Add Update API for sandbox controller #9903
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Hi @abel-von. Thanks for your PR. I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This was referenced Mar 1, 2024
|
Add this in 2.0 milestone list. |
|
/ok-to-test |
fd99b49 to
7797424
Compare
|
Should I submit another pr, to modify the dependent version of containerd/api in go.mod of containerd, to the commit id of this PR, after this PR is merged? so that |
410e0ae to
78ab3c2
Compare
I think after rebasing the newest main branch, the issue is resolved. |
|
/test pull-containerd-k8s-e2e-ec2 |
|
/retest |
mxpv
reviewed
May 20, 2024
| @@ -95,6 +95,7 @@ service Controller { | |||
| rpc Status(ControllerStatusRequest) returns (ControllerStatusResponse); | |||
| rpc Shutdown(ControllerShutdownRequest) returns (ControllerShutdownResponse); | |||
| rpc Metrics(ControllerMetricsRequest) returns (ControllerMetricsResponse); | |||
| rpc UpdateResource(ControllerUpdateResourceRequest) returns (ControllerUpdateResourceResponse); | |||
There was a problem hiding this comment.
I'm not sure, as the Store already has an Update in it, and this UpdateResource API is only for updating resources of a sandbox dynamically before or after we start or delete a task inside the sandbox. UpdateResource looks more accurate to describe the function of this API. But I can change the name of API if you still think that is better.
| string sandbox_id = 1; | ||
| string sandboxer = 2; | ||
| containerd.types.ResourceOp op = 3; | ||
| containerd.types.TaskResource resource = 4; |
There was a problem hiding this comment.
Can you add some clarity, how this intended to work?
TaskResource is pretty similar to CreateTaskRequest.
If I call this with op=ADD, how is this different from creating or execing a task?
There was a problem hiding this comment.
If we assume that the task server may run inside the sandbox, for example, in a VM, then the task server can not directly append the resources on host to the VM as it is running inside the VM. So maybe we can call the UpdateResource API to controller to append the resource to the VM first.
There was a problem hiding this comment.
This API is just for sandbox controller to append or remove resources related to the task from the sandbox, for example, for VM based sandbox, we need to hotplug some devices or add some cpus or memories to the VM before we start a new task in the VM.
There was a problem hiding this comment.
Oh, ok, I'm probably a bit confused with selection of fields for TaskResource struct.
It looks more suitable for launching processes to me. How TaskResource fields would look like for hot plug example?
There was a problem hiding this comment.
Yes the fields in TaskResource looks like the information for starting a task or execing a process, This is actually because we call UpdateResource of a sandbox before or after task or process start or delete. So we put the all the information related to the Task or Process into the TaskResource, including the spec, the mounts, and the stdios, For a VM based sandbox, we may have to get the sources from the mounts, and hotplug a block device into VM, or pass a directory into VM through virtiofs, we may also get the rootfs from spec, if it is devicemapper, we also need to hotplug the logical block device of rootfs into VM. We are not sure how a sandbox controller handle the resources related to the task, so we put all the information of a task or a process into the TaskResource struct, the information is complete and different kinds of sandbox controllers can choose what to do to the sandbox based on the complete information.
There was a problem hiding this comment.
Given the diverse nature of a "resource", would it make sense to keep task resource abstract? So we won't be limited by set of fields which are suitable for launching tasks, but not very well suitable for other kind of resources. For example:
message ControllerUpdateResourceRequest {
string sandbox_id = 1;
string sandboxer = 2;
// Uniquely identifies resource to be added/updated/deleted.
string resource_id = 1;
// Type of operation (added/update/delete).
containerd.types.ResourceOp op = 3;
// Resource data.
google.protobuf.Any resource = 4;
}This way we can define a list of resource updaters (and it'll be possible to add new types in future).
There was a problem hiding this comment.
done, please take a look.
78ab3c2 to
d946398
Compare
mxpv
approved these changes
May 23, 2024
01a5174 to
d653f9e
Compare
|
/retest |
1 similar comment
|
/retest |
fuweid
reviewed
Jun 5, 2024
| @@ -224,3 +224,18 @@ func (s *controllerService) Metrics(ctx context.Context, req *api.ControllerMetr | |||
| Metrics: metrics, | |||
| }, nil | |||
| } | |||
|
|
|||
| func (s *controllerService) UpdateResource( | |||
There was a problem hiding this comment.
Hi @abel-von @Burning1020 would you please add more description for this?
I'm confused. If the Resource can represent the task, it seems that it's conflict with existing task API exported by shim V2. Let's say that the task can be added by this new endpoint UpdateResource. How to maintain the rest of lifecycle of that task? Is it managed by task API? If yes, I think the issue you run into is about how to expose the task API from sandbox to containerd. If no, I think you're designing new task API.
Please correct me if my understanding is wrong. Thanks.
There was a problem hiding this comment.
Actually, This API is only for sandbox controller to add/delete/update resources into a sandbox. not really starting the task. as if we assume that the Task API is running inside the sandbox, it may not update the resources of the sandbox as it is running INSIDE the sandbox. For a sandboxed Task, we call the UpdateResource API to sandbox controller, before we create or delete a task, so that the sandbox controller, which is running outside the sandbox, can update the resource of the sandbox.
There was a problem hiding this comment.
For example, for the vm based sandbox, the Task API server is running inside the VM, so if we need to start a task in the sandbox, we may have to add more cpus or memories, or hotplug some devices into the VM. this can only be done by sandbox controller, as Task API server is running INSIDE the VM, it can not update the resource of the VM.
There was a problem hiding this comment.
Synced with @abel-von offline. I think we should rename this api name because it's weird to have delete operation in UpdateResource. It's more like json-patch operations. The sandbox resource has been patch-updated, for example, we should add mount/device for each container. It's worth one more round to discuss this api in weekly meeting.
There was a problem hiding this comment.
changed to Update with fields
d653f9e to
34d5715
Compare
34d5715 to
9465c97
Compare
9465c97 to
d1d7eaf
Compare
Signed-off-by: Abel Feng <fshb1988@gmail.com>
d1d7eaf to
15887d7
Compare
fuweid
reviewed
Jun 17, 2024
| @@ -148,3 +148,5 @@ require ( | |||
| sigs.k8s.io/yaml v1.3.0 // indirect | |||
| tags.cncf.io/container-device-interface/specs-go v0.7.0 // indirect | |||
| ) | |||
|
|
|||
| replace github.com/containerd/containerd/api => ./api | |||
fuweid
approved these changes
Jul 1, 2024
| @@ -103,6 +104,7 @@ message ControllerCreateRequest { | |||
| google.protobuf.Any options = 3; | |||
| string netns_path = 4; | |||
| map<string, string> annotations = 5; | |||
| containerd.types.Sandbox sandbox = 6; | |||
There was a problem hiding this comment.
It maybe confuse here because Sandbox has sandbox_id field.
Which one should containerd use for creating?
| @@ -148,3 +148,5 @@ require ( | |||
| sigs.k8s.io/yaml v1.3.0 // indirect | |||
| tags.cncf.io/container-device-interface/specs-go v0.7.0 // indirect | |||
| ) | |||
|
|
|||
| replace github.com/containerd/containerd/api => ./api | |||
There was a problem hiding this comment.
Synced with @dmcgowan. The replace will be updated in api release.
