kata-containers

kata-containers Changes

Shortlog

31c84547 workflows: fix artifact name in the release yaml
aaf37d72 release: Kata Containers 2.2.0-rc0
2d8386ea kata-monitor: add few unit tests
8714a350 kata-monitor: make code to identify kata pods simpler
68a6f011 kata-monitor: drop the runtime info from the sandbox cache
97dcc5f7 kata-monitor: drop getMonitorAddress()
0b03d97d vendor: update vendors for kata-monitor
c2f03e89 kata-monitor: talk to the container engine via the CRI
7a5ffd4a config: Enable jailer by default when using firecracker
76f4588f workflows: Actually push the release to quay.io
2cb7b513 docs: update general wording for installation documentation
b980c62f packaging/kernel: Update kernel build doc
99e9a6ad packaging/kernel: Update versions.yaml kernel urls
c23ffef4 packaging/kernel: Remove old Jenkins pipeline
9586d482 tracing: Return context in runHooks() span creation
6a6dee7c osbuilder: Document no Alpine support on s390x
7effbdeb osbuilder: Upgrade Ubuntu guest to 20.04
71f304ce agent: watcher: cleanup mount if needed when container is removed
f1a505db agent: Temporarily allow unknown linters
961aaff0 agent: watcher: fixes to make more robust
6871aeaa snap: enable snap build for arm64
233b53c0 agent: Fix cargo 1.54 clippy warning
c867d1e0 osbuilder: Drop Go agent support
4fe23b19 kernel: PTP_KVM support for arm/arm64 in Kata
99ab91df docs: update the docs project url from kata 1.x to 2.x
f981fc64 clh: correct cloud-hypervisor installation
64dd35ba virtcontainers: fc: properly remove jailed block device
7df56301 CI: Call agent shutdown test
f87cee9d kata-deploy: Rely directly on a centos:7 image
15e0a3c8 kata-deploy: Remove unneeded yum cached files
d01aebeb kata-deploy: Ensure the system is up-to-date
1d25d7d4 docs: Remove kata-proxy and binaries reference
77160e59 workflows: Actually login to quay.io
b9e03a1c docs: update the image repository to quay.io
f47cad3d tools: Update the image repository to quay.io
9fa1febf workflows: Also push the image to quay.io
49083bfa agent: Create the process CWD when it does not exist
831c2fee packaging: Remove reference to sheepdog driver
2e28b714 packaging: Drop support for qemu < 5.0
d5f85698 vendor: Update govmm
31650956 runtime/qemu: Use explicit "on" for kernel_irqchip parameter
b8133a18 osbuilder/dracut: Add missing libraries
a72b0811 osbuilder: pass env OS_VERSION
d007bb85 kata-deploy: shorten directory path
760ec4e5 virtcontainers: clh: Do not use the default HTTP client
80afba15 docs: update kata deploy README doc to add cloud-hypervisor test command
e6408fe6 Container: Add initConfigResourcesMemory and call it in newContainer
77604de8 qemu/arm: remove nvdimm/"ReadOnly" option on arm64
ee90affc newContainer: Initialize c.config.Resources.Memory if it is nil
767a41ce updateResources: Log result after calculateSandboxMemory
5b514177 docs: Add tracing proposals doc
57b696a5 docs: Removed mention of 1.x
4f0726bc docs: Remove table of contents
f186c5e2 docs: Fix invalid URLs
7c610a6f docs: Fix shell code
3fe6695b static-checks: Check for the force-skip-ci label on each step
5a0d3c4f docs: update the kata release url in the kata deploy document
81e6bf6f kata-deploy: Split shimv2 build in a separate container.
d46ae324 kernel: build: Add container build
b789a935 actions: release: Use new kata-deploy scripts.
85987c6d kata-deploy: Add Makefile
b9d2eea3 kata-deploy: Add script to merge kata tarballs.
4895747f Rootfs: Add curl to alpine rootfs builder.
fc90bb53 Actions: Add new workflow to create static tarballs
bbb06c49 actions: Remove scripts from actions directory.
2f9859ab build: Reuse firecracker directory on builds.
3533a5b6 Packaging: stop using GOPATH for yq.
0c5ded4b kata-deploy: build kata only with docker in host
8befb1f3 kata-deploy: Refactor builder options.
7125f5d8 image-builder: Allow build image and initrd independently.
9514dda5 mod: unity containerd dependency
6ffe37b9 mod: unify runc dependency
b53e8405 how-to-use-virtio-mem-with-kata.md: Remove undefined ${REPORT_DIR}
5957bc7d ci: Run static checks when PRs are updated
2ec31093 docs: update url for log parser in how-to-import-kata-logs-with-fluentd.md
cc0bb9ae versions: Upgrade to Cloud Hypervisor v17.0
8e9ffe6f snap: Substitute image configuration with initrd
8b15eafa docs: Update url for log parser in Developer guide
5371b921 mount: fix the issue of missing check file exists
07f7ad9d build(deps): bump github.com/containerd/containerd in /src/runtime
4fbae549 docs: Update experimental documentation
9c0b8a7f snap: do not export agent version
3727caf7 versions: Update runc to 1.0.1
116c29c8 cgroups: manager's Set() now takes Resources as its parameter
c0f801c0 rootless: RunningInUserNS() is now part of userns namespace
b5293c52 runtime: update runc dependency to 1.0.1
2859600a runtime: virtcontainers: make rootfs image read-only
070590fb vendor: update govmm
0f8c0dbc osbuilder/scripts: add support to yq version 4 and above
38826194 osbuilder: update centos arm rootfs image config 'GPG_KEY_ARCH_URL'
add480ed monitor: mv the monitor socket into sbs directory
b4c45df8 runtime: tools/packaging/cmd/kata-pkgsync: fix govet fieldalignment
aec53090 runtime: virtcontainers/utils: fix govet fieldalignment
1e4f7faa runtime: virtcontainers/types: fix govet fieldalignment
bb9495c0 runtime: virtcontainers/pkg: fix govet fieldalignment
80ab91ac runtime: virtcontainers/persist: fix govet fieldalignment
54bdd018 runtime: virtcontainers/factory: fix govet fieldalignment
dd58de36 runtime: virtcontainers/device: fix govet fieldalignment
47d95dc1 runtime: virtcontainers: fix govet fieldalignment
8ca7a7c5 runtime: netmon: fix govet fieldalignment
31de8eb7 runtime: pkg: fix govet fieldalignment
2b80091e runtime: containerd-shim-v2: fix govet fieldalignment
0dc59df6 runtime: cli: fix govet fieldalignment
f7c6f170 docs: added a glossary to support SEO tactics
c1042523 ci: expand $CI to nothing
cb6b7667 runtime: Add option "enable_guest_swap" to config hypervisor.qemu
a733f537 runtime: newContainer: Handle the annotations of SWAP
2c835b60 ContainerConfig: Set ocispec.Annotations to containerConfig.Annotations
243d4b86 runtime: Sandbox: Add addSwap and removeSwap
e1b91986 runtime: Update golang proto code for AddSwap
4f066db8 agent: agent.proto: Add AddSwap
a8649acf snap: fixed snap aarch64 qemu patches dir in snapcraft.yaml file
35cbc93d agent: clear MsFlags if the option has clear flag set
558f1be6 snap: Remove QEMU before clone
c5fdc0db docs: fix minikube installation guide runtimeclasses error
f2ef25c6 docs: fixed kata-deploy path for kata logs with fluentd doc
05084699 agent-ctl: bump to latest tokio
acf69328 agent: update tokio to 1.8.1
4f23b8cd ci: set -o nounset
dcd29867 static-checks: Call the static-checks make target
afd97850 makefile: Add static-checks target
34828df9 virtiofsd: fix the issue of missing stop virtiofsd
e887b39e docs: Update containerd configuration format
b12b21f3 osbuilder: Skip installing golang for building rootfs
27b299b2 agent-ctl: Use a common Makefile style like other components
73d3798c vsock-exporter: switch to tokio runtime
7960689e tracing: replace SimpleSpanProcessor with BatchSpanProcessor
ff87da72 config: Fix description for OCI hooks
8e0daf67 shimv2: fix the issue of kata-runtime exec failed

Compatibility with CRI-O

Kata Containers 2.2.0-rc0 is compatible with CRI-O

Compatibility with cri-containerd

Kata Containers 2.2.0-rc0 is compatible with cri-contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.2.0-rc0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.2.0-rc0 is compatible with Kubernetes 1.21.1-00

Kata Linux Containers image

Agent version: 2.2.0-rc0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.13.5"
ppc64le:
name: "alpine"
version: "3.13.5"
s390x:
name: "alpine"
version: "3.13.5"
x86_64:
name: "alpine"
version: "3.13.5"

Kata Linux Containers Kernel

Kata Containers 2.2.0-rc0 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

kata-containers 2.2.0-alpha1 is out and the main points the users should
be aware of are:

• containerd vendored code has been updating, thus this release will only
  work with the following versions of containerd onwards: v1.3.9, v1.4.3,
  and v1.5.0.
• there's a known regression on using the debug console, which will be
  addressed for the -rc0 release.

