- Verified with grootfs-release v0.30.0
Major Changes:
- It is now possible to specify a
ProcessSpec.Image. This causes a Process to have its own filesystem view (mount namespace) and base root filesystem. Processes with their own filesystem view share other namespaces (in particular, they share the same network) and resource limits (i.e. cgroups) - A process can additionally request independent resource limits from the rest of the container by specifying
ProcessSpec.OverrideContainerLimits{}.
Limitations:
- Currently it is only possible to use
ProcessSpec.ImageandProcessSpec.OverrideContainerLimitswith unprivileged containers. This will be fixed in future releases. - The only currently meaningful values for
ProcessSpec.OverrideContainerLimitsarenil(share limits with sandbox container - i.e. current behaviour) andLimits{}(opt-out of resource limits for this process). Future releases will add the ability to specify specific, separate memory/cpu limits for processes using this API. - APIs such as
BulkMetricsandProcess.Signalmay not work immediately aftercontainer.Run(ProcessSpec)returns for processes withImageand/orOverrideContainerLimitsspecified. This will be fixed in future releases.
Other Changes:
- We've lessened the amount of logging we do in
BulkMetricsto reduce log volume in large environments - We're now masking some more places in
/proc - Garden now correctly declares that the bundles it creates are OCI Runtime Spec version 1.0.0 compliant.