Skip to content

Releases: kata-containers/kata-containers

Kata Containers 3.11.0

20 Nov 09:34
30bad4e
Compare
Choose a tag to compare

Survey

Please take the Kata Containers survey:

This will help the Kata Containers community understand:

  • how you use Kata Containers
  • what features and improvements you would like to see in Kata Containers

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.5 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

Kata Containers builder images

  • agent (on all its different flavours): quay.io/kata-containers/builders:agent-8d4e72f0d-107265821-x86_64
  • Kernel (on all its different flavours): quay.io/kata-containers/builders:kernel-c95ae5a50-x86_64
  • OVMF (on all its different flavours): quay.io/kata-containers/builders:ovmf-aff3d98dd-x86_64
  • QEMU (on all its different flavurs): quay.io/kata-containers/builders:qemu-74662a072-x86_64
  • shim-v2: quay.io/kata-containers/builders:shim-v2-go-1.22.2-rust-1.75.0-9c8b20b2b-x86_64
  • tools: quay.io/kata-containers/builders:tools-c20731226-df5e6e65b-0ce3f5fc6-0adf7a66c-x86_64
  • virtiofsd: quay.io/kata-containers/builders:virtiofsd-1.72.0-musl-c99ba42d6-x86_64

Installation

Follow the Kata installation instructions.

What's Changed

New Contributors

Full Changelog: 3.10.1...3.11.0

Kata Containers 3.10.1

28 Oct 13:02
b5f503b
Compare
Choose a tag to compare

Survey

Please take the Kata Containers survey:

This will help the Kata Containers community understand:

  • how you use Kata Containers
  • what features and improvements you would like to see in Kata Containers

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.5 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

Kata Containers builder images

  • agent (on all its different flavours): quay.io/kata-containers/builders:agent-2b2d0f738-107265821-x86_64
  • Kernel (on all its different flavours): quay.io/kata-containers/builders:kernel-c95ae5a50-x86_64
  • OVMF (on all its different flavours): quay.io/kata-containers/builders:ovmf-c99ba42d6-x86_64
  • QEMU (on all its different flavurs): quay.io/kata-containers/builders:qemu-74662a072-x86_64
  • shim-v2: quay.io/kata-containers/builders:shim-v2-go-1.22.2-rust-1.75.0-25c784c56-x86_64
  • tools: quay.io/kata-containers/builders:tools-c06bf2e3b-fefcf7cfa-322846b36-bc195d758-x86_64
  • virtiofsd: quay.io/kata-containers/builders:virtiofsd-1.72.0-musl-c99ba42d6-x86_64

Installation

Follow the Kata installation instructions.

What's Changed

  • tools: Change PACKAGES var for cbl-mariner by @ms-mahuber in #10439
  • workflows: Ensure shim-v2 is built as the last asset by @fidencio in #10446
  • runtime: Failed to clean up resources when QEMU is terminated by @wtootw in #10208
  • Add a specific workflow for testing the CI, without messing up with the "nightly" weather by @fidencio in #10449
  • docs: Fix misspelling in CI documentation by @GabyCT in #10438
  • tests: Add trap statement in kata doc script by @GabyCT in #10452
  • workflows: devel: Follow-up on the manually triggered jobs by @fidencio in #10461
  • agent: Correct rustjail device filemode permission typo by @skaegi in #10463
  • release: Bump version to 3.10.1 by @stevenhorsman in #10467
  • workflows: Possibly fix the release workflow by @fidencio in #10471

New Contributors

Full Changelog: 3.10.0...3.10.1

Kata Containers 3.10.0

22 Oct 14:53
3de6d09
Compare
Choose a tag to compare

Survey

Please take the Kata Containers survey:

This will help the Kata Containers community understand:

  • how you use Kata Containers
  • what features and improvements you would like to see in Kata Containers

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.5 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

Kata Containers builder images

  • agent (on all its different flavours): quay.io/kata-containers/builders:agent-2b2d0f738-107265821-x86_64
  • Kernel (on all its different flavours): quay.io/kata-containers/builders:kernel-c95ae5a50-x86_64
  • OVMF (on all its different flavours): quay.io/kata-containers/builders:ovmf-c99ba42d6-x86_64
  • QEMU (on all its different flavurs): quay.io/kata-containers/builders:qemu-74662a072-x86_64
  • shim-v2: quay.io/kata-containers/builders:shim-v2-go-1.22.2-rust-1.75.0-25c784c56-x86_64
  • tools: quay.io/kata-containers/builders:tools-c06bf2e3b-fefcf7cfa-3dabe0f5f-bc195d758-x86_64
  • virtiofsd: quay.io/kata-containers/builders:virtiofsd-1.72.0-musl-c99ba42d6-x86_64

Installation

Follow the Kata installation instructions.

