All Versions
64
Latest Version
Avg Release Cycle
52 days
Latest Release
1874 days ago

Changelog History
Page 4

  • v1.4.0 Changes

    ๐Ÿ›  This release includes a number of new features and bugfixes like a new config subcommand, man page, and bash completion generation during build time.

    ๐Ÿ†• New features and UX changes

    • ๐Ÿ“š config: add config subcommand (#2405). This new subcommand prints the current rkt configuration. It can be used to get i.e. authentication credentials. See rkt's config subcommand documentation.

    • โš™ run: add --user/--group app flags to rkt run and rkt prepare allowing to override the user and group specified in the image manifest (#2419).

    • ๐Ÿšš gc: Add flag 'mark-only' to mark garbage pods without deleting them (#2400, #2402). This new flag moves exited/aborted pods to the exited-garbage/garbage directory but does not delete them. A third party application can use rkt gc --mark-only=true to mark exited pods as garbage without deleting them.

    • 0๏ธโƒฃ kvm: Add support for app capabilities limitation (#2222). By default kvm flavor has got enabled every capability inside pod. This patch adds support for a restricted set of capabilities inside a kvm flavor of rkt.

    • stage1/init: return exit code 1 on error (#2383). On error, stage1/init was returning a non-zero value between 1 and 7. This change makes it return status code 1 only.

    • api: Add 'CreatedAt', 'StartedAt' in pod's info returned by api service. (#2377).

    ๐Ÿ‘Œ Improved documentation

    • ๐Ÿ“š Minor documentation fixes (#2413, #2395, #2231).

    • ๐Ÿ“š functional tests: Add new test with systemd-proxyd (#2257). Adds a new test and documentation how to use systemd-proxyd with rkt pods.

    ๐Ÿ› Bug fixes

    • ๐Ÿ”จ kvm: refactor volumes support (#2328). This allows users to share regular files as volumes in addition to directories.

    • ๐Ÿ›  kvm: fix rkt status (#2415). Fixes a regression bug were rkt status was no longer reporting the pid of the pod when using the kvm flavor.

    • ๐Ÿ— Build actool for the build architecture (#2372). Fixes a cross compilation issue with acbuild.

    • ๐Ÿ›  rkt: calculate real dataDir path (#2399). Fixes garbage collection when the data directory specified by --dir contains a symlink component.

    • ๐Ÿณ stage1/init: fix docker volume semantics (#2409). Fixes a bug in docker volume semantics when rkt runs with the option --pod-manifest. When a Docker image exposes a mount point that is not mounted by a host volume, Docker volume semantics expect the files in the directory to be available to the application. This was partially fixed in rkt 1.3.0 via #2315 but the bug remained when rkt runs with the option --pod-manifest. This is now fully fixed.

    • rkt/image: check that discovery labels match manifest labels (#2311).

    • store: fix multi process with multi goroutines race on db (#2391). This was a bug when multiple rkt fetch commands were executed concurrently.

    • ๐Ÿ›  kvm: fix pid vs ppid usage (#2396). Fixes a bug in rkt enter in the kvm flavor causing an infinite loop.

    • kvm: Fix connectivity issue in macvtap networks caused by macvlan NICs having incorrect names (#2181).

    • โœ… tests: TestRktListCreatedStarted: fix timing issue causing the test to fail on slow machines (#2366).

    • ๐Ÿšš rkt/image: remove redundant quotes in an error message (#2379).

    • ๐Ÿ“š prepare: Support 'ondisk' verification skip as documented by the global options (#2376). Prior to this commit, rkt prepare would check the ondisk image even if the --insecure-options=ondisk flag was provided. This corrects that.

    Other changes

    • โœ… tests: skip TestSocketProxyd when systemd-socket-proxyd is not installed (#2436).

    • ๐Ÿณ tests: TestDockerVolumeSemantics: more tests with symlinks (#2394).

    • ๐Ÿ— rkt: Improve build shell script used in continuous integration (#2394).

    • protobuf: generate code using a script (#2382).

    • ๐Ÿ‘€ Generate manpages (#2373). This adds support for generating rkt man pages using make manpages and the bash completion file using make bash-completion, see the note for packagers below.

    • โœ… tests/aws.sh: add test for Fedora 24 (#2340).

