containerd/containerd v1.6.0-rc.2 on GitHub

Welcome to the v1.6.0-rc.2 release of containerd!

The seventh major release of containerd includes many improvements and added
support to increase overall compatibility and stability.

Highlights

Runtime

Add runtime label to metrics (#5744)
Cleanup task delete logic in v2 shim (#5813)
Add support for shim plugins (#5817)
Handle sigint and sigterm in shimv2 (#5828)
Decouple shim and task manager (#5918)
Add runc shim support for core scheduling (#6011)
Update shim client connect attempt to fail fast when shim errors (#6031)
Add support for absolute path to shim binaries (#6206)
Update runc to v1.1.0 (#6375)

Windows

Add support for Windows HostProcess containers (#5131)
Add support for Windows resource limits (#5778)

CRI

Add CNI configuration based on runtime class (#4695)
Add support for Intel RDT (#5439)
Add support for CRI v1 and v1alpha in parallel (#5619)
Add support for unified resources field for cgroups v2 (#5627)
Add IP preference configuration for reporting pod IP (#5964)
Implement new CRI pod sandbox stats API (#6113)
Add sandbox and container latency metrics (#6111)
Add namespace to ttrpc and grpc plugin connections (#6130)
Add option to allow ping sockets and privileged ports with no capabilities (#6170)
Add support for configuring swap (#6320)

Other

Add support for client TLS Auth for grpc (#5606)
Add xfs support for devicemapper snapshotter (#5610)
Add metric exposing build version and revision (#5965)
Add support for custom fs options in devmapper snapshotter (#6122)
Update introspection service to show GRPC plugins (#6432)

Client

Allow WithServices to use custom implementations (#5709)
Support custom compressor for walking differ (#5735)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

Derek McGowan
Phil Estes
Akihiro Suda
Wei Fu
Maksym Pavlenko
Sebastiaan van Stijn
Michael Crosby
Kazuyoshi Kato
Mike Brown
Claudiu Belu
Daniel Canter
haoyun
Brian Goff
Gabriel Adrian Samfira
Stefan Berger
zounengren
AdamKorcz
Adelina Tuvenie
Kohei Tokunaga
Davanum Srinivas
Nashwan Azhari
Samuel Karp
Shiming Zhang
Enrico Weigelt, metux IT consult
Markus Lehtonen
Alakesh Haloi
Hajime Tazaki
Iceber Gu
Kevin Parsons
Aditi Sharma
David Porter
Gijs Peskens
Jeremi Piotrowski
ningmingxiao
Brandon Lum
Cody Roseborough
Danielle Lancashire
Jacob MacElroy
Tõnis Tiigi
dependabot[bot]
wanglei
Alexandre Peixoto Ferreira
Fabiano Fidêncio
Furkan Türkal
Jiaming Xu
Kir Kolyshkin
Miao Wang
Neil Johnson
Paul "TBBle" Hampson
Priyanka Saggu
Romain Aviolat
Samuel Ortiz
Sunghoon Kang
Takumasa Sakao
Tobias Klauser
Zhiyu Li
ye.sijun
Alexander Minbaev
Alexey Ivanov
Artem Khramov
Aurelien Lun-Sin
Ben Hutchings
Cory Bennett
Da McGrady
Dan Williams
Eng Zer Jun
Eric Ernst
Ethan Chen
Fupan Li
Gaurav Gahlot
Gunju Kim
Jacob Blain Christen
James Sturtevant
Jan Klippel
Jayme Howard
Jiajun Jiang
Jintao Zhang
Justin Terry
Kaijie Chen
Kante
Kern Walster
Kitt Hsu
Lantao Liu
Ma Xinjian
Manabu Sugimoto
Manuel Alejandro de Brito Fontes
Mark Rossetti
Markus Lippert
Mikko Ylinen
Ng Yang
Nicolas Chariglione
Ning Li
Olli Janatuinen
Peri Thompson
Quan Tian
Radostin Stoyanov
Rui Lopes
Sambhav Kothari
Sebastian Hasler
Sergey Kanzhelev
Sören Tempel
Yang Yang
Yifan Yuan
Zilong Wang
Zufar Dhiyaulhaq
botieking98
chenxiaoyu
jayonlau
jerryzhuang
linrunlong
scuzhanglei
wangzhan
Étienne Guesnet

