MyGit

v1.7.0-beta.3

containerd/containerd

版本发布时间: 2023-01-28 14:48:43

containerd/containerd最新发布版本:api/v1.8.0(2024-11-04 15:07:27)

Welcome to the v1.7.0-beta.3 release of containerd! This is a pre-release of containerd

The eighth major release of containerd includes new functionality alongside many improvements. This release is intended to be the last major release of containerd 1.x before 2.0. Some functionality in this release may be considered experimental or unstable, but will become stable or default in 2.0. This release still adheres to our backwards compability guarantees and users who do not use or enable new functionality should use this release with the same stability expectations. The previous 1.6 release has also become a long term stable release for users who prefer releases with mostly stability improvements and wish to wait a few releases for new functionality.

This is a beta release and includes some functionality which is not yet complete. While most APIs are finalized before merge, they are subject to change until the official release.

Highlights

Sandbox API (experimental)

The sandbox API provides a new way of managing containerd's shim, providing more flexibility and functionality for multi-container environments such as Pods and VMs. This API makes it easier to manage these groups of containers at a higher level and offers new extension points for shim implementations and clients.

Transfer Service (experimental)

The transfer service provides a simple interface to transfer artifact objects between any source and destination. This allows for pull and push operations to be done in containerd whether requested from clients or plugins. It is experimental in this release to allow for further plugin development and integration into existing plugins.

See the Transfer Docs

NRI (experimental)

The Node Resource Interface is a common framework for plugging extensions into OCI-compatible container runtimes. It provides basic mechanisms for plugins to track the state of containers and to make limited changes to their configuration.

This release introduces NRI v0.2.0 with an updated plugin interface to cover a wide range of use cases.

See the NRI Docs

Platform Support

Runtime Features

Road to 2.0

Refactoring

There are multiple places in the code today which are being targeted for refactoring to make long term support easier and to provide more extension points.

The CRI plugin is the most complex containerd plugin with a wide range of functionality. A major effort in this release and before 2.0 involves moving functionality out of the single CRI plugin into smaller-scoped containerd plugins, such that they can be used and tested independenty. The new sandbox and distribution interfaces provide one example of this, but it also being done for image and network management.

The version of ttrpc has been updated this release to support streaming, allowing existing grpc services to use ttrpc. Services are being refactored to allow ttrpc implementations, which can be served via shim and accessed using the new sandbox management capability.

Configuration

Existing CRI configurations will be supported until 2.0. Any functionality split out of CRI will have their configuration migrated to new plugins. Deprecated configuration versions and configurations for deprecated features will be removed in 2.0.

Deprecation

The 2.0 release will remove any feature deprecated in 1.x. Features deprecated in this release include.