Shortlog

fcc93b00 shim-v2: Be compatible with the old runtime options
fdf97319 kata-deploy: Use the correct image for kata-deploy
c8aab29b release: Kata Containers 2.2.0-alpha1
39546a10 runtime: delete not used functions
d0bc148f runtime: Register defer function at early stage
e3860691 static-checks: Restrict static checks to go 1.15 and 1.16
f4fbf723 runtime: Update vendored code
a20074d4 static-checks: Check the vendored code
ac8f972e build: Add make vendor
f9643d83 agent-ctl: Add make vendor
5e69b498 trace-forwarder: Add make vendor
a104f132 agent: Add make vendor
579b3f34 runtime: Add make vendor
930ca55d runtime: Add make handle_vendor
8d6dd2ad snap: support golang 1.16.x
a48dc93f versions: update newest golang version
37996791 ci: add 1.16 to the list of golang versions to test
350acb2d virtcontainers: refactoring code for error handling in sandbox
858f39ef virtcontainers: update wrong comments for code
e0a19f6a virtcontainers: update API documentation
007a6561 snap: Build initrd on ppc64le & s390x
9b8cc458 ci: static checks: use defined target_branch
6999dcca trace-forwarder: Add option rustflags, target, build-type for the make
7db8a85a CI: Honour force-skip-ci label
8f76626f qemu: stop the virtiofsd specifically
b10e3e22 tracing: Consolidate tracing into a new katatrace package
9081bee2 runtime: return error if clh's binary has not a normal stat
88e70759 osbuilder: Fix the order of checking the distro config directory
1ab72518 agent: Fix to parsing of /proc/self/mountinfo
da3de3c2 shim-v2: Fix gosimple issue on utils_test.go
305fb054 virtcontainers: Fix gosimple issue on client.go
89cf168c virtcontainers: Ignore a staticcheck error on cpuset.go
2cc9006c snap: Miscellaneous s390x fixes
28b2c629 runtime: Use CC=gcc on SUSE s390x too
cfd690b6 virtcontainers: Use virtio-blk-ccw on s390x
8758ce26 agent: Enable virtio-blk-ccw
a33d6bae forwarder: Add dump only option
4c809a53 shimv2: fix the issue of leaking the hypervisor processes
d08603be runtime: Remove the version check for cloud hypervisor
2c943012 agent: fix wrong regular exp to fetch guest-cid
66dd8719 runtime: refact virtcontainers/pkg/oci
55c5c871 agent: enhance tests of execute_hook
e6b1766f agent: Cleanup config
bd595124 runtime: add spans and attributes for agent/mount
65d2fb5d agent: remove instrument attribute for some simple functions
cfb8139f agent: add more instruments for RPC calls
ae46e7bf runtime: pass span context to agent in ttRPC client
aa264f91 agent: update netlink libraries
d671f789 agent: fix the issue of convert OCI spec to RPC spec
f607641a shimv2: fix the issue bring by updating containerd vendor
79e632bc version: update the cri-containerd to v1.5.2
32c9ae13 shimv2: update containerd vendor
caf5760c runtime: Update golang proto code
000049b6 agent: delete some lint attributes
34bdddbe docs: Fix url in virtiofs documentation
3e8a07c4 tools: agent-ctl: Fix build failure
f6294226 cargo: Use latest nix crate for all Rust code bases
8310a3d7 virtcontainers: Don't fail memory hotplug
064dfb16 runtime: Add "watchable-mounts" concept for inotify support
3f0f1ceb docs: inotify: add initial documentation
6a93e5d5 agent: Initial watchable-bind implementation
57c0cee0 runtime: Cleanup mountSharedDirMounts, shareFile parameters
cabddcc7 tracing: Make runHooks() span creation return context
772c117d kernel: Add Secure Execution guest
f35ba94d packaging: Support Podman in QEMU build
ecd13ec4 docs: Update QAT docs with newer driver version
a822cdf6 osbuilder: Update QAT driver version
fe0085ca docs: Set LIBC=gnu for s390x too
b3623a2c shimv2: fix the issue of leaking wait goroutines
6a1a051c runtime: report finish time in containers stats
1316fa53 docs: Fix typos in Developer Guide
08984b6e docs: Update urls for Documentation Requirements document
2322f935 runtime: update default machine type to q35
11f9a914 docs: fix brackets usage error for developer guide
ac6b9c53 runtime: Hot-plug virtio-mem device on PCI bridge
789a5954 virtcontainers: Remove the pc machine
ecdd137c runtime: do not hot-remove PMEM devices
bd20701f docs: Update kata-deploy urls for installation document
a9aa36ce docs: Update url for installation guides
bd27f7ba agent: Sort PROPAGATION and OPTIONS alphabetically to scan easily
e544779c agent: Add some mount options
2022c64f runtime: using detail propertites instead of function name in log field
3f39df0d qemu: Add nvdimm read-only file support
23d31d5a ci: snap: Fetch history to all branches and tags
361bee91 runtime/virtcontrainers: fix alignment structures
6be8bf5c docs: update annotations documentation
7834f412 virtcontainers: change memory_offset to uint64
ad06eb90 containerd-shim-v2: Skip TestIoCopy unit test
ea9bb8e9 ppc64le: Adding test for appendProtectionDevice
8825bb29 agent: Update rust version for tokio
799cb272 agent: Upgrade mio to v0.7.13 to fix epoll_fd leak problem
45fd58d1 osbuilder: fix log message that is not error but seems like an error
2fb176dd docs: Update url for breaking compatibility
601e2b65 docs: Remove docker support with kata 2.x and sysctls
240aae96 docs: Update README for runtime documentation
be316945 virtcontainers: Fix TestQemuAmd64AppendProtectionDevice()
b26d5b1d virtcontainers: Support SEV
81c6e4ca runtime/vendor: add github.com/intel-go/cpuid
a918c46f test: Add a unit test for ioCopy()
85c40001 versions: Upgrade to cloud-hypervisor v16.0

Compatibility with CRI-O

Kata Containers 2.2.0-alpha1 is compatible with CRI-O

Compatibility with cri-containerd

Kata Containers 2.2.0-alpha1 is compatible with cri-contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.2.0-alpha1 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.2.0-alpha1 is compatible with Kubernetes 1.21.1-00

Kata Linux Containers image

Agent version: 2.2.0-alpha1

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.13.5"
ppc64le:
name: "alpine"
version: "3.13.5"
s390x:
name: "alpine"
version: "3.13.5"
x86_64:
name: "alpine"
version: "3.13.5"

Kata Linux Containers Kernel

Kata Containers 2.2.0-alpha1 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

The 2.1.0 release of Kata Containers provides:

• virtio-mem support.
• kata-monitor improvements.
• A whole bunch of fixes and improvements to kata-deploy, which is the
  preferred way of deploying the project.
• Improvements on tracing.
• Improvements on how PCI devices are handled
• Improvements on the agent side, which has been made asynchronous.
• IPv6 support.
• Innumerous documentations fixes and cleanups.
• support for sandbox level bindmounts
• kata-runtime metrics command introduced for gathering stats on a running Kata sandbox.

