Release notes for Sandboxed-Container

• The lightweight virtual machine container runtime developed by Alibaba Cloud supports more lightweight and efficient deployment. It also simplifies the architecture and maintenance of Kubernetes clusters.
• Reduces the resource overheads by 90% and increases Sandboxed-Container startup speed by three times.
• Increases the deployment density of standalone sandboxed containers by 10 times.
• Supports the virtio-fs file system. This allows you to provide higher performance than the 9pfs file system.

• Eliminates a security risk related to the container-storaged component.
• Fixes the issue when the kubectl cp command is blocked after you run this command.
• Fixes the issue when logs cannot be printed to stdout files after containerd is restarted.
• Fixes the issue when the system time of sandboxed containers may not be synchronized at regular intervals.

No impact on workloads.

• Allows you to mount Alibaba Cloud disks and Network Attached Storage (NAS) volumes to sandboxed containers. This provides the same performance as the volumes that are mounted to the host. This avoids performance loss when storage devices are mounted over 9pfs.
• Supports RootFS block I/O throttling.

Improves stability by a significant amount.

No impact on workloads.

• Strong isolation based on sandboxed and lightweight virtual machines.
• Good compatibility with runC in terms of application management.
• High performance that corresponds to 90% of the performance provided by applications based on runC.
• The same user experience as that provided by containers in runC in terms of monitoring, logging, and storage.
• Supports RuntimeClass (runC and runV). For more information, see RuntimeClass.
• Easy to use with limited expertise.
• Higher stability than that provided by Kata Containers. For more information about Kata Containers, see Kata Containers.