Learn about vigilant mode.
36cf5b6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Welcome to the v1.3.0 release of containerd!

The fourth major release of containerd comes 11 months after the previous
major release and covers a period of both significant project growth and
further stabilization. Similar to previous releases, the number of API changes
are small and, as always, backwards compatible. The growing ecosystem of plugins
and users have driven improvements to make containerd more configurable, usable,
and pluggable. On Windows, this release brings a new runtime utilizing the shim
API. For clients, there are many new features and improvements completely
implemented in the client libraries without requiring daemon upgrade.

Runtime

  • New Windows V2 runtime using shim API. Adds support for the Windows runtime shims in containerd. NOTE: while containerd's runtime is stable in this release, running Windows containers are not yet fully supported until the runhcs shim is fully supported.
  • Improvements to ttrpc. For better daemon to shim communication (#3341)
  • Removed experimental Windows V1 runtime
  • Update runc dependency Updated runc for CVE-2019-16884

Snapshots

  • New Devmapper snapshotter (#3022)
  • Improved label support for plugins. Allows snapshot plugins to use labels from clients for advanced use cases

Plugins

  • Support for plugins registering as a TCP service
  • Configurable plugin directory
  • Add stream processor plugin. Allow handling of custom media types during unpack (#3482)

Client

  • Default handling from namespace labels. Allows defaults to be configured per containerd namespace (#3403)
  • Improved Docker resolver with mirroring support
  • Support for cross repository push (#3218)

API

  • Add support for direct resource management in leases (#3304)
  • Add ttrpc service for shim event publishing
  • Add annotations to descriptors in API
  • Add id to TaskDelete event message to match exec id
  • Add payload parameter to apply in diff service API

CRI

This version of containerd is validated against v1.16, but it is also compatible with Kubernetes v1.12+. (See more details about support metrics)

Features

  • Supported per-pod containerd shim. The io.containerd.runc.v2 runtime is fully validated and ready to be used in production. This helps minimizing per-pod resource overhead. Note that io.containerd.runtime.v1.linux is still the default runtime. (containerd/cri#1075)
  • Added file-based generic runtime config options. This will be used by out-of-tree runtimes like gvisor and kata (containerd/cri#1029), e.g.
[plugins.cri.containerd.runtimes.kata]
  runtime_type = "io.containerd.kata.v1"
[plugins.cri.containerd.runtimes.kata.options]
  TypeUrl = "io.containerd.kata.v1.options"
  ConfigPath = "/etc/kata/config.toml"
  • Added the pod_annotations runtime option. Pod annotations specified in the list will be passed to the runtime as OCI annotations. This enables runtimes to support annotation-based experimental features. (containerd/cri#1084)
  • Added stream_idle_time option. This makes idle connection timeout of the streaming server configurable. (containerd/cri#1057)
  • Added traffic shaping pod annotations support. NOTE: traffic shaping is still an experimental feature in Kubernetes. (containerd/cri#1150)
  • Added max_conf_num option to plugins.cri.cni. This makes it possible to setup multiple CNI networks in a pod. NOTE: multi-network is not an officially supported feature in Kubernetes.(containerd/cri#1154)
  • Added plugins.cri.registry.configs option to support TLS and auth configs of registries. (containerd/cri#1143) NOTE: Non-mutual TLS is also supported. (#3521) (see registry.md for more details)
  • Added tcp endpoint for CRI service. The tcp service can be disabled with the disable_tcp_service option, and it is disabled by default. (containerd/cri#1181)
  • Added max_concurrent_downloads option to restrict the number of concurrent downloads for each image. The default concurrency is 3. (containerd/cri#1211)
  • Added privileged_without_host_devices runtime option to disable host devices for privileged pods for the runtime. This is especially useful for runtimes like kata. (containerd/cri#1213)
  • Supported IPv4/IPv6 dualstack. See Kubernetes dual-stack doc for more information. To enable dual-stack, your CNI plugin needs to support it. If you are using the CNI config template, see how to configure it to support dual-stack.

Enhancements

  • Avoided Status lockup when CNI network setup/teardown is slow. (containerd/cri#1078)
  • Added CNI config in Status (crictl info) output. (containerd/cri#1158)
  • Supported URL path in plugins.cri.registry.mirrors, e.g. https://my.custom.registry/anypath. (containerd/cri#1227)
  • Added wildcard * support in plugins.cri.registry.mirrors. (containerd/cri#1196)
  • Removed an unnecessary round-trip to the image registry when pulling image. (containerd/cri#1229)
  • Updated cni library to v0.7.1 which has better context cancellation support. (containerd/cri#1236)
  • Updated cni plugins to v0.7.6 to fix a race condition in the bridge plugin. (#3507)

Deprecation

  • ctr cri load command is deprecated, use ctr -n=k8s.io images import instead.(containerd/cri#909)
  • The plugins.cri.containerd.default_runtime option is deprecated, use plugins."io.containerd.grpc.v1.cri".containerd.default_runtime_name instead. (containerd/cri#1076)
  • Runtime options including systemd_cgroups, runtime_engine and runtime_root are deprecated, use runtime options instead. (containerd/cri#1217)
  • runtimeHandler field is moved from the sandbox info into status. (containerd/cri#1063)
  • plugins.cri.registry.auths is deprecated, use plugins.cri.registry.configs instead. (containerd/cri#1227)

Other

  • Support additional garbage collection labels. Allows more advanced resource management use cases on the client
  • Fix garbage collection scheduling on reference removal. Ensures removal of leases or containers triggers the next scheduled garbage collection

And many more improvements and bug fixes in the complete changelog

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Michael Crosby
  • Lantao Liu
  • Phil Estes
  • Derek McGowan
  • Sebastiaan van Stijn
  • Justin Terry
  • Wei Fu
  • Maksym Pavlenko
  • Mike Brown
  • Akihiro Suda
  • Ace-Tang
  • John Howard
  • Stefan Berger
  • Kevin Parsons
  • Evan Hazlett
  • Lifubang
  • zhoulin xie
  • Li Yuxuan
  • Gábor Lipták
  • Brandon Lum
  • Brian Goff
  • Georgi Sabev
  • Eric Hotinger
  • Johannes M. Scheuermann
  • Tõnis Tiigi
  • zhangyue
  • Aldo Culquicondor
  • Guangming Wang
  • Nikhil Soni
  • Andrey Kolomentsev
  • BoWen Yan
  • Davor Kapsa
  • Eric Lin
  • Eric Ren
  • Fahed Dorgaa
  • Haiyan Meng
  • Hui Zhu
  • Nitesh Konkar
  • Odin Ugedal
  • Shengjing Zhu
  • Shukui Yang
  • Su Fei
  • chentanjun
  • yuxiaobo
  • Benjamin Elder
  • Carlos Eduardo
  • Cedric Clerget
  • Charles Kenney
  • Daniel, Dao Quang Minh
  • Edgar Lee
  • Eli Uriegas
  • Jack Baines
  • Jared Cordasco
  • Jintao Zhang
  • Justin Cormack
  • Kathryn Baldauf
  • Mark Gordon
  • Nishchay Kumar
  • Peter Wagner
  • Stephen J Day
  • Tibor Vass
  • Yu Yi
  • kuramal
  • lifupan
  • zhenguang zhu
  • Aleksa Sarai
  • Alex Price
  • Antonio Ojea
  • Archana Shinde
  • Ashley Sykes
  • Avi Kivity
  • Bingshen Wang
  • Brent Baude
  • Chris Mark
  • Cong Liu
  • Danni Xia
  • Darren Shepherd
  • Erik Sipsma
  • Georgia Panoutsakopoulou
  • Grant Seltzer Richman
  • Haines Chan
  • Harshal Patil
  • Henrik Schmidt
  • Iskander (Alex) Sharipov
  • Jaime Caamaño Ruiz
  • Jean Rouge
  • Ji'an Liu
  • Jie Zhang
  • Jing Rui
  • Joe Borg
  • John Starks
  • Julia Nedialkova
  • Julien Balestra
  • Kasper Fabæch Brandt
  • Kenta Tada
  • Konstantin Maksimov
  • Lajos Papp
  • Madhan Raj Mookkandy
  • Mattias Appelgren
  • Michael Katsoulis
  • Michael Wan
  • Niels de Vos
  • Oliver Stenbom
  • Peng Wang
  • Sarang Joshi
  • Shengjing Zhu
  • Tim Allclair
  • Tobias Klauser
  • Veeraiah Chowdary Nuvvula
  • Vlad Ungureanu
  • Wei Zhang
  • Yangyang
  • Yikun Jiang
  • Yuxing Liu
  • caozhihao
  • jiangpengfei
  • wanghuaiqing
  • zhongming chang

Changes

Read more
Assets 4
Loading