Containerd Versions Save

Welcome to the v1.6.27 release of containerd!

The twenty-seventh patch release for containerd 1.6 contains various fixes and updates.

Notable Updates

• Improve /etc/group handling when appending groups (#9543)
• Update runc binary to v1.1.11 (#9597)
• Remove runc import (#9606)
• Update shim pidfile permissions to 0644 (#9613)
• Update Go version to 1.20.13 (#9625)

Deprecation Warnings

• Emit deprecation warning for CRIU config usage (#9448)
• Emit deprecation warning for some CRI configs (#9447)
• Emit deprecation warning for containerd.io/restart.logpath label usage (#9572)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Samuel Karp
• Akihiro Suda
• Derek McGowan
• Sebastiaan van Stijn
• Djordje Lukic
• Jaroslav Jindrak
• Kay Yan
• Maksym Pavlenko
• Phil Estes
• Wei Fu
• ruiwen-zhao

Changes

26 commits

• [release/1.6] Prepare release notes for v1.6.27 (#9631)
  • d0edecf28 Prepare release notes for v1.6.27
• [release/1.6] update to go1.20.13, test go1.21.6 (#9625)
  • 32a515211 update to go1.20.13, test go1.21.6
• [release/1.6 backport] shim: Create pid-file with 0644 permissions (#9613)
  • 37de14d95 shim: Create pid-file with 0644 permissions
• [release/1.6 backport] remove github.com/opencontainers/runc dependency (#9606)
  • 3938d63de remove github.com/opencontainers/runc dependency
• [release/1.6 backport] update runc binary to v1.1.11 (#9597)
  • 9a9b11f73 update runc binary to v1.1.11
• [release/1.6 backport] go.mod: dario.cat/mergo v1.0.0 (#9570)
  • 6cd8e17ab go.mod: dario.cat/mergo v1.0.0
  • 4f8ff5154 go.mod: github.com/imdario/mergo v0.3.13
• [release/1.6] restart: containerd.io/restart.logpath warning (#9572)
  • d24d263a4 restart: containerd.io/restart.logpath warning
• [release/1.6 backport] WithAppendAdditionalGroups: better /etc/group handling (#9543)
  • 9489c0eb0 WithAppendAdditionalGroups: better /etc/group handling
• [release/1.6] cri: add deprecation warnings for deprecated CRI configs (#9547)
  • 713065793 deprecation: fix missing spaces in warnings
  • de0cc92a7 cri: add deprecation warning for runtime_root
  • 833b94149 cri: add deprecation warning for rutnime_engine
  • 47de3d63d cri: add deprecation warning for default_runtime
  • d421b8fda cri: add warning for untrusted_workload_runtime
  • 802cb64b0 cri: add warning for old form of systemd_cgroup
• [release/1.6] Add warning for CRIU config usage (#9546)
  • f8447466c Add warning for CRIU config usage

Dependency Changes

• dario.cat/mergo v1.0.0 new
• github.com/moby/sys/user v0.1.0 new

Previous release can be found at v1.6.26

Welcome to the v1.7.12 release of containerd!

The twelfth patch release for containerd 1.7 contains various fixes and updates.

Notable Updates

• Fix on dialer function for Windows (#9501)
• Improve /etc/group handling when appending groups (#9544)
• Update shim pidfile permissions to 0644 (#9548)
• Update runc binary to v1.1.11 (#9596)
• Allow import and export to reference missing content (#9600)
• Remove runc import (#9605)
• Update Go version to 1.20.13 (#9624)

Deprecation Warnings

• Emit deprecation warning for containerd.io/restart.logpath label usage (#9567)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Akihiro Suda
• Sebastiaan van Stijn
• Wei Fu
• Derek McGowan
• Paweł Gronowski
• Jaroslav Jindrak
• Maksym Pavlenko
• Samuel Karp
• Anthony Nandaa
• Bjorn Neergaard
• Djordje Lukic
• Kay Yan

Changes

34 commits

• [release/1.7] Prepare release notes for v1.7.12 (#9632)
  • 775d544fe Prepare release notes for v1.7.12
• [release/1.7] update to go1.20.13, test go1.21.6 (#9624)
  • a5dc5b894 update to go1.20.13, test go1.21.6
• [release/1.7] shim: Create pid-file and address with 0644 permissions (#9548)
  • 8d82242eb shim: Create address file with 0644 permissions
  • 260963a35 shim: Create pid-file with 0644 permissions
• [release/1.7 backport] switch back from golang.org/x/sys/execabs to os/exec (go1.19) (#9602)
  • 872af82f5 remove remaining uses of golang.org/x/sys/execabs
  • 2ad2a2e83 switch back from golang.org/x/sys/execabs to os/exec (go1.19)
• [release/1.7] update to CDI v0.6.1, and remove github.com/opencontainers/runc dependency (#9605)
  • 9251072f7 remove github.com/opencontainers/runc dependency
  • 4e67213d4 vendor: github.com/cncf-tags/container-device-interface v0.6.1
  • e0ee0be0d go.mod: github.com/opencontainers/runtime-spec v1.1.0
  • 02be2236a go.mod: github.com/.../container-device-interface v0.6.0
  • 91f953bb4 go.mod: github.com/opencontainers/runtime-spec v1.1.0-rc.2
• [release/1.7 backport] import/export: Support references to missing content (#9600)
  • 6089b05d9 images/Export: Revert signature change
  • 6b4b760c3 integration/import-export: Add WithSkipMissing tests
  • abb3c5ef9 export: Copy distribution source labels to manifest annotations
  • 9609f04f6 import/export: Support references to missing content
  • 42b60d865 images/archive: use mediatype helpers
• [release/1.7 backport] update runc binary to v1.1.11 (#9596)
  • 23516a99c update runc binary to v1.1.11
• [release/1.7 backport] go.mod: dario.cat/mergo v1.0.0 (#9569)
  • 428714e32 go.mod: dario.cat/mergo v1.0.0
• [release/1.7] restart: containerd.io/restart.logpath warning (#9567)
  • 03fed557e restart: containerd.io/restart.logpath warning
• [release 1.7] backport: fix on dialer function for windows (#9501)
  • 68d237392 fix(pkg/dialer): minor fix on dialer function for windows
• [release/1.7] *: enable ARM64 runner (#9502)
  • c63165123 *: enable ARM64 runner
• [release/1.7 backport] WithAppendAdditionalGroups: better /etc/group handling (#9544)
  • 55e570844 WithAppendAdditionalGroups: better /etc/group handling

Dependency Changes

• dario.cat/mergo v1.0.0 new
• github.com/container-orchestrated-devices/container-device-interface v0.5.4 -> v0.6.1
• github.com/moby/sys/user v0.1.0 new
• github.com/opencontainers/runtime-spec v1.1.0-rc.1 -> v1.1.0

Previous release can be found at v1.7.11

Welcome to the v1.7.11 release of containerd!

