Containerd - v1.7.3

Welcome to the v1.7.3 release of containerd!

The third patch release for containerd 1.7 contains various fixes and updates.

Notable Updates

  • RunC: Update runc binary to v1.1.8 (#8843)
  • CRI: Fix additionalGids: it should fallback to imageConfig.User when securityContext.RunAsUser,RunAsUsername are empty (#8824)
  • CRI: write generated CNI config atomically (#8825)
  • Port-Forward: Correctly handle known errors (#8806)
  • Resolve docker.NewResolver race condition (#8799)
  • Fix net.ipv4.ping_group_range with userns (#8786)
  • Runtime/V2/RunC: handle early exits w/o big locks (#8712)
  • SecComp: always allow name_to_handle_at (#8753)
  • CRI: Windows Pod Stats: Add a check to skip stats for containers that are not running (#8654)
  • Task: don't close() io before cancel() (#8658)
  • Remove CNI conf_template deprecation (#8638)
  • Fix issue for HPC pod metrics (#8634)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Akihiro Suda
  • Phil Estes
  • Sebastiaan van Stijn
  • Wei Fu
  • Derek McGowan
  • Kazuyoshi Kato
  • Austin Vazquez
  • Samuel Karp
  • Shingo Omura
  • Jin Dong
  • Maksym Pavlenko
  • Aditi Sharma
  • Danny Canter
  • James Sturtevant
  • Laura Brehm
  • Rodrigo Campos
  • Akhil Mohan
  • Andrey Epifanov
  • Bjorn Neergaard
  • Cory Snider
  • Madhav Jivrajani
  • Mahamed Ali
  • Priyanka Saggu
  • Qasim Sarfraz
  • wangxiang
  • zounengren

