v3.4.0-RC2
Pre-release
Pre-release
This is the second release candidate for Podman v3.4.0. Preliminary release notes are below:
Features
- Pods now support init containers! Init containers are containers which run before the rest of the pod starts. There are two types of init containers: "always", which always run before the pod is started, and "once", which only run the first time the pod starts and are subsequently removed. They can be added using the
podman create
command's--init-ctr
option. - Support for init containers has also been added to
podman play kube
andpodman generate kube
- init containers contained in Kubernetes YAML will be created as Podman init containers, and YAML generated by Podman will include any init containers created. - The
podman play kube
command now supports building images. If the--build
option is given and a directory with the name of the specified image exists in the current working directory and contains a valid Containerfile or Dockerfile, the image will be built and used for the container. - The
podman play kube
command now supports a new option,--teardown
, which removes any pods and containers created by the given Kubernetes YAML. - A new command has been added,
podman pod logs
, to return logs for all containers in a pod at the same time. - Two new commands have been added,
podman volume export
(to export a volume to a tar file) andpodman volume import
) (to populate a volume from a given tar file). - The
podman auto-update
command now supports simple rollbacks. If a container fails to start after an automatic update, it will be rolled back to the previous image and restarted again. - Pods now share their user namespace by default, and the
podman pod create
command now supports the--userns
option. This allows rootless pods to be created with the--userns=keep-id
option. - The
podman pod ps
command now supports a new filter with its--filter
option,until
, which returns pods created before a given timestamp. - The
podman image scp
command has been added. This command allows images to be transferred between different hosts. - The
podman stats
command supports a new option,--interval
, to specify the amount of time before the information is refreshed. - The
podman inspect
command now includes ports exposed (but not published) by containers (e.g. ports from--expose
when--publish-all
is not specified). - The
podman inspect
command now has a new boolean value,Checkpointed
, which indicates that a container was stopped as a result of apodman container checkpoint
operation. - Volumes created by
podman volume create
now support setting quotas when run atop XFS. Thesize
andinode
options allow the maximum size and maximum number of inodes consumed by a volume to be limited. - The
podman info
command now outputs information on what log drivers, network drivers, and volume plugins are available for use (#11265). - The
podman info
command now outputs the current log driver in use, and the variant and codename of the distribution in use.
Changes
- The
podman build
command has a new alias,podman buildx
, to improve compatibility with Docker. We have already added support for manydocker buildx
flags topodman build
and aim to continue to do so. - Podman commands run as root now ignore
XDG_RUNTIME_DIR
when determining where to place temporary files, which should resolve a number of issues including #10745 and #10806. - Cases where Podman is run without a user session or a writable temporary files directory will now produce better error messages.
- The default log driver has been changed from
file
tojournald
. Thefile
driver did not properly support log rotation, so this should lead to a better experience. If journald is not available on the system, Podman will automatically revert to thefile
. - Podman no longer depends on
ip
for removing networks (#11403). - The deprecated
--macvlan
flag topodman network create
now warns when it is used. It will be removed entirely in the Podman 4.0 release. - The
podman machine start
command now prints a message when the VM is successfully started. - The
podman stats
command can now be used on containers that are paused. - The
podman unshare
command will now return the exit code of the command that was run in the user namespace (assuming the command was successfully run). - Successful healthchecks will no longer add a
healthy
line to the system log to reduce log spam. - As a temporary workaround for a lack of shortname prompts in the Podman remote client, VMs created by
podman machine
now default to only using thedocker.io
registry.
Bugfixes
- Fixed a bug where whitespace in the definition of sysctls (particularly default sysctls specified in
containers.conf
) would cause them to be parsed incorrectly. - Fixed a bug where the Windows remote client improperly validated volume paths (#10900).
- Fixed a bug where the first line of logs from a container run with the
journald
log driver could be skipped. - Fixed a bug where images created by
podman commit
did not include ports exposed by the container. - Fixed a bug where the
podman auto-update
command would ignore theio.containers.autoupdate.authfile
label when pulling images (#11171). - Fixed a bug where the
--workdir
option topodman create
andpodman run
could not be set to a directory where a volume was mounted (#11352). - Fixed a bug where systemd socket-activation did not properly work with systemd-managed Podman containers (#10443).
- Fixed a bug where environment variable secrets added to a container were not available to exec sessions launched in the container.
- Fixed a bug where rootless containers could fail to start the
rootlessport
port-forwarding service whenXDG_RUNTIME_DIR
was set to a long path. - Fixed a bug where arguments to the
--systemd
option topodman create
andpodman run
were case-sensitive (#11387). - Fixed a bug where the
podman manifest rm
command would also remove images referenced by the manifest, not just the manifest itself (#11344). - Fixed a bug where the Podman remote client on OS X would not function properly if the
TMPDIR
environment variable was not set (#11418). - Fixed a bug where the
/etc/hosts
file was not guaranteed to contain an entry forlocalhost
(this is still not guaranteed if--net=host
is used; such containers will exactly match the host's/etc/hosts
) (#11411). - Fixed a bug where the
podman machine start
command could print warnings about unsupported CPU features (#11421). - Fixed a bug where the
podman info
command could segfault when accessing cgroup information. - Fixed a bug where the
podman logs -f
command could hang when a container exited (#11461). - Fixed a bug where the
podman generate systemd
command could not be used on containers that specified a restart policy (#11438). - Fixed a bug where the remote Podman client's
podman build
command would fail to build containers if the UID and GID on the client were higher than 65536 (#11474). - Fixed a bug where the
--network
flag topodman play kube
was not properly parsed when a non-bridge network configuration was specified. - Fixed a bug where the
podman inspect
command could error when the container being inspected was removed as it was being inspected (#11392). - Fixed a bug where the
podman play kube
command ignored the default pod infra image specified incontainers.conf
. - Fixed a bug where the
--format
option topodman inspect
was nonfunctional under some circumstances (#8785). - Fixed a bug where the remote Podman client's
podman run
andpodman exec
commands could skip a byte of output every 8192 bytes (#11496). - Fixed a bug where the
podman stats
command would print nonsensical results if the container restarted while it was running (#11469). - Fixed a bug where the remote Podman client would error when STDOUT was redirected on a Windows client (#11444).
- Fixed a bug where the
podman run
command could return 0 when the application in the container exited with 125 (#11540). - Fixed a bug where containers with
--restart=always
set using the rootlessport port-forwarding service could not be restarted automatically. - Fixed a bug where the
--cgroups=split
option topodman create
andpodman run
was silently discarded if the container was part of a pod. - Fixed a bug where the
podman container runlabel
command could fail if the image name given included a tag. - Fixed a bug where Podman could add an extra
127.0.0.1
entry to/etc/hosts
under some circumstances (#11596). - Fixed a bug where the remote Podman client's
podman untag
command did not properly handle tags including a digest (#11557). - Fixed a bug where the
--format
option topodman ps
did not properly support thetable
argument for tabular output. - Fixed a bug where the
--filter
option topodman ps
did not properly handle filtering by healthcheck status (#11687). - Fixed a bug where the
podman run
andpodman start --attach
commands could race when retrieving the exit code of a container that had already been removed resulting in an error (e.g. by an externalpodman rm -f
) (#11633). - Fixed a bug where the
podman generate kube
command would add default environment variables to generated YAML.
API
- The Libpod Pull endpoint for Images now has a new query parameter,
quiet
, which (when set to true) suppresses image pull progress reports (#10612). - The Compat Events endpoint now includes several deprecated fields from the Docker v1.21 API for improved compatibility with older clients.
- The Compat List and Inspect endpoints for Images now prefix image IDs with
sha256:
for improved Docker compatibility (#11623). - The Compat Create endpoint for Containers now properly sets defaults for healthcheck-related fields (#11225).
- The Compat Create endpoint for Containers now supports volume options provided by the
Mounts
field (#10831). - The Compat List endpoint for Secrets now supports a new query parameter,
filter
, which allows returned results to be filtered. - The Compat Auth endpoint now returns the correct response code (500 instead of 400) when logging into a registry fails.
- The Version endpoint now includes information about the OCI runtime and Conmon in use (#11227).
- Fixed a bug where the X-Registry-Config header was not properly handled, leading to errors when pulling images (#11235).
- Fixed a bug where invalid query parameters could cause a null pointer dereference when creating error messages.
- Logging of API requests and responses at trace level has been greatly improved, including the addition of an X-Reference-Id header to correlate requests and responses (#10053).
Misc
- Updated Buildah to v1.23.0
- Updated the containers/storage library to v1.36.0
- Updated the containers/image library to v5.16.0
- Updated the containers/common library to v0.44.0