Changes

1022 commits

Prepare 1.6.0-rc.2 (#6502)
- Prepare release notes for v1.6.0-rc.2
- Update releases document
platforms.Normalize(): do not reset OSVersion and OSFeatures (#6497)
- platforms.Normalize(): do not reset OSVersion and OSFeatures
tracing: use OTLP/HTTP in addition to OTLP/gRPC (#6457)
- tracing: return (ctx, span) from StartSpan
- tracing: support OTLP/HTTP in addition to gRPC
Update cgroups to v1.0.3 (#6498)
- Update cgroups to v1.0.3
seccomp: kernel 5.11 -> 5.16 (#6494)
- seccomp: kernel 5.16 (futex_waitv)
- seccomp: kernel 5.15 (process_mrelease)
- seccomp: kernel 5.14 (quotactl_fd, memfd_secret)
- seccomp: kernel 5.13 (landlock_{add_rule,create_ruleset,restrict_self})
- seccomp: kernel 5.12 (mount_setattr)
remotes: fix dockerPusher to handle abort correctly (#6243)
- remotes: fix dockerPusher to handle abort correctly
seccomp: add support for "swapcontext" syscall in default policy (#6411)
- seccomp: add support for "swapcontext" syscall in default policy
oci: use readonly mount to read user/group info (#6478)
- oci: use readonly mount to read user/group info
Fix possibly incorrect media type default on import (#6475)
- Fix possibly incorrect media type default on import
shimv2: handle sigint/sigterm (#5828)
- shimv2: handle sigint/sigterm
Fix acr fetch token 400 (#6481)
- fix acr fetch token 400
platforms: add support for matching amd64 variants (#6455)
- platforms: add support for matching amd64 variants
Fix windows periodic workflow (#6476)
- Fix windows periodic workflow
docs: add doc-comments on GC-related methods (#6473)
- docs: add doc-comments on GC-related methods
fix: should not send 137 code event if cmd is notfound (#6465)
- fix: should not send 137 code event if cmd is notfound
Fix empty scopes return (#6463)
- fix empty scopes return
Prepare release notes for v1.6.0-rc.1 (#6462)
- Prepare release notes for v1.6.0-rc.1
Add support for skipping non-dist blob push (#6424)
- ctr: flag to toggle non-distributable blob push
- Add image handler to skip non-distributable blobs.
Compile binaries for go1.16 and go1.17 in CI (#6461)
- Compile binaries for go1.16 and go1.17 in CI
services/introspection: fix plugin caching to show grpc plugins (#6432)
- Update caching logic to avoid map access
- services/introspection: support to show introspection grpc service
Integration: Change to Windows Server 2022 build number constant (#6458)
- Integration: Change to Windows Server 2022 build number constant
Update kubernetes vendor to 0.22.5 (#6460)
- Update kubernetes vendor to 0.22.5
Fix rdt build tags for go 1.16 (#6459)
- Fix rdt build tags for go 1.16
Remove submodule go mod (#6439)
- Remove api go submodule
- Update makefile to remove API submodule
go.mod: Update hcsshim to v0.9.2 (#6453)
- go.mod: Update hcsshim to v0.9.2
update runc to v1.1.0 (#6375)
- go.mod: github.com/opencontainers/runc v1.1.0
- update runc binary to v1.1.0
tracing: fix OTLP tracer's initialization (#6443)
- tracing: fix OTLP tracer's initialization
gha: run CodeQL scan on pull requests (#6386)
- gha: run CodeQL scan on pull requests
Do not automatically inject client traces (#6445)
- Do not automatically inject client traces
[containerd-stress] delete useless code (#6451)
- delete useless code
Revert "Add shared content label to namespaces" (#6440)
- Revert "Add shared content label to namespaces"
Add ppc64 support for test images (#6435)
- Add ppc64 support for test images
ctr: Unify the delete subcommand alias (#6427)
- ctr: Unify the delete subcommand alias
Prepare release notes for v1.6.0-rc.0 (#6431)
- Prepare release notes for v1.6.0-rc.0
Integration: Switch to using auth Gcloud action in Windows workflow. (#6397)
- Integration: Switch to upload-cloud-storage Gcloud action.
- Integration: Switch to using auth Gcloud action in Windows workflow.
remove io/ioutil (#6426)
- remove io/ioutil
test: e2e node COS cgroupv2 script (#6418)
- test: e2e node COS cgroupv2 script
Integration: Enable CRITest on Windows 2022. (#6378)
- Enable critest tests on Windows Server 2022.
- Parametrize CRITest test images in Windows Periodic workflow.
Update error message for apparmor parser (#6415)
- Update error message for apparmor parser
Fix wrong log message (#6419)
- Fix wrong log message
Followup errors change (#6414)
- Fix incorrect error wrapped when closing ingest file
- Fix seek error used without nil check
- Fix followup items from errors replacement
Updates CRI API & Kubernetes to 1.23 (#6351)
- Update k/k to 1.23.0
Updating adoption of containerd for AKS (#6416)
- Updating adoption of containerd for AKS
update the adoption status of containerd in GKE (#6413)
- update the adoption status of containerd in GKE
go.mod: update github.com/containerd/{continuity,go-cni,imgcrypt} (#6410)
go.mod: update github.com/containerd/{continuity,go-cni,imgcrypt}
replace github.com/pkg/errors with native errors (#6366)
- feat: replace github.com/pkg/errors to errors
corrected link in cri architecture documentation (#6412)
- corrected link in cri architecture documentation
remotes/docker: allow fetching "refresh token" (aka "identity token", "offline token") (#6396)
- remotes/docker: allow fetching "refresh token" (aka "identity token")
- remotes/docker/config: allow setting custom AuthorizerOpts
Prepare release notes for v1.6.0-beta.5 (#6407)
- Prepare release notes for v1.6.0-beta.5
Integration: Check GCP secrets on Windows CI artifact upload. (#6292)
- Integration: Check GCP secrets on Windows CI artifact upload.
Github Security Advisory GHSA-mvff-h3cj-wj9c
- only relabel cri managed host mounts
Add support for Intel RDT (#5439)
- cri: add ignore_rdt_not_enabled_errors config option
- Update dependencies
- cri: annotations for controlling RDT class
- tasks: add Linux rdt support
- cmd: add --rdt-class command line option
- oci: implement WithRdt
fix: use _ for consistency (#6391)
- fix: use _ for consistency
content/local: use syscall.Timespec.Unix (#6403)
- content/local: use syscall.Timespec.Unix
docs: improve plugin documentation (#6207)
- docs: document the runtime shim plugin config options
- docs: use proper markdown lists in containerd-config.toml.5.md
fix(ctr): enable networking for Windows containers (#6304)
- fix(ctr): enable networking for Windows containers
Fix $(PWD) issue for Windows makefile (#6394)
- Fix $(PWD) issue for Windows makefile
only test abstract uds on linux (#6395)
- fix: only test abstract unix socket on linux
Fix restart container test (#6390)
- Expect ErrorNotFound on Windows after Kill()
- Replace tskill with taskkill
fix when kernel version < 4.13rc1 by using index=off cause test error (#6291)
- fix when kernel version < 4.13rc1 by using index=off cause overlay test error
Fix no-daemon flag for integration/client tests (#6384)
- Fix no-daemon flag for integration/client tests
Enable lazy init for ext4 with devicemapper (#6122)
- Enable lazy init for ext4 with devicemapper
Fix flakiness on Windows for list stats (#6385)
- Fix flakiness on Windows for list stats
cri-integration: Add Windows defaults and fix spaces issue (#6347)
- cri-integration: Add Windows default paths
Upgrade OpenTelemetry dependencies (#6383)
- Upgrade k8s.io/klog/v2 from 2.9.0 to 2.20.0
- Use insecure.NewCredentials instead of grpc.WithInsecure
- Upgrade OpenTelemetry dependencies
Fix default makefile target for windows (#6322)
- Fix default makefile target for windows
Disable TestContainerHook on Windows (#6379)
- Disable TestContainerHook on Windows
seutil: Fix setting the "container_kvm_t" label (#6372)
- seutil: Fix setting the "container_kvm_t" label
Remove Windows integration testing for 2004. (#6350)
- Remove Windows integration testing for 2004.
OCI: Mount (accessible) host devices in privileged rootless containers (#6308)
- OCI: Mount (accessible) host devices in privileged rootless containers
- oci.getDevices(): move "non-dir, non '/dev/console'" case into switch
cri: add support for configuring swap (#6320)
- fixup: check for swap accounting
- fixup: handle diff between cgroupsv1 and v2
- cri: add support for configuring swap
Integration: Enable TestVolumeOwnership on Windows (#6275)
- Replace find with native Go code
- Enable TestVolumeOwnership on Windows
Prepare release notes for v1.6.0-beta.4 (#6296)
- Prepare release notes for v1.6.0-beta.4
refactor: functions for error log and error return (#6358)
- feat: Errorf usage
Split apart runc shim into plugin components (#6021)
- Use task plugin for runc shim
- Seperate shim manager and task service
- Split runc shim into plugin components
- Add shutdown package
CRI update for sandbox sizing (#6155)
- cri, sandbox: pass sandbox resource details if available, applicable
medatada: make namespaces' deletion error less cryptic (#6354)
- medatada: make namespaces' deletion error less cryptic
ListContainerStats to return stats response if ContainerStatsFilter is nil (#6373)
- add-list-stat: return container list if filter is nil
integration: deflake TestContainerdRestart (#6369)
- integration: deflake TestContainerdRestart
feat: add timeout for bolt open (#6225)
- feat: support custom timeout for blot open
Update Go to 1.17.5 (#6333)
- Update Go to 1.17.5
cri/server: use consistent alias for pkg/ioutil (#6332)
- cri/server: use consistent alias for pkg/ioutil
Disable restart monitor test in Windows (#6364)
- Disable restart monitor test in Windows
Don't fail-fast on Windows integration tests (#6338)
- Don't fail-fast on Windows integration tests