The eleventh patch release for containerd 1.7 contains various fixes and updates including one security issue.

Notable Updates

• Fix Windows default path overwrite issue (#9440)
• Update push to always inherit distribution sources from parent (#9452)
• Update shim to use net dial for gRPC shim sockets (#9458)
• Fix otel version incompatibility (#9483)
• Fix Windows snapshotter blocking snapshot GC on remove failure (#9482)
• Mask /sys/devices/virtual/powercap path in runtime spec and deny in default apparmor profile (GHSA-7ww5-4wqc-m92c)

Deprecation Warnings

• Emit deprecation warning for AUFS snapshotter (#9436)
• Emit deprecation warning for v1 runtime (#9450)
• Emit deprecation warning for deprecated CRI configs (#9469)
• Emit deprecation warning for CRI v1alpha1 usage (#9479)
• Emit deprecation warning for CRIU config in CRI (#9481)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Samuel Karp
• Derek McGowan
• Phil Estes
• Bjorn Neergaard
• Danny Canter
• Sebastiaan van Stijn
• ruiwen-zhao
• Akihiro Suda
• Amit Barve
• Charity Kathure
• Maksym Pavlenko
• Milas Bowman
• Paweł Gronowski
• Wei Fu

Changes

39 commits

• [release/1.7] Prepare release notes for v1.7.11 (#9491)
  • dfae68bc3 Prepare release notes for v1.7.11
• [release/1.7] update to go1.20.12, test go1.21.5 (#9352)
  • 0d314401d update to go1.20.12, test go1.21.5
  • 1ec1ae2c6 update to go1.20.11, test go1.21.4
• Github Security Advisory GHSA-7ww5-4wqc-m92c
  • cb804da21 contrib/apparmor: deny /sys/devices/virtual/powercap
  • 40162a576 oci/spec: deny /sys/devices/virtual/powercap
• [release/1.7] Don't block snapshot garbage collection on Remove failures (#9482)
  • ed7c6895b Don't block snapshot garbage collection on Remove failures
• [release/1.7] Add warning for CRIU config usage (#9481)
  • 1fdefdd22 Add warning for CRIU config usage
• [release/1.7] Fix otel version incompatibility (#9483)
  • f8f659e66 Add HTTP client update function to tracing library
  • 807ddd658 fix(tracing): use latest version of semconv
• [release/1.7] Add cri-api v1alpha2 usage warning to all api calls (#9479)
  • dc45bc838 Add cri-api v1alpha2 usage warning to all api calls
• [release/1.7] cri: add deprecation warnings for deprecated CRI configs (#9469)
  • 9d1bad62e deprecation: fix missing spaces in warnings
  • 51a604c07 cri: add deprecation warning for runtime_root
  • 8040e74bf cri: add deprecation warning for rutnime_engine
  • 99adc40eb cri: add deprecation warning for default_runtime
  • afef7ec64 cri: add warning for untrusted_workload_runtime
  • 6220dc190 cri: add warning for old form of systemd_cgroup
• [release/1.7] runtime/v2: net.Dial gRPC shim sockets before trying grpc (#9458)
  • 80f96cd18 runtime/v2: net.Dial gRPC shim sockets before trying grpc
• [release/1.7] tasks: emit warning for v1 runtime and runc v1 runtime (#9450)
  • f471bb2b8 tasks: emit warning for runc v1 runtime
  • 329e1d487 tasks: emit warning for v1 runtime
• [release/1.7] push: always inherit distribution sources from parent (#9452)
  • 4464fde12 push: always inherit distribution sources from parent
• [release/1.7] Update tar tests to run on Darwin (#9451)
  • 7e069ee25 Update tar tests to run on Darwin
• [release/1.7] ctr: Add sandbox flag to ctr run (#9449)
  • 5fc0e4e61 ctr: Add sandbox flag to ctr run
• [release/1.7] Windows default path overwrite fix (#9440)
  • 31fe03764 Fix windows default path overwrite issue
• [release/1.7] snapshots: emit deprecation warning for aufs (#9436)
  • 625b35e4b snapshots: emit deprecation warning for aufs

Dependency Changes

• github.com/felixge/httpsnoop v1.0.3 new
• go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 new

Previous release can be found at v1.7.10

Welcome to the v1.6.26 release of containerd!

The twenty-sixth patch release for containerd 1.6 contains various fixes and updates.

Notable Updates

• Fix windows default path overwrite issue (#9441)
• Update push to inherit distribution sources from parent (#9453)
• Mask /sys/devices/virtual/powercap path in runtime spec and deny in default apparmor profile (GHSA-7ww5-4wqc-m92c)

Deprecation Warnings

• Emit deprecation warning for AUFS snapshotter usage (#9448)
• Emit deprecation warning for v1 runtime usage (#9468)
• Emit deprecation warning for CRI v1alpha1 usage (#9468)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Samuel Karp
• Derek McGowan
• Kohei Tokunaga
• Phil Estes
• Bjorn Neergaard
• Sebastiaan van Stijn
• Brian Goff
• Charity Kathure
• Kazuyoshi Kato
• Milas Bowman
• Wei Fu
• ruiwen-zhao

