github cri-o/cri-o v1.22.0
on GitHub

latest releases: v1.30.1, v1.30.0, v1.28.6...
2 years ago

CRI-O v1.22.0

The release notes have been generated for the commit range
v1.21.0...6becad2 on Wed, 25 Aug 2021 10:15:44 EDT.

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

Changelog since v1.21.0

Changes by Kind

Dependency-Change

Deprecation

  • The internal_wipe option is now true by default. Further, it is being deprecated, and will be unconditionally true in the future. (#5218, @haircommander)

API Change

  • Update how the resources for a workload is specified. Now, to override a workload, the pod must have the annotation $prefix/$ctr_name = {"$resource_type": "$resource_value"}. The workloads feature has also been marked as experimental, which should have happened from the beginning. (#4787, @haircommander)

Feature

  • Added --metrics-collectors/metrics_collectors configuration to enable or disable certain metrics.
    All metrics collectors are enabled per default. (#5061, @saschagrunert)
  • Added crio_image_pulls_layer_size histogram metric to get insights about all pulled layer sizes. (#5059, @saschagrunert)
  • Added build tags as well as AppArmor and seccomp status to crio version output. (#5135, @saschagrunert)
  • Added generation of self-signed certificates for the secure metrics endpoint
    if the provided cert and key paths are not available on disk. (#5012, @saschagrunert)
  • Added secure metrics endpoint configuration options (#4805, @saschagrunert)
  • Added structural logging of container ID, sandbox ID and process ID on container start. (#5134, @saschagrunert)
  • Automatically reload metrics TLS certificate and key if any of those specified files change. (#4927, @saschagrunert)
  • CNI plugins are now passed a K8S_POD_UID environment variable containing the pod UID this sandbox was started for. (#5026, @dcbw)
  • Changed the logging behavior of klog messages to be included in the CRI-O logs.
    The klog info verbositry is converted to CRI-O debug to lower the log verbosity. (#4973, @saschagrunert)
  • Cri-o now does not limit the DNS search paths. (#5199, @gjkim42)
  • Enable the "volatile" option for the overlay drivers when it is supported by the underlying kernel. (#4885, @giuseppe)
  • Rootless: enable resource limit when cgroup v2 controllers are delegated. (#4528, @AkihiroSuda)
  • Support io.kubernetes.cri.blockio-class container annotation for specifying blockio class.
    Support blockio.resources.beta.kubernetes.io/pod pod annotation for specifying the default blockio class to all containers in the pod.
    Support blockio.resources.beta.kubernetes.io/container.NAME pod annotation for specifying the blockio class of the NAME container in the pod.

Add blockio_config_file config file option (and corresponding --blockio-config-file for command line) for configuring blockio classes and their cgroups blockio controller parameters. (#4873, @askervin)

  • Support io.kubernetes.cri.rdt-class container annotation for specifying RDT class.

Add rdt_config_file config file option (and corresponding --rdt-config-file for command line) for configuring the resctrl pseudo-filesystem. (#4830, @marquiz)

  • The config field drop_infra_ctr is now true by default (#5113, @haircommander)
  • The runtime_config_path option, which allows to specify the path of the runtime configuration file, is now supported by CRI-O. This is specific to the VM runtime type. (#5035, @fidencio)
  • Validate certificate dates for TLS metrics endpoint (#4990, @saschagrunert)

