• CRI-O v1.22.2
  • Downloads
  • Changelog since v1.22.1
    • Changes by Kind
      • Other
      • API Change
      • Feature
      • Documentation
      • Bug or Regression
      • Uncategorized
  • Dependencies
    • Added
    • Changed
    • Removed

CRI-O v1.22.2

The release notes have been generated for the commit range v1.22.1…b030be8 on Fri, 25 Feb 2022 12:54:20 EST.

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

• cri-o.amd64.b030be8379c8000ab93abec6b9c05df001ed93bb.tar.gz
• cri-o.arm64.b030be8379c8000ab93abec6b9c05df001ed93bb.tar.gz

Changelog since v1.22.1

Changes by Kind

Other

• Introduce the following metrics: crio_operations_total, crio_operations_latency_seconds_total, crio_operations_latency_seconds, crio_operations_errors_total, crio_image_pulls_bytes_total, crio_image_pulls_skipped_bytes_total, crio_image_pulls_success_total, crio_image_pulls_failure_total, crio_image_layer_reuse_total, crio_containers_oom_count_total while marking metric names that do not follow prometheus best practices as Deprecated in Prometheus metric help text. (#5487, @swghosh)

API Change

• Drop support for v1alpha2 Container Runtime Interface (CRI) and require v1. (#5471, @saschagrunert)

Feature

• Add allowed_devices field to config, allowing admins to specify which devices are allowed to be specified in the “io.kubernetes.cri-o.Devices” allowed_annotation. The default for this config field is [/dev/fuse] (#5551, @haircommander)
• Add a [crio.stats] table to the config for configuring all things stats-related. Add ability (with config field StatsCollectionPeriod) to calculate and save stats for pods and containers, rather than return them on demand. Add support for {,List}PodSandboxStats, which allows the kubelet to take advantage of the PodAndContainerStatsFromCRI feature gate–one that is set to be alpha in 1.23. (#5427, @haircommander)
• Add functionality to use taskset to spawn new commands cri-o runs. Now, if InfraCtrCPUSet is called, all newly spawned commands will be placed in the InfraCtrCPUSet (as it’s expected to be set to the reserved CPU set that system commands should run on). (#5514, @haircommander)
• Add support for TARGET namespace mode, which enables support for ephemeral containers. (#5440, @haircommander)
• Add support for minimum_mappable_{u,g}id which relaxes the requirement on sc.RunAs{User,Group}. If set, the RunAs{User,Group} value and any explicitly-mapped host IDs are only required to be at or above the configured values. (#5462, @nalind)
• Containers now have a /run/.containerenv file to help applications identify that they are running inside a container. (#5463, @pjbgf)
• Now, if infra_ctr_cpuset is configured, conmon is put in the same cpuset (#5414, @haircommander)

Documentation

• Improved some error messages related to user namespaces. (#5494, @frasertweedale)

Bug or Regression

• Allow for both runtime class and workload level allowed annotations. Now, if a container or pod has both specified, the list will be merged. (#5465, @haircommander)
• Conmon now always writes its logs to syslog, instead of only when the cgroup manager is cgroupfs (#3773, @haircommander)
• Fix a bug where CRI-O would never shutdown if the networking plugin wasn’t configured correctly (#5284, @haircommander)
• Fix a bug where a pod given a host IPC or network namespace could configure sysctls on the host (#5610, @haircommander)
• Fix a bug where invalid default_sysctls could be specified, leading to an error like “Failed to configure sysctls after unshare: No such file or directory” (#5673, @haircommander)
• Fix a bug where memory swap values were specified even if the memory swap cgroup is not enabled (#5539, @haircommander)
• Fix a bug where situations of excessive load on nodes causes containers to never actually start (#5590, @haircommander)
• Fix a potential crash caused by a log message NULL-pointer dereference. (#5579, @klihub)
• Fix an issue where protobuf panics when serializing ListContainer and ListPodSandbox calls (#5606, @haircommander)
• Fix bug where ip a reports Error: Peer netns reference is invalid (#5529, @haircommander)
• Fix crypto-profile bind within RHEL based containers. (#5555, @rphillips)
• Fix vm containers couldn’t restore after cri-o restart (#5574, @gozssky)
• Fix zsh completion generation. (#5586, @klihub)
• Fixed possible runtime panic on pod sandbox stats retrieval. (#5588, @saschagrunert)
• Forbid AppArmor profiles with the name localhost/. (#5655, @saschagrunert)
• Move namespace cleanup from sandbox stop to sandbox remove. This allows veth entries in the network namespaces of pods to be cleaned up earlier (#5336, @haircommander)

Uncategorized

• Changes default config output to comment default values instead of omitting them (#5007, @wgahnagl)
• Fix a case where conmon children are sometimes leaked (#5500, @haircommander)
• Inherits storage configs from storage.conf if crio config does not set. (#5520, @QiWang19)
• Specify runtime table format in the error message (#5452, @QiWang19)
• Update go to 1.17 in go.mod (#5577, @QiWang19)

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.