All Versions
64
Latest Version
Avg Release Cycle
52 days
Latest Release
2472 days ago

Changelog History
Page 5

  • v0.12.0 Changes

    🚀 rkt v0.12.0 is an incremental release with UX improvements like fine-grained security controls and implicit generation of empty volumes, performance improvements, bug fixes and testing enhancements.

    🆕 New features and UX changes
    • implement rkt cat-manifest for pods (#1744)
    • generate an empty volume if a required one is not provided (#1753)
    • 📚 make disabling security features granular; --insecure-skip-verify is now --insecure-options={feature(s)-to-disable} (#1738). See rkt's Global Options documentation.
    • 👍 allow skipping the on-disk integrity check using --insecure-options=ondisk. This greatly speeds up start time. (#1804)
    • set empty volumes' permissions following the spec (1803)
    • 👍 flannel networking support in kvm flavor (#1563)
    🐛 Bug fixes
    • store used MCS contexts on the filesystem (#1742)
    • 🛠 fix Docker images with whiteout-ed hard links (#1653)
    • 🛠 fix Docker images relying on /dev/stdout (#1617)
    • 👉 use authentication for discovery and trust (#1801)
    • 🛠 fix build in Docker (#1798)
    • 🛠 fix kvm networking (#1530)
    👌 Improved testing
    • ➕ add functional tests for rkt api service (#1761)
    • 🛠 fix TestSocketActivation on systemd-v219 (#1768)
    • 🛠 fix the ACE validator test (#1802)
    Other changes
    • ⬆️ Bumped appc spec to 0.7.3 (#1800)
  • v0.11.0 Changes

    🚀 rkt v0.11.0 is an incremental release with mostly bug fixes and testing improvements.

    🆕 New features and UX changes
    • 👌 support resuming ACI downloads (#1444)
    • 🚚 rkt image gc now also removes images from the store (#1697)
    🏗 Build
    • 🏗 handle building multiple flavors (#1683)
    • verbosity control (#1685, #1686)
    • 🛠 fix bugs in make clean (#1695)
    👌 Improved testing
    • ✅ nicer output in tests (#1698)
    • 🔨 refactor test code (#1709)
    • 👷 skip CI tests when the source was not modified (#1619)
    • 👍 better output when tests fail (#1728)
    • 🛠 fix tests in 10.* IP range (#1736)
    • ✅ document how to run functional tests (#1736)
    👌 Improved documentation
    • ➕ add some help on how to run rkt as a daemon (#1684)
    API service
    • do not return manifest in ListPods() and ListImages() (#1688)
    🐛 Bug fixes
    • 🛠 parameter --mount fixed in kvm flavour (#1687)
    • 🛠 fix rkt leaking containers in machinectl on CoreOS (#1694, #1704)
    • rkt status now returns the stage1 pid (#1699)
    • 🛠 fix crash in rkt status when an image is removed (#1701)
    • 🛠 fix fd leak in store (#1716)
    • 🛠 fix exec line parsing in ACI manifest (#1652)
    • 🛠 fix build on 32-bit systems (#1729)
  • v0.10.0 Changes

    🚀 rkt v0.10.0 is an incremental release with numerous bug fixes and a few small new features and UX improvements.

    🆕 New features and UX changes
    • ➕ added implementation for basic API service (rkt api-service) (#1508)
    • mount arbitrary volumes with --mount (#1582, #1678)
    • --net=none only exposes the loopback interface (#1635)
    • 👍 better formatting for rkt help (#1597)
    • 📇 metadata service registration (--mds-register) disabled by default (#1635)
    👌 Improved documentation
    👌 Improved testing
    • 🆕 new test for user namespaces (--private-users) (#1580)
    • 🛠 fix races in tests (#1608)
    🐛 Bug fixes
    • suppress unnecessary output when --debug is not used (#1557)
    • 🛠 fix permission of rootfs with overlayfs (#1607)
    • 👍 allow relative path in parameters (#1615)
    • 🛠 fix pod garbage collection failure in some cases (#1621)
    • 🛠 fix rkt list when an image was removed (#1655)
    • 🛠 user namespace (--private-users) regression with rkt group fixed ([#1654](//github.com/rkt/rkt/pull/1654))
  • v0.9.0 Changes

    🚀 rkt v0.9.0 is a significant milestone release with a number of internal and user-facing changes.

    🚀 There are several notable breaking changes from the previous release:

    • ↪ The on-disk format for pod trees has changed slightly, meaning that rkt gc and rkt run-prepared may not work for pods created by previous versions of rkt. To work around this, we recommend removing the pods with an older version of rkt.
    • 👀 The --private-net flag has been renamed to --net and its semantic has changed (in particular, it is now enabled by default) - see below for details.
    • Several changes to CLI output (e.g. column names) from the rkt list and rkt image list subcommands.
    • 👀 The image fetching behaviour has changed, with the introduction of new flags to rkt run and rkt fetch and the removal of --local - see below for details.
    🆕 New features and UX changes

    0️⃣ ###### --private-net --> --net, and networking is now private by default 0️⃣ The --private-net flag has been changed to --net, and has been now made the default behaviour. (#1532, #1418) 0️⃣ That is, a rkt run command will now by default set up a private network for the pod. 0️⃣ To achieve the previous default behaviour of the pod sharing the networking namespace of the host, use --net=host. 🔧 The flag still allows the specification of multiple networks via CNI plugins, and overriding plugin configuration on a per-network basis. 📚 For more details, see the [networking documentation](Documentation/networking.md).

    New image fetching behaviour

    🐳 When fetching images during rkt fetch or rkt run, rkt would previously behave inconsistently for different formats (e.g when performing discovery or when retrieving a Docker image) when deciding whether to use a cached version or not. rkt run featured a --local flag to adjust this behaviour but it provided an unintuitive semantic and was not available to the rkt fetch command. Instead, rkt now features two new flags, --store-only and --no-store, on both the rkt fetch and rkt run commands, to provide more consistent, controllable, and predictable behaviour regarding when images should be retrieved. 📚 For full details of the new behaviour see the [image fetching documentation](Documentation/image-fetching-behavior.md).

    Unprivileged users

    A number of changes were made to the permissions of rkt's internal store to facilitate unprivileged users to access information about images and pods on the system (#1542, #1569). In particular, the set-group-ID bit is applied to the directories touched by rkt install so that the rkt group (if it exists on the system) can retain read-access to information about pods and images. 🚀 This will be used by the rkt API service (targeted for the next release) so that it can run as an unprivileged user on the system. 👍 This support is still considered partially experimental. Some tasks like rkt image gc remain a root-only operation.

    👍 ###### /etc/hosts support 0️⃣ If no /etc/hosts exists in an application filesystem at the time it starts running, rkt will now provide a basic default version of this file. If rkt detects one already in the app's filesystem (whether through being included in an image, or a volume mounted in), it will make no changes. (#1541)

    Other new features
    • 👍 rkt now supports setting supplementary group IDs on processes (#1514).
    • rkt's use of cgroups has been reworked to facilitate rkt running on a variety of operating systems like Void and older non-systemd distributions (#1437, #1320, #1076, #1042)
    • If rkt run is used with an image that does not have an app section, rkt will now create one if the user provides an --exec flag (#1427)
    • 🚚 A new rkt image gc command adds initial support for garbage collecting images from the store (#1487). This removes treeStores not referenced by any non-GCed rkt pod.
    • rkt list now provides more information including image version and hash (#1559)
    • 0️⃣ rkt image list output now shows shortened hash identifiers by default, and human readable date formats. To use the previous output format, use the --full flag. (#1455)
    • rkt prepare gained the --exec flag, which restores flag-parity with rkt run (#1410)
    • 👍 lkvm stage1 backend has experimental support for rkt enter (#1303)
    • 👍 rkt now supports empty volume types (#1502)
    • An early, experimental read-only API definition has been added (#1359, #1518).
    🐛 Bug fixes
    • 🛠 Fixed bug in --stage1-image option which prevented it from using URLs (#1524)
    • 🛠 Fixed bug in rkt trust's handling of --root (#1494)
    • 🛠 Fixed bug when decompressing xz-compressed images (#1462, #1224)
    • 🚚 In earlier versions of rkt, hooks had an implicit timeout of 30 seconds, causing some pre-start jobs which took a long time to be killed. This implicit timeout has been removed. (#1547)
    • When running with the lkvm stage1, rkt now sets $HOME if it is not already set, working around a bug in the lkvm tool (#1447, #1393)
    • 🛠 Fixed bug preventing run-prepared from working if the metadata service was not available (#1436)
    Other changes
    • ⬆️ Bumped appc spec to 0.7.1 (#1543)
    • ⬆️ Bumped CNI and netlink dependencies (#1476)
    • ⬆️ Bumped ioprogress to a version which prevents the download bar from being drawn when rkt is not drawing to a terminal (#1423, #1282)
    • Significantly reworked rkt's internal use of systemd to orchestrate apps, which should facilitate more granular control over pod lifecycles (#1407)
    • Reworked rkt's handling of images with non-deterministically dependencies (#1240, #1198).
    • ✅ rkt functional tests now run appc's ACE validator, which should ensure that rkt is always compliant with the specification. (#1473)
    • 👷 A swathe of improvements to the build system
      • make clean should now work
      • Different rkt stage1 images are now built with different names (#1406)
      • rkt can now build on older Linux distributions (like CentOS 6) (#1529)
    • ✅ Various internal improvements to the functional test suite to improve coverage and consolidate code
    • The "ACI" field header in rkt image output has been changed to "IMAGE NAME"
    • rkt image rm now exits with status 1 on any failure (#1486)
    • 🛠 Fixed permissions in the default stage1 image (#1503)
    • ➕ Added documentation for prepare and run-prepared subcommands (#1526)
    • rkt should now report more helpful errors when encountering manifests it does not understand (#1471)
  • v0.8.1 Changes

    🚀 rkt v0.8.1 is an incremental release with numerous bug fixes and clean-up to the build system. It also introduces a few small new features and UX improvements.

    • 🆕 New features and UX changes:
      • rkt rm is now variadic: it can now remove multiple pods in one command, by UUID
      • The APPNAME column in rkt image list output has been changed to the more accurate NAME. This involves a schema change in rkt's on-disk datastore, but this should be upgraded transparently.
      • Headers are now sent when following HTTP redirects while trying to retrieve an image
      • The default metadata service port number was changed from a registered/reserved IANA port to an arbitrary port in the non-dynamic range
      • Added the ability to override arguments for network plugins
      • rkt will now error out if someone attempts to use --private-users with the lkvm backend
    • 🐛 Bug fixes:
      • Fixed creation of /tmp in apps' root filesystems with correct permissions
      • Fixed garbage collection after umounts (for example, if a system reboots before a pod is cleanly destroyed)
      • Fixed a race in interactive mode when using the lkvm backend that could cause a deadlock or segfault
      • Fixed bad parameter being passed to the metadata service ("uid" -> "uuid")
      • Fixed setting of file permissions during stage1 set up
      • Fixed a potential race condition during simultaneous iptables invocation
      • Fixed ACI download progress being sent to stderr instead of stdout, now consistent with the output during retrieval of Docker images
      • rkt help prepare will now show the correct default stage1 image
      • rkt will refuse to add isolators with nil Limits, preventing a panic caused by an ambiguity in upstream appc schema
    • Other changes:
      • Reworked the SELinux implementation to use systemd-nspawn's native context-switching feature
      • Added a workaround for a bug in Docker <1.8 when it is run on the same system as rkt (see https://github.com/rkt/rkt/issues/1210#issuecomment-132793300)
      • Added a rkt-xxxx-tapN name to tap devices that rkt creates
      • Functional tests now clean intermediate images between tests
      • Countless improvements and cleanup to the build system
      • Numerous documentation improvements, including splitting out all top-level rkt subcommands into their own documents
  • v0.8.0 Changes

    👍 rkt 0.8.0 includes support for running containers under an LKVM hypervisor 👍 and experimental user namespace support.

    Full changelog:

    • 📚 Documentation improvements
    • 👍 Better integration with systemd:
      • journalctl -M
      • machinectl {reboot,poweroff}
    • ⚡️ Update stage1's systemd to v222
    • ➕ Add more functional tests
    • 👷 Build system improvements
    • 🛠 Fix bugs with garbage-collection
    • 👍 LKVM stage1 support with network and volumes
    • 👍 Smarter image discovery: ETag and Cache-Control support
    • ➕ Add CNI DHCP plugin
    • 👌 Support systemd socket activation
    • Backup CAS database when migrating
    • 👌 Improve error messages
    • ➕ Add the ability to override ACI exec
    • ⚡️ Optimize rkt startup times when a stage1 is present in the store
    • 0️⃣ Trust keys fetched via TLS by default
    • ➕ Add the ability to garbage-collect a specific pod
    • ➕ Add experimental user namespace support
    • 🛠 Bugfixes
  • v0.7.0 Changes

    rkt 0.7.0 includes new subcommands for rkt image to manipulate images from the local store.

    🐧 It also has a new build system based on autotools and integration with SELinux.

    Full changelog:

    • 🆕 New subcommands for rkt image: extract, render and export
    • 📇 Metadata service:
      • Auth now based on tokens
      • Registration done by default, unless --mds-register=false is passed
    • 🏗 Build:
      • Remove support for Go 1.3
      • Replace build system with autoconf and make
    • 🔌 Network: fixes for plugins related to mnt namespace
    • Signature: clearer error messages
    • 🔒 Security:
      • Support for SELinux
      • Check signature before downloading
    • 📜 Commands: fix error messages and parameter parsing
    • Output: reduce output verbosity
    • Systemd integration: fix stop bug
    • ✅ Tests: Improve tests output
  • v0.6.1 Changes

    🚀 The highlight of this release is the support of per-app memory and CPU isolators. This means that, in addition to restricting a pod's CPU and memory usage, individual apps inside a pod can also be restricted now.

    ✅ rkt 0.6.1 also includes a new CLI/subcommand framework, more functional testing 0️⃣ and journalctl integration by default.

    Full changelog:

    • ⚡️ Updated to v0.6.1 of the appc spec
    • 👌 support per-app memory and CPU isolators
    • 👍 allow network selection to the --private-net flag which can be useful for grouping certain pods together while separating others
    • 🚚 move to the Cobra CLI/subcommand framework
    • 0️⃣ per-app logging via journalctl now supported by default
    • stage1 runs an unpatched systemd v220
    • 📦 to help packagers, rkt can generate stage1 from the binaries on the host at runtime
    • ✅ more functional tests
    • 🛠 bugfixes
  • v0.5.6 Changes

    👍 rkt 0.5.6 includes better integration with systemd on the host, some minor bug 🛠 fixes and a new ipvlan network plugin.

    • ⚡️ Updated to v0.5.2 of the appc spec
    • 👌 support running from systemd unit files for top-level isolation
    • 👌 support per-app logging via journalctl. This is only supported if stage1 has systemd v219 or v220
    • ➕ add ipvlan network plugin
    • 🆕 new rkt subcommand: cat-manifest
    • extract ACI in a chroot to avoid malformed links modifying the host filesystem
    • 👌 improve rkt error message if the user doesn't provide required volumes
    • 🛠 fix rkt status when using overlayfs
    • 👌 support for some arm architectures
    • 📚 documentation improvements
  • v0.5.5 Changes

    🚚 rkt 0.5.5 includes a move to cni network 🔌 plugins, a number of minor bug fixes and two new experimental commands for handling images: rkt images and rkt rmimage.

    Full changelog:

    • 🔌 switched to using cni based network plugins
    • fetch images dependencies recursively when ACIs have dependent images
    • 🛠 fix the progress bar used when downloading images with no content-length
    • 🏗 building the initial stage1 can now be done on various versions of systemd
    • 👌 support retrying signature downloads in the case of a 202
    • ✂ remove race in doing a rkt enter
    • 📚 various documentation fixes to getting started and other guides
    • 👌 improvements to the functional testing using a new gexpect, testing for non-root apps, run context, port test, and more