kata-containers
Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. https://katacontainers.io/
APACHE-2.0 License
Bot releases are hidden (Show)
Published by gkurz about 2 years ago
kata-containers Changes
Shortlog
5c69eb5be691 release: Kata Containers 2.5.2
309756db95ab release: Adapt kata-deploy for 2.5.2
a8187717506b tools: release: fix bogus version check
52993b91b7e3 runtime: store the user name in hypervisor config
30a8166f4ae2 runtime: make StopVM thread-safe
7033c97cd284 runtime: add more debug logs for non-root user operation
e8ec0c402fa0 stable-2.5: fix cargo vendor
d92ada72deb6 kernel: upgrade guest kernel support to 5.19.2
565fdf8263db kernel: fix for set_kmem_limit error
f174fac0d670 sandbox_test: Add test to verify memory hotplug behavior
928654b5cd2f sandbox: don't hotplug too much memory at once
1c0e6b4356e8 hypervisor: Add GetTotalMemoryMB to interface
8f40927df8e7 kernel: Add CONFIG_CGROUP_HUGETLB=y as part of the cgroup fragments
Compatibility with CRI-O
Kata Containers 2.5.2 is compatible with CRI-O
Compatibility with containerd
Kata Containers 2.5.2 is compatible with contaienrd v1.5.2
OCI Runtime Specification
Kata Containers 2.5.2 support the OCI Runtime Specification v1.0.0-rc5
Compatibility with Kubernetes
Kata Containers 2.5.2 is compatible with Kubernetes 1.23.1-00
Libseccomp Notices
The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.
The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.
If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.
Kata Linux Containers image
Agent version: 2.5.2
Default Image Guest OS:
description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"
Default Initrd Guest OS:
description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
Do not use Alpine on ppc64le & s390x, the agent cannot use musl because
there is no such Rust target
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"
Kata Linux Containers Kernel
Kata Containers 2.5.2 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config
Installation
Follow the Kata installation instructions.
Issues & limitations
More information Limitations
Published by gkurz about 2 years ago
kata-containers Changes
Shortlog
727f233e2adc release: Kata Containers 3.0.0-rc1
babab160bc61 tools: release: fix bogus version check
af22e7137500 osbuilder: Export directory variables for libseccomp
d663f110d737 kata-deploy: get the config path from cri options
c6b3dcb67d5f kata-deploy: support kata-deploy for runtime-rs
a394761a5cc7 kata-deploy: add installation for runtime-rs
b0c5f040f02f runtime-rs: set agent timeout to 0 for stream RPCs
d44e39e0592c runtime-rs: fix incorrect comments
43b0e95800f6 runtime: store the user name in hypervisor config
81801888a29f runtime: make StopVM thread-safe
fba39ef32d03 runtime: add more debug logs for non-root user operation
63309514cacc runtime-rs: drop dependency on rustc-serialize
e229a03cc814 runtime: update runc dependency
Compatibility with CRI-O
Kata Containers 3.0.0-rc1 is compatible with CRI-O
Compatibility with containerd
Kata Containers 3.0.0-rc1 is compatible with contaienrd v1.5.2
OCI Runtime Specification
Kata Containers 3.0.0-rc1 support the OCI Runtime Specification v1.0.0-rc5
Compatibility with Kubernetes
Kata Containers 3.0.0-rc1 is compatible with Kubernetes 1.23.1-00
Libseccomp Notices
The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.
The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.
If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.
Kata Linux Containers image
Agent version: 3.0.0-rc1
Default Image Guest OS:
description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"
Default Initrd Guest OS:
description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
Do not use Alpine on ppc64le & s390x, the agent cannot use musl because
there is no such Rust target
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"
Kata Linux Containers Kernel
Kata Containers 3.0.0-rc1 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config
Installation
Follow the Kata installation instructions.
Issues & limitations
More information Limitations
Published by bergwolf about 2 years ago
Release 3.0.0-rc0
kata-containers Changes
Shortlog
583591099 release: Kata Containers 3.0.0-rc0
be242a3c3 release: Adapt kata-deploy for 3.0.0-rc0
156e1c324 runtime-rs: delete some allow(dead_code) attributes
fc9c6f87a kata-types: don't check virtio_fs_daemon for inline-virtio-fs
96c8be715 libs/kata-types: change return type of getting CPU period/quota
2b1d05857 runtime-rs: fix host device check pattern
62cf6e6fc runtime-rs: remove meaningless comment
84268f871 runtime-rs: update rust runtime roadmap
bcf6bf843 runk: Enable seccomp support by default
36d805fab config: add "inline-virtio-fs" as a "shared_fs" type
85b49cee0 runtime-rs: add README.md
968c2f6e8 runk: Refactor container builder
b948a8ffe kernel: fix kernel tarball name for SEV
50f912615 libs/kata-types: replace tabs by spaces in comments
566656b08 gperf: point URL to mirror site
Compatibility with CRI-O
Kata Containers 3.0.0-rc0 is compatible with CRI-O
Compatibility with containerd
Kata Containers 3.0.0-rc0 is compatible with contaienrd v1.5.2
OCI Runtime Specification
Kata Containers 3.0.0-rc0 support the OCI Runtime Specification v1.0.0-rc5
Compatibility with Kubernetes
Kata Containers 3.0.0-rc0 is compatible with Kubernetes 1.23.1-00
Libseccomp Notices
The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.
The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.
If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.
Kata Linux Containers image
Agent version: 3.0.0-rc0
Default Image Guest OS:
description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"
Default Initrd Guest OS:
description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
Do not use Alpine on ppc64le & s390x, the agent cannot use musl because
there is no such Rust target
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"
Kata Linux Containers Kernel
Kata Containers 3.0.0-rc0 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config
Installation
Follow the Kata installation instructions.
Issues & limitations
More information Limitations
Published by amshinde about 2 years ago
kata-containers Changes
Major highlights of this release include:
- Support for io_uring as I/O mechanism for qemu
- Upgrade to Cloud Hypervisor v26.0
- Kernel upgrade to 5.19.2
- Several improvements in cloud-hypervisor support for Intel TDX
- Support for static resource management functionality in rust runtime
- Support for hugetlb cgroups in the guest
- Addition of cargo-deny to scan for vulnerabilities and license issues wrt rust crates.
Shortlog
d23779ec9 Revert "agent: fix unittests for arp neighbors"
d340564d6 Revert "agent: use rtnetlink's neighbours API to add neighbors"
188d37bad kata-deploy: Add debug statement
e879270a0 runtime-rs: add default agent/runtime/hypervisor for configuration
5f4f5f240 docs: fix unix socket address in agent-ctl doc
41ec71169 runtime-rs: split amend_spec function
ff7c78e0e runtime-rs: static resource mgmt default to false
00f3a6de1 runtime-rs: make static resource mgmt idiomatic
4a54876dd runtime-rs: support static resource management functionality
52bbc3a4b cargo.lock: update crates to comply with checks
aa581f4b2 cargo.toml: Add oci to src/libs workplace
7914da72c cargo.tomls: Added Apache 2.0 to cargo.tomls
bed4aab7e github-actions: Add cargo-deny
373dac2db qemu: Keep passing BUILD_SUFFIX
59e3850bf qemu: create no_patches.txt file for SPR-BKC-QEMU-v2.5
54d6d0175 qemu: fix tdx qemu tarball directories
9997ab064 sandbox_test: Add test to verify memory hotplug behavior
f390c122f sandbox: don't hotplug too much memory at once
e0142db24 hypervisor: Add GetTotalMemoryMB to interface
e83b82131 docs: Update url in the Developer Guide
0ab49b233 release: Kata Containers 3.0.0-alpha1
b1a8acad5 versions: Update cni plugins version
749a6a248 docs: Specify language in markdown for syntax highlight
a1fdc0827 kernel: Re-work get_tee_kernel()
a6581734c kernel: Whitelist cleanup
cce99c5c7 runtime-rs: delete socket from shim command-line options
c75970b81 dragonball: add more unit test for config manager
dc32c4622 osbuilder: fix ubuntu initrd /dev/ttyS0 hang
cc5f91dac osbuilder: add systemd symlinks for kata-agent
731d39df4 kernel: Add CONFIG_CGROUP_HUGETLB=y as part of the cgroup fragments
f7d41e98c kata-deploy: export CI in the build container
4f90e3c87 kata-deploy: add dockerbuild/install_yq.sh to gitignore
96d903734 github-actions: Auto-backporting
a355812e0 runtime-rs: fixed bug on core-sched error handling
591dfa4fe runtime-rs: add support for core scheduling
92f7d6bf8 ci: Use versions.yaml for the libseccomp
b535bac9c runk: Add cli message for init command
c08a8631e agent: add some logs for mount operation
c1e3b8f40 govmm: Refactor qmp functions for adding block device
598884f37 govmm: Refactor code to get rid of redundant code
00860a7e4 qmp: Pass aio backend while adding block device
e1b49d758 config: Add block aio as a supported annotation
ed0f1d0b3 config: Add "block_device_aio" as a config option for qemu
b6cd2348f govmm: Add io_uring as AIO type
81cdaf077 govmm: Correct documentation for Linux aio.
763ceeb7b logging: Replace nix::Error::EINVAL with more descriptive msgs
4ee2b99e1 kata-deploy: fix threading conflicts
0a6f0174f kernel: Ignore CONFIG_SPECULATION_MITIGATIONS for older kernels
6cf16c4f7 agent-ctl: fix clippy error
4b57c04c3 runtime-rs: support loading kernel modules in guest vm
dc90eae17 qemu: Drop unnecessary tdx_guest kernel parameter
d4b67613f clh: Use HVC console with TDX
c0cb3cd4d clh: Avoid crashing when memory hotplug is not allowed
9f0a57c0e clh: Increase API and SandboxStop timeouts for TDX
c142fa254 clh: Lift the sharedFS restriction used with TDX
bdf8a57bd runk: Move delete logic to libcontainer
a06d819b2 runtime: cri-o annotations have been moved to podman
ffd1c1ff4 agent-ctl/trace-forwarder: udpate thread_local dependency
69080d76d agent/runk: update regex dependency
e0ec09039 runtime-rs: update async-std dependency
326f1cc77 agent: enrich some error code path
4f53e010b agent: skip test_load_kernel_module if non-root
f508c2909 runtime: constify splitIrqChipMachineOptions
2b0587db9 runtime: VMX is migratible in vm factory case
fa09f0ec8 runtime: remove qemuPaths
a6fbaac1b runk: add pause/resume commands
8e201501e kernel: fix for set_kmem_limit error
00aadfe20 kernel: SEV guest kernel upgrade to 5.19.2
0d9d8d63e kernel: upgrade guest kernel support to 5.19.2
57bd3f42d runtime-rs: plug drop-in decoding into config-loading code
87b97b699 runtime-rs: add filesystem-related part of drop-in handling
cf785a1a2 runtime-rs: add core toml::Value tree merging
09672eb2d agent: do some rollback works if case of do_create_container failed
8ff5c10ac network: Fix error message for setting hardware address on TAP interface
3a597c274 runtime: clh: Use the new 'payload' interface
16baecc5b runtime: clh: Re-generate the client code
50ea07183 versions: Upgrade to Cloud Hypervisor v26.0
fcc1e0c61 runtime: tracing: End root span at end of trace
78231a36e ci: Update libseccomp version
338c28295 dep: update nix dependency
3829ab809 docs: Update CRI-O target link
34746496b libs/test-utils: share test code by create a new crate
Compatibility with CRI-O
Kata Containers 3.0.0-alpha1 is compatible with CRI-O
Compatibility with containerd
Kata Containers 3.0.0-alpha1 is compatible with contaienrd v1.5.2
OCI Runtime Specification
Kata Containers 3.0.0-alpha1 support the OCI Runtime Specification v1.0.0-rc5
Compatibility with Kubernetes
Kata Containers 3.0.0-alpha1 is compatible with Kubernetes 1.23.1-00
Libseccomp Notices
The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.
The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.
If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.
Kata Linux Containers image
Agent version: 3.0.0-alpha1
Default Image Guest OS:
description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"
Default Initrd Guest OS:
description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"
Kata Linux Containers Kernel
Kata Containers 3.0.0-alpha1 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config
Installation
Follow the Kata installation instructions.
Issues & limitations
More information Limitations
Published by amshinde about 2 years ago
kata-containers Changes
This releases includes security fixes for rust dependencies.
Cloud-hypervisor has been upgraded tp v26.0.
Rust supported version has been also upgraded to 1.59.0.
CONFIG_CGROUP_HUGETLB was added to the kernel to support hugetlb cgroups.
In addition, some minor bug fixes for hadling container create failures
and tracing were added.
Shortlog
d6437435a release: Kata Containers 2.5.1
38801e5bf release: Adapt kata-deploy for 2.5.1
8f8b93d75 kernel: Add CONFIG_CGROUP_HUGETLB=y as part of the cgroup fragments
25b1a5229 runtime: tracing: End root span at end of trace
553293010 agent: do some rollback works if case of do_create_container failed
69505695b agent-ctl/trace-forwarder: udpate thread_local dependency
48a94f36a agent/runk: update regex dependency
1a396a178 dep: update nix dependency
012837260 versions: Update kernel to 5.15.63
2e3ae3f23 agent-ctl: Get rid of compiler warning
14a4551d5 versions: Upgrade rust supported version to 1.59.0
cd898d28c runtime: clh: Use the new 'payload' interface
e8512320c runtime: clh: Re-generate the client code
c0b5ba230 versions: Upgrade to Cloud Hypervisor v26.0
Compatibility with CRI-O
Kata Containers 2.5.1 is compatible with CRI-O
Compatibility with containerd
Kata Containers 2.5.1 is compatible with contaienrd v1.5.2
OCI Runtime Specification
Kata Containers 2.5.1 support the OCI Runtime Specification v1.0.0-rc5
Compatibility with Kubernetes
Kata Containers 2.5.1 is compatible with Kubernetes 1.23.1-00
Libseccomp Notices
The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.
The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.
If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.
Kata Linux Containers image
Agent version: 2.5.1
Default Image Guest OS:
description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"
Default Initrd Guest OS:
description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"
Kata Linux Containers Kernel
Kata Containers 2.5.1 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config
Installation
Follow the Kata installation instructions.
Issues & limitations
More information Limitations
Published by bergwolf about 2 years ago
kata-containers Changes
Feature highlights include:
- Firecracker has been updated to v1.1.0
- Nydus has been updated to v2.1.0-alpha.4
- Cloud Hypervisor has been updated to v25.0
- Support containerd shimv2 logging plugin
- Support virtio-block multiqueue
- Support QEMU sandbox feature
- Switch to rust version virtiofsd
- Support core scheduling with containerd
- kata-runtime iptables subcommand to manipulate iptables in the guest
- A few new subcommands for runk
- Support direct-assigned volumes
- Many bugfix, CI and packaging improvements.
Shortlog
da875e747 release: Kata Containers 2.5.0
05b2096c0 release: Adapt kata-deploy for 2.5.0
1b930156c build: Fix clh source build as normal user
01c889fb6 runtime: Fix DisableSelinux config
59bd5c2e0 container: kill all of the processes in this container
22c005f55 nydus: upgrade nydus/nydus-snapshotter version
8220e5478 runtime: add unlock before return in sendReq
4f0ca40e0 versions: Update Firecracker version to v1.1.0
da24fd88e clh: Don't crash if no network device is set by the upper layer
ed25d2cf5 versions: Update Cloud Hypervisor to v25.0
dfc1413e4 action: extend commit message line limit to 150 bytes
2d29791c1 release: Kata Containers 2.5.0-rc0
f4eea832a release: Adapt kata-deploy for 2.5.0-rc0
96553e8bd runtime: Add documentation of drop-in config file fragments
c656457e9 runtime: Add tests of drop-in config file decoding
99f5ca80f runtime: Plug drop-in decoding into decodeConfig()
0f9856c46 runtime: Scan drop-in directory, read files and decode them
2c1efcc69 runtime: Add helpers to copy fields between tomlConfig instances
20f11877b runtime: Add framework to manipulate config structs via reflection
2a4fbd6d8 agent: enhance get handled signal
0ddb34a38 oci: fix serde skip serializing condition
acd3302be agent: Run OCI poststart hooks after a container is launched
fbb2e9bce agent: Replace some libc functions with nix ones
1f363a386 runtime: overwrite mount type to bind for bind mounts
4e48509ed build: Set safe.directory for runtime repo
433816cca ci/cd: update check-commit-message
48ccd4233 ci: Set safe.directory against tests repository
a5a25ed13 runtime: delete Console from Cmd type
323271403 virtcontainers: Remove unused function
0939f5181 config: Expose default_maxmemory
58ff2bd5c clh,qemu: Adapt to using default_maxmemory
afdc96042 hypervisor: Add default_maxmemory configuration
ab5f1c956 shim: set a non-zero return code if the wait process call failed.
e5be5cb08 runtime: device: cleanup outdated comments
5f936f268 virtcontainers: config validation is host specific
bdf5e5229 virtcontainers: validate hypervisor config outside of hypervisor itself
469e09854 katautils: don't do validation when loading hypervisor config
1a78c3df2 packaging: Remove unused kata docker configure script
0e2459d13 docs: Add cgroupDriver for containerd
4e30e11b3 shim: support shim v2 logging plugin
e32bf5331 device: deduplicate state structures
f97d9b45c runtime: device/persist: drop persist dependency from device pkgs
f9e96c650 runtime: device: move to top level package
3880e0c07 agent: refactor reading file timing for debugging
93874cb3b packaging: Restrict kernel patches applied to top-level dir
07b1367c2 versions: Update kernel to latest LTS version 5.15.48
1b7d36fdb agent: Allow BUILD_TYPE=debug
c70d3a2c3 agent: Update the dependencies
612fd79ba random: Fix "nonminimal-bool" clippy warning
d4417f210 netlink: Fix "or-fun-call" clippy warnings
e227b4c40 block: Leverage multiqueue for virtio-block
9ff10c083 kernel: Add CONFIG_EFI=y as part of the TDX fragments
e7e7dc9df runtime: Add heuristic to get the right value(s) for mem-reserve
ef925d40c runtime: enable sandbox feature on qemu
0bbbe7068 snap: fix snap build on ppc64le
c7dd10e5e packaging: Remove unused publish kata image script
1b7fd19ac rootfs: Fix chronyd.service failing on boot
28995301b tracing: Remove whitespace from root span
9941588c0 workflow: Removing man-db, workflow kept failing
a305bafee docs: Update outdated URLs and keep them available
721ca72a6 runtime: fix error when trying to parse sandbox sizing annotations
90a7763ac snap: Fix debug cli option
5d7fb7b7b build(deps): bump github.com/containerd/containerd in /src/runtime
d0ca2fcbb build(deps): bump crossbeam-utils in /src/tools/trace-forwarder
a60dcff4d build(deps): bump regex from 1.5.4 to 1.5.6 in /src/tools/agent-ctl
dbf50672e build(deps): bump crossbeam-utils in /src/tools/agent-ctl
8e2847bd5 build(deps): bump crossbeam-utils from 0.8.6 to 0.8.8 in /src/libs
e9ada165f build(deps): bump regex from 1.5.4 to 1.5.5 in /src/agent
adad9cef1 build(deps): bump crossbeam-utils from 0.8.5 to 0.8.8 in /src/agent
ac5dbd859 clh: Improve logging related to the net dev addition
0b75522e1 network: Set queues to 1 to ensure we get the network fds
93b61e0f0 network: Add FFI_NO_PI to the netlink flags
bf3ddc125 clh: Pass the tuntap fds down to Cloud Hypervisor
55ed32e92 clh: Take care of the VmAdNetdPut request ourselves
01fe09a4e clh: Hotplug the network devices
2e0753833 clh: Expose VmAddNetPut
bee770343 docs: Update containerd url link
1a5ba31cb agent: refactor reading file timing for debugging
bb26bd73b safe-path: fix clippy warning
db5048d52 kernel: build efi_secret module for SEV
1ef0b7ded runtime: Switch to using the rust version of virtiofsd (all but power)
9773838c0 virtiofsd: export env vars needed for building it
eff4e1017 shim: change the log level for GetOOMEvent call failures
412441308 docs: Add more kata monitor details
8f10e13e0 config: Allow enable_iommu pod annotation by default
b0e090f40 versions: Bump virtiofsd to v1.3.0
1b845978f docs: Add storage limits to arch doc
7ae11cad6 docs: Update source for cri-tools
f5099620f tools: Enable extra detail on error
34bcef884 docs: Add agent-ctl examples section
815157bf0 docs: Remove erroneous whitespace
eb24e9715 release: Kata Containers 2.5.0-alpha2
d2df1209a docs: describe kata handling for core-scheduling
22b6a94a8 shim: add support for core scheduling
fe3c1d9cd docs: Update storage documentation link
6ecea84bc rustjail: get home dir using nix crate
38a318820 runk: Support list sub-command
6d0ff901a docs: Update vGPU use-case
9d27c1fce agent: ignore ESRCH error when destroying containers
9726f56fd runtime: force stop container after the container process exits
168f325c4 docs: Update configuration reference for snap documentation
b9fc24ff3 docs: update release process github token instructions
c1476a174 docs: update release process with latest workflow triggering
8b57bf97a workflows: add workflow_dispatch triggering to test-kata-deploy
002f2cd10 snap: Use helper script and cleanup
9b108d993 docs: Improve snap formatting
894f661cc docs: Add warning to snap build
d759f6c3e snap: Fix CH architecture check
56591804b docs: Improve snap build instructions
cb2b30970 snap: Build using destructive mode
60823abb9 docs: Move snap README
af2ef3f7a agent-ctl: introduce handle for iptables get/set
65f0cef16 kata-runtime: add iptables CLI to test http endpoint
3201ad083 shim-client: ensure we check resp status for Put/Post
0706fb28a kata-runtime: shmgmt: make url usage consistent
2a09378dd shim-client: add support for DoPut
640173cfc shim-mgmt: Add endpoint handler for interacting with iptables
0136be22c virtcontainers: plumb iptable set/get from sandbox to agent
bd50d463b agent: iptables: get/set handling for iptables
03176a9e0 proto: update generated code based on proto update
38ebbc705 proto: update to add set/get iptables
78d45b434 agent: return mount file content if parse mountinfo failed
2e04833fb docs: Update Intel QAT documentation links
7c4049aab osbuilder: add iptables package
648b8d0ae runk: Return error when tty is used without console socket
5205efd9b runk: Add Podman guide in README
590381574 agent: Pass standard I/O to container launched by runk
c7b3941c9 runk: Enable test for the agent built with standard-oci-runtime feature
6dbce7c3d agent: Remove unused import in console test
d862ca059 runk: Handle rootfs path in config.json properly
c95ba63c0 docs: Remove information related to Kata 1.x
34b80382b docs: Get rid of note related to networking.
