Skip to content

containerd 1.7.1
Compare
Choose a tag to compare
@github-actions github-actions released this 10 May 03:07
· 1943 commits to main since this release
v1.7.1
This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Learn about vigilant mode.
1677a17
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Welcome to the v1.7.1 release of containerd!

The first patch release for containerd 1.7 includes many fixes to CRI
sandbox mode, various other fixes, runc update, and important fixes in
core dependencies such as ttrpc and typeurl.

CRI/Sandbox Updates

  • Throw not supported error when UID or GID mappings provided (#8211)
  • Cleanup shim on start failure (#8282)
  • Fix premature close of CRI service when there are no CNI configuration monitors (#8282)
  • Avoid UID lookup from mount on Darwin (#8314)
  • Keep Linux mounts for Linux sandboxes on non-Linux hosts (#8331)
  • Add noexec,nodev,nosuid to /etc/resolv.conf bind mount (#8336)
  • Remove entry for container from container store on error (#8457)
  • Fix unmarshal in container metrics (#8472)

Other Notable Updates

  • Use readonly for temporary mounts (#8300 #8358)
  • Fix skip docker manifest option on image exporter (#8344)
  • Update runc binary to v1.1.7 (#8451)
  • Fix runtime path task option (#8453)
  • Fix panic from nil checkpoint options (#8475)
  • Fix transfer service configuration options (#8491)
  • Fix server-side goroutine leak on receive message error (ttrpc#141)
  • Fix panic caused by race to close send channel (ttrpc#140)
  • Fix unmarshal to return non-nil object when nil value (ttrpc#140)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Sebastiaan van Stijn
  • Akihiro Suda
  • Iceber Gu
  • Phil Estes
  • Maksym Pavlenko
  • Wei Fu
  • Danny Canter
  • Kirtana Ashok
  • Rodrigo Campos
  • Samuel Karp
  • Vinayak Goyal
  • Austin Vazquez
  • Justin Chadwell
  • Kazuyoshi Kato
  • Brad Davidson
  • Djordje Lukic
  • Ethan Lowman
  • Laura Brehm
  • Michael Crosby

