- Verified with grootfs-release v0.15.0
Hi Gardeneers!
GRR v1.4.0 mostly introduces some changes to the network plugin API and introduces a first-pass experimental ability to limit container block IO. Please, contain your enthusiasm.
Network Plugin / Networking Changes
- We now allow the network plugin to return a set of DNS servers which we will ensure are set on the container's resolv.conf. This allows DNS policy to be set by the network plugin if enabled.
- When the network plugin is not enabled, there's now an
additional_dns_serversproperty that allows specifying extra DNS servers which should be appended to any inherited from resolv.conf or set to thedns_serversproperty. /etc/hostsand/etc/resolv.confare now bind-mounted in to the container rather than being written in a chroot. This interacts better with user namespaces and rootless containers and is generally more simple and secure.- We no longer set up the built-in networkers iptable chains when an external network plugin is enabled, to avoid confusion caused by two things both creating iptable state on the host
- Log messages from
NetOut(log=true)rules now properly truncate handles so that space separation is preserved when the handle is longer than 29 characters
BlockIO Limiting (Experimental)
- We've added an experimental
default_container_blockio_weightproperty to allow assigning a blockio weight to all containers created by garden. This requires the CFQ scheduler to be enabled to be useful and applies to all garden-created containers on the host. The feature is being released experimentally via the bosh property, feedback welcome!
Rootless Mode
- You can now follow the updated experimental rootless mode doc to add networking support to your rootless containers.