CRI-O - v1.12.0
Welcome to the v1.12.0 release of CRI-O!
Kubernetes Runtime Class
Kubernetes Runtime Class introduced in Kubernetes 1.12 is supported. Notice that a feature gate must be enabled in the kubelet in order to leverage Runtime Class.
Users can:
* Configure alternative runtime handlers with the config option crio.runtime.runtimes, e.g. crio.runtime.runtimes.kata.
* Use the alternative runtime handler in Kubernetes by creating RuntimeClass for the runtime handler, and specifying RuntimeClassName in the pod spec. (doc)
* The crio.runtime.runtime_untrusted_wordload config option and io.kubernetes.cri.untrusted-workload pod annotation are still functional, but start being deprecated. It is recommended to migrate to the RuntimeClass api.
* The crio.runtime.default_workload_trust config option is still functional, but start being deprecated. It is recommended to migrate to the RuntimeClass api.
* The crio.runtime.runtime config option and associated flag is still functional, but start being deprecated. It is recommended to migrate to the crio.runtime.runtimes config and flag.
* A new crio.runtime.default_runtime config and flag options have been added to choose the default runtime to use in CRI-O from the list of crio.runtime.runtimes.
Please try out the release binaries and report any issues at
https://github.com/kubernetes-sigs/cri-o/issues.
Contributors
- Antonio Murdaca
- Archana Shinde
- Chris Evich
- Daniel J Walsh
- Eric Ernst
- Giuseppe Scrivano
- Klaas Demter
- Mikko Ylinen
- Miloslav Trmač
- Mrunal Patel
- RA489
- Salvador Fuentes
- Sebastien Boeuf
- Urvashi Mohnani
- Valentin Rothberg
- Vincent Batts
- W. Trevor King
- baude
- k8s-ci-robot
- mooncake
- umohnani8
- wjiang
Changes
- 774a29ecf version: bump to v1.12.0
- 70d5f53b1 docs: tweak crio and crio.conf man pages
- 70d1af366 config: provide a default runtime and deprecate the runtime option
- 74bf69991 Fix typos issues
- 7b7f745e7 cri: Implement runtime handler support
- 075c2c4c5 Don't use runc kill -all
- 32875a28b sandbox_run: skip sctp protocol hostport mapping
- b1f923106 container_create: honor readonly and masked paths from the CRI
- 8474b0f36 vendor: update to kube 1.12
- f90cdc47d Merge pull request #1828 from runcom/nodev-1.12
- 38ba6a0a8 BACKPORT: Add nodev to options of bind mounts from kube
- 7c2e747ae Merge pull request #1846 from runcom/sigpipe-sigusr1
- 14bea8270 Merge pull request #1844 from runcom/ulimits-1.12
- ec2714a54 Write crio goroutine stacks to a file on SIGUSR1
- b7d37378b utils: Add function to write goroutine stacks to a file
- d927396fd utils: Add function to write goroutine stacks
- 47a645c16 cmd: crio: catch and ignore SIGPIPE
- f48d6d5e6 Merge pull request #1845 from mrunalp/fix_sync_1.12
- 9ca60a55a Use fsync instead of sync for stateful set tests
- c0fe6726d *: implement default ulimits for containers
- 2cbe48b89 Merge pull request #1817 from mythi/leak
- 3f0532be8 runPodSandbox: clean up containers on error path
- 1feff83f2 Merge pull request #1814 from umohnani8/vendor
- 11315cb06 Vendor in latest containers/image and containers/storage
- 3b00e355d Merge pull request #1754 from mrunalp/ctr_status_info
- 6e39d0c54 Merge pull request #1748 from amshinde/cni-results
- 855a36109 container_status: Add debug info for container
- 2c423343c Merge pull request #1807 from mrunalp/tty_logs_crictl_master
- 71f846071 Merge pull request #1803 from mrunalp/fix_list_create_race
- 82ddcecd5 test: Use crictl logs for parsing log file in tty test
- 7ca2f9134 sandbox: Don't return sandboxes that aren't created
- d16f81736 sandbox: Add a created flag with getter/setters
- 3fa004aee sandbox: Rename Sandbox created to createdAt
- 980300c9b container: Don't return a container that isn't created
- 86ffce25d oci: Add a created flag and getter/setter for container
- 8afc34092 Merge pull request #1799 from umohnani8/test
- f3625e679 Pick up new tests for critest
- ade289852 Merge pull request #1772 from runcom/e2e-parallel
- 220612da5 cni: Add CNI result JSON as an annotation
- 95c7b216a vendor: fixes from 1783
- d6e0e40dd *: move to bats-core/bats-core
- 3eafb475b contrib: test: remove critest benchmarks
- 50513b75f contib: test: enable critest junit reports
- 7fe7ee214 contrib: test: use release-* branches, not master
- 0cca478c0 server: don't wipe out the selinux mount label if privileged
- 9130c8ffc sandbox_list: use in memory created time
- 52f0336fd ctr status: rely on memory, not runc state
- fb1095aab image_pull: fix variable shadowing
- ad5f6af48 contrib: test: skip pod readiness gates test
- a3041d826 contrib: test: run e2e in parallel
- 7402a30ec Merge pull request #1786 from mrunalp/rename_fixup
- e26db4c3d sandbox_status: Use simple key->value for debug info
- 4d584dcb7 test: Fixup kubernetes-incubator to kubernetes-sigs
- c53ff7d70 Merge pull request #1788 from mrunalp/add_crio_sigs_dir
- 05c1e8d71 test: Add directory for kubernetes-sigs
- 4cd5a7c60 Merge pull request #1783 from mrunalp/move_to_sigs
- f11cad3dd Fixups for cri-o repo move to kubernetes-sigs
- 0db4c4d44 Merge pull request #1773 from Klaas-/klaas-fixman
- 6fd770281 Fix manpage to correctly state default storage driver
- 9246d35b4 Merge pull request #1749 from vrothberg/conf-manpage
- 63860a45b Merge pull request #1579 from cevich/int_with_userns
- 50539c31c crio.conf(5): update manpage to the latest state
- 3fc75c501 Merge pull request #1721 from umohnani8/sysctl
- ea19b02b2 Merge pull request #1761 from runcom/redunant-image-check
- 03cdc9c36 image_pull: remove redunant CanPull check
- 237634355 Merge pull request #1759 from mrunalp/go_1.11_travis
- 021489840 Fix formatting for Warnf
- b2bc34a30 travis: Switch to go 1.11
- decbac9bb Merge pull request #1758 from runcom/ignore-server-closed-stream
- ca3d2ca7e Merge pull request #1756 from mrunalp/go_1.11
- 6e093f15c server: ignore server closed error
- 92297ca7d test: Switch to go 1.11
- 841539d5e Remove sysctl parsing code from cri-o
- 0337ab858 Add default_systcls option to crio.conf
- aa4f63c36 Merge pull request #1755 from mrunalp/update_runc
- 6c4e85748 Update runc to latest
- c71d4733b Merge pull request #1743 from vrothberg/use-libpod-pkg-apparmor
- 2d9307023 apparmor: use github.com/containers/libpod/pkg/apparmor
- b6c5cafef Merge pull request #1696 from sboeuf/issue_1695
- 93f44c231 oci: Define a timeout for WaitContainerStateStopped()
- 2accad9fa Merge pull request #1729 from giuseppe/rootless
- df9f1761a Merge pull request #1744 from giuseppe/fix-reboot
- 65c41c13a crio: basic support for rootless mode
- 478192722 crio: revert 9699d24a09367e240bce3073435ef333a71f6da7
- 6e03ced47 oci: fix segfault if cgroupfs cannot be configured
- ef4367daa oci: propagate XDG_RUNTIME_DIR to conmon
- 7390e9c7e config: allow to override attach socket dir
- 26253ad9a config: add missing container_exits_dir to the config template
- eea99fa21 config: allow to override file_locking_path
- 099237f1e Merge pull request #1739 from rhatdan/podman
- 3ae11212e Merge pull request #1741 from mrunalp/low_mem_test_latest
- 149d71e9f test: Add a test for low memory configured
- f9ce540fb Merge pull request #1722 from mrunalp/check_min_memory
- 2a7ac791f Merge pull request #1735 from rhatdan/volume
- f480b5530 Begin shifting to use podman rather then docker
- 6ceadd83d Merge pull request #1718 from vrothberg/fix-aa-build
- d6dfba33b config: move file_locking to the correct place
- c541e7c6b Merge pull request #1724 from giuseppe/fix-segfault-conmon
- 27eb4ac34 Image Volumes should be bind mounted as private
