CRI-O v1.21.0-dev
The release notes have been generated for the commit range
v1.20.0…2fc6693 on Tue, 13 Apr 2021 19:15:27 UTC.
Downloads
Download one of our static release bundles via our Google Cloud Bucket:
Changelog since v1.20.0
Changes by Kind
Dependency-Change
Feature
- A new CLI option
--registries-conf-dir
is added which allows users to select
a specific registries.conf.d(5)
path which will be used instead of the user or
system default paths. (#4595, @maybe-sybr)
- Added
container_runtime_crio_containers_oom_total
and container_runtime_crio_containers_oom
metrics,
which collects out of memory (oom) containers. (#4690, @saschagrunert)
- Added
crio-status.8
man page to static release bundle (#4510, @saschagrunert)
- Added arm64 variant to static binary bundle. The bundle is now available via the URL
https://storage.googleapis.com/k8s-conform-cri-o/artifacts/cri-o.$ARCH.$VERSION.tar.gz
,
where $ARCH
can be amd64
or arm64
and $VERSION
a tag or full length git SHA.
Beside that, we provide a new installation script
curl https://raw.githubusercontent.com/cri-o/cri-o/master/scripts/get | bash
.
For this script, it is also possible to pass the architecture and version as arguments:
get [amd64|arm64] [VERSION|SHA]
.
The static binary bundle now uses crun as default container runtime for CRI-O. (#4552, @saschagrunert)
- Added feature to allow the OCI seccomp BPF hook to trace containers into dedicated files by
using the annotation key
io.containers.trace-syscall/container-name
(#4544, @saschagrunert)
- Bump containers image to v5.10.1 (#4519, @QiWang19)
- CRI-O does not return
<none>
placeholders for missing tags and digests any more when doing a ListImages
RPC (#4673, @saschagrunert)
- Changed
VersionResponse.RuntimeApiVersion
to return either the v1alpha2
or v1
CRI API version (#4473, @saschagrunert)
- Fall back to search registries list if short name alias is not found in the alias table. (#4730, @umohnani8)
- Fix a bug where pods with
hostNetwork: true
couldn’t have ports forwarded from them when drop_infra_ctr=true (#4495, @haircommander)
- It is possible to override cgroup v2 unified configuration through the io.kubernetes.cri-o.UnifiedCgroup.$CTR_NAME annotation (#4479, @giuseppe)
- Port-forward works for IPv6 only pods (#4639, @aojea)
- Provide a new configuration flag to specify CPUs that will be used to run infra containers (#4459, @cynepco3hahue)
- Support Container Runtime Interface (CRI) security profiles for seccomp, which has been introduced with Kubernetes v1.20.0 and the graduation of the CRI. (#4358, @saschagrunert)
- Support enabling pprof profile over CRI-O’s unix socket (#4514, @mrunalp)
Design
- Add support for customizing container specs based on workloads. Each workload has an activation_annotation that, when present, activates the specific workload. Then, each workload has the option to configure different resources. Resources can have default values, or require that they’re specified for each individual container. This is done by annotation, which is of the form
$annotation_prefix.$resource_name/$container_name
, where annotation_prefix is configured for the particular workload, resource_name corresponds to the resource being configured, and container name is the container in a pod that should have its resource configured. (#4725, @haircommander)
Documentation
- The installed cri-o.service file now attempts to be run before kubelet.service (#4443, @haircommander)
Bug or Regression
- Fix a bug where CollectMode wouldn’t be set if the feature was backported to systemd (in RHEL/CentOS 7, for instance) (#4563, @haircommander)
- Fix a bug where containers didn’t have a finished time set when using the “vm” style runtimes. (#4468, @haircommander)
- Fix a bug where crio wipe incorrectly wiped container storage even though the node wasn’t rebooted (#4691, @haircommander)
- Fix a bug where pods or containers could be cleaned up out of order if the request timed out (#4722, @haircommander)
- Fix running privileged systemd containers with bidirectional mounts (#4575, @giuseppe)
- Fixed a bug that could cause CRI-O to segfault when a node is under heavy load (#4530, @haircommander)
- Fixed a bug which would cause configuration files to not be reloaded properly on SIGHUP when one or more “drop-in” configuration files were being used. (#4694, @nalind)
- Ingress/Egress burst limit is now set slightly below 4GB, which properly sets 4GB as the upper limit of burst (#4348, @zizon)
- Instead of failing to start, CRI-O now only prints a warning and ignores the runtime, in case a *non- default runtime is misconfigured. (#4631, @fidencio)
- Some fields in the crio configuration related to storage and images were commented out by default (when running
crio config
). They have been uncommented, and will be applied (if they’re different from the default value). (#4748, @haircommander)
- When dropping the infra container, the container inspect endpoint now returns a PID when requesting the infra container. (#4613, @haircommander)
Other (Cleanup or Flake)
- Add clean_shutdown_file option to allow crio/crio wipe to verify crio had time to shutdown cleanly (#3999, @haircommander)
- Add metric to grab latency for individual CRI calls. (#4598, @umohnani8)
- Fixed version log timestamp when starting CRI-O (#4724, @saschagrunert)
- Log the container stop timeout at default log level (#4549, @mrunalp)
Uncategorized
- “crio config” only prints the fields that are different than the default configuration. (#4682, @ityuhui)
- Allows users to set stream timeout from config (#4529, @wgahnagl)
- CRI-O now supports short-name aliases which can be configured in the
containers-registries.conf(5)
configuration files. Please refer to the following article for further details on short-name aliases: www.redhat.com/sysadmin/container-image-short-names
The registries
option in the crio.conf has been deprecated and takes no effect any more. CRI-O will warn when loading the config and note that containers-registries.conf(5)
should be used instead for configuring unqualified-search registries. (#4455, @vrothberg)
- Cri-o managed scopes now depend on the shutdown.target and network.target to allow graceful shutdowns. (#4654, @rphillips)
- Crio adds info level log of the physical image source. (#4438, @QiWang19)
- Fix OOMs when using crun together with CPU Manager (#4592, @odinuge)
- Fixed a bug where image authentication failed from not finding the auth file. (#4461, @QiWang19)
- Set conmon scope KillSignal to SIGPIPE (#4560, @openshift-cherrypick-robot)
- This new release of ocicrypt contains new usable interfaces and thus is a new minor number. This issue details the notable features added as well as a checklist before making a new release that will be used by consuming projects. Target date for completion is 24th January.
Changes
There are several significant changes in release 1.1.0, this includes:
- Experimental PKCS11 support enabled via ENV variable
- Custom keyprovider support enabled via ENV variable (#4537, @pravinrajr9)
- Update nix pin with
make nixpkgs
(#4395, @hswong3i)
- When using high performance hooks, CRI-O now restarts the irqbalance service after updating the irqbalance config file. rather than calling
irqbalance --oneshot
. A new config value irqbalance_config_file
has been introduced to configure the file to update with IRQBALANCE_BANNED_CPUS
settings. The default of this config value is /etc/sysconfig/irqbalance
, but must be set to /etc/default/irqbalance
for Ubuntu-like distributions. (#4441, @pperiyasamy)
Dependencies
Added
- github.com/Knetic/govaluate: 9aa4983
- github.com/Microsoft/hcsshim/test: 43a75bb
- github.com/Shopify/logrus-bugsnag: 577dee2
- github.com/Shopify/sarama: v1.19.0
- github.com/Shopify/toxiproxy: v2.1.4+incompatible
- github.com/VividCortex/gohistogram: v1.0.0
- github.com/afex/hystrix-go: fa1af6a
- github.com/apache/thrift: v0.13.0
- github.com/aryann/difflib: e206f87
- github.com/aws/aws-lambda-go: v1.13.3
- github.com/aws/aws-sdk-go-v2: v0.18.0
- github.com/bitly/go-simplejson: v0.5.0
- github.com/bmizerany/assert: b7ed37b
- github.com/bshuster-repo/logrus-logstash-hook: v0.4.1
- github.com/bugsnag/bugsnag-go: b1d1530
- github.com/bugsnag/osext: 0dd3f91
- github.com/bugsnag/panicwrap: e2c2850
- github.com/casbin/casbin/v2: v2.1.2
- github.com/checkpoint-restore/checkpointctl: a2024f5
- github.com/checkpoint-restore/go-criu/v4: v4.1.0
- github.com/clbanning/x2j: 8252494
- github.com/containerd/aufs: 20793ff
- github.com/containerd/btrfs: 918d888
- github.com/containerd/go-cni: v1.0.1
- github.com/containerd/imgcrypt: 7ed62a5
- github.com/containerd/nri: dbaa18c
- github.com/containerd/stargz-snapshotter/estargz: 2b97b58
- github.com/containerd/zfs: dde8f0f
- github.com/containers/podman/v3: v3.1.0
- github.com/denverdino/aliyungo: a747050
- github.com/docker/go-events: e31b211
- github.com/docker/go-plugins-helpers: c9a8a2d
- github.com/eapache/go-resiliency: v1.1.0
- github.com/eapache/go-xerial-snappy: 776d571
- github.com/eapache/queue: v1.1.0
- github.com/edsrzf/mmap-go: v1.0.0
- github.com/fanliao/go-promise: 1890db3
- github.com/franela/goblin: c9ffbef
- github.com/franela/goreq: bcd34c9
- github.com/garyburd/redigo: 535138d
- github.com/go-errors/errors: v1.0.1
- github.com/go-ini/ini: v1.25.4
- github.com/gobuffalo/here: v0.6.0
- github.com/gogo/googleapis: v1.4.0
- github.com/golang/snappy: 2e65f85
- github.com/google/go-github/v33: v33.0.0
- github.com/gorilla/handlers: 60c7bfd
- github.com/hashicorp/go-version: v1.2.0
- github.com/hudl/fargo: v1.3.0
- github.com/hugelgupf/socketpair: 05d35a9
- github.com/influxdata/influxdb1-client: 8bf82d3
- github.com/jpillora/backoff: v1.0.0
- github.com/jsimonetti/rtnetlink: d2c2404
- github.com/juju/ansiterm: 720a095
- github.com/lightstep/lightstep-tracer-common/golang/gogo: bc2310a
- github.com/lightstep/lightstep-tracer-go: v0.18.1
- github.com/lunixbochs/vtclean: 2d01aac
- github.com/magefile/mage: v1.10.0
- github.com/manifoldco/promptui: v0.8.0
- github.com/markbates/pkger: v0.17.1
- github.com/marstr/guid: v1.1.0
- github.com/mdlayher/ethernet: 0394541
- github.com/mdlayher/netlink: v1.1.1
- github.com/mdlayher/raw: 50f2db8
- github.com/miekg/pkcs11: v1.0.3
- github.com/mitchellh/osext: 5e2d6d4
- github.com/moby/spdystream: v0.2.0
- github.com/moby/sys/mount: v0.2.0
- github.com/moby/sys/symlink: v0.1.0
- github.com/monochromegane/go-gitignore: 205db1a
- github.com/nats-io/jwt: v0.3.2
- github.com/nats-io/nats-server/v2: v2.1.2
- github.com/nats-io/nats.go: v1.9.1
- github.com/nats-io/nkeys: v0.1.3
- github.com/nats-io/nuid: v1.0.1
- github.com/ncw/swift: v1.0.47
- github.com/oklog/oklog: v0.3.2
- github.com/oklog/run: v1.0.0
- github.com/op/go-logging: 970db52
- github.com/opentracing-contrib/go-observer: a52f234
- github.com/opentracing/basictracer-go: v1.0.0
- github.com/openzipkin-contrib/zipkin-go-opentracing: v0.4.5
- github.com/openzipkin/zipkin-go: v0.2.2
- github.com/pact-foundation/pact-go: v1.0.4
- github.com/performancecopilot/speed: v3.0.0+incompatible
- github.com/pierrec/lz4: v2.0.5+incompatible
- github.com/pkg/profile: v1.2.1
- github.com/rcrowley/go-metrics: 3113b84
- github.com/rivo/uniseg: v0.2.0
- github.com/samuel/go-zookeeper: 2cc03de
- github.com/shirou/gopsutil/v3: v3.20.12
- github.com/sony/gobreaker: v0.4.1
- github.com/stefanberger/go-pkcs11uri: 78d3cae
- github.com/streadway/amqp: edfb901
- github.com/streadway/handy: d5acb31
- github.com/vbauerster/mpb/v6: v6.0.3
- github.com/xlab/treeprint: a009c39
- github.com/yvasiyarov/go-metrics: 57bccd1
- github.com/yvasiyarov/gorelic: a9bba5b
- github.com/yvasiyarov/newrelic_platform_go: b21fdbd
- go.starlark.net: 8dd3e2e
- go.uber.org/tools: 2cfd321
- google.golang.org/cloud: 975617b
- sigs.k8s.io/kustomize/api: v0.8.5
- sigs.k8s.io/kustomize/cmd/config: v0.9.7
- sigs.k8s.io/kustomize/kustomize/v4: v4.0.5
- sigs.k8s.io/kustomize/kyaml: v0.10.15
- sourcegraph.com/sourcegraph/appdash: ebfcffb
Changed
Removed