Update restart monitor test to output daemon logs on failure (#6355)
- Run windows parallel integration test as short
- Update restart monitor test to output daemon logs on failure
go.mod: update image-spec to latest (v1.0.3-dev) (#6263)
- images/converter: remove deprecated types
- go.mod: update image-spec to latest (v1.0.3-dev)
Skip WithAdditionalGIDs on Darwin (#6353)
- Skip WithAdditionalGIDs on Darwin
Use RFC3339 format on Windows periodic resource group creation so cleanup works (#6303)
- Use RFC3339 format so rg cleanup works
update runc to v1.0.3 (#6330)
- go.mod: github.com/opencontainers/runc v1.0.3
- update runc binary to v1.0.3
Unblock native snapshotter on Darwin (#6329)
- Allow native snapshotter on Darwin
Do not use go get to install executables (#6328)
- Do not use go get to install executables
Include runtime v2 in default builtins (#6326)
- Include runtime v2 in default builtins
Add Windows Server 2022 CI runs (#6314)
- Add Windows Server 2022 CI runs
Set explicit ACL on test files (#6324)
- Use a single RUN command
- Set explicit ACL on test files
integration: align tags of test images (#6311)
- integration: align tags of test images
Set CONTAINERD_ROOT in Windows cri-integration (#6325)
- Set CONTAINERD_ROOT in Windows cri-integration
export oci.DeviceFromPath() (#6312)
- export oci.DeviceFromPath()
Update volume test images (#6321)
- Update continuity dependency
- Update volume test images
Update TestRestartMonitor expected time check (#6201)
- Add error logging on cleanup
- Update TestRestartMonitor expected time check
Move test volume images from gcr to ghcr (#6319)
- Move volume images from gcr to ghcr
Revert shim service plugin migration (#6301)
- Revert shim plugin migration
Authenticate against ghcr.io (#6317)
- Add permissions
- Authenticate against ghcr.io
oci/deviceFromPath(): correctly check device types (#6306)
- oci/deviceFromPath(): correctly check device types
Skip TestExportAndImportMultiLayer on Windows (#6315)
- Skip TestExportAndImportMultiLayer on Windows
Integration: Add image build workflow (#6290)
- Add image build workflow
Integration: Separate Windows Periodic Tests workflow trigger. (#6286)
- Integration: Separate Windows Periodic Tests workflow trigger.
Build volume test images on Windows (#6274)
- Build volume test images on Windows
Add VMware TKG & TCE to Containerd adopters (#6297)
- Add VMware TKG & TCE to Containerd adopters
Vagrantfile: update to Fedora 35 (#6293)
- Vagrantfile: update to Fedora 35
Update README.md repo->org (#6269)
- Update README.md repo->org
Fix executable file not found when restoring shims (#6278)
- Fix executable file not found when restoring shims
ctr/snapshots/diff: show media-type in stderr (#6271)
- ctr/snapshots/diff: don't show the media-type in output
ctr: Add Linux Capabilities control flags (#6289)
- ctr: Add Linux Capabilities control flags
integration: add stats result in error message (#6270)
- integration: add stats result in error message
releases: mark 1.4 as Extended (#6287)
- docs: mark 1.4 as Extended
- docs: fix RELEASES.md gRPC API anchor
feat: skip ci for fork (#6284)
- feat: skip ci for fork
content/local: Close the file if Seek fails (#6280)
- content/local: Close the file if Seek fails
Integration: Remove explicit version passing to azure/CLI. (#6268)
- Integration: Remove explicit version passing to azure/CLI.
Fix wrong make target on documentation (#6276)
- Fix wrong make target on documentation
fix: server error return (#6272)
- fix: server error return
Prepare release notes for v1.6.0-beta.3 (#6267)
- Prepare release notes for v1.6.0-beta.3
- Update API version in go.mod
- Update release name to use consistent format
feat:support custom callopts on client side (#6254)
- fix: make max recv/send msg size setting default
- feat:support custom callopts on client side
[CRI] Fix panic when registry.mirrors use localhost (#6258)
- [CRI] Fix panic when registry.mirrors use localhost
Add support for TMP override on toml (#6241)
- Add support for TMP override on toml
CRI: Support enable_unprivileged_icmp and enable_unprivileged_ports options (#6170)
- CRI: Support enable_unprivileged_icmp and enable_unprivileged_ports options
Github Security Advisory GHSA-5j5w-g665-5m35
- schema1: reject ambiguous documents
- images: validate document type before unmarshal
[cri] add sandbox and container latency metrics (#6111)
- [cri] add sandbox and container latency metrics
Integration: Generalize Windows CI setup scripts for any username. (#6255)
- Generalize Windows CI setup script for any user.
- Standardize cmdlet capitalization in Windows CI scripts.
feat: use rwmutex instead (#6253)
- feat: use rwmutex instead
Allow absolute path to shim binaries (#6206)
- Fix package alias
- Support custom runtime path when launching tasks
- Add runtime path in CreateTaskRequest
Close file if permission modification fails (#6246)
- Close file if permission modification fails
release: change tar name to match prior releases (#6250)
- release: change tar name to match prior releases
Fix wrong error returned for image index lookup (#6237)
- Fix wrong error returned for image index lookup
Fix containerd fails to pull OCI image with non-http(s):// urls (#6221)
- Fix containerd fails to pull OCI image with non-http(s):// urls
Prepare release notes for v1.6.0-beta.2 (#6223)
- Prepare release notes for v1.6.0-beta.2
Add arm64 to releases (#6196)
- Rename release dockerfile to omit distro name
- release: improve dockerfile
- Add arm64 to releases
use write lock when updating container stats (#6236)
- use write lock when updating container stats
go.mod: Bump hcsshim to v0.9.1 (#6230)
- go.mod: Bump hcsshim to v0.9.1
go.mod: Bump ttrpc to 1.1.0 (#6228)
- go.mod: Bump ttrpc to 1.1.0
go.mod: bump moby/sys/symlink v0.2.0, moby/sys/signal v0.6.0, moby/sys/mountinfo v0.5.0 (#6213)
- go.mod: github.com/moby/sys/mountinfo v0.5.0
- go.mod: github.com/moby/sys/signal v0.6.0
- go.mod: github.com/moby/sys/symlink v0.2.0
- go.mod: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
cleanup: add more description on comment (#6222)
- cleanup: add more description on comment
Update Go to 1.17.3 (#6211)
- Update Go to 1.17.3
CI: bump up crun: 1.0 -> 1.3 (#6214)
- CI: bump up crun: 1.0 -> 1.3
Pin az CLI version in windows-periodic workflow (#6205)
- Pin az CLI version
Decouple task manager (#5918)
- Address PR comments
- Fix build after rebase
- Migrate task directory
- Expose shim process interface
- Fix after rebase
- Cleanup shim loading
- Move shim restore to a separate file
- Fix backward compatibility with old task shims
- Add plugin dependency between shim and shim services
- Rework task create and cleanup flow
- Add task manager
- Rename task manager to shim manager
[cri] Implement k8s 1.23 CRI Pod Sandbox and Container Stats (#6113)
- Implement CRI container and pods stats
- Vendor latest k8s.io/cri-api and netlink
test: Add grace period for restart monitor test (#6200)
- test: Add grace period for restart monitor test
integration: Enables TestRuntimeHandler for Windows (#6179)
- integration: Enables TestRuntimeHandler for Windows
Add mkdir on Dockerfile (#6171)
- Add mkdir on Dockerfile
sys/reaper: avoid leaky goroutine when exec timeout (#6189)
- sys/reaper: avoid leaky goroutine when exec timeout
adds additional debug out to timebox cni setup (#6184)
- adds additional debug out to timebox cni setup
converter: Allow hooks during image conversion (#6176)
- converter: Allow hooks during image conversion
compression: support zstd with skippable frame (#6177)
- compression: support zstd with skippable frame
integration: Enables TestVolumeCopyUp for Windows (#6182)
- integration: Enables TestVolumeCopyUp for Windows
integration: Enable some tests for Windows (part 2) (#6121)
integration: Enable some tests for Windows (part 2)
integration: Enable some tests for Windows (#6085)
- integration: Enable some tests for Windows
Update doc to version 2 syntax (#6125)
- feat(doc): update to version 2 syntax
fix shim reaper wait command execute blocked (#6166)
- fix shim reaper wait command execute blocked
content: close stream after commit request (#6145)
- content: close stream after commit request
Generating token options with each scope as a separate string. (#6165)
- Adding scope tests for ParseAuthHeader
- Adding tests for GenerateTokenOptions
- Generate token options with each scope as a separate string.
vendor: Updates go-cni (#6167)
- vendor: Updates go-cni
commands: Enables task metrics for Windows (#6159)
- commands: Enables task metrics for Windows
vendor: update moby/sys for darwin support (#6149)
- vendor: update moby/sys for darwin support
Prepare v1.6.0-beta.1 (#6144)
- Prepare release notes for v1.6.0-beta.1
- Update mailmap
- Update api vendor
bump cni to spec v1.0.0 (#6136)
- bump CNI to spec v1.0.0
Inject otel traces to grpc client. (#5992)
- Inject otel traces to grpc client.
client: expose (*image).platform (#6142)
- client: expose (*image).platform
Adding documentation for Core Scheduling (#6128)
- feat(doc): add Core Scheduling documentation
Ensure namespace is proxied to grpc/ttrpc plugins (#6130)
- Ensure namespace is proxied to grpc/ttrpc plugins
fix #6054 MaxConcurrentDownloads is not effect when Unpack is true (#6109)
- fix #6054 MaxConcurrentDownloads is not effect when Unpack is true
Output a warning for label image labels instead of erroring (#6124)
- Output a warning for label image labels instead of erroring
Fix spelling mistake in Windows snapshotter (#6132)
