Bot releases are visible (Hide)

kata-containers - # Release 2.4.3

Published by fidencio over 2 years ago

kata-containers Changes

Shortlog

847003187 release: Kata Containers 2.4.3
396fed42c release: Adapt kata-deploy for 2.4.3
025e3ea6a shim: set a non-zero return code if the wait process call failed.
f32a14663 snap: Fix debug cli option
0718b9b55 rootfs: Fix chronyd.service failing on boot

Compatibility with CRI-O

Kata Containers 2.4.3 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.4.3 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.4.3 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.4.3 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

libseccomp

The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.4.3

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.4.3 suggest to use the Linux kernel v5.15.48
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers - # Release 2.5.0-rc0

Published by fidencio over 2 years ago

kata-containers Changes

Shortlog

2d29791c1 release: Kata Containers 2.5.0-rc0
f4eea832a release: Adapt kata-deploy for 2.5.0-rc0
96553e8bd runtime: Add documentation of drop-in config file fragments
c656457e9 runtime: Add tests of drop-in config file decoding
99f5ca80f runtime: Plug drop-in decoding into decodeConfig()
0f9856c46 runtime: Scan drop-in directory, read files and decode them
2c1efcc69 runtime: Add helpers to copy fields between tomlConfig instances
20f11877b runtime: Add framework to manipulate config structs via reflection
2a4fbd6d8 agent: enhance get handled signal
0ddb34a38 oci: fix serde skip serializing condition
acd3302be agent: Run OCI poststart hooks after a container is launched
fbb2e9bce agent: Replace some libc functions with nix ones
1f363a386 runtime: overwrite mount type to bind for bind mounts
4e48509ed build: Set safe.directory for runtime repo
433816cca ci/cd: update check-commit-message
48ccd4233 ci: Set safe.directory against tests repository
a5a25ed13 runtime: delete Console from Cmd type
323271403 virtcontainers: Remove unused function
0939f5181 config: Expose default_maxmemory
58ff2bd5c clh,qemu: Adapt to using default_maxmemory
afdc96042 hypervisor: Add default_maxmemory configuration
ab5f1c956 shim: set a non-zero return code if the wait process call failed.
e5be5cb08 runtime: device: cleanup outdated comments
5f936f268 virtcontainers: config validation is host specific
bdf5e5229 virtcontainers: validate hypervisor config outside of hypervisor itself
469e09854 katautils: don't do validation when loading hypervisor config
1a78c3df2 packaging: Remove unused kata docker configure script
0e2459d13 docs: Add cgroupDriver for containerd
4e30e11b3 shim: support shim v2 logging plugin
e32bf5331 device: deduplicate state structures
f97d9b45c runtime: device/persist: drop persist dependency from device pkgs
f9e96c650 runtime: device: move to top level package
3880e0c07 agent: refactor reading file timing for debugging
93874cb3b packaging: Restrict kernel patches applied to top-level dir
07b1367c2 versions: Update kernel to latest LTS version 5.15.48
1b7d36fdb agent: Allow BUILD_TYPE=debug
c70d3a2c3 agent: Update the dependencies
612fd79ba random: Fix "nonminimal-bool" clippy warning
d4417f210 netlink: Fix "or-fun-call" clippy warnings
e227b4c40 block: Leverage multiqueue for virtio-block
9ff10c083 kernel: Add CONFIG_EFI=y as part of the TDX fragments
e7e7dc9df runtime: Add heuristic to get the right value(s) for mem-reserve
ef925d40c runtime: enable sandbox feature on qemu
0bbbe7068 snap: fix snap build on ppc64le
c7dd10e5e packaging: Remove unused publish kata image script
1b7fd19ac rootfs: Fix chronyd.service failing on boot
28995301b tracing: Remove whitespace from root span
9941588c0 workflow: Removing man-db, workflow kept failing
a305bafee docs: Update outdated URLs and keep them available
721ca72a6 runtime: fix error when trying to parse sandbox sizing annotations
90a7763ac snap: Fix debug cli option
5d7fb7b7b build(deps): bump github.com/containerd/containerd in /src/runtime
d0ca2fcbb build(deps): bump crossbeam-utils in /src/tools/trace-forwarder
a60dcff4d build(deps): bump regex from 1.5.4 to 1.5.6 in /src/tools/agent-ctl
dbf50672e build(deps): bump crossbeam-utils in /src/tools/agent-ctl
8e2847bd5 build(deps): bump crossbeam-utils from 0.8.6 to 0.8.8 in /src/libs
e9ada165f build(deps): bump regex from 1.5.4 to 1.5.5 in /src/agent
adad9cef1 build(deps): bump crossbeam-utils from 0.8.5 to 0.8.8 in /src/agent
ac5dbd859 clh: Improve logging related to the net dev addition
0b75522e1 network: Set queues to 1 to ensure we get the network fds
93b61e0f0 network: Add FFI_NO_PI to the netlink flags
bf3ddc125 clh: Pass the tuntap fds down to Cloud Hypervisor
55ed32e92 clh: Take care of the VmAdNetdPut request ourselves
01fe09a4e clh: Hotplug the network devices
2e0753833 clh: Expose VmAddNetPut
bee770343 docs: Update containerd url link
1a5ba31cb agent: refactor reading file timing for debugging
bb26bd73b safe-path: fix clippy warning
db5048d52 kernel: build efi_secret module for SEV
1ef0b7ded runtime: Switch to using the rust version of virtiofsd (all but power)
9773838c0 virtiofsd: export env vars needed for building it
eff4e1017 shim: change the log level for GetOOMEvent call failures
412441308 docs: Add more kata monitor details
8f10e13e0 config: Allow enable_iommu pod annotation by default
b0e090f40 versions: Bump virtiofsd to v1.3.0
1b845978f docs: Add storage limits to arch doc
7ae11cad6 docs: Update source for cri-tools
f5099620f tools: Enable extra detail on error
34bcef884 docs: Add agent-ctl examples section
815157bf0 docs: Remove erroneous whitespace

Compatibility with CRI-O

Kata Containers 2.5.0-rc0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.5.0-rc0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.5.0-rc0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.5.0-rc0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

libseccomp

Kata Linux Containers image

Agent version: 2.5.0-rc0

Default Image Guest OS:

Default Initrd Guest OS:

Kata Linux Containers Kernel

Kata Containers 2.5.0-rc0 suggest to use the Linux kernel v5.15.48
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers - # Release 2.4.2

Published by snir911 over 2 years ago

kata-containers Changes

Shortlog

7fd22d77d release: Kata Containers 2.4.2
607a8a9c2 release: Adapt kata-deploy for 2.4.2
e5568a31a agent: ignore ESRCH error when destroying containers
322839ac7 runtime: force stop container after the container process exits
b75d5cee7 docs: update release process github token instructions
e938ce443 docs: update release process with latest workflow triggering
046ba4df7 workflows: add workflow_dispatch triggering to test-kata-deploy
14ce4b01b runtime: Adding the correct detection of mediated PCIe devices
f54d5cf16 agent: Fix is_signal_handled failing parsing str to u64
80d5f9e14 agent: move assert_result macro to test_utils file
50a74dfee agent: add tests for is_signal_handled function
560247f8d agent: add tests for update_container_namespaces
47d4e79c1 agent: add tests for do_write_stream function
e3ce8aff9 agent: add tests for get_memory_info function
ebe9fc2ca clh: Update to the v24.0 release
29c9391da agent: fix direct-assigned volume stats
d1848523d runtime: direct-volume stats use correct name
338c9f2b0 runtime: direct-volume stats update to use GET parameter
f528bc010 runtime: fix incorrect Action function for direct-volume stats
3413c8588 tools: Add QEMU patches for SGX numa support
db6d4f7e1 versions: Upgrade to Cloud Hypervisor v23.1

Compatibility with CRI-O

Kata Containers 2.4.2 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.4.2 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.4.2 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.4.2 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

libseccomp

Kata Linux Containers image

Agent version: 2.4.2

Default Image Guest OS:

Default Initrd Guest OS:

Kata Linux Containers Kernel

Kata Containers 2.4.2 suggest to use the Linux kernel v5.15.26
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers - # Release 2.5.0-alpha2

Published by snir911 over 2 years ago

kata-containers Changes

Shortlog

eb24e9715 release: Kata Containers 2.5.0-alpha2
d2df1209a docs: describe kata handling for core-scheduling
22b6a94a8 shim: add support for core scheduling
fe3c1d9cd docs: Update storage documentation link
6ecea84bc rustjail: get home dir using nix crate
38a318820 runk: Support list sub-command
6d0ff901a docs: Update vGPU use-case
9d27c1fce agent: ignore ESRCH error when destroying containers
9726f56fd runtime: force stop container after the container process exits
168f325c4 docs: Update configuration reference for snap documentation
b9fc24ff3 docs: update release process github token instructions
c1476a174 docs: update release process with latest workflow triggering
8b57bf97a workflows: add workflow_dispatch triggering to test-kata-deploy
002f2cd10 snap: Use helper script and cleanup
9b108d993 docs: Improve snap formatting
894f661cc docs: Add warning to snap build
d759f6c3e snap: Fix CH architecture check
56591804b docs: Improve snap build instructions
cb2b30970 snap: Build using destructive mode
60823abb9 docs: Move snap README
af2ef3f7a agent-ctl: introduce handle for iptables get/set
65f0cef16 kata-runtime: add iptables CLI to test http endpoint
3201ad083 shim-client: ensure we check resp status for Put/Post
0706fb28a kata-runtime: shmgmt: make url usage consistent
2a09378dd shim-client: add support for DoPut
640173cfc shim-mgmt: Add endpoint handler for interacting with iptables
0136be22c virtcontainers: plumb iptable set/get from sandbox to agent
bd50d463b agent: iptables: get/set handling for iptables
03176a9e0 proto: update generated code based on proto update
38ebbc705 proto: update to add set/get iptables
78d45b434 agent: return mount file content if parse mountinfo failed
2e04833fb docs: Update Intel QAT documentation links
7c4049aab osbuilder: add iptables package
648b8d0ae runk: Return error when tty is used without console socket
5205efd9b runk: Add Podman guide in README
590381574 agent: Pass standard I/O to container launched by runk
c7b3941c9 runk: Enable test for the agent built with standard-oci-runtime feature
6dbce7c3d agent: Remove unused import in console test
d862ca059 runk: Handle rootfs path in config.json properly
c95ba63c0 docs: Remove information related to Kata 1.x
34b80382b docs: Get rid of note related to networking.
dfad5728a docs: Mention --cni flag while invoking ctr
fff832874 clh: Update to v24.0
49361749e snap: Build and package rust version of virtiofsd
27d903b76 snap: Put the yq binary in the staging bin directory
d7b4ce049 snap: Remove unused variable
43de5440e snap: Fix unbound variable error
c9b291509 snap: Fix whitespace
122a85e22 agent: remove bin oci-kata-agent
35619b45a runk: merge oci-kata-agent into runk
10c13d719 qemu: remove virtiofsd option in qemu config
d20bc5a4d virtiofsd: build rust based virtiofsd from source for non-x86_64
8e7c5975c agent: fix direct-assigned volume stats
4428ceae1 runtime: direct-volume stats use correct name
ffdc065b4 runtime: direct-volume stats update to use GET parameter
f29595318 runtime: fix incorrect Action function for direct-volume stats
2a1d39414 runtime: Adding the correct detection of mediated PCIe devices
ce2e521a0 runtime: remove duplicate 'types' import
7a5ccd126 runtime: sync docstrings with function names
834f93ce8 docs: fix annotations example
f4994e486 runtime: allow annotation configuration to use_legacy_serial
c67b9d297 qemu: allow using legacy serial device for the console
44814dce1 qemu: treat console kernel params within appendConsole
24a2b0f6a docs: Remove clear containers reference in README
8052fe62f runtime: do not check for EOF error in console watcher
abad33eba kernel: Remove nemu.conf from packaging
e87eb13c4 tools: delete unused param from get_from_kata_deps callers
4b437d91f agent: Fix is_signal_handled failing parsing str to u64
e73b70baf runtime: Don't run unit tests verbose by default
f24a6e761 runtime: Consolidate flags setting in unit tests script
cf465feb0 runtime: Don't change test behaviour based on $CI or $KATA_DEV_MODE
34c4ac599 runtime: Remove redundant subcommands from go-test.sh
0aff5aaa3 runtime: Simplify package listing in go-test.sh
557c4cfd0 runtime: Don't chmod coverage files in Go tests
04c8b52e0 runtime: Remove HTML coverage option from go-test.sh
7f7691442 runtime: Add coverage.txt.tmp to gitignore
13c257700 runtime: Move go testing script locally
4f586d2a9 packaging: Add kernel config option for SGX in Gramine
7bc4ab68c ci: Don't run Docs URL Alive Check workflow on forks
b4b9068cb tools: Add QEMU patches for SGX numa support
88fb9b72e docs: Update runc containerd runtime
a475956ab workflows: Add support for building virtiofsd
71f59f3a7 local-build: Add support for building virtiofsd
c7ac55b6d dockerbuild: Install unzip
8e2042d05 tools: add script to pull virtiofsd
dbedea508 versions: Add virtiofsd entry
421064680 doc: Update log parser link
271933fec log-parser: fix some of the documentation
c7dacb121 log-parser: move the kata-log-parser from the tests repo
82ea01828 versions: Upgrade to Cloud Hypervisor v23.1
383be2203 agent: Add a macro to skip a loop easier
97d7b1845 runk: use custom Kill command to support --all option
475e3bf38 agent: add test coverage for functions find_process and online_resources

Compatibility with CRI-O

Kata Containers 2.5.0-alpha2 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.5.0-alpha2 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.5.0-alpha2 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.5.0-alpha2 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

libseccomp

Kata Linux Containers image

Agent version: 2.5.0-alpha2

Default Image Guest OS:

Default Initrd Guest OS:

Kata Linux Containers Kernel

Kata Containers 2.5.0-alpha2 suggest to use the Linux kernel v5.15.26
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers - # Release 2.5.0-alpha1

Published by fidencio over 2 years ago

kata-containers Changes

Highlights for the Kata Containers 2.5.0-alpha1 release include:

