Container Service for Kubernetes:Release notes for Sandboxed-Container

Version

Release date

Description

Impact

2.2.4

2024-03-25

Kubernetes V1.30 and earlier are supported.

No impact on workloads.

Version

Release date

Description

Impact

2.2.0

2021-04-02

The secure computing mode (seccomp) feature is enabled for the containerd runtime.

No impact on workloads.

Version

Release date

Description

Impact

2.1.2

2021-03-01

The issue that exceptions occur in privileged containers in some scenarios is fixed.

No impact on workloads.

Version

Release date

Description

Impact

2.1.1

2021-01-07

Privileged containers are supported.

No impact on workloads.

Version

Release date

Description

Impact

2.1.0

2020-11-26

New features are released to improve service stability and performance. New features:

• A project quota is supported to limit the number of bytes that can be written to the container rootfs directory.

• A disk can be mounted to a sandboxed container.

• A File Storage NAS (NAS) file system can be mounted to a sandboxed container.

• Custom kernel parameters are supported for sandboxed pods.

• Quality of Service (QoS) policies and network traffic marking policies are supported.

No impact on workloads.

Version

Release date

Description

Impact

2.0.0

2020-08-28

Sandboxed-Container V2.0 is released to provide the following benefits:

• Sandboxed-Container is a container runtime that is developed by Alibaba Cloud based on lightweight VMs. Compared with Sandboxed-Container 1.0, Sandboxed-Container 2.0 supports more lightweight and efficient deployment and simplifies the architecture and maintenance of Container Service for Kubernetes (ACK) clusters.

• Sandboxed-Container 2.0 reduces the resource overheads by 90% and improves the startup speed of sandboxed containers by three times.

• Sandboxed-Container 2.0 increases the deployment density of sandboxed containers on a single node by 10 times.

• The virtio-fs file system is supported. The performance of this file system is higher than the performance of the 9pfs file system.

During the upgrade, the pods on the nodes that use the Sandboxed-Container runtime are recreated. Pay attention to pod redundancy.

Version

Release date

Description

Impact

1.1.1

2020-07-27

The following issues that are related to the stability of Sandboxed-Container are fixed:

• The security risk that is related to the container-storaged component is eliminated.

• The issue where the kubectl cp command is blocked after you run this command is fixed.

• The issue that logs cannot be printed to stdout files after containerd is restarted is fixed.

• The issue that the system time of sandboxed containers may not be synchronized at regular intervals is fixed.

No impact on workloads.

Version

Release date

Description

Impact

1.1.0

2020-03-05

New features of Sandboxed-Container V1.1.0 are released:

• Alibaba Cloud disks and NAS file systems can be mounted to sandboxed containers. This provides the same performance as the volumes that are mounted to the host and prevents performance loss when storage devices are mounted over 9pfs.

• RootFS block I/O throttling is supported.

The stability of Sandboxed-Container V1.1.0 is enhanced.

No impact on workloads.

Version

Release date

Description

Impact

1.0.0

2019-09-05

Sandboxed-Container V1.1.0 provides the following features:

• Strong isolation based on sandboxed and lightweight VMs.

• Compatibility with runC in terms of application management.

• High performance that is equivalent to 90% of the performance provided by applications based on runC.

• The same user experience as runC in terms of logging, monitoring, and storage.

• The RuntimeClass feature that allows you to select container runtimes such as runC and runV. For more information, see Runtime Class.

• Ease of use with minimum technical skill requirements.

• Higher stability compared with the open source Kata Containers runtime. For more information about Kata Containers, see Kata Containers.

No impact on workloads.