dfad5728a docs: Mention --cni flag while invoking ctr
fff832874 clh: Update to v24.0
49361749e snap: Build and package rust version of virtiofsd
27d903b76 snap: Put the yq binary in the staging bin directory
d7b4ce049 snap: Remove unused variable
43de5440e snap: Fix unbound variable error
c9b291509 snap: Fix whitespace
122a85e22 agent: remove bin oci-kata-agent
35619b45a runk: merge oci-kata-agent into runk
10c13d719 qemu: remove virtiofsd option in qemu config
d20bc5a4d virtiofsd: build rust based virtiofsd from source for non-x86_64
8e7c5975c agent: fix direct-assigned volume stats
4428ceae1 runtime: direct-volume stats use correct name
ffdc065b4 runtime: direct-volume stats update to use GET parameter
f29595318 runtime: fix incorrect Action function for direct-volume stats
2a1d39414 runtime: Adding the correct detection of mediated PCIe devices
ce2e521a0 runtime: remove duplicate 'types' import
7a5ccd126 runtime: sync docstrings with function names
834f93ce8 docs: fix annotations example
f4994e486 runtime: allow annotation configuration to use_legacy_serial
c67b9d297 qemu: allow using legacy serial device for the console
44814dce1 qemu: treat console kernel params within appendConsole
24a2b0f6a docs: Remove clear containers reference in README
8052fe62f runtime: do not check for EOF error in console watcher
abad33eba kernel: Remove nemu.conf from packaging
e87eb13c4 tools: delete unused param from get_from_kata_deps callers
4b437d91f agent: Fix is_signal_handled failing parsing str to u64
e73b70baf runtime: Don't run unit tests verbose by default
f24a6e761 runtime: Consolidate flags setting in unit tests script
cf465feb0 runtime: Don't change test behaviour based on $CI or $KATA_DEV_MODE
34c4ac599 runtime: Remove redundant subcommands from go-test.sh
0aff5aaa3 runtime: Simplify package listing in go-test.sh
557c4cfd0 runtime: Don't chmod coverage files in Go tests
04c8b52e0 runtime: Remove HTML coverage option from go-test.sh
7f7691442 runtime: Add coverage.txt.tmp to gitignore
13c257700 runtime: Move go testing script locally
4f586d2a9 packaging: Add kernel config option for SGX in Gramine
7bc4ab68c ci: Don't run Docs URL Alive Check workflow on forks
b4b9068cb tools: Add QEMU patches for SGX numa support
88fb9b72e docs: Update runc containerd runtime
a475956ab workflows: Add support for building virtiofsd
71f59f3a7 local-build: Add support for building virtiofsd
c7ac55b6d dockerbuild: Install unzip
8e2042d05 tools: add script to pull virtiofsd
dbedea508 versions: Add virtiofsd entry
421064680 doc: Update log parser link
271933fec log-parser: fix some of the documentation
c7dacb121 log-parser: move the kata-log-parser from the tests repo
82ea01828 versions: Upgrade to Cloud Hypervisor v23.1
383be2203 agent: Add a macro to skip a loop easier
97d7b1845 runk: use custom Kill command to support --all option
475e3bf38 agent: add test coverage for functions find_process and online_resources
4a1e13bd8 rustjail: Add tests for hook_grpc_to_oci
9b863b0e0 release: Kata Containers 2.5.0-alpha1
70eda2fa6 agent: watchers: ensure uid/gid is preserved on copy/mkdir
33a8b7055 clh: Rely on Cloud Hypervisor for generating the device ID
81f6b4862 agent: add tests for create_logger_task function
7772f7dd9 runk: set BinaryName for runk for containerd
b221a2590 tools: Add runk
2c218a07b agent: Modify Kata agent for runk
b0e439cb6 rustjail: add tests for parse_mount_table
b975f2e8d Virtcontainers: Enable hot plugging vhost-user-blk device on ARM
7ffe5a16f docs: Direct-assigned volume design
081f6de87 versions: change qemu tdx url and tag
dd4bd7f47 doc: Added initial doc update for NV GPUs
666aee54d docs: Add VSOCK localhost example for agent-ctl
86d348e06 docs: Use VM term in agent-ctl doc
4b9b62bb3 agent-ctl: Fix abstract socket connections
b6467ddd7 clh: Expose disk rate limiter config
7580bb5a7 clh: Expose net rate limiter config
a88adabaa clh: Cloud Hypervisor has a built-in Rate Limiter
63c4da03a clh: Implement the Disk RateLimiter logic
511f7f822 config: Add DiskRateLimiter* to Cloud Hypervisor
5b18575df hypervisor: Add disk bandwidth and operations rate limiters
1cf946929 clh: Implement the Network RateLimiter logic
00a5b1bda utils: Define DefaultRateLimiterRefillTimeMilliSecs
be1bb7e39 utils: Move FC's function to revert bytes to utils
c9f6496d6 config: Add NetRateLimiter* to Cloud Hypervisor
2d35e6066 hypervisor: Add network bandwidth and operations rate limiters
ccb018393 kata-deploy: Add support to RKE2
9d39362e3 kata-deploy: Reestructure the installing section
18d27f794 kata-deploy: Add a missing $ prefix in the README
6948b4b36 docs: Update containerd link to installation guide
832c33d5b docs: remove pc machine type supports
1cad3a469 agent/random: Ensure data.len > 0
33c953ace agent: Add test_ressed_rng_not_root
39a35b693 agent: Add test to random::reseed_rng()
d8f39fb26 agent/random: Rename RNDRESEEDRNG to RNDRESEEDCRNG
4b9e78b83 rustjail: Add tests for mount_grpc_to_oci
b658dccc5 tools: fix typo in clh directory name
afbd60da2 packaging: Fix clh build from source fall-back
1b931f420 runtime: Allock mockfs storage to be placed in any directory
ef6d54a78 runtime: Let MockFSInit create a mock fs driver at any path
5d8438e93 runtime: Move mockfs control global into mockfs.go
963d03ea8 runtime: Export StoragePathSuffix
1719a8b49 runtime: Don't abuse MockStorageRootPath() for factory tests
bec59f9e3 runtime: Make bind mount tests better clean up after themselves
f7ba21c86 runtime: Clean up mock hook logs in tests
90b2f5b77 runtime: Make SetupOCIConfigFile clean up after itself
2eeb5dc22 runtime: Don't use fixed /tmp/mountPoint path
f385b21b0 rustjail: add tests for mount_from function
96bc3ec2e rustjail: Add tests for hooks_grpc_to_oci
023950278 agent: modify the type of swappiness to u64
0ad89ebd7 safe-path: add more unit test cases
b63774ec6 libs/safe-path: add crate to safely resolve fs paths
0e7f1a5e3 agent: move assert_result macro to test_utils file
2256bcb6a rustjail: Add tests for root_grpc_to_oci
9b6f24b2e agent: add tests for mount_to_rootfs function
9c22d9554 agent: add tests for update_container_namespaces
c3776b179 agent: add tests for is_signal_handled function
29e569aa9 virtcontainers: clh: Re-generate the client code
6012c1970 versions: Upgrade to Cloud Hypervisor v23.0
aabcebbf5 agent: best-effort removing mount point
d136c9c24 test: Fix golangci-lint error for s390x
92c00c7e8 agent: fsGroup support for direct-assigned volume
532d53977 runtime: fsGroup support for direct-assigned volume
6a47b82c8 proto: fsGroup support for direct-assigned volume
7b2ff0264 kata-monitor: add a README file
86977ff78 kata-monitor: update the hrefs in the debug/pprof index page
354cd3b9b runtime: Base64 encode the direct volume mountInfo path
6e79042aa runtime: no need to write virtiofsd error to log
f8cc5d1ad kata-monitor: add some links when generating pages for browsers
78f30c33c agent: Avoid agent panic when reading empty stats
6e9e4e8ce docs: Update link to contributions guide
9d5e7ee0d agent: add tests for mount_storage
1118a3d2d agent: add test coverage for parse_mount_flags_and_options function
485aeabb6 agent: add tests for do_write_stream function
9d5b03a1b runtime: delete debug option in virtiofsd
c31cd0e81 rustjail: add test coverage for process_grpc_to_oci function
eff7c7e0f agent: Allow the agent to be rebuilt with the change of Cargo features
962d05ec8 protocols: add src/csi.rs to .gitignore
a2f5c1768 runtime/virtcontainers: Pass the hugepages resources to agent
4405b188e docs: Add a firecracker installation guide
ff17c756d runtime: Allow and require no initrd for SE
59c7165ee test: use T.TempDir to create temporary test directory
98750d792 clh: Expose service offload configuration
c9e24433d release: Kata Containers 2.5.0-alpha0
0d5f80b80 versions: Bump firecracker to v0.23.4
800e4a9cf agent: use ms as unit of cputime instead of ticks
0d765bd08 agent: fix container stop error with signal SIGRTMIN+3
9e4ca0c4f doc: Improve kata-deploy README.md by changing sh blocks to bash blocks
2b91dcfee docs: Remove kata-proxy reference
a63bbf979 kata-monitor: fix duplicated output when printing usage
5e1c30d48 runtime: add logs around sandbox monitor
fb8be9619 runtime: stop getting OOM events when ttrpc: closed error
a779e19be tools/packaging: Fix error path in 'kata-deploy-binaries.sh -s'
0baebd2b3 tools/packaging: Fix usage of kata-deploy-binaries.sh
93d03cc06 kata-deploy: fix version bump from -rc to stable
3606923ac workflows,release: Ship all the rust vendored code
2eb07455d tools: Add a generate_vendor.sh script
ecf71d6dd docs: Remove VPP documentation
66f05c5bc runtime: Remove the explicit VirtioMem set and fix the comment
154c8b03d tools/packaging/kata-deploy: Copy install_yq.sh in a dedicated script
1ed7da8fc packaging: Eliminate TTY_OPT and NO_TTY variables in kata-deploy
bad859d2f tools/packaging/kata-deploy/local-build: Add build to gitignore
a93140237 docs: Remove kata-proxy references in documentation
0928eb9f4 agent: Kill the all the container processes of the same cgroup
19f372b5f runtime: Add more debug logs for container io stream copy
c27963276 osbuilder/qat: don't pull kata sources if exist
774348641 docs: fix markdown issues in how-to-run-docker-with-kata.md
459f4bfed osbuilder/qat: use centos as base OS
9a5b47706 docs: Update vcpu handling document
32131cb8b Agent: fix unneeded late initialization lint
ebec6903b static-build,clh: Add the ability to build from a PR
c77e34de3 runtime: Move mock hook source
86723b51a virtcontainers: Remove unused install/uninstall targets
0e83c95fa virtcontainers: Run mock hook from build tree rather than system bin dir
e65db838f virtcontainers: Remove VC_BIN_DIR
c20ad2836 virtcontainers: Remove unused Makefile defines
c776bdf4a virtcontainers: Remove unused parameter from go-test.sh
168fadf1d ci: Weekly check whether the docs url is alive
72f7e9e30 osbuilder: Multistrap Ubuntu
df511bf17 packaging: Enable cross-building agent
0a313eda1 osbuilder: Fix use of LIBC in rootfs.sh
2c86b956f osbuilder: Simplify Rust installation
0072cc2b6 osbuilder: Remove musl installations
5c3e55362 osbuilder: apk add --no-cache
efa19c41e device: use const strings for block-driver option instead of hard coding
24b29310b doc: update Intel SGX use cases document
18d4d7fb1 tools: update QEMU to 6.2
62351637d action: Update link for format patch documentation
aa5ae6b17 runtime: Properly handle ESRCH error when signaling container
5c434270d docs: Update k8s documentation
92ce5e2dc rustjail: optimization, merged several writelns into one
dacf6e395 doc: fix filename typo
7a18e32fa versions: Upgrade to Cloud Hypervisor v22.1
be12baf3c manager: Change here documents to use standard delimiter
9576a7da5 manager: Add options to change self test behaviour
d4d65bed3 manager: Add option to enable component debug
019da91d7 manager: Whitespace fix
d234cb76b manager: Create containerd link
5d6d39be4 scripts: Change here document delimiters
c088a3f3a agent: add tests for get_memory_info function
4b1e2f527 CI: Update GHA secret name
4adf93ef2 tools: release: Do not consider release candidates as stable releases
5ec7592df kernel: fix cve-2022-0847
ffdf961ae docs: Update contact link in runtime README
42e35505b agent: Verify that we allocated as many hugepages as we need
608e003ab agent: Don't attempt to create directories for hugepage configuration
6a850899c CI: Create GHA to add PR sizing label
2b41d275a release: Revert kata-deploy changes after 2.4.0-rc0 release
Compatibility with CRI-O
Kata Containers 2.5.0 is compatible with CRI-O
Compatibility with containerd
Kata Containers 2.5.0 is compatible with contaienrd v1.5.2
OCI Runtime Specification
Kata Containers 2.5.0 support the OCI Runtime Specification v1.0.0-rc5
Compatibility with Kubernetes
Kata Containers 2.5.0 is compatible with Kubernetes 1.23.1-00
Libseccomp Notices
The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.
The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.
If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.
Kata Linux Containers image
Agent version: 2.5.0
Default Image Guest OS:
description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"
Default Initrd Guest OS:
description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
Do not use Alpine on ppc64le & s390x, the agent cannot use musl because
there is no such Rust target
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"
Kata Linux Containers Kernel
Kata Containers 2.5.0 suggest to use the Linux kernel v5.15.48
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config
Installation
Follow the Kata installation instructions.
Issues & limitations
More information Limitations
Published by bergwolf about 2 years ago
kata-containers Changes
The biggest highlights of the first 3.0 alpha release are the addition of a rustified
runtime and the integrated rust hypervisor (dragonball), contributed by engineers from
Alibaba Cloud and Ant Group. The new runtime will further improve Kata's resource
comsumption, speed, and management simplicity. It is still an on-going work and we
expect it to stablize and mature in the coming few months.
Other new changes include:
- A new safe-path library to handle path calculation safely for rust components
- A few new subcommands of runk
- Support host cgroup v2
- Support drop-in config files
- Quite a few dependency updates and bugfixes etc.
Shortlog
3e9077f6e docs: Update url in containerd documentation
52133ef66 release: Kata Containers 3.0.0-alpha0
c280d6965 runtime-rs: delete route model
caada34f1 runtime-rs: fix design doc's typo
b61dda40b docs: use curl as default downloader for runtime-rs
ca9d16e5e runtime-rs: update Cargo.lock
99a7b4f3e workflow: Revert "static-checks: Allow Merge commit to be >75 chars"
d14e80e9f workflow: Revert "docs: modify move-issues-to-in-progress.yaml"
1f4b6e646 versions: Update libseccomp version
b82819015 Merge pull request #4823 from openanolis/runtime-rs-merge-main-runtime-rs
f791169ef Merge pull request #4826 from openanolis/runtime-rs-version
8bbffc42c runtime-rs:update rtnetlink version
e40383813 runtim-rs: Merge remote-tracking branch 'origin/main' into runtime-rs
931251105 Merge pull request #4817 from openanolis/runtime-rs-s390x-fail
389ae9702 runtime-rs:skip the test when the arch is s390x
945e02227 runtime-rs:skip the build process when the arch is s390x
8b0e1859c Merge pull request #4784 from openanolis/fix-protocol-ci-err
b337390c2 Merge pull request #4791 from openanolis/runtime-rs-merge-main-1
7247575fa runtime-rs:fix cargo clippy
9803393f2 runtime-rs: Merge branch 'main' into runtime-rs-merge-main-1
86ac653ba libs: fix CI error for protocols
993ae2408 Merge pull request #4777 from openanolis/runtime-rs-merge
adfad44ef Merge remote-tracking branch 'origin/main' into runtime-rs-merge-tmp
5457deb03 Merge pull request #4741 from openanolis/fix-stop-failed-in-azure
fa0b11fc5 runtime-rs: fix stdin hang in azure
50b0b7cc1 Merge pull request #4681 from Tim-0731-Hzt/runtime-rs-sharepid
129335714 Merge pull request #4727 from openanolis/anolis-fix-network
71384b60f Merge pull request #4713 from openanolis/adjust_default_vcpu
b3147411e runtime-rs:add unit test for set share pid ns
1ef3f8eac runtime-rs: set share sandbox pid namespace
57c556a80 runtime-rs: fix stop failed in azure
3f4dd92c2 Merge pull request #4702 from openanolis/runtime-rs-endpoint-dev
a3127a03f Merge pull request #4721 from openanolis/install-guide-2
c825065b2 runtime-rs: fix tc filter setup failed
e0194dcb5 runtime-rs: update route destination with prefix
534a4920b Merge pull request #4692 from openanolis/support_disable_guest_seccomp
fa85fd584 docs: add rust environment setup for kata 3.0
896478c92 runtime-rs: add functionalities support for macvlan and vlan endpoints
43045be8d runtime-rs: handle default_vcpus greator than default_maxvcpu
54f53d57e runtime-rs: support disable_guest_seccomp
540303880 Merge pull request #4688 from quanweiZhou/fix_sandbox_cgroup_false
7c146a5d9 Merge pull request #4684 from quanweiZhou/fix-ctr-exit-error
08a658167 Merge pull request #4662 from openanolis/runtime-rs-user-manaul
4331ef80d Runtime-rs: add installation guide for rust-runtime
4c3bd6b1d Merge pull request #4656 from openanolis/runtime-rs-ipvlan
960f2a7f7 Merge pull request #4678 from Tim-0731-Hzt/runtime-rs-makefile-2
e9988f0c6 runtime-rs: fix sandbox_cgroup_only=false panic
cebbebbe8 runtime-rs: fix ctr exit failed
758cc47b3 Merge pull request #4671 from liubin/4670-upgrade-nix
25be4d00f Merge pull request #4676 from openanolis/xuejun/runtime-rs
62182db64 runtime-rs: add unit test for ipvlan endpoint
99654ce69 runtime-rs: update dbs-xxx dependencies
f4c3adf59 runtime-rs: Add compile option file
545ae3f0e runtime-rs: fix warning
19eca71cd runtime-rs: remove the value of hypervisor path in DB config
d8920b00c runtime-rs: support functionalities of ipvlan endpoint
2b01e9ba4 dragonball: fix warning
996a6b80b kata-sys-util: upgrade nix version
9f49f7adc Merge pull request #4493 from openanolis/runtime-rs-dev
3c989521b dragonball: update for review
274598ae5 kata-runtime: add dragonball config check support.
1befbe673 runtime-rs: Cargo lock for fix version problem
3d6156f6e runtime-rs: support dragonball and runtime-binary
3f6123b4d libs: update configuration and annotations
f3335c99c Merge pull request #4614 from Tim-0731-Hzt/runtime-rs-merge-main
b424cf3c9 Merge pull request #4544 from openanolis/anolis/virtio_device_aarch64
d2584991e dragonball: fix dependency unused warning
458f6f42f dragonball: use const string for legacy device type
58b0fc479 Merge pull request #4192 from Tim-0731-Hzt/runtime-rs
0826a2157 Merge remote-tracking branch 'origin/main' into runtime-rs-1
939959e72 docs: add Dragonball to hypervisors
f6f96b8fe dragonball: add legacy device support for aarch64
7a4183980 dragonball: add device info support for aarch64
30da3fb95 Merge pull request #4515 from openanolis/anolis/dragonball-3
9cee52153 fmt: do cargo fmt and add a dependency for blk_dev
47a4142e0 fs: change vhostuser and virtio into const
e14e98bbe cpu_topo: add handle_cpu_topology function
5d3b53ee7 downtime: add downtime support
6a1fe85f1 vfio: add vfio as TODO
5ea35ddcd refractor: remove redundant by_id
b646d7cb3 config: remove ht_enabled
cb54ac6c6 memory: remove reserve_memory_bytes
bde6609b9 hotplug: add room for other hotplug solution
d88b1bf01 dragonball: update vsock dependency
dd003ebe0 Dragonball: change error name and fix compile error
38957fe00 UT: fix compile error in unit tests
11b3f9514 dragonball: add virtio-fs device support
948381bdb dragonball: add virtio-net device support
3d20387a2 dragonball: add virtio-blk device support
87d38ae49 Doc: add document for Dragonball API
2bb1eeaec docs: further questions related to upcall
026aaeecc docs: add FAQ to the report
fffcb8165 docs: update the content of the report
42ea854eb docs: kata 3.0 Architecture
090de2dae dragonball: fix the clippy errors.
a1593322b dragonball: add vsock api to api server
89b9ba860 dragonball: add set_vm_configuration api
95fa0c70c dragonball: add start microvm support
5c1ccc376 dragonball: add Vmm struct
4d234f574 dragonball: refactor code layout
cfd5dae47 dragonball: add vm struct
527b73a8e dragonball: remove unused feature in AddressSpaceMgr
514b4e723 Merge pull request #4543 from openanolis/anolis/add_vcpu_configure_aarch64
7120afe4e dragonball: add vcpu test function for aarch64
648d285a2 dragonball: add vcpu support for aarch64
7dad7c89f dragonball: update dbs-xxx dependency
59cab9e83 Merge pull request #4380 from Tim-0731-Hzt/rund/makefile
18093251e Merge pull request #4527 from Tim-0731-Hzt/rund-new/netlink
07231b2f3 runtime-rs:refactor network model with netlink
c8a905206 build: format files
242992e3d build: put install methods in utils.mk
8a697268d build: makefile for dragonball config
9c526292e runtime-rs:refactor network model with netlink
12c1b9e6d Merge pull request #4536 from Tim-0731-Hzt/runtime-rs-kata-main
f3907aa12 runtime-rs:Merge remote-tracking branch 'origin/main' into runtime-rs-newv
badbbcd8b Merge pull request #4400 from openanolis/anolis/dragonball-2
71db2dd5b hotplug: add room for future acpi hotplug mechanism
8bb00a3dc dragonball: fix a bug when generating kernel boot args
2aedd4d12 doc: add document for vCPU, api and device
bec22ad01 dragonball: add api module
07f44c3e0 dragonball: add vcpu manager
78c971875 dragonball: add upcall support
7d1953b52 dragonball: add vcpu
468c73b3c dragonball: add kvm context
98f041ed8 Merge pull request #4486 from openanolis/runtime-rs-merge-main
86123f49f Merge branch 'main' into runtime-rs
e89e6507a dragonball: add signal handler
b6cb2c4ae dragonball: add metrics system
e80e0c464 dragonball: add io manager wrapper
f23d7092e Merge pull request #4265 from openanolis/anolis/dragonball-1
d5ee3fc85 safe-path: fix clippy warning
93c10dfd8 runtime-rs: add crosvm license in Dragonball
dfe6de771 dragonball: add dragonball into kata README
39ff85d61 dragonball: green ci
71f24d827 dragonball: add Makefile.
a1df6d096 Doc: Update Dragonball Readme and add document for device
8619f2b3d dragonball: add virtio vsock device manager.
52d42af63 dragonball: add device manager.
c1c1e5152 dragonball: add kernel config.
6850ef99a dragonball: add configuration manager.
0bcb422fc dragonball: add legacy devices manager
3c45c0715 dragonball: add console manager.
3d38bb300 dragonball: add address space manager.
aff604055 dragonball: add resource manager support.
8835db6b0 dragonball: initial commit
9cb15ab4c agent: add the FSGroup support
ff7874bc2 protobuf: upgrade the protobuf version to 2.27.0
06f398a34 runtime-rs: use withContext to evaluate lazily
fd4c26f9c runtime-rs: support network resource
4be7185aa runtime-rs: runtime part implement
10343b1f3 runtime-rs: enhance runtimes
9887272db libs: enhance kata-sys-util and kata-types
3ff0db05a runtime-rs: support rootfs volume for resource
234d7bca0 runtime-rs: support cgroup resource
75e282b4c runtime-rs: hypervisor base define
bdfee005f runtime-rs: service and runtime framework
4296e3069 runtime-rs: agent implements
d3da156ee runtime-rs: uint FsType for s390x
e705ee07c runtime-rs: update containerd-shim-protos to 0.2.0
8c0a60e19 runtime-rs: modify the review suggestion
278f843f9 runtime-rs: shim implements for runtime-rs
641b73610 libs: enhance kata-sys-util
69ba1ae9e trans: fix the issue of wrong swapness type
d2a9bc667 agent: agent-protocol support async
aee9633ce libs/sys-util: provide functions to execute hooks
8509de0ae libs/sys-util: add function to detect and update K8s emptyDir volume
6d59e8e19 libs/sys-util: introduce function to get device id
5300ea23a libs/sys-util: implement reflink_copy()
1d5c898d7 libs/sys-util: add utilities to parse NUMA information
87887026f libs/sys-util: add utilities to manipulate cgroup
ccd03e2ca libs/sys-util: add wrappers for mount and fs
45a00b4f0 libs/sys-util: add kata-sys-util crate under src/libs
48c201a1a libs/types: make the variable name easier to understand
b9b6d70aa libs/types: modify implementation details
05ad026fc libs/types: fix implementation details
d96716b4d libs/types:fix styles and implementation details
6cffd943b libs/types:return Result to handle parse error
6ae87d9d6 libs/types: use contains to make code more readable
45e5780e7 libs/types: fixed spelling and grammer error
2599a06a5 libs/types:use include_str! in test file
8ffff40af libs/types:Option type to handle empty tomlconfig
626828696 libs/types: add license for test-config.rs
97d8c6c0f docs: modify move-issues-to-in-progress.yaml
8cdd70f6c libs/types: change method to update config by annotation
e19d04719 libs/types: implement KataConfig to wrap TomlConfig
387ffa914 libs/types: support load Kata agent configuration from file
69f10afb7 libs/types: support load Kata hypervisor configuration from file
21cc02d72 libs/types: support load Kata runtime configuration from file
5b89c1df2 libs/types: add kata-types crate under src/libs
4f62a7618 libs/logging: fix clippy warnings
6f8acb94c libs: refine Makefile rules
7cdee4980 libs/logging: introduce a wrapper writer for logging
426f38de9 libs/logging: implement rotator for log files
392f1ecdf libs: convert to a cargo workspace
575df4dc4 static-checks: Allow Merge commit to be >75 chars
2ae807fd2 nydus: wait nydusd API server ready before mounting share fs
8a4e69008 versions: Update TD-shim due to build breakage
065305f4a agent-ctl: Add an empty [workspace]
1444d7ce4 packaging: Create no_patches.txt for the SPR-BKC-PC-v9.6.x
c8d4ea84e docs: Improve SGX documentation
85f4e7caf runtime: explicitly mark the source of the log is from qemu.log
d8ad16a34 runtime: add unlock before return in sendReq
889557ecb docs: add back host network limitation
230a22905 runk: add ps sub-command
e40383813 runtim-rs: Merge remote-tracking branch 'origin/main' into runtime-rs
587c0c5e5 Merge pull request #4820 from cmaf/sgx-update-docs-1
c5452faec docs: Improve SGX documentation
2764bd752 Merge pull request #4770 from justxuewei/refactor/agent/netlink-neighbor
578121124 Merge pull request #4805 from fidencio/topic/bump-tdx-dependencies
869e40851 Merge pull request #4810 from fidencio/topic/adjust-final-tarball-location-for-tdvf-and-td-shim
8d1cb1d51 td-shim: Adjust final tarball location
62f05d4b4 ovmf: Adjust final tarball location
9972487f6 versions: Bump Kernel TDX version
c9358155a kernel: Sort the TDX configs alphabetically
dd397ff1b versions: Bump QEMU TDX version
873e75b91 Merge pull request #4773 from fidencio/topic/build-tdvf
c9b5bde30 versions: Track and build TDVF
e6a5a5106 packaging: Generate a tarball as OVMF build result
42eaf19b4 packaging: Simplify OVMF repo clone
4d33b0541 packaging: Don't hardcode "edk2" as the cloned repo's dir.
81fe51ab0 agent: fix unittests for arp neighbors
845c1c03c agent: use rtnetlink's neighbours API to add neighbors
8bbffc42c runtime-rs:update rtnetlink version
587c0c5e5 Merge pull request #4820 from cmaf/sgx-update-docs-1
c5452faec docs: Improve SGX documentation
2764bd752 Merge pull request #4770 from justxuewei/refactor/agent/netlink-neighbor
578121124 Merge pull request #4805 from fidencio/topic/bump-tdx-dependencies
869e40851 Merge pull request #4810 from fidencio/topic/adjust-final-tarball-location-for-tdvf-and-td-shim
8d1cb1d51 td-shim: Adjust final tarball location
62f05d4b4 ovmf: Adjust final tarball location
9972487f6 versions: Bump Kernel TDX version
c9358155a kernel: Sort the TDX configs alphabetically
dd397ff1b versions: Bump QEMU TDX version
873e75b91 Merge pull request #4773 from fidencio/topic/build-tdvf
c9b5bde30 versions: Track and build TDVF
e6a5a5106 packaging: Generate a tarball as OVMF build result
42eaf19b4 packaging: Simplify OVMF repo clone
4d33b0541 packaging: Don't hardcode "edk2" as the cloned repo's dir.
81fe51ab0 agent: fix unittests for arp neighbors
845c1c03c agent: use rtnetlink's neighbours API to add neighbors
389ae9702 runtime-rs:skip the test when the arch is s390x
945e02227 runtime-rs:skip the build process when the arch is s390x
c5452faec docs: Improve SGX documentation
81fe51ab0 agent: fix unittests for arp neighbors
845c1c03c agent: use rtnetlink's neighbours API to add neighbors
9972487f6 versions: Bump Kernel TDX version
c9358155a kernel: Sort the TDX configs alphabetically
dd397ff1b versions: Bump QEMU TDX version
8d1cb1d51 td-shim: Adjust final tarball location
62f05d4b4 ovmf: Adjust final tarball location
86ac653ba libs: fix CI error for protocols
7247575fa runtime-rs:fix cargo clippy
9803393f2 runtime-rs: Merge branch 'main' into runtime-rs-merge-main-1
7503bdab6 Merge pull request #4783 from fidencio/topic/build-td-shim
b06bc8228 versions: Track and add support for building TD-shim
8d9135a7c Merge pull request #4765 from ryansavino/ccv0-rust-upgrade
9b1940e93 versions: update rust version
c9b5bde30 versions: Track and build TDVF
e6a5a5106 packaging: Generate a tarball as OVMF build result
42eaf19b4 packaging: Simplify OVMF repo clone
4d33b0541 packaging: Don't hardcode "edk2" as the cloned repo's dir.
7503bdab6 Merge pull request #4783 from fidencio/topic/build-td-shim
b06bc8228 versions: Track and add support for building TD-shim
8d9135a7c Merge pull request #4765 from ryansavino/ccv0-rust-upgrade
9b1940e93 versions: update rust version
b06bc8228 versions: Track and add support for building TD-shim
9b1940e93 versions: update rust version
adfad44ef Merge remote-tracking branch 'origin/main' into runtime-rs-merge-tmp
0aefab4d8 Merge pull request #4739 from liubin/fix/4738-trace-rpc-calls
54147db92 Merge pull request #4170 from Alex-Carter01/build-amdsev-ovmf
638c2c416 static-build: Add AmdSev option for OVMF builder Introduces new build of firmware needed for SEV
f0b58e38d static-build: Add build script for OVMF
a67402cc1 Merge pull request #4397 from yaoyinnan/3073/ftr/host-cgroupv2
229ff29c0 Merge pull request #4758 from GabyCT/topic/updaterunc
5c3155f7e runtime: Support for host cgroup v2
4ab45e5c9 docs: Update support for host cgroupv2
9dfd949f2 Merge pull request #4646 from amshinde/add-liburing-qemu
326eb2f91 versions: Update runc version
557229c39 Merge pull request #4724 from yahaa/fix-docs
1b01ea53d Merge pull request #4735 from nubificus/feature-fc-v1.1
27c82018d Merge pull request #4753 from Tim-Zhang/agent-fix-stream-fd-double-close
6fddf031d Merge pull request #4664 from lifupan/main
f5aa6ae46 agent: Fix stream fd's double close problem
6e149b43f Docs: fix tables format error
56d49b507 versions: Update Firecracker version to v1.1.0
0e24f47a4 agent: log RPC calls for debugging
e764a726a Merge pull request #4715 from Tim-Zhang/fix-ut-test_do_write_stream
427b29454 Merge pull request #4709 from liubin/fix/4708-unwrap-error
033737783 Merge pull request #4695 from liubin/4694/upgrade-nydus-version
0b4a91ec1 Merge pull request #4644 from bookinabox/optimize-get-paths
68c265587 Merge pull request #4718 from GabyCT/topic/updatefirecrackerversion
df79c8fe1 versions: Update firecracker version
912641509 agent: fix fd-double-close problem in ut test_do_write_stream
0d7cb7eb1 agent: delete agent-type property in announce
eec9ac81e rustjail: check result to let it return early.
402bfa0ce nydus: upgrade nydus/nydus-snapshotter version
6d56cdb9a Merge pull request #4686 from xujunjie-cover/issue4685
72dbd1fcb kata-monitor: fix can't monitor /run/vc/sbs.
f690b0aad qemu: Add liburing to qemu build
d93e4b939 container: kill all of the processes in this container
575b5eb5f Merge pull request #4506 from cyyzero/runk-exec
9ae2a45b3 cgroups: remove unnecessary get_paths()
0cc20f014 Merge pull request #4647 from fidencio/topic/fix-clh-crash-when-booting-up-with-no-network-device
418a03a12 Merge pull request #4639 from fidencio/topic/packaging-rework-qemu-build-suffix
be31207f6 clh: Don't crash if no network device is set by the upper layer
39974fbac Merge pull request #4642 from fidencio/topic/clh-bump-to-v25.0-release
051181249 packaging: Add a "-" in the dir name if $BUILD_DIR is available
dc3b6f659 versions: Update Cloud Hypervisor to v25.0
201ff223f packaging: Use the $BUILD_SUFFIX when renaming the qemu binary
9f0e4bb77 Merge pull request #4628 from fidencio/topic/rework-tee-kernel-builds
cda1919a0 Merge pull request #4609 from fidencio/topic/kata-deploy-simplify-config-path-handling
1a25afcdf kernel: Allow passing the URL to download the tarball
0024b8d10 Merge pull request #4617 from Yuan-Zhuo/main
80c68b80a kernel: Deduplicate code used for building TEE kernels
f7ccf92dc kata-deploy: Rely on the configured config path
386a523a0 kata-deploy: Pass the config path to CRI-O
13df57c39 build: save lines for repository_owner check
f59939a31 runk: Support exec sub-command
0aefab4d8 Merge pull request #4739 from liubin/fix/4738-trace-rpc-calls
54147db92 Merge pull request #4170 from Alex-Carter01/build-amdsev-ovmf
638c2c416 static-build: Add AmdSev option for OVMF builder Introduces new build of firmware needed for SEV
f0b58e38d static-build: Add build script for OVMF
a67402cc1 Merge pull request #4397 from yaoyinnan/3073/ftr/host-cgroupv2
229ff29c0 Merge pull request #4758 from GabyCT/topic/updaterunc
5c3155f7e runtime: Support for host cgroup v2
4ab45e5c9 docs: Update support for host cgroupv2
9dfd949f2 Merge pull request #4646 from amshinde/add-liburing-qemu
326eb2f91 versions: Update runc version
557229c39 Merge pull request #4724 from yahaa/fix-docs
1b01ea53d Merge pull request #4735 from nubificus/feature-fc-v1.1
27c82018d Merge pull request #4753 from Tim-Zhang/agent-fix-stream-fd-double-close
6fddf031d Merge pull request #4664 from lifupan/main
f5aa6ae46 agent: Fix stream fd's double close problem
6e149b43f Docs: fix tables format error
56d49b507 versions: Update Firecracker version to v1.1.0
0e24f47a4 agent: log RPC calls for debugging
e764a726a Merge pull request #4715 from Tim-Zhang/fix-ut-test_do_write_stream
427b29454 Merge pull request #4709 from liubin/fix/4708-unwrap-error
033737783 Merge pull request #4695 from liubin/4694/upgrade-nydus-version
0b4a91ec1 Merge pull request #4644 from bookinabox/optimize-get-paths
68c265587 Merge pull request #4718 from GabyCT/topic/updatefirecrackerversion
df79c8fe1 versions: Update firecracker version
912641509 agent: fix fd-double-close problem in ut test_do_write_stream
0d7cb7eb1 agent: delete agent-type property in announce
eec9ac81e rustjail: check result to let it return early.
402bfa0ce nydus: upgrade nydus/nydus-snapshotter version
6d56cdb9a Merge pull request #4686 from xujunjie-cover/issue4685
72dbd1fcb kata-monitor: fix can't monitor /run/vc/sbs.
f690b0aad qemu: Add liburing to qemu build
d93e4b939 container: kill all of the processes in this container
575b5eb5f Merge pull request #4506 from cyyzero/runk-exec
9ae2a45b3 cgroups: remove unnecessary get_paths()
0cc20f014 Merge pull request #4647 from fidencio/topic/fix-clh-crash-when-booting-up-with-no-network-device
418a03a12 Merge pull request #4639 from fidencio/topic/packaging-rework-qemu-build-suffix
be31207f6 clh: Don't crash if no network device is set by the upper layer
39974fbac Merge pull request #4642 from fidencio/topic/clh-bump-to-v25.0-release
051181249 packaging: Add a "-" in the dir name if $BUILD_DIR is available
dc3b6f659 versions: Update Cloud Hypervisor to v25.0
201ff223f packaging: Use the $BUILD_SUFFIX when renaming the qemu binary
9f0e4bb77 Merge pull request #4628 from fidencio/topic/rework-tee-kernel-builds
cda1919a0 Merge pull request #4609 from fidencio/topic/kata-deploy-simplify-config-path-handling
1a25afcdf kernel: Allow passing the URL to download the tarball
0024b8d10 Merge pull request #4617 from Yuan-Zhuo/main
80c68b80a kernel: Deduplicate code used for building TEE kernels
f7ccf92dc kata-deploy: Rely on the configured config path
386a523a0 kata-deploy: Pass the config path to CRI-O
13df57c39 build: save lines for repository_owner check
f59939a31 runk: Support exec sub-command
0e24f47a4 agent: log RPC calls for debugging
fa0b11fc5 runtime-rs: fix stdin hang in azure
57c556a80 runtime-rs: fix stop failed in azure
638c2c416 static-build: Add AmdSev option for OVMF builder Introduces new build of firmware needed for SEV
f0b58e38d static-build: Add build script for OVMF
5c3155f7e runtime: Support for host cgroup v2
4ab45e5c9 docs: Update support for host cgroupv2
326eb2f91 versions: Update runc version
f690b0aad qemu: Add liburing to qemu build
b3147411e runtime-rs:add unit test for set share pid ns
1ef3f8eac runtime-rs: set share sandbox pid namespace
6e149b43f Docs: fix tables format error
56d49b507 versions: Update Firecracker version to v1.1.0
f5aa6ae46 agent: Fix stream fd's double close problem
d93e4b939 container: kill all of the processes in this container
c825065b2 runtime-rs: fix tc filter setup failed
e0194dcb5 runtime-rs: update route destination with prefix
43045be8d runtime-rs: handle default_vcpus greator than default_maxvcpu
912641509 agent: fix fd-double-close problem in ut test_do_write_stream
896478c92 runtime-rs: add functionalities support for macvlan and vlan endpoints
fa85fd584 docs: add rust environment setup for kata 3.0
0d7cb7eb1 agent: delete agent-type property in announce
eec9ac81e rustjail: check result to let it return early.
