kata-containers / kata-containers

kata-containers Changes

The 2.1.0 release of Kata Containers provides:

• virtio-mem support.
• kata-monitor improvements.
• A whole bunch of fixes and improvements to kata-deploy, which is the
  preferred way of deploying the project.
• Improvements on tracing.
• Improvements on how PCI devices are handled
• Improvements on the agent side, which has been made asynchronous.
• IPv6 support.
• Innumerous documentations fixes and cleanups.
• support for sandbox level bindmounts
• kata-runtime metrics command introduced for gathering stats on a running Kata sandbox.

Shortlog

5d3610e release: Kata Containers 2.1.0
9266c24 rustjail: separated the propagation flags from mount flags
7086f91 runtime: sandbox delete should succeed after verifying sandbox state
0a7befa docs: Fix spell-check errors found after new text is discovered
eff70d2 docs: Remove horizontal ruler markers that disable spell checks
260f59d image_build: align image size to 128M for arm64
c0bdba2 runtime: make dialing timeout configurable
828a304 agent: avoid reaping the exit signal of execute_hook in the reaper
1b3cf2f kata-monitor: export get stats for sandbox
59b9e5d kata-runtime: add metrics command
3212c7a packaging/kata-cleanup: add k3s containerd volume
d369095 runtime: shim: dedup client, socket addr code
7f7c794 runtime: Short the shim-monitor path
3f1b7c9 cli: delete tracing code for kata-runtime binary
68cad37 agent: Set fixed NOFILE limit value for kata-agent
7c9067c docs: add per-Pod Kata configurations for enable_pprof
dba86ef ci/install_yq.sh: install_yq: Check version before return
79831fa runtime: use s.ctx instead ctx for checking cancellation
3883e4e kernel: configs: Open CONFIG_VIRTIO_MEM in x86_64 Linux kernel
7f7c3fc qemu.go: qemu: resizeMemory: Fix virtio-mem resize overflow issue
c9053ea qemu.go: qemu: setupVirtioMem: let sizeMB be multiple of 2Mib
799433d release: Kata Containers 2.1.0-rc0
2047f26 kata-deploy: Adapt CRI-O config to use drop-in files
8de2f91 kata-deploy: Rely on CRIO default's values for manage_ns_lifecycle
ea9936e versions: Bump runc to v1.0.0-rc93
9c333b2 versions: Bump CRI-O version to 1.21.x
e33f207 versions: Bump critools version to 1.21.0
8e5df72 versions: Bump kubernetes version to 1.21.0
d15f84c versions: Remove Docker entry
516f4ec versions: Remove OpenShift entry
be101ac versions: Remove CRI-O meta dependencies
ee7de8a tools: fix build kernel shell error
3ee6177 virtcontainers: Enable virtio-fs on s390x
8385ff9 runtime: Re-vendor GoVMM
adba453 virtcontainers: Revert "virtcontainers: Allow s390x appendVhostUserDevice"
906c0df kata-deploy: don't update worker pool nodes
ede078b kata-deploy: aks-test: bump kubernetes/containerd
484af12 kata-deploy: update to handle new runtimeclass path
05c224c runtimeclass: add nodeSelector
12a65d2 runtimeclass: drop stale runtimeclass definitions
1ca6bed versions: Upgrade to cloud-hypervisor v15.0
0d0a520 clh: return error if apiSocketPath failed
fc6bb01 runtime: fix dropped error
81c5ff1 agent: Update seccomp configuration for errnoRet and flags
0787ea8 cgroupsCreate: not set resources to c.config.Resources
831224a Sandbox: Fix ContainerConfig ptr in CreateContainer and createContainers
7d5a425 docs: Document limitation regarding subpaths
a57c8ab qemu: kill virtiofsd if failure to start VMM
3677640 runtime/virtcontainers: Fix typo on qmp error msg
ff2b9e5 cli: delete not used files
677f0d9 runtime: delete not used function parameter builtIn
30ff6ee runtime: handle io.katacontainers.config.hypervisor.virtio_fs_extra_args
dcb9f40 config: Protect annotation for entropy_source
d4a5413 runtime: Fix stdout/stderr output from container being truncated
f4c26aa agent: fix the issue of missing set fsGroup for EphemeralStorage
628d55b kata-agent: fix the issue of fsGroup missing
8a33bd4 qemu: Fix assertion failure on shutdown
0405beb agent: Remove unused Default implementation for NamespaceType
7b83b7e agent/uevent: Better initialize Uevent in test
b0190a4 agent: Use vec![] macro rather than init-then-push
1c43245 agent/device: Remove unneeded Result<> wrappers from uev matchers
e41cdb8 agent: Use str::is_empty() method in config::get_string_value()
2377c09 agent: Use CamelCase for NamespaceType values
75eca6d agent/rustjail: Clean up error path in execute_hook()s async task
6ce1e56 agent/rustjail: Remove an unnecessary PathBuf
3c4485e agent/rustjail: Clean up some static definitions with vec! macro
