Skip to content

v3.4.0-RC2

Pre-release
Pre-release
Compare
Choose a tag to compare
@mheon mheon released this 23 Sep 15:02
· 11441 commits to main since this release
v3.4.0-rc2

This is the second release candidate for Podman v3.4.0. Preliminary release notes are below:

Features

  • Pods now support init containers! Init containers are containers which run before the rest of the pod starts. There are two types of init containers: "always", which always run before the pod is started, and "once", which only run the first time the pod starts and are subsequently removed. They can be added using the podman create command's --init-ctr option.
  • Support for init containers has also been added to podman play kube and podman generate kube - init containers contained in Kubernetes YAML will be created as Podman init containers, and YAML generated by Podman will include any init containers created.
  • The podman play kube command now supports building images. If the --build option is given and a directory with the name of the specified image exists in the current working directory and contains a valid Containerfile or Dockerfile, the image will be built and used for the container.
  • The podman play kube command now supports a new option, --teardown, which removes any pods and containers created by the given Kubernetes YAML.
  • A new command has been added, podman pod logs, to return logs for all containers in a pod at the same time.
  • Two new commands have been added, podman volume export (to export a volume to a tar file) and podman volume import) (to populate a volume from a given tar file).
  • The podman auto-update command now supports simple rollbacks. If a container fails to start after an automatic update, it will be rolled back to the previous image and restarted again.
  • Pods now share their user namespace by default, and the podman pod create command now supports the --userns option. This allows rootless pods to be created with the --userns=keep-id option.
  • The podman pod ps command now supports a new filter with its --filter option, until, which returns pods created before a given timestamp.
  • The podman image scp command has been added. This command allows images to be transferred between different hosts.
  • The podman stats command supports a new option, --interval, to specify the amount of time before the information is refreshed.
  • The podman inspect command now includes ports exposed (but not published) by containers (e.g. ports from --expose when --publish-all is not specified).
  • The podman inspect command now has a new boolean value, Checkpointed, which indicates that a container was stopped as a result of a podman container checkpoint operation.
  • Volumes created by podman volume create now support setting quotas when run atop XFS. The size and inode options allow the maximum size and maximum number of inodes consumed by a volume to be limited.
  • The podman info command now outputs information on what log drivers, network drivers, and volume plugins are available for use (#11265).
  • The podman info command now outputs the current log driver in use, and the variant and codename of the distribution in use.

Changes

  • The podman build command has a new alias, podman buildx, to improve compatibility with Docker. We have already added support for many docker buildx flags to podman build and aim to continue to do so.
  • Podman commands run as root now ignore XDG_RUNTIME_DIR when determining where to place temporary files, which should resolve a number of issues including #10745 and #10806.
  • Cases where Podman is run without a user session or a writable temporary files directory will now produce better error messages.
  • The default log driver has been changed from file to journald. The file driver did not properly support log rotation, so this should lead to a better experience. If journald is not available on the system, Podman will automatically revert to the file.
  • Podman no longer depends on ip for removing networks (#11403).
  • The deprecated --macvlan flag to podman network create now warns when it is used. It will be removed entirely in the Podman 4.0 release.
  • The podman machine start command now prints a message when the VM is successfully started.
  • The podman stats command can now be used on containers that are paused.
  • The podman unshare command will now return the exit code of the command that was run in the user namespace (assuming the command was successfully run).
  • Successful healthchecks will no longer add a healthy line to the system log to reduce log spam.
  • As a temporary workaround for a lack of shortname prompts in the Podman remote client, VMs created by podman machine now default to only using the docker.io registry.

Bugfixes

  • Fixed a bug where whitespace in the definition of sysctls (particularly default sysctls specified in containers.conf) would cause them to be parsed incorrectly.
  • Fixed a bug where the Windows remote client improperly validated volume paths (#10900).
  • Fixed a bug where the first line of logs from a container run with the journald log driver could be skipped.
  • Fixed a bug where images created by podman commit did not include ports exposed by the container.
  • Fixed a bug where the podman auto-update command would ignore the io.containers.autoupdate.authfile label when pulling images (#11171).
  • Fixed a bug where the --workdir option to podman create and podman run could not be set to a directory where a volume was mounted (#11352).
  • Fixed a bug where systemd socket-activation did not properly work with systemd-managed Podman containers (#10443).
  • Fixed a bug where environment variable secrets added to a container were not available to exec sessions launched in the container.
  • Fixed a bug where rootless containers could fail to start the rootlessport port-forwarding service when XDG_RUNTIME_DIR was set to a long path.
  • Fixed a bug where arguments to the --systemd option to podman create and podman run were case-sensitive (#11387).
  • Fixed a bug where the podman manifest rm command would also remove images referenced by the manifest, not just the manifest itself (#11344).
  • Fixed a bug where the Podman remote client on OS X would not function properly if the TMPDIR environment variable was not set (#11418).
  • Fixed a bug where the /etc/hosts file was not guaranteed to contain an entry for localhost (this is still not guaranteed if --net=host is used; such containers will exactly match the host's /etc/hosts) (#11411).
  • Fixed a bug where the podman machine start command could print warnings about unsupported CPU features (#11421).
  • Fixed a bug where the podman info command could segfault when accessing cgroup information.
  • Fixed a bug where the podman logs -f command could hang when a container exited (#11461).
  • Fixed a bug where the podman generate systemd command could not be used on containers that specified a restart policy (#11438).
  • Fixed a bug where the remote Podman client's podman build command would fail to build containers if the UID and GID on the client were higher than 65536 (#11474).
  • Fixed a bug where the --network flag to podman play kube was not properly parsed when a non-bridge network configuration was specified.
  • Fixed a bug where the podman inspect command could error when the container being inspected was removed as it was being inspected (#11392).
  • Fixed a bug where the podman play kube command ignored the default pod infra image specified in containers.conf.
  • Fixed a bug where the --format option to podman inspect was nonfunctional under some circumstances (#8785).
  • Fixed a bug where the remote Podman client's podman run and podman exec commands could skip a byte of output every 8192 bytes (#11496).
  • Fixed a bug where the podman stats command would print nonsensical results if the container restarted while it was running (#11469).
  • Fixed a bug where the remote Podman client would error when STDOUT was redirected on a Windows client (#11444).
  • Fixed a bug where the podman run command could return 0 when the application in the container exited with 125 (#11540).
  • Fixed a bug where containers with --restart=always set using the rootlessport port-forwarding service could not be restarted automatically.
  • Fixed a bug where the --cgroups=split option to podman create and podman run was silently discarded if the container was part of a pod.
  • Fixed a bug where the podman container runlabel command could fail if the image name given included a tag.
  • Fixed a bug where Podman could add an extra 127.0.0.1 entry to /etc/hosts under some circumstances (#11596).
  • Fixed a bug where the remote Podman client's podman untag command did not properly handle tags including a digest (#11557).
  • Fixed a bug where the --format option to podman ps did not properly support the table argument for tabular output.
  • Fixed a bug where the --filter option to podman ps did not properly handle filtering by healthcheck status (#11687).
  • Fixed a bug where the podman run and podman start --attach commands could race when retrieving the exit code of a container that had already been removed resulting in an error (e.g. by an external podman rm -f) (#11633).
  • Fixed a bug where the podman generate kube command would add default environment variables to generated YAML.

API

  • The Libpod Pull endpoint for Images now has a new query parameter, quiet, which (when set to true) suppresses image pull progress reports (#10612).
  • The Compat Events endpoint now includes several deprecated fields from the Docker v1.21 API for improved compatibility with older clients.
  • The Compat List and Inspect endpoints for Images now prefix image IDs with sha256: for improved Docker compatibility (#11623).
  • The Compat Create endpoint for Containers now properly sets defaults for healthcheck-related fields (#11225).
  • The Compat Create endpoint for Containers now supports volume options provided by the Mounts field (#10831).
  • The Compat List endpoint for Secrets now supports a new query parameter, filter, which allows returned results to be filtered.
  • The Compat Auth endpoint now returns the correct response code (500 instead of 400) when logging into a registry fails.
  • The Version endpoint now includes information about the OCI runtime and Conmon in use (#11227).
  • Fixed a bug where the X-Registry-Config header was not properly handled, leading to errors when pulling images (#11235).
  • Fixed a bug where invalid query parameters could cause a null pointer dereference when creating error messages.
  • Logging of API requests and responses at trace level has been greatly improved, including the addition of an X-Reference-Id header to correlate requests and responses (#10053).

Misc

  • Updated Buildah to v1.23.0
  • Updated the containers/storage library to v1.36.0
  • Updated the containers/image library to v5.16.0
  • Updated the containers/common library to v0.44.0