Changes

30 commits

• [release/1.6] Prepare release notes for v1.6.26 (#9490)
  • ac5c5d3e0 Prepare release notes for v1.6.26
• Github Security Advisory GHSA-7ww5-4wqc-m92c
  • 02f07fe19 contrib/apparmor: deny /sys/devices/virtual/powercap
  • c94577e78 oci/spec: deny /sys/devices/virtual/powercap
• [release/1.6] update to go1.20.12, test go1.21.5 (#9472)
  • 7cbdfc92e update to go1.20.12, test go1.21.5
  • 024b1cce6 update to go1.20.11, test go1.21.4
• [release/1.6] Add cri-api v1alpha2 usage warning to all api calls (#9484)
  • 64e56bfde Add cri-api v1alpha2 usage warning to all api calls
• [release/1.6] tasks: emit warning for v1 runtime and runc v1 runtime (#9468)
  • efefd3bf3 tasks: emit warning for runc v1 runtime
  • 7825689b4 tasks: emit warning for v1 runtime
• [release/1.6] snapshots: emit deprecation warning for aufs (#9448)
  • 7cfe7052f snapshots: emit deprecation warning for aufs
• [release/1.6] cherry-pick/backport: Update golangci lint (#9455)
  • a1ae572a2 Fix linter error with updated linter
  • b638791d6 ci: bump up golangci-lint to v1.55.0
  • 2370a2842 Fix linter issues for golangci-lint 1.54.2
  • 8a65e2e31 Bump up golangci-lint to v1.54.2
  • 969f8feb2 Bump up golangci-lint to v1.52.2
• [release/1.6] push: inherit distribution sources from parent (#9453)
  • 66959fdf5 push: inherit distribution sources from parent
  • b4dcffcfb content: add InfoProvider interface
  • bef4145c1 Change PushContent to require only Provider
• [release/1.6] Bump google.golang.org/grpc to v1.58.3 (#9408)
  • a5fc21060 vendor: google.golang.org/grpc v1.58.3
  • 4fa05b3d8 Upgrade github.com/klauspost/compress from v1.11.13 to v1.15.9
• [release/1.6] Windows default path overwrite fix (#9441)
  • ede0ad5e1 Fix windows default path overwrite issue

Dependency Changes

• cloud.google.com/go/compute/metadata v0.2.3 new
• github.com/cespare/xxhash/v2 v2.1.2 -> v2.2.0
• github.com/golang/protobuf v1.5.2 -> v1.5.3
• github.com/klauspost/compress v1.11.13 -> v1.15.9
• go.opencensus.io v0.23.0 -> v0.24.0
• golang.org/x/oauth2 2bc19b11175f -> v0.10.0
• golang.org/x/sync v0.1.0 -> v0.3.0
• google.golang.org/grpc v1.50.1 -> v1.58.3
• google.golang.org/protobuf v1.28.1 -> v1.31.0

Previous release can be found at v1.6.25

Welcome to the v1.7.10 release of containerd!

The tenth patch release for containerd 1.7 contains various fixes and updates.

Notable Updates

• Enhance container image unpack client logs (#9379)
• cri: fix using the pinned label to pin image (#9381)
• fix: ImagePull should close http connection if there is no available data to read. (#9409)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Wei Fu
• Iceber Gu
• Austin Vazquez
• Derek McGowan
• Phil Estes
• Samuel Karp
• ruiwen-zhao

Changes

11 commits

• Add release notes for v1.7.10 (#9426)
  • a995fe3a8 Add release notes for v1.7.10
• [release/1.7] fix: ImagePull should close http connection if there is no available data to read. (#9409)
  • 206806128 remotes/docker: close connection if no more data
  • 328493962 integration: reproduce #9347
  • d1aab27cb fix: deflake TestCRIImagePullTimeout/HoldingContentOpenWriter
• [release/1.7] cri: fix using the pinned label to pin image (#9381)
  • a2b16d7f9 cri: fix update of pinned label for images
  • 8dc861844 cri: fix using the pinned label to pin image
• [release/1.7] Enhance container image unpack client logs (#9379)
  • 5930a3750 Enhance container image unpack client logs

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.7.9

Welcome to the v1.6.25 release of containerd!

The twenty-fifth patch release for containerd 1.6 contains various fixes and updates.

Notable Updates

• Check whether content did not needs to be pushed to remote registry and cross-repo mounted or already existed (#9111)
• Soft deprecate log package (#9105)
• Always try to establish tls connection when tls configured (#9189)
• CRI: stop recommending disable_cgroup (#9169)
• Allow for images with artifacts layers to pull (#9150)
• Require plugins to succeed after registering readiness (#9166)
• Avoid potential deadlock in create handler in containerd-shim-runc-v2 (#9210)
• Add handling for missing basic auth credentials (#9236)
• Add a new image label if it is docker schema 1 (#9267)
• Fix ambiguous tls fallback (#9300)
• Expose usage of deprecated features (#9329)
• Fix shimv1 leak issue (#9345)
• Go version update to 1.20.10(#9264)
• Update runc to v1.1.10 (#9360)
• CRI: fix using the pinned label to pin image (#9382)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Samuel Karp
• Derek McGowan
• Sebastiaan van Stijn
• Phil Estes
• Wei Fu
• Kazuyoshi Kato
• Akhil Mohan
• Akihiro Suda
• Chen Yiyang
• Fabian Hoffmann
• Iceber Gu
• Mike Brown
• Paweł Gronowski
• Austin Vazquez
• Fahed Dorgaa
• James Sturtevant
• Kern Walster
• Marat Radchenko
• Qiutong Song
• Tony Fouchard
• ruiwen-zhao

Changes

82 commits

• [release/1.6] Prepare release notes for v1.6.25 (#9394)
  • 723d26ab2 Prepare release notes for v1.6.25
  • 1f865eba1 update mailmap
• [release/1.6] cri: fix using the pinned label to pin image (#9382)
  • b49815300 cri: fix update of pinned label for images
  • 751b0c186 cri: fix using the pinned label to pin image
• [Release/1.6] vendor: golang.org/x/net v0.17.0 (#9387)
  • fb5568608 vendor: golang.org/x/net v0.17.0
  • 61ad86f6f vendor: golang.org/x/text v0.13.0
  • 4b431c844 vendor: golang.org/x/sys v0.13.0
• [Release/1.6] CVE-2022-1996 fix for go-restful (#9385)
  • 62d402275 Remove CVE-2022-1996 from containerd binary upgrading go-restful to 2.16.0
• [release/1.6] Enhance container image unpack client logs (#9380)
  • 3e68bf65a Enhance container image unpack client logs
• [release/1.6] update github.com/containerd/nri v0.1.1 (#9107)
  • 0dd65c826 [release/1.6] update github.com/containerd/nri v0.1.1
• [release/1.6 backport] update runc binary to v1.1.10 (#9360)
  • c73be2446 update runc binary to v1.1.10
• [release/1.6] Expose usage of cri-api v1alpha2 (#9357)
  • 746bcf2eb Expose usage of cri-api v1alpha2
• [release/1.6] fix: shimv1 leak issue (#9345)
  • 8b51a95fb fix: shimv1 leak issue
• [release/1.6] update to go1.20.10, test go1.21.3 (#9264)
  • 6741f819b [release/1.6] update to go1.20.10, test go1.21.3
  • 49615a0e9 [release/1.6] update to go1.20.9, test go1.21.2
• [release/1.6] cri: add deprecation warnings for mirrors, auths, and configs (#9355)
  • b68204e53 cri: add deprecation warning for configs
  • ae8c58319 cri: add deprecation warning for auths
  • 455edcad2 cri: add deprecation warning for mirrors
  • 878823f4d cri: add ability to emit deprecation warnings
• [release/1.6] deprecation: new package for deprecations (#9329)
  • 477b7d6a1 ctr: new deprecations command
  • 24068b813 dynamic: record deprecation for dynamic plugins
  • 218c7a1df server: add ability to record config deprecations
  • dfb9e1deb pull: record deprecation warning for schema 1
  • 90b42da6f introspection: add support for deprecations
  • 0b6766b37 api/introspection: deprecation warnings in server
  • de3cb4c18 warning: new service for deprecations
  • da1b4419b deprecation: new package for deprecations
• [release/1.6] integration: deflake TestIssue9103 (#9353)
  • bca8a3f65 integration: deflake TestIssue9103
• [release/1.6] ci: Use Vagrant on ubuntu-latest-4-cores (#9332)
  • 0985f7a43 ci: Use Vagrant on ubuntu-latest-4-cores
• [release/1.6] Fix ambiguous tls fallback (#9300)
  • 5dd64301c Check scheme and host of request on push redirect
  • 51df21d09 Avoid TLS fallback when protocol is not ambiguous
• [release/1.6] Add a new image label if it is docker schema 1 (#9267)
  • 8108f0d03 Add a new image label if it is docker schema 1
• [release/1.6 backport] fix protobuf aarch64 (#9284)
  • 5376afb3d fix protobuf aarch64
• [release/1.6] remotes: add handling for missing basic auth credentials (#9236)
  • e529741d3 remotes: add handling for missing basic auth credentials
  • ca45b92f4 Add ErrUnexpectedStatus to resolver
  • 77c0175b4 Improve ErrUnexpectedStatus default string
• [release/1.6] Update x/net to 0.13 (#9130)
  • 275fc594d Bump x/net to 0.13
• [release/1.6] Require plugins to succeed after registering readiness (#9166)
  • 5223bf39a Require plugins to succeed after registering readiness
  • 8f5eba314 cri: call RegisterReadiness after NewCRIService
• [release/1.6 backport] containerd-shim-runc-v2: avoid potential deadlock in create handler (#9210)
  • 7b61862e7 *: add runc-fp as runc wrapper to inject failpoint
  • 5238a6470 containerd-shim-runc-v2: avoid potential deadlock in create handler
  • 65e908ee1 containerd-shim-runc-v2: remove unnecessary s.getContainer()
  • 1dd9acecb Uncopypaste parsing of OCI Bundle spec file
  • 71c89ddf2 [release/1.6]: Vagrantfile: install failpoint binaries
• [release/1.6] cri: stop recommending disable_cgroup (#9169)
  • 7a0c8b6b7 cri: stop recommending disable_cgroup
• [release/1.6] Allow for images with artifacts to pull (#9150)
  • 8066dd81c Allow for images with artifacts to pull
• [release 1.6] remotes/docker: Fix MountedFrom prefixed with target repository (#9192)
  • 2fffc344a remotes/docker: Fix MountedFrom prefixed with target repository
• [release/1.6] remotes: always try to establish tls connection when tls configured (#9189)
  • 6b5912220 remotes: always try to establish tls connection when tls configured
• [release/1.6] Build binaries with 1.21.1 (#9180)
  • 37c758de1 Build binaries with 1.21.1
• [release/1.6 backport] alias log package to github.com/containerd/log v0.1.0 (#9105)
  • f1591cc9b alias log package to github.com/containerd/log v0.1.0
  • f68d2d93b vendor: golang.org/x/sys v0.7.0
  • f305fb233 vendor: github.com/stretchr/testify v1.8.4
  • 4e24a30af vendor: github.com/sirupsen/logrus v1.9.3
• [release/1.6] remotes/docker: Add MountedFrom and Exists push status (#9111)
  • b66c818ba remotes/docker: Add MountedFrom and Exists push status

Changes from containerd/log

9 commits

• Update golangci to 1.49 (#1)
  • 89c9a54 Update golangci to 1.49
  • cf26711 Update description in README
  • f9f250c Add project details
  • fb7fe3d Add github CI flow
  • 7e13034 Add go module
  • 16a3c76 Rename log import from logtest
  • 698c398 Add README
  • 87c83c4 Add license file

Changes from containerd/nri

3 commits

• [release/0.1 backport] remove containerd as dependency (#58)
  • 4275101 Task: fix typo in godoc
  • f6acbf1 remove containerd as dependency

Dependency Changes

• github.com/containerd/log v0.1.0 new
• github.com/containerd/nri v0.1.0 -> v0.1.1
• github.com/emicklei/go-restful v2.9.5 -> v2.16.0
• github.com/sirupsen/logrus v1.9.0 -> v1.9.3
• github.com/stretchr/testify v1.8.1 -> v1.8.4
• golang.org/x/crypto 3147a52a75dd -> v0.14.0
• golang.org/x/net v0.8.0 -> v0.17.0
• golang.org/x/sys v0.6.0 -> v0.13.0
• golang.org/x/term v0.6.0 -> v0.13.0
• golang.org/x/text v0.8.0 -> v0.13.0

Previous release can be found at v1.6.24

Welcome to the v1.7.9 release of containerd!

The ninth patch release for containerd 1.7 contains various fixes and updates.

Notable Updates

• update runc binary to v1.1.10:: (#9359)
• vendor: upgrade OpenTelemetry to v1.19.0 / v0.45.0 (#9301)
• Expose usage of cri-api v1alpha2 (#9336)
• integration: deflake TestIssue9103 (#9354)
• fix: shimv1 leak issue (#9344)
• cri: add deprecation warnings for mirrors, auths, and configs (#9327)
• Update hcsshim tag to v0.11.4 (#9326)
• Expose usage of deprecated features (#9315)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Samuel Karp
• Kazuyoshi Kato
• Wei Fu
• Kirtana Ashok
• Derek McGowan
• Milas Bowman
• Sebastiaan van Stijn
• ruiwen-zhao

Changes

28 commits

• [release/1.7] Add release notes for v1.7.9 (#9333)
  • 4b912af52 Add release notes for v1.7.9
• [release/1.7 backport] update runc binary to v1.1.10 (#9359)
  • eff291713 update runc binary to v1.1.10
• [release/1.7] vendor: upgrade OpenTelemetry to v1.19.0 / v0.45.0 (#9301)
  • bd9428ff7 vendor: upgrade OpenTelemetry to v1.19.0 / v0.45.0
• [release/1.7] Expose usage of cri-api v1alpha2 (#9336)
  • d62cba40c Expose usage of cri-api v1alpha2
• [release/1.7] integration: deflake TestIssue9103 (#9354)
  • 5dbc258a8 integration: deflake TestIssue9103
• [release/1.7] fix: shimv1 leak issue (#9344)
  • 449912857 fix: shimv1 leak issue
• [release/1.7] cri: add deprecation warnings for mirrors, auths, and configs (#9327)
  • 152c57e91 cri: add deprecation warning for configs
  • 689a1036d cri: add deprecation warning for auths
  • 8c38975bf cri: add deprecation warning for mirrors
  • 1fbce40c4 cri: add ability to emit deprecation warnings
• [release/1.7] Update hcsshim tag to v0.11.4 (#9326)
  • 73f15bdb6 Update hcsshim tag to v0.11.4
• [release/1.7] Expose usage of deprecated features (#9315)
  • 60d48ffea ctr: new deprecations command
  • 74a06671a plugin: record deprecation for dynamic plugins
  • fa5f3c91a server: add ability to record config deprecations
  • f7880e7f0 pull: record deprecation warning for schema 1
  • 1dd2f2c02 introspection: add support for deprecations
  • aaf000c18 api/introspection: deprecation warnings in server
  • 9b7ceee54 warning: new service for deprecations
  • b708f8bfa deprecation: new package for deprecations

Dependency Changes

• github.com/Microsoft/hcsshim v0.11.1 -> v0.11.4
• github.com/cenkalti/backoff/v4 v4.2.0 -> v4.2.1
• github.com/go-logr/logr v1.2.3 -> v1.2.4
• github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 -> v2.16.0
• go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.40.0 -> v0.45.0
• go.opentelemetry.io/otel v1.14.0 -> v1.19.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.14.0 -> v1.19.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.14.0 -> v1.19.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.14.0 -> v1.19.0
• go.opentelemetry.io/otel/metric v0.37.0 -> v1.19.0
• go.opentelemetry.io/otel/sdk v1.14.0 -> v1.19.0
• go.opentelemetry.io/otel/trace v1.14.0 -> v1.19.0
• go.opentelemetry.io/proto/otlp v0.19.0 -> v1.0.0

Previous release can be found at v1.7.8

Welcome to the v2.0.0-beta.0 release of containerd! This is a pre-release of containerd

The first major release of containerd 2.x focuses on the continued stability of containerd's core feature set with an easy upgrade from containerd 1.x. This release includes the stabilization of new features added in the last 1.x release as well as the removal of features which were deprecated in 1.x. The goal is to support the vast community of containerd users well into the future along with their ever increasing deployment footprints and variety of use cases.

Highlights

• Don't allow io_uring related syscalls in the RuntimeDefault seccomp profile. (#9320)
• Expose usage of deprecated features (#9258)
• Switch runc shim to task service v3 and fix restore (#9233)
• Add sandboxer configuration and move sandbox controllers to plugins (#8268)
• Use Intel ISA-L's igzip if available (#9200)
• Generalize plugin library (#9214)
• Introduce top level config migration (#9223)
• Add image delete target (#8989)
• Use github.com/containerd/log (#9086)
• Add support for image expiration during garbage collection (#9022)
• Reduce the contention between ref lock and boltdb lock in content store (#8792)
• Remove the CriuPath field from runc's options (#8279)
• Remove support for config.toml version = 1 (#8275)
• Remove "containerd.io/restart.logpath" label (#8264)
• Remove aufs snapshotter (#8263)

Container Runtime Interface (CRI)

• Remove non-sandboxed CRI implementation (#9228)
• Add image verifier transfer service plugin system based on a binary directory (#8493)
• Add support for userns in stateless and stateful pods with idmap mounts (KEP-127, k8s >= 1.27) (#8287)
• Use sandboxed CRI by default (#8994)
• Implement RuntimeConfig CRI call (#8722)
• Add support for user namespaces (KEP-127) (#8803)
• Remove CRI v1alpha2 (#8276)

Runtime

• Remove io.containerd.runtime.v1.linux and io.containerd.runc.v1 (#8262)

Breaking

• Don't allow io_uring related syscalls in the RuntimeDefault seccomp profile. (#9320)
• Move client to subpackage (#9316)
• Remove CRI v1alpha2 (#8276)
• Remove io.containerd.runtime.v1.linux and io.containerd.runc.v1 (#8262)
• Remove "containerd.io/restart.logpath" label (#8264)
• Remove aufs snapshotter (#8263)

Deprecations

• Deprecate go-plugin configuration option (#9238)
• CNI conf_template in CRI is no longer deprecated (#8637)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Akihiro Suda
• Wei Fu
• Phil Estes
• Sebastiaan van Stijn
• Samuel Karp
• Maksym Pavlenko
• Kazuyoshi Kato
• Rodrigo Campos
• Danny Canter
• Gabriel Adrian Samfira
• Iceber Gu
• Jin Dong
• Bjorn Neergaard
• Austin Vazquez
• Mike Brown
• Paul "TBBle" Hampson
• Kirtana Ashok
• Krisztian Litkey
• rongfu.leng
• Abel Feng
• Enrico Weigelt
• Kohei Tokunaga
• James Sturtevant
• Ilya Hanov
• Marat Radchenko
• Akhil Mohan
• Cardy.Tang
• Hsing-Yu (David) Chen
• Justin Chadwell
• Markus Lehtonen
• Nashwan Azhari
• Shingo Omura
• Vinayak Goyal
• helen
• Aditi Sharma
• Brian Goff
• Charity Kathure
• Henry Wang
• Kay Yan
• Laura Brehm
• Artem Khramov
• Brad Davidson
• Bryant Biggs
• Chen Yiyang
• Cory Snider
• Davanum Srinivas
• Ed Bartosh
• Ethan Lowman
• James Jenkins
• Jiang Liu
• Jordan Liggitt
• June Rhodes
• Mahamed Ali
• Michael Crosby
• Paweł Gronowski
• Peteris Rudzusiks
• Sam Edwards
• Samruddhi Khandale
• Steve Griffith
• VERNOU Cédric
• hang.jiang
• jerryzhuang
• Aaron Lehmann
• Aditya Ramani
• Alex Couture-Beil
• Alex Ellis
• Alex Rodriguez
• Alexandru Matei
• Amir M. Ghazanfari
• Antonio Huete Jimenez
• Ben Foster
• Bin Xin
• BinBin He
• Brennan Kinney
• Craig Ingram
• Daisy Rong
• Djordje Lukic
• Edgar Lee
• Eng Zer Jun
• Etienne Champetier
• Evan Lezar
• Fahed Dorgaa
• Gary McDonald
• Jan Dubois
• Jiongchi Yu
• Kern Walster
• Maksim An
• Milas Bowman
• Pan Yibo
• Qasim Sarfraz
• Qiutong Song
• Robbie Buxton
• Robert-André Mauchin
• Shuaiyi Zhang
• Shukui Yang
• Tianon Gravi
• Tony Fang
• Tõnis Tiigi
• Wang Xinwen
• William Chen
• charles-chenzz
• chschumacher1994
• guangli.bao
• ningmingxiao
• pigletfly
• wangxiang
• zhangpeng
• zhaojizhuang
• zounengren
• 沈陵

Dependency Changes

• dario.cat/mergo v1.0.0 new
• github.com/AdaLogics/go-fuzz-headers 1f10f66a31bf -> ced1acdcaa24
• github.com/AdamKorcz/go-118-fuzz-build 5330a85ea652 -> 8075edf89bb0
• github.com/Microsoft/go-winio v0.6.0 -> v0.6.1
• github.com/Microsoft/hcsshim v0.10.0-rc.7 -> v0.12.0-rc.0
• github.com/Microsoft/hcsshim/test 43a75bb4edd3 new
• github.com/cenkalti/backoff/v4 v4.2.0 -> v4.2.1
• github.com/container-orchestrated-devices/container-device-interface v0.5.4 -> v0.6.1
• github.com/containerd/cgroups/v3 v3.0.1 -> v3.0.2
• github.com/containerd/continuity v0.3.0 -> v0.4.2
• github.com/containerd/go-runc v1.0.0 -> v1.1.0
• github.com/containerd/log v0.1.0 new
• github.com/containerd/nri v0.3.0 -> v0.5.0
• github.com/containerd/plugin 7ec69893e1e7 new
• github.com/containerd/ttrpc v1.2.1 -> v1.2.2
• github.com/containerd/typeurl/v2 v2.1.0 -> v2.1.1
• github.com/containernetworking/plugins v1.2.0 -> v1.3.0
• github.com/distribution/reference v0.5.0 new
• github.com/emicklei/go-restful/v3 v3.10.1 -> v3.10.2
• github.com/go-logr/logr v1.2.3 -> v1.2.4
• github.com/golang/protobuf v1.5.2 -> v1.5.3
• github.com/google/uuid v1.3.0 -> v1.3.1
• github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 -> v1.4.0
• github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 -> v2.16.2
• github.com/klauspost/compress v1.16.0 -> v1.17.2
• github.com/klauspost/cpuid/v2 v2.0.4 -> v2.2.5
• github.com/minio/sha256-simd v1.0.0 -> v1.0.1
• github.com/moby/sys/user v0.1.0 new
• github.com/opencontainers/image-spec 3a7f492d3f1b -> v1.1.0-rc5
• github.com/opencontainers/runtime-spec v1.1.0-rc.1 -> 4fec88fd00a4
• github.com/opencontainers/runtime-tools 946c877fa809 -> 2e043c6bd626
• github.com/pelletier/go-toml/v2 v2.1.0 new
• github.com/prometheus/client_golang v1.14.0 -> v1.16.0
• github.com/prometheus/client_model v0.3.0 -> v0.4.0
• github.com/prometheus/common v0.37.0 -> v0.44.0
• github.com/prometheus/procfs v0.8.0 -> v0.10.1
• github.com/sirupsen/logrus v1.9.0 -> v1.9.3
• github.com/stretchr/testify v1.8.2 -> v1.8.4
• github.com/urfave/cli v1.22.12 -> v1.22.14
• github.com/vishvananda/netns 2eb08e3e575f -> v0.0.4
• golang.org/x/mod v0.7.0 -> v0.12.0
• golang.org/x/net v0.7.0 -> v0.17.0
• golang.org/x/oauth2 v0.4.0 -> v0.10.0
• golang.org/x/sync v0.1.0 -> v0.3.0
• golang.org/x/sys v0.6.0 -> v0.13.0
• golang.org/x/term v0.5.0 -> v0.13.0
• golang.org/x/text v0.7.0 -> v0.13.0
• golang.org/x/time 90d013bbcef8 -> v0.3.0
• golang.org/x/tools v0.5.0 -> v0.11.0
• google.golang.org/genproto 7f2fa6fef1f4 -> 659f7aaaa771
• google.golang.org/genproto/googleapis/api 23370e0ffb3e new
• google.golang.org/genproto/googleapis/rpc 23370e0ffb3e new
• google.golang.org/grpc v1.53.0 -> v1.58.3
• google.golang.org/protobuf v1.28.1 -> v1.31.0
• k8s.io/api v0.26.2 -> v0.28.2
• k8s.io/apimachinery v0.26.2 -> v0.28.2
• k8s.io/apiserver v0.26.2 -> v0.28.2
• k8s.io/client-go v0.26.2 -> v0.28.2
• k8s.io/component-base v0.26.2 -> v0.28.2
• k8s.io/cri-api v0.26.2 -> v0.28.2
• k8s.io/klog/v2 v2.90.1 -> v2.100.1
• k8s.io/kubelet v0.28.2 new
• k8s.io/utils a5ecb0141aa5 -> d93618cff8a2
• sigs.k8s.io/json f223a00ba0e2 -> bc3834ca7abd

Previous release can be found at v1.7.0

Which file should I download?

• containerd-<VERSION>-<OS>-<ARCH>.tar.gz: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04).
• containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent.

In addition to containerd, typically you will have to install runc and CNI plugins from their official sites too.

See also the Getting Started documentation.

Welcome to the v1.7.8 release of containerd!

The eighth patch release for containerd 1.7 contains various fixes and updates.

Notable Updates

• Fix ambiguous TLS fallback (#9299)
• Update Go to 1.20.10 (#9265)
• Add a new image label on converted schema 1 images (#9252)
• Fix handling for missing basic auth credentials (#9235)
• Fix potential deadlock in create handler for containerd-shim-runc-v2 (#9209)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Sebastiaan van Stijn
• Derek McGowan
• Phil Estes
• Chen Yiyang
• Wei Fu
• Akihiro Suda
• Maksym Pavlenko
• Marat Radchenko
• Milas Bowman
• Qiutong Song
• Samuel Karp

Changes

27 commits

• [release/1.7] Prepare release notes for v1.7.8 (#9278)
  • 48dbdf871 Prepare release notes for v1.7.8
• [release/1.7] Fix ambiguous tls fallback (#9299)
  • 68abc543b Check scheme and host of request on push redirect
  • 35c7634e3 Avoid TLS fallback when protocol is not ambiguous
• [release/1.7] vendor: google.golang.org/grpc v1.58.3 (#9281)
  • f36948cad vendor: gRPC v1.58.3
• [release/1.7 backport] vendor: golang.org/x/net v0.17.0 (#9276)
  • c67a53190 vendor: golang.org/x/net v0.17.0
  • 71f4b36ca vendor: golang.org/x/text v0.13.0
  • a7b3b7090 vendor: golang.org/x/sys v0.13.0
• [release/1.7] vendor: google.golang.org/grpc v1.56.3 (#9248)
  • 26736d6e1 vendor: google.golang.org/grpc v1.56.3
  • 54a69a6e4 vendor: golang.org/x/oauth2 v0.7.0
  • ac15a7f5b vendor: google.golang.org/protobuf v1.30.0
• [release/1.7] update to go1.20.10, test go1.21.3 (#9265)
  • 2479c3321 [release/1.7] update to go1.20.10, test go1.21.3
  • 11f40e9d8 [release/1.7] update to go1.20.9, test go1.21.2
• [release/1.7] Add a new image label if it is docker schema 1 (#9252)
  • cac1bab79 Add a new image label if it is docker schema 1
• [release/1.7] remotes: add handling for missing basic auth credentials (#9235)
  • 6cd2cc4a8 remotes: add handling for missing basic auth credentials
• [release/1.7 backport] containerd-shim-runc-v2: avoid potential deadlock in create handler (#9209)
  • d0a1fedb5 *: add runc-fp as runc wrapper to inject failpoint
  • 04491240a containerd-shim-runc-v2: avoid potential deadlock in create handler
  • 6982a0df5 containerd-shim-runc-v2: remove unnecessary s.getContainer()
  • 0e2320398 Uncopypaste parsing of OCI Bundle spec file

Dependency Changes

• golang.org/x/crypto v0.11.0 -> v0.14.0
• golang.org/x/mod v0.9.0 -> v0.11.0
• golang.org/x/net v0.13.0 -> v0.17.0
• golang.org/x/oauth2 v0.4.0 -> v0.10.0
• golang.org/x/sync v0.1.0 -> v0.3.0
• golang.org/x/sys v0.10.0 -> v0.13.0
• golang.org/x/term v0.10.0 -> v0.13.0
• golang.org/x/text v0.11.0 -> v0.13.0
• golang.org/x/tools v0.7.0 -> v0.10.0
• google.golang.org/genproto 7f2fa6fef1f4 -> 782d3b101e98
• google.golang.org/genproto/googleapis/api 782d3b101e98 new
• google.golang.org/genproto/googleapis/rpc 782d3b101e98 new
• google.golang.org/grpc v1.53.0 -> v1.58.3
• google.golang.org/protobuf v1.29.1 -> v1.31.0

Previous release can be found at v1.7.7

Welcome to the v1.7.7 release of containerd!

The seventh patch release for containerd 1.7 contains various fixes and updates.

Notable Updates

• Require plugins to succeed after registering readiness (#9165)
• Handle unexpected shim kill events (#9132)
• Build binaries with Go 1.21.1 (#9167)
• cri: Stop recommending disable_cgroup (#9168)
• remotes/docker: Fix MountedFrom prefixed with target repository (#9193)
• remotes: always try to establish tls connection when tls configured (#9188)
• NRI: Add support for rlimits (#48)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Samuel Karp
• Krisztian Litkey
• Wei Fu
• Phil Estes
• Sebastiaan van Stijn
• Iceber Gu
• Mike Brown
• Akihiro Suda
• Paweł Gronowski
• Steve Griffith
• Aditya Ramani
• Austin Vazquez
• Danny Canter
• James Sturtevant
• Kern Walster
• ZP-AlwaysWin

Changes

31 commits

• [release/1.7] Prepare release notes for v1.7.7 (#9194)
  • a34fa5681 Prepare release notes for v1.7.7
• [release/1.7] Allow for images with artifacts to pull (#9149)
  • 6ca0aebf0 Allow for images with artifacts to pull
• [release 1.7] remotes/docker: Fix MountedFrom prefixed with target repository (#9193)
  • 7df492a95 remotes/docker: Fix MountedFrom prefixed with target repository
• [release/1.7] Update x/net to 0.13 (#9134)
  • b3db314a5 Bump x/net to 0.13
• [release/1.7] remotes: always try to establish tls connection when tls configured (#9188)
  • 7779ce64e remotes: always try to establish tls connection when tls configured
• [release/1.7] cri: stop recommending disable_cgroup (#9168)
  • 6013b5e03 cri: stop recommending disable_cgroup
• [release/1.7] Require plugins to succeed after registering readiness (#9165)
  • a83c66813 Require plugins to succeed after registering readiness
  • 171d76849 cri: call RegisterReadiness after NewCRIService
• [release/1.7] Handle unexpected shim kill events (#9132)
  • 3d27bc738 Handle unexpected shim kill events
• [release/1.7] Build binaries with 1.21.1 (#9167)
  • 4ffa3ed29 Build binaries with 1.21.1
• [release/1.7] vendor: github.com/Microsoft/hcsshim v0.11.1 (#9127)
  • 5756f6064 [release/1.7] vendor: github.com/Microsoft/hcsshim v0.11.1
• [release/1.7 backport] alias log package to github.com/containerd/log v0.1.0 (#9106)
  • 09633b539 deprecate logs package, but disable linter (for transitioning)
  • cb201519f alias log package to github.com/containerd/log v0.1.0
  • a5024e6dd vendor: github.com/stretchr/testify v1.8.4
  • 7bd976af3 vendor: github.com/sirupsen/logrus v1.9.3
• [release/1.7] remotes/docker: Add MountedFrom and Exists push status (#9097)
  • 8cd2d33c2 [release/1.7] remotes/docker: Add MountedFrom and Exists push status
• [release/1.7] vendor: update github.com/containerd/[email protected] (#9099)
  • 3ca015e55 nri: update mock plugin handlers
  • 4cd208c1f vendor: update github.com/containerd/[email protected]

Changes from containerd/log

9 commits

• Update golangci to 1.49 (#1)
  • 89c9a54 Update golangci to 1.49
  • cf26711 Update description in README
  • f9f250c Add project details
  • fb7fe3d Add github CI flow
  • 7e13034 Add go module
  • 16a3c76 Rename log import from logtest
  • 698c398 Add README
  • 87c83c4 Add license file

Changes from containerd/nri

35 commits

• releases: update note about 0.4.0 (#50)
  • 5f13915 releases: update note about 0.4.0
• Add support for rlimits (#48)
  • 5ecea04 ulimit-adjuster: add validation for hard limits
  • db3de10 test: exclude ulimit-adjuster from ginkgo
  • f0deb59 ulimit-adjuster: new sample plugin
  • d2dd708 Add support for rlimits
  • efaf36e api: add POSIXRlimit type
• .github: add test build to CI workflow. (#47)
  • 3f092c2 .github: add test build to CI workflow.
• stub: pass context to plugins, pass updated resources to UpdateContainers. (#40)
  • 01d5f14 Add a note about NRI API stability and release notes.
  • ea9976d adaptation: add UpdateContainer tests.
  • d042d24 stub: fix plugin UpdateContainerInterface.
  • f5d0f51 plugins: update plugins for stub changes.
  • b4bd301 adaptation: update tests with stub changes.
  • 9d86150 stub: pass context to plugin event handlers.
• Updated the OCI Hook Injector README to resovle broken links to the p… (#34)
  • 5eee915 removed link
  • c783fc7 Resolves broken podman links and adds details to help better guide people in testing.
• Fix ParseEventMask to produce proper masks for 'pod' and 'container' shorthand event notations. (#39)
  • da291a6 Fix ParseEventMask to produce proper masks
• fix the NRI_PLUGIN_NAME env value when launching a pre-installed plugin (#42)
  • 4a4cea6 fix the NRI_PLUGIN_NAME env value when launching a pre-installed plugin
  • a67478e stub: update setIdentify to ensureIdentify
• update module name of the logger plugin (#41)
  • 841f5ed update module name of the logger plugin
• Add gitignore for build artifacts (#32)
  • 8d9c64d Add gitignore for build artifacts
• Makefile: fix 'install-*' targets. (#38)
  • c03d1be Makefile: fix 'install-*' targets.
• docs: add a chapter about security considerations. (#36)
  • ab28e71 docs: add a chapter about security considerations.
• api: initialize OCI LinuxMemory resources to empty. (#37)
  • 2862d98 api: initialize OCI LinuxMemory resources to empty.

Dependency Changes

• github.com/Microsoft/hcsshim v0.11.0 -> v0.11.1
• github.com/containerd/log v0.1.0 new
• github.com/containerd/nri v0.3.0 -> v0.4.0
• github.com/sirupsen/logrus v1.9.0 -> v1.9.3
• github.com/stretchr/testify v1.8.2 -> v1.8.4
• golang.org/x/crypto v0.1.0 -> v0.11.0
• golang.org/x/net v0.8.0 -> v0.13.0
• golang.org/x/sys v0.7.0 -> v0.10.0
• golang.org/x/term v0.6.0 -> v0.10.0
• golang.org/x/text v0.8.0 -> v0.11.0

Previous release can be found at v1.7.6

Which file should I download?

• containerd-<VERSION>-<OS>-<ARCH>.tar.gz: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04).
• containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent.
• cri-containerd-<VERSION>-<OS>-<ARCH>.tar.gz: (Deprecated)
• cri-containerd-cni-<VERSION>-<OS>-<ARCH>.tar.gz: (Deprecated)

In addition to containerd, typically you will have to install runc and CNI plugins from their official sites too.

See also the Getting Started documentation.