The addition of runk, a OCI container runtime, written in rust, based on a modified version of Kata Contaoner's agent (#2784)
Cloud Hypervisor bump to v23.0 (#4120)
Firecracker bump to v0.23.4 (#4001)
Fixes related to hugepages (#3816, #3695)
Fixes for pod terminating (#4043, #4081)
Improvements to direct volume assignment (#4098, #4018)
Improvements to kata-montior documentation and endpoints (#3704. #4061, #4054)
Disk and Network rate limitting for Cloud Hypervisor (#4017, #4139)
Kata Deploy support to RKE2 (#4161)
Fixes on the agent-ctl tool (#4164)
A lot of simplifications on the agent tests
A whole new set of agent tests
New documentation has been added related to both Firecrackerm and using NV GPUs

Shortlog

4a1e13bd rustjail: Add tests for hook_grpc_to_oci
9b863b0e release: Kata Containers 2.5.0-alpha1
70eda2fa agent: watchers: ensure uid/gid is preserved on copy/mkdir
33a8b705 clh: Rely on Cloud Hypervisor for generating the device ID
81f6b486 agent: add tests for create_logger_task function
7772f7dd runk: set BinaryName for runk for containerd
b221a259 tools: Add runk
2c218a07 agent: Modify Kata agent for runk
b0e439cb rustjail: add tests for parse_mount_table
b975f2e8 Virtcontainers: Enable hot plugging vhost-user-blk device on ARM
7ffe5a16 docs: Direct-assigned volume design
081f6de8 versions: change qemu tdx url and tag
dd4bd7f4 doc: Added initial doc update for NV GPUs
666aee54 docs: Add VSOCK localhost example for agent-ctl
86d348e0 docs: Use VM term in agent-ctl doc
4b9b62bb agent-ctl: Fix abstract socket connections
b6467ddd clh: Expose disk rate limiter config
7580bb5a clh: Expose net rate limiter config
a88adaba clh: Cloud Hypervisor has a built-in Rate Limiter
63c4da03 clh: Implement the Disk RateLimiter logic
511f7f82 config: Add DiskRateLimiter* to Cloud Hypervisor
5b18575d hypervisor: Add disk bandwidth and operations rate limiters
1cf94692 clh: Implement the Network RateLimiter logic
00a5b1bd utils: Define DefaultRateLimiterRefillTimeMilliSecs
be1bb7e3 utils: Move FC's function to revert bytes to utils
c9f6496d config: Add NetRateLimiter* to Cloud Hypervisor
2d35e606 hypervisor: Add network bandwidth and operations rate limiters
ccb01839 kata-deploy: Add support to RKE2
9d39362e kata-deploy: Reestructure the installing section
18d27f79 kata-deploy: Add a missing $ prefix in the README
6948b4b3 docs: Update containerd link to installation guide
832c33d5 docs: remove pc machine type supports
1cad3a46 agent/random: Ensure data.len > 0
33c953ac agent: Add test_ressed_rng_not_root
39a35b69 agent: Add test to random::reseed_rng()
d8f39fb2 agent/random: Rename RNDRESEEDRNG to RNDRESEEDCRNG
4b9e78b8 rustjail: Add tests for mount_grpc_to_oci
b658dccc tools: fix typo in clh directory name
afbd60da packaging: Fix clh build from source fall-back
1b931f42 runtime: Allock mockfs storage to be placed in any directory
ef6d54a7 runtime: Let MockFSInit create a mock fs driver at any path
5d8438e9 runtime: Move mockfs control global into mockfs.go
963d03ea runtime: Export StoragePathSuffix
1719a8b4 runtime: Don't abuse MockStorageRootPath() for factory tests
bec59f9e runtime: Make bind mount tests better clean up after themselves
f7ba21c8 runtime: Clean up mock hook logs in tests
90b2f5b7 runtime: Make SetupOCIConfigFile clean up after itself
2eeb5dc2 runtime: Don't use fixed /tmp/mountPoint path
f385b21b rustjail: add tests for mount_from function
96bc3ec2 rustjail: Add tests for hooks_grpc_to_oci
02395027 agent: modify the type of swappiness to u64
0ad89ebd safe-path: add more unit test cases
b63774ec libs/safe-path: add crate to safely resolve fs paths
0e7f1a5e agent: move assert_result macro to test_utils file
2256bcb6 rustjail: Add tests for root_grpc_to_oci
9b6f24b2 agent: add tests for mount_to_rootfs function
9c22d955 agent: add tests for update_container_namespaces
c3776b17 agent: add tests for is_signal_handled function
29e569aa virtcontainers: clh: Re-generate the client code
6012c197 versions: Upgrade to Cloud Hypervisor v23.0
aabcebbf agent: best-effort removing mount point
d136c9c2 test: Fix golangci-lint error for s390x
92c00c7e agent: fsGroup support for direct-assigned volume
532d5397 runtime: fsGroup support for direct-assigned volume
6a47b82c proto: fsGroup support for direct-assigned volume
7b2ff026 kata-monitor: add a README file
86977ff7 kata-monitor: update the hrefs in the debug/pprof index page
354cd3b9 runtime: Base64 encode the direct volume mountInfo path
6e79042a runtime: no need to write virtiofsd error to log
f8cc5d1a kata-monitor: add some links when generating pages for browsers
78f30c33 agent: Avoid agent panic when reading empty stats
6e9e4e8c docs: Update link to contributions guide
9d5e7ee0 agent: add tests for mount_storage
1118a3d2 agent: add test coverage for parse_mount_flags_and_options function
485aeabb agent: add tests for do_write_stream function
9d5b03a1 runtime: delete debug option in virtiofsd
c31cd0e8 rustjail: add test coverage for process_grpc_to_oci function
eff7c7e0 agent: Allow the agent to be rebuilt with the change of Cargo features
962d05ec protocols: add src/csi.rs to .gitignore
a2f5c176 runtime/virtcontainers: Pass the hugepages resources to agent
4405b188 docs: Add a firecracker installation guide
ff17c756 runtime: Allow and require no initrd for SE
59c7165e test: use T.TempDir to create temporary test directory
98750d79 clh: Expose service offload configuration

Compatibility with CRI-O

Kata Containers 2.5.0-alpha1 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.5.0-alpha1 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.5.0-alpha1 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.5.0-alpha1 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

libseccomp

Kata Linux Containers image

Agent version: 2.5.0-alpha1

Default Image Guest OS:

Default Initrd Guest OS:

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.5.0-alpha1 suggest to use the Linux kernel v5.15.26
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers - # Release 2.4.1

Published by fidencio over 2 years ago

kata-containers Changes

Highlights for the Kata Containers 2.4.1 release include:

Cloud Hypervisor bump to v23.0 (#4120)
Firecracker bump to v0.23.4 (#4001)
Fixes related to hugepages (#3816, #3695)
Fixes for pod terminating (#4043, #4081)
Improvements to direct volume assignment (#4098, #4018)
Improvements to kata-montior documentation and endpoints (#3704. #4061, #4054)

Shortlog

99c6726c release: Kata Containers 2.4.1
8e076c87 release: Adapt kata-deploy for 2.4.1
b50b091c agent: watchers: ensure uid/gid is preserved on copy/mkdir
03bc89ab clh: Rely on Cloud Hypervisor for generating the device ID
6b2c641f tools: fix typo in clh directory name
81e10fe3 packaging: Fix clh build from source fall-back
8b21c5f7 agent: modify the type of swappiness to u64
3f5c6e71 runtime: Allock mockfs storage to be placed in any directory
0bd1abac runtime: Let MockFSInit create a mock fs driver at any path
3e74243f runtime: Move mockfs control global into mockfs.go
aed4fe6a runtime: Export StoragePathSuffix
e1c4f57c runtime: Don't abuse MockStorageRootPath() for factory tests
c49084f3 runtime: Make bind mount tests better clean up after themselves
4e350f7d runtime: Clean up mock hook logs in tests
415420f6 runtime: Make SetupOCIConfigFile clean up after itself
688b9abd runtime: Don't use fixed /tmp/mountPoint path
dc1288de kata-monitor: add a README file
78edf827 kata-monitor: add some links when generating pages for browsers
eff74fab agent: fsGroup support for direct-assigned volume
01cd5809 proto: fsGroup support for direct-assigned volume
97ad1d55 runtime: fsGroup support for direct-assigned volume
b62cced7 runtime: no need to write virtiofsd error to log
8242cfd2 kata-monitor: update the hrefs in the debug/pprof index page
a37d4e53 agent: best-effort removing mount point
d1197ee8 tools/packaging: Fix error path in 'kata-deploy-binaries.sh -s'
c9c77511 tools/packaging: Fix usage of kata-deploy-binaries.sh
1e622316 tools/packaging/kata-deploy: Copy install_yq.sh in a dedicated script
8fa64e01 packaging: Eliminate TTY_OPT and NO_TTY variables in kata-deploy
8f67f9e3 tools/packaging/kata-deploy/local-build: Add build to gitignore
3049b776 versions: Bump firecracker to v0.23.4
aedfef29 runtime/virtcontainers: Pass the hugepages resources to agent
c9e1f727 agent: Verify that we allocated as many hugepages as we need
ba858e8c agent: Don't attempt to create directories for hugepage configuration
bc32eff7 virtcontainers: clh: Re-generate the client code
984ef538 versions: Upgrade to Cloud Hypervisor v23.0
adf6493b runtime: Base64 encode the direct volume mountInfo path
6b417540 agent: Avoid agent panic when reading empty stats

Compatibility with CRI-O

Kata Containers 2.4.1 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.4.1 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.4.1 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.4.1 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

libseccomp

Kata Linux Containers image

Agent version: 2.4.1

Default Image Guest OS:

Default Initrd Guest OS:

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.4.1 suggest to use the Linux kernel v5.15.26
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers - Kata Containers 2.4.0

Published by fidencio over 2 years ago

Highlights for Kata Containers 2.4.0 include:

direct assigned volume support: enables volume managers (e.g. csi) to delegate kata agent to manage block storage volumes.
VMM selinux is now configurable (@tanweernoor)
Ability to build and run unit tests for a subset of runtime packages on Darwin (@egernst, @sameo)
Intel® Software Guard Extensions (Intel® SGX) is available as part of the default kernel, and its support has been added to Cloud Hypervisor and QEMU drivers
Initial Intel® Trust Domain Extensions (Intel® TDX) support has been added to Kata Containers, to be used together with Cloud Hypervisor and QEMU, and can be used with together with artefacts built by the community, such as Cloud Hypervisor (also part of the released binaries), QEMU, and guest kernel
virtio-fs has a new default parameter set up in the configuration file, announce_submounts, which is used to help to prevent inode number collisions
Improved and fixed support for OCI hooks, allowing to run nerdctl with Kata Containers. (@sameo, @liubin). As nerdctl exposes a CLI that is very close to the docker one, this brings an easier, docker-like, development workflow with Kata Containers as a backend.
Hugepages: (@liubin )
Native Nydus support to handle container image lazy loading for both QEMU and CLH hypervisors (@liubin @luodw)
Static CPU management: Introduce static_sandbox_resource_mgmt flag to allow for better initial VM sizing when sandbox resource requirements are specified (requires containerd >= 1.6, Kubernetes >= 1.23). For more details see https://github.com/kata-containers/kata-containers/blob/main/docs/design/vcpu-handling.md#virtual-cpu-handling-without-hotplug.
netmon: support for netmon dropped, as no longer utilized in Kata 2.0
Maintainability, refactoring: Much effort was made to help refactor the runtime code base, including hypervisor, network, cgroups, pkg layout, addition of govmm, etc. These aren't user visible, but allow us to add new exciting features, as well as more easily reuse existing packages.
agent: Add config file option to cli
ARM experimental hotplug support with QEMU
kata-monitor (@fgiudici, @jodh-intel): make the binary listen on localhost only by default; detection of sandboxes is no more dependent on CRI, so detection is quicker and metrics are reported also for kata workloads non created through the CRI; attach CRI metadata (if available) to metrics, in order to easily match kubernetes workloads

Compatibility with CRI-O

Kata Containers 2.4.0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.4.0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.4.0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.4.0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

libseccomp

Kata Linux Containers image

Agent version: 2.4.0

Default Image Guest OS:

Default Initrd Guest OS:

Kata Linux Containers Kernel

Kata Containers 2.4.0 suggest to use the Linux kernel v5.15.26
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers - Kata Containers 2.5.0-alpha0

Published by fidencio over 2 years ago

What's Changed

kernel: fix cve-2022-0847 by @devimc in https://github.com/kata-containers/kata-containers/pull/3853
versions: Upgrade to Cloud Hypervisor v22.1 by @likebreath in https://github.com/kata-containers/kata-containers/pull/3873
various fix/improvements in document, runtime and agent

