发布日期: 2024-05-15
版本号: v5.1.0-rc1

Podman v5.1.0 首个候选版本发布,预计于2024年5月29日发布正式版。本次更新主要包含以下内容:新功能包括podman update命令的修改持久化、新增--restart选项调整容器重启策略、Quadlet支持GroupAdd添加容器用户组、镜像挂载支持subpath子路径选项,以及容器健康检查事件配置优化。重要变更涉及podman kube play默认拉取无标签镜像、Pod级重启策略传递至容器,以及--runroot支持超长路径。错误修复涵盖UID映射异常、统计信息精度问题、绑定挂载权限错误、多容器删除异常等20余项问题修复。API改进新增容器更新端点、构建性能优化及临时文件清理机制。其他优化包含系统意外重启检测提示、Darwin系统调试信息增强及构建标签注入支持。

更新内容 (中文)

这是Podman v5.1.0的第一个候选版本。我们预计将在两周后(2024年5月29日)发布正式版。以下是初步的版本说明。

新功能

  • podman update命令所做的更改现在具有持久性,容器重启后依然生效,并会反映在podman inspect的输出中。
  • podman update命令新增--restart选项,用于更新现有容器的重启策略。
  • Quadlet .container文件现在支持新键GroupAdd,可为容器添加用户组。
  • podman inspect现在会输出容器注解信息。
  • 使用podman run --mount type=image,...进行镜像挂载时,现支持新选项subpath,用于仅将镜像的部分内容挂载至容器中。
  • containers.conf[engine]部分新增healthcheck_events字段,允许用户禁用health_status事件的生成,避免在运行大量健康检查的系统上产生日志冗余。
  • 现可通过Kubernetes YAML中的io.podman.annotations.kube.image.automount\/$CTRNAME注解指定自动挂载为卷的镜像列表(其中$CTRNAME是这些卷将被挂载至的容器名称)。
  • podman info命令现在包含默认的无root网络命令(pastaslirp4netns)。
  • podman ps命令现在会显示通过--expose暴露但未通过--publish-all发布的端口,以提升Docker兼容性。
  • podman runlabel命令现在会将运行标签中的$HOME扩展为用户的家目录。
  • 新增podman network list作为podman network ls命令的别名。

变更

  • 使用podman kube play运行未指定imagePullPolicy且未设置镜像标签的Kubernetes YAML时,现在会始终拉取镜像(#21211)。
  • 使用podman kube play运行Kubernetes YAML时,Pod级别的重启策略现在会传递至Pod内的各个容器(#20903)。
  • --runroot全局选项现在支持超过50个字符的路径(#22272)。
  • 使用podman update更新容器时现在会生成事件。

错误修复

  • 修复了podman createpodman run使用--userns=keep-id:uid=0选项时生成错误UID映射导致容器启动失败的问题(#22078)。
  • 修复了podman stats在极大或极小值时可能报告不准确百分比的问题(#22064)。
  • 修复了绑定挂载卷默认使用rbind而非bind导致默认允许递归挂载的问题(#22107)。
  • 修复了podman machine rm -f命令在Hyper-V虚拟机运行时无法删除的问题。
  • 修复了podman ps --sync命令有时无法正确更新容器状态的问题。
  • 修复了无root权限Podman使用:idmap选项的绑定挂载卷有时不可访问的问题(#22228)。
  • 修复了使用:U选项的绑定挂载卷所有权被错误更改为被覆盖镜像目录所有者的问题(#22224)。
  • 修复了使用--force选项删除多个容器/Pod/镜像时,当参数中包含不存在的对象会导致操作失败的问题(#21529)。
  • 修复了Podman未正确清理旧版Machine镜像缓存的问题。
  • 修复了频繁重启的健康检查容器有时无法启动健康检查的问题。
  • 修复了嵌套Podman可能将pause.pid文件创建到错误目录的问题(#22327)。
  • 修复了当containers.conf中配置的OCI运行时未关联路径时导致Podman崩溃的问题(#22561)。
  • 修复了podman kube down命令未遵守容器的StopTimeoutStopSignal的问题(#22397)。
  • 修复了Systemd管理的容器在podman stop完成前被systemd终止时可能卡在"Stopping"状态且无法重启的问题(#19629)。
  • 修复了远程Podman客户端的podman farm build命令无法更新已推送的镜像清单的问题(#22647)。
  • 修复了无root权限Podman在使用自定义无效argv[0]路径(如podmansh场景)时无法重新执行自身的问题(#22672)。
  • 修复了SSH端口冲突后podman machine连接URI可能错误导致机器不可访问的问题。
  • 修复了podman events命令在--since--until选项传入错误值时未输出错误信息的问题。

API

  • 新增Docker兼容的容器Update端点。
  • 容器的Compat Create端点现在支持设置容器注解。
  • 镜像的Libpod List端点响应中现在包含更多信息(镜像架构、操作系统及是否为清单列表)(#22184#22185)。
  • 镜像的Build端点不再将构建上下文保存为临时文件,显著提升性能并减少服务器存储需求。
  • 修复了镜像Build端点在出错时未清理临时文件的问题。

其他

  • Podman现在能检测未处理的系统重启事件并为用户提供缓解建议。
  • 在Darwin系统上使用--log-level=debug时改进了podman machine的调试输出。
  • Makefile现在支持通过EXTRA_BUILD_TAGS环境变量注入额外构建标签。

更新内容 (原始)

This is the first release candidate for Podman v5.1.0. We expect the final release in 2 weeks (May 29 2024). Preliminary release notes follow.

Features

  • Changes made by the podman update command are now persistent, and will survive container restart and be reflected in podman inspect.
  • The podman update command now includes a new option, --restart, to update the restart policy of existing containers.
  • Quadlet .container files now support a new key, GroupAdd, to add groups to the container.
  • Container annotations are now printed by podman inspect.
  • Image-based mounts using podman run --mount type=image,... now support a new option, subpath, to mount only part of the image into the container.
  • A new field, healthcheck_events, has been added to containers.conf under the [engine] section to allow users to disable the generation of health_status events to avoid spamming logs on systems with many healthchecks.
  • A list of images to automatically mount as volumes can now be specified in Kubernetes YAML via the io.podman.annotations.kube.image.automount/$CTRNAME annotation (where $CTRNAME is the name of the container they will be mounted into).
  • The podman info command now includes the default rootless network command (pasta or slirp4netns).
  • The podman ps command now shows ports from --expose that have not been published with --publish-all to improve Docker compatibility.
  • The podman runlabel command now expands $HOME in the label being run to the user’s home directory.
  • A new alias, podman network list, has been added to the podman network ls command.

Changes

  • When running Kubernetes YAML with podman kube play that does not include an imagePullPolicy and does not set a tag for the image, the image is now always pulled (#21211).
  • When running Kubernetes YAML with podman kube play, pod-level restart policies are now passed down to individual containers within the pod (#20903).
  • The --runroot global option can now accept paths with lengths longer than 50 characters (#22272).
  • Updating containers with the podman update command now emits an event.

Bugfixes

  • Fixed a bug where the --userns=keep-id:uid=0 option to podman create and podman run would generate incorrect UID mappings and cause the container to fail to start (#22078).
  • Fixed a bug where podman stats could report inaccurate percentages for very large or very small values (#22064).
  • Fixed a bug where bind-mount volumes defaulted to rbind instead of bind, meaning recursive mounts were allowed by default (#22107).
  • Fixed a bug where the podman machine rm -f command would fail to remove Hyper-V virtual machines if they were running.
  • Fixed a bug where the podman ps --sync command could sometimes fail to properly update the status of containers.
  • Fixed a bug where bind-mount volumes using the :idmap option would sometimes be inaccessible with rootless Podman (#22228).
  • Fixed a bug where bind-mount volumes using the :U option would have their ownership changed to the owner of the directory in the image being mounted over (#22224).
  • Fixed a bug where removing multiple containers, pods, or images with the --force option did not work when multiple arguments were given to the command and one of them did not exist (#21529).
  • Fixed a bug where Podman did not properly clean up old cached Machine images.
  • Fixed a bug where rapidly-restarting containers with healthchecks could sometimes fail to start their healthchecks after restarting.
  • Fixed a bug where nested Podman could create its pause.pid file in an incorrect directory (#22327).
  • Fixed a bug where Podman would panic if an OCI runtime was configured without associated paths in containers.conf (#22561).
  • Fixed a bug where the podman kube down command would not respect the StopTimeout and StopSignal of containers that it stopped (#22397).
  • Fixed a bug where Systemd-managed containers could be stuck in the Stopping state, unable to be restarted, if systemd killed the unit before podman stop finished stopping the container (#19629).
  • Fixed a bug where the remote Podman client’s podman farm build command would not updating manifests on the registry that were already pushed (#22647).
  • Fixed a bug where rootless Podman could fail to re-exec itself when run with a custom argv[0] that is not a valid command path, as might happen when used in podmansh (#22672).
  • Fixed a bug where podman machine connection URIs could be incorrect after an SSH port conflict, rendering machines inaccessible.
  • Fixed a bug where the podman events command would not print an error if incorrect values were passed to its --since and --until options.

API

  • A new Docker-compatible endpoint, Update, has been added for containers.
  • The Compat Create endpoint for Containers now supports setting container annotations.
  • The Libpod List endpoint for Images now includes additional information in its responses (image architecture, OS, and whether the image is a manifest list) (#22184 and #22185).
  • The Build endpoint for Images no longer saves the build context as a temporary file, substantially improving performance and reducing required filesystem space on the server.
  • Fixed a bug where the Build endpoint for Images would not clean up temporary files created by the build if an error occurred.

Misc

  • Podman now detects unhandled system reboots and advises the user on proper mitigations.
  • Improved debugging output for podman machine on Darwin systems when --log-level=debug is used.
  • The Makefile now allows injecting extra build tags via the EXTRA_BUILD_TAGS environment variable.

下载链接