CRI Updates

Other

See the changelog for complete list of changes

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

Changes

1453 commits

  • Prepare release notes for v1.7.0-beta.3 (#8014)
  • Fix Memory Limit test (#7959)
  • Reused package errdefs for not supported error (#8005)
  • pkg/cri: optimize slice initialization (#7994)
  • go.mod: update goresctrl to v0.3.0 (#7987)
  • pushWriter: correctly propagate errors (#7985)
  • CI: test release.yml on every PR (#7968)
  • fix incorrect namespace of event when create/update namespace (#7129)
  • Backport changes to sandboxed CRI (#7973)
  • Fix syntax errors in the document (#7970)
  • release/Dockerfile: set DEBIAN_FRONTEND=noninteractive (#7969)
  • use local variable for rt when iterating collectors (#7963)
  • Add basic spec and mounts for Darwin (#7960)
  • go.mod: Bump hcsshim to v0.10.0-rc.4 (#7810)
  • Use specs Platform instead of generated API (#7958)
  • Make OCI options cross-platform (#7928)
  • update to go1.19.5, go1.18.10 (#7948)
  • fuzzing: improve archive fuzzer (#7957)
  • shim: enable debug logging for delete (#7943)
  • cri: Fix TestUpdateOCILinuxResource for host w/o swap controller (#7946)
  • ctr/run: flags --detach and --rm cannot be specified together (#7929)
  • Fix Flaky Windows CRI Integration test on TestContainerConsumedStats (#7935)
  • Refactor snapshotters metastore transaction (#7917)
  • mod: update github.com/pelletier/go-toml@v1.9.5 (#7932)
  • archive: improve TestSourceDateEpoch (#7927)
  • Add tracing plugin test (#7883)
  • docs/content-flow: update the description of the content labels (#7925)
  • Add cleanup package for context management during cleanup (#7861)
  • Fix race between stream registration and use (#7886)
  • Prepare release notes for v1.7.0-beta.2 (#7903)
  • Cirrus CI (Fedora 37, Rocky 8): enable cri-integration (#7892)
  • contrib/Dockerfile.test: add "integration", "cri-integration", "critest" stages (#7891)
  • docs: fix a typo in tracing documentation (#7914)
  • CI: Pass GITHUB_TOKEN to containerd/project-checks (#7913)
  • Enable dupword linter (#7911)
  • ctr: Add platform flag to 'oci spec' command (#7905)
  • Vagrantfile: fix disk resize error with VirtualBox (#7907)
  • Vagrantfile: fix comments about SELinux (#7908)
  • Use the const labels.LabelUncompressed (#7906)
  • [sandbox] Add sandbox store plugin type (#7850)
  • Fix TestUpdateContainerResources_Memory* on cgroup v2 hosts (#7893)
  • CRI: Comment cleanup/misc fixes (#7904)
  • Move snapshot event publishing into metadata store (#5674)
  • Vagrantfile: install-rootless-podman: remove setenforce 0 (#7887)
  • reused package errdefs for error (#7894)
  • integration/images: switch away from Docker Hub to avoid rate limit (#7888)
  • Validate userns container config is consistent with sandbox userns config (#7882)
  • ctr contents ls sorts the labels of the content (#7881)
  • chore: use go fix to cleanup old +build buildtag (#7879)
  • cri: Shadow variables to avoid t.Parallel() issues (#7880)
  • Add support for user namespaces in stateless pods (KEP-127) (#7679)
  • Refactor metastore transaction (#7529)
  • oci: appendOSMounts(): remove unused error, and move (#7874)
  • add kube v1.26: remove v1alph2 cri support (#7863)
  • make runc 1.1 for oss_fuzz_build.sh (#7875)
  • CRI sbserver: Prevent server reuse after Shutdown (#7872)
  • Fix incorrect defer usage and refactor judgement (#7521)
  • oci: Add WithDomainname (#7869)
  • Reused errdefs define error (#7871)
  • fix ctr tasks kill does not remove cni network under windows (#7866)
  • add network plugin metrics (#7858)
  • Avoid using canceled context in unpacker cleanup (#7859)
  • image/label: print more characters of label keys (#7618)
  • prevent Server reuse after a Shutdown (#7165)
  • Check containerd's readiness before calling critest (#7851)
  • Fix grammatical errors in Readme (#7837)
  • Fix cpu architecture detection issue on linux/arm (#7636)
  • CRI: Fix no CNI info for pod sandbox on restart (#7845)
  • Enable checkRename test (#7081)
  • metastore: Add WithTransaction convenience method (#7781)
  • Prevent a race condition in testHook (#7831)
  • cri: fix memory.memsw.limit_in_bytes: no such file or directory (#7836)
  • go.mod: update fuzz-headers and fuzz-build (#7824)
  • Remove github.com/gogo/protobuf again (#7825)
  • CRI: Add host networking helper (#7814)
  • Support sandbox shutdown in shim runtimes (#7792)
  • move up to CRI-TOOLS v1.26.0 (#7818)
  • Minor fix when querying pod sandbox status (#7812)
  • nil check to avoid panic on upgrade (#7809)
  • Bump grpc to v1.51.0 (#7709)
  • fatal error: concurrent map iteration and map write (#7805)
  • Bump golangci-lint to v1.50.1 (#7804)
  • cri: make swapping disabled with memory limit (#7783)
  • add metrics for image pulling: error; in progress count; thoughput (#7313)
  • Prepare release notes for v1.7.0-beta.1 (#7793)
  • support fetching containerd from non public GCS buckets (#7771)
  • images: support specifying SourceDateEpoch via ctx (#7651)
  • fuzzing: improve archive fuzzer (#7718)
  • fix sdNotify func when debug level (#7798)
  • Upgrade GitHub actions packages in release workflow (#7794)
  • Enable GitHub Actions local Linux CI runs (#7796)
  • integration: increase timeout in container_event_test.go (#7791)
  • digest: use github.com/minio/sha256-simd (#7732)
  • allow client to remove created tasks with PID 0 (#7787)
  • Add container event support to containerd (#7073)
  • docs: Authorizer.Authorize could return ErrUnexpectedStatus (#7786)
  • fix: check for tmpfs when evaluating if userxattr is needed (#7772)
  • Pass TOML configuration options for runtimes CRI is not aware of (#7764)
  • Cleanup build constraints (#7776)
  • There is no way to disable debug endpoint on Darwin (#7775)
  • CI: Vagrant: pin rockylinux/8 to v5.0.0 (#7777)
  • vendor: golang.org/x/net v0.4.0 (#7774)
  • Fix context when waiting sandbox (#7773)
  • Github Security Advisory GHSA-2qjp-425j-52j9
  • update to go1.19.4, go1.18.9 (#7765)
  • Change PushContent to require only Provider (#7763)
  • sbserver bug fixing (#7768)
  • Add unit test to Opentelemetry tracing (#7671)
  • remove some (aliases for) deprecated functions (#7525)
  • Refactor ctr restore to allow for tty allocation (#7673)
  • fix panic when containerd-stress density --count 0 (#7748)
  • Unwrap proto errors in streaming client (#7753)
  • Fix process_vm_* syscall names in seccomp (#7755)
  • upgrade the ops.md output for current 1.7 version . (#7747)
  • docs: Add extra security instructions (#7743)
  • go.mod: re-vendor NRI from the official repo. (#7744)
  • [Sandbox API] CRI status cleanup (#7731)
  • Transfer service (#7320)
  • NRI: add support for NRI with extended scope. (#6019)