Mengkzhaoyun
pushed a commit
to open-beagle/containerd
that referenced
this pull request
Oct 11, 2024
containerd 2.0.0-rc.5 Welcome to the v2.0.0-rc.5 release of containerd! *This is a pre-release of containerd* The first major release of containerd 2.x focuses on the continued stability of containerd's core feature set with an easy upgrade from containerd 1.x. This release includes the stabilization of new features added in the last 1.x release as well as the removal of features which were deprecated in 1.x. The goal is to support the vast community of containerd users well into the future along with their ever increasing deployment footprints and variety of use cases. * Add Update API for sandbox controller ([#9903](containerd/containerd#9903)) * Configure otel from env instead of config.toml ([#8970](containerd/containerd#8970)) * Enable NRI by default ([#9744](containerd/containerd#9744)) * Add PluginInfo to introspection API ([#9442](containerd/containerd#9442)) * Remove overlayfs volatile option on temp mounts ([#9555](containerd/containerd#9555)) * Expose usage of deprecated features ([#9258](containerd/containerd#9258)) * Use Intel ISA-L's igzip if available ([#9200](containerd/containerd#9200)) * Introduce top level config migration ([#9223](containerd/containerd#9223)) * Add image delete target ([#8989](containerd/containerd#8989)) * Remove `LimitNOFILE` from `containerd.service` ([#8924](containerd/containerd#8924)) * Add support for image expiration during garbage collection ([#9022](containerd/containerd#9022)) * Reduce the contention between ref lock and boltdb lock in content store ([#8792](containerd/containerd#8792)) * Remove "containerd.io/restart.logpath" label ([#8264](containerd/containerd#8264)) * Remove `aufs` snapshotter ([#8263](containerd/containerd#8263)) * Fix deadlock during NRI plugin registration ([containerd/nri#79](containerd/nri#79)) * Fix deadlock when writing to pipe blocks ([containerd/ttrpc#168](containerd/ttrpc#168)) * Generate attestation for artifacts during release ([#10543](containerd/containerd#10543)) * Use 'UserSpecifiedImage' from CRI to set the image-name annotation ([#10747](containerd/containerd#10747)) * Add support to set loopback to up ([#10238](containerd/containerd#10238)) * Add support for multiple subscribers to CRI container events ([#9661](containerd/containerd#9661)) * Enable CDI by default ([#9621](containerd/containerd#9621)) * Remove non-sandboxed CRI implementation ([#9228](containerd/containerd#9228)) * Add support for userns in stateless and stateful pods with idmap mounts (KEP-127, k8s >= 1.27) ([#8287](containerd/containerd#8287)) * Use sandboxed CRI by default ([#8994](containerd/containerd#8994)) * Implement RuntimeConfig CRI call ([#8722](containerd/containerd#8722)) * Add support for user namespaces (KEP-127) ([#8803](containerd/containerd#8803)) * Remove CRI v1alpha2 ([#8276](containerd/containerd#8276)) * Add api Go module and move all protos under api ([#10151](containerd/containerd#10151)) * Move packages based on contributing guide ([#9365](containerd/containerd#9365)) * Generalize plugin library ([#9214](containerd/containerd#9214)) * Use github.com/containerd/log ([#9086](containerd/containerd#9086)) * Support to syncfs after pull by using diff plugin ([#10284](containerd/containerd#10284)) * Skip "unknown" in image platform listing ([#10257](containerd/containerd#10257)) * Update unpacker to fetch all provided content ([#10202](containerd/containerd#10202)) * Enable Transfer service API to support plain HTTP ([#10024](containerd/containerd#10024)) * Enable Transfer service to use registry configuration directory ([#9908](containerd/containerd#9908)) * Disable the support for Schema 1 images ([#9765](containerd/containerd#9765)) * Update Transfer service to add OCI descriptors to Progress structure ([#9630](containerd/containerd#9630)) * Update import and export to allow references to missing content ([#9554](containerd/containerd#9554)) * Add option to perform syncfs after pull ([#9401](containerd/containerd#9401)) * Add image verifier transfer service plugin system based on a binary directory ([#8493](containerd/containerd#8493)) * Implement RuntimeStatus.features.supplemental_groups_policy from KEP-3619 ([#10410](containerd/containerd#10410)) * Add pprof to runc-shim ([#10242](containerd/containerd#10242)) * Provide runtime options in plugin info ([#10251](containerd/containerd#10251)) * Store bootstrap parameters in sandbox metadata ([#9736](containerd/containerd#9736)) * Update apparmor to allow confined runc to kill containers ([#10123](containerd/containerd#10123)) * Support vsock connection to task api ([#9738](containerd/containerd#9738)) * Update RuntimeDefault seccomp profile to disallow io_uring related syscalls ([#9320](containerd/containerd#9320)) * Switch runc shim to task service v3 and fix restore ([#9233](containerd/containerd#9233)) * Add sandboxer configuration and move sandbox controllers to plugins ([#8268](containerd/containerd#8268)) * Add annotations to CreateSandbox request ([#8960](containerd/containerd#8960)) * Add SandboxMetrics ([#8680](containerd/containerd#8680)) * Publish sandbox events ([#8602](containerd/containerd#8602)) * Remove the CriuPath field from runc's options ([#8279](containerd/containerd#8279)) * Remove `io.containerd.runtim 3D11 e.v1.linux` and `io.containerd.runc.v1` ([#8262](containerd/containerd#8262)) * [medium] RAPL accessible to a container [GHSA-7ww5-4wqc-m92c](GHSA-7ww5-4wqc-m92c) * Remove `disable_cgroup` from CRI config ([#10594](containerd/containerd#10594)) * Disable the support for Schema 1 images ([#9765](containerd/containerd#9765)) * Update RuntimeDefault seccomp profile to disallow io_uring related syscalls ([#9320](containerd/containerd#9320)) * Move client to subpackage ([#9316](containerd/containerd#9316)) * Remove `LimitNOFILE` from `containerd.service` ([#8924](containerd/containerd#8924)) * Remove CRI v1alpha2 ([#8276](containerd/containerd#8276)) * Remove `io.containerd.runtime.v1.linux` and `io.containerd.runc.v1` ([#8262](containerd/containerd#8262)) * Remove "containerd.io/restart.logpath" label ([#8264](containerd/containerd#8264)) * Remove `aufs` snapshotter ([#8263](containerd/containerd#8263)) * Update warnings for deprecated CRI config fields ([#10509](containerd/containerd#10509)) * Add type alias for event Envelope ([#10279](containerd/containerd#10279)) * Postpone removal of deprecated CRI config properties ([#9966](containerd/containerd#9966)) * Deprecate go-plugin configuration option ([#9238](containerd/containerd#9238)) * CNI conf_template in CRI is no longer deprecated ([#8637](containerd/containerd#8637)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. * Derek McGowan * Akihiro Suda * Maksym Pavlenko * Wei Fu * Phil Estes * Sebastiaan van Stijn * Samuel Karp * Stefan Berger * Kazuyoshi Kato * Rodrigo Campos * Danny Canter * Abel Feng * Akhil Mohan * Kirtana Ashok * Gabriel Adrian Samfira * Austin Vazquez * Iceber Gu * Krisztian Litkey * Kohei Tokunaga * Mike Brown * Jin Dong * Bjorn Neergaard * Justin Chadwell * rongfu.leng * James Sturtevant * Davanum Srinivas * Paul "TBBle" Hampson * Henry Wang * Brian Goff * Enrico Weigelt * Laura Brehm * Marat Radchenko * Paweł Gronowski * Shingo Omura * Hsing-Yu (David) Chen * Ilya Hanov * Cardy.Tang * Swagat Bora * Aditi Sharma * Amit Barve * Bryant Biggs * Evan Lezar * James Jenkins * Jordan Liggitt * Kay Yan * Markus Lehtonen * Nashwan Azhari * Shuaiyi Zhang * Vinayak Goyal * helen * Alexandru Matei * Anthony Nandaa * Avi Deitcher * Charity Kathure * Cory Snider * Ed Bartosh * Etienne Champetier * Kevin Parsons * Michael Zappa * Milas Bowman * ningmingxiao * yanggang * zounengren * Aditya Ramani * Adrian Reber * Amir M. Ghazanfari * Artem Khramov * Brad Davidson * Chen Yiyang * Christian Muehlhaeuser * Djordje Lukic * Edgar Lee * Eric Lin * Ethan Lowman * Jiang Liu * June Rhodes * Kern Walster * Lucas Rattz * Mahamed Ali * Maksim An * Michael Crosby * Peteris Rudzusiks * Sam Edwards * Samruddhi Khandale * Sascha Grunert * Steve Griffith * Tony Fang * VERNOU Cédric * Vishal Reddy Gurrala * hang.jiang * harshitasao * jerryzhuang * lengrongfu * roman-kiselenko * zhanluxianshen * Aaron Lehmann * Adrien Delorme * Alex Couture-Beil * Alex Ellis * Alex Rodriguez * Angelos Kolaitis * Antonio Huete Jimenez * Arash Haghighat * Ben Foster * Bin Tang * Bin Xin * BinBin He * Brennan Kinney * Changqing Li * ChengenH * ChengyuZhu6 * Christian Stewart * Colin O'Dell * Craig Ingram * Daisy Rong * David Porter * Derek Nola * Eng Zer Jun * Erikson Tung * Fabiano Fidêncio * Fahed Dorgaa * Gary McDonald * Iain Macdonald * James Lakin * Jan Dubois * Jaroslav Jindrak * Javier Maestro * Jian Wang * Jiongchi Yu * Julien Balestra * Kir Kolyshkin * Kirill A. Korinsky * Konstantin Khlebnikov * Mauri de Souza Meneguzzo * Pan Yibo * Paul Meyer * Qasim Sarfraz * Qiutong Song * Reinhard Tartler * Robbie Buxton * Robert-André Mauchin * Ruihua Wen * Sameer * Shengjing Zhu * Shiming Zhang * Shukui Yang * Talon * Tariq Ibrahim * Tianon Gravi * Tim Hockin * TinaMor * Tobias Klauser * Tomáš Virtus * Tõnis Tiigi * Wang Xinwen * William Chen * Xinyang Ge * Yibo Zhuang * Yury Gargay * Zechun Chen * Zhang Tianyang * Zoe * baijia * bo.jiang * bzsuni * charles-chenzz * chschumacher1994 * guangli.bao * guangwu * jinda.ljd * krglosse * pigletfly * rokkiter * wangxiang * zhangpeng * zhaojizhuang * 吴小白 * 张钰 * 沈陵 * 谭九鼎 * **dario.cat/mergo** v1.0.1 **_new_** * **github.com/AdaLogics/go-fuzz-headers** 1f10f66a31bf -> ced1acdcaa24 * **github.com/AdamKorcz/go-118-fuzz-build** 5330a85ea652 -> 8075edf89bb0 * **github.com/Microsoft/go-winio** v0.6.0 -> v0.6.2 * **github.com/Microsoft/hcsshim** v0.10.0-rc.7 -> v0.12.6 * **github.com/cenkalti/backoff/v4** v4.2.0 -> v4.3.0 * **github.com/cespare/xxhash/v2** v2.2.0 -> v2.3.0 * **github.com/checkpoint-restore/checkpointctl** v1.2.1 **_new_** * **github.com/checkpoint-restore/go-criu/v7** v7.2.0 **_new_** * **github.com/cilium/ebpf** v0.9.1 -> v0.11.0 * **github.com/containerd/cgroups/v3** v3.0.1 -> v3.0.3 * **github.com/containerd/console** v1.0.3 -> v1.0.4 * **github.com/containerd/containerd/api** v1.8.0-rc.3 **_new_** * **github.com/containerd/continuity** v0.3.0 -> v0.4.3 * **github.com/containerd/errdefs** v0.1.0 **_new_** * **github.com/containerd/go-cni** v1.1.9 -> v1.1.10 * **github.com/containerd/go-runc** v1.0.0 -> v1.1.0 * **github.com/containerd/imgcrypt** v1.1.7 -> v1.2.0-rc1 * **github.com/containerd/log** v0.1.0 **_new_** * **github.com/containerd/nri** v0.3.0 -> v0.6.1 * **github.com/containerd/otelttrpc** ea5083fda723 **_new_** * **github.com/containerd/platforms** v0.2.1 **_new_** * **github.com/containerd/plugin** v0.1.0 **_new_** * **github.com/containerd/ttrpc** v1.2.1 -> v1.2.5 * **github.com/containerd/typeurl/v2** v2.1.0 -> v2.2.0 * **github.com/containernetworking/cni** v1.1.2 -> v1.2.3 * **github.com/containernetworking/plugins** v1.2.0 -> v1.5.1 * **github.com/containers/ocicrypt** v1.1.6 -> v1.2.0 * **github.com/cpuguy83/go-md2man/v2** v2.0.2 -> v2.0.4 * **github.com/davecgh/go-spew** v1.1.1 -> d8f796af33cc * **github.com/distribution/reference** v0.6.0 **_new_** * **github.com/emicklei/go-restful/v3** v3.10.1 -> v3.11.0 * **github.com/felixge/httpsnoop** v1.0.4 **_new_** * **github.com/fsnotify/fsnotify** v1.6.0 -> v1.7.0 * **github.com/fxamacker/cbor/v2** v2.7.0 **_new_** * **github.com/go-jose/go-jose/v4** v4.0.2 **_new_** * **github.com/go-logr/logr** v1.2.3 -> v1.4.2 * **github.com/golang/protobuf** v1.5.2 -> v1.5.4 * **github.com/google/go-cmp** v0.5.9 -> v0.6.0 * **github.com/google/uuid** v1.3.0 -> v1.6.0 * **github.com/gorilla/websocket** v1.5.0 **_new_** * **github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus** v1.0.1 **_new_** * **github.com/grpc-ecosystem/go-grpc-middleware/v2** v2.1.0 **_new_** * **github.com/grpc-ecosystem/grpc-gateway/v2** v2.7.0 -> v2.22.0 * **github.com/intel/goresctrl** v0.3.0 -> v0.7.0 * **github.com/klauspost/compress** v1.16.0 -> v1.17.10 * **github.com/mdlayher/socket** v0.4.1 **_new_** * **github.com/mdlayher/vsock** v1.2.1 **_new_** * **github.com/moby/spdystream** v0.2.0 -> v0.4.0 * **github.com/moby/sys/mountinfo** v0.6.2 -> v0.7.2 * **github.com/moby/sys/sequential** v0.5.0 -> v0.6.0 * **github.com/moby/sys/signal** v0.7.0 -> v0.7.1 * **github.com/moby/sys/symlink** v0.2.0 -> v0.3.0 * **github.com/moby/sys/user** v0.3.0 **_new_** * **github.com/moby/sys/userns** F438 v0.1.0 **_new_** * **github.com/munnerz/goautoneg** a7dc8b61c822 **_new_** * **github.com/mxk/go-flowrate** cca7078d478f **_new_** * **github.com/opencontainers/image-spec** 3a7f492d3f1b -> v1.1.0 * **github.com/opencontainers/runtime-spec** v1.1.0-rc.1 -> v1.2.0 * **github.com/opencontainers/runtime-tools** 946c877fa809 -> 2e043c6bd626 * **github.com/pelletier/go-toml/v2** v2.2.3 **_new_** * **github.com/pmezard/go-difflib** v1.0.0 -> 5d4384ee4fb2 * **github.com/prometheus/client_golang** v1.14.0 -> v1.20.4 * **github.com/prometheus/client_model** v0.3.0 -> v0.6.1 * **github.com/prometheus/common** v0.37.0 -> v0.55.0 * **github.com/prometheus/procfs** v0.8.0 -> v0.15.1 * **github.com/sirupsen/logrus** v1.9.0 -> v1.9.3 * **github.com/stretchr/testify** v1.8.2 -> v1.9.0 * **github.com/urfave/cli/v2** v2.27.4 **_new_** * **github.com/vishvananda/netlink** v1.2.1-beta.2 -> v1.3.0 * **github.com/vishvananda/netns** 2eb08e3e575f -> v0.0.4 * **github.com/x448/float16** v0.8.4 **_new_** * **github.com/xrash/smetrics** 686a1a2994c1 **_new_** * **go.etcd.io/bbolt** v1.3.7 -> v1.3.11 * **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc** v0.40.0 -> v0.55.0 * **go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp** v0.55.0 **_new_** * **go.opentelemetry.io/otel** v1.14.0 -> v1.30.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace** v1.14.0 -> v1.30.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc** v1.14.0 -> v1.30.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp** v1.14.0 -> v1.30.0 * **go.opentelemetry.io/otel/metric** v0.37.0 -> v1.30.0 * **go.opentelemetry.io/otel/sdk** v1.14.0 -> v1.30.0 * **go.opentelemetry.io/otel/trace** v1.14.0 -> v1.30.0 * **go.opentelemetry.io/proto/otlp** v0.19.0 -> v1.3.1 * **golang.org/x/crypto** v0.1.0 -> v0.27.0 * **golang.org/x/exp** aacd6d4b4611 **_new_** * **golang.org/x/mod** v0.7.0 -> v0.21.0 * **golang.org/x/net** v0.7.0 -> v0.29.0 * **golang.org/x/oauth2** v0.4.0 -> v0.22.0 * **golang.org/x/sync** v0.1.0 -> v0.8.0 * **golang.org/x/sys** v0.6.0 -> v0.25.0 * **golang.org/x/term** v0.5.0 -> v0.24.0 * **golang.org/x/text** v0.7.0 -> v0.18.0 * **golang.org/x/time** 90d013bbcef8 -> v0.3.0 * **google.golang.org/genproto/googleapis/api** 8af14fe29dc1 **_new_** * **google.golang.org/genproto/googleapis/rpc** 8af14fe29dc1 **_new_** * **google.golang.org/grpc** v1.53.0 -> v1.67.0 * **google.golang.org/protobuf** v1.28.1 -> v1.34.2 * **k8s.io/api** v0.26.2 -> v0.31.1 * **k8s.io/apimachinery** v0.26.2 -> v0.31.1 * **k8s.io/apiserver** v0.26.2 -> v0.31.1 * **k8s.io/client-go** v0.26.2 -> v0.31.1 * **k8s.io/component-base** v0.26.2 -> v0.31.1 * **k8s.io/cri-api** v0.26.2 -> v0.32.0-alpha.0 * **k8s.io/klog/v2** v2.90.1 -> v2.130.1 * **k8s.io/kubelet** v0.31.1 **_new_** * **k8s.io/utils** a5ecb0141aa5 -> 18e509b52bc8 * **sigs.k8s.io/json** f223a00ba0e2 -> bc3834ca7abd * **sigs.k8s.io/structured-merge-diff/v4** v4.2.3 -> v4.4.1 * **sigs.k8s.io/yaml** v1.3.0 -> v1.4.0 * **tags.cncf.io/container-device-interface** v0.8.0 **_new_** * **tags.cncf.io/container-device-interface/specs-go** v0.8.0 **_new_** Previous release can be found at [v1.7.0](https://github.com/containerd/containerd/releases/tag/v1.7.0) * `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04). * `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent. In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases) and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too. See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation.
