forked from containerd/containerd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathv1.1.0.toml
150 lines (113 loc) · 6.04 KB
/
v1.1.0.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
# commit to be tagged for new release
commit = "HEAD"
project_name = "containerd"
github_repo = "containerd/containerd"
# previous release
previous = "v1.0.0"
pre_release = true
preface = """\
`containerd` provides a daemon for managing running containers.
1.1 is the second major release for `containerd` with added support for CRI, the
Kubernetes [Container Runtime Interface](https://github.com/kubernetes/community/blob/master/contributors/devel/container-runtime-interface.md).
CRI is a new plugin which allows connecting the containerd daemon directly to a
Kubernetes kubelet to be used as the container runtime. The CRI GRPC interface
listens on the same socket as the containerd GRPC interface and runs in the same
process.
In addition to all of the stability and bug fixes backported to 1.0,
1.1 includes...
- CRI plugin
- ZFS, AUFS, and native snapshotter
- Improvements to the `ctr` tool
- Better support for multiple platforms
- Cross namespace content sharing
- Better mount cleanup
- Support for disabling plugins
- TCP debug address for remote debugging
- Update to Go 1.10
- Improvements to the garbage collector
## CRI Plugin
This release of `cri` is a native plugin of `containerd`. It is built into
`containerd` v1.1 and CRI services are enabled by default.
You can now use Kubernetes, with `containerd` directly, without having to use
the intermediate `cri-containerd` daemon. The `cri-containerd` daemon is
end-of-life.
*Note: Please [drain your node](https://kubernetes.io/docs/tasks/administer-cluster/safely-drain-node/) before
upgrading from older versions of `cri-containerd` to `containerd` v1.1.*
You can [use a containerd config file to configure the `cri` plugin](https://github.com/containerd/cri/blob/v1.0/docs/config.md).
### Untrusted Workload Runtime
To run an untrusted pod on a runtime for untrusted workload, such as
[Kata Containers](https://katacontainers.io/) or
[Clear Containers](https://clearlinux.org/containers), you can:
1. Configure a runtime for untrusted workload [with the config option `plugins.cri.containerd.untrusted_workload_runtime`](https://github.com/containerd/cri/blob/v1.0.0/docs/config.md).
2. Create an untrusted pod by setting the annotation `io.kubernetes.cri.untrusted-workload` to `"true"`, for example:
```yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
annotations:
io.kubernetes.cri.untrusted-workload: "true"
spec:
containers:
- name: nginx
image: nginx
```
By default, `cri` will run pods with the default runtime. However, if a pod has
the `io.kubernetes.cri.untrusted-workload` annotation, the `cri` plugin will run
the pod with the runtime for untrusted workloads.
Unless configured otherwise, the default runtime is set to
[runc](https://github.com/opencontainers/runc).
### Container Runtime Interface v1alpha2
The supported CRI (Container Runtime Interface) version for Kubernetes v1.10 is
now `v1alpha2.` This release of `containerd/cri` has been updated to use CRI `v1alpha2`, so
**it only works with Kubernetes v1.10+.**
New CRI features added in `v1alpha2` are all supported:
* Container log rotation: Kubelet rotates container logs.
* Shared pid namespace: Support sharing pid namespace inside a pod.
### Registry Mirror
You can now setup registry configurations with the config option
`plugins.cri.registry`.
Currently only the `mirrors` option is supported. With it, you can specify
registry mirrors and secure/insecure connections.
([doc](https://github.com/containerd/cri/blob/v1.0.0/docs/registry.md))
### End-To-End Test
In terms of testing, we've passed:
* ALL CRI validation tests
* ALL node e2e tests
* ALL e2e tests
The containerd test coverage on GCE is equivalent with Docker now.
All the test results are public: https://prow.k8s.io/?repo=containerd%2Fcontainerd.
### Performance
We significantly improved pod start latency and cpu/memory usage of `cri` plugin
this release.
The continuous benchmark result is published on http://node-perf-dash.k8s.io/.
Job `ci-kubernetes-node-kubelet-benchmark` is for Docker 17.03, and
`ci-cri-containerd-node-e2e-benchmark` is for containerd with `cri` plugin.
All metrics of containerd are either better or comparable with Docker 17.03.
## Try It Out
If you would like to try containerd, please download the binaries included on
this release. If you are using Docker, this version of containerd will be used
in the next major release of Docker.
To set up containerd with Kubernetes...
* For a production quality cluster on GCE brought up with `kube-up.sh`, see [here](https://github.com/containerd/cri/blob/v1.0.0/docs/kube-up.md).
* For a multi-node cluster installer and bring up steps using ansible and kubeadm, see [here](https://github.com/containerd/cri/blob/v1.0.0/contrib/ansible/README.md).
* For creating a cluster from scratch on Google Cloud, see [Kubernetes the Hard Way](https://github.com/kelseyhightower/kubernetes-the-hard-way).
* For a custom installation from release tarball, see [here](https://github.com/containerd/cri/blob/v1.0.0/docs/installation.md).
* To install using LinuxKit on a local VM, see [here](https://github.com/linuxkit/linuxkit/tree/master/projects/kubernetes).
## Support
The [_support horizon_](https://github.com/containerd/containerd/blob/main/RELEASES.md#support-horizon)
for containerd has been updated to include the 1.1 release. With the addition of
the CRI plugin, we are expanding the support horizon for 1.1 to include the
entire lifespan of Kubernetes 1.10. The containerd 1.1 release train will be
considered an active branch with new patches until April 23, 2019 at the
earliest, when 1.2 is released, or until Kubernetes 1.10 reaches end of life.
The 1.1 containerd API is completely compatible with 1.0, any client using 1.0
can safely upgrade to 1.1 without any incompatibilies. The CRI interface
included with the CRI plugin is only supported for Kubernetes 1.10. The CRI
interface is still considered alpha and will only be supported for Kubernetes
1.10. The CRI plugin in containerd 1.1 will also only be supported for
Kubernetes 1.10.
"""
# notable prs to include in the release notes, 1234 is the pr number
[notes]
[breaking]