Revisions of cri-o
Priyanka Saggu (psaggu)
accepted
request 1108438
from
Priyanka Saggu (psaggu)
(revision 78)
- (bsc#1214406) update `kubelet.env`: * to remove the following deprecated/obselete flags: ** `--container-runtime=remote --container-runtime-endpoint=unix:///var/run/crio/crio.sock --runtime-request-timeout=15m` * to add new flag -> `--fail-swap-on=false`
Priyanka Saggu (psaggu)
accepted
request 1108422
from
Priyanka Saggu (psaggu)
(revision 77)
- update `kubelet.env` to remove deprecated/obselete flags: * `KUBELET_EXTRA_ARGS="KUBELET_EXTRA_ARGS="--cgroup-driver=systemd --fail-swap-on=false -v=2"`
Richard Brown (RBrownSUSE)
committed
(revision 76)
- Update to version 1.24.3: * version: bump to 1.24.3 * set add_inheritable_capabilities to true by default * use AddInheritableCapabilities * config: add field AddInheritableCapabilities * resourcestore: add test for stages * server: update stages according to progress with resource creation * resource store: return stage when a watcher is requested * resource store: introduce stages * build(deps): bump golangci/golangci-lint-action from 2 to 3 * Fix nginx based integration tests * Revert "capabilities: drop inheritable" * [1.24] vendor: bump containers/storage to v1.37.2 * Adding annotations for image and sandbox name. * migrate image_list to quay.io * server: handle exit files asynchronously * server: remove exit file in exit monitor * server: cleanup exit monitor function * oci: take opLock for UpdateContainer * version: bump to v1.24.2 * remove succinct option to fix jenkins * Use a default umask of `0o022` * Fix unit test coverage * Fix release-notes tag determination * Upload release notes for each tag * Fix container status for HostToContainer propagation * bump ocicni to 0.4.0 * Fix unit tests * test: set cri stats more idiomatically * utils/RunUnderSystemdScope: fix wrt channel deadlock
Jeff Kowalczyk (jfkw)
accepted
request 990917
from
Jeff Kowalczyk (jfkw)
(revision 75)
- Update to version 1.24.1: CVE-2022-1708 * boo#1200285 CVE-2022-1708 * bump to v1.24.1 * conmonmgr: query help text to see if it supports log-global-size-max * add support for conmon log-global-size-max * oci: cap exec sync length * Fix review issues * Fix it case failed * Fix review issues * Add integration test for remove paused ctr * 1.When in paused state, stop contianer should unpause it 2.We should treat paused state as running, or kubelet will delete it and restart one * fix review issues * Try to force delete ctr when in paused state * vendor: bump crypto package
Richard Brown (RBrownSUSE)
accepted
request 978588
from
Jeff Kowalczyk (jfkw)
(revision 74)
- Update to version 1.24.0: - Update BuildRequires: golang(API) >= 1.18 - Packaging: unpin go version to BuildRequires: golang(API) >= 1.17
Richard Brown (RBrownSUSE)
committed
(revision 73)
Richard Brown (RBrownSUSE)
committed
(revision 72)
- Update to version 1.23.2: * config/sysctl: fail if there is a + in the value * Revert "config/sysctl: fail if there is a + in the value" * bump to version 1.23.2 * config/sysctl: fail if there is a + in the value * config/sysctls: validate against invalid spaces * server: stop deleting pod from idIndex if already gone * [1.23] ci: use kubernetes 1.23, cri-tools 1.23 * contrib/test/int/build/kubernetes: rm deprecated RunAsGroup * hack/build-rpms.sh: fix yum-builddep failures * image: use imageCache value for ImageStatus() * oci: fix a leaked goroutine * Reuse createContainerIO in CreateContainer * Fix vm containers couldn't restore after CRI-O restart * release-notes: add args for checksum fields * Updated format * Generate checksum files for artifacts * bump to v1.23.1 * test: add test for skipped sysctls * server: skip sysctls that would affect the host * server: don't set memory swap when it's not enabled * deep copy List{PodSandbox,Container} structs * ci: use main branch for conmon * server: fix race with kubelet * Fix runtime panic on pod sandbox stats retrieval * ci: use main version of runc * openshift e2e: bump ci image * server: fix a potential NULL-pointer dereference. * pass the main mount point to fix crypto profiles binding * test: update tests for allowed_devices
Richard Brown (RBrownSUSE)
accepted
request 915791
from
Alexandre Vicenzi (avicenzi)
(revision 71)
Update to version 1.22.0
Alexandre Vicenzi (avicenzi)
accepted
request 913227
from
Bernhard Wiedemann (bmwiedemann)
(revision 70)
build with go 1.16 for reproducible binaries (boo#1102408)
Fabian Vogt (favogt)
accepted