402bfa0ce nydus: upgrade nydus/nydus-snapshotter version
54f53d57e runtime-rs: support disable_guest_seccomp
9ae2a45b3 cgroups: remove unnecessary get_paths()
df79c8fe1 versions: Update firecracker version
72dbd1fcb kata-monitor: fix can't monitor /run/vc/sbs.
e9988f0c6 runtime-rs: fix sandbox_cgroup_only=false panic
cebbebbe8 runtime-rs: fix ctr exit failed
4331ef80d Runtime-rs: add installation guide for rust-runtime
62182db64 runtime-rs: add unit test for ipvlan endpoint
d8920b00c runtime-rs: support functionalities of ipvlan endpoint
19eca71cd runtime-rs: remove the value of hypervisor path in DB config
996a6b80b kata-sys-util: upgrade nix version
99654ce69 runtime-rs: update dbs-xxx dependencies
f4c3adf59 runtime-rs: Add compile option file
545ae3f0e runtime-rs: fix warning
2b01e9ba4 dragonball: fix warning
f59939a31 runk: Support exec sub-command
3c989521b dragonball: update for review
274598ae5 kata-runtime: add dragonball config check support.
1befbe673 runtime-rs: Cargo lock for fix version problem
3d6156f6e runtime-rs: support dragonball and runtime-binary
3f6123b4d libs: update configuration and annotations
be31207f6 clh: Don't crash if no network device is set by the upper layer
051181249 packaging: Add a "-" in the dir name if $BUILD_DIR is available
201ff223f packaging: Use the $BUILD_SUFFIX when renaming the qemu binary
dc3b6f659 versions: Update Cloud Hypervisor to v25.0
0826a2157 Merge remote-tracking branch 'origin/main' into runtime-rs-1
46fd7ce02 Merge pull request #4595 from amshinde/fix-clh-tarball-build
33360f171 Merge pull request #4600 from ManaSugi/fix/selinux-hypervisor-config
f36bc8bc5 Merge pull request #4616 from GabyCT/topic/updatecontainerddoc
57c2d8b74 docs: Update URL links for containerd documentation
e57a1c831 build: Mark git repos as safe for build
ee3f5558a Merge pull request #4606 from liubin/fix/4605-delete-cri-containerd-plugin
c09634dbc Merge pull request #4592 from fidencio/revert-kata-deploy-changes-after-2.5.0-rc0-release
2551924bd docs: delete CRI containerd plugin statement
bee791593 Merge pull request #4533 from bookinabox/simplify-nproc
efdb92366 build: Fix clh source build as normal user
0e40ecf38 tools/snap: simplify nproc
be68cf071 Merge pull request #4597 from bergwolf/github/action
4d89476c9 runtime: Fix DisableSelinux config
ac91fb7a1 Merge pull request #4591 from fidencio/2.5.0-rc0-branch-bump
3bafafec5 action: extend commit message line limit to 150 bytes
5010c643c release: Revert kata-deploy changes after 2.5.0-rc0 release
2d29791c1 release: Kata Containers 2.5.0-rc0
f4eea832a release: Adapt kata-deploy for 2.5.0-rc0
071dd4c79 Merge pull request #4109 from pmores/drop-in-cfg-files-support
d9e868f44 Merge pull request #4479 from quanweiZhou/enhance-get-handled-signal
b33ad7e57 Merge pull request #4574 from jelipo/fix-serde-serializing
018973828 Merge pull request #4576 from ManaSugi/fix/oci-poststart-hook
cd2d8c6fe Merge pull request #4580 from ManaSugi/fix/replace-libc-with-nix
a1de394e5 Merge pull request #4550 from liubin/fix/4548-overwrite-mount-type-for-bind-mount
44ec9684d Merge pull request #4573 from amshinde/unsafe-repo-runtime-shimv2
0ddb34a38 oci: fix serde skip serializing condition
fbb2e9bce agent: Replace some libc functions with nix ones
acd3302be agent: Run OCI poststart hooks after a container is launched
635fa543a Merge pull request #4560 from bookinabox/update-commit-message-check
1f363a386 runtime: overwrite mount type to bind for bind mounts
4e48509ed build: Set safe.directory for runtime repo
c29038a2e Merge pull request #4562 from ManaSugi/git-safe-repo
02a51e75a Merge pull request #4554 from liubin/fix/delete-not-used-console-from-container-config
aa561b49f Merge pull request #4540 from fidencio/topic/default_maxmemory
48ccd4233 ci: Set safe.directory against tests repository
2a4fbd6d8 agent: enhance get handled signal
433816cca ci/cd: update check-commit-message
2a94261df Merge pull request #4549 from liubin/fix/4419-set-status-if-wait-process-failed
1e12d5651 Merge pull request #4469 from egernst/config-validation-refactor
a5a25ed13 runtime: delete Console from Cmd type
96553e8bd runtime: Add documentation of drop-in config file fragments
c656457e9 runtime: Add tests of drop-in config file decoding
99f5ca80f runtime: Plug drop-in decoding into decodeConfig()
0f9856c46 runtime: Scan drop-in directory, read files and decode them
2c1efcc69 runtime: Add helpers to copy fields between tomlConfig instances
20f11877b runtime: Add framework to manipulate config structs via reflection
ab5f1c956 shim: set a non-zero return code if the wait process call failed.
e5be5cb08 runtime: device: cleanup outdated comments
5f936f268 virtcontainers: config validation is host specific
323271403 virtcontainers: Remove unused function
0939f5181 config: Expose default_maxmemory
58ff2bd5c clh,qemu: Adapt to using default_maxmemory
ad055235a Merge pull request #4547 from GabyCT/topic/removeunuseddocker
b2c038799 Merge pull request #4130 from surajssd/add-cgroup-driver-info
1a78c3df2 packaging: Remove unused kata docker configure script
afdc96042 hypervisor: Add default_maxmemory configuration
bdf5e5229 virtcontainers: validate hypervisor config outside of hypervisor itself
469e09854 katautils: don't do validation when loading hypervisor config
0e2459d13 docs: Add cgroupDriver for containerd
1a25afcdf kernel: Allow passing the URL to download the tarball
80c68b80a kernel: Deduplicate code used for building TEE kernels
d2584991e dragonball: fix dependency unused warning
458f6f42f dragonball: use const string for legacy device type
f6f96b8fe dragonball: add legacy device support for aarch64
7a4183980 dragonball: add device info support for aarch64
f7ccf92dc kata-deploy: Rely on the configured config path
386a523a0 kata-deploy: Pass the config path to CRI-O
13df57c39 build: save lines for repository_owner check
939959e72 docs: add Dragonball to hypervisors
2bb1eeaec docs: further questions related to upcall
026aaeecc docs: add FAQ to the report
fffcb8165 docs: update the content of the report
42ea854eb docs: kata 3.0 Architecture
46fd7ce02 Merge pull request #4595 from amshinde/fix-clh-tarball-build
33360f171 Merge pull request #4600 from ManaSugi/fix/selinux-hypervisor-config
f36bc8bc5 Merge pull request #4616 from GabyCT/topic/updatecontainerddoc
57c2d8b74 docs: Update URL links for containerd documentation
e57a1c831 build: Mark git repos as safe for build
ee3f5558a Merge pull request #4606 from liubin/fix/4605-delete-cri-containerd-plugin
c09634dbc Merge pull request #4592 from fidencio/revert-kata-deploy-changes-after-2.5.0-rc0-release
2551924bd docs: delete CRI containerd plugin statement
bee791593 Merge pull request #4533 from bookinabox/simplify-nproc
efdb92366 build: Fix clh source build as normal user
0e40ecf38 tools/snap: simplify nproc
be68cf071 Merge pull request #4597 from bergwolf/github/action
4d89476c9 runtime: Fix DisableSelinux config
ac91fb7a1 Merge pull request #4591 from fidencio/2.5.0-rc0-branch-bump
3bafafec5 action: extend commit message line limit to 150 bytes
5010c643c release: Revert kata-deploy changes after 2.5.0-rc0 release
2d29791c1 release: Kata Containers 2.5.0-rc0
f4eea832a release: Adapt kata-deploy for 2.5.0-rc0
071dd4c79 Merge pull request #4109 from pmores/drop-in-cfg-files-support
d9e868f44 Merge pull request #4479 from quanweiZhou/enhance-get-handled-signal
b33ad7e57 Merge pull request #4574 from jelipo/fix-serde-serializing
018973828 Merge pull request #4576 from ManaSugi/fix/oci-poststart-hook
cd2d8c6fe Merge pull request #4580 from ManaSugi/fix/replace-libc-with-nix
a1de394e5 Merge pull request #4550 from liubin/fix/4548-overwrite-mount-type-for-bind-mount
44ec9684d Merge pull request #4573 from amshinde/unsafe-repo-runtime-shimv2
0ddb34a38 oci: fix serde skip serializing condition
fbb2e9bce agent: Replace some libc functions with nix ones
acd3302be agent: Run OCI poststart hooks after a container is launched
635fa543a Merge pull request #4560 from bookinabox/update-commit-message-check
1f363a386 runtime: overwrite mount type to bind for bind mounts
4e48509ed build: Set safe.directory for runtime repo
c29038a2e Merge pull request #4562 from ManaSugi/git-safe-repo
02a51e75a Merge pull request #4554 from liubin/fix/delete-not-used-console-from-container-config
aa561b49f Merge pull request #4540 from fidencio/topic/default_maxmemory
48ccd4233 ci: Set safe.directory against tests repository
2a4fbd6d8 agent: enhance get handled signal
433816cca ci/cd: update check-commit-message
2a94261df Merge pull request #4549 from liubin/fix/4419-set-status-if-wait-process-failed
1e12d5651 Merge pull request #4469 from egernst/config-validation-refactor
a5a25ed13 runtime: delete Console from Cmd type
96553e8bd runtime: Add documentation of drop-in config file fragments
c656457e9 runtime: Add tests of drop-in config file decoding
99f5ca80f runtime: Plug drop-in decoding into decodeConfig()
0f9856c46 runtime: Scan drop-in directory, read files and decode them
2c1efcc69 runtime: Add helpers to copy fields between tomlConfig instances
20f11877b runtime: Add framework to manipulate config structs via reflection
ab5f1c956 shim: set a non-zero return code if the wait process call failed.
e5be5cb08 runtime: device: cleanup outdated comments
5f936f268 virtcontainers: config validation is host specific
323271403 virtcontainers: Remove unused function
0939f5181 config: Expose default_maxmemory
58ff2bd5c clh,qemu: Adapt to using default_maxmemory
ad055235a Merge pull request #4547 from GabyCT/topic/removeunuseddocker
b2c038799 Merge pull request #4130 from surajssd/add-cgroup-driver-info
1a78c3df2 packaging: Remove unused kata docker configure script
afdc96042 hypervisor: Add default_maxmemory configuration
bdf5e5229 virtcontainers: validate hypervisor config outside of hypervisor itself
469e09854 katautils: don't do validation when loading hypervisor config
0e2459d13 docs: Add cgroupDriver for containerd
e57a1c831 build: Mark git repos as safe for build
efdb92366 build: Fix clh source build as normal user
9cee52153 fmt: do cargo fmt and add a dependency for blk_dev
47a4142e0 fs: change vhostuser and virtio into const
e14e98bbe cpu_topo: add handle_cpu_topology function
5d3b53ee7 downtime: add downtime support
6a1fe85f1 vfio: add vfio as TODO
5ea35ddcd refractor: remove redundant by_id
b646d7cb3 config: remove ht_enabled
cb54ac6c6 memory: remove reserve_memory_bytes
bde6609b9 hotplug: add room for other hotplug solution
d88b1bf01 dragonball: update vsock dependency
dd003ebe0 Dragonball: change error name and fix compile error
38957fe00 UT: fix compile error in unit tests
11b3f9514 dragonball: add virtio-fs device support
948381bdb dragonball: add virtio-net device support
3d20387a2 dragonball: add virtio-blk device support
87d38ae49 Doc: add document for Dragonball API
090de2dae dragonball: fix the clippy errors.
a1593322b dragonball: add vsock api to api server
89b9ba860 dragonball: add set_vm_configuration api
95fa0c70c dragonball: add start microvm support
5c1ccc376 dragonball: add Vmm struct
4d234f574 dragonball: refactor code layout
cfd5dae47 dragonball: add vm struct
527b73a8e dragonball: remove unused feature in AddressSpaceMgr
4d89476c9 runtime: Fix DisableSelinux config
57c2d8b74 docs: Update URL links for containerd documentation
2551924bd docs: delete CRI containerd plugin statement
5010c643c release: Revert kata-deploy changes after 2.5.0-rc0 release
0e40ecf38 tools/snap: simplify nproc
3bafafec5 action: extend commit message line limit to 150 bytes
7120afe4e dragonball: add vcpu test function for aarch64
648d285a2 dragonball: add vcpu support for aarch64
7dad7c89f dragonball: update dbs-xxx dependency
c8a905206 build: format files
242992e3d build: put install methods in utils.mk
8a697268d build: makefile for dragonball config
07231b2f3 runtime-rs:refactor network model with netlink
9c526292e runtime-rs:refactor network model with netlink
f3907aa12 runtime-rs:Merge remote-tracking branch 'origin/main' into runtime-rs-newv
916ffb75d Merge pull request #4432 from liubin/fix/4420-binary-log
4e30e11b3 shim: support shim v2 logging plugin
27b1bb5ed Merge pull request #4467 from egernst/device-pkg
e32bf5331 device: deduplicate state structures
f97d9b45c runtime: device/persist: drop persist dependency from device pkgs
f9e96c650 runtime: device: move to top level package
3880e0c07 agent: refactor reading file timing for debugging
2488a0f6c Merge pull request #4439 from amshinde/update-kernel-to-5.15.46
083ca5f21 Merge pull request #4505 from yoheiueda/agent-debug-build
03fca8b45 Merge pull request #4526 from fidencio/topic/fix-clippy-warnings-and-update-agent-vendored-code
c70d3a2c3 agent: Update the dependencies
612fd79ba random: Fix "nonminimal-bool" clippy warning
d4417f210 netlink: Fix "or-fun-call" clippy warnings
93874cb3b packaging: Restrict kernel patches applied to top-level dir
07b1367c2 versions: Update kernel to latest LTS version 5.15.48
133528dd1 Merge pull request #4503 from amshinde/multi-queue-block
f186a52b1 Merge pull request #4511 from fidencio/topic/add-config-efi-to-the-tdx-kernel
1b7d36fdb agent: Allow BUILD_TYPE=debug
9ff10c083 kernel: Add CONFIG_EFI=y as part of the TDX fragments
78e27de6c Merge pull request #4358 from zvonkok/memreserve
e227b4c40 block: Leverage multiqueue for virtio-block
72049350a Merge pull request #4288 from fengwang666/enable-qemu-sandbox
8eac22ac5 Merge pull request #4495 from Amulyam24/snap-fix
e7e7dc9df runtime: Add heuristic to get the right value(s) for mem-reserve
e422730c7 Merge pull request #4497 from GabyCT/topic/removeunusedref
e11fcf7d3 Merge pull request #4168 from Champ-Goblem/patch/fix-chronyd-failure-on-boot
c7dd10e5e packaging: Remove unused publish kata image script
0bbbe7068 snap: fix snap build on ppc64le
6fd40085e Merge pull request #4484 from cmaf/tracing-update-rootspan-name
2c1b68d6e Merge pull request #4481 from zvonkok/fix-action
ef925d40c runtime: enable sandbox feature on qemu
28995301b tracing: Remove whitespace from root span
9941588c0 workflow: Removing man-db, workflow kept failing
1b7fd19ac rootfs: Fix chronyd.service failing on boot
916ffb75d Merge pull request #4432 from liubin/fix/4420-binary-log
4e30e11b3 shim: support shim v2 logging plugin
27b1bb5ed Merge pull request #4467 from egernst/device-pkg
e32bf5331 device: deduplicate state structures
f97d9b45c runtime: device/persist: drop persist dependency from device pkgs
f9e96c650 runtime: device: move to top level package
3880e0c07 agent: refactor reading file timing for debugging
2488a0f6c Merge pull request #4439 from amshinde/update-kernel-to-5.15.46
083ca5f21 Merge pull request #4505 from yoheiueda/agent-debug-build
03fca8b45 Merge pull request #4526 from fidencio/topic/fix-clippy-warnings-and-update-agent-vendored-code
c70d3a2c3 agent: Update the dependencies
612fd79ba random: Fix "nonminimal-bool" clippy warning
d4417f210 netlink: Fix "or-fun-call" clippy warnings
93874cb3b packaging: Restrict kernel patches applied to top-level dir
07b1367c2 versions: Update kernel to latest LTS version 5.15.48
133528dd1 Merge pull request #4503 from amshinde/multi-queue-block
f186a52b1 Merge pull request #4511 from fidencio/topic/add-config-efi-to-the-tdx-kernel
1b7d36fdb agent: Allow BUILD_TYPE=debug
9ff10c083 kernel: Add CONFIG_EFI=y as part of the TDX fragments
78e27de6c Merge pull request #4358 from zvonkok/memreserve
e227b4c40 block: Leverage multiqueue for virtio-block
72049350a Merge pull request #4288 from fengwang666/enable-qemu-sandbox
8eac22ac5 Merge pull request #4495 from Amulyam24/snap-fix
e7e7dc9df runtime: Add heuristic to get the right value(s) for mem-reserve
e422730c7 Merge pull request #4497 from GabyCT/topic/removeunusedref
e11fcf7d3 Merge pull request #4168 from Champ-Goblem/patch/fix-chronyd-failure-on-boot
c7dd10e5e packaging: Remove unused publish kata image script
0bbbe7068 snap: fix snap build on ppc64le
6fd40085e Merge pull request #4484 from cmaf/tracing-update-rootspan-name
2c1b68d6e Merge pull request #4481 from zvonkok/fix-action
ef925d40c runtime: enable sandbox feature on qemu
28995301b tracing: Remove whitespace from root span
9941588c0 workflow: Removing man-db, workflow kept failing
1b7fd19ac rootfs: Fix chronyd.service failing on boot
71db2dd5b hotplug: add room for future acpi hotplug mechanism
8bb00a3dc dragonball: fix a bug when generating kernel boot args
2aedd4d12 doc: add document for vCPU, api and device
bec22ad01 dragonball: add api module
07f44c3e0 dragonball: add vcpu manager
78c971875 dragonball: add upcall support
7d1953b52 dragonball: add vcpu
468c73b3c dragonball: add kvm context
e89e6507a dragonball: add signal handler
b6cb2c4ae dragonball: add metrics system
e80e0c464 dragonball: add io manager wrapper
86123f49f Merge branch 'main' into runtime-rs
f30fe86dc Merge pull request #4456 from Bevisy/fixIssue4454
553ec4611 Merge pull request #4436 from alex-matei/fix/sandbox-mem-overflow
0d33b2880 Merge pull request #4459 from jodh-intel/snap-fix-cli-options
9766a285a Merge pull request #4422 from snir911/dependabot_bumps
90a7763ac snap: Fix debug cli option
d06dd8fcd Merge pull request #4312 from fidencio/topic/pass-the-tuntap-fd-to-clh
a305bafee docs: Update outdated URLs and keep them available
185360cb9 Merge pull request #4452 from GabyCT/topic/updatedeveloperguide
db2a4d6cd Merge pull request #4441 from liubin/fix/refactor-reading-mountstat-log
bee770343 docs: Update containerd url link
ac5dbd859 clh: Improve logging related to the net dev addition
0b75522e1 network: Set queues to 1 to ensure we get the network fds
93b61e0f0 network: Add FFI_NO_PI to the netlink flags
bf3ddc125 clh: Pass the tuntap fds down to Cloud Hypervisor
55ed32e92 clh: Take care of the VmAdNetdPut request ourselves
01fe09a4e clh: Hotplug the network devices
2e0753833 clh: Expose VmAddNetPut
c84a42525 Merge pull request #4442 from openanolis/anolis/fix_safepath_clippy
1d5448fbc Merge pull request #4180 from Alex-Carter01/build-kernel-efi-secret
a80eb33cd Merge pull request #4308 from fidencio/topic/virtiofsd-switch-to-using-the-rust-version-on-all-arches
81acfc128 Merge pull request #4425 from liubin/fix/4376-change-log-level-of-getoomevent
9b93db022 Merge pull request #4417 from jodh-intel/docs-monitor-considerations
1ef0b7ded runtime: Switch to using the rust version of virtiofsd (all but power)
bb26bd73b safe-path: fix clippy warning
1a5ba31cb agent: refactor reading file timing for debugging
721ca72a6 runtime: fix error when trying to parse sandbox sizing annotations
aefe11b9b Merge pull request #4331 from dgibson/config-enable-iommu-annotation
7deb87dcb Merge pull request #4434 from fidencio/topic/bump-virtiofsd-release
f811c8b60 Merge pull request #4431 from jodh-intel/docs-arch-storage-limits
9773838c0 virtiofsd: export env vars needed for building it
b0e090f40 versions: Bump virtiofsd to v1.3.0
db5048d52 kernel: build efi_secret module for SEV
1b845978f docs: Add storage limits to arch doc
412441308 docs: Add more kata monitor details
eff4e1017 shim: change the log level for GetOOMEvent call failures
5d7fb7b7b build(deps): bump github.com/containerd/containerd in /src/runtime
d0ca2fcbb build(deps): bump crossbeam-utils in /src/tools/trace-forwarder
a60dcff4d build(deps): bump regex from 1.5.4 to 1.5.6 in /src/tools/agent-ctl
dbf50672e build(deps): bump crossbeam-utils in /src/tools/agent-ctl
8e2847bd5 build(deps): bump crossbeam-utils from 0.8.6 to 0.8.8 in /src/libs
e9ada165f build(deps): bump regex from 1.5.4 to 1.5.5 in /src/agent
adad9cef1 build(deps): bump crossbeam-utils from 0.8.5 to 0.8.8 in /src/agent
8f10e13e0 config: Allow enable_iommu pod annotation by default
f30fe86dc Merge pull request #4456 from Bevisy/fixIssue4454
553ec4611 Merge pull request #4436 from alex-matei/fix/sandbox-mem-overflow
0d33b2880 Merge pull request #4459 from jodh-intel/snap-fix-cli-options
9766a285a Merge pull request #4422 from snir911/dependabot_bumps
90a7763ac snap: Fix debug cli option
d06dd8fcd Merge pull request #4312 from fidencio/topic/pass-the-tuntap-fd-to-clh
a305bafee docs: Update outdated URLs and keep them available
185360cb9 Merge pull request #4452 from GabyCT/topic/updatedeveloperguide
db2a4d6cd Merge pull request #4441 from liubin/fix/refactor-reading-mountstat-log
bee770343 docs: Update containerd url link
ac5dbd859 clh: Improve logging related to the net dev addition
0b75522e1 network: Set queues to 1 to ensure we get the network fds
93b61e0f0 network: Add FFI_NO_PI to the netlink flags
bf3ddc125 clh: Pass the tuntap fds down to Cloud Hypervisor
55ed32e92 clh: Take care of the VmAdNetdPut request ourselves
01fe09a4e clh: Hotplug the network devices
2e0753833 clh: Expose VmAddNetPut
c84a42525 Merge pull request #4442 from openanolis/anolis/fix_safepath_clippy
1d5448fbc Merge pull request #4180 from Alex-Carter01/build-kernel-efi-secret
a80eb33cd Merge pull request #4308 from fidencio/topic/virtiofsd-switch-to-using-the-rust-version-on-all-arches
81acfc128 Merge pull request #4425 from liubin/fix/4376-change-log-level-of-getoomevent
9b93db022 Merge pull request #4417 from jodh-intel/docs-monitor-considerations
1ef0b7ded runtime: Switch to using the rust version of virtiofsd (all but power)
bb26bd73b safe-path: fix clippy warning
1a5ba31cb agent: refactor reading file timing for debugging
721ca72a6 runtime: fix error when trying to parse sandbox sizing annotations
aefe11b9b Merge pull request #4331 from dgibson/config-enable-iommu-annotation
7deb87dcb Merge pull request #4434 from fidencio/topic/bump-virtiofsd-release
f811c8b60 Merge pull request #4431 from jodh-intel/docs-arch-storage-limits
9773838c0 virtiofsd: export env vars needed for building it
b0e090f40 versions: Bump virtiofsd to v1.3.0
db5048d52 kernel: build efi_secret module for SEV
1b845978f docs: Add storage limits to arch doc
412441308 docs: Add more kata monitor details
eff4e1017 shim: change the log level for GetOOMEvent call failures
5d7fb7b7b build(deps): bump github.com/containerd/containerd in /src/runtime
d0ca2fcbb build(deps): bump crossbeam-utils in /src/tools/trace-forwarder
a60dcff4d build(deps): bump regex from 1.5.4 to 1.5.6 in /src/tools/agent-ctl
dbf50672e build(deps): bump crossbeam-utils in /src/tools/agent-ctl
8e2847bd5 build(deps): bump crossbeam-utils from 0.8.6 to 0.8.8 in /src/libs
e9ada165f build(deps): bump regex from 1.5.4 to 1.5.5 in /src/agent
adad9cef1 build(deps): bump crossbeam-utils from 0.8.5 to 0.8.8 in /src/agent
8f10e13e0 config: Allow enable_iommu pod annotation by default
d5ee3fc85 safe-path: fix clippy warning
93c10dfd8 runtime-rs: add crosvm license in Dragonball
dfe6de771 dragonball: add dragonball into kata README
39ff85d61 dragonball: green ci
71f24d827 dragonball: add Makefile.
