diff --git a/.mailmap b/.mailmap index 64965ecaa..90c850eaa 100644 --- a/.mailmap +++ b/.mailmap @@ -18,6 +18,7 @@ Brent Baude Cao Zhihao Cao Zhihao Carlos Eduardo +chenxiaoyu Cristian Staretu Cristian Staretu Daniel Dao @@ -113,6 +114,7 @@ Xuean Yan Yue Zhang Yuxing Liu Zhang Wei +zhangyadong Zhenguang Zhu Zhiyu Li Zhiyu Li <404977848@qq.com> diff --git a/releases/v1.5.0-rc.toml b/releases/v1.5.0-rc.toml index 8b4bde787..2bda3e84d 100644 --- a/releases/v1.5.0-rc.toml +++ b/releases/v1.5.0-rc.toml @@ -89,5 +89,61 @@ containers the same set of permissions as the calling process, preventing errors when privileged containers attempt to get more permissions than given to the caller. +#### Configuration changes + +##### *New* `registry.config_path` for CRI plugin + +`registry.config_path` specifies a directory to look for registry hosts +configuration. When resolving an image name during pull operations, the CRI +plugin will look in the `//` directory +for host configuration. An optional `hosts.toml` file in that directory may be +used to configure which hosts will be used for the pull operation as well +host-specific configurations. Updates under that directory do not require +restarting the containerd daemon. + +Enable `registry.config_path` in the containerd configuration file. + +```toml +[plugins."io.containerd.grpc.v1.cri".registry] + config_path = "/etc/containerd/certs.d" +``` + +Configure registry hosts, such as `/etc/containerd/certs.d/docker.io/hosts.toml` +for any image under the `docker.io` namespace (any image on Docker Hub). + +``` +server = "https://registry-1.docker.io" # Exclude this to not use upstream + +[host."https://public-mirror.example.com"] + capabilities = ["pull"] # Requires less trust, won't resolve tag to digest from this host +[host."https://docker-mirror.internal"] + capabilities = ["pull", "resolve"] + ca = "docker-mirror.crt" # Or absolute path /etc/containerd/certs.d/docker.io/docker-mirror.crt +``` + +If no `hosts.toml` configuration exists in the host directory, it will fallback +to check certificate files based on Docker's certificate file +pattern (".crt" files for CA certificates and ".cert"/".key" files for client +certificates). + +##### Deprecation of `registry.mirrors` and `registry.configs` in CRI plugin + +Mirroring and TLS can now be configured using the new `registry.config_path` +option. Existing configurations may be migrated to new host directory +configuration. These fields are only deprecated with no planned removal, +however, these configurations cannot be used while `registry.config_path` is +defined. + +##### Version 1 schema is deprecated + +Version 2 of the containerd configuration toml is recommended format and the +default. Starting this version, a deprecation warning will be logged when +version 1 is used. + +To check version, see the version value in the containerd toml configuration. + +```toml +version=2 +``` See the changelog for complete list of changes""" diff --git a/version/version.go b/version/version.go index 3f2129b1b..d2531e78d 100644 --- a/version/version.go +++ b/version/version.go @@ -23,7 +23,7 @@ var ( Package = "github.com/containerd/containerd" // Version holds the complete version number. Filled in at linking time. - Version = "1.5.0-rc.0+unknown" + Version = "1.5.0-rc.1+unknown" // Revision is filled with the VCS (e.g. git) revision being used to build // the program at linking time.