This topic introduces sandboxed-container-controller and describes the release notes
for the component.
Introduction
sandboxed-container-controller is a controller component that is provided by the Sandboxed-Container
runtime. The component is used to enhance and extend the basic features of sandboxed
containers. The following features are supported:
- Custom kernel parameter settings for pods that run sandboxed containers.
- Automatic calculation and configuration for VMs that run sandboxed containers.
- Direct mounting of disks and Apsara File Storage NAS (NAS) file systems to sandboxed
containers.
Usage notes
By default, sandboxed-container-controller is installed in Container Service for Kubernetes
(ACK) clusters. You can use this component without extra configurations.
Release notes
May 2022
Version |
Image address |
Release date |
Description |
Impact |
v1.2.0-0c6b9ba-aliyun |
registry.cn-hangzhou.aliyuncs.com/acs/sandboxed-container-controller:v1.2.0-0c6b9ba-aliyun |
2022-05-12 |
- This version is compatible with ACK clusters that run Kubernetes 1.22.
- Certificates for admission webhooks are supported and the automatic certificate management
feature is added.
|
No impact on workloads |
December 2020
Version |
Image address |
Release date |
Description |
Impact |
v1.1.1-55d545f-aliyun |
registry.cn-hangzhou.aliyuncs.com/acs/sandboxed-container-controller:v1.1.1-55d545f-aliyun |
2020-12-22 |
The following annotations are forcibly overwritten if they are manually added to pod
configurations: securecontainer.alibabacloud.com/cpus and securecontainer.alibabacloud.com/memory.
|
No impact on workloads |
November 2020
Version |
Image address |
Release date |
Description |
Impact |
v1.1.0-3b3d499-aliyun |
registry.cn-hangzhou.aliyuncs.com/acs/sandboxed-container-controller:v1.1.0-3b3d499-aliyun |
2020-11-26 |
Custom kernel parameter settings are supported for pods that run sandboxed containers.
|
No impact on workloads |
v1.0.3-e993d8f-aliyun |
registry.cn-hangzhou.aliyuncs.com/acs/sandboxed-container-controller:v1.0.2-8ac82bf-aliyun |
2020-11-12 |
The PodEraseRuntimeclassRunc admission controller is supported. Docker does not support
the RuntimeClass feature. Therefore, when pod.spec.runtimeClassName is set to runc , this parameter is reset to an empty string.
|
No impact on workloads |
August 2020
Version |
Image address |
Release date |
Description |
Impact |
v1.0.1-8484958-aliyun |
registry.cn-hangzhou.aliyuncs.com/acs/sandboxed-container-controller:v1.0.1-8484958-aliyun |
2020-08-26 |
Sandboxed-Container 2.0 is supported. The PodQuota admission controller is supported
for sandboxed containers. This admission controller can set pod specifications based
on the total CPU and memory resources used by sandboxed containers.
|
No impact on workloads |
June 2020
Version |
Image address |
Release date |
Description |
Impact |
v1.0.0-e408663-aliyun |
registry.cn-beijing.aliyuncs.com/acs/sandboxed-container-controller:v1.0.0-e408663-aliyun |
2020-06-10 |
The NAS image address of the init container is changed from a public image address
to a private image address.
|
No impact on workloads |
March 2020
Version |
Image address |
Release date |
Description |
Impact |
v1.0.0-a8b276f-aliyun |
registry.cn-hangzhou.aliyuncs.com/acs/sandboxed-container-controller:v1.0.0-a8b276f-aliyun |
2020-03-26 |
The feature of directly mounting disks and NAS file systems to sandboxed containers
is supported. This provides the same performance as when these volumes are mounted
through the host. This feature allows you to prevent performance loss when volumes
are mounted over 9pfs.
|
No impact on workloads |