v0.8.7 release for Docker and containerd

This is the v0.8.7 release of hcsshim for Docker

hcsshim v1

• Improves internal wait patterns reducing HCS syscall overhead.
• Changes the syscall interface to properly contain call context.
• Improves error handling for process/container based patterns.

hcn

• Adds outbound NAT policies.
• Improves failure cases when a namespace is not found.
• Fixes the L4ProxyPolicySetting CompartmentID field.
• Added NatFlags to PortMappings.

This is the v0.8.7 release of containerd-shim-runhcs-v1.exe for containerd

There are significant changes since the last official release of hcsshim.

The most important change is that we are officially deprecating runhcs.exe as the containerd runtime of choice and have removed the v1 runtime bindings for it from containerd. It is now expected that for containerd on Windows you use Runtime V2 shim implemented in the cmd/containerd-shim-runhcs-v1 section of the repo.

containerd-shim-runhcs-v1.exe

With the move to containerd the containerd-shim-runhcs-v1.exe binary now replaces all OS level interaction with the gRPC interface implemented by the Runtime V2 interface as defined by containerd. This allows us to fully implement Windows process and Hyper-V containers on RS1+ with support for Windows v2 containers as well as LCOW on RS5+ releases of Windows.

The implementation is as follows for your HOST OS version of Windows:

	RS1 - RS4	RS5+
Windows Process Container	v1 (Argon)	v2
Windows Hyper-V (Server) Container	v1 (Xenon)	v2
LCOW	Not Supported	v2

The main difference with Windows v2 containers and LCOW v2 is the ability of the shim to support true Kubernetes pod's. On Windows this means a shared network namespace for process containers in the pod. For Windows hypervisor (including LCOW) containers it additionally means shared processor, memory, and storage for all containers in the pod within a single UtilityVM. This single UtilityVM provides higher performance and density while also providing greater lifetime guarantees for the set.

Pre-release of the v2 hcsshim package and runhcs.exe

Bug Fixes

• Plan9 case sensitivity can only be set if the source Windows directory supports it
• Shrink the size of the create-scratch utility VM (256MB/1 VPMem device)
• Fix race in endoperation logging

Pre-release of the v2 hcsshim package and runhcs.exe

New Features

• pkg/go-runhcs
  • Adds fallback support when looking up the runhcs.exe path to exec to the path of the calling binary. In practice this is always a containerd shim and the deployment places them in the same folder. This allows a user who has not placed containerd in its path to avoid seeing this failure.

Pre-release of the v2 hcsshim package and runhcs.exe

New Features

• runhcs
  • Adds support for OCI mount.Type "physical-disk" and "virtual-disk" for WCOW and LCOW.

    m := &oci.Mount{
        Type: "physical-disk",
        Source: "\\\\.\\PHYSICALDRIVE1",
        Destination: "C:\\test" // LCOW '/mnt/test'

    m := &oci.Mount{
        Type: "virtual-disk",
        Source: "C:\\test.vhdx", // OR 'C:\\test.vhd'
        Destination: "C:\\test" // LCOW '/mnt/test'

  • Stop loading ole32 to improve process activation
  • Set TerminateOnLastHandleClosed for all UVM activation's to guarantee resource cleanup on runhcs.exe exit.
  • Set StopOnReset for all UVM activation's so that the guest VM does not try to restart on reset.
  • Change default LCOW activation's to use rootfs.vhd when present over initrd.img by default.
  • On builds >= 18286 add support to LCOW for booting directly from the kernel (compressed or uncompressed)
  • Adds LCOW HNS network namespace support.
  • Adds support for logging all logrus messages to ETW for all runhcs.exe invocations.
  • Various performance and logging improvements for diagnostics.
• uvmboot
  • Introduces the uvmboot.exe tool for creating/starting/measuring performance of various LCOW configurations. This does not activate any containers but can be useful for creating/testing different LCOW options with various HCS/kernel features.

Bug Fixes

• runhcs
  • Properly set all Plan9 shares ReadOnly when OCI opts ro is set.
  • Properly convert from Docker TERM, KILL, 15, 9 signals for Windows container Kill requests using Unix semantics.

Pre-release of the v2 hcsshim package and runhcs.exe

New Features

• pkg/go-runhcs
  • Adds cached exec.LookPath results for runhcs.exe when using the go-runhcs pkg. This can lead to about 15 ms savings per runhcs.exe command.
• runhcs
  • Adds a bunch of LCOW activation optimizations greatly improving start time.
  • Adds OCI annotation: io.microsoft.virtualmachine.computetopology.memory.sizeinmb allowing UVM override of memory size at activation if not using WindowsMemoryResources.Limit.
  • Adds OCI annotation: io.microsoft.virtualmachine.computetopology.processor.count allowing UVM override of CPU count at activation if not using WindowsCPUResources.Count.
  • Adds OCI annotation: io.microsoft.virtualmachine.lcow.preferredrootfstype allowing UVM override of LCOW UVM boot. Values (default: initrd, vhd).
• Logging
  • Cleans up the logging in a few packages to make better use of logrus.WithFields rather than encoding the values in the message to make it easier for post processing logs.

Bug Fixes

• runhcs
  • Fixes an issue where we were not forwarding the --owner flag to the container/uvm activation.
• Fixes an issue on ARM32 builds causing an build overflow.
• Fixes an issue on where the callback watcher would hang if an unknown notification type was sent from the HCS.

Pre-release of the v2 hcsshim package and runhcs.exe

Performance Improvements:

• Adds cached exec.LookPath results for runhcs.exe when using the go-runhcs pkg. This can lead to about 15 ms savings per runhcs.exe command.

Pre-release of the v2 hcsshim package and runhcs.exe

Bug Fixes

• Fixes a nil dereference causing a panic in runhcs.exe create when using any of the new options introduced in v0.8.0

Pre-release of the v2 hcsshim package and runhcs.exe

As of this release we will begin publishing the integration tests as part of the release process in the Assets.

New Features

1. Custom Annotations via OCI config.json

io.microsoft.virtualmachine.computetopology.memory.allowovercommit

true - (default) Uses VA backed memory from the Windows Page File rather than physically backed memory.
false - Uses physically (RAM) backed memory

io.microsoft.virtualmachine.computetopology.memory.enabledeferredcommit

true - Requires AllowOverCommit = true - Uses deferred commit on VA backed memory only writing to the Windows Page File at allocation time.
false - (default) - Commits all VA backed memory at create time.

io.microsoft.virtualmachine.devices.virtualpmem.maximumcount (LCOW Only)

[0 - 128] - (64 default) - Describes the valid number of vPMEM layers that can be uses for LCOW container layers.

io.microsoft.virtualmachine.devices.virtualpmem.maximumsizebytes (LCOW Only)

[0 - int32(max)] - (4GB default) - Describes the maximum size of each vPMEM device. A layer size larger than this number will be mapped via SCSI if SCSI is enabled.

2. All layer sizes greater than io.microsoft.virtualmachine.devices.virtualpmem.maximumsizebytes (4GB default) will now automatically fall back to mapping in via SCSI if SCSI is enabled (true default)

Bug Fixes

• Fixes a bug where the previous use of "uvm-memory-type": "Physical" (now: "io.microsoft.virtualmachine.computetopology.memory.allowovercommit": false) would fail to start on Windows Hyper-V Containers.

Breaking changes from previous pre-release

• Removes the previous uvm-memory-type annotation in favor of the more granular io.microsoft.virtualmachine.computetopology.memory.allowovercommit and io.microsoft.virtualmachine.computetopology.memory.enabledeferredcommit options.

Pre-release of the v2 hcsshim package and runhcs.exe

• Fixes a bug in v0.7.13 that "uvm-memory-type": "Physical" was being incorrectly overridden by order of precedence.

Pre-release of the v2 hcsshim package and runhcs.exe

This is a spot fix to the v0.7.12 release adding the export of AssignedDevice to V1.