github.com/lalkh/containerd@v1.4.3/releases/v1.2.0.toml (about)

     1  # commit to be tagged for new release
     2  commit = "HEAD"
     3  
     4  project_name = "containerd"
     5  github_repo = "containerd/containerd"
     6  match_deps = "^github.com/(containerd/[a-zA-Z0-9-]+)$"
     7  
     8  # previous release
     9  previous = "v1.1.0"
    10  
    11  pre_release = false
    12  
    13  preface = """\
    14  The third major release of containerd brings both a mix of boring and
    15  exciting changes. While fixing many bugs and continuing support for the
    16  containerd 1.0 API, new APIs and interfaces have been added to allow
    17  containerd to be more extensible and cover more use cases.
    18  
    19  ## New V2 Runtime
    20  
    21  A new v2 runtime has been added with a stable gRPC interface for managing
    22  containers through external shims.
    23  
    24  This allows runtime authors to easily integrate with containerd over a stable
    25  API.
    26  
    27  Various runtimes can be selected on a per container basis using the `WithRuntime` opt
    28  or to test via ctr `ctr run --runtime io.containerd.runc.v1`.
    29  
    30  [Documentation](https://github.com/containerd/containerd/blob/master/runtime/v2/README.md)
    31  
    32  ## Updated CRI Plugin
    33  
    34  Containerd 1.2 is validated against Kubernetes v1.11 and v1.12, but it is also compatible with Kubernetes v1.10.
    35  
    36  ***To use containerd 1.2 with Kubernetes v1.10, be sure to run the stream server on an address accessible to the apiserver. A simple way is to set `stream_server_address=""` in the `[plugins.cri]` section of `containerd.toml`, so that `cri` plugin will automatically select a routable node address.***
    37  
    38  ### Kubernetes Runtime Class
    39  [Kubernetes Runtime Class](https://github.com/kubernetes/community/blob/master/keps/sig-node/0014-runtime-class.md) introduced in Kubernetes 1.12 is supported.
    40  
    41  Users can:
    42  * Configure alternative runtime handlers with the config option `plugins.cri.containerd.runtimes.runtime_handler_name`, e.g. `plugins.cri.containerd.runtimes.kata`. ([config.md](https://github.com/containerd/cri/blob/release/1.2/docs/config.md))
    43  * Use the alternative runtime handler in Kubernetes by creating `RuntimeClass` for the runtime handler, and specifying `RuntimeClassName` in the pod spec. ([doc](https://github.com/kubernetes/website/blob/release-1.12/content/en/docs/concepts/containers/runtime-class.md))
    44  
    45  ***The `plugins.cri.containerd.untrusted_workload_runtime` config option and `io.kubernetes.cri.untrusted-workload` pod annotation are still functional, but start being deprecated. It is recommended to migrate to the `RuntimeClass` api.***
    46  
    47  ### Other Features
    48  * Supported [`ProcMount`](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/auth/proc-mount-type.md) option introduced in Kubernetes 1.12.
    49  * Added a new config option `plugins.cri.registry.auths` for user to config default credentials for specific registries. ([doc](https://github.com/containerd/cri/blob/release/1.2/docs/registry.md#configure-registry-credentials))
    50  * Added a new config option `plugins.cri.x509_key_pair_streaming` for user to config a valid certificate for the stream server. ([config.md](https://github.com/containerd/cri/blob/release/1.2/docs/config.md))
    51  * Added a runtime `options` field for shim v2 runtime. Use the `options` field to config runtime specific options, e.g. `NoPivotRoot` and `SystemdCgroup` for runtime type `io.containerd.runc.v1`. (See [config.md](https://github.com/containerd/cri/blob/release/1.2/docs/config.md))
    52  
    53  ### Notable Changes
    54  * `cri` plugin can see images pulled/imported into containerd by `ctr images pull` and `ctr images import`.
    55  * CNI config is now dynamically reloaded when changed.
    56  * IPv4 address is guaranteed to be selected, when there are both IPv4 and IPv6 addresses for a pod.
    57  * Privileged untrusted workload is allowed, the workload will get privilege inside the sandbox.
    58  * `cri` plugin stream server serves on `http://localhost:0` by default. This is to work with the [kubelet streaming proxy](https://github.com/kubernetes/kubernetes/pull/64006) introduced in Kubernetes 1.11.
    59  * Fixed an issue that a container can't be stopped when container processes are accidentally moved out of the container cgroups.
    60  * `cluster/health-monitor.sh` in the release tarball will be deprecated next release. Please use Kubernetes [health-monitor.sh](https://github.com/kubernetes/kubernetes/blob/release-1.12/cluster/gce/gci/health-monitor.sh) instead.
    61  
    62  ## New Proxy Plugins
    63  
    64  A new proxy plugin configuration has been added to allow external snapshotters
    65  be connected to containerd using gRPC.
    66  
    67  [Documentation](https://github.com/containerd/containerd/blob/master/PLUGINS.md)
    68  
    69  ## Managed /opt directory
    70  
    71  A new `Install` method on the containerd client allows users to publish host level
    72  binaries using standard container build tooling and container distribution tooling
    73  to download containerd related binaries on their systems.
    74  
    75  This can be used for v2 runtime authors to get their runtime shims on an existing
    76  containerd system. It can also be used to install `runc` and other related tools.
    77  
    78  ```bash
    79  > ctr content fetch docker.io/crosbymichael/runc:latest
    80  > ctr install docker.io/crosbymichael/runc:latest
    81  ```
    82  
    83  [Documentation](https://github.com/containerd/containerd/blob/master/docs/managed-opt.md)
    84  
    85  ## Garbage Collection
    86  
    87  Add support for cleaning up leases and content ingests to garbage collections.
    88  
    89  Add expiration label to clean up temporary resources.
    90  
    91  ## Image Importer
    92  
    93  The image importer has been updated to support output from `docker save`. Users
    94  of the `ctr` tool should take note of the usage change to `ctr images import`.
    95  We continue to recommend not building tooling on top of the `ctr` tool.
    96  
    97  ## API Changes
    98  
    99  This release features a couple additions to the API. Clients may make use of
   100  these new API features but should be able to handle cases when those features
   101  are not implemented on the server. The Go client handles this automatically.
   102  
   103  - Add `ListStream` method to containers API. This allows listing a larger
   104  number of containers without hitting message size limts.
   105  - Add `Sync` flag to `Delete` in leases API. Setting this option will ensure
   106  a garbage collection completes before the removal call is returned. This can
   107  be used to guarantee unreferenced objects are removed from disk after a lease.
   108  
   109  ## Other Improvements
   110  
   111  Improved multi-arch image support using more precise matching and ranking"""
   112  
   113  # notable prs to include in the release notes, 1234 is the pr number
   114  [notes]
   115  
   116  [breaking]
   117  
   118  [rename_deps]
   119  	[rename_deps.ttrpc]
   120  	old = "github.com/stevvooe/ttrpc"
   121  	new = "github.com/containerd/ttrpc"