github cri-o/cri-o v1.19.0

CRI-O v1.19.0

The release notes have been generated for the commit range
v1.18.0...v1.19.0 on Mon, 14 Sep 2020 20:17:11 UTC.


Download the static release bundle via our Google Cloud Bucket:

Changelog since v1.18.0

Changes by Kind


API Change

  • CRI-O now manages namespace lifecycles by default (manage_ns_lifecycle = true). The config option manage_network_ns_lifecycle has also been fully deprecated (#3929, @haircommander)


  • Add --version-file-persist, a place to put the version file in persistent storage. Now, crio wipe wipes containers if --version-file is not present (presumably it is on temporary storage), and wipes images if both --version-file and --version-file-persist are out of date (presumably there has been an upgrade of cri-o's minor version (#3648, @haircommander)
  • Add big_files_temporary_dir to allow customization of where large temporary files are put (#3935, @adawolfs)
  • Add build support for setting SOURCE_DATE_EPOCH (#3708, @afbjorklund)
  • Added --metrics-socket/metrics_socket configuration option to allow exposing the metrics endpoint on a local socket path (#3724, @saschagrunert)
  • Added crio_image_layer_reuse metric which counts layer reuses during image pull (#4053, @saschagrunert)
  • Added privileged field to container status info (#3777, @saschagrunert)
  • Added behavior to allow filtering by a partial Pod Sandbox ID (#4033, @saschagrunert)
  • Added configuration validation to ensure a conmon_cgroup == "pod" if cgroup_manager == "cgroupfs" (#3940, @saschagrunert)
  • Added latest crun version to static binary bundle (#3837, @saschagrunert)
  • Added metrics-exporter and documentation (#3751, @saschagrunert)
  • Added new metrics crio_image_pulls_failures and crio_image_pulls_successes. For more information please refer to the CRI-O metrics guide (#3809, @saschagrunert)
  • Container HostPort with SCTP protocol is supported. (#3874, @janosi)
  • Containers running init or systemd are now given a new selinux label container_init_t, giving it selinux privileges more appropriate for the workload (#3754, @haircommander)
  • If users want the container_kvm_t label when using a runtime that supports kvm separation, they will need to either set the runtime_type to "vm" or have "kata" in the runtime name. E.g

runtime_path = ""
runtime_type = "oci"
runtime_root = "/run/kata"


runtime_path = ""
runtime_type = "vm"
runtime_root = "/run/kata" (#3861, @umohnani8)

  • Re-add the behavior that string slices can be passed to the CLI comma separated, for example --default-capabilities CHOWN,KILL (#3636, @saschagrunert)
  • Removed socat runtime dependency which was needed for pod port forwarding (#3749, @saschagrunert)
  • Return pod image, pid and spec in sandbox_status CRI verbose mode (#3819, @mrunalp)



Bug or Regression

  • Adding additional runtime handler doesn't require the user to copy existing default runtime handler configuration. The existing default runtime handler configuration will be preserved while adding the new runtime handler. (#3772, @harche)
  • ExecSync requests will ask conmon to not double fork, causing systemd to have fewer conmons re-parented to it. conmon v2.0.19 or greater is required for this feature. (#3908, @haircommander)
  • Fix handling of the --cni-plugin-dir and other multivalue command line flags (#3870, @rhafer)
  • Fix path to bash via /usr/bin/env in crio-shutdown.service (#3971, @saschagrunert)
  • Fix the container cgroup in case cgroupfs cgroup manager is used (#4075) (#4080, @kolyshkin)
  • Fix working set calculation (#4068, @kolyshkin)
  • Fixed crio version binary mode parsing on musl toolchains (#3969, @saschagrunert)
  • Fixed a bug where crictl only showed pod level stats, not container level stats. (#3933, @wgahnagl)
  • Fixed a bug where exec sync requests (manually or automatically triggered via readiness/liveness probes) overwrite
    the runtime info.runtimeSpec.process.args of the container status (for example via crictl inspect). (#3989, @saschagrunert)
  • Fixed bug where Pod creation would fail if Uid was not specified in Metadata of sandbox config passed in a run pod sandbox request (#3774, @haircommander)
  • Fixed bug where pod names would sometimes leak on creation, causing the kubelet to fail to recreate (#3964, @haircommander)
  • Fixed crio restart behavior to make sure that Pod creation timestamps are restored and the order in the list of pods stays stable across restarts (#4006, @rhafer)
  • Fixed wrong linkmode output (on crio version) for static binaries (#3638, @saschagrunert)
  • Reflects resource updates under the container spec. (#3978, @cynepco3hahue)

Other (Cleanup or Flake)

  • Added info logs for image pulls and image status (#3843, @mrunalp)
  • Cleanup default info logging (#3834, @mrunalp)
  • Cleanup go module and vendor files. (#3722, @mrunalp)
  • Pod creation now fails if conmon cannot be moved to the cgroup specified in conmon_cgroup. Our default value for conmon_cgroup is system.slice, which is invalid for cgroupfs. As such, if you use cgroupfs, you should change conmon_cgroup to pod (#3810, @haircommander)
  • Removed crio-wipe.service and crio-shutdown.service systemd units from the static bundle since they are not required (#3689, @saschagrunert)


  • Add --drop-infra-ctr option to ask CRI-O to drop the infra container when a pod level pid namespace isn't requested. This feature is considered experimental (#4186, @haircommander)
  • Adds a new optional field, runtime_type, to the "--runtimes" option. (#3903, @fidencio)
  • Cleanup and update nix derivation for static builds (#3804, @hswong3i)
  • Fix a bug where a sudden reboot causes incomplete image writes. This could cause image storage to be corrupted, resulting in an error layer not known. (#3975, @openshift-cherrypick-robot)
  • Fix bug where empty config fields having to do with storage cause /info requests to return incorrect information (which causes cadvisor to fail to read imageFs information) (#4161, @openshift-cherrypick-robot)
  • Fixes panic when /sys/fs/cgroup can't be stat'ed (#3973, @haircommander)
  • If the default_runtime is changed from the default configuration, the corresponding existing default entry in the runtime map in the configuration will be ignored. (#4113, @openshift-cherrypick-robot)
  • Remove support for --runtime flag (#4107, @haircommander)
  • Updated crictl.yaml configuration inside the repository to reflect cri-tools v1.19.0 changes (#4185, @openshift-cherrypick-robot)



  • v1.0.1
  • v1.0.1
  • v1.0.0
  • 666a987
  • v1.2.2
  • v3.0.0
  • v2.1.1
  • v1.1.0
  • v1.1.10
  • 2972be2
  • a1ea475
  • e10d5fe
  • ee0de3b
  • v1.5.0
  • v5.0.0
  • v4.0.1
  • v5.1.0
  • 12ad95a
  • v1.9.0
  • d5b6f63
  • 5e5cf60
  • v1.0.1
  • v1.0.1
  • 672ec06
  • v0.3.0
  • v1.4.4
  • v1.3.1
  • bfd46e6
  • v0.7.1
  • v1.0.2
  • b68f755
  • v1.2.0
  • f09979e
  • v0.2.5
  • v1.1.32
  • 432b235
  • v1.24.0
  • 9f266ea
  • v3.0.2
  • v2.3.0



  • v0.1.0
  • 70208cb
  • 69366ca
  • deb6d62
  • 03b8cfe
  • 269d4d4
  • a35b5d7
  • e32c541
  • 66fb7fc
  • v17.0.0+incompatible
  • v1.2.0
  • f50fe3d
  • v0.0.9
  • v0.2.0
  • 256dc44
  • v1.4.0
  • 98f6abe
  • v1.1.0
  • 417644f
  • 2835ba2
  • 6e6d33e
  • v2.0.0
  • v4.3.2
  • v3.5.0
  • v4.13.1
  • v0.3.5
  • 11d0a25
  • v0.0.1-alpha.1
one month ago