Changes

63 commits

* [release/1.7] Prepare release notes for v1.7.3 ([#8871](https://github.com/containerd/containerd/pull/8871)) * [`4cb2f1515`](https://github.com/containerd/containerd/commit/4cb2f1515a39a8a6b704b74e58b96f8a1ef9840c) [release/1.7] Add release notes for v1.7.3 * [release/1.7] cri: memory.memsw.limit_in_bytes: no such file or directory ([#8869](https://github.com/containerd/containerd/pull/8869)) * [`b461ecacf`](https://github.com/containerd/containerd/commit/b461ecacfa155befd259877e04b9835bdd04e0d9) cri: memory.memsw.limit_in_bytes: no such file or directory * [release/1.7] migrate to community owned bucket for node e2e tests ([#8875](https://github.com/containerd/containerd/pull/8875)) * [`14328ae03`](https://github.com/containerd/containerd/commit/14328ae03b51ade0512496e3a4b0c2bf33ca5ffd) migrate to community owned bucket * [release/1.7 backport] update runc binary to v1.1.8 ([#8843](https://github.com/containerd/containerd/pull/8843)) * [`b985f7ef1`](https://github.com/containerd/containerd/commit/b985f7ef15b6dbb6d5ea302584dcfe491b99d70c) update runc binary to v1.1.8 * [release/1.7 backport] [CRI] fix additionalGids: it should fallback to imageConfig.User when securityContext.RunAsUser,RunAsUsername are empty ([#8824](https://github.com/containerd/containerd/pull/8824)) * [`083f57160`](https://github.com/containerd/containerd/commit/083f571609a83be94785b77a822aa7c332eeabfd) capture desc variable in range variable just in case that it run in parallel mode * [`a9440ce6b`](https://github.com/containerd/containerd/commit/a9440ce6b5a150be998c70549984b508231a6dbe) Use t.TempDir instead of os.MkdirTemp * [`eea3440d8`](https://github.com/containerd/containerd/commit/eea3440d899f6ce74fca5257dcc53e6cecc4fce4) use strings.Cut instead of strings.Split for parsing imageConfig.User * [`eace67180`](https://github.com/containerd/containerd/commit/eace671808e39d351c54e917fed86a58b92fe43b) fix userstr for dditionalGids on Linux * [release/1.7 backport] cri: write generated CNI config atomically ([#8825](https://github.com/containerd/containerd/pull/8825)) * [`7353c0286`](https://github.com/containerd/containerd/commit/7353c02869507eb28e571125db05c7597bf92f27) ctr: update WritePidFile to use atomicfile * [`ae7021300`](https://github.com/containerd/containerd/commit/ae70213003a84301ff7dc171569e8ab3adffca35) shim: WritePidFile & WriteAddress use atomicfile * [`186eb64b7`](https://github.com/containerd/containerd/commit/186eb64b7c7a0fbef9c1b11837056ecb2e130d38) cri: write generated CNI config atomically on Unix * [`64c3dcd8e`](https://github.com/containerd/containerd/commit/64c3dcd8e25ae02f6803d4131cb3e40c0c2849c7) atomicfile: new package for atomic file writes * [release/1.7 backport] Move logrus setup code to log package ([#8831](https://github.com/containerd/containerd/pull/8831)) * [`f7a20e17c`](https://github.com/containerd/containerd/commit/f7a20e17c3e96324cdf83388be289c4c2db1ba55) Move logrus setup code to log package * [release/1.7 backport] Cirrus CI: configure apt-get to wait for locks ([#8814](https://github.com/containerd/containerd/pull/8814)) * [`60a6db9c2`](https://github.com/containerd/containerd/commit/60a6db9c2627018aef6484d6ca5898a09aa9888e) Cirrus CI: configure apt-get to wait for locks * [release/1.7 backport] Update Go to 1.20.6,1.19.11 ([#8815](https://github.com/containerd/containerd/pull/8815)) * [`973778193`](https://github.com/containerd/containerd/commit/973778193b54a73b6975388efbdfcbbd33ca3212) Update Go to 1.20.6,1.19.11 * [release/1.7 backport] update go to go1.20.5, go1.19.10 ([#8716](https://github.com/containerd/containerd/pull/8716)) * [`403033e52`](https://github.com/containerd/containerd/commit/403033e52782716aa444d8d43a5c7e25efdfd4e5) update go to go1.20.5, go1.19.10 * [release/1.7 backport] bugfix(port-forward): Correctly handle known errors ([#8806](https://github.com/containerd/containerd/pull/8806)) * [`6b6b0c828`](https://github.com/containerd/containerd/commit/6b6b0c828051ecafc0653e271cda8cab2cbd59bd) bugfix(port-forward): Correctly handle known errors * [release/1.7] Resolve docker.NewResolver race condition ([#8799](https://github.com/containerd/containerd/pull/8799)) * [`898eca21e`](https://github.com/containerd/containerd/commit/898eca21e3c7d12351c26891b1813dd51a423e82) Change http.Header copy to builtin Clone * [`fa2efc406`](https://github.com/containerd/containerd/commit/fa2efc406f09950b466ff3f5d00a5b0a924ef738) Resolve docker.NewResolver race condition * [release/1.7] Fix net.ipv4.ping_group_range with userns ([#8786](https://github.com/containerd/containerd/pull/8786)) * [`241514815`](https://github.com/containerd/containerd/commit/241514815d278865199a701f23b83a20efe169be) pkg/cri/server: Test net.ipv4.ping_group_range works with userns * [`801e8c806`](https://github.com/containerd/containerd/commit/801e8c8069c4613de305c756c0f497f271ef3648) pkg/cri/server: Fix net.ipv4.ping_group_range with userns * [release/1.7 backport] vendor: github.com/containerd/zfs v1.1.0 ([#8782](https://github.com/containerd/containerd/pull/8782)) * [`d5639a5a8`](https://github.com/containerd/containerd/commit/d5639a5a867c45a0c6c5b4f2e65e7ebda0aa02ff) vendor: github.com/containerd/zfs v1.1.0 * [release/1.7 backport] ci: remove libseccomp-dev installation for nightly ([#8772](https://github.com/containerd/containerd/pull/8772)) * [`15d65709e`](https://github.com/containerd/containerd/commit/15d65709ee8f239de6b908026a51481eaeab6066) ci: remove libseccomp-dev installation for nightly * [release/1.7] go.mod: Update cgroups to 3.0.2 ([#8769](https://github.com/containerd/containerd/pull/8769)) * [`a08ae718c`](https://github.com/containerd/containerd/commit/a08ae718c47ed2069ab077fc99b4951776fc41ff) [release/1.7] go.mod: Update cgroups to 3.0.2 * [release/1.7 backport] runtime/v2/runc: handle early exits w/o big locks ([#8712](https://github.com/containerd/containerd/pull/8712)) * [`18c6503d9`](https://github.com/containerd/containerd/commit/18c6503d98f4de37ebbd39443bde958d8b6dc367) runtime/v2/runc: handle early exits w/o big locks * [release/1.7 backport] integration/client: add timeout to `TestShimOOMScore` ([#8750](https://github.com/containerd/containerd/pull/8750)) * [`3bf3996d9`](https://github.com/containerd/containerd/commit/3bf3996d921c7466ad194ef5ac26bbddb3a89a33) integration/client: add timeout to `TestShimOOMScore` * [release/1.7 backport] Update ginkgo to match cri-tools' version ([#8760](https://github.com/containerd/containerd/pull/8760)) * [`c2c54af9d`](https://github.com/containerd/containerd/commit/c2c54af9ddff6f26cc5ebefb2634ed5ca4cf15c3) Update ginkgo to match cri-tools' version * [release/1.7 backport] seccomp: always allow name_to_handle_at ([#8753](https://github.com/containerd/containerd/pull/8753)) * [`6281d46df`](https://github.com/containerd/containerd/commit/6281d46df9cc1df891ef1ca68b3e1a2b11dd96cd) seccomp: always allow name_to_handle_at * [release/1.7] Pinned image support ([#8718](https://github.com/containerd/containerd/pull/8718)) * [`699d6701a`](https://github.com/containerd/containerd/commit/699d6701ae17bd3c12a7f86f5d9470cedf210169) Pinned image support * [release/1.7] cherry-pick: No more nondistributable layers in MS registry ([#8690](https://github.com/containerd/containerd/pull/8690)) * [`dafbeb5b1`](https://github.com/containerd/containerd/commit/dafbeb5b1ffdaa6c227fddeacf2b39816e61660f) No more nondistributable layers in MS registry * [release/1.7] [cri] Windows Pod Stats: Add a check to skip stats for containers that are not running ([#8654](https://github.com/containerd/containerd/pull/8654)) * [`58b6b99cd`](https://github.com/containerd/containerd/commit/58b6b99cd6fde4f173df25c09b20682e29acebf5) Add a check to skip stats for containers that are not running * [release/1.7 backport] task: don't `close()` io before `cancel()` ([#8658](https://github.com/containerd/containerd/pull/8658)) * [`e5b2a0131`](https://github.com/containerd/containerd/commit/e5b2a0131ba26b4366957bea07c67c171a11f52a) task: don't `close()` io before `cancel()` * [release/1.7 backport] move to CRI-TOOLS v1.27.0 ([#8656](https://github.com/containerd/containerd/pull/8656)) * [`a6a15afe3`](https://github.com/containerd/containerd/commit/a6a15afe3e9dd2de89ddf0c1bdde73b42ae9720d) move to CRI-TOOLS v1.27.0 * [release/1.7] Remove cni conf_template deprecation ([#8638](https://github.com/containerd/containerd/pull/8638)) * [`0b2b96479`](https://github.com/containerd/containerd/commit/0b2b9647992dc4238e2a7d98c721dacb6cf753bf) RELEASES.md: de-deprecation of CNI conf_template will be v1.7.3 * [`a24267b28`](https://github.com/containerd/containerd/commit/a24267b28973821c3056b43270362bec5b8471ec) Remove cni conf_template deprecation * [release/1.7] Fix issue for HPC pod metrics ([#8634](https://github.com/containerd/containerd/pull/8634)) * [`89415fe36`](https://github.com/containerd/containerd/commit/89415fe36162576fb88b0fd7c117238834f2c967) Fix issue for HPC pod metrics

