Releases: cloudfoundry/garden-runc-release
Releases · cloudfoundry/garden-runc-release
1.57.0
1.57.0
Release Date: October 02, 2024
Changes
- Upgrade to Go 1.23
- Create a top-level dir for libtool
✨ Built with go 1.23.2
Full Changelog: v1.56.0...v1.57.0
Resources
1.56.0
1.56.0
Release Date: September 11, 2024
Changes
- ✨Introduces a new
garden.read_header_timeoutproperty to configure how long garden's HTTP server will wait to read all HTTP request headers. - Bumps to go 1.22.7
- Dependency Bumps
Bosh Job Spec changes:
diff --git a/jobs/garden-windows/spec b/jobs/garden-windows/spec
index 004e4e7f..74f545db 100644
--- a/jobs/garden-windows/spec
+++ b/jobs/garden-windows/spec
@@ -36,6 +36,10 @@ properties:
description: "An array of additional arguments which will be passed to the runtime plugin binary"
default: []
+ garden.read_header_timeout:
+ description: "The amount of time allowed to read request headers"
+ default: 30s
+
garden.image_plugin:
description: "Path to an image plugin binary"
diff --git a/jobs/garden/spec b/jobs/garden/spec
index 093e53e1..5a78d357 100644
--- a/jobs/garden/spec
+++ b/jobs/garden/spec
@@ -128,6 +128,10 @@ properties:
description: "Path to a runtime plugin binary"
default: /var/vcap/packages/runc/bin/runc
+ garden.read_header_timeout:
+ description: "The amount of time allowed to read request headers"
+ default: 30s
+
garden.no_image_plugin:
description: "If true, disables image plugin usage, thus ignoring other image plugin settings"
default: false
✨ Built with go 1.22.7
Full Changelog: v1.55.0...v1.56.0
Resources
1.55.0
1.55.0
Release Date: August 27, 2024
Changes
- Bump to golang 1.22.6
✨ Built with go 1.22.6
Full Changelog: v1.54.0...v1.55.0
Resources
1.54.0
1.54.0
Release Date: July 31, 2024
Changes
- Bump to golang 1.22.5
- Bump libnftnl to 1.2.8
✨ Built with go 1.22.5
Full Changelog: v1.53.0...v1.54.0
Resources
1.53.0
Changes
- DEPRECATION NOTICE The
garden.experimental_use_containerd_mode_for_processesproperty and usage of Garden when run in containerd mode for processes is now deprecated and no longer tested. - DEFAULT CHANGE - The default mode for garden containers is now containerd. This has been the default in cf-deployment since 2018.
- REMOVAL OF EXPERIMENTAL FUNCTIONALITY NOTICE The experimental option to run the garden server process in rootless mode has been removed, as it did not work as expected and was an abandoned feature.
- Go package dependency bumps
Bosh Job Spec changes:
diff --git a/jobs/garden-binaries/spec b/jobs/garden-binaries/spec
index 0433639a..a8a96bae 100644
--- a/jobs/garden-binaries/spec
+++ b/jobs/garden-binaries/spec
@@ -15,7 +15,6 @@ packages:
- grootfs
- xfs-progs
- thresholder
- - netplugin-shim
- dontpanic
- tini
diff --git a/jobs/garden/spec b/jobs/garden/spec
index 027df351..093e53e1 100644
--- a/jobs/garden/spec
+++ b/jobs/garden/spec
@@ -36,7 +36,6 @@ packages:
- grootfs
- xfs-progs
- thresholder
- - netplugin-shim
- dontpanic
- tini
@@ -199,10 +198,6 @@ properties:
description: AppArmor profile to use for unprivileged container processes
default: garden-default
- garden.experimental_rootless_mode:
- description: A boolean stating whether or not to run garden-server as a non-root user
- default: false
-
# We believe this defaults to false to help concourse: https://github.com/cloudfoundry/garden-runc-release/releases/tag/v1.5.0
# For diego/cf, this should be set to true
garden.cleanup_process_dirs_on_wait:
@@ -210,8 +205,8 @@ properties:
default: false
garden.containerd_mode:
- description: "Use containerd for container lifecycle management. NOTE: cannot be used in combination with bpm or rootless"
- default: false
+ description: "Use containerd for container lifecycle management. NOTE: cannot be used in combination with bpm"
+ default: true
garden.tcp_keepalive_time:
description: Sets the `net.ipv4.tcp_keepalive_time` kernel parameter in containers. If not specified, the value from the linux init_net namespace is used.