    ๐Ÿ“ฆ Note for packagers

    ๐Ÿ— Files generated from sources are no longer checked-in the git repository. Instead, packagers should build them:

    • Bash completion file, generated by make bash-completion
    • Man pages, generated by make manpages

  • v1.3.0 Changes

    ๐Ÿ›  This release includes a number of new features and bugfixes like the long-awaited propagation of apps' exit status.

    ๐Ÿ†• New features and UX changes

    • 0๏ธโƒฃ Propagate exit status from apps inside the pod to rkt (#2308). Previously, if an app exited with a non-zero exit status, rkt's exit status would still be 0. Now, if an app fails, its exit status will be propagated to the outside. While this was partially implemented in some stage1 flavors since rkt v1.1.0, it now works in the default coreos flavor.
    • 0๏ธโƒฃ Check signatures for stage1 images by default, especially useful when stage1 images are downloaded from the Internet (#2336). This doesn't affect the following cases:
      • The stage1 image is already in the store
      • The stage1 image is in the default directory configured at build time
      • The stage1 image is the default one and it is in the same directory as the rkt binary
    • ๐Ÿ‘ Allow downloading of insecure public keys with the pubkey insecure option (#2278).
    • ๐Ÿณ Implement Docker volume semantics (#2315). Docker volumes are initialized with the files in the image if they exist, unless a host directory is mounted there. Implement that behavior in rkt when it runs a Docker converted image.

    API service

    • Return the cgroup when getting information about running pods and add a new cgroup filter (#2331).

    ๐Ÿ› Bug fixes

    • ๐Ÿ”ง Avoid configuring more CPUs than the host has in the kvm flavor (#2321).
    • ๐Ÿ›  Fix a bug where the proxy configuration wasn't forwarded to docker2aci (docker2aci#147).

    Notes

    • ๐Ÿš€ This release drops support for go1.4.

  • v1.2.1 Changes

    ๐Ÿš€ This release fixes a couple of bugs we missed in 1.2.0.

    ๐Ÿ› Bug fixes

    • ๐ŸŒฒ Do not error out if /dev/ptmx or /dev/log exist (#2302).
    • ๐Ÿš€ Vendor a release of go-systemd instead of current master (#2306).

  • v1.2.0 Changes

    ๐Ÿš€ This release is an incremental release with numerous bug fixes.

    ๐Ÿ†• New features and UX changes

    • โž• Add --hostname option to rkt run/run-prepared (#2251). This option allows setting the pod host name.

    ๐Ÿ› Bug fixes

    • ๐Ÿ›  Fix deadlock while exiting a lkvm rkt pod (#2191).
    • ๐Ÿง SELinux fixes preparating rkt to work on Fedora with SELinux enabled (#2247 and #2262).
    • ๐Ÿ›  Fix bug that occurs for some types of on-disk image corruption, making it impossible for the user run or garbage collect them (#2180).
    • ๐Ÿ›  Fix authentication issue when fetching from a private quay.io repository (#2248).
    • ๐Ÿ‘ Allow concurrent image fetching (#2239).
    • ๐Ÿ›  Fix issue mounting volumes on images if the target path includes an absolute symlink (#2290).
    • ๐ŸŒฒ Clean up dangling symlinks in /var/log/journal on garbage collection if running on systemd hosts (#2289).

    ๐Ÿ— Note for 3rd party stage1 builders

    • ๐Ÿ“š The stage1 command line interface is versioned now. See the implementors guide for more information.

  • v1.1.0 Changes

    ๐Ÿ›  This release is the first incremental release since 1.0. It includes bugfixes and some UX improvements.

    ๐Ÿ†• New features and UX changes

    • โž• Add support for non-numerical UID/GID as specified in the appc spec (#2159). rkt can now start apps as the user and group specified in the image manifest with three different possible formats: a numeric UID/GID, a username and group name referring to the ACI's /etc/passwd and /etc/group, or a file path in the ACI whose owner will determine the UID/GID.
    • ๐Ÿ“š When an application terminates with a non-zero exit status, rkt run should return that exit status (#2198). This is now fixed in the src and host flavors with systemd >= v227 but not yet in the shipped coreos flavor.
    • ๐Ÿ‘‰ Use exit status 2 to report usage errors (#2149).
    • โž• Add support for tuning pod's network via the CNI tuning plugin (#2140). For example, this allows increasing the size of the listen queue for accepting new TCP connections (net.core.somaxconn) in the rkt pod.
    • ๐Ÿ›  Keep $TERM from the host when entering a pod (#1962). This fixes the command "clear" which previously was not working.

    ๐Ÿ› Bug fixes

    • Socket activation was not working if the port on the host is different from the app port as set in the image manifest (#2137).
    • ๐Ÿ›  Fix an authentication failure when fetching images from private repositories in the official Docker registry (#2197).
    • Set /etc/hostname in kvm pods (#2190).

  • v1.0.0 Changes

    ๐Ÿš€ This marks the first release of rkt recommended for use in production. The command-line UX and on-disk format are considered stable and safe to develop against. ๐Ÿ—„ Any changes to these interfaces will be backwards compatible and subject to formal deprecation. The API is not yet completely stabilized, but is functional and suitable for use by early adopters.

    ๐Ÿ†• New features and UX changes

    • โž• Add pod creation and start times to rkt list and rkt status (#2030). See rkt list and rkt status documentation.
    • ๐Ÿ“š The DNS configuration can now be passed to the pod via the command line (#2040). See DNS support documentation.
    • ๐Ÿ“š Errors are now structured, allowing for better control of the output (#1937). See Error & Output for how a developer should use it.
    • ๐Ÿ“ฆ All output now uses the new log package in pkg/log to provide a more clean and consistent output format and more helpful debug output (#1937).
    • โž• Added configuration for stage1 image. Users can drop a configuration file to /etc/rkt/stage1.d (or to stage1.d in the user configuration directory) to tell rkt to use a different stage1 image name, version and location instead of build-time defaults (#1977).
    • 0๏ธโƒฃ Replaced the --stage1-image flag with a new set of flags. --stage1-url, --stage-path, --stage1-name do the usual fetching from remote if the image does not exist in the store. --stage1-hash takes the stage1 image directly from the store. --stage1-from-dir works together with the default stage1 images directory and is described in the next point (#1977).
    • โž• Added default stage1 images directory. User can use the newly added --stage1-from-dir parameter to avoid typing the full path. --stage1-from-dir behaves like --stage1-path (#1977).
    • โœ‚ Removed the deprecated --insecure-skip-verify flag (#2068).
    • 0๏ธโƒฃ Fetched keys are no longer automatically trusted by default, unless --trust-keys-from-https is used. Additionally, newly fetched keys have to be explicitly trusted with rkt trust if a previous key was trusted for the same image prefix (#2033).
    • ๐Ÿ‘‰ Use NAT loopback to make ports forwarded in pods accessible from localhost (#1256).
    • ๐Ÿ‘‰ Show a clearer error message when unprivileged users execute commands that require root privileges (#2081).
    • โž• Add a rkt tmpfiles configuration file to make the creation of the rkt data directory on first boot easier (#2088).
    • โœ‚ Remove rkt install command. It was replaced with a setup-data-dir.sh script (#2101.

    ๐Ÿ› Bug fixes

    • ๐Ÿ›  Fix regression when authenticating to v2 Docker registries (#2008).
    • โš  Don't link to libacl, but dlopen it (#1963). This means that rkt will not crash if libacl is not present on the host, but it will just print a warning.
    • Only suppress diagnostic messages, not error messages in stage1 (#2111).

    Other changes

    • ๐Ÿ“š Trusted Platform Module logging (TPM) is now enabled by default (#1815). This ensures that rkt benefits from security features by default. See rkt's Build Configuration documentation.
    • โž• Added long descriptions to all rkt commands (#2098).

    Migration

    • โšก๏ธ The --stage1-image flag was removed. Scripts using it should be updated to use one of --stage1-url, --stage1-path, --stage1-name, --stage1-hash or --stage1-from-dir
    • ๐Ÿ”’ All uses of the deprecated --insecure-skip-verify flag should be replaced with the --insecure-options flag which allows user to selectively disable security features.
    • ๐Ÿšš The rkt install command was removed in favor of the dist/scripts/setup-data-dir.sh script.

    ๐Ÿ“ฆ Note for packagers

    ๐Ÿš€ With this release, rkt RPM/dpkg packages should have the following updates:

    • ๐Ÿ”ง Pass --enable-tpm=no to configure script, if rkt should not use TPM.
    • ๐Ÿ”ง Use the --with-default-stage1-images-directory configure flag, if the default is not acceptable and install the built stage1 images there.
    • Distributions using systemd: install the new file dist/init/systemd/tmpfiles.d/rkt.conf in /usr/lib/tmpfiles.d/rkt.conf and then run systemd-tmpfiles --create rkt.conf. This can replace running rkt install to set the correct ownership and permissions.

  • v0.16.0 Changes

    ๐Ÿ†• New features and UX changes

    • Explicitly allow http connections via a new 'http' option to --insecure-options (#1945). Any data and credentials will be sent in the clear.
    • When using bash, rkt commands can be auto-completed (#1955).
    • ๐Ÿ“š The executables given on the command line via the --exec parameters don't need to be absolute paths anymore (#1953). This change reflects an update in the appc spec since v0.7.2. See rkt's rkt run --exec documentation.
    • โž• Add a --full flag to rkt fetch so it returns full hash of the image (#1976).
    • ๐Ÿ“š There is a new global flag for specifying the user configuration directory, --user-config. It overrides whatever is configured in system and local configuration directories. It can be useful for specifying different credentials for fetching images without putting them in a globally visible directory like /etc/rkt. See rkt's Global Options documentation (#1981).
    • ๐Ÿ”ง As a temporary fix, search for network plugins in the local configuration directory too (#2005).
    • Pass the environment defined in the image manifest to the application when using the fly stage1 image (#1989).

    ๐Ÿ— Build improvements

    • ๐Ÿ›  Fix vagrant rkt build (#1960).
    • ๐Ÿ“ฆ Switch to using unrewritten imports, this will allow rkt packages to be cleanly vendored by other projects (#2014).

    API service

    • ๐Ÿ‘ Allow filtering images by name (#1985).

    ๐Ÿ› Bug fixes

    • ๐Ÿ›  Fix bug where the wrong image signature was checked when using dependencies (#1991).

    โœ… Test improvements

    • โœ… A new script to run test on AWS makes it easier to test under several distributions: CentOS, Debian, Fedora, Ubuntu (#1925).
    • โœ… The functional tests now skip user namespace tests when user namespaces do not work (#1947).
    • Check that rkt is not built with go 1.5.{0,1,2} to make sure it's not vulnerable to CVE-2015-8618 (#2006).

    Other changes

    • Cleanups in the kvm stage1 (#1895).
    • Document stage1 filesystem layout for developers (#1832).

    ๐Ÿ“ฆ Note for packagers

    ๐Ÿš€ With this release, rkt RPM/dpkg packages should have the following updates:

    • Install the new file dist/bash_completion/rkt.bash in /etc/bash_completion.d/.

  • v0.15.0 Changes

    ๐Ÿš€ rkt v0.15.0 is an incremental release with UX improvements, bug fixes, API service enhancements and new support for Go 1.5.

    ๐Ÿ†• New features and UX changes

    • ๐Ÿ“š Images can now be deleted from the store by both ID and name (#1866). See rkt's rkt image rm documentation.
    • ๐Ÿ“š The journals of rkt pods can now be accessed by members of the Unix group rkt (#1877). See rkt's journalctl -M documentation.

    ๐Ÿ‘Œ Improved documentation

    API service

    • Programs using rkt's API service are now provided with the size of the images stored in rkt's store (#1916).
    • Programs using rkt's API service are now provided with any annotations found in the image manifest and pod manifest (#1924).
    • ๐Ÿ›  Fix a panic in the API service by making the store database thread-safe (#1892) and by refactoring the API service functions to get the pod state (#1893).

    ๐Ÿ— Build improvements

    • โž• Add support for building rkt with Go 1.5, which is now the preferred version. rkt can still be built with Go 1.4 as best effort (#1907). As part of the move to Go 1.5, rkt now has a godep-save script to support Go 1.5 (#1857).
    • ๐Ÿ— Continuous Integration on Travis now builds with both Go 1.4.2 and Go 1.5.2. Go 1.4.3 is avoided to workaround recent problems with go vet (#1941).

    ๐Ÿ› Bug fixes

    • ๐Ÿ›  Fix regression issue when downloading image signatures from quay.io (#1909).
    • Properly cleanup the tap network interface that were not cleaned up in some error cases when using the kvm stage1 (#1921).
    • ๐Ÿ›  Fix a bug in the 9p filesystem used by the kvm stage1 that were preventing apt-get from working propertly (#1918).

  • v0.14.0 Changes

    rkt v0.14.0 brings new features like resource isolators in the kvm stage1, a new stage1 flavor called fly, bug fixes and improved documentation. โšก๏ธ The appc spec version has been updated to v0.7.4

    ๐Ÿ†• New features and UX changes

    • ๐Ÿ“š The data directory that rkt uses can now be configured with a config file (#1806). See rkt's paths configuration documentation.
    • ๐Ÿ“š CPU and memory resource isolators can be specified on the command line to override the limits specified in the image manifest (#1851, #1874). See rkt's overriding isolators documentation.
    • CPU and memory resource isolators can now be used within the kvm stage1 (#1404)
    • The rkt image list command can now display the image size (#1865).
    • A new stage1 flavor has been added: fly; and it represents the first experimental implementation of the upcoming rkt fly feature. (#1833)

    ๐Ÿ— Build improvements

    • ๐Ÿš€ It is now possible to build rkt inside rkt (#1681). This should improve the reproducibility of builds. This release does not use it yet but it is planned for future releases.
    • ๐Ÿ“š Linux distribution packagers can override the version of stage1 during the build (#1821). This is needed for any Linux distributions that might carry distro-specific patches along the upstream release. See rkt's documentation about building stage1 flavors.
    • ๐Ÿ— Smaller build improvements with dep generation (#1838), error messages on make clean (#1850), dependency checks in the kvm flavor (#1860)

    ๐Ÿ› Bug fixes

    • rkt is now able to override the application command with --exec when the application manifest didn't specify any command (#1843).
    • ๐Ÿง In some cases, user namespaces were not working in Linux distributions without systemd, such as Ubuntu 14.04 LTS. This is fixed by creating a unique cgroup for each pod when systemd is not used (#1844)
    • ๐Ÿ“ฆ rkt's tar package didn't prefix the destination file correctly when using hard links in images. This was not a issue in rkt itself but was causing acbuild to misbehave (#1852).
    • ๐Ÿ”ง ACIs with multiple dependencies can end up depending on the same base image through multiple paths. In some of those configuration with multiple dependencies, fetching the image via image discovery was not working. This is fixed and a new test ensures it will keep working (#1822).
    • ๐Ÿ›  The pod cgroups were misconfigured when systemd-devel is not installed. This was causing per-app CPU and memory isolators to be ineffective on those systems. This is now fixed but will require an additional fix for NixOS (#1873).
    • During the garbage collection of pods (rkt gc), all mounts will be umounted even when the pod is in an inconsistent state (#1828, #1856)

    ๐Ÿ‘Œ Improved documentation

    • ๐Ÿ†• New documentation about configure flags (#1824). This also includes formatting and typos fixes and updates. The examples about rkt's configuration files are also clarified (#1847).
    • ๐Ÿ†• New documentation explaining how cgroups are used by rkt (#1870). This should make it easier for software developers to integrate rkt with monitoring software.

    API service

    • ๐ŸŽ The API service is meant to be used by orchestration tools like Kubernetes. The performance of the API service was improved by reducing the round-trips in the ListPods and ListImages requests (#1786). Those requests also gained multiple filters for more flexibility (#1853).

  • v0.13.0 Changes

    ๐Ÿš€ The primary motivation for this release is to add support for fetching images on the Docker Registry 2.0. It also includes other small improvements.

    • ๐Ÿณ docker2aci: support Docker Registry 2.0 (#1826)
    • ๐Ÿณ always use https:// when fetching docker images (#1837)
    • stage0: add container hash data into TPM (#1775)
    • host flavor: fix systemd copying into stage1 for Debian packaging (#1811)
    • clarify network error messages (#1707)
    • ๐Ÿ“š documentation: add more build-time requirements (#1834)