What's Changed

New Contributors

Read more

Kata Containers 3.9.0

19 Sep 14:55
cdaaf70
Compare
Choose a tag to compare

Survey

Please take the Kata Containers survey:

This will help the Kata Containers community understand:

  • how you use Kata Containers
  • what features and improvements you would like to see in Kata Containers

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.5 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

Kata Containers builder images

  • agent (on all its different flavours): quay.io/kata-containers/builders:agent-2b2d0f738-107265821-x86_64
  • Kernel (on all its different flavours): quay.io/kata-containers/builders:kernel-c95ae5a50-x86_64
  • OVMF (on all its different flavours): quay.io/kata-containers/builders:ovmf-c99ba42d6-x86_64
  • QEMU (on all its different flavurs): quay.io/kata-containers/builders:qemu-74662a072-x86_64
  • shim-v2: quay.io/kata-containers/builders:shim-v2-go-1.22.2-rust-1.75.0-25c784c56-x86_64
  • tools: quay.io/kata-containers/builders:tools-593cbb871-eb1227f47-1597f8ba0-69535e545-x86_64
  • virtiofsd: quay.io/kata-containers/builders:virtiofsd-1.72.0-musl-c99ba42d6-x86_64

Installation

Follow the Kata installation instructions.

What's Changed

  • genpolicy: deny UpdateEphemeralMountsRequest by @Redent0r in #9911
  • metrics: Remove unused variable in openvino script by @GabyCT in #10198
  • kata-deploy: Rework the logic a little bit by @fidencio in #10194
  • ci: commit-message-check: Take re-revert into consideration by @fidencio in #10196
  • agent: kill child process when console socket closed by @soulfy in #10141
  • Revert "tests: add image check before running coco tests" by @amshinde in #10207
  • tests: Fix k8s test issues on s390x by @BbolroC in #10202
  • agent/config: Make CDH_API_TIMEOUT configurable by @BbolroC in #10199
  • kata-manager: Avoid docker rate-limit by @fidencio in #10209
  • Upgrade to Cloud Hypervisor v41.0 by @likebreath in #10205
  • metrics: Add OpenVINO general information into README by @GabyCT in #10201
  • stability: Add kubernetes parallel test by @GabyCT in #10193
  • runtime: Allow machine_type in kata config for remote hypervisors by @squarti in #10212
  • runtime: check if cold_plug_vfio is enabled before create PhysicalEndpoint by @l8huang in #10210
  • ci: reinstate Mariner host and guest kernel by @sprt in #10037
  • gha: Add GHA workflow to run Kata CoCo stability tests by @GabyCT in #10214
  • docs: Add oneDNN benchmark information to metrics README by @GabyCT in #10221
  • genpolicy: add priorityClassName as a field in PodSpec interface by @Redent0r in #10160
  • agent: image-rs: check xattrs for image unpacking by @amshinde in #10224
  • metrics: Remove unused variable in oneDNN benchmark by @GabyCT in #10228
  • agent: avoid policy.txt log without debug enabled by @danmihai1 in #10222
  • ci: Transition GARM tests to free runners, pt. III by @sprt in #10038
  • agent: Update image-rs to 02af65abc by @fidencio in #10236
  • kata-deploy: helm: Add INSTALLATION_PREFIX by @fidencio in #10204
  • ci: Remove stdio tests by @fidencio in #10238
  • metrics: Remove metrics report for Kata Containers by @GabyCT in #10247
  • agent:cdh: Refactor CDHClient usage and initialization by @ChengyuZhu6 in #10233
  • helm: Several fixes, including some reasonable re-work on kata-deploy.sh script by @fidencio in #10192
  • runtime: fix bad default machine_type for remote hypervisor by @squarti in #10250
  • runtime: Don't error out about SNP cert path on non SNP platforms by @fidencio in #10254
  • gha: Turn on KBS for qemu-coco-dev on s390x by @BbolroC in #10244
  • versions: Update firecracker version to 1.8.0 by @GabyCT in #10229
  • tests: Enable k8s soak stability test for Kata CoCo CI by @GabyCT in #10237
  • genpolicy: support readonly hostpath by @Redent0r in #10251
  • ci: Add workflow to run kata-agent api tests using kata-agent-ctl by @Sumynwa in #10263
  • ci: send SIGKILL to kill kata components by @Sumynwa in #10255
  • ci: Enable kata agent API tests by @Sumynwa in #10270
  • genpolicy: add support for PodDisruptionBudget yaml by @Redent0r in #10268
  • metrics: Update openVINO and oneDNN tests references by @GabyCT in #10267
  • agent: Refactor storage handler registration by @ChengyuZhu6 in #10245
  • Refine device management for kata-agent by @ChengyuZhu6 in #10213
  • kata-deploy: Remove kata-cleanup unneeded vars by @fidencio in #10257
  • runtime: qemu: tdx: Add support for setting mrconfigid / mrowner / mrownerconfig by @fidencio in #10272
  • Add support of dragonball virtio-balloon free page reporting by @teawater in #10253
  • tests: Increase timeout to wait for soak stability test deployment by @GabyCT in #10277
  • runtime-rs: configuration-dragonball.toml.in: Remove duplication by @teawater in #10282
  • runtime: Fix runtime/cdi panic with assignment to entry in nil map by @Apokleos in #10276
  • ci: tdx: Adapt how we get the host IP by @fidencio in #10292
  • agent-ctl: Refactor CopyFile Handler by @Sumynwa in #10271
  • Bump guest-components / trustee to a version that supports ITA by @fidencio in #10294
  • tests: Enable stressng k8s stability test for Kata CoCo CI by @GabyCT in #10289
  • metrics: Remove unused remove img var in common script by @GabyCT in #10295
  • genpolicy: fix and re-enable create container UID verification by @danmihai1 in #10291
  • tests: Introduce retry mechanism for helm install by @BbolroC in #10309
  • tests: Fix indentation in the cri containerd tests by @GabyCT in #10304
  • tests: k8s-inotify: pod termination polling by @danmihai1 in #10316
  • CoCo: Bump Coco components to 0.10 releases by @stevenhorsman in #10313
  • Merge to main: supporting pull cosign signed images by @Xynnn007 in #10009
  • doc: Update how-to-run-kata-containers-with-SE-VMs.md by @BbolroC in #10315
  • local-build: Fix unbound variable issue for lib_se.sh by @BbolroC in #10321
  • agent: add support to provide default agent policy via env by @Sumynwa in #10303
  • kata-deploy: Switch Kubernetes URL by @stevenhorsman in #10323
  • ci: Fix indentation of install libseccomp script by @GabyCT in #10324
    *...
Read more