Shortlog

5d3610e2 release: Kata Containers 2.1.0
9266c246 rustjail: separated the propagation flags from mount flags
7086f91e runtime: sandbox delete should succeed after verifying sandbox state
0a7befa6 docs: Fix spell-check errors found after new text is discovered
eff70d2e docs: Remove horizontal ruler markers that disable spell checks
260f59df image_build: align image size to 128M for arm64
c0bdba23 runtime: make dialing timeout configurable
828a3048 agent: avoid reaping the exit signal of execute_hook in the reaper
1b3cf2fb kata-monitor: export get stats for sandbox
59b9e5d0 kata-runtime: add metrics command
3212c7ae packaging/kata-cleanup: add k3s containerd volume
d3690952 runtime: shim: dedup client, socket addr code
7f7c794d runtime: Short the shim-monitor path
3f1b7c91 cli: delete tracing code for kata-runtime binary
68cad377 agent: Set fixed NOFILE limit value for kata-agent
7c9067cc docs: add per-Pod Kata configurations for enable_pprof
dba86ef3 ci/install_yq.sh: install_yq: Check version before return
79831faf runtime: use s.ctx instead ctx for checking cancellation
3883e4e2 kernel: configs: Open CONFIG_VIRTIO_MEM in x86_64 Linux kernel
7f7c3fc8 qemu.go: qemu: resizeMemory: Fix virtio-mem resize overflow issue
c9053ea3 qemu.go: qemu: setupVirtioMem: let sizeMB be multiple of 2Mib
799433d8 release: Kata Containers 2.1.0-rc0
2047f26f kata-deploy: Adapt CRI-O config to use drop-in files
8de2f914 kata-deploy: Rely on CRIO default's values for manage_ns_lifecycle
ea9936e0 versions: Bump runc to v1.0.0-rc93
9c333b2c versions: Bump CRI-O version to 1.21.x
e33f207b versions: Bump critools version to 1.21.0
8e5df723 versions: Bump kubernetes version to 1.21.0
d15f84c9 versions: Remove Docker entry
516f4ec0 versions: Remove OpenShift entry
be101ac1 versions: Remove CRI-O meta dependencies
ee7de8ab tools: fix build kernel shell error
3ee61776 virtcontainers: Enable virtio-fs on s390x
8385ff95 runtime: Re-vendor GoVMM
adba4532 virtcontainers: Revert "virtcontainers: Allow s390x appendVhostUserDevice"
906c0df4 kata-deploy: don't update worker pool nodes
ede078bc kata-deploy: aks-test: bump kubernetes/containerd
484af12b kata-deploy: update to handle new runtimeclass path
05c224c3 runtimeclass: add nodeSelector
12a65d23 runtimeclass: drop stale runtimeclass definitions
1ca6bedf versions: Upgrade to cloud-hypervisor v15.0
0d0a520d clh: return error if apiSocketPath failed
fc6bb01a runtime: fix dropped error
81c5ff12 agent: Update seccomp configuration for errnoRet and flags
0787ea80 cgroupsCreate: not set resources to c.config.Resources
831224aa Sandbox: Fix ContainerConfig ptr in CreateContainer and createContainers
7d5a4252 docs: Document limitation regarding subpaths
a57c8ab1 qemu: kill virtiofsd if failure to start VMM
36776408 runtime/virtcontainers: Fix typo on qmp error msg
ff2b9e54 cli: delete not used files
677f0d99 runtime: delete not used function parameter builtIn
30ff6ee8 runtime: handle io.katacontainers.config.hypervisor.virtio_fs_extra_args
dcb9f403 config: Protect annotation for entropy_source
d4a54137 runtime: Fix stdout/stderr output from container being truncated
f4c26aad agent: fix the issue of missing set fsGroup for EphemeralStorage
628d55bf kata-agent: fix the issue of fsGroup missing
8a33bd4c qemu: Fix assertion failure on shutdown
0405beb2 agent: Remove unused Default implementation for NamespaceType
7b83b7ec agent/uevent: Better initialize Uevent in test
b0190a40 agent: Use vec![] macro rather than init-then-push
1c43245e agent/device: Remove unneeded Result<> wrappers from uev matchers
e41cdb8b agent: Use str::is_empty() method in config::get_string_value()
2377c097 agent: Use CamelCase for NamespaceType values
75eca6d5 agent/rustjail: Clean up error path in execute_hook()s async task
6ce1e56d agent/rustjail: Remove an unnecessary PathBuf
3c4485ec agent/rustjail: Clean up some static definitions with vec! macro
eaec5a6c agent/oci: Change name case to make clippy happy
3f5fdae0 agent/rustjail: (trivial) Clean up comment on process_grpc_to_oci()
210f39a4 agent/rustjail: Simplify renaming imports
8ecf8e5c agent: use channel instead of pipe to send exit signal of process
de2631e7 utils: Make WaitLocalProcess safer
9256e590 shutdown: Don't sever console watcher too early
51ab8700 utils: Improve WaitLocalProcess
507ef636 utils: Add waitLocalProcess function
7f609113 virtcontainers: Allow s390x appendVhostUserDevice
67ac4f45 runtime: update GoVMM for memory backend support
1d5098de agent/block: Generate PCI path for virtio-blk devices on clh
543f9da3 runtime: Disable trace for healthcheck
6577b01a agent/rustjail: Fix accidental damage from tokio conversion
1366f0fb cli: Use genericGetExpectedHostDetails on s390x
e7c97f0f runtime/tests: Change "moo FAILURE" message
8bc53498 docs: Simplify the repo bumping section
8a47b05a docs: Mention that an app token should be used with hub
d434c2e9 docs: OBS account is not require anymore
421439c6 API: remove ProcessListContainer/ListProcesses
4f164b52 release: Kata Containers 2.1.0-alpha2
11897248 release: Do not git add kata-{deploy,cleanup}.yaml for the tests repo
12582c2f kata-deploy: add runtimeclass that includes pod overhead
2b5f79d6 release: automatically bump the version of the kata-deploy images
f444adb5 kata-cleanup: Explicitly add tag to the container image
8ea2ce9a agent/device: Remove legacy uevent matching
5d007743 agent/device: Refine uevent matching for pmem devices
a59e07c1 agent/define: Refine uevent matching for virtio-scsi devices
484a3647 agent/device: Rework uevent handling for virtio-blk devices
8682d6b7 docs: update dev-guide to include fixes from 1.x
d75fe956 virtcontainers: replace newStore by store in Sandbox struct
49eec920 agent: log the tag and mount point if it is already mounted
342eb765 tools/agent-ctl: Update Cargo.lock
24b0703f agent: fix test for the debug console
79033257 agent: async the debug console
9017e110 agent: start to rework the debug console
660b0473 oci: Update seccomp configuration
107ceca6 kernel: update experimental kernel to 5.10.x
d43098ec kata-deploy: Adapt regex for testing kata-deploy
ca4dccf9 release: Get rid of "master"
c2197cbf release: Use sudo to install hub
7873b7a1 github: Fix slash-command-action usage
a938d903 rustjail: fix the issue of missing default home env
0828f9ba agent/uevent: Introduce wait_for_uevent() helper
16ed55e4 agent/device: Use consistent matching for past and future uevents
4b16681d agent/uevent: Put matcher object rather than "device address" in watch list
b8b32248 agent/uevent: Consolidate event matching logic
d2caff6c agent: Re-organize uevent processing
55ed2ddd agent: Store uevent watchers in Vec rather than HashMap
91e0ef5c agent/uevent: Report whole Uevents to device watchers
36420054 agent: Store whole Uevent in map, rather than just /dev name
06162025 agent/device: Move GLOBAL_DEVICE_WATCHER into Sandbox
11ae32e3 agent/device: Fix path matching for PCI devices
4f608804 agent/device: Update test_get_device_name()
e3e670c5 agent/device: Forward port test for get_device_name() from Kata 1.x
16f732fc ci/lib: Use git to clone the tests repository
9281e567 ci/openshift-ci: Add build root dockerfile
b0e4618e docs: update configuration for passing annotations in conatinerd
eda8da1e github: Revert "github: Remove kata-deploy-test action"
13653e7b runtime: increase dial timeout
f365bdb7 versions: qemu-experimental: 6.0-rc 470dd6
6491b9d7 qemu: Add support to build static qemu for dev tree
1cce9300 github: Remove kata-deploy-test action
52a276fb agent: Fix type for PROC_SUPER_MAGIC on s390x
5b7c8b7d agent: Update cgroups-rs to 0.2.5
28bd8c11 kernel: upgrade kernel to 5.10.x for arm64.
ee6a590d agent: add test test_pipestream_shutdown
4a2d4370 agent: don't do anything in Pipestream::shutdown
64939425 mount: fix the issue of missing set fsGroup
88e58a4f agent: fix the issue of missing pass fsGroup
ed08980f agent: Remove many "panic message is not string literal" warnings
010d57f4 osbuilder: Update QAT Dockerfile with new QAT driver version
935460e5 osbuilder: update dockerfiles to utilize IMAGE_REGISTRY
adb866ad kata-deploy: Adapt to the correct tag name
60adc7f0 VERSION: Use the correct form
572aff53 build: Only keep one VERSION file
a4c125a8 trace: move gRPC requests from debug to trace
50fff977 trace: move trace span chatter to trace rather than info
0c38d9ec runtime: Fix the format of the client code of cloud-hypervisor APIs
52cacf88 runtime: Format auto-generated client code for cloud-hypervisor API
6fe48329 runtime: use concrete KataAgentConfig instead of interface type
84b62dc3 versions: Update cloud-hypervisor to release v0.14.1
09d454ac runtime: import runtime/v2/runc/options to decode request from Docker
6255cc19 virtcontainers/fc: Upgrade Firecracker to v0.23.1
ede1ab86 docs: Remove ubuntu installation guide
4a38ff41 docs: Update snap install guide
2c47277c docs: update how-to-use-k8s-with-cri-containerd-and-kata.md
317f55f8 docs: Update minimum version for Fedora
1ce29fc9 docs: Update CentOS install docs
3f90561b docs: Update Fedora install docs
8a1c6c3f action: fix missing qemu tag
a9ff9c87 docs: Remove openSUSE installation guide
2888ceb0 docs: Remove SLE installation guide
8c1e0d30 kernel: Enable OVERLAY_FS_{METACOPY,XINO_AUTO}
a65519b9 versions: keep using kernel 5.4.x for ARM
c035cdb3 versions: kernel 5.10.x
31ced01e virtcontainers: Fix missing contexts in s390x
0b502d15 runtime: makefile allow override DAX value
75f99638 release: Kata Containers 2.1-alpha1
48e5e4f2 test: install mock hook binary before test
3f46e637 cgroups: fix the issue of getting wrong online cpus
3a77e4eb build: remove unused variables from Makefile
9a4e8666 container: on cleanup, rm container directory for mounts path
1555bfd8 runtime: add support for QEMU 6
1d448813 uevent: Add shutdown channel for task
d8d5b4cd signal: Move to a new module
011f7d78 logging: Rework for shutdown
7d5f88c0 agent: Enable clean shutdown
dcb39c61 main: Create logger task
2cf2897d main: Use task list for stopping tasks
039df1d7 main: Refactor main logic into new async function
2a648fa7 logging: Use guard to make threaded logging safe
38f0d8d3 config: Fix assert_error testing macro
e3492448 runtime: fix virtiofsd RO volume sharing
