release: github.com/cloudfoundry/garden-runc-release / 1.4.0

Github source: 60f9e9dd or master branch

Hi Gardeneers!

GRR v1.4.0 mostly introduces some changes to the network plugin API and introduces a first-pass experimental ability to limit container block IO. Please, contain your enthusiasm.

Network Plugin / Networking Changes

  • We now allow the network plugin to return a set of DNS servers which we will ensure are set on the container’s resolv.conf. This allows DNS policy to be set by the network plugin if enabled.
  • When the network plugin is not enabled, there’s now an additional_dns_servers property that allows specifying extra DNS servers which should be appended to any inherited from resolv.conf or set to the dns_servers property.
  • /etc/hosts and /etc/resolv.conf are now bind-mounted in to the container rather than being written in a chroot. This interacts better with user namespaces and rootless containers and is generally more simple and secure.
  • We no longer set up the built-in networkers iptable chains when an external network plugin is enabled, to avoid confusion caused by two things both creating iptable state on the host
  • Log messages from NetOut(log=true) rules now properly truncate handles so that space separation is preserved when the handle is longer than 29 characters

BlockIO Limiting (Experimental)

  • We’ve added an experimental default_container_blockio_weight property to allow assigning a blockio weight to all containers created by garden. This requires the CFQ scheduler to be enabled to be useful and applies to all garden-created containers on the host. The feature is being released experimentally via the bosh property, feedback welcome!

Rootless Mode

Upload this release version to the Director:

$ bosh upload release https://bosh.io/d/github.com/cloudfoundry/garden-runc-release?v=1.4.0

Modify deployment manifest to use this release in addition to any other used releases:

releases:
- {name: garden-runc, version: "1.4.0"}

Finally add needed deployment jobs and specify values for required properties.

Optionally download sha1: 1d6020e761806d7f355ceda06c889c582b47dc32 release tarball locally:

# ...or download it directly using curl
$ curl -L -J -O https://bosh.io/d/github.com/cloudfoundry/garden-runc-release?v=1.4.0

# or with wget...
$ wget --content-disposition https://bosh.io/d/github.com/cloudfoundry/garden-runc-release?v=1.4.0