Container Service for Kubernetes:Release notes for Sandboxed-Container - Container Service for Kubernetes

This topic describes the release notes for Sandboxed-Container.

Release notes for Sandboxed-Container, covering versions 1.0.0 (September 2019) through 2.2.4 (March 2024).

Background

For an overview of Sandboxed-Container, see Sandboxed-Container.

To create a node pool that runs sandboxed containers, see Create a node pool that runs sandboxed containers.

Version	Release date	Description	Impact
2.2.4	2024-03-25	New feature: Alibaba Cloud Linux 3 is now supported as the node operating system.	No impact on workloads.

Version	Release date	Description	Impact
2.2.0	2021-04-02	New feature: The secure computing mode (seccomp) feature is enabled for the containerd runtime. Requires Kubernetes V1.20 or later.	No impact on workloads.

Version	Release date	Description	Impact
2.1.2	2021-03-01	Bug fix: Fixed an issue where exceptions occurred in privileged containers in certain scenarios.	No impact on workloads.

Version	Release date	Description	Impact
2.1.1	2021-01-07	New feature: Privileged containers are now supported.	No impact on workloads.

Version	Release date	Description	Impact
2.1.0	2020-11-26	New features: Five additions to improve stability and performance: Project quota: limits the number of bytes written to the container rootfs directory. Disk mounting: a disk can be mounted to a sandboxed container. File Storage NAS (NAS) file system mounting: a NAS file system can be mounted to a sandboxed container. Custom kernel parameters: custom kernel parameters are supported for sandboxed pods. Quality of Service (QoS) policies and network traffic marking policies are supported.	No impact on workloads.

Version	Release date	Description	Impact
2.0.0	2020-08-28	Major release: Sandboxed-Container 2.0 is a container runtime developed by Alibaba Cloud based on lightweight virtual machines (VMs). Key improvements over 1.x: Resource overhead reduced by 90%. Sandboxed container startup speed improved by three times. Deployment density on a single node increased by 10 times. virtio-fs file system support added, with higher performance than 9pfs. Simplified architecture reduces ACK cluster maintenance overhead.	Action required: During the upgrade, pods on nodes using the Sandboxed-Container runtime are recreated. Ensure sufficient pod redundancy before upgrading.

Version	Release date	Description	Impact
1.1.1	2020-07-27	Bug fixes: Four stability improvements: Eliminated the security risk related to the container-storaged component. Fixed an issue where the `kubectl cp` command became blocked after execution. Fixed an issue where logs were not printed to stdout after containerd was restarted. Fixed an issue where the system time of sandboxed containers may not be synchronized at regular intervals.	No impact on workloads.

Version	Release date	Description	Impact
1.1.0	2020-03-05	New features and stability enhancements: Alibaba Cloud disks and NAS file systems can be mounted to sandboxed containers, delivering the same performance as volumes mounted to the host and eliminating the performance loss of mounting storage devices over 9pfs. RootFS block I/O throttling is supported.	No impact on workloads.

Version	Release date	Description	Impact
1.0.0	2019-09-05	Initial release. Sandboxed-Container 1.0.0 provides: Strong isolation based on sandboxed and lightweight VMs. Application management compatibility with runC. Performance equivalent to 90% of runC-based applications. The same logging, monitoring, and storage experience as runC. RuntimeClass support, allowing selection between container runtimes such as runC and runV. For details, see RuntimeClass. Low barrier to entry with minimum technical skill requirements. Higher stability compared with the open source Kata Containers runtime.	No impact on workloads.