kata-containers Changes

Shortlog

117fc9c9 release: Kata Containers 2.4.0-alpha1
e2c1e65e kata-deploy: fix tar command in dockerfile
7b03d78f vendor: update to containerd v1.6.0-beta.4
1f581a04 versions: Upgrade to Cloud Hypervisor v20.2
2d0f9d2d vc: remove swagger binary
1c4edb96 agent: Refactor arg parsing to use clap
615224e9 agent: move the protocols to upper libs
330e3dcc agent: move the oci crate to upper libs
623d8f08 docs: Remove word duplication
3093f93a osbuilder: Restore Debian as a rootfs
2254fa86 runtime: fix a typo in kata-collect-data.sh
cf91307c agent: return detail error message for rpc calls from shim
073a3459 use-cases: clarify vhost-user-nvme status in using-spdk-vhost-user
d79268ac tools/packaging: add copyright to kata-monitor's Dockerfile
428cf0a6 packaging: delint tests dockerfiles
1ea9b703 packaging: delint kata-deploy dockerfiles
3669e1b6 ci/openshift-ci: delint dockerfiles
aeb2b673 osbuilder: delint dockerfiles
bc120289 packaging: delint kata-monitor dockerfiles
bc71dd58 packaging: delint static-build dockerfiles
7304e52a Makefile: update make go-test call
f3a97e94 docs: add how-to on Docker in Kata
7b356151 agent: Log unknown seccomp system calls
c66b5668 agent: Ignore unknown seccomp system calls
91abebf9 agent: mount: Remove unneeded mount_point local variable
137e217b docs: Fix outdated k8s link
205420d2 docs: Replicate branch rename on runtime-spec
55bac67a docs: Fix kernel configs README spelling errors
b1f4e945 security: Update rust crate versions
cb5c948a kata-manager: Retrieve static tarball
d1bc409d osbuilder: avoid to copy versions.txt which already deprecated
12c8e41c qemu: Disable libudev for QEMU 5.2 and newer
99ef52a3 osbuilder: Add protoc to the alpine container
c2578cd9 docs: Clarify where to run agent API generation commands
2938bb7f packaging/qemu: Use QEMU script to update submodules
5d49ccd6 packaging/qemu: Use partial git clone
fb1989b2 docs: Fix arch doc formatting
321995b7 CI: Switch to a mirror as gnu.org is down
233015a6 docs: Split guest assets details out of arch doc
db411c23 docs: Split k8s info out of arch doc
7ac619b2 docs: Split networking out of arch doc
5df0cb64 docs: Split storage out of arch doc
7229b7a6 docs: Split background and example out of arch doc
283d7d52 docs: Split history out of arch doc
6f9efb40 docs: Move arch doc to separate directory
87a219a1 docs: Update the stable branch strategy
1653dd4a tracing: Add span name to logging error
02608e13 docs: Update code PR advice document
1a34fbcd agent: Add config file option to cli
7a989a83 runtime: api-test: fixup
52f79aef utils: update container type handling
51bf9807 docs: Update architecture document
5b002f3c docs: change io/ioutil to io/os packages
03546f75 runtime: change io/ioutil to io/os packages
24a530ce versions: bump minimum golang version to 1.16.10
84571506 kata-deploy: Deal with empty containerd conf file
7c4263b3 src: reorg source directories
3f7cf7ae osbuilder: show usage if no options/arguments specified
bbfb10e1 versions: Upgrade to Cloud Hypervisor v20.1
6b3e4c21 image_build: add help info for '-f' option and 'BLOCK_SIZE' env.
2ebaaac7 osbuilder: be runtime consistent also with podman build
2204ecac versions: Upgrade Alpine, using minor version
dfd0732f osbuilder: Revert to using apk.static for Alpine
b92babf9 runtime/template: Handling new attributes for hypervisor config
f3103696 docs: fix check-markdown test
33f343ee runtime: correct span name for stopSandbox function
40bd34ca runtime: only call stopVirtiofsd when shared_fs is virtio-fs
ff929fc0 snap: read initrd and image distros from version.yaml
d7cc952c versions: Use Ubuntu initrd for non-musl archs
8fae2631 packaging: Fix missing commit message in building kata-runtime
99530026 virtcontainers: clh: Upgrade to openapi-generator v5.3.0
39b35d00 agent: user container ID as watchable storage key for hashmap
b3bcb7b2 runtime: enable vhost-net for rootless hypervisor
1e6f58e5 packaging: add help information for '-f' option in install_go.sh
7cb7b9d5 agent: remove unused field in mount handling
f6ae1582 agent: drop unused fields from network
4756a04b virtcontainers: clh: Re-generate the client code
0bf4d257 versions: Upgrade to Cloud Hypervisor v20.0
647082b2 docs: Update limitation document regarding docker swarm
6105e3ee runtime: enable FUSE_DAX kernel config for DAX
2af95bc5 agent: create directories for watchable-bind mounts
591d4af1 runtime: Update comments for virtcontainers to use kata 2.0
afb96c00 agent: Wrap remaining nix errors with anyhow
aba572e0 rustjail: Wrap remaining nix errors with anyhow
30d60078 uevent: Fix clippy issue in test code
4a2be13c agent: Upgrade nix version for security fix
256d5008 agent: Update crate versions
13257986 agent-ctl: Update rust lockfile
4ebdd424 forwarder: Update rust lockfile
6007322d agent: Fixed invalid error message
923e098d osbuilder: Remove debian as a rootfs

Compatibility with CRI-O

Kata Containers 2.4.0-alpha1 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.4.0-alpha1 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.4.0-alpha1 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.4.0-alpha1 is compatible with Kubernetes 1.22.0-00

Libseccomp Notices

The binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the which is not statically linked with the library, you can build
a custom that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.4.0-alpha1

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.4.0-alpha1 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

2.3 release of Kata Containers introduces several new features and cleanup. Highlights include of 2.3.0 include:

• Better support for VFIO to enable DPDK workloads
• Improvements on getting metrics via Kata Monitor
• Improvements on kata-deploy and its documentation
• Seccomp support
• Improvements on tracing
• Fixes / Improvements from the host cgroups
• Fixes for the agent's files watcher
• Fixes for the Firecracker integration
• Support for swap device within guest
• A whole lot of cleanups

There are a few changes which will impact users when upgrading to 2.3. Take note of the following:

• The runtime was updated to utilize QEMU 6.1. Utilization of older versions of QEMU are not supported, and some features will be broken if 6.1 isn't utilized (at least block device support).
• The 2.3 agent introduces SECCOMP support, which is enabled by default in the initial 2.3 release. With its initial support, static build of the agent is broken when SECCOMP is utilized. If users require a statically built agent, they should consider building the agent without sec comp (for example, cd ./src/agent && make SECCOMP=no
• As part of our cleanup and refactoring, built configuration files can be found at ./src/runtime/config/ instead of ./src/runtime/cli/config/.