a1df6d096 Doc: Update Dragonball Readme and add document for device
8619f2b3d dragonball: add virtio vsock device manager.
52d42af63 dragonball: add device manager.
c1c1e5152 dragonball: add kernel config.
6850ef99a dragonball: add configuration manager.
0bcb422fc dragonball: add legacy devices manager
3c45c0715 dragonball: add console manager.
3d38bb300 dragonball: add address space manager.
aff604055 dragonball: add resource manager support.
8835db6b0 dragonball: initial commit
Compatibility with CRI-O
Kata Containers 3.0.0-alpha0 is compatible with CRI-O
Compatibility with containerd
Kata Containers 3.0.0-alpha0 is compatible with contaienrd v1.5.2
OCI Runtime Specification
Kata Containers 3.0.0-alpha0 support the OCI Runtime Specification v1.0.0-rc5
Compatibility with Kubernetes
Kata Containers 3.0.0-alpha0 is compatible with Kubernetes 1.23.1-00
Libseccomp Notices
The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.
The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.
If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.
Kata Linux Containers image
Agent version: 3.0.0-alpha0
Default Image Guest OS:
description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"
Default Initrd Guest OS:
description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
Do not use Alpine on ppc64le & s390x, the agent cannot use musl because
there is no such Rust target
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"
Kata Linux Containers Kernel
Kata Containers 3.0.0-alpha0 suggest to use the Linux kernel v5.15.48
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config
Installation
Follow the Kata installation instructions.
Issues & limitations
More information Limitations
Published by fidencio over 2 years ago
kata-containers Changes
Shortlog
847003187 release: Kata Containers 2.4.3
396fed42c release: Adapt kata-deploy for 2.4.3
025e3ea6a shim: set a non-zero return code if the wait process call failed.
f32a14663 snap: Fix debug cli option
0718b9b55 rootfs: Fix chronyd.service failing on boot
Compatibility with CRI-O
Kata Containers 2.4.3 is compatible with CRI-O
Compatibility with containerd
Kata Containers 2.4.3 is compatible with contaienrd v1.5.2
OCI Runtime Specification
Kata Containers 2.4.3 support the OCI Runtime Specification v1.0.0-rc5
Compatibility with Kubernetes
Kata Containers 2.4.3 is compatible with Kubernetes 1.23.1-00
Libseccomp Notices
The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.
The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.
If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.
Kata Linux Containers image
Agent version: 2.4.3
Default Image Guest OS:
description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"
Default Initrd Guest OS:
description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"
Kata Linux Containers Kernel
Kata Containers 2.4.3 suggest to use the Linux kernel v5.15.48
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config
Installation
Follow the Kata installation instructions.
Issues & limitations
More information Limitations
Published by fidencio over 2 years ago
kata-containers Changes
Shortlog
2d29791c1 release: Kata Containers 2.5.0-rc0
f4eea832a release: Adapt kata-deploy for 2.5.0-rc0
96553e8bd runtime: Add documentation of drop-in config file fragments
c656457e9 runtime: Add tests of drop-in config file decoding
99f5ca80f runtime: Plug drop-in decoding into decodeConfig()
0f9856c46 runtime: Scan drop-in directory, read files and decode them
2c1efcc69 runtime: Add helpers to copy fields between tomlConfig instances
20f11877b runtime: Add framework to manipulate config structs via reflection
2a4fbd6d8 agent: enhance get handled signal
0ddb34a38 oci: fix serde skip serializing condition
acd3302be agent: Run OCI poststart hooks after a container is launched
fbb2e9bce agent: Replace some libc functions with nix ones
1f363a386 runtime: overwrite mount type to bind for bind mounts
4e48509ed build: Set safe.directory for runtime repo
433816cca ci/cd: update check-commit-message
48ccd4233 ci: Set safe.directory against tests repository
a5a25ed13 runtime: delete Console from Cmd type
323271403 virtcontainers: Remove unused function
0939f5181 config: Expose default_maxmemory
58ff2bd5c clh,qemu: Adapt to using default_maxmemory
afdc96042 hypervisor: Add default_maxmemory configuration
ab5f1c956 shim: set a non-zero return code if the wait process call failed.
e5be5cb08 runtime: device: cleanup outdated comments
5f936f268 virtcontainers: config validation is host specific
bdf5e5229 virtcontainers: validate hypervisor config outside of hypervisor itself
469e09854 katautils: don't do validation when loading hypervisor config
1a78c3df2 packaging: Remove unused kata docker configure script
0e2459d13 docs: Add cgroupDriver for containerd
4e30e11b3 shim: support shim v2 logging plugin
e32bf5331 device: deduplicate state structures
f97d9b45c runtime: device/persist: drop persist dependency from device pkgs
f9e96c650 runtime: device: move to top level package
3880e0c07 agent: refactor reading file timing for debugging
93874cb3b packaging: Restrict kernel patches applied to top-level dir
07b1367c2 versions: Update kernel to latest LTS version 5.15.48
1b7d36fdb agent: Allow BUILD_TYPE=debug
c70d3a2c3 agent: Update the dependencies
612fd79ba random: Fix "nonminimal-bool" clippy warning
d4417f210 netlink: Fix "or-fun-call" clippy warnings
e227b4c40 block: Leverage multiqueue for virtio-block
9ff10c083 kernel: Add CONFIG_EFI=y as part of the TDX fragments
e7e7dc9df runtime: Add heuristic to get the right value(s) for mem-reserve
ef925d40c runtime: enable sandbox feature on qemu
0bbbe7068 snap: fix snap build on ppc64le
c7dd10e5e packaging: Remove unused publish kata image script
1b7fd19ac rootfs: Fix chronyd.service failing on boot
28995301b tracing: Remove whitespace from root span
9941588c0 workflow: Removing man-db, workflow kept failing
a305bafee docs: Update outdated URLs and keep them available
721ca72a6 runtime: fix error when trying to parse sandbox sizing annotations
90a7763ac snap: Fix debug cli option
5d7fb7b7b build(deps): bump github.com/containerd/containerd in /src/runtime
d0ca2fcbb build(deps): bump crossbeam-utils in /src/tools/trace-forwarder
a60dcff4d build(deps): bump regex from 1.5.4 to 1.5.6 in /src/tools/agent-ctl
dbf50672e build(deps): bump crossbeam-utils in /src/tools/agent-ctl
8e2847bd5 build(deps): bump crossbeam-utils from 0.8.6 to 0.8.8 in /src/libs
e9ada165f build(deps): bump regex from 1.5.4 to 1.5.5 in /src/agent
adad9cef1 build(deps): bump crossbeam-utils from 0.8.5 to 0.8.8 in /src/agent
ac5dbd859 clh: Improve logging related to the net dev addition
0b75522e1 network: Set queues to 1 to ensure we get the network fds
93b61e0f0 network: Add FFI_NO_PI to the netlink flags
bf3ddc125 clh: Pass the tuntap fds down to Cloud Hypervisor
55ed32e92 clh: Take care of the VmAdNetdPut request ourselves
01fe09a4e clh: Hotplug the network devices
2e0753833 clh: Expose VmAddNetPut
bee770343 docs: Update containerd url link
1a5ba31cb agent: refactor reading file timing for debugging
bb26bd73b safe-path: fix clippy warning
db5048d52 kernel: build efi_secret module for SEV
1ef0b7ded runtime: Switch to using the rust version of virtiofsd (all but power)
9773838c0 virtiofsd: export env vars needed for building it
eff4e1017 shim: change the log level for GetOOMEvent call failures
412441308 docs: Add more kata monitor details
8f10e13e0 config: Allow enable_iommu pod annotation by default
b0e090f40 versions: Bump virtiofsd to v1.3.0
1b845978f docs: Add storage limits to arch doc
7ae11cad6 docs: Update source for cri-tools
f5099620f tools: Enable extra detail on error
34bcef884 docs: Add agent-ctl examples section
815157bf0 docs: Remove erroneous whitespace
Compatibility with CRI-O
Kata Containers 2.5.0-rc0 is compatible with CRI-O
Compatibility with containerd
Kata Containers 2.5.0-rc0 is compatible with contaienrd v1.5.2
OCI Runtime Specification
Kata Containers 2.5.0-rc0 support the OCI Runtime Specification v1.0.0-rc5
Compatibility with Kubernetes
Kata Containers 2.5.0-rc0 is compatible with Kubernetes 1.23.1-00
Libseccomp Notices
The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.
The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.
If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.
Kata Linux Containers image
Agent version: 2.5.0-rc0
Default Image Guest OS:
description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"
Default Initrd Guest OS:
description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"
Kata Linux Containers Kernel
Kata Containers 2.5.0-rc0 suggest to use the Linux kernel v5.15.48
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config
Installation
Follow the Kata installation instructions.
Issues & limitations
More information Limitations
Published by snir911 over 2 years ago
kata-containers Changes
Shortlog
7fd22d77d release: Kata Containers 2.4.2
607a8a9c2 release: Adapt kata-deploy for 2.4.2
e5568a31a agent: ignore ESRCH error when destroying containers
322839ac7 runtime: force stop container after the container process exits
b75d5cee7 docs: update release process github token instructions
e938ce443 docs: update release process with latest workflow triggering
046ba4df7 workflows: add workflow_dispatch triggering to test-kata-deploy
14ce4b01b runtime: Adding the correct detection of mediated PCIe devices
f54d5cf16 agent: Fix is_signal_handled failing parsing str to u64
80d5f9e14 agent: move assert_result macro to test_utils file
50a74dfee agent: add tests for is_signal_handled function
560247f8d agent: add tests for update_container_namespaces
47d4e79c1 agent: add tests for do_write_stream function
e3ce8aff9 agent: add tests for get_memory_info function
ebe9fc2ca clh: Update to the v24.0 release
29c9391da agent: fix direct-assigned volume stats
d1848523d runtime: direct-volume stats use correct name
338c9f2b0 runtime: direct-volume stats update to use GET parameter
f528bc010 runtime: fix incorrect Action function for direct-volume stats
3413c8588 tools: Add QEMU patches for SGX numa support
db6d4f7e1 versions: Upgrade to Cloud Hypervisor v23.1
Compatibility with CRI-O
Kata Containers 2.4.2 is compatible with CRI-O
Compatibility with containerd
Kata Containers 2.4.2 is compatible with contaienrd v1.5.2
OCI Runtime Specification
Kata Containers 2.4.2 support the OCI Runtime Specification v1.0.0-rc5
Compatibility with Kubernetes
Kata Containers 2.4.2 is compatible with Kubernetes 1.23.1-00
Libseccomp Notices
The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.
The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.
If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.
Kata Linux Containers image
Agent version: 2.4.2
Default Image Guest OS:
description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"
Default Initrd Guest OS:
description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"
Kata Linux Containers Kernel
Kata Containers 2.4.2 suggest to use the Linux kernel v5.15.26
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config
Installation
Follow the Kata installation instructions.
Issues & limitations
More information Limitations
Published by snir911 over 2 years ago
kata-containers Changes
Shortlog
eb24e9715 release: Kata Containers 2.5.0-alpha2
d2df1209a docs: describe kata handling for core-scheduling
22b6a94a8 shim: add support for core scheduling
fe3c1d9cd docs: Update storage documentation link
6ecea84bc rustjail: get home dir using nix crate
38a318820 runk: Support list sub-command
6d0ff901a docs: Update vGPU use-case
9d27c1fce agent: ignore ESRCH error when destroying containers
9726f56fd runtime: force stop container after the container process exits
168f325c4 docs: Update configuration reference for snap documentation
b9fc24ff3 docs: update release process github token instructions
c1476a174 docs: update release process with latest workflow triggering
8b57bf97a workflows: add workflow_dispatch triggering to test-kata-deploy
002f2cd10 snap: Use helper script and cleanup
9b108d993 docs: Improve snap formatting
894f661cc docs: Add warning to snap build
d759f6c3e snap: Fix CH architecture check
56591804b docs: Improve snap build instructions
cb2b30970 snap: Build using destructive mode
60823abb9 docs: Move snap README
af2ef3f7a agent-ctl: introduce handle for iptables get/set
65f0cef16 kata-runtime: add iptables CLI to test http endpoint
3201ad083 shim-client: ensure we check resp status for Put/Post
0706fb28a kata-runtime: shmgmt: make url usage consistent
2a09378dd shim-client: add support for DoPut
640173cfc shim-mgmt: Add endpoint handler for interacting with iptables
0136be22c virtcontainers: plumb iptable set/get from sandbox to agent
bd50d463b agent: iptables: get/set handling for iptables
03176a9e0 proto: update generated code based on proto update
38ebbc705 proto: update to add set/get iptables
78d45b434 agent: return mount file content if parse mountinfo failed
2e04833fb docs: Update Intel QAT documentation links
7c4049aab osbuilder: add iptables package
648b8d0ae runk: Return error when tty is used without console socket
5205efd9b runk: Add Podman guide in README
590381574 agent: Pass standard I/O to container launched by runk
c7b3941c9 runk: Enable test for the agent built with standard-oci-runtime feature
6dbce7c3d agent: Remove unused import in console test
d862ca059 runk: Handle rootfs path in config.json properly
c95ba63c0 docs: Remove information related to Kata 1.x
34b80382b docs: Get rid of note related to networking.
dfad5728a docs: Mention --cni flag while invoking ctr
fff832874 clh: Update to v24.0
49361749e snap: Build and package rust version of virtiofsd
27d903b76 snap: Put the yq binary in the staging bin directory
d7b4ce049 snap: Remove unused variable
43de5440e snap: Fix unbound variable error
c9b291509 snap: Fix whitespace
122a85e22 agent: remove bin oci-kata-agent
35619b45a runk: merge oci-kata-agent into runk
10c13d719 qemu: remove virtiofsd option in qemu config
d20bc5a4d virtiofsd: build rust based virtiofsd from source for non-x86_64
8e7c5975c agent: fix direct-assigned volume stats
4428ceae1 runtime: direct-volume stats use correct name
ffdc065b4 runtime: direct-volume stats update to use GET parameter
f29595318 runtime: fix incorrect Action function for direct-volume stats
2a1d39414 runtime: Adding the correct detection of mediated PCIe devices
ce2e521a0 runtime: remove duplicate 'types' import
7a5ccd126 runtime: sync docstrings with function names
834f93ce8 docs: fix annotations example
f4994e486 runtime: allow annotation configuration to use_legacy_serial
c67b9d297 qemu: allow using legacy serial device for the console
44814dce1 qemu: treat console kernel params within appendConsole
24a2b0f6a docs: Remove clear containers reference in README
8052fe62f runtime: do not check for EOF error in console watcher
abad33eba kernel: Remove nemu.conf from packaging
e87eb13c4 tools: delete unused param from get_from_kata_deps callers
4b437d91f agent: Fix is_signal_handled failing parsing str to u64
e73b70baf runtime: Don't run unit tests verbose by default
f24a6e761 runtime: Consolidate flags setting in unit tests script
cf465feb0 runtime: Don't change test behaviour based on $CI or $KATA_DEV_MODE
34c4ac599 runtime: Remove redundant subcommands from go-test.sh
0aff5aaa3 runtime: Simplify package listing in go-test.sh
557c4cfd0 runtime: Don't chmod coverage files in Go tests
04c8b52e0 runtime: Remove HTML coverage option from go-test.sh
7f7691442 runtime: Add coverage.txt.tmp to gitignore
13c257700 runtime: Move go testing script locally
4f586d2a9 packaging: Add kernel config option for SGX in Gramine
7bc4ab68c ci: Don't run Docs URL Alive Check workflow on forks
b4b9068cb tools: Add QEMU patches for SGX numa support
88fb9b72e docs: Update runc containerd runtime
a475956ab workflows: Add support for building virtiofsd
71f59f3a7 local-build: Add support for building virtiofsd
c7ac55b6d dockerbuild: Install unzip
8e2042d05 tools: add script to pull virtiofsd
dbedea508 versions: Add virtiofsd entry
421064680 doc: Update log parser link
271933fec log-parser: fix some of the documentation
c7dacb121 log-parser: move the kata-log-parser from the tests repo
82ea01828 versions: Upgrade to Cloud Hypervisor v23.1
383be2203 agent: Add a macro to skip a loop easier
97d7b1845 runk: use custom Kill command to support --all option
475e3bf38 agent: add test coverage for functions find_process and online_resources
Compatibility with CRI-O
Kata Containers 2.5.0-alpha2 is compatible with CRI-O
Compatibility with containerd
Kata Containers 2.5.0-alpha2 is compatible with contaienrd v1.5.2
OCI Runtime Specification
Kata Containers 2.5.0-alpha2 support the OCI Runtime Specification v1.0.0-rc5
Compatibility with Kubernetes
Kata Containers 2.5.0-alpha2 is compatible with Kubernetes 1.23.1-00
Libseccomp Notices
The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.
The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.
If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.
Kata Linux Containers image
Agent version: 2.5.0-alpha2
Default Image Guest OS:
description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"
Default Initrd Guest OS:
description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"
Kata Linux Containers Kernel
Kata Containers 2.5.0-alpha2 suggest to use the Linux kernel v5.15.26
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config
Installation
Follow the Kata installation instructions.
Issues & limitations
More information Limitations
Published by fidencio over 2 years ago
kata-containers Changes
Highlights for the Kata Containers 2.5.0-alpha1 release include:
- The addition of runk, a OCI container runtime, written in rust, based on a modified version of Kata Contaoner's agent (#2784)
- Cloud Hypervisor bump to v23.0 (#4120)
- Firecracker bump to v0.23.4 (#4001)
- Fixes related to hugepages (#3816, #3695)
- Fixes for pod terminating (#4043, #4081)
- Improvements to direct volume assignment (#4098, #4018)
- Improvements to kata-montior documentation and endpoints (#3704. #4061, #4054)
- Disk and Network rate limitting for Cloud Hypervisor (#4017, #4139)
- Kata Deploy support to RKE2 (#4161)
- Fixes on the agent-ctl tool (#4164)
- A lot of simplifications on the agent tests
- A whole new set of agent tests
- New documentation has been added related to both Firecrackerm and using NV GPUs
Shortlog
4a1e13bd rustjail: Add tests for hook_grpc_to_oci
9b863b0e release: Kata Containers 2.5.0-alpha1
70eda2fa agent: watchers: ensure uid/gid is preserved on copy/mkdir
33a8b705 clh: Rely on Cloud Hypervisor for generating the device ID
81f6b486 agent: add tests for create_logger_task function
7772f7dd runk: set BinaryName for runk for containerd
b221a259 tools: Add runk
2c218a07 agent: Modify Kata agent for runk
b0e439cb rustjail: add tests for parse_mount_table
b975f2e8 Virtcontainers: Enable hot plugging vhost-user-blk device on ARM
7ffe5a16 docs: Direct-assigned volume design
081f6de8 versions: change qemu tdx url and tag
dd4bd7f4 doc: Added initial doc update for NV GPUs
666aee54 docs: Add VSOCK localhost example for agent-ctl
86d348e0 docs: Use VM term in agent-ctl doc
4b9b62bb agent-ctl: Fix abstract socket connections
b6467ddd clh: Expose disk rate limiter config
7580bb5a clh: Expose net rate limiter config
a88adaba clh: Cloud Hypervisor has a built-in Rate Limiter
63c4da03 clh: Implement the Disk RateLimiter logic
511f7f82 config: Add DiskRateLimiter* to Cloud Hypervisor
5b18575d hypervisor: Add disk bandwidth and operations rate limiters
1cf94692 clh: Implement the Network RateLimiter logic
00a5b1bd utils: Define DefaultRateLimiterRefillTimeMilliSecs
be1bb7e3 utils: Move FC's function to revert bytes to utils
c9f6496d config: Add NetRateLimiter* to Cloud Hypervisor
2d35e606 hypervisor: Add network bandwidth and operations rate limiters
ccb01839 kata-deploy: Add support to RKE2
9d39362e kata-deploy: Reestructure the installing section
18d27f79 kata-deploy: Add a missing $ prefix in the README
6948b4b3 docs: Update containerd link to installation guide
832c33d5 docs: remove pc machine type supports
1cad3a46 agent/random: Ensure data.len > 0
33c953ac agent: Add test_ressed_rng_not_root
39a35b69 agent: Add test to random::reseed_rng()
d8f39fb2 agent/random: Rename RNDRESEEDRNG to RNDRESEEDCRNG
4b9e78b8 rustjail: Add tests for mount_grpc_to_oci
b658dccc tools: fix typo in clh directory name
afbd60da packaging: Fix clh build from source fall-back
1b931f42 runtime: Allock mockfs storage to be placed in any directory
ef6d54a7 runtime: Let MockFSInit create a mock fs driver at any path
5d8438e9 runtime: Move mockfs control global into mockfs.go
963d03ea runtime: Export StoragePathSuffix
1719a8b4 runtime: Don't abuse MockStorageRootPath() for factory tests
bec59f9e runtime: Make bind mount tests better clean up after themselves
f7ba21c8 runtime: Clean up mock hook logs in tests
90b2f5b7 runtime: Make SetupOCIConfigFile clean up after itself
2eeb5dc2 runtime: Don't use fixed /tmp/mountPoint path
f385b21b rustjail: add tests for mount_from function
96bc3ec2 rustjail: Add tests for hooks_grpc_to_oci
02395027 agent: modify the type of swappiness to u64
0ad89ebd safe-path: add more unit test cases
b63774ec libs/safe-path: add crate to safely resolve fs paths
0e7f1a5e agent: move assert_result macro to test_utils file
2256bcb6 rustjail: Add tests for root_grpc_to_oci
9b6f24b2 agent: add tests for mount_to_rootfs function
9c22d955 agent: add tests for update_container_namespaces
c3776b17 agent: add tests for is_signal_handled function
29e569aa virtcontainers: clh: Re-generate the client code
6012c197 versions: Upgrade to Cloud Hypervisor v23.0
aabcebbf agent: best-effort removing mount point
d136c9c2 test: Fix golangci-lint error for s390x
92c00c7e agent: fsGroup support for direct-assigned volume
532d5397 runtime: fsGroup support for direct-assigned volume
6a47b82c proto: fsGroup support for direct-assigned volume
7b2ff026 kata-monitor: add a README file
86977ff7 kata-monitor: update the hrefs in the debug/pprof index page
354cd3b9 runtime: Base64 encode the direct volume mountInfo path
6e79042a runtime: no need to write virtiofsd error to log
f8cc5d1a kata-monitor: add some links when generating pages for browsers
78f30c33 agent: Avoid agent panic when reading empty stats
6e9e4e8c docs: Update link to contributions guide
9d5e7ee0 agent: add tests for mount_storage
1118a3d2 agent: add test coverage for parse_mount_flags_and_options function
485aeabb agent: add tests for do_write_stream function
9d5b03a1 runtime: delete debug option in virtiofsd
c31cd0e8 rustjail: add test coverage for process_grpc_to_oci function
eff7c7e0 agent: Allow the agent to be rebuilt with the change of Cargo features
962d05ec protocols: add src/csi.rs to .gitignore
a2f5c176 runtime/virtcontainers: Pass the hugepages resources to agent
4405b188 docs: Add a firecracker installation guide
ff17c756 runtime: Allow and require no initrd for SE
59c7165e test: use T.TempDir to create temporary test directory
98750d79 clh: Expose service offload configuration
Compatibility with CRI-O
Kata Containers 2.5.0-alpha1 is compatible with CRI-O
Compatibility with containerd
Kata Containers 2.5.0-alpha1 is compatible with contaienrd v1.5.2
OCI Runtime Specification
Kata Containers 2.5.0-alpha1 support the OCI Runtime Specification v1.0.0-rc5
Compatibility with Kubernetes
Kata Containers 2.5.0-alpha1 is compatible with Kubernetes 1.23.1-00
Libseccomp Notices
The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.
The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.
If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.
Kata Linux Containers image
Agent version: 2.5.0-alpha1
Default Image Guest OS:
description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"
Default Initrd Guest OS:
description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
Do not use Alpine on ppc64le & s390x, the agent cannot use musl because
there is no such Rust target
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"
Kata Linux Containers Kernel
Kata Containers 2.5.0-alpha1 suggest to use the Linux kernel v5.15.26
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config
Installation
Follow the Kata installation instructions.
Issues & limitations
More information Limitations
Published by fidencio over 2 years ago
kata-containers Changes
Highlights for the Kata Containers 2.4.1 release include:
- Cloud Hypervisor bump to v23.0 (#4120)
- Firecracker bump to v0.23.4 (#4001)
- Fixes related to hugepages (#3816, #3695)
- Fixes for pod terminating (#4043, #4081)
- Improvements to direct volume assignment (#4098, #4018)
- Improvements to kata-montior documentation and endpoints (#3704. #4061, #4054)
Shortlog
99c6726c release: Kata Containers 2.4.1
8e076c87 release: Adapt kata-deploy for 2.4.1
b50b091c agent: watchers: ensure uid/gid is preserved on copy/mkdir
03bc89ab clh: Rely on Cloud Hypervisor for generating the device ID
6b2c641f tools: fix typo in clh directory name
81e10fe3 packaging: Fix clh build from source fall-back
8b21c5f7 agent: modify the type of swappiness to u64
3f5c6e71 runtime: Allock mockfs storage to be placed in any directory
0bd1abac runtime: Let MockFSInit create a mock fs driver at any path
3e74243f runtime: Move mockfs control global into mockfs.go
aed4fe6a runtime: Export StoragePathSuffix
e1c4f57c runtime: Don't abuse MockStorageRootPath() for factory tests
c49084f3 runtime: Make bind mount tests better clean up after themselves
4e350f7d runtime: Clean up mock hook logs in tests
415420f6 runtime: Make SetupOCIConfigFile clean up after itself
688b9abd runtime: Don't use fixed /tmp/mountPoint path
dc1288de kata-monitor: add a README file
78edf827 kata-monitor: add some links when generating pages for browsers
eff74fab agent: fsGroup support for direct-assigned volume
01cd5809 proto: fsGroup support for direct-assigned volume
97ad1d55 runtime: fsGroup support for direct-assigned volume
b62cced7 runtime: no need to write virtiofsd error to log
8242cfd2 kata-monitor: update the hrefs in the debug/pprof index page
a37d4e53 agent: best-effort removing mount point
d1197ee8 tools/packaging: Fix error path in 'kata-deploy-binaries.sh -s'
c9c77511 tools/packaging: Fix usage of kata-deploy-binaries.sh
1e622316 tools/packaging/kata-deploy: Copy install_yq.sh in a dedicated script
8fa64e01 packaging: Eliminate TTY_OPT and NO_TTY variables in kata-deploy
8f67f9e3 tools/packaging/kata-deploy/local-build: Add build to gitignore
3049b776 versions: Bump firecracker to v0.23.4
aedfef29 runtime/virtcontainers: Pass the hugepages resources to agent
c9e1f727 agent: Verify that we allocated as many hugepages as we need
ba858e8c agent: Don't attempt to create directories for hugepage configuration
bc32eff7 virtcontainers: clh: Re-generate the client code
984ef538 versions: Upgrade to Cloud Hypervisor v23.0
adf6493b runtime: Base64 encode the direct volume mountInfo path
6b417540 agent: Avoid agent panic when reading empty stats
Compatibility with CRI-O
Kata Containers 2.4.1 is compatible with CRI-O
Compatibility with containerd
Kata Containers 2.4.1 is compatible with contaienrd v1.5.2
OCI Runtime Specification
Kata Containers 2.4.1 support the OCI Runtime Specification v1.0.0-rc5
Compatibility with Kubernetes
Kata Containers 2.4.1 is compatible with Kubernetes 1.23.1-00
Libseccomp Notices
The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.
The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.
If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.
Kata Linux Containers image
Agent version: 2.4.1
Default Image Guest OS:
description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"
Default Initrd Guest OS:
description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
Do not use Alpine on ppc64le & s390x, the agent cannot use musl because
there is no such Rust target
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"
Kata Linux Containers Kernel
Kata Containers 2.4.1 suggest to use the Linux kernel v5.15.26
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config
Installation
Follow the Kata installation instructions.
Issues & limitations
More information Limitations
Published by fidencio over 2 years ago
Highlights for Kata Containers 2.4.0 include:
- direct assigned volume support: enables volume managers (e.g. csi) to delegate kata agent to manage block storage volumes.
- VMM selinux is now configurable (@tanweernoor)
- Ability to build and run unit tests for a subset of runtime packages on Darwin (@egernst, @sameo)
- Intel® Software Guard Extensions (Intel® SGX) is available as part of the default kernel, and its support has been added to Cloud Hypervisor and QEMU drivers
- Initial Intel® Trust Domain Extensions (Intel® TDX) support has been added to Kata Containers, to be used together with Cloud Hypervisor and QEMU, and can be used with together with artefacts built by the community, such as Cloud Hypervisor (also part of the released binaries), QEMU, and guest kernel
- virtio-fs has a new default parameter set up in the configuration file, announce_submounts, which is used to help to prevent inode number collisions
- Improved and fixed support for OCI hooks, allowing to run nerdctl with Kata Containers. (@sameo, @liubin). As nerdctl exposes a CLI that is very close to the docker one, this brings an easier, docker-like, development workflow with Kata Containers as a backend.
Hugepages: (@liubin ) - Native Nydus support to handle container image lazy loading for both QEMU and CLH hypervisors (@liubin @luodw)
- Static CPU management: Introduce static_sandbox_resource_mgmt flag to allow for better initial VM sizing when sandbox resource requirements are specified (requires containerd >= 1.6, Kubernetes >= 1.23). For more details see https://github.com/kata-containers/kata-containers/blob/main/docs/design/vcpu-handling.md#virtual-cpu-handling-without-hotplug.
- netmon: support for netmon dropped, as no longer utilized in Kata 2.0
- Maintainability, refactoring: Much effort was made to help refactor the runtime code base, including hypervisor, network, cgroups, pkg layout, addition of govmm, etc. These aren't user visible, but allow us to add new exciting features, as well as more easily reuse existing packages.
- agent: Add config file option to cli
- ARM experimental hotplug support with QEMU
- kata-monitor (@fgiudici, @jodh-intel): make the binary listen on localhost only by default; detection of sandboxes is no more dependent on CRI, so detection is quicker and metrics are reported also for kata workloads non created through the CRI; attach CRI metadata (if available) to metrics, in order to easily match kubernetes workloads
Compatibility with CRI-O
Kata Containers 2.4.0 is compatible with CRI-O
Compatibility with containerd
Kata Containers 2.4.0 is compatible with contaienrd v1.5.2
OCI Runtime Specification
Kata Containers 2.4.0 support the OCI Runtime Specification v1.0.0-rc5
Compatibility with Kubernetes
Kata Containers 2.4.0 is compatible with Kubernetes 1.23.1-00
Libseccomp Notices
The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.
The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.
If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.
Kata Linux Containers image
Agent version: 2.4.0
Default Image Guest OS:
description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"
Default Initrd Guest OS:
description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"
Kata Linux Containers Kernel
Kata Containers 2.4.0 suggest to use the Linux kernel v5.15.26
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config
Installation
Follow the Kata installation instructions.
Issues & limitations
More information Limitations
Published by fidencio over 2 years ago
What's Changed
- kernel: fix cve-2022-0847 by @devimc in https://github.com/kata-containers/kata-containers/pull/3853
- versions: Upgrade to Cloud Hypervisor v22.1 by @likebreath in https://github.com/kata-containers/kata-containers/pull/3873
- various fix/improvements in document, runtime and agent
Shortlog
c9e24433 release: Kata Containers 2.5.0-alpha0
0d5f80b8 versions: Bump firecracker to v0.23.4
800e4a9c agent: use ms as unit of cputime instead of ticks
0d765bd0 agent: fix container stop error with signal SIGRTMIN+3
9e4ca0c4 doc: Improve kata-deploy README.md by changing sh blocks to bash blocks
2b91dcfe docs: Remove kata-proxy reference
a63bbf97 kata-monitor: fix duplicated output when printing usage
5e1c30d4 runtime: add logs around sandbox monitor
fb8be961 runtime: stop getting OOM events when ttrpc: closed error
a779e19b tools/packaging: Fix error path in 'kata-deploy-binaries.sh -s'
0baebd2b tools/packaging: Fix usage of kata-deploy-binaries.sh
93d03cc0 kata-deploy: fix version bump from -rc to stable
3606923a workflows,release: Ship all the rust vendored code
2eb07455 tools: Add a generate_vendor.sh script
ecf71d6d docs: Remove VPP documentation
66f05c5b runtime: Remove the explicit VirtioMem set and fix the comment
154c8b03 tools/packaging/kata-deploy: Copy install_yq.sh in a dedicated script
1ed7da8f packaging: Eliminate TTY_OPT and NO_TTY variables in kata-deploy
bad859d2 tools/packaging/kata-deploy/local-build: Add build to gitignore
a9314023 docs: Remove kata-proxy references in documentation
0928eb9f agent: Kill the all the container processes of the same cgroup
19f372b5 runtime: Add more debug logs for container io stream copy
c2796327 osbuilder/qat: don't pull kata sources if exist
77434864 docs: fix markdown issues in how-to-run-docker-with-kata.md
459f4bfe osbuilder/qat: use centos as base OS
9a5b4770 docs: Update vcpu handling document
32131cb8 Agent: fix unneeded late initialization lint
ebec6903 static-build,clh: Add the ability to build from a PR
c77e34de runtime: Move mock hook source
86723b51 virtcontainers: Remove unused install/uninstall targets
0e83c95f virtcontainers: Run mock hook from build tree rather than system bin dir
e65db838 virtcontainers: Remove VC_BIN_DIR
c20ad283 virtcontainers: Remove unused Makefile defines
c776bdf4 virtcontainers: Remove unused parameter from go-test.sh
168fadf1 ci: Weekly check whether the docs url is alive
72f7e9e3 osbuilder: Multistrap Ubuntu
df511bf1 packaging: Enable cross-building agent
0a313eda osbuilder: Fix use of LIBC in rootfs.sh
2c86b956 osbuilder: Simplify Rust installation
0072cc2b osbuilder: Remove musl installations
5c3e5536 osbuilder: apk add --no-cache
efa19c41 device: use const strings for block-driver option instead of hard coding
24b29310 doc: update Intel SGX use cases document
18d4d7fb tools: update QEMU to 6.2
62351637 action: Update link for format patch documentation
aa5ae6b1 runtime: Properly handle ESRCH error when signaling container
5c434270 docs: Update k8s documentation
92ce5e2d rustjail: optimization, merged several writelns into one
dacf6e39 doc: fix filename typo
7a18e32f versions: Upgrade to Cloud Hypervisor v22.1
be12baf3 manager: Change here documents to use standard delimiter
9576a7da manager: Add options to change self test behaviour
d4d65bed manager: Add option to enable component debug
019da91d manager: Whitespace fix
d234cb76 manager: Create containerd link
5d6d39be scripts: Change here document delimiters
c088a3f3 agent: add tests for get_memory_info function
4b1e2f52 CI: Update GHA secret name
4adf93ef tools: release: Do not consider release candidates as stable releases
5ec7592d kernel: fix cve-2022-0847
ffdf961a docs: Update contact link in runtime README
42e35505 agent: Verify that we allocated as many hugepages as we need
608e003a agent: Don't attempt to create directories for hugepage configuration
6a850899 CI: Create GHA to add PR sizing label
2b41d275 release: Revert kata-deploy changes after 2.4.0-rc0 release
Compatibility with CRI-O
Kata Containers 2.5.0-alpha0 is compatible with CRI-O
Compatibility with containerd
Kata Containers 2.5.0-alpha0 is compatible with contaienrd v1.5.2
OCI Runtime Specification
Kata Containers 2.5.0-alpha0 support the OCI Runtime Specification v1.0.0-rc5
Compatibility with Kubernetes
Kata Containers 2.5.0-alpha0 is compatible with Kubernetes 1.23.1-00
Libseccomp Notices
The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.
The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.
If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.
Kata Linux Containers image
Agent version: 2.5.0-alpha0
Default Image Guest OS:
description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"
Default Initrd Guest OS:
description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"
Kata Linux Containers Kernel
Kata Containers 2.5.0-alpha0 suggest to use the Linux kernel v5.15.26
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config
Installation
Follow the Kata installation instructions.
Issues & limitations
More information Limitations
Published by egernst over 2 years ago
kata-containers Changes
Highlights for Kata Containers 2.4.0-rc0 include:
- direct assigned volume support: enables volume managers (e.g. csi) to delegate kata agent to manage block storage volumes.
- VMM selinux is now configurable (@tanweernoor)
- Ability to build and run unit tests for a subset of runtime packages on Darwin (@egernst, @sameo)
- Intel® Software Guard Extensions (Intel® SGX) is available as part of the default kernel, and its support has been added to Cloud Hypervisor and QEMU drivers
- Initial Intel® Trust Domain Extensions (Intel® TDX) support has been added to Kata Containers, to be used together with Cloud Hypervisor and QEMU, and can be used with together with artefacts built by the community, such as Cloud Hypervisor (also part of the released binaries), QEMU, and guest kernel
- virtio-fs has a new default parameter set up in the configuration file,
announce_submounts, which is used to help to prevent inode number collisions - Improved and fixed support for OCI hooks, allowing to run
nerdctlwith Kata Containers. (@sameo, @liubin). Asnerdctlexposes a CLI that is very close to thedockerone, this brings an easier, docker-like, development workflow with Kata Containers as a backend. - Hugepages: (@liubin )
- Native Nydus support to handle container image lazy loading for both QEMU and CLH hypervisors (@liubin @luodw)
- Static CPU management: Introduce static_sandbox_resource_mgmt flag to allow for better initial VM sizing when sandbox resource requirements are specified (requires containerd >= 1.6, Kubernetes >= 1.23). For more details see https://github.com/kata-containers/kata-containers/blob/main/docs/design/vcpu-handling.md#virtual-cpu-handling-without-hotplug.
- netmon: support for netmon dropped, as no longer utilized in Kata 2.0
- Maintainability, refactoring: Much effort was made to help refactor the runtime code base, including hypervisor, network, cgroups, pkg layout, addition of govmm, etc. These aren't user visible, but allow us to add new exciting features, as well as more easily reuse existing packages.
- agent: Add config file option to cli
- ARM experimental hotplug support with QEMU
- kata-monitor (@fgiudici, @jodh-intel): make the binary listen on localhost only by default; detection of sandboxes is no more dependent on CRI, so detection is quicker and metrics are reported also for kata workloads non created through the CRI; attach CRI metadata (if available) to metrics, in order to easily match kubernetes workloads
Shortlog
a4dcaf3c release: Kata Containers 2.4.0-rc0
84dff440 release: Adapt kata-deploy for 2.4.0-rc0
b257e0e5 rustjail: delete function signal in BaseContainer
d647b28b agent: delete meaningless FIXME comment
1b34494b runtime: fix invalid comments for pkg/resourcecontrol
afc567a9 storage: make k8s emptyDir creation configurable
e76519af runtime: small refactor to improve readability
f905161b runtime: mount direct-assigned block device fs only once
27fb4902 agent: add get volume stats handler in agent
ea51ef1c runtime: forward the stat and resize requests from shimv2 to kata agent
c39281ad runtime: update container creation to work with direct assigned volumes
4e00c237 agent: add grpc interface for stat and resize operations
e9b5a255 runtime: add stat and resize APIs to containerd-shim-v2
6e0090ab runtime: persist direct volume mount info
fa326b4e runtime: augment kata-runtime CLI to support direct-assigned volume
7e5f11a5 vendor: Update containerd to 1.6.1
42771fa7 runtime: don't set socket and thread for arm/virt
8828ef41 kernel: add arm experimental kernel build support
8a9007fe config: remove 2 config as they are removed in 5.15
1b6f7401 kernel: add arm experimental patches to support vcpu hotplug and virtio-mem
b8844fb8 versions: Upgrade to Cloud Hypervisor v22.0
3a641b56 katatestutils: remove distro constraints
fa8b9392 config: qemu: Fix disable_block_device_use comments
9615c8bc config: fc: Don't expose disable_block_device_use
af804734 clh: stop virtofsd if clh fails to boot up the vm
97951a2d clh: Don't use SharedFS with Confidential Guests
c30b3a9f clh: Adding a volume is not supported without SharedFS
f889f1f9 clh: introduce supportsSharedFS()
54d27ed7 clh: introduce loadVirtiofsDaemon()
ae2221ea clh: introduce stopVirtiofsDaemon()
e8bc26f9 clh: introduce setupVirtiofsDaemon()
413b3b47 clh: introduce createVirtiofsDaemon()
76e4f6a2 Revert "hypervisors: Confidential Guests do not support Device hotplug"
55cd0c89 runtime: Build golang components with extra security options
58913694 snap: Use git clone depth 1 for QEMU and dependencies
c1fb4bb7 snap: Don't build cloud-hypevisor on ppc64le
37df1678 build: always reset ARCH after getting it
94b831eb virtcontainers: remove temp dir created for vsock in test code
b27c7f40 docs: Add unit testing presentation
b2a65f90 virtcontainers: Use available s390x hugepages
54d0a672 subsystem: build
e64c54a2 monitor: Listen to localhost only by default
e6350d3d monitor: Fix build options
a67b93bb snap: clh: Re-use kata-deploy script here
f31125fe version: Bump cloud-hypervisor to b0324f85571c441f
573a37b3 osbuilder: Add CentOS Stream rootfs
f10642c8 osbuilder: Source .cargo/env before checking Rust
eda8ea15 runtime: Gofmt fixes
de574662 config: Expand confidential_guest comments
641d475f config: clh: Use "Intel TDX" instead of just "TDX"
0bafa2de config: clh: Mention supported TEEs
4afb278f ci: add github action to exercise darwin build, unit tests
e355a718 container: file is not linux specific
b31876ee device-manager: move linux-only test to a linux-only file
6a5c6344 resourcecontrol: SystemdCgroup check is not necessarily linux specific
cc58cf69 resourcecontrol: convert stats dev_t to unit64types
5be188cc utils: Add darwin stub
ad044919 virtcontainers: Convert stats dev_t to uint64
56751089 katautils: Use a syscall wrapper for the hook JSON state
7d64ae7a runtime: Add a syscall wrapper package
abc681ca katautils: Add Darwin stub for the netNS API
edf20766 docs: Update Readme document
81ed269e runtime: use Cmd.StdoutPipe instead of self-created pipe
1a3381b0 docs: Developer-Guide build a custom Kata agent with musl
8edca8bb kata-agent: Fix mismatching error of cgroup and mountinfo.
082d538c runtime: make selinux configurable
a9ba7c13 clh: Fix typo on HotplugRemoveDevice
827ab82a tools: clh: Fix unbound variable
72434333 clh: Add TDX support
a13b4d5a clh: Add firmware to the config file
a8827e0c hypervisors: Confidential Guests do not support NVDIMM
f50ff9f7 hypervisors: Confidential Guests do not support Memory hotplug
df8ffecd hypervisors: Confidential Guests do not support Device hotplug
28c4c044 hypervisors: Confidential Guests do not support VCPUs hotplug
29ee870d clh: Add confidential_guest to the config file
9621c596 clh: refactor image / initrd configuration set
dcdc412e clh: use common kernel params from the hypervisor code
4c164afb versions: Update Cloud Hypervisor to 5343e09e7b8db
7ffe9e51 virtcontainers: Do not add a virtio-rng-ccw device
fec26f8e kata-monitor: trivial: rename symbols & labels
3ac52e81 kata-monitor: fix updating sandbox cache at startup
160bb621 kata-monitor: bump version to 0.3.0
cb4230e6 runtime: fix package declaration for ppc64le
26b3f001 virtcontainers: Split hypervisor into Linux and OS agnostic bits
fa0e9dc6 virtcontainers: Make all Linux VMMs only build on Linux
c91035d0 virtcontainers: Move non QEMU specific constants to hypervisor.go
10ae0591 virtcontainers: Move guest protection definitions to hypervisor.go
b28d0274 virtcontainers: Make max vCPU config less QEMU specific
a5f6df6a govmm: Define the number of supported vCPUs per architecture
9123fc09 kata-deploy: Simplify Dockerfile and support s390x
4f96e3ea katautils: Pass the nerdctl netns annotation to the OCI hooks
a871a33b katautils: Run the createRuntime hooks
d9dfce14 katautils: Run the preStart hook in the host namespace
6be6d0a3 katautils: Pass the OCI annotations back to the called OCI hooks
f6fc1621 shim: log events for CRI-O
1d68a08f docs: Update contributing link
11220f05 kata-deploy: Use (kata with) qemu as the default shim-v2 binary
ab447285 kata-monitor: add kubernetes pod metadata labels to metrics
834e199e kata-monitor: drop unused functions
7516a8c5 kata-monitor: rework the sandbox cache sync with the container manager
e78d80ea kata-monitor: silently ignore CHMOD events on the sandboxes fs
e9eb34ce kata-monitor: improve debug logging
3175aad5 virtiofs-nydus: add lazyload support for kata with clh
8cc1b186 kernel: remove SYS_SUPPORTS_HUGETLBFS from powerpc fragments
5c9d2b41 packaging: Use patch for applying patches
1cee0a94 virtcontainers: Remove duplicated assert messages in utils test code
7241d618 versions: add nydus-snapshotter
6c1d149a docs: Update limitations document
7c4ee6ec packaging/qemu: create no_patches file for qemu-tdx
d47c488b versions: add qemu tdx section
493ebc8c utils: Update kata manager docs
34b2e67d utils: Added more kata manager cli options
714c9f56 utils: Improve containerd configuration
c464f326 utils: kata-manager: Force containerd sym link creation
4755d004 utils: Fix unused parameter
601be4e6 utils: Fix containerd installation
ae21fcc7 utils: Fix Kata tar archive check
f4d1e45c utils: Add kata-manager CLI options for kata and containerd
3f87835a utils: Switch kata manager to use getopts
e6060cb7 versions: Linux 5.15.x
734b618c agent-ctl: run cargo fmt/clippy in make check
12c37faf trace-forwarder: add make check for Rust
9818cf71 docs: Improve top-level and runtime README
c1ce67d9 runtime: use github.com/mdlayher/[email protected]
a6b40151 tools: clh: Remove unused variables
5816c132 tools: Build cloud-hypervisor with "--features tdx"
4bd945b6 virtiofsd: Use "-o announce_submounts"
36c3fc12 agent: support hugepages for containers
81a8baa5 runtime: add hugepages support
7df677c0 runtime: Update calculateSandboxMemory to include Hugepages Limit
948a2b09 tools: clh: Ensure the download binary is executable
e07545a2 tools: clh: Allow passing down a build flag
55cdef22 tools: clh: Add the possibility to always build from sources
395cff48 docs: Remove docker run and shared memory from limitations
90fd625d versions: Udpate Cloud Hypervisor to 55479a64d237
955d359f kernel: add missing config fragment for TDx
42a878e6 runtime: The index variable is initialized multiple times in for
54e1faec scripts: fix a typo while to check build_type
903a6a45 versions: Bump critools to its 1.23 release
63eb1158 versions: bump CRI-O to its 1.23 release
2d9f89ae feature(nydusd): add nydusd support to introduse lazyload ability
b19b6938 docs: Fix relative links in Markdown
1797b3eb packaging/kernel: build TDX guest kernel
98752529 versions: add url and tag for tdx kernel
bc8464e0 packaging/kernel: add option -s option
9590874d device: Update PCIDEVICE_ environment variables for the guest
7b7f426a device: Keep host to VM PCI mapping persistently
0b2bd641 device: Rework update_spec_pci() to update_env_pci()
40aa43f4 docs: Update link to EFK stack docs
982f14fa runtime: support QEMU SGX
419d8134 snap: update qemu version to 6.1.0 for arm
00722187 docs: update Release-Process.md
496bc10d tools: check for yq before using it
a9bebb31 openshift-ci: switch to CentOS Stream
14e7f52a virtcontainers: Split the rootless package into OS specific parts
1f29478b runtime: suppport split firmware
89047901 kata-deploy-push: only run if PR modifying tools path
24796d2f kata-deploy: for testing, make sure we use the PR branch
1cc1c8d0 docs: Remove images from Zun documentation
5861e52f docs: Remove Zun documentation with kata containers
4fc4c76b agent: Fix execute_hook() args error
5083ae65 workflows: stop checking revert commit
Compatibility with CRI-O
Kata Containers 2.4.0-rc0 is compatible with CRI-O
Compatibility with containerd
Kata Containers 2.4.0-rc0 is compatible with contaienrd v1.5.2
OCI Runtime Specification
Kata Containers 2.4.0-rc0 support the OCI Runtime Specification v1.0.0-rc5
Compatibility with Kubernetes
Kata Containers 2.4.0-rc0 is compatible with Kubernetes 1.23.1-00
Libseccomp Notices
The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.
The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.
If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.
Kata Linux Containers image
Agent version: 2.4.0-rc0
Default Image Guest OS:
description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"
Default Initrd Guest OS:
description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
Do not use Alpine on ppc64le & s390x, the agent cannot use musl because
there is no such Rust target
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"
Kata Linux Containers Kernel
Kata Containers 2.4.0-rc0 suggest to use the Linux kernel v5.15.23
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config
Installation
Follow the Kata installation instructions.
Issues & limitations
More information Limitations
Published by egernst over 2 years ago
kata-containers Changes
Minor fixes for the 2.3 release of Kata Containers. Fixes introduced for hook execution within the guest agent as well as ensuring that SELinux for the VMM process is configurable.
Thanks to all the contributors!
Shortlog
652cff16 release: Kata Containers 2.3.3
0b6e9f83 runtime: make selinux configurable
408477a2 kata-deploy: Use (kata with) qemu as the default shim-v2 binary
9431498e shim: log events for CRI-O
7af719e4 agent: handle hook process result
9b34cf46 agent: valid envs for hooks
9c195364 agent: Fix execute_hook() args error
9bea3a42 agent: check environment variables if empty or invalid
406f00a3 packaging: Use patch for applying patches
Compatibility with CRI-O
Kata Containers 2.3.3 is compatible with CRI-O
Compatibility with containerd
Kata Containers 2.3.3 is compatible with contaienrd v1.5.2
OCI Runtime Specification
Kata Containers 2.3.3 support the OCI Runtime Specification v1.0.0-rc5
Compatibility with Kubernetes
Kata Containers 2.3.3 is compatible with Kubernetes 1.22.0-00
Libseccomp Notices
The binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.
This uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.
If you want to use the which is not statically linked with the library, you can build
a custom that does not use the library from sources.
For the details, please check the developer guide.
Kata Linux Containers image
Agent version: 2.3.3
Default Image Guest OS:
description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"
Default Initrd Guest OS:
description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.13"
**note: Do not use Alpine on ppc64le & s390x, the agent cannot use musl because there is no such Rust target
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.13"
Kata Linux Containers Kernel
Kata Containers 2.3.3 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config
Installation
Follow the Kata installation instructions.
Issues & limitations
More information Limitations
What's Changed
- stable-2.3 | packaging: Use
patchfor applying patches by @Jakob-Naucke in https://github.com/kata-containers/kata-containers/pull/3725 - stable-2.3 | agent: fix invalid hooks env issues by @liubin in https://github.com/kata-containers/kata-containers/pull/3716
- stable-2.3 | shim: log events for CRI-O by @liubin in https://github.com/kata-containers/kata-containers/pull/3744
- stable-2.3 | kata-deploy: Use (kata with) qemu as the default shim-v2 binary by @fidencio in https://github.com/kata-containers/kata-containers/pull/3745
- back port:: runtime: make selinux configurable by @egernst in https://github.com/kata-containers/kata-containers/pull/3794
Full Changelog: https://github.com/kata-containers/kata-containers/compare/2.3.2...2.3.3
Published by snir911 over 2 years ago
kata-containers Changes
Shortlog
67947b5f release: Kata Containers 2.3.2
977f1f5b workflows: Use base instead of head ref for kata-deploy-test
99ed596a workflows: Fix typo in kata-deploy-push action
13b7d93b workflows: Ensure a label change re-triggers the actions
b8463224 workflows: Ensure force-skip-ci skips all actions
8c8571f4 workflows: Use the correct branch ref on test kata-deploy
620bb97e runtime: Provide protection for shared data
770d4acf tools: Fix groupname if it differs from username
cedb01d2 runtime: close span before return from function in case of error
a661e538 agent: fix the issue of missing create a new session for container
bed0f3c8 kata-deploy: validate conf file can be created
786c667e kata-monitor: increase delay before syncing with the container manager
3260adc4 virtcontainers: clh: Re-generate the client code
cc64461f versions: Upgrade to Cloud Hypervisor v21.0
78afa10a agent: resolve unused variables in tests
a8298676 agent: remove unused field in mount handling
87f9a690 agent: drop unused fields from network
fc012a2b agent: clear cargo test warnings
63c5a8aa uevent: Fix clippy issue in test code
e3b00f39 runtime: -Wl,--s390-pgste for s390x
d1530afa kata-manager: Retrieve static tarball
f2c6cd08 ci: Pass function arguments in static-checks.sh
Compatibility with CRI-O
Kata Containers 2.3.2 is compatible with CRI-O
Compatibility with containerd
Kata Containers 2.3.2 is compatible with contaienrd v1.5.2
OCI Runtime Specification
Kata Containers 2.3.2 support the OCI Runtime Specification v1.0.0-rc5
Compatibility with Kubernetes
Kata Containers 2.3.2 is compatible with Kubernetes 1.22.0-00
Libseccomp Notices
The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.
The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.
If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.
Kata Linux Containers image
Agent version: 2.3.2
Default Image Guest OS:
description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"
Default Initrd Guest OS:
description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.13"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.13"
Kata Linux Containers Kernel
Kata Containers 2.3.2 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config
Installation
Follow the Kata installation instructions.