Shortlog

c9e24433 release: Kata Containers 2.5.0-alpha0
0d5f80b8 versions: Bump firecracker to v0.23.4
800e4a9c agent: use ms as unit of cputime instead of ticks
0d765bd0 agent: fix container stop error with signal SIGRTMIN+3
9e4ca0c4 doc: Improve kata-deploy README.md by changing sh blocks to bash blocks
2b91dcfe docs: Remove kata-proxy reference
a63bbf97 kata-monitor: fix duplicated output when printing usage
5e1c30d4 runtime: add logs around sandbox monitor
fb8be961 runtime: stop getting OOM events when ttrpc: closed error
a779e19b tools/packaging: Fix error path in 'kata-deploy-binaries.sh -s'
0baebd2b tools/packaging: Fix usage of kata-deploy-binaries.sh
93d03cc0 kata-deploy: fix version bump from -rc to stable
3606923a workflows,release: Ship all the rust vendored code
2eb07455 tools: Add a generate_vendor.sh script
ecf71d6d docs: Remove VPP documentation
66f05c5b runtime: Remove the explicit VirtioMem set and fix the comment
154c8b03 tools/packaging/kata-deploy: Copy install_yq.sh in a dedicated script
1ed7da8f packaging: Eliminate TTY_OPT and NO_TTY variables in kata-deploy
bad859d2 tools/packaging/kata-deploy/local-build: Add build to gitignore
a9314023 docs: Remove kata-proxy references in documentation
0928eb9f agent: Kill the all the container processes of the same cgroup
19f372b5 runtime: Add more debug logs for container io stream copy
c2796327 osbuilder/qat: don't pull kata sources if exist
77434864 docs: fix markdown issues in how-to-run-docker-with-kata.md
459f4bfe osbuilder/qat: use centos as base OS
9a5b4770 docs: Update vcpu handling document
32131cb8 Agent: fix unneeded late initialization lint
ebec6903 static-build,clh: Add the ability to build from a PR
c77e34de runtime: Move mock hook source
86723b51 virtcontainers: Remove unused install/uninstall targets
0e83c95f virtcontainers: Run mock hook from build tree rather than system bin dir
e65db838 virtcontainers: Remove VC_BIN_DIR
c20ad283 virtcontainers: Remove unused Makefile defines
c776bdf4 virtcontainers: Remove unused parameter from go-test.sh
168fadf1 ci: Weekly check whether the docs url is alive
72f7e9e3 osbuilder: Multistrap Ubuntu
df511bf1 packaging: Enable cross-building agent
0a313eda osbuilder: Fix use of LIBC in rootfs.sh
2c86b956 osbuilder: Simplify Rust installation
0072cc2b osbuilder: Remove musl installations
5c3e5536 osbuilder: apk add --no-cache
efa19c41 device: use const strings for block-driver option instead of hard coding
24b29310 doc: update Intel SGX use cases document
18d4d7fb tools: update QEMU to 6.2
62351637 action: Update link for format patch documentation
aa5ae6b1 runtime: Properly handle ESRCH error when signaling container
5c434270 docs: Update k8s documentation
92ce5e2d rustjail: optimization, merged several writelns into one
dacf6e39 doc: fix filename typo
7a18e32f versions: Upgrade to Cloud Hypervisor v22.1
be12baf3 manager: Change here documents to use standard delimiter
9576a7da manager: Add options to change self test behaviour
d4d65bed manager: Add option to enable component debug
019da91d manager: Whitespace fix
d234cb76 manager: Create containerd link
5d6d39be scripts: Change here document delimiters
c088a3f3 agent: add tests for get_memory_info function
4b1e2f52 CI: Update GHA secret name
4adf93ef tools: release: Do not consider release candidates as stable releases
5ec7592d kernel: fix cve-2022-0847
ffdf961a docs: Update contact link in runtime README
42e35505 agent: Verify that we allocated as many hugepages as we need
608e003a agent: Don't attempt to create directories for hugepage configuration
6a850899 CI: Create GHA to add PR sizing label
2b41d275 release: Revert kata-deploy changes after 2.4.0-rc0 release

Compatibility with CRI-O

Kata Containers 2.5.0-alpha0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.5.0-alpha0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.5.0-alpha0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.5.0-alpha0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

libseccomp

Kata Linux Containers image

Agent version: 2.5.0-alpha0

Default Image Guest OS:

Default Initrd Guest OS:

Kata Linux Containers Kernel

Kata Containers 2.5.0-alpha0 suggest to use the Linux kernel v5.15.26
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers - # Release 2.4.0-rc0

Published by egernst over 2 years ago

kata-containers Changes

Highlights for Kata Containers 2.4.0-rc0 include:

direct assigned volume support: enables volume managers (e.g. csi) to delegate kata agent to manage block storage volumes.
VMM selinux is now configurable (@tanweernoor)
Ability to build and run unit tests for a subset of runtime packages on Darwin (@egernst, @sameo)
Intel® Software Guard Extensions (Intel® SGX) is available as part of the default kernel, and its support has been added to Cloud Hypervisor and QEMU drivers
Initial Intel® Trust Domain Extensions (Intel® TDX) support has been added to Kata Containers, to be used together with Cloud Hypervisor and QEMU, and can be used with together with artefacts built by the community, such as Cloud Hypervisor (also part of the released binaries), QEMU, and guest kernel
virtio-fs has a new default parameter set up in the configuration file, announce_submounts, which is used to help to prevent inode number collisions
Improved and fixed support for OCI hooks, allowing to run nerdctl with Kata Containers. (@sameo, @liubin). As nerdctl exposes a CLI that is very close to the docker one, this brings an easier, docker-like, development workflow with Kata Containers as a backend.
Hugepages: (@liubin )
Native Nydus support to handle container image lazy loading for both QEMU and CLH hypervisors (@liubin @luodw)
Static CPU management: Introduce static_sandbox_resource_mgmt flag to allow for better initial VM sizing when sandbox resource requirements are specified (requires containerd >= 1.6, Kubernetes >= 1.23). For more details see https://github.com/kata-containers/kata-containers/blob/main/docs/design/vcpu-handling.md#virtual-cpu-handling-without-hotplug.
netmon: support for netmon dropped, as no longer utilized in Kata 2.0
Maintainability, refactoring: Much effort was made to help refactor the runtime code base, including hypervisor, network, cgroups, pkg layout, addition of govmm, etc. These aren't user visible, but allow us to add new exciting features, as well as more easily reuse existing packages.
agent: Add config file option to cli
ARM experimental hotplug support with QEMU
kata-monitor (@fgiudici, @jodh-intel): make the binary listen on localhost only by default; detection of sandboxes is no more dependent on CRI, so detection is quicker and metrics are reported also for kata workloads non created through the CRI; attach CRI metadata (if available) to metrics, in order to easily match kubernetes workloads

Shortlog

a4dcaf3c release: Kata Containers 2.4.0-rc0
84dff440 release: Adapt kata-deploy for 2.4.0-rc0
b257e0e5 rustjail: delete function signal in BaseContainer
d647b28b agent: delete meaningless FIXME comment
1b34494b runtime: fix invalid comments for pkg/resourcecontrol
afc567a9 storage: make k8s emptyDir creation configurable
e76519af runtime: small refactor to improve readability
f905161b runtime: mount direct-assigned block device fs only once
27fb4902 agent: add get volume stats handler in agent
ea51ef1c runtime: forward the stat and resize requests from shimv2 to kata agent
c39281ad runtime: update container creation to work with direct assigned volumes
4e00c237 agent: add grpc interface for stat and resize operations
e9b5a255 runtime: add stat and resize APIs to containerd-shim-v2
6e0090ab runtime: persist direct volume mount info
fa326b4e runtime: augment kata-runtime CLI to support direct-assigned volume
7e5f11a5 vendor: Update containerd to 1.6.1
42771fa7 runtime: don't set socket and thread for arm/virt
8828ef41 kernel: add arm experimental kernel build support
8a9007fe config: remove 2 config as they are removed in 5.15
1b6f7401 kernel: add arm experimental patches to support vcpu hotplug and virtio-mem
b8844fb8 versions: Upgrade to Cloud Hypervisor v22.0
3a641b56 katatestutils: remove distro constraints
fa8b9392 config: qemu: Fix disable_block_device_use comments
9615c8bc config: fc: Don't expose disable_block_device_use
af804734 clh: stop virtofsd if clh fails to boot up the vm
97951a2d clh: Don't use SharedFS with Confidential Guests
c30b3a9f clh: Adding a volume is not supported without SharedFS
f889f1f9 clh: introduce supportsSharedFS()
54d27ed7 clh: introduce loadVirtiofsDaemon()
ae2221ea clh: introduce stopVirtiofsDaemon()
e8bc26f9 clh: introduce setupVirtiofsDaemon()
413b3b47 clh: introduce createVirtiofsDaemon()
76e4f6a2 Revert "hypervisors: Confidential Guests do not support Device hotplug"
55cd0c89 runtime: Build golang components with extra security options
58913694 snap: Use git clone depth 1 for QEMU and dependencies
c1fb4bb7 snap: Don't build cloud-hypevisor on ppc64le
37df1678 build: always reset ARCH after getting it
94b831eb virtcontainers: remove temp dir created for vsock in test code
b27c7f40 docs: Add unit testing presentation
b2a65f90 virtcontainers: Use available s390x hugepages
54d0a672 subsystem: build
e64c54a2 monitor: Listen to localhost only by default
e6350d3d monitor: Fix build options
a67b93bb snap: clh: Re-use kata-deploy script here
f31125fe version: Bump cloud-hypervisor to b0324f85571c441f
573a37b3 osbuilder: Add CentOS Stream rootfs
f10642c8 osbuilder: Source .cargo/env before checking Rust
eda8ea15 runtime: Gofmt fixes
de574662 config: Expand confidential_guest comments
641d475f config: clh: Use "Intel TDX" instead of just "TDX"
0bafa2de config: clh: Mention supported TEEs
4afb278f ci: add github action to exercise darwin build, unit tests
e355a718 container: file is not linux specific
b31876ee device-manager: move linux-only test to a linux-only file
6a5c6344 resourcecontrol: SystemdCgroup check is not necessarily linux specific
cc58cf69 resourcecontrol: convert stats dev_t to unit64types
5be188cc utils: Add darwin stub
ad044919 virtcontainers: Convert stats dev_t to uint64
56751089 katautils: Use a syscall wrapper for the hook JSON state
7d64ae7a runtime: Add a syscall wrapper package
abc681ca katautils: Add Darwin stub for the netNS API
edf20766 docs: Update Readme document
81ed269e runtime: use Cmd.StdoutPipe instead of self-created pipe
1a3381b0 docs: Developer-Guide build a custom Kata agent with musl
8edca8bb kata-agent: Fix mismatching error of cgroup and mountinfo.
082d538c runtime: make selinux configurable
a9ba7c13 clh: Fix typo on HotplugRemoveDevice
827ab82a tools: clh: Fix unbound variable
72434333 clh: Add TDX support
a13b4d5a clh: Add firmware to the config file
a8827e0c hypervisors: Confidential Guests do not support NVDIMM
f50ff9f7 hypervisors: Confidential Guests do not support Memory hotplug
df8ffecd hypervisors: Confidential Guests do not support Device hotplug
28c4c044 hypervisors: Confidential Guests do not support VCPUs hotplug
29ee870d clh: Add confidential_guest to the config file
9621c596 clh: refactor image / initrd configuration set
dcdc412e clh: use common kernel params from the hypervisor code
4c164afb versions: Update Cloud Hypervisor to 5343e09e7b8db
7ffe9e51 virtcontainers: Do not add a virtio-rng-ccw device
fec26f8e kata-monitor: trivial: rename symbols & labels
3ac52e81 kata-monitor: fix updating sandbox cache at startup
160bb621 kata-monitor: bump version to 0.3.0
cb4230e6 runtime: fix package declaration for ppc64le
26b3f001 virtcontainers: Split hypervisor into Linux and OS agnostic bits
fa0e9dc6 virtcontainers: Make all Linux VMMs only build on Linux
c91035d0 virtcontainers: Move non QEMU specific constants to hypervisor.go
10ae0591 virtcontainers: Move guest protection definitions to hypervisor.go
b28d0274 virtcontainers: Make max vCPU config less QEMU specific
a5f6df6a govmm: Define the number of supported vCPUs per architecture
9123fc09 kata-deploy: Simplify Dockerfile and support s390x
4f96e3ea katautils: Pass the nerdctl netns annotation to the OCI hooks
a871a33b katautils: Run the createRuntime hooks
d9dfce14 katautils: Run the preStart hook in the host namespace
6be6d0a3 katautils: Pass the OCI annotations back to the called OCI hooks
f6fc1621 shim: log events for CRI-O
1d68a08f docs: Update contributing link
11220f05 kata-deploy: Use (kata with) qemu as the default shim-v2 binary
ab447285 kata-monitor: add kubernetes pod metadata labels to metrics
834e199e kata-monitor: drop unused functions
7516a8c5 kata-monitor: rework the sandbox cache sync with the container manager
e78d80ea kata-monitor: silently ignore CHMOD events on the sandboxes fs
e9eb34ce kata-monitor: improve debug logging
3175aad5 virtiofs-nydus: add lazyload support for kata with clh
8cc1b186 kernel: remove SYS_SUPPORTS_HUGETLBFS from powerpc fragments
5c9d2b41 packaging: Use patch for applying patches
1cee0a94 virtcontainers: Remove duplicated assert messages in utils test code
7241d618 versions: add nydus-snapshotter
6c1d149a docs: Update limitations document
7c4ee6ec packaging/qemu: create no_patches file for qemu-tdx
d47c488b versions: add qemu tdx section
493ebc8c utils: Update kata manager docs
34b2e67d utils: Added more kata manager cli options
714c9f56 utils: Improve containerd configuration
c464f326 utils: kata-manager: Force containerd sym link creation
4755d004 utils: Fix unused parameter
601be4e6 utils: Fix containerd installation
ae21fcc7 utils: Fix Kata tar archive check
f4d1e45c utils: Add kata-manager CLI options for kata and containerd
3f87835a utils: Switch kata manager to use getopts
e6060cb7 versions: Linux 5.15.x
734b618c agent-ctl: run cargo fmt/clippy in make check
12c37faf trace-forwarder: add make check for Rust
9818cf71 docs: Improve top-level and runtime README
c1ce67d9 runtime: use github.com/mdlayher/[email protected]
a6b40151 tools: clh: Remove unused variables
5816c132 tools: Build cloud-hypervisor with "--features tdx"
4bd945b6 virtiofsd: Use "-o announce_submounts"
36c3fc12 agent: support hugepages for containers
81a8baa5 runtime: add hugepages support
7df677c0 runtime: Update calculateSandboxMemory to include Hugepages Limit
948a2b09 tools: clh: Ensure the download binary is executable
e07545a2 tools: clh: Allow passing down a build flag
55cdef22 tools: clh: Add the possibility to always build from sources
395cff48 docs: Remove docker run and shared memory from limitations
90fd625d versions: Udpate Cloud Hypervisor to 55479a64d237
955d359f kernel: add missing config fragment for TDx
42a878e6 runtime: The index variable is initialized multiple times in for
54e1faec scripts: fix a typo while to check build_type
903a6a45 versions: Bump critools to its 1.23 release
63eb1158 versions: bump CRI-O to its 1.23 release
2d9f89ae feature(nydusd): add nydusd support to introduse lazyload ability
b19b6938 docs: Fix relative links in Markdown
1797b3eb packaging/kernel: build TDX guest kernel
98752529 versions: add url and tag for tdx kernel
bc8464e0 packaging/kernel: add option -s option
9590874d device: Update PCIDEVICE_ environment variables for the guest
7b7f426a device: Keep host to VM PCI mapping persistently
0b2bd641 device: Rework update_spec_pci() to update_env_pci()
40aa43f4 docs: Update link to EFK stack docs
982f14fa runtime: support QEMU SGX
419d8134 snap: update qemu version to 6.1.0 for arm
00722187 docs: update Release-Process.md
496bc10d tools: check for yq before using it
a9bebb31 openshift-ci: switch to CentOS Stream
14e7f52a virtcontainers: Split the rootless package into OS specific parts
1f29478b runtime: suppport split firmware
89047901 kata-deploy-push: only run if PR modifying tools path
24796d2f kata-deploy: for testing, make sure we use the PR branch
1cc1c8d0 docs: Remove images from Zun documentation
5861e52f docs: Remove Zun documentation with kata containers
4fc4c76b agent: Fix execute_hook() args error
5083ae65 workflows: stop checking revert commit

Compatibility with CRI-O

Kata Containers 2.4.0-rc0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.4.0-rc0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.4.0-rc0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.4.0-rc0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

libseccomp

Kata Linux Containers image

Agent version: 2.4.0-rc0

Default Image Guest OS:

Default Initrd Guest OS:

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.4.0-rc0 suggest to use the Linux kernel v5.15.23
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers - # Release 2.3.3

Published by egernst over 2 years ago

kata-containers Changes

Minor fixes for the 2.3 release of Kata Containers. Fixes introduced for hook execution within the guest agent as well as ensuring that SELinux for the VMM process is configurable.

Thanks to all the contributors!

Shortlog

652cff16 release: Kata Containers 2.3.3
0b6e9f83 runtime: make selinux configurable
408477a2 kata-deploy: Use (kata with) qemu as the default shim-v2 binary
9431498e shim: log events for CRI-O
7af719e4 agent: handle hook process result
9b34cf46 agent: valid envs for hooks
9c195364 agent: Fix execute_hook() args error
9bea3a42 agent: check environment variables if empty or invalid
406f00a3 packaging: Use patch for applying patches

Compatibility with CRI-O

Kata Containers 2.3.3 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.3.3 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.3.3 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.3.3 is compatible with Kubernetes 1.22.0-00

Libseccomp Notices

The binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

This uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the which is not statically linked with the library, you can build
a custom that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.3.3

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.13"
**note: Do not use Alpine on ppc64le & s390x, the agent cannot use musl because there is no such Rust target
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.13"

Kata Linux Containers Kernel

Kata Containers 2.3.3 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

What's Changed

stable-2.3 | packaging: Use patch for applying patches by @Jakob-Naucke in https://github.com/kata-containers/kata-containers/pull/3725
stable-2.3 | agent: fix invalid hooks env issues by @liubin in https://github.com/kata-containers/kata-containers/pull/3716
stable-2.3 | shim: log events for CRI-O by @liubin in https://github.com/kata-containers/kata-containers/pull/3744
stable-2.3 | kata-deploy: Use (kata with) qemu as the default shim-v2 binary by @fidencio in https://github.com/kata-containers/kata-containers/pull/3745
back port:: runtime: make selinux configurable by @egernst in https://github.com/kata-containers/kata-containers/pull/3794

Full Changelog: https://github.com/kata-containers/kata-containers/compare/2.3.2...2.3.3

kata-containers - # Release 2.3.2

Published by snir911 over 2 years ago

kata-containers Changes

Shortlog

67947b5f release: Kata Containers 2.3.2
977f1f5b workflows: Use base instead of head ref for kata-deploy-test
99ed596a workflows: Fix typo in kata-deploy-push action
13b7d93b workflows: Ensure a label change re-triggers the actions
b8463224 workflows: Ensure force-skip-ci skips all actions
8c8571f4 workflows: Use the correct branch ref on test kata-deploy
620bb97e runtime: Provide protection for shared data
770d4acf tools: Fix groupname if it differs from username
cedb01d2 runtime: close span before return from function in case of error
a661e538 agent: fix the issue of missing create a new session for container
bed0f3c8 kata-deploy: validate conf file can be created
786c667e kata-monitor: increase delay before syncing with the container manager
3260adc4 virtcontainers: clh: Re-generate the client code
cc64461f versions: Upgrade to Cloud Hypervisor v21.0
78afa10a agent: resolve unused variables in tests
a8298676 agent: remove unused field in mount handling
87f9a690 agent: drop unused fields from network
fc012a2b agent: clear cargo test warnings
63c5a8aa uevent: Fix clippy issue in test code
e3b00f39 runtime: -Wl,--s390-pgste for s390x
d1530afa kata-manager: Retrieve static tarball
f2c6cd08 ci: Pass function arguments in static-checks.sh

Compatibility with CRI-O

Kata Containers 2.3.2 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.3.2 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.3.2 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.3.2 is compatible with Kubernetes 1.22.0-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

libseccomp

Kata Linux Containers image

Agent version: 2.3.2

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.13"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.13"

Kata Linux Containers Kernel

Kata Containers 2.3.2 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers - # Release 2.4.0-alpha2

Published by snir911 over 2 years ago

kata-containers Changes

govmm has been merged with kata-containers
For the full changes including govmm's commits refer to Shortlog

Shortlog

26e08b27 release: Kata Containers 2.4.0-alpha2
7c956e0d virtcontainers: Enable initrd for Cloud Hypervisor
bcce1a19 versions: update Rust to 1.58.1
8cde5413 runtime: introduce static sandbox resource management
13eb1f81 docs: describe vCPU handling when hotplug is unavailable
c3e97a0a config: updates to configuration clh, fc toml template
aa3fae13 kata-deploy: Fix the tag replacement logic
75ae5361 docs: Update networking details in the architecture doc
2f37165f govmm: Unite VirtioNet tests
4a428fd1 govmm: readonly=on in s390x blkdev test
79ecebb2 govmm: TestAppendPCIBridgeDevice et al. on !s390x
dc285ab1 govmm: Remove unnecessary comma in iommu_platform
d23f2eb0 govmm: Revert "govmm: s390x: Skip broken tests"
fc0e0951 runtime: fix handling container spec's memory limit
17211979 ci: Pass function arguments in static-checks.sh
7af40fbc docs: Remove docker run, sysctl and docker daemon limitations
5643c6dc runtime: update runc and image-spec dependencies
92773170 agent: resolve unused variables in tests
2d799cbf virtcontainers: clh: Re-generate the client code
7e15e99d versions: Upgrade to Cloud Hypervisor v21.0
f52ce302 runtime: rectify passing empty options to -ldflags
df6ae1e7 osbuilder: Remove libseccomp from Dockerfile
ea1a1738 agent: fix the issue of creating new namespaces for agent
9c2f1de1 docs: Remove kata-pkgsync reference
0338fc65 docs: Redirect glossary to the wiki
3924470c workflows: Use base instead of head ref for kata-deploy-test
5ce9011a govmm: s390x: Skip broken tests
8bcaed0b govmm: Adapt license headers to kata-containers
6dd65779 govmm: Ignore govet checks, at least for now
de678a3a govmm: Remove non-relevant top files
ec6655af govmm: Use govmm from our own pkg
e347694f tools: Fix groupname if it differs from username
c3785f66 workflows: Fix typo in kata-deploy-push action
a8b66de5 release: Escape backticks in Libseccomp Notices
8cc088b5 packaging: Remove kata-pkgsync tool
fb7f98bd Merge govmm into kata-containers
8939b0f8 qemu: add support for SGX
b17f0739 qemu: update readonly flag for block devices
f971801b qemu: only set wait parameter for server mode socket based char device
82cc01d2 qemu: Fix 32 bit int overflow in test file
1d1a2313 qemu: Add support for legacy serial device
9a2bbeda qemu: Remove -realtime in favor of -overcommit
fe83c208 qemu: Add support for --no-shutdown Knob
1ed52714 qmp: wait for POWERDOWN event in ExecuteSystemPowerdown()
de039da2 govmm/qemu: Let IO/memory reservations be specified for bridge devices
5c7998db QMP: Add ExecuteBlockdevAddWithDriverCache
3a9a6749 qemu: Add credentials to qemu Cmd
d27256f8 qmp: Don't use deprecated 'props' field for object-add
d8cdf9aa qemu: Drop support for versions older than 5.0
18352c36 qemu: Fix iommu_platform for vhost user CCW
1b021929 Use 'host_device' driver for blockdev backends
9518675e add support for "sandbox" feature to qemu
335fa816 qemu: fix golangci-lint errors
61b63787 .github/workflows: reimplement github actions CI
9d6e7970 go: support go modules
0d21263a qemu: support read-only nvdimm
ff34d283 qemu: Consistent parameter building
0e19ffb6 qemu: Allow hot-plugging memory devices on PCI bridges
c135681d qemu: Add support for PEF
03b55ea5 qemu: Add support for Secure Execution
7a367dc0 qemu: Simplify (Object).Valid()
a6cec2d3 qemu: add support for SevGuest object
abd3c7ea qemu: VhostUserDevice CCW device numbers
3eaeda7f qemu: Refactor vhostuserDev.QemuParams
511cf58b Fix qemu commandline issue with empty romfile
b3eac95b qmp: remove frequent, chatty log
31418940 qemu: add support for tdx-guest object
4b136f3f qemu: Append memory backend for non-DIMM setups
6213dea4 qemu: support QEMU 6
0d47025d qemu: add support for device loaders
e2eb549f qmp: Add ro argument for block-device hotplug funcs
0592c825 qemu: add arm64 to support list of dimm
2079c15c qemu: enable "-pflash"
b8cd7059 qmp: add dump-guest-memory support
d7836877 qemu: add pvpanic device to get GUEST_PANICKED event
43d774d2 Add serial to blk device
8cb8b24c Make fw_cfg a slice
cb0d3391 contributors: remove CONTRIBUTORS.md file
29ba5a90 qemu: add fw_cfg flag to config
9f309c2a misc: Update for new GitHub organisation name
3d46d08a Add qom-get function
39c372a2 Add support for hot-plugging IBM VFIO-AP devices
f5bdd53c travis: disable amd64 jobs
1af1c0d7 github: enable github actions
4831c6e0 travis: Run coveralls after success
cf0f05d2 qemu: add iommu_platform knob for qemuParams
6645baf2 qemu: Add NoReboot config Knob for qemuParams
abca6f3c Add multidevs option to fsdev
cc538766 qemu/qmp: use boolean type for the vhost
e57e86e2 qemu: add IOMMU Device
b2aa0225 Enable Numa support for Power (ppc64le) architecture
29529a5d Add rt clock definition for rtc clock in qemu
0e98b613 qemu: Add max_ports option to virtio-serial device
787c86b7 qemu: Add microvm machine type support
5378725f qemu: add pmem flag to memory-backend-file
3700c55d qemu: add block device readonly support
88a25a2d Refactor code to support multiple virtio transports at runtime
2ee53b00 qemu: Don't set ".cache-size=" when CacheSize is 0
f1252f6e qemu: Add pcie-root-port device support.
6667f4e9 qmp_test: Add TestExecMemdevAdd and TestExecQomSet
201fd0ae qmp: Add ExecMemdevAdd and ExecQomSet API
e04be2cc qmp: add ExecutePCIVhostUserDevAdd API
13aeba09 qmp: support command 'chardev-remove'
6d6b2d88 s390x: add s390x travis support
175ac499 typo fix
cb9f640b virtio-blk: Add support for share-rw flag
9463486d s390x: dimm not supported
164bd8cd test/fmt: drop extra newlines
73555a40 qmp: add query-status API
234e0edf qemu: fix memory prealloc handling
30bfcaaa qemu: add debug logfile
79e0d533 qmp: support command 'query-qmp-schema'
68cdf64f test: add cpu topology tests
e0cf9d5c qmp: add checks for the CPU toplogy
a5c11908 qemu: support x86 SMP die
8fd28e23 Support x-pci-vendor-id and x-pci-device-id pass to qemu
713d0d94 s390x: add virtio-blk-ccw type
65cc343f test: add devno in the tests for s390x
9cf98da0 s390x: add devno support
0c900f59 Allow sharing of memory backend file
f695ddf8 qemu: add migration incoming defer support
f0f18dd0 qmp: add virtio-blk multiqueue
7d3deea4 qemu: Add a virtio-blk-pci device driver support
058cda06 qemu: use MiB instead of Gib for virtio-fs cache size
694a7b1c qemu/qmp: re-implement mainLoop
5712b119 qemu/qmp: fix readLoop() reuse scanner.Bytes() underlying array problem
3c84b1da govmm: add VhostUserFS vhost-user device type
4692f6b9 qmp: Conditionally pass threadID and socketID when CPU device add
1f51b438 Update the versions of Go used to build GoVMM
ad310f9f Fix staticcheck S1023
932fdc7f Fix staticcheck S1023
cb2ce933 Fix staticcheck S1008
f0172cd2 Fix staticcheck (S1002)
5f2e630b Fix staticcheck (S1025)
4beea513 Fix staticcheck (ST1005) errors
97fc3435 contributors: add my name
c891f5f8 qmp: Add nvdimm support
f9b31c0f qemu: Allow disable-modern option from QMP
d6173077 Run tests for the s390x build
b36b5a8f Contributors: Add Clare Chen to CONTRIBUTORS.md
b41939c6 Contributors: Add my name
dab4cf1d qmp: Add tests
5ea6da14 Verify govmm builds on s390x
ee75813a contributors: add my name
c80fc3b1 qemu: Add s390x support
ca477a18 Update source file headers
e68e0056 Update the CONTRIBUTING.md
2b7db547 Add the CONTRIBUTORS.md file
b3b765cb qemu: test Valid for Vsock for Context ID
3becff5f qemu: change of ContextID from uint32 to uint64
f30fd135 qmp: Output error detail when execute QMP command failed
7da6a4c7 qmp: fix mem-path properties for hotplug memory.
e4892e33 qemu/qmp: preparation for s390x support
110d2fa0 qemu/qmp: add new function ExecuteBlockdevAddWithCache
a0b0c86e qmp_test: Change QMP version from 2.6 to 2.9
10c36a13 qemu: add support for pidfile option
9c819db5 qemu: Fix virtio-net-pci QMP command
7fdfc6a4 qemu: Add support for romfile option
e74de3c7 Update guidelines on security issue reporting
ec83abe6 qemu: Add virtio-balloon device suppport.
46970781 qemu: Show full path to qemu binary at launch time
ef725050 qemu: Fix the support of PCIe bridge
56f645ea qmp: add ExecuteQueryMigration
a429677a govmm: fix memory prealloc
1130aab8 qmp: add "query-cpus" support
de5d2788 qemu/qmp: add vfio mediated device support on root bus
de00d7a6 qemu/image: Reduce permissions of .iso creation dir
1a1fee75 qemu/qmp: nic can works without vhost
6c3d84ea qemu: Add virtio RNG device.
b16291cf qemu/qmp: support query-memory-devices qmp command.
ce070d11 govmm: modify govmm to be compatible with qemu 2.8
0286ff9e qemu/qmp: support hotplug a nic whose qdisc is mq
8515ae48 qmp: Remind users that you must first call ExecuteQMPCapabilities()
21504d31 qemu/qmp: Add netdev_add with chardev support
ed34f616 Add some negative test cases for qmp.go
17cacc72 Add negative test cases for qemu.go
2706a07b qemu: Use the supplied context.Context for launching
e46092e0 qemu: Do not try and generate invalid RTC parameters
fcaf61dc qemu/qmp: add vfio mediated device support
4461c459 disk: Add --share-rw option for hotplugging disks
68519998 qemu/qmp: add addr and bus to hotplug vsock devices
10efa841 qemu/qmp: add function for hotplug network by fds
80ed88ed qemu/qmp: implement function to hotplug serial ports
ca46f21f qemu/qmp: implement function to hotplug character devices
03f1a1c3 qemu/qmp: implement getfd
84b212f1 qemu: add vhostfd and disable-modern to vsock hotplug
12dfa872 qemu/qmp: implement function for hotplug network
3830b441 qemu: add vhostfd and disable-modern to vhost-vsock-pci
f700a97b qemu/qmp: implement function to hotplug vsock-pci
4ca232ec qmp_test: Fix Warning and Error level logs
430e72c6 qemu,qmp: Enable gas security checker
ffc06e6b qemu,qmp: Add staticcheck to travis and fix errors
54caf781 qmp: add hotplug memory
e66a9b48 qemu: add appendMemoryKnobs helper
8aeca153 qmp: add migrate set arguments
a03d4968 qmp: add set migration capabilities
0ace4176 qemu: allow to set migration incoming
723bc5f3 qemu: allow to create a stopped guest
283d7df9 qemu: add file backed memory device support
30aeacb8 qemu: Add qemu parameter for PCI address for a bridge.
9130f375 scsi: Allow scsi controller to associate with an IO thread.
a54de183 iothread: Add ability to configure iothreads
0c0ec8f3 qemu: add initrd support
68f30718 qemu: add DisableModern to SCSIController
693d9548 qemu: add options for the machine type
3273aafd scsi: Add function to send device_add qmp command for a scsi device
6d198b8a Compute coverage statistics for unit tests in Travis builds
3a31da32 scsi: Add a scsi controller device
5316779d qemu: Add VSOCK support
f5655366 vhost-user: add blk device support
e9e27673 vhost-user: updating comments for accuracy, rename device field
8fe57236 qemu: Add maxcpus attribute to -smp
3baa7765 Add badges to the README.md file
d74e3b66 Fix errcheck failures in the unit tests
db60e32f Enable Travis builds
9cb47fc0 Add .gitignore file.
a8aaf534 Add project documentation
57aafb56 Remove all references to and dependencies on ciao
27709fce Move files to the qemu folder
48feb29f qemu: introduce vhost-user handling
b8ddd244 qemu: Add function to list hotpluggable CPUs
8c428ed7 qemu: Add function to hotplug CPUs
24b14059 qemu: Add functions to process QMP response
e39da6ca qmp: Add support for hot plugging VFIO devices on PCI(E) bridges
bc030d13 qemu: Add a SysProcAttr parameter to CreateCloudInitISO
11977072 qemu: Add a SysProcAttr parameter to LaunchCustomQemu
b639da45 qemu: Add function to hotplug vfio device
7e5614b8 Networking: Add vhost fd support
14316ce0 qemu/qmp: Implement function to hot plug PCI devices
83485dc9 qemu: Implement Bridge struct
cfa8a995 Networking: Add support for handling macvtap interfaces
83126d3e bios: add support for custom bios
3da2ef9d QEMU: Knobs: Huge Page Support: Add support for huge pages
9bfa7927 vfio: Add ability to pass VFIO devices to qemu
a70ffd19 Build: Fix the build after repo move.
0c206170 Knobs: Modify the behaviour of the Mlock knob.
ddee41d5 QEMU: Enable realtime options
4ecb9de5 qemu: Add support for memory pre-allocation
1fbe6c5d qmp: Update block device deletion for newer versions of qemu
e74aeef1 qemu: Add disable-modern option for virtio devices
8d617ff5 qemu: Update virtio-net-pci command line
25a2dc8f qemu: Update blockdev-add qmp command to support newer qemu versions
d4f77103 misc: Remove some of the code flagged by unused linter
a1600dc1 misc: Remove unused fields identified by structcheck
58a835e6 misc: Remove unused variables identified by varcheck
d48b5b5f qemu: Add PCI option to the NetDevice
a84228ae qemu: Document how cancelling works.
1e7202a5 qemu: Fix spelling error in qmp_test.go
c6f33453 qemu: Fix command cancelling.
a8a798b0 qemu, ciao-launcher: Move ConfigDrive ISO creation code to qemu
30cf1163 Add missing bus parameter for a CharDevice
2aa5f5a3 qemu: Add support for serial port addition
6fe338d6 qemu: Support creating multiple QMP sockets
992b861e qemu: Add the daemonize qemu option to the Knobs structure
997cb233 qemu: Remove dead code
e555f565 qemu: Add support for socket based consoles
eae8fae0 qemu: Fix security model typo
db067857 qemu: Make Config's FDs field private
12f6ebe3 qemu: Embed the qemu parameters into the Config structure
e193a77b qemu: Add support for block devices
3908185c qemu: Add MACVTAP support
6d7dfa04 qemu: Get rid of the Driver structure
cc9cb33a qemu: Add QMPSocket specific type
2d736d71 qemu: Add RTC specific types
e543c338 qemu: Probe each qemu device with a driver
eda8607c qemu: Add netdev options to the Device structure
4780e237 qemu: Add multi-queue and vhost definitions to NetDevice
137e7c72 qemu: Add a NetDevice slice to the Config structure
c0e2aaca qemu: Add one unit test for the Config strings
5ba8ef79 qemu: Add QMP socket unit tests
7b2f7eb5 qemu: Add Memory and SMP unit tests
2ea9b9a3 qemu: Add a Kernel unit test
8e495f6e qemu: Add a Knobs unit test
8aeb3d45 qemu: Add an Object unit test
38e041dc qemu: Add Device unit tests
54d32c24 qemu: Add parameters adding unit tests
ebfa382d qemu: Add a Knobs field to the Config structure
fe1bdcd2 qemu: Remove the extra parameters field from the Config structure
15bce61a qemu: Group all machine configurations into one structure
d94b5af8 qemu: Add a VGA parameter field to the Config structure
4892d041 qemu: Add a Global parameter field to the Config structure
612a5a9e qemu: Add a RTC field to the Config structure
c63ec096 qemu: Add a SMP field to the Config structure
7cf386a8 qemu: Add a Memory field to the Config structure
b198bc67 qemu: Add a UUID field to the Config structure
6239e846 qemu: Add a Character Devices slice field to the Config structure
73e2d53c qemu: Add a Filesystem Devices slice field to the Config structure
518ba627 qemu: Add a Kernel field to the Config structure
b973bc59 qemu: Add an Object slice field to the Config structure
8744dfe8 qemu: Add a Device slice field to the Config structure
5458de70 qemu: Add a QMP socket field to the Config structure
17118270 qemu: Add qemu's name to the Config structure
37a1f500 qemu: Add configuration structure to simplify LaunchQemu
5ccbaf2b ciao-launcher, qemu: Upgrade to new context package.
f5720198 qemu: Use null QMP logger when the logger parameter is nil
7d4199a4 qemu: Fix ineffassign error
7f50a415 qemu: Fix a silly bug in LaunchQemu
fc6bf8cf qemu: Add package documentation
306f54a9 ciao-launcher, qemu: Move launchQemu to qemu
344aa22b qemu: Add the qemu package
f4a4c3c7 version: bump to kubernetes 1.23
49223e67 runtime: remove enable_swap option
41e0c414 vendor: update govmm
7a879164 workflows: Ensure a label change re-triggers the actions
d87ab14f workflows: Ensure force-skip-ci skips all actions
5285ac2b runtime: -Wl,--s390-pgste for s390x
fc646434 workflows: Use the correct branch ref on test kata-deploy
b5b9de1d kata-deploy: Update API Version of RuntimeClass to v1
adffd3f8 scripts: Use shebang /usr/bin/env bash
e22a4e2a packaging: Make kernel config accessible to guest
a5829a29 docs: fix a typo in host-cgroups.md doc
2d0ec00a Qemu: Enable the vcpu-hotplug for arm
e4b7a12b qat: Add Debian to the distro examples
6979d5be osbuilder: Remove gentoo rootfs-builder
22c1a093 osbuilder: Remove suse rootfs-builder
85dd5873 osbuilder: Remove fedora rootfs-builder
06fae29f osbuilder: Remove centos rootfs-builder
01005c5a docs: Remove ccloudvm reference
878ab93c runtime: Provide protection for shared data
ac7acbf8 kata-deploy: validate conf file can be created
b133a236 runtime: it should rollback when failed in Sandbox AddInterface
106df33f libs: add some generated files to .gitignore
85f5ae19 runtime: close span before return from function in case of error
7e2bc4d7 packaging: Remove ccloudvm instructions and script
f6cdf464 docs: Default machine type is q35 meanwhile
7f546748 CI: Revert "CI: Switch to a mirror as gnu.org is down"
c486c2ca agent: fix the broken protobuf generation code
b48322d4 packaging: Remove obs packages testing for kata 2.0
ad16d75c runtime: Remove docker comments for kata 2.0 configuration.tomls
905e124b docs: fix agent proto file path

Compatibility with CRI-O

Kata Containers 2.4.0-alpha2 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.4.0-alpha2 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.4.0-alpha2 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.4.0-alpha2 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

libseccomp

Kata Linux Containers image

Agent version: 2.4.0-alpha2

Default Image Guest OS:

Default Initrd Guest OS:

Kata Linux Containers Kernel

Kata Containers 2.4.0-alpha2 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers - # Release 2.3.1

Published by snir911 almost 3 years ago

NOTICE

Kata 2.3.1 binaries hasn't been uploaded due to a failure in kata-deploy (https://github.com/kata-containers/kata-containers/issues/3429)
If you're using kata-deploy we encourage you to use 2.3.2 or newer version

kata-containers Changes

Shortlog

a2e524f3 release: Kata Containers 2.3.1
dfbe74c4 kata-deploy: fix tar command in dockerfile
9e7eed7c versions: Upgrade to Cloud Hypervisor v20.2
53cf1dd0 tools/packaging: add copyright to kata-monitor's Dockerfile
a4dee6a5 packaging: delint tests dockerfiles
fd87b60c packaging: delint kata-deploy dockerfiles
2cb4f7ba ci/openshift-ci: delint dockerfiles
993dcc94 osbuilder: delint dockerfiles
bbd7cc2f packaging: delint kata-monitor dockerfiles
9837ec72 packaging: delint static-build dockerfiles
8785106f packaging/qemu: Use QEMU script to update submodules
a915f082 packaging/qemu: Use partial git clone
ec3faab8 security: Update rust crate versions
1f61be84 osbuilder: Add protoc to the alpine container
d2d8f9ac osbuilder: avoid to copy versions.txt which already deprecated
ca30eee3 kata-manager: Retrieve static tarball
0217abce kata-deploy: Deal with empty containerd conf file
572b25dd osbuilder: be runtime consistent also with podman build
84e69ecb agent: user container ID as watchable storage key for hashmap
77b6cfbd docs: Fix kernel configs README spelling errors
24085c95 docs: Fix outdated k8s link
514bf74f docs: Replicate branch rename on runtime-spec
77a2502a cri-o: Update links for the CRI-O github page
6413ecf4 docs: Backport source reorganization links
a0bed72d versions: Upgrade to Cloud Hypervisor v20.1
d03e05e8 versions: Use fixed, minor version for Alpine
0f7db91c osbuilder: Revert to using apk.static for Alpine
271d67a8 runtime: only call stopVirtiofsd when shared_fs is virtio-fs
7c15335d versions: Use Ubuntu initrd for non-musl archs
15080f20 virtcontainers: clh: Upgrade to openapi-generator v5.3.0
c2b8eb3c virtcontainers: clh: Re-generate the client code
fe0fbab5 versions: Upgrade to Cloud Hypervisor v20.0
be5468fd packaging: Fix missing commit message in building kata-runtime
18bb9a5d runtime: enable vhost-net for rootless hypervisor
3458073d agent: create directories for watchable-bind mounts
0e91503c runtime: enable FUSE_DAX kernel config for DAX

Compatibility with CRI-O

Kata Containers 2.3.1 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.3.1 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.3.1 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.3.1 is compatible with Kubernetes 1.22.0-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

libseccomp

Kata Linux Containers image

Agent version: 2.3.1

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.13"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.13"

Kata Linux Containers Kernel

Kata Containers 2.3.1 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers - # Release 2.4.0-alpha1

Published by snir911 almost 3 years ago

kata-containers Changes

Shortlog

117fc9c9 release: Kata Containers 2.4.0-alpha1
e2c1e65e kata-deploy: fix tar command in dockerfile
7b03d78f vendor: update to containerd v1.6.0-beta.4
1f581a04 versions: Upgrade to Cloud Hypervisor v20.2
2d0f9d2d vc: remove swagger binary
1c4edb96 agent: Refactor arg parsing to use clap
615224e9 agent: move the protocols to upper libs
330e3dcc agent: move the oci crate to upper libs
623d8f08 docs: Remove word duplication
3093f93a osbuilder: Restore Debian as a rootfs
2254fa86 runtime: fix a typo in kata-collect-data.sh
cf91307c agent: return detail error message for rpc calls from shim
073a3459 use-cases: clarify vhost-user-nvme status in using-spdk-vhost-user
d79268ac tools/packaging: add copyright to kata-monitor's Dockerfile
428cf0a6 packaging: delint tests dockerfiles
1ea9b703 packaging: delint kata-deploy dockerfiles
3669e1b6 ci/openshift-ci: delint dockerfiles
aeb2b673 osbuilder: delint dockerfiles
bc120289 packaging: delint kata-monitor dockerfiles
bc71dd58 packaging: delint static-build dockerfiles
7304e52a Makefile: update make go-test call
f3a97e94 docs: add how-to on Docker in Kata
7b356151 agent: Log unknown seccomp system calls
c66b5668 agent: Ignore unknown seccomp system calls
91abebf9 agent: mount: Remove unneeded mount_point local variable
137e217b docs: Fix outdated k8s link
205420d2 docs: Replicate branch rename on runtime-spec
55bac67a docs: Fix kernel configs README spelling errors
b1f4e945 security: Update rust crate versions
cb5c948a kata-manager: Retrieve static tarball
d1bc409d osbuilder: avoid to copy versions.txt which already deprecated
12c8e41c qemu: Disable libudev for QEMU 5.2 and newer
99ef52a3 osbuilder: Add protoc to the alpine container
c2578cd9 docs: Clarify where to run agent API generation commands
2938bb7f packaging/qemu: Use QEMU script to update submodules
5d49ccd6 packaging/qemu: Use partial git clone
fb1989b2 docs: Fix arch doc formatting
321995b7 CI: Switch to a mirror as gnu.org is down
233015a6 docs: Split guest assets details out of arch doc
db411c23 docs: Split k8s info out of arch doc
7ac619b2 docs: Split networking out of arch doc
5df0cb64 docs: Split storage out of arch doc
7229b7a6 docs: Split background and example out of arch doc
283d7d52 docs: Split history out of arch doc
6f9efb40 docs: Move arch doc to separate directory
87a219a1 docs: Update the stable branch strategy
1653dd4a tracing: Add span name to logging error
02608e13 docs: Update code PR advice document
1a34fbcd agent: Add config file option to cli
7a989a83 runtime: api-test: fixup
52f79aef utils: update container type handling
51bf9807 docs: Update architecture document
5b002f3c docs: change io/ioutil to io/os packages
03546f75 runtime: change io/ioutil to io/os packages
24a530ce versions: bump minimum golang version to 1.16.10
84571506 kata-deploy: Deal with empty containerd conf file
7c4263b3 src: reorg source directories
3f7cf7ae osbuilder: show usage if no options/arguments specified
bbfb10e1 versions: Upgrade to Cloud Hypervisor v20.1
6b3e4c21 image_build: add help info for '-f' option and 'BLOCK_SIZE' env.
2ebaaac7 osbuilder: be runtime consistent also with podman build
2204ecac versions: Upgrade Alpine, using minor version
dfd0732f osbuilder: Revert to using apk.static for Alpine
b92babf9 runtime/template: Handling new attributes for hypervisor config
f3103696 docs: fix check-markdown test
33f343ee runtime: correct span name for stopSandbox function
40bd34ca runtime: only call stopVirtiofsd when shared_fs is virtio-fs
ff929fc0 snap: read initrd and image distros from version.yaml
d7cc952c versions: Use Ubuntu initrd for non-musl archs
8fae2631 packaging: Fix missing commit message in building kata-runtime
99530026 virtcontainers: clh: Upgrade to openapi-generator v5.3.0
39b35d00 agent: user container ID as watchable storage key for hashmap
b3bcb7b2 runtime: enable vhost-net for rootless hypervisor
1e6f58e5 packaging: add help information for '-f' option in install_go.sh
7cb7b9d5 agent: remove unused field in mount handling
f6ae1582 agent: drop unused fields from network
4756a04b virtcontainers: clh: Re-generate the client code
0bf4d257 versions: Upgrade to Cloud Hypervisor v20.0
647082b2 docs: Update limitation document regarding docker swarm
6105e3ee runtime: enable FUSE_DAX kernel config for DAX
2af95bc5 agent: create directories for watchable-bind mounts
591d4af1 runtime: Update comments for virtcontainers to use kata 2.0
afb96c00 agent: Wrap remaining nix errors with anyhow
aba572e0 rustjail: Wrap remaining nix errors with anyhow
30d60078 uevent: Fix clippy issue in test code
4a2be13c agent: Upgrade nix version for security fix
256d5008 agent: Update crate versions
13257986 agent-ctl: Update rust lockfile
4ebdd424 forwarder: Update rust lockfile
6007322d agent: Fixed invalid error message
923e098d osbuilder: Remove debian as a rootfs

Compatibility with CRI-O

Kata Containers 2.4.0-alpha1 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.4.0-alpha1 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.4.0-alpha1 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.4.0-alpha1 is compatible with Kubernetes 1.22.0-00

Libseccomp Notices

The binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the which is not statically linked with the library, you can build
a custom that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.4.0-alpha1

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

Kata Linux Containers Kernel

Kata Containers 2.4.0-alpha1 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers - # Release 2.3.0

Published by fidencio almost 3 years ago

kata-containers Changes

2.3 release of Kata Containers introduces several new features and cleanup. Highlights include of 2.3.0 include:

Better support for VFIO to enable DPDK workloads
Improvements on getting metrics via Kata Monitor
Improvements on kata-deploy and its documentation
Seccomp support
Improvements on tracing
Fixes / Improvements from the host cgroups
Fixes for the agent's files watcher
Fixes for the Firecracker integration
Support for swap device within guest
A whole lot of cleanups

There are a few changes which will impact users when upgrading to 2.3. Take note of the following:

The runtime was updated to utilize QEMU 6.1. Utilization of older versions of QEMU are not supported, and some features will be broken if 6.1 isn't utilized (at least block device support).
The 2.3 agent introduces SECCOMP support, which is enabled by default in the initial 2.3 release. With its initial support, static build of the agent is broken when SECCOMP is utilized. If users require a statically built agent, they should consider building the agent without sec comp (for example, cd ./src/agent && make SECCOMP=no
As part of our cleanup and refactoring, built configuration files can be found at ./src/runtime/config/ instead of ./src/runtime/cli/config/.

Shortlog

9bc543f5 release: Kata Containers 2.3.0
198e0d16 release: Adapt kata-deploy for 2.3.0
df34e919 osbuilder: fix missing cpio package when building rootfs-initrd image
f61e31cd osbuilder: add coreutils to guest rootfs
2667e028 workflows: only allow org members to run /test_kata_deploy
3542cba8 workflows: Add back the checks for running test-kata-deploy
117b9202 kata-deploy: Ensure we test HEAD with /test_kata_deploy
cb7891e0 tools/osbuilder: build QAT kernel in fedora 34
db9cd107 watcher: tests: ensure there is 20ms delay between fs writes
a51a1f6d watchers: handle symlinked directories, dir removal
5bc1c209 watchers: don't dereference symlinks when copying files
34a1b539 stable-2.3: add VFIO kernel dependencies for ppc64le
8a705f74 runtime: Update containerd to 1.5.8
ac5ab86e qemu: fix snap build by disabling libudev
d22ec599 virtcontainers: fix failing template test on ppc64le
b8215119 cgroups: Fix systemd cgroup support
a9d5377b cgroups: pass vhost-vsock device to cgroup
ea83ff1f runtime: remove prefix when cgroups are managed by systemd
f9bde321 workflows: Remove non-used main.yaml
91003c27 versions: bump golang to 1.17.x
5e9b807b release: Use ${GOPATH}/bin/yq for upload-libseccomp-tarball action
de0eea5f release: Kata Containers 2.3.0-rc1
96b66d2c docs: Fix typo
62a51d51 runtime: Revert "runtime: use containerd package instead of cri-containerd"
99c46be7 release: Kata Containers 2.3.0-rc0
d17100ae vendor: update OpenTelemetry to v1.0.0
84ccdd8e vendor: update OpenTelemetry to v0.20.0
9d3ec583 runtime: make sure the "Shutdown" trace span have a correct end
09d5d883 runtime: tracing: Change method for adding tags
bcf3e82c logging: Enable agent debug output for release builds
b468dc50 agent: Use dup3 system call in unit tests of seccomp
1aaa0599 agent: "Revert agent: Disable seccomp feature on aarch64 temporarily"
375ad2b2 runtime: Enhancement for Makefile
a239a38f osbuilder: build image-builder image from Fedora 34
1e331f75 agent: refactor process IO processing
7e401952 agent-ctl: Add stub for AddSwap API
82de838e agent-ctl: Update for Hybrid VSOCK
d1bcf105 forwarder: Remove quotes from socket path in doc
2b139449 docs: Fix outdated links
9b270d72 ci/install_libseccomp: use a temporary work directory
98b44061 ci/install_libseccomp: Fix fail when DESTDIR is set
e66d0473 virtcontainers: simplify read-only mount handling
3f21af9c runtime: add fast-test to let test exit on error
17a8c5c6 runtime: Fix random failure for TestIoCopy
6cc8000c cli: Show available guest protection in env output
2063b138 virtcontainers: Add func AvailableGuestProtections
d45c86de versions: Update CRI-O to its 1.22 release
c4a64263 versions: Update k8s & critools to v1.22
d789b429 package: assign proper value to redefined_string
881b9964 agent: Make wording of error message match CRI-O test suite
7a80aeb0 docs: Moving from EOT to EOF
338ac875 virtcontainers: api: update the functions in the api.md docs
23496f94 release: Upload libseccomp sources with notice to release page
309dae63 virtcontainers: check that both initrd and image are not set
42804151 agent: Fix the configuration sample file
46720c61 runtime: set tags for trace span
c509a204 agent-ctl: Implement Linux OCI spec handling
e610fc82 runtime: Remove comments about unsupported features in config for clh
bdf48241 tools/packaging: Add options for VFIO to guest kernel
42add7f2 agent: Disable seccomp feature on aarch64 temporarily
5dfedc2b docs: Add explanation about seccomp
45e7c2ca static-checks: Add step for installing libseccomp
a3647e34 osbuilder: Set up libseccomp library
3be50ada agent: Add support for Seccomp
b0bc71f4 ci: test-kata-deploy: Get rid of slash-command-action action
37fa453d osbuilder: Update QAT driver in Dockerfile
a10cfffd forwarder: Fix changing log level
6abccb92 forwarder: Drop privileges when using hybrid VSOCK
b67fa9e4 forwarder: Make explicit root check
e377578e forwarder: Fix docs socket path
d2a7b6ff packaging/static-build: s390x fixes
bf00b8df agent-ctl: improve the oci_to_grpc code
5f5eca6b agent: do not return error but print it if task wait failed
5f306330 virtcontainers: delete duplicated notify in watchHypervisor function
a13e2f77 agent: Handle uevent remove actions
57c0f93f agent: fix race condition when test watcher
1a96b8ba template: disable template unit test on arm
43b13a4a runtime: DefaultMaxVCPUs should not greater than defaultMaxQemuVCPUs
c59c3673 runtime: current vcpu number should be limited
fa922517 runtime: kernel version with '+' as suffix panic in parse
b40eedc9 rustjail: Consistent coding style of LinuxDevice type
f5172d1c cli: Fix outdated kata-runtime bash completion
34273da9 runtime/device: Allow VFIO devices to be presented to guest as VFIO devices
68696e05 runtime: Add parameter to constrainGRPCSpec to control VFIO handling
d9e2e9ed runtime: Rename constraintGRPCSpec to improve grammar
57ab4085 runtime: Introduce "vfio_mode" config variable and annotation
730b9c43 agent/device: Create device nodes for VFIO devices
175f9b06 rustjail: Allow container devices in subdirectories
9891efc6 rustjail: Correct sanity checks on device path
d6b62c02 rustjail: Change mknod_dev() and bind_dev() to take relative device path
2680c0bf rustjail: Provide useful context on device node creation errors
42b92b2b agent/device: Allow container devname to differ from the host
827a41f9 agent/device: Refactor update_spec_device_list()
8ceadcc5 agent/device: Sanity check guest IOMMU groups
ff59db75 agent/device: Add function to get IOMMU group for a PCI device
13b06a35 agent/device: Rebind VFIO devices to VFIO driver inside guest
e22bd782 agent/device: Add helper function for binding a guest device to a driver
52268d0e hypervisor: Expose the hypervisor itself
a72bed5b hypervisor: update tests based on createSandbox->CreateVM change
f434bcbf hypervisor: createSandbox is CreateVM
76f1ce9e hypervisor: startSandbox is StartVM
fd24a695 hypervisor: waitSandbox is waitVM
a6385c8f hypervisor: stopSandbox is StopVM
f989078c hypervisor: resumeSandbox is ResumeVM
73b4f27c hypervisor: saveSandbox is SaveVM
7308610c hypervisor: pauseSandbox is nothing but PauseVM
8f78e1cc hypervisor: The SandboxConsole is the VM's console
4d47aeef hypervisor: Export generic interface methods
6baf2586 hypervisor: Minimal exports of generic hypervisor internal fields
8030b6ca virtcontainers: clh: Re-generate the client code
8296754e versions: Upgrade to Cloud Hypervisor v19.0
4f75ccb9 docs: use-cases: Update Intel SGX use case
51cbe145 runtime: Add option "disable_seccomp" to config hypervisor.clh
98b7350a virtcontainers: clh: Enable the seccomp feature
b625f62d runtime: delete cri containerd plugin from versions.yaml
09a5e03f docs: Write tracing documentation
4f018b52 runtime: delete useless src/runtime/cli/exit.go
24fff57c snap: make curl commands consistent
2b9f79cf snap: add cloud-hypervisor and experimental kernel
50da26d3 osbuilder: Call detect_rust_version() right before install_rust.sh
b4fadc94 docs: Updating Developer Guide re qemu-img
b8e69ce5 versions: Add libseccomp and gperf version
e61f5e29 runtime: Show socket path in kata-env output
5b3a349d trace-forwarder: Support Hybrid VSOCK
273a1a9a runtime: optimize test code
76f16fd1 runtime: use containerd package instead of cri-containerd
6d55b1ba docs: use containerd to replace cri-containerd
ed02bc90 packaging: add containerd to versions.yaml
adc9e0ba runtime: fix two bugs in rootless hypervisor
4d7ddffe utils: kata-manager: Update kata-manager.sh for new containerd config
f34f67d6 osbuilder: Specify version when installing Rust
135a0802 osbuilder: Pass CI env to container agent build
eb5dd76e osbuilder: Re-enable building the agent in Docker
7d0b616c agent: Do not fail when trying to adding existing routes
bcffa263 tracing: Fix typo in "package" tag name
e42bc05c kata-deploy: add .dockerignore file
3f95469a runtime: logging: Add variable for syslog tag
321be0f7 tracing: Remove trace mode and trace type
8873ddab release: Kata Containers 2.3.0-alpha2
f7f6bd01 kata-monitor: add index page
7b2bfd4e virtcontainers: clh: Use 'quiet' as the default kernel parameter
3e24e46c virtcontainers: clh: Turn-off serial and virtio-console by default
176dee6f agent: exec should inherit container process capabilities
a9c2a4ba GitHubActions: fix invalid format of require-pr-porting-labels.yaml
2d7b65e8 agent: flush root span before process finish
72044180 agent/device: Return PCI address from wait_for_pci_device()
e50b05d9 agent/pci: Add type to represent PCI addresses
8528157b agent/pci: Extend Slot type to represent PCI function as well
c4236cb2 packaging/kernel: Add CONFIG_PCI_MMCONFIG to x86 guest kernel configuration
5c77cc2c runtime: don't start shim management server in tests
80463b44 qemu: use GitLab repos instead of qemu.org
bf8f582c runtime: optimize code for managing temp users for rootless mode
08360c98 agent: Add an agent configutation file example
8a4e69d2 agent: rpc: Return UNIMPLEMENTED for not allowed endpoints
0ea2e3af agent: config: Allow for building the configuration from a file
63539dc9 agent: config: Add allowed endpoints
a953fea3 agent: config: Simplify configuration creation
b888edc2 agent: config: Implement Default
762922a5 runtime: delete func ConstraintsToVCPUs
4f485430 runtime: delete virtcontainers-setup.sh
191d0016 vendor: Update containerd to v1.5.7
18bff584 runtime: Optimize func noNeedForOutput and add test cases
7eac2ec7 protection: add confidential compute frame for arm
8acfc154 check: fix typecheck failure in qemu_arm64_test.go
5b02d54e virtcontainers: fix lint failure on ppc64le
ff9728f0 virtcontainers: nolint guestProtection
5c138c8f runtime: Fix field alignment on s390x
80f6b977 osbuilder: fixing centos gpg key url for ppc64le
a44cde7e agent: netlink: Use the grpc IP family field when updating the route
71ce6cfe runtime: Pass the route IP family to the agent
99450bd1 agent: protos: Add a Family field to the Route payload
f85fe702 runtime: vendor: Bump the netlink package dependency
e439cec7 cmd: fix field alignment on ppc64le
e5159ea7 cmd: get return value for setCPUtype
cd1064b1 packaging: Configure QEMU with --enable-pie
2ce8d426 clh: Suppress hypervisor output to make guest output visible
13e65f2e cmd: Fix mismatched types in testModuleData
870771d7 runtime: update .gitignore to ignore monitor_address file
bb99bfb4 runtime: fix the make check-go-static command error
814cea96 virtcontainers: clean up useless code
907459c1 agent/device: Don't force PCI rescans
75f426dd agent: Simplify do_add_swap()
aad1a873 runtime/device: Give the agent information about VFIO devices
ebd7b618 runtime: Don't repeat GetDeviceByID between appendDevices() and append*()
ad45c52f runtime/device: Record guest PCI path for VFIO devices
5c2af3e3 runtime/device: Refactor hotplugVFIODevice() to have common exit path
8bc71105 agent/device: Add device type for VFIO devices
f7a27075 agent: Move driver type constants into device.rs
5b1eb08b agent/uevent: Improve logging of wait_for_uevent()
cf36fd87 runtime: Fix some leftover go fmt errors
da42cbc0 actions: Build experimental kernel on kata-deploy push action
dffc5092 kernel: Enable SGX in experimental kernel.
ff6a677d kernel-build: Enable multiple config types.
90046964 experimental-kernel: bump 5.13.10
1fbb7304 build: kata-deploy kernel experimental
e5fe53f0 runtime: fix nil reference in cleanup rootless user
6d94957a kernel: reduce alignment size of memory hotplug to 128M
48090f62 qemu: disable plug on arm64 when pie is added
2304a596 runtime: set the sandbox storage path static
315295e0 runtime: rename GetSanboxesStoragePath() --> GetSandboxesStoragePath()
47516988 virtcontainers: Fix incorrect scripts path
3b0c4bf9 runtime: clear virtcontainers cgroup duplicated function
8b0bc1f4 kata-monitor: bump version to 0.2.0
bfb556d5 kata-monitor: refresh kata sandbox list on fs events
0e854f3b kata-monitor: improve detection of kata workloads
afad910d kata-monitor: add getSandboxFS()
e38686f7 runtime: add GetSandboxesStoragePath()
245a12bb kata-monitor: improve sandbox caching
fc067d61 kata-monitor: warn when unable to retrive the lower level runtime
53ec4df9 kata-monitor: minor fixes
57e3712d virtiofs: fix error report in TestVirtiofsdStart when go test running
a525991c workflows: Fix the config file path for using vendored sources
39dcbaa6 workflows: Fix tag attribution
04139ba6 release: Kata Containers 2.3.0-alpha1
48fb1d92 virtiofs: Create shared directory with 0700 mode, not 0750
272771dc watcher: ensure we create target mount point for storage
439e5ac3 packaging: fix qemu build on ppc64le
39cd05e0 runtime: tracing: Use root context to stop tracing
8bbcb06a qemu: Disable SHPC hotplug
cc4983ee runtime: Remove unused qemuArchBase.appendBridges definition
e248de46 vendor: Update govmm
3bdcfaa6 kata-deploy: Add more info about the stable tag
41c590fa kata-deploy: Improve README
debf3c9f kata-deploy: Remove qemu-virtiofs runtime class
43a72d76 release: update the kata-deploy yaml files accordingly
ea9b2f9c kata-deploy: Add "stable" info to the README
e5411056 kata-deploy: Update the README
9acf4e5d kata-deploy: Add stable yaml files
a86babe0 kata-deploy: Point to the latest release
a156288c workflows: Add "stable" & "latest" tags to kata-deploy
077b77c1 runtime: tracing: Fix logger passed in newContainer
bb18cd47 virtcontainers: update VC SandboxConfig API add SandboxBindMounts field
58e77a3c sandbox: Allow the device to be accessed,such as /dev/null and /dev/urandom
0ca8c272 qemu: add v5.1.0 dir under tag_patches
1fe080fd threat-model: Add missing threat-model document
305afc8b docs: documentation for running non-root VMM
21c85116 workflows,release: Upload the vendored cargo code
1cfe5930 runtime: Run QEMU using a non-root user/group
fd983738 runtime: update .gitignore file cleare the vc shim config
9a6d56f1 runtime: fix empty cgroup path validation error
90e63887 ci: Call agent shutdown test only in the correspondent CI_JOB
9353cd77 runtime: Remove outdated TestStoreContainer
067c44d0 runtime: fix UT build failure
9a311a2b docs: fix invalid kernel dax doc url
e7c42fbc runtime: unify generated config
4f7cc186 runtime: refactor commandline code directory
a6066404 virtcontainers: update VC HypervisorConfig API add three lost fields
d865c809 virtcontainers: add unit tests for container.go
d00decc9 runtime: clh: Enable hugepages support
9d3cd984 agent/mount: Remove unused ensure_destination_exists()
64aa5623 agent: Correct mount point creation
08d7aebc agent/mount: Split out regular file case from ensure_destination_exists()
9fa3beff agent: Remove unnecessary BareMount structure
49282854 agent: Simplify BareMount::mount by using nix::mount::mount
25ac3524 versions: Allow newer Rust versions
851d5f86 tests: Correct heading in static checks test
64bb803f runtime/qemu: Move from query-cpus to query-cpus-fast
25670d30 packaging/qemu: Update qemu-exerimental version to v6.1.0
041a513f versions: Update qemu to v6.1.0
81de2d47 packaging: Correct error message in apply_patches.sh
4b7e4a4c runtime: Vendoring update
8d9d6e6a docs: Host cgroups documentation update
9bed2ade virtcontainers: Convert to the new cgroups package API
b42ed393 virtcontainers: cgroups: Add a containerd API based cgroups package
f17752b0 virtcontainers: container: Do not create and manage container host cgroups
dc7e9bce virtcontainers: sandbox: Host cgroups partitioning
f811026c virtcontainers: Unconditionally create the sandbox cgroup manager
d67a414b src/runtime/README.md: Fix URL of Licence
74d645cd how-to: Add how-to-setup-swap-devices-in-guest-kernel.md
2174fee4 docs: Add swap annotations introduction
f785ff0b virtcontainers: clh: Revert the workaround incorrect default values
0e0e59dc virtcontainers: clh: Re-generate the client code
f0b53314 versions: Upgrade to Cloud Hypervisor v18.0
13b8bb0c runtime: Fix README link
1fff9be7 qemu: remove default config for arm64.
71f915c6 sandbox: Add device permissions such as /dev/null to cgroup
62baa48e virtcontainers: fc: parse vcpuID correctly
11652136 actions: test make kata-tarball
626d659f actions: kata-deploy on PRs and use makefile
78d99f51 kata-deploy: Make verbose single builds
59486b85 kata-deploy: Add tarball suffix to makefile targets
96e1246b makefile: Include kata-deploy targets
2abc450a test: enable running tests under root user
924a68d0 osbuilder: Change to "=" operator to make script more portable
d422789f makefile: Fix error exit status code
bfcee911 osbuilder: fix inconsistent calculation of fs size
e2a9e78c virtcontainers: Remove NewStoreFeature
4996f9b7 snap: Test variable instead of executing "branch"
256c3b27 license: drop redundent license files
bcc9fa3b hotplugAddBlockDevice: Use ExecuteBlockdevAddWithDriverCache with swap
bd85da04 vendor: Update vendor/github.com/kata-containers/govmm
18c95b9a release: Kata Containers 2.3.0-alpha0
8f0f949a tracing: Move dynamically added attributes to Trace()
87de26bd tracing: Modify Trace() to accept multiple tag maps
8058e972 tracing: Change runtime tracing tags to vars
0c7789fa runtime: Add container field to logs
72e3538e shimv2: add information to method comment
8dadca9c shimv2: add logging to shimv2 api calls
2250360b docs: remove mentioning of qemu-lite
a9de761d runtime: drop qemu-lite support
8ae3edbc runtime: fix default hypervisor path
39ffd8ee runtime: delete types or const that no longer needed
ff37f5c7 runtime: Optimize the way slice created
a99fcc3a virtcontainers: simplify tests
932ee41b virtcontainers: clh: Workaround incorrect default values
bff38e4f virtcontainers: clh: Fix the unit test
d967d3cb virtcontainers: clh: Use constructors to ensure proper default value
a6a2e525 virtcontainers: clh: Migrate to use the updated client APIs
46eb07e1 virtcontainers: clh: Re-generate the client code
80fba4d6 virtcontainers: clh: Upgrade to the openapi-generator v5.2.1
938981be build_image: Fix error soft link about initrd.img
b8717f35 ci: Temporarily skip agent shutdown test on s390x
87bbae1b fc: fix version parsing for fc >= 0.25
9de1129b osbuilder: Fix rootfs-builder when running in VMs
65a1e131 osbuilder: Allow running the tool several times
a4214738 osbuilder: Fix Makefile
2304f935 docs: update the GoDoc url from kata 1.x to 2.x
2a614577 docs: update how-to README file for Firecracker config
8594f80c ci/openshift-ci: Pull centos from registry.centos.org
486baba7 docs: update containerd CRI plugin url

Compatibility with CRI-O

Kata Containers 2.3.0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.3.0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.3.0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.3.0 is compatible with Kubernetes 1.22.0-00

Libseccomp Notices

The binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the which is not statically linked with the library, you can build
a custom that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.3.0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.13.5"
ppc64le:
name: "alpine"
version: "3.13.5"
s390x:
name: "alpine"
version: "3.13.5"
x86_64:
name: "alpine"
version: "3.13.5"

Kata Linux Containers Kernel

Kata Containers 2.3.0 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers - # Release 2.4.0-alpha0