532ff7c9 runtime: update virtcontainers API documentation
6fcfea8d runtime: Fix static check errors
f3ebbb1f runtime: Fix trace span ordering
fc0f93ae actions: enable unit tests in PR check
74192d17 runtime: fix static check errors
a2dee1f6 runtime: fix vm factory UT failure
076bc507 agent-ctl: update Cargo.lock
0153f76b runtime: gofmt code
190f8134 runtime/katautils: PFlash should be initialized
b2ec5a43 runtime: fix cleanupSandboxBindMounts panic
9b689ea1 runtime/cli: fix TestMainBeforeSubCommandsLoadConfigurationFail failure
8e71c4fc runtime: fix missing context argument in mocked sandbox APIs
8ff62bee runtime: fix vcmock build failure
60f6315b kata-deploy: Use the correct tag for 2.1-alpha1 release
5a3ee7d7 snap: Use qemu.version to build snap
0f78a5dc kernel: rename exeperimental kernel symlink.
f7910523 qemu: Build experimental qemu.
b0e51e59 qemu: Improve cache build
bc587da9 qemu: Add suffix for qemu binaries.
5493517b qemu: add CACHE_TIMEOUT
98d01ce6 qemu: Apply patches for specific versions.
a09e58fa packaging: Use local file for assets.
07cfa4ce qemu: patches: Fail if not patches directory
e221c45d versions: Update qemu database
5abdd2aa qemu: move 5.0.0 patches to its own dir.
34e7d5ed agent: Validate CID
b2658709 runtime: Validate CID
12e9f7f8 runtime: Add missing test mock function
0e4b28e8 rustjail: rework execute_hook
451b45f9 agent: Make use of test consts for error messages
ea51c17b agent: Allow server address to be specified on kernel command-line
8c4d3346 agent: disconnect rpc get_oom_event when destroy_sandbox.
259c1791 docs: Update QAT instructions to work with Kata 2.0 repos
d5a9d56e agent: Update Cargo.lock for earlier dependency change
5096103e osbuiler: fixing USE_DOCKER for ppc64le
b0e966c3 agent: Fix unused import warning in unit tests
d7cb3df0 cgroups: Add systemd detection when creating cgroup manager
f659871f cgroups: remove unused SystemdCgroup variable and accessor/mutators
4bf84b4b runtime: Add contexts to calls in unit tests
9e4932a6 runtime: use root span for shimv2 tracing
6b0dc60d runtime: Fix ordering of trace spans
48ed8f3c runtime: add support for readonly sandbox bindmounts
0f7950fb packaging: configure QEMU with -O2
224c50f4 snap: Package virtiofsd and fix path
b0344589 runtime: return hypervisor Pid in TaskExit event
7ae349c5 agent: makefile: Add codecov target
85601cd3 snap: Update for QEMU 5.2.0
88cef33b versions: update QEMU to 5.2.0
74a893f7 packaging: Refactor version comparisons on configure-hypervisor.sh
f0d49851 exec: ensure sup groups are added to agent request
81607e34 rustjail: fix the issue of home_dir function
6417067d osbuilder: Port QAT Dockerfile to 2.0 repo
b412e159 osbuilder: Port QAT Dockerfile to 2.0 repo
c258ea25 agent-ctl: Function parameter cleanup
fcd45def agent-ctl: Unbreak build
efe625df build: Remove whitespace
34dc861c rustjail: fix the issue of bind mount device file from guest
f580d33c musl/arm64: decompression before use the tarball.
2da058ed osbuild: build musl toolchain from source if needed
21bdaaf8 runtime: Fix missing 'name' field on containerd-shim-v2 logs
17e9a2cf agent: don't error of virtiofs share is already mounted
bc0ac526 shimv2: return the hypervisor's pid as the container pid
0f709833 runtime: check if error loading runtime config
6f720761 agent: fix clippy for rustc 1.5
4a214720 agent: Fix test
02079dbb agent: upgrade tokio to 1.0
947913f6 agent/protocols: Remove cargo:rerun-if-changed in build.rs
dcea0869 rustjail: fix blkio conversion
a42dc748 agent: Agent invokes OCI hooks with wrong PID
2c8ea0a8 kata-deploy: Add copyright to the kata-deploy's Dockerfile
4e494e34 packaging: Remove NEMU mentions
f21c54a9 kata-deploy: QEMU, for 2.x, already includes virtiofs
657bd789 kata-deploy: Get rid of references to the docker script
bc34cbbc agent: Stop receive message from Receiver if got None
10ed3da4 release: Rename runtime-release-notes to release-notes
f5dab6af release: We're not compatible with Docker.
01481d6a kata-deploy: Ensure CRI-O uses the VM runtime type
d1c71736 kata-deploy: Move the containerd workarounds to their own functions
5013634e kata-deploy: Stop shipping kata-{clh,fc,qemu,qemu-virtiofs} binaries
2270f19e kata-deploy: Update README to reflect the current distributed artifacts
a494c4de makefile: agent: Add self documented help
10f1c30f kata-runtime: use filepath.Join() to compose file path
f4ae9c84 docs: Update Developer-Guide.md
9963428a docs: update document for using debug console
44cde6e4 runtime: connect guest debug console bypass kata-monitor
72cb9287 vhost-user-blk: Use PciPath type for vhost user devices
74f5b5fe runtime/block: Use PciPath type through block code
32b40f5f runtime/network: Use PciPath type through network handling
87c5823c agent/device: Add unit test for pcipath_to_sysfs()
066ce7ab agent/device: Pass root bus sysfs path to pcipath_to_sysfs()
fda48a9b agent/device: Use pci::Path type, name things consistently
c12b86dc agent/device: Generalize PCI path resolution to any number of bridges
3715c577 agent/device: Rename and clarify semantics of get_pci_device_address()
7e92831c protocols: Update PCI path names / terminology in agent protocol def
8e5fd8ee runtime: Introduce PciSlot and PciPath types
7464d055 agent: PCI path type
b22259ad agent: PCI slot type
8c2f9e69 gitignore: Ignore *~ editor backup files
a44b2729 runtime: Create tracer later in shimv2
df14d386 Agent: OCI hooks return malformed json
49bdbac6 osbuilder: Allow image registry to be customizable
cb6d2f3c osbuilder: alphabetize fields
fdc573d5 docs: Update licensing strategy to use kata 2.0 repository
2e2749ad runtime: clh-config: add runtime hooks to the clh toml
ef72926b ci: snap: run snap CI on every pull request
919d5127 snap: fix kernel setup
d0548414 ci: snap: build targets that not need sudo first
a115338d ci: snap: define proxy variables
37213513 runtime: cpuset: when creating container, don't pass cpuset details
c9c7c124 agent: Remove bogus check from list_interfaces() unit test
056d742c docs: Update documentation with new prefixless config options
fdcde796 cli: use new prefixless config options in tools scripts
02ee8b0b cli: Add aliases for kata- options
c6bc43b6 docs: Fix broken link to fluentbit.io docs
50fea9fa github: Only run kata-deploy-test on pull-requests
20b27a16 docs: Fix the installation directory of virtiofsd
11fe6a35 osbuilder: Fix USE_DOCKER on s390x
9f237aab docs: add katacontainers end-to-end arch image
afb41978 osbuilder: Build for glibc on s390x
a1cedc56 agent: Build for glibc on s390x
3d3e4dc1 packaging: Fix vmlinux kernel install on s390x
8045104e ci: Upgrade to yq 3.4.1
fbab262f kernel: Don't fail if "experimental" dir doesn't exist
62cbaf4d kata-deploy: Remove kata-deploy-docker.sh
34065027 runtime: add jaeger configuration items
17df9b11 runtime: migrate from opentracing to opentelemetry
e1dce3a3 rustjail: use rlimit crate
a252d861 rustjail: get all capabilities dynamically
11680efe agent: README update to install protoc for ppc64le
b548114f qemu: Add security fixes for CVE-2020-35517
f16ab49b agent: fix non_camel_case_types lint and stop hiding the warning
8ffe4d67 agent: fix unused_parens lint and stop hiding the warning
f70ca69d agent: remove #![allow(unused_unsafe)]
e28bf7a5 agent: fix dead_code lint
05da23ac agent: fix non_snake_case lint and remove ![allow(non_snake_case)]
b7a1f752 arm64: enable acpi for qemu/virt.
71aeb920 osbuilder: updates for feedback
9f7a7a4f osbuilder: Enforcing LIBC=gnu to rootfs build for ppc64le
254b98dd rustjail: fix unit test test_process
b25575b4 agent: remove crate signal-hook which are no longer used
b1880b3e rustjail: remove unnecessary #[async_trait]
83e9414f rustjail: add unittest test_execute_hook
d2041001 rustjail: close stdin in execute_hook after it was sent
bb081311 rustjail: fix fork/child in execute_hook
b6c2a605 kata-monitor: set buildmode to exe to avoid build failing
8e2b19ac osbuilder: add description for how to use DISTRO variable
2f1cb799 kata-monitor: allow for building for alpine
0e57393f shimv2: log a warning and continue on post-start hook failure
e7043fe2 shimv2: log a warning and continue on post-stop hook failure
a88b8969 kernel: Updates to kernel config for ppc64le
e111093b agent: add secure_join to prevent softlink escape
448771f5 rustjail: fix the issue of container's cgroup root path
3718df69 osbuilder: Remove leftover pieces related to cmake
c2d14cde versions: Update cloud-hypervisor to release v0.12.0
d1bf8293 kernel: ACPI: Always build evged for stable kernel
6f3d5917 clh: Use vanilla kernel.
fd39f0fa osbuilder: Add "Agent init" on terms glossary
1273e485 osbuilder: Fix urls to repositories
ba9fa49a osbuilder: Use Fedora and CentOS registries
fd5592d4 branch: change 2.0-dev to main
2b880d28 snap: Don't release Kata Alpha/RC in snap store
fa93831f agent: Address linter and tests
96762ab7 agent: Remove old netlink crate
33367be4 agent: Integrate netlink
23f3aefa agent: Implement new netlink module
14a63cce agent: Add underscore for constants
0ea8243a github: Update ubuntu version to 20.04
12551de8 agent: implement NVDIMM/PMEM block driver
6abb1be7 rustjail: fix the issue of missing destroy contaienr cgroups
fe67f57c agent: set edition = "2018" in .rustfmt.toml to fix rustfmt about async fn
df68771e agent-ctl: Update ttrpc to 0.4.14 for agent-ctl
37e285bf agent: Make debug console async
f3bd4394 agent: fix tests for async functions
9f79ddb9 agent: use tokio Notify instead of epoll to fix #1160
332fa4c6 agent: switch to async runtime
5561755e agent: Initial switch to async runtime
35ea7ee6 actions: further updates to fix release workflow
ded8e03f actions: fixup release/main workflow
7557a1b6 packaging: should tag/update tests repo when releasing
437b35b7 actions: w/a deprecated set-env
49e7151d shimv2: Add tracing
383e8e67 release: Kata Containers 2.1-alpha0
5ce74bab snap: tag yq version
ef1feaf3 revert: "snap: Fix yq error in build"
6cc1920c snap: Fix yq error in build
789fd7c1 blk-dev: hotplug readonly if applicable
12777b26 volumes: cleanup / minor refactoring
fbc1d123 vendor: revendor govmm
b329a74f rootfs: Fix indentation inside a switch
8879f9a0 rootfs: apparmor=unconfined is needed for non Red Hat host OSes