Shortlog

9bc543f5 release: Kata Containers 2.3.0
198e0d16 release: Adapt kata-deploy for 2.3.0
df34e919 osbuilder: fix missing cpio package when building rootfs-initrd image
f61e31cd osbuilder: add coreutils to guest rootfs
2667e028 workflows: only allow org members to run /test_kata_deploy
3542cba8 workflows: Add back the checks for running test-kata-deploy
117b9202 kata-deploy: Ensure we test HEAD with /test_kata_deploy
cb7891e0 tools/osbuilder: build QAT kernel in fedora 34
db9cd107 watcher: tests: ensure there is 20ms delay between fs writes
a51a1f6d watchers: handle symlinked directories, dir removal
5bc1c209 watchers: don't dereference symlinks when copying files
34a1b539 stable-2.3: add VFIO kernel dependencies for ppc64le
8a705f74 runtime: Update containerd to 1.5.8
ac5ab86e qemu: fix snap build by disabling libudev
d22ec599 virtcontainers: fix failing template test on ppc64le
b8215119 cgroups: Fix systemd cgroup support
a9d5377b cgroups: pass vhost-vsock device to cgroup
ea83ff1f runtime: remove prefix when cgroups are managed by systemd
f9bde321 workflows: Remove non-used main.yaml
91003c27 versions: bump golang to 1.17.x
5e9b807b release: Use ${GOPATH}/bin/yq for upload-libseccomp-tarball action
de0eea5f release: Kata Containers 2.3.0-rc1
96b66d2c docs: Fix typo
62a51d51 runtime: Revert "runtime: use containerd package instead of cri-containerd"
99c46be7 release: Kata Containers 2.3.0-rc0
d17100ae vendor: update OpenTelemetry to v1.0.0
84ccdd8e vendor: update OpenTelemetry to v0.20.0
9d3ec583 runtime: make sure the "Shutdown" trace span have a correct end
09d5d883 runtime: tracing: Change method for adding tags
bcf3e82c logging: Enable agent debug output for release builds
b468dc50 agent: Use dup3 system call in unit tests of seccomp
1aaa0599 agent: "Revert agent: Disable seccomp feature on aarch64 temporarily"
375ad2b2 runtime: Enhancement for Makefile
a239a38f osbuilder: build image-builder image from Fedora 34
1e331f75 agent: refactor process IO processing
7e401952 agent-ctl: Add stub for AddSwap API
82de838e agent-ctl: Update for Hybrid VSOCK
d1bcf105 forwarder: Remove quotes from socket path in doc
2b139449 docs: Fix outdated links
9b270d72 ci/install_libseccomp: use a temporary work directory
98b44061 ci/install_libseccomp: Fix fail when DESTDIR is set
e66d0473 virtcontainers: simplify read-only mount handling
3f21af9c runtime: add fast-test to let test exit on error
17a8c5c6 runtime: Fix random failure for TestIoCopy
6cc8000c cli: Show available guest protection in env output
2063b138 virtcontainers: Add func AvailableGuestProtections
d45c86de versions: Update CRI-O to its 1.22 release
c4a64263 versions: Update k8s & critools to v1.22
d789b429 package: assign proper value to redefined_string
881b9964 agent: Make wording of error message match CRI-O test suite
7a80aeb0 docs: Moving from EOT to EOF
338ac875 virtcontainers: api: update the functions in the api.md docs
23496f94 release: Upload libseccomp sources with notice to release page
309dae63 virtcontainers: check that both initrd and image are not set
42804151 agent: Fix the configuration sample file
46720c61 runtime: set tags for trace span
c509a204 agent-ctl: Implement Linux OCI spec handling
e610fc82 runtime: Remove comments about unsupported features in config for clh
bdf48241 tools/packaging: Add options for VFIO to guest kernel
42add7f2 agent: Disable seccomp feature on aarch64 temporarily
5dfedc2b docs: Add explanation about seccomp
45e7c2ca static-checks: Add step for installing libseccomp
a3647e34 osbuilder: Set up libseccomp library
3be50ada agent: Add support for Seccomp
b0bc71f4 ci: test-kata-deploy: Get rid of slash-command-action action
37fa453d osbuilder: Update QAT driver in Dockerfile
a10cfffd forwarder: Fix changing log level
6abccb92 forwarder: Drop privileges when using hybrid VSOCK
b67fa9e4 forwarder: Make explicit root check
e377578e forwarder: Fix docs socket path
d2a7b6ff packaging/static-build: s390x fixes
bf00b8df agent-ctl: improve the oci_to_grpc code
5f5eca6b agent: do not return error but print it if task wait failed
5f306330 virtcontainers: delete duplicated notify in watchHypervisor function
a13e2f77 agent: Handle uevent remove actions
57c0f93f agent: fix race condition when test watcher
1a96b8ba template: disable template unit test on arm
43b13a4a runtime: DefaultMaxVCPUs should not greater than defaultMaxQemuVCPUs
c59c3673 runtime: current vcpu number should be limited
fa922517 runtime: kernel version with '+' as suffix panic in parse
b40eedc9 rustjail: Consistent coding style of LinuxDevice type
f5172d1c cli: Fix outdated kata-runtime bash completion
34273da9 runtime/device: Allow VFIO devices to be presented to guest as VFIO devices
68696e05 runtime: Add parameter to constrainGRPCSpec to control VFIO handling
d9e2e9ed runtime: Rename constraintGRPCSpec to improve grammar
57ab4085 runtime: Introduce "vfio_mode" config variable and annotation
730b9c43 agent/device: Create device nodes for VFIO devices
175f9b06 rustjail: Allow container devices in subdirectories
9891efc6 rustjail: Correct sanity checks on device path
d6b62c02 rustjail: Change mknod_dev() and bind_dev() to take relative device path
2680c0bf rustjail: Provide useful context on device node creation errors
42b92b2b agent/device: Allow container devname to differ from the host
827a41f9 agent/device: Refactor update_spec_device_list()
8ceadcc5 agent/device: Sanity check guest IOMMU groups
ff59db75 agent/device: Add function to get IOMMU group for a PCI device
13b06a35 agent/device: Rebind VFIO devices to VFIO driver inside guest
e22bd782 agent/device: Add helper function for binding a guest device to a driver
52268d0e hypervisor: Expose the hypervisor itself
a72bed5b hypervisor: update tests based on createSandbox->CreateVM change
f434bcbf hypervisor: createSandbox is CreateVM
76f1ce9e hypervisor: startSandbox is StartVM
fd24a695 hypervisor: waitSandbox is waitVM
a6385c8f hypervisor: stopSandbox is StopVM
f989078c hypervisor: resumeSandbox is ResumeVM
73b4f27c hypervisor: saveSandbox is SaveVM
7308610c hypervisor: pauseSandbox is nothing but PauseVM
8f78e1cc hypervisor: The SandboxConsole is the VM's console
4d47aeef hypervisor: Export generic interface methods
6baf2586 hypervisor: Minimal exports of generic hypervisor internal fields
8030b6ca virtcontainers: clh: Re-generate the client code
8296754e versions: Upgrade to Cloud Hypervisor v19.0
4f75ccb9 docs: use-cases: Update Intel SGX use case
51cbe145 runtime: Add option "disable_seccomp" to config hypervisor.clh
98b7350a virtcontainers: clh: Enable the seccomp feature
b625f62d runtime: delete cri containerd plugin from versions.yaml
09a5e03f docs: Write tracing documentation
4f018b52 runtime: delete useless src/runtime/cli/exit.go
24fff57c snap: make curl commands consistent
2b9f79cf snap: add cloud-hypervisor and experimental kernel
50da26d3 osbuilder: Call detect_rust_version() right before install_rust.sh
b4fadc94 docs: Updating Developer Guide re qemu-img
b8e69ce5 versions: Add libseccomp and gperf version
e61f5e29 runtime: Show socket path in kata-env output
5b3a349d trace-forwarder: Support Hybrid VSOCK
273a1a9a runtime: optimize test code
76f16fd1 runtime: use containerd package instead of cri-containerd
6d55b1ba docs: use containerd to replace cri-containerd
ed02bc90 packaging: add containerd to versions.yaml
adc9e0ba runtime: fix two bugs in rootless hypervisor
4d7ddffe utils: kata-manager: Update kata-manager.sh for new containerd config
f34f67d6 osbuilder: Specify version when installing Rust
135a0802 osbuilder: Pass CI env to container agent build
eb5dd76e osbuilder: Re-enable building the agent in Docker
7d0b616c agent: Do not fail when trying to adding existing routes
bcffa263 tracing: Fix typo in "package" tag name
e42bc05c kata-deploy: add .dockerignore file
3f95469a runtime: logging: Add variable for syslog tag
321be0f7 tracing: Remove trace mode and trace type
8873ddab release: Kata Containers 2.3.0-alpha2
f7f6bd01 kata-monitor: add index page
7b2bfd4e virtcontainers: clh: Use 'quiet' as the default kernel parameter
3e24e46c virtcontainers: clh: Turn-off serial and virtio-console by default
176dee6f agent: exec should inherit container process capabilities
a9c2a4ba GitHubActions: fix invalid format of require-pr-porting-labels.yaml
2d7b65e8 agent: flush root span before process finish
72044180 agent/device: Return PCI address from wait_for_pci_device()
e50b05d9 agent/pci: Add type to represent PCI addresses
8528157b agent/pci: Extend Slot type to represent PCI function as well
c4236cb2 packaging/kernel: Add CONFIG_PCI_MMCONFIG to x86 guest kernel configuration
5c77cc2c runtime: don't start shim management server in tests
80463b44 qemu: use GitLab repos instead of qemu.org
bf8f582c runtime: optimize code for managing temp users for rootless mode
08360c98 agent: Add an agent configutation file example
8a4e69d2 agent: rpc: Return UNIMPLEMENTED for not allowed endpoints
0ea2e3af agent: config: Allow for building the configuration from a file
63539dc9 agent: config: Add allowed endpoints
a953fea3 agent: config: Simplify configuration creation
b888edc2 agent: config: Implement Default
762922a5 runtime: delete func ConstraintsToVCPUs
4f485430 runtime: delete virtcontainers-setup.sh
191d0016 vendor: Update containerd to v1.5.7
18bff584 runtime: Optimize func noNeedForOutput and add test cases
7eac2ec7 protection: add confidential compute frame for arm
8acfc154 check: fix typecheck failure in qemu_arm64_test.go
5b02d54e virtcontainers: fix lint failure on ppc64le
ff9728f0 virtcontainers: nolint guestProtection
5c138c8f runtime: Fix field alignment on s390x
80f6b977 osbuilder: fixing centos gpg key url for ppc64le
a44cde7e agent: netlink: Use the grpc IP family field when updating the route
71ce6cfe runtime: Pass the route IP family to the agent
99450bd1 agent: protos: Add a Family field to the Route payload
f85fe702 runtime: vendor: Bump the netlink package dependency
e439cec7 cmd: fix field alignment on ppc64le
e5159ea7 cmd: get return value for setCPUtype
cd1064b1 packaging: Configure QEMU with --enable-pie
2ce8d426 clh: Suppress hypervisor output to make guest output visible
13e65f2e cmd: Fix mismatched types in testModuleData
870771d7 runtime: update .gitignore to ignore monitor_address file
bb99bfb4 runtime: fix the make check-go-static command error
814cea96 virtcontainers: clean up useless code
907459c1 agent/device: Don't force PCI rescans
75f426dd agent: Simplify do_add_swap()
aad1a873 runtime/device: Give the agent information about VFIO devices
ebd7b618 runtime: Don't repeat GetDeviceByID between appendDevices() and append*()
ad45c52f runtime/device: Record guest PCI path for VFIO devices
5c2af3e3 runtime/device: Refactor hotplugVFIODevice() to have common exit path
8bc71105 agent/device: Add device type for VFIO devices
f7a27075 agent: Move driver type constants into device.rs
5b1eb08b agent/uevent: Improve logging of wait_for_uevent()
cf36fd87 runtime: Fix some leftover go fmt errors
da42cbc0 actions: Build experimental kernel on kata-deploy push action
dffc5092 kernel: Enable SGX in experimental kernel.
ff6a677d kernel-build: Enable multiple config types.
90046964 experimental-kernel: bump 5.13.10
1fbb7304 build: kata-deploy kernel experimental
e5fe53f0 runtime: fix nil reference in cleanup rootless user
6d94957a kernel: reduce alignment size of memory hotplug to 128M
48090f62 qemu: disable plug on arm64 when pie is added
2304a596 runtime: set the sandbox storage path static
315295e0 runtime: rename GetSanboxesStoragePath() --> GetSandboxesStoragePath()
47516988 virtcontainers: Fix incorrect scripts path
3b0c4bf9 runtime: clear virtcontainers cgroup duplicated function
8b0bc1f4 kata-monitor: bump version to 0.2.0
bfb556d5 kata-monitor: refresh kata sandbox list on fs events
0e854f3b kata-monitor: improve detection of kata workloads
afad910d kata-monitor: add getSandboxFS()
e38686f7 runtime: add GetSandboxesStoragePath()
245a12bb kata-monitor: improve sandbox caching
fc067d61 kata-monitor: warn when unable to retrive the lower level runtime
53ec4df9 kata-monitor: minor fixes
57e3712d virtiofs: fix error report in TestVirtiofsdStart when go test running
a525991c workflows: Fix the config file path for using vendored sources
39dcbaa6 workflows: Fix tag attribution
04139ba6 release: Kata Containers 2.3.0-alpha1
48fb1d92 virtiofs: Create shared directory with 0700 mode, not 0750
272771dc watcher: ensure we create target mount point for storage
439e5ac3 packaging: fix qemu build on ppc64le
39cd05e0 runtime: tracing: Use root context to stop tracing
8bbcb06a qemu: Disable SHPC hotplug
cc4983ee runtime: Remove unused qemuArchBase.appendBridges definition
e248de46 vendor: Update govmm
3bdcfaa6 kata-deploy: Add more info about the stable tag
41c590fa kata-deploy: Improve README
debf3c9f kata-deploy: Remove qemu-virtiofs runtime class
43a72d76 release: update the kata-deploy yaml files accordingly
ea9b2f9c kata-deploy: Add "stable" info to the README
e5411056 kata-deploy: Update the README
9acf4e5d kata-deploy: Add stable yaml files
a86babe0 kata-deploy: Point to the latest release
a156288c workflows: Add "stable" & "latest" tags to kata-deploy
077b77c1 runtime: tracing: Fix logger passed in newContainer
bb18cd47 virtcontainers: update VC SandboxConfig API add SandboxBindMounts field
58e77a3c sandbox: Allow the device to be accessed,such as /dev/null and /dev/urandom
0ca8c272 qemu: add v5.1.0 dir under tag_patches
1fe080fd threat-model: Add missing threat-model document
305afc8b docs: documentation for running non-root VMM
21c85116 workflows,release: Upload the vendored cargo code
1cfe5930 runtime: Run QEMU using a non-root user/group
fd983738 runtime: update .gitignore file cleare the vc shim config
9a6d56f1 runtime: fix empty cgroup path validation error
90e63887 ci: Call agent shutdown test only in the correspondent CI_JOB
9353cd77 runtime: Remove outdated TestStoreContainer
067c44d0 runtime: fix UT build failure
9a311a2b docs: fix invalid kernel dax doc url
e7c42fbc runtime: unify generated config
4f7cc186 runtime: refactor commandline code directory
a6066404 virtcontainers: update VC HypervisorConfig API add three lost fields
d865c809 virtcontainers: add unit tests for container.go
d00decc9 runtime: clh: Enable hugepages support
9d3cd984 agent/mount: Remove unused ensure_destination_exists()
64aa5623 agent: Correct mount point creation
08d7aebc agent/mount: Split out regular file case from ensure_destination_exists()
9fa3beff agent: Remove unnecessary BareMount structure
49282854 agent: Simplify BareMount::mount by using nix::mount::mount
25ac3524 versions: Allow newer Rust versions
851d5f86 tests: Correct heading in static checks test
64bb803f runtime/qemu: Move from query-cpus to query-cpus-fast
25670d30 packaging/qemu: Update qemu-exerimental version to v6.1.0
041a513f versions: Update qemu to v6.1.0
81de2d47 packaging: Correct error message in apply_patches.sh
4b7e4a4c runtime: Vendoring update
8d9d6e6a docs: Host cgroups documentation update
9bed2ade virtcontainers: Convert to the new cgroups package API
b42ed393 virtcontainers: cgroups: Add a containerd API based cgroups package
f17752b0 virtcontainers: container: Do not create and manage container host cgroups
dc7e9bce virtcontainers: sandbox: Host cgroups partitioning
f811026c virtcontainers: Unconditionally create the sandbox cgroup manager
d67a414b src/runtime/README.md: Fix URL of Licence
74d645cd how-to: Add how-to-setup-swap-devices-in-guest-kernel.md
2174fee4 docs: Add swap annotations introduction
f785ff0b virtcontainers: clh: Revert the workaround incorrect default values
0e0e59dc virtcontainers: clh: Re-generate the client code
f0b53314 versions: Upgrade to Cloud Hypervisor v18.0
13b8bb0c runtime: Fix README link
1fff9be7 qemu: remove default config for arm64.
71f915c6 sandbox: Add device permissions such as /dev/null to cgroup
62baa48e virtcontainers: fc: parse vcpuID correctly
11652136 actions: test make kata-tarball
626d659f actions: kata-deploy on PRs and use makefile
78d99f51 kata-deploy: Make verbose single builds
59486b85 kata-deploy: Add tarball suffix to makefile targets
96e1246b makefile: Include kata-deploy targets
2abc450a test: enable running tests under root user
924a68d0 osbuilder: Change to "=" operator to make script more portable
d422789f makefile: Fix error exit status code
bfcee911 osbuilder: fix inconsistent calculation of fs size
e2a9e78c virtcontainers: Remove NewStoreFeature
4996f9b7 snap: Test variable instead of executing "branch"
256c3b27 license: drop redundent license files
bcc9fa3b hotplugAddBlockDevice: Use ExecuteBlockdevAddWithDriverCache with swap
bd85da04 vendor: Update vendor/github.com/kata-containers/govmm
18c95b9a release: Kata Containers 2.3.0-alpha0
8f0f949a tracing: Move dynamically added attributes to Trace()
87de26bd tracing: Modify Trace() to accept multiple tag maps
8058e972 tracing: Change runtime tracing tags to vars
0c7789fa runtime: Add container field to logs
72e3538e shimv2: add information to method comment
8dadca9c shimv2: add logging to shimv2 api calls
2250360b docs: remove mentioning of qemu-lite
a9de761d runtime: drop qemu-lite support
8ae3edbc runtime: fix default hypervisor path
39ffd8ee runtime: delete types or const that no longer needed
ff37f5c7 runtime: Optimize the way slice created
a99fcc3a virtcontainers: simplify tests
932ee41b virtcontainers: clh: Workaround incorrect default values
bff38e4f virtcontainers: clh: Fix the unit test
d967d3cb virtcontainers: clh: Use constructors to ensure proper default value
a6a2e525 virtcontainers: clh: Migrate to use the updated client APIs
46eb07e1 virtcontainers: clh: Re-generate the client code
80fba4d6 virtcontainers: clh: Upgrade to the openapi-generator v5.2.1
938981be build_image: Fix error soft link about initrd.img
b8717f35 ci: Temporarily skip agent shutdown test on s390x
87bbae1b fc: fix version parsing for fc >= 0.25
9de1129b osbuilder: Fix rootfs-builder when running in VMs
65a1e131 osbuilder: Allow running the tool several times
a4214738 osbuilder: Fix Makefile
2304f935 docs: update the GoDoc url from kata 1.x to 2.x
2a614577 docs: update how-to README file for Firecracker config
8594f80c ci/openshift-ci: Pull centos from registry.centos.org
486baba7 docs: update containerd CRI plugin url

Compatibility with CRI-O

Kata Containers 2.3.0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.3.0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.3.0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.3.0 is compatible with Kubernetes 1.22.0-00

Libseccomp Notices

The binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the which is not statically linked with the library, you can build
a custom that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.3.0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.13.5"
ppc64le:
name: "alpine"
version: "3.13.5"
s390x:
name: "alpine"
version: "3.13.5"
x86_64:
name: "alpine"
version: "3.13.5"