Issues & limitations
More information Limitations
Published by snir911 over 2 years ago
kata-containers Changes
govmm has been merged with kata-containers
For the full changes including govmm's commits refer to Shortlog
Shortlog
26e08b27 release: Kata Containers 2.4.0-alpha2
7c956e0d virtcontainers: Enable initrd for Cloud Hypervisor
bcce1a19 versions: update Rust to 1.58.1
8cde5413 runtime: introduce static sandbox resource management
13eb1f81 docs: describe vCPU handling when hotplug is unavailable
c3e97a0a config: updates to configuration clh, fc toml template
aa3fae13 kata-deploy: Fix the tag replacement logic
75ae5361 docs: Update networking details in the architecture doc
2f37165f govmm: Unite VirtioNet tests
4a428fd1 govmm: readonly=on in s390x blkdev test
79ecebb2 govmm: TestAppendPCIBridgeDevice et al. on !s390x
dc285ab1 govmm: Remove unnecessary comma in iommu_platform
d23f2eb0 govmm: Revert "govmm: s390x: Skip broken tests"
fc0e0951 runtime: fix handling container spec's memory limit
17211979 ci: Pass function arguments in static-checks.sh
7af40fbc docs: Remove docker run, sysctl and docker daemon limitations
5643c6dc runtime: update runc and image-spec dependencies
92773170 agent: resolve unused variables in tests
2d799cbf virtcontainers: clh: Re-generate the client code
7e15e99d versions: Upgrade to Cloud Hypervisor v21.0
f52ce302 runtime: rectify passing empty options to -ldflags
df6ae1e7 osbuilder: Remove libseccomp from Dockerfile
ea1a1738 agent: fix the issue of creating new namespaces for agent
9c2f1de1 docs: Remove kata-pkgsync reference
0338fc65 docs: Redirect glossary to the wiki
3924470c workflows: Use base instead of head ref for kata-deploy-test
5ce9011a govmm: s390x: Skip broken tests
8bcaed0b govmm: Adapt license headers to kata-containers
6dd65779 govmm: Ignore govet checks, at least for now
de678a3a govmm: Remove non-relevant top files
ec6655af govmm: Use govmm from our own pkg
e347694f tools: Fix groupname if it differs from username
c3785f66 workflows: Fix typo in kata-deploy-push action
a8b66de5 release: Escape backticks in Libseccomp Notices
8cc088b5 packaging: Remove kata-pkgsync tool
fb7f98bd Merge govmm into kata-containers
8939b0f8 qemu: add support for SGX
b17f0739 qemu: update readonly flag for block devices
f971801b qemu: only set wait parameter for server mode socket based char device
82cc01d2 qemu: Fix 32 bit int overflow in test file
1d1a2313 qemu: Add support for legacy serial device
9a2bbeda qemu: Remove -realtime in favor of -overcommit
fe83c208 qemu: Add support for --no-shutdown Knob
1ed52714 qmp: wait for POWERDOWN event in ExecuteSystemPowerdown()
de039da2 govmm/qemu: Let IO/memory reservations be specified for bridge devices
5c7998db QMP: Add ExecuteBlockdevAddWithDriverCache
3a9a6749 qemu: Add credentials to qemu Cmd
d27256f8 qmp: Don't use deprecated 'props' field for object-add
d8cdf9aa qemu: Drop support for versions older than 5.0
18352c36 qemu: Fix iommu_platform for vhost user CCW
1b021929 Use 'host_device' driver for blockdev backends
9518675e add support for "sandbox" feature to qemu
335fa816 qemu: fix golangci-lint errors
61b63787 .github/workflows: reimplement github actions CI
9d6e7970 go: support go modules
0d21263a qemu: support read-only nvdimm
ff34d283 qemu: Consistent parameter building
0e19ffb6 qemu: Allow hot-plugging memory devices on PCI bridges
c135681d qemu: Add support for PEF
03b55ea5 qemu: Add support for Secure Execution
7a367dc0 qemu: Simplify (Object).Valid()
a6cec2d3 qemu: add support for SevGuest object
abd3c7ea qemu: VhostUserDevice CCW device numbers
3eaeda7f qemu: Refactor vhostuserDev.QemuParams
511cf58b Fix qemu commandline issue with empty romfile
b3eac95b qmp: remove frequent, chatty log
31418940 qemu: add support for tdx-guest object
4b136f3f qemu: Append memory backend for non-DIMM setups
6213dea4 qemu: support QEMU 6
0d47025d qemu: add support for device loaders
e2eb549f qmp: Add ro argument for block-device hotplug funcs
0592c825 qemu: add arm64 to support list of dimm
2079c15c qemu: enable "-pflash"
b8cd7059 qmp: add dump-guest-memory support
d7836877 qemu: add pvpanic device to get GUEST_PANICKED event
43d774d2 Add serial to blk device
8cb8b24c Make fw_cfg a slice
cb0d3391 contributors: remove CONTRIBUTORS.md file
29ba5a90 qemu: add fw_cfg flag to config
9f309c2a misc: Update for new GitHub organisation name
3d46d08a Add qom-get function
39c372a2 Add support for hot-plugging IBM VFIO-AP devices
f5bdd53c travis: disable amd64 jobs
1af1c0d7 github: enable github actions
4831c6e0 travis: Run coveralls after success
cf0f05d2 qemu: add iommu_platform knob for qemuParams
6645baf2 qemu: Add NoReboot config Knob for qemuParams
abca6f3c Add multidevs option to fsdev
cc538766 qemu/qmp: use boolean type for the vhost
e57e86e2 qemu: add IOMMU Device
b2aa0225 Enable Numa support for Power (ppc64le) architecture
29529a5d Add rt clock definition for rtc clock in qemu
0e98b613 qemu: Add max_ports option to virtio-serial device
787c86b7 qemu: Add microvm machine type support
5378725f qemu: add pmem flag to memory-backend-file
3700c55d qemu: add block device readonly support
88a25a2d Refactor code to support multiple virtio transports at runtime
2ee53b00 qemu: Don't set ".cache-size=" when CacheSize is 0
f1252f6e qemu: Add pcie-root-port device support.
6667f4e9 qmp_test: Add TestExecMemdevAdd and TestExecQomSet
201fd0ae qmp: Add ExecMemdevAdd and ExecQomSet API
e04be2cc qmp: add ExecutePCIVhostUserDevAdd API
13aeba09 qmp: support command 'chardev-remove'
6d6b2d88 s390x: add s390x travis support
175ac499 typo fix
cb9f640b virtio-blk: Add support for share-rw flag
9463486d s390x: dimm not supported
164bd8cd test/fmt: drop extra newlines
73555a40 qmp: add query-status API
234e0edf qemu: fix memory prealloc handling
30bfcaaa qemu: add debug logfile
79e0d533 qmp: support command 'query-qmp-schema'
68cdf64f test: add cpu topology tests
e0cf9d5c qmp: add checks for the CPU toplogy
a5c11908 qemu: support x86 SMP die
8fd28e23 Support x-pci-vendor-id and x-pci-device-id pass to qemu
713d0d94 s390x: add virtio-blk-ccw type
65cc343f test: add devno in the tests for s390x
9cf98da0 s390x: add devno support
0c900f59 Allow sharing of memory backend file
f695ddf8 qemu: add migration incoming defer support
f0f18dd0 qmp: add virtio-blk multiqueue
7d3deea4 qemu: Add a virtio-blk-pci device driver support
058cda06 qemu: use MiB instead of Gib for virtio-fs cache size
694a7b1c qemu/qmp: re-implement mainLoop
5712b119 qemu/qmp: fix readLoop() reuse scanner.Bytes() underlying array problem
3c84b1da govmm: add VhostUserFS vhost-user device type
4692f6b9 qmp: Conditionally pass threadID and socketID when CPU device add
1f51b438 Update the versions of Go used to build GoVMM
ad310f9f Fix staticcheck S1023
932fdc7f Fix staticcheck S1023
cb2ce933 Fix staticcheck S1008
f0172cd2 Fix staticcheck (S1002)
5f2e630b Fix staticcheck (S1025)
4beea513 Fix staticcheck (ST1005) errors
97fc3435 contributors: add my name
c891f5f8 qmp: Add nvdimm support
f9b31c0f qemu: Allow disable-modern option from QMP
d6173077 Run tests for the s390x build
b36b5a8f Contributors: Add Clare Chen to CONTRIBUTORS.md
b41939c6 Contributors: Add my name
dab4cf1d qmp: Add tests
5ea6da14 Verify govmm builds on s390x
ee75813a contributors: add my name
c80fc3b1 qemu: Add s390x support
ca477a18 Update source file headers
e68e0056 Update the CONTRIBUTING.md
2b7db547 Add the CONTRIBUTORS.md file
b3b765cb qemu: test Valid for Vsock for Context ID
3becff5f qemu: change of ContextID from uint32 to uint64
f30fd135 qmp: Output error detail when execute QMP command failed
7da6a4c7 qmp: fix mem-path properties for hotplug memory.
e4892e33 qemu/qmp: preparation for s390x support
110d2fa0 qemu/qmp: add new function ExecuteBlockdevAddWithCache
a0b0c86e qmp_test: Change QMP version from 2.6 to 2.9
10c36a13 qemu: add support for pidfile option
9c819db5 qemu: Fix virtio-net-pci QMP command
7fdfc6a4 qemu: Add support for romfile option
e74de3c7 Update guidelines on security issue reporting
ec83abe6 qemu: Add virtio-balloon device suppport.
46970781 qemu: Show full path to qemu binary at launch time
ef725050 qemu: Fix the support of PCIe bridge
56f645ea qmp: add ExecuteQueryMigration
a429677a govmm: fix memory prealloc
1130aab8 qmp: add "query-cpus" support
de5d2788 qemu/qmp: add vfio mediated device support on root bus
de00d7a6 qemu/image: Reduce permissions of .iso creation dir
1a1fee75 qemu/qmp: nic can works without vhost
6c3d84ea qemu: Add virtio RNG device.
b16291cf qemu/qmp: support query-memory-devices qmp command.
ce070d11 govmm: modify govmm to be compatible with qemu 2.8
0286ff9e qemu/qmp: support hotplug a nic whose qdisc is mq
8515ae48 qmp: Remind users that you must first call ExecuteQMPCapabilities()
21504d31 qemu/qmp: Add netdev_add with chardev support
ed34f616 Add some negative test cases for qmp.go
17cacc72 Add negative test cases for qemu.go
2706a07b qemu: Use the supplied context.Context for launching
e46092e0 qemu: Do not try and generate invalid RTC parameters
fcaf61dc qemu/qmp: add vfio mediated device support
4461c459 disk: Add --share-rw option for hotplugging disks
68519998 qemu/qmp: add addr and bus to hotplug vsock devices
10efa841 qemu/qmp: add function for hotplug network by fds
80ed88ed qemu/qmp: implement function to hotplug serial ports
ca46f21f qemu/qmp: implement function to hotplug character devices
03f1a1c3 qemu/qmp: implement getfd
84b212f1 qemu: add vhostfd and disable-modern to vsock hotplug
12dfa872 qemu/qmp: implement function for hotplug network
3830b441 qemu: add vhostfd and disable-modern to vhost-vsock-pci
f700a97b qemu/qmp: implement function to hotplug vsock-pci
4ca232ec qmp_test: Fix Warning and Error level logs
430e72c6 qemu,qmp: Enable gas security checker
ffc06e6b qemu,qmp: Add staticcheck to travis and fix errors
54caf781 qmp: add hotplug memory
e66a9b48 qemu: add appendMemoryKnobs helper
8aeca153 qmp: add migrate set arguments
a03d4968 qmp: add set migration capabilities
0ace4176 qemu: allow to set migration incoming
723bc5f3 qemu: allow to create a stopped guest
283d7df9 qemu: add file backed memory device support
30aeacb8 qemu: Add qemu parameter for PCI address for a bridge.
9130f375 scsi: Allow scsi controller to associate with an IO thread.
a54de183 iothread: Add ability to configure iothreads
0c0ec8f3 qemu: add initrd support
68f30718 qemu: add DisableModern to SCSIController
693d9548 qemu: add options for the machine type
3273aafd scsi: Add function to send device_add qmp command for a scsi device
6d198b8a Compute coverage statistics for unit tests in Travis builds
3a31da32 scsi: Add a scsi controller device
5316779d qemu: Add VSOCK support
f5655366 vhost-user: add blk device support
e9e27673 vhost-user: updating comments for accuracy, rename device field
8fe57236 qemu: Add maxcpus attribute to -smp
3baa7765 Add badges to the README.md file
d74e3b66 Fix errcheck failures in the unit tests
db60e32f Enable Travis builds
9cb47fc0 Add .gitignore file.
a8aaf534 Add project documentation
57aafb56 Remove all references to and dependencies on ciao
27709fce Move files to the qemu folder
48feb29f qemu: introduce vhost-user handling
b8ddd244 qemu: Add function to list hotpluggable CPUs
8c428ed7 qemu: Add function to hotplug CPUs
24b14059 qemu: Add functions to process QMP response
e39da6ca qmp: Add support for hot plugging VFIO devices on PCI(E) bridges
bc030d13 qemu: Add a SysProcAttr parameter to CreateCloudInitISO
11977072 qemu: Add a SysProcAttr parameter to LaunchCustomQemu
b639da45 qemu: Add function to hotplug vfio device
7e5614b8 Networking: Add vhost fd support
14316ce0 qemu/qmp: Implement function to hot plug PCI devices
83485dc9 qemu: Implement Bridge struct
cfa8a995 Networking: Add support for handling macvtap interfaces
83126d3e bios: add support for custom bios
3da2ef9d QEMU: Knobs: Huge Page Support: Add support for huge pages
9bfa7927 vfio: Add ability to pass VFIO devices to qemu
a70ffd19 Build: Fix the build after repo move.
0c206170 Knobs: Modify the behaviour of the Mlock knob.
ddee41d5 QEMU: Enable realtime options
4ecb9de5 qemu: Add support for memory pre-allocation
1fbe6c5d qmp: Update block device deletion for newer versions of qemu
e74aeef1 qemu: Add disable-modern option for virtio devices
8d617ff5 qemu: Update virtio-net-pci command line
25a2dc8f qemu: Update blockdev-add qmp command to support newer qemu versions
d4f77103 misc: Remove some of the code flagged by unused linter
a1600dc1 misc: Remove unused fields identified by structcheck
58a835e6 misc: Remove unused variables identified by varcheck
d48b5b5f qemu: Add PCI option to the NetDevice
a84228ae qemu: Document how cancelling works.
1e7202a5 qemu: Fix spelling error in qmp_test.go
c6f33453 qemu: Fix command cancelling.
a8a798b0 qemu, ciao-launcher: Move ConfigDrive ISO creation code to qemu
30cf1163 Add missing bus parameter for a CharDevice
2aa5f5a3 qemu: Add support for serial port addition
6fe338d6 qemu: Support creating multiple QMP sockets
992b861e qemu: Add the daemonize qemu option to the Knobs structure
997cb233 qemu: Remove dead code
e555f565 qemu: Add support for socket based consoles
eae8fae0 qemu: Fix security model typo
db067857 qemu: Make Config's FDs field private
12f6ebe3 qemu: Embed the qemu parameters into the Config structure
e193a77b qemu: Add support for block devices
3908185c qemu: Add MACVTAP support
6d7dfa04 qemu: Get rid of the Driver structure
cc9cb33a qemu: Add QMPSocket specific type
2d736d71 qemu: Add RTC specific types
e543c338 qemu: Probe each qemu device with a driver
eda8607c qemu: Add netdev options to the Device structure
4780e237 qemu: Add multi-queue and vhost definitions to NetDevice
137e7c72 qemu: Add a NetDevice slice to the Config structure
c0e2aaca qemu: Add one unit test for the Config strings
5ba8ef79 qemu: Add QMP socket unit tests
7b2f7eb5 qemu: Add Memory and SMP unit tests
2ea9b9a3 qemu: Add a Kernel unit test
8e495f6e qemu: Add a Knobs unit test
8aeb3d45 qemu: Add an Object unit test
38e041dc qemu: Add Device unit tests
54d32c24 qemu: Add parameters adding unit tests
ebfa382d qemu: Add a Knobs field to the Config structure
fe1bdcd2 qemu: Remove the extra parameters field from the Config structure
15bce61a qemu: Group all machine configurations into one structure
d94b5af8 qemu: Add a VGA parameter field to the Config structure
4892d041 qemu: Add a Global parameter field to the Config structure
612a5a9e qemu: Add a RTC field to the Config structure
c63ec096 qemu: Add a SMP field to the Config structure
7cf386a8 qemu: Add a Memory field to the Config structure
b198bc67 qemu: Add a UUID field to the Config structure
6239e846 qemu: Add a Character Devices slice field to the Config structure
73e2d53c qemu: Add a Filesystem Devices slice field to the Config structure
518ba627 qemu: Add a Kernel field to the Config structure
b973bc59 qemu: Add an Object slice field to the Config structure
8744dfe8 qemu: Add a Device slice field to the Config structure
5458de70 qemu: Add a QMP socket field to the Config structure
17118270 qemu: Add qemu's name to the Config structure
37a1f500 qemu: Add configuration structure to simplify LaunchQemu
5ccbaf2b ciao-launcher, qemu: Upgrade to new context package.
f5720198 qemu: Use null QMP logger when the logger parameter is nil
7d4199a4 qemu: Fix ineffassign error
7f50a415 qemu: Fix a silly bug in LaunchQemu
fc6bf8cf qemu: Add package documentation
306f54a9 ciao-launcher, qemu: Move launchQemu to qemu
344aa22b qemu: Add the qemu package
f4a4c3c7 version: bump to kubernetes 1.23
49223e67 runtime: remove enable_swap option
41e0c414 vendor: update govmm
7a879164 workflows: Ensure a label change re-triggers the actions
d87ab14f workflows: Ensure force-skip-ci skips all actions
5285ac2b runtime: -Wl,--s390-pgste for s390x
fc646434 workflows: Use the correct branch ref on test kata-deploy
b5b9de1d kata-deploy: Update API Version of RuntimeClass to v1
adffd3f8 scripts: Use shebang /usr/bin/env bash
e22a4e2a packaging: Make kernel config accessible to guest
a5829a29 docs: fix a typo in host-cgroups.md doc
2d0ec00a Qemu: Enable the vcpu-hotplug for arm
e4b7a12b qat: Add Debian to the distro examples
6979d5be osbuilder: Remove gentoo rootfs-builder
22c1a093 osbuilder: Remove suse rootfs-builder
85dd5873 osbuilder: Remove fedora rootfs-builder
06fae29f osbuilder: Remove centos rootfs-builder
01005c5a docs: Remove ccloudvm reference
878ab93c runtime: Provide protection for shared data
ac7acbf8 kata-deploy: validate conf file can be created
b133a236 runtime: it should rollback when failed in Sandbox AddInterface
106df33f libs: add some generated files to .gitignore
85f5ae19 runtime: close span before return from function in case of error
7e2bc4d7 packaging: Remove ccloudvm instructions and script
f6cdf464 docs: Default machine type is q35 meanwhile
7f546748 CI: Revert "CI: Switch to a mirror as gnu.org is down"
c486c2ca agent: fix the broken protobuf generation code
b48322d4 packaging: Remove obs packages testing for kata 2.0
ad16d75c runtime: Remove docker comments for kata 2.0 configuration.tomls
905e124b docs: fix agent proto file path
Compatibility with CRI-O
Kata Containers 2.4.0-alpha2 is compatible with CRI-O
Compatibility with containerd
Kata Containers 2.4.0-alpha2 is compatible with contaienrd v1.5.2
OCI Runtime Specification
Kata Containers 2.4.0-alpha2 support the OCI Runtime Specification v1.0.0-rc5
Compatibility with Kubernetes
Kata Containers 2.4.0-alpha2 is compatible with Kubernetes 1.23.1-00
Libseccomp Notices
The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.
The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.
If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.
Kata Linux Containers image
Agent version: 2.4.0-alpha2
Default Image Guest OS:
description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"
Default Initrd Guest OS:
description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"
Kata Linux Containers Kernel
Kata Containers 2.4.0-alpha2 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config
Installation
Follow the Kata installation instructions.
Issues & limitations
More information Limitations
Published by snir911 almost 3 years ago
NOTICE
Kata 2.3.1 binaries hasn't been uploaded due to a failure in kata-deploy (https://github.com/kata-containers/kata-containers/issues/3429)
If you're using kata-deploy we encourage you to use 2.3.2 or newer version
kata-containers Changes
Shortlog
a2e524f3 release: Kata Containers 2.3.1
dfbe74c4 kata-deploy: fix tar command in dockerfile
9e7eed7c versions: Upgrade to Cloud Hypervisor v20.2
53cf1dd0 tools/packaging: add copyright to kata-monitor's Dockerfile
a4dee6a5 packaging: delint tests dockerfiles
fd87b60c packaging: delint kata-deploy dockerfiles
2cb4f7ba ci/openshift-ci: delint dockerfiles
993dcc94 osbuilder: delint dockerfiles
bbd7cc2f packaging: delint kata-monitor dockerfiles
9837ec72 packaging: delint static-build dockerfiles
8785106f packaging/qemu: Use QEMU script to update submodules
a915f082 packaging/qemu: Use partial git clone
ec3faab8 security: Update rust crate versions
1f61be84 osbuilder: Add protoc to the alpine container
d2d8f9ac osbuilder: avoid to copy versions.txt which already deprecated
ca30eee3 kata-manager: Retrieve static tarball
0217abce kata-deploy: Deal with empty containerd conf file
572b25dd osbuilder: be runtime consistent also with podman build
84e69ecb agent: user container ID as watchable storage key for hashmap
77b6cfbd docs: Fix kernel configs README spelling errors
24085c95 docs: Fix outdated k8s link
514bf74f docs: Replicate branch rename on runtime-spec
77a2502a cri-o: Update links for the CRI-O github page
6413ecf4 docs: Backport source reorganization links
a0bed72d versions: Upgrade to Cloud Hypervisor v20.1
d03e05e8 versions: Use fixed, minor version for Alpine
0f7db91c osbuilder: Revert to using apk.static for Alpine
271d67a8 runtime: only call stopVirtiofsd when shared_fs is virtio-fs
7c15335d versions: Use Ubuntu initrd for non-musl archs
15080f20 virtcontainers: clh: Upgrade to openapi-generator v5.3.0
c2b8eb3c virtcontainers: clh: Re-generate the client code
fe0fbab5 versions: Upgrade to Cloud Hypervisor v20.0
be5468fd packaging: Fix missing commit message in building kata-runtime
18bb9a5d runtime: enable vhost-net for rootless hypervisor
3458073d agent: create directories for watchable-bind mounts
0e91503c runtime: enable FUSE_DAX kernel config for DAX
Compatibility with CRI-O
Kata Containers 2.3.1 is compatible with CRI-O
Compatibility with containerd
Kata Containers 2.3.1 is compatible with contaienrd v1.5.2
OCI Runtime Specification
Kata Containers 2.3.1 support the OCI Runtime Specification v1.0.0-rc5
Compatibility with Kubernetes
Kata Containers 2.3.1 is compatible with Kubernetes 1.22.0-00
Libseccomp Notices
The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.
The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.
If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.
Kata Linux Containers image
Agent version: 2.3.1
Default Image Guest OS:
description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"
Default Initrd Guest OS:
description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.13"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.13"
Kata Linux Containers Kernel
Kata Containers 2.3.1 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config
Installation
Follow the Kata installation instructions.
Issues & limitations
More information Limitations
