Skip to content

v4.3.0

Compare
Choose a tag to compare
@mheon mheon released this 19 Oct 13:04
· 7572 commits to main since this release
v4.3.0
ad42af9

Features

  • A new command, podman generate spec, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers.
  • A new command, podman update, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted (#15067).
  • A new command, podman kube down, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to podman kube play --down, but it now has its own command).
  • The podman kube play command now supports Kubernetes secrets using Podman's secrets backend.
  • Systemd-managed pods created by the podman kube play command now integrate with sd-notify, using the io.containers.sdnotify annotation (or io.containers.sdnotify/$name for specific containers).
  • Systemd-managed pods created by podman kube play can now be auto-updated, using the io.containers.auto-update annotation (or io.containers.auto-update/$name for specific containers).
  • The podman kube play command can now read YAML from URLs, e.g. podman kube play https://example.com/demo.yml (#14955).
  • The podman kube play command now supports the emptyDir volume type (#13309).
  • The podman kube play command now supports the HostUsers field in the pod spec.
  • The podman play kube command now supports binaryData in ConfigMaps.
  • The podman pod create command can now set additional resource limits for pods using the new --memory-swap, --cpuset-mems, --device-read-bps, --device-write-bps, --blkio-weight, --blkio-weight-device, and --cpu-shares options.
  • The podman machine init command now supports a new option, --username, to set the username that will be used to connect to the VM as a non-root user (#15402).
  • The podman volume create command's -o timeout= option can now set a timeout of 0, indicating volume plugin operations will never time out.
  • Added support for a new volume driver, image, which allows volumes to be created that are backed by images.
  • The podman run and podman create commands support a new option, --env-merge, allowing environment variables to be specified relative to other environment variables in the image (e.g. podman run --env-merge "PATH=$PATH:/my/app" ...) (#15288).
  • The podman run and podman create commands support a new option, --on-failure, to allow action to be taken when a container fails health checks, with the following supported actions: none (take no action, the default), kill (kill the container), restart (restart the container), and stop (stop the container).
  • The --keep-id option to podman create and podman run now supports new options, uid and gid, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. --userns=keep-id:uid=11 will made the user running Podman to UID 11 in the container) (#15294).
  • The podman generate systemd command now supports a new option, --env/-e, to set environment variables in the generated unit file (#15523).
  • The podman pause and podman unpause commands now support the --latest, --cidfile, and --filter options.
  • The podman restart command now supports the --cidfile and --filter options.
  • The podman rm command now supports the --filter option to select which containers will be removed.
  • The podman rmi command now supports a new option, --no-prune, to prevent the removal of dangling parents of removed images.
  • The --dns-opt option to podman create, podman run, and podman pod create has received a new alias, --dns-option, to improve Docker compatibility.
  • The podman command now features a new global flag, --debug/-D, which enables debug-level logging (identical to --log-level=debug), improving Docker compatibility.
  • The podman command now features a new global flag, --config. This flag is ignored, and is only included for Docker compatibility (#14767).
  • The podman manifest create command now accepts a new option, --amend/-a.
  • The podman manifest create, podman manifest add and podman manifest push commands now accept a new option, --insecure (identical to --tls-verify=false), improving Docker compatibility.
  • The podman secret create command's --driver and --format options now have new aliases, -d for --driver and -f for --format.
  • The podman secret create command now supports a new option, --label/-l, to add labels to created secrets.
  • The podman secret ls command now accepts the --quiet/-q option.
  • The podman secret inspect command now accepts a new option, --pretty, to print output in human-readable format.
  • The podman stats command now accepts the --no-trunc option.
  • The podman save command now accepts the --signature-policy option (#15869).
  • The podman pod inspect command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods (#15674).
  • A series of new hidden commands have been added under podman context as aliases to existing podman system connection commands, to improve Docker compatibility.
  • The remote Podman client now supports proxying signals for attach sessions when the --sig-proxy option is set (#14707).

Changes

  • Duplicate volume mounts are now allowed with the -v option to podman run, podman create, and podman pod create, so long as source, destination, and options all match (#4217).
  • The podman generate kube and podman play kube commands have been renamed to podman kube generate and podman kube play to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function.
  • A number of Podman commands (podman init, podman container checkpoint, podman container restore, podman container cleanup) now print the user-inputted name of the container, instead of its full ID, on success.
  • When an unsupported option (e.g. resource limit) is specified for a rootless container on a cgroups v1 system, a warning message is now printed that the limit will not be honored.
  • The installer for the Windows Podman client has been improved.
  • The --cpu-rt-period and --cpu-rt-runtime options to podman run and podman create now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers) (#15666).
  • Privileged containers running systemd will no longer mount /dev/tty* devices other than /dev/tty itself into the container (#15878).
  • Events for containers that are part of a pod now include the ID of the pod in the event.
  • SSH functionality for podman machine commands has seen a thorough rework, addressing many issues about authentication.
  • The --network option to podman kube play now allows passing host to set the pod to use host networking, even if the YAML does not request this.
  • The podman inspect command on containers now includes the digest of the image used to create the container.
  • Pods created by podman play kube are now, by default, placed into a network named podman-kube. If the podman-kube network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled.

Bugfixes

  • Fixed a bug where the podman network prune and podman container prune commands did not properly support the --filter label!= option (#14182).
  • Fixed a bug where the podman kube generate command added an unnecessary Secret: null line to generated YAML (#15156).
  • Fixed a bug where the podman kube generate command did not set enableServiceLinks and automountServiceAccountToken to false in generated YAML (#15478 and #15243).
  • Fixed a bug where the podman kube play command did not properly handle CPU limits (#15726).
  • Fixed a bug where the podman kube play command did not respect default values for liveness probes (#15855).
  • Fixed a bug where the podman kube play command did not bind ports if hostPort was not specified but containerPort was (#15942).
  • Fixed a bug where the podman kube play command sometimes did not create directories on the host for hostPath volumes.
  • Fixed a bug where the remote Podman client's podman manifest push command did not display progress.
  • Fixed a bug where the --filter "{{.Config.Healthcheck}}" option to podman image inspect did not print the image's configured healthcheck (#14661).
  • Fixed a bug where the podman volume create -o timeout= option could be specified even when no volume plugin was in use.
  • Fixed a bug where the podman rmi command did not emit untag events when removing tagged images (#15485).
  • Fixed a bug where API forwarding with podman machine VMs on windows could sometimes fail because the pipe was not created in time (#14811).
  • Fixed a bug where the podman pod rm command could error if removal of a container in the pod was interrupted by a reboot.
  • Fixed a bug where the exited and exec died events for containers did not include the container's labels (#15617).
  • Fixed a bug where running Systemd containers on a system not using Systemd as PID 1 could fail (#15647).
  • Fixed a bug where Podman did not pass all necessary environment variables (including $PATH) to Conmon when starting containers (#15707).
  • Fixed a bug where the podman events command could function improperly when no events were present (#15688).
  • Fixed a bug where the --format flag to various Podman commands did not properly handle template strings including a newline (\n) (#13446).
  • Fixed a bug where Systemd-managed pods would kill every container in a pod when a single container exited (#14546).
  • Fixed a bug where the podman generate systemd command would generate incorrect YAML for pods created without the --name option.
  • Fixed a bug where the podman generate systemd --new command did not properly set stop timeout (#16149).
  • Fixed a bug where a broken OCI spec resulting from the system rebooting while a container is being started could cause the podman inspect command to be unable to inspect the container until it was restarted.
  • Fixed a bug where creating a container with a working directory on an overlay volume would result in the container being unable to start (#15789).
  • Fixed a bug where attempting to remove a pod with running containers without --force would not error and instead would result in the pod, and its remaining containers, being placed in an unusable state (#15526).
  • Fixed a bug where memory limits reported by podman stats could exceed the maximum memory available on the system (#15765).
  • Fixed a bug where the podman container clone command did not properly handle environment variables whose value contained an = character (#15836).
  • Fixed a bug where the remote Podman client would not print the container ID when running the podman-remote run --attach stdin command.
  • Fixed a bug where the podman machine list --format json command did not properly show machine starting status.
  • Fixed a bug where automatic updates would not error when attempting to update a container with a non-fully qualified image name (#15879).
  • Fixed a bug where the podman pod logs --latest command could panic (#15556).
  • Fixed a bug where Podman could leave lingering network namespace mounts on the system if cleaning up the network failed.
  • Fixed a bug where specifying an unsupported URI scheme for podman system service to listen at would result in a panic.
  • Fixed a bug where the podman kill command would sometimes not transition containers to the exited state (#16142).

API

  • Fixed a bug where the Compat DF endpoint reported incorrect reference counts for volumes (#15720).
  • Fixed a bug in the Compat Inspect endpoint for Networks where an incorrect network option was displayed, causing issues with docker-compose (#15580).
  • The Libpod Restore endpoint for Containers now features a new query parameter, pod, to set the pod that the container will be restored into (#15018).
  • Fixed a bug where the REST API could panic while retrieving images.
  • Fixed a bug where a cancelled connection to several endpoints could induce a memory leak.

Misc

  • Error messages when attempting to remove an image used by a non-Podman container have been improved (#15006).
  • Podman will no longer print a warning that / is not a shared mount when run inside a container (#15295).
  • Work is ongoing to port Podman to FreeBSD.
  • The output of podman generate systemd has been adjusted to improve readability.
  • A number of performance improvements have been made to podman create and podman run.
  • A major reworking of the manpages to ensure duplicated options between commands have the same description text has been performed.
  • Updated Buildah to v1.28.0
  • Updated the containers/image library to v5.23.0
  • Updated the containers/storage library to v1.43.0
  • Updated the containers/common library to v0.50.1