- Fix spelling mistake in Windows snapshotter
Windows: Cleanup rm- prefixed layers (#6126)
- Windows: Cleanup rm- prefixed layers
cleanup deprecated package io/ioutil (#6118)
- io/ioutil package has been deprecated in Go 1.16 that replaces io/ioutil functions
close Writer after use which may memory leak (#6115)
- close Writer after use which may leak mem
Adds Windows resource limits support (#5778)
- Adds Windows resource limits support
Prepare release notes for v1.6.0-beta.0 (#6098)
- Prepare release notes for v1.6.0-beta.0
Add error message to in TestContainerdRestart integration test (#6105)
- Add error message to in TestContainerdRestart integration test
Fix typo in the NewContainer function documentation (#6110)
- Fix typo in the NewContainer function documentation
Update cgroups to v1.0.2 (#6104)
- Update cgroups to v1.0.2
btrfs: verify file content after mount (#6100)
- test: check file content after mount
Update test timeout based on recent cancellations (#6107)
- Update test timeout based on recent cancellations
Check the pid in cri test teardown (#6106)
- Remove extra test_teardown
- Check the pid in cri test teardown
add runc shim support for sched core (#6011)
- fix integration client vendor
- add runc shim support for sched core
integration: Enables Windows containerd restart test (#5579)
- integration: Enables Windows containerd restart test
vendor: Bump hcsshim to 0.9.0 (#6099)
- vendor: Bump hcsshim to 0.9.0
[cri] Add CNI conf based on runtime class (#4695)
- Add CNI conf based on runtime class
Update Go to 1.17.2 (#6102)
- Update Go to 1.17.2
integration: Adds test for multilayer image import (#5933)
- integration: Adds test for multilayer image import
runtime: should fail fast if dial error on shim (#6031)
- runtime: should fail fast if dial error on shim
Fixes Windows containers with image volumes (#6034)
- Windows: Fixes Windows containers with image volumes
run gofmt with GO 1.17 (#6094)
- run gofmt with Go 1.17
pkg/cap: remove an outdated comment (#6088)
- pkg/cap: remove an outdated comment
Update go otel 1.0.1 (#6066)
- Update go otel 1.0.1
Update ADOPTERS.md with additional uses (#6086)
- Update ADOPTERS.md with additional uses
modify the way for checking cos (#6082)
- modify the way for checking cos
Fuzzing: Add fuzzers + small modifications (#5915)
- Fuzzing: Add 4 fuzzers + small modifications
Fixes for Windows CI (#6081)
- Pin mingw to version 10.2.0
- Update to golang 1.17.1
- Install nssm
Github Security Advisory GHSA-c2h3-6mxw-7mvq
- btrfs: reduce permissions on plugin directories
- v1 runtime: reduce permissions for bundle dir
- v2 runtime: reduce permissions for bundle dir
task service: return known error type (#6079)
- task service: return known error type
refactor: move from io/ioutil to io and os package (#5973)
- refactor: move from io/ioutil to io and os package
fix: import from k8s.io/utils/clock instead (#6076)
- fix: update vendor
- cleanup: import from k8s.io/utils/clock/testing instead
- cleanup: import from k8s.io/utils/clock instead
feat: enable integration cri remote client to call with grpc calloptions (#6069)
- feat: enable cri remote client to call with grpc calloptions
cleanup k8s ansible yaml (carry for #5713) (#6074)
- cleanup k8s ansible yaml (carry for https://github.com/jayonlau jayonlau@gmail.com)
feat: support import image for specific platform (#6070)
- fix: wrong flag type
- feat: support import image for specific platform
Update mirror images to take target image name (#6065)
- Update mirror images to take target image name
fix: make exec-id flag required in exec command (#6059)
- fix: make exec-id flag required in exec command
images: enable converter to uncompress zstd (#6052)
- images: enable converter to uncompress zstd
replace deprecated function with Domain and Path (#5922)
- replace deprecated function
integration: Adds Windows HostProcess tests (#5853)
- integration: Adds Windows HostProcess tests
Fix main branch build is broken (#6047)
- Fix main branch build is broken
Add open telemetry logging hook for logrus (#6003)
- Add open telemetry logging hook for logrus
Change oci.WithUser behavior for LCOW (#6023)
- Change oci.WithUser behavior for LCOW
switch usage directly to errdefs.(ErrAlreadyExists and ErrNotFound) (#5946)
- switch usage directly to errdefs.(ErrAlreadyExists and ErrNotFound)
import: Raise error if the imported image is filtered out (#5926)
- import: Raise error if the imported image is filtered out
Fix panic in metadata content writer on copy error (#6043)
- Fix panic in metadata content writer on copy error
Move tracing to plugin (#6001)
- Move tracing to plugin
ctr: Fixes Windows image import (#5916)
- ctr: Fixes Windows image import
update open go.opentelemetry.io v1.0.0 to fix import path (#6017)
- go.mod: update opentelemetry modules to v1.0.0
fix error string format (#5979)
- fix error string format
Add github action to mirror image (#6036)
- Add github action to mirror image
add current process state to the error message (#6027)
- add current process state to the error message
FreeBSD: fix tar headers & the nil check on getxattr (#5991)
FreeBSD: fix tar headers & the nil check on getxattr
gha: collect VMs' IP addresses (#6035)
- gha: collect Vagrant VMs' IP addresses
bump continuity and console version that remove pkg/errors (#6033)
- bump continuity and console version that remove pkg/errors
import: Add option to prevent duplicated digest image (#5997)
- import: Add option to skip creating digest image
ctr namespaces: improve usage string (#5998)
- ctr namespaces: improve usage string
bump console version to v1.0.3 that remove pkg/errors (#6028)
- bump console version to v1.0.3 that remove pkg/errors
Use github images for integration tests (#6032)
- Use github images for integration tests
Fix typo (#5995)
- Fix typo
Enable image config labels in ctr and CRI container creation (#6012)
- Enable image config labels in ctr and CRI container creation
Make sure exit signals trigger an exit during init (#5970)
- Make sure exit signals trigger an exit during init
task delete: Closes task IO before waiting (#5974)
- task delete: Closes task IO before waiting
CI: bump up crun to 1.0 (#5985)
- CI: bump up crun to 1.0
seccomp: support "clone3" (return ENOSYS unless SYS_ADMIN is granted) (#5982)
- seccomp: support "clone3" (return ENOSYS unless SYS_ADMIN is granted)
Update to Go 1.17.1 (#5990)
- Update to Go 1.17.1
CI: Switch to available latest images (#5987)
- CI: Switch to available latest images
add xfs support to devicemapper snapshotter (#5610)
- add xfs support to devicemapper snapshotter
Fixes task kill --force on Windows (#5956)
- Fixes task kill --force on Windows
Add support for shim plugins (#5817)
- Add support for shim plugins
vendor: update continuity for darwin support (#5976)
- vendor: update continuity for darwin support
replace uses of os/exec with golang.org/x/sys/execabs (#5906)
- replace uses of os/exec with golang.org/x/sys/execabs
complete integration test for pulling image with labels (#5972)
- Additional integration tests for pulling image with labels
Fix content copy to not ignore unexpected EOF (#5966)
- Fix content copy to not ignore unexpected EOF
add ip_pref CNI options for primary pod ip (#5964)
- add ip_pref CNI options for primary pod ip
cri: add devices for privileged container (#5939)
- cri: add devices for privileged container
sandbox: Allows the sandbox to be deleted in NotReady state (#5954)
- sandbox: Allows the sandbox to be deleted in NotReady state
pin protobuild version to tag (#5969)
- pin protobuild version to tag
Add metric exposing build version&revision (#5965)
- use a const metric for build_info
- Add metric exposing build version&revision
Feature: containerd-cri support LinuxContainerResources.Unified (#5627)
- add cri test case
- feature: add field LinuxContainerResources.Unified on cri
integration: investigate TestRestartMonitor's failure (#5861)
- integration: investigate TestRestartMonitor's failure
Use issue forms for bug reporting (#5917)
- Address issue forms feedback
- Use issue forms for bug reporting
cri: patch update image labels (#5945)
- cri: patch update image labels
darwin: runtime support (#5936)
- darwin: runtime support
- darwin: use the default values for socketRoot variable
Update RELEASES.md (#5858)
- Update RELEASES.md
archive: Add WriteDiff error logs (#5949)
- archive: Add WriteDiff error logs
replace deprecated Dialer with ContextDialer (#5958)
- replace deprecated Dail with DailContext
Add WS2022 support in Windows Periodic tests (#5951)
- Add WS2022 support in Windows Periodic tests
Content fuzzer: Clean up temp store dir (#5943)
- content fuzzer: Clean up tempdir
using Hosts replace deprecated field (#5944)
- using Hosts replace deprecated field
fix document non-synchronous (#5947)
- fix document non-synchronous in crictl.md
go.mod: Update hcsshim to v0.8.21 (#5929)
- go.mod: Update hcsshim to v0.8.21
Makefile.linux: build on RISC-V with PIE (#5937)
- Makefile.linux: build on riscv with PIE
Fix cwd flag for ctr tasks exec (#5932)
- Fix cwd flag for ctr tasks exec
Update Pause image in tests & config (#5927)
- Update Pause image in tests & config
cri: Devices ownership from SecurityContext (#5122)
- cri: Devices ownership from SecurityContext
Fix pull fails on unexpected EOF (#5921)
- Fix pull fails on unexpected EOF
Fix dir support for devices (#5845)
- Adding testing of two devices
- Fix dir support for devices V3 (#4847)