Kata Linux Containers Kernel

Kata Containers 2.3.0 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

Shortlog

72b8144b release: Kata Containers 2.4.0-alpha0
8ee67aae osbuilder: fix missing cpio package when building rootfs-initrd image
f59d3ff6 osbuilder: add coreutils to guest rootfs
5e7c1a29 workflows: only allow org members to run /test_kata_deploy
a32e02a1 agent: use temp directory as root of test containers
857501d8 tools/osbuilder: build QAT kernel in fedora 34
6a0b7165 agent: refactor find_process function and add test cases
ce92cadc vc: hypervisor: remove setSandbox
2227c46c vc: hypervisor: use our own logger
4c2883f7 vc: hypervisor: remove dependency on persist API
34f23de5 vc: hypervisor: Remove need to get shared address from sandbox
c28e5a78 acrn: remove dependency on sandbox, persistapi datatypes
a0e0e186 hypervisors: introduce pkg to unbreak vc/persist dependency
ce0693d6 agent: clear cargo test warnings
f0734f52 docs: Remove extraneous whitespace
aff32756 docs: Add a code PR advice document
d41c375c docs: Add more advice to the UT advice doc
baf4f76d docs: More detail on running tests as different users
fcf45b0c docs: Use more idiomatic rust string check
9fed7d0b docs: Mention anyhow for error handling in UT doc
318b3f18 docs: No present continuous in UT advice doc
e8bb6b26 docs: Correct repo name usage
c1111a1d docs: Use leading caps for lang names in UT advice doc
597b239e docs: Remove TOC in UT advice doc
cf360fad docs: Move unit test advice doc from tests repo
bc955814 docs: Move doc requirements section higher
5ba2f52c tools: Quote functions arguments in the update repos script
5dbd752f tools: Remove the check for the VERSION file
85eb743f tools: Make hub usage slightly less fragile
76540dbd tools: Automatically revert kata-deploy changes
36d73c96 tools: Do the kata-deploy changes on its own commit
c8e22daf tools: Use vars for the registry in the update repo script
ac958a30 tools: Use vars for the yaml files used in the update repo script
edca8292 tools: Rewrite the logic around kata-deploy changes
31f6c2c2 tools: Update comments about the kata-deploy yaml changes
ddc68131 runtime: delete netmon
bd3217da agent: Remove redundant returns
adab6434 agent: Remove some unwrap and expect calls
351cef7b agent: Remove unwrap from verify_cid()
a7d1c70c agent: Improve baremount
09abcd4d agent-ctl: Remove some unwrap and expect calls
35db75ba agent-ctl: Remove redundant returns
46e45958 agent-ctl: Simplify main
c7349d0b agent-ctl: Simplify error handling
0c6c0735 agent: fixed the make optimize bug
705687dc docs: Add kata-deploy as part of the install docs
acece849 docs: Use the default notation for "Note" on install README
143fb278 kata-deploy: Use the default notation for "Note"
45d76407 kata-deploy: Don't mention arch specific binaries in the README
a7c08aa4 workflows: Add back the checks for running test-kata-deploy
3c9ae7fb kata-deploy: Ensure we test HEAD with /test_kata_deploy
46fd5069 docs: update using-SPDK-vhostuser-and-kata.md
78dff468 agent/device: Adjust PCIDEVICE_* container environment variables for VM
4530e7df agent/device: Use simpler structure in update_spec_devices()
b6062278 agent/device: Correct misleading comment on test case
89ff7000 agent/device: Remove unnecessary check for empty container_path
c855a312 agent/device: Make DevIndex local to update_spec_devices()
084538d3 agent/device: Change update_spec_device to handle multiple devices at once
d6a3ebc4 agent/device: Obtain guest major/minor numbers when creating DevNumUpdate
f4982130 agent/device: Check for conflicting device updates
f10e8c81 agent/device: Batch changes to the OCI specification
46a4020e agent/device: Types to represent update for a device in the OCI spec
e7beed54 agent/device: Remove unneeded clone() from several device handlers
2029eeeb agent/device: Improve update_spec_device() final_path handling
57541315 agent/device: Correct misleading parameter name in update_spec_device()
0c51da3d agent/device: Correct misleading error message in update_spec_device()
94b7936f agent/device: Use nix::sys::stat::{major,minor} instead of libc::*
b5dfcf26 watcher: tests: ensure there is 20ms delay between fs writes
296e76f8 watchers: handle symlinked directories, dir removal
2b6dfe41 watchers: don't dereference symlinks when copying files
6955d144 kata-deploy: Add back stable & latest tags
bbaf57ad agent: fix the issue of missing create a new session for container
0380b9bd runtime: Update containerd to 1.5.8
112ea258 qemu: fix snap build by disabling libudev
d5a18173 virtcontainers: fix failing template test on ppc64le
599bc0c2 agent: Update README
7e6f2b8d vc-utils: don't export unused function
860f3088 virtcontainers: move oci, uuid packages top level
8acb3a32 virtcontainers: remove unused package nsenter
4788cb82 vc-network: remove unused functions
b6ebddd7 oci: remove unused function GetContainerType
1e7cb4bc macvlan: drop bridged part of name
55412044 monitor: Fix monitor race condition doing hypervisor.check()
eb11d053 cri-o: Update deployment documentation
92e3a140 cri-o: Update links for the CRI-O github page
0a19340a cri-o: Remove outdated documentation
bcf181b7 cgroups: Fix systemd cgroup support
b34ed403 cgroups: pass vhost-vsock device to cgroup
7362e1e8 runtime: remove prefix when cgroups are managed by systemd
09f7962f runtime: merge virtcontainers/pkg/types into virtcontainers/types
a3b3c85e workflows: Remove non-used main.yaml
1b1790fd agent/src: improve unit test coverage for src/namespace.rs
570915a8 docs: update kata 2.0 metrics documentation
6339fdd1 docs: update kata metrics architecture image
6acedc25 runtime: delete not used codes
395638c4 versions: bump golang to 1.17.x
34307235 release: Use ${GOPATH}/bin/yq for upload-libseccomp-tarball action
8ab90e10 agent-ctl: Allow API specification in JSON format
b7b89905 virtcontainers: Lint protection types
57bb7ffa agent: check environment variables if empty or invalid
eacfcdec runtime: Revert "runtime: use containerd package instead of cri-containerd"
e7856ff1 rustjail: Fix created time of container
87f67606 agent: Remove dynamic tracing APIs
b09dd7a8 docs: Fix typo
7566b736 kernel: add VFIO kernel dependencies for ppc64le
d47484e7 logging: Always run crate tests
5c9c0b6e build: Fix default target

Compatibility with CRI-O

Kata Containers 2.4.0-alpha0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.4.0-alpha0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.4.0-alpha0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.4.0-alpha0 is compatible with Kubernetes 1.22.0-00

Libseccomp Notices

The binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the which is not statically linked with the library, you can build
a custom that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.4.0-alpha0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.13.5"
ppc64le:
name: "alpine"
version: "3.13.5"
s390x:
name: "alpine"
version: "3.13.5"
x86_64:
name: "alpine"
version: "3.13.5"

Kata Linux Containers Kernel

Kata Containers 2.4.0-alpha0 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

Shortlog

5e9b807b release: Use ${GOPATH}/bin/yq for upload-libseccomp-tarball action
de0eea5f release: Kata Containers 2.3.0-rc1
96b66d2c docs: Fix typo
62a51d51 runtime: Revert "runtime: use containerd package instead of cri-containerd"

Compatibility with CRI-O

Kata Containers 2.3.0-rc1 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.3.0-rc1 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.3.0-rc1 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.3.0-rc1 is compatible with Kubernetes 1.22.0-00

Libseccomp Notices

The binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the which is not statically linked with the library, you can build
a custom that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.3.0-rc1

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.13.5"
ppc64le:
name: "alpine"
version: "3.13.5"
s390x:
name: "alpine"
version: "3.13.5"
x86_64:
name: "alpine"
version: "3.13.5"

Kata Linux Containers Kernel

Kata Containers 2.3.0-rc1 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

Release 2.2.3

kata-containers Changes

Shortlog

b7493fd release: Kata Containers 2.2.3
4f73e58 packaging/static-build: s390x fixes
45f65a7 agent: Handle uevent remove actions
06d3049 agent: fix race condition when test watcher
0366f6e template: disable template unit test on arm
7cb650a runtime: DefaultMaxVCPUs should not greater than defaultMaxQemuVCPUs
e97cd23 runtime: current vcpu number should be limited
6b6d81c runtime: kernel version with '+' as suffix panic in parse
a479eca docs: Fix outdated links
ee3bf4a osbuilder: build image-builder image from Fedora 34
b794a39 virtcontainers: clh: Re-generate the client code
39d95f4 versions: Upgrade to Cloud Hypervisor v19.0

Compatibility with CRI-O

Kata Containers 2.2.3 is compatible with CRI-O

Compatibility with cri-containerd

Kata Containers 2.2.3 is compatible with cri-contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.2.3 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.2.3 is compatible with Kubernetes 1.21.1-00

Kata Linux Containers image

Agent version: 2.2.3

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.13.5"
ppc64le:
name: "alpine"
version: "3.13.5"
s390x:
name: "alpine"
version: "3.13.5"
x86_64:
name: "alpine"
version: "3.13.5"

Kata Linux Containers Kernel

Kata Containers 2.2.3 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

NOTE: This release introduced a regression where kata-containers won't start when using old versions of container.
Please, use 2.3.0-rc1 instead, which brings back the compatibility with older containerd versions.

Shortlog

99c46be7 release: Kata Containers 2.3.0-rc0
d17100ae vendor: update OpenTelemetry to v1.0.0
84ccdd8e vendor: update OpenTelemetry to v0.20.0
9d3ec583 runtime: make sure the "Shutdown" trace span have a correct end
09d5d883 runtime: tracing: Change method for adding tags
bcf3e82c logging: Enable agent debug output for release builds
b468dc50 agent: Use dup3 system call in unit tests of seccomp
1aaa0599 agent: "Revert agent: Disable seccomp feature on aarch64 temporarily"
375ad2b2 runtime: Enhancement for Makefile
a239a38f osbuilder: build image-builder image from Fedora 34
1e331f75 agent: refactor process IO processing
7e401952 agent-ctl: Add stub for AddSwap API
82de838e agent-ctl: Update for Hybrid VSOCK
d1bcf105 forwarder: Remove quotes from socket path in doc
2b139449 docs: Fix outdated links
9b270d72 ci/install_libseccomp: use a temporary work directory
98b44061 ci/install_libseccomp: Fix fail when DESTDIR is set
e66d0473 virtcontainers: simplify read-only mount handling
3f21af9c runtime: add fast-test to let test exit on error
17a8c5c6 runtime: Fix random failure for TestIoCopy
6cc8000c cli: Show available guest protection in env output
2063b138 virtcontainers: Add func AvailableGuestProtections
d45c86de versions: Update CRI-O to its 1.22 release
c4a64263 versions: Update k8s & critools to v1.22
d789b429 package: assign proper value to redefined_string
881b9964 agent: Make wording of error message match CRI-O test suite
7a80aeb0 docs: Moving from EOT to EOF
338ac875 virtcontainers: api: update the functions in the api.md docs
23496f94 release: Upload libseccomp sources with notice to release page
309dae63 virtcontainers: check that both initrd and image are not set
42804151 agent: Fix the configuration sample file
46720c61 runtime: set tags for trace span
c509a204 agent-ctl: Implement Linux OCI spec handling
e610fc82 runtime: Remove comments about unsupported features in config for clh
bdf48241 tools/packaging: Add options for VFIO to guest kernel
42add7f2 agent: Disable seccomp feature on aarch64 temporarily
5dfedc2b docs: Add explanation about seccomp
45e7c2ca static-checks: Add step for installing libseccomp
a3647e34 osbuilder: Set up libseccomp library
3be50ada agent: Add support for Seccomp
b0bc71f4 ci: test-kata-deploy: Get rid of slash-command-action action
37fa453d osbuilder: Update QAT driver in Dockerfile
a10cfffd forwarder: Fix changing log level
6abccb92 forwarder: Drop privileges when using hybrid VSOCK
b67fa9e4 forwarder: Make explicit root check
e377578e forwarder: Fix docs socket path
d2a7b6ff packaging/static-build: s390x fixes
bf00b8df agent-ctl: improve the oci_to_grpc code
5f5eca6b agent: do not return error but print it if task wait failed
5f306330 virtcontainers: delete duplicated notify in watchHypervisor function
a13e2f77 agent: Handle uevent remove actions
57c0f93f agent: fix race condition when test watcher
1a96b8ba template: disable template unit test on arm
43b13a4a runtime: DefaultMaxVCPUs should not greater than defaultMaxQemuVCPUs
c59c3673 runtime: current vcpu number should be limited
fa922517 runtime: kernel version with '+' as suffix panic in parse
b40eedc9 rustjail: Consistent coding style of LinuxDevice type
f5172d1c cli: Fix outdated kata-runtime bash completion
34273da9 runtime/device: Allow VFIO devices to be presented to guest as VFIO devices
68696e05 runtime: Add parameter to constrainGRPCSpec to control VFIO handling
d9e2e9ed runtime: Rename constraintGRPCSpec to improve grammar
57ab4085 runtime: Introduce "vfio_mode" config variable and annotation
730b9c43 agent/device: Create device nodes for VFIO devices
175f9b06 rustjail: Allow container devices in subdirectories
9891efc6 rustjail: Correct sanity checks on device path
d6b62c02 rustjail: Change mknod_dev() and bind_dev() to take relative device path
2680c0bf rustjail: Provide useful context on device node creation errors
42b92b2b agent/device: Allow container devname to differ from the host
827a41f9 agent/device: Refactor update_spec_device_list()
8ceadcc5 agent/device: Sanity check guest IOMMU groups
ff59db75 agent/device: Add function to get IOMMU group for a PCI device
13b06a35 agent/device: Rebind VFIO devices to VFIO driver inside guest
e22bd782 agent/device: Add helper function for binding a guest device to a driver
52268d0e hypervisor: Expose the hypervisor itself
a72bed5b hypervisor: update tests based on createSandbox->CreateVM change
f434bcbf hypervisor: createSandbox is CreateVM
76f1ce9e hypervisor: startSandbox is StartVM
fd24a695 hypervisor: waitSandbox is waitVM
a6385c8f hypervisor: stopSandbox is StopVM
f989078c hypervisor: resumeSandbox is ResumeVM
73b4f27c hypervisor: saveSandbox is SaveVM
7308610c hypervisor: pauseSandbox is nothing but PauseVM
8f78e1cc hypervisor: The SandboxConsole is the VM's console
4d47aeef hypervisor: Export generic interface methods
6baf2586 hypervisor: Minimal exports of generic hypervisor internal fields
8030b6ca virtcontainers: clh: Re-generate the client code
8296754e versions: Upgrade to Cloud Hypervisor v19.0
4f75ccb9 docs: use-cases: Update Intel SGX use case
51cbe145 runtime: Add option "disable_seccomp" to config hypervisor.clh
98b7350a virtcontainers: clh: Enable the seccomp feature
b625f62d runtime: delete cri containerd plugin from versions.yaml
09a5e03f docs: Write tracing documentation
4f018b52 runtime: delete useless src/runtime/cli/exit.go
24fff57c snap: make curl commands consistent
2b9f79cf snap: add cloud-hypervisor and experimental kernel
50da26d3 osbuilder: Call detect_rust_version() right before install_rust.sh
b4fadc94 docs: Updating Developer Guide re qemu-img
b8e69ce5 versions: Add libseccomp and gperf version
e61f5e29 runtime: Show socket path in kata-env output
5b3a349d trace-forwarder: Support Hybrid VSOCK
273a1a9a runtime: optimize test code
76f16fd1 runtime: use containerd package instead of cri-containerd
6d55b1ba docs: use containerd to replace cri-containerd
ed02bc90 packaging: add containerd to versions.yaml
adc9e0ba runtime: fix two bugs in rootless hypervisor
4d7ddffe utils: kata-manager: Update kata-manager.sh for new containerd config
f34f67d6 osbuilder: Specify version when installing Rust
135a0802 osbuilder: Pass CI env to container agent build
eb5dd76e osbuilder: Re-enable building the agent in Docker
7d0b616c agent: Do not fail when trying to adding existing routes
bcffa263 tracing: Fix typo in "package" tag name
e42bc05c kata-deploy: add .dockerignore file
3f95469a runtime: logging: Add variable for syslog tag
321be0f7 tracing: Remove trace mode and trace type

