Open Container Initiative-based implementation of Kubernetes Container Runtime Interface
The release notes have been generated for the commit range v1.29.0...v1.30.0 on Fri, 03 May 2024 18:33:46 UTC.
Download one of our static release bundles via our Google Cloud Bucket:
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.30.0.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.30.0 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.30.0 \
--signature cri-o.amd64.v1.30.0.tar.gz.sig \
--certificate cri-o.amd64.v1.30.0.tar.gz.cert
To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.30.0.tar.gz
> bom validate -e cri-o.amd64.v1.30.0.tar.gz.spdx -d cri-o
--enable-nri=false
option to crio
on the command line, or set the enable_nri = false
in the [crio.nri]
section of the configuration. (#7790, @klihub)The AppArmor profile to the CRI via the deprecated apparmor_profile field in favor of the newer structured apparmor field. CRI provides the AppArmor profile via both fields to maintain backwards compatibility. ref https://github.com/kubernetes/kubernetes/pull/123811 Process new field and fallback to deprecated. From the kubernetes side both fields are populated. (#7901, @roman-kiselenko)
--seccomp-use-default-when-empty
/seccomp_use_default_when_empty
option in favor of the SeccompDefault
feature in Kubernetes. (#7830, @saschagrunert)ImageFsInfo
as part of the garbage collection KEP. (#7269, @kannon92)seccomp-profile.kubernetes.cri-o.io/<CONTAINER_NAME>
and seccomp-profile.kubernetes.cri-o.io/POD
annotations on container images or Kubernetes workloads. (#7719, @saschagrunert)workloads
config option to support CPU limits for containers that use the workloads annotations. This will expose cpuperiod
and cpuquota
options for a desired default value outside the norm. This feature will primarily be utilized to ensure that containers with workload annotations are correctly limited, the average use cases will not need to alter the default values. (#7822, @eggfoobar)container_runtime_crio_containers_oom
metric, preventing leaks and high cardinality (#7656, @haircommander)crio_operations
crio_operations_latency_microseconds_total
crio_operations_latency_microseconds
crio_operations_errors
crio_image_pulls_by_digest
crio_image_pulls_by_name
crio_image_pulls_by_name_skipped
crio_image_pulls_successes
crio_image_pulls_failures
crio_image_layer_reuse
crio_containers_oom
(#7782, @saschagrunert)Allowed annotations are specified for workload
message to info
(instead of warn
). (#8022, @saschagrunert).log
to the container symlink (#7653, @haircommander)The release notes have been generated for the commit range v1.28.5...v1.28.6 on Thu, 02 May 2024 08:27:15 UTC.
Download one of our static release bundles via our Google Cloud Bucket:
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.28.6.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.28.6 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.28.6 \
--signature cri-o.amd64.v1.28.6.tar.gz.sig \
--certificate cri-o.amd64.v1.28.6.tar.gz.cert
To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.28.6.tar.gz
> bom validate -e cri-o.amd64.v1.28.6.tar.gz.spdx -d cri-o
Nothing has changed.
Nothing has changed.
The release notes have been generated for the commit range v1.27.5...v1.27.6 on Tue, 30 Apr 2024 14:35:26 UTC.
Download one of our static release bundles via our Google Cloud Bucket:
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.27.6.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.27.6 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.27.6 \
--signature cri-o.amd64.v1.27.6.tar.gz.sig \
--certificate cri-o.amd64.v1.27.6.tar.gz.cert
To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.27.6.tar.gz
> bom validate -e cri-o.amd64.v1.27.6.tar.gz.spdx -d cri-o
Nothing has changed.
Nothing has changed.
The release notes have been generated for the commit range v1.29.3...v1.29.4 on Tue, 30 Apr 2024 14:32:17 UTC.
Download one of our static release bundles via our Google Cloud Bucket:
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.29.4.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.29.4 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.29.4 \
--signature cri-o.amd64.v1.29.4.tar.gz.sig \
--certificate cri-o.amd64.v1.29.4.tar.gz.cert
To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.29.4.tar.gz
> bom validate -e cri-o.amd64.v1.29.4.tar.gz.spdx -d cri-o
Nothing has changed.