Design

Bug or Regression

  • Add support for absent_mount_sources_to_reject, which allows admins to configure paths that, when mounted into a container despite not existing on the host, causes a container creation request to fail. This is useful for paths like /etc/hostname, which causes trouble as a directory, but possibly shouldn't be created as a file either (in the case of a dynamic hostname). (#4844, @haircommander)
  • Add symlink /proc/mounts on /etc/mtab to container (#5051, @QiWang19)
  • Add the config field internal_wipe which moves the responsibility of wiping containers after a reboot and images after an upgrade from the external binary crio wipe to the main crio server. This has a handful of advantages, the main one being crio is now better able to cleanup CNI resources after a reboot. (#4767, @haircommander)
  • Allow users to customize conmon's resources if a pod is in a workload. (#4907, @haircommander)
  • CRI-O now logs when it is using cgroupv2 (#5183, @haircommander)
  • Fix a bug in internal_wipe that would mean CNI resources would be leaked across reboots. (#4900, @haircommander)
  • Fix a bug where CRI-O can't work with runc 1.0.0-rc93 because of an incorrectly specified list of capabilities (#4828, @haircommander)
  • Fix a bug where CRI-O would leak opened files for namespaces on a server restore (#4758, @haircommander)
  • Fix a bug where crio config would print a string for privileged_without_host_devices, not a boolean (#4827, @haircommander)
  • Fix a bug where a container exec process received a little less time than the timeout provided (#5067, @haircommander)
  • Fix a bug where an exec sync timeout would fail to cleanup the runtime exec process (#4999, @haircommander)
  • Fix a bug where cAdvisor couldn't read the disk usage of a pod with a dropped infra container (#5145, @haircommander)
  • Fix a bug where duplicate requests would stall even if the pod or container was already created (#5052, @haircommander)
  • Fix a bug where server startup was significantly slowed down by attempting to clean up CNI resources after a reboot. (#4929, @haircommander)
  • Fix a performance regression with exec probes (#5136, @haircommander)
  • Fix a segfault when CRI-O has takes more than 8 minutes to create a pod or container (#4834, @haircommander)
  • Fix an RSS regression with exec sync requests (#5245, @haircommander)
  • Fix an issue where a container started with a terminal fails on exec sync calls (#5107, @haircommander)
  • Fix drop ALL and add back few caps behavior to not include the default configured capabilities (#4923, @mrunalp)
  • Fix potential panic when reopening a container's log (#5212, @haircommander)
  • Fixed bug where it was not possible to run containers using the default or no seccomp profile on
    seccomp disabled builds/machines (#4789, @saschagrunert)
  • Fixed bug where runtime VM created containers never reach their completed state. (#4803, @saschagrunert)
  • Fixed linkmode detection for on en_US systems crio version (#5168, @saschagrunert)
  • Fixed runtime panic for layers lockfile if its parent directory does not exist.
    Added support for repositories in auth.json (#5076, @saschagrunert)
  • Re-attempt setting up conmon's cgroup if it fails on EAGAIN from dbus (#4921, @haircommander)
  • Reduce the permission on the listen socket to 0660 (#4886, @haircommander)
  • Reuse connection when connecting to dbus, as well as reattempt the connection if it fails temporarily (#4974, @haircommander)
  • The privileged_without_host_devices flag can now be given a an additional parameter to configure a runtime (#5054, @littlejawa)
  • Wait for CNI plugins to be ready before starting non-host-network pods, to allow pods that may run CNI plugins to start faster (#5046, @haircommander)

Other (Cleanup or Flake)

Uncategorized

  • Add Particule as adopters (#4994, @ArchiFleKs)
  • Add --device-ownership-from-security-context which allows an admin to specify devices be configured to be owned by the container user and group, rather than unconditionally being root. (#4620, @mythi)
  • Added internal/process/defunct_processes.go and crio_processes_defunct metric to collect the total number of defunct/zombie processes in a node. (#5082, @raisaat)
  • Raise a warning when creating a bind mount on the container root (#4853, @giuseppe)