Compatibility with CRI-O

Kata Containers 2.3.0-rc0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.3.0-rc0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.3.0-rc0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.3.0-rc0 is compatible with Kubernetes 1.22.0-00

Libseccomp Notices

The binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the which is not statically linked with the library, you can build
a custom that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.3.0-rc0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.13.5"
ppc64le:
name: "alpine"
version: "3.13.5"
s390x:
name: "alpine"
version: "3.13.5"
x86_64:
name: "alpine"
version: "3.13.5"

Kata Linux Containers Kernel

Kata Containers 2.3.0-rc0 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

Shortlog

31c84547 workflows: fix artifact name in the release yaml
aaf37d72 release: Kata Containers 2.2.0-rc0
2d8386ea kata-monitor: add few unit tests
8714a350 kata-monitor: make code to identify kata pods simpler
68a6f011 kata-monitor: drop the runtime info from the sandbox cache
97dcc5f7 kata-monitor: drop getMonitorAddress()
0b03d97d vendor: update vendors for kata-monitor
c2f03e89 kata-monitor: talk to the container engine via the CRI
7a5ffd4a config: Enable jailer by default when using firecracker
76f4588f workflows: Actually push the release to quay.io
2cb7b513 docs: update general wording for installation documentation
b980c62f packaging/kernel: Update kernel build doc
99e9a6ad packaging/kernel: Update versions.yaml kernel urls
c23ffef4 packaging/kernel: Remove old Jenkins pipeline
9586d482 tracing: Return context in runHooks() span creation
6a6dee7c osbuilder: Document no Alpine support on s390x
7effbdeb osbuilder: Upgrade Ubuntu guest to 20.04
71f304ce agent: watcher: cleanup mount if needed when container is removed
f1a505db agent: Temporarily allow unknown linters
961aaff0 agent: watcher: fixes to make more robust
6871aeaa snap: enable snap build for arm64
233b53c0 agent: Fix cargo 1.54 clippy warning
c867d1e0 osbuilder: Drop Go agent support
4fe23b19 kernel: PTP_KVM support for arm/arm64 in Kata
99ab91df docs: update the docs project url from kata 1.x to 2.x
f981fc64 clh: correct cloud-hypervisor installation
64dd35ba virtcontainers: fc: properly remove jailed block device
7df56301 CI: Call agent shutdown test
f87cee9d kata-deploy: Rely directly on a centos:7 image
15e0a3c8 kata-deploy: Remove unneeded yum cached files
d01aebeb kata-deploy: Ensure the system is up-to-date
1d25d7d4 docs: Remove kata-proxy and binaries reference
77160e59 workflows: Actually login to quay.io
b9e03a1c docs: update the image repository to quay.io
f47cad3d tools: Update the image repository to quay.io
9fa1febf workflows: Also push the image to quay.io
49083bfa agent: Create the process CWD when it does not exist
831c2fee packaging: Remove reference to sheepdog driver
2e28b714 packaging: Drop support for qemu < 5.0
d5f85698 vendor: Update govmm
31650956 runtime/qemu: Use explicit "on" for kernel_irqchip parameter
b8133a18 osbuilder/dracut: Add missing libraries
a72b0811 osbuilder: pass env OS_VERSION
d007bb85 kata-deploy: shorten directory path
760ec4e5 virtcontainers: clh: Do not use the default HTTP client
80afba15 docs: update kata deploy README doc to add cloud-hypervisor test command
e6408fe6 Container: Add initConfigResourcesMemory and call it in newContainer
77604de8 qemu/arm: remove nvdimm/"ReadOnly" option on arm64
ee90affc newContainer: Initialize c.config.Resources.Memory if it is nil
767a41ce updateResources: Log result after calculateSandboxMemory
5b514177 docs: Add tracing proposals doc
57b696a5 docs: Removed mention of 1.x
4f0726bc docs: Remove table of contents
f186c5e2 docs: Fix invalid URLs
7c610a6f docs: Fix shell code
3fe6695b static-checks: Check for the force-skip-ci label on each step
5a0d3c4f docs: update the kata release url in the kata deploy document
81e6bf6f kata-deploy: Split shimv2 build in a separate container.
d46ae324 kernel: build: Add container build
b789a935 actions: release: Use new kata-deploy scripts.
85987c6d kata-deploy: Add Makefile
b9d2eea3 kata-deploy: Add script to merge kata tarballs.
4895747f Rootfs: Add curl to alpine rootfs builder.
fc90bb53 Actions: Add new workflow to create static tarballs
bbb06c49 actions: Remove scripts from actions directory.
2f9859ab build: Reuse firecracker directory on builds.
3533a5b6 Packaging: stop using GOPATH for yq.
0c5ded4b kata-deploy: build kata only with docker in host
8befb1f3 kata-deploy: Refactor builder options.
7125f5d8 image-builder: Allow build image and initrd independently.
9514dda5 mod: unity containerd dependency
6ffe37b9 mod: unify runc dependency
b53e8405 how-to-use-virtio-mem-with-kata.md: Remove undefined ${REPORT_DIR}
5957bc7d ci: Run static checks when PRs are updated
2ec31093 docs: update url for log parser in how-to-import-kata-logs-with-fluentd.md
cc0bb9ae versions: Upgrade to Cloud Hypervisor v17.0
8e9ffe6f snap: Substitute image configuration with initrd
8b15eafa docs: Update url for log parser in Developer guide
5371b921 mount: fix the issue of missing check file exists
07f7ad9d build(deps): bump github.com/containerd/containerd in /src/runtime
4fbae549 docs: Update experimental documentation
9c0b8a7f snap: do not export agent version
3727caf7 versions: Update runc to 1.0.1
116c29c8 cgroups: manager's Set() now takes Resources as its parameter
c0f801c0 rootless: RunningInUserNS() is now part of userns namespace
b5293c52 runtime: update runc dependency to 1.0.1
2859600a runtime: virtcontainers: make rootfs image read-only
070590fb vendor: update govmm
0f8c0dbc osbuilder/scripts: add support to yq version 4 and above
38826194 osbuilder: update centos arm rootfs image config 'GPG_KEY_ARCH_URL'
add480ed monitor: mv the monitor socket into sbs directory
b4c45df8 runtime: tools/packaging/cmd/kata-pkgsync: fix govet fieldalignment
aec53090 runtime: virtcontainers/utils: fix govet fieldalignment
1e4f7faa runtime: virtcontainers/types: fix govet fieldalignment
bb9495c0 runtime: virtcontainers/pkg: fix govet fieldalignment
80ab91ac runtime: virtcontainers/persist: fix govet fieldalignment
54bdd018 runtime: virtcontainers/factory: fix govet fieldalignment
dd58de36 runtime: virtcontainers/device: fix govet fieldalignment
47d95dc1 runtime: virtcontainers: fix govet fieldalignment
8ca7a7c5 runtime: netmon: fix govet fieldalignment
31de8eb7 runtime: pkg: fix govet fieldalignment
2b80091e runtime: containerd-shim-v2: fix govet fieldalignment
0dc59df6 runtime: cli: fix govet fieldalignment
f7c6f170 docs: added a glossary to support SEO tactics
c1042523 ci: expand $CI to nothing
cb6b7667 runtime: Add option "enable_guest_swap" to config hypervisor.qemu
a733f537 runtime: newContainer: Handle the annotations of SWAP
2c835b60 ContainerConfig: Set ocispec.Annotations to containerConfig.Annotations
243d4b86 runtime: Sandbox: Add addSwap and removeSwap
e1b91986 runtime: Update golang proto code for AddSwap
4f066db8 agent: agent.proto: Add AddSwap
a8649acf snap: fixed snap aarch64 qemu patches dir in snapcraft.yaml file
35cbc93d agent: clear MsFlags if the option has clear flag set
558f1be6 snap: Remove QEMU before clone
c5fdc0db docs: fix minikube installation guide runtimeclasses error
f2ef25c6 docs: fixed kata-deploy path for kata logs with fluentd doc
05084699 agent-ctl: bump to latest tokio
acf69328 agent: update tokio to 1.8.1
4f23b8cd ci: set -o nounset
dcd29867 static-checks: Call the static-checks make target
afd97850 makefile: Add static-checks target
34828df9 virtiofsd: fix the issue of missing stop virtiofsd
e887b39e docs: Update containerd configuration format
b12b21f3 osbuilder: Skip installing golang for building rootfs
27b299b2 agent-ctl: Use a common Makefile style like other components
73d3798c vsock-exporter: switch to tokio runtime
7960689e tracing: replace SimpleSpanProcessor with BatchSpanProcessor
ff87da72 config: Fix description for OCI hooks
8e0daf67 shimv2: fix the issue of kata-runtime exec failed

Compatibility with CRI-O

Kata Containers 2.2.0-rc0 is compatible with CRI-O

Compatibility with cri-containerd

Kata Containers 2.2.0-rc0 is compatible with cri-contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.2.0-rc0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.2.0-rc0 is compatible with Kubernetes 1.21.1-00

Kata Linux Containers image

Agent version: 2.2.0-rc0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.13.5"
ppc64le:
name: "alpine"
version: "3.13.5"
s390x:
name: "alpine"
version: "3.13.5"
x86_64:
name: "alpine"
version: "3.13.5"

Kata Linux Containers Kernel

Kata Containers 2.2.0-rc0 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

kata-containers 2.2.0-alpha1 is out and the main points the users should
be aware of are:

• containerd vendored code has been updating, thus this release will only
  work with the following versions of containerd onwards: v1.3.9, v1.4.3,
  and v1.5.0.
• there's a known regression on using the debug console, which will be
  addressed for the -rc0 release.

Shortlog

fcc93b00 shim-v2: Be compatible with the old runtime options
fdf97319 kata-deploy: Use the correct image for kata-deploy
c8aab29b release: Kata Containers 2.2.0-alpha1
39546a10 runtime: delete not used functions
d0bc148f runtime: Register defer function at early stage
e3860691 static-checks: Restrict static checks to go 1.15 and 1.16
f4fbf723 runtime: Update vendored code
a20074d4 static-checks: Check the vendored code
ac8f972e build: Add make vendor
f9643d83 agent-ctl: Add make vendor
5e69b498 trace-forwarder: Add make vendor
a104f132 agent: Add make vendor
579b3f34 runtime: Add make vendor
930ca55d runtime: Add make handle_vendor
8d6dd2ad snap: support golang 1.16.x
a48dc93f versions: update newest golang version
37996791 ci: add 1.16 to the list of golang versions to test
350acb2d virtcontainers: refactoring code for error handling in sandbox
858f39ef virtcontainers: update wrong comments for code
e0a19f6a virtcontainers: update API documentation
007a6561 snap: Build initrd on ppc64le & s390x
9b8cc458 ci: static checks: use defined target_branch
6999dcca trace-forwarder: Add option rustflags, target, build-type for the make
7db8a85a CI: Honour force-skip-ci label
8f76626f qemu: stop the virtiofsd specifically
b10e3e22 tracing: Consolidate tracing into a new katatrace package
9081bee2 runtime: return error if clh's binary has not a normal stat
88e70759 osbuilder: Fix the order of checking the distro config directory
1ab72518 agent: Fix to parsing of /proc/self/mountinfo
da3de3c2 shim-v2: Fix gosimple issue on utils_test.go
305fb054 virtcontainers: Fix gosimple issue on client.go
89cf168c virtcontainers: Ignore a staticcheck error on cpuset.go
2cc9006c snap: Miscellaneous s390x fixes
28b2c629 runtime: Use CC=gcc on SUSE s390x too
cfd690b6 virtcontainers: Use virtio-blk-ccw on s390x
8758ce26 agent: Enable virtio-blk-ccw
a33d6bae forwarder: Add dump only option
4c809a53 shimv2: fix the issue of leaking the hypervisor processes
d08603be runtime: Remove the version check for cloud hypervisor
2c943012 agent: fix wrong regular exp to fetch guest-cid
66dd8719 runtime: refact virtcontainers/pkg/oci
55c5c871 agent: enhance tests of execute_hook
e6b1766f agent: Cleanup config
bd595124 runtime: add spans and attributes for agent/mount
65d2fb5d agent: remove instrument attribute for some simple functions
cfb8139f agent: add more instruments for RPC calls
ae46e7bf runtime: pass span context to agent in ttRPC client
aa264f91 agent: update netlink libraries
d671f789 agent: fix the issue of convert OCI spec to RPC spec
f607641a shimv2: fix the issue bring by updating containerd vendor
79e632bc version: update the cri-containerd to v1.5.2
32c9ae13 shimv2: update containerd vendor
caf5760c runtime: Update golang proto code
000049b6 agent: delete some lint attributes
34bdddbe docs: Fix url in virtiofs documentation
3e8a07c4 tools: agent-ctl: Fix build failure
f6294226 cargo: Use latest nix crate for all Rust code bases
8310a3d7 virtcontainers: Don't fail memory hotplug
064dfb16 runtime: Add "watchable-mounts" concept for inotify support
3f0f1ceb docs: inotify: add initial documentation
6a93e5d5 agent: Initial watchable-bind implementation
57c0cee0 runtime: Cleanup mountSharedDirMounts, shareFile parameters
cabddcc7 tracing: Make runHooks() span creation return context
772c117d kernel: Add Secure Execution guest
f35ba94d packaging: Support Podman in QEMU build
ecd13ec4 docs: Update QAT docs with newer driver version
a822cdf6 osbuilder: Update QAT driver version
fe0085ca docs: Set LIBC=gnu for s390x too
b3623a2c shimv2: fix the issue of leaking wait goroutines
6a1a051c runtime: report finish time in containers stats
1316fa53 docs: Fix typos in Developer Guide
08984b6e docs: Update urls for Documentation Requirements document
2322f935 runtime: update default machine type to q35
11f9a914 docs: fix brackets usage error for developer guide
ac6b9c53 runtime: Hot-plug virtio-mem device on PCI bridge
789a5954 virtcontainers: Remove the pc machine
ecdd137c runtime: do not hot-remove PMEM devices
bd20701f docs: Update kata-deploy urls for installation document
a9aa36ce docs: Update url for installation guides
bd27f7ba agent: Sort PROPAGATION and OPTIONS alphabetically to scan easily
e544779c agent: Add some mount options
2022c64f runtime: using detail propertites instead of function name in log field
3f39df0d qemu: Add nvdimm read-only file support
23d31d5a ci: snap: Fetch history to all branches and tags
361bee91 runtime/virtcontrainers: fix alignment structures
6be8bf5c docs: update annotations documentation
7834f412 virtcontainers: change memory_offset to uint64
ad06eb90 containerd-shim-v2: Skip TestIoCopy unit test
ea9bb8e9 ppc64le: Adding test for appendProtectionDevice
8825bb29 agent: Update rust version for tokio
799cb272 agent: Upgrade mio to v0.7.13 to fix epoll_fd leak problem
45fd58d1 osbuilder: fix log message that is not error but seems like an error
2fb176dd docs: Update url for breaking compatibility
601e2b65 docs: Remove docker support with kata 2.x and sysctls
240aae96 docs: Update README for runtime documentation
be316945 virtcontainers: Fix TestQemuAmd64AppendProtectionDevice()
b26d5b1d virtcontainers: Support SEV
81c6e4ca runtime/vendor: add github.com/intel-go/cpuid
a918c46f test: Add a unit test for ioCopy()
85c40001 versions: Upgrade to cloud-hypervisor v16.0

