Skip to content

Releases: kata-containers/kata-containers

# Release 3.0.0-rc1

3.0.0-rc1
ef49fa9
Compare
Choose a tag to compare
# Release 3.0.0-rc1 Pre-release
Pre-release

kata-containers Changes

Shortlog

727f233 release: Kata Containers 3.0.0-rc1
babab16 tools: release: fix bogus version check
af22e71 osbuilder: Export directory variables for libseccomp
d663f11 kata-deploy: get the config path from cri options
c6b3dcb kata-deploy: support kata-deploy for runtime-rs
a394761 kata-deploy: add installation for runtime-rs
b0c5f04 runtime-rs: set agent timeout to 0 for stream RPCs
d44e39e runtime-rs: fix incorrect comments
43b0e95 runtime: store the user name in hypervisor config
8180188 runtime: make StopVM thread-safe
fba39ef runtime: add more debug logs for non-root user operation
6330951 runtime-rs: drop dependency on rustc-serialize
e229a03 runtime: update runc dependency

Compatibility with CRI-O

Kata Containers 3.0.0-rc1 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.0.0-rc1 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 3.0.0-rc1 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 3.0.0-rc1 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.0.0-rc1

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 3.0.0-rc1 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

# Release 2.5.2

2.5.2
4b39dc0
Compare
Choose a tag to compare

kata-containers Changes

Shortlog

5c69eb5 release: Kata Containers 2.5.2
309756d release: Adapt kata-deploy for 2.5.2
a818771 tools: release: fix bogus version check
52993b9 runtime: store the user name in hypervisor config
30a8166 runtime: make StopVM thread-safe
7033c97 runtime: add more debug logs for non-root user operation
e8ec0c4 stable-2.5: fix cargo vendor
d92ada7 kernel: upgrade guest kernel support to 5.19.2
565fdf8 kernel: fix for set_kmem_limit error
f174fac sandbox_test: Add test to verify memory hotplug behavior
928654b sandbox: don't hotplug too much memory at once
1c0e6b4 hypervisor: Add GetTotalMemoryMB to interface
8f40927 kernel: Add CONFIG_CGROUP_HUGETLB=y as part of the cgroup fragments

Compatibility with CRI-O

Kata Containers 2.5.2 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.5.2 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.5.2 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.5.2 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.5.2

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.5.2 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

Kata Containers 3.0.0-rc0

32a9d6d
Compare
Choose a tag to compare
Pre-release

Release 3.0.0-rc0

kata-containers Changes

Shortlog

5835910 release: Kata Containers 3.0.0-rc0
be242a3 release: Adapt kata-deploy for 3.0.0-rc0
156e1c3 runtime-rs: delete some allow(dead_code) attributes
fc9c6f8 kata-types: don't check virtio_fs_daemon for inline-virtio-fs
96c8be7 libs/kata-types: change return type of getting CPU period/quota
2b1d058 runtime-rs: fix host device check pattern
62cf6e6 runtime-rs: remove meaningless comment
84268f8 runtime-rs: update rust runtime roadmap
bcf6bf8 runk: Enable seccomp support by default
36d805f config: add "inline-virtio-fs" as a "shared_fs" type
85b49ce runtime-rs: add README.md
968c2f6 runk: Refactor container builder
b948a8f kernel: fix kernel tarball name for SEV
50f9126 libs/kata-types: replace tabs by spaces in comments
566656b gperf: point URL to mirror site

Compatibility with CRI-O

Kata Containers 3.0.0-rc0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.0.0-rc0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 3.0.0-rc0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 3.0.0-rc0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.0.0-rc0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 3.0.0-rc0 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

# Release 3.0.0-alpha1

3.0.0-alpha1
fe55f6a
Compare
Choose a tag to compare
Pre-release

kata-containers Changes

Major highlights of this release include:

  • Support for io_uring as I/O mechanism for qemu
  • Upgrade to Cloud Hypervisor v26.0
  • Kernel upgrade to 5.19.2
  • Several improvements in cloud-hypervisor support for Intel TDX
  • Support for static resource management functionality in rust runtime
  • Support for hugetlb cgroups in the guest
  • Addition of cargo-deny to scan for vulnerabilities and license issues wrt rust crates.

Shortlog

d23779e Revert "agent: fix unittests for arp neighbors"
d340564 Revert "agent: use rtnetlink's neighbours API to add neighbors"
188d37b kata-deploy: Add debug statement
e879270 runtime-rs: add default agent/runtime/hypervisor for configuration
5f4f5f2 docs: fix unix socket address in agent-ctl doc
41ec711 runtime-rs: split amend_spec function
ff7c78e runtime-rs: static resource mgmt default to false
00f3a6d runtime-rs: make static resource mgmt idiomatic
4a54876 runtime-rs: support static resource management functionality
52bbc3a cargo.lock: update crates to comply with checks
aa581f4 cargo.toml: Add oci to src/libs workplace
7914da7 cargo.tomls: Added Apache 2.0 to cargo.tomls
bed4aab github-actions: Add cargo-deny
373dac2 qemu: Keep passing BUILD_SUFFIX
59e3850 qemu: create no_patches.txt file for SPR-BKC-QEMU-v2.5
54d6d01 qemu: fix tdx qemu tarball directories
9997ab0 sandbox_test: Add test to verify memory hotplug behavior
f390c12 sandbox: don't hotplug too much memory at once
e0142db hypervisor: Add GetTotalMemoryMB to interface
e83b821 docs: Update url in the Developer Guide
0ab49b2 release: Kata Containers 3.0.0-alpha1
b1a8aca versions: Update cni plugins version
749a6a2 docs: Specify language in markdown for syntax highlight
a1fdc08 kernel: Re-work get_tee_kernel()
a658173 kernel: Whitelist cleanup
cce99c5 runtime-rs: delete socket from shim command-line options
c75970b dragonball: add more unit test for config manager
dc32c46 osbuilder: fix ubuntu initrd /dev/ttyS0 hang
cc5f91d osbuilder: add systemd symlinks for kata-agent
731d39d kernel: Add CONFIG_CGROUP_HUGETLB=y as part of the cgroup fragments
f7d41e9 kata-deploy: export CI in the build container
4f90e3c kata-deploy: add dockerbuild/install_yq.sh to gitignore
96d9037 github-actions: Auto-backporting
a355812 runtime-rs: fixed bug on core-sched error handling
591dfa4 runtime-rs: add support for core scheduling
92f7d6b ci: Use versions.yaml for the libseccomp
b535bac runk: Add cli message for init command
c08a863 agent: add some logs for mount operation
c1e3b8f govmm: Refactor qmp functions for adding block device
598884f govmm: Refactor code to get rid of redundant code
00860a7 qmp: Pass aio backend while adding block device
e1b49d7 config: Add block aio as a supported annotation
ed0f1d0 config: Add "block_device_aio" as a config option for qemu
b6cd234 govmm: Add io_uring as AIO type
81cdaf0 govmm: Correct documentation for Linux aio.
763ceeb logging: Replace nix::Error::EINVAL with more descriptive msgs
4ee2b99 kata-deploy: fix threading conflicts
0a6f017 kernel: Ignore CONFIG_SPECULATION_MITIGATIONS for older kernels
6cf16c4 agent-ctl: fix clippy error
4b57c04 runtime-rs: support loading kernel modules in guest vm
dc90eae qemu: Drop unnecessary tdx_guest kernel parameter
d4b6761 clh: Use HVC console with TDX
c0cb3cd clh: Avoid crashing when memory hotplug is not allowed
9f0a57c clh: Increase API and SandboxStop timeouts for TDX
c142fa2 clh: Lift the sharedFS restriction used with TDX
bdf8a57 runk: Move delete logic to libcontainer
a06d819 runtime: cri-o annotations have been moved to podman
ffd1c1f agent-ctl/trace-forwarder: udpate thread_local dependency
69080d7 agent/runk: update regex dependency
e0ec090 runtime-rs: update async-std dependency
326f1cc agent: enrich some error code path
4f53e01 agent: skip test_load_kernel_module if non-root
f508c29 runtime: constify splitIrqChipMachineOptions
2b0587d runtime: VMX is migratible in vm factory case
fa09f0e runtime: remove qemuPaths
a6fbaac runk: add pause/resume commands
8e20150 kernel: fix for set_kmem_limit error
00aadfe kernel: SEV guest kernel upgrade to 5.19.2
0d9d8d6 kernel: upgrade guest kernel support to 5.19.2
57bd3f4 runtime-rs: plug drop-in decoding into config-loading code
87b97b6 runtime-rs: add filesystem-related part of drop-in handling
cf785a1 runtime-rs: add core toml::Value tree merging
09672eb agent: do some rollback works if case of do_create_container failed
8ff5c10 network: Fix error message for setting hardware address on TAP interface
3a597c2 runtime: clh: Use the new 'payload' interface
16baecc runtime: clh: Re-generate the client code
50ea071 versions: Upgrade to Cloud Hypervisor v26.0
fcc1e0c runtime: tracing: End root span at end of trace
78231a3 ci: Update libseccomp version
338c282 dep: update nix dependency
3829ab8 docs: Update CRI-O target link
3474649 libs/test-utils: share test code by create a new crate

Compatibility with CRI-O

Kata Containers 3.0.0-alpha1 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.0.0-alpha1 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 3.0.0-alpha1 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 3.0.0-alpha1 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.0.0-alpha1

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 3.0.0-alpha1 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

# Release 2.5.1

2.5.1
65dd151
Compare
Choose a tag to compare

kata-containers Changes

This releases includes security fixes for rust dependencies.
Cloud-hypervisor has been upgraded tp v26.0.
Rust supported version has been also upgraded to 1.59.0.
CONFIG_CGROUP_HUGETLB was added to the kernel to support hugetlb cgroups.
In addition, some minor bug fixes for hadling container create failures
and tracing were added.

Shortlog

d643743 release: Kata Containers 2.5.1
38801e5 release: Adapt kata-deploy for 2.5.1
8f8b93d kernel: Add CONFIG_CGROUP_HUGETLB=y as part of the cgroup fragments
25b1a52 runtime: tracing: End root span at end of trace
5532930 agent: do some rollback works if case of do_create_container failed
6950569 agent-ctl/trace-forwarder: udpate thread_local dependency
48a94f3 agent/runk: update regex dependency
1a396a1 dep: update nix dependency
0128372 versions: Update kernel to 5.15.63
2e3ae3f agent-ctl: Get rid of compiler warning
14a4551 versions: Upgrade rust supported version to 1.59.0
cd898d2 runtime: clh: Use the new 'payload' interface
e851232 runtime: clh: Re-generate the client code
c0b5ba2 versions: Upgrade to Cloud Hypervisor v26.0

Compatibility with CRI-O

Kata Containers 2.5.1 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.5.1 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.5.1 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.5.1 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.5.1

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.5.1 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

# Release 3.0.0-alpha0

8cd1e50
Compare
Choose a tag to compare
Pre-release

kata-containers Changes

The biggest highlights of the first 3.0 alpha release are the addition of a rustified
runtime and the integrated rust hypervisor (dragonball), contributed by engineers from
Alibaba Cloud and Ant Group. The new runtime will further improve Kata's resource
comsumption, speed, and management simplicity. It is still an on-going work and we
expect it to stablize and mature in the coming few months.

Other new changes include:

  • A new safe-path library to handle path calculation safely for rust components
  • A few new subcommands of runk
  • Support host cgroup v2
  • Support drop-in config files
  • Quite a few dependency updates and bugfixes etc.