@@ -229,7 +224,7 @@ properties:
description: Sets the `net.ipv4.tcp_retries2` kernel parameter in containers. If not specified, the value from the linux init_net namespace is used.
garden.experimental_use_containerd_mode_for_processes:
- description: "(Under development) Use containerd for container process management. Must be used with containerd_mode also set to true. NOTE: cannot be used in combination with bpm or rootless"
+ description: "(Deprecated) No longer used/tested."
default: false
garden.experimental_cpu_throttling:
diff --git a/jobs/gats/spec b/jobs/gats/spec
index 916a35eb..065e3ace 100644
--- a/jobs/gats/spec
+++ b/jobs/gats/spec
@@ -22,12 +22,6 @@ properties:
garden_test_rootfs:
description: Test rootfs to use
default: 'docker:///cloudfoundry/garden-rootfs'
- containerd_for_processes:
- description: Run GATS with CONTAINERD_FOR_PROCESSES_ENABLED
- default: false
- rootless:
- description: Run GATS with ROOTLESS env var
- default: false
cpu_throttling:
description: Run GATS with CPU_THROTTLING_ENABLED
default: false
✨ Built with go 1.22.3
Full Changelog: v1.52.0...v1.53.0
Resources
1.52.0
1.51.0
Changes
- Bumped Golang to 1.21.8
- Golang package dependency bumps
- Many updates to get codebase passing the staticcheck linker
- Updated garden-integration-tests to be a little less flakey
✨ Built with go 1.21.8
Full Changelog: v1.50.0...v1.51.0
Resources
1.50.0
Changes
- Adds
grootfs.routine_gcproperty, which allows operators to configure garden to grootfs to clean up unused container image layers whenever new containers are created.- Previously, to achieve this, operators had to set
grootfs.reserved_space_for_other_jobs_in_mbto the same value as the ephemeral disk, which is not always easy to obtain programatically.
- Previously, to achieve this, operators had to set
- Bump go dependencies
Bosh Job Spec changes:
diff --git a/jobs/garden/spec b/jobs/garden/spec
index c84b5c43..027df351 100644
--- a/jobs/garden/spec
+++ b/jobs/garden/spec
@@ -292,6 +292,10 @@ properties:
grootfs.tls.ca_cert:
description: "PEM-encoded tls client CA certificate for asset upload/download"
+ grootfs.routine_gc:
+ description: "Set to true if you want grootfs to perform garbage collection on unused container image layers whenever a new container is created."
+ default: false
+
grootfs.reserved_space_for_other_jobs_in_mb:
description: "Amount of space that will be kept free for other jobs. The GrootFS store will be able to grow up to a maximum size of its disk minus this reserved space. Where the reserved space does not allow sufficient size for GrootFS to store container images and root filesystems (currently 15GB), the limit will be a soft limit, and garbage collection will attempt to keep disk space available for other jobs. -1 disables GC and allows GrootFS to potentially use the whole disk."
default: 15360
✨ Built with go 1.21.7
Full Changelog: v1.49.0...v1.50.0
Resources
1.49.0
Changes
- ✨guardian is a little more helpful when logging messages about containers that could not be killed, even after sending multiple SIGKILLs. In situations such as this, the only recourse is to reboot the VM, if the container processes are stuck in an unkillable state in the kernel. In addition to making this error stand out more, we've added a new metric for
UnkillableContainersthat guardian emits. When nonzero, there is a container that cannot be killed. See the CloudFoundrydocs for Component metrics for more info. - Golang package dependency bumps
- Bumped to Golang 1.21.7
✨ Built with go 1.21.7
Full Changelog: v1.48.0...v1.49.0
Resources
1.48.0
Changes
- 🔒runc + container have been bumped to address CVE-2024-21626
✈️ Many updates to get garden-runc-release's CI configuration working in the wg-app-platform-runtime-ci repo Thank you @winkingturtle-vmw @ebroberson @MarcPaquette !!!- Docs updates - Thank you @MarcPaquette !!!
- Many golang package dependency bumps
✨ Built with go 1.21.6
Full Changelog: v1.47.0...v1.48.0
Resources
Contributors
ebroberson, MarcPaquette, and winkingturtle-vmw