windows: The DefaultSpec platform should match the Default matcher (#5914)
- windows: The DefaultSpec platform should match the Default matcher
Add RunAsUserName functionality for the Windows pod sandbox container (#5865)
- Add RunAsUserName functionality for the Windows Pod Sandbox Container
bump up runc v1.0.2 (#5899)
- go.mod: update runc to v1.0.2
- update runc binary to v1.0.2
Run go fmt with Go 1.17 (#5903)
- Run go fmt with Go 1.17
go.mod: github.com/pelletier/go-toml v1.9.3 (#5905)
- go.mod: github.com/pelletier/go-toml v1.9.3
cri: filter selinux xattr for image volumes (#5902)
- cri: filter selinux xattr for image volumes
Add Windows HostProcess Support (#5131)
- Added windows hostProcess cni skip
script: update golangci-lint from v1.38.0 and v1.36.0 to v1.42.0 (#5897)
- script: update golangci-lint from v1.38.0 and v1.36.0 to v1.42.0
Update to Go 1.17 (#5889)
- Bump integration timeout to 35 min
- Update to Go 1.17
integration: fix TestContainerPids (#5896)
- integration: fix TestContainerPids
[ctr] add HOSTNAME env for host network (#5891)
- [ctr] add HOSTNAME env for host network
Fuzzing: Add fuzzer (#5886)
- Fuzzing: Add fuzzer
Make Cgroup driver configurable in gce configure script (#5884)
- Add env for SystemdCgroup driver
Allow expanded DNS configuration (#5878)
- Allow expanded DNS configuration
Fuzzing: Add 4 fuzzers (#5863)
- Fuzzing: Add 4 fuzzers
Cleanup v2 shim (#5813)
- Cleanup v2 shim
Fuzzing: Add experimental version of container fuzzer (#5840)
- Use http.Get to download binaries instead of exec.Command
- Fuzzing: Add experimental version of container fuzzer
add cpu-shares to ctr (#5846)
- add cpu-shares to ctr
docs: rename master to main (it was opposite on the actual commit) (#5847)
- docs: rename main to master
content: return the error with its timestamp (#5849)
- content: return the error with its timestamp
Fix bad make protos failure (#5857)
- Fix bad make protos failure
replace cri and point to new location (#5851)
- archive docs and point to new location fix #containerd/cri#1624
docs: remove FOSSA's badge (#5856)
- docs: remove FOSSA's badge
BUILDING.md: remove some bits about building runc (#5850)
- BUILDING.md: remove some bits about building runc
- BUILDING.md: markdown fixes
go.mod: update k8s deps to v1.22.0 (#5836)
- go.mod: update kubernetes to v1.22.0
[Scripts] Add trap to cri-integration test script (#5852)
- Add trap to cri-integration test script
docs: list all snapshotter-related build flags (#5848)
- docs: list all snapshotter-related build flags
Move plugin context events into separate plugin (#5835)
- Move plugin context events into separate plugin
Fix Linux CI Linter using Go 1.15.14 (#5839)
- Fix Linux CI Linter using go 1.15.14
Update Go to 1.16.7 (#5842)
- Update Go to 1.16.7
Cleanup CI (#5838)
- Cleanup CI
Remove redundant build tags (#5834)
- Remove redundant build tags
Change default directories on Darwin (#5830)
- Change default directories on Darwin
[otel-tracing] Initial opentelemetry support (#5731)
- [otel-tracing] vendor and go modules changes
- [otel-tracing] Initial opentelemetry support
- remove go 1.13 from containerd
Fuzzing: Fix for OSS-fuzz issue 36825 (#5829)
- Fuzzing: Fix for OSS-fuzz issue 36825
Fuzzing: Add two fuzzers (#5825)
- Fuzzing: Add two more fuzzers
scripts: linting fixes, and remove support for Debian Jessie (as it's EOL) (#5760)
- scripts: declare ROOT closer to where it's used, and some DRY changes
- scripts: add missing quotes, and minor linting issues
- test/build-utils.sh: remove support for Debian Jessie
platforms: Format(): use path.Join() instead of joinNotEmpty() (#5821)
- platforms: Format(): use path.Join() instead of joinNotEmpty()
Fuzzing: Remove panics of container_fuzzer (#5823)
- Fuzzing: Remove panics of container_fuzzer
Fuzzing: Add container fuzzer (#5785)
- Change protoc link
- Split fuzzer to two fuzzers
- Fuzzing: Add container fuzzer
runtime: fix the issue of create new socket with abstract address (#5746)
- runtime: fix the issue of create new socket with abstract address
mergo: Upgrade to 0.3.12 to fix panic (#5809)
- mergo: Upgrade to 0.3.12 to fix panic
ci: install criu from PPA (#5802)
- ci: install criu from PPA
Update release workflow to upload binary without CNI (#5144)
- Split release steps into multiple tasks
- Update release workflow to upload binary without CNI
Enable critest on Windows Periodic Jobs (#5725)
- Enable critest on Windows
Script to check if entries in go.mod files are in sync (#5792)
- Script to check if entries in go.mod files are in sync
Add a sharedNamespace label (#5043)
- Add shared content label to namespaces
platforms: add "ios" as known OS, "loong64" as known ARCH (#5784)
- platforms: add "ios" as known OS, "loong64" as known ARCH
Updates the location of protobuf downloads (#5804)
- Updates the location of protobuf downloads in docs
Update protobuf install to use correct repository (#5803)
- Update protobuf install to use correct repository
overlay: expose upperdir location of each snapshot via an optional label (#5624)
- overlay: add an optional label of upperdir location of each snapshot
Support SIGRTMIN+n signals (#5693)
- Support SIGRTMIN+n signals
respect context timeout in shim binary call (#5800)
- respect context timeout in shim binary call
Introduce a new go module - containerd/api for use in standalone clients (#5716)
- Introduce a new go module - containerd/api for use in standalone clients
grpc config add options tcp_client_ca_cert (#5606)
- grpc config add options tcp_tls_ca
integration: Windows volume-copy-up images (#5162)
- integration: Windows volume-copy-up images
add CRI support matrix to RELEASES.md (#5795)
- add CRI support matrix to RELEASES.md
adding a little more clarity (#5794)
- adding a little more clarity
update gotestsum to v1.7.0 (#5793)
- update gotestsum to v1.7.0
Discard blocks when removing a thin device (#5756)
- Discard blocks when removing a thin device
Makefile: fix passing build tags (#5590)
- Makefile: pass build tags to manpage build process
- Makefile: fix tags parameter computation
Add runtime label to metrics (#5744)
- Add runtime label to metrics
interface about shim build check (#5745)
- interface about shim build check
integration: log all processes to investigate the test failure (#5775)
- integration: log all processes to investigate the test failure
Fuzzing: Add archive fuzzer (#5779)
- Fuzzing: Add archive fuzzer
Add docker.Fetch fuzzer (#5687)
- Add docker fetch fuzzer
Support custom compressor for walking differ (#5735)
- Support custom compressor for walking differ
remotes/docker/pusher.go: Fix missing Close() on push to docker remote (#5770)
- remotes/docker/pusher.go: Fix missing Close()
remotes/docker/fetcher.go: Fix missing Close() on fetch from docker remote (#5769)
- remotes/docker/fetcher.go: Fix missing Close()
Update cpuguy83/go-md2man binary to v2.0.1 (#5771)
- Update cpuguy83/go-md2man binary to v2.0.1
Refactor / optimize contrib/Dockerfile.test (#5750)
- Dockerfile.test: build containerd in separate stage
- Dockerfile.test: add GOLANG_IMAGE build arg to allow overriding
- Dockerfile.test: clean up apt indexes after installing
- Dockerfile.test: build critools in a separate stage
- Dockerfile.test: build cni in a separate stage
- Dockerfile.test: standard directory to collect build aftifacts
- Dockerfile.test: split dev stage, and optimize order
- Dockerfile.test: skip curl, gcc, git and make install
- install-critools: make sure DESTDIR exists
update gotestsum to current master (#5754)
- update gotestsum to current master
Github Security Advisory GHSA-c72p-9xmj-rx3w
- Add test for archive breakout test for lchmod
Use systemd cgroup driver for Kubernetes e2e tests with cgroupsv2 (#5755)
- Use systemd cgroup driver for cgroupv2 tests
update runc to v1.0.1 (#5751)
- go.mod: runc v1.0.1
- update runc binary to v1.0.1
runtime: runc v2: remove redundant validation (#5737)
- runtime: runc v2: remove redundant validation
Add timestamp to flaky restart monitor test (#5727)
- Move loop check to before sleep
- Add timestamp to flaky restart monitor test
Update Go to 1.16.6 (#5722)
- integration/client: go mod tidy
- Update Go to 1.16.6
client: surface a connection error more clearly (#4447)
- client: surface a connection error more clearly
Fix missing Body.Close() calls on push to docker remote (#5712)
- Fix missing Body.Close() calls on push to docker remote
remove pkg/cri/platforms package (#5710)
- remove pkg/cri/platforms package
Allow WithServices to use custom implementations (#5709)
- Allow WithServices to use custom implementations
[Vendor] Update hcsshim to 0.8.18 (#5673)
- [Vendor] Update hcsshim to 0.8.18
test integration: Adds a test that restarts a failed container (#5578)
- test integration: Adds a test that restarts a failed container
[CRI] move up to CRI v1 and support v1alpha in parallel (#5619)
- use fu wei's suggeted interface pick for marshaling
- add alpha version
- move up to CRI v1 and support v1alpha in parallel
gha: make release workflow work in forks (#5682)
- gha: make release workflow work in forks
Add unit test for plugin (#5666)
- Add unit test for plugin
Dockerfile.test: add "cri-in-userns" (aka rootless) test stage (#5700)
- Dockerfile.test: add "cri-in-userns" (aka rootless) test stage
Update for distribution spec 1.0 (#5676)
- Add support for registry host path override
- Update documenation for OCI distribution 1.0
archive: cleanup lchmod logic (#5702)
- Cleanup lchmod logic in archive
