Welcome to the v1.3.8 release of containerd!
The eighth patch release for containerd
1.3 includes several bug fixes and updates.
Notable Updates
- Fix metrics monitoring of v2 runtime tasks containerd/containerd#4486
- Fix nil pointer error when restoring checkpoint containerd/containerd#4754
- Fix devmapper device deletion on rollback containerd/containerd#4437
- Fix integer overflow on Windows containerd/containerd#4589
- Update seccomp default profile containerd/containerd#4481 #4491 #4492 #4493
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
Contributors
- Lantao Liu
- Sebastiaan van Stijn
- Phil Estes
- Derek McGowan
- Wei Fu
- Akihiro Suda
- Brian Goff
- Jintao Zhang
- Mike Brown
- Samuel Karp
- Bingshen Wang
- Bowen Yan
- Florian Schmaus
- Giuseppe Capizzi
- Kazuyoshi Kato
- Kenta Tada
- Li Yuxuan
- Maksym Pavlenko
- Michael Crosby
- Shengjing Zhu
- Stanislav Levin
- Tianon Gravi
- Tim Allclair
Changes
109 commits
7fb6e1713
Merge pull request #4782 from dmcgowan/prepare-1.3.83b63746c0
Prepare 1.3.8 releaseb2f19447a
Merge pull request #4753 from thaJeztah/1.3_restore_nil_pointerb3913eeaf
Merge pull request #4750 from thaJeztah/1.3_backport_windows_int_overflowbcb8bd3e4
bug fix:#34487f4ecee09
Fix integer overflow on windows609788376
Merge pull request #4747 from estesp/fix-gha-cve-1.38fcab2e3f
Fix release.yml script for GH Actions changes to env/pathe97ecf499
Merge pull request #4744 from estesp/fix-ci-1.3651188ccf
Fix GH Actions CI deprecations81678f0e5
Merge pull request #4697 from estesp/cp-4692-1.3d1f19bec7
Remove setuid gosu in favor of "sudo -E PATH=$PATH ..."ee26aa810
Merge pull request #4693 from samuelkarp/release1.3-critest7f5720ee3
setup: install critest v1.16.18ed201980
ci: run critest target for all runtimes0cd442194
Merge pull request #4649 from estesp/cp-4645-1.3d47ee95a6
Check if a process exists before returning it53371c823
Merge pull request #4598 from estesp/release-script-updates4bb1ec089
Proper case for DESTDIR so GH Actions configuration is used6eef06eab
Fix DCO commit limite5afa333a
Add CRI release build9bd8f6e4c
Update containerd systemd unit filec7bd04763
Create etcd user in cloud init.a208e937e
use containerd/project header testda709fe9b
Fix indent in cni.template.bdd3c8529
Update deployment and integration testd8ef77eb8
Add TaskMax=infinityf3c918509
RemovenoSnat
e617564d9
Use v2 config.70d9e28a6
Use per-pod shim.b3ef77e56
Add DefaultRuntimeName option.f0d9c25e6
Use ctr images import.5a5581694
Addcri
as required plugin.1ee592b6a
Use runc.v1 for now for debugging.a6f0c7ba1
Enable runc.v2 as the default runtime in test.61254c0d0
Use local env to avoid writing to passed-in readonly env.816214947
Set default "" to extra runtime handler.25b7a9361
Expose vars to configure an additional runtime handler90ef88d69
Support docker 18.09 in the test script.3acc61aad
Remove the unusedhealth-monitor.sh
.1656e2c62
Support netd in GCE bootstrap.cf18a7f24
Serve streaming on localhost by default to match k8s 1.11 default.6462656c5
Remove crictl on GCE for all cases.876448273
Set stream server to serve on localhost on GCE.151d40da7
Make max container log line size configurable through cloud init.7423599a9
Disable TLS streaming to work with new kubelet streaming proxy.de14be92d
Update cni.template7ba7a1c74
Disable restart plugin on GCE.d5a7d0d40