  • archive: set WithModTimeUpperBound when WithSourceDateEpoch is set (#7710)
  • Fix order of operations when setting lease labels (#7702)
  • Add ctr image prune command (#7730)
  • Check for nullptr before dereferencing (#7708)
  • use MaxConcurrentDownloads instead of MaxConcurrentUploadedLayers (#7736)
  • introspection: expose the daemon's PID and PIDNS (#7694)
  • reference/docker: synchronize fork with upstream distribution/distribution (#7635)
  • go.mod: golang_protobuf_extensions v1.0.4 - prevent incompatible versions (#7721)
  • Add ptrace readby and tracedby to default AppArmor profile (#7714)
  • Fix sandbox API when calling sandboxed shims (#7684)
  • make status more readable and update easy. (#7669)
  • integration/client: fix go.mod grouping, containerd to v1.7.0-beta.0, cgroups back to v1.0.4 (#7720)
  • Resolve warnings in Windows GitHub Actions periodic workflows (#7706)
  • Sandbox API: implement Controller.Status for SandboxAPI (#7470)
  • [port #5904 to sbserver] Setup pod network after creating the sandbox container (#7426)
  • fix for OSS-Fuzz infra changes (#7677)
  • runtime/v2/shim: clean up the use of containerdBinary (#7499)
  • Add process_vm read and write calls to default seccomp profile (#7693)
  • Resolve Scorecards GitHub Actions workflow warnings (#7707)
  • cri: add pod uid annotation (#7697)
  • Missed out platform interface when reused the conn for Client. (#7699)
  • overlayfs: remove duplicated tx rollback (#7700)
  • go.mod: update some dependencies (#7704)
  • update github.com/cpuguy83/go-md2man/v2 to v2.0.2 (#7705)
  • Fsnotify bump and change code (#7703)
  • fix build containerd in centos9 (#7683)
  • Bump urfave-cli to v1.22.10 (#7701)
  • can set up the network serially by CNI plugins (#7685)
  • Update cri-api dependency to v0.26.0-beta.0 (#7656)
  • overlay: Remove unused method param (#7696)
  • CI: update Fedora to 37 (#7691)
  • tx rollback when GetInfo return error (#7678)
  • Upgrade github.com/containerd/cgroups from v1 to v3 (#7601)
  • Remove OpenTelementry imports from remotes/docker package (#7675)
  • Expose Done and Err in Shutdown service (#7686)
  • gotestsum match go version 1.19 (#7688)
  • complement sub-command note for containerd-main (#7670)
  • keep the lower case letter for flag info (#7668)
  • bump critools into ca1571e6edd116b2c95f52e3dfa0b4779b74223a (#7666)
  • Fix broken link for CRI plugin in docs (#7667)
  • add option to resolve symlinks in WithLinuxDevice (#7523)
  • Bump k8s.io deps to v0.25.4 (#7663)
  • Release: add static binaries (#7659)
  • Bump OpenTelemetry contrib to v0.36.4 (#7662)
  • Fix slice append error (spec.Linux.Resources.HugepageLimits) (#7661)
  • Bump OpenTelemetry to v1.11.1 (#7660)
  • feature: add gc scheduler metrics collection count (#5263)
  • Add --debug args to all subcommands of ctr pprof (#7629)
  • Add a thin wrapper around otel Span object (#7655)
  • Bump grpc to v1.50.1 (#7643)
  • replace strings.Split(N) for strings.Cut() or alternatives (#7631)
  • add oci.WithCPURT (#7642)
  • Sandbox API: Add a new mode config for sandbox controller impls (#7590)
  • fuzzing: bump go-fuzz-headers (#7625)
  • Bump k8s.io deps to v0.25.3 (#7637)
  • Remove uses of deprecated go-digest.NewDigestFromHex, go-digest.Digest.Hex (#7641)
  • Extra documentation for content interfaces (#7640)
  • Fix shim socket permissions on Darwin (#7638)
  • s390x: build and package s390x bin in release assets (#7614)
  • Replace mount fork hack with CLONE_FS (#7513)
  • remotes: add FetcherByDigest for fetching blobs without foreknown descriptors (useful for general-purpose CAS) (#7460)
  • Fix "getCPUInfo for OS freebsd: not implemented" on FreeBSD/arm64 (#7403)
  • Support default hosts.toml configuration (#7607)
  • Add tracing spans in CRI image service and pull.go (#7453)
  • Fix missing closed fifo (#7604)
  • fix comments (#7624)
  • docs: add additional info in backport process (#7626)
  • go.mod: golang.org/x/*: use tagged versions (#7621)
  • Bump go version to 1.19.3 (#7620)
  • ctr export strictly matching (#7615)
  • Fix ctr crash when pulling with --http-dump and --http-trace simultaneously (#7617)
  • Harden GITHUB_TOKEN permissions for OSSF Scorecard (#7599)
  • overlayutils: Add fastpath for userxattr check (#7611)
  • Add sequence diagram for shim runtime v2 (#7606)
  • Sandbox API: Move remote impls to /sandbox/proxy (#7600)
  • fuzzing: improve archive fuzzer (#7588)
  • Retry client connection in waitForStart (#7537)
  • Add Workflow for running critest with Hyper-V Containers on Windows. (#7025)
  • Add release notes for v1.7.0-beta.0 (#7575)
  • Cleanup sandbox interfaces (#7576)
  • Update GitHub actions release workflow set output (#7581)
  • Fix LogURI generation-related tests on Windows. (#7569)
  • maintenance: Remove WithWindowsNetworkNamespace from pkg/cri (#7577)
  • CRI: implement Controller.Delete for SandboxAPI (#7457)
  • Configure CDI registry only on start (#7419)
  • update codeql-action to v2 (#7568)
  • Add logging related metrics to Containerd CRI plugin (#7546)
  • sys: optimize and refactor MkdirAllWithACL() (#7531)
  • fix install cni script (#7484)
  • Update 1.5 release support timeframe (#7560)
  • bump go-fuzz-headers (#7503)
  • Add long term stable release branches (#7454)
  • fix pusher concurrent close channel (#7473)
  • Make tests on GitHub less noisy (#7530)
  • containerd should not print error log that failed to init a tracing processor while the tracing plugin is not loaded (#7541)
  • Update required Go version in BUILDING.md (#7544)
  • go.mod: matttproud/golang_protobuf_extensions v1.0.2 (use tag) (#7522)
  • Use go env to determine GOPATH in Makefile. (#7542)
  • clean-up "nolint" comments, remove unused ones, update golangci-lint (#7349)
  • Don't unmount on Darwin when deleting bundle (#7534)
  • Add timeouts to all CI jobs (#7538)
  • Vagrantfile: explicitly specify rsync as the shared folder driver (#7539)
  • sys: remove unused IsAbs() (windows) (#7527)
  • cri: PodSandboxStatus should tolerate missing task (#7535)
  • CI: update GHA instances from Ubuntu 18.04 to 20.04 (#7489)
  • fix the --no-pivot flag being ignored by ctr tasks start (#7519)
  • Update the default seccomp to block socket calls to AF_VSOCK (#7510)
  • cmd/containerd: use golang.org/x/sys/windows.SetStdHandle() (#7511)
  • Stats() shouldn't assume s.container is non-nil (#7517)
  • Move up actions versions to prep for NodeJS 12 deprecation (#7516)
  • cmd/containerd: use golang.org/x/sys Service.SetRecoveryActions() (#7512)
  • Updates oci image config to support upstream ArgsEscaped (#7483)
  • cmd/containerd: replace deprecated windows.IsAnInteractiveSession() (#7497)
  • Update container with sandbox metadata after NetNS is created (#7481)