Changes

68 commits

  • [release/1.7] Prepare release notes for v1.7.1 (#8501)
  • [release/1.7] Update ttrpc v1.2.2 (#8499)
  • [release/1.7] runtime/shim: fix the nil checkpoint options (#8475)
    • 3ef5b689a runtime/shim: fix the nil checkpoint options
  • [release/1.7] bump typeurl to v2.1.1 (#8495)
  • [release/1.7] Transfer service backports (#8491)
    • 35e86f96c [transfer] avoid setting limiters when max is 0
    • f7233811f Update transfer configuration
    • 4510eac00 Fix image pulling with Transfer service
  • [release/1.7]Update hcsshim tag to v0.10.0-rc.8 (#8480)
    • aaa65e8c1 Update hcsshim tag to v0.10.0-rc.8
  • [release/1.7] cri: Fix umarshal metrics (#8472)
    • 95ef67e19 Fix umarshal metrics for CRI server
  • [release/1.7 backport] update go to go1.20.4, go1.19.9 (#8471)
  • [release/1.7] fix the task setting the runtime path (#8453)
    • c0e128624 skip TestContainerStartWithAbsRuntimePath if the runtime is v1
    • aa3c63c15 integration: add container start test using abs runtime path
    • d2d9eedb1 WithRuntimePath uses the TaskInfo.RuntimePath field
  • [release/1.7] Remove entry for container from container store on error (#8457)
    • 6b3ae0129 Remove entry for container from container store on error
  • [release/1.7 backport] update runc binary to v1.1.7 (#8451)
  • [release/1.7] cri: Vendor v0.27.1 (#8444)
  • [release/1.7 backport] oci: partially restore comment on read-only mounts for uid/gid uses (#8404)
    • 1bbf98e53 oci: partially restore comment on read-only mounts for uid/gid uses
  • [release/1.7] Fix argsEscaped tests (#8405)
  • [release/1.7] Throw an error if the kubelet requests mounts with uid/gid mappings (#8211)
    • 7de8629be cri: Throw an error if idmap mounts is requested
    • 75ac7e0d8 cri: Vendor v0.27.0-beta.0 for mounts uid/gid mappings
  • [release/1.7] go.mod: remove redundant replace, and some cleaning-up (#8396)
    • 8f6e86fec go.mod: add comment explaining go-fuzz-headers replace rule
    • 1ece0cb50 go.mod: remove replace for github.com/opencontainers/runtime-tools
    • e9f962187 go.mod: integration: use non-pre-release of containerd
    • 84393b005 go.mod: integration: move indirect dependencies to the right group
  • [release/1.7 backport] update runc binary to v1.1.6 (#8386)
  • [release/1.7 backport] oci: Use WithReadonlyTempMount when adding users/groups (#8358)
    • 54d12b872 oci: Use WithReadonlyTempMount when adding users/groups
  • [release/1.7 backport] update go to go1.20.3, go1.19.8 (#8354)
  • [release/1.7] archive: consistently respect value of WithSkipDockerManifest (#8344)
    • 1d6641b7c export: add test for WithSkipDockerManifest
    • 0e0d84f6b archive: consistently respect value of WithSkipDockerManifest
  • [release/1.7] Add noexec nodev and nosuid to sandbox /etc/resolv.conf mount bind. (#8336)
    • 9b4935d86 Update sbserver to add noexec nodev and nosuid to /etc/resolv.conf mount bind.
    • 5e953cfa6 Test to ensure nosuid,nodev,noexec are set on /etc/reolv.conf mount.
    • 0aad93f08 Add noexec nodev and nosuid to sandbox /etc/resolv.conf mount bind.
  • [release/1.7] ctr/tasks: fix unmarshal the task metrics for cgroups v1 (#8335)
    • 1a64f1b43 ctr/tasks: fix unmarshal the task metrics for cgroups v1
  • [release/1.7] Keep linux mounts for linux sandboxes on Windows/Darwin (#8331)
    • 17c52a26d Keep linux mounts for linux sandboxes on Windows/Darwin
  • [release/1.7] update runc binary to v1.1.5 (#8325)
    • d81fc15af update runc binary to v1.1.5
    • 755efbe64 go.mod: github.com/opencontainers/runc v1.1.5
  • [backport 1.7] Defer uid lookups on Darwin (#8314)
  • [release/1.7 backport] Add WithReadonlyTempMount to create readonly temporary mounts (#8300)
    • b7d87b190 Add WithReadonlyTempMount to create readonly temporary mounts
  • [release/1.7] Backport Sandbox/CRI fixes (#8282)
    • 1c1b6bcb2 CRI: Don't always close netConfMonitor channel
    • cf2e454bf Sandbox: Correct/add some fields to Status()
    • ce68e8e0d Sandbox: Cleanup shim on Start failure

Changes from containerd/ttrpc

8 commits

  • First process the pending messages in recv channel (#144)
    • c51165f First process the pending messages in recv channel
  • Add recvClose channel to stream (#140)
    • 471297e Add recvClose channel to stream
  • Unwrap IO errors in server connection error handling (#141)
    • 9599fad Unwrap io errors in server connection receive error handling
  • Update GitHub actions CI workflow (#124)
    • c7b5a32 Update GitHub actions CI workflow

Dependency Changes

  • github.com/Microsoft/go-winio v0.6.0 -> v0.6.1
  • github.com/Microsoft/hcsshim v0.10.0-rc.7 -> v0.10.0-rc.8
  • github.com/containerd/ttrpc v1.2.1 -> v1.2.2
  • github.com/containerd/typeurl/v2 v2.1.0 -> v2.1.1
  • github.com/golang/protobuf v1.5.2 -> v1.5.3
  • github.com/opencontainers/runc v1.1.4 -> v1.1.5
  • github.com/opencontainers/runtime-tools 946c877fa809 -> 2e043c6bd626
  • golang.org/x/mod v0.7.0 -> v0.9.0
  • golang.org/x/net v0.7.0 -> v0.8.0
  • golang.org/x/sys v0.6.0 -> v0.7.0
  • golang.org/x/term v0.5.0 -> v0.6.0
  • golang.org/x/text v0.7.0 -> v0.8.0
  • golang.org/x/tools v0.5.0 -> v0.7.0
  • google.golang.org/protobuf v1.28.1 -> v1.29.1
  • k8s.io/cri-api v0.26.2 -> v0.27.1

Previous release can be found at v1.7.0

Assets 48