Moved to https://github.com/containerd/containerd/tree/master/pkg/cri . If you wish to submit issues/PRs, please submit to https://github.com/containerd/containerd
TARBALL: https://storage.googleapis.com/cri-containerd-release/cri-containerd-1.1.0-rc.1.linux-amd64.tar.gz
SHA256: d499826f8206da101d7be90784212bf9e6da000e2a1be2baa809eba36448881e
Welcome to the v1.0.0-rc.1 release of containerd cri
plugin!
containerd.slice
cgroup and OOMScoreAdjust
for GCE cluster. (https://github.com/containerd/cri/pull/704, @Random-Liu)RunAsGroup
(https://github.com/containerd/cri/pull/710, @Random-Liu)libapparmor
or libapparmor-dev
. (https://github.com/containerd/cri/pull/711, @tklauser)enable_tls_streaming
config option to enable it. (https://github.com/containerd/cri/pull/714, @mikebrow)Change List: https://github.com/containerd/cri/compare/v1.0.0-rc.0...v1.0.0-rc.1
kube-up.sh
, see here.We'd like to extend a thanks to the following people who contributed to this release:
TARBALL: https://storage.googleapis.com/cri-containerd-release/cri-containerd-1.1.0-rc.0.linux-amd64.tar.gz
SHA256: 396189f25a37d04e84b62fe1615d5a5bdb13056a0433b4b1faaf98ff23062294
Welcome to the v1.0.0-rc.0 release of containerd cri
plugin! The containerd
CRI support is GA now!
In this release, the project was moved from the kubernetes-incubator
organization, and renamed to cri
.
This release of cri
is a native plugin of containerd.
It is built into containerd
v1.1 and the CRI support is enabled by default.
You can now use Kubernetes, with containerd
directly, without having to use the intermediate cri-containerd
daemon. The cri-containerd
daemon is end-of-life.
Note: Please drain your node before upgrading from older versions of cri-containerd
to containerd
v1.1.
You can use a containerd config file to configure the cri
plugin.
To run an untrusted pod on a runtime for untrusted workload e.g. katacontainers and clearcontainers, you can:
plugins.cri.containerd.untrusted_workload_runtime
.io.kubernetes.cri.untrusted-workload
to "true"
, for example:apiVersion: v1
kind: Pod
metadata:
name: nginx
annotations:
io.kubernetes.cri.untrusted-workload: "true"
spec:
containers:
- name: nginx
image: nginx
By default, cri
will run pods with the default runtime. However, if a pod has the io.kubernetes.cri.untrusted-workload
annotation, the cri
plugin will run the pod with the runtime for untrusted workloads.
Unless configured otherwise, the default runtime is set to runc.
The supported CRI (Container Runtime Interface) version for Kubernetes v1.10 is now v1alpha2.
This release of cri
has been updated to use CRI v1alpha2
, so it only works with Kubernetes v1.10+.
New CRI features added in v1alpha2
are all supported:
You can now setup registry configurations with the config option plugins.cri.registry
.
Currently only the mirrors
option is supported. With it, you can specify registry mirrors and insecure registry. (doc)
exec
, attach
and portforward
connection between Kubernetes apiserver and containerd is now encrypted. (https://github.com/containerd/cri/pull/681)In terms of testing, we've passed:
The containerd test coverage on GCE is equivalent with Docker now.
All the test results are public: https://k8s-testgrid.appspot.com/sig-node-containerd.
We significantly improved pod start latency and cpu/memory usage of cri
plugin this release.
The continuous benchmark result is published on http://node-perf-dash.k8s.io/. Job ci-kubernetes-node-kubelet-benchmark
is for Docker 17.03, and ci-cri-containerd-node-e2e-benchmark
is for containerd with cri
plugin.
All metrics of containerd are either better or comparable with Docker 17.03.
kube-up.sh
, see here.We'd like to extend a thanks to the following people who contributed to this release:
SHA256: 86b2415d9fe3b55ef72e290a7dd68adb956a5a8ab7ea58b4271348f30e23324e
Welcome to the v1.0.0-beta.1 release of cri-containerd
!
Note: This repository will be moved into containerd organization after this release.
This release we mainly focused on bug fix. Notable bug fixes:
RLIMIT_NOFILE
for containers. (Issue: https://github.com/kubernetes-incubator/cri-containerd/issues/515, PR: https://github.com/kubernetes-incubator/cri-containerd/pull/516, @Random-Liu)skip-imagefs-uuid
to skip retrieving image filesystem UUID. Users will be able to try cri-containerd
on node with mdev
or ZFS
. Note: kubelet will not be able to get imagefs capacity or perform imagefs disk eviction when skip-imagefs-uuid=true
. (Issue: https://github.com/kubernetes-incubator/cri-containerd/issues/325, https://github.com/kubernetes-incubator/cri-containerd/issues/399, https://github.com/kubernetes-incubator/cri-containerd/issues/509, PR: https://github.com/kubernetes-incubator/cri-containerd/pull/510, @Random-Liu)Test dashboard: https://k8s-testgrid.appspot.com/sig-node-containerd.