  • archive: add WithSourceDateEpoch() for whiteouts (#7478)
  • TestTaskResize must use a terminal (#7492)
  • diff/apply.readCounter: check negative size (#7494)
  • Add new ctr option for discarding unpacked layers (#7425)
  • archive: windows: chtimes(): remove redundant conversion (#7491)
  • archive: validate digests before use (#7488)
  • vendor: github.com/opencontainers/selinux v1.10.2 (#7482)
  • fuzzing: create structured tar bytes in archive fuzzer (#7477)
  • Update to go 1.19.2 to address CVE-2022-2879, CVE-2022-2880, CVE-2022-41715 (#7474)
  • use raw link to containerd.service config (#7463)
  • cri doc: Update kata containers reference (#7466)
  • Setup pod network after creating the sandbox container (#5904)
  • Swap to net.ErrClosed checks for services (#7446)
  • go.mod: Bump go-winio to v0.6.0 (#7443)
  • fix retry when writer is reset on push (#6995)
  • CI: Output a summary using GITHUB_SUMMARY (#7192)
  • Fix missing close (#7430)
  • Add test flag for skipping shim cgroup test (#7424)
  • Refactor CRI fuzzers (#7405)
  • Fix LogURIGenerator on Windows (#7351)
  • Set grpc code for unimplemented cri-api methods (#7417)
  • Add reader option to local content reader at (#7414)
  • Sandbox API: implement Controller.Wait and Controller.Stop (#7401)
  • remove stray .zuul.yaml (#7416)
  • reference CDI configuration details (#7408)
  • cri-integration: propagate ENABLE_CRI_SANDBOXES (#7413)
  • Enable OpenSSF Scorecard Github Action (#7404)
  • Add ext2 fs support to devmapper snapshotter (#7402)
  • Fuzzing: Instrument with new sanitizers (#7396)
  • Upgrade fuzzing-related packages to reduce dependencies (#7397)
  • remotes/docker/config: Skipping TLS verification for localhost (#7393)
  • Replace github.com/emicklei/go-restful package, versions <2.16.0 (#7395)
  • Add NoSameOwner option when unpacking tars (#7386)
  • ctr: add privileged-without-host-devices for run command (#7328)
  • chore: matching the casing of other flags for ctr's pull command (#7341)
  • windows: Add runhcs-wcow-hypervisor runtimeclass to the default config (#6901)
  • Fix missing close (#7370)
  • CRI: update cdi version to v0.5.1 (#7374)
  • Update to go 1.19.1, 1.18.6 to address CVE-2022-27664, CVE-2022-32190 (#7372)
  • vendor: golang.org/x/net v0.0.0-20220906165146-f3363e06e74c (#7373)
  • Remove unused variable from images action (#7371)
  • feature: use client default namespace (#7291)
  • integration: TestUpdateContainerResources_MemoryLimit: remove TODO comment (#7367)
  • feature: upgrade registry.k8s.io/pause version (#7359)
  • metrics/cgroups/v1: Remove unused event parameter (#7361)
  • .zuul: remove the zuul because it is offline (#7369)
  • Update golangci-lint timeout to match config (#7356)
  • delete redundent import alias and and type conversion (#7345)
  • Make checkContainerTimestamps less strict on Windows (#7350)
  • Make oss-fuzz mandatory (#7346)
  • Add kubernetes v1.25 supported version as v1.24 (#7326)
  • sys: move ForceRemoveAll to integration/client (#7335)
  • chore: remove duplicate word in comments (#7338)
  • Use ioctl helpers from x/sys/unix (#7342)
  • archive: replace tarName() with filepath.ToSlash() (#7344)
  • mount: remove unused ErrNotImplementOnWindows (#7339)
  • replace sys Sequential funcs with moby/sys/sequential (#7334)
  • Clarify containerd 1.5.0+ for k8s 1.20,1.21 (#7324)
  • update runc binary to v1.1.4 (#7315)
  • Upgrade github.com/klauspost/compress from v1.11.13 to v1.15.9 (#7325)
  • Update k8s.io/cri-api to v0.25.0 (#7287)
  • script/setup: handle cnidir with SUDO (#7322)
  • ContainerStatus to return container resources (#6517)
  • migrate from k8s.gcr.io to registry.k8s.io (#7038)
  • Do not rename test files on-the-fly to share functions (#7309)
  • ctr import: strictly match platform (#6906)
  • Revert "Downgrade MinGW to version 10.2.0" (#7308)
  • Follow up #7254 (Switch to Go 1.19) (#7286)
  • Upgrade containerd/cgroups to remove github.com/cilium/ebpf's fuzzer (#7304)
  • Adding support of CAP_BPF and CAP_PERFMON (#7301)
  • go.mod: Bump hcsshim to v0.10.0-rc.1 (#7284)
  • Don't fail test when GOOGLE_APPLICATION_CREDENTIALS is unset (#7306)
  • ci: remove GOPROXY environment variable due to https://github.com/go-yaml/yaml/issues/887 (#7293)
  • Runtime cleanup (Shim manager and task service) (#7280)
  • containerd-stress: add support for running through CRI (#6931)
  • Switch to Go 1.19 (#7254)
  • Vagrantfile: dump containerd log after critest (#7265)
  • oci: skip checking group id for WithAppendAdditionalGroups (#7257)
  • release workflow: increase timeout to 30 minutes & remove Go setup action (#7259)
  • release: rollback Ubuntu to 18.04 (except for riscv64) (#7258)
  • Initial sandbox API CRI integration (implement Controller.Start) (#7228)
  • Use environment variable to specify Go version on CI (#7251)
  • Update golang to 1.18.5, 1.17.13 (#7243)
  • Change os.Stderr reassign for Windows service (#7023)
  • script/setup: fix protobuf for aarch64 (#7237)
  • Fix cleanup in critest (#7232)
  • fix: support simultaneous create diff for same parent snapshot (#7204)
  • Windows HostProcess container CRI stats test (#7223)
  • Regenerate protos with updated protoc-gen-go (#7226)
  • test: error strings should not be capitalized (#7195)
  • Add extra context to error when push unauthorized (#7220)
  • replace with selinux label (#7207)
  • Use httputil.DumpRequestOut for dumping client req (#7221)
  • Fix CRI image pull timeout test for ppc64le (#7215)
  • test: introduce failpoint control to runc-shimv2 and cni (#7069)
  • chore: bump macos runner version (#7206)
  • Use image lists form integration/client tests (#7210)
  • go.mod: Bump hcsshim to v0.9.4 (#7212)
  • Drop deprecated ioutil (#7203)
  • Make getServicesOpts a helper (#7201)
  • adds an env var commented out for sandboxed mode (#7183)
  • cri_stats: handle missing cpu stats (#7198)
  • using ContextDialer instead (#7189)
  • test: Add ability to switch between cgroupv1 or cgroupv2 for node e2e (#7173)
  • code cleanup (#7182)
  • Update k8s.io/cri-api to v0.25.0-alpha2 (#7114)
  • Refactor usageNanoCores be to used for all OSes (#7186)
  • adds support for using env file for systemd boot (#7191)
  • go.mod: github.com/stretchr/testify v1.8.0 (#7185)
  • ctr: support --user for run/create (#7145)
  • docs: Fix sample config.toml syntax (#7174)
  • seccomp: seccomp: add syscalls related to PKU in default policy (#7163)
  • Update and align golangci-lint version (#7168)
  • adds a comment explaining how to disable experimental sbserver (#7169)
  • ci: workaround Cirrus CI's INVALID_ARGUMENT (#7177)
  • Update install-protobuf script to install protobuf on Darwin (#7153)
  • Fork CRI server for Sandbox API integration work (#7164)
