Intel(r) Clear Containers v2.1 - new features and capabilities.
It has been a great couple of quarters driving toward a new release of Clear Containers. The team worked hard to produce this and, as you might guess, we will continue to drive new and exciting features and improvements throughout 2017 - stay tuned.
While Clear Containers are OS agnostic, we still see benefits on Clear Linux, the optimized Distribution we are driving for data center. I have summarized some of the Clear Container v2.1 release notes below and, if you wish for more information have a peek here. We'll be following up with further point-releases in the coming weeks so stay tuned for those as well.
The latest offering is a complete re-architecture of the communication between the host and guest, affording us the opportunity to offer:
- We introduced the concept of a POD, enabling Kubernetes? to start Clear Containers via the Container Runtime Interface (CRI-O).
- Improvements to networking: a container can now join multiple Docker networks as we propagate the full configuration (interfaces, IPs, routes, hostname, ...) to the VM.
- User & group support. We respond to directives from Docker to start the containerized workload with a specific user and group, one of the many layers to limit the container permissions.
- Support for docker exec. We can now execute a new process inside an already running container.
- Execution of docker run now returns the proper exit status (that of the process within the VM) to the caller.
- We now run the container in pid, mount, uts… namespaces inside the VM to isolate the workload from the guest OS.
- stdout and stderr are correctly forwarded from the process inside the VM to the host.
- Signal support. We now forward signals to the container workload inside the VM:
- docker kill works: For instance, we can use SIGHUP to gracefully restart Apache.
- Improved TTY handling. For example, typing ctrl+c is correctly sent to the VM and resizing terminals works!