Merge pull request containerd#5346 from dmcgowan/prepare-1.5.0-rc.1

dmcgowan · web-flow · commit f968359ecb3b · 2021-04-13T08:26:43.000-07:00
Prepare 1.5.0-rc.1 release
diff --git a/.mailmap b/.mailmap
@@ -18,6 +18,7 @@ Brent Baude <bbaude@redhat.com>
 Cao Zhihao <caozhihao@163.com>
 Cao Zhihao <caozhihao@163.com> <caozhihao.xd@bytedance.com>
 Carlos Eduardo <me@carlosedp.com> <me@carlosedp.com>
+chenxiaoyu <weixian.cxy@alibaba-inc.com>
 Cristian Staretu <cristian.staretu@gmail.com>
 Cristian Staretu <cristian.staretu@gmail.com> <unclejack@users.noreply.github.com>
 Daniel Dao <dqminh89@gmail.com>
@@ -113,6 +114,7 @@ Xuean Yan <yan.xuean@zte.com.cn>
 Yue Zhang <zy675793960@yeah.net>
 Yuxing Liu <starnop@163.com>
 Zhang Wei <zhangwei555@huawei.com>
+zhangyadong <zhangyadong.0808@bytedance.com>
 Zhenguang Zhu <zhengguang.zhu@daocloud.io>
 Zhiyu Li <payall4u@qq.com>
 Zhiyu Li <payall4u@qq.com> <404977848@qq.com>
diff --git a/releases/v1.5.0-rc.toml b/releases/v1.5.0-rc.toml
@@ -89,5 +89,61 @@ containers the same set of permissions as the calling process, preventing errors
 when privileged containers attempt to get more permissions than given to the
 caller.
 
+#### Configuration changes
+
+##### *New* `registry.config_path` for CRI plugin
+
+`registry.config_path` specifies a directory to look for registry hosts
+configuration. When resolving an image name during pull operations, the CRI
+plugin will look in the `<registry.config_path>/<image hostname>/` directory
+for host configuration. An optional `hosts.toml` file in that directory may be
+used to configure which hosts will be used for the pull operation as well
+host-specific configurations. Updates under that directory do not require
+restarting the containerd daemon.
+
+Enable `registry.config_path` in the containerd configuration file.
+
+```toml
+[plugins."io.containerd.grpc.v1.cri".registry]
+   config_path = "/etc/containerd/certs.d"
+```
+
+Configure registry hosts, such as `/etc/containerd/certs.d/docker.io/hosts.toml`
+for any image under the `docker.io` namespace (any image on Docker Hub).
+
+```
+server = "https://registry-1.docker.io"    # Exclude this to not use upstream
+
+[host."https://public-mirror.example.com"]
+  capabilities = ["pull"]                  # Requires less trust, won't resolve tag to digest from this host
+[host."https://docker-mirror.internal"]
+  capabilities = ["pull", "resolve"]
+  ca = "docker-mirror.crt"                 # Or absolute path /etc/containerd/certs.d/docker.io/docker-mirror.crt
+```
+
+If no `hosts.toml` configuration exists in the host directory, it will fallback
+to check certificate files based on Docker's certificate file
+pattern (".crt" files for CA certificates and ".cert"/".key" files for client
+certificates).
+
+##### Deprecation of `registry.mirrors` and `registry.configs` in CRI plugin
+
+Mirroring and TLS can now be configured using the new `registry.config_path`
+option. Existing configurations may be migrated to new host directory
+configuration. These fields are only deprecated with no planned removal,
+however, these configurations cannot be used while `registry.config_path` is
+defined.
+
+##### Version 1 schema is deprecated
+
+Version 2 of the containerd configuration toml is recommended format and the
+default. Starting this version, a deprecation warning will be logged when
+version 1 is used.
+
+To check version, see the version value in the containerd toml configuration.
+
+```toml
+version=2
+```
 
 See the changelog for complete list of changes"""
diff --git a/version/version.go b/version/version.go
@@ -23,7 +23,7 @@ var (
 	Package = "github.com/containerd/containerd"
 
 	// Version holds the complete version number. Filled in at linking time.
-	Version = "1.5.0-rc.0+unknown"
+	Version = "1.5.0-rc.1+unknown"
 
 	// Revision is filled with the VCS (e.g. git) revision being used to build
 	// the program at linking time.