bbeebcdb rootfs: Always add SYS_ADMIN, CHROOT, and MKNOD caps to docker cmdline
90ec2fa8 rootfs: Don't fallthrough in the docker_extra_args() switch
ebd9fcc2 actions: Run static checks before make agent
a5372e00 github: Add github actions
5c464018 shimv2: Avoid double removing of container from sandbox
14e7042c agent: Clean up commented use declarations
5fe5b321 agent: Fix temp prefix on Namespace::test_setup_persistent_ns
3a891d4e agent: Return error on trying to persist a pid namespace
894fa42a rustjail: allow network sysctls
0d3736d5 rustjail: fix the issue of sync read
0dc02f6d rustjail: fix the issue of bind mount /dev
9a7bcccc qemu: no state to save if QEMU isn't running
f740032c packaging/qemu: Delete the temporary container
e5c710e8 packaging/qemu: Build and package completely in the container
4c3377de packaging/qemu: Add QEMU_DESTDIR argument to dockerfiles
d4cd2554 agent: Avoid container stats panic caused by cgroup controller non-exist
157e055f agent: upgrade crate cgroups to 0.2.0
e3ec1d50 agent: Simplify .or_else() to .or()
e004616b runtime/network: Fix error reporting in listRoutes()
1ae8e81a runtime/network: Correct error reporting in listInterfaces()
b366af93 jail: add more test cases for validator
d38a5d3f jail/validator: introduce helpers to reduce duplicated code
76ad3213 jail/validator: avoid unwrap() for safety
51fd624f rustjail: add more context info for errors
68f66c51 agent-ctl: Add void "install" target
5e407758 trace-forwarder: Add void "install" target
8ac93f65 rootfs-builder: add support for gentoo
faed2369 rootfs-builder: add functions to run before and after the container
9321e1b2 oci: fix two incompatible issues with OCI spec
406a91ff agent: consume ttrpc crate from crates.io
6181570c oci: fix a typo in "addtionalGids"
4af5beda agent/sandbox: Don't update cpuset when ncpus = 0
9897238f rootfs: reduce size of debian image
10e9bfc6 runtime: Allow to overwrite DESTDIR
8e5603e6 snap: fix snap release channel
3db1c805 agent: Don't leak fd when reseeding rng
a19263e5 agent/protocols: Remove unneeded import from oci.proto
a19cf28c agent/protocols: Remove some unnecessary include directives from protoc
2b452090 agent/protocols: Remove some unneeded dependencies for protocol generation
b36c9ea3 docs: Fix docs in docs/architecture.md
d47122e9 docs: Update the Cloud Hypervisor description in virtualization.md
1ca415d8 agent: exit from exec hangs if background process is present
8f538935 install: Improve snap documentation
a793b8d9 agent: update cpuset of container path
705182d0 agent: ignore updating cpuset error when update cgroups
a00f7c34 docs: fix the custom agent binary file path for creating initrd image
0155fe12 shimv2: handle ctx passed by containerd
647331ac runtime: clh: Enforce to call 'cleanupVM' for 'stopSandbox'
53b5d063 agent: Adjust OOM Score to avoid agent being killed.
70f198d7 cli: check modules and permissions before loading a module
cb684cf8 cli: don't fail if rate limit is exceeded
e684a541 docs: add link to VMT on top level README
9216f2ad rustjail: fork a new child process to change the pid ns
3b08376c rustjail: remove the network ns validation against container
13a8e4e3 snap: update apps section
c388ec5b runtime: don't wait the second shim process in shim start
6c2fc233 agent: create pci root Bus Path for arm64
d6acc4c0 agent: enable lto flag for Cargo to get better optimized code
fdbf7d32 virtcontainers: revert CleanupContainer from PR 1079
91a390f0 docs: Create hypervisor summary document
3eeb25a1 docs: Tidied up virtualisation summary table
8ec3cf08 docs: Adding hyperlink to virtio-net in kata documentation 2.0
b5b67db8 docs: Fixing typo in virtualization.md file
4d46d0f0 versions: Use CRI-O v1.18.4-4-g6dee3891e
14a21c3a runtime: change configuration key name from EnablePprof to enable_pprof
4e3a8c01 runtime: remove global sandbox variable
29020394 runtime: delete sandboxlist.go and sandboxlist_test.go
9b88a96b versions: Use release-1.18 (commit ee9128444bec10)
36f65ce1 runtime: clh: update cloud-hypervisor
e1396f04 runtime: clh: disable virtiofs DAX when FS cache size is 0
8f38265b release: Fix release candidate to major version upgrade check
2e0bf40a tests: Ensure semver build metadata is ignored
4024a827 release: Make error format string consistent
cb0e6094 runtime: sleep 1 second after GetOOMEvent failed
18a22459 Agent: README updates for build on ppc64le
655f2649 Agent: README updates for build on ppc64le
dfe364f8 Agent: README updates for build on ppc64le
b8414045 runtime: remove nsenter
e3510be8 runtime: use one line if statement to check if err is nil for qemu.go
4c78814b docs: Fix pre-existing spelling mistakes caught by the CI
6c083d94 docs: Add a link to document describing how to use annotations
d67921a2 docs: Document restricted annotations
1fc7b764 docs: Repair inconsistencies between 2.0 and 1.x
92c1c4c6 versions: Update cloud-hypervisor to release v0.11.0
378308e2 docs: Add instructions for enabling VM templating
21801a11 versions: Revert "version: revert back to crio 1.8.3"
40418f6d runtime: add geust memory dump
5b065eb5 runtime: change govmm package
93d79625 clh: Consolidate the code path for device unplug
8907a339 agent: Only show ttrpc logs for trace log level
21cd7ad1 agent: Log ttrpc messages
286eebf0 agent: Add env var to set log level
b9c6db4b agent: Add env var tests
705e9955 agent: Add env var comment
5ced96e9 hypervisor: Remove unused methods
e82c9dae annotations: Improve asset annotation handling
0f26f1cd annotations: Add missing hypervisor control annotation
76064e3e asset: Formatting, grammar and whitespace
ff13bde3 version: revert back to crio 1.8.3
a958eaa8 runtime: mount shared mountpoint readonly
125e21ce runtime: readonly mounts should be readonly bindmount on the host
b6f8a1d5 docs: Fix incorrect docs in config file
5f0abc20 CI: Fix incorrect URL
62c7e094 docs: Remove credits
679df0fb docs: Update top-level README
87848e87 versions: Update crio version
77b50969 runtime: cloud-hypervisor: reduce memory footprint
2e1a8f0a agent: Improve unit test coverage for src/sandbox.rs
172d015e rustjail: fix the issue of create thread failed causing thread panic
9e93463b agent/rustjail: improve unit test coverage for rustjail/container.rs
ad4f7b86 agent/rustjail: make mount and umount2 public
926a6186 agent/rustjail: fix typo
8130d9b2 agent/rustjail: don't use unwrap in container::oci_state
5d111071 rustjail: add mock implementation for cgroup manager
e3eff0eb agent: Update build instructions
f134b4a3 agent: Update build instructions
bb19fcb9 docs: Update documentation with new subcommand forms
d2fe7091 cli: Use new subcommand forms in kata-manager script
4d9ab0cd cli: Support new subcommand forms in bash completion
c5d355e1 cli: Remove kata- prefix from env and check subcommands
4ee78120 runtime: Restore QEMUVIRTIOFSPATH variable in Makefile
b9b281e7 packaging: Use apply-patches.sh in build-kernel.sh
163e6104 packaging: Make qemu/apply_patches.sh common
d4cf3057 packaging: qemu/apply_patches.sh should sort the patches
0896ce80 agent: update proto file copyright
6e9ca457 agent: generate proto files properly
837343f0 agent-ctl: update cargo.lock
b3166618 runtime: remove the unused proto files
54e23c83 agent: move gogo.proto out of the github.com namespance
583e6ed3 agent: types.pb.go is not regenerated
e90aa7b4 agent: fixes the permissions of PID 1's STDIO
f1c3bf6b runtime: let kata-collect-data.sh collect kata-monitor info
993a8da3 kata-monitor: add version subcommand
9e9988df agent/protocols: Move agent.proto out of the mock folder of agent
9cb41507 agent/protocols: Fix copyright header checking
0d58d919 agent/protocols: Stop generate agent proto files in the shellscript
7559382b agent/protocols: Ignore generated files and remove these files from repo
fdc33fb7 agent/protocols: Generate proto files programmatically
2738b18b runtime: Fix firecracker config
e5d4259a runtime: Simplify make variables for clh
a7251651 docs: remove the 1.x version description about shim and proxy
9eab3015 arm64: correct bridge type for QEMUVIRT
5b079a3b snap: add GH actions jobs to release the snap package
df4ce9fa ci: add cargo clippy for agent
2e138788 agent: clear match_like_matches_macro/vec_resize_to_zero warnings
227edfdc agent: clear module_inception/type_complexity warnings
698d25b7 agent: clear redundant_field_names clippy warning
4dd9bd7a agent: clear clippy len_zero warnings
bf7dec5c agent: clear clippy warnings
56f867ee rustjail: clear clippy warnings
16757ad4 oci: clear clippy warnings
f32f49bd logging: clear clippy warnings
7159fc2e agent: simplify ttrpc error construction
96a4ed7d Makefile: Replace @RUNTIME_NAME@ with the target in generated files
b88aac04 docs: Update how-to Readme with hypervisor information.
d6464117 docs: Update Readme to remove hypervisor information
b4f9fb51 docs: Remove docs for nemu
da79b4be virtcontainers: Append max_ports to virtio-serial device
0f894986 snap: install libseccomp-dev
9a351509 package: drop qemu-virtiofs shim
6ed669a1 packaging: install virtiofsd for normal qemu build as well
bcf48530 runtime: enable virtiofs by default
1a9515a9 runtime: Pass --thread-pool-size=1 to virtiofsd
1c528cd1 packaging: Apply virtiofs performance related fixes to 5.x
e2221d34 tools: Improve agent-ctl README
edf02af1 tools: Make agent-ctl support more APIs
56201803 tools: Remove commented out code in agent-ctl
9bac4ee6 tools: Log request in agent-ctl tool if debug enabled
68821f08 tools: Rename agent-ctl command to GetGuestDetails
8553f062 tools: Fix comment in agent-ctl
c5771be2 annotations: Correct unit tests to validate new protections
398d7918 annotations: Split addHypervisorOverrides to reduce complexity
b2b3bc7a annotations: Add unit test for checkPathIsInGlobs
6f52179c annotations: Add unit test for regexpContains function
966bd573 makefile: Add missing generated vars to USER_VARS
be6ee255 makefile: Improve names of config entries for annotation checks
b1194274 annotations: Give better names to local variabes in search functions
b5db114a annotations: Rename checkPathIsInGlobList with checkPathIsInGlobs
d65a7d10 config: Add better comments in the template files
7c6aede5 config: Whitelist hypervisor annotations by name
f047fced config: Use glob instead of regexp to match paths in annotations
11b9c90c annotations: Fix typo in comment
c16cdcb2 config: Add makefile variables for path lists
4e89b885 config: Protect file_mem_backend against annotation attacks
aae9656d config: Protect vhost_user_store_path against annotation attacks
55881653 config: Add security warning on configuration examples
b21a829c config: Protect ctlpath from annotation attack
27b6620b config: Protect jailer_path annotation
07669017 config: Add examples for path_list configuration
2d431c61 annotations: Simplify negative logic
2ca9ca89 config: Add hypervisor path override through annotations
2e093dfd config: Fix typo in function name
bf13ff0a config: Protect virtio_fs_daemon annotation
8c75de19 config: Add 'List' alternates for hypervisor configuration paths
2d1f2c7b kernel: update to 5.4.71
d3c98620 config: make virtio-fs part of standard kernel
6ba294a1 agent: remove unwrap() for e.as_errno()
e77482fe agent: Use ? instead of match when the error returns directly
47ff2fb9 agent: use anyhow context to attach context to Error instead of match
2f690a2b agent: remove useless match
1d8def66 agent: Use ok_or_else instead of match for Option -> Result
0dce817e agent: replace match Result with or_else
7bf4073d agent: replace unnecessary match Result with map_err
7f9e5913 agent: replace check! with map_err for readability
09aca49e agent: remove check! in child process because we cant' see logs.
a18899f1 agent: refactor namespace::setup to optimize error handling
a3c64e5c agent: replace if let Err with or_else
6ffa8283 agent: replace if let Err with map_err
720eab78 versions: Update Kubernetes, containerd, cri-o and cri-tools
84953066 agent: Fix crasher if AddARPNeighbors request empty
3d084c7d agent: Fix crasher if UpdateRoutes request empty
5615e5a7 agent: Fix crasher if UpdateInterface request empty
863f918a rustjail: add length check for uid_mappings in rootless euid mapping
1b7ed328 kata-monitor: use regexp to check if runtime is kata containers
0e0564a5 docs: update the build kata containers kernel document
d8a8fe47 cpuset: don't set cpuset.mems in the guest
88cd7128 sandbox: consider cpusets if quota is not enforced
77a463e5 cpuset: support setting mems for sandbox
2d690536 cpuset: add cpuset pkg
12cc0ee1 sandbox: don't constrain cpus, mem only cpuset, devices
b6cf68a9 cgroups: add ability to update CPUSet
b812d4f7 virtcontainers: add method for calculating cpuset for sandbox
5b520003 docs: Update upgrading guide
fc6468ef agent: fix panic on malformed device resource in container update
ae6b8ec7 agent/device: Check type as well as major:minor when looking up devices
859301b0 agent/device: Index all devices in spec before updating them
2477c355 agent/device: Forward port update_spec_device_list() unit test
08d80c1a agent/device: update_spec_device_list() should error if dev not found
43d70a32 docs: Add containerd install guide
11c1ab8b agent: use ok_or/map_err instead of match
6b9f9915 rustjail: use Iterator to manipulate vector elements
dc1442c3 rustjail: delete codes commented out
aa04111d rustjail: delete unused test code
5e3d1fb6 agent: add blank lines between methods
980e48ca agent: delete unused field in agentService
52b821fa agent: use no-named closure to reduce codes
b1f95e8d agent: use a local fn to reduce duplicated codes
906b3844 agent: update not accurate comments
f63f7405 agent: fix errorneous parsing for guest block size
eae685dc agent: use chain of Result to avoid early return
b7309943 agent: use macro to simplify parse_cmdline function in config.rs
154a356a packaging: apply qemu v5.1 stable fixes
c781a808 agent: fix aarch64 build
82e94501 packaging: fix cloud-hypervisor binary path
78318c18 packaging: fix missing cloud_hypervisor_repo
9834a766 docs: add namespace key to pod/container config files
9a02e6eb docs: Add crictl example json files
37e7de72 ci: snap: add event filtering
b7147eda agent: do not follow link when mounting container proc and sysfs
00ad3fd3 agent-ctl: include cargo lock updates
15b71563 agent: set init process non-dumpable
1839dfd9 runtime: Clear the VCMock 1.x API Methods from 2.0
c4472481 virtiofs: Disable DAX
ffea705a docs: Update docs for enabling agent debug console
0e898c6b rust-agent: Treat warnings as error
0e4baaab rust-agent: Identify unused results in tests
5b2b5652 rust-agent: Log returned errors rather than ignore them
d617caf1 rust-agent: Remove unused imports
ee739c5d rust-agent: Report errors to caller if possible
d5b492a1 rust-agent: Ignore write errors while writing to the logs
c635c46a rust-agent: Remove unused code that has undefined behavior
ec24f688 rust-agent: Remove 'mut' where not needed
c8f406d4 rust-agent: Remove uses of deprecated functions
f832d8a6 rust-agent: Remove or rename unused parameters
5a1d3311 rust-agent: Remove or rename unused variables
27efe291 rust-agent: Remove unused functions
d76ece0c rust-agent: Remove useless braces
3682812e rust-agent: Remove unused macros
e3cdc89b osbuilder: Create target directory for agent
8cd62d7b versions: add plugins section
3e56de81 snap: specify python version
7cad865d packaging: fix image build script
483209bf actions: add kata deploy test
07930024 packaging: cleaning, updating based on new filepaths
f0f205cd packaging: remove obs-packaging
4b1753c5 packaging: pull versions, build-image out from obs dir
3f6cd4d5 packaging: Revert "packaging: Stop providing OBS packages"
c33ee54a clh: Support VFIO device unplug
1f4dfa31 clh: Remove unnecessary VmmPing
cc80ae0a versions: cloud-hypervisor: Bump to version 6d30fe05
aa8eefd8 ci: add github action to test the snap
0fec7a4d docs: Change kata_tap0 to tap0_kata
3394a6a5 docs: update networking description
2e83f405 dev-guide: update kata-agent install details
777f3981 docs: update dev guide for agent build
a89deb3e rust-agent: Update README
a5b3e1cd docs: drop docker installation guide
6c4300c6 docs: fix static check errors in docs/install/README.md
59224a76 docs: update architecture.md
ea1cb37b versions: cloud-hypervisor: bump version
0ebffdf2 runtime: cloud-hypervisor: tag openapi-generator-cli container
e51a1ea3 docs: use-cases: Add Intel SGX use case
7d638231 runtime/vendor: add k8s.io/apimachinery/pkg/api/resource
6df165c1 runtime: add support for SGX
a6221a74 qemu: upgrade qemu version to 5.1.0 for arm64.
0ccbca3b agent: Fix OCI Windows network shared container name typo
80c52834 github: Remove issue template and use central one
a7faeaac docs: fix broken links
f30b86f1 Packaging: release notes script using error kernel path urls
a4afe3af rust-agent: Replaces improper use of match for non-constant patterns
07d339c7 devices: fix go test warning in manager_test.go
03517327 action: Allow long lines if non-alphabetic
7019e72c agent: remove unreachable code
942999ed agent: Change do_exec return type to ! because it will never return
4501c25a agent: propagate the internal detail errors to users
22ca2da6 packaging: Stop providing OBS packages
afa88c1b install: Add contacts to the distribution packages
3955cc89 install: Update information about Community Packages
218f77d7 install: Update SUSE information
2a0e76a8 install: Update openSUSE information
691f1364 install: Update RHEL information
270fc4b2 install: Update Fedora information
492b4e90 install: Update CentOS information
1984e635 ci: fix clone_tests_repo function
02c1a59f agent: Set LIBC=gnu for ppc64le arch by default
757dfa70 fc: integrate Firecracker's metrics
ce675075 static-build/qemu-virtiofs: Refactor apply virtiofs patches
512b38cf packaging/qemu: Add common code to apply patches
edce2712 static-build/qemu-virtiofs: Fix to apply QEMU patches
85d22301 runtime: fix TestNewConsole UT failure
e90e9a2c travis: skip static checker for ppc64
5611283e runtime: fix golint errors
daf2a54d agent: fix cargo fmt
c05c4ba5 ci: always checkout 2.0-dev of test repository
1569b3b3 docs: fix static check errors
df3119b6 runtime: fix make check
b03d958e gitignore: ignore agent service file
64b4f698 agent: fix UT failures due to chdir
acaa806c agent: Only allow proc mount if it is procfs
33513fb4 rustjail: make the mount error info much more clear
484a595f runtime: add enable_debug_console configuration item for agent
febdf8f6 runtime: add debug console service
3523167d runtime: Call s.newStore.Destroy if globalSandboxList.addSandbox
7225460a shimv2: add a comment in checkAndMount()
ca501e54 osbuilder: specify default toolchain verion in rust-init.
a34478ff runtime: Update cloud-hypervisor client pkg to version v0.10.0
45b0b4ed agent/oci: Don't use deprecated Error::description() method
33585a8e runtime: Fix linter errors in release files
86a864b8 packaging: Build from source if the clh release binary is missing
eae21591 runtime: add podman configuration to data collection script
e3a0f9b3 ci: use export command to export envs instead of env config item
9e5a4b8b ci: use Travis cache to reduce build time
36ce7018 agent: update cgroups crate
52984b67 docs: Update the reference path of kata-deploy in the packaging
1a77f69e runtime: make kata-check check for newer release
d1277848 how-to: add privileged_without_host_devices to containerd guide
96f8769a travis: enable RUST_BACKTRACE
cda7acf7 agent/rustjail: add more unit tests
98cc979a agent/rustjail: remove makedev function
b99fefad agent/rustjail: add unit tests for ms_move_rootfs and mask_path
d79fad2d agent/rustjail: implement functions to chroot
25c91afb agent/rustjail: add unit test for pivot_rootfs
7cf0fd95 agent/rustjail: implement functions to pivot_root
672da4d0 agent/rustjail: add unit test for mount_cgroups
ab61cf7f agent/rustjail: add unit test for init_rootfs
0a0714c9 agent/rustjail/mount: don't use unwrap
3dc9452b agent/rustjail: add tempfile crate as depedency
d756f52c rustjail: implement functions to mount and umount files
9f2f5201 docs: Fix the kata-pkgsync tool's docs script path
98c4d11b docs: fix k8s containerd howto links
f107b12b docs: fix up developer guide for 2.0
a02d1787 gitignore: ignore agent version.rs
b518ddea agent: fix agent panic running as init
61181b9f packaging: use local version file for kata 2.0 in Makefile
e1c6aa27 docs: fix release process doc
1acfba4d packaging: fix release notes

Compatibility with CRI-O

Kata Containers 2.1.0 is compatible with CRI-O

Compatibility with cri-containerd

Kata Containers 2.1.0 is compatible with cri-contaienrd v1.3.7

OCI Runtime Specification

Kata Containers 2.1.0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.1.0 is compatible with Kubernetes 1.21.0-00

Kata Linux Containers image

Agent version: 2.1.0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.12"
ppc64le:
name: "alpine"
version: "3.12"
s390x:
name: "alpine"
version: "3.12"
x86_64:
name: "alpine"
version: "3.12"

Kata Linux Containers Kernel

Kata Containers 2.1.0 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

The 2.0.4 release of the Kata Containers project, the last one of the
stable-2.0 branch, provides:

• A bunch of warnings clean up on the agent code.
• Improvements on QEMU code, avoiding process being left behind.
• Cloud Hypervisor upgrade to v15.0
• Fixes for virtio_fs_extra_args annotation
• Documentation improvements.

FIXME - message this section by hand to produce a summary please

Shortlog

1c62bd12 release: Kata Containers 2.0.4
3d33250e agent: Wrong pid method used
afe4df04 agent: Fix compiler checks
f859f8af agent: Fixes for static and compiler checks
657d7552 agent: simplify ttrpc error construction
7d96f22b ci: add cargo clippy for agent
2f67e831 agent: fix clippy for rustc 1.5
4f9b5faf agent: clear match_like_matches_macro/vec_resize_to_zero warnings
974e0e3b agent: clear module_inception/type_complexity warnings
91e12404 agent: clear clippy warnings
02aaab22 agent: clear clippy len_zero warnings
165988a3 rustjail: clear clippy warnings
9d49a69f oci: clear clippy warnings
cab530cb agent: clear redundant_field_names clippy warning
8d16767b logging: clear clippy warnings
01b2bbc1 runtime: fix static check errors
c60951f5 actions: enable unit tests in PR check
c750ce13 agent: makefile: Add codecov target
0704641c makefile: agent: Add self documented help
04dcbd4d github: Update ubuntu version to 20.04
f1c63380 github: Add github actions
ee202408 versions: Upgrade to cloud-hypervisor v15.0
aad549fe qemu: kill virtiofsd if failure to start VMM
16e358b3 docs: Document limitation regarding subpaths
a8137eef Makefile: Replace @RUNTIME_NAME@ with the target in generated files
351a01bd runtime: handle io.katacontainers.config.hypervisor.virtio_fs_extra_args

Compatibility with CRI-O

Kata Containers 2.0.4 is compatible with CRI-O

Compatibility with cri-containerd

Kata Containers 2.0.4 is compatible with cri-contaienrd v1.3.7

OCI Runtime Specification

Kata Containers 2.0.4 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.0.4 is compatible with Kubernetes 1.21.0-00

Kata Linux Containers image

Agent version: 2.0.4

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.12"
ppc64le:
name: "alpine"
version: "3.12"
s390x:
name: "alpine"
version: "3.12"
x86_64:
name: "alpine"
version: "3.12"

Kata Linux Containers Kernel

Kata Containers 2.0.4 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

The 2.1.0-rc release of Kata Containers provides:

• A bump in the kubernetes, CRI-O, cri-tools, and runc versions used to test
  Kata Containers.
• virtio-fs support enablemed for s390x.
• Improvements on kata-deploy.
• Documentation fixes.
• Innumerous fixes and clean-ups accross different components of the project.

FIXME - message this section by hand to produce a summary please

Shortlog

799433d8 release: Kata Containers 2.1.0-rc0
2047f26f kata-deploy: Adapt CRI-O config to use drop-in files
8de2f914 kata-deploy: Rely on CRIO default's values for manage_ns_lifecycle
ea9936e0 versions: Bump runc to v1.0.0-rc93
9c333b2c versions: Bump CRI-O version to 1.21.x
e33f207b versions: Bump critools version to 1.21.0
8e5df723 versions: Bump kubernetes version to 1.21.0
d15f84c9 versions: Remove Docker entry
516f4ec0 versions: Remove OpenShift entry
be101ac1 versions: Remove CRI-O meta dependencies
ee7de8ab tools: fix build kernel shell error
3ee61776 virtcontainers: Enable virtio-fs on s390x
8385ff95 runtime: Re-vendor GoVMM
adba4532 virtcontainers: Revert "virtcontainers: Allow s390x appendVhostUserDevice"
906c0df4 kata-deploy: don't update worker pool nodes
ede078bc kata-deploy: aks-test: bump kubernetes/containerd
484af12b kata-deploy: update to handle new runtimeclass path
05c224c3 runtimeclass: add nodeSelector
12a65d23 runtimeclass: drop stale runtimeclass definitions
1ca6bedf versions: Upgrade to cloud-hypervisor v15.0
0d0a520d clh: return error if apiSocketPath failed
fc6bb01a runtime: fix dropped error
81c5ff12 agent: Update seccomp configuration for errnoRet and flags
0787ea80 cgroupsCreate: not set resources to c.config.Resources
831224aa Sandbox: Fix ContainerConfig ptr in CreateContainer and createContainers
7d5a4252 docs: Document limitation regarding subpaths
a57c8ab1 qemu: kill virtiofsd if failure to start VMM
36776408 runtime/virtcontainers: Fix typo on qmp error msg
ff2b9e54 cli: delete not used files
677f0d99 runtime: delete not used function parameter builtIn
30ff6ee8 runtime: handle io.katacontainers.config.hypervisor.virtio_fs_extra_args
dcb9f403 config: Protect annotation for entropy_source
d4a54137 runtime: Fix stdout/stderr output from container being truncated
f4c26aad agent: fix the issue of missing set fsGroup for EphemeralStorage
628d55bf kata-agent: fix the issue of fsGroup missing
8a33bd4c qemu: Fix assertion failure on shutdown
0405beb2 agent: Remove unused Default implementation for NamespaceType
7b83b7ec agent/uevent: Better initialize Uevent in test
b0190a40 agent: Use vec![] macro rather than init-then-push
1c43245e agent/device: Remove unneeded Result<> wrappers from uev matchers
e41cdb8b agent: Use str::is_empty() method in config::get_string_value()
2377c097 agent: Use CamelCase for NamespaceType values
75eca6d5 agent/rustjail: Clean up error path in execute_hook()s async task
6ce1e56d agent/rustjail: Remove an unnecessary PathBuf
3c4485ec agent/rustjail: Clean up some static definitions with vec! macro
eaec5a6c agent/oci: Change name case to make clippy happy
3f5fdae0 agent/rustjail: (trivial) Clean up comment on process_grpc_to_oci()
210f39a4 agent/rustjail: Simplify renaming imports
8ecf8e5c agent: use channel instead of pipe to send exit signal of process
de2631e7 utils: Make WaitLocalProcess safer
9256e590 shutdown: Don't sever console watcher too early
51ab8700 utils: Improve WaitLocalProcess
507ef636 utils: Add waitLocalProcess function
7f609113 virtcontainers: Allow s390x appendVhostUserDevice
67ac4f45 runtime: update GoVMM for memory backend support
1d5098de agent/block: Generate PCI path for virtio-blk devices on clh
543f9da3 runtime: Disable trace for healthcheck
6577b01a agent/rustjail: Fix accidental damage from tokio conversion
1366f0fb cli: Use genericGetExpectedHostDetails on s390x
e7c97f0f runtime/tests: Change "moo FAILURE" message
8bc53498 docs: Simplify the repo bumping section
8a47b05a docs: Mention that an app token should be used with hub
d434c2e9 docs: OBS account is not require anymore
421439c6 API: remove ProcessListContainer/ListProcesses

Compatibility with CRI-O

Kata Containers 2.1.0-rc0 is compatible with CRI-O

Compatibility with cri-containerd

Kata Containers 2.1.0-rc0 is compatible with cri-contaienrd v1.3.7

OCI Runtime Specification

Kata Containers 2.1.0-rc0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.1.0-rc0 is compatible with Kubernetes 1.21.0-00

Kata Linux Containers image

Agent version: 2.1.0-rc0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.12"
ppc64le:
name: "alpine"
version: "3.12"
s390x:
name: "alpine"
version: "3.12"
x86_64:
name: "alpine"
version: "3.12"

Kata Linux Containers Kernel

Kata Containers 2.1.0-rc0 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

The 2.0.3 release of Kata Containers provides:

• Improvements in the project documentation
• Fixes for building agent-ctl
• A newer version of cloud-hypervisor (v0.14.1)
• Improvements and fixes for kata-deploy, such as:
  • Always use the image with the tag corresponding to this release
  • Include pod overhead for the used runtime classes
• Improvements and fixes for scripts used to prepare this release

Shortlog

ea3f9b22 release: Kata Containers 2.0.3
624ff413 release: Do not git add kata-{deploy,cleanup}.yaml for the tests repo
6bb3f441 agent: update cpuset of container path
4d4aba2e kata-deploy: add runtimeclass that includes pod overhead
5f4f8ff3 release: automatically bump the version of the kata-deploy images
f0d63160 kata-cleanup: Explicitly add tag to the container image
4e868ad9 docs: update dev-guide to include fixes from 1.x
1c70ef54 ci: Fix travis for stable-2.0
55bdd1fc kata-deploy: Adapt regex for testing kata-deploy
144be145 release: Get rid of "master"
017c7cf2 release: Use sudo to install hub
52c6b073 build: Only keep one VERSION file
e7bdeb49 github: Fix slash-command-action usage
c0ca9f9a github: Revert "github: Remove kata-deploy-test action"
81f38990 github: Remove kata-deploy-test action
6586f3b7 docs: update configuration for passing annotations in conatinerd
f5adc4c1 docs: Remove ubuntu installation guide
a67bdc36 docs: Update snap install guide
67be5583 docs: update how-to-use-k8s-with-cri-containerd-and-kata.md
abfff68d docs: Update CentOS install docs
0466ee04 docs: Update Fedora install docs
6b223194 docs: Remove SLE installation guide
fb01d515 agent-ctl: update ttrpc version
e3efcfd4 runtime: Fix the format of the client code of cloud-hypervisor APIs
5a92333f runtime: Format auto-generated client code for cloud-hypervisor API
ec0424e1 versions: Update cloud-hypervisor to release v0.14.1

Compatibility with CRI-O

Kata Containers 2.0.3 is compatible with CRI-O v1.18.4-2-gee9128444

Compatibility with cri-containerd

Kata Containers 2.0.3 is compatible with cri-contaienrd v1.3.7

OCI Runtime Specification

Kata Containers 2.0.3 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.0.3 is compatible with Kubernetes 1.18.9-00

Kata Linux Containers image

Agent version: 2.0.3

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.12"
ppc64le:
name: "alpine"
version: "3.12"
s390x:
name: "alpine"
version: "3.12"
x86_64:
name: "alpine"
version: "3.12"

Kata Linux Containers Kernel

Kata Containers 2.0.3 suggest to use the Linux kernel v5.4.71
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

Shortlog

4f164b52 release: Kata Containers 2.1.0-alpha2
11897248 release: Do not git add kata-{deploy,cleanup}.yaml for the tests repo
12582c2f kata-deploy: add runtimeclass that includes pod overhead
2b5f79d6 release: automatically bump the version of the kata-deploy images
f444adb5 kata-cleanup: Explicitly add tag to the container image
8ea2ce9a agent/device: Remove legacy uevent matching
5d007743 agent/device: Refine uevent matching for pmem devices
a59e07c1 agent/define: Refine uevent matching for virtio-scsi devices
484a3647 agent/device: Rework uevent handling for virtio-blk devices
8682d6b7 docs: update dev-guide to include fixes from 1.x
d75fe956 virtcontainers: replace newStore by store in Sandbox struct
49eec920 agent: log the tag and mount point if it is already mounted
342eb765 tools/agent-ctl: Update Cargo.lock
24b0703f agent: fix test for the debug console
79033257 agent: async the debug console
9017e110 agent: start to rework the debug console
660b0473 oci: Update seccomp configuration
107ceca6 kernel: update experimental kernel to 5.10.x
d43098ec kata-deploy: Adapt regex for testing kata-deploy
ca4dccf9 release: Get rid of "master"
c2197cbf release: Use sudo to install hub
7873b7a1 github: Fix slash-command-action usage
a938d903 rustjail: fix the issue of missing default home env
0828f9ba agent/uevent: Introduce wait_for_uevent() helper
16ed55e4 agent/device: Use consistent matching for past and future uevents
4b16681d agent/uevent: Put matcher object rather than "device address" in watch list
b8b32248 agent/uevent: Consolidate event matching logic
d2caff6c agent: Re-organize uevent processing
55ed2ddd agent: Store uevent watchers in Vec rather than HashMap
91e0ef5c agent/uevent: Report whole Uevents to device watchers
36420054 agent: Store whole Uevent in map, rather than just /dev name
06162025 agent/device: Move GLOBAL_DEVICE_WATCHER into Sandbox
11ae32e3 agent/device: Fix path matching for PCI devices
4f608804 agent/device: Update test_get_device_name()
e3e670c5 agent/device: Forward port test for get_device_name() from Kata 1.x
16f732fc ci/lib: Use git to clone the tests repository
9281e567 ci/openshift-ci: Add build root dockerfile
b0e4618e docs: update configuration for passing annotations in conatinerd
eda8da1e github: Revert "github: Remove kata-deploy-test action"
13653e7b runtime: increase dial timeout
f365bdb7 versions: qemu-experimental: 6.0~rc 470dd6
6491b9d7 qemu: Add support to build static qemu for dev tree
1cce9300 github: Remove kata-deploy-test action
52a276fb agent: Fix type for PROC_SUPER_MAGIC on s390x
5b7c8b7d agent: Update cgroups-rs to 0.2.5
28bd8c11 kernel: upgrade kernel to 5.10.x for arm64.
ee6a590d agent: add test test_pipestream_shutdown
4a2d4370 agent: don't do anything in Pipestream::shutdown
64939425 mount: fix the issue of missing set fsGroup
88e58a4f agent: fix the issue of missing pass fsGroup
ed08980f agent: Remove many "panic message is not string literal" warnings
010d57f4 osbuilder: Update QAT Dockerfile with new QAT driver version
935460e5 osbuilder: update dockerfiles to utilize IMAGE_REGISTRY
adb866ad kata-deploy: Adapt to the correct tag name
60adc7f0 VERSION: Use the correct form
572aff53 build: Only keep one VERSION file
a4c125a8 trace: move gRPC requests from debug to trace
50fff977 trace: move trace span chatter to trace rather than info
0c38d9ec runtime: Fix the format of the client code of cloud-hypervisor APIs
52cacf88 runtime: Format auto-generated client code for cloud-hypervisor API
6fe48329 runtime: use concrete KataAgentConfig instead of interface type
84b62dc3 versions: Update cloud-hypervisor to release v0.14.1
09d454ac runtime: import runtime/v2/runc/options to decode request from Docker
6255cc19 virtcontainers/fc: Upgrade Firecracker to v0.23.1
ede1ab86 docs: Remove ubuntu installation guide
4a38ff41 docs: Update snap install guide
2c47277c docs: update how-to-use-k8s-with-cri-containerd-and-kata.md
317f55f8 docs: Update minimum version for Fedora
1ce29fc9 docs: Update CentOS install docs
3f90561b docs: Update Fedora install docs
8a1c6c3f action: fix missing qemu tag
a9ff9c87 docs: Remove openSUSE installation guide
2888ceb0 docs: Remove SLE installation guide
8c1e0d30 kernel: Enable OVERLAY_FS_{METACOPY,XINO_AUTO}
a65519b9 versions: keep using kernel 5.4.x for ARM
c035cdb3 versions: kernel 5.10.x
31ced01e virtcontainers: Fix missing contexts in s390x
0b502d15 runtime: makefile allow override DAX value

Compatibility with CRI-O

Kata Containers 2.1.0-alpha2 is compatible with CRI-O v1.18.4-4-g6dee3891e

Compatibility with cri-containerd

Kata Containers 2.1.0-alpha2 is compatible with cri-contaienrd v1.3.7

OCI Runtime Specification

Kata Containers 2.1.0-alpha2 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.1.0-alpha2 is compatible with Kubernetes 1.18.9-00

Kata Linux Containers image

Agent version: 2.1.0-alpha2

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.12"
ppc64le:
name: "alpine"
version: "3.12"
s390x:
name: "alpine"
version: "3.12"
x86_64:
name: "alpine"
version: "3.12"

Kata Linux Containers Kernel

Kata Containers 2.1.0-alpha2 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations