• CRI-O v1.20.0
  • Downloads
  • Changelog since v1.19.0
    • Changes by Kind
      • Other
      • API Change
      • Feature
      • Design
      • Documentation
      • Bug or Regression
      • Other (Cleanup or Flake)
      • Uncategorized
  • Dependencies
    • Added
    • Changed
    • Removed

CRI-O v1.20.0

The release notes have been generated for the commit range
v1.19.0...v1.20.0 on Fri, 11 Dec 2020 17:43:33 UTC.

Downloads

Download the static release bundle via our Google Cloud Bucket:
crio-v1.20.0.tar.gz

Changelog since v1.19.0

Changes by Kind

Other

• Cutting the first rc for 1.20 - v1.20.0-rc.1 (#4416, @umohnani8)

API Change

• Add allowed_annotations option to runtime handler structure, which allows admins to gate which runtime classes interpret the annotation io.kubernetes.cri-o.userns-mode. In doing so, also drop the experimental allow_userns_annotation option. (#4281, @haircommander)

Feature

• Add io.kubernetes.cri-o.Devices annotation to the list interpretable allowed annotations. Now, users can pass in devices they want added to their containers, but only if the runtime class is allowed to use the annotation. (#4349, @haircommander)
• Add option seccomp_override_empty to override an unspecified seccomp profile from being unconfined to being the runtime default. Note: setting this option makes CRI-O not fully CRI compliant, but does increase security. (#4212, @haircommander)
• Allow using userns together with ManageNSLifecycle (#4333, @kolyshkin)

Design

• When running under systemd, image pulls happen in a new cgroup (#4057, @giuseppe)

Documentation

• The manage_ns_lifecycle option is now deprecated, and will be set to true unconditionally in the future. (#4209, @haircommander)

Bug or Regression

• CRIO allow to run pods with default runtime profile in the Pod.Spec, if seccomp is disabled (#4370, @aojea)
• Crio-o portMapping dual-stack support (#4361, @aojea)
• Fix a bug where a timeout in RunPodSandbox or CreateContainer requests caused CRI-O to delete the newly created resource. Now, it saves that resource, until the kubelet re-requests it, thus allowing kubelet and CRI-O to reconcile quicker when nodes are under load. (#4430, @haircommander)
• Fix bug where runAsUser would only work with runAsGroup if userns annotations were specified (#4300, @haircommander)
• Fix bug where we attempted to chown with the mappings configured on server level, when they could have been from annotations (#4294, @haircommander)
• Fix making /etc/resolv.conf bind-mount to be readonly for a readonly container. (#4268, @kolyshkin)
• Fix occasional "chown: interrupted system call" error on container creation. (#4334, @kolyshkin)
• Fixed bug that all custom sandbox annotations will be passed to OCI hooks and therefore are also available on the containers (#4138, @saschagrunert)
• Provide an option to run performance hooks via specifying allowed_annotations under the runtime handler configuration
  [DEPRECATION] The run of performance hooks for the high-performance runtime handler without specifying allowed_annotations will be deprecated under release 1.21
  [DEPRECATION] Usage of performance annotation with the true value, will be deprecated under release 1.21, instead, the disable value should be used (#4389, @cynepco3hahue)

Other (Cleanup or Flake)

• Changed the output of the printed seccomp profile to JSON instead of the struct. The profile will be only printed on CRI-O startup and if the --log-level/log_level is set to trace. (#4158, @saschagrunert)
• Fixed a bug where a container creation failure caused that container to leak in the runtime (#4198, @haircommander)

Uncategorized

• Fix a goroutine leak when checking image pulling progress (#4413, @openshift-cherrypick-robot)
• Moves shm size to a handler-allowed annotation (#4417, @openshift-cherrypick-robot)
• Update broken link for podman tutorial (#4179, @lovebaby979)
• Update broken link for tutorials (#4180, @lovebaby979)
• Update nix pin with make nixpkgs (#4347, @hswong3i)

Dependencies

Added

• bazil.org/fuse: 371fbbd
• cloud.google.com/go/firestore: v1.1.0
• cloud.google.com/go/logging: v1.1.0
• github.com/Azure/go-autorest: v14.2.0+incompatible
• github.com/armon/go-metrics: f0300d1
• github.com/armon/go-radix: 7fddfc3
• github.com/bketelsen/crypt: 5cbc8cc
• github.com/cenkalti/backoff/v4: v4.1.0
• github.com/containers/libpod/v2: v2.0.6
• github.com/docker/cli: a8ff7f8
• github.com/form3tech-oss/jwt-go: v3.2.2+incompatible
• github.com/fvbommel/sortorder: v1.0.1
• github.com/go-gl/glfw: e6da0ac
• github.com/gomarkdown/markdown: 8c8b381
• github.com/google/go-containerregistry: v0.1.3
• github.com/google/martian/v3: v3.1.0
• github.com/hashicorp/consul/api: v1.1.0
• github.com/hashicorp/consul/sdk: v0.1.1
• github.com/hashicorp/go-cleanhttp: v0.5.1
• github.com/hashicorp/go-immutable-radix: v1.0.0
• github.com/hashicorp/go-msgpack: v0.5.3
• github.com/hashicorp/go-rootcerts: v1.0.0
• github.com/hashicorp/go-sockaddr: v1.0.0
• github.com/hashicorp/go-uuid: v1.0.1
• github.com/hashicorp/go.net: v0.0.1
• github.com/hashicorp/logutils: v1.0.0
• github.com/hashicorp/mdns: v1.0.0
• github.com/hashicorp/memberlist: v0.1.3
• github.com/hashicorp/serf: v0.8.2
• github.com/jmespath/go-jmespath/internal/testify: v1.5.1
• github.com/mitchellh/cli: v1.0.0
• github.com/mitchellh/go-testing-interface: v1.0.0
• github.com/mitchellh/gox: v0.4.0
• github.com/mitchellh/iochan: v1.0.0
• github.com/mmarkdown/mmark: v2.0.40+incompatible
• github.com/pascaldekloe/goe: 57f6aae
• github.com/pelletier/go-buffruneio: v0.2.0
• github.com/posener/complete: v1.1.1
• github.com/ryanuber/columnize: 9b3edd6
• github.com/sclevine/agouti: v3.0.0+incompatible
• github.com/sean-/seed: e2103e2
• github.com/src-d/gcfg: v1.4.0
• github.com/vdemeester/k8s-pkg-credentialprovider: v1.17.4
• github.com/willf/bitset: d5bec33
• golang.org/dl: 82a15e2
• gopkg.in/src-d/go-billy.v4: v4.3.2
• gopkg.in/src-d/go-git-fixtures.v3: v3.5.0
• gopkg.in/src-d/go-git.v4: v4.13.1
• k8s.io/kubernetes/staging/src/k8s.io/component-helpers: 3321f00
• k8s.io/kubernetes/staging/src/k8s.io/controller-manager: 3321f00
• k8s.io/kubernetes/staging/src/k8s.io/mount-utils: 3321f00
• sigs.k8s.io/mdtoc: v1.0.1
• sigs.k8s.io/structured-merge-diff/v4: v4.0.2

Changed

• cloud.google.com/go/bigquery: v1.0.1 → v1.8.0
• cloud.google.com/go/datastore: v1.0.0 → v1.1.0
• cloud.google.com/go/pubsub: v1.0.1 → v1.3.1
• cloud.google.com/go/storage: v1.0.0 → v1.12.0
• cloud.google.com/go: v0.51.0 → v0.72.0
• github.com/Azure/go-autorest/autorest/adal: v0.8.2 → v0.9.5
• github.com/Azure/go-autorest/autorest/date: v0.2.0 → v0.3.0
• github.com/Azure/go-autorest/autorest/mocks: v0.3.0 → v0.4.1
• github.com/Azure/go-autorest/autorest/to: v0.2.0 → v0.3.0
• github.com/Azure/go-autorest/autorest/validation: v0.1.0 → v0.2.0
• github.com/Azure/go-autorest/autorest: v0.9.6 → v0.11.1
• github.com/Azure/go-autorest/logger: v0.1.0 → v0.2.0
• github.com/Azure/go-autorest/tracing: v0.5.0 → v0.6.0
• github.com/GoogleCloudPlatform/testgrid: v0.0.10 → v0.0.30
• github.com/Microsoft/go-winio: 3fe6c52 → v0.4.15
• github.com/aws/aws-sdk-go: v1.28.2 → v1.35.24
• github.com/bazelbuild/rules_go: v0.23.3 → v0.22.1
• github.com/cilium/ebpf: 9f1617e → 4032b1d
• github.com/containerd/containerd: v1.3.6 → v1.4.1
• github.com/containerd/continuity: aaeac12 → 0f16d7a
• github.com/containerd/ttrpc: v1.0.1 → v1.0.2
• github.com/containerd/typeurl: v1.0.0 → v1.0.1
• github.com/containernetworking/plugins: v0.8.6 → v0.8.7
• github.com/containers/buildah: v1.14.9 → v1.15.2
• github.com/containers/common: v0.9.1 → v0.21.0
• github.com/containers/conmon: v2.0.17+incompatible → v2.0.20+incompatible
• github.com/containers/image/v5: v5.5.1 → v5.7.0
• github.com/containers/psgo: v1.4.0 → v1.5.1
• github.com/containers/storage: v1.20.2 → v1.24.0
• github.com/coreos/etcd: v3.3.10+incompatible → v3.3.13+incompatible
• github.com/docker/docker: aa6a989 → bd33bbf
• github.com/evanphx/json-patch: e83c0a1 → v4.9.0+incompatible
• github.com/fsouza/go-dockerclient: v1.6.3 → v1.6.5
• github.com/go-git/go-git-fixtures/v4: v4.0.1 → f56387b
• github.com/go-git/go-git/v5: v5.1.0 → v5.2.0
• github.com/go-gl/glfw/v3.3/glfw: 12ad95a → 6f7a984
• github.com/go-sql-driver/mysql: v1.4.0 → v1.5.0
• github.com/golang/groupcache: 215e871 → 8c9f03a
• github.com/golang/mock: v1.4.3 → v1.4.4
• github.com/google/cadvisor: v0.37.0 → v0.38.5
• github.com/google/go-cmp: v0.4.0 → v0.5.2
• github.com/google/pprof: d4f498a → 3e6fc7f
• github.com/google/uuid: v1.1.1 → v1.1.2
• github.com/gorilla/mux: v1.7.4 → v1.8.0
• github.com/gorilla/websocket: v1.4.0 → v1.4.2
• github.com/hashicorp/go-multierror: v1.0.0 → v1.1.0
• github.com/hashicorp/golang-lru: v0.5.1 → v0.5.3
• github.com/ianlancetaylor/demangle: 5e5cf60 → 28f6c0f
• github.com/imdario/mergo: v0.3.9 → v0.3.11
• github.com/insomniacslk/dhcp: 81b9770 → ed3125c
• github.com/jmespath/go-jmespath: c2b33e8 → v0.4.0
• github.com/karrick/godirwalk: v1.7.5 → v1.16.1
• github.com/klauspost/compress: v1.10.8 → v1.11.2
• github.com/klauspost/pgzip: v1.2.4 → v1.2.5
• github.com/kr/pretty: v0.2.0 → v0.2.1
• github.com/maxbrunsfeld/counterfeiter/v6: v6.2.3 → v6.3.0
• github.com/moby/sys/mountinfo: v0.1.0 → v0.4.0
• github.com/moby/term: 672ec06 → bea5bbe
• github.com/moby/vpnkit: 6bc1679 → v0.4.0
• github.com/onsi/ginkgo: v1.14.0 → v1.14.1
• github.com/onsi/gomega: v1.10.1 → v1.10.3
• github.com/opencontainers/selinux: v1.5.2 → v1.6.0
• github.com/openshift/imagebuilder: v1.1.4 → v1.1.6
• github.com/pkg/diff: 5319263 → 5b29258
• github.com/prometheus/procfs: v0.1.3 → v0.2.0
• github.com/psampaz/go-mod-outdated: v0.6.0 → v0.7.0
• github.com/quobyte/api: v0.1.2 → v0.1.8
• github.com/rogpeppe/go-internal: v1.5.2 → v1.6.2
• github.com/rootless-containers/rootlesskit: v0.9.3 → v0.10.0
• github.com/saschagrunert/go-modiff: v1.2.0 → v1.2.1
• github.com/seccomp/containers-golang: v0.4.1 → v0.5.0
• github.com/seccomp/libseccomp-golang: v0.9.1 → 847368b
• github.com/sendgrid/rest: v2.6.0+incompatible → v2.6.2+incompatible
• github.com/sendgrid/sendgrid-go: v3.6.0+incompatible → v3.7.1+incompatible
• github.com/shirou/gopsutil: e4ec7b2 → v3.20.10+incompatible
• github.com/sirupsen/logrus: v1.6.0 → v1.7.0
• github.com/spf13/cobra: v1.0.0 → v1.1.1
• github.com/spf13/viper: v1.6.1 → v1.7.0
• github.com/storageos/go-api: 343b3ef → v2.2.0+incompatible
• github.com/uber/jaeger-client-go: v2.22.1+incompatible → v2.24.0+incompatible
• github.com/ulikunitz/xz: v0.5.7 → v0.5.8
• github.com/vbauerster/mpb/v5: v5.2.2 → v5.3.0
• github.com/vishvananda/netns: 52d707b → db3c7e5
• github.com/yuin/goldmark: v1.1.32 → v1.2.1
• go.etcd.io/etcd: 18dfb9c → dd1b699
• go.opencensus.io: v0.22.2 → v0.22.5
• golang.org/x/crypto: 75b2880 → 7f63de1
• golang.org/x/exp: da58074 → 6cc2880
• golang.org/x/lint: fdd1cda → 738671d
• golang.org/x/net: ab34263 → 69a7880
• golang.org/x/oauth2: bf48bf1 → 9fd6049
• golang.org/x/sync: 6e8e738 → 67f06af
• golang.org/x/sys: ddb9806 → 5cba982
• golang.org/x/text: v0.3.3 → v0.3.4
• golang.org/x/time: 555d28b → 3af7569
• golang.org/x/tools: c1934b7 → 079ba7b
• golang.org/x/xerrors: 9bdfabe → 5ec99f8
• google.golang.org/api: v0.21.0 → v0.35.0
• google.golang.org/appengine: v1.6.5 → v1.6.6
• google.golang.org/protobuf: v1.24.0 → v1.25.0
• gopkg.in/check.v1: 8fa4692 → 038fdea
• honnef.co/go/tools: v0.0.1-2019.2.3 → v0.0.1-2020.1.5
• k8s.io/gengo: 8167cfd → 83324d8
• k8s.io/klog/v2: v2.3.0 → v2.4.0
• k8s.io/kube-openapi: 656914f → d219536
• k8s.io/kubernetes/staging/src/k8s.io/api: 1afc535 → 3321f00
• k8s.io/kubernetes/staging/src/k8s.io/apiextensions-apiserver: 1afc535 → 3321f00
• k8s.io/kubernetes/staging/src/k8s.io/apimachinery: 1afc535 → 3321f00
• k8s.io/kubernetes/staging/src/k8s.io/apiserver: 1afc535 → 3321f00
• k8s.io/kubernetes/staging/src/k8s.io/cli-runtime: 1afc535 → 3321f00
• k8s.io/kubernetes/staging/src/k8s.io/client-go: 1afc535 → 3321f00
• k8s.io/kubernetes/staging/src/k8s.io/cloud-provider: 1afc535 → 3321f00
• k8s.io/kubernetes/staging/src/k8s.io/cluster-bootstrap: 1afc535 → 3321f00
• k8s.io/kubernetes/staging/src/k8s.io/code-generator: 1afc535 → 3321f00
• k8s.io/kubernetes/staging/src/k8s.io/component-base: 1afc535 → 3321f00
• k8s.io/kubernetes/staging/src/k8s.io/cri-api: 1afc535 → 3321f00
• k8s.io/kubernetes/staging/src/k8s.io/csi-translation-lib: 1afc535 → 3321f00
• k8s.io/kubernetes/staging/src/k8s.io/kube-aggregator: 1afc535 → 3321f00
• k8s.io/kubernetes/staging/src/k8s.io/kube-controller-manager: 1afc535 → 3321f00
• k8s.io/kubernetes/staging/src/k8s.io/kube-proxy: 1afc535 → 3321f00
• k8s.io/kubernetes/staging/src/k8s.io/kube-scheduler: 1afc535 → 3321f00
• k8s.io/kubernetes/staging/src/k8s.io/kubectl: 1afc535 → 3321f00
• k8s.io/kubernetes/staging/src/k8s.io/kubelet: 1afc535 → 3321f00
• k8s.io/kubernetes/staging/src/k8s.io/legacy-cloud-providers: 1afc535 → 3321f00
• k8s.io/kubernetes/staging/src/k8s.io/metrics: 1afc535 → 3321f00
• k8s.io/kubernetes/staging/src/k8s.io/sample-apiserver: 1afc535 → 3321f00
• k8s.io/kubernetes: v1.19.0-rc.4 → v1.20.0-rc.0
• k8s.io/release: v0.3.4 → v0.6.0
• k8s.io/system-validators: v1.1.2 → v1.2.0
• k8s.io/utils: f00132d → 67b214c
• mvdan.cc/sh/v3: v3.1.2 → v3.2.0
• sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.9 → v0.0.14

Removed

• github.com/containers/libpod: v1.9.2
• github.com/etcd-io/bbolt: v1.3.3
• github.com/go-ini/ini: v1.9.0
• github.com/openshift/api: 7ab22a2
• github.com/theckman/go-flock: v0.7.1
• sigs.k8s.io/structured-merge-diff/v3: 43c19bb