Release rc11 #2364
Release rc11 #2364
Conversation
Signed-off-by: Mrunal Patel <[email protected]>
Signed-off-by: Mrunal Patel <[email protected]>
|
@opencontainers/runc-maintainers ptal |
|
Are we doing any kind of changelog somewhere? |
|
Regarding cgroupv2, there's also a bug in the devices cgroup (it cannot update the device list, and there are actually a few complications if we want to be able to update the device list -- we need to keep the fd of the program around, and we don't have an in-project container monitor process to do that, and I refuse to re-live the pain of I also didn't see a vote email on the ML (I know the current process is silly, but we should still use it until we agree on an alternative system for releases).
I usually write the changelog by hand, which is a little bit annoying. I think we discussed that there should probably be a |
Please open an issue? Also, who is actually using that feature? |
Will do. Kubernetes does cgroup updates fairly regularly (and given #2205, it's probably a real issue -- we have customers that are hitting that problem in particular under Kubernetes). And you can also do devices cgroup updates from Docker unless I'm mistaken. |
|
BTW did we complete supporting Go 1.14? (#2258) |
|
@cyphar @mrunalp fyi we are holding an update to google/cadvisor and kubernetes/kubernetes for rc11 to land ( google/cadvisor#2469 ) |
|
Some unexpected progress on #2229 - which is now aiming at adding all the new hooks. Seems like the possibility to feature-freeze with rc11 is moving into view after all. |
|
I'm proposing to tag upcoming releases as |
|
There's also the former plan to:
Since the runtime spec is at 1.0.2 already, one might argue to skip 1.0.1 as well. OTOH, runc will very likely keep having a much higher release cadence than the spec, so maybe version parity with the spec needs to be reconsidered anyway (especially if following SemVer is a goal) |
|
@h-vetinari I would put incredibly strong emphasis on the word "former" in "former plan". As soon as we release However, we simply cannot release (our first) post- |
|
I don't think we can match the version to the runtime-spec version, as that would mean that a bugfix ( |
|
@thaJeztah Don't worry, we're definitely not going to match releases -- for the reasons you've outlined as well as many others (one being that we would be stuck in |
That is an interesting point. The current git version has a few breaking changes in the API (e.g. functions/types in libcontainer/cgroups that were public are private now), should we consider having a v2? |
|
At the moment, I'm not sure I'm willing to consider Not to mention that out of all the changes we've had since Also, having a v2 before we've had a v1 would make us look like even bigger cowboys when it comes to versioning. 😉 |
|
I've done some work on reducing dependencies on We could drill that list further down to see if there's candidates for splitting out (e.g.
Not sure what's "cleaner" at this point; it would be more "honest", but I guess (hope!) dependency projects by now have learned to "pin" to a version, and not to upgrade without having a good look for possibly breaking changes. |
I see. The issue I am facing now is that cAdvisor and the kubelet are using it, both to read statistics and to create new cgroups; the entire cgroup v2 support in Kubernetes depends on it. |
|
Is it possible to move libcontainer or just the cgroup part of it into a separate vendorable asset? The |
|
As @derekwaynecarr pointed out, kubernetes has relied on using libcontainer cgroups library for a long time now. @giuseppe is helping to make cgroups v2 a reality in k8s and @kolyshkin has been refactoring and improving the cgroups code in libcontainer and runc. I think we should find a path to get a quick iteration of testing cgroups v2 in k8s as it gives us a valuable feedback loop to improve cgroups v2 support in runc. We can't possibly assume we have fixed everything in cgroups v2 without that feedback. So, I think it makes sense for us to cut rc releases frequently to help facilitate updates in k8s. Once we get enough signal from there, we can start thinking of factoring out |
I understand the emotional value of Achieving a completely bugfree implementation of the spec (even aside from the question that some aspects of the new hooks were left underspecified to finally unblock progress) is IMO an almost unreachable threshold for releasing So from that POV, even though it doesn't feel that way,
There's a decent number of projects that skip a major version (e.g. openssl/openssl), or even v1 (e.g. containers/conmon, cython/cython), and nowhere have I heard a derogatory comment about something like this. It can be a valid choice for several reasons (aside from being trivial to deal with downstream), and it's arguably less version-cowboy-y than the current one. ** aside from information about features/breaking changes; but that's also not being served by the |
|
The issue is that we have (loosely speaking) an actual OCI Charter requirement to have runc 1.0 be a correct reference implementation of the runtime-spec. Obviously bugs may exist (and in fact, I found one in #2391), but releasing a post-1.0 runc which we know to not implement the spec is acting in bad faith when it comes to our responsibilities within the OCI. Believe me, if that wasn't a requirement I believe we would've released 1.0 about 3 years ago, and we'd be on runc 3.54 or something now. Note that the hooks issue has been the only blocking issue for And yes, I know that releasing
I don't really disagree, tbh. I was just making a joke. 😉 |
|
@giuseppe @derekwaynecarr @mrunalp Regarding my comments above about Because in my view, the scope of SemVer on runc is purely in terms of the command-line API because that is the way the project is meant to be used. I would prefer if we could actually make that clear without freaking out everyone who depends on some of our internal components (including Kubernetes). However right now the TOB has our hands full with cleaning up the OCI Charter, and we should be pushing to 1.0 with as few distractions as possible. So we can table this discussion until we get past 1.0, IMHO. |
|
Aiming for spec compliance is totally a valid reason for waiting with the release. I was commenting more about the "tried, tested, proven" implication of "properly implemented", which was reinforced by @mrunalp's comment. That's IMO not a reasonable goal for In any case, there finally is light at the end of the tunnel in terms of spec compliance. 🥳
With the deepest respect for everyone's packed schedules, I don't really understand how this sort of alacrity doesn't translate into reviews of that PR (the written medium is not great for transmitting nuance, so let me emphasise that this observation contains not even an iota of criticism, I just genuinely don't get it). |
|
Splitting libcontainer/cg repo will cause vendor hell and make it almost untestable. |
I agree it should not be a pain to deal with in this repository (which should be the primary consumer of the package), just (reiterating) we should likely avoid submodules as they may be more of a pain than a separate repository. @AkihiroSuda you may be more familiar with it than I am; how does https://github.com/containerd/cgroups compare to libcontainer/cgroups ? Is that a viable alternative? (assuming it's up-to-date, and kept up-to-date with the latest cgroupsv2 changes) |
Yes but the assumption is not true :p |
This is where the code should have landed! Don’t make yet another pkg. |
|
@crosbymichael I guess it's time for me to port the |
|
Closing this since we can open a new one for rc91. |
|
@mrunalp Would you like to open a rc91 PR and call for voting? |
|
Yeah, I am opening a PR for that. |
We have had quite a few fixes in the area of cgroups v2 and we should get a release out
so other repositories can pick up those fixes by vendoring the release.