- c4f232a57 Merge pull request #1731 from mtrmac/c-image-vendor
- 4e7f71b71 Update containers/image
- 59f037ff7 Merge pull request #1720 from RA489/addlicense
- 52d9c7911 Create LICENSE
- d5c3b25ff container_create: Set a minimum memory limit
- 3c30a2f1b conmon: fix segfault when --log-level is not specified
- d724f3d54 Merge pull request #1719 from mrunalp/update_k8s_latest
- 896b284a0 vendor: Update k8s dependencies to latest
- acc0ee767 Merge pull request #1717 from wjiangjay/conmon_typo
- 73b690140 Fix AppArmor build
- 4640cc4d1 fix typo
- 909d63b2e Merge pull request #1716 from runcom/ipv6-fix
- 1c0a87d69 Merge pull request #1693 from umohnani8/logs
- 7225e6c08 sandbox_network: allow ipv6 addresses
- 4c587e6b2 Merge pull request #1714 from runcom/stream-localhost-random-port
- cda282ee7 Merge pull request #1517 from wking/upstream-hook-schema
- a5460880f server: serve streaming on localhost on a random port
- 662dbb31b Add log-level option to conmon and crio.conf
- 3961eb395 Merge pull request #1705 from chavafg/topic/add-stream-port
- ec7245bef Merge pull request #1707 from runcom/fix-caps-error-invalid
- d2bcd76b4 server/container_create: error out if capability is unknown
- 36e1f9501 tests: Add the possibility to change stream_port
- 99fe854b1 vendor: Bump libpod to v0.6.2 and vendor x/text/collate
- 50d499391 lib: Use libpod's hooks package
- 59f94186f Merge pull request #1701 from egernst/kata-priv
- dd88b2de8 Merge pull request #1699 from umohnani8/tutorial
- 49844dc10 oci: update privilege/trust handling
- cc96565de Remove "--log-level debug" from service file
- 121d5aac3 Secondary run of int. tests w/ userNS
- 57c405363 Merge pull request #1698 from giuseppe/conmon-close-fds-before-exit
- 569bb533e Fixes based on review feedback
- 19fa4a964 conmon: close extra files before exit
- f81a88fe1 Simplify definition of STORAGE_OPTIONS
- 001ef6332 Allow running int. tests with userns enabled
- ad140321c Merge pull request #1655 from vbatts/platform-015
- 965cf181e server: isolate linux only functions
- 891c82529 server: clean up the intermediate steps in createContainer
- 2062d9044 server: Listen named pipe on windows
- f7aeb281b server: paths updates for server socket
- f6066044e server: shuffle platform dependent operations
- 1af50d7dc Merge pull request #1672 from rhatdan/maxint32
- b68ada453 Merge pull request #1682 from wking/mask-proc-keys
- 50bac1d96 server/container_create: Mask /proc/keys
- 3374df83c Merge pull request #1677 from chavafg/topic/remove-sleep
- 25055c006 Merge pull request #1679 from rhatdan/acpi
- 722fc526a Block use of /proc/acpi from inside containers
- e2f8d9709 tests: remove more sleeps from ctr.bats
- 14c22defb Merge pull request #1676 from baude/vendorruntimetools
- c8062b3a5 4294967295 does not fit in an int on 32 bit systems
- 0d1078d87 vendor in new opencontainers/runtime-tools
- 9a46eba94 Merge pull request #1675 from mrunalp/change_version
- 09aa3e667 version: v1.12.0-dev
- c1c2cf1ea Merge pull request #1670 from mrunalp/remove_extra_config
- 9699d24a0 server: Don't make additional copy of config.json
- 3b86cde03 Merge pull request #1665 from mrunalp/readme_update_1.11
- e49b4cd12 readme: Add 1.11 to compatibility matrix
- 168d5320b Merge pull request #1649 from rhatdan/vendor
- bbf55c08a Merge pull request #1654 from wking/phony-pattern-rules
- 0bd308720 Vendor in latest go-selinux so that it supports non linux builds
- 45ccf0889 Merge pull request #1660 from vbatts/platform-017
- 0758fc09b vendor: update github.com/cri-o/ocicni
- 41667a364 Merge pull request #1630 from vbatts/seccomp-pkg
- ec535f659 Merge pull request #1634 from vbatts/platform-014
- 1bf8625a3 Merge pull request #1656 from chavafg/topic/fix-rc
- d7c5b565e tests: Add timeout before stop container.
- ffc167dcc Makefile: Add .explicit_phony target for bin/crio.cross.%
- 1a11fe2b4 seccomp: package not limited to server
- f9f8a53f1 Merge pull request #1651 from umohnani8/logs
- 4c3ca18b7 *: windows default paths
- 768c77954 Merge pull request #1645 from giuseppe/sc-change-centos-repo
- aa4994bbe Reduce amount of logs being printed by default
- 887d3a880 system-container: change repo for CentOS
- 953f837b6 Merge pull request #1506 from vbatts/platform-010
- 9419abb8d Merge pull request #1646 from giuseppe/sc-maintainer
- 9a1890cab system-container, fedora: update maintainer
- dbfd0622a system-container, centos: update maintainer
- 049d9417d Merge pull request #1643 from mrunalp/update_ocicni
- f9ae39e39 Merge pull request #1641 from giuseppe/conmon-dont-unset-env
- d1fbcf84c Update ocicni to latest
- 0acf84940 conmon: do not use an empty env when running the exit command
- ec671e3c4 travis: test cross platform compile
- e5031fcf9 Makefile: target to for cross platform
Dependency Changes
Previous release can be found at v1.11.0
- 258e2a2fa64568210fbd6267cf1d8fd87c3cb86e -> 045dc31ee5c40e8240241ce28dc24d7b56130373 k8s.io/utils
- -> release-1.12 k8s.io/csi-api
- fdbc3d6d9507f699bbfd557dce0640c02b5f60e4 -> 1c243a8a8eb44d491790798afc9b634c6f6a6380 github.com/opencontainers/runtime-tools
- -> a6bd8cefa1811bd24b86f8902872e4e8225f74c4 golang.org/x/oauth2
- release-1.11 -> release-1.12 k8s.io/kubernetes
- release-8.0 -> release-9.0 k8s.io/client-go
- release-1.11 -> release-1.12 k8s.io/api
- release-1.11 -> release-1.12 k8s.io/apimachinery
- -> 05fbef0ca5da472bbf96c9322b84a53edc03c9fd github.com/modern-go/reflect2
- bf40560368791a7dddfeea9b3cfcf89b34139f44 -> e3762e86a74c878ffed47484592986685639c2cd k8s.io/kube-openapi
- 1.0.0 -> f2b4162afba35581b6d4a50d3b8f34e33c144682 github.com/json-iterator/go
- v2.1.3 -> 89060dee6a84df9a4dae49f676f0c755037834f1 gopkg.in/square/go-jose.v2
- -> bacd9c7ef1dd9b15be4a9909b8ac7a4e313eec94 github.com/modern-go/concurrent
- -> v0.8.3 github.com/containers/libpod
- a763f065e909662a2a71e8c5b72f87d998720526 -> 8f11f3ad8912d8bc43a7d25992b8f313ffefd430 github.com/containers/image
- 6ccd0b50d53ae771fe5259ff7a4039110777aa2d -> b6fa367ed7f534f9ba25391cc2d467085dbb445a github.com/opencontainers/selinux
- 7374120527ddb7edb1c946579413a6f8a3585407 -> 84aa158d2bacf95147b2b0a89615dd665630f440 github.com/cri-o/ocicni
- 88d80428f9b146f8f9fe7e2e8cc8688a5aae1a4e -> 68332c059156eae970a03245cfcd4d717fb66ecd github.com/containers/storage
- release-1.11 -> release-1.12 k8s.io/apiserver
- ce80fa0a64803d52883955cb77b2708b438a0b28 -> 459bfaec1fc6c17d8bfb12d0a0f69e7e7271ed2a github.com/opencontainers/runc
- -> v0.5.4 github.com/ulikunitz/xz
- release-1.11 -> release-1.12 k8s.io/apiextensions-apiserver
Details
date
Oct. 19, 2018, 8:57 a.m.
name
v1.12.0
type
Minor
official page
👇
Register or login to:
- 🔍View and search all CRI-O releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!