Kata Containers 3.8.0

21 Aug 16:44
09a13da
Compare
Choose a tag to compare

Survey

Please take the Kata Containers survey:

This will help the Kata Containers community understand:

  • how you use Kata Containers
  • what features and improvements you would like to see in Kata Containers

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.5 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

Kata Containers builder images

  • agent (on all its different flavours): quay.io/kata-containers/builders:agent-d0b0004ce-107265821-x86_64
  • Kernel (on all its different flavours): quay.io/kata-containers/builders:kernel-c95ae5a50-x86_64
  • OVMF (on all its different flavours): quay.io/kata-containers/builders:ovmf-c99ba42d6-x86_64
  • QEMU (on all its different flavurs): quay.io/kata-containers/builders:qemu-74662a072-x86_64
  • shim-v2: quay.io/kata-containers/builders:shim-v2-go-1.22.2-rust-1.75.0-25c784c56-x86_64
  • tools: quay.io/kata-containers/builders:tools-c22ac4f72-a9b436f78-a78d82f4f-69535e545-x86_64
  • virtiofsd: quay.io/kata-containers/builders:virtiofsd-1.72.0-musl-c99ba42d6-x86_64

Installation

Follow the Kata installation instructions.

What's Changed

Read more

Kata Containers 3.7.0

17 Jul 21:19
6aff5f3
Compare
Choose a tag to compare

Survey

Please take the Kata Containers survey:

This will help the Kata Containers community understand:

  • how you use Kata Containers
  • what features and improvements you would like to see in Kata Containers

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.5 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

Kata Containers builder images

  • agent (on all its different flavours): quay.io/kata-containers/builders:agent-d0b0004ce-107265821-x86_64
  • Kernel (on all its different flavours): quay.io/kata-containers/builders:kernel-c95ae5a50-x86_64
  • OVMF (on all its different flavours): quay.io/kata-containers/builders:ovmf-c99ba42d6-x86_64
  • QEMU (on all its different flavurs): quay.io/kata-containers/builders:qemu-259ec408b-x86_64
  • shim-v2: quay.io/kata-containers/builders:shim-v2-go-1.22.2-rust-1.75.0-25c784c56-x86_64
  • tools: quay.io/kata-containers/builders:tools-f31c1b121-6c1a2f01f-eb07f5ef5-c99ba42d6-x86_64
  • virtiofsd: quay.io/kata-containers/builders:virtiofsd-1.72.0-musl-c99ba42d6-x86_64

Installation

Follow the Kata installation instructions.

What's Changed

  • tests: Use selector rather than pod name for kubectl logs/describe by @BbolroC in #9862
  • Tokio vulnerability bump by @stevenhorsman in #9860
  • sandbox: fix the issue of failed to get the vmm master tid by @lifupan in #9834
  • runtime-rs: add base qmp framework by @pmores in #9772
  • kata-deploy: always copy ci/install_yq.sh by @wainersm in #9863
  • ci: tdx: Disable TDX CI by @fidencio in #9869
  • ci: gha no sudo ppc64 by @zvonkok in #9877
  • runtime-rs: adjust qemu vm shutdown behaviour by @pmores in #9870
  • ci: tdx: Use vanilla k8s instead of k3s by @fidencio in #9882
  • qemu: upgrade to 8.2.4 by @ryansavino in #9149
  • tests: nerdctl: Fix variables names and remove network by @GabyCT in #9874
  • ci: tdx: Re-enable TDX CI by @fidencio in #9884
  • runtime: Support policy in remote hypervisor by @stevenhorsman in #9881
  • kernel: Add CONFIG_S390_UV_UAPI for s390x by @BbolroC in #9886
  • gha: Do not fail when collecting artifacts by @GabyCT in #9845
  • genpolicy: reject untested CreateContainer field values by @danmihai1 in #9856
  • ci: remove sudo from s390x build by @zvonkok in #9876
  • runtime: updates to qemu-coco-dev configuration by @wainersm in #9865
  • ci: gha no sudo arm64 by @zvonkok in #9875
  • CI: disable jobs that failed >= 50% on nightly CI recently - part 2 by @wainersm in #9857
  • genpolicy: ignore SeccompProfile in PodSpec by @Redent0r in #9579
  • metrics: Improve variable definition in memory inside containers script by @GabyCT in #9872
  • runtime-rs: fix the bug of func count_files by @gaohuatao-1 in #9830
  • workflow: coco: Add auth registry secret by @stevenhorsman in #9903
  • genpolicy: allow specifying layer cache file by @3u13r in #9864
  • ci: Add scheduled job to cleanup resources, pt. I by @sprt in #9898
  • tests: attestation: Restrict sample policy use by @stevenhorsman in #9906
  • ci.ocp: Ensure we smoke-test with the right runtime class by @ldoktor in #9887
  • tests: Increase timeout to crictl calls on kata monitor tests by @GabyCT in #9897
  • runtime-rs: remove attempt to access sandbox bundle from container bu… by @pmores in #9879
  • kata-ctl: Update Cargo.lock by @gkurz in #9913
  • gpu: Missing separator by @zvonkok in #9916
  • tests: Increase interval and max_tries for kubectl_retry by @BbolroC in #9923
  • versions: bump coco guest components and trustee by @fitzthum in #9896
  • runtime: fix missing of VhostUserDeviceReconnect parameter assignment by @markyangcc in #9849
  • rootfs: Fix spurious error by @zvonkok in #9918
  • CI: Use multi-arch image for alpine-bash-curl by @BbolroC in #9936
  • CI: Eliminate dependency on tests repo by @BbolroC in #9932
  • gha: ci: Remove incorrect secrets line by @stevenhorsman in #9947
  • Upgrade to Cloud Hypervisor v40.0 by @likebreath in #9930
  • tests: Update help section in openvino test by @cmaf in #9949
  • kata-deploy: fix qemu static build on ppc64le by @Amulyam24 in #9914
  • ci: Temporarily disable kata-deploy and GARM tests by @sprt in #9941
  • genpolicy: add topologySpreadConstraints support by @Redent0r in #9577
  • ci: Add scheduled job to cleanup resources, pt. II by @sprt in #9909
  • osbuilder: allow rootfs builds w/o git or version file deps by @ms-mahuber in #9825
  • docs: Remove jenkins reference from unit testing presentation by @GabyCT in #9952
  • metrics: Remove variable in sysbench that is not being used by @GabyCT in #9954
  • genpolicy: allow some empty env vars by @Redent0r in #9907
  • runtime-rs: firecracker hypervisor backend by @Pyrromanis in #8070
  • tests: Fixes TEE timeout issue by @AdithyaKrishnan in #9943
  • ci: Transition GARM tests to free runners, pt. I by @sprt in #9960
  • Fix issues on CI about guest-pull by @ChengyuZhu6 in #9695
  • gha: Fix pip installation for nerdctl GHA by @GabyCT in #9971
  • Image rs bump to latest main by @stevenhorsman in #9828
  • tests: Use variable already defined in metrics common script for stability tests by @GabyCT in #9966
  • Support Confidential Sealed Secrets (as env vars) by @fitzthum in #9719
  • tests: Extend vfio-ap hotplug test to use a zcrypttest tool by @BbolroC in #9859
  • tests: cri-containerd: Ensure Docker isn't present by @sprt in #9976
  • Add memory and vcpus info to metrics results by @dborquez in #9973
  • metrics: Remove duplicate check of processes from memory test. by @dborquez in #9987
  • cri-containerd: Remove use_devmapper variable for cri-containerd tests by @GabyCT in #9985
  • gha: make run-k8s-tests-on-zvsi inherit secrets by @stevenhorsman in #9981
  • runtime: pass certificates to get extended attestation report for SNP coco by @niteeshkd in #9806
  • scripts: Eliminate CI variable as it is not longer used by @GabyCT in #9962
  • runtime-rs: bugfix for root bus slot allocation by @Apokleos in https:/...
Read more