Fix kube-container-runtime-monitor.51c239c50
Use crictl installed in kube-up.sh7e4202681
Addunix://
prefix for socket addresses used by CRI remote client.78bc3160c
Add KUBE_CONTAINER_RUNTIME_NAME to fix fluentd support.1efcba285
Try using preloaded containerd if no version is specified.b3d92c5dd
Add log level support.4c3b865ef
Improve gce bootstrapping in various ways.bae03ff7c
Add cni config template support.cb8d42994
Enable TLS streaming in all the setup.7078a01e6
Use systemd service cgroup and oom score adj.eca3ca166
Fix for kube-up.sh and update several documments.95159e4e5
Replacectrcri
withctr cri
.240169814
Update GCE cluster bootstrapping and e2e test1fe038512
Enable container log rotation.0ce45ac5d
Do not block on stream server close.206b239d6
Add initial wait for health-monitor and use pkill -x.fc561a2a1
The ENV is finalized as KUBE_KUBELET_EXTRA_ARGS.8416e9356
change crictl sandboxes to pods; other references to sandboxes23bd0364e
Update ocicni to main stream.1b4ef5d64
Add a separate CLI for cri-containerdctrcri
.4fc3b564c
Use registry-1.docker.io as backup3bc1d3559
Put version into metadata so that version won't be changed across restart.544e0e71a
Set registry mirror.0d0257a94
Configure container runtime cgroups for cgroup.5ad7db207
Add runtime cgroup and fix a cli panic.89e92495d
Update all glog flags tolog-level
.b49929ebc
Update containerd to 6c7abf7.077721211
Add document for kube-up.sha797a6ce2
Add OS and arch in release tarball.2ad761ddb
Addcluster
directory and health-monitor.sh.02d93addb
Merge pull request #4561 from thaJeztah/1.3_backport_seccomp_updates1f5b5c909
seccomp: allow io-uring related system calls37c1a8ecb
seccomp: allow clock_settime when CAP_SYS_TIME is addedf959608b0
seccomp: allow quotactl with CAP_SYS_ADMIN61f1b4ee2
seccomp: allow sync_file_range2 on supported architectures.4748bb7d5
seccomp: allow personality with UNAME26 bit set93a529467
seccomp: allow syscall membarrier280fc55eb
seccomp: allow adjtimex get time operation2fb406bef
seccomp: allow add preadv2 and pwritev2 syscallsf81ce26aa
seccomp: move the syslog syscall to be gated by CAP_SYS_ADMIN or CAP_SYSLOG2ee65d857
Update usage of whitelist in project39052fa79
seccomp: allow 'rseq' syscall in default seccomp profilea3a385c9d
seccomp: remove the unused query_module(2)7d3e2766c
seccomp: Whitelistclock_adjtime
078b6d91b
seccomp: add 64-bit time_t syscalls6f8f27ab4
Merge pull request #4553 from thaJeztah/1.3_backport_add_openat2_syscallbdb3ce2fa
seccomp: addfaccessat2
syscall.44633cf1b
seccomp: addopenat2
syscall.8d67174ae
Merge pull request #4543 from thaJeztah/1.3_backport_forward_signal_not_found1850de7af
Ignore SIGURG signals in signal forwarder11325afdb
Exit signal forward if process not foundaebad1da6
Merge pull request #4511 from fuweid/13-cherry-pick-448658172a6f4
tasks: Monitor v2 tasks in initFunc as wellf99bb2cc4
Merge pull request #4495 from kzys/backport-1.3-4437fd6c9153a
snapshots/devmapper: fix rollback6c71fe1c4
Merge pull request #4463 from thaJeztah/1.3_backport_bump_golang_1.13.151ef5cd282
Bump Golang 1.13.150e7693b58
Bump Golang 1.13.14e36542ca5
Bump Go 1.13.1383b33f63b
.zuul: update go version to 1.13.102ba1c323b
ci: set pipefail in zuul script
Dependency Changes
This release has no dependency changes
Previous release can be found at v1.3.7