Install specific golang version in Windows CI. (#5571)
- Install specific golang version in Windows CI.
Add ctr command label in NewContainerOpts (#5660)
- feat: Add snapshotter label to the new snapshot for container.
snapshot/devmapper: log exported methods correctly (#5655)
- snapshot/devmapper: log exported methods correctly
Makefile: fix DESTDIR and PREFIX concatenation (#5662)
- Makefile: fix DESTDIR and PREFIX concatenation
Cri integration cleanup (#5287)
- tests: Use EnsureImageExists for image pulling
- tests: Refactors PodSandbox creation
move sys.FMountat() into mount package and un-export (#5641)
- un-export mount.FMountat
- move sys.FMountat() into mount package
sandbox: send pod UID to CNI plugins as K8S_POD_UID (#5640)
- sandbox: send pod UID to CNI plugins as K8S_POD_UID
sys: remove StatAtime(), StatCtime(), StatMtime() and StatATimeAsTime() utils (#5639)
- sys: remove StatAtime(), StatCtime(), StatMtime() and StatATimeAsTime() utils
content/local: inline sys.StatATimeAsTime() (#5633)
- content/local: inline sys.StatATimeAsTime()
allow multi gpu to be specified via ctr (#5636)
- allow multi gpu to be specified via ctr
- go.mod: runc v1.0.0
- update runc binary to v1.0.0 GA
fixing some doc links (#5629)
- fixing some doc links
Sync integration/go.mod with root go.mod (#5623)
- Sync integration/go.mod with root go.mod
archive: Expose ChangeWriter to allow customized diff computing (#5615)
- archive: Expose ChangeWriter to allow customized diff computing
CI: Switch to the available latest images (#5625)
- CI: Switch to available latest images
- fix deprecation config for default runtime
Re-enable criu in main integration runs (#5614)
- Re-enable criu in main integration runs
runtime,v2: Enable debug when containerd is on debug+ log level (#5617)
- runtime,v2: Enable debug when containerd is on debug+ log level
- github.com/golang/protobuf/proto is deprecated
- Update github.com/golang/protobuf from v1.3.5 to v1.4.3
- Update google.golang.org/grpc from v1.27.1 to v1.38.0
- Increase golangci-lint timeout
ctr flags of container rootfs propagation (#5611)
- command line flags of setting container rootfs propagation
- add cgroupv2 setup for cos with a flag
Update gotestsum to add timestamps to junit output (#5612)
- Update gotestsum to add timestamps to junit output
Allow to pass --no-cgroups option to nvidia-container-cli (#5604)
- Allow to pass --no-cgroup option to nvidia-container-cli
Makefile: FHS conformant manpage installation pathes (#5577)
- Makefile: FHS conformant manpage installation pathes
Add proper Go version before project checks (#5594)
- Add proper Go version before project checks
Enable cri-integration in Windows Periodic Tests (#5580)
- Enable cri-integration in Windows Periodic Tests
adds explanation for seccomp unset/unconfined default vs runtime default (#5573)
- adds explanation for seccomp unset/unconfined default vs runtime default
Fix cleanup context of teardownPodNetwork (#5569)
- Fix cleanup context of teardownPodNetwork
update integration/client go.sum (#5572)
- update integration/client go.sum
Revert diff/walking error change (#5566)
- Revert diff/walking error change
Update opencontainers/selinux to v1.8.2 (#5562)
- Update opencontainers/selinux to v1.8.2
fix invalid validation error checking (#5565)
- fix invalid validation error checking
diff/walking: fix defer cleanup (#5551)
- diff/walking: fix defer cleanup
Windows periodic job: Add creation timestamp to RG (#5559)
- Add creation timestamp to RG
Fix error case in Windows layer cleanup (#5328)
- Fix error case in Windows layer cleanup
Use DeactivateLayer to unlock layers that we cannot rename (#5422)
- Small typo fix "reimporst"
- Use DeactivateLayer to recover layers that we cannot rename
tests: Symlink volume tests (#5284)
- tests: Symlink volume tests
Makefile: fix DESTDIR environment variable behaviour (#5535)
- Makefile: fix DESTDIR environment variable behaviour
Change Wrapf of non-error to an actual error (#5560)
- Change Wrapf of non-error to an actual error
- Install apparmor parser for arm64 environment
scrub the stale TODO (#5536)
- scrub the stale TODO
docs: explicitly mention containerd's Prometheus path (#5554)
- docs: explicitly mention containerd's Prometheus path
integration: Cleanup containerd on test teardown (#5553)
- integration: Cleanup containerd on test teardown
docs/cri: update links (#5548)
- docs/cri: update ocicrypt link
- docs/cri: fix broken links
Update Windows periodic tests (#5544)
- Update Windows periodic tests
Add CI periodic Windows Jobs. (#5165)
- Schedule Windows job daily after midnight.
- Update windows-periodic.yml
- Add CI periodic Windows Jobs.
Rename atomicWrite to writeToCompletion (#5273)
- Rename atomicWrite to writeToCompletion
Do not run btrfs tests if btrfs kernel module is not loaded (#5539)
- Do not run btrfs tests if btrfs kernel module is not loaded
Fix incorrect UA used for registry authentication (#5533)
- Fix incorrect UA used for registry authentication
ctr: parse mount options with embedded = character (#5531)
- ctr: parse mount options with embedded = character
Fix mounts for FreeBSD (#5472)
- Add ruleset=4 option
- Remove mountpoints not commonly mounted on FreeBSD
- Add copyright header & make sure compilation succeeds on all platforms
- Fix mounts for FreeBSD
ctr: make exec pty behavior consistent with run (#5527)
- ctr: exec handle pty resize after Start
- ctr: exec setup IO with console
Makefile: use $@ for target file names (#5534)
- Makefile: use $@ for target file names
Fix small typo (#5528)
- Fix small typo
Don't check for apparmor_parser to be present (#5519)
- update the link
- Don't check for apparmor_parser to be present
Remove useless lines (#5520)
- Remove useless lines
Fixed typos in docs (#5509)
- fixed typos
Try next mirror in case of non-404 errors, too (#5275)
- Try next mirror in case of non-404 errors, too
bump runc version to v1.0.0-rc95 (#5514)
- bump runc version to v1.0.0-rc95
update runc binary to v1.0.0-rc95 (#5511)
- update runc binary to v1.0.0-rc95
Bump github.com/Microsoft/go-winio from 0.4.15 to 0.5.0 (#5508)
- Bump github.com/Microsoft/go-winio from 0.4.15 to 0.5.0
Bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1 (#5507)
- Bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1
Makefile: allow overriding install command via environment (#5493)
- Makefile: allow overriding install command via environment
tests: Adds support for Windows cri-integration tests (#5163)
- tests: Adds support for Windows cri-integration tests
Update docker resolver to authorize redirects (#5504)
- Update docker resolver to authorize redirects
bump hcsshim version to v0.8.17 (#5505)
- bump hcsshim version to v0.8.17
Release binary update for imgcrypt (#5498)
- just release ctd-decoder not ctr-enc
- Merge remote-tracking branch 'upstream/master'
- Pin integration test image for alpine
cri-integration tests: Pull images once (#5313)
- tests: Prepull images used in tests
plugin: optimize the check for the last registration (#5440)
- plugin: optimize the check for the last registration
metadata: modify NewLeaseManager to return leases.Manager (#5465)
- metadata: modify NewLeaseManager to return leases.Manager
Skip TLS verification for localhost (#5100)
- Skip TLS verification for localhost
- Merge remote-tracking branch 'upstream/master'
Makefile: make sure manpages are built before install-man (#5492)
- Makefile: make sure manpages are built before install-man
adds description for hosts.toml (#5309)
- adds credentials description
- adds description for hosts.toml
Prepare default branch rename (#5459)
- Prepare default branch rename
- Merge remote-tracking branch 'upstream/master'
Update runc to rc94 (#5473)
- Update vendored runc to v1.0.0.0-rc94
- Update the runc binary used with containerd to runc v1.0.0-rc94
Fix content.ReaderAt close (#5468)
- Fix content.ReaderAt close
Update releases doc with updated support timeline (#5466)
- Update releases doc with updated support timeline
tests: add test for adaptor (#5452)
- tests: add test for adaptor
Makefile: allow overriding go command by environment (#5450)
- Makefile: allow overriding go command by environment
update to new cri-tools make install (#5462)
- update to new cri-tools make install
Update Go to 1.16.4 (#5461)
- Update Go to 1.16.4
- Merge remote-tracking branch 'upstream/release/1.5'
[release/1.5] go.mod: cut circular dependency on github.com/containerd/containerd (#5457)
- go.mod: cut circular dependency on github.com/containerd/containerd
- integration/client: go mod tidy
oci: fix WithDevShmSize (#5063)
- oci: fix WithDevShmSize
[release/1.5] cherry-pick: windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink (#5454)
- windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink
windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink (#5411)
- windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink
doc: add missing namespaces package (#5448)
- doc: add missing namespaces package
update seccomp version (#5445)
- update seccomp version
Update golang.org/x/sys to add linux/ppc support (#5436)
- Update golang.org/x/sys to add linux/ppc support
go.mod: cut circular dependency on github.com/containerd/containerd (#5441)
- go.mod: cut circular dependency on github.com/containerd/containerd
- integration/client: go mod tidy
Fix different registry hosts referencing the same auth config. (#5446)
- Fix different registry hosts referencing the same auth config.

Changes from containerd/cgroups

33 commits

v2: Fix inotify fd leak when cgroup is deleted (#212)
- v2: add test case for Manager.EventChan() behavior
- v2: flip error handling for readKVStat("memory.events") to reduce indentation
- v2: manager: factor out memory.events parsing
- v2: Fix inotify leak when cgroup is deleted
fix Implicit memory aliasing in for loop (#214)
- fix Implicit memory aliasing in for loop
Fix potential dirfd leak. (#210)
- Fix potential dirfd leak.
cgroup: Optionally add process and task to a subsystems subset (#203)
- cgroup: Optionally add process and task to a subsystems subset
replace pkg/errors from vendor (#208)
- replace pkg/errors from vendor
cgroup.go: avoid panic on nil interface (#207)
- cgroup.go: avoid panic on nil interface
Improvements on cgroup v2 support (#204)
- cgroupv2: reset lastErr to nil when subtree control is successfully written
- cgroupv2: enable controllers before setting resources in NewChild()
v2: remove unimplemented errors and ErrorHandler, IgnoreNotExist (#201)
- v2: remove ErrorHandler and IgnoreNotExist as they are not implemented
- v2: remove errors that are never returned
v1: reduce duplicated code (#202)
- v1: reduce duplicated code
cgroup v1: implement AddProc() (#200)
- cgroup v1: implement AddProc()
Rename branch from master to main (#199)
- Rename branch from master to main
utils: export ParseCgroupFile() (#197)
- utils: export ParseCgroupFile()
go.mod: coreos/go-systemd/v22 v22.3.2 to prepare for deprecations (#194)
- go.mod: coreos/go-systemd/v22 v22.3.2 to prepare for deprecations
Use /proc/partitions to get device names (#195)
- Use /proc/partitions to get device names

Changes from containerd/console

6 commits

Fix CI (#55)
- Fix CI
- Stop using pkg/errors
Add support for z/OS (#46)
- Console test on z/OS
- Add support for z/OS

Changes from containerd/continuity

28 commits

fs: use syscall.Timespec.Unix (#193)
- fs: use syscall.Timespec.Unix
Update CI Go version to 1.17 (#192)
- Update CI Go version to 1.17
Build containerd/continuity on multiple Unix OSes (#190)
- Build containerd/continuity on multiple Unix OSes
Do not log errors before returning them (#191)
- Do not log errors before returning them
Copy Windows file metadata (#188)
- Copy Windows file metadata
fix fmt.Errorf("%w", err) on err == nil (#187)
- fix fmt.Errorf("%w", err) on err == nil
Remove direct dependency on github.com/pkg/errors (#185)
- run gofmt with Go 1.17
- remove direct dependency on github.com/pkg/errors
Fix darwin issues (#186)
- update AUTHORS
- darwin: use utimensat syscall instead of utimes
- fix darwin usage of du command
go.mod: bazil.org/fuse v0.0.0-20200407214033-5883e5a4b5125 (#161)
- go.mod: bazil.org/fuse v0.0.0-20200407214033-5883e5a4b5125
fs/stat: add FreeBSD, and cleanup some nolint-comments (#184)
- reformat nolint comments
- fs/stat: add FreeBSD
Rename branch from master to main (#182)
- Rename branch from master to main
testutil/loopback: print more debug info (#180)
- testutil/loopback: print more debug info

Changes from containerd/go-cni

18 commits

run setup on networks in parallel (#76)
- switch to direct index
- run setup on networks in parallel
remove: Continue on "not found" errors (#74)
- remove: Continue on "not found" errors
go.mod: github.com/containernetworking/cni v1.0.1 (#72)
- go.mod: github.com/containernetworking/cni v1.0.1
remove direct dependency on github.com/pkg/errors (#71)
- remove direct dependency on github.com/pkg/errors
update CNI to v1.0.0 (#70)
- test: add TestLibCNIType100
- update CNI to v1.0.0
Rename branch from master to main (#69)
- Rename branch from master to main
result: change Raw from a struct field to a method (#68)
- result: change Raw from a struct field to a method
result: expose raw result (#67)
- result: expose raw result