Kata Containers 3.6.0

17 Jun 20:12
7df221a
Compare
Choose a tag to compare

Survey

Please take the Kata Containers survey:

This will help the Kata Containers community understand:

  • how you use Kata Containers
  • what features and improvements you would like to see in Kata Containers

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.5 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

Kata Containers builder images

  • agent (on all its different flavours): quay.io/kata-containers/builders:agent-d0b0004ce-c99ba42d6-x86_64
  • Kernel (on all its different flavours): quay.io/kata-containers/builders:kernel-c95ae5a50-x86_64
  • OVMF (on all its different flavours): quay.io/kata-containers/builders:ovmf-c99ba42d6-x86_64
  • QEMU (on all its different flavurs): quay.io/kata-containers/builders:qemu-c99ba42d6-x86_64
  • shim-v2: quay.io/kata-containers/builders:shim-v2-go-1.22.2-rust-1.75.0-25c784c56-x86_64
  • tools: quay.io/kata-containers/builders:tools-b6a28bd93-27685c91e-3a0247ed4-c99ba42d6-x86_64
  • virtiofsd: quay.io/kata-containers/builders:virtiofsd-1.72.0-musl-c99ba42d6-x86_64

Installation

Follow the Kata installation instructions.

What's Changed

  • gpu: Add build targets for GPU rootfs initrd/image by @zvonkok in #9618
  • tests: Add k8s negative policy test by @GabyCT in #9438
  • CI: Use --abbrev=9 explicitly for abbreviated commit hash by @BbolroC in #9638
  • gha: Fix indentation in gha run k8s common by @GabyCT in #9627
  • metrics: Fix random write value for FIO by @GabyCT in #9610
  • version: Bump nydus snapshotter to v0.13.13 by @ChengyuZhu6 in #9636
  • deploy: Add artefact repository by @zvonkok in #9617
  • Tag component caches by @stevenhorsman in #9550
  • workflow: Remove if from env conditional by @stevenhorsman in #9644
  • ci: cache: Fix unbound variable by @stevenhorsman in #9647
  • metrics: Update launch times script by @GabyCT in #9615
  • Caching tagging update part iii by @stevenhorsman in #9650
  • tests: pull-image: Only skip tests for TEEs by @fidencio in #9613
  • CI: Append arch type to initramfs-cryptsetup image by @BbolroC in #9655
  • ci: cache: Filter out non-printable characters from tag by @stevenhorsman in #9659
  • Fix launch times timestamp generation. by @dborquez in #9662
  • Revert "ci: azure: Workaround azure cli installation script" by @fidencio in #9673
  • TEEs: Use shared_fs=none for TDX by @fidencio in #9315
  • fix: kata-deploy.sh VERSION_ID unbound-variable by @networkhermit in #9671
  • gha: release: Set inherit secrets on tarball builds by @stevenhorsman in #9675
  • genpolicy: detect empty string in ns as default by @malt3 in #9660
  • gha: Add support to install KBS to k8s TDX GHA workflow by @GabyCT in #9452
  • CI: Migrate vfio-ap test files from tests repo by @BbolroC in #9658
  • runtime: Disable number of cpu comparison on remote hypervisor scenario by @ajaypvictor in #9657
  • build(deps): bump github.com/containerd/containerd from 1.7.11 to 1.7.16 in /src/runtime in the go_modules group across 1 directory by @dependabot in #9635
  • runtime: fix duplicated devices requested to the agent by @cncal in #9624
  • runtime: Add missing check in ResizeMemory for CH by @cmaf in #9641
  • runtime-rs: Drop some useless QEMU arguments by @gkurz in #9642
  • runtime: tdx: Allow default_{cpu,memory} annotations by @fidencio in #9682
  • runtime: Enable connection to Quote Generation Service (QGS) by @JakubLedworowski in #9653
  • ci: cache: Add arch suffix to all cache tags by @stevenhorsman in #9684
  • tests: Fix indentation in confidential common script by @GabyCT in #9685
  • gha: Enable install kbs and coco components for TDX, but still skip the CDH test by @GabyCT in #9681
  • metrics: Fix minvalue for boot time by @GabyCT in #9686
  • tests/k8s: skip custom DNS tests on confidential jobs by @wainersm in #9696
  • build(deps): bump golang.org/x/net from 0.24.0 to 0.25.0 in /src/runtime in the go_modules group across 1 directory by @dependabot in #9680
  • tests/k8s: disable "fail-fast" behavior by default by @wainersm in #9698
  • kata-agent: update env PCIDEVICE___INFO by @l8huang in #9605
  • runtime-rs: Remove obsoleted dial_timeout config by @justxuewei in #9690
  • runtime: make kata-runtime check error more understandable when /dev/kvm doesn't exist by @cncal in #9583
  • agent: collect PCI address mapping for both vfio-pci-gk and vfio-pci device by @l8huang in #9687
  • runtime-rs: add QMP support for Qemu(part I) by @Apokleos in #9604
  • Adjust indentation in ifneq statements within Makefile in runtime-rs by @sidneychang in #9693
  • runtime-rs: document architecture & implementation conventions in qem… by @pmores in #9656
  • kata-agent: CreateContainer Hook by @zvonkok in #9268
  • kata-deploy / kata-cleanup / ci: Fixes and improvements to kata-deploy / kata-cleanup and its usage in the CI by @fidencio in #9721
  • gpu: reintroduce pcie_root_port and add pcie_switch_port by @zvonkok in #8861
  • ci: ovmf without sudo by @zvonkok in #9727
  • ci.ocp: Document openshift pipeline and manual bisection by @ldoktor in #9414
  • vfio: Fix hot-unplug by @zvonkok in #9723
  • ci: guest-components without sudo by @zvonkok in #9728
  • metrics: Improve variable definition in memory usage script by @GabyCT in #9677
  • ci: qemu no sudo by @zvonkok in #9736
  • ci: tools no sudo by @zvonkok in #9733
  • kata-manager: Copy cni files under /opt/cni by @amshinde in #9679
  • ci: kernel no sudo by @zvonkok in #9730
  • ci: build agent without sudo by @zvonkok in #9729
  • ci: initramfs no sudo by @zvonkok in #9739
  • ci: virtiofsd no sudo by @zvonkok in #9734
  • ci: pause-image no sudo by @zvonkok in #9731
  • ci: shim-v2 no sudo by @zvonkok in #9732
  • ci: Fix tools builder images by @zvonkok in #9743
  • runtime-rs: Add RNG to QEMU cmdline by @emanuellima1 in #9639
  • ci: pin the nydus-snapshotter image version by @wainersm in #9746
  • tests: enable guest-pull on all k8s tests for the qemu-coco-dev configuration by @wainersm in https:/...
Read more

Kata Containers 3.5.0

15 May 10:27
6a4ff08
Compare
Choose a tag to compare

Survey

Please take the Kata Containers survey:

This will help the Kata Containers community understand:

  • how you use Kata Containers
  • what features and improvements you would like to see in Kata Containers

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.5 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

Kata Containers builder images

  • agent (on all its different flavours): quay.io/kata-containers/builders:agent-65c32735e-8724d7dee-x86_64
  • Kernel (on all its different flavours): quay.io/kata-containers/builders:kernel-4fc34323a-x86_64
  • OVMF (on all its different flavours): quay.io/kata-containers/builders:ovmf-4292c4c3b-x86_64
  • QEMU (on all its different flavurs): quay.io/kata-containers/builders:qemu-fe5adae5d-x86_64
  • shim-v2: quay.io/kata-containers/builders:shim-v2-go-1.22.2-rust-1.72.0-04d021bd1-x86_64
  • tools: quay.io/kata-containers/builders:tools-ddf6b367c-cc6b67110-b4360e7e3-x86_64
  • virtiofsd: quay.io/kata-containers/builders:virtiofsd-1.72.0-musl-2205fb9d0-x86_64

Installation

Follow the Kata installation instructions.

What's Changed

  • gha: move attestation tests to run-k8s-tests-coco-nontee by @wainersm in #9490
  • agent: update cargo.lock by @danmihai1 in #9518
  • runtime-rs: Update storage source for pci block devices by @amshinde in #9517
  • passfd-io: fix FIFO opening and vsock handling by @Tim-Zhang in #9335
  • runtime: Call CreateRuntime hooks at container creation time by @littlejawa in #9524
  • CC: Enable guest-pull tests on non-TEE for s390x by @BbolroC in #9494
  • clh: isClhRunning waits for full timeout when clh exits by @alex-matei in #9432
  • kata-deploy: Stop append log_level = "debug" for CRI-O by @fidencio in #9535
  • genpolicy: implement default methods for K8sResource trait by @arc9693 in #9428
  • agent: use regorus instead of opa by @danmihai1 in #9510
  • gha: Enable k8s tests for cloud hypervisor with devicemapper by @jodh-intel in #9525
  • build: Fix tarball not building correctly in docker by @JakubLedworowski in #9549
  • genpolicy: changing caching so the tool can run concurrently with itself by @Redent0r in #9530
  • runtime-rs: Add RTC to QEMU cmdline by @emanuellima1 in #9519
  • doc: fix missing document link by @cncal in #9528
  • build: Update golang version to 1.22.2 by @BbolroC in #9562
  • rootfs: Stop building and shipping OPA by @fidencio in #9559
  • runtime-rs: support IOMMU in qemu VMs by @pmores in #9551
  • workflow: static-checks: Skip commit checks for dependabout by @stevenhorsman in #9570
  • runtime: new qemu-coco-dev configuration by @wainersm in #9552
  • kata-deploy: configure debugging for crio by @littlejawa in #9573
  • build: Build the shipped agent with policy enabled by @fidencio in #9563
  • config: Add NVIDIA GPU SNP, TDX configuration files by @zvonkok in #9476
  • tests: adapt Mariner CI to unblock CH v39 upgrade by @sprt in #9592
  • build(deps): bump the go_modules group across 5 directories with 8 updates by @dependabot in #9568
  • versions: Remove oci information from versions file by @GabyCT in #9600
  • build: fix the confusing build message if yq doesn't exist in GOPATH/bin by @cncal in #9582
  • runtime-rs: fix the issue of the leak of dead shim by @lifupan in #9598
  • qemu: the error is logged only when it occurs by @cncal in #9601
  • ci: Stop building TDX specific QEMU and OVMF by @fidencio in #9607
  • db: fix the issue of failed to init pci root bus by @lifupan in #9596
  • tests: pull-image: Don't run on TEEs by @fidencio in #9609
  • kernel: Add caching of kernel-headers by @zvonkok in #9482
  • tdx: Adapt kata-deploy to use QEMU / OVMF from the distros by @fidencio in #9608
  • deploy: Add runtimeClasses relating to the NVIDIA GPU by @zvonkok in #9484
  • deploy: Fix wrong pushing of artifacts by @zvonkok in #9616
  • build: nvidia-gpu: Fix cache usage of the headers tarball by @fidencio in #9622
  • release: Bump VERSIONS file to 3.5.0 by @fidencio in #9626
  • runtime-rs: Fix constructing the RTC struct by @emanuellima1 in #9571
  • debugging: adding a script and instructions for debugging the GO shim by @littlejawa in #9585
  • kata-deploy: Fix tdx_not_supported call by @ldoktor in #9629
  • local-build: Ensure the default rootfs is built with AGENT_POLICY=yes by @BbolroC in #9632

New Contributors

Full Changelog: 3.4.0...3.5.0

Kata Containers 3.4.0

19 Apr 16:12
7e12d58
Compare
Choose a tag to compare

Survey

Please take the Kata Containers survey:

This will help the Kata Containers community understand:

  • how you use Kata Containers
  • what features and improvements you would like to see in Kata Containers

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.5 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

Kata Containers builder images

  • agent (on all its different flavours): quay.io/kata-containers/builders:agent-65c32735e-8724d7dee-x86_64
  • Kernel (on all its different flavours): quay.io/kata-containers/builders:kernel-4fc34323a-x86_64
  • OVMF (on all its different flavours): quay.io/kata-containers/builders:ovmf-2ee03b5dc-x86_64
  • QEMU (on all its different flavurs): quay.io/kata-containers/builders:qemu-fe5adae5d-x86_64
  • shim-v2: quay.io/kata-containers/builders:shim-v2-go-1.19.3-rust-1.72.0-04d021bd1-x86_64
  • tools: quay.io/kata-containers/builders:tools-77540503f-d915a79e2-9e01732f7-x86_64
  • virtiofsd: quay.io/kata-containers/builders:virtiofsd-1.72.0-musl-2205fb9d0-x86_64

Installation

Follow the Kata installation instructions.

What's Changed

  • docs: Update links in the Documentation Requirements document by @GabyCT in #9307
  • gha: Update journal log names for kubernetes artifacts by @GabyCT in #9309
  • gha: Fix nydus namespace clean up by @GabyCT in #9265
  • Dragonballl: introduce MTRR regs support by @studychao in #9311
  • tests: static checker: Add announce message by @jodh-intel in #9259
  • agent: Add guest-pull to the list of agent features in announce() by @ChengyuZhu6 in #9312
  • docs: Update libseccomp instructions in Developers Guide by @GabyCT in #9324
  • Revert "release: Skip --generate-notes for this release" by @fidencio in #9321
  • runtime-rs: ch: Implement full thread/tid/pid handling by @dborquez in #9255
  • versions: Update nydus-snapshotter to v0.13.11 by @fidencio in #9337
  • runtime-rs: Enable qemu on s390x by @BbolroC in #9280
  • agent: Refactor unit tests to leverage rstest for parameterization by @ChengyuZhu6 in #9313
  • runtime-rs/dragonball: add support building kernel with upcall and GPU hotplug by @Apokleos in #9244
  • agent:image: Refactor code to improve memory efficiency of image service by @ChengyuZhu6 in #9325
  • scripts: Fix unbound variables in k8s setup script by @GabyCT in #9329
  • workflows: Build agent-opa for more archs by @stevenhorsman in #9356
  • Remove additional links to tests directory by @cmaf in #9346
  • docs: Add documents for kata guest image management by @ChengyuZhu6 in #9341
  • Only tag and publish the release when it is fully ready by @gkurz in #9326
  • Support to set timeout to pull large image in guest by @ChengyuZhu6 in #9332
  • k8s: confidential: Update cpuid to its latest release by @fidencio in #9349
  • runtime: remove unimplemented CoCo configurations by @fitzthum in #8046
  • genpolicy: reduce policy debug prints by @danmihai1 in #9347
  • runtime: remove stream copy infinite loop by @danmihai1 in #9367
  • agent: Fix errors in make check by @c3d in #9345
  • gha: Update journal log names for nerdctl artifacts by @GabyCT in #9358
  • kata-agent: Change order of guest hook and bind mount processing by @Apokleos in #9275
  • kata-agent: enabling cgroups-v2 by systemd.unified_cgroup_hierarchy by @Apokleos in #9383
  • versions: Remove runc version information by @GabyCT in #9365
  • gha: add GENPOLICY_PULL_METHOD by @Redent0r in #9385
  • docs: Remove stale kernel information by @GabyCT in #9344
  • versions: Remove conmon information from versions.yaml by @GabyCT in #9397
  • gha: Define GH_PR_NUMBER variable in gha run k8s common script by @GabyCT in #9409
  • tests: k8s-job: wait for job successful create by @danmihai1 in #9411
  • gha: ensure unique resource group name by @Redent0r in #9413
  • bugfix and refactor device increate count by @Apokleos in #8782
  • tdx: Update TDX artefacts to be used with the Ubuntu 23.10 / CentOS 9 stream OSVs. by @fidencio in #8840
  • tests: Support for kbs setup on kcli by @ldoktor in #9273
  • metrics: Improve latency test cleanup by @GabyCT in #9419
  • GHA: Implement secondary GITHUB_WORKSPACE cleanup on 1st failure by @BbolroC in #9415
  • qemu: show the thread name when enable the hypervisor.debug option by @deagon in #9402
  • docs: kata-manager: Update with latest details by @jodh-intel in #9372
  • port attestation agent from CCv0 branch to main branch by @LindaYu17 in #8870
  • agent:image: Support different pause image in the guest for guest pull by @ChengyuZhu6 in #9369
  • gha: Bump various actions to use Node.js 20 by @gkurz in #9421
  • katautils: check number of cores on the system intead of go runtime by @egernst in #9331
  • tests: k8s: improve the Agent Policy tests by @danmihai1 in #9398
  • docs: adding an initial CI documentation by @beraldoleal in #8988
  • genpolicy: Add optional toggle to pull images using containerd by @Redent0r in #9185
  • add onednn and openvino ml-benchmarks by @dborquez in #9391
  • gha: Fix indentation in gha run script by @GabyCT in #9450
  • tests: Improve the kbs_k8s_delete function by @GabyCT in #9423
  • tests: k8s: inject agent policy failures by @danmihai1 in #9439
  • agent: Fix the issue with the "test_new_fs_manager" test by @justxuewei in #9457
  • CC: run guest-pull tests on non-TEE jobs by @wainersm in #9424
  • gha: Define unbound PULL TYPE variable by @GabyCT in #9454
  • agent: shutdown vm on exit when agent is used as init process by @alex-matei in #9430
  • CI: Enable GHA cri-containerd workflow for runtime-rs with QEMU by @BbolroC in #9403
  • kernel: Adjust s390x config for confidential containers by @BbolroC in #9469
  • ci.ocp: Increase the MCP update time by @ldoktor in #9404
  • version: Add coco name and version for {image,initrd} for s390x by @BbolroC in #9471
  • gha: make run-kata-coco-tests inherit secrets by @wainersm in #9479
  • runtime-rs: refactor qemu driver by @pmores in #9353
  • tests: k8s: inject agent policy failures (part2) by @danmihai1 in https://github.com/kata-co...
Read more

Kata Containers 3.3.0

20 Mar 09:52
1aec4f7
Compare
Choose a tag to compare

Survey

Please take the Kata Containers survey:

This will help the Kata Containers community understand:

  • how you use Kata Containers
  • what features and improvements you would like to see in Kata Containers

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.5 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

Kata Containers builder images

  • agent (on all its different flavours): quay.io/kata-containers/builders:agent-65c32735e-8724d7dee-x86_64
  • Kernel (on all its different flavours): quay.io/kata-containers/builders:kernel-4fc34323a-x86_64
  • OVMF (on all its different flavours): quay.io/kata-containers/builders:ovmf-6bb2ea819-x86_64
  • QEMU (on all its different flavurs): quay.io/kata-containers/builders:qemu-0538bbfc4-x86_64
  • shim-v2: quay.io/kata-containers/builders:shim-v2-go-1.19.3-rust-1.72.0-a13eecf7f-x86_64
  • tools: quay.io/kata-containers/builders:tools-b3b00e00a-9ef59488d-5bad18f9c-x86_64
  • virtiofsd: quay.io/kata-containers/builders:virtiofsd-1.72.0-musl-2205fb9d0-x86_64

Installation

Follow the Kata installation instructions.

What's Changed

Read more