Note: Because of Kubernetes container runtime interface change, cri-containerd v1.0.0-beta.1 requires Kubernetes v1.9 or later. With older Kubernetes version, container exec has known issue https://github.com/kubernetes-incubator/cri-containerd/issues/417, and container logging won't work.
kube-up.sh
, see here.We'd like to extend a thanks to the following people who contributed to this release:
SHA256: 00a98c14081a7d090bfdd44f3c16812a046c2642925fce0ec76bd3c94273eee1
Welcome! cri-containerd
has graduated to v1.0.0-beta!!!
In this release we focused on test, bug fix, and usability.
Using kube-up.sh
to bring up a production quality Kubernetes cluster on GCE was complete. This would enable users to use containerd and cri-containerd in their production Kubernetes environments as the container runtime.
Steps to use kube-up.sh
can be found here.
We've tried to provide docker like debug experience using crictl
to debug, inspect, and manage pods, containers, and images. The user guide for crictl
could be found here.
Example:
$ crictl ps -a
CONTAINER ID IMAGE CREATED STATE NAME ATTEMPT
cde98b50b1155 sha256:5d049a8c4eec92b21ca4be399c260166d96569a1a52d497f4a0365bb55c1a18c 2 weeks ago CONTAINER_EXITED kubedns 0
3fae43b5d5eb3 sha256:5feec37454f45d060c5f528c7d0bd4958df39e7ffd2e65ae42aae68bf78f69a5 2 weeks ago CONTAINER_EXITED dnsmasq 0
b41a6661c98a3 sha256:db76ee297b8597fc007b23a90619314b8405bb1df6dcad189df0a123a09e7ecc 2 weeks ago CONTAINER_EXITED sidecar 0
5a4a348431b69 gcr.io/kubernetes-e2e-test-images/redis-amd64@sha256:3e01bcaf67cb9b5c9fa7f57ba92539c8962d59c9647b91e9ec5047a89e2bc49a 2 weeks ago CONTAINER_EXITED master 0
0245c61fdf85d sha256:69854bafc1214f1a7f88c32f193dd0112e4d89d5bd9da9a85d95d5735acbc397 2 weeks ago CONTAINER_EXITED nginx 0
Containerd integration with cadvisor was complete. Now Kubernetes Summary API is supported. The only exception is container log stats, which will be supported in next release.
In terms of testing we have passed:
All the test results are public: https://k8s-testgrid.appspot.com/sig-node-containerd.
Note: Because of Kubernetes container runtime interface change, cri-containerd v1.0.0-beta.0 requires Kubernetes v1.9 or later. With older Kubernetes version, container exec has known issue https://github.com/kubernetes-incubator/cri-containerd/issues/417, and container logging won't work.
kube-up.sh
, see here.We'd like to extend a thanks to the following people who contributed to this release:
Welcome to the v1.0.0-alpha.1 release of cri-containerd
!
A new sig-node-containerd
tab is added in Kubernetes test dashboard: https://k8s-testgrid.appspot.com/sig-node-containerd.
All Kubernetes containerd integration test result will be accessible there. Now it's running node e2e test, and the e2e test will be added soon.
Now you could use cri-containerd load
to load a docker image from a tarball created by docker save
:
$ sudo cri-containerd load busybox.tar
Loaded image: docker.io/library/busybox:latest
We added a more user friendly command line interface for cri-containerd:
$ cri-containerd --help
_ __ _ __
__________(_) _________ ____ / /_____ _(_)____ ___ _________/ /
/ ___/ ___/ /______/ ___/ __ \/ __ \/ __/ __ `/ // __ \/ _ \/ ___/ __ /
/ /__/ / / //_____/ /__/ /_/ / / / / /_/ /_/ / // / / / __/ / / /_/ /
\___/_/ /_/ \___/\____/_/ /_/\__/\__,_/_//_/ /_/\___/_/ \__,_/
A containerd based Kubernetes CRI implementation.
Usage:
cri-containerd [flags]
cri-containerd [command]
Available Commands:
default-config Print default toml config of cri-containerd.
help Help about any command
load Load an image from a tar archive.
version Print cri-containerd version information.
Flags:
--alsologtostderr log to standard error as well as files
--cgroup-path string The cgroup that cri-containerd is part of. Cri-containerd is not placed in a cgroup if none is specified.
