Features
- Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines.
- A new command has been added,
podman pod clone
, to create a copy of an existing pod. It supports several options, including--start
to start the new pod,--destroy
to remove the original pod, and--name
to change the name of the new pod (#12843). - A new command has been added,
podman volume reload
, to sync changes in state between Podman's database and any configured volume plugins (#14207). - A new command has been added,
podman machine info
, which displays information about the host and the versions of various machine components. - Pods created by
podman play kube
can now be managed by systemd unit files. This can be done via a new systemd service,podman-kube@.service
- e.g.systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service
will run the Kubernetes pod or deployment contained inmy.yaml
under systemd. - The
podman play kube
command now honors theRunAsUser
,RunAsGroup
, andSupplementalGroups
setting from the Kubernetes pod's security context. - The
podman play kube
command now supports volumes with theBlockDevice
andCharDevice
types (#13951). - The
podman play kube
command now features a new flag,--userns
, to set the user namespace of created pods. Two values are allowed at present:host
andauto
(#7504). - The
podman play kube
command now supports setting the type of created init containers via theio.podman.annotations.init.container.type
annotation. - Pods now have include an exit policy (configurable via the
--exit-policy
option topodman pod create
), which determines what will happen to the pod's infra container when the entire pod stops. The default,continue
, acts as Podman currently does, while a new option,stop
, stops the infra container after the last container in the pod stops, and is used by default for pods frompodman play kube
(#13464). - The
podman pod create
command now allows the pod's name to be specified as an argument, instead of using the--name
option - for example,podman pod create mypod
instead of the priorpodman pod create --name mypod
. Please note that the--name
option is not deprecated and will continue to work. - The
podman pod create
command's--share
option now supports adding namespaces to the set by prefacing them with+
(as opposed to specifying all namespaces that should be shared) (#13422). - The
podman pod create
command has a new option,--shm-size
, to specify the size of the/dev/shm
mount that will be shared if the pod shares its UTS namespace (#14609). - The
podman pod create
command has a new option,--uts
, to configure the UTS namespace that will be shared by containers in the pod. - The
podman pod create
command now supports setting pod-level resource limits via the--cpus
,--cpuset-cpus
, and--memory
options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release! - The
podman create
andpodman run
commands now include the-c
short option for the--cpu-shares
option. - The
podman create
andpodman run
commands can now create containers from a manifest list (and not an image) as long as the--platform
option is specified (#14773). - The
podman build
command now supports a new option,--cpp-flag
, to specify options for the C preprocessor when usingContainerfile.in
files that require preprocessing. - The
podman build
command now supports a new option,--build-context
, allowing the user to specify an additional build context. - The
podman machine inspect
command now prints the location of the VM's Podman API socket on the host (#14231). - The
podman machine init
command on Windows now fetches an image with packages pre-installed (#14698). - Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697).
- The default for the
--image-volume
option topodman run
andpodman create
can now have its default set through theimage_volume_mode
setting incontainers.conf
(#14230). - Overlay volumes now support two new options,
workdir
andupperdir
, to allow multiple overlay volumes from different containers to reuse the sameworkdir
orupperdir
(#14427). - The
podman volume create
command now supports two new options,copy
andnocopy
, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up). - Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the
--opt o=timeout=
option topodman volume create
(BZ 2080458). - The
podman volume ls
command's--filter name=
option now supports regular expression matching for volume names (#14583). - When used with a
podman machine
VM, volumes now support specification of the 9p security model using thesecurity_model
option topodman create -v
andpodman run -v
. - The remote Podman client's
podman push
command now supports the--remove-signatures
option (#14558). - The remote Podman client now supports the
podman image scp
command. - The
podman image scp
command now supports tagging the transferred image with a new name. - The
podman network ls
command supports a new filter,--filter dangling=
, to list networks not presently used by any containers (#14595). - The
--condition
option topodman wait
can now be specified multiple times to wait on any one of multiple conditions. - The
podman events
command now includes the-f
short option for the--filter
option. - The
podman pull
command now includes the-a
short option for the--all-tags
option. - The
podman stop
command now includes a new flag,--filter
, to filter which containers will be stopped (e.g.podman stop --all --filter label=COM.MY.APP
). - The Podman global option
--url
now has two aliases:-H
and--host
. - The
podman network create
command now supports a new option with the defaultbridge
driver,--opt isolate=
, which isolates the network by blocking any traffic from it to any other network with theisolate
option enabled. This option is enabled by default for networks created using the Docker-compatible API. - Added the ability to create sigstore signatures in
podman push
andpodman manifest push
. - Added an option to read image signing passphrase from a file.
