github containerd/containerd v1.7.0-beta.0
containerd 1.7.0-beta.0
on GitHub

latest releases: v2.0.0-rc.2, v1.7.17, api/v1.8.0-rc.0...
pre-release19 months ago

Welcome to the v1.7.0-beta.0 release of containerd!
This is a pre-release of containerd

The eighth major release of containerd includes new functionality alongside many improvements. This release is intended to be the last major release of containerd 1.x before 2.0. Some functionality in this release may be considered experimental or unstable, but will become stable or default in 2.0. This release still adheres to our backwards compability guarantees and users who do not use or enable new functionality should use this release with the same stability expectations. The previous 1.6 release has also become a long term stable release for users who prefer releases with mostly stability improvements and wish to wait a few releases for new functionality.

This is a beta release and includes some functionality which is not yet complete. While most APIs are finalized before merge, they are subject to change until the official release.

Highlights

Sandbox API (experimental)

The sandbox API provides a new way of managing containerd's shim, providing more flexibility and functionality for multi-container environments such as Pods and VMs. This API makes it easier to manage these groups of containers at a higher level and offers new extension points for shim implementations and clients.

  • Sandbox API (#6703)
  • CRI Sandbox API Implementation (#7228)

Transfer Service (in progress)

  • Transfer Service (#7320)

NRI (in progress)

  • Extend NRI scope (nri#16)
  • Support for updated NRI (#6019)

Platform Support

  • Linux containers on FreeBSD (#7000)

Runtime Features

  • Add support for CDI device injection (#6654)
  • Support for cgroups blockio (#5490)
  • Add restart policy for enhanced restart manager (#6744)

Road to 2.0

Refactoring

There are multiple places in the code today which are being targeted for refactoring to make long term support easier and to provide more extension points.

The CRI plugin is the most complex containerd plugin with a wide range of functionality. A major effort in this release and before 2.0 involves moving functionality out of the single CRI plugin into smaller-scoped containerd plugins, such that they can be used and tested independenty. The new sandbox and distribution interfaces provide one example of this, but it also being done for image and network management.

The version of ttrpc has been updated this release to support streaming, allowing existing grpc services to use ttrpc. Services are being refactored to allow ttrpc implementations, which can be served via shim and accessed using the new sandbox management capability.

  • Remove gogoproto.customtype (#6699)

  • Remove enumvalue_customname, goproto_enum_prefix and enum_customname (#6708)

  • Remove all gogoproto extensions (#6829)

  • Migrate off from github.com/gogo/protobuf (#6841)

  • ttrpc streaming (ttrpc#107)

  • Add unpack interface for client (#6749)

  • Add collectible resources to metadata gc (#6804)

Configuration

Existing CRI configurations will be supported until 2.0. Any functionality split out of CRI will have their configuration migrated to new plugins. Deprecated configuration versions and configurations for deprecated features will be removed in 2.0.

Deprecation

The 2.0 release will remove any feature deprecated in 1.x. Features deprecated in this release include.

  • Docker Schema 1 Image Deprecation (#6884)

CRI Updates

  • Support image pull progress timeout (#6150)
  • Fix CRI plugin to setup pod network after creating the sandbox container (#5904)

Other

  • Support shallow content copy by adding reader option to local content reader at (#7414)
  • Add NoSameOwner option when unpacking tars (#7386)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Kazuyoshi Kato
  • Phil Estes
  • Derek McGowan
  • Maksym Pavlenko
  • Wei Fu
  • Akihiro Suda
  • Sebastiaan van Stijn
  • Samuel Karp
  • Mike Brown
  • Daniel Canter
  • Ye Sijun
  • Ed Bartosh
  • Stefan Berger
  • Paul "TBBle" Hampson
  • Gabriel Adrian Samfira
  • Nashwan Azhari
  • xin.li
  • Shengjing Zhu
  • Adam Korcz
  • Henry Wang
  • Justin Terry
  • wanglei
  • zounengren
  • Iceber Gu
  • Kevin Parsons
  • Brian Goff
  • Gavin Inglis
  • Michael Crosby
  • Qiutong Song
  • lengrongfu
  • ruiwen-zhao
  • Cameron Sparr
  • James Jenkins
  • Luca Comellini
  • Michael Zappa
  • Paco Xu
  • Tobias Klauser
  • pigletfly
  • Akhil Mohan
  • Amit Barve
  • Eng Zer Jun
  • Eric Lin
  • James Sturtevant
  • Jonny Stoten
  • Kang.Zhang
  • Mikko Ylinen
  • Paul S. Schweigert
  • Shiming Zhang
  • Swagat Bora
  • Vincent Batts
  • cosmoer
  • dependabot[bot]
  • yaoyinnan
  • Abirdcfly
  • Anastassios Nanos
  • Andrew G. Morgan
  • Andrey Klimentyev
  • Antonio Ojea
  • Antti Kervinen
  • Austin Vazquez
  • Baoshuo
  • Benjamin Elder
  • Chao Dai
  • Claudiu Belu
  • Cory Snider
  • Danielle Lancashire
  • Danny Canter
  • Dat Nguyen
  • Davanum Srinivas
  • David Porter
  • Dmitry Shurupov
  • Eric Ernst
  • Ethan Lowman
  • Fabian Hoffman
  • Fabian Hoffmann
  • Fahed Dorgaa
  • Gabriela Cervantes
  • Gijs Peskens
  • Hamza El-Saawy
  • Ikko Ashimine
  • Jeff Widman
  • Jeff Zvier
  • Jeremi Piotrowski
  • Jordan Karaze
  • Joseph Sheng
  • Joyce Brum
  • Kathryn Baldauf
  • Kohei Tokunaga
  • Kyle L Frisbie
  • Marc Schwind
  • Mark Rossetti
  • Marvin Giessing
  • Nabeel Rana
  • Nguyen Phan Huy
  • Nobel Barakat
  • Oleg Atamanenko
  • Oleg Zhurakivskyy
  • Oliver Radwell
  • Quan Tian
  • Rodrigo Campos
  • Roy Yang
  • Serge Logvinov
  • Shane Jennings
  • Shaun Lawrie
  • Shinichi Morimoto
  • SilverSoldier
  • Sophie Liu
  • Taeho Nam
  • Takumasa Sakao
  • Tiger Kaovilai
  • Tom Godkin
  • Tomoya.Fujita
  • Tõnis Tiigi
  • Xinlin Ma
  • Yakul Garg
  • Zhongming Chang
  • Zhuchen Wang
  • austinvazquez
  • bin liu
  • cardy.tang
  • cathaysia
  • dabaooline
  • guiyong.ou
  • jianfei.zhang
  • ningmingxiao
  • shi yixue
  • shuaichang
  • songjiang han
  • wusong
  • xiaoyang zhu
  • yanghesong
  • zhang he

Changes

950 commits

  • Add release notes for v1.7.0-beta.0 (#7575)
    • Add release notes for v1.7.0-beta.0
    • Update mailmap
  • Cleanup sandbox interfaces (#7576)
    • Cleanup sandbox interfaces
  • Update GitHub actions release workflow set output (#7581)
    • Migrate away from GitHub actions set-output
  • Fix LogURI generation-related tests on Windows. (#7569)
    • Fix LogURI generation-related tests on Windows.
  • maintenance: Remove WithWindowsNetworkNamespace from pkg/cri (#7577)
    • maintenance: Remove WithWindowsNetworkNamespace from pkg/cri
  • CRI: implement Controller.Delete for SandboxAPI (#7457)
    • CRI: implement Controller.Delete for SandboxAPI
  • Configure CDI registry only on start (#7419)
    • update go.mod and go.sum
    • improve CDI logging
    • CDI: configure registry on start
    • move WithCDI to pkg/cri/opts
  • update codeql-action to v2 (#7568)
    • update codeql-action to v2
  • Add logging related metrics to Containerd CRI plugin (#7546)
    • Add logging volume metrics to Containerd CRI plugin
  • sys: optimize and refactor MkdirAllWithACL() (#7531)
    • sys: synchronize mkdirall() with latest os.MkDirAll()
    • sys: create SecurityAttribute only once (Windows)
    • sys: update volumePath regex to allow returning earlier
    • sys: compile volume-path regex once, and update GoDoc
  • fix install cni script (#7484)
    • fix install cni script
  • Update 1.5 release support timeframe (#7560)
    • Update 1.5 release support timeframe
  • bump go-fuzz-headers (#7503)
    • bump go-fuzz-headers
  • Add long term stable release branches (#7454)
    • Add long term stable release branches
  • fix pusher concurrent close channel (#7473)
    • fix pusher concurrent close channel
  • Make tests on GitHub less noisy (#7530)
    • Use logtest if possible to clean up logs
    • Separate containerd logs in GitHub Actions' console
    • Upgrade critools from 1.24.1 to 1.25.0
    • Upgrade actions/upload-artifact from v2 to v3
  • containerd should not print error log that failed to init a tracing processor while the tracing plugin is not loaded (#7541)
    • not init a tracing processor when not loaded
  • Update required Go version in BUILDING.md (#7544)
    • Update required Go version in BUILDING.md
  • go.mod: matttproud/golang_protobuf_extensions v1.0.2 (use tag) (#7522)
    • go.mod: matttproud/golang_protobuf_extensions v1.0.2 (use tag)
  • Use go env to determine GOPATH in Makefile. (#7542)
    • Use go env to determine GOPATH in Makefile.
  • clean-up "nolint" comments, remove unused ones, update golangci-lint (#7349)
    • update golangci-lint to v1.49.0
    • remove unneeded nolint-comments (nolintlint), disable deprecated linters
    • clean-up "nolint" comments, remove unused ones
    • pkg/cri/(server|sbserver): criService.getTLSConfig() add TODO to verify nolint
    • golangci-lint: sort linters in config file
    • linting: address gosec G112/G114
  • Don't unmount on Darwin when deleting bundle (#7534)
    • Don't unmount on Darwin when deleting bundle
  • Add timeouts to all CI jobs (#7538)
    • Add timeouts to all CI jobs
  • Vagrantfile: explicitly specify rsync as the shared folder driver (#7539)
    • Vagrantfile: explicitly specify rsync as the shared folder driver
  • sys: remove unused IsAbs() (windows) (#7527)
    • sys: remove unused IsAbs() (windows)
  • cri: PodSandboxStatus should tolerate missing task (#7535)
    • cri: PodSandboxStatus should tolerate missing task
  • CI: update GHA instances from Ubuntu 18.04 to 20.04 (#7489)
    • CI: update GHA instances from Ubuntu 18.04 to 20.04
  • fix the --no-pivot flag being ignored by ctr tasks start (#7519)
    • fix the --no-pivot flag being ignored by ctr tasks start
  • Update the default seccomp to block socket calls to AF_VSOCK (#7510)
    • Update the default seccomp to block socket calls to AF_VSOCK
  • cmd/containerd: use golang.org/x/sys/windows.SetStdHandle() (#7511)
    • cmd/containerd: use golang.org/x/sys/windows.SetStdHandle()
  • Stats() shouldn't assume s.container is non-nil (#7517)
    • Stats() shouldn't assume s.container is non-nil
  • Move up actions versions to prep for NodeJS 12 deprecation (#7516)
    • Move up actions versions to prep for deprecation
  • cmd/containerd: use golang.org/x/sys Service.SetRecoveryActions() (#7512)
    • cmd/containerd: use golang.org/x/sys Service.SetRecoveryActions()
  • Updates oci image config to support upstream ArgsEscaped (#7483)
    • Updates oci image config to support upstream ArgsEscaped
  • cmd/containerd: replace deprecated windows.IsAnInteractiveSession() (#7497)
    • cmd/containerd: replace deprecated windows.IsAnInteractiveSession()
  • Update container with sandbox metadata after NetNS is created (#7481)
    • Update container with sandbox metadata after NetNS is created
  • archive: add WithSourceDateEpoch() for whiteouts (#7478)
    • archive: add WithSourceDateEpoch() for whiteouts
  • TestTaskResize must use a terminal (#7492)
    • TestTaskResize must use a terminal
  • diff/apply.readCounter: check negative size (#7494)
    • diff/apply.readCounter: check negative size
  • Add new ctr option for discarding unpacked layers (#7425)
    • Modify WithDiscardUnpackedLayers
    • Add new ctr option for discarding unpacked layers
  • archive: windows: chtimes(): remove redundant conversion (#7491)
    • archive: windows: chtimes(): remove redundant conversion
  • archive: validate digests before use (#7488)
    • archive: validate digests before use
  • vendor: github.com/opencontainers/selinux v1.10.2 (#7482)
    • vendor: github.com/opencontainers/selinux v1.10.2
  • fuzzing: create structured tar bytes in archive fuzzer (#7477)
    • fuzzing: create structured tar bytes in archive fuzzer
  • Update to go 1.19.2 to address CVE-2022-2879, CVE-2022-2880, CVE-2022-41715 (#7474)
  • use raw link to containerd.service config (#7463)
    • use raw link to containerd.servic config
  • cri doc: Update kata containers reference (#7466)
    • cri doc: Update kata containers reference
  • Setup pod network after creating the sandbox container (#5904)
    • Add integration tests with failpoint
    • Persist container and sandbox if resource cleanup fails, like teardownPodNetwork
    • cri-integration: pass ENABLE_CRI_SANDBOXES to test
  • Swap to net.ErrClosed checks for services (#7446)
    • Swap to net.ErrClosed checks for services
  • go.mod: Bump go-winio to v0.6.0 (#7443)
    • go.mod: Bump go-winio to v0.6.0
  • fix retry when writer is reset on push (#6995)
    • retry request on writer reset
  • CI: Output a summary using GITHUB_SUMMARY (#7192)
    • Use jq and only show failed tests on summary
    • CI: Output a summary using GITHUB_SUMMARY
  • Fix missing close (#7430)
    • fix missing close
  • Add test flag for skipping shim cgroup test (#7424)
    • Add test flag for skipping shim cgroup test
  • Refactor CRI fuzzers (#7405)
    • Refactor CRI fuzzers
  • Fix LogURIGenerator on Windows (#7351)
    • Fix LogURIGenerator on Windows
  • Set grpc code for unimplemented cri-api methods (#7417)
    • Set grpc code for unimplemented cri-api methods
  • Add reader option to local content reader at (#7414)
    • Add reader option to local content reader at
  • Sandbox API: implement Controller.Wait and Controller.Stop (#7401)
    • CRI: implement Controller.Stop for SandboxAPI
    • CRI: implement Controller.Wait for SandboxAPI
  • remove stray .zuul.yaml (#7416)
    • remove stray .zuul.yaml
  • reference CDI configuration details (#7408)
    • reference CDI configuration details
  • cri-integration: propagate ENABLE_CRI_SANDBOXES (#7413)
    • sbserver: return resources in ContainerStatus
    • cri-integration: propagate ENABLE_CRI_SANDBOXES
  • Enable OpenSSF Scorecard Github Action (#7404)
    • chore: enable Scorecard Github Action
  • Add ext2 fs support to devmapper snapshotter (#7402)
    • Add ext2 fs support to devmapper snapshotter
  • Fuzzing: Instrument with new sanitizers (#7396)
    • Fuzzing: Instrument with new sanitizers
  • Upgrade fuzzing-related packages to reduce dependencies (#7397)
    • Upgrade fuzzing-related packages to reduce dependencies
  • remotes/docker/config: Skipping TLS verification for localhost (#7393)
    • remotes/docker/config: Skipping TLS verification for localhost
  • Replace github.com/emicklei/go-restful package, versions <2.16.0 (#7395)
    • github.com/emicklei/go-restful CWE-285: Improper Authorization
  • Add NoSameOwner option when unpacking tars (#7386)
    • Add NoSameOwner option when unpacking tars
  • ctr: add privileged-without-host-devices for run command (#7328)
    • ctr: add privileged-without-host-devices for run command
  • chore: matching the casing of other flags for ctr's pull command (#7341)
    • matching the casing of other flags for ctr's pull command.
  • windows: Add runhcs-wcow-hypervisor runtimeclass to the default config (#6901)
    • windows: Add runhcs-wcow-hypervisor runtimeclass to the default config
  • Fix missing close (#7370)
    • Fix missing close
  • CRI: update cdi version to v0.5.1 (#7374)
    • update cdi version to v0.5.1
  • Update to go 1.19.1, 1.18.6 to address CVE-2022-27664, CVE-2022-32190 (#7372)
  • vendor: golang.org/x/net v0.0.0-20220906165146-f3363e06e74c (#7373)
    • vendor: golang.org/x/net v0.0.0-20220906165146-f3363e06e74c
  • Remove unused variable from images action (#7371)
    • Remove unused variable from images action
  • feature: use client default namespace (#7291)
    • feature: use client default namespace
  • integration: TestUpdateContainerResources_MemoryLimit: remove TODO comment (#7367)
    • integration: TestUpdateContainerResources_MemoryLimit: remove TODO comment
