v0.8.10

Highlights

• shim: Added support for GMSA in HCS schema v2 process-isolated Windows containers.
• shim: Added support for assigning host devices into process-isolated Windows containers.
• shim: Correctly calculate cap for UVM CPU count when there are multiple processor groups on the host.
• shim: Switched to connect directly to the GCS for hypervisor-isolated Windows containers. This should improve reliability and allow future innovations.
• shim: Removed code that blocked processor weight/maximum to be set for processor QoS for process-isolated Windows containers. Previously there was an OS issue preventing this from working, but that has been fixed.
• hcsshim package: Fixed an issue that could cause Windows container layers to have incorrect modification timestamps. This could lead to a case impacting container start time due to directory timestamps not matching the expected value. #830.

v0.8.9

New Features

• Added version support for IPv6 Dual stack in HNS.
• Updated HNS session affinity version check for load balancing.

Bug Fixes

• Fixed a bug when an LCOW container used SCSI for layers. If a second container was started that shared a layer with an existing container, it would fail to start.

v0.8.8

New Features

• Add support for uvm processor and memory override via toml
• Added assigned device support
• Add Nvidia gpu support for LCOW
• Add shim implementation to support SDN routes
• Allow mounting VHD's inside multiple WCOW/LCOW containers

Bug Fixes/Misc.

• Fix crashes when cleaning up resources for process isolated containers
• Remove cgo dependency
• Fix read-only VSMB mount bug that would cause container activation to fail
• Fix issue with repeated calls to GrantVmAccess causing an 'Incorrect Parameter' error
• Remove kubernetes/kubernetes dependency and have tests directory have its own go.mod

v0.8.7 release for Docker and containerd

This is the v0.8.7 release of hcsshim for Docker

hcsshim v1

• Improves internal wait patterns reducing HCS syscall overhead.
• Changes the syscall interface to properly contain call context.
• Improves error handling for process/container based patterns.

hcn

• Adds outbound NAT policies.
• Improves failure cases when a namespace is not found.
• Fixes the L4ProxyPolicySetting CompartmentID field.
• Added NatFlags to PortMappings.

This is the v0.8.7 release of containerd-shim-runhcs-v1.exe for containerd

There are significant changes since the last official release of hcsshim.

The most important change is that we are officially deprecating runhcs.exe as the containerd runtime of choice and have removed the v1 runtime bindings for it from containerd. It is now expected that for containerd on Windows you use Runtime V2 shim implemented in the cmd/containerd-shim-runhcs-v1 section of the repo.

containerd-shim-runhcs-v1.exe

With the move to containerd the containerd-shim-runhcs-v1.exe binary now replaces all OS level interaction with the gRPC interface implemented by the Runtime V2 interface as defined by containerd. This allows us to fully implement Windows process and Hyper-V containers on RS1+ with support for Windows v2 containers as well as LCOW on RS5+ releases of Windows.

The implementation is as follows for your HOST OS version of Windows:

	RS1 - RS4	RS5+
Windows Process Container	v1 (Argon)	v2
Windows Hyper-V (Server) Container	v1 (Xenon)	v2
LCOW	Not Supported	v2

The main difference with Windows v2 containers and LCOW v2 is the ability of the shim to support true Kubernetes pod's. On Windows this means a shared network namespace for process containers in the pod. For Windows hypervisor (including LCOW) containers it additionally means shared processor, memory, and storage for all containers in the pod within a single UtilityVM. This single UtilityVM provides higher performance and density while also providing greater lifetime guarantees for the set.

Pre-release of the v2 hcsshim package and runhcs.exe

Bug Fixes

• Plan9 case sensitivity can only be set if the source Windows directory supports it
• Shrink the size of the create-scratch utility VM (256MB/1 VPMem device)
• Fix race in endoperation logging

Pre-release of the v2 hcsshim package and runhcs.exe

New Features

• pkg/go-runhcs
  • Adds fallback support when looking up the runhcs.exe path to exec to the path of the calling binary. In practice this is always a containerd shim and the deployment places them in the same folder. This allows a user who has not placed containerd in its path to avoid seeing this failure.

Pre-release of the v2 hcsshim package and runhcs.exe

New Features

• runhcs
  • Adds support for OCI mount.Type "physical-disk" and "virtual-disk" for WCOW and LCOW.

    m := &oci.Mount{
        Type: "physical-disk",
        Source: "\\\\.\\PHYSICALDRIVE1",
        Destination: "C:\\test" // LCOW '/mnt/test'

    m := &oci.Mount{
        Type: "virtual-disk",
        Source: "C:\\test.vhdx", // OR 'C:\\test.vhd'
        Destination: "C:\\test" // LCOW '/mnt/test'

  • Stop loading ole32 to improve process activation
  • Set TerminateOnLastHandleClosed for all UVM activation's to guarantee resource cleanup on runhcs.exe exit.
  • Set StopOnReset for all UVM activation's so that the guest VM does not try to restart on reset.
  • Change default LCOW activation's to use rootfs.vhd when present over initrd.img by default.
  • On builds >= 18286 add support to LCOW for booting directly from the kernel (compressed or uncompressed)
  • Adds LCOW HNS network namespace support.
  • Adds support for logging all logrus messages to ETW for all runhcs.exe invocations.
  • Various performance and logging improvements for diagnostics.
• uvmboot
  • Introduces the uvmboot.exe tool for creating/starting/measuring performance of various LCOW configurations. This does not activate any containers but can be useful for creating/testing different LCOW options with various HCS/kernel features.

Bug Fixes

• runhcs
  • Properly set all Plan9 shares ReadOnly when OCI opts ro is set.
  • Properly convert from Docker TERM, KILL, 15, 9 signals for Windows container Kill requests using Unix semantics.

Pre-release of the v2 hcsshim package and runhcs.exe

New Features

• pkg/go-runhcs
  • Adds cached exec.LookPath results for runhcs.exe when using the go-runhcs pkg. This can lead to about 15 ms savings per runhcs.exe command.
• runhcs
  • Adds a bunch of LCOW activation optimizations greatly improving start time.
  • Adds OCI annotation: io.microsoft.virtualmachine.computetopology.memory.sizeinmb allowing UVM override of memory size at activation if not using WindowsMemoryResources.Limit.
  • Adds OCI annotation: io.microsoft.virtualmachine.computetopology.processor.count allowing UVM override of CPU count at activation if not using WindowsCPUResources.Count.
  • Adds OCI annotation: io.microsoft.virtualmachine.lcow.preferredrootfstype allowing UVM override of LCOW UVM boot. Values (default: initrd, vhd).
• Logging
  • Cleans up the logging in a few packages to make better use of logrus.WithFields rather than encoding the values in the message to make it easier for post processing logs.

Bug Fixes

• runhcs
  • Fixes an issue where we were not forwarding the --owner flag to the container/uvm activation.
• Fixes an issue on ARM32 builds causing an build overflow.
• Fixes an issue on where the callback watcher would hang if an unknown notification type was sent from the HCS.

Pre-release of the v2 hcsshim package and runhcs.exe

Performance Improvements:

• Adds cached exec.LookPath results for runhcs.exe when using the go-runhcs pkg. This can lead to about 15 ms savings per runhcs.exe command.

Pre-release of the v2 hcsshim package and runhcs.exe

Bug Fixes

• Fixes a nil dereference causing a panic in runhcs.exe create when using any of the new options introduced in v0.8.0