Compatibility with CRI-O

Kata Containers 2.2.0-alpha1 is compatible with CRI-O

Compatibility with cri-containerd

Kata Containers 2.2.0-alpha1 is compatible with cri-contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.2.0-alpha1 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.2.0-alpha1 is compatible with Kubernetes 1.21.1-00

Kata Linux Containers image

Agent version: 2.2.0-alpha1

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.13.5"
ppc64le:
name: "alpine"
version: "3.13.5"
s390x:
name: "alpine"
version: "3.13.5"
x86_64:
name: "alpine"
version: "3.13.5"

Kata Linux Containers Kernel

Kata Containers 2.2.0-alpha1 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

The 2.1.0 release of Kata Containers provides:

• virtio-mem support.
• kata-monitor improvements.
• A whole bunch of fixes and improvements to kata-deploy, which is the
  preferred way of deploying the project.
• Improvements on tracing.
• Improvements on how PCI devices are handled
• Improvements on the agent side, which has been made asynchronous.
• IPv6 support.
• Innumerous documentations fixes and cleanups.
• support for sandbox level bindmounts
• kata-runtime metrics command introduced for gathering stats on a running Kata sandbox.

Shortlog

5d3610e2 release: Kata Containers 2.1.0
9266c246 rustjail: separated the propagation flags from mount flags
7086f91e runtime: sandbox delete should succeed after verifying sandbox state
0a7befa6 docs: Fix spell-check errors found after new text is discovered
eff70d2e docs: Remove horizontal ruler markers that disable spell checks
260f59df image_build: align image size to 128M for arm64
c0bdba23 runtime: make dialing timeout configurable
828a3048 agent: avoid reaping the exit signal of execute_hook in the reaper
1b3cf2fb kata-monitor: export get stats for sandbox
59b9e5d0 kata-runtime: add metrics command
3212c7ae packaging/kata-cleanup: add k3s containerd volume
d3690952 runtime: shim: dedup client, socket addr code
7f7c794d runtime: Short the shim-monitor path
3f1b7c91 cli: delete tracing code for kata-runtime binary
68cad377 agent: Set fixed NOFILE limit value for kata-agent
7c9067cc docs: add per-Pod Kata configurations for enable_pprof
dba86ef3 ci/install_yq.sh: install_yq: Check version before return
79831faf runtime: use s.ctx instead ctx for checking cancellation
3883e4e2 kernel: configs: Open CONFIG_VIRTIO_MEM in x86_64 Linux kernel
7f7c3fc8 qemu.go: qemu: resizeMemory: Fix virtio-mem resize overflow issue
c9053ea3 qemu.go: qemu: setupVirtioMem: let sizeMB be multiple of 2Mib
799433d8 release: Kata Containers 2.1.0-rc0
2047f26f kata-deploy: Adapt CRI-O config to use drop-in files
8de2f914 kata-deploy: Rely on CRIO default's values for manage_ns_lifecycle
ea9936e0 versions: Bump runc to v1.0.0-rc93
9c333b2c versions: Bump CRI-O version to 1.21.x
e33f207b versions: Bump critools version to 1.21.0
8e5df723 versions: Bump kubernetes version to 1.21.0
d15f84c9 versions: Remove Docker entry
516f4ec0 versions: Remove OpenShift entry
be101ac1 versions: Remove CRI-O meta dependencies
ee7de8ab tools: fix build kernel shell error
3ee61776 virtcontainers: Enable virtio-fs on s390x
8385ff95 runtime: Re-vendor GoVMM
adba4532 virtcontainers: Revert "virtcontainers: Allow s390x appendVhostUserDevice"
906c0df4 kata-deploy: don't update worker pool nodes
ede078bc kata-deploy: aks-test: bump kubernetes/containerd
484af12b kata-deploy: update to handle new runtimeclass path
05c224c3 runtimeclass: add nodeSelector
12a65d23 runtimeclass: drop stale runtimeclass definitions
1ca6bedf versions: Upgrade to cloud-hypervisor v15.0
0d0a520d clh: return error if apiSocketPath failed
fc6bb01a runtime: fix dropped error
81c5ff12 agent: Update seccomp configuration for errnoRet and flags
0787ea80 cgroupsCreate: not set resources to c.config.Resources
831224aa Sandbox: Fix ContainerConfig ptr in CreateContainer and createContainers
7d5a4252 docs: Document limitation regarding subpaths
a57c8ab1 qemu: kill virtiofsd if failure to start VMM
36776408 runtime/virtcontainers: Fix typo on qmp error msg
ff2b9e54 cli: delete not used files
677f0d99 runtime: delete not used function parameter builtIn
30ff6ee8 runtime: handle io.katacontainers.config.hypervisor.virtio_fs_extra_args
dcb9f403 config: Protect annotation for entropy_source
d4a54137 runtime: Fix stdout/stderr output from container being truncated
f4c26aad agent: fix the issue of missing set fsGroup for EphemeralStorage
628d55bf kata-agent: fix the issue of fsGroup missing
8a33bd4c qemu: Fix assertion failure on shutdown
0405beb2 agent: Remove unused Default implementation for NamespaceType
7b83b7ec agent/uevent: Better initialize Uevent in test
b0190a40 agent: Use vec![] macro rather than init-then-push
1c43245e agent/device: Remove unneeded Result<> wrappers from uev matchers
e41cdb8b agent: Use str::is_empty() method in config::get_string_value()
2377c097 agent: Use CamelCase for NamespaceType values
75eca6d5 agent/rustjail: Clean up error path in execute_hook()s async task
6ce1e56d agent/rustjail: Remove an unnecessary PathBuf
3c4485ec agent/rustjail: Clean up some static definitions with vec! macro
eaec5a6c agent/oci: Change name case to make clippy happy
3f5fdae0 agent/rustjail: (trivial) Clean up comment on process_grpc_to_oci()
210f39a4 agent/rustjail: Simplify renaming imports
8ecf8e5c agent: use channel instead of pipe to send exit signal of process
de2631e7 utils: Make WaitLocalProcess safer
9256e590 shutdown: Don't sever console watcher too early
51ab8700 utils: Improve WaitLocalProcess
507ef636 utils: Add waitLocalProcess function
7f609113 virtcontainers: Allow s390x appendVhostUserDevice
67ac4f45 runtime: update GoVMM for memory backend support
1d5098de agent/block: Generate PCI path for virtio-blk devices on clh
543f9da3 runtime: Disable trace for healthcheck
6577b01a agent/rustjail: Fix accidental damage from tokio conversion
1366f0fb cli: Use genericGetExpectedHostDetails on s390x
e7c97f0f runtime/tests: Change "moo FAILURE" message
8bc53498 docs: Simplify the repo bumping section
8a47b05a docs: Mention that an app token should be used with hub
d434c2e9 docs: OBS account is not require anymore
421439c6 API: remove ProcessListContainer/ListProcesses
4f164b52 release: Kata Containers 2.1.0-alpha2
11897248 release: Do not git add kata-{deploy,cleanup}.yaml for the tests repo
12582c2f kata-deploy: add runtimeclass that includes pod overhead
2b5f79d6 release: automatically bump the version of the kata-deploy images
f444adb5 kata-cleanup: Explicitly add tag to the container image
8ea2ce9a agent/device: Remove legacy uevent matching
5d007743 agent/device: Refine uevent matching for pmem devices
a59e07c1 agent/define: Refine uevent matching for virtio-scsi devices
484a3647 agent/device: Rework uevent handling for virtio-blk devices
8682d6b7 docs: update dev-guide to include fixes from 1.x
d75fe956 virtcontainers: replace newStore by store in Sandbox struct
49eec920 agent: log the tag and mount point if it is already mounted
342eb765 tools/agent-ctl: Update Cargo.lock
24b0703f agent: fix test for the debug console
79033257 agent: async the debug console
9017e110 agent: start to rework the debug console
660b0473 oci: Update seccomp configuration
107ceca6 kernel: update experimental kernel to 5.10.x
d43098ec kata-deploy: Adapt regex for testing kata-deploy
ca4dccf9 release: Get rid of "master"
c2197cbf release: Use sudo to install hub
7873b7a1 github: Fix slash-command-action usage
a938d903 rustjail: fix the issue of missing default home env
0828f9ba agent/uevent: Introduce wait_for_uevent() helper
16ed55e4 agent/device: Use consistent matching for past and future uevents
4b16681d agent/uevent: Put matcher object rather than "device address" in watch list
b8b32248 agent/uevent: Consolidate event matching logic
d2caff6c agent: Re-organize uevent processing
55ed2ddd agent: Store uevent watchers in Vec rather than HashMap
91e0ef5c agent/uevent: Report whole Uevents to device watchers
36420054 agent: Store whole Uevent in map, rather than just /dev name
06162025 agent/device: Move GLOBAL_DEVICE_WATCHER into Sandbox
11ae32e3 agent/device: Fix path matching for PCI devices
4f608804 agent/device: Update test_get_device_name()
e3e670c5 agent/device: Forward port test for get_device_name() from Kata 1.x
16f732fc ci/lib: Use git to clone the tests repository
9281e567 ci/openshift-ci: Add build root dockerfile
b0e4618e docs: update configuration for passing annotations in conatinerd
eda8da1e github: Revert "github: Remove kata-deploy-test action"
13653e7b runtime: increase dial timeout
f365bdb7 versions: qemu-experimental: 6.0-rc 470dd6
6491b9d7 qemu: Add support to build static qemu for dev tree
1cce9300 github: Remove kata-deploy-test action
52a276fb agent: Fix type for PROC_SUPER_MAGIC on s390x
5b7c8b7d agent: Update cgroups-rs to 0.2.5
28bd8c11 kernel: upgrade kernel to 5.10.x for arm64.
ee6a590d agent: add test test_pipestream_shutdown
4a2d4370 agent: don't do anything in Pipestream::shutdown
64939425 mount: fix the issue of missing set fsGroup
88e58a4f agent: fix the issue of missing pass fsGroup
ed08980f agent: Remove many "panic message is not string literal" warnings
010d57f4 osbuilder: Update QAT Dockerfile with new QAT driver version
935460e5 osbuilder: update dockerfiles to utilize IMAGE_REGISTRY
adb866ad kata-deploy: Adapt to the correct tag name
60adc7f0 VERSION: Use the correct form
572aff53 build: Only keep one VERSION file
a4c125a8 trace: move gRPC requests from debug to trace
50fff977 trace: move trace span chatter to trace rather than info
0c38d9ec runtime: Fix the format of the client code of cloud-hypervisor APIs
52cacf88 runtime: Format auto-generated client code for cloud-hypervisor API
6fe48329 runtime: use concrete KataAgentConfig instead of interface type
84b62dc3 versions: Update cloud-hypervisor to release v0.14.1
09d454ac runtime: import runtime/v2/runc/options to decode request from Docker
6255cc19 virtcontainers/fc: Upgrade Firecracker to v0.23.1
ede1ab86 docs: Remove ubuntu installation guide
4a38ff41 docs: Update snap install guide
2c47277c docs: update how-to-use-k8s-with-cri-containerd-and-kata.md
317f55f8 docs: Update minimum version for Fedora
1ce29fc9 docs: Update CentOS install docs
3f90561b docs: Update Fedora install docs
8a1c6c3f action: fix missing qemu tag
a9ff9c87 docs: Remove openSUSE installation guide
2888ceb0 docs: Remove SLE installation guide
8c1e0d30 kernel: Enable OVERLAY_FS_{METACOPY,XINO_AUTO}
a65519b9 versions: keep using kernel 5.4.x for ARM
c035cdb3 versions: kernel 5.10.x
31ced01e virtcontainers: Fix missing contexts in s390x
0b502d15 runtime: makefile allow override DAX value
75f99638 release: Kata Containers 2.1-alpha1
48e5e4f2 test: install mock hook binary before test
3f46e637 cgroups: fix the issue of getting wrong online cpus
3a77e4eb build: remove unused variables from Makefile
9a4e8666 container: on cleanup, rm container directory for mounts path
1555bfd8 runtime: add support for QEMU 6
1d448813 uevent: Add shutdown channel for task
d8d5b4cd signal: Move to a new module
011f7d78 logging: Rework for shutdown
7d5f88c0 agent: Enable clean shutdown
dcb39c61 main: Create logger task
2cf2897d main: Use task list for stopping tasks
039df1d7 main: Refactor main logic into new async function
2a648fa7 logging: Use guard to make threaded logging safe
38f0d8d3 config: Fix assert_error testing macro
e3492448 runtime: fix virtiofsd RO volume sharing
532ff7c9 runtime: update virtcontainers API documentation
6fcfea8d runtime: Fix static check errors
f3ebbb1f runtime: Fix trace span ordering
fc0f93ae actions: enable unit tests in PR check
74192d17 runtime: fix static check errors
a2dee1f6 runtime: fix vm factory UT failure
076bc507 agent-ctl: update Cargo.lock
0153f76b runtime: gofmt code
190f8134 runtime/katautils: PFlash should be initialized
b2ec5a43 runtime: fix cleanupSandboxBindMounts panic
9b689ea1 runtime/cli: fix TestMainBeforeSubCommandsLoadConfigurationFail failure
8e71c4fc runtime: fix missing context argument in mocked sandbox APIs
8ff62bee runtime: fix vcmock build failure
60f6315b kata-deploy: Use the correct tag for 2.1-alpha1 release
5a3ee7d7 snap: Use qemu.version to build snap
0f78a5dc kernel: rename exeperimental kernel symlink.
f7910523 qemu: Build experimental qemu.
b0e51e59 qemu: Improve cache build
bc587da9 qemu: Add suffix for qemu binaries.
5493517b qemu: add CACHE_TIMEOUT
98d01ce6 qemu: Apply patches for specific versions.
a09e58fa packaging: Use local file for assets.
07cfa4ce qemu: patches: Fail if not patches directory
e221c45d versions: Update qemu database
5abdd2aa qemu: move 5.0.0 patches to its own dir.
34e7d5ed agent: Validate CID
b2658709 runtime: Validate CID
12e9f7f8 runtime: Add missing test mock function
0e4b28e8 rustjail: rework execute_hook
451b45f9 agent: Make use of test consts for error messages
ea51c17b agent: Allow server address to be specified on kernel command-line
8c4d3346 agent: disconnect rpc get_oom_event when destroy_sandbox.
259c1791 docs: Update QAT instructions to work with Kata 2.0 repos
d5a9d56e agent: Update Cargo.lock for earlier dependency change
5096103e osbuiler: fixing USE_DOCKER for ppc64le
b0e966c3 agent: Fix unused import warning in unit tests
d7cb3df0 cgroups: Add systemd detection when creating cgroup manager
f659871f cgroups: remove unused SystemdCgroup variable and accessor/mutators
4bf84b4b runtime: Add contexts to calls in unit tests
9e4932a6 runtime: use root span for shimv2 tracing
6b0dc60d runtime: Fix ordering of trace spans
48ed8f3c runtime: add support for readonly sandbox bindmounts
0f7950fb packaging: configure QEMU with -O2
224c50f4 snap: Package virtiofsd and fix path
b0344589 runtime: return hypervisor Pid in TaskExit event
7ae349c5 agent: makefile: Add codecov target
85601cd3 snap: Update for QEMU 5.2.0
88cef33b versions: update QEMU to 5.2.0
74a893f7 packaging: Refactor version comparisons on configure-hypervisor.sh
f0d49851 exec: ensure sup groups are added to agent request
