Skip to content

containerd 1.6.9

Choose a tag to compare

View all tags
@github-actions github-actions released this 24 Oct 17:46
· 6476 commits to main since this release
v1.6.9
This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Verified
Learn about vigilant mode.
1c90a44
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Welcome to the v1.6.9 release of containerd!

The ninth patch release for containerd 1.6 contains various fixes, reorders the pod setup workflow in the CRI plugin to
prevent CNI resource leaks, and includes a new version of runc.

Notable Updates

  • Update oci.WithDefaultUnixDevices(): remove tun/tap from the default devices (#7268)
  • Fix CRI: Do not append []string{""} to command to preserve Docker compatibility (#7298)
  • Enhance CRI: ContainerStatus to return container resources (#7410)
  • Fix OCI resolver to skip TLS verification for localhost (#7438
  • Fix createTarFile: make xattr EPERM non-fatal (#7447)
  • Fix CRI plugin to setup pod network after creating the sandbox container (#7456)
  • Fix OCI pusher to retry request on writer reset (#7461)
  • Fix archive to validate digests before use (#7490)
  • Migrate from k8s.gcr.io to registry.k8s.io (#7549)
  • Fix CRI: PodSandboxStatus should tolerate missing task (#7551)
  • Fix io.containerd.runc.v1: Stats() shouldn't assume s.container is non-nil (#7557)
  • Enhance CRI plugin to add logging volume metrics (#7571)
  • Add support for CAP_BPF and CAP_PERFMON (#7574)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Sebastiaan van Stijn
  • Akihiro Suda
  • Wei Fu
  • Samuel Karp
  • Kazuyoshi Kato
  • Maksym Pavlenko
  • Derek McGowan
  • Phil Estes
  • Qiutong Song
  • ruiwen-zhao
  • zounengren
  • Akhil Mohan
  • Andrey Klimentyev
  • Benjamin Elder
  • Henry Wang
  • Iceber Gu
  • Paco Xu
  • Sophie Liu
  • Ye Sijun
  • rongfu.leng

Changes

68 commits

  • [release/1.6] Prepare release notes for v1.6.9 (#7573)
  • [release/1.6] adding support of CAP_BPF and CAP_PERFMON (#7574)
    • 346412f5a adding support of CAP_BPF and CAP_PERFMON
  • [release/1.6] Add logging volume metrics to Containerd CRI plugin (#7571)
    • a956d8415 Add logging volume metrics to Containerd CRI plugin
  • [release/1.6] fix pusher concurrent close channel (#7562)
    • 29e2dea50 fix pusher concurrent close channel
  • [release/1.6] Stats() shouldn't assume s.container is non-nil (#7557)
    • 8a9d69385 [release/1.6] Stats() shouldn't assume s.container is non-nil
  • [release/1.6] cri: PodSandboxStatus should tolerate missing task (#7551)
    • a9adc7938 cri: PodSandboxStatus should tolerate missing task
  • [release/1.6] migrate from k8s.gcr.io to registry.k8s.io (#7549)
    • b66eb726a migrate from k8s.gcr.io to registry.k8s.io
  • [release/1.6] upgrade containerd/continuity from v0.2.2 to v0.3.0 (#7518)
    • 5b40993a5 [release/1.6] upgrade containerd/continuity from v0.2.2 to v0.3.0
  • [release/1.6] Update container with sandbox metadata after NetNS is created (#7505)
    • f2376e659 Update container with sandbox metadata after NetNS is created
  • [release/1.6] archive: validate digests before use (#7490)
    • 06f82efef archive: validate digests before use
  • [release/1.6] Update go 1.18.7, addresses CVE-2022-2879, CVE-2022-2880, CVE-2022-41715 (#7475)
  • [release/1.6] retry request on writer reset (#7461)
  • [release/1.6] Setup pod network after creating the sandbox container (#7456)
    • b9a35c6af Add integration tests with failpoint
    • 1f29fac48 Persist container and sandbox if resource cleanup fails, like teardownPodNetwork
  • [release/1.6] test: introduce failpoint control to runc-shimv2 and cni (#7455)
    • a85709c6c integration: simplify CNI-fp and add README.md
    • d89a8d223 pkg/failpoint: add FreeBSD link and update pkg doc
    • b0ce2965a integration: Add injected failpoint testing for RunPodSandbox
    • a7f956d86 integration: CNI bridge wrapper with failpoint
    • 07c479471 pkg/failpoint: add DelegatedEval API
    • 4a5bc05aa runtime/v2/shim: return if error in load plugin
    • 71ee7de24 bin/ctr,integration: new runc-shim with failpoint
    • 3e2e77849 runtime/v2: manager supports server interceptor
    • cb935bf49 pkg/failpoint: init failpoint package
  • [release/1.6] cherry-pick: make xattr EPERM non-fatal in createTarFile (#7447)
    • 2fdfd564c make xattr EPERM non-fatal in createTarFile
  • [release/1.6] remotes/docker/config: Skipping TLS verification for localhost (#7438)
    • 89e49609d remotes/docker/config: Skipping TLS verification for localhost
  • [release/1.6] .zuul: remove the zull because it is offline (#7427)
    • b720be2ce remove stray .zuul.yaml
    • 6b30bc4b4 .zuul: remove the zuul because it is offline
  • [release/1.6] cherry-pick: Set grpc code for unimplemented cri-api methods (#7421)
    • 0f7e258ee Set grpc code for unimplemented cri-api methods
  • [release/1.6] cherry-pick: ContainerStatus to return container resources (#7410)
  • [release/1.6] backport: vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd (#7340)
    • 5b44c5271 vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd
  • [release/1.6 backport] update runc binary to v1.1.4 (#7333)
  • [release/1.6] ci: remove GOPROXY environment variable due to https://github.com/go-… (#7299)
  • [release/1.6] Do not append []string{""} to command to preserve Docker compatibility (#7298)
    • 0448673af Do not append []string{""} to command to preserve Docker compatibility
  • [release 1.6 backport] Fix cleanup in critest (#7274)
  • [release/1.6 backport] oci: WithDefaultUnixDevices(): remove tun/tap from the default devices (#7268)
    • ed9d3dc37 oci: WithDefaultUnixDevices(): remove tun/tap from the default devices

Changes from containerd/continuity

28 commits

  • go.mod: update dependencies (take 2) (#204)
    • 74a0169 go.mod: update dependencies (take 2)
  • Revert "go.mod: update dependencies" (#205)
    • 4ef02a2 Revert "go.mod: update dependencies"
    • e364868 go.mod: update dependencies
    • 5df4731 cmd/continuity: remove FUSE for macOS
  • Various small fix-ups (#202)
    • 7fa1569 README: update badges and links
    • 7917549 golangci-lint: replace "golint" with "revive"
    • de7fd6b sysx: remove unused sysx/generate.sh script
    • e9ca807 fs: fix minor linting and gofmt issue
  • update authors and mailmap (#201)
    • 3df990d update authors and mailmap
  • move cmd/continuity to its own go module (#200)
    • 9d49199 move cmd/continuity to its own go module
    • 5b38337 remove version package
    • 480f3bb move continuityfs -> cmd/continuity/continuityfs
    • 071eff3 move commands -> cmd/continuity/commands
    • 840357f go.mod: update logrus to v1.8.1
  • CI: resolve Go path before sudoing ; Remove deprecated io/ioutil (except ioutil.ReadDir) (#198)
    • 9b78cc9 CI: resolve Go path before sudoing
    • d67721d CI: modernize Go setup
    • 5bf078f Remove deprecated io/ioutil (except ioutil.ReadDir)
  • fs.CopyDir: support sockets and pipes (#197)
    • ca52b93 fs.CopyDir: support sockets and pipes
  • Fix wrapping errors (#196)
    • def6729 fs: fix wrapping nil err
    • b17bab4 fmt.Errorf: use %w, not %v to wrap errors

Dependency Changes

  • github.com/Microsoft/go-winio v0.5.1 -> v0.5.2
  • github.com/containerd/continuity v0.2.2 -> v0.3.0
  • golang.org/x/crypto 32db794688a5 -> 3147a52a75dd
  • golang.org/x/net fe4d6282115f -> a158d28d115b
  • golang.org/x/sys 33da011f77ad -> 8c9f86f7a55f
  • golang.org/x/term 6886f2dfbf5b -> 03fcf44c2211
  • google.golang.org/grpc v1.43.0 -> v1.47.0
  • google.golang.org/protobuf v1.27.1 -> v1.28.0
  • gopkg.in/yaml.v3 496545a6307b -> v3.0.1
  • k8s.io/cri-api v0.23.1 -> v0.25.0

Previous release can be found at v1.6.8

Assets 32
Loading