Changes
- Paused containers can now be killed with the
podman kill
command. - The
podman system prune
command now removes unused networks. - The
--userns=keep-id
and--userns=nomap
options to thepodman run
andpodman create
commands are no longer allowed (instead of simply being ignored) with root Podman. - If the
/run
directory for a container is part of a volume, Podman will not create the/run/.containerenv
file (#14577). - The
podman machine stop
command on macOS now waits for the machine to be completely stopped to exit (#14148). - All
podman machine
commands now only support being run as rootless, given that VMs only functioned when run rootless. - The
podman unpause --all
command will now only attempt to unpause containers that are paused, not all containers. - Init containers created with
podman play kube
now default to theonce
type (#14877). - Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048).
- The
podman create
,podman run
, andpodman cp
commands can now autocomplete paths in the image or container via the shell completion. - The
libpod/common
package has been removed as it's not used anywhere. - The
--userns
option topodman create
andpodman run
is no longer accepted when an explicit UID or GID mapping is specified (#15233).
Bugfixes
- Fixed a bug where bind-mounting
/dev
into a container which used the--init
flag would cause the container to fail to start (#14251). - Fixed a bug where the
podman image mount
command would not pretty-print its output when multiple images were mounted. - Fixed a bug where the
podman volume import
command would print an unrelated error when attempting to import into a nonexistent volume (#14411). - Fixed a bug where the
podman system reset
command could race against other Podman commands (#9075). - Fixed a bug where privileged containers were not able to restart if the layout of host devices changed (#13899).
- Fixed a bug where the
podman cp
command would overwrite directories with non-directories and vice versa. A new--overwrite
flag topodman cp
allows for retaining the old behavior if needed (#14420). - Fixed a bug where the
podman machine ssh
command would not preserve the exit code from the command run via ssh (#14401). - Fixed a bug where VMs created by
podman machine
would fail to start when created with more than 3072MB of RAM on Macs with M1 CPUs (#14303). - Fixed a bug where the
podman machine init
command would fail when run fromC:\Windows\System32
on Windows systems (#14416). - Fixed a bug where the
podman machine init --now
did not respect proxy environment variables (#14640). - Fixed a bug where the
podman machine init
command would fail if there is no$HOME/.ssh
dir (#14572). - Fixed a bug where the
podman machine init
command would add a connection even if creating the VM failed (#15154). - Fixed a bug where interrupting the
podman machine start
command could render the VM unable to start. - Fixed a bug where the
podman machine list --format
command would still print a heading. - Fixed a bug where the
podman machine list
command did not properly set theStarting
field (#14738). - Fixed a bug where the
podman machine start
command could fail to start QEMU VMs when the machine name started with a number. - Fixed a bug where Podman Machine VMs with proxy variables could not be started more than once (#14636 and #14837).
- Fixed a bug where containers created using the Podman API would, when the Podman API service was managed by systemd, be killed when the API service was stopped (BZ 2052697).
- Fixed a bug where the
podman -h
command did not show help output. - Fixed a bug where the
podman wait
command (and the associated REST API endpoint) could return before a container had fully exited, breaking some tools like the Gitlab Runner. - Fixed a bug where healthchecks generated
exec
events, instead ofhealth_status
events (#13493). - Fixed a bug where the
podman pod ps
command could return an error when run at the same time aspodman pod rm
(#14736). - Fixed a bug where the
podman systemd df
command incorrectly calculated reclaimable storage for volumes (#13516). - Fixed a bug where an exported container checkpoint using a non-default OCI runtime could not be restored.
- Fixed a bug where Podman, when used with a recent runc version, could not remove paused containers.
- Fixed a bug where the remote Podman client's
podman manifest rm
command would remove images, not manifests (#14763). - Fixed a bug where Podman did not correctly parse wildcards for device major number in the
podman run
andpodman create
commands'--device-cgroup-rule
option. - Fixed a bug where the
podman play kube
command on 32 bit systems where the total memory was calculated incorrectly (#14819). - Fixed a bug where the
podman generate kube
command could set ports and hostname incorrectly in generated YAML (#13030). - Fixed a bug where the
podman system df --format ""
command would not output theSize
andReclaimable
fields (#14769). - Fixed a bug where the remote Podman client's
podman pull
command would display duplicate progress output. - Fixed a bug where the
podman system service
command could leak memory when a client unexpectedly closed a connection when reading events or logs (#14879). - Fixed a bug where Podman containers could fail to run if the image did not contain an
/etc/passwd
file (#14966). - Fixed a bug where the remote Podman client's
podman push
command did not display progress information (#14971). - Fixed a bug where a lock ordering issue could cause
podman pod rm
to deadlock if it was run at the same time as a command that attempted to lock multiple containers at once (#14929). - Fixed a bug where the
podman rm --force
command would exit with a non-0 code if the container in question did not exist (#14612). - Fixed a bug where the
podman container restore
command would fail when attempting to restore a checkpoint for a container with the same name as an image (#15055). - Fixed a bug where the
podman manifest push --rm
command could remove image, instead of manifest lists (#15033). - Fixed a bug where the
podman run --rm
command could fail to remove the container if it failed to start (#15049). - Fixed a bug where the
podman generate systemd --new
command would create incorrect unit files when the container was created with the--sdnotify
parameter (#15052). - Fixed a bug where the
podman generate systemd --new
command would fail when-h <hostname>
was used to create the container (#15124).
API
- The Docker-compatible API now supports API version v1.41 (#14204).
- Fixed a bug where containers created via the Libpod API had an incorrect umask set (#15036).
- Fixed a bug where the
remote
parameter to the Libpod API's Build endpoint for Images was nonfunctional (#13831). - Fixed a bug where the Libpod List endpoint for Containers did not return the
application/json
content type header when there were no containers present (#14647). - Fixed a bug where the Compat Stats endpoint for Containers could return incorrect memory limits (#14676).
- Fixed a bug where the Compat List and Inspect endpoints for Containers could return incorrect strings for container status.
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle disabling healthchecks (#14493).
- Fixed a bug where the Compat Create endpoint for Networks did not support the
mtu
,name
,mode
, andparent
options (#14482). - Fixed a bug where the Compat Create endpoint for Networks did not allow the creation of networks name
bridge
(#14983). - Fixed a bug where the Compat Inspect endpoint for Networks did not properly set netmasks in the
SecondaryIPAddresses
andSecondaryIPv6Addresses
fields (#14674). - The Libpod Stats endpoint for Pods now supports streaming output via two new parameters,
stream
anddelay
(#14674).
Misc
- Podman will now check for nameservers in
/run/NetworkManager/no-stub-resolv.conf
if the/etc/resolv.conf
file only contains a localhost server. - The
podman build
command now supports caching with builds that specify--squash-all
by allowing the--layers
flag to be used at the same time. - Podman Machine support for QEMU installations at non-default paths has been improved.
- The
podman machine ssh
command no longer prints spurious warnings every time it is run. - When accessing the WSL prompt on Windows, the rootless user will be preferred.
- The
podman info
command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty. - The
podman system prune
command now no longer prints theDeleted Images
header if no images were pruned. - The
podman system service
command now automatically creates and moves to a sub-cgroup when running in the root cgroup (#14573). - Updated Buildah to v1.27.0
- Updated the containers/image library to v5.22.0
- Updated the containers/storage library to v1.42.0
- Updated the containers/common library to v0.49.1
- Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container (#14884).
- Fixed an incorrect release note about regexp.
- A new MacOS installer (via pkginstaller) is now supported.
You can’t perform that action at this time.
from Hacker News https://ift.tt/azmDP9Y
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.