Changes from containerd/imgcrypt

32 commits

CHANGES: Updated CHANGES document for 1.1.3 release (#64)
- CHANGES: Updated CHANGES document for 1.1.3 release
docs: update project branch to main (#63)
- docs: update project branch to main
Update linter to match containerd repo (#61)
- Update linter to match containerd repo
- update CI golang version
Bump github.com/containerd/containerd from 1.5.7 to 1.5.8 (#59)
- Bump github.com/containerd/containerd from 1.5.7 to 1.5.8
maint: Update to ocicrypt v1.1.2 (#57)
- maint: Update to ocicrypt v1.1.2
Decouple CreateCryptoConfig() from github.com/urfave/cli (#56)
- Decouple CreateCryptoConfig() from github.com/urfave/cli
Bump github.com/containerd/containerd from 1.5.5 to 1.5.7 (#55)
- Bump github.com/containerd/containerd from 1.5.5 to 1.5.7
- replace pkg/errors and bump related library
README: Fix CRI decryption document URL (#53)
- README: Fix CRI decryption document URL
Bump github.com/containerd/containerd from 1.5.2 to 1.5.4 (#52)
- Bump github.com/containerd/containerd from 1.5.2 to 1.5.4
Bump containerd to 1.5.2 (#51)
- Bump containerd to 1.5.2
images: Implement ConvertFunc for image en- and decryption (#49)
- images: Implement ConvertFunc for image en- and decryption
Add containerd-release to makefile (#48)
- Remove ctr-enc from installation
vendor sync up with containerd 1.5 ga, and runc94 (#47)
- sync up with containerd 1.5 ga, and runc94
Sync ctr-enc with containerd's ctr v1.5.0-rc.3 (#46)
- CICD: Run 'apt update' before pulling packages
- ctr-enc: Set the version for ctr-enc when linking
- Sync ctr-enc with containerd's ctr v1.5.0-rc.3

Changes from containerd/ttrpc

34 commits

Add protoc-gen-go-ttrpc (#96)
- Add protoc-gen-go-ttrpc
client: Handle sending/receiving in separate goroutines (#94)
- client: Handle sending/receiving in separate goroutines
Run Protobuild in GitHub Actions (#95)
- Run Protobuild in GitHub Actions
- Re-generate example.pb.go
replace pkg/errors (#93)
- replace pkg/errors from vendor
Rename branch from master to main (#86)
- Rename branch from master to main
Make "go test" and "go build" work on macOS (#85)
- Make the example command buildable on macOS
- Run GitHub Actions on macOS
- Make "go test" work on macOS
Return Unimplemented when services or methods are not implemented (#83)
- Return Unimplemented when services or methods are not implemented
Remove "Very new" and checked TODO items (#84)
- Remove "Very new" and checked TODO items
removing glide from ignore (#82)
- removing glide from ignore
go.mod: update dependencies (#79)
- go.mod: github.com/prometheus/procfs v0.6.0
- go.mod: google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63
- go.mod: google.golang.org/grpc v1.27.1
- go.mod: github.com/gogo/protobuf v1.3.2
remove travis, add codecov badge (#78)
- CI: add codecov badge to readme
- CI: remove travis
Use GitHub Actions for CI (#77)
- Use GitHub Actions for CI
go.mod: sirupsen/logrus v1.7.0 (#76)
- go.mod: sirupsen/logrus v1.7.0
- go mod tidy

Dependency Changes

cloud.google.com/go v0.81.0 new
github.com/AdaLogics/go-fuzz-headers 6c3934b029d8 new
github.com/Microsoft/go-winio v0.4.17 -> v0.5.1
github.com/Microsoft/hcsshim v0.8.16 -> v0.9.2
github.com/blang/semver v3.5.1 new
github.com/cenkalti/backoff/v4 v4.1.2 new
github.com/cespare/xxhash/v2 v2.1.1 -> v2.1.2
github.com/cilium/ebpf v0.4.0 -> v0.7.0
github.com/containerd/cgroups v1.0.1 -> v1.0.3
github.com/containerd/console v1.0.2 -> v1.0.3
github.com/containerd/continuity v0.1.0 -> v0.2.2
github.com/containerd/go-cni v1.0.2 -> v1.1.1
github.com/containerd/imgcrypt v1.1.1 -> v1.1.3
github.com/containerd/ttrpc v1.0.2 -> v1.1.0
github.com/containernetworking/cni v0.8.1 -> v1.0.1
github.com/containernetworking/plugins v0.9.1 -> v1.0.1
github.com/containers/ocicrypt v1.1.1 -> v1.1.2
github.com/coreos/go-systemd/v22 v22.1.0 -> v22.3.2
github.com/go-logr/logr v0.2.0 -> v1.2.2
github.com/go-logr/stdr v1.2.2 new
github.com/godbus/dbus/v5 v5.0.3 -> v5.0.6
github.com/golang/groupcache 8c9f03a8e57e -> 41bb18bfe9da
github.com/golang/protobuf v1.3.5 -> v1.5.2
github.com/google/go-cmp v0.5.4 -> v0.5.6
github.com/google/gofuzz v1.1.0 -> v1.2.0
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 new
github.com/grpc-ecosystem/grpc-gateway v1.16.0 new
github.com/hashicorp/errwrap v1.0.0 -> v1.1.0
github.com/hashicorp/go-multierror v1.0.0 -> v1.1.1
github.com/imdario/mergo v0.3.11 -> v0.3.12
github.com/intel/goresctrl v0.2.0 new
github.com/json-iterator/go v1.1.10 -> v1.1.12
github.com/moby/spdystream v0.2.0 new
github.com/moby/sys/mountinfo v0.4.1 -> v0.5.0
github.com/moby/sys/signal v0.6.0 new
github.com/moby/sys/symlink v0.1.0 -> v0.2.0
github.com/modern-go/reflect2 v1.0.1 -> v1.0.2
github.com/opencontainers/image-spec v1.0.1 -> 693428a734f5
github.com/opencontainers/runc v1.0.0-rc93 -> v1.1.0
github.com/opencontainers/runtime-spec e6143ca7d51d -> 1c3f411f0417
github.com/opencontainers/selinux v1.8.0 -> v1.10.0
github.com/pelletier/go-toml v1.8.1 -> v1.9.3
github.com/prometheus/client_golang v1.7.1 -> v1.11.0
github.com/prometheus/common v0.10.0 -> v0.30.0
github.com/prometheus/procfs v0.6.0 -> v0.7.3
github.com/satori/go.uuid v1.2.0 new
github.com/sirupsen/logrus v1.7.0 -> v1.8.1
github.com/spf13/pflag v1.0.5 new
github.com/stretchr/testify v1.6.1 -> v1.7.0
github.com/vishvananda/netlink f5de75959ad5 new
github.com/vishvananda/netns 2eb08e3e575f new
go.etcd.io/bbolt v1.3.5 -> v1.3.6
go.opencensus.io v0.22.3 -> v0.23.0
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.28.0 new
go.opentelemetry.io/otel v1.3.0 new
go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0 new
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.3.0 new
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.3.0 new
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.3.0 new
go.opentelemetry.io/otel/sdk v1.3.0 new
go.opentelemetry.io/otel/trace v1.3.0 new
go.opentelemetry.io/proto/otlp v0.11.0 new
golang.org/x/crypto 0c34fe9e7dc2 -> 32db794688a5
golang.org/x/net e18ecbb05110 -> fe4d6282115f
golang.org/x/oauth2 bf48bf16ab8d -> 2bc19b11175f
golang.org/x/sync 09787c993a3a -> 036812b2e83c
golang.org/x/sys 47abb6519492 -> 1d35b9e2eb4e
golang.org/x/term 7de9c90e9dd1 -> 6886f2dfbf5b
golang.org/x/text v0.3.4 -> v0.3.7
golang.org/x/time 3af7569d3a1e -> 1f47c861a9ac
google.golang.org/appengine v1.6.5 -> v1.6.7
google.golang.org/grpc v1.27.1 -> v1.43.0
google.golang.org/protobuf v1.27.1 new
gopkg.in/yaml.v3 9f266ea9e77c -> 496545a6307b
k8s.io/api v0.20.6 -> v0.22.5
k8s.io/apimachinery v0.20.6 -> v0.22.5
k8s.io/apiserver v0.20.6 -> v0.22.5
k8s.io/client-go v0.20.6 -> v0.22.5
k8s.io/component-base v0.20.6 -> v0.22.5
k8s.io/cri-api v0.20.6 -> v0.23.1
k8s.io/klog/v2 v2.4.0 -> v2.30.0
k8s.io/utils 67b214c5f920 -> cb0fa318a74b
sigs.k8s.io/structured-merge-diff/v4 v4.0.3 -> v4.1.2

Previous release can be found at v1.5.0

containerd/containerd v1.6.0-rc.2 containerd 1.6.0-rc.2 on GitHub