request 907895
from
Alexandre Vicenzi (avicenzi)
(revision 69)
Update cri-o to 1.21.2
Richard Brown (RBrownSUSE)
accepted
request 885750
from
Alexandre Vicenzi (avicenzi)
(revision 68)
Update cri-o to 1.21.0
Richard Brown (RBrownSUSE)
accepted
request 884146
from
Alexandre Vicenzi (avicenzi)
(revision 67)
Update cri-o to 1.20.2
Richard Brown (RBrownSUSE)
accepted
request 861671
from
Richard Brown (RBrownSUSE)
(revision 66)
- Update to version 1.19.1: * bump to v1.19.1 * don't do unnecesary iptables restore * switch CRI-O to use its own hostport manager * dual-stack host port manager * fix upstream hostport manager * Add README to hostport folder * fork hosport kubernetes code * [1.19] vendor: bump containers/storage to v1.20.5 * runtime_vm: Ensure closeIOChan is not nil inside CloseStdin's function * runtime: parse oom file for VM type runtimes * runtime_vm: Ignore ttrpc.ErrClosed when removing a container * runtime_vm: StopContainers() should not fail when the VM is shutdown * runtime_vm: Don't let wait() return ttrpc.ErrClosed * runtime_vm: Fix updateContainerStatus() logic * runtime_vm: set Pid and InitPid for VM runtimes * internal/config/node: add checkFsMayDetachMounts * Fix bogus CI test failures * test/config: fix shellcheck warning * test/config: fix "config dir should fail with invalid option" * server: cleanup container in runtime after failed creation
Richard Brown (RBrownSUSE)
accepted
request 834535
from
Sascha Grunert (sgrunert)
(revision 65)
- API Change - CRI-O now manages namespace lifecycles by default - Feature - Add --version-file-persist, a place to put the version file in persistent storage. Now, crio wipe wipes containers if --version-file is not present - Add big_files_temporary_dir to allow customization of where large temporary files are put - Add build support for setting SOURCE_DATE_EPOCH - Added `--metrics-socket`/`metrics_socket` configuration option to allow exposing the metrics endpoint on a local socket path - Added `crio_image_layer_reuse` metric which counts layer reuses during image pull - Added `privileged` field to container status `info` - Added behavior to allow filtering by a partial Pod Sandbox ID - Added configuration validation to ensure a `conmon_cgroup == "pod"` if `cgroup_manager == "cgroupfs"` - Added latest `crun` version to static binary bundle - Added metrics-exporter and [documentation] - Added new metrics `crio_image_pulls_failures` and `crio_image_pulls_successes`. For more information please refer to the [CRI-O metrics guide] - Container HostPort with SCTP protocol is supported. - Containers running `init` or `systemd` are now given a new selinux label `container_init_t`, giving it selinux privileges more appropriate for the workload - If users want the container_kvm_t label when using a runtime that supports kvm separation, they will need to either set the runtime_type to "vm" or have "kata" in the runtime name. E.g [crio.runtime.runtimes.my-kata-runtime] runtime_path = "" runtime_type = "oci" runtime_root = "/run/kata" or [crio.runtime.runtimes.my-kata-runtime] runtime_path = "" runtime_type = "vm" runtime_root = "/run/kata" - Re-add the behavior that string slices can be passed to the CLI comma separated, for example `--default-capabilities CHOWN,KILL` - Removed `socat` runtime dependency which was needed for pod port forwarding - Return pod image, pid and spec in sandbox_status CRI verbose mode - Design - Hooks_dir entries are now created if they don't exist - Documentation - Added `crun` container runtime to `crio.conf` - Added dependency report to generated release notes - The changelog is now rendered by a custom go template and contains the table of contents - Bug or Regression - Adding additional runtime handler doesn't require the user to copy existing default runtime handler configuration. The existing default runtime handler configuration will be preserved while adding the new runtime handler. - ExecSync requests will ask conmon to not double fork, causing systemd to have fewer conmons re-parented to it. conmon v2.0.19 or greater is required for this feature. - Fix handling of the --cni-plugin-dir and other multivalue command line flags - Fix path to bash via `/usr/bin/env` in crio-shutdown.service - Fix the container cgroup in case cgroupfs cgroup manager is used - Fix working set calculation - Fixed `crio version` binary mode parsing on musl toolchains - Fixed a bug where crictl only showed pod level stats, not container level stats. - Fixed a bug where exec sync requests (manually or automatically triggered via readiness/liveness probes) overwrite the runtime `info.runtimeSpec.process.args` of the container status - Fixed bug where Pod creation would fail if Uid was not specified in Metadata of sandbox config passed in a run pod sandbox request - Fixed bug where pod names would sometimes leak on creation, causing the kubelet to fail to recreate - Fixed crio restart behavior to make sure that Pod creation timestamps are restored and the order in the list of pods stays stable across restarts - Fixed wrong linkmode output - Reflects resource updates under the container spec. - Other - Added info logs for image pulls and image status - Cleanup default info logging - Cleanup go module and vendor files. - Pod creation now fails if conmon cannot be moved to the cgroup specified in `conmon_cgroup`. Our default value for `conmon_cgroup` is `system.slice`, which is invalid for cgroupfs. As such, if you use cgroupfs, you should change `conmon_cgroup` to `pod` - Removed `crio-wipe.service` and `crio-shutdown.service` systemd units from the static bundle since they are not required - Uncategorized - Add `--drop-infra-ctr` option to ask CRI-O to drop the infra container when a pod level pid namespace isn't requested. This feature is considered experimental - Adds a new optional field, runtime_type, to the "--runtimes" option. - Cleanup and update nix derivation for static builds - Fix a bug where a sudden reboot causes incomplete image writes. This could cause image storage to be corrupted, resulting in an error `layer not known`. - Fix bug where empty config fields having to do with storage cause `/info` requests to return incorrect information - Fixes panic when /sys/fs/cgroup can't be stat'ed - If the default_runtime is changed from the default configuration, the corresponding existing default entry in the runtime map in the configuration will be ignored. - Remove support for `--runtime` flag - Updated `crictl.yaml` configuration inside the repository to reflect cri-tools v1.19.0 changes - Dependency-Change - Compile with go 1.15
Sascha Grunert (sgrunert)
accepted
request 824020
from
Callum Farmer (gmbr3)
(revision 64)
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
Thorsten Kukuk (kukuk)
accepted
request 821890
from
Sascha Grunert (sgrunert)
(revision 62)
- Update to version 1.18.3: - Fix a bug where a sudden reboot causes incomplete image writes. This could cause image storage to be corrupted, resulting in an error layer not known. - Fixed bug where pod names would sometimes leak on creation, causing the kubelet to fail to recreate - If conmon is v2.0.19 or greater, ExecSync requests will not double fork, causing systemd to have fewer conmons re-parented to it
Sascha Grunert (sgrunert)
accepted
request 815806
from
Dirk Mueller (dirkmueller)
(revision 61)
- Update to version 1.18.2: * Bump version to v1.18.2 * criocli: Avoid parsing the config twice * StringSliceTrySplit: return a copy of the underlying slice * Restore version output from crio --version * Add info logs for image pull and status CRI calls * managed_ns: deflake tests * bump containers image to 5.4.4 (fixes gh#containers/image/issues/898)
Richard Brown (RBrownSUSE)
accepted
request 806778
from
Sascha Grunert (sgrunert)
(revision 60)
- Update to version 1.18.1: - Feature - Add -–version-file-persist, a place to put the version file in persistent storage. Now, crio wipe wipes containers if -–version-file is not present (presumably it is on temporary storage), and wipes images if both -–version-file and -–version-file-persist are out of date (presumably there has been an upgrade of cri-o’s minor version - Containers running init or systemd are now given a new selinux label container_init_t, giving it selinux privileges more appropriate for the workload - Other (Bug, Cleanup or Flake) - Fix linkmode retrieval on crio version for static binaries - Fix a bug where CRI-O could not start a container if CONFIG_CGROUP_HUGETLB was not set in the kernel - Re-add the behavior that string slices can be passed to the CLI comma separated, for example --default-capabilities CHOWN,KILL - Removed crio-wipe.service and crio-shutdown.service systemd units from the static bundle since they are not required - Fix some crio version oddities
Sascha Grunert (sgrunert)
accepted
request 798796
from
Sascha Grunert (sgrunert)
(revision 59)
- Remove the `go >= 1.13` build requirement
Displaying revisions 1 - 20 of 78