  • feature: upgrade registry.k8s.io/pause version (#7359)
    • feat: upgrade registry.k8s.io/pause version
  • metrics/cgroups/v1: Remove unused event parameter (#7361)
    • metrics/cgroups/v1: Remove unused event parameter
  • .zuul: remove the zuul because it is offline (#7369)
    • .zuul: remove the zuul because it is offline
  • Update golangci-lint timeout to match config (#7356)
    • Update golangci-lint timeout to match config
  • delete redundent import alias and and type conversion (#7345)
    • delete redundent import alias and and type conversion
  • Make checkContainerTimestamps less strict on Windows (#7350)
    • Make checkContainerTimestamps less strict on Windows
  • Make oss-fuzz mandatory (#7346)
    • Pin github.com/AdamKorcz/go-118-fuzz-build
    • Make oss-fuzz mandatory
  • Add kubernetes v1.25 supported version as v1.24 (#7326)
    • Add Kubernetes v1.25 supported version as v1.24
  • sys: move ForceRemoveAll to integration/client (#7335)
    • sys: move ForceRemoveAll to integration/client
  • chore: remove duplicate word in comments (#7338)
    • chore: remove duplicate word in comments
  • Use ioctl helpers from x/sys/unix (#7342)
    • mount: use ioctl helpers from x/sys/unix
    • go.mod, vendor: bump golang.org/x/sys to latest version
  • archive: replace tarName() with filepath.ToSlash() (#7344)
    • archive: replace tarName() with filepath.ToSlash()
  • mount: remove unused ErrNotImplementOnWindows (#7339)
    • mount: remove unused ErrNotImplementOnWindows
  • replace sys Sequential funcs with moby/sys/sequential (#7334)
    • replace sys Sequential funcs with moby/sys/sequential
  • Clarify containerd 1.5.0+ for k8s 1.20,1.21 (#7324)
    • Clarify containerd 1.5.0+ for k8s 1.20,1.21
  • update runc binary to v1.1.4 (#7315)
    • go.mod: github.com/opencontainers/runc v1.1.4
    • update runc binary to v1.1.4
  • Upgrade github.com/klauspost/compress from v1.11.13 to v1.15.9 (#7325)
    • Upgrade github.com/klauspost/compress from v1.11.13 to v1.15.9
  • Update k8s.io/cri-api to v0.25.0 (#7287)
    • update intergration
    • bump cri-api
  • script/setup: handle cnidir with SUDO (#7322)
    • script/setup: handle cnidir with SUDO
  • ContainerStatus to return container resources (#6517)
    • ContainerStatus to return container resources
    • Update CRI-API
  • migrate from k8s.gcr.io to registry.k8s.io (#7038)
    • migrate from k8s.gcr.io to registry.k8s.io
  • Do not rename test files on-the-fly to share functions (#7309)
    • Do not rename test files on-the-fly to share functions
  • ctr import: strictly match platform (#6906)
    • ctr import: strictly match platform
  • Revert "Downgrade MinGW to version 10.2.0" (#7308)
    • Revert "Downgrade MinGW to version 10.2.0"
  • Follow up #7254 (Switch to Go 1.19) (#7286)
    • contrib/fuzz/daemon.go: reformat the fileheader
    • pkg/cri/streaming: increase ReadHeaderTimeout
  • Upgrade containerd/cgroups to remove github.com/cilium/ebpf's fuzzer (#7304)
    • crypto/sha256 must be imported
    • Don't patch github.com/cilium/ebpf
    • Upgrade containerd/cgroups to remove github.com/cilium/ebpf's fuzzer
  • Adding support of CAP_BPF and CAP_PERFMON (#7301)
    • adding support of CAP_BPF and CAP_PERFMON
  • go.mod: Bump hcsshim to v0.10.0-rc.1 (#7284)
    • Remove Windows special case in TestContainerdRestart
    • go.mod: Bump hcsshim to v0.10.0-rc.1
  • Don't fail test when GOOGLE_APPLICATION_CREDENTIALS is unset (#7306)
    • Don't fail test when GOOGLE_APPLICATION_CREDENTIALS is unset
  • ci: remove GOPROXY environment variable due to go-yaml/yaml#887 (#7293)
  • Runtime cleanup (Shim manager and task service) (#7280)
    • Cleanup shim manager
    • Make TaskList generic
  • containerd-stress: add support for running through CRI (#6931)
    • containerd-stress: add support for running through CRI
  • Switch to Go 1.19 (#7254)
    • Fix contrib/ header
    • Rework permission handling in scripts
    • Update protobuf definitions
    • Run gofmt 1.19
    • Update golangci-lint to 1.48 with Go 1.19 support
    • Switch to Go 1.19
  • Vagrantfile: dump containerd log after critest (#7265)
    • Vagrantfile: dump containerd log after critest
  • oci: skip checking group id for WithAppendAdditionalGroups (#7257)
    • oci: skip checking gid for WithAppendAdditionalGroups
  • release workflow: increase timeout to 30 minutes & remove Go setup action (#7259)
    • release workflow: remove Go setup action
    • release workflow: increase timeout to 30 minutes
  • release: rollback Ubuntu to 18.04 (except for riscv64) (#7258)
    • release: rollback Ubuntu to 18.04 (except for riscv64)
  • Initial sandbox API CRI integration (implement Controller.Start) (#7228)
    • Add TODOs for the remaining work
    • Update sandbox protobuf to match CRI
    • Update controller's start response to incldue pid and labels
    • Cleanup CRI files
    • Move sandbox start behind controller
    • Add sandbox to in memory services
    • Add sandbox store helpers
  • Use environment variable to specify Go version on CI (#7251)
    • Use global env variable to specify Go version on CI
  • Update golang to 1.18.5, 1.17.13 (#7243)
    • Update golang to 1.18.5, 1.17.13
  • Change os.Stderr reassign for Windows service (#7023)
    • Change os.Stderr reassign for Windows service
  • script/setup: fix protobuf for aarch64 (#7237)
    • fix protobuf aarch64
  • Fix cleanup in critest (#7232)
    • Fix cleanup in critest
  • fix: support simultaneous create diff for same parent snapshot (#7204)
    • fix: support simultaneous create diff for same parent snapshot
  • Windows HostProcess container CRI stats test (#7223)
    • Windows HostProcess container CRI stats test
  • Regenerate protos with updated protoc-gen-go (#7226)
    • Regenerate protos with updated protoc-gen-go
  • test: error strings should not be capitalized (#7195)
    • test: error strings should not be capitalized
  • Add extra context to error when push unauthorized (#7220)
    • Add extra context to error when push unauthorized
  • replace with selinux label (#7207)
    • replace with selinux label
  • Use httputil.DumpRequestOut for dumping client req (#7221)
    • Use httputil.DumpRequestOut for dumping client req
  • Fix CRI image pull timeout test for ppc64le (#7215)
    • Fix CRI image pull timeout test for ppc64le
  • test: introduce failpoint control to runc-shimv2 and cni (#7069)
    • integration: simplify CNI-fp and add README.md
    • pkg/failpoint: add FreeBSD link and update pkg doc
    • integration: Add injected failpoint testing for RunPodSandbox
    • integration: CNI bridge wrapper with failpoint
    • pkg/failpoint: add DelegatedEval API
    • runtime/v2/shim: return if error in load plugin
    • bin/ctr,integration: new runc-shim with failpoint
    • runtime/v2: manager supports server interceptor
    • pkg/failpoint: init failpoint package
  • chore: bump macos runner version (#7206)
    • chore: bump macos runner version
  • Use image lists form integration/client tests (#7210)
    • Fix command line parsing for image list
    • Update image references for Windows tests
    • Use image lists instead of hardcoded images
    • Use image lists in client tests
  • go.mod: Bump hcsshim to v0.9.4 (#7212)
    • go.mod: Bump hcsshim to v0.9.4
    • go.mod: Bump hcsshim to 0.9.3
  • Drop deprecated ioutil (#7203)
    • Drop deprecated ioutil
  • Make getServicesOpts a helper (#7201)
    • Make getServicesOpts a helper
  • adds an env var commented out for sandboxed mode (#7183)
    • adds an env var commented out for sandboxed mode
  • cri_stats: handle missing cpu stats (#7198)
    • cri_stats: handle missing cpu stats
  • using ContextDialer instead (#7189)
    • using ContextDialer instead
  • test: Add ability to switch between cgroupv1 or cgroupv2 for node e2e (#7173)
    • test: Add ability to switch between cgroupv1 or cgroupv2
  • code cleanup (#7182)
    • code cleanup
  • Update k8s.io/cri-api to v0.25.0-alpha2 (#7114)
    • Update k8s.io/cri-api to v0.25.0-alpha2
  • Refactor usageNanoCores be to used for all OSes (#7186)
    • Refactor usageNanoCores be to used for all OSes
  • adds support for using env file for systemd boot (#7191)
    • adds support for using env file for systemd boot
  • go.mod: github.com/stretchr/testify v1.8.0 (#7185)
    • go.mod: github.com/stretchr/testify v1.8.0
  • ctr: support --user for run/create (#7145)
    • ctr: support --user for run/create
  • docs: Fix sample config.toml syntax (#7174)
    • docs: Fix sample config.toml syntax
  • seccomp: seccomp: add syscalls related to PKU in default policy (#7163)
    • seccomp: seccomp: add syscalls related to PKU in default policy
  • Update and align golangci-lint version (#7168)
    • Fix linter warnings
    • Update and align golangci-lint version
  • adds a comment explaining how to disable experimental sbserver (#7169)
    • adds a comment explaining how to disable experimental sbserver
  • ci: workaround Cirrus CI's INVALID_ARGUMENT (#7177)
    • ci: workaround Cirrus CI's INVALID_ARGUMENT
  • Update install-protobuf script to install protobuf on Darwin (#7153)
    • Fix protobuf script to install protobuf on darwin
  • Fork CRI server for Sandbox API integration work (#7164)
    • Add log messages when choosing CRI server
    • Change metrics namespace for sandboxed CRI to prevent panic
    • Enable integration tests against sandboxed CRI
    • Fork CRI server package
  • seccomp: add get_mempolicy, mbind, set_mempolicy, with CAP_SYS_NICE (#7167)
    • seccomp: add get_mempolicy, mbind, set_mempolicy, with CAP_SYS_NICE
  • cri doc: fix formatting for CDI options (#7158)
    • cri doc: fix formatting for CDI options
  • update golang to 1.18.4, 1.17.12 (#7159)
    • update golang to 1.18.4, 1.17.12
  • Fix out of date comments for CRI store packages (#7152)
    • Fix out of date comments for CRI store packages
  • update some devmapper docs (#7124)
    • update some devmapper docs
  • seccomp: allow clock_settime64 when CAP_SYS_TIME is added (#7149)
    • seccomp: allow clock_settime64 when CAP_SYS_TIME is added
  • Copy fuzzers from github.com/cncf/cncf-fuzzing (#7123)
    • Copy fuzzers from github.com/cncf/cncf-fuzzing
    • Upgrade github.com/AdaLogics/go-fuzz-headers
  • fix can't edit object by using ctr content edit command (#6847)
    • fix can't edit object by using ctr content edit command
  • integration/client: fix typo in export_test.go (#7130)
    • integration/client: fix typo in export_test.go
  • Fix WWW-Authenticate parsing (#7126)
    • Fix WWW-Authenticate parsing
  • LCOW differ return ErrNotImplemented for wrong mount type (#7112)
    • LCOW differ return ErrNotImplemented for wrong mount type
  • Update go-restful/v3 to latest release (#7117)
    • Update go-restful/v3 to latest release
  • pkg/cri: use marshal wrapper for version convertor (#7108)
    • pkg/cri: use marshal wrapper for version convertor
  • Remove hacks around contrib/fuzz (#7087)
    • Do not hardcode fuzzers
    • Move container_fuzzer.go under integration/client/
    • Copy FuzzCRI from cncf/cncf-fuzzing
    • Remove mainfuzz package and StartDaemonForFuzzing
    • Move builtins_*.go to cmd/containerd/builtins to make the files reusable
  • Fix missing closed HTTP Body (#7107)
    • Fix missing closed HTTP Body
  • Cleanup metadata tests (#7105)
    • Cleanup metadata tests
  • Downgrade MinGW to version 10.2.0 (#7106)
    • Downgrade MinGW to version 10.2.0
  • ctr: Fix ctr c create fails to parse arguments (#7098)
    • ctr: Fix ctr c create fails to parse arguments
  • Fix Documentation Issue (#7103)
    • Fix Doc:
  • refactor: reduce duplicate code (#7100)
    • refactor: reduce duplicate code
  • make xattr EPERM non-fatal in createTarFile (#7094)
    • make xattr EPERM non-fatal in createTarFile
  • Move metadata plugin registration to seperate package (#7096)
    • Move metadata plugin registration to seperate package
  • fix: missing sudo for devmapper doc (#7092)
    • fix: missing sudo for devmapper doc
  • Ensure Windows Periodic workflow errors out while still uploading results. (#7085)
    • Ensure Windows Periodic workflow errors out while still uploading results.
    • Revert MinGW to oldest known working version in Windows setup script.
  • Add snapshotter key to snapshot events (#7084)
    • Add snapshotter key to snapshot events
  • add WithAdditionalGIDs test (#7072)
    • add WithAdditionalGIDs test
  • Forward ctr snapshotter flags on Windows (#7086)
    • Forward ctr snapshotter flags on Windows
  • add WithAppendAdditionalGroups helper (#7070)
    • add WithAppendAdditionalGroups helper
  • Make CI Fuzz less noisy (#7065)
    • Move contrib/fuzz/docker_fuzzer.go to remotes/docker
    • Copy FuzzConvertManifest from cncf/cncf-fuzzing
    • Do not hardcode fuzzing targets
    • Don't log "ignored xattr ..." warnings
    • Make oss_fuzz_build.sh quiet
  • ctr: add --hostname flag to create, run (#7082)
    • ctr: add --hostname flag to create, run
  • improve content-flow (#7077)
    • improve content-flow
  • Make CI Fuzz optional (#7067)
    • Make CI Fuzz optional
  • Use Go 1.18's testing.F on simple fuzzers (#7056)
    • Run fuzzing tests with go test -fuzz
    • Use testing.F on FuzzPlatformsParse
    • Use testing.F on FuzzParseProcPIDStatus
  • Downgrade MinGW in Windows setup scripts. (#7062)
    • Downgrade MinGW in Windows setup scripts.
  • Make test path a constant (#7057)
    • Make test path a constant
  • Run fuzzers in CI (#7052)
    • Run fuzzers in CI
  • CRI: Improve the /dev/shm mount options in Sandbox. (#6913)
    • CRI: change the /dev/shm mount options in Sandbox.
    • CRI: remove default /dev/shm mount in Sandbox.
  • fix:userattr-unmount unexpected timeout (#7008)
    • fix add ro mount for userattr-unmount unexpected timeout
  • Port (some) unit tests to FreeBSD (#7042)
    • archive: Explicitly specify stdio for tar(1)
    • platforms: Run goimports for FreeBSD
    • cri/server: Disable tests on FreeBSD
    • oci: Remove empty mount option slice for FreeBSD
    • oci: FreeBSD devices may have major number 0
    • archive: use Linkat on FreeBSD for hardlinks
  • Bump Golang and MinGW versions in Windows setup script. (#6888)
    • Bump Golang and MinGW versions in Windows setup script.
  • Windows snapshotter touch ups and new functionality (#6918)
    • Windows snapshotter touch ups and new functionality
  • Improve naming consistencies in comments in snapshotter.go (#7032)
    • Improve naming consistencies in comments in snapshotter.go
  • Make building static binaries simpler (#7022)
    • Make building static binaries simpler
  • Allow CRI on Darwin (#7033)
    • Allow CRI on Darwin
  • update runc binary to v1.1.3 (#7034)
    • update runc binary to v1.1.3
  • Linux containers on FreeBSD (#7000)
    • Linux containers on FreeBSD
  • go.mod: github.com/moby/sys/mountinfo v0.6.2 (#7026)
    • go.mod: github.com/moby/sys/mountinfo v0.6.2
  • fix minor spelling mistake: lablel -> label (#7031)
    • fix minor spelling mistake: lablel -> label
  • go.mod: github.com/containerd/cgroups v1.0.4 (#7027)
    • go.mod: github.com/containerd/cgroups v1.0.4
  • go.mod: github.com/containerd/continuity v0.3.0 (#7028)
    • go.mod: github.com/containerd/continuity v0.3.0
  • Correct spelling mistake ("sanbdox" to "sandbox") (#7029)
    • Correct spelling mistake ("sanbdox" to "sandbox")
  • Github Security Advisory GHSA-5ffw-gxpp-mxpf
    • Implicitly discard the input to drain the reader
    • Limit the response size of ExecSync
  • Bump grpc to v1.47.0 (#7018)
    • Bump grpc to v1.47.0
  • Bump k8s.io deps to v0.24.1 (#7017)
    • Bump k8s.io deps to v0.24.1
  • Support runtime level snapshotter for issue 6657 (#6899)
    • Added support for runtime level snapshotter, issue 6657
  • update golang to 1.18.3, 1.17.11 (#7012)
    • update golang to 1.18.3, 1.17.11
  • Fix containerd-stress duration flag (#7004)
    • Fix containerd-stress duration flag
  • update go-cni/for cni update fixing plugins that don't respond with version (#7009)
    • update go-cni/for cni update fixing plugins that don't respond with version
  • Add validations for Windows HostProcess CRI configs (#6996)
    • Add validations for Windows HostProcess CRI configs
  • Move docker reference logic to reference/docker package (#7007)
    • Move docker reference logic to reference/docker package
  • promote pause image to 3.7 (sync with kube v1.24) (#7003)
    • promote pause image to 3.7
  • Makefile: use urfave_cli_no_docs for binaries that don't need it (#6998)
    • Makefile: use urfave_cli_no_docs for binaries that don't need it
  • CRI: cleanup cri/store package (#6993)
    • CRI: Remove deprecated error types and update error msg
    • CRI: Move truncindex to pkg
    • CRI: Move reference sorting to reference package
    • CRI: Retrieve image spec on client
  • Use t.Run for /pkg/cri tests (#7001)
    • Use t.Run for /pkg/cri tests
  • vendor: github.com/urfave/cli v1.22.9 and fix "verify-vendor" script (#6997)
    • vendor: github.com/urfave/cli v1.22.9
    • fix verify-vendor if go.mod does not contain replace rules
  • sandbox: replace github.com/pkg/errors with native errors (#6937)
    • sandbox: replace github.com/pkg/errors with native errors
  • build: Fix references to check-protos target in Makefile (#6983)
    • build: Fix references to check-protos target in Makefile
  • ctr: fix label args used in NewContainer (#6954)
    • ctr: fix label args used in NewContainer
  • ctr sandbox: handle sandbox config (#6959)
    • ctr sandbox: handle sandbox config
  • Fix broken oss-fuzz build (#6975)
    • Fix broken oss-fuzz build
  • archive: add human-readable hint to Lchown error (#6982)
    • archive: add human-readable hint to Lchown error
  • Fix tx closed error when upperdirlabel specified (#6978)
    • Fix tx closed error when upperdirlabel specified
  • config: improve config v1 deprecation message (#6972)
    • config: improve config v1 deprecation message
  • Fix Windows install powershell script (#6969)
    • Fix Windows install powershell script
  • fix comments on metadata schema and update namespace doc (#6955)
    • add note that a namespace cannot be named "version"
    • fix comments on metadata schema
  • adjust format in comment (#6956)
    • adjust format in comment
  • Restore decompression benchmarks (#6957)
    • Restore decompression benchmarks
  • cmd/ctr/commands/content: fix typo in fetch command usage (#6960)
    • adjust format
  • fix some confusing typos (#6950)
    • fix some confusing typos
  • update doc url about k8s (#6952)
    • update doc url
  • Separate windows-2019 and windows-2022 test results (#6946)
    • Separate windows-2019 and windows-2022 test results
  • shim: fix debug flag not working (#6910)
    • shim: fix debug flag not working
  • Reverts removal of parallel run from critest (#6938)
    • reverts removal of parallel run from critest
  • Bump OpenTelemetry dependencies (#6932)
    • Bump OpenTelemetry dependencies
  • update runc binary and vendor to v1.1.2 (#6934)
    • vendor: github.com/opencontainers/runc v1.1.2
    • update runc binary to v1.1.2
  • oci: WithDefaultUnixDevices(): remove tun/tap from the default devices (#6923)
    • oci: WithDefaultUnixDevices(): remove tun/tap from the default devices
  • update golang to 1.18.2, 1.17.10 (#6926)
    • update golang to 1.18.2, 1.17.10
  • CI: update Fedora to 36 (#6925)
    • CI: update Fedora to 36
  • Add Wait to binaryProcessor (#6916)
    • Add Wait to binaryProcessor
  • go.mod: Bump k8s deps to v0.24.0 (#6905)
    • go.mod: Bump k8s deps to v0.24.0
  • (Vagrant CI) Enable git commands due to git CVE fix (#6915)
    • Enable git commands due to git CVE fix
  • Pass explicit JUnit outfile to critest.exe in Windows workflow. (#6912)
    • Pass explicit JUnit outfile to critest.exe in Windows workflow.
  • Update critools to v1.24 (#6894)
    • update critools to v1.24
  • devmapper docs: small fixes (#6904)
    • devmapper docs: small fixes
  • move report dir option to end of line for vagrant cri tests (#6900)
    • move report dir option to eol
  • Update Kubernetes version matrix in release docs (#6892)
    • Update Kubernetes version matrix in release docs
  • Share container images between TestRestartMonitor and TestRestartMonitorWithOnFailurePolicy (#6889)
    • Share images between TestRestartMonitor and TestRestartMonitorWithOnFailurePolicy
  • containerd 1.6.4 k8s 1.24 readme announce (#6890)
    • containerd 1.6.4 k8s 1.24 readme announce
  • Cleanup leaked shim process (#6866)
    • Cleanup leaked shim process
  • Add collectible resources to metadata gc (#6804)
    • metadata: use resource max and end on registration
    • Add collectible resources to metadata gc
  • Update k8 docurl in file (#6881)
    • Update k8 docurl in file
  • Support RISC-V 64 (#6882)
    • CI: add riscv64 builds
    • release/Dockerfile: update Ubuntu to 22.04 for supporting riscv64
    • seccomp: support riscv64
  • docs: minor fixes in snapshots.Snapshotter comments (#6885)
    • docs: minor fixes in snapshots.Snapshotter comments
  • Officially deprecate Schema 1 (#6884)
    • Officially deprecate Schema 1
  • Make Cirrus CI tests more stable (#6880)
    • Reduce the number of the concurrent HTTP requests in TestUserNamespaces
    • Skip TestImagePullWithConcurrencyLimit on Cirrus CI
  • docs: Adding windows installation steps to getting-started.md (#6875)
    • docs: Adding windows installation steps to getting-started.md
  • Add ctr support for CPUMax and CPUShares (#6809)
    • Add ctr support for CPUMax and CPUShares
  • Support for cgroups blockio (#5490)
    • cri: support blockio class in pod and container annotations
  • Fix comment for metadata/db.go (#6871)
    • Fix comment for metadata/db.go
  • Remove github.com/gogo/protobuf and github.com/golang/protobuf from containerd's direct dependencies (#6867)
    • Upgrade protoc, protoc-gen-go and protoc-gen-go-grpc
    • go mod tidy & go mod vendor
    • make protos
    • Remove gogo from .proto files
  • Update go-cni to v1.1.5 (#6868)
    • Update go-cni to v1.1.5
  • Bump opencontainers/selinux from 1.10.0 to 1.10.1 (#6865)
    • Bump opencontainers/selinux from 1.10.0 to 1.10.1
  • Upgrade google.golang.org/grpc and google.golang.org/protobuf (#6864)
    • Upgrade google.golang.org/grpc and google.golang.org/protobuf
    • Remove kzys/typeurl
  • Don't use "uname -a" as Cirrus CI's cache key (#6863)
    • Don't use "uname -a" as Cirrus CI's cache key
  • remove duplicate (#6856)
    • remove duplicate
  • Create ppc64le release (#6858)
    • Create ppc64le release
  • Move Vagrant-based tests from GitHub Actions to Cirrus CI (#6854)
    • Move Vagrant-based tests from GitHub Actions to Cirrus CI
  • feature: support image pull progress timeout (#6150)
    • feature: support image pull progress timeout
  • Add unpack interface to be used by client (#6749)
    • unpack: return error when no platforms defined
    • Add unpack interface to be used by client
  • Fix undefined error in use of errors package (#6855)
    • Fix undefined error in use of errors package
  • Migrate off from github.com/gogo/protobuf (#6841)
    • Fix tests
    • go mod tidy and go mod vendor
    • Upgrade containerd/typeurl
    • make protos
    • Rename Size_ to Size
    • Remove gogo/protobuf and adjust types
    • Use protoc-gen-go instead of protoc-gen-gogoctrd
    • Upgrade containerd/ttrpc
  • images/image.go: typo (#6851)
    • images/image.go: typo
  • Add flag to allow oci.WithAllDevicesAllowed on PrivilegedWithoutHostDevices (#5686)
    • add oci.WithAllDevicesAllowed flag for privileged_without_host_devices
  • integration: Adds Windows equivalent for TestSandboxRemoveWithoutIPLeakage (#6180)
    • integration: Adds Windows equivalent for TestSandboxRemoveWithoutIPLeakage
  • fix incorrect syntax in comments (#6845)
    • fix incorrect syntax in comments
  • cri: close fifos when container is deleted (#6842)
    • cri: close fifos when container is deleted
  • diff: hide types.Any from clients (#6832)
    • diff: hide types.Any from clients
  • Add Container-Optimized OS into Adopters (#6838)
    • Add Container-Optimized OS into Adopters
  • Prepare for google.golang.org/protobuf (#6835)
    • Add go_package on all proto files
    • Use proto.Marshal instead of calling Marshal() on objects
    • Embed "Unimplemented" structs as proto recommended
  • fix the restart desired to running when task not found (#6833)
    • fix monitor restart
  • Remove all gogoproto extensions (#6829)
    • Remove all gogoproto extensions
  • fix nil pointer panic for monitor (#6830)
    • fix nil pointer panic for monitor
  • remotes/docker: log registry URLs as info instead of debug (#5681)
    • remotes/docker: log registry URLs as info instead of debug
  • Rename runtime/v2/task to api/runtime (#6827)
    • Keep shim API backward compatible
    • Move runtime v2 proto Move runtime v2 protos to api/runtime package.
  • Fix protoc-gen-go-fieldpath (#6828)
    • Don't generate a Go file, if that would be empty
    • Fix protoc-gen-go-fieldpath
  • Consolidate gogo/protobuf dependencies under our own protobuf package (#6826)
    • Consolidate gogo/protobuf dependencies under our own protobuf package
  • Add restart policy for enhanced restart manager (#6744)
    • add restart policy for enhanced restart manager
  • Remove gogoproto.stdtime (#6821)
    • Remove gogoproto.stdtime
  • Set timeout when collecting metrics from shim's Stat (#6781)
    • Set timeout when collecting metrics from shim's Stat
  • Fuzz filter package with Go 1.18's fuzzer (#6819)
    • Fuzz filter package with Go 1.18's fuzzer
  • allow ptrace(2) by default for kernel >= 4.8 (#6810)
    • allow ptrace(2) by default for kernel >= 4.8
  • Build bin/gen-manpages instead of using "go run" (#6820)
    • Build bin/gen-manpages instead of using "go run"
  • update golang to 1.18.1, 1.17.9 (#6822)
    • update golang to 1.18.1, 1.17.9
  • Sandbox API (#6703)
    • [Sandbox] Remove outdated documentation
    • [sandbox] Migrate from gogo to Any
    • [sandbox] Cleanup interfaces
    • [sandbox] Fix CI
    • [Sandbox] Add Wait and PID
    • Restore sandboxes on daemon restart
    • Fix protobuf after rebase
    • [sandbox] Add sandbox shim skeleton
    • [sandbox] Register shim plugin after #6301
    • [sandbox] Add ctr support
    • Launch sandboxed containers from task service
    • [sandbox] Address PR review comments
    • [sandbox] Implement sandbox controller
    • [sandbox] Add clients
    • [sandbox] Add controller service
    • [sandbox] Update vendor
    • [sandbox] Implement store service
    • [sandbox] Revendor API changes
    • [sandbox] Save sandbox ID to container's store
    • [sandbox] Implement metadata store
    • [sandbox] Add basic sandbox structures and interfaces
    • [sandbox] Add protobuf definitions
  • Move lease manager plugin to separate package (#6811)
    • Move lease manager plugin to separate package
  • fix pool_device_test (#6807)
    • fix pool_device_test.go
  • check for duplicate nspath possibilities (#6806)
    • check for duplicate nspath possibilities
  • Do not append []string{""} to command to preserve Docker compatibility (#6805)
    • Do not append []string{""} to command to preserve Docker compatibility
  • tracing: fix panic on startup when configured (#6789)
    • tracing: fix panic on startup when configured
  • Optimize loading performance for cri recover (#6680)
    • cri: load sandboxes/containers/images in parallel
  • Change architecture path in README.md (#6798)
    • Change architecture path in README.md
  • make consistent for checkpoint path (#6792)
    • make consistent for checkpoint path
  • metrics/cgroups: fix deadlock issue in Add during Collect (#6788)
    • metrics/cgroups: fix deadlock issue in Add during Collect
  • ADOPTERS: Update AKS Info (#6794)
    • ADOPTERS: Update AKS Info
  • Pin upload-cloud-storage action to 0.8.0 in Windows workflow. (#6790)
    • Pin upload-cloud-storage action to 0.8.0 in Windows workflow.
  • docs: add Deckhouse to the list of adopters (#6785)
    • docs: add Deckhouse to the list of adopters
  • Add docs/snapshotters; simplify docs/cri (#6778)
    • docs/cri: simplify
    • Add docs/snapshots
  • Turn paths from cmdline into absolute paths (#6672)
    • Turn paths from cmdline into absolute paths
  • CRI: add support for CDI device injection (#6654)
    • CDI: update go.mod and vendor deps
    • move CDI calls to the linux-only code
    • add configuration for CDI
    • cri: implement CDI device injection
  • Disable writing freelist to make the file robust against data corruptions (#6761)
    • Disable writing freelist to make the file robust against data corruptions
  • mv design docs/historical/design (#6777)
    • mv design docs/historical/design
  • CRI: improve image pulling performance (#6702)
    • CRI: improve image pulling performance
  • docs: remove runtime v1; migrate config v1 to v2 (#6776)
    • docs: migrate config v1 to v2
    • docs: remove deprecated io.containerd.runtime.v1.linux
  • Skip flaky test on Windows (#6779)
    • Skip flaky test on Windows
  • docs/getting-started.md: typo (#6775)
    • docs/getting-started.md: typo
  • Add no_tracing tag (#6750)
    • Add no_tracing tag
  • Move historical docs to docs/historical (#6754)
    • Move historical docs to docs/historical
  • Run go mod tidy in integration tests (#6768)
    • Run go mod tidy in integration tests
  • go.mod: move indirects, and update integration go.mod to 1.18 (#6765)
    • go.mod: move indirects, and update integration go.mod to 1.18
  • Drop gotest.tools (#6762)
    • Remove gotest.tools
    • Use testify
  • Use t.Setenv instead of os.Setenv (#6760)
    • Update linters to use t.Setenv
    • Use t.Setenv instead of os.Setenv
  • Upgrade to Go 1.18 (#6709)
    • Upgrade to Go 1.18
  • Adding multi-arch support for the configure.sh script (#6751)
    • Adding multi-arch support for the configure.sh script
  • docs/getting-started.md: massive update (#6758)
    • docs/getting-started.md: massive update
  • Remove unmaintained contrib/linuxkit (#6755)
    • Remove unmaintained contrib/linuxkit
  • [Windows CI] Address some timeout issues (#6757)
    • Address some timeout issues in the Windows CI
  • BUILDING.md: update supported Go versions (#6756)
    • BUILDING.md: update supported Go versions
  • update runc to 1.1.1 (#6753)
    • update runc binary to v1.1.1
    • go.mod: github.com/opencontainers/runc v1.1.1
  • CI: add Rocky Linux 8 (#6747)
    • CI: add Rocky Linux 8
  • CI: bump up crun to 1.4.4 (#6748)
    • CI: bump up crun to 1.4.4
  • added make help for cri integration (#6743)
    • added make help for cri integration
  • Update README.md cncf landscape url (#6740)
    • Update README.md
  • Fix error message in TestNewBinaryIO (#6738)
    • Fix error message in TestNewBinaryIO
  • Use typeurl.Any instead of github.com/gogo/protobuf/types.Any (#6706)
    • Use typeurl.Any instead of github.com/gogo/protobuf/types.Any
  • Use cgroups.AddProc() for cgroups v1 (#5738)
    • Use cgroups.AddProc() for cgroups v1
  • fix: ctr images mount with snapshotter option can't get snapshotter (#6713)
    • fix: ctr images mount with snapshotter option can't get snapshotter
  • cgroup2: monitor OOMKill instead of OOM to prevent missing container events (#6323)
    • cgroup2: monitor OOMKill instead of OOM to prevent missing container OOM events
  • moving up to go-cni v1.1.4 (#6721)
    • moving up to go-cni v1.1.4
  • native: fix deadlock from leaving transactions open (#6722)
    • native: fix deadlock from leaving transactions open
  • go.mod: remove replace, and update github.com/gogo/googleapis v1.4.1 (#5390)
    • go.mod: remove replace and update github.com/gogo/googleapis v1.4.1
  • Github Security Advisory GHSA-c9cp-9c75-9v8c
    • Fix the Inheritable capability defaults.
  • runtime: deprecate runc --criu / -criu-path option (#6496)
    • runtime: deprecate runc --criu / -criu-path option
  • Bug fix for mount path handling (#6651)
    • Bug fix for mount path handling
  • Upgrade containerd/imgcrypt and opencontainers/image-spec (#6711)
    • Upgrade containerd/imgcrypt and opencontainers/image-spec
  • Remove enumvalue_customname, goproto_enum_prefix and enum_customname (#6708)
    • Remove enumvalue_customname, goproto_enum_prefix and enum_customname
  • Remove gogoproto.customtype (#6699)
    • Remove gogoproto.customtype
  • Skip tty critest testcase on Windows Server 2022 (#6698)
    • Skip tty critest testcase on Windows Server 2022
  • Build with Go 1.18 (#6605)
    • Vendor dependencies with module graph pruning
    • Use Go 1.18 to build and test containerd
  • Update prometheus client vendor (#6690)
    • Test turning off golang CI lint cache
    • Add nolint:staticcheck to platform-specific calls
    • Update prometheus client vendor
  • vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd (#6687)
    • vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd
  • Make the temp mount as ready only in container WithVolumes (#6593)
    • Make the temp mount as ready only in container WithVolumes
  • fix: ctr run --cni get failed (#6670)
    • fix: ctr run --cni get failed
  • test: use T.TempDir to create temporary test directory (#6681)
    • test: remove redundant mountPoint
    • test: use T.TempDir to create temporary test directory
  • Make OpenLab's CI jobs blocking (#6679)
    • Make OpenLab's CI jobs blocking
  • document log level and format (#6683)
    • document log level and format
  • Add shared content label to namespaces (#6660)
    • Add shared content label to namespaces
  • Add protoc-gen-go-fieldpath (#6562)
    • Add protoc-gen-go-fieldpath
  • Enable gosec linter for golangci-lint (#6669)
    • Enable gosec linter for golangci-lint
  • Make mkfs.xfs available on OpenLab's CI environment (#6668)
    • Make mkfs.xfs available on OpenLab's CI environment
  • ctr: improve error relative shim path error msg (#6519)
    • ctr: improve error relative shim path error msg
  • typo fixes under cmd. (#6674)
    • typo fixes under cmd.
  • Handle CRI Device.HostPath on Windows (#6618)
    • Implement --device idType://id for ctr run on Windows
    • Plumb CRI Devices through to OCI WindowsDevices
    • CRI integration test for Windows Device mounts
  • Upgrade golangci-lint and its GitHub Action (#6666)
    • Upgrade golangci-lint and its GitHub Action
  • Don't build a second copy of containerd-shim-runhcs-v1.exe (#6661)
    • Don't build a second copy of containerd-shim-runhcs-v1.exe
  • Update TestNormalize to only test Windows platform (#6569)
    • Update TestNormalize to only test Windows
  • Fix link in getting-started.md (#6663)
    • Fix link in getting-started.md
  • Fuzzing: refactor metadata fuzzers (#6423)
    • Fuzzing: refactor metadata fuzzers
  • Two xfs file systems with same UUID can not be mounted on the same sy… (#6650)
    • Mount devmapper xfs file system with "nouuid" option.
  • [Windows] Fix deadline exceeded in daemon restart (#6635)
    • Increase wait timeout for TestDaemonRestart
  • Use temp file for export/import test (#6658)
    • Use temp file for export/import test
  • strip path-info from -v (version) output, and implement -v flag for containerd-shim (#6495)
    • cmd/containerd-shim: add -v (version) flag
    • integration/images/volume-ownership: strip path information from usage output
    • runtime/v2/shim: strip path information from version output
  • Improve unexpected response error handling in resolver (#6617)
    • Improve ErrUnexpectedStatus default string
    • Add ErrUnexpectedStatus to resolver
  • Use the latest tag for azure images (#6601)
    • Use the latest image for Windows test workers
  • Run CRI integration tests in GitHub Actions (Windows) (#6626)
    • Skip most of script/setup/prepare_env_windows.ps1
    • Enable cri-tools critest on Windows
    • Enable CRI Integration tests on Windows
    • Remove hardcoded /tmp in tempfile paths
  • cri: fix integration test on cgroupsv2 system (#6595)
    • cri: fix integration test on cgroupsv2 system
  • Use version 2 configuration format in docs/PLUGINS.md (#6613)
    • Use version 2 config and mention containerd config command
  • update to go 1.16.15, 1.17.8 to address CVE-2022-24921 (#6619)
  • Update status of 1.4 release (#6614)
    • Update status of 1.4 release
  • Update TestContainerSymlinkVolumes to use windows path (#6568)
    • Update TestContainerSymlinkVolumes to use windows path
  • Add --user support for ctr run Windows (#6603)
    • Add --user support for ctr run Windows
  • Update releases (#6608)
    • Update latest release versions
    • Update release process to include Kubernetes test infrastructure
  • Github Security Advisory GHSA-crp2-qrr5-8pq7
    • Use fs.RootPath when mounting volumes
  • Adds support for Windows ArgsEscaped images (#6479)
    • Adds support for Windows ArgsEscaped images
  • Do not use weak import (#6558)
    • Do not use weak import
  • cri: relax test for system without hugetlb (#6596)
    • cri: relax test for system without hugetlb
  • Use containerd/protobuild instead of stevvooe/protobuild (#6578)
    • Use containerd/protobuild instead of stevvooe/protobuild
  • integration: remove duplicated util pkg (#6597)
    • integration: remove duplicated util pkg
  • go.mod: update to github.com/tchap/go-patricia/v2 v2.3.1 (#6591)
    • go.mod: update to github.com/tchap/go-patricia/v2 v2.3.1
  • Update Go version recommendation in getting started (#6585)
    • Update Go version recommendation in getting started
  • go.mod: update to github.com/emicklei/go-restful/v3 v3.7.3 (#6337)
    • go.mod: update to github.com/emicklei/go-restful/v3 v3.7.3
  • fix Implicit memory aliasing in for loop (#6331)
    • fix Implicit memory aliasing in for loop
  • Fix build with gccgo (#6579)
    • Fix build with gccgo
  • Replace golang.org/x/net/context with std library (#6580)
    • Replace golang.org/x/net/context with std library
  • containerd-shim-runc-v1: return init pid when clean dead shim (#6571)
    • containerd-shim-runc-v1: return init pid when clean dead shim
  • Use Windows matcher when on Windows platform in all code paths (#6491)
    • Initialize platform matchers for current platform
  • containerd-shim-runc-v2: return init pid when clean dead shim (#6452)
    • containerd-shim-runc-v2: return init pid when clean dead shim
  • [Windows][Integration] Enable TestRestartMonitor (#6515)
    • [Windows][Integration] Enable TestRestartMonitor
  • go.mod: fsnotify v1.5.1, moby/sys/mountinfo v0.6.0, moby/sys/signal v0.7.0 (#6554)
    • go.mod: github.com/moby/sys/signal v0.7.0
    • go.mod: github.com/moby/sys/mountinfo v0.6.0
    • go.mod: github.com/fsnotify/fsnotify v1.5.1

Changes from containerd/cgroups

32 commits

  • Upgrade github.com/cilium/ebpf from v0.4.0 to v0.9.1 (#241)
    • Upgrade github.com/cilium/ebpf from v0.4.0 to v0.9.1
  • go.mod: github.com/stretchr/testify v1.8.0 (#240)
    • go.mod: github.com/stretchr/testify v1.8.0
  • .github: use ubuntu-22.04 to test cgroupv2 (#237)
    • .github: use ubuntu-22.04 to test cgroupv2
  • feat(v2): Support cgroup.MoveTo in cgroupv2 manager (#235)
    • Cgroup v2: Add unit test TestMoveTo
    • Cgroup v2: Support cgroup.MoveTo in cgroupv2 manager
  • Update README to include usage examples of v2 client (#233)
    • Update README to include usage examples of v2 client
  • ParseCgroupFile: fix wrong comment about unified hierarchy ; add ParseCgroupFileUnified to get the unified path (#232)
    • add ParseCgroupFileUnified to get the unified path
    • ParseCgroupFile: fix wrong comment about unified hierarchy
  • Bump go version to 1.17 in go.mod (#230)
    • Bump go version to 1.17 in go.mod
  • make cmd/ a separate module (as it's only for testing) (#226)
    • make cmd/ a separate module (as it's only for testing)
  • feat(v2): add Update method for v2.Manager (#225)
    • feat(v2): add Update method for v2.Manager
  • feat: add memory.min param (#211)
    • feat: add memory.min param
  • modified the dereference null pointer value. (#218)
    • modified the dereference null pointer value.
  • update readme for cpu cgroup demo (#217)
    • update readme for cpu cgroup demo
  • Fix systemd full path (#221)
    • Fix systemd full path
  • Update Go version and fedora base (#223)
    • Update Go version and fedora base
  • Fix panic in NewSystemd on nil values (#219)
    • Fix panic in NewSystemd on nil values

Changes from containerd/continuity

28 commits

  • go.mod: update dependencies (take 2) (#204)
    • go.mod: update dependencies (take 2)
  • Revert "go.mod: update dependencies" (#205)
    • Revert "go.mod: update dependencies"
    • go.mod: update dependencies
    • cmd/continuity: remove FUSE for macOS
  • Various small fix-ups (#202)
    • README: update badges and links
    • golangci-lint: replace "golint" with "revive"
    • sysx: remove unused sysx/generate.sh script
    • fs: fix minor linting and gofmt issue
  • update authors and mailmap (#201)
    • update authors and mailmap
  • move cmd/continuity to its own go module (#200)
    • move cmd/continuity to its own go module
    • remove version package
    • move continuityfs -> cmd/continuity/continuityfs
    • move commands -> cmd/continuity/commands
    • go.mod: update logrus to v1.8.1
  • CI: resolve Go path before sudoing ; Remove deprecated io/ioutil (except ioutil.ReadDir) (#198)
    • CI: resolve Go path before sudoing
    • CI: modernize Go setup
    • Remove deprecated io/ioutil (except ioutil.ReadDir)
  • fs.CopyDir: support sockets and pipes (#197)
    • fs.CopyDir: support sockets and pipes
  • Fix wrapping errors (#196)
    • fs: fix wrapping nil err
    • fmt.Errorf: use %w, not %v to wrap errors

Changes from containerd/go-cni

22 commits

  • go.mod: update libcni to v1.1.1 (#101)
    • go.mod: update libcni to v1.1.1
  • add in some serial setup tests; a little make cleanup (#100)
    • add in some serial setup tests; a little make cleanup
  • Re-introduce serial network setup (#99)
    • Re-introduce serial network setup
  • bump github.com/containernetworking/cni v1.1.0 (#98)
    • bump github.com/containernetworking/cni v1.1.0
  • Revert "Update loopback version to support check" (#96)
    • Revert "Update loopback version to support check"
  • Use revive instead of golint (#92)
    • Use revive instead of golint
  • Bump go verion to 1.17 (#91)
    • Bump go verion to 1.17
  • moving up to latest CNI plugin release (#90)
    • moving up to latest CNI plugin release
  • Fix Loopback Version (#88)
    • Update loopback version to support check
  • Update comment for capabilities (#89)
    • update comment for capabilities
  • Add integration test for linux and update go version from 1.16 to 1.17 (#84)
    • Add integration test and update go version

Changes from containerd/imgcrypt

18 commits

  • Use reflect to support diff.ApplyConfig with/without gogo's types.Any (#75)
    • Use reflect to support diff.ApplyConfig with/without gogo's types.Any
  • Upgrade golangci-lint-action and golangci-lint (#76)
    • Add build tags to make gofmt happy
    • Upgrade golangci-lint-action and golangci-lint
  • CHANGES: Updated CHANGES document for 1.1.4 release (#74)
    • CHANGES: Updated CHANGES document for 1.1.4 release
  • Bump github.com/containerd/containerd from 1.5.10 to 1.6.1 (#73)
    • Bump github.com/containerd/containerd from 1.5.10 to 1.6.1
  • images: prepare for typeurl.Any (#72)
    • images: prepare for typeurl.Any
    • images: Add list of Platforms to CheckAuthorization()
    • test: Test running of encrypted image only pulled for local platform
  • Bump ocicrypt to 1.1.3 (#71)
    • Bump ocicrypt to 1.1.3
    • Bump github.com/containerd/containerd from 1.5.9 to 1.5.10
  • Bump github.com/containerd/containerd from 1.5.8 to 1.5.9 (#67)
    • Bump github.com/containerd/containerd from 1.5.8 to 1.5.9

Changes from containerd/ttrpc

37 commits

  • Only generate a Go file if the file has some services (#112)
    • Only generate a Go file if the file has some services
  • *.go: organize errors to one spot (#113)
    • *.go: organize errors to one spot
  • PROTOCOL: slight markdown touchup (#111)
    • PROTOCOL: slight markdown touchup
  • Introduce streaming (#107)
    • Remove unnecessary ttrpc plugin configuration in Protobuild.toml
    • Unwrap syscall error and check
    • Update protocol for closed data messages
    • Add integration test to github actions
    • Add integration test package
    • Add streaming support to go-ttrpc generator
    • Add stream tests
    • Introduce streaming to client and server
  • Update checkout and lint actions (#109)
    • Update checkout and lint actions
  • Add Makefile and update protobuf (#106)
    • Server test show sys error
    • Update github actions ci to use Makefile
    • Add makefile and update protoc version
  • Add ttrpc protocol definition (#102)
    • Add ttrpc protocol definition
  • Enable Codecov again (#105)
    • Enable Codecov again
  • Use CR+LF instead of LF regardless of OS (#103)
    • Use CR+LF instead of LF regardless of OS
  • Log the error's underyling errno if there is (#104)
    • Log the error's underyling errno if there is
  • Use google.golang.org/protobuf instead of github.com/gogo/protobuf (#99)
    • Use google.golang.org/protobuf instead of github.com/gogo/protobuf
  • Wrap correct error on unix.GetsockoptUcred failure (#100)
    • Wrap correct error on unix.GetsockoptUcred failure
  • Update CI project checks to use containerd project action (#101)
    • Update to latest os for build and test
    • Fix lint issues
    • Update CI project checks to use containerd project action

Changes from containerd/typeurl

14 commits

  • Fallback to google.golang.org/protobuf (#35)
    • Fallback to google.golang.org/protobuf
  • Build with Go 1.17 and Go 1.18 (#34)
    • Build with Go 1.17.x and Go 1.18.x
  • Make nil handling easier (#33)
    • Make nil handling easier
  • Make Any type an interface (#32)
    • Make Any type an interface
  • Add Any type and remove gogo protobuf from interfaces (#31)
    • Add Any type and remove gogo protobuf from interfaces
  • replace pkg/errors (#29)
    • replace pkg/errors
  • Update branch name in GH Actions (#28)
    • Update branch name in GH Actions

Dependency Changes

  • github.com/AdaLogics/go-fuzz-headers 6c3934b029d8 -> 37f5449ff7df
  • github.com/AdamKorcz/go-118-fuzz-build e1f97a00006b new
  • github.com/Microsoft/go-winio v0.5.1 -> v0.6.0
  • github.com/Microsoft/hcsshim v0.9.2 -> v0.10.0-rc.1
  • github.com/blang/semver/v4 v4.0.0 new
  • github.com/cenkalti/backoff/v4 v4.1.2 -> v4.1.3
  • github.com/cilium/ebpf v0.7.0 -> v0.9.1
  • github.com/container-orchestrated-devices/container-device-interface v0.5.1 new
  • github.com/containerd/cgroups v1.0.3 -> 7083cd60b721
  • github.com/containerd/continuity v0.2.2 -> v0.3.0
  • github.com/containerd/go-cni v1.1.3 -> v1.1.6
  • github.com/containerd/imgcrypt v1.1.3 -> 8ba028dca028
  • github.com/containerd/ttrpc v1.1.0 -> 944ef4a40df3
  • github.com/containerd/typeurl v1.0.2 -> 7f6e6d160d67
  • github.com/containernetworking/cni v1.0.1 -> v1.1.1
  • github.com/containernetworking/plugins v1.0.1 -> v1.1.1
  • github.com/containers/ocicrypt v1.1.2 -> v1.1.3
  • github.com/cpuguy83/go-md2man/v2 v2.0.0 -> v2.0.1
  • github.com/cyphar/filepath-securejoin v0.2.3 new
  • github.com/emicklei/go-restful v2.9.5 -> v2.16.0
  • github.com/emicklei/go-restful/v3 v3.8.0 new
  • github.com/fsnotify/fsnotify v1.4.9 -> v1.5.1
  • github.com/go-logr/logr v1.2.2 -> v1.2.3
  • github.com/google/go-cmp v0.5.6 -> v0.5.8
  • github.com/google/uuid v1.2.0 -> v1.3.0
  • github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 new
  • github.com/klauspost/compress v1.11.13 -> v1.15.9
  • github.com/miekg/pkcs11 v1.0.3 -> v1.1.1
  • github.com/moby/sys/mountinfo v0.5.0 -> v0.6.2
  • github.com/moby/sys/sequential b22ba8a69b30 new
  • github.com/moby/sys/signal v0.6.0 -> v0.7.0
  • github.com/opencontainers/image-spec 693428a734f5 -> 3a7f492d3f1b
  • github.com/opencontainers/runc v1.1.0 -> v1.1.4
  • github.com/opencontainers/runtime-tools cd1349b7c47e new
  • github.com/opencontainers/selinux v1.10.0 -> v1.10.2
  • github.com/prometheus/client_golang v1.11.0 -> v1.12.1
  • github.com/prometheus/common v0.30.0 -> v0.32.1
  • github.com/russross/blackfriday/v2 v2.0.1 -> v2.1.0
  • github.com/stretchr/testify v1.7.0 -> v1.8.0
  • github.com/syndtr/gocapability 42c35b437635 new
  • github.com/tchap/go-patricia/v2 v2.3.1 new
  • github.com/urfave/cli v1.22.1 -> v1.22.9
  • github.com/xeipuuv/gojsonpointer 4e3ac2762d5f new
  • github.com/xeipuuv/gojsonreference bd5ef7bd5415 new
  • github.com/xeipuuv/gojsonschema v1.2.0 new
  • go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.28.0 -> v0.32.0
  • go.opentelemetry.io/otel v1.3.0 -> v1.7.0
  • go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0 -> v1.7.0
  • go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.3.0 -> v1.7.0
  • go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.3.0 -> v1.7.0
  • go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.3.0 -> v1.7.0
  • go.opentelemetry.io/otel/sdk v1.3.0 -> v1.7.0
  • go.opentelemetry.io/otel/trace v1.3.0 -> v1.7.0
  • go.opentelemetry.io/proto/otlp v0.11.0 -> v0.16.0
  • golang.org/x/crypto 32db794688a5 -> 3147a52a75dd
  • golang.org/x/mod 86c51ed26bb4 new
  • golang.org/x/net fe4d6282115f -> f3363e06e74c
  • golang.org/x/oauth2 2bc19b11175f -> d3ed0bb246c8
  • golang.org/x/sync 036812b2e83c -> 886fb9371eb4
  • golang.org/x/sys 1d35b9e2eb4e -> 7b5979e65e41
  • golang.org/x/term 6886f2dfbf5b -> 03fcf44c2211
  • golang.org/x/time 1f47c861a9ac -> 90d013bbcef8
  • golang.org/x/tools v0.1.12 new
  • google.golang.org/genproto e50cd9704f63 -> c8bf987b8c21
  • google.golang.org/grpc v1.43.0 -> v1.47.0
  • google.golang.org/protobuf v1.27.1 -> v1.28.0
  • gopkg.in/yaml.v3 496545a6307b -> v3.0.1
  • k8s.io/api v0.22.5 -> v0.24.1
  • k8s.io/apimachinery v0.22.5 -> v0.24.1
  • k8s.io/apiserver v0.22.5 -> v0.24.1
  • k8s.io/client-go v0.22.5 -> v0.24.1
  • k8s.io/component-base v0.22.5 -> v0.24.1
  • k8s.io/cri-api v0.23.1 -> v0.25.0
  • k8s.io/klog/v2 v2.30.0 -> v2.60.1
  • k8s.io/utils cb0fa318a74b -> 3a6ce19ff2f9
  • sigs.k8s.io/json 9f7c6b3444d2 new
  • sigs.k8s.io/structured-merge-diff/v4 v4.1.2 -> v4.2.1
  • sigs.k8s.io/yaml v1.2.0 -> v1.3.0

Previous release can be found at v1.6.0

Check out latest releases or
releases around containerd/containerd v1.7.0-beta.0

Don't miss a new containerd release

NewReleases is sending notifications on new releases.

Get notifications