New
containerd 2.2.1
Welcome to the v2.2.1 release of containerd!
The first patch release for containerd 2.2 contains various fixes and improvements.
Highlights
Container Runtime Interface (CRI)
- Redact all query parameters in CRI error logs (#12546)
Image Distribution
- Fix image defaults on Darwin to usable configuration (#12544)
- Fix possible panic from WithMediaTypeKeyPrefix (#12516)
Runtime
- Update runc binary to v1.3.4 (#12593)
- Fix parsing of hugetlb..events files (containerd/cgroups#379)
Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.
Contributors
- Krisztian Litkey
- Markus Lehtonen
- Akihiro Suda
- Mike Brown
- Sebastiaan van Stijn
- Derek McGowan
- Heran Yang
- Wei Fu
- Phil Estes
- Samuel Karp
- Austin Vazquez
- Sascha Grunert
- Akhil Mohan
- Andrey Noskov
- Brian Goff
- CrazyMax
- Davanum Srinivas
- Gaurav Ghildiyal
- Neeraj Krishna Gopalakrishna
- Paweł Gronowski
- Tariq Ibrahim
- TomerLev
- Tõnis Tiigi
- bo.jiang
- ningmingxiao
Changes
53 commits
- Prepare release notes for v2.2.1 (#12677)
f6bae1f88Prepare release notes for v2.2.1
- cri,nri: bump NRI dependencies to v0.11.0 (#12701)
c22cf5d49cri,nri: pass any linux security profile to plugins.d7532de75cri,nri: pass any linux RDT constraints to plugins.ef36e6181cri,nri: pass any linux net devices to plugins.d56faf426cri,nri: pass any linux scheduler attributes to plugins.e1824d261cri,nri: pass any linux I/O priority to plugins.01d5490aego.{mod,sum}: bump NRI deps to v0.11.0, re-vendor.
- pkg/tracing: HTTPStatusCodeAttributes: remove use of deprecated SemConv const (#12697)
58d23ab63pkg/tracing: HTTPStatusCodeAttributes: remove use of deprecated SemConv const
- cri/nri: short-circuit nil adjustment. (#12672)
05ccbb3a7cri/nri: short-circuit nil adjustment.
- go.{mod,sum}: bump CDI deps to v1.1.0. (#12664)
c166a577dgo.{mod,sum} bump CDI deps to v1.1.0.
- go.mod: containerd/zfs v2.0.0; remove exclude rules (#12654)
- go.mod: github.com/containernetworking/plugins v1.9.0 (#12658)
8a5fc8641go.mod: github.com/containernetworking/plugins v1.9.0
- go.mod: golang.org/x/crypto v0.45.0 (#12638)
55c93d6fbgo.mod: golang.org/x/crypto v0.45.0
- ci :bump Go 1.24.11, 1.25.5 (#12625)
- core/runtime/v2: remove uses of otelgrpc.UnaryClientInterceptor (#12622)
ed19c5420core/runtime/v2: remove uses of otelgrpc.UnaryClientInterceptor
- ci: update CIFuzz actions to support Ubuntu 24.04 (#12632)
952237d9bci: update CIFuzz actions to support Ubuntu 24.04
- Update runc binary to v1.3.4 (#12593)
fb5b818a9runc: Update runc binary to v1.3.4
- : update containerd/cgroups from v3.1.0 to v3.1.2 (#12598)
- core/mount: should not call removeLoop when set autoclear (#12587)
41a69eb0dcore/mount: should not call removeLoop when set autoclear
- build(deps): bump github.com/opencontainers/selinux (#12589)
e3bf2b80bbuild(deps): bump github.com/opencontainers/selinux
- .github: skip 5 critest cases for window-2022 (#12584)
da8e846f9.github: skip 5 critest cases in window CI pipeline
- Fix image defaults on Darwin to usable configuration (#12544)
- Redact all query parameters in CRI error logs (#12546)
c707f771afix: redact all query parameters in CRI error logs
- Revert "Implement io.ReaderAt on docker fetch reader" (#12542)
678f944ddRevert "Implement io.ReaderAt on docker fetch reader"
- Fix possible panic from WithMediaTypeKeyPrefix (#12516)
8b73c2de3remotes: fix possible panic from WithMediaTypeKeyPrefix
Changes from containerd/cgroups
13 commits
- ci: bump golangci-lint to v2.6.2 (containerd/cgroups#382)
- build(deps): bump actions/checkout from 5 to 6 (containerd/cgroups#381)
4e30098build(deps): bump actions/checkout from 5 to 6
- Fix parsing of hugetlb..events files (containerd/cgroups#379)
2ad7a12hugetlb: correctly parse hugetlb..events files
- go.mod: github.com/opencontainers/runtime-spec v1.3.0 (containerd/cgroups#376)
34ef430go.mod: github.com/opencontainers/runtime-spec v1.3.0
Changes from containerd/nri
79 commits
- adaptation: allow compiling out WASM support altogether. (containerd/nri#253)
ab88fe6adaptation: allow compiling out WASM support altogether.