--config string Path to the config file. (default "/etc/cri-containerd/config.toml")
--containerd-endpoint string Path to the containerd endpoint. (default "/run/containerd/containerd.sock")
--containerd-root-dir string Root directory path where containerd stores persistent data. (default "/var/lib/containerd")
--containerd-runtime string The runtime used by containerd. (default "io.containerd.runtime.v1.linux")
--containerd-runtime-engine string Runtime engine used by containerd. Defaults to containerd's default if not specified.
--containerd-runtime-root string The directory used by containerd for runtime state. Defaults to containerd's default if not specified.
--containerd-snapshotter string The snapshotter used by containerd. (default "overlayfs")
--enable-selinux Enable selinux support. By default not enabled.
-h, --help help for cri-containerd
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log_dir string If non-empty, write log files in this directory
--logtostderr log to standard error instead of files
--network-bin-dir string The directory for putting network binaries. (default "/opt/cni/bin")
--network-conf-dir string The directory for putting network plugin configuration files. (default "/etc/cni/net.d")
--oom-score int Adjust the cri-containerd's oom score. (default -999)
--root-dir string Root directory path for cri-containerd managed files (metadata checkpoint etc). (default "/var/lib/cri-containerd")
--sandbox-image string The image used by sandbox container. (default "gcr.io/google_containers/pause:3.0")
--socket-path string Path to the socket which cri-containerd serves on. (default "/var/run/cri-containerd.sock")
--stats-collect-period int The period (in seconds) of snapshots stats collection. (default 10)
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--stream-addr string The ip address streaming server is listening on. The default host interface is used if not specified.
--stream-port string The port streaming server is listening on. (default "10010")
--systemd-cgroup Enables systemd cgroup support. By default not enabled.
-v, --v Level log level for V logs
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
Use "cri-containerd [command] --help" for more information about a command.
UpdateContainerResources
so that the CPU manager Kubernetes alpha feature works with cri-containerd now. @Random-Liuunconfined
AppArmor profile. @miaoyqListContainerStats
. @Random-Liu--oom-score
flag in cri-containerd. @yanxueanSIGUSR1
signal to cri-containerd
process to trigger a stack dump. @Random-LiuContainerStatus
, so that crictl logs
could work. @Random-Liu/runtime
in the ansible setup, and point kubelet to monitor that cgroup. @Random-LiuWe'd like to extend a thanks to the following people who contributed to this release:
So we have come a long way from the cri-containerd v0.1.0 release. We are excited to announce the cri-containerd v1.0.0-alpha.0 release today!
In this release, lots of significant missing features have been added:
In terms of testing we have passed:
We have created a cluster installer to bring up multi node Kubernetes cluster with cri-containerd and containerd. The installer is based on ansible and kubeadm. We hope to receive a lot of feedback and suggestions in addition to help on validating and improving the installer on various distros.
We have compiled all the steps to bring up the cluster in here
We'd like to extend a thanks to the following people who contributed to this release:
Significant changes to containerd and runc are underway in the development (master) branches. If you want to try out cri-containerd please take care to checkout the specified commits for the below listed dependencies. We will be syncing up to the current master branches soon. Thank you for taking a look at our release!
cri-containerd v0.1.0 supports all basic functionalities including:
Following features are not supported in v0.1.0. They will be added in future version.
Please follow the getting started instruction.
Significant changes to containerd and runc are underway in the development (master) branches. If you want to try out cri-containerd please take care to checkout the specified commits for the below listed dependencies. We will be syncing up to the current master branches soon. Thank you for taking a look at our alpha release!
/etc/hosts
(@Random-Liu, https://github.com/kubernetes-incubator/cri-containerd/pull/60)/dev/shm
(@Random-Liu, https://github.com/kubernetes-incubator/cri-containerd/pull/67)DNSOptions
(@Crazykev, https://github.com/kubernetes-incubator/cri-containerd/pull/50)ExecSync
(@Random-Liu, https://github.com/kubernetes-incubator/cri-containerd/pull/72)containerd
, runc
, cni
(including cni config), and cri-containerd
.$ sudo containerd &
$ sudo cri-containerd &
$ CONTAINER_RUNTIME=remote CONTAINER_RUNTIME_ENDPOINT=/var/run/cri-containerd.sock hack/local-up-cluster.sh
Significant changes to containerd and runc are underway in the development (master) branches. If you want to try out cri-containerd please take care to checkout the specified commits for the below listed dependencies. We will be syncing up to the current master branches soon. Thank you for taking a look at our alpha release!
containerd
, runc
, cni
(including cni config), and cri-containerd
.$ containerd &
$ cri-containerd &
$ CONTAINER_RUNTIME=remote CONTAINER_RUNTIME_ENDPOINT=/var/run/cri-containerd.sock hack/local-up-cluster.sh