Nothing has changed.
The release notes have been generated for the commit range v1.27.4...v1.27.5 on Mon, 22 Apr 2024 07:24:35 UTC.
Download one of our static release bundles via our Google Cloud Bucket:
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.27.5.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.27.5 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.27.5 \
--signature cri-o.amd64.v1.27.5.tar.gz.sig \
--certificate cri-o.amd64.v1.27.5.tar.gz.cert
To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.27.5.tar.gz
> bom validate -e cri-o.amd64.v1.27.5.tar.gz.spdx -d cri-o
Nothing has changed.
Nothing has changed.
The release notes have been generated for the commit range v1.28.4...v1.28.5 on Mon, 22 Apr 2024 07:23:18 UTC.
Download one of our static release bundles via our Google Cloud Bucket:
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.28.5.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.28.5 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.28.5 \
--signature cri-o.amd64.v1.28.5.tar.gz.sig \
--certificate cri-o.amd64.v1.28.5.tar.gz.cert
To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.28.5.tar.gz
> bom validate -e cri-o.amd64.v1.28.5.tar.gz.spdx -d cri-o
Nothing has changed.
Nothing has changed.
The release notes have been generated for the commit range v1.29.2...v1.29.3 on Mon, 22 Apr 2024 07:20:14 UTC.
Download one of our static release bundles via our Google Cloud Bucket:
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.29.3.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.29.3 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.29.3 \
--signature cri-o.amd64.v1.29.3.tar.gz.sig \
--certificate cri-o.amd64.v1.29.3.tar.gz.cert
To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.29.3.tar.gz
> bom validate -e cri-o.amd64.v1.29.3.tar.gz.spdx -d cri-o
workloads
config option to support CPU limits for containers that use the workloads annotations. This will expose cpuperiod
and cpuquota
options for a desired default value outside the norm. This feature will primarily be utilized to ensure that containers with workload annotations are correctly limited, the average use cases will not need to alter the default values. (#7959, @openshift-cherrypick-robot)Nothing has changed.
Nothing has changed.
The release notes have been generated for the commit range v1.27.3...v1.27.4 on Thu, 22 Feb 2024 21:09:31 UTC.
Download one of our static release bundles via our Google Cloud Bucket:
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.27.4.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.27.4 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.27.4 \
--signature cri-o.amd64.v1.27.4.tar.gz.sig \
--certificate cri-o.amd64.v1.27.4.tar.gz.cert
To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.27.4.tar.gz
> bom validate -e cri-o.amd64.v1.27.4.tar.gz.spdx -d cri-o
.log
to the container symlink (#7732, @openshift-cherrypick-robot)Nothing has changed.
Nothing has changed.
Nothing has changed.
The release notes have been generated for the commit range v1.28.3...v1.28.4 on Thu, 22 Feb 2024 19:58:41 UTC.
Download one of our static release bundles via our Google Cloud Bucket:
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.28.4.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.28.4 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.28.4 \
--signature cri-o.amd64.v1.28.4.tar.gz.sig \
--certificate cri-o.amd64.v1.28.4.tar.gz.cert
To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.28.4.tar.gz
> bom validate -e cri-o.amd64.v1.28.4.tar.gz.spdx -d cri-o
.log
to the container symlink (#7682, @openshift-cherrypick-robot)Nothing has changed.
The release notes have been generated for the commit range v1.29.1...v1.29.2 on Thu, 22 Feb 2024 19:44:05 UTC.
Download one of our static release bundles via our Google Cloud Bucket:
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.29.2.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.29.2 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.29.2 \
--signature cri-o.amd64.v1.29.2.tar.gz.sig \
--certificate cri-o.amd64.v1.29.2.tar.gz.cert
To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.29.2.tar.gz
> bom validate -e cri-o.amd64.v1.29.2.tar.gz.spdx -d cri-o
Nothing has changed.