- Support direct editing of the intelRdt config (containerd/nri#215)
- update wazero/wazero version to v1.10.1 (containerd/nri#252)
9eb9a0fupdate tetratelabs/wazero version to v1.10.1
- support specifying a custom NRI socket path (containerd/nri#249)
2df6565[plugins] support specifying a custom NRI socket path
- pkg/api: add OptionalRepeatedString type (containerd/nri#212)
687c1a6pkg/api: add OptionalRepeatedString type
- api,adaptation,generate: allow setting kernel scheduling policy attributes. (containerd/nri#160)
- device-injector: always log injection summary. (containerd/nri#246)
14cc2e2device-injector: always log injection summary.
- api,adaptation,generate: allow adjusting linux net devices (containerd/nri#157)
- Add support for sysctl adjustment (containerd/nri#248)
- feat: Make logger a configurable struct member for stub (containerd/nri#239)
08a891afeat: Make logger a configurable struct member for stub
- Drop dependency on opencontainers/runtime-tools (containerd/nri#247)
5e5c2beDrop dependency on opencontainers/runtime-tools
- deps: bump runtime-spec to v1.3.0. (containerd/nri#243)
- adaptation: ensure sync'ed plugins are fully registered in tests. (containerd/nri#234)
c840397adaptation: ensure sync'ed plugins are fully registered in tests.
- Fix wasm example (containerd/nri#237)
44b2861Fix wasm example
- Makefile: build proto files unconditionally (containerd/nri#229)
- adaptation: test with populated initial resources. (containerd/nri#231)
b6b98b5adaptation: test with populated initial resources.
- Install protoc locally in the source tree (containerd/nri#232)
2394daaInstall protoc locally in the source tree
- plugins/logger: fix default event subscription mask. (containerd/nri#158)
33b1db1logger: fix default event subscription mask.
- extract memory and CPU resource helpers (containerd/nri#210)
7afb32aextract memory and CPU resource helpers
- api: expose container user/group ID to plugins. (containerd/nri#230)
- contrib: add example for enabling per-container RDT monitoring (containerd/nri#228)
91fbf06contrib: add example for enabling per-container RDT monitoring
- ci: enable image signing (containerd/nri#224)
fb54916ci: enable image signing
- golangci: disable QF1008 from staticcheck linter (containerd/nri#226)
0b3b577golangci: disable QF1008 from staticcheck linter
- ci: bump golangci-lint to v2.4 (containerd/nri#225)
- .gitignore: revert hastily reviewed editor-specific addition. (containerd/nri#221)
- nit: Add .idea folder to gitignore (containerd/nri#218)
f578ea2nit: Add .idea folder to gitignore
- chore: clean and unify nolint directives (containerd/nri#217)
21741b9chore: clean and unify nolint directives
- Downgrade go to require 1.24.0 (containerd/nri#214)
d26e910Downgrade go to require 1.24.0
- Add dockerized target for building proto files (containerd/nri#211)
13fcc07Add dockerized target for building proto files
Changes from containerd/zfs
11 commits
- go.mod: update to stable containerd v2.0 (containerd/zfs#89)
f11f891go.mod: update to stable containerd v2.0
- ci: update actions, test against go1.23, fix linting, and update golangci-lint (containerd/zfs#88)
662ad3cgha: update golangci/golangci-lint-action@v9, golangci-lint v2.7b0b2584remove nolint comments7c4274bfix error capitalization24ce1b9fix inconsistent receiver namec8545c3gha: update actions/checkout@v6d23ec04gha: update actions/setup-go@v6bb45f6egha: update containerd/project-checks@v1.2.265bc451gha: test against go1.23
Dependency Changes
- github.com/containerd/cgroups/v3 v3.1.0 -> v3.1.2
- github.com/containerd/nri v0.10.0 -> v0.11.0
- github.com/containerd/zfs/v2 v2.0.0-rc.0 -> v2.0.0
- github.com/containernetworking/plugins v1.8.0 -> v1.9.0
- github.com/cyphar/filepath-securejoin v0.5.1 new
- github.com/opencontainers/runtime-spec v1.2.1 -> v1.3.0
- github.com/opencontainers/runtime-tools 0ea5ed0382a2 -> edf4cb3d2116
- github.com/opencontainers/selinux v1.12.0 -> v1.13.1
- github.com/tetratelabs/wazero v1.9.0 -> v1.10.1
- golang.org/x/crypto v0.41.0 -> v0.45.0
- golang.org/x/net v0.43.0 -> v0.47.0
- golang.org/x/sync v0.17.0 -> v0.18.0
- golang.org/x/sys v0.37.0 -> v0.38.0
- golang.org/x/term v0.34.0 -> v0.37.0
- golang.org/x/text v0.28.0 -> v0.31.0
- tags.cncf.io/container-device-interface v1.0.1 -> v1.1.0
- tags.cncf.io/container-device-interface/specs-go v1.0.0 -> v1.1.0
Previous release can be found at v2.2.0
Which file should I download?
containerd-<VERSION>-<OS>-<ARCH>.tar.gz: ✅Recommended. Dynamically linked with glibc 2.35 (Ubuntu 22.04).containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz: Statically linked. Expected to be used on Linux distributions that do not use glibc >= 2.35. Not position-independent.
In addition to containerd, typically you will have to install runc and CNI plugins from their official sites too.
See also the Getting Started documentation.