Published by fidencio almost 3 years ago

kata-containers Changes

Shortlog

72b8144b release: Kata Containers 2.4.0-alpha0
8ee67aae osbuilder: fix missing cpio package when building rootfs-initrd image
f59d3ff6 osbuilder: add coreutils to guest rootfs
5e7c1a29 workflows: only allow org members to run /test_kata_deploy
a32e02a1 agent: use temp directory as root of test containers
857501d8 tools/osbuilder: build QAT kernel in fedora 34
6a0b7165 agent: refactor find_process function and add test cases
ce92cadc vc: hypervisor: remove setSandbox
2227c46c vc: hypervisor: use our own logger
4c2883f7 vc: hypervisor: remove dependency on persist API
34f23de5 vc: hypervisor: Remove need to get shared address from sandbox
c28e5a78 acrn: remove dependency on sandbox, persistapi datatypes
a0e0e186 hypervisors: introduce pkg to unbreak vc/persist dependency
ce0693d6 agent: clear cargo test warnings
f0734f52 docs: Remove extraneous whitespace
aff32756 docs: Add a code PR advice document
d41c375c docs: Add more advice to the UT advice doc
baf4f76d docs: More detail on running tests as different users
fcf45b0c docs: Use more idiomatic rust string check
9fed7d0b docs: Mention anyhow for error handling in UT doc
318b3f18 docs: No present continuous in UT advice doc
e8bb6b26 docs: Correct repo name usage
c1111a1d docs: Use leading caps for lang names in UT advice doc
597b239e docs: Remove TOC in UT advice doc
cf360fad docs: Move unit test advice doc from tests repo
bc955814 docs: Move doc requirements section higher
5ba2f52c tools: Quote functions arguments in the update repos script
5dbd752f tools: Remove the check for the VERSION file
85eb743f tools: Make hub usage slightly less fragile
76540dbd tools: Automatically revert kata-deploy changes
36d73c96 tools: Do the kata-deploy changes on its own commit
c8e22daf tools: Use vars for the registry in the update repo script
ac958a30 tools: Use vars for the yaml files used in the update repo script
edca8292 tools: Rewrite the logic around kata-deploy changes
31f6c2c2 tools: Update comments about the kata-deploy yaml changes
ddc68131 runtime: delete netmon
bd3217da agent: Remove redundant returns
adab6434 agent: Remove some unwrap and expect calls
351cef7b agent: Remove unwrap from verify_cid()
a7d1c70c agent: Improve baremount
09abcd4d agent-ctl: Remove some unwrap and expect calls
35db75ba agent-ctl: Remove redundant returns
46e45958 agent-ctl: Simplify main
c7349d0b agent-ctl: Simplify error handling
0c6c0735 agent: fixed the make optimize bug
705687dc docs: Add kata-deploy as part of the install docs
acece849 docs: Use the default notation for "Note" on install README
143fb278 kata-deploy: Use the default notation for "Note"
45d76407 kata-deploy: Don't mention arch specific binaries in the README
a7c08aa4 workflows: Add back the checks for running test-kata-deploy
3c9ae7fb kata-deploy: Ensure we test HEAD with /test_kata_deploy
46fd5069 docs: update using-SPDK-vhostuser-and-kata.md
78dff468 agent/device: Adjust PCIDEVICE_* container environment variables for VM
4530e7df agent/device: Use simpler structure in update_spec_devices()
b6062278 agent/device: Correct misleading comment on test case
89ff7000 agent/device: Remove unnecessary check for empty container_path
c855a312 agent/device: Make DevIndex local to update_spec_devices()
084538d3 agent/device: Change update_spec_device to handle multiple devices at once
d6a3ebc4 agent/device: Obtain guest major/minor numbers when creating DevNumUpdate
f4982130 agent/device: Check for conflicting device updates
f10e8c81 agent/device: Batch changes to the OCI specification
46a4020e agent/device: Types to represent update for a device in the OCI spec
e7beed54 agent/device: Remove unneeded clone() from several device handlers
2029eeeb agent/device: Improve update_spec_device() final_path handling
57541315 agent/device: Correct misleading parameter name in update_spec_device()
0c51da3d agent/device: Correct misleading error message in update_spec_device()
94b7936f agent/device: Use nix::sys::stat::{major,minor} instead of libc::*
b5dfcf26 watcher: tests: ensure there is 20ms delay between fs writes
296e76f8 watchers: handle symlinked directories, dir removal
2b6dfe41 watchers: don't dereference symlinks when copying files
6955d144 kata-deploy: Add back stable & latest tags
bbaf57ad agent: fix the issue of missing create a new session for container
0380b9bd runtime: Update containerd to 1.5.8
112ea258 qemu: fix snap build by disabling libudev
d5a18173 virtcontainers: fix failing template test on ppc64le
599bc0c2 agent: Update README
7e6f2b8d vc-utils: don't export unused function
860f3088 virtcontainers: move oci, uuid packages top level
8acb3a32 virtcontainers: remove unused package nsenter
4788cb82 vc-network: remove unused functions
b6ebddd7 oci: remove unused function GetContainerType
1e7cb4bc macvlan: drop bridged part of name
55412044 monitor: Fix monitor race condition doing hypervisor.check()
eb11d053 cri-o: Update deployment documentation
92e3a140 cri-o: Update links for the CRI-O github page
0a19340a cri-o: Remove outdated documentation
bcf181b7 cgroups: Fix systemd cgroup support
b34ed403 cgroups: pass vhost-vsock device to cgroup
7362e1e8 runtime: remove prefix when cgroups are managed by systemd
09f7962f runtime: merge virtcontainers/pkg/types into virtcontainers/types
a3b3c85e workflows: Remove non-used main.yaml
1b1790fd agent/src: improve unit test coverage for src/namespace.rs
570915a8 docs: update kata 2.0 metrics documentation
6339fdd1 docs: update kata metrics architecture image
6acedc25 runtime: delete not used codes
395638c4 versions: bump golang to 1.17.x
34307235 release: Use ${GOPATH}/bin/yq for upload-libseccomp-tarball action
8ab90e10 agent-ctl: Allow API specification in JSON format
b7b89905 virtcontainers: Lint protection types
57bb7ffa agent: check environment variables if empty or invalid
eacfcdec runtime: Revert "runtime: use containerd package instead of cri-containerd"
e7856ff1 rustjail: Fix created time of container
87f67606 agent: Remove dynamic tracing APIs
b09dd7a8 docs: Fix typo
7566b736 kernel: add VFIO kernel dependencies for ppc64le
d47484e7 logging: Always run crate tests
5c9c0b6e build: Fix default target

Compatibility with CRI-O

Kata Containers 2.4.0-alpha0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.4.0-alpha0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.4.0-alpha0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.4.0-alpha0 is compatible with Kubernetes 1.22.0-00

Libseccomp Notices

The binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the which is not statically linked with the library, you can build
a custom that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.4.0-alpha0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.13.5"
ppc64le:
name: "alpine"
version: "3.13.5"
s390x:
name: "alpine"
version: "3.13.5"
x86_64:
name: "alpine"
version: "3.13.5"

Kata Linux Containers Kernel

Kata Containers 2.4.0-alpha0 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers - # Release 2.3.0-rc1

Published by fidencio almost 3 years ago

kata-containers Changes

Shortlog

5e9b807b release: Use ${GOPATH}/bin/yq for upload-libseccomp-tarball action
de0eea5f release: Kata Containers 2.3.0-rc1
96b66d2c docs: Fix typo
62a51d51 runtime: Revert "runtime: use containerd package instead of cri-containerd"

Compatibility with CRI-O

Kata Containers 2.3.0-rc1 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.3.0-rc1 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.3.0-rc1 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.3.0-rc1 is compatible with Kubernetes 1.22.0-00

Libseccomp Notices

The binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the which is not statically linked with the library, you can build
a custom that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.3.0-rc1

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.13.5"
ppc64le:
name: "alpine"
version: "3.13.5"
s390x:
name: "alpine"
version: "3.13.5"
x86_64:
name: "alpine"
version: "3.13.5"

Kata Linux Containers Kernel

Kata Containers 2.3.0-rc1 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers - Kata Containers 2.2.3

Published by bergwolf almost 3 years ago

Release 2.2.3

kata-containers Changes

Shortlog

b7493fd release: Kata Containers 2.2.3
4f73e58 packaging/static-build: s390x fixes
45f65a7 agent: Handle uevent remove actions
06d3049 agent: fix race condition when test watcher
0366f6e template: disable template unit test on arm
7cb650a runtime: DefaultMaxVCPUs should not greater than defaultMaxQemuVCPUs
e97cd23 runtime: current vcpu number should be limited
6b6d81c runtime: kernel version with '+' as suffix panic in parse
a479eca docs: Fix outdated links
ee3bf4a osbuilder: build image-builder image from Fedora 34
b794a39 virtcontainers: clh: Re-generate the client code
39d95f4 versions: Upgrade to Cloud Hypervisor v19.0

Compatibility with CRI-O

Kata Containers 2.2.3 is compatible with CRI-O

Compatibility with cri-containerd

Kata Containers 2.2.3 is compatible with cri-contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.2.3 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.2.3 is compatible with Kubernetes 1.21.1-00

Kata Linux Containers image

Agent version: 2.2.3

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.13.5"
ppc64le:
name: "alpine"
version: "3.13.5"
s390x:
name: "alpine"
version: "3.13.5"
x86_64:
name: "alpine"
version: "3.13.5"

Kata Linux Containers Kernel

Kata Containers 2.2.3 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers - # Release 2.3.0-rc0

Published by bergwolf almost 3 years ago

kata-containers Changes

NOTE: This release introduced a regression where kata-containers won't start when using old versions of container.
Please, use 2.3.0-rc1 instead, which brings back the compatibility with older containerd versions.

Shortlog

99c46be7 release: Kata Containers 2.3.0-rc0
d17100ae vendor: update OpenTelemetry to v1.0.0
84ccdd8e vendor: update OpenTelemetry to v0.20.0
9d3ec583 runtime: make sure the "Shutdown" trace span have a correct end
09d5d883 runtime: tracing: Change method for adding tags
bcf3e82c logging: Enable agent debug output for release builds
b468dc50 agent: Use dup3 system call in unit tests of seccomp
1aaa0599 agent: "Revert agent: Disable seccomp feature on aarch64 temporarily"
375ad2b2 runtime: Enhancement for Makefile
a239a38f osbuilder: build image-builder image from Fedora 34
1e331f75 agent: refactor process IO processing
7e401952 agent-ctl: Add stub for AddSwap API
82de838e agent-ctl: Update for Hybrid VSOCK
d1bcf105 forwarder: Remove quotes from socket path in doc
2b139449 docs: Fix outdated links
9b270d72 ci/install_libseccomp: use a temporary work directory
98b44061 ci/install_libseccomp: Fix fail when DESTDIR is set
e66d0473 virtcontainers: simplify read-only mount handling
3f21af9c runtime: add fast-test to let test exit on error
17a8c5c6 runtime: Fix random failure for TestIoCopy
6cc8000c cli: Show available guest protection in env output
2063b138 virtcontainers: Add func AvailableGuestProtections
d45c86de versions: Update CRI-O to its 1.22 release
c4a64263 versions: Update k8s & critools to v1.22
d789b429 package: assign proper value to redefined_string
881b9964 agent: Make wording of error message match CRI-O test suite
7a80aeb0 docs: Moving from EOT to EOF
338ac875 virtcontainers: api: update the functions in the api.md docs
23496f94 release: Upload libseccomp sources with notice to release page
309dae63 virtcontainers: check that both initrd and image are not set
42804151 agent: Fix the configuration sample file
46720c61 runtime: set tags for trace span
c509a204 agent-ctl: Implement Linux OCI spec handling
e610fc82 runtime: Remove comments about unsupported features in config for clh
bdf48241 tools/packaging: Add options for VFIO to guest kernel
42add7f2 agent: Disable seccomp feature on aarch64 temporarily
5dfedc2b docs: Add explanation about seccomp
45e7c2ca static-checks: Add step for installing libseccomp
a3647e34 osbuilder: Set up libseccomp library
3be50ada agent: Add support for Seccomp
b0bc71f4 ci: test-kata-deploy: Get rid of slash-command-action action
37fa453d osbuilder: Update QAT driver in Dockerfile
a10cfffd forwarder: Fix changing log level
6abccb92 forwarder: Drop privileges when using hybrid VSOCK
b67fa9e4 forwarder: Make explicit root check
e377578e forwarder: Fix docs socket path
d2a7b6ff packaging/static-build: s390x fixes
bf00b8df agent-ctl: improve the oci_to_grpc code
5f5eca6b agent: do not return error but print it if task wait failed
5f306330 virtcontainers: delete duplicated notify in watchHypervisor function
a13e2f77 agent: Handle uevent remove actions
57c0f93f agent: fix race condition when test watcher
1a96b8ba template: disable template unit test on arm
43b13a4a runtime: DefaultMaxVCPUs should not greater than defaultMaxQemuVCPUs
c59c3673 runtime: current vcpu number should be limited
fa922517 runtime: kernel version with '+' as suffix panic in parse
b40eedc9 rustjail: Consistent coding style of LinuxDevice type
f5172d1c cli: Fix outdated kata-runtime bash completion
34273da9 runtime/device: Allow VFIO devices to be presented to guest as VFIO devices
68696e05 runtime: Add parameter to constrainGRPCSpec to control VFIO handling
d9e2e9ed runtime: Rename constraintGRPCSpec to improve grammar
57ab4085 runtime: Introduce "vfio_mode" config variable and annotation
730b9c43 agent/device: Create device nodes for VFIO devices
175f9b06 rustjail: Allow container devices in subdirectories
9891efc6 rustjail: Correct sanity checks on device path
d6b62c02 rustjail: Change mknod_dev() and bind_dev() to take relative device path
2680c0bf rustjail: Provide useful context on device node creation errors
42b92b2b agent/device: Allow container devname to differ from the host
827a41f9 agent/device: Refactor update_spec_device_list()
8ceadcc5 agent/device: Sanity check guest IOMMU groups
ff59db75 agent/device: Add function to get IOMMU group for a PCI device
13b06a35 agent/device: Rebind VFIO devices to VFIO driver inside guest
e22bd782 agent/device: Add helper function for binding a guest device to a driver
52268d0e hypervisor: Expose the hypervisor itself
a72bed5b hypervisor: update tests based on createSandbox->CreateVM change
f434bcbf hypervisor: createSandbox is CreateVM
76f1ce9e hypervisor: startSandbox is StartVM
fd24a695 hypervisor: waitSandbox is waitVM
a6385c8f hypervisor: stopSandbox is StopVM
f989078c hypervisor: resumeSandbox is ResumeVM
73b4f27c hypervisor: saveSandbox is SaveVM
7308610c hypervisor: pauseSandbox is nothing but PauseVM
8f78e1cc hypervisor: The SandboxConsole is the VM's console
4d47aeef hypervisor: Export generic interface methods
6baf2586 hypervisor: Minimal exports of generic hypervisor internal fields
8030b6ca virtcontainers: clh: Re-generate the client code
8296754e versions: Upgrade to Cloud Hypervisor v19.0
4f75ccb9 docs: use-cases: Update Intel SGX use case
51cbe145 runtime: Add option "disable_seccomp" to config hypervisor.clh
98b7350a virtcontainers: clh: Enable the seccomp feature
b625f62d runtime: delete cri containerd plugin from versions.yaml
09a5e03f docs: Write tracing documentation
4f018b52 runtime: delete useless src/runtime/cli/exit.go
24fff57c snap: make curl commands consistent
2b9f79cf snap: add cloud-hypervisor and experimental kernel
50da26d3 osbuilder: Call detect_rust_version() right before install_rust.sh
b4fadc94 docs: Updating Developer Guide re qemu-img
b8e69ce5 versions: Add libseccomp and gperf version
e61f5e29 runtime: Show socket path in kata-env output
5b3a349d trace-forwarder: Support Hybrid VSOCK
273a1a9a runtime: optimize test code
76f16fd1 runtime: use containerd package instead of cri-containerd
6d55b1ba docs: use containerd to replace cri-containerd
ed02bc90 packaging: add containerd to versions.yaml
adc9e0ba runtime: fix two bugs in rootless hypervisor
4d7ddffe utils: kata-manager: Update kata-manager.sh for new containerd config
f34f67d6 osbuilder: Specify version when installing Rust
135a0802 osbuilder: Pass CI env to container agent build
eb5dd76e osbuilder: Re-enable building the agent in Docker
7d0b616c agent: Do not fail when trying to adding existing routes
bcffa263 tracing: Fix typo in "package" tag name
e42bc05c kata-deploy: add .dockerignore file
3f95469a runtime: logging: Add variable for syslog tag
321be0f7 tracing: Remove trace mode and trace type

Compatibility with CRI-O

Kata Containers 2.3.0-rc0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.3.0-rc0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.3.0-rc0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.3.0-rc0 is compatible with Kubernetes 1.22.0-00

Libseccomp Notices

The binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the which is not statically linked with the library, you can build
a custom that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.3.0-rc0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.13.5"
ppc64le:
name: "alpine"
version: "3.13.5"
s390x:
name: "alpine"
version: "3.13.5"
x86_64:
name: "alpine"
version: "3.13.5"

Kata Linux Containers Kernel

Kata Containers 2.3.0-rc0 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config