  • seccomp: add get_mempolicy, mbind, set_mempolicy, with CAP_SYS_NICE (#7167)
  • cri doc: fix formatting for CDI options (#7158)
  • update golang to 1.18.4, 1.17.12 (#7159)
  • Fix out of date comments for CRI store packages (#7152)
  • update some devmapper docs (#7124)
  • seccomp: allow clock_settime64 when CAP_SYS_TIME is added (#7149)
  • Copy fuzzers from github.com/cncf/cncf-fuzzing (#7123)
  • fix can't edit object by using ctr content edit command (#6847)
  • integration/client: fix typo in export_test.go (#7130)
  • Fix https://github.com/containerd/containerd/pull/7126om/containerd/containerd/pull/7126))
  • LCOW differ return ErrNotImplemented for wrong mount type (#7112)
  • Update go-restful/v3 to latest release (#7117)
  • pkg/cri: use marshal wrapper for version convertor (#7108)
  • Remove hacks around contrib/fuzz (#7087)
  • Fix missing closed HTTP Body (#7107)
  • Cleanup metadata tests (#7105)
  • Downgrade MinGW to version 10.2.0 (#7106)
  • ctr: Fix ctr c create fails to parse arguments (#7098)
  • Fix Documentation Issue (#7103)
  • refactor: reduce duplicate code (#7100)
  • make xattr EPERM non-fatal in createTarFile (#7094)
  • Move metadata plugin registration to seperate package (#7096)
  • fix: missing sudo for devmapper doc (#7092)
  • Ensure Windows Periodic workflow errors out while still uploading results. (#7085)
  • Add snapshotter key to snapshot events (#7084)
  • add WithAdditionalGIDs test (#7072)
  • Forward ctr snapshotter flags on Windows (#7086)
  • add WithAppendAdditionalGroups helper (#7070)
  • Make CI Fuzz less noisy (#7065)
  • ctr: add --hostname flag to create, run (#7082)
  • improve content-flow (#7077)
  • Make CI Fuzz optional (#7067)
  • Use Go 1.18's testing.F on simple fuzzers (#7056)
  • Downgrade MinGW in Windows setup scripts. (#7062)
  • Make test path a constant (#7057)
  • Run fuzzers in CI (#7052)
  • CRI: Improve the /dev/shm mount options in Sandbox. (#6913)
  • fix:userattr-unmount unexpected timeout (#7008)
  • Port (some) unit tests to FreeBSD (#7042)
  • Bump Golang and MinGW versions in Windows setup script. (#6888)
  • Windows snapshotter touch ups and new functionality (#6918)
  • Improve naming consistencies in comments in snapshotter.go (#7032)
  • Make building static binaries simpler (#7022)
  • Allow CRI on Darwin (#7033)
  • update runc binary to v1.1.3 (#7034)
  • Linux containers on FreeBSD (#7000)
  • go.mod: github.com/moby/sys/mountinfo v0.6.2 (#7026)
  • fix minor spelling mistake: lablel -> label (#7031)
  • go.mod: github.com/containerd/cgroups v1.0.4 (#7027)
  • go.mod: github.com/containerd/continuity v0.3.0 (#7028)
  • Correct spelling mistake ("sanbdox" to "sandbox") (#7029)
  • Github Security Advisory GHSA-5ffw-gxpp-mxpf
  • Bump grpc to v1.47.0 (#7018)
  • Bump k8s.io deps to v0.24.1 (#7017)
  • Support runtime level snapshotter for issue 6657 (#6899)
  • update golang to 1.18.3, 1.17.11 (#7012)
  • Fix containerd-stress duration flag (#7004)
  • update go-cni/for cni update fixing plugins that don't respond with version (#7009)
  • Add validations for Windows HostProcess CRI configs (#6996)
  • Move docker reference logic to reference/docker package (#7007)
  • promote pause image to 3.7 (sync with kube v1.24) (#7003)
  • Makefile: use urfave_cli_no_docs for binaries that don't need it (#6998)
  • CRI: cleanup cri/store package (#6993)
  • Use t.Run for /pkg/cri tests (#7001)
  • vendor: github.com/urfave/cli v1.22.9 and fix "verify-vendor" script (#6997)
  • sandbox: replace github.com/pkg/errors with native errors (#6937)
  • build: Fix references to check-protos target in Makefile (#6983)
  • ctr: fix label args used in NewContainer (#6954)
  • ctr sandbox: handle sandbox config (#6959)
  • Fix broken oss-fuzz build (#6975)
  • archive: add human-readable hint to Lchown error (#6982)
  • Fix tx closed error when upperdirlabel specified (#6978)
  • config: improve config v1 deprecation message (#6972)
  • Fix Windows install powershell script (#6969)
  • fix comments on metadata schema and update namespace doc (#6955)
  • adjust format in comment (#6956)
  • Restore decompression benchmarks (#6957)
  • cmd/ctr/commands/content: fix typo in fetch command usage (#6960)
  • fix some confusing typos (#6950)
  • update doc url about k8s (#6952)
  • Separate windows-2019 and windows-2022 test results (#6946)
  • shim: fix debug flag not working (#6910)
  • Reverts removal of parallel run from critest (#6938)
  • Bump OpenTelemetry dependencies (#6932)
  • update runc binary and vendor to v1.1.2 (#6934)
  • oci: WithDefaultUnixDevices(): remove tun/tap from the default devices (#6923)
  • update golang to 1.18.2, 1.17.10 (#6926)
  • CI: update Fedora to 36 (#6925)
  • Add Wait to binaryProcessor (#6916)
  • go.mod: Bump k8s deps to v0.24.0 (#6905)
  • (Vagrant CI) Enable git commands due to git CVE fix (#6915)
  • Pass explicit JUnit outfile to critest.exe in Windows workflow. (#6912)
  • Update critools to v1.24 (#6894)
  • devmapper docs: small fixes (#6904)
  • move report dir option to end of line for vagrant cri tests (#6900)
  • Update Kubernetes version matrix in release docs (#6892)
  • Share container images between TestRestartMonitor and TestRestartMonitorWithOnFailurePolicy (#6889)
  • containerd 1.6.4 k8s 1.24 readme announce (#6890)
  • Cleanup leaked shim process (#6866)
  • Add collectible resources to metadata gc (#6804)
  • Update k8 docurl in file (#6881)
  • Support RISC-V 64 (#6882)
  • docs: minor fixes in snapshots.Snapshotter comments (#6885)
  • Officially deprecate Schema 1 (#6884)
  • Make Cirrus CI tests more stable (#6880)
  • docs: Adding windows installation steps to getting-started.md (#6875)
  • Add ctr support for CPUMax and CPUShares (#6809)
  • Support for cgroups blockio (#5490)
  • Fix comment for metadata/db.go (#6871)
  • Remove github.com/gogo/protobuf and github.com/golang/protobuf from containerd's direct dependencies (#6867)
  • Update go-cni to v1.1.5 (#6868)
  • Bump opencontainers/selinux from 1.10.0 to 1.10.1 (#6865)
  • Upgrade google.golang.org/grpc and google.golang.org/protobuf (#6864)
  • Don't use "uname -a" as Cirrus CI's cache key (#6863)
  • remove duplicate (#6856)
  • Create ppc64le release (#6858)
  • Move Vagrant-based tests from GitHub Actions to Cirrus CI (#6854)
  • feature: support image pull progress timeout (#6150)
  • Add unpack interface to be used by client (#6749)
  • Fix undefined error in use of errors package (#6855)
  • Migrate off from github.com/gogo/protobuf (#6841)
  • images/image.go: typo (#6851)
  • Add flag to allow oci.WithAllDevicesAllowed on PrivilegedWithoutHostDevices (#5686)
  • integration: Adds Windows equivalent for TestSandboxRemoveWithoutIPLeakage (#6180)
  • fix incorrect syntax in comments (#6845)
  • cri: close fifos when container is deleted (#6842)
  • diff: hide types.Any from clients (#6832)
  • Add Container-Optimized OS into Adopters (#6838)
  • Prepare for google.golang.org/protobuf (#6835)
  • fix the restart desired to running when task not found (#6833)
  • Remove all gogoproto extensions (#6829)
  • fix nil pointer panic for monitor (#6830)
  • remotes/docker: log registry URLs as info instead of debug (#5681)
  • Rename runtime/v2/task to api/runtime (#6827)
  • Fix protoc-gen-go-fieldpath (#6828)
  • Consolidate gogo/protobuf dependencies under our own protobuf package (#6826)
  • Add restart policy for enhanced restart manager (#6744)
  • Remove gogoproto.stdtime (#6821)
  • Set timeout when collecting metrics from shim's Stat (#6781)
  • Fuzz filter package with Go 1.18's fuzzer (#6819)
  • allow ptrace(2) by default for kernel >= 4.8 (#6810)
  • Build bin/gen-manpages instead of using "go run" (#6820)
  • update golang to 1.18.1, 1.17.9 (#6822)
  • Sandbox API (#6703)
  • Move lease manager plugin to separate package (#6811)
  • fix pool_device_test (#6807)
  • check for duplicate nspath possibilities (#6806)
  • Do not append []string{""} to command to preserve Docker compatibility (#6805)
  • tracing: fix panic on startup when configured (#6789)
  • Optimize loading performance for cri recover (#6680)
  • Change architecture path in README.md (#6798)
  • make consistent for checkpoint path (#6792)
  • metrics/cgroups: fix deadlock issue in Add during Collect (#6788)
  • ADOPTERS: Update AKS Info (#6794)
  • Pin upload-cloud-storage action to 0.8.0 in Windows workflow. (#6790)
  • docs: add Deckhouse to the list of adopters (#6785)
  • Add docs/snapshotters; simplify docs/cri (#6778)
  • Turn paths from cmdline into absolute paths (#6672)
  • CRI: add support for CDI device injection (#6654)
  • Disable writing freelist to make the file robust against data corruptions (#6761)
  • mv design docs/historical/design (#6777)
  • CRI: improve image pulling performance (#6702)
  • docs: remove runtime v1; migrate config v1 to v2 (#6776)
  • Skip flaky test on Windows (#6779)
  • docs/getting-started.md: typo (#6775)
  • Add no_tracing tag (#6750)
  • Move historical docs to docs/historical (#6754)
  • Run go mod tidy in integration tests (#6768)
  • go.mod: move indirects, and update integration go.mod to 1.18 (#6765)
  • Drop gotest.tools (#6762)
  • Use t.Setenv instead of os.Setenv (#6760)
  • Upgrade to Go 1.18 (#6709)
  • Adding multi-arch support for the configure.sh script (#6751)
  • docs/getting-started.md: massive update (#6758)
  • Remove unmaintained contrib/linuxkit (#6755)
  • [Windows CI] Address some timeout issues (#6757)
  • BUILDING.md: update supported Go versions (#6756)
  • update runc to 1.1.1 (#6753)
  • CI: add Rocky Linux 8 (#6747)
  • CI: bump up crun to 1.4.4 (#6748)
  • added make help for cri integration (#6743)
  • Update README.md cncf landscape url (#6740)
  • Fix error message in TestNewBinaryIO (#6738)
  • Use typeurl.Any instead of github.com/gogo/protobuf/types.Any (#6706)
  • Use cgroups.AddProc() for cgroups v1 (#5738)
  • fix: ctr images mount with snapshotter option can't get snapshotter (#6713)
  • cgroup2: monitor OOMKill instead of OOM to prevent missing container events (#6323)
  • moving up to go-cni v1.1.4 (#6721)
  • native: fix deadlock from leaving transactions open (#6722)
  • go.mod: remove replace, and update github.com/gogo/googleapis v1.4.1 (#5390)
  • Github Security Advisory GHSA-c9cp-9c75-9v8c
  • runtime: deprecate runc --criu / -criu-path option (#6496)
  • Bug fix for mount path handling (#6651)
  • Upgrade containerd/imgcrypt and opencontainers/image-spec (#6711)
  • Remove enumvalue_customname, goproto_enum_prefix and enum_customname (#6708)
  • Remove gogoproto.customtype (#6699)
  • Skip tty critest testcase on Windows Server 2022 (#6698)
  • Build with Go 1.18 (#6605)
  • Update prometheus client vendor (#6690)
  • vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd (#6687)
  • Make the temp mount as ready only in container WithVolumes (#6593)
  • fix: ctr run --cni get failed (#6670)
  • test: use T.TempDir to create temporary test directory (#6681)
  • Make OpenLab's CI jobs blocking (#6679)
  • document log level and format (#6683)
  • Add shared content label to namespaces (#6660)
  • Add protoc-gen-go-fieldpath (#6562)
  • Enable gosec linter for golangci-lint (#6669)
  • Make mkfs.xfs available on OpenLab's CI environment (#6668)
  • ctr: improve error relative shim path error msg (#6519)
  • typo fixes under cmd. (#6674)
  • Handle CRI Device.HostPath on Windows (#6618)
  • Upgrade golangci-lint and its GitHub Action (#6666)
  • Don't build a second copy of containerd-shim-runhcs-v1.exe (#6661)
  • Update TestNormalize to only test Windows platform (#6569)
  • Fix link in getting-started.md (#6663)
  • Fuzzing: refactor metadata fuzzers (#6423)
  • Two xfs file systems with same UUID can not be mounted on the same sy… (#6650)
  • [Windows] Fix deadline exceeded in daemon restart (#6635)
  • Use temp file for export/import test (#6658)
  • strip path-info from -v (version) output, and implement -v flag for containerd-shim (#6495)
  • Improve unexpected response error handling in resolver (#6617)
  • Use the latest tag for azure images (#6601)
  • Run CRI integration tests in GitHub Actions (Windows) (#6626)
  • cri: fix integration test on cgroupsv2 system (#6595)
  • Use version 2 configuration format in docs/PLUGINS.md (#6613)
  • update to go 1.16.15, 1.17.8 to address CVE-2022-24921 (#6619)
  • Update status of 1.4 release (#6614)
  • Update TestContainerSymlinkVolumes to use windows path (#6568)
  • Add --user support for ctr run Windows (#6603)
  • Update releases (#6608)
  • Github Security Advisory GHSA-crp2-qrr5-8pq7
  • Adds support for Windows ArgsEscaped images (#6479)
  • Do not use weak import (#6558)
  • cri: relax test for system without hugetlb (#6596)
  • Use containerd/protobuild instead of stevvooe/protobuild (#6578)
  • integration: remove duplicated util pkg (#6597)
  • go.mod: update to github.com/tchap/go-patricia/v2 v2.3.1 (#6591)
  • Update Go version recommendation in getting started (#6585)
  • go.mod: update to github.com/emicklei/go-restful/v3 v3.7.3 (#6337)
  • fix Implicit memory aliasing in for loop (#6331)
  • Fix build with gccgo (#6579)
  • Replace golang.org/x/net/context with std library (#6580)
  • containerd-shim-runc-v1: return init pid when clean dead shim (#6571)
  • Use Windows matcher when on Windows platform in all code paths (#6491)
  • containerd-shim-runc-v2: return init pid when clean dead shim (#6452)
  • [Windows][Integration] Enable TestRestartMonitor (#6515)
  • go.mod: fsnotify v1.5.1, moby/sys/mountinfo v0.6.0, moby/sys/signal v0.7.0 (#6554)