Changes from containerd/zfs

49 commits

* gofumpt and update status badges ([#75](https://github.com/containerd/zfs/pull/75)) * [`5e3457b`](https://github.com/containerd/zfs/commit/5e3457b5e3b8e586e7b634da7bb1d05bafa7af97) TestZFSUsage: use t.TempDir() * [`6e9c675`](https://github.com/containerd/zfs/commit/6e9c675d5fb46bfef3450b97dc66705b9b1c1257) README: update badges * [`ff17a79`](https://github.com/containerd/zfs/commit/ff17a79101fc3854e86b150fe1bcb5ef67dbde6c) gofmt code * go.mod: github.com/mistifyio/go-zfs/v3 v3.0.1 ([#73](https://github.com/containerd/zfs/pull/73)) * [`d3485b9`](https://github.com/containerd/zfs/commit/d3485b960a0f962115d5b27af414ef00afc3f327) go.mod: github.com/mistifyio/go-zfs/v3 v3.0.1 * gha: fix golangci-lint, and upgrade to v1.52.2 ([#74](https://github.com/containerd/zfs/pull/74)) * [`23c831a`](https://github.com/containerd/zfs/commit/23c831a523b5e4a183ab296098fed921392b2b66) remove pre-go1.17 build-tags, and fix missing build-tags in plugin * [`e5acd95`](https://github.com/containerd/zfs/commit/e5acd9583b95971c99a3d1f75c2d45f5d300da00) gha: fix golangci-lint, upgrade to v1.52.2 * Bump github.com/containerd/containerd from 1.6.12 to 1.6.18 ([#72](https://github.com/containerd/zfs/pull/72)) * [`00b96c2`](https://github.com/containerd/zfs/commit/00b96c267860d15a5e075f5137d945e3a1e27248) Bump github.com/containerd/containerd from 1.6.12 to 1.6.18 * Bump github.com/containerd/containerd from 1.6.9 to 1.6.12 ([#69](https://github.com/containerd/zfs/pull/69)) * [`a099def`](https://github.com/containerd/zfs/commit/a099def4fa00d26dca5d962e5dcff913803b773d) Bump github.com/containerd/containerd from 1.6.9 to 1.6.12 * Add CodeQL analysis workflow ([#67](https://github.com/containerd/zfs/pull/67)) * [`fee1db7`](https://github.com/containerd/zfs/commit/fee1db7f3d385bcddb3d2f5e3f8ebcd08f161348) Add CodeQL analysis workflow * Update GitHub actions CI workflow ([#66](https://github.com/containerd/zfs/pull/66)) * [`b8b7ab2`](https://github.com/containerd/zfs/commit/b8b7ab2115ea4c674c9183a1bb254006c351759a) Update GitHub actions CI workflow * Upgrade compiler to Go 1.19 and update dependencies ([#68](https://github.com/containerd/zfs/pull/68)) * [`3e729b3`](https://github.com/containerd/zfs/commit/3e729b3f873deef33f7d080e88a15de01ae63ced) Update dependencies * [`3c003f8`](https://github.com/containerd/zfs/commit/3c003f800458ecc9112c9a7f1bcdaaf098d7e317) Upgrade compiler to Go 1.19 * Remove references to io/ioutil package ([#65](https://github.com/containerd/zfs/pull/65)) * [`d700762`](https://github.com/containerd/zfs/commit/d70076257b75ca038a9639e54ef8a83d933ae504) Remove references to io/ioutil package * Update go.mod and move to supported Go version ([#62](https://github.com/containerd/zfs/pull/62)) * [`f52906e`](https://github.com/containerd/zfs/commit/f52906e04f4a33b2671449aec79a57d398e1c9e7) Update Go version to supported version * [`79ca2cb`](https://github.com/containerd/zfs/commit/79ca2cbc2bec7df1b3d1aab4f3b0a4098d65cc5b) Update containerd depedency to latest * go.mod: github.com/mistifyio/go-zfs v3.0.0 ([#59](https://github.com/containerd/zfs/pull/59)) * [`2e3db29`](https://github.com/containerd/zfs/commit/2e3db29964df41b3356359616600ea6be38b49b7) go.mod: github.com/mistifyio/go-zfs v3.0.0 * go.mod: github.com/mistifyio/go-zfs/v3 v3.0.0-20220217145925-d014733a5309 ([#58](https://github.com/containerd/zfs/pull/58)) * [`d904e63`](https://github.com/containerd/zfs/commit/d904e63fbb8f04816aba652ea37d0d6ad4844ced) go.mod: github.com/mistifyio/go-zfs/v3 v3.0.0-20220217145925-d014733a5309 * Update vendoring to containerd 1.6.x ([#57](https://github.com/containerd/zfs/pull/57)) * [`e021180`](https://github.com/containerd/zfs/commit/e021180c43b6498fe219357bd9af19c77ac04fce) Update vendoring to containerd 1.6.x * Bump github.com/containerd/containerd from 1.5.8 to 1.5.9 ([#55](https://github.com/containerd/zfs/pull/55)) * [`fc0c9a9`](https://github.com/containerd/zfs/commit/fc0c9a9c33db265975afdb845e6bfc596fdc8198) Bump github.com/containerd/containerd from 1.5.8 to 1.5.9 * Bump github.com/containerd/containerd from 1.5.5 to 1.5.8 ([#54](https://github.com/containerd/zfs/pull/54)) * [`5d2f28c`](https://github.com/containerd/zfs/commit/5d2f28cbceb5b0d4246b1c0fc0bf6b41943afb32) Bump github.com/containerd/containerd from 1.5.5 to 1.5.8 * follow-up-#52: fix the order of cause in fmt.Errorf ([#53](https://github.com/containerd/zfs/pull/53)) * [`b3f193d`](https://github.com/containerd/zfs/commit/b3f193d7f00753424184bfd0c584e5c56e7de659) follow-up-#52: fix the order of cause in fmt.Errorf * replace pkg/errors ([#52](https://github.com/containerd/zfs/pull/52)) * [`d5b0a2f`](https://github.com/containerd/zfs/commit/d5b0a2f2e24dbbd22d20fda55743ec31f7bed0c5) replace pkg/errors * Bump github.com/containerd/containerd from 1.5.2 to 1.5.4 ([#51](https://github.com/containerd/zfs/pull/51)) * [`fd6afa5`](https://github.com/containerd/zfs/commit/fd6afa5738a6331f3fccb6cba742bc18949711e0) Bump github.com/containerd/containerd from 1.5.2 to 1.5.4 * Bump containerd to 1.5.2 ([#50](https://github.com/containerd/zfs/pull/50)) * [`aef875e`](https://github.com/containerd/zfs/commit/aef875e0f05b1ceb7190ab90de813500ee1dfd51) bump containerd to 1.5.2 * Rename branches from master to main ([#49](https://github.com/containerd/zfs/pull/49)) * [`35c6af7`](https://github.com/containerd/zfs/commit/35c6af74680574936a45075886e03070283ef172) Rename branches from master to main * sync up with containerd 1.5 GA ([#47](https://github.com/containerd/zfs/pull/47)) * [`3d5efef`](https://github.com/containerd/zfs/commit/3d5efefdedc5ef3c11da2ec27163bc58652eb1c9) vendor sync up with containerd 1.5 ga * README.md: fix CI badge ([#46](https://github.com/containerd/zfs/pull/46)) * [`0977d81`](https://github.com/containerd/zfs/commit/0977d815b7d76b21cb861b04c0f0414d26af3046) README.md: fix CI badge

Dependency Changes

  • github.com/containerd/cgroups/v3 v3.0.1 -> v3.0.2
  • github.com/containerd/zfs v1.0.0 -> v1.1.0
  • github.com/mistifyio/go-zfs/v3 v3.0.1 new

Previous release can be found at v1.7.2

Details

date
July 27, 2023, 9:09 p.m.
name
containerd 1.7.3
type
Patch
official page
https://github.com/containerd/containerd/releases/tag/v1.7.3
👇
Register or login to:
  • 🔍View and search all Containerd releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or