eaec5a6 agent/oci: Change name case to make clippy happy
3f5fdae agent/rustjail: (trivial) Clean up comment on process_grpc_to_oci()
210f39a agent/rustjail: Simplify renaming imports
8ecf8e5 agent: use channel instead of pipe to send exit signal of process
de2631e utils: Make WaitLocalProcess safer
9256e59 shutdown: Don't sever console watcher too early
51ab870 utils: Improve WaitLocalProcess
507ef63 utils: Add waitLocalProcess function
7f60911 virtcontainers: Allow s390x appendVhostUserDevice
67ac4f4 runtime: update GoVMM for memory backend support
1d5098d agent/block: Generate PCI path for virtio-blk devices on clh
543f9da runtime: Disable trace for healthcheck
6577b01 agent/rustjail: Fix accidental damage from tokio conversion
1366f0f cli: Use genericGetExpectedHostDetails on s390x
e7c97f0 runtime/tests: Change "moo FAILURE" message
8bc5349 docs: Simplify the repo bumping section
8a47b05 docs: Mention that an app token should be used with hub
d434c2e docs: OBS account is not require anymore
421439c API: remove ProcessListContainer/ListProcesses
4f164b5 release: Kata Containers 2.1.0-alpha2
1189724 release: Do not git add kata-{deploy,cleanup}.yaml for the tests repo
12582c2 kata-deploy: add runtimeclass that includes pod overhead
2b5f79d release: automatically bump the version of the kata-deploy images
f444adb kata-cleanup: Explicitly add tag to the container image
8ea2ce9 agent/device: Remove legacy uevent matching
5d00774 agent/device: Refine uevent matching for pmem devices
a59e07c agent/define: Refine uevent matching for virtio-scsi devices
484a364 agent/device: Rework uevent handling for virtio-blk devices
8682d6b docs: update dev-guide to include fixes from 1.x
d75fe95 virtcontainers: replace newStore by store in Sandbox struct
49eec92 agent: log the tag and mount point if it is already mounted
342eb76 tools/agent-ctl: Update Cargo.lock
24b0703 agent: fix test for the debug console
7903325 agent: async the debug console
9017e11 agent: start to rework the debug console
660b047 oci: Update seccomp configuration
107ceca kernel: update experimental kernel to 5.10.x
d43098e kata-deploy: Adapt regex for testing kata-deploy
ca4dccf release: Get rid of "master"
c2197cb release: Use sudo to install hub
7873b7a github: Fix slash-command-action usage
a938d90 rustjail: fix the issue of missing default home env
0828f9b agent/uevent: Introduce wait_for_uevent() helper
16ed55e agent/device: Use consistent matching for past and future uevents
4b16681 agent/uevent: Put matcher object rather than "device address" in watch list
b8b3224 agent/uevent: Consolidate event matching logic
d2caff6 agent: Re-organize uevent processing
55ed2dd agent: Store uevent watchers in Vec rather than HashMap
91e0ef5 agent/uevent: Report whole Uevents to device watchers
3642005 agent: Store whole Uevent in map, rather than just /dev name
0616202 agent/device: Move GLOBAL_DEVICE_WATCHER into Sandbox
11ae32e agent/device: Fix path matching for PCI devices
4f60880 agent/device: Update test_get_device_name()
e3e670c agent/device: Forward port test for get_device_name() from Kata 1.x
16f732f ci/lib: Use git to clone the tests repository
9281e56 ci/openshift-ci: Add build root dockerfile
b0e4618 docs: update configuration for passing annotations in conatinerd
eda8da1 github: Revert "github: Remove kata-deploy-test action"
13653e7 runtime: increase dial timeout
f365bdb versions: qemu-experimental: 6.0-rc 470dd6
6491b9d qemu: Add support to build static qemu for dev tree
1cce930 github: Remove kata-deploy-test action
52a276f agent: Fix type for PROC_SUPER_MAGIC on s390x
5b7c8b7 agent: Update cgroups-rs to 0.2.5
28bd8c1 kernel: upgrade kernel to 5.10.x for arm64.
ee6a590 agent: add test test_pipestream_shutdown
4a2d437 agent: don't do anything in Pipestream::shutdown
6493942 mount: fix the issue of missing set fsGroup
88e58a4 agent: fix the issue of missing pass fsGroup
ed08980 agent: Remove many "panic message is not string literal" warnings
010d57f osbuilder: Update QAT Dockerfile with new QAT driver version
935460e osbuilder: update dockerfiles to utilize IMAGE_REGISTRY
adb866a kata-deploy: Adapt to the correct tag name
60adc7f VERSION: Use the correct form
572aff5 build: Only keep one VERSION file
a4c125a trace: move gRPC requests from debug to trace
50fff97 trace: move trace span chatter to trace rather than info
0c38d9e runtime: Fix the format of the client code of cloud-hypervisor APIs
52cacf8 runtime: Format auto-generated client code for cloud-hypervisor API
6fe4832 runtime: use concrete KataAgentConfig instead of interface type
84b62dc versions: Update cloud-hypervisor to release v0.14.1
09d454a runtime: import runtime/v2/runc/options to decode request from Docker
6255cc1 virtcontainers/fc: Upgrade Firecracker to v0.23.1
ede1ab8 docs: Remove ubuntu installation guide
4a38ff4 docs: Update snap install guide
2c47277 docs: update how-to-use-k8s-with-cri-containerd-and-kata.md
317f55f docs: Update minimum version for Fedora
1ce29fc docs: Update CentOS install docs
3f90561 docs: Update Fedora install docs
8a1c6c3 action: fix missing qemu tag
a9ff9c8 docs: Remove openSUSE installation guide
2888ceb docs: Remove SLE installation guide
8c1e0d3 kernel: Enable OVERLAY_FS_{METACOPY,XINO_AUTO}
a65519b versions: keep using kernel 5.4.x for ARM
c035cdb versions: kernel 5.10.x
31ced01 virtcontainers: Fix missing contexts in s390x
0b502d1 runtime: makefile allow override DAX value
75f9963 release: Kata Containers 2.1-alpha1
48e5e4f test: install mock hook binary before test
3f46e63 cgroups: fix the issue of getting wrong online cpus
3a77e4e build: remove unused variables from Makefile
9a4e866 container: on cleanup, rm container directory for mounts path
1555bfd runtime: add support for QEMU 6
1d44881 uevent: Add shutdown channel for task
d8d5b4c signal: Move to a new module
011f7d7 logging: Rework for shutdown
7d5f88c agent: Enable clean shutdown
dcb39c6 main: Create logger task
2cf2897 main: Use task list for stopping tasks
039df1d main: Refactor main logic into new async function
2a648fa logging: Use guard to make threaded logging safe
38f0d8d config: Fix assert_error testing macro
e349244 runtime: fix virtiofsd RO volume sharing
532ff7c runtime: update virtcontainers API documentation
6fcfea8 runtime: Fix static check errors
f3ebbb1 runtime: Fix trace span ordering
fc0f93a actions: enable unit tests in PR check
74192d1 runtime: fix static check errors
a2dee1f runtime: fix vm factory UT failure
076bc50 agent-ctl: update Cargo.lock
0153f76 runtime: gofmt code
190f813 runtime/katautils: PFlash should be initialized
b2ec5a4 runtime: fix cleanupSandboxBindMounts panic
9b689ea runtime/cli: fix TestMainBeforeSubCommandsLoadConfigurationFail failure
8e71c4f runtime: fix missing context argument in mocked sandbox APIs
8ff62be runtime: fix vcmock build failure
60f6315 kata-deploy: Use the correct tag for 2.1-alpha1 release
5a3ee7d snap: Use qemu.version to build snap
0f78a5d kernel: rename exeperimental kernel symlink.
f791052 qemu: Build experimental qemu.
b0e51e5 qemu: Improve cache build
bc587da qemu: Add suffix for qemu binaries.
5493517 qemu: add CACHE_TIMEOUT
98d01ce qemu: Apply patches for specific versions.
a09e58f packaging: Use local file for assets.
07cfa4c qemu: patches: Fail if not patches directory
e221c45 versions: Update qemu database
5abdd2a qemu: move 5.0.0 patches to its own dir.
34e7d5e agent: Validate CID
b265870 runtime: Validate CID
12e9f7f runtime: Add missing test mock function
0e4b28e rustjail: rework execute_hook
451b45f agent: Make use of test consts for error messages
ea51c17 agent: Allow server address to be specified on kernel command-line
8c4d334 agent: disconnect rpc get_oom_event when destroy_sandbox.
259c179 docs: Update QAT instructions to work with Kata 2.0 repos
d5a9d56 agent: Update Cargo.lock for earlier dependency change
5096103 osbuiler: fixing USE_DOCKER for ppc64le
b0e966c agent: Fix unused import warning in unit tests
d7cb3df cgroups: Add systemd detection when creating cgroup manager
f659871 cgroups: remove unused SystemdCgroup variable and accessor/mutators
4bf84b4 runtime: Add contexts to calls in unit tests
9e4932a runtime: use root span for shimv2 tracing
6b0dc60 runtime: Fix ordering of trace spans
48ed8f3 runtime: add support for readonly sandbox bindmounts
0f7950f packaging: configure QEMU with -O2
224c50f snap: Package virtiofsd and fix path
b034458 runtime: return hypervisor Pid in TaskExit event
7ae349c agent: makefile: Add codecov target
85601cd snap: Update for QEMU 5.2.0
88cef33 versions: update QEMU to 5.2.0
74a893f packaging: Refactor version comparisons on configure-hypervisor.sh
f0d4985 exec: ensure sup groups are added to agent request
81607e3 rustjail: fix the issue of home_dir function
6417067 osbuilder: Port QAT Dockerfile to 2.0 repo
b412e15 osbuilder: Port QAT Dockerfile to 2.0 repo
c258ea2 agent-ctl: Function parameter cleanup
fcd45de agent-ctl: Unbreak build
efe625d build: Remove whitespace
34dc