Dependencies

Added

  • github.com/andybalholm/brotli: v1.0.0
  • github.com/antihax/optional: v1.0.0
  • github.com/benbjohnson/clock: v1.0.3
  • github.com/bits-and-blooms/bitset: v1.2.0
  • github.com/carolynvs/magex: v0.6.0
  • github.com/certifi/gocertifi: 2c3bb06
  • github.com/checkpoint-restore/go-criu/v5: v5.1.0
  • github.com/cheggaaa/pb/v3: v3.0.5
  • github.com/cncf/udpa/go: 5459f2c
  • github.com/cncf/xds/go: fbca930
  • github.com/cockroachdb/errors: v1.2.4
  • github.com/cockroachdb/logtags: eb05cc2
  • github.com/container-orchestrated-devices/container-device-interface: f99e8b6
  • github.com/containerd/cri-containerd: v1.19.0
  • github.com/coredns/caddy: v1.1.0
  • github.com/coreos/stream-metadata-go: 70edb9e
  • github.com/danieljoos/wincred: v1.1.0
  • github.com/digitalocean/go-libvirt: e2a69bc
  • github.com/digitalocean/go-qemu: 152a153
  • github.com/disiqueira/gotree/v3: v3.0.2
  • github.com/dsnet/compress: v0.0.1
  • github.com/dsnet/golib: 1ea1667
  • github.com/felixge/httpsnoop: v1.0.1
  • github.com/frankban/quicktest: v1.11.3
  • github.com/getsentry/raven-go: v0.2.0
  • github.com/go-kit/log: v0.1.0
  • github.com/go-task/slim-sprig: 348f09d
  • github.com/gofrs/uuid: v4.0.0+incompatible
  • github.com/google/go-intervals: v0.0.2
  • github.com/google/licenseclassifier/v2: v2.0.0-alpha.1
  • github.com/hashicorp/go-hclog: v0.9.2
  • github.com/hashicorp/go-retryablehttp: v0.6.4
  • github.com/intel/goresctrl: v0.1.0
  • github.com/jinzhu/copier: v0.3.2
  • github.com/josharian/intern: v1.0.0
  • github.com/kr/fs: v0.1.0
  • github.com/mholt/archiver/v3: v3.5.0
  • github.com/moby/locker: v1.0.1
  • github.com/nwaples/rardecode: v1.1.0
  • github.com/pierrec/lz4/v4: v4.0.3
  • github.com/pkg/sftp: v1.10.1
  • github.com/robfig/cron/v3: v3.0.1
  • github.com/songgao/water: 2b4b6d7
  • github.com/spiegel-im-spiegel/errs: v1.0.2
  • github.com/spiegel-im-spiegel/go-cvss: v0.4.0
  • github.com/stoewer/go-strcase: v1.2.0
  • github.com/vbauerster/mpb/v7: v7.0.3
  • github.com/xanzy/go-gitlab: v0.43.0
  • github.com/xi2/xz: 48954b6
  • go.etcd.io/etcd/api/v3: v3.5.0
  • go.etcd.io/etcd/client/pkg/v3: v3.5.0
  • go.etcd.io/etcd/client/v2: v2.305.0
  • go.etcd.io/etcd/client/v3: v3.5.0
  • go.etcd.io/etcd/pkg/v3: v3.5.0
  • go.etcd.io/etcd/raft/v3: v3.5.0
  • go.etcd.io/etcd/server/v3: v3.5.0
  • go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc: v0.20.0
  • go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.20.0
  • go.opentelemetry.io/contrib: v0.20.0
  • go.opentelemetry.io/otel/exporters/otlp: v0.20.0
  • go.opentelemetry.io/otel/metric: v0.20.0
  • go.opentelemetry.io/otel/oteltest: v0.20.0
  • go.opentelemetry.io/otel/sdk/export/metric: v0.20.0
  • go.opentelemetry.io/otel/sdk/metric: v0.20.0
  • go.opentelemetry.io/otel/sdk: v0.20.0
  • go.opentelemetry.io/otel/trace: v0.20.0
  • go.opentelemetry.io/otel: v0.20.0
  • go.opentelemetry.io/proto/otlp: v0.7.0
  • go.uber.org/goleak: v1.1.10
  • k8s.io/kubernetes/staging/src/k8s.io/pod-security-admission: c2b5237
  • sigs.k8s.io/release-utils: v0.3.0
  • sigs.k8s.io/zeitgeist: v0.3.0

Changed

Removed

  • github.com/Knetic/govaluate: 9aa4983
  • github.com/Shopify/sarama: v1.19.0
  • github.com/Shopify/toxiproxy: v2.1.4+incompatible
  • github.com/VividCortex/gohistogram: v1.0.0
  • github.com/afex/hystrix-go: fa1af6a
  • github.com/agnivade/levenshtein: v1.0.1
  • github.com/andreyvit/diff: c7f18ee
  • github.com/apache/thrift: v0.13.0
  • github.com/aryann/difflib: e206f87
  • github.com/aws/aws-lambda-go: v1.13.3
  • github.com/aws/aws-sdk-go-v2: v0.18.0
  • github.com/bazelbuild/rules_go: v0.22.1
  • github.com/bifurcation/mint: 93c51c6
  • github.com/bombsimon/wsl/v2: v2.0.0
  • github.com/caddyserver/caddy: v1.0.3
  • github.com/casbin/casbin/v2: v2.1.2
  • github.com/cenkalti/backoff: v2.2.1+incompatible
  • github.com/checkpoint-restore/go-criu: bdb7599
  • github.com/cheekybits/genny: 9127e81
  • github.com/clbanning/x2j: 8252494
  • github.com/codahale/hdrhistogram: 3a0bb77
  • github.com/eapache/go-resiliency: v1.1.0
  • github.com/eapache/go-xerial-snappy: 776d571
  • github.com/eapache/queue: v1.1.0
  • github.com/edsrzf/mmap-go: v1.0.0
  • github.com/franela/goblin: c9ffbef
  • github.com/franela/goreq: bcd34c9
  • github.com/globalsign/mgo: eeefdec
  • github.com/go-acme/lego: v2.5.0+incompatible
  • github.com/go-bindata/go-bindata: v3.1.1+incompatible
  • github.com/go-openapi/analysis: v0.19.5
  • github.com/go-openapi/errors: v0.19.2
  • github.com/go-openapi/loads: v0.19.4
  • github.com/go-openapi/runtime: v0.19.4
  • github.com/go-openapi/spec: v0.19.5
  • github.com/go-openapi/strfmt: v0.19.5
  • github.com/go-openapi/validate: v0.19.8
  • github.com/gobuffalo/here: v0.6.0
  • github.com/google/go-github/v29: v29.0.3
  • github.com/gorilla/context: v1.1.1
  • github.com/hashicorp/go-version: v1.2.0
  • github.com/hudl/fargo: v1.3.0
  • github.com/influxdata/influxdb1-client: 8bf82d3
  • github.com/jamescun/tuntap: cb1fb27
  • github.com/jimstudt/http-authentication: 3eca13d
  • github.com/kylelemons/godebug: d65d576
  • github.com/lightstep/lightstep-tracer-common/golang/gogo: bc2310a
  • github.com/lightstep/lightstep-tracer-go: v0.18.1
  • github.com/lucas-clemente/aes12: cd47fb3
  • github.com/lucas-clemente/quic-clients: v0.1.0
  • github.com/lucas-clemente/quic-go-certificates: d2f8652
  • github.com/lucas-clemente/quic-go: v0.10.2
  • github.com/markbates/pkger: v0.17.1
  • github.com/marten-seemann/qtls: v0.2.3
  • github.com/mholt/certmagic: 6a42ef9
  • github.com/naoina/go-stringutil: v0.1.0
  • github.com/naoina/toml: v0.1.1
  • github.com/nats-io/jwt: v0.3.2
  • github.com/nats-io/nats-server/v2: v2.1.2
  • github.com/nats-io/nats.go: v1.9.1
  • github.com/nats-io/nkeys: v0.1.3
  • github.com/nats-io/nuid: v1.0.1
  • github.com/oklog/oklog: v0.3.2
  • github.com/oklog/run: v1.0.0
  • github.com/op/go-logging: 970db52
  • github.com/opentracing-contrib/go-observer: a52f234
  • github.com/opentracing/basictracer-go: v1.0.0
  • github.com/openzipkin-contrib/zipkin-go-opentracing: v0.4.5
  • github.com/openzipkin/zipkin-go: v0.2.2
  • github.com/pact-foundation/pact-go: v1.0.4
  • github.com/performancecopilot/speed: v3.0.0+incompatible
  • github.com/pierrec/lz4: v2.0.5+incompatible
  • github.com/pkg/profile: v1.2.1
  • github.com/rcrowley/go-metrics: 3113b84
  • github.com/robfig/cron: v1.1.0
  • github.com/samuel/go-zookeeper: 2cc03de
  • github.com/sony/gobreaker: v0.4.1
  • github.com/streadway/amqp: edfb901
  • github.com/streadway/handy: d5acb31
  • github.com/thecodeteam/goscaleio: v0.1.0
  • github.com/tidwall/pretty: v1.0.0
  • github.com/vektah/gqlparser: v1.1.2
  • github.com/xlab/handysort: fb3537e
  • go.etcd.io/etcd: dd1b699
  • go.mongodb.org/mongo-driver: v1.1.2
  • go.uber.org/tools: 2cfd321
  • gopkg.in/cheggaaa/pb.v1: v1.0.25
  • gopkg.in/mcuadros/go-syslog.v2: v2.2.1
  • k8s.io/heapster: v1.2.0-beta.1
  • sourcegraph.com/sourcegraph/appdash: ebfcffb
  • vbom.ml/util: efcd4e0
Check out latest releases or
releases around cri-o/cri-o v1.22.0

Don't miss a new cri-o release

NewReleases is sending notifications on new releases.

Get notifications