Changes from containerd/cgroups

21 commits

  • ParseCgroupFile: fix wrong comment about unified hierarchy ; add ParseCgroupFileUnified to get the unified path (#232)
  • Bump go version to 1.17 in go.mod (#230)
  • make cmd/ a separate module (as it's only for testing) (#226)
  • feat(v2): add Update method for v2.Manager (#225)
  • feat: add memory.min param (#211)
  • modified the dereference null pointer value. (#218)
  • update readme for cpu cgroup demo (#217)
  • Fix systemd full path (#221)
  • Update Go version and fedora base (#223)
  • Fix panic in NewSystemd on nil values (#219)

Changes from containerd/continuity

28 commits

  • go.mod: update dependencies (take 2) (#204)
  • Revert "go.mod: update dependencies" (#205)
  • Various small fix-ups (#202)
  • update authors and mailmap (#201)
  • move cmd/continuity to its own go module (#200)
  • CI: resolve Go path before sudoing ; Remove deprecated io/ioutil (except ioutil.ReadDir) (#198)
  • fs.CopyDir: support sockets and pipes (#197)
  • Fix wrapping errors (#196)

Changes from containerd/go-cni

22 commits

  • go.mod: update libcni to v1.1.1 (#101)
  • add in some serial setup tests; a little make cleanup (#100)
  • Re-introduce serial network setup (#99)
  • bump github.com/containernetworking/cni v1.1.0 (#98)
  • Revert "Update loopback version to support check" (#96)
  • Use revive instead of golint (#92)
  • Bump go verion to 1.17 (#91)
  • moving up to latest CNI plugin release (#90)
  • Fix Loopback Version (#88)
  • Update comment for capabilities (#89)
  • Add integration test for linux and update go version from 1.16 to 1.17 (#84)

Changes from containerd/imgcrypt

18 commits

  • Use reflect to support diff.ApplyConfig with/without gogo's types.Any (#75)
  • Upgrade golangci-lint-action and golangci-lint (#76)
  • CHANGES: Updated CHANGES document for 1.1.4 release (#74)
  • Bump github.com/containerd/containerd from 1.5.10 to 1.6.1 (#73)
  • images: prepare for typeurl.Any (#72)
  • Bump ocicrypt to 1.1.3 (#71)
  • Bump github.com/containerd/containerd from 1.5.8 to 1.5.9 (#67)

Changes from containerd/nri

29 commits

  • Extend scope to enable common pluggable runtime extensions. (#16)
  • Update GitHub actions CI workflow (#19)
  • replace pkg/errors (#17)
  • Update the examples in README.md (#15)
  • Rename branch from master to main (#12)
  • Update to containerd 1.5.1 (#11)

Changes from containerd/ttrpc

37 commits

  • Only generate a Go file if the file has some services (#112)
  • *.go: organize errors to one spot (#113)
  • PROTOCOL: slight markdown touchup (#111)
  • Introduce streaming (#107)
  • Update checkout and lint actions (#109)
  • Add Makefile and update protobuf (#106)
  • Add ttrpc protocol definition (#102)
  • Enable Codecov again (#105)
  • Use CR+LF instead of LF regardless of OS (#103)
  • Log the error's underyling errno if there is (#104)
  • Use google.golang.org/protobuf instead of github.com/gogo/protobuf (#99)
  • Wrap correct error on unix.GetsockoptUcred failure (#100)
  • Update CI project checks to use containerd project action (#101)

Changes from containerd/typeurl

14 commits

  • Fallback to google.golang.org/protobuf (#35)
  • Build with Go 1.17 and Go 1.18 (#34)
  • Make nil handling easier (#33)
  • Make Any type an interface (#32)
  • Add Any type and remove gogo protobuf from interfaces (#31)
  • replace pkg/errors (#29)
  • Update branch name in GH Actions (#28)

Dependency Changes

Previous release can be found at v1.6.0

Which file should I download?

In addition to containerd, typically you will have to install runc and CNI plugins from their official sites too.

See also the Getting Started documentation.

相关地址:原始地址 下载(tar) 下载(zip)

1、 containerd-1.7.0-beta.3-linux-amd64.tar.gz 42.08MB

2、 containerd-1.7.0-beta.3-linux-amd64.tar.gz.sha256sum 109B

3、 containerd-1.7.0-beta.3-linux-arm64.tar.gz 30.9MB

4、 containerd-1.7.0-beta.3-linux-arm64.tar.gz.sha256sum 109B

5、 containerd-1.7.0-beta.3-linux-ppc64le.tar.gz 30.6MB

6、 containerd-1.7.0-beta.3-linux-ppc64le.tar.gz.sha256sum 111B

7、 containerd-1.7.0-beta.3-linux-riscv64.tar.gz 31.89MB

8、 containerd-1.7.0-beta.3-linux-riscv64.tar.gz.sha256sum 111B

9、 containerd-1.7.0-beta.3-linux-s390x.tar.gz 33.47MB

10、 containerd-1.7.0-beta.3-linux-s390x.tar.gz.sha256sum 109B

11、 containerd-1.7.0-beta.3-windows-amd64.tar.gz 32.08MB

12、 containerd-1.7.0-beta.3-windows-amd64.tar.gz.sha256sum 111B

13、 containerd-static-1.7.0-beta.3-linux-amd64.tar.gz 32.75MB

14、 containerd-static-1.7.0-beta.3-linux-amd64.tar.gz.sha256sum 116B

15、 containerd-static-1.7.0-beta.3-linux-arm64.tar.gz 29.62MB

16、 containerd-static-1.7.0-beta.3-linux-arm64.tar.gz.sha256sum 116B

17、 containerd-static-1.7.0-beta.3-linux-ppc64le.tar.gz 29.19MB

18、 containerd-static-1.7.0-beta.3-linux-ppc64le.tar.gz.sha256sum 118B

19、 containerd-static-1.7.0-beta.3-linux-riscv64.tar.gz 30.9MB

20、 containerd-static-1.7.0-beta.3-linux-riscv64.tar.gz.sha256sum 118B

21、 containerd-static-1.7.0-beta.3-linux-s390x.tar.gz 32.14MB

22、 containerd-static-1.7.0-beta.3-linux-s390x.tar.gz.sha256sum 116B

23、 cri-containerd-1.7.0-beta.3-linux-amd64.tar.gz 95.49MB

24、 cri-containerd-1.7.0-beta.3-linux-amd64.tar.gz.sha256sum 113B

25、 cri-containerd-1.7.0-beta.3-linux-arm64.tar.gz 85.31MB

26、 cri-containerd-1.7.0-beta.3-linux-arm64.tar.gz.sha256sum 113B

27、 cri-containerd-1.7.0-beta.3-linux-ppc64le.tar.gz 84.5MB

28、 cri-containerd-1.7.0-beta.3-linux-ppc64le.tar.gz.sha256sum 115B

29、 cri-containerd-1.7.0-beta.3-linux-riscv64.tar.gz 88.22MB

30、 cri-containerd-1.7.0-beta.3-linux-riscv64.tar.gz.sha256sum 115B

31、 cri-containerd-1.7.0-beta.3-linux-s390x.tar.gz 92.17MB

32、 cri-containerd-1.7.0-beta.3-linux-s390x.tar.gz.sha256sum 113B

33、 cri-containerd-1.7.0-beta.3-windows-amd64.tar.gz 36.82MB

34、 cri-containerd-1.7.0-beta.3-windows-amd64.tar.gz.sha256sum 115B

35、 cri-containerd-cni-1.7.0-beta.3-linux-amd64.tar.gz 132.69MB

36、 cri-containerd-cni-1.7.0-beta.3-linux-amd64.tar.gz.sha256sum 117B

37、 cri-containerd-cni-1.7.0-beta.3-linux-arm64.tar.gz 120.05MB

38、 cri-containerd-cni-1.7.0-beta.3-linux-arm64.tar.gz.sha256sum 117B

39、 cri-containerd-cni-1.7.0-beta.3-linux-ppc64le.tar.gz 119.39MB

40、 cri-containerd-cni-1.7.0-beta.3-linux-ppc64le.tar.gz.sha256sum 119B

41、 cri-containerd-cni-1.7.0-beta.3-linux-riscv64.tar.gz 122.25MB

42、 cri-containerd-cni-1.7.0-beta.3-linux-riscv64.tar.gz.sha256sum 119B

43、 cri-containerd-cni-1.7.0-beta.3-linux-s390x.tar.gz 129.08MB

44、 cri-containerd-cni-1.7.0-beta.3-linux-s390x.tar.gz.sha256sum 117B

45、 cri-containerd-cni-1.7.0-beta.3-windows-amd64.tar.gz 36.82MB

46、 cri-containerd-cni-1.7.0-beta.3-windows-amd64.tar.gz.sha256sum 119B

查看:2023-01-28发行的版本