github cri-o/cri-o v1.19.0

CRI-O v1.19.0

The release notes have been generated for the commit range
v1.18.0...v1.19.0 on Mon, 14 Sep 2020 20:17:11 UTC.

Downloads

Download the static release bundle via our Google Cloud Bucket:
crio-v1.19.0.tar.gz

Changelog since v1.18.0

Changes by Kind

Dependency-Change

API Change

  • CRI-O now manages namespace lifecycles by default (manage_ns_lifecycle = true). The config option manage_network_ns_lifecycle has also been fully deprecated (#3929, @haircommander)

Feature

  • Add --version-file-persist, a place to put the version file in persistent storage. Now, crio wipe wipes containers if --version-file is not present (presumably it is on temporary storage), and wipes images if both --version-file and --version-file-persist are out of date (presumably there has been an upgrade of cri-o's minor version (#3648, @haircommander)
  • Add big_files_temporary_dir to allow customization of where large temporary files are put (#3935, @adawolfs)
  • Add build support for setting SOURCE_DATE_EPOCH (#3708, @afbjorklund)
  • Added --metrics-socket/metrics_socket configuration option to allow exposing the metrics endpoint on a local socket path (#3724, @saschagrunert)
  • Added crio_image_layer_reuse metric which counts layer reuses during image pull (#4053, @saschagrunert)
  • Added privileged field to container status info (#3777, @saschagrunert)
  • Added behavior to allow filtering by a partial Pod Sandbox ID (#4033, @saschagrunert)
  • Added configuration validation to ensure a conmon_cgroup == "pod" if cgroup_manager == "cgroupfs" (#3940, @saschagrunert)
  • Added latest crun version to static binary bundle (#3837, @saschagrunert)
  • Added metrics-exporter and documentation (#3751, @saschagrunert)
  • Added new metrics crio_image_pulls_failures and crio_image_pulls_successes. For more information please refer to the CRI-O metrics guide (#3809, @saschagrunert)
  • Container HostPort with SCTP protocol is supported. (#3874, @janosi)
  • Containers running init or systemd are now given a new selinux label container_init_t, giving it selinux privileges more appropriate for the workload (#3754, @haircommander)
  • If users want the container_kvm_t label when using a runtime that supports kvm separation, they will need to either set the runtime_type to "vm" or have "kata" in the runtime name. E.g

[crio.runtime.runtimes.my-kata-runtime]
runtime_path = ""
runtime_type = "oci"
runtime_root = "/run/kata"

or

[crio.runtime.runtimes.my-kata-runtime]
runtime_path = ""
runtime_type = "vm"
runtime_root = "/run/kata" (#3861, @umohnani8)

  • Re-add the behavior that string slices can be passed to the CLI comma separated, for example --default-capabilities CHOWN,KILL (#3636, @saschagrunert)
  • Removed socat runtime dependency which was needed for pod port forwarding (#3749, @saschagrunert)
  • Return pod image, pid and spec in sandbox_status CRI verbose mode (#3819, @mrunalp)

Design

Documentation

Bug or Regression

  • Adding additional runtime handler doesn't require the user to copy existing default runtime handler configuration. The existing default runtime handler configuration will be preserved while adding the new runtime handler. (#3772, @harche)
  • ExecSync requests will ask conmon to not double fork, causing systemd to have fewer conmons re-parented to it. conmon v2.0.19 or greater is required for this feature. (#3908, @haircommander)
  • Fix handling of the --cni-plugin-dir and other multivalue command line flags (#3870, @rhafer)
  • Fix path to bash via /usr/bin/env in crio-shutdown.service (#3971, @saschagrunert)
  • Fix the container cgroup in case cgroupfs cgroup manager is used (#4075) (#4080, @kolyshkin)
  • Fix working set calculation (#4068, @kolyshkin)
  • Fixed crio version binary mode parsing on musl toolchains (#3969, @saschagrunert)
  • Fixed a bug where crictl only showed pod level stats, not container level stats. (#3933, @wgahnagl)
  • Fixed a bug where exec sync requests (manually or automatically triggered via readiness/liveness probes) overwrite
    the runtime info.runtimeSpec.process.args of the container status (for example via crictl inspect). (#3989, @saschagrunert)
  • Fixed bug where Pod creation would fail if Uid was not specified in Metadata of sandbox config passed in a run pod sandbox request (#3774, @haircommander)
  • Fixed bug where pod names would sometimes leak on creation, causing the kubelet to fail to recreate (#3964, @haircommander)
  • Fixed crio restart behavior to make sure that Pod creation timestamps are restored and the order in the list of pods stays stable across restarts (#4006, @rhafer)
  • Fixed wrong linkmode output (on crio version) for static binaries (#3638, @saschagrunert)
  • Reflects resource updates under the container spec. (#3978, @cynepco3hahue)

Other (Cleanup or Flake)

  • Added info logs for image pulls and image status (#3843, @mrunalp)
  • Cleanup default info logging (#3834, @mrunalp)
  • Cleanup go module and vendor files. (#3722, @mrunalp)
  • Pod creation now fails if conmon cannot be moved to the cgroup specified in conmon_cgroup. Our default value for conmon_cgroup is system.slice, which is invalid for cgroupfs. As such, if you use cgroupfs, you should change conmon_cgroup to pod (#3810, @haircommander)
  • Removed crio-wipe.service and crio-shutdown.service systemd units from the static bundle since they are not required (#3689, @saschagrunert)

Uncategorized

  • Add --drop-infra-ctr option to ask CRI-O to drop the infra container when a pod level pid namespace isn't requested. This feature is considered experimental (#4186, @haircommander)
  • Adds a new optional field, runtime_type, to the "--runtimes" option. (#3903, @fidencio)
  • Cleanup and update nix derivation for static builds (#3804, @hswong3i)
  • Fix a bug where a sudden reboot causes incomplete image writes. This could cause image storage to be corrupted, resulting in an error layer not known. (#3975, @openshift-cherrypick-robot)
  • Fix bug where empty config fields having to do with storage cause /info requests to return incorrect information (which causes cadvisor to fail to read imageFs information) (#4161, @openshift-cherrypick-robot)
  • Fixes panic when /sys/fs/cgroup can't be stat'ed (#3973, @haircommander)
  • If the default_runtime is changed from the default configuration, the corresponding existing default entry in the runtime map in the configuration will be ignored. (#4113, @openshift-cherrypick-robot)
  • Remove support for --runtime flag (#4107, @haircommander)
  • Updated crictl.yaml configuration inside the repository to reflect cri-tools v1.19.0 changes (#4185, @openshift-cherrypick-robot)

Dependencies

Added

  • cloud.google.com/go/bigquery: v1.0.1
  • cloud.google.com/go/pubsub: v1.0.1
  • cloud.google.com/go/storage: v1.0.0
  • dmitri.shuralyov.com/gpu/mtl: 666a987
  • github.com/OneOfOne/xxhash: v1.2.2
  • github.com/bombsimon/wsl/v3: v3.0.0
  • github.com/cespare/xxhash/v2: v2.1.1
  • github.com/cespare/xxhash: v1.1.0
  • github.com/chzyer/logex: v1.1.10
  • github.com/chzyer/readline: 2972be2
  • github.com/chzyer/test: a1ea475
  • github.com/dgryski/go-sip13: e10d5fe
  • github.com/docopt/docopt-go: ee0de3b
  • github.com/go-git/gcfg: v1.5.0
  • github.com/go-git/go-billy/v5: v5.0.0
  • github.com/go-git/go-git-fixtures/v4: v4.0.1
  • github.com/go-git/go-git/v5: v5.1.0
  • github.com/go-gl/glfw/v3.3/glfw: 12ad95a
  • github.com/go-ini/ini: v1.9.0
  • github.com/go-xmlfmt/xmlfmt: d5b6f63
  • github.com/ianlancetaylor/demangle: 5e5cf60
  • github.com/maratori/testpackage: v1.0.1
  • github.com/moby/ipvs: v1.0.1
  • github.com/moby/term: 672ec06
  • github.com/nakabonne/nestif: v0.3.0
  • github.com/nxadm/tail: v1.4.4
  • github.com/oklog/ulid: v1.3.1
  • github.com/phayes/checkstyle: bfd46e6
  • github.com/prometheus/tsdb: v0.7.1
  • github.com/ryancurrah/gomodguard: v1.0.2
  • github.com/saschagrunert/ccli: b68f755
  • github.com/saschagrunert/go-modiff: v1.2.0
  • github.com/spaolacci/murmur3: f09979e
  • github.com/tetafro/godot: v0.2.5
  • github.com/yuin/goldmark: v1.1.32
  • go.mozilla.org/pkcs7: 432b235
  • google.golang.org/protobuf: v1.24.0
  • gopkg.in/yaml.v3: 9f266ea
  • gotest.tools/v3: v3.0.2
  • k8s.io/klog/v2: v2.3.0

Changed

Removed

  • github.com/Rican7/retry: v0.1.0
  • github.com/bazelbuild/bazel-gazelle: 70208cb
  • github.com/bazelbuild/buildtools: 69366ca
  • github.com/bradfitz/go-smtpd: deb6d62
  • github.com/cespare/prettybench: 03b8cfe
  • github.com/cncf/udpa/go: 269d4d4
  • github.com/containerd/release-tool: a35b5d7
  • github.com/golangci/go-tools: e32c541
  • github.com/golangci/gosec: 66fb7fc
  • github.com/google/go-github: v17.0.0+incompatible
  • github.com/hashicorp/go-version: v1.2.0
  • github.com/jellevandenhooff/dkim: f50fe3d
  • github.com/mesos/mesos-go: v0.0.9
  • github.com/pelletier/go-buffruneio: v0.2.0
  • github.com/ryanuber/go-glob: 256dc44
  • github.com/src-d/gcfg: v1.4.0
  • github.com/tarm/serial: 98f6abe
  • github.com/vbatts/git-validation: v1.1.0
  • go4.org: 417644f
  • golang.org/x/build: 2835ba2
  • golang.org/x/perf: 6e6d33e
  • gopkg.in/russross/blackfriday.v2: v2.0.0
  • gopkg.in/src-d/go-billy.v4: v4.3.2
  • gopkg.in/src-d/go-git-fixtures.v3: v3.5.0
  • gopkg.in/src-d/go-git.v4: v4.13.1
  • gotest.tools/gotestsum: v0.3.5
  • grpc.go4.org: 11d0a25
  • k8s.io/repo-infra: v0.0.1-alpha.1
one month ago