Shortlog

3e9077f docs: Update url in containerd documentation
52133ef release: Kata Containers 3.0.0-alpha0
c280d69 runtime-rs: delete route model
caada34 runtime-rs: fix design doc's typo
b61dda4 docs: use curl as default downloader for runtime-rs
ca9d16e runtime-rs: update Cargo.lock
99a7b4f workflow: Revert "static-checks: Allow Merge commit to be >75 chars"
d14e80e workflow: Revert "docs: modify move-issues-to-in-progress.yaml"
1f4b6e6 versions: Update libseccomp version
b828190 Merge pull request #4823 from openanolis/runtime-rs-merge-main-runtime-rs
f791169 Merge pull request #4826 from openanolis/runtime-rs-version
8bbffc4 runtime-rs:update rtnetlink version
e403838 runtim-rs: Merge remote-tracking branch 'origin/main' into runtime-rs
9312511 Merge pull request #4817 from openanolis/runtime-rs-s390x-fail
389ae97 runtime-rs:skip the test when the arch is s390x
945e022 runtime-rs:skip the build process when the arch is s390x
8b0e185 Merge pull request #4784 from openanolis/fix-protocol-ci-err
b337390 Merge pull request #4791 from openanolis/runtime-rs-merge-main-1
7247575 runtime-rs:fix cargo clippy
9803393 runtime-rs: Merge branch 'main' into runtime-rs-merge-main-1
86ac653 libs: fix CI error for protocols
993ae24 Merge pull request #4777 from openanolis/runtime-rs-merge
adfad44 Merge remote-tracking branch 'origin/main' into runtime-rs-merge-tmp
5457deb Merge pull request #4741 from openanolis/fix-stop-failed-in-azure
fa0b11f runtime-rs: fix stdin hang in azure
50b0b7c Merge pull request #4681 from Tim-0731-Hzt/runtime-rs-sharepid
1293357 Merge pull request #4727 from openanolis/anolis-fix-network
71384b6 Merge pull request #4713 from openanolis/adjust_default_vcpu
b314741 runtime-rs:add unit test for set share pid ns
1ef3f8e runtime-rs: set share sandbox pid namespace
57c556a runtime-rs: fix stop failed in azure
3f4dd92 Merge pull request #4702 from openanolis/runtime-rs-endpoint-dev
a3127a0 Merge pull request #4721 from openanolis/install-guide-2
c825065 runtime-rs: fix tc filter setup failed
e0194dc runtime-rs: update route destination with prefix
534a492 Merge pull request #4692 from openanolis/support_disable_guest_seccomp
fa85fd5 docs: add rust environment setup for kata 3.0
896478c runtime-rs: add functionalities support for macvlan and vlan endpoints
43045be runtime-rs: handle default_vcpus greator than default_maxvcpu
54f53d5 runtime-rs: support disable_guest_seccomp
5403038 Merge pull request #4688 from quanweiZhou/fix_sandbox_cgroup_false
7c146a5 Merge pull request #4684 from quanweiZhou/fix-ctr-exit-error
08a6581 Merge pull request #4662 from openanolis/runtime-rs-user-manaul
4331ef8 Runtime-rs: add installation guide for rust-runtime
4c3bd6b Merge pull request #4656 from openanolis/runtime-rs-ipvlan
960f2a7 Merge pull request #4678 from Tim-0731-Hzt/runtime-rs-makefile-2
e9988f0 runtime-rs: fix sandbox_cgroup_only=false panic
cebbebb runtime-rs: fix ctr exit failed
758cc47 Merge pull request #4671 from liubin/4670-upgrade-nix
25be4d0 Merge pull request #4676 from openanolis/xuejun/runtime-rs
62182db runtime-rs: add unit test for ipvlan endpoint
99654ce runtime-rs: update dbs-xxx dependencies
f4c3adf runtime-rs: Add compile option file
545ae3f runtime-rs: fix warning
19eca71 runtime-rs: remove the value of hypervisor path in DB config
d8920b0 runtime-rs: support functionalities of ipvlan endpoint
2b01e9b dragonball: fix warning
996a6b8 kata-sys-util: upgrade nix version
9f49f7a Merge pull request #4493 from openanolis/runtime-rs-dev
3c98952 dragonball: update for review
274598a kata-runtime: add dragonball config check support.
1befbe6 runtime-rs: Cargo lock for fix version problem
3d6156f runtime-rs: support dragonball and runtime-binary
3f6123b libs: update configuration and annotations
f3335c9 Merge pull request #4614 from Tim-0731-Hzt/runtime-rs-merge-main
b424cf3 Merge pull request #4544 from openanolis/anolis/virtio_device_aarch64
d258499 dragonball: fix dependency unused warning
458f6f4 dragonball: use const string for legacy device type
58b0fc4 Merge pull request #4192 from Tim-0731-Hzt/runtime-rs
0826a21 Merge remote-tracking branch 'origin/main' into runtime-rs-1
939959e docs: add Dragonball to hypervisors
f6f96b8 dragonball: add legacy device support for aarch64
7a41839 dragonball: add device info support for aarch64
30da3fb Merge pull request #4515 from openanolis/anolis/dragonball-3
9cee521 fmt: do cargo fmt and add a dependency for blk_dev
47a4142 fs: change vhostuser and virtio into const
e14e98b cpu_topo: add handle_cpu_topology function
5d3b53e downtime: add downtime support
6a1fe85 vfio: add vfio as TODO
5ea35dd refractor: remove redundant by_id
b646d7c config: remove ht_enabled
cb54ac6 memory: remove reserve_memory_bytes
bde6609 hotplug: add room for other hotplug solution
d88b1bf dragonball: update vsock dependency
dd003eb Dragonball: change error name and fix compile error
38957fe UT: fix compile error in unit tests
11b3f95 dragonball: add virtio-fs device support
948381b dragonball: add virtio-net device support
3d20387 dragonball: add virtio-blk device support
87d38ae Doc: add document for Dragonball API
2bb1eea docs: further questions related to upcall
026aaee docs: add FAQ to the report
fffcb81 docs: update the content of the report
42ea854 docs: kata 3.0 Architecture
090de2d dragonball: fix the clippy errors.
a159332 dragonball: add vsock api to api server
89b9ba8 dragonball: add set_vm_configuration api
95fa0c7 dragonball: add start microvm support
5c1ccc3 dragonball: add Vmm struct
4d234f5 dragonball: refactor code layout
cfd5dae dragonball: add vm struct
527b73a dragonball: remove unused feature in AddressSpaceMgr
514b4e7 Merge pull request #4543 from openanolis/anolis/add_vcpu_configure_aarch64
7120afe dragonball: add vcpu test function for aarch64
648d285 dragonball: add vcpu support for aarch64
7dad7c8 dragonball: update dbs-xxx dependency
59cab9e Merge pull request #4380 from Tim-0731-Hzt/rund/makefile
1809325 Merge pull request #4527 from Tim-0731-Hzt/rund-new/netlink
07231b2 runtime-rs:refactor network model with netlink
c8a9052 build: format files
242992e build: put install methods in utils.mk
8a69726 build: makefile for dragonball config
9c52629 runtime-rs:refactor network model with netlink
12c1b9e Merge pull request #4536 from Tim-0731-Hzt/runtime-rs-kata-main
f3907aa runtime-rs:Merge remote-tracking branch 'origin/main' into runtime-rs-newv
badbbcd Merge pull request #4400 from openanolis/anolis/dragonball-2
71db2dd hotplug: add room for future acpi hotplug mechanism
8bb00a3 dragonball: fix a bug when generating kernel boot args
2aedd4d doc: add document for vCPU, api and device
bec22ad dragonball: add api module
07f44c3 dragonball: add vcpu manager
78c9718 dragonball: add upcall support
7d1953b dragonball: add vcpu
468c73b dragonball: add kvm context
98f041e Merge pull request #4486 from openanolis/runtime-rs-merge-main
86123f4 Merge branch 'main' into runtime-rs
e89e650 dragonball: add signal handler
b6cb2c4 dragonball: add metrics system
e80e0c4 dragonball: add io manager wrapper
f23d709 Merge pull request #4265 from openanolis/anolis/dragonball-1
d5ee3fc safe-path: fix clippy warning
93c10df runtime-rs: add crosvm license in Dragonball
dfe6de7 dragonball: add dragonball into kata README
39ff85d dragonball: green ci
71f24d8 dragonball: add Makefile.
a1df6d0 Doc: Update Dragonball Readme and add document for device
8619f2b dragonball: add virtio vsock device manager.
52d42af dragonball: add device manager.
c1c1e51 dragonball: add kernel config.
6850ef9 dragonball: add configuration manager.
0bcb422 dragonball: add legacy devices manager
3c45c07 dragonball: add console manager.
3d38bb3 dragonball: add address space manager.
aff6040 dragonball: add resource manager support.
8835db6 dragonball: initial commit
9cb15ab agent: add the FSGroup support
ff7874b protobuf: upgrade the protobuf version to 2.27.0
06f398a runtime-rs: use withContext to evaluate lazily
fd4c26f runtime-rs: support network resource
4be7185 runtime-rs: runtime part implement
10343b1 runtime-rs: enhance runtimes
9887272 libs: enhance kata-sys-util and kata-types
3ff0db0 runtime-rs: support rootfs volume for resource
234d7bc runtime-rs: support cgroup resource
75e282b runtime-rs: hypervisor base define
bdfee00 runtime-rs: service and runtime framework
4296e30 runtime-rs: agent implements
d3da156 runtime-rs: uint FsType for s390x
e705ee0 runtime-rs: update containerd-shim-protos to 0.2.0
8c0a60e runtime-rs: modify the review suggestion
278f843 runtime-rs: shim implements for runtime-rs
641b736 libs: enhance kata-sys-util
69ba1ae trans: fix the issue of wrong swapness type
d2a9bc6 agent: agent-protocol support async
aee9633 libs/sys-util: provide functions to execute hooks
8509de0 libs/sys-util: add function to detect and update K8s emptyDir volume
6d59e8e libs/sys-util: introduce function to get device id
5300ea2 libs/sys-util: implement reflink_copy()
1d5c898 libs/sys-util: add utilities to parse NUMA information
8788702 libs/sys-util: add utilities to manipulate cgroup
ccd03e2 libs/sys-util: add wrappers for mount and fs
45a00b4 libs/sys-util: add kata-sys-util crate under src/libs
48c201a libs/types: make the variable name easier to understand
b9b6d70 libs/types: modify implementation details
05ad026 libs/types: fix implementation details
d96716b libs/types:fix styles and implementation details
6cffd94 libs/types:return Result to handle parse error
6ae87d9 libs/types: use contains to make code more readable
45e5780 libs/types: fixed spelling and grammer error
2599a06 libs/types:use include_str! in test file
8ffff40 libs/types:Option type to handle empty tomlconfig
6268286 libs/types: add license for test-config.rs
97d8c6c docs: modify move-issues-to-in-progress.yaml
8cdd70f libs/types: change method to update config by annotation
e19d047 libs/types: implement KataConfig to wrap TomlConfig
387ffa9 libs/types: support load Kata agent configuration from file
69f10af libs/types: support load Kata hypervisor configuration from file
21cc02d libs/types: support load Kata runtime configuration from file
5b89c1d libs/types: add kata-types crate under src/libs
4f62a76 libs/logging: fix clippy warnings
6f8acb9 libs: refine Makefile rules
7cdee49 libs/logging: introduce a wrapper writer for logging
426f38d libs/logging: implement rotator for log files
392f1ec libs: convert to a cargo workspace
575df4d static-checks: Allow Merge commit to be >75 chars
2ae807f nydus: wait nydusd API server ready before mounting share fs
8a4e690 versions: Update TD-shim due to build breakage
065305f agent-ctl: Add an empty [workspace]
1444d7c packaging: Create no_patches.txt for the SPR-BKC-PC-v9.6.x
c8d4ea8 docs: Improve SGX documentation
85f4e7c runtime: explicitly mark the source of the log is from qemu.log
d8ad16a runtime: add unlock before return in sendReq
889557e docs: add back host network limitation
230a229 runk: add ps sub-command
e403838 runtim-rs: Merge remote-tracking branch 'origin/main' into runtime-rs
587c0c5 Merge pull request #4820 from cmaf/sgx-update-docs-1
c5452fa docs: Improve SGX documentation
2764bd7 Merge pull request #4770 from justxuewei/refactor/agent/netlink-neighbor
5781211 Merge pull request #4805 from fidencio/topic/bump-tdx-dependencies
869e408 Merge pull request #4810 from fidencio/topic/adjust-final-tarball-location-for-tdvf-and-td-shim
8d1cb1d td-shim: Adjust final tarball location
62f05d4 ovmf: Adjust final tarball location
9972487 versions: Bump Kernel TDX version
c935815 kernel: Sort the TDX configs alphabetically
dd397ff versions: Bump QEMU TDX version
873e75b Merge pull request #4773 from fidencio/topic/build-tdvf
c9b5bde versions: Track and build TDVF
e6a5a51 packaging: Generate a tarball as OVMF build result
42eaf19 packaging: Simplify OVMF repo clone
4d33b05 packaging: Don't hardcode "edk2" as the cloned repo's dir.
81fe51a agent: fix unittests for arp neighbors
845c1c0 agent: use rtnetlink's neighbours API to add neighbors
8bbffc4 runtime-rs:update rtnetlink version
587c0c5 Merge pull request #4820 from cmaf/sgx-update-docs-1
c5452fa docs: Improve SGX documentation
2764bd7 Merge pull request #4770 from justxuewei/refactor/agent/netlink-neighbor
5781211 Merge pull request #4805 from fidencio/topic/bump-tdx-dependencies
869e408 Merge pull request #4810 from fidencio/topic/adjust-final-tarball-location-for-tdvf-and-td-shim
8d1cb1d td-shim: Adjust final tarball location
62f05d4 ovmf: Adjust final tarball location
9972487 versions: Bump Kernel TDX version
c935815 kernel: Sort the TDX configs alphabetically
dd397ff versions: Bump QEMU TDX version
873e75b Merge pull request #4773 from fidencio/topic/build-tdvf
c9b5bde versions: Track and build TDVF
e6a5a51 packaging: Generate a tarball as OVMF build result
42eaf19 packaging: Simplify OVMF repo clone
4d33b05 packaging: Don't hardcode "edk2" as the cloned repo's dir.
81fe51a agent: fix unittests for arp neighbors
845c1c0 agent: use rtnetlink's neighbours API to add neighbors
389ae97 runtime-rs:skip the test when the arch is s390x
945e022 runtime-rs:skip the build process when the arch is s390x
c5452fa docs: Improve SGX documentation
81fe51a agent: fix unittests for arp neighbors
845c1c0 agent: use rtnetlink's neighbours API to add neighbors
9972487 versions: Bump Kernel TDX version
c935815 kernel: Sort the TDX configs alphabetically
dd397ff versions: Bump QEMU TDX version
8d1cb1d td-shim: Adjust final tarball location
62f05d4 ovmf: Adjust final tarball location
86ac653 libs: fix CI error for protocols
7247575 runtime-rs:fix cargo clippy
9803393 runtime-rs: Merge branch 'main' into runtime-rs-merge-main-1
7503bda Merge pull request #4783 from fidencio/topic/build-td-shim
b06bc82 versions: Track and add support for building TD-shim
8d9135a Merge pull request #4765 from ryansavino/ccv0-rust-upgrade
9b1940e versions: update rust version
c9b5bde versions: Track and build TDVF
e6a5a51 packaging: Generate a tarball as OVMF build result
42eaf19 packaging: Simplify OVMF repo clone
4d33b05 packaging: Don't hardcode "edk2" as the cloned repo's dir.
7503bda Merge pull request #4783 from fidencio/topic/build-td-shim
b06bc82 versions: Track and add support for building TD-shim
8d9135a Merge pull request #4765 from ryansavino/ccv0-rust-upgrade
9b1940e versions: update rust version
b06bc82 versions: Track and add support for building TD-shim
9b1940e versions: update rust version
adfad44 Merge remote-tracking branch 'origin/main' into runtime-rs-merge-tmp
0aefab4 Merge pull request #4739 from liubin/fix/4738-trace-rpc-calls
54147db Merge pull request #4170 from Alex-Carter01/build-amdsev-ovmf
638c2c4 static-build: Add AmdSev option for OVMF builder Introduces new build of firmware needed for SEV
f0b58e3 static-build: Add build script for OVMF
a67402c Merge pull request #4397 from yaoyinnan/3073/ftr/host-cgroupv2
229ff29 Merge pull request #4758 from GabyCT/topic/updaterunc
5c3155f runtime: Support for host cgroup v2
4ab45e5 docs: Update support for host cgroupv2
9dfd949 Merge pull request #4646 from amshinde/add-liburing-qemu
326eb2f versions: Update runc version
557229c Merge pull request #4724 from yahaa/fix-docs
1b01ea5 Merge pull request #4735 from nubificus/feature-fc-v1.1
27c8201 Merge pull request #4753 from Tim-Zhang/agent-fix-stream-fd-double-close
6fddf03 Merge pull request #4664 from lifupan/main
f5aa6ae agent: Fix stream fd's double close problem
6e149b4 Docs: fix tables format error
56d49b5 versions: Update Firecracker version to v1.1.0
0e24f47 agent: log RPC calls for debugging
e764a72 Merge pull request #4715 from Tim-Zhang/fix-ut-test_do_write_stream
427b294 Merge pull request #4709 from liubin/fix/4708-unwrap-error
0337377 Merge pull request #4695 from liubin/4694/upgrade-nydus-version
0b4a91e Merge pull request #4644 from bookinabox/optimize-get-paths
68c2655 Merge pull request #4718 from GabyCT/topic/updatefirecrackerversion
df79c8f versions: Update firecracker version
9126415 agent: fix fd-double-close problem in ut test_do_write_stream
0d7cb7e agent: delete agent-type property in announce
eec9ac8 rustjail: check result to let it return early.
402bfa0 nydus: upgrade nydus/nydus-snapshotter version
6d56cdb Merge pull request #4686 from xujunjie-cover/issue4685
72dbd1f kata-monitor: fix can't monitor /run/vc/sbs.
f690b0a qemu: Add liburing to qemu build
d93e4b9 container: kill all of the processes in this container
575b5eb Merge pull request #4506 from cyyzero/runk-exec
9ae2a45 cgroups: remove unnecessary get_paths()
0cc20f0 Merge pull request #4647 from fidencio/topic/fix-clh-crash-when-booting-up-with-no-network-device
418a03a Merge pull request #4639 from fidencio/topic/packaging-rework-qemu-build-suffix
be31207 clh: Don't crash if no network device is set by the upper layer
39974fb Merge pull request #4642 from fidencio/topic/clh-bump-to-v25.0-release
0511812 packaging: Add a "-" in the dir name if $BUILD_DIR is available
dc3b6f6 versions: Update Cloud Hypervisor to v25.0
201ff22 packaging: Use the $BUILD_SUFFIX when renaming the qemu binary
9f0e4bb Merge pull request #4628 from fidencio/topic/rework-tee-kernel-builds
cda1919 Merge pull request #4609 from fidencio/topic/kata-deploy-simplify-config-path-handling
1a25afc kernel: Allow passing the URL to download the tarball
0024b8d Merge pull request #4617 from Yuan-Zhuo/main
80c68b8 kernel: Deduplicate code used for building TEE kernels
f7ccf92 kata-deploy: Rely on the configured config path
386a523 kata-deploy: Pass the config path to CRI-O
13df57c build: save lines for repository_owner check
f59939a runk: Support exec sub-command
0aefab4 Merge pull request #4739 from liubin/fix/4738-trace-rpc-calls
54147db Merge pull request #4170 from Alex-Carter01/build-amdsev-ovmf
638c2c4 static-build: Add AmdSev option for OVMF builder Introduces new build of firmware needed for SEV
f0b58e3 static-build: Add build script for OVMF
a67402c Merge pull request #4397 from yaoyinnan/3073/ftr/host-cgroupv2
229ff29 Merge pull request #4758 from GabyCT/topic/updaterunc
5c3155f runtime: Support for host cgroup v2
4ab45e5 docs: Update support for host cgroupv2
9dfd949 Merge pull request #4646 from amshinde/add-liburing-qemu
326eb2f versions: Update runc version
557229c Merge pull request #4724 from yahaa/fix-docs
1b01ea5 Merge pull request #4735 from nubificus/feature-fc-v1.1
27c8201 Merge pull request #4753 from Tim-Zhang/agent-fix-stream-fd-double-close
6fddf03 Merge pull request #4664 from lifupan/main
f5aa6ae agent: Fix stream fd's double close problem
6e149b4 Docs: fix tables format error
56d49b5 versions: Update Firecracker version to v1.1.0
0e24f47 agent: log RPC calls for debugging
e764a72 Merge pull request #4715 from Tim-Zhang/fix-ut-test_do_write_stream
427b294 Merge pull request #4709 from liubin/fix/4708-unwrap-error
0337377 Merge pull request #4695 from liubin/4694/upgrade-nydus-version
0b4a91e Merge pull request #4644 from bookinabox/optimize-get-paths
68c2655 Merge pull request #4718 from GabyCT/topic/updatefirecrackerversion
df79c8f versions: Update firecracker version
9126415 agent: fix fd-double-close problem in ut test_do_write_stream
0d7cb7e agent: delete agent-type property in announce
eec9ac8 rustjail: check result to let it return early.
402bfa0 nydus: upgrade nydus/nydus-snapshotter version
6d56cdb Merge pull request #4686 from xujunjie-cover/issue4685
72dbd1f kata-monitor: fix can't monitor /run/vc/sbs.
f690b0a qemu: Add liburing to qemu build
d93e4b9 container: kill all of the processes in this container
575b5eb Merge pull request #4506 from cyyzero/runk-exec
9ae2a45 cgroups: remove unnecessary get_paths()
0cc20f0 Merge pull request #4647 from fidencio/topic/fix-clh-crash-when-booting-up-with-no-network-device
418a03a Merge pull request #4639 from fidencio/topic/packaging-rework-qemu-build-suffix
be31207 clh: Don't crash if no network device is set by the upper layer
39974fb Merge pull request #4642 from fidencio/topic/clh-bump-to-v25.0-release
0511812 packaging: Add a "-" in the dir name if $BUILD_DIR is available
dc3b6f6 versions: Update Cloud Hypervisor to v25.0
201ff22 packaging: Use the $BUILD_SUFFIX when renaming the qemu binary
9f0e4bb Merge pull request #4628 from fidencio/topic/rework-tee-kernel-builds
cda1919 Merge pull request #4609 from fidencio/topic/kata-deploy-simplify-config-path-handling
1a25afc kernel: Allow passing the URL to download the tarball
0024b8d Merge pull request #4617 from Yuan-Zhuo/main
80c68b8 kernel: Deduplicate code used for building TEE kernels
f7ccf92 kata-deploy: Rely on the configured config path
386a523 kata-deploy: Pass the config path to CRI-O
13df57c build: save lines for repository_owner check
f59939a runk: Support exec sub-command
0e24f47 agent: log RPC calls for debugging
fa0b11f runtime-rs: fix stdin hang in azure
57c556a runtime-rs: fix stop failed in azure
638c2c4 static-build: Add AmdSev option for OVMF builder Introduces new build of firmware needed for SEV
f0b58e3 static-build: Add build script for OVMF
5c3155f runtime: Support for host cgroup v2
4ab45e5 docs: Update support for host cgroupv2
326eb2f versions: Update runc version
f690b0a qemu: Add liburing to qemu build
b314741 runtime-rs:add unit test for set share pid ns
1ef3f8e runtime-rs: set share sandbox pid namespace
6e149b4 Docs: fix tables format error
56d49b5 versions: Update Firecracker version to v1.1.0
f5aa6ae agent: Fix stream fd's double close problem
d93e4b9 container: kill all of the processes in this container
c825065 runtime-rs: fix tc filter setup failed
e0194dc runtime-rs: update route destination with prefix
43045be runtime-rs: handle default_vcpus greator than default_maxvcpu
9126415 agent: fix fd-double-close problem in ut test_do_write_stream
896478c runtime-rs: add functionalities support for macvlan and vlan endpoints
fa85fd5 docs: add rust environment setup for kata 3.0
0d7cb7e agent: delete agent-type property in announce
eec9ac8 rustjail: check result to let it return early.
402bfa0 nydus: upgrade nydus/nydus-snapshotter version
54f53d5 runtime-rs: support disable_guest_seccomp
9ae2a45 cgroups: remove unnecessary get_paths()
df79c8f versions: Update firecracker version
72dbd1f kata-monitor: fix can't monitor /run/vc/sbs.
e9988f0 runtime-rs: fix sandbox_cgroup_only=false panic
cebbebb runtime-rs: fix ctr exit failed
4331ef8 Runtime-rs: add installation guide for rust-runtime
62182db runtime-rs: add unit test for ipvlan endpoint
d8920b0 runtime-rs: support functionalities of ipvlan endpoint
19eca71 runtime-rs: remove the value of hypervisor path in DB config
996a6b8 kata-sys-util: upgrade nix version
99654ce runtime-rs: update dbs-xxx dependencies
f4c3adf runtime-rs: Add compile option file
545ae3f runtime-rs: fix warning
2b01e9b dragonball: fix warning
f59939a runk: Support exec sub-command
3c98952 dragonball: update for review
274598a kata-runtime: add dragonball config check support.
1befbe6 runtime-rs: Cargo lock for fix version problem
3d6156f runtime-rs: support dragonball and runtime-binary
3f6123b libs: update configuration and annotations
be31207 clh: Don't crash if no network device is set by the upper layer
0511812 packaging: Add a "-" in the dir name if $BUILD_DIR is available
201ff22 packaging: Use the $BUILD_SUFFIX when renaming the qemu binary
dc3b6f6 versions: Update Cloud Hypervisor to v25.0
0826a21 Merge remote-tracking branch 'origin/main' into runtime-rs-1
46fd7ce Merge pull request #4595 from amshinde/fix-clh-tarball-build
33360f1 Merge pull request #4600 from ManaSugi/fix/selinux-hypervisor-config
f36bc8b Merge pull request #4616 from GabyCT/topic/updatecontainerddoc
57c2d8b docs: Update URL links for containerd documentation
e57a1c8 build: Mark git repos as safe for build
ee3f555 Merge pull request #4606 from liubin/fix/4605-delete-cri-containerd-plugin
c09634d Merge pull request #4592 from fidencio/revert-kata-deploy-changes-after-2.5.0-rc0-release
2551924 docs: delete CRI containerd plugin statement
bee7915 Merge pull request #4533 from bookinabox/simplify-nproc
efdb923 build: Fix clh source build as normal user
0e40ecf tools/snap: simplify nproc
be68cf0 Merge pull request #4597 from bergwolf/github/action
4d89476 runtime: Fix DisableSelinux config
ac91fb7 Merge pull request #4591 from fidencio/2.5.0-rc0-branch-bump
3bafafe action: extend commit message line limit to 150 bytes
5010c64 release: Revert kata-deploy changes after 2.5.0-rc0 release
2d29791 release: Kata Containers 2.5.0-rc0
f4eea83 release: Adapt kata-deploy for 2.5.0-rc0
071dd4c Merge pull request #4109 from pmores/drop-in-cfg-files-support
d9e868f Merge pull request #4479 from quanweiZhou/enhance-get-handled-signal
b33ad7e Merge pull request #4574 from jelipo/fix-serde-serializing
0189738 Merge pull request #4576 from ManaSugi/fix/oci-poststart-hook
cd2d8c6 Merge pull request #4580 from ManaSugi/fix/replace-libc-with-nix
a1de394 Merge pull request #4550 from liubin/fix/4548-overwrite-mount-type-for-bind-mount
44ec968 Merge pull request #4573 from amshinde/unsafe-repo-runtime-shimv2
0ddb34a oci: fix serde skip serializing condition
fbb2e9b agent: Replace some libc functions with nix ones
acd3302 agent: Run OCI poststart hooks after a container is launched
635fa54 Merge pull request #4560 from bookinabox/update-commit-message-check
1f363a3 runtime: overwrite mount type to bind for bind mounts
4e48509 build: Set safe.directory for runtime repo
c29038a Merge pull request #4562 from ManaSugi/git-safe-repo
02a51e7 Merge pull request #4554 from liubin/fix/delete-not-used-console-from-container-config
aa561b4 Merge pull request #4540 from fidencio/topic/default_maxmemory
48ccd42 ci: Set safe.directory against tests repository
2a4fbd6 agent: enhance get handled signal
433816c ci/cd: update check-commit-message
2a94261 Merge pull request #4549 from liubin/fix/4419-set-status-if-wait-process-failed
1e12d56 Merge pull request #4469 from egernst/config-validation-refactor
a5a25ed runtime: delete Console from Cmd type
96553e8 runtime: Add documentation of drop-in config file fragments
c656457 runtime: Add tests of drop-in config file decoding
99f5ca8 runtime: Plug drop-in decoding into decodeConfig()
0f9856c runtime: Scan drop-in directory, read files and decode them
2c1efcc runtime: Add helpers to copy fields between tomlConfig instances
20f1187 runtime: Add framework to manipulate config structs via reflection
ab5f1c9 shim: set a non-zero return code if the wait process call failed.
e5be5cb runtime: device: cleanup outdated comments
5f936f2 virtcontainers: config validation is host specific
3232714 virtcontainers: Remove unused function
0939f51 config: Expose default_maxmemory
58ff2bd clh,qemu: Adapt to using default_maxmemory
ad05523 Merge pull request #4547 from GabyCT/topic/removeunuseddocker
b2c0387 Merge pull request #4130 from surajssd/add-cgroup-driver-info
1a78c3d packaging: Remove unused kata docker configure script
afdc960 hypervisor: Add default_maxmemory configuration
bdf5e52 virtcontainers: validate hypervisor config outside of hypervisor itself
469e098 katautils: don't do validation when loading hypervisor config
0e2459d docs: Add cgroupDriver for containerd
1a25afc kernel: Allow passing the URL to download the tarball
80c68b8 kernel: Deduplicate code used for building TEE kernels
d258499 dragonball: fix dependency unused warning
458f6f4 dragonball: use const string for legacy device type
f6f96b8 dragonball: add legacy device support for aarch64
7a41839 dragonball: add device info support for aarch64
f7ccf92 kata-deploy: Rely on the configured config path
386a523 kata-deploy: Pass the config path to CRI-O
13df57c build: save lines for repository_owner check
939959e docs: add Dragonball to hypervisors
2bb1eea docs: further questions related to upcall
026aaee docs: add FAQ to the report
fffcb81 docs: update the content of the report
42ea854 docs: kata 3.0 Architecture
46fd7ce Merge pull request #4595 from amshinde/fix-clh-tarball-build
33360f1 Merge pull request #4600 from ManaSugi/fix/selinux-hypervisor-config
f36bc8b Merge pull request #4616 from GabyCT/topic/updatecontainerddoc
57c2d8b docs: Update URL links for containerd documentation
e57a1c8 build: Mark git repos as safe for build
ee3f555 Merge pull request #4606 from liubin/fix/4605-delete-cri-containerd-plugin
c09634d Merge pull request #4592 from fidencio/revert-kata-deploy-changes-after-2.5.0-rc0-release
2551924 docs: delete CRI containerd plugin statement
bee7915 Merge pull request #4533 from bookinabox/simplify-nproc
efdb923 build: Fix clh source build as normal user
0e40ecf tools/snap: simplify nproc
be68cf0 Merge pull request #4597 from bergwolf/github/action
4d89476 runtime: Fix DisableSelinux config
ac91fb7 Merge pull request #4591 from fidencio/2.5.0-rc0-branch-bump
3bafafe action: extend commit message line limit to 150 bytes
5010c64 release: Revert kata-deploy changes after 2.5.0-rc0 release
2d29791 release: Kata Containers 2.5.0-rc0
f4eea83 release: Adapt kata-deploy for 2.5.0-rc0
071dd4c Merge pull request #4109 from pmores/drop-in-cfg-files-support
d9e868f Merge pull request #4479 from quanweiZhou/enhance-get-handled-signal
b33ad7e Merge pull request #4574 from jelipo/fix-serde-serializing
0189738 Merge pull request #4576 from ManaSugi/fix/oci-poststart-hook
cd2d8c6 Merge pull request #4580 from ManaSugi/fix/replace-libc-with-nix
a1de394 Merge pull request #4550 from liubin/fix/4548-overwrite-mount-type-for-bind-mount
44ec968 Merge pull request #4573 from amshinde/unsafe-repo-runtime-shimv2
0ddb34a oci: fix serde skip serializing condition
fbb2e9b agent: Replace some libc functions with nix ones
acd3302 agent: Run OCI poststart hooks after a container is launched
635fa54 Merge pull request #4560 from bookinabox/update-commit-message-check
1f363a3 runtime: overwrite mount type to bind for bind mounts
4e48509 build: Set safe.directory for runtime repo
c29038a Merge pull request #4562 from ManaSugi/git-safe-repo
02a51e7 Merge pull request #4554 from liubin/fix/delete-not-used-console-from-container-config
aa561b4 Merge pull request #4540 from fidencio/topic/default_maxmemory
48ccd42 ci: Set safe.directory against tests repository
2a4fbd6 agent: enhance get handled signal
433816c ci/cd: update check-commit-message
2a94261 Merge pull request #4549 from liubin/fix/4419-set-status-if-wait-process-failed
1e12d56 Merge pull request #4469 from egernst/config-validation-refactor
a5a25ed runtime: delete Console from Cmd type
96553e8 runtime: Add documentation of drop-in config file fragments
c656457 runtime: Add tests of drop-in config file decoding
99f5ca8 runtime: Plug drop-in decoding into decodeConfig()
0f9856c runtime: Scan drop-in directory, read files and decode them
2c1efcc runtime: Add helpers to copy fields between tomlConfig instances
20f1187 runtime: Add framework to manipulate config structs via reflection
ab5f1c9 shim: set a non-zero return code if the wait process call failed.
e5be5cb runtime: device: cleanup outdated comments
5f936f2 virtcontainers: config validation is host specific
3232714 virtcontainers: Remove unused function
0939f51 config: Expose default_maxmemory
58ff2bd clh,qemu: Adapt to using default_maxmemory
ad05523 Merge pull request #4547 from GabyCT/topic/removeunuseddocker
b2c0387 Merge pull request #4130 from surajssd/add-cgroup-driver-info
1a78c3d packaging: Remove unused kata docker configure script
afdc960 hypervisor: Add default_maxmemory configuration
bdf5e52 virtcontainers: validate hypervisor config outside of hypervisor itself
469e098 katautils: don't do validation when loading hypervisor config
0e2459d docs: Add cgroupDriver for containerd
e57a1c8 build: Mark git repos as safe for build
efdb923 build: Fix clh source build as normal user
9cee521 fmt: do cargo fmt and add a dependency for blk_dev
47a4142 fs: change vhostuser and virtio into const
e14e98b cpu_topo: add handle_cpu_topology function
5d3b53e downtime: add downtime support
6a1fe85 vfio: add vfio as TODO
5ea35dd refractor: remove redundant by_id
b646d7c config: remove ht_enabled
cb54ac6 memory: remove reserve_memory_bytes
bde6609 hotplug: add room for other hotplug solution
d88b1bf dragonball: update vsock dependency
dd003eb Dragonball: change error name and fix compile error
38957fe UT: fix compile error in unit tests
11b3f95 dragonball: add virtio-fs device support
948381b dragonball: add virtio-net device support
3d20387 dragonball: add virtio-blk device support
87d38ae Doc: add document for Dragonball API
090de2d dragonball: fix the clippy errors.
a159332 dragonball: add vsock api to api server
89b9ba8 dragonball: add set_vm_configuration api
95fa0c7 dragonball: add start microvm support
5c1ccc3 dragonball: add Vmm struct
4d234f5 dragonball: refactor code layout
cfd5dae dragonball: add vm struct
527b73a dragonball: remove unused feature in AddressSpaceMgr
4d89476 runtime: Fix DisableSelinux config
57c2d8b docs: Update URL links for containerd documentation
2551924 docs: delete CRI containerd plugin statement
5010c64 release: Revert kata-deploy changes after 2.5.0-rc0 release
0e40ecf tools/snap: simplify nproc
3bafafe action: extend commit message line limit to 150 bytes
7120afe dragonball: add vcpu test function for aarch64
648d285 dragonball: add vcpu support for aarch64
7dad7c8 dragonball: update dbs-xxx dependency
c8a9052 build: format files
242992e build: put install methods in utils.mk
8a69726 build: makefile for dragonball config
07231b2 runtime-rs:refactor network model with netlink
9c52629 runtime-rs:refactor network model with netlink
f3907aa runtime-rs:Merge remote-tracking branch 'origin/main' into runtime-rs-newv
916ffb7 Merge pull request #4432 from liubin/fix/4420-binary-log
4e30e11 shim: support shim v2 logging plugin
27b1bb5 Merge pull request #4467 from egernst/device-pkg
e32bf53 device: deduplicate state structures
f97d9b4 runtime: device/persist: drop persist dependency from device pkgs
f9e96c6 runtime: device: move to top level package
3880e0c agent: refactor reading file timing for debugging
2488a0f Merge pull request #4439 from amshinde/update-kernel-to-5.15.46
083ca5f Merge pull request #4505 from yoheiueda/agent-debug-build
03fca8b Merge pull request #4526 from fidencio/topic/fix-clippy-warnings-and-update-agent-vendored-code
c70d3a2 agent: Update the dependencies
612fd79 random: Fix "nonminimal-bool" clippy warning
d4417f2 netlink: Fix "or-fun-call" clippy warnings
93874cb packaging: Restrict kernel patches applied to top-level dir
07b1367 versions: Update kernel to latest LTS version 5.15.48
133528d Merge pull request #4503 from amshinde/multi-queue-block
f186a52 Merge pull request #4511 from fidencio/topic/add-config-efi-to-the-tdx-kernel
1b7d36f agent: Allow BUILD_TYPE=debug
9ff10c0 kernel: Add CONFIG_EFI=y as part of the TDX fragments
78e27de Merge pull request #4358 from zvonkok/memreserve
e227b4c block: Leverage multiqueue for virtio-block
7204935 Merge pull request #4288 from fengwang666/enable-qemu-sandbox
8eac22a Merge pull request #4495 from Amulyam24/snap-fix
e7e7dc9 runtime: Add heuristic to get the right value(s) for mem-reserve
e422730 Merge pull request #4497 from GabyCT/topic/removeunusedref
e11fcf7 Merge pull request #4168 from Champ-Goblem/patch/fix-chronyd-failure-on-boot
c7dd10e packaging: Remove unused publish kata image script
0bbbe70 snap: fix snap build on ppc64le
6fd4008 Merge pull request #4484 from cmaf/tracing-update-rootspan-name
2c1b68d Merge pull request #4481 from zvonkok/fix-action
ef925d4 runtime: enable sandbox feature on qemu
2899530 tracing: Remove whitespace from root span
9941588 workflow: Removing man-db, workflow kept failing
1b7fd19 rootfs: Fix chronyd.service failing on boot
916ffb7 Merge pull request #4432 from liubin/fix/4420-binary-log
4e30e11 shim: support shim v2 logging plugin
27b1bb5 Merge pull request #4467 from egernst/device-pkg
e32bf53 device: deduplicate state structures
f97d9b4 runtime: device/persist: drop persist dependency from device pkgs
f9e96c6 runtime: device: move to top level package
3880e0c agent: refactor reading file timing for debugging
2488a0f Merge pull request #4439 from amshinde/update-kernel-to-5.15.46
083ca5f Merge pull request #4505 from yoheiueda/agent-debug-build
03fca8b Merge pull request #4526 from fidencio/topic/fix-clippy-warnings-and-update-agent-vendored-code
c70d3a2 agent: Update the dependencies
612fd79 random: Fix "nonminimal-bool" clippy warning
d4417f2 netlink: Fix "or-fun-call" clippy warnings
93874cb packaging: Restrict kernel patches applied to top-level dir
07b1367 versions: Update kernel to latest LTS version 5.15.48
133528d Merge pull request #4503 from amshinde/multi-queue-block
f186a52 Merge pull request #4511 from fidencio/topic/add-config-efi-to-the-tdx-kernel
1b7d36f agent: Allow BUILD_TYPE=debug
9ff10c0 kernel: Add CONFIG_EFI=y as part of the TDX fragments
78e27de Merge pull request #4358 from zvonkok/memreserve
e227b4c block: Leverage multiqueue for virtio-block
7204935 Merge pull request #4288 from fengwang666/enable-qemu-sandbox
8eac22a Merge pull request #4495 from Amulyam24/snap-fix
e7e7dc9 runtime: Add heuristic to get the right value(s) for mem-reserve
e422730 Merge pull request #4497 from GabyCT/topic/removeunusedref
e11fcf7 Merge pull request #4168 from Champ-Goblem/patch/fix-chronyd-failure-on-boot
c7dd10e packaging: Remove unused publish kata image script
0bbbe70 snap: fix snap build on ppc64le
6fd4008 Merge pull request #4484 from cmaf/tracing-update-rootspan-name
2c1b68d Merge pull request #4481 from zvonkok/fix-action
ef925d4 runtime: enable sandbox feature on qemu
2899530 tracing: Remove whitespace from root span
9941588 workflow: Removing man-db, workflow kept failing
1b7fd19 rootfs: Fix chronyd.service failing on boot
71db2dd hotplug: add room for future acpi hotplug mechanism
8bb00a3 dragonball: fix a bug when generating kernel boot args
2aedd4d doc: add document for vCPU, api and device
bec22ad dragonball: add api module
07f44c3 dragonball: add vcpu manager
78c9718 dragonball: add upcall support
7d1953b dragonball: add vcpu
468c73b dragonball: add kvm context
e89e650 dragonball: add signal handler
b6cb2c4 dragonball: add metrics system
e80e0c4 dragonball: add io manager wrapper
86123f4 Merge branch 'main' into runtime-rs
f30fe86 Merge pull request #4456 from Bevisy/fixIssue4454
553ec46 Merge pull request #4436 from alex-matei/fix/sandbox-mem-overflow
0d33b28 Merge pull request #4459 from jodh-intel/snap-fix-cli-options
9766a28 Merge pull request #4422 from snir911/dependabot_bumps
90a7763 snap: Fix debug cli option
d06dd8f Merge pull request #4312 from fidencio/topic/pass-the-tuntap-fd-to-clh
a305baf docs: Update outdated URLs and keep them available
185360c Merge pull request #4452 from GabyCT/topic/updatedeveloperguide
db2a4d6 Merge pull request #4441 from liubin/fix/refactor-reading-mountstat-log
bee7703 docs: Update containerd url link
ac5dbd8 clh: Improve logging related to the net dev addition
0b75522 network: Set queues to 1 to ensure we get the network fds
93b61e0 network: Add FFI_NO_PI to the netlink flags
bf3ddc1 clh: Pass the tuntap fds down to Cloud Hypervisor
55ed32e clh: Take care of the VmAdNetdPut request ourselves
01fe09a clh: Hotplug the network devices
2e07538 clh: Expose VmAddNetPut
c84a425 Merge pull request #4442 from openanolis/anolis/fix_safepath_clippy
1d5448f Merge pull request #4180 from Alex-Carter01/build-kernel-efi-secret
a80eb33 Merge pull request #4308 from fidencio/topic/virtiofsd-switch-to-using-the-rust-version-on-all-arches
81acfc1 Merge pull request #4425 from liubin/fix/4376-change-log-level-of-getoomevent
9b93db0 Merge pull request #4417 from jodh-intel/docs-monitor-considerations
1ef0b7d runtime: Switch to using the rust version of virtiofsd (all but power)
bb26bd7 safe-path: fix clippy warning
1a5ba31 agent: refactor reading file timing for debugging
721ca72 runtime: fix error when trying to parse sandbox sizing annotations
aefe11b Merge pull request #4331 from dgibson/config-enable-iommu-annotation
7deb87d Merge pull request #4434 from fidencio/topic/bump-virtiofsd-release
f811c8b Merge pull request #4431 from jodh-intel/docs-arch-storage-limits
9773838 virtiofsd: export env vars needed for building it
b0e090f versions: Bump virtiofsd to v1.3.0
db5048d kernel: build efi_secret module for SEV
1b84597 docs: Add storage limits to arch doc
4124413 docs: Add more kata monitor details
eff4e10 shim: change the log level for GetOOMEvent call failures
5d7fb7b build(deps): bump github.com/containerd/containerd in /src/runtime
d0ca2fc build(deps): bump crossbeam-utils in /src/tools/trace-forwarder
a60dcff build(deps): bump regex from 1.5.4 to 1.5.6 in /src/tools/agent-ctl
dbf5067 build(deps): bump crossbeam-utils in /src/tools/agent-ctl
8e2847b build(deps): bump crossbeam-utils from 0.8.6 to 0.8.8 in /src/libs
e9ada16 build(deps): bump regex from 1.5.4 to 1.5.5 in /src/agent
adad9ce build(deps): bump crossbeam-utils from 0.8.5 to 0.8.8 in /src/agent
8f10e13 config: Allow enable_iommu pod annotation by default
f30fe86 Merge pull request #4456 from Bevisy/fixIssue4454
553ec46 Merge pull request #4436 from alex-matei/fix/sandbox-mem-overflow
0d33b28 Merge pull request #4459 from jodh-intel/snap-fix-cli-options
9766a28 Merge pull request #4422 from snir911/dependabot_bumps
90a7763 snap: Fix debug cli option
d06dd8f Merge pull request #4312 from fidencio/topic/pass-the-tuntap-fd-to-clh
a305baf docs: Update outdated URLs and keep them available
185360c Merge pull request #4452 from GabyCT/topic/updatedeveloperguide
db2a4d6 Merge pull request #4441 from liubin/fix/refactor-reading-mountstat-log
bee7703 docs: Update containerd url link
ac5dbd8 clh: Improve logging related to the net dev addition
0b75522 network: Set queues to 1 to ensure we get the network fds
93b61e0 network: Add FFI_NO_PI to the netlink flags
bf3ddc1 clh: Pass the tuntap fds down to Cloud Hypervisor
55ed32e clh: Take care of the VmAdNetdPut request ourselves
01fe09a clh: Hotplug the network devices
2e07538 clh: Expose VmAddNetPut
c84a425 Merge pull request #4442 from openanolis/anolis/fix_safepath_clippy
1d5448f Merge pull request #4180 from Alex-Carter01/build-kernel-efi-secret
a80eb33 Merge pull request #4308 from fidencio/topic/virtiofsd-switch-to-using-the-rust-version-on-all-arches
81acfc1 Merge pull request #4425 from liubin/fix/4376-change-log-level-of-getoomevent
9b93db0 Merge pull request #4417 from jodh-intel/docs-monitor-considerations
1ef0b7d runtime: Switch to using the rust version of virtiofsd (all but power)
bb26bd7 safe-path: fix clippy warning
1a5ba31 agent: refactor reading file timing for debugging
721ca72 runtime: fix error when trying to parse sandbox sizing annotations
aefe11b Merge pull request #4331 from dgibson/config-enable-iommu-annotation
7deb87d Merge pull request #4434 from fidencio/topic/bump-virtiofsd-release
f811c8b Merge pull request #4431 from jodh-intel/docs-arch-storage-limits
9773838 virtiofsd: export env vars needed for building it
b0e090f versions: Bump virtiofsd to v1.3.0
db5048d kernel: build efi_secret module for SEV
1b84597 docs: Add storage limits to arch doc
4124413 docs: Add more kata monitor details
eff4e10 shim: change the log level for GetOOMEvent call failures
5d7fb7b build(deps): bump github.com/containerd/containerd in /src/runtime
d0ca2fc build(deps): bump crossbeam-utils in /src/tools/trace-forwarder
a60dcff build(deps): bump regex from 1.5.4 to 1.5.6 in /src/tools/agent-ctl
dbf5067 build(deps): bump crossbeam-utils in /src/tools/agent-ctl
8e2847b build(deps): bump crossbeam-utils from 0.8.6 to 0.8.8 in /src/libs
e9ada16 build(deps): bump regex from 1.5.4 to 1.5.5 in /src/agent
adad9ce build(deps): bump crossbeam-utils from 0.8.5 to 0.8.8 in /src/agent
8f10e13 config: Allow enable_iommu pod annotation by default
d5ee3fc safe-path: fix clippy warning
93c10df runtime-rs: add crosvm license in Dragonball
dfe6de7 dragonball: add dragonball into kata README
39ff85d dragonball: green ci
71f24d8 dragonball: add Makefile.
a1df6d0 Doc: Update Dragonball Readme and add document for device
8619f2b dragonball: add virtio vsock device manager.
52d42af dragonball: add device manager.
c1c1e51 dragonball: add kernel config.
6850ef9 dragonball: add configuration manager.
0bcb422 dragonball: add legacy devices manager
3c45c07 dragonball: add console manager.
3d38bb3 dragonball: add address space manager.
aff6040 dragonball: add resource manager support.
8835db6 dragonball: initial commit

Compatibility with CRI-O

Kata Containers 3.0.0-alpha0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.0.0-alpha0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 3.0.0-alpha0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 3.0.0-alpha0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.0.0-alpha0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 3.0.0-alpha0 suggest to use the Linux kernel v5.15.48
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

# Release 2.5.0

94c7f6e
Compare
Choose a tag to compare

kata-containers Changes

Feature highlights include:

  • Firecracker has been updated to v1.1.0
  • Nydus has been updated to v2.1.0-alpha.4
  • Cloud Hypervisor has been updated to v25.0
  • Support containerd shimv2 logging plugin
  • Support virtio-block multiqueue
  • Support QEMU sandbox feature
  • Switch to rust version virtiofsd
  • Support core scheduling with containerd
  • kata-runtime iptables subcommand to manipulate iptables in the guest
  • A few new subcommands for runk
  • Support direct-assigned volumes
  • Many bugfix, CI and packaging improvements.

Shortlog

da875e7 release: Kata Containers 2.5.0
05b2096 release: Adapt kata-deploy for 2.5.0
1b93015 build: Fix clh source build as normal user
01c889f runtime: Fix DisableSelinux config
59bd5c2 container: kill all of the processes in this container
22c005f nydus: upgrade nydus/nydus-snapshotter version
8220e54 runtime: add unlock before return in sendReq
4f0ca40 versions: Update Firecracker version to v1.1.0
da24fd8 clh: Don't crash if no network device is set by the upper layer
ed25d2c versions: Update Cloud Hypervisor to v25.0
dfc1413 action: extend commit message line limit to 150 bytes
2d29791 release: Kata Containers 2.5.0-rc0
f4eea83 release: Adapt kata-deploy for 2.5.0-rc0
96553e8 runtime: Add documentation of drop-in config file fragments
c656457 runtime: Add tests of drop-in config file decoding
99f5ca8 runtime: Plug drop-in decoding into decodeConfig()
0f9856c runtime: Scan drop-in directory, read files and decode them
2c1efcc runtime: Add helpers to copy fields between tomlConfig instances
20f1187 runtime: Add framework to manipulate config structs via reflection
2a4fbd6 agent: enhance get handled signal
0ddb34a oci: fix serde skip serializing condition
acd3302 agent: Run OCI poststart hooks after a container is launched
fbb2e9b agent: Replace some libc functions with nix ones
1f363a3 runtime: overwrite mount type to bind for bind mounts
4e48509 build: Set safe.directory for runtime repo
433816c ci/cd: update check-commit-message
48ccd42 ci: Set safe.directory against tests repository
a5a25ed runtime: delete Console from Cmd type
3232714 virtcontainers: Remove unused function
0939f51 config: Expose default_maxmemory
58ff2bd clh,qemu: Adapt to using default_maxmemory
afdc960 hypervisor: Add default_maxmemory configuration
ab5f1c9 shim: set a non-zero return code if the wait process call failed.
e5be5cb runtime: device: cleanup outdated comments
5f936f2 virtcontainers: config validation is host specific
bdf5e52 virtcontainers: validate hypervisor config outside of hypervisor itself
469e098 katautils: don't do validation when loading hypervisor config
1a78c3d packaging: Remove unused kata docker configure script
0e2459d docs: Add cgroupDriver for containerd
4e30e11 shim: support shim v2 logging plugin
e32bf53 device: deduplicate state structures
f97d9b4 runtime: device/persist: drop persist dependency from device pkgs
f9e96c6 runtime: device: move to top level package
3880e0c agent: refactor reading file timing for debugging
93874cb packaging: Restrict kernel patches applied to top-level dir
07b1367 versions: Update kernel to latest LTS version 5.15.48
1b7d36f agent: Allow BUILD_TYPE=debug
c70d3a2 agent: Update the dependencies
612fd79 random: Fix "nonminimal-bool" clippy warning
d4417f2 netlink: Fix "or-fun-call" clippy warnings
e227b4c block: Leverage multiqueue for virtio-block
9ff10c0 kernel: Add CONFIG_EFI=y as part of the TDX fragments
e7e7dc9 runtime: Add heuristic to get the right value(s) for mem-reserve
ef925d4 runtime: enable sandbox feature on qemu
0bbbe70 snap: fix snap build on ppc64le
c7dd10e packaging: Remove unused publish kata image script
1b7fd19 rootfs: Fix chronyd.service failing on boot
2899530 tracing: Remove whitespace from root span
9941588 workflow: Removing man-db, workflow kept failing
a305baf docs: Update outdated URLs and keep them available
721ca72 runtime: fix error when trying to parse sandbox sizing annotations
90a7763 snap: Fix debug cli option
5d7fb7b build(deps): bump github.com/containerd/containerd in /src/runtime
d0ca2fc build(deps): bump crossbeam-utils in /src/tools/trace-forwarder
a60dcff build(deps): bump regex from 1.5.4 to 1.5.6 in /src/tools/agent-ctl
dbf5067 build(deps): bump crossbeam-utils in /src/tools/agent-ctl
8e2847b build(deps): bump crossbeam-utils from 0.8.6 to 0.8.8 in /src/libs
e9ada16 build(deps): bump regex from 1.5.4 to 1.5.5 in /src/agent
adad9ce build(deps): bump crossbeam-utils from 0.8.5 to 0.8.8 in /src/agent
ac5dbd8 clh: Improve logging related to the net dev addition
0b75522 network: Set queues to 1 to ensure we get the network fds
93b61e0 network: Add FFI_NO_PI to the netlink flags
bf3ddc1 clh: Pass the tuntap fds down to Cloud Hypervisor
55ed32e clh: Take care of the VmAdNetdPut request ourselves
01fe09a clh: Hotplug the network devices
2e07538 clh: Expose VmAddNetPut
bee7703 docs: Update containerd url link
1a5ba31 agent: refactor reading file timing for debugging
bb26bd7 safe-path: fix clippy warning
db5048d kernel: build efi_secret module for SEV
1ef0b7d runtime: Switch to using the rust version of virtiofsd (all but power)
9773838 virtiofsd: export env vars needed for building it
eff4e10 shim: change the log level for GetOOMEvent call failures
4124413 docs: Add more kata monitor details
8f10e13 config: Allow enable_iommu pod annotation by default
b0e090f versions: Bump virtiofsd to v1.3.0
1b84597 docs: Add storage limits to arch doc
7ae11ca docs: Update source for cri-tools
f509962 tools: Enable extra detail on error
34bcef8 docs: Add agent-ctl examples section
815157b docs: Remove erroneous whitespace
eb24e97 release: Kata Containers 2.5.0-alpha2
d2df120 docs: describe kata handling for core-scheduling
22b6a94 shim: add support for core scheduling
fe3c1d9 docs: Update storage documentation link
6ecea84 rustjail: get home dir using nix crate
38a3188 runk: Support list sub-command
6d0ff90 docs: Update vGPU use-case
9d27c1f agent: ignore ESRCH error when destroying containers
9726f56 runtime: force stop container after the container process exits
168f325 docs: Update configuration reference for snap documentation
b9fc24f docs: update release process github token instructions
c1476a1 docs: update release process with latest workflow triggering
8b57bf9 workflows: add workflow_dispatch triggering to test-kata-deploy
002f2cd snap: Use helper script and cleanup
9b108d9 docs: Improve snap formatting
894f661 docs: Add warning to snap build
d759f6c snap: Fix CH architecture check
5659180 docs: Improve snap build instructions
cb2b309 snap: Build using destructive mode
60823ab docs: Move snap README
af2ef3f agent-ctl: introduce handle for iptables get/set
65f0cef kata-runtime: add iptables CLI to test http endpoint
3201ad0 shim-client: ensure we check resp status for Put/Post
0706fb2 kata-runtime: shmgmt: make url usage consistent
2a09378 shim-client: add support for DoPut
640173c shim-mgmt: Add endpoint handler for interacting with iptables
0136be2 virtcontainers: plumb iptable set/get from sandbox to agent
bd50d46 agent: iptables: get/set handling for iptables
03176a9 proto: update generated code based on proto update
38ebbc7 proto: update to add set/get iptables
78d45b4 agent: return mount file content if parse mountinfo failed
2e04833 docs: Update Intel QAT documentation links
7c4049a osbuilder: add iptables package
648b8d0 runk: Return error when tty is used without console socket
5205efd runk: Add Podman guide in README
5903815 agent: Pass standard I/O to container launched by runk
c7b3941 runk: Enable test for the agent built with standard-oci-runtime feature
6dbce7c agent: Remove unused import in console test
d862ca0 runk: Handle rootfs path in config.json properly
c95ba63 docs: Remove information related to Kata 1.x
34b8038 docs: Get rid of note related to networking.
dfad572 docs: Mention --cni flag while invoking ctr
fff8328 clh: Update to v24.0
4936174 snap: Build and package rust version of virtiofsd
27d903b snap: Put the yq binary in the staging bin directory
d7b4ce0 snap: Remove unused variable
43de544 snap: Fix unbound variable error
c9b2915 snap: Fix whitespace
122a85e agent: remove bin oci-kata-agent
35619b4 runk: merge oci-kata-agent into runk
10c13d7 qemu: remove virtiofsd option in qemu config
d20bc5a virtiofsd: build rust based virtiofsd from source for non-x86_64
8e7c597 agent: fix direct-assigned volume stats
4428cea runtime: direct-volume stats use correct name
ffdc065 runtime: direct-volume stats update to use GET parameter
f295953 runtime: fix incorrect Action function for direct-volume stats
2a1d394 runtime: Adding the correct detection of mediated PCIe devices
ce2e521 runtime: remove duplicate 'types' import
7a5ccd1 runtime: sync docstrings with function names
834f93c docs: fix annotations example
f4994e4 runtime: allow annotation configuration to use_legacy_serial
c67b9d2 qemu: allow using legacy serial device for the console
44814dc qemu: treat console kernel params within appendConsole
24a2b0f docs: Remove clear containers reference in README
8052fe6 runtime: do not check for EOF error in console watcher
abad33e kernel: Remove nemu.conf from packaging
e87eb13 tools: delete unused param from get_from_kata_deps callers
4b437d9 agent: Fix is_signal_handled failing parsing str to u64
e73b70b runtime: Don't run unit tests verbose by default
f24a6e7 runtime: Consolidate flags setting in unit tests script
cf465fe runtime: Don't change test behaviour based on $CI or $KATA_DEV_MODE
34c4ac5 runtime: Remove redundant subcommands from go-test.sh
0aff5aa runtime: Simplify package listing in go-test.sh
557c4cf runtime: Don't chmod coverage files in Go tests
04c8b52 runtime: Remove HTML coverage option from go-test.sh
7f7691442 runtime: Add coverage.txt.tmp to gitignore
13c2577 runtime: Move go testing script locally
4f586d2 packaging: Add kernel config option for SGX in Gramine
7bc4ab6 ci: Don't run Docs URL Alive Check workflow on forks
b4b9068 tools: Add QEMU patches for SGX numa support
88fb9b7 docs: Update runc containerd runtime
a475956 workflows: Add support for building virtiofsd
71f59f3 local-build: Add support for building virtiofsd
c7ac55b dockerbuild: Install unzip
8e2042d tools: add script to pull virtiofsd
dbedea5 versions: Add virtiofsd entry
4210646 doc: Update log parser link
271933f log-parser: fix some of the documentation
c7dacb1 log-parser: move the kata-log-parser from the tests repo
82ea018 versions: Upgrade to Cloud Hypervisor v23.1
383be22 agent: Add a macro to skip a loop easier
97d7b18 runk: use custom Kill command to support --all option
475e3bf agent: add test coverage for functions find_process and online_resources
4a1e13b rustjail: Add tests for hook_grpc_to_oci
9b863b0 release: Kata Containers 2.5.0-alpha1
70eda2f agent: watchers: ensure uid/gid is preserved on copy/mkdir
33a8b70 clh: Rely on Cloud Hypervisor for generating the device ID
81f6b48 agent: add tests for create_logger_task function
7772f7d runk: set BinaryName for runk for containerd
b221a25 tools: Add runk
2c218a0 agent: Modify Kata agent for runk
b0e439c rustjail: add tests for parse_mount_table
b975f2e Virtcontainers: Enable hot plugging vhost-user-blk device on ARM
7ffe5a1 docs: Direct-assigned volume design
081f6de versions: change qemu tdx url and tag
dd4bd7f doc: Added initial doc update for NV GPUs
666aee5 docs: Add VSOCK localhost example for agent-ctl
86d348e docs: Use VM term in agent-ctl doc
4b9b62b agent-ctl: Fix abstract socket connections
b6467dd clh: Expose disk rate limiter config
7580bb5 clh: Expose net rate limiter config
a88adab clh: Cloud Hypervisor has a built-in Rate Limiter
63c4da0 clh: Implement the Disk RateLimiter logic
511f7f8 config: Add DiskRateLimiter* to Cloud Hypervisor
5b18575 hypervisor: Add disk bandwidth and operations rate limiters
1cf9469 clh: Implement the Network RateLimiter logic
00a5b1b utils: Define DefaultRateLimiterRefillTimeMilliSecs
be1bb7e utils: Move FC's function to revert bytes to utils
c9f6496 config: Add NetRateLimiter* to Cloud Hypervisor
2d35e60 hypervisor: Add network bandwidth and operations rate limiters
ccb0183 kata-deploy: Add support to RKE2
9d39362 kata-deploy: Reestructure the installing section
18d27f7 kata-deploy: Add a missing $ prefix in the README
6948b4b docs: Update containerd link to installation guide
832c33d docs: remove pc machine type supports
1cad3a4 agent/random: Ensure data.len > 0
33c953a agent: Add test_ressed_rng_not_root
39a35b6 agent: Add test to random::reseed_rng()
d8f39fb agent/random: Rename RNDRESEEDRNG to RNDRESEEDCRNG
4b9e78b rustjail: Add tests for mount_grpc_to_oci
b658dcc tools: fix typo in clh directory name
afbd60d packaging: Fix clh build from source fall-back
1b931f4 runtime: Allock mockfs storage to be placed in any directory
ef6d54a runtime: Let MockFSInit create a mock fs driver at any path
5d8438e runtime: Move mockfs control global into mockfs.go
963d03e runtime: Export StoragePathSuffix
1719a8b runtime: Don't abuse MockStorageRootPath() for factory tests
bec59f9 runtime: Make bind mount tests better clean up after themselves
f7ba21c runtime: Clean up mock hook logs in tests
90b2f5b runtime: Make SetupOCIConfigFile clean up after itself
2eeb5dc runtime: Don't use fixed /tmp/mountPoint path
f385b21 rustjail: add tests for mount_from function
96bc3ec rustjail: Add tests for hooks_grpc_to_oci
0239502 agent: modify the type of swappiness to u64
0ad89eb safe-path: add more unit test cases
b63774e libs/safe-path: add crate to safely resolve fs paths
0e7f1a5 agent: move assert_result macro to test_utils file
2256bcb rustjail: Add tests for root_grpc_to_oci
9b6f24b agent: add tests for mount_to_rootfs function
9c22d95 agent: add tests for update_container_namespaces
c3776b1 agent: add tests for is_signal_handled function
29e569a virtcontainers: clh: Re-generate the client code
6012c19 versions: Upgrade to Cloud Hypervisor v23.0
aabcebb agent: best-effort removing mount point
d136c9c test: Fix golangci-lint error for s390x
92c00c7 agent: fsGroup support for direct-assigned volume
532d539 runtime: fsGroup support for direct-assigned volume
6a47b82 proto: fsGroup support for direct-assigned volume
7b2ff02 kata-monitor: add a README file
86977ff kata-monitor: update the hrefs in the debug/pprof index page
354cd3b runtime: Base64 encode the direct volume mountInfo path
6e79042 runtime: no need to write virtiofsd error to log
f8cc5d1 kata-monitor: add some links when generating pages for browsers
78f30c3 agent: Avoid agent panic when reading empty stats
6e9e4e8 docs: Update link to contributions guide
9d5e7ee agent: add tests for mount_storage
1118a3d agent: add test coverage for parse_mount_flags_and_options function
485aeab agent: add tests for do_write_stream function
9d5b03a runtime: delete debug option in virtiofsd
c31cd0e rustjail: add test coverage for process_grpc_to_oci function
eff7c7e agent: Allow the agent to be rebuilt with the change of Cargo features
962d05e protocols: add src/csi.rs to .gitignore
a2f5c17 runtime/virtcontainers: Pass the hugepages resources to agent
4405b18 docs: Add a firecracker installation guide
ff17c75 runtime: Allow and require no initrd for SE
59c7165 test: use T.TempDir to create temporary test directory
98750d7 clh: Expose service offload configuration
c9e2443 release: Kata Containers 2.5.0-alpha0
0d5f80b versions: Bump firecracker to v0.23.4
800e4a9 agent: use ms as unit of cputime instead of ticks
0d765bd agent: fix container stop error with signal SIGRTMIN+3
9e4ca0c doc: Improve kata-deploy README.md by changing sh blocks to bash blocks
2b91dcf docs: Remove kata-proxy reference
a63bbf9 kata-monitor: fix duplicated output when printing usage
5e1c30d runtime: add logs around sandbox monitor
fb8be96 runtime: stop getting OOM events when ttrpc: closed error
a779e19 tools/packaging: Fix error path in 'kata-deploy-binaries.sh -s'
0baebd2 tools/packaging: Fix usage of kata-deploy-binaries.sh
93d03cc kata-deploy: fix version bump from -rc to stable
3606923 workflows,release: Ship all the rust vendored code
2eb0745 tools: Add a generate_vendor.sh script
ecf71d6 docs: Remove VPP documentation
66f05c5 runtime: Remove the explicit VirtioMem set and fix the comment
154c8b0 tools/packaging/kata-deploy: Copy install_yq.sh in a dedicated script
1ed7da8 packaging: Eliminate TTY_OPT and NO_TTY variables in kata-deploy
bad859d tools/packaging/kata-deploy/local-build: Add build to gitignore
a931402 docs: Remove kata-proxy references in documentation
0928eb9 agent: Kill the all the container processes of the same cgroup
19f372b runtime: Add more debug logs for container io stream copy
c279632 osbuilder/qat: don't pull kata sources if exist
7743486 docs: fix markdown issues in how-to-run-docker-with-kata.md
459f4bf osbuilder/qat: use centos as base OS
9a5b477 docs: Update vcpu handling document
32131cb Agent: fix unneeded late initialization lint
ebec690 static-build,clh: Add the ability to build from a PR
c77e34d runtime: Move mock hook source
86723b5 virtcontainers: Remove unused install/uninstall targets
0e83c95 virtcontainers: Run mock hook from build tree rather than system bin dir
e65db83 virtcontainers: Remove VC_BIN_DIR
c20ad28 virtcontainers: Remove unused Makefile defines
c776bdf virtcontainers: Remove unused parameter from go-test.sh
168fadf ci: Weekly check whether the docs url is alive
72f7e9e osbuilder: Multistrap Ubuntu
df511bf packaging: Enable cross-building agent
0a313ed osbuilder: Fix use of LIBC in rootfs.sh
2c86b95 osbuilder: Simplify Rust installation
0072cc2 osbuilder: Remove musl installations
5c3e553 osbuilder: apk add --no-cache
efa19c4 device: use const strings for block-driver option instead of hard coding
24b2931 doc: update Intel SGX use cases document
18d4d7f tools: update QEMU to 6.2
6235163 action: Update link for format patch documentation
aa5ae6b runtime: Properly handle ESRCH error when signaling container
5c43427 docs: Update k8s documentation
92ce5e2 rustjail: optimization, merged several writelns into one
dacf6e3 doc: fix filename typo
7a18e32 versions: Upgrade to Cloud Hypervisor v22.1
be12baf manager: Change here documents to use standard delimiter
9576a7d manager: Add options to change self test behaviour
d4d65be manager: Add option to enable component debug
019da91 manager: Whitespace fix
d234cb7 manager: Create containerd link
5d6d39b scripts: Change here document delimiters
c088a3f agent: add tests for get_memory_info function
4b1e2f5 CI: Update GHA secret name
4adf93e tools: release: Do not consider release candidates as stable releases
5ec7592 kernel: fix cve-2022-0847
ffdf961 docs: Update contact link in runtime README
42e3550 agent: Verify that we allocated as many hugepages as we need
608e003 agent: Don't attempt to create directories for hugepage configuration
6a85089 CI: Create GHA to add PR sizing label
2b41d27 release: Revert kata-deploy changes after 2.4.0-rc0 release

Compatibility with CRI-O

Kata Containers 2.5.0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.5.0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.5.0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.5.0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.5.0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.5.0 suggest to use the Linux kernel v5.15.48
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

# Release 2.5.0-rc0

2.5.0-rc0
ac91fb7
Compare
Choose a tag to compare
# Release 2.5.0-rc0 Pre-release
Pre-release

kata-containers Changes

Shortlog

2d29791 release: Kata Containers 2.5.0-rc0
f4eea83 release: Adapt kata-deploy for 2.5.0-rc0
96553e8 runtime: Add documentation of drop-in config file fragments
c656457 runtime: Add tests of drop-in config file decoding
99f5ca8 runtime: Plug drop-in decoding into decodeConfig()
0f9856c runtime: Scan drop-in directory, read files and decode them
2c1efcc runtime: Add helpers to copy fields between tomlConfig instances
20f1187 runtime: Add framework to manipulate config structs via reflection
2a4fbd6 agent: enhance get handled signal
0ddb34a oci: fix serde skip serializing condition
acd3302 agent: Run OCI poststart hooks after a container is launched
fbb2e9b agent: Replace some libc functions with nix ones
1f363a3 runtime: overwrite mount type to bind for bind mounts
4e48509 build: Set safe.directory for runtime repo
433816c ci/cd: update check-commit-message
48ccd42 ci: Set safe.directory against tests repository
a5a25ed runtime: delete Console from Cmd type
3232714 virtcontainers: Remove unused function
0939f51 config: Expose default_maxmemory
58ff2bd clh,qemu: Adapt to using default_maxmemory
afdc960 hypervisor: Add default_maxmemory configuration
ab5f1c9 shim: set a non-zero return code if the wait process call failed.
e5be5cb runtime: device: cleanup outdated comments
5f936f2 virtcontainers: config validation is host specific
bdf5e52 virtcontainers: validate hypervisor config outside of hypervisor itself
469e098 katautils: don't do validation when loading hypervisor config
1a78c3d packaging: Remove unused kata docker configure script
0e2459d docs: Add cgroupDriver for containerd
4e30e11 shim: support shim v2 logging plugin
e32bf53 device: deduplicate state structures
f97d9b4 runtime: device/persist: drop persist dependency from device pkgs
f9e96c6 runtime: device: move to top level package
3880e0c agent: refactor reading file timing for debugging
93874cb packaging: Restrict kernel patches applied to top-level dir
07b1367 versions: Update kernel to latest LTS version 5.15.48
1b7d36f agent: Allow BUILD_TYPE=debug
c70d3a2 agent: Update the dependencies
612fd79 random: Fix "nonminimal-bool" clippy warning
d4417f2 netlink: Fix "or-fun-call" clippy warnings
e227b4c block: Leverage multiqueue for virtio-block
9ff10c0 kernel: Add CONFIG_EFI=y as part of the TDX fragments
e7e7dc9 runtime: Add heuristic to get the right value(s) for mem-reserve
ef925d4 runtime: enable sandbox feature on qemu
0bbbe70 snap: fix snap build on ppc64le
c7dd10e packaging: Remove unused publish kata image script
1b7fd19 rootfs: Fix chronyd.service failing on boot
2899530 tracing: Remove whitespace from root span
9941588 workflow: Removing man-db, workflow kept failing
a305baf docs: Update outdated URLs and keep them available
721ca72 runtime: fix error when trying to parse sandbox sizing annotations
90a7763 snap: Fix debug cli option
5d7fb7b build(deps): bump github.com/containerd/containerd in /src/runtime
d0ca2fc build(deps): bump crossbeam-utils in /src/tools/trace-forwarder
a60dcff build(deps): bump regex from 1.5.4 to 1.5.6 in /src/tools/agent-ctl
dbf5067 build(deps): bump crossbeam-utils in /src/tools/agent-ctl
8e2847b build(deps): bump crossbeam-utils from 0.8.6 to 0.8.8 in /src/libs
e9ada16 build(deps): bump regex from 1.5.4 to 1.5.5 in /src/agent
adad9ce build(deps): bump crossbeam-utils from 0.8.5 to 0.8.8 in /src/agent
ac5dbd8 clh: Improve logging related to the net dev addition
0b75522 network: Set queues to 1 to ensure we get the network fds
93b61e0 network: Add FFI_NO_PI to the netlink flags
bf3ddc1 clh: Pass the tuntap fds down to Cloud Hypervisor
55ed32e clh: Take care of the VmAdNetdPut request ourselves
01fe09a clh: Hotplug the network devices
2e07538 clh: Expose VmAddNetPut
bee7703 docs: Update containerd url link
1a5ba31 agent: refactor reading file timing for debugging
bb26bd7 safe-path: fix clippy warning
db5048d kernel: build efi_secret module for SEV
1ef0b7d runtime: Switch to using the rust version of virtiofsd (all but power)
9773838 virtiofsd: export env vars needed for building it
eff4e10 shim: change the log level for GetOOMEvent call failures
4124413 docs: Add more kata monitor details
8f10e13 config: Allow enable_iommu pod annotation by default
b0e090f versions: Bump virtiofsd to v1.3.0
1b84597 docs: Add storage limits to arch doc
7ae11ca docs: Update source for cri-tools
f509962 tools: Enable extra detail on error
34bcef8 docs: Add agent-ctl examples section
815157b docs: Remove erroneous whitespace

Compatibility with CRI-O

Kata Containers 2.5.0-rc0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.5.0-rc0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.5.0-rc0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.5.0-rc0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.5.0-rc0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.5.0-rc0 suggest to use the Linux kernel v5.15.48
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

# Release 2.4.3

2.4.3
6330386
Compare
Choose a tag to compare

kata-containers Changes

Shortlog

8470031 release: Kata Containers 2.4.3
396fed4 release: Adapt kata-deploy for 2.4.3
025e3ea shim: set a non-zero return code if the wait process call failed.
f32a146 snap: Fix debug cli option
0718b9b rootfs: Fix chronyd.service failing on boot

Compatibility with CRI-O

Kata Containers 2.4.3 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.4.3 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.4.3 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.4.3 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.4.3

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.4.3 suggest to use the Linux kernel v5.15.48
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

# Release 2.5.0-alpha2

2.5.0-alpha2
a57515b
Compare
Choose a tag to compare

kata-containers Changes

Shortlog

eb24e97 release: Kata Containers 2.5.0-alpha2
d2df120 docs: describe kata handling for core-scheduling
22b6a94 shim: add support for core scheduling
fe3c1d9 docs: Update storage documentation link
6ecea84 rustjail: get home dir using nix crate
38a3188 runk: Support list sub-command
6d0ff90 docs: Update vGPU use-case
9d27c1f agent: ignore ESRCH error when destroying containers
9726f56 runtime: force stop container after the container process exits
168f325 docs: Update configuration reference for snap documentation
b9fc24f docs: update release process github token instructions
c1476a1 docs: update release process with latest workflow triggering
8b57bf9 workflows: add workflow_dispatch triggering to test-kata-deploy
002f2cd snap: Use helper script and cleanup
9b108d9 docs: Improve snap formatting
894f661 docs: Add warning to snap build
d759f6c snap: Fix CH architecture check
5659180 docs: Improve snap build instructions
cb2b309 snap: Build using destructive mode
60823ab docs: Move snap README
af2ef3f agent-ctl: introduce handle for iptables get/set
65f0cef kata-runtime: add iptables CLI to test http endpoint
3201ad0 shim-client: ensure we check resp status for Put/Post
0706fb2 kata-runtime: shmgmt: make url usage consistent
2a09378 shim-client: add support for DoPut
640173c shim-mgmt: Add endpoint handler for interacting with iptables
0136be2 virtcontainers: plumb iptable set/get from sandbox to agent
bd50d46 agent: iptables: get/set handling for iptables
03176a9 proto: update generated code based on proto update
38ebbc7 proto: update to add set/get iptables
78d45b4 agent: return mount file content if parse mountinfo failed
2e04833 docs: Update Intel QAT documentation links
7c4049a osbuilder: add iptables package
648b8d0 runk: Return error when tty is used without console socket
5205efd runk: Add Podman guide in README
5903815 agent: Pass standard I/O to container launched by runk
c7b3941 runk: Enable test for the agent built with standard-oci-runtime feature
6dbce7c agent: Remove unused import in console test
d862ca0 runk: Handle rootfs path in config.json properly
c95ba63 docs: Remove information related to Kata 1.x
34b8038 docs: Get rid of note related to networking.
dfad572 docs: Mention --cni flag while invoking ctr
fff8328 clh: Update to v24.0
4936174 snap: Build and package rust version of virtiofsd
27d903b snap: Put the yq binary in the staging bin directory
d7b4ce0 snap: Remove unused variable
43de544 snap: Fix unbound variable error
c9b2915 snap: Fix whitespace
122a85e agent: remove bin oci-kata-agent
35619b4 runk: merge oci-kata-agent into runk
10c13d7 qemu: remove virtiofsd option in qemu config
d20bc5a virtiofsd: build rust based virtiofsd from source for non-x86_64
8e7c597 agent: fix direct-assigned volume stats
4428cea runtime: direct-volume stats use correct name
ffdc065 runtime: direct-volume stats update to use GET parameter
f295953 runtime: fix incorrect Action function for direct-volume stats
2a1d394 runtime: Adding the correct detection of mediated PCIe devices
ce2e521 runtime: remove duplicate 'types' import
7a5ccd1 runtime: sync docstrings with function names
834f93c docs: fix annotations example
f4994e4 runtime: allow annotation configuration to use_legacy_serial
c67b9d2 qemu: allow using legacy serial device for the console
44814dc qemu: treat console kernel params within appendConsole
24a2b0f docs: Remove clear containers reference in README
8052fe6 runtime: do not check for EOF error in console watcher
abad33e kernel: Remove nemu.conf from packaging
e87eb13 tools: delete unused param from get_from_kata_deps callers
4b437d9 agent: Fix is_signal_handled failing parsing str to u64
e73b70b runtime: Don't run unit tests verbose by default
f24a6e7 runtime: Consolidate flags setting in unit tests script
cf465fe runtime: Don't change test behaviour based on $CI or $KATA_DEV_MODE
34c4ac5 runtime: Remove redundant subcommands from go-test.sh
0aff5aa runtime: Simplify package listing in go-test.sh
557c4cf runtime: Don't chmod coverage files in Go tests
04c8b52 runtime: Remove HTML coverage option from go-test.sh
7f7691442 runtime: Add coverage.txt.tmp to gitignore
13c2577 runtime: Move go testing script locally
4f586d2 packaging: Add kernel config option for SGX in Gramine
7bc4ab6 ci: Don't run Docs URL Alive Check workflow on forks
b4b9068 tools: Add QEMU patches for SGX numa support
88fb9b7 docs: Update runc containerd runtime
a475956 workflows: Add support for building virtiofsd
71f59f3 local-build: Add support for building virtiofsd
c7ac55b dockerbuild: Install unzip
8e2042d tools: add script to pull virtiofsd
dbedea5 versions: Add virtiofsd entry
4210646 doc: Update log parser link
271933f log-parser: fix some of the documentation
c7dacb1 log-parser: move the kata-log-parser from the tests repo
82ea018 versions: Upgrade to Cloud Hypervisor v23.1
383be22 agent: Add a macro to skip a loop easier
97d7b18 runk: use custom Kill command to support --all option
475e3bf agent: add test coverage for functions find_process and online_resources

Compatibility with CRI-O

Kata Containers 2.5.0-alpha2 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.5.0-alpha2 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.5.0-alpha2 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.5.0-alpha2 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.5.0-alpha2

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.5.0-alpha2 suggest to use the Linux kernel v5.15.26
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations