“K8S Ecology Weekly” mainly contains some recommended weekly information related to K8S ecology that I have come into contact with. Welcome to subscribe zhihu column “K8S Ecology”.
Docker v19.03.6 – rc2 release
Since Docker V19.03.5 was released on November 15, 2019, Docker Inc. There’s been a lot of change in the neighborhood.
V19.03.6 will be the next bugFix release in the V19.03 series. In this release, there are a few notable things:
- Buildkit: Fixed bug in triggering
ONBUILD
Rule after, not cleaned upONBUILD
The problem with rules. To rely onONBUILD
Directive, and is an important fix for users of BuildKit; - Buildkit: Fixed permissions error when userns is enabled
- The libnetwork short ID is used to avoid UNIX_PATH_MAX errors;
Speaking of this problem, actually quite interesting, probably many people have encountered similar problems. And of course I want to talk a little bit more about UNIX_PATH_MAX.
I actually encountered this problem four or five years ago in other parts of the Docker project, and the solution was simply to shorten the path length. But to what extent, you might wonder? How long is a reasonable value?
In fact, there is a lot of history behind this question, which I will skip here. I’ll focus on how the current limitation is, which can be found in the Linux source code.
// include/uapi/linux/un.h
#ifndef _LINUX_UN_H
#define _LINUX_UN_H
#include <linux/socket.h>
#define UNIX_PATH_MAX 108
struct sockaddr_un {
__kernel_sa_family_t sun_family; /* AF_UNIX */
char sun_path[UNIX_PATH_MAX]; /* pathname */
};
#define SIOCUNIXFILE (SIOCPROTOPRIVATE + 0) /* open a socket file with O_PATH */
#endif /* _LINUX_UN_H */
Copy the code
You can see that 108 is now defined in the header file. (Note that I am using the Linux version 5.4 kernel here.)
In addition, this header file is defined in include/uapi/ Linux /un.h. This uAPI directory may be unfamiliar to some, but it was added to Linux 3.x and contains basically the same header files that were already scattered around. This is also to solve the problem of circular references in Linux.
A bit off topic, back to Docker V19.03.6, if you are looking forward to this version, you can try the current RC version first. If you want stability, you can wait a few more days for the official release (in about two weeks).
As an exception, I would like to recommend my column “Docker Core Knowledge must be known and must be known”. The current content has been updated for more than half. Based on the latest version of Docker, I compare the differences between the old version and the upstream development of Docker, and explain each core knowledge point from simple to deep, from practice to internal principles. It also contains some knowledge about the Linux kernel. Thanks for subscribing.
Containerd released version 1.3.3
Containerd V1.3.3 is released this week with some important fixes and updates:
- The Runtime v2 aspect will be runc shim
platform
The closure process is moved toShutdown
Method, this ensures thatplatform
Only close once; - Fixed a bug with EventFD leak in Containerd V1.3.0 + and above exec
Containerd also released version 1.2.12 this week.
Both releases include a number of important security updates, CVE-2019-19921, CVE-2019-16884, and CVE-2020-0601
If you’re using Containerd, please update it as soon as possible. See ReleaseNote of Containerd V1.2.12 and ReleaseNote of Containerd v1.3.3 for more details about these changes
CNCF has released a report on the containerd project’s journey
CNCF reports on the activity and community development of ContainerD projects from its founding to graduation.
Overall, containerd has had a pretty good program and community so far since its inception in Docker.
If you are interested in this Report, please refer to CNCF Containerd Project Journey Report.
Docker will close old APT and YUM repositories
Docker Project made its official debut at PyCon in 2013 and has since grown into a community project, so the domain names Dockerproject.org and Dockerproject.com were registered at that time, And later hosted APT and YUM repositories under these two domains.
Later, with the establishment of Docker Inc., in order to better focus on Docker products (CE and EE), I registered the domain name docker.com. And officially hosted APT and YUM repositories to download.docker.com.
Almost everyone is already using the new download.docker.com repository (if you haven’t already, please update as soon as possible).
Important: Docker Inc plans to stop hosting APT and YUM repositories under the old dockerproject.org and dockerproject.com domains on March 31, 2020!
Please install Docker as soon as possible according to the installation instructions in Docker official documentation, and stop using the old warehouse domain name.
Progress in the upstream
You can use Kubectl Run to manually create a variety of resources.
In Kubernetes V1.18, all types of generators that were previously marked expired are removed. That is, since V1.18, using kubectl run is mostly about creating pods, not creating redundant deploys or the like.
It’s also possible to create an expose for a service with –expose, but parameters like –service-generator are also deprecated.
Before v1.18, the result looks like this:
(MoeLove) ➜ ~ kubectl run redis --image="redis:alpine"
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
deployment.apps/redis created
(MoeLove) ➜ ~ kubectl get all -l run=redis
NAME READY STATUS RESTARTS AGE
pod/redis-8544698fd7-tvz5q 1/1 Running 0 14s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/redis 1/1 1 1 14s
NAME DESIRED CURRENT READY AGE
replicaset.apps/redis-8544698fd7 1 1 1 14s
Copy the code
V1.18 version:
(MoeLove) ➜ bin./kubectl run redis-new --image="redis:alpine"Pod/Redis - New Created (MoeLove) ➜ bin./kubectl get all-l run=redis-new
NAME READY STATUS RESTARTS AGE
pod/redis-new 1/1 Running 0 12s
Copy the code
digression
It’s the same old story, wash your hands, drink lots of water, rest and take care of your family.
Don’t forget to learn even at home. Again, I recommend my column “Docker Core Knowledge must be known and must be learned”.
You can subscribe to my official account [MoeLove] through the following QR code, and reply to K8S in the background of the official account to join the technical circle. Click to read the original for a better reading experience.