81607e34 rustjail: fix the issue of home_dir function
6417067d osbuilder: Port QAT Dockerfile to 2.0 repo
b412e159 osbuilder: Port QAT Dockerfile to 2.0 repo
c258ea25 agent-ctl: Function parameter cleanup
fcd45def agent-ctl: Unbreak build
efe625df build: Remove whitespace
34dc861c rustjail: fix the issue of bind mount device file from guest
f580d33c musl/arm64: decompression before use the tarball.
2da058ed osbuild: build musl toolchain from source if needed
21bdaaf8 runtime: Fix missing 'name' field on containerd-shim-v2 logs
17e9a2cf agent: don't error of virtiofs share is already mounted
bc0ac526 shimv2: return the hypervisor's pid as the container pid
0f709833 runtime: check if error loading runtime config
6f720761 agent: fix clippy for rustc 1.5
4a214720 agent: Fix test
02079dbb agent: upgrade tokio to 1.0
947913f6 agent/protocols: Remove cargo:rerun-if-changed in build.rs
dcea0869 rustjail: fix blkio conversion
a42dc748 agent: Agent invokes OCI hooks with wrong PID
2c8ea0a8 kata-deploy: Add copyright to the kata-deploy's Dockerfile
4e494e34 packaging: Remove NEMU mentions
f21c54a9 kata-deploy: QEMU, for 2.x, already includes virtiofs
657bd789 kata-deploy: Get rid of references to the docker script
bc34cbbc agent: Stop receive message from Receiver if got None
10ed3da4 release: Rename runtime-release-notes to release-notes
f5dab6af release: We're not compatible with Docker.
01481d6a kata-deploy: Ensure CRI-O uses the VM runtime type
d1c71736 kata-deploy: Move the containerd workarounds to their own functions
5013634e kata-deploy: Stop shipping kata-{clh,fc,qemu,qemu-virtiofs} binaries
2270f19e kata-deploy: Update README to reflect the current distributed artifacts
a494c4de makefile: agent: Add self documented help
10f1c30f kata-runtime: use filepath.Join() to compose file path
f4ae9c84 docs: Update Developer-Guide.md
9963428a docs: update document for using debug console
44cde6e4 runtime: connect guest debug console bypass kata-monitor
72cb9287 vhost-user-blk: Use PciPath type for vhost user devices
74f5b5fe runtime/block: Use PciPath type through block code
32b40f5f runtime/network: Use PciPath type through network handling
87c5823c agent/device: Add unit test for pcipath_to_sysfs()
066ce7ab agent/device: Pass root bus sysfs path to pcipath_to_sysfs()
fda48a9b agent/device: Use pci::Path type, name things consistently
c12b86dc agent/device: Generalize PCI path resolution to any number of bridges
3715c577 agent/device: Rename and clarify semantics of get_pci_device_address()
7e92831c protocols: Update PCI path names / terminology in agent protocol def
8e5fd8ee runtime: Introduce PciSlot and PciPath types
7464d055 agent: PCI path type
b22259ad agent: PCI slot type
8c2f9e69 gitignore: Ignore *~ editor backup files
a44b2729 runtime: Create tracer later in shimv2
df14d386 Agent: OCI hooks return malformed json
49bdbac6 osbuilder: Allow image registry to be customizable
cb6d2f3c osbuilder: alphabetize fields
fdc573d5 docs: Update licensing strategy to use kata 2.0 repository
2e2749ad runtime: clh-config: add runtime hooks to the clh toml
ef72926b ci: snap: run snap CI on every pull request
919d5127 snap: fix kernel setup
d0548414 ci: snap: build targets that not need sudo first
a115338d ci: snap: define proxy variables
37213513 runtime: cpuset: when creating container, don't pass cpuset details
c9c7c124 agent: Remove bogus check from list_interfaces() unit test
056d742c docs: Update documentation with new prefixless config options
fdcde796 cli: use new prefixless config options in tools scripts
02ee8b0b cli: Add aliases for kata- options
c6bc43b6 docs: Fix broken link to fluentbit.io docs
50fea9fa github: Only run kata-deploy-test on pull-requests
20b27a16 docs: Fix the installation directory of virtiofsd
11fe6a35 osbuilder: Fix USE_DOCKER on s390x
9f237aab docs: add katacontainers end-to-end arch image
afb41978 osbuilder: Build for glibc on s390x
a1cedc56 agent: Build for glibc on s390x
3d3e4dc1 packaging: Fix vmlinux kernel install on s390x
8045104e ci: Upgrade to yq 3.4.1
fbab262f kernel: Don't fail if "experimental" dir doesn't exist
62cbaf4d kata-deploy: Remove kata-deploy-docker.sh
34065027 runtime: add jaeger configuration items
17df9b11 runtime: migrate from opentracing to opentelemetry
e1dce3a3 rustjail: use rlimit crate
a252d861 rustjail: get all capabilities dynamically
11680efe agent: README update to install protoc for ppc64le
b548114f qemu: Add security fixes for CVE-2020-35517
f16ab49b agent: fix non_camel_case_types lint and stop hiding the warning
8ffe4d67 agent: fix unused_parens lint and stop hiding the warning
f70ca69d agent: remove #![allow(unused_unsafe)]
e28bf7a5 agent: fix dead_code lint
05da23ac agent: fix non_snake_case lint and remove ![allow(non_snake_case)]
b7a1f752 arm64: enable acpi for qemu/virt.
71aeb920 osbuilder: updates for feedback
9f7a7a4f osbuilder: Enforcing LIBC=gnu to rootfs build for ppc64le
254b98dd rustjail: fix unit test test_process
b25575b4 agent: remove crate signal-hook which are no longer used
b1880b3e rustjail: remove unnecessary #[async_trait]
83e9414f rustjail: add unittest test_execute_hook
d2041001 rustjail: close stdin in execute_hook after it was sent
bb081311 rustjail: fix fork/child in execute_hook
b6c2a605 kata-monitor: set buildmode to exe to avoid build failing
8e2b19ac osbuilder: add description for how to use DISTRO variable
2f1cb799 kata-monitor: allow for building for alpine
0e57393f shimv2: log a warning and continue on post-start hook failure
e7043fe2 shimv2: log a warning and continue on post-stop hook failure
a88b8969 kernel: Updates to kernel config for ppc64le
e111093b agent: add secure_join to prevent softlink escape
448771f5 rustjail: fix the issue of container's cgroup root path
3718df69 osbuilder: Remove leftover pieces related to cmake
c2d14cde versions: Update cloud-hypervisor to release v0.12.0
d1bf8293 kernel: ACPI: Always build evged for stable kernel
6f3d5917 clh: Use vanilla kernel.
fd39f0fa osbuilder: Add "Agent init" on terms glossary
1273e485 osbuilder: Fix urls to repositories
ba9fa49a osbuilder: Use Fedora and CentOS registries
fd5592d4 branch: change 2.0-dev to main
2b880d28 snap: Don't release Kata Alpha/RC in snap store
fa93831f agent: Address linter and tests
96762ab7 agent: Remove old netlink crate
33367be4 agent: Integrate netlink
23f3aefa agent: Implement new netlink module
14a63cce agent: Add underscore for constants
0ea8243a github: Update ubuntu version to 20.04
12551de8 agent: implement NVDIMM/PMEM block driver
6abb1be7 rustjail: fix the issue of missing destroy contaienr cgroups
fe67f57c agent: set edition = "2018" in .rustfmt.toml to fix rustfmt about async fn
df68771e agent-ctl: Update ttrpc to 0.4.14 for agent-ctl
37e285bf agent: Make debug console async
f3bd4394 agent: fix tests for async functions
9f79ddb9 agent: use tokio Notify instead of epoll to fix #1160
332fa4c6 agent: switch to async runtime
5561755e agent: Initial switch to async runtime
35ea7ee6 actions: further updates to fix release workflow
ded8e03f actions: fixup release/main workflow
7557a1b6 packaging: should tag/update tests repo when releasing
437b35b7 actions: w/a deprecated set-env
49e7151d shimv2: Add tracing
383e8e67 release: Kata Containers 2.1-alpha0
5ce74bab snap: tag yq version
ef1feaf3 revert: "snap: Fix yq error in build"
6cc1920c snap: Fix yq error in build
789fd7c1 blk-dev: hotplug readonly if applicable
12777b26 volumes: cleanup / minor refactoring
fbc1d123 vendor: revendor govmm
b329a74f rootfs: Fix indentation inside a switch
8879f9a0 rootfs: apparmor=unconfined is needed for non Red Hat host OSes
bbeebcdb rootfs: Always add SYS_ADMIN, CHROOT, and MKNOD caps to docker cmdline
90ec2fa8 rootfs: Don't fallthrough in the docker_extra_args() switch
ebd9fcc2 actions: Run static checks before make agent
a5372e00 github: Add github actions
5c464018 shimv2: Avoid double removing of container from sandbox
14e7042c agent: Clean up commented use declarations
5fe5b321 agent: Fix temp prefix on Namespace::test_setup_persistent_ns
3a891d4e agent: Return error on trying to persist a pid namespace
894fa42a rustjail: allow network sysctls
0d3736d5 rustjail: fix the issue of sync read
0dc02f6d rustjail: fix the issue of bind mount /dev
9a7bcccc qemu: no state to save if QEMU isn't running
f740032c packaging/qemu: Delete the temporary container
e5c710e8 packaging/qemu: Build and package completely in the container
4c3377de packaging/qemu: Add QEMU_DESTDIR argument to dockerfiles
d4cd2554 agent: Avoid container stats panic caused by cgroup controller non-exist
157e055f agent: upgrade crate cgroups to 0.2.0
e3ec1d50 agent: Simplify .or_else() to .or()
e004616b runtime/network: Fix error reporting in listRoutes()
1ae8e81a runtime/network: Correct error reporting in listInterfaces()
b366af93 jail: add more test cases for validator
d38a5d3f jail/validator: introduce helpers to reduce duplicated code
76ad3213 jail/validator: avoid unwrap() for safety
51fd624f rustjail: add more context info for errors
68f66c51 agent-ctl: Add void "install" target
5e407758 trace-forwarder: Add void "install" target
8ac93f65 rootfs-builder: add support for gentoo
faed2369 rootfs-builder: add functions to run before and after the container
9321e1b2 oci: fix two incompatible issues with OCI spec
406a91ff agent: consume ttrpc crate from crates.io
6181570c oci: fix a typo in "addtionalGids"
4af5beda agent/sandbox: Don't update cpuset when ncpus = 0
9897238f rootfs: reduce size of debian image
10e9bfc6 runtime: Allow to overwrite DESTDIR
8e5603e6 snap: fix snap release channel
3db1c805 agent: Don't leak fd when reseeding rng
a19263e5 agent/protocols: Remove unneeded import from oci.proto
a19cf28c agent/protocols: Remove some unnecessary include directives from protoc
2b452090 agent/protocols: Remove some unneeded dependencies for protocol generation
b36c9ea3 docs: Fix docs in docs/architecture.md
d47122e9 docs: Update the Cloud Hypervisor description in virtualization.md
1ca415d8 agent: exit from exec hangs if background process is present
8f538935 install: Improve snap documentation
a793b8d9 agent: update cpuset of container path
705182d0 agent: ignore updating cpuset error when update cgroups
a00f7c34 docs: fix the custom agent binary file path for creating initrd image
0155fe12 shimv2: handle ctx passed by containerd
647331ac runtime: clh: Enforce to call 'cleanupVM' for 'stopSandbox'
53b5d063 agent: Adjust OOM Score to avoid agent being killed.
70f198d7 cli: check modules and permissions before loading a module
cb684cf8 cli: don't fail if rate limit is exceeded
e684a541 docs: add link to VMT on top level README
9216f2ad rustjail: fork a new child process to change the pid ns
3b08376c rustjail: remove the network ns validation against container
13a8e4e3 snap: update apps section
c388ec5b runtime: don't wait the second shim process in shim start
6c2fc233 agent: create pci root Bus Path for arm64
d6acc4c0 agent: enable lto flag for Cargo to get better optimized code
fdbf7d32 virtcontainers: revert CleanupContainer from PR 1079
91a390f0 docs: Create hypervisor summary document
3eeb25a1 docs: Tidied up virtualisation summary table
8ec3cf08 docs: Adding hyperlink to virtio-net in kata documentation 2.0
b5b67db8 docs: Fixing typo in virtualization.md file
4d46d0f0 versions: Use CRI-O v1.18.4-4-g6dee3891e
14a21c3a runtime: change configuration key name from EnablePprof to enable_pprof
4e3a8c01 runtime: remove global sandbox variable
29020394 runtime: delete sandboxlist.go and sandboxlist_test.go
9b88a96b versions: Use release-1.18 (commit ee9128444bec10)
36f65ce1 runtime: clh: update cloud-hypervisor
e1396f04 runtime: clh: disable virtiofs DAX when FS cache size is 0
8f38265b release: Fix release candidate to major version upgrade check
2e0bf40a tests: Ensure semver build metadata is ignored
4024a827 release: Make error format string consistent
cb0e6094 runtime: sleep 1 second after GetOOMEvent failed
18a22459 Agent: README updates for build on ppc64le
655f2649 Agent: README updates for build on ppc64le
dfe364f8 Agent: README updates for build on ppc64le
b8414045 runtime: remove nsenter
e3510be8 runtime: use one line if statement to check if err is nil for qemu.go
4c78814b docs: Fix pre-existing spelling mistakes caught by the CI
6c083d94 docs: Add a link to document describing how to use annotations
d67921a2 docs: Document restricted annotations
1fc7b764 docs: Repair inconsistencies between 2.0 and 1.x
92c1c4c6 versions: Update cloud-hypervisor to release v0.11.0
378308e2 docs: Add instructions for enabling VM templating
21801a11 versions: Revert "version: revert back to crio 1.8.3"
40418f6d runtime: add geust memory dump
5b065eb5 runtime: change govmm package
93d79625 clh: Consolidate the code path for device unplug
8907a339 agent: Only show ttrpc logs for trace log level
21cd7ad1 agent: Log ttrpc messages
286eebf0 agent: Add env var to set log level
b9c6db4b agent: Add env var tests
705e9955 agent: Add env var comment
5ced96e9 hypervisor: Remove unused methods
e82c9dae annotations: Improve asset annotation handling
0f26f1cd annotations: Add missing hypervisor control annotation
76064e3e asset: Formatting, grammar and whitespace
ff13bde3 version: revert back to crio 1.8.3
a958eaa8 runtime: mount shared mountpoint readonly
125e21ce runtime: readonly mounts should be readonly bindmount on the host
b6f8a1d5 docs: Fix incorrect docs in config file
5f0abc20 CI: Fix incorrect URL
62c7e094 docs: Remove credits
679df0fb docs: Update top-level README
87848e87 versions: Update crio version
77b50969 runtime: cloud-hypervisor: reduce memory footprint
2e1a8f0a agent: Improve unit test coverage for src/sandbox.rs
172d015e rustjail: fix the issue of create thread failed causing thread panic
9e93463b agent/rustjail: improve unit test coverage for rustjail/container.rs
ad4f7b86 agent/rustjail: make mount and umount2 public
926a6186 agent/rustjail: fix typo
8130d9b2 agent/rustjail: don't use unwrap in container::oci_state
5d111071 rustjail: add mock implementation for cgroup manager
e3eff0eb agent: Update build instructions
f134b4a3 agent: Update build instructions
bb19fcb9 docs: Update documentation with new subcommand forms
d2fe7091 cli: Use new subcommand forms in kata-manager script
4d9ab0cd cli: Support new subcommand forms in bash completion
c5d355e1 cli: Remove kata- prefix from env and check subcommands
4ee78120 runtime: Restore QEMUVIRTIOFSPATH variable in Makefile
b9b281e7 packaging: Use apply-patches.sh in build-kernel.sh
163e6104 packaging: Make qemu/apply_patches.sh common
d4cf3057 packaging: qemu/apply_patches.sh should sort the patches
0896ce80 agent: update proto file copyright
6e9ca457 agent: generate proto files properly
837343f0 agent-ctl: update cargo.lock
b3166618 runtime: remove the unused proto files
54e23c83 agent: move gogo.proto out of the github.com namespance
583e6ed3 agent: types.pb.go is not regenerated
e90aa7b4 agent: fixes the permissions of PID 1's STDIO
f1c3bf6b runtime: let kata-collect-data.sh collect kata-monitor info
993a8da3 kata-monitor: add version subcommand
9e9988df agent/protocols: Move agent.proto out of the mock folder of agent
9cb41507 agent/protocols: Fix copyright header checking
0d58d919 agent/protocols: Stop generate agent proto files in the shellscript
7559382b agent/protocols: Ignore generated files and remove these files from repo
fdc33fb7 agent/protocols: Generate proto files programmatically
2738b18b runtime: Fix firecracker config
e5d4259a runtime: Simplify make variables for clh
a7251651 docs: remove the 1.x version description about shim and proxy
9eab3015 arm64: correct bridge type for QEMUVIRT
5b079a3b snap: add GH actions jobs to release the snap package
df4ce9fa ci: add cargo clippy for agent
2e138788 agent: clear match_like_matches_macro/vec_resize_to_zero warnings
227edfdc agent: clear module_inception/type_complexity warnings
698d25b7 agent: clear redundant_field_names clippy warning
4dd9bd7a agent: clear clippy len_zero warnings
bf7dec5c agent: clear clippy warnings
56f867ee rustjail: clear clippy warnings
16757ad4 oci: clear clippy warnings
f32f49bd logging: clear clippy warnings
7159fc2e agent: simplify ttrpc error construction
96a4ed7d Makefile: Replace @RUNTIME_NAME@ with the target in generated files
b88aac04 docs: Update how-to Readme with hypervisor information.
d6464117 docs: Update Readme to remove hypervisor information
b4f9fb51 docs: Remove docs for nemu
da79b4be virtcontainers: Append max_ports to virtio-serial device
0f894986 snap: install libseccomp-dev
9a351509 package: drop qemu-virtiofs shim
6ed669a1 packaging: install virtiofsd for normal qemu build as well
bcf48530 runtime: enable virtiofs by default
1a9515a9 runtime: Pass --thread-pool-size=1 to virtiofsd
1c528cd1 packaging: Apply virtiofs performance related fixes to 5.x
e2221d34 tools: Improve agent-ctl README
edf02af1 tools: Make agent-ctl support more APIs
56201803 tools: Remove commented out code in agent-ctl
9bac4ee6 tools: Log request in agent-ctl tool if debug enabled
68821f08 tools: Rename agent-ctl command to GetGuestDetails
8553f062 tools: Fix comment in agent-ctl
c5771be2 annotations: Correct unit tests to validate new protections
398d7918 annotations: Split addHypervisorOverrides to reduce complexity
b2b3bc7a annotations: Add unit test for checkPathIsInGlobs
6f52179c annotations: Add unit test for regexpContains function
966bd573 makefile: Add missing generated vars to USER_VARS
be6ee255 makefile: Improve names of config entries for annotation checks
b1194274 annotations: Give better names to local variabes in search functions
b5db114a annotations: Rename checkPathIsInGlobList with checkPathIsInGlobs
d65a7d10 config: Add better comments in the template files
7c6aede5 config: Whitelist hypervisor annotations by name
f047fced config: Use glob instead of regexp to match paths in annotations
11b9c90c annotations: Fix typo in comment
c16cdcb2 config: Add makefile variables for path lists
4e89b885 config: Protect file_mem_backend against annotation attacks
aae9656d config: Protect vhost_user_store_path against annotation attacks
55881653 config: Add security warning on configuration examples
b21a829c config: Protect ctlpath from annotation attack
27b6620b config: Protect jailer_path annotation
07669017 config: Add examples for path_list configuration
2d431c61 annotations: Simplify negative logic
2ca9ca89 config: Add hypervisor path override through annotations
2e093dfd config: Fix typo in function name
bf13ff0a config: Protect virtio_fs_daemon annotation
8c75de19 config: Add 'List' alternates for hypervisor configuration paths
2d1f2c7b kernel: update to 5.4.71
d3c98620 config: make virtio-fs part of standard kernel
6ba294a1 agent: remove unwrap() for e.as_errno()
e77482fe agent: Use ? instead of match when the error returns directly
47ff2fb9 agent: use anyhow context to attach context to Error instead of match
2f690a2b agent: remove useless match
1d8def66 agent: Use ok_or_else instead of match for Option -> Result
0dce817e agent: replace match Result with or_else
7bf4073d agent: replace unnecessary match Result with map_err
7f9e5913 agent: replace check! with map_err for readability
09aca49e agent: remove check! in child process because we cant' see logs.
a18899f1 agent: refactor namespace::setup to optimize error handling
a3c64e5c agent: replace if let Err with or_else
6ffa8283 agent: replace if let Err with map_err
720eab78 versions: Update Kubernetes, containerd, cri-o and cri-tools
84953066 agent: Fix crasher if AddARPNeighbors request empty
3d084c7d agent: Fix crasher if UpdateRoutes request empty
5615e5a7 agent: Fix crasher if UpdateInterface request empty
863f918a rustjail: add length check for uid_mappings in rootless euid mapping
1b7ed328 kata-monitor: use regexp to check if runtime is kata containers
0e0564a5 docs: update the build kata containers kernel document
d8a8fe47 cpuset: don't set cpuset.mems in the guest
88cd7128 sandbox: consider cpusets if quota is not enforced
77a463e5 cpuset: support setting mems for sandbox
2d690536 cpuset: add cpuset pkg
12cc0ee1 sandbox: don't constrain cpus, mem only cpuset, devices
b6cf68a9 cgroups: add ability to update CPUSet
b812d4f7 virtcontainers: add method for calculating cpuset for sandbox
5b520003 docs: Update upgrading guide
fc6468ef agent: fix panic on malformed device resource in container update
ae6b8ec7 agent/device: Check type as well as major:minor when looking up devices
859301b0 agent/device: Index all devices in spec before updating them
2477c355 agent/device: Forward port update_spec_device_list() unit test
08d80c1a agent/device: update_spec_device_list() should error if dev not found
43d70a32 docs: Add containerd install guide
11c1ab8b agent: use ok_or/map_err instead of match
6b9f9915 rustjail: use Iterator to manipulate vector elements
dc1442c3 rustjail: delete codes commented out
aa04111d rustjail: delete unused test code
5e3d1fb6 agent: add blank lines between methods
980e48ca agent: delete unused field in agentService
52b821fa agent: use no-named closure to reduce codes
b1f95e8d agent: use a local fn to reduce duplicated codes
906b3844 agent: update not accurate comments
f63f7405 agent: fix errorneous parsing for guest block size
eae685dc agent: use chain of Result to avoid early return
b7309943 agent: use macro to simplify parse_cmdline function in config.rs
154a356a packaging: apply qemu v5.1 stable fixes
c781a808 agent: fix aarch64 build
82e94501 packaging: fix cloud-hypervisor binary path
78318c18 packaging: fix missing cloud_hypervisor_repo
9834a766 docs: add namespace key to pod/container config files
9a02e6eb docs: Add crictl example json files
37e7de72 ci: snap: add event filtering
b7147eda agent: do not follow link when mounting container proc and sysfs
00ad3fd3 agent-ctl: include cargo lock updates
15b71563 agent: set init process non-dumpable
1839dfd9 runtime: Clear the VCMock 1.x API Methods from 2.0
c4472481 virtiofs: Disable DAX
ffea705a docs: Update docs for enabling agent debug console
0e898c6b rust-agent: Treat warnings as error
0e4baaab rust-agent: Identify unused results in tests
5b2b5652 rust-agent: Log returned errors rather than ignore them
d617caf1 rust-agent: Remove unused imports
ee739c5d rust-agent: Report errors to caller if possible
d5b492a1 rust-agent: Ignore write errors while writing to the logs
c635c46a rust-agent: Remove unused code that has undefined behavior
ec24f688 rust-agent: Remove 'mut' where not needed
c8f406d4 rust-agent: Remove uses of deprecated functions
f832d8a6 rust-agent: Remove or rename unused parameters
5a1d3311 rust-agent: Remove or rename unused variables
27efe291 rust-agent: Remove unused functions
d76ece0c rust-agent: Remove useless braces
3682812e rust-agent: Remove unused macros
e3cdc89b osbuilder: Create target directory for agent
8cd62d7b versions: add plugins section
3e56de81 snap: specify python version
7cad865d packaging: fix image build script
483209bf actions: add kata deploy test
07930024 packaging: cleaning, updating based on new filepaths
f0f205cd packaging: remove obs-packaging
4b1753c5 packaging: pull versions, build-image out from obs dir
3f6cd4d5 packaging: Revert "packaging: Stop providing OBS packages"
c33ee54a clh: Support VFIO device unplug
1f4dfa31 clh: Remove unnecessary VmmPing
cc80ae0a versions: cloud-hypervisor: Bump to version 6d30fe05
aa8eefd8 ci: add github action to test the snap
0fec7a4d docs: Change kata_tap0 to tap0_kata
3394a6a5 docs: update networking description
2e83f405 dev-guide: update kata-agent install details
777f3981 docs: update dev guide for agent build
a89deb3e rust-agent: Update README
a5b3e1cd docs: drop docker installation guide
6c4300c6 docs: fix static check errors in docs/install/README.md
59224a76 docs: update architecture.md
ea1cb37b versions: cloud-hypervisor: bump version
0ebffdf2 runtime: cloud-hypervisor: tag openapi-generator-cli container
e51a1ea3 docs: use-cases: Add Intel SGX use case
7d638231 runtime/vendor: add k8s.io/apimachinery/pkg/api/resource
6df165c1 runtime: add support for SGX
a6221a74 qemu: upgrade qemu version to 5.1.0 for arm64.
0ccbca3b agent: Fix OCI Windows network shared container name typo
80c52834 github: Remove issue template and use central one
a7faeaac docs: fix broken links
f30b86f1 Packaging: release notes script using error kernel path urls
a4afe3af rust-agent: Replaces improper use of match for non-constant patterns
07d339c7 devices: fix go test warning in manager_test.go
03517327 action: Allow long lines if non-alphabetic
7019e72c agent: remove unreachable code
942999ed agent: Change do_exec return type to ! because it will never return
4501c25a agent: propagate the internal detail errors to users
22ca2da6 packaging: Stop providing OBS packages
afa88c1b install: Add contacts to the distribution packages
3955cc89 install: Update information about Community Packages
218f77d7 install: Update SUSE information
2a0e76a8 install: Update openSUSE information
691f1364 install: Update RHEL information
270fc4b2 install: Update Fedora information
492b4e90 install: Update CentOS information
1984e635 ci: fix clone_tests_repo function
02c1a59f agent: Set LIBC=gnu for ppc64le arch by default
757dfa70 fc: integrate Firecracker's metrics
ce675075 static-build/qemu-virtiofs: Refactor apply virtiofs patches
512b38cf packaging/qemu: Add common code to apply patches
edce2712 static-build/qemu-virtiofs: Fix to apply QEMU patches
85d22301 runtime: fix TestNewConsole UT failure
e90e9a2c travis: skip static checker for ppc64
5611283e runtime: fix golint errors
daf2a54d agent: fix cargo fmt
c05c4ba5 ci: always checkout 2.0-dev of test repository
1569b3b3 docs: fix static check errors
df3119b6 runtime: fix make check
b03d958e gitignore: ignore agent service file
64b4f698 agent: fix UT failures due to chdir
acaa806c agent: Only allow proc mount if it is procfs
33513fb4 rustjail: make the mount error info much more clear
484a595f runtime: add enable_debug_console configuration item for agent
febdf8f6 runtime: add debug console service
3523167d runtime: Call s.newStore.Destroy if globalSandboxList.addSandbox
7225460a shimv2: add a comment in checkAndMount()
ca501e54 osbuilder: specify default toolchain verion in rust-init.
a34478ff runtime: Update cloud-hypervisor client pkg to version v0.10.0
45b0b4ed agent/oci: Don't use deprecated Error::description() method
33585a8e runtime: Fix linter errors in release files
86a864b8 packaging: Build from source if the clh release binary is missing
eae21591 runtime: add podman configuration to data collection script
e3a0f9b3 ci: use export command to export envs instead of env config item
9e5a4b8b ci: use Travis cache to reduce build time
36ce7018 agent: update cgroups crate
52984b67 docs: Update the reference path of kata-deploy in the packaging
1a77f69e runtime: make kata-check check for newer release
d1277848 how-to: add privileged_without_host_devices to containerd guide
96f8769a travis: enable RUST_BACKTRACE
cda7acf7 agent/rustjail: add more unit tests
98cc979a agent/rustjail: remove makedev function
b99fefad agent/rustjail: add unit tests for ms_move_rootfs and mask_path
d79fad2d agent/rustjail: implement functions to chroot
25c91afb agent/rustjail: add unit test for pivot_rootfs
7cf0fd95 agent/rustjail: implement functions to pivot_root
672da4d0 agent/rustjail: add unit test for mount_cgroups
ab61cf7f agent/rustjail: add unit test for init_rootfs
0a0714c9 agent/rustjail/mount: don't use unwrap
3dc9452b agent/rustjail: add tempfile crate as depedency
d756f52c rustjail: implement functions to mount and umount files
9f2f5201 docs: Fix the kata-pkgsync tool's docs script path
98c4d11b docs: fix k8s containerd howto links
f107b12b docs: fix up developer guide for 2.0
a02d1787 gitignore: ignore agent version.rs
b518ddea agent: fix agent panic running as init
61181b9f packaging: use local version file for kata 2.0 in Makefile
e1c6aa27 docs: fix release process doc
1acfba4d packaging: fix release notes

Compatibility with CRI-O

Kata Containers 2.1.0 is compatible with CRI-O

Compatibility with cri-containerd

Kata Containers 2.1.0 is compatible with cri-contaienrd v1.3.7

OCI Runtime Specification

Kata Containers 2.1.0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.1.0 is compatible with Kubernetes 1.21.0-00

Kata Linux Containers image

Agent version: 2.1.0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.12"
ppc64le:
name: "alpine"
version: "3.12"
s390x:
name: "alpine"
version: "3.12"
x86_64:
name: "alpine"
version: "3.12"

Kata Linux Containers Kernel

Kata Containers 2.1.0 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

The 2.0.4 release of the Kata Containers project, the last one of the
stable-2.0 branch, provides:

• A bunch of warnings clean up on the agent code.
• Improvements on QEMU code, avoiding process being left behind.
• Cloud Hypervisor upgrade to v15.0
• Fixes for virtio_fs_extra_args annotation
• Documentation improvements.

FIXME - message this section by hand to produce a summary please

Shortlog

1c62bd12 release: Kata Containers 2.0.4
3d33250e agent: Wrong pid method used
afe4df04 agent: Fix compiler checks
f859f8af agent: Fixes for static and compiler checks
657d7552 agent: simplify ttrpc error construction
7d96f22b ci: add cargo clippy for agent
2f67e831 agent: fix clippy for rustc 1.5
4f9b5faf agent: clear match_like_matches_macro/vec_resize_to_zero warnings
974e0e3b agent: clear module_inception/type_complexity warnings
91e12404 agent: clear clippy warnings
02aaab22 agent: clear clippy len_zero warnings
165988a3 rustjail: clear clippy warnings
9d49a69f oci: clear clippy warnings
cab530cb agent: clear redundant_field_names clippy warning
8d16767b logging: clear clippy warnings
01b2bbc1 runtime: fix static check errors
c60951f5 actions: enable unit tests in PR check
c750ce13 agent: makefile: Add codecov target
0704641c makefile: agent: Add self documented help
04dcbd4d github: Update ubuntu version to 20.04
f1c63380 github: Add github actions
ee202408 versions: Upgrade to cloud-hypervisor v15.0
aad549fe qemu: kill virtiofsd if failure to start VMM
16e358b3 docs: Document limitation regarding subpaths
a8137eef Makefile: Replace @RUNTIME_NAME@ with the target in generated files
351a01bd runtime: handle io.katacontainers.config.hypervisor.virtio_fs_extra_args

Compatibility with CRI-O

Kata Containers 2.0.4 is compatible with CRI-O

Compatibility with cri-containerd

Kata Containers 2.0.4 is compatible with cri-contaienrd v1.3.7

OCI Runtime Specification

Kata Containers 2.0.4 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.0.4 is compatible with Kubernetes 1.21.0-00

Kata Linux Containers image

Agent version: 2.0.4

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.12"
ppc64le:
name: "alpine"
version: "3.12"
s390x:
name: "alpine"
version: "3.12"
x86_64:
name: "alpine"
version: "3.12"

Kata Linux Containers Kernel

Kata Containers 2.0.4 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

The 2.1.0-rc release of Kata Containers provides:

• A bump in the kubernetes, CRI-O, cri-tools, and runc versions used to test
  Kata Containers.
• virtio-fs support enablemed for s390x.
• Improvements on kata-deploy.
• Documentation fixes.
• Innumerous fixes and clean-ups accross different components of the project.

FIXME - message this section by hand to produce a summary please

Shortlog

799433d8 release: Kata Containers 2.1.0-rc0
2047f26f kata-deploy: Adapt CRI-O config to use drop-in files
8de2f914 kata-deploy: Rely on CRIO default's values for manage_ns_lifecycle
ea9936e0 versions: Bump runc to v1.0.0-rc93
9c333b2c versions: Bump CRI-O version to 1.21.x
e33f207b versions: Bump critools version to 1.21.0
8e5df723 versions: Bump kubernetes version to 1.21.0
d15f84c9 versions: Remove Docker entry
516f4ec0 versions: Remove OpenShift entry
be101ac1 versions: Remove CRI-O meta dependencies
ee7de8ab tools: fix build kernel shell error
3ee61776 virtcontainers: Enable virtio-fs on s390x
8385ff95 runtime: Re-vendor GoVMM
adba4532 virtcontainers: Revert "virtcontainers: Allow s390x appendVhostUserDevice"
906c0df4 kata-deploy: don't update worker pool nodes
ede078bc kata-deploy: aks-test: bump kubernetes/containerd
484af12b kata-deploy: update to handle new runtimeclass path
05c224c3 runtimeclass: add nodeSelector
12a65d23 runtimeclass: drop stale runtimeclass definitions
1ca6bedf versions: Upgrade to cloud-hypervisor v15.0
0d0a520d clh: return error if apiSocketPath failed
fc6bb01a runtime: fix dropped error
81c5ff12 agent: Update seccomp configuration for errnoRet and flags
0787ea80 cgroupsCreate: not set resources to c.config.Resources
831224aa Sandbox: Fix ContainerConfig ptr in CreateContainer and createContainers
7d5a4252 docs: Document limitation regarding subpaths
a57c8ab1 qemu: kill virtiofsd if failure to start VMM
36776408 runtime/virtcontainers: Fix typo on qmp error msg
ff2b9e54 cli: delete not used files
677f0d99 runtime: delete not used function parameter builtIn
30ff6ee8 runtime: handle io.katacontainers.config.hypervisor.virtio_fs_extra_args
dcb9f403 config: Protect annotation for entropy_source
d4a54137 runtime: Fix stdout/stderr output from container being truncated
f4c26aad agent: fix the issue of missing set fsGroup for EphemeralStorage
628d55bf kata-agent: fix the issue of fsGroup missing
8a33bd4c qemu: Fix assertion failure on shutdown
0405beb2 agent: Remove unused Default implementation for NamespaceType
7b83b7ec agent/uevent: Better initialize Uevent in test
b0190a40 agent: Use vec![] macro rather than init-then-push
1c43245e agent/device: Remove unneeded Result<> wrappers from uev matchers
e41cdb8b agent: Use str::is_empty() method in config::get_string_value()
2377c097 agent: Use CamelCase for NamespaceType values
75eca6d5 agent/rustjail: Clean up error path in execute_hook()s async task
6ce1e56d agent/rustjail: Remove an unnecessary PathBuf
3c4485ec agent/rustjail: Clean up some static definitions with vec! macro
eaec5a6c agent/oci: Change name case to make clippy happy
3f5fdae0 agent/rustjail: (trivial) Clean up comment on process_grpc_to_oci()
210f39a4 agent/rustjail: Simplify renaming imports
8ecf8e5c agent: use channel instead of pipe to send exit signal of process
de2631e7 utils: Make WaitLocalProcess safer
9256e590 shutdown: Don't sever console watcher too early
51ab8700 utils: Improve WaitLocalProcess
507ef636 utils: Add waitLocalProcess function
7f609113 virtcontainers: Allow s390x appendVhostUserDevice
67ac4f45 runtime: update GoVMM for memory backend support
1d5098de agent/block: Generate PCI path for virtio-blk devices on clh
543f9da3 runtime: Disable trace for healthcheck
6577b01a agent/rustjail: Fix accidental damage from tokio conversion
1366f0fb cli: Use genericGetExpectedHostDetails on s390x
e7c97f0f runtime/tests: Change "moo FAILURE" message
8bc53498 docs: Simplify the repo bumping section
8a47b05a docs: Mention that an app token should be used with hub
d434c2e9 docs: OBS account is not require anymore
421439c6 API: remove ProcessListContainer/ListProcesses

Compatibility with CRI-O

Kata Containers 2.1.0-rc0 is compatible with CRI-O

Compatibility with cri-containerd

Kata Containers 2.1.0-rc0 is compatible with cri-contaienrd v1.3.7

OCI Runtime Specification

Kata Containers 2.1.0-rc0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.1.0-rc0 is compatible with Kubernetes 1.21.0-00

Kata Linux Containers image

Agent version: 2.1.0-rc0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.12"
ppc64le:
name: "alpine"
version: "3.12"
s390x:
name: "alpine"
version: "3.12"
x86_64:
name: "alpine"
version: "3.12"

Kata Linux Containers Kernel

Kata Containers 2.1.0-rc0 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

The 2.0.3 release of Kata Containers provides:

• Improvements in the project documentation
• Fixes for building agent-ctl
• A newer version of cloud-hypervisor (v0.14.1)
• Improvements and fixes for kata-deploy, such as:
  • Always use the image with the tag corresponding to this release
  • Include pod overhead for the used runtime classes
• Improvements and fixes for scripts used to prepare this release

Shortlog

ea3f9b22 release: Kata Containers 2.0.3
624ff413 release: Do not git add kata-{deploy,cleanup}.yaml for the tests repo
6bb3f441 agent: update cpuset of container path
4d4aba2e kata-deploy: add runtimeclass that includes pod overhead
5f4f8ff3 release: automatically bump the version of the kata-deploy images
f0d63160 kata-cleanup: Explicitly add tag to the container image
4e868ad9 docs: update dev-guide to include fixes from 1.x
1c70ef54 ci: Fix travis for stable-2.0
55bdd1fc kata-deploy: Adapt regex for testing kata-deploy
144be145 release: Get rid of "master"
017c7cf2 release: Use sudo to install hub
52c6b073 build: Only keep one VERSION file
e7bdeb49 github: Fix slash-command-action usage
c0ca9f9a github: Revert "github: Remove kata-deploy-test action"
81f38990 github: Remove kata-deploy-test action
6586f3b7 docs: update configuration for passing annotations in conatinerd
f5adc4c1 docs: Remove ubuntu installation guide
a67bdc36 docs: Update snap install guide
67be5583 docs: update how-to-use-k8s-with-cri-containerd-and-kata.md
abfff68d docs: Update CentOS install docs
0466ee04 docs: Update Fedora install docs
6b223194 docs: Remove SLE installation guide
fb01d515 agent-ctl: update ttrpc version
e3efcfd4 runtime: Fix the format of the client code of cloud-hypervisor APIs
5a92333f runtime: Format auto-generated client code for cloud-hypervisor API
ec0424e1 versions: Update cloud-hypervisor to release v0.14.1

Compatibility with CRI-O

Kata Containers 2.0.3 is compatible with CRI-O v1.18.4-2-gee9128444

Compatibility with cri-containerd

Kata Containers 2.0.3 is compatible with cri-contaienrd v1.3.7

OCI Runtime Specification

Kata Containers 2.0.3 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.0.3 is compatible with Kubernetes 1.18.9-00

Kata Linux Containers image

Agent version: 2.0.3

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.12"
ppc64le:
name: "alpine"
version: "3.12"
s390x:
name: "alpine"
version: "3.12"
x86_64:
name: "alpine"
version: "3.12"

Kata Linux Containers Kernel

Kata Containers 2.0.3 suggest to use the Linux kernel v5.4.71
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations