CRI-O v1.19.0
The release notes have been generated for the commit range
v1.18.0...v1.19.0 on Mon, 14 Sep 2020 20:17:11 UTC.
Downloads
Download the static release bundle via our Google Cloud Bucket:
crio-v1.19.0.tar.gz
Changelog since v1.18.0
Changes by Kind
Dependency-Change
API Change
- CRI-O now manages namespace lifecycles by default (manage_ns_lifecycle = true). The config option manage_network_ns_lifecycle has also been fully deprecated (#3929, @haircommander)
Feature
- Add --version-file-persist, a place to put the version file in persistent storage. Now, crio wipe wipes containers if --version-file is not present (presumably it is on temporary storage), and wipes images if both --version-file and --version-file-persist are out of date (presumably there has been an upgrade of cri-o's minor version (#3648, @haircommander)
- Add big_files_temporary_dir to allow customization of where large temporary files are put (#3935, @adawolfs)
- Add build support for setting SOURCE_DATE_EPOCH (#3708, @afbjorklund)
- Added
--metrics-socket
/metrics_socket
configuration option to allow exposing the metrics endpoint on a local socket path (#3724, @saschagrunert) - Added
crio_image_layer_reuse
metric which counts layer reuses during image pull (#4053, @saschagrunert) - Added
privileged
field to container statusinfo
(#3777, @saschagrunert) - Added behavior to allow filtering by a partial Pod Sandbox ID (#4033, @saschagrunert)
- Added configuration validation to ensure a
conmon_cgroup == "pod"
ifcgroup_manager == "cgroupfs"
(#3940, @saschagrunert) - Added latest
crun
version to static binary bundle (#3837, @saschagrunert) - Added metrics-exporter and documentation (#3751, @saschagrunert)
- Added new metrics
crio_image_pulls_failures
andcrio_image_pulls_successes
. For more information please refer to the CRI-O metrics guide (#3809, @saschagrunert) - Container HostPort with SCTP protocol is supported. (#3874, @janosi)
- Containers running
init
orsystemd
are now given a new selinux labelcontainer_init_t
, giving it selinux privileges more appropriate for the workload (#3754, @haircommander) - If users want the container_kvm_t label when using a runtime that supports kvm separation, they will need to either set the runtime_type to "vm" or have "kata" in the runtime name. E.g
[crio.runtime.runtimes.my-kata-runtime]
runtime_path = ""
runtime_type = "oci"
runtime_root = "/run/kata"
or
[crio.runtime.runtimes.my-kata-runtime]
runtime_path = ""
runtime_type = "vm"
runtime_root = "/run/kata" (#3861, @umohnani8)
- Re-add the behavior that string slices can be passed to the CLI comma separated, for example
--default-capabilities CHOWN,KILL
(#3636, @saschagrunert) - Removed
socat
runtime dependency which was needed for pod port forwarding (#3749, @saschagrunert) - Return pod image, pid and spec in sandbox_status CRI verbose mode (#3819, @mrunalp)
Design
- Hooks_dir entries are now created if they don't exist (#4052, @haircommander)
Documentation
- Added
crun
container runtime tocrio.conf
(commented out per default) (#3838, @saschagrunert) - Added dependency report to generated release notes (#3828, @saschagrunert)
- The changelog is now rendered by a custom go template and contains the table of contents (#3739, @saschagrunert)
Bug or Regression
- Adding additional runtime handler doesn't require the user to copy existing default runtime handler configuration. The existing default runtime handler configuration will be preserved while adding the new runtime handler. (#3772, @harche)
- ExecSync requests will ask conmon to not double fork, causing systemd to have fewer conmons re-parented to it. conmon v2.0.19 or greater is required for this feature. (#3908, @haircommander)
- Fix handling of the --cni-plugin-dir and other multivalue command line flags (#3870, @rhafer)
- Fix path to bash via
/usr/bin/env
in crio-shutdown.service (#3971, @saschagrunert) - Fix the container cgroup in case cgroupfs cgroup manager is used (#4075) (#4080, @kolyshkin)
- Fix working set calculation (#4068, @kolyshkin)
- Fixed
crio version
binary mode parsing on musl toolchains (#3969, @saschagrunert) - Fixed a bug where crictl only showed pod level stats, not container level stats. (#3933, @wgahnagl)
- Fixed a bug where exec sync requests (manually or automatically triggered via readiness/liveness probes) overwrite
the runtimeinfo.runtimeSpec.process.args
of the container status (for example viacrictl inspect
). (#3989, @saschagrunert) - Fixed bug where Pod creation would fail if Uid was not specified in Metadata of sandbox config passed in a run pod sandbox request (#3774, @haircommander)
- Fixed bug where pod names would sometimes leak on creation, causing the kubelet to fail to recreate (#3964, @haircommander)
- Fixed crio restart behavior to make sure that Pod creation timestamps are restored and the order in the list of pods stays stable across restarts (#4006, @rhafer)
- Fixed wrong linkmode output (on
crio version
) for static binaries (#3638, @saschagrunert) - Reflects resource updates under the container spec. (#3978, @cynepco3hahue)
Other (Cleanup or Flake)
- Added info logs for image pulls and image status (#3843, @mrunalp)
- Cleanup default info logging (#3834, @mrunalp)
- Cleanup go module and vendor files. (#3722, @mrunalp)
- Pod creation now fails if conmon cannot be moved to the cgroup specified in
conmon_cgroup
. Our default value forconmon_cgroup
issystem.slice
, which is invalid for cgroupfs. As such, if you use cgroupfs, you should changeconmon_cgroup
topod
(#3810, @haircommander) - Removed
crio-wipe.service
andcrio-shutdown.service
systemd units from the static bundle since they are not required (#3689, @saschagrunert)
Uncategorized
- Add
--drop-infra-ctr
option to ask CRI-O to drop the infra container when a pod level pid namespace isn't requested. This feature is considered experimental (#4186, @haircommander) - Adds a new optional field, runtime_type, to the "--runtimes" option. (#3903, @fidencio)
- Cleanup and update nix derivation for static builds (#3804, @hswong3i)
- Fix a bug where a sudden reboot causes incomplete image writes. This could cause image storage to be corrupted, resulting in an error
layer not known
. (#3975, @openshift-cherrypick-robot) - Fix bug where empty config fields having to do with storage cause
/info
requests to return incorrect information (which causes cadvisor to fail to read imageFs information) (#4161, @openshift-cherrypick-robot) - Fixes panic when /sys/fs/cgroup can't be stat'ed (#3973, @haircommander)
- If the default_runtime is changed from the default configuration, the corresponding existing default entry in the runtime map in the configuration will be ignored. (#4113, @openshift-cherrypick-robot)
- Remove support for
--runtime
flag (#4107, @haircommander) - Updated
crictl.yaml
configuration inside the repository to reflect cri-tools v1.19.0 changes (#4185, @openshift-cherrypick-robot)
Dependencies
Added
- cloud.google.com/go/bigquery: v1.0.1
- cloud.google.com/go/pubsub: v1.0.1
- cloud.google.com/go/storage: v1.0.0
- dmitri.shuralyov.com/gpu/mtl: 666a987
- github.com/OneOfOne/xxhash: v1.2.2
- github.com/bombsimon/wsl/v3: v3.0.0
- github.com/cespare/xxhash/v2: v2.1.1
- github.com/cespare/xxhash: v1.1.0
- github.com/chzyer/logex: v1.1.10
- github.com/chzyer/readline: 2972be2
- github.com/chzyer/test: a1ea475
- github.com/dgryski/go-sip13: e10d5fe
- github.com/docopt/docopt-go: ee0de3b
- github.com/go-git/gcfg: v1.5.0
- github.com/go-git/go-billy/v5: v5.0.0
- github.com/go-git/go-git-fixtures/v4: v4.0.1
- github.com/go-git/go-git/v5: v5.1.0
- github.com/go-gl/glfw/v3.3/glfw: 12ad95a
- github.com/go-ini/ini: v1.9.0
- github.com/go-xmlfmt/xmlfmt: d5b6f63
- github.com/ianlancetaylor/demangle: 5e5cf60
- github.com/maratori/testpackage: v1.0.1
- github.com/moby/ipvs: v1.0.1
- github.com/moby/term: 672ec06
- github.com/nakabonne/nestif: v0.3.0
- github.com/nxadm/tail: v1.4.4
- github.com/oklog/ulid: v1.3.1
- github.com/phayes/checkstyle: bfd46e6
- github.com/prometheus/tsdb: v0.7.1
- github.com/ryancurrah/gomodguard: v1.0.2
- github.com/saschagrunert/ccli: b68f755
- github.com/saschagrunert/go-modiff: v1.2.0
- github.com/spaolacci/murmur3: f09979e
- github.com/tetafro/godot: v0.2.5
- github.com/yuin/goldmark: v1.1.32
- go.mozilla.org/pkcs7: 432b235
- google.golang.org/protobuf: v1.24.0
- gopkg.in/yaml.v3: 9f266ea
- gotest.tools/v3: v3.0.2
- k8s.io/klog/v2: v2.3.0
Changed
- cloud.google.com/go: v0.44.3 → v0.51.0
- github.com/Azure/azure-sdk-for-go: v35.0.0+incompatible → v43.0.0+incompatible
- github.com/Azure/go-autorest/autorest/adal: v0.5.0 → v0.8.2
- github.com/Azure/go-autorest/autorest/date: v0.1.0 → v0.2.0
- github.com/Azure/go-autorest/autorest/mocks: v0.2.0 → v0.3.0
- github.com/Azure/go-autorest/autorest: v0.9.0 → v0.9.6
- github.com/GoogleCloudPlatform/k8s-cloud-provider: 27a4ced → 7901bc8
- github.com/GoogleCloudPlatform/testgrid: v0.0.1-alpha.4 → v0.0.10
- github.com/Microsoft/hcsshim: v0.8.7 → 5eafd15
- github.com/alecthomas/template: a0175ee → fb15b89
- github.com/alecthomas/units: 2efee85 → c3de453
- github.com/bazelbuild/rules_go: 6dae44d → v0.23.3
- github.com/beorn7/perks: 3a771d9 → v1.0.1
- github.com/cilium/ebpf: 95b36a5 → 9f1617e
- github.com/containerd/cgroups: bf292b2 → 0dbf7f0
- github.com/containerd/containerd: v1.3.3 → v1.3.6
- github.com/containerd/ttrpc: 0be804e → v1.0.1
- github.com/containerd/typeurl: 2a93cfd → v1.0.0
- github.com/containernetworking/cni: 4fae32b → v0.8.0
- github.com/containernetworking/plugins: v0.8.5 → v0.8.6
- github.com/containers/buildah: v1.14.8 → v1.14.9
- github.com/containers/conmon: v2.0.15+incompatible → v2.0.17+incompatible
- github.com/containers/image/v5: v5.4.3 → v5.5.1
- github.com/containers/libpod: v1.9.0 → v1.9.2
- github.com/containers/ocicrypt: v1.0.2 → v1.0.3
- github.com/containers/storage: v1.18.2 → v1.20.2
- github.com/coredns/corefile-migration: v1.0.6 → v1.0.10
- github.com/coreos/go-systemd/v22: v22.0.0 → v22.1.0
- github.com/creack/pty: v1.1.9 → v1.1.11
- github.com/cri-o/ocicni: b197cd1 → 513ef78
- github.com/docker/docker: a9416c6 → aa6a989
- github.com/docker/libnetwork: c8a5fca → 5a177b7
- github.com/envoyproxy/go-control-plane: v0.9.4 → 5f8ba28
- github.com/evanphx/json-patch: v4.2.0+incompatible → e83c0a1
- github.com/fatih/color: v1.7.0 → v1.9.0
- github.com/go-logr/logr: v0.1.0 → v0.2.0
- github.com/godbus/dbus: 8a16820 → ade71ed
- github.com/golang/groupcache: 869f871 → 215e871
- github.com/golang/protobuf: v1.3.3 → v1.3.5
- github.com/golangci/golangci-lint: v1.23.3 → v1.25.0
- github.com/google/cadvisor: v0.35.0 → v0.37.0
- github.com/google/pprof: 54271f7 → d4f498a
- github.com/googleapis/gnostic: v0.1.0 → v0.4.1
- github.com/gostaticanalysis/analysisutil: v0.0.3 → 4088753
- github.com/json-iterator/go: v1.1.9 → v1.1.10
- github.com/jstemmer/go-junit-report: af01ea7 → v0.9.1
- github.com/klauspost/compress: v1.10.3 → v1.10.8
- github.com/klauspost/pgzip: v1.2.3 → v1.2.4
- github.com/konsorten/go-windows-terminal-sequences: v1.0.2 → v1.0.3
- github.com/mattn/go-isatty: v0.0.9 → v0.0.12
- github.com/matttproud/golang_protobuf_extensions: v1.0.1 → c182aff
- github.com/maxbrunsfeld/counterfeiter/v6: v6.2.2 → v6.2.3
- github.com/mistifyio/go-zfs: v2.1.1+incompatible → f784269
- github.com/mrunalp/fileutils: 7d4729f → abd8a0e
- github.com/onsi/ginkgo: v1.12.0 → v1.14.0
- github.com/onsi/gomega: v1.9.0 → v1.10.1
- github.com/opencontainers/go-digest: v1.0.0-rc1 → v1.0.0
- github.com/opencontainers/runc: v1.0.0-rc9 → v1.0.0-rc90
- github.com/opencontainers/runtime-spec: v1.0.2 → 3e4195d
- github.com/opencontainers/runtime-tools: d1bf3e6 → 07406c5
- github.com/opencontainers/selinux: v1.5.1 → v1.5.2
- github.com/prometheus/client_golang: v0.9.2 → v1.7.1
- github.com/prometheus/common: v0.4.1 → v0.10.0
- github.com/prometheus/procfs: v0.0.5 → v0.1.3
- github.com/rubiojr/go-vhd: 0bfd3b3 → 02e2102
- github.com/sclevine/spec: v1.2.0 → v1.4.0
- github.com/seccomp/containers-golang: v0.3.2 → v0.4.1
- github.com/sendgrid/rest: v2.4.1+incompatible → v2.6.0+incompatible
- github.com/sendgrid/sendgrid-go: v3.5.0+incompatible → v3.6.0+incompatible
- github.com/sergi/go-diff: v1.0.0 → v1.1.0
- github.com/sirupsen/logrus: v1.4.2 → v1.6.0
- github.com/spf13/cobra: v0.0.7 → v1.0.0
- github.com/stretchr/testify: v1.5.1 → v1.6.1
- github.com/tommy-muehle/go-mnd: v1.1.1 → e6f9a99
- github.com/urfave/cli: 7bc6a0a → v1.22.2
- github.com/vbauerster/mpb/v5: v5.0.3 → v5.2.2
- github.com/vishvananda/netns: 0a2b9b5 → 52d707b
- go.etcd.io/bbolt: v1.3.4 → v1.3.5
- go.etcd.io/etcd: 3cf2f69 → 18dfb9c
- go.opencensus.io: v0.22.1 → v0.22.2
- golang.org/x/crypto: 0ec3e99 → 75b2880
- golang.org/x/exp: efd6b22 → da58074
- golang.org/x/image: 0694c2d → cff245a
- golang.org/x/lint: 959b441 → fdd1cda
- golang.org/x/mobile: d3739f8 → d2bd2a2
- golang.org/x/mod: c90efee → v0.3.0
- golang.org/x/net: d3edc99 → ab34263
- golang.org/x/sync: 43a5402 → 6e8e738
- golang.org/x/sys: ea54a3c → ddb9806
- golang.org/x/text: v0.3.2 → v0.3.3
- golang.org/x/tools: 9497f49 → c1934b7
- google.golang.org/api: v0.9.0 → v0.21.0
- google.golang.org/appengine: v1.6.2 → v1.6.5
- google.golang.org/grpc: v1.28.1 → v1.27.0
- gopkg.in/yaml.v2: v2.2.8 → v2.3.0
- k8s.io/gengo: 36b2048 → 8167cfd
- k8s.io/kube-openapi: bf4fb3b → 656914f
- k8s.io/kubernetes/staging/src/k8s.io/api: 7879fc1 → 1afc535
- k8s.io/kubernetes/staging/src/k8s.io/apiextensions-apiserver: 7879fc1 → 1afc535
- k8s.io/kubernetes/staging/src/k8s.io/apimachinery: 7879fc1 → 1afc535
- k8s.io/kubernetes/staging/src/k8s.io/apiserver: 7879fc1 → 1afc535
- k8s.io/kubernetes/staging/src/k8s.io/cli-runtime: 7879fc1 → 1afc535
- k8s.io/kubernetes/staging/src/k8s.io/client-go: 7879fc1 → 1afc535
- k8s.io/kubernetes/staging/src/k8s.io/cloud-provider: 7879fc1 → 1afc535
- k8s.io/kubernetes/staging/src/k8s.io/cluster-bootstrap: 7879fc1 → 1afc535
- k8s.io/kubernetes/staging/src/k8s.io/code-generator: 7879fc1 → 1afc535
- k8s.io/kubernetes/staging/src/k8s.io/component-base: 7879fc1 → 1afc535
- k8s.io/kubernetes/staging/src/k8s.io/cri-api: 7879fc1 → 1afc535
- k8s.io/kubernetes/staging/src/k8s.io/csi-translation-lib: 7879fc1 → 1afc535
- k8s.io/kubernetes/staging/src/k8s.io/kube-aggregator: 7879fc1 → 1afc535
- k8s.io/kubernetes/staging/src/k8s.io/kube-controller-manager: 7879fc1 → 1afc535
- k8s.io/kubernetes/staging/src/k8s.io/kube-proxy: 7879fc1 → 1afc535
- k8s.io/kubernetes/staging/src/k8s.io/kube-scheduler: 7879fc1 → 1afc535
- k8s.io/kubernetes/staging/src/k8s.io/kubectl: 7879fc1 → 1afc535
- k8s.io/kubernetes/staging/src/k8s.io/kubelet: 7879fc1 → 1afc535
- k8s.io/kubernetes/staging/src/k8s.io/legacy-cloud-providers: 7879fc1 → 1afc535
- k8s.io/kubernetes/staging/src/k8s.io/metrics: 7879fc1 → 1afc535
- k8s.io/kubernetes/staging/src/k8s.io/sample-apiserver: 7879fc1 → 1afc535
- k8s.io/kubernetes: v1.18.1 → v1.19.0-rc.4
- k8s.io/release: v0.2.5 → v0.3.4
- k8s.io/system-validators: v1.0.4 → v1.1.2
- k8s.io/utils: 6496210 → f00132d
- mvdan.cc/sh/v3: v3.1.0 → v3.1.2
- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.7 → v0.0.9
- sigs.k8s.io/structured-merge-diff/v3: v3.0.0 → 43c19bb
Removed
- github.com/Rican7/retry: v0.1.0
- github.com/bazelbuild/bazel-gazelle: 70208cb
- github.com/bazelbuild/buildtools: 69366ca
- github.com/bradfitz/go-smtpd: deb6d62
- github.com/cespare/prettybench: 03b8cfe
- github.com/cncf/udpa/go: 269d4d4
- github.com/containerd/release-tool: a35b5d7
- github.com/golangci/go-tools: e32c541
- github.com/golangci/gosec: 66fb7fc
- github.com/google/go-github: v17.0.0+incompatible
- github.com/hashicorp/go-version: v1.2.0
- github.com/jellevandenhooff/dkim: f50fe3d
- github.com/mesos/mesos-go: v0.0.9
- github.com/pelletier/go-buffruneio: v0.2.0
- github.com/ryanuber/go-glob: 256dc44
- github.com/src-d/gcfg: v1.4.0
- github.com/tarm/serial: 98f6abe
- github.com/vbatts/git-validation: v1.1.0
- go4.org: 417644f
- golang.org/x/build: 2835ba2
- golang.org/x/perf: 6e6d33e
- gopkg.in/russross/blackfriday.v2: v2.0.0
- gopkg.in/src-d/go-billy.v4: v4.3.2
- gopkg.in/src-d/go-git-fixtures.v3: v3.5.0
- gopkg.in/src-d/go-git.v4: v4.13.1
- gotest.tools/gotestsum: v0.3.5
- grpc.go4.org: 11d0a25
- k8s.io/repo-infra: v0.0.1-alpha.1