kiashok
added a commit
to kiashok/containerd-containerd
that referenced
this pull request
Oct 23, 2024
containerd 2.0.0-rc.5 Welcome to the v2.0.0-rc.5 release of containerd! *This is a pre-release of containerd* The first major release of containerd 2.x focuses on the continued stability of containerd's core feature set with an easy upgrade from containerd 1.x. This release includes the stabilization of new features added in the last 1.x release as well as the removal of features which were deprecated in 1.x. The goal is to support the vast community of containerd users well into the future along with their ever increasing deployment footprints and variety of use cases. * Add Update API for sandbox controller ([containerd#9903](containerd#9903)) * Configure otel from env instead of config.toml ([containerd#8970](containerd#8970)) * Enable NRI by default ([containerd#9744](containerd#9744)) * Add PluginInfo to introspection API ([containerd#9442](containerd#9442)) * Remove overlayfs volatile option on temp mounts ([containerd#9555](containerd#9555)) * Expose usage of deprecated features ([containerd#9258](containerd#9258)) * Use Intel ISA-L's igzip if available ([containerd#9200](containerd#9200)) * Introduce top level config migration ([containerd#9223](containerd#9223)) * Add image delete target ([containerd#8989](containerd#8989)) * Remove `LimitNOFILE` from `containerd.service` ([containerd#8924](containerd#8924)) * Add support for image expiration during garbage collection ([containerd#9022](containerd#9022)) * Reduce the contention between ref lock and boltdb lock in content store ([containerd#8792](containerd#8792)) * Remove "containerd.io/restart.logpath" label ([containerd#8264](containerd#8264)) * Remove `aufs` snapshotter ([containerd#8263](containerd#8263)) * Fix deadlock during NRI plugin registration ([containerd/nri#79](containerd/nri#79)) * Fix deadlock when writing to pipe blocks ([containerd/ttrpc#168](containerd/ttrpc#168)) * Generate attestation for artifacts during release ([containerd#10543](containerd#10543)) * Use 'UserSpecifiedImage' from CRI to set the image-name annotation ([containerd#10747](containerd#10747)) * Add support to set loopback to up ([containerd#10238](containerd#10238)) * Add support for multiple subscribers to CRI container events ([containerd#9661](containerd#9661)) * Enable CDI by default ([containerd#9621](containerd#9621)) * Remove non-sandboxed CRI implementation ([containerd#9228](containerd#9228)) * Add support for userns in stateless and stateful pods with idmap mounts (KEP-127, k8s >= 1.27) ([containerd#8287](containerd#8287)) * Use sandboxed CRI by default ([containerd#8994](containerd#8994)) * Implement RuntimeConfig CRI call ([containerd#8722](containerd#8722)) * Add support for user namespaces (KEP-127) ([containerd#8803](containerd#8803)) * Remove CRI v1alpha2 ([containerd#8276](containerd#8276)) * Add api Go module and move all protos under api ([containerd#10151](containerd#10151)) * Move packages based on contributing guide ([containerd#9365](containerd#9365)) * Generalize plugin library ([containerd#9214](containerd#9214)) * Use github.com/containerd/log ([containerd#9086](containerd#9086)) * Support to syncfs after pull by using diff plugin ([containerd#10284](containerd#10284)) * Skip "unknown" in image platform listing ([containerd#10257](containerd#10257)) * Update unpacker to fetch all provided content ([containerd#10202](containerd#10202)) * Enable Transfer service API to support plain HTTP ([containerd#10024](containerd#10024)) * Enable Transfer service to use registry configuration directory ([containerd#9908](containerd#9908)) * Disable the support for Schema 1 images ([containerd#9765](containerd#9765)) * Update Transfer service to add OCI descriptors to Progress structure ([containerd#9630](containerd#9630)) * Update import and export to allow references to missing content ([containerd#9554](containerd#9554)) * Add option to perform syncfs after pull ([containerd#9401](containerd#9401)) * Add image verifier transfer service plugin system based on a binary directory ([containerd#8493](containerd#8493)) * Implement RuntimeStatus.features.supplemental_groups_policy from KEP-3619 ([containerd#10410](containerd#10410)) * Add pprof to runc-shim ([containerd#10242](containerd#10242)) * Provide runtime options in plugin info ([containerd#10251](containerd#10251)) * Store bootstrap parameters in sandbox metadata ([containerd#9736](containerd#9736)) * Update apparmor to allow confined runc to kill containers ([containerd#10123](containerd#10123)) * Support vsock connection to task api ([containerd#9738](containerd#9738)) * Update RuntimeDefault seccomp profile to disallow io_uring related syscalls ([containerd#9320](containerd#9320)) * Switch runc shim to task service v3 and fix restore ([containerd#9233](containerd#9233)) * Add sandboxer configuration and move sandbox controllers to plugins ([containerd#8268](containerd#8268)) * Add annotations to CreateSandbox request ([containerd#8960](containerd#8960)) * Add SandboxMetrics ([containerd#8680](containerd#8680)) * Publish sandbox events ([containerd#8602](containerd#8602)) * Remove the CriuPath field from runc's options ([containerd#8279](containerd#8279)) * Remove `io.containerd.runtime.v1.linux` and `io.containerd.runc.v1` ([containerd#8262](containerd#8262)) * [medium] RAPL accessible to a container [GHSA-7ww5-4wqc-m92c](GHSA-7ww5-4wqc-m92c) * Remove `disable_cgroup` from CRI config ([containerd#10594](containerd#10594)) * Disable the support for Schema 1 images ([containerd#9765](containerd#9765)) * Update RuntimeDefault seccomp profile to disallow io_uring related syscalls ([containerd#9320](containerd#9320)) * Move client to subpackage ([containerd#9316](containerd#9316)) * Remove `LimitNOFILE` from `containerd.service` ([containerd#8924](containerd#8924)) * Remove CRI v1alpha2 ([containerd#8276](containerd#8276)) * Remove `io.containerd.runtime.v1.linux` and `io.containerd.runc.v1` ([containerd#8262](containerd#8262)) * Remove "containerd.io/restart.logpath" label ([containerd#8264](containerd#8264)) * Remove `aufs` snapshotter ([containerd#8263](containerd#8263)) * Update warnings for deprecated CRI config fields ([containerd#10509](containerd#10509)) * Add type alias for event Envelope ([containerd#10279](containerd#10279)) * Postpone removal of deprecated CRI config properties ([containerd#9966](containerd#9966)) * Deprecate go-plugin configuration option ([containerd#9238](containerd#9238)) * CNI conf_template in CRI is no longer deprecated ([containerd#8637](containerd#8637)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. * Derek McGowan * Akihiro Suda * Maksym Pavlenko * Wei Fu * Phil Estes * Sebastiaan van Stijn * Samuel Karp * Stefan Berger * Kazuyoshi Kato * Rodrigo Campos * Danny Canter * Abel Feng * Akhil Mohan * Kirtana Ashok * Gabriel Adrian Samfira * Austin Vazquez * Iceber Gu * Krisztian Litkey * Kohei Tokunaga * Mike Brown * Jin Dong * Bjorn Neergaard * Justin Chadwell * rongfu.leng * James Sturtevant * Davanum Srinivas * Paul "TBBle" Hampson * Henry Wang * Brian Goff * Enrico Weigelt * Laura Brehm * Marat Radchenko * Paweł Gronowski * Shingo Omura * Hsing-Yu (David) Chen * Ilya Hanov * Cardy.Tang * Swagat Bora * Aditi Sharma * Amit Barve * Bryant Biggs * Evan Lezar * James Jenkins * Jordan Liggitt * Kay Yan * Markus Lehtonen * Nashwan Azhari * Shuaiyi Zhang * Vinayak Goyal * helen * Alexandru Matei * Anthony Nandaa * Avi Deitcher * Charity Kathure * Cory Snider * Ed Bartosh * Etienne Champetier * Kevin Parsons * Michael Zappa * Milas Bowman * ningmingxiao * yanggang * zounengren * Aditya Ramani * Adrian Reber * Amir M. Ghazanfari * Artem Khramov * Brad Davidson * Chen Yiyang * Christian Muehlhaeuser * Djordje Lukic * Edgar Lee * Eric Lin * Ethan Lowman * Jiang Liu * June Rhodes * Kern Walster * Lucas Rattz * Mahamed Ali * Maksim An * Michael Crosby * Peteris Rudzusiks * Sam Edwards * Samruddhi Khandale * Sascha Grunert * Steve Griffith * Tony Fang * VERNOU Cédric * Vishal Reddy Gurrala * hang.jiang * harshitasao * jerryzhuang * lengrongfu * roman-kiselenko * zhanluxianshen * Aaron Lehmann * Adrien Delorme * Alex Couture-Beil * Alex Ellis * Alex Rodriguez * Angelos Kolaitis * Antonio Huete Jimenez * Arash Haghighat * Ben Foster * Bin Tang * Bin Xin * BinBin He * Brennan Kinney * Changqing Li * ChengenH * ChengyuZhu6 * Christian Stewart * Colin O'Dell * Craig Ingram * Daisy Rong * David Porter * Derek Nola * Eng Zer Jun * Erikson Tung * Fabiano Fidêncio * Fahed Dorgaa * Gary McDonald * Iain Macdonald * James Lakin * Jan Dubois * Jaroslav Jindrak * Javier Maestro * Jian Wang * Jiongchi Yu * Julien Balestra * Kir Kolyshkin * Kirill A. Korinsky * Konstantin Khlebnikov * Mauri de Souza Meneguzzo * Pan Yibo * Paul Meyer * Qasim Sarfraz * Qiutong Song * Reinhard Tartler * Robbie Buxton * Robert-André Mauchin * Ruihua Wen * Sameer * Shengjing Zhu * Shiming Zhang * Shukui Yang * Talon * Tariq Ibrahim * Tianon Gravi * Tim Hockin * TinaMor * Tobias Klauser * Tomáš Virtus * Tõnis Tiigi * Wang Xinwen * William Chen * Xinyang Ge * Yibo Zhuang * Yury Gargay * Zechun Chen * Zhang Tianyang * Zoe * baijia * bo.jiang * bzsuni * charles-chenzz * chschumacher1994 * guangli.bao * guangwu * jinda.ljd * krglosse * pigletfly * rokkiter * wangxiang * zhangpeng * zhaojizhuang * 吴小白 * 张钰 * 沈陵 * 谭九鼎 * **dario.cat/mergo** v1.0.1 **_new_** * **github.com/AdaLogics/go-fuzz-headers** 1f10f66a31bf -> ced1acdcaa24 * **github.com/AdamKorcz/go-118-fuzz-build** 5330a85ea652 -> 8075edf89bb0 * **github.com/Microsoft/go-winio** v0.6.0 -> v0.6.2 * **github.com/Microsoft/hcsshim** v0.10.0-rc.7 -> v0.12.6 * **github.com/cenkalti/backoff/v4** v4.2.0 -> v4.3.0 * **github.com/cespare/xxhash/v2** v2.2.0 -> v2.3.0 * **github.com/checkpoint-restore/checkpointctl** v1.2.1 **_new_** * **github.com/checkpoint-restore/go-criu/v7** v7.2.0 **_new_** * **github.com/cilium/ebpf** v0.9.1 -> v0.11.0 * **github.com/containerd/cgroups/v3** v3.0.1 -> v3.0.3 * **github.com/containerd/console** v1.0.3 -> v1.0.4 * **github.com/containerd/containerd/api** v1.8.0-rc.3 **_new_** * **github.com/containerd/continuity** v0.3.0 -> v0.4.3 * **github.com/containerd/errdefs** v0.1.0 **_new_** * **github.com/containerd/go-cni** v1.1.9 -> v1.1.10 * **github.com/containerd/go-runc** v1.0.0 -> v1.1.0 * **github.com/containerd/imgcrypt** v1.1.7 -> v1.2.0-rc1 * **github.com/containerd/log** v0.1.0 **_new_** * **github.com/containerd/nri** v0.3.0 -> v0.6.1 * **github.com/containerd/otelttrpc** ea5083fda723 **_new_** * **github.com/containerd/platforms** v0.2.1 **_new_** * **github.com/containerd/plugin** v0.1.0 **_new_** * **github.com/containerd/ttrpc** v1.2.1 -> v1.2.5 * **github.com/containerd/typeurl/v2** v2.1.0 -> v2.2.0 * **github.com/containernetworking/cni** v1.1.2 -> v1.2.3 * **github.com/containernetworking/plugins** v1.2.0 -> v1.5.1 * **github.com/containers/ocicrypt** v1.1.6 -> v1.2.0 * **github.com/cpuguy83/go-md2man/v2** v2.0.2 -> v2.0.4 * **github.com/davecgh/go-spew** v1.1.1 -> d8f796af33cc * **github.com/distribution/reference** v0.6.0 **_new_** * **github.com/emicklei/go-restful/v3** v3.10.1 -> v3.11.0 * **github.com/felixge/httpsnoop** v1.0.4 **_new_** * **github.com/fsnotify/fsnotify** v1.6.0 -> v1.7.0 * **github.com/fxamacker/cbor/v2** v2.7.0 **_new_** * **github.com/go-jose/go-jose/v4** v4.0.2 **_new_** * **github.com/go-logr/logr** v1.2.3 -> v1.4.2 * **github.com/golang/protobuf** v1.5.2 -> v1.5.4 * **github.com/google/go-cmp** v0.5.9 -> v0.6.0 * **github.com/google/uuid** v1.3.0 -> v1.6.0 * **github.com/gorilla/websocket** v1.5.0 **_new_** * **github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus** v1.0.1 **_new_** * **github.com/grpc-ecosystem/go-grpc-middleware/v2** v2.1.0 **_new_** * **github.com/grpc-ecosystem/grpc-gateway/v2** v2.7.0 -> v2.22.0 * **github.com/intel/goresctrl** v0.3.0 -> v0.7.0 * **github.com/klauspost/compress** v1.16.0 -> v1.17.10 * **github.com/mdlayher/socket** v0.4.1 **_new_** * **github.com/mdlayher/vsock** v1.2.1 **_new_** * **github.com/moby/spdystream** v0.2.0 -> v0.4.0 * **github.com/moby/sys/mountinfo** v0.6.2 -> v0.7.2 * **github.com/moby/sys/sequential** v0.5.0 -> v0.6.0 * **github.com/moby/sys/signal** v0.7.0 -> v0.7.1 * **github.com/moby/sys/symlink** v0.2.0 -> v0.3.0 * **github.com/moby/sys/user** v0.3.0 **_new_** * **github.com/moby/sys/userns** v0.1.0 **_new_** * **github.com/munnerz/goautoneg** a7dc8b61c822 **_new_** * **github.com/mxk/go-flowrate** cca7078d478f **_new_** * **github.com/opencontainers/image-spec** 3a7f492d3f1b -> v1.1.0 * **github.com/opencontainers/runtime-spec** v1.1.0-rc.1 -> v1.2.0 * **github.com/opencontainers/runtime-tools** 946c877fa809 -> 2e043c6bd626 * **github.com/pelletier/go-toml/v2** v2.2.3 **_new_** * **github.com/pmezard/go-difflib** v1.0.0 -> 5d4384ee4fb2 * **github.com/prometheus/client_golang** v1.14.0 -> v1.20.4 * **github.com/prometheus/client_model** v0.3.0 -> v0.6.1 * **github.com/prometheus/common** v0.37.0 -> v0.55.0 * **github.com/prometheus/procfs** v0.8.0 -> v0.15.1 * **github.com/sirupsen/logrus** v1.9.0 -> v1.9.3 * **github.com/stretchr/testify** v1.8.2 -> v1.9.0 * **github.com/urfave/cli/v2** v2.27.4 **_new_** * **github.com/vishvananda/netlink** v1.2.1-beta.2 -> v1.3.0 * **github.com/vishvananda/netns** 2eb08e3e575f -> v0.0.4 * **github.com/x448/float16** v0.8.4 **_new_** * **github.com/xrash/smetrics** 686a1a2994c1 **_new_** * **go.etcd.io/bbolt** v1.3.7 -> v1.3.11 * **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc** v0.40.0 -> v0.55.0 * **go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp** v0.55.0 **_new_** * **go.opentelemetry.io/otel** v1.14.0 -> v1.30.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace** v1.14.0 -> v1.30.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc** v1.14.0 -> v1.30.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp** v1.14.0 -> v1.30.0 * **go.opentelemetry.io/otel/metric** v0.37.0 -> v1.30.0 * **go.opentelemetry.io/otel/sdk** v1.14.0 -> v1.30.0 * **go.opentelemetry.io/otel/trace** v1.14.0 -> v1.30.0 * **go.opentelemetry.io/proto/otlp** v0.19.0 -> v1.3.1 * **golang.org/x/crypto** v0.1.0 -> v0.27.0 * **golang.org/x/exp** aacd6d4b4611 **_new_** * **golang.org/x/mod** v0.7.0 -> v0.21.0 * **golang.org/x/net** v0.7.0 -> v0.29.0 * **golang.org/x/oauth2** v0.4.0 -> v0.22.0 * **golang.org/x/sync** v0.1.0 -> v0.8.0 * **golang.org/x/sys** v0.6.0 -> v0.25.0 * **golang.org/x/term** v0.5.0 -> v0.24.0 * **golang.org/x/text** v0.7.0 -> v0.18.0 * **golang.org/x/time** 90d013bbcef8 -> v0.3.0 * **google.golang.org/genproto/googleapis/api** 8af14fe29dc1 **_new_** * **google.golang.org/genproto/googleapis/rpc** 8af14fe29dc1 **_new_** * **google.golang.org/grpc** v1.53.0 -> v1.67.0 * **google.golang.org/protobuf** v1.28.1 -> v1.34.2 * **k8s.io/api** v0.26.2 -> v0.31.1 * **k8s.io/apimachinery** v0.26.2 -> v0.31.1 * **k8s.io/apiserver** v0.26.2 -> v0.31.1 * **k8s.io/client-go** v0.26.2 -> v0.31.1 * **k8s.io/component-base** v0.26.2 -> v0.31.1 * **k8s.io/cri-api** v0.26.2 -> v0.32.0-alpha.0 * **k8s.io/klog/v2** v2.90.1 -> v2.130.1 * **k8s.io/kubelet** v0.31.1 **_new_** * **k8s.io/utils** a5ecb0141aa5 -> 18e509b52bc8 * **sigs.k8s.io/json** f223a00ba0e2 -> bc3834ca7abd * **sigs.k8s.io/structured-merge-diff/v4** v4.2.3 -> v4.4.1 * **sigs.k8s.io/yaml** v1.3.0 -> v1.4.0 * **tags.cncf.io/container-device-interface** v0.8.0 **_new_** * **tags.cncf.io/container-device-interface/specs-go** v0.8.0 **_new_** Previous release can be found at [v1.7.0](https://github.com/containerd/containerd/releases/tag/v1.7.0) * `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04). * `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent. In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases) and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too. See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation.
Mengkzhaoyun
pushed a commit
to open-beagle/containerd
that referenced
this pull request
Nov 11, 2024
containerd 2.0.0 Welcome to the v2.0.0 release of containerd! The first major release of containerd 2.x focuses on the continued stability of containerd's core feature set with an easy upgrade from containerd 1.x. This release includes the stabilization of new features added in the last 1.x release as well as the removal of features which were deprecated in 1.x. The goal is to support the vast community of containerd users well into the future along with their ever increasing deployment footprints and variety of use cases. See [containerd 2.0](https://github.com/containerd/containerd/blob/main/docs/containerd-2.0.md) documentation for details on what is new and has changed in this release. * Allow sections of Plugins to be merged, and not overwritten as entire sections. ([#9982](containerd/containerd#9982)) * Add Update API for sandbox controller ([#9903](containerd/containerd#9903)) * Configure otel from env instead of config.toml ([#8970](containerd/containerd#8970)) * Enable NRI by default ([#9744](containerd/containerd#9744)) * Add PluginInfo to introspection API ([#9442](containerd/containerd#9442)) * Remove overlayfs volatile option on temp mounts ([#9555](containerd/containerd#9555)) * Expose usage of deprecated features ([#9258](containerd/containerd#9258)) * Use Intel ISA-L's igzip if available ([#9200](containerd/containerd#9200)) * Introduce top level config migration ([#9223](containerd/containerd#9223)) * Add image delete target ([#8989](containerd/containerd#8989)) * Remove `LimitNOFILE` from `containerd.service` ([#8924](containerd/containerd#8924)) * Add support for image expiration during garbage collection ([#9022](containerd/containerd#9022)) * Reduce the contention between ref lock and boltdb lock in content store ([#8792](containerd/containerd#8792)) * Remove "containerd.io/restart.logpath" label ([#8264](containerd/containerd#8264)) * Remove `aufs` snapshotter ([#8263](containerd/containerd#8263)) * Fix deadlock during NRI plugin registration ([containerd/nri#79](containerd/nri#79)) * Support arm64/v9 and minor variants ([containerd/platforms#8](containerd/platforms#8)) * Fix deadlock when writing to pipe blocks ([containerd/ttrpc#168](containerd/ttrpc#168)) * Generate attestation for artifacts during release ([#10543](containerd/containerd#10543)) * Remove `cri-containerd-*.tar.gz` release bundles ([#9096](containerd/containerd#9096)) * Use 'UserSpecifiedImage' from CRI to set the image-name annotation ([#10747](containerd/containerd#10747)) * Fine-grained SupplementalGroups control ([#9737](containerd/containerd#9737)) * Add support to set loopback to up ([#10238](containerd/containerd#10238)) * KEP-3857: Recursive Read-only (RRO) mounts ([#9787](containerd/containerd#9787)) * Add support for multiple subscribers to CRI container events ([#9661](containerd/containerd#9661)) * Enable CDI by default ([#9621](containerd/containerd#9621)) * Remove non-sandboxed CRI implementation ([#9228](containerd/containerd#9228)) * Add support for userns in stateless and stateful pods with idmap mounts (KEP-127, k8s >= 1.27) ([#8287](containerd/containerd#8287)) * Use sandboxed CRI by default ([#8994](containerd/containerd#8994)) * Implement RuntimeConfig CRI call ([#8722](containerd/containerd#8722)) * Add support for user namespaces (KEP-127) ([#8803](containerd/containerd#8803)) * Remove CRI v1alpha2 ([#8276](containerd/containerd#8276)) * Add api Go module and move all protos under api ([#10151](containerd/containerd#10151)) * Move packages based on contributing guide ([#9365](containerd/containerd#9365)) * Generalize plugin library ([#9214](containerd/containerd#9214)) * Use github.com/containerd/log ([#9086](containerd/containerd#9086)) * Support to syncfs after pull by using diff plugin ([#10284](containerd/containerd#10284)) * Skip "unknown" in image platform listing ([#10257](containerd/containerd#10257)) * Update unpacker to fetch all provided content ([#10202](containerd/containerd#10202)) * Enable Transfer service API to support plain HTTP ([#10024](containerd/containerd#10024)) * Enable Transfer service to use registry configuration directory ([#9908](containerd/containerd#9908)) * Disable the support for Schema 1 images ([#9765](containerd/containerd#9765)) * Update Transfer service to add OCI descriptors to Progress structure ([#9630](containerd/containerd#9630)) * Update import and export to allow references to missing content ([#9554](containerd/containerd#9554)) * Add option to perform syncfs after pull ([#9401](containerd/containerd#9401)) * Add image verifier transfer service plugin system based on a binary directory ([#8493](containerd/containerd#8493)) * Implement RuntimeStatus.features.supplemental_groups_policy from KEP-3619 ([#10410](containerd/containerd#10410)) * Add pprof to runc-shim ([#10242](containerd/containerd#10242)) * Provide runtime options in plugin info ([#10251](containerd/containerd#10251)) * Store bootstrap parameters in sandbox metadata ([#9736](containerd/containerd#9736)) * Update apparmor to allow confined runc to kill containers ([#10123](containerd/containerd#10123)) * Support vsock connection to task api ([#9738](containerd/containerd#9738)) * Update RuntimeDefault seccomp profile to disallow io_uring related syscalls ([#9320](containerd/containerd#9320)) * Switch runc shim to task service v3 and fix restore ([#9233](containerd/containerd#9233)) * Add sandboxer configuration and move sandbox controllers to plugins ([#8268](containerd/containerd#8268)) * Add annotations to CreateSandbox request ([#8960](containerd/containerd#8960)) * Add SandboxMetrics ([#8680](containerd/containerd#8680)) * Publish sandbox events ([#8602](containerd/containerd#8602)) * Remove the CriuPath field from runc's options ([#8279](containerd/containerd#8279)) * Remove `io.containerd.runtime.v1.linux` and `io.containerd.runc.v1` ([#8262](containerd/containerd#8262)) * [medium] RAPL accessible to a container [GHSA-7ww5-4wqc-m92c](GHSA-7ww5-4wqc-m92c) * Remove `disable_cgroup` from CRI config ([#10594](containerd/containerd#10594)) * Disable the support for Schema 1 images ([#9765](containerd/containerd#9765)) * Update RuntimeDefault seccomp profile to disallow io_uring related syscalls ([#9320](containerd/containerd#9320)) * Move client to subpackage ([#9316](containerd/containerd#9316)) * Remove `LimitNOFILE` from `containerd.service` ([#8924](containerd/containerd#8924)) * Remove CRI v1alpha2 ([#8276](containerd/containerd#8276)) * Remove `io.containerd.runtime.v1.linux` and `io.containerd.runc.v1` ([#8262](containerd/containerd#8262)) * Remove "containerd.io/restart.logpath" label ([#8264](containerd/containerd#8264)) * Remove `aufs` snapshotter ([#8263](containerd/containerd#8263)) * Update warnings for deprecated CRI config fields ([#10509](containerd/containerd#10509)) * Add type alias for event Envelope ([#10279](containerd/containerd#10279)) * Postpone removal of deprecated CRI config properties ([#9966](containerd/containerd#9966)) * Deprecate go-plugin configuration option ([#9238](containerd/containerd#9238)) * CNI conf_template in CRI is no longer deprecated ([#8637](containerd/containerd#8637)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. * Derek McGowan * Akihiro Suda * Maksym Pavlenko * Wei Fu * Phil Estes * Sebastiaan van Stijn * Samuel Karp * Krisztian Litkey * Kazuyoshi Kato * Austin Vazquez * Rodrigo Campos * Danny Canter * Abel Feng * Mike Brown * Kirtana Ashok * Akhil Mohan * Iceber Gu * Gabriel Adrian Samfira * Jin Dong * Kohei Tokunaga * Bjorn Neergaard * Brian Goff * Justin Chadwell * rongfu.leng * James Sturtevant * Davanum Srinivas * Paul "TBBle" Hampson * Henry Wang * Enrico Weigelt * Laura Brehm * Marat Radchenko * Paweł Gronowski * Shingo Omura * Hsing-Yu (David) Chen * Ilya Hanov * Cardy.Tang * Swagat Bora * Aditi Sharma * Amit Barve * Bryant Biggs * Evan Lezar * James Jenkins * Jordan Liggitt * Kay Yan * Markus Lehtonen * Nashwan Azhari * Shuaiyi Zhang * Vinayak Goyal * helen * Alexandru Matei * Anthony Nandaa * Avi Deitcher * Charity Kathure * Cory Snider * Ed Bartosh * Etienne Champetier * Kevin Parsons * Michael Zappa * Milas Bowman * lengrongfu * ningmingxiao * yanggang * zounengren * Aditya Ramani * Adrian Reber * Amir M. Ghazanfari * Antonio Ojea * Artem Khramov * Brad Davidson * Chen Yiyang * Chongyi Zheng * Christian Muehlhaeuser * Djordje Lukic * Edgar Lee * Eric Lin * Ethan Lowman * Jiang Liu * June Rhodes * Kern Walster * Lei Jitang * Lucas Rattz * Mahamed Ali * Maksim An * Michael Crosby * Peteris Rudzusiks * Ray Burgemeestre * Sam Edwards * Samruddhi Khandale * Sascha Grunert * Steve Griffith * Tony Fang * Tõnis Tiigi * VERNOU Cédric * Vishal Reddy Gurrala * Xiaojin Zhang * Yang Yang * hang.jiang * harshitasao * jerryzhuang * roman-kiselenko * zhanluxianshen * Aaron Lehmann * AbdelrahmanElawady * Adrien Delorme * Alex Couture-Beil * Alex Ellis * Alex Rodriguez * Angelos Kolaitis * Antonio Huete Jimenez * Antti Kervinen * Arash Haghighat * Arkin Modi * Ben Foster * Benjamin Peterson * Bin Tang * Bin Xin * BinBin He * Brennan Kinney * Changqing Li * ChengenH * ChengyuZhu6 * Christian Stewart * Colin O'Dell * Craig Ingram * Daisy Rong * David Porter * David Son * Derek Nola * Eng Zer Jun * Erikson Tung * Fabiano Fidêncio * Fahed Dorgaa * Gabriela Cervantes * Gary McDonald * Iain Macdonald * James Lakin * Jan Dubois * Jaroslav Jindrak * Javier Maestro * Jian Wang * Jiongchi Yu * Julien Balestra * Kir Kolyshkin * Kirill A. Korinsky * Konstantin Khlebnikov * Lei Liu * Matteo Pulcini * Mauri de Souza Meneguzzo * Mike Baynton * Niklas Gehlen * Pan Yibo * Paul Meyer * Qasim Sarfraz * Qiutong Song * Reinhard Tartler * Robbie Buxton * Robert-André Mauchin * Ruihua Wen * Saket Jajoo * Sameer * Shengjing Zhu * Shiming Zhang * Shukui Yang * StepSecurity Bot * Talon * Tariq Ibrahim * Tianon Gravi * Tim Hockin * TinaMor * Tobias Klauser * Tomáš Virtus * Wang Xinwen * William Chen * Xinyang Ge * Yibo Zhuang * Yuhang Wei * Yury Gargay * Zechun Chen * Zhang Tianyang * Zoe * baijia * bo.jiang * bzsuni * charles-chenzz * chschumacher1994 * cormick * guangli.bao * guangwu * jinda.ljd * jingtao.liang * krglosse * pigletfly * rokkiter * wangxiang * zhangpeng * zhaojizhuang * 吴小白 * 张钰 * 沈陵 * 谭九鼎 * **dario.cat/mergo** v1.0.1 **_new_** * **github.com/AdaLogics/go-fuzz-headers** 1f10f66a31bf -> e8a1dd7889d6 * **github.com/AdamKorcz/go-118-fuzz-build** 5330a85ea652 -> 2b5cbb29f3e2 * **github.com/Microsoft/go-winio** v0.6.0 -> v0.6.2 * **github.com/Microsoft/hcsshim** v0.10.0-rc.7 -> v0.12.9 * **github.com/cenkalti/backoff/v4** v4.2.0 -> v4.3.0 * **github.com/cespare/xxhash/v2** v2.2.0 -> v2.3.0 * **github.com/checkpoint-restore/checkpointctl** v1.3.0 **_new_** * **github.com/checkpoint-restore/go-criu/v7** v7.2.0 **_new_** * **github.com/cilium/ebpf** v0.9.1 -> v0.11.0 * **github.com/containerd/cgroups/v3** v3.0.1 -> v3.0.3 * **github.com/containerd/console** v1.0.3 -> v1.0.4 * **github.com/containerd/containerd/api** v1.8.0 **_new_** * **github.com/containerd/continuity** v0.3.0 -> v0.4.4 * **github.com/containerd/errdefs** v1.0.0 **_new_** * **github.com/containerd/errdefs/pkg** v0.3.0 **_new_** * **github.com/containerd/go-cni** v1.1.9 -> v1.1.10 * **github.com/containerd/go-runc** v1.0.0 -> v1.1.0 * **github.com/containerd/imgcrypt/v2** v2.0.0-rc.1 **_new_** * **github.com/containerd/log** v0.1.0 **_new_** * **github.com/containerd/nri** v0.3.0 -> v0.8.0 * **github.com/containerd/otelttrpc** ea5083fda723 **_new_** * **github.com/containerd/platforms** v1.0.0-rc.0 **_new_** * **github.com/containerd/plugin** v1.0.0 **_new_** * **github.com/containerd/ttrpc** v1.2.1 -> v1.2.6 * **github.com/containerd/typeurl/v2** v2.1.0 -> v2.2.2 * **github.com/containerd/zfs/v2** v2.0.0-rc.0 **_new_** * **github.com/containernetworking/cni** v1.1.2 -> v1.2.3 * **github.com/containernetworking/plugins** v1.2.0 -> v1.5.1 * **github.com/containers/ocicrypt** v1.1.6 -> v1.2.0 * **github.com/cpuguy83/go-md2man/v2** v2.0.2 -> v2.0.5 * **github.com/davecgh/go-spew** v1.1.1 -> d8f796af33cc * **github.com/distribution/reference** v0.6.0 **_new_** * **github.com/emicklei/go-restful/v3** v3.10.1 -> v3.11.0 * **github.com/felixge/httpsnoop** v1.0.4 **_new_** * **github.com/fsnotify/fsnotify** v1.6.0 -> v1.7.0 * **github.com/fxamacker/cbor/v2** v2.7.0 **_new_** * **github.com/go-jose/go-jose/v4** v4.0.4 **_new_** * **github.com/go-logr/logr** v1.2.3 -> v1.4.2 * **github.com/golang/protobuf** v1.5.2 -> v1.5.4 * **github.com/google/go-cmp** v0.5.9 -> v0.6.0 * **github.com/google/uuid** v1.3.0 -> v1.6.0 * **github.com/gorilla/websocket** v1.5.0 **_new_** * **github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus** v1.0.1 **_new_** * **github.com/grpc-ecosystem/go-grpc-middleware/v2** v2.1.0 **_new_** * **github.com/grpc-ecosystem/grpc-gateway/v2** v2.7.0 -> v2.22.0 * **github.com/intel/goresctrl** v0.3.0 -> v0.8.0 * **github.com/klauspost/compress** v1.16.0 -> v1.17.11 * **github.com/mdlayher/socket** v0.4.1 **_new_** * **github.com/mdlayher/vsock** v1.2.1 **_new_** * **github.com/mistifyio/go-zfs/v3** v3.0.1 **_new_** * **github.com/moby/spdystream** v0.2.0 -> v0.4.0 * **github.com/moby/sys/mountinfo** v0.6.2 -> v0.7.2 * **github.com/moby/sys/sequential** v0.5.0 -> v0.6.0 * **github.com/moby/sys/signal** v0.7.0 -> v0.7.1 * **github.com/moby/sys/symlink** v0.2.0 -> v0.3.0 * **github.com/moby/sys/user** v0.3.0 **_new_** * **github.com/moby/sys/userns** v0.1.0 **_new_** * **github.com/munnerz/goautoneg** a7dc8b61c822 **_new_** * **github.com/mxk/go-flowrate** cca7078d478f **_new_** * **github.com/opencontainers/image-spec** 3a7f492d3f1b -> v1.1.0 * **github.com/opencontainers/runtime-spec** v1.1.0-rc.1 -> v1.2.0 * **github.com/opencontainers/runtime-tools** 946c877fa809 -> 2e043c6bd626 * **github.com/opencontainers/selinux** v1.11.0 -> v1.11.1 * **github.com/pelletier/go-toml/v2** v2.2.3 **_new_** * **github.com/pmezard/go-difflib** v1.0.0 -> 5d4384ee4fb2 * **github.com/prometheus/client_golang** v1.14.0 -> v1.20.5 * **github.com/prometheus/client_model** v0.3.0 -> v0.6.1 * **github.com/prometheus/common** v0.37.0 -> v0.55.0 * **github.com/prometheus/procfs** v0.8.0 -> v0.15.1 * **github.com/sirupsen/logrus** v1.9.0 -> v1.9.3 * **github.com/stefanberger/go-pkcs11uri** 78d3cae3a980 -> 78284954bff6 * **github.com/stretchr/testify** v1.8.2 -> v1.9.0 * **github.com/urfave/cli/v2** v2.27.5 **_new_** * **github.com/vishvananda/netlink** v1.2.1-beta.2 -> v1.3.0 * **github.com/vishvananda/netns** 2eb08e3e575f -> v0.0.4 * **github.com/x448/float16** v0.8.4 **_new_** * **github.com/xrash/smetrics** 686a1a2994c1 **_new_** * **go.etcd.io/bbolt** v1.3.7 -> v1.3.11 * **go.mozilla.org/pkcs7** 432b2356ecb1 -> v0.9.0 * **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc** v0.40.0 -> v0.56.0 * **go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp** v0.56.0 **_new_** * **go.opentelemetry.io/otel** v1.14.0 -> v1.31.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace** v1.14.0 -> v1.31.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc** v1.14.0 -> v1.31.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp** v1.14.0 -> v1.31.0 * **go.opentelemetry.io/otel/metric** v0.37.0 -> v1.31.0 * **go.opentelemetry.io/otel/sdk** v1.14.0 -> v1.31.0 * **go.opentelemetry.io/otel/trace** v1.14.0 -> v1.31.0 * **go.opentelemetry.io/proto/otlp** v0.19.0 -> v1.3.1 * **golang.org/x/crypto** v0.1.0 -> v0.28.0 * **golang.org/x/exp** aacd6d4b4611 **_new_** * **golang.org/x/mod** v0.7.0 -> v0.21.0 * **golang.org/x/net** v0.7.0 -> v0.30.0 * **golang.org/x/oauth2** v0.4.0 -> v0.22.0 * **golang.org/x/sync** v0.1.0 -> v0.8.0 * **golang.org/x/sys** v0.6.0 -> v0.26.0 * **golang.org/x/term** v 94B5 0.5.0 -> v0.25.0 * **golang.org/x/text** v0.7.0 -> v0.19.0 * **golang.org/x/time** 90d013bbcef8 -> v0.3.0 * **google.golang.org/genproto/googleapis/api** 5fefd90f89a9 **_new_** * **google.golang.org/genproto/googleapis/rpc** 324edc3d5d38 **_new_** * **google.golang.org/grpc** v1.53.0 -> v1.67.1 * **google.golang.org/protobuf** v1.28.1 -> v1.35.1 * **k8s.io/api** v0.26.2 -> v0.31.2 * **k8s.io/apimachinery** v0.26.2 -> v0.31.2 * **k8s.io/apiserver** v0.26.2 -> v0.31.2 * **k8s.io/client-go** v0.26.2 -> v0.31.2 * **k8s.io/component-base** v0.26.2 -> v0.31.2 * **k8s.io/cri-api** v0.26.2 -> v0.31.2 * **k8s.io/klog/v2** v2.90.1 -> v2.130.1 * **k8s.io/kubelet** v0.31.2 **_new_** * **k8s.io/utils** a5ecb0141aa5 -> 18e509b52bc8 * **sigs.k8s.io/json** f223a00ba0e2 -> bc3834ca7abd * **sigs.k8s.io/structured-merge-diff/v4** v4.2.3 -> v4.4.1 * **sigs.k8s.io/yaml** v1.3.0 -> v1.4.0 * **tags.cncf.io/container-device-interface** v0.8.0 **_new_** * **tags.cncf.io/container-device-interface/specs-go** v0.8.0 **_new_** Previous release can be found at [v1.7.0](https://github.com/containerd/containerd/releases/tag/v1.7.0) * `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04). * `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent. In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases) and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too. See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
For a well defined sandbox the resources may be restricted, and the Task API server may run inside the sandbox, so we may rely on the sandox controller to add or remove resources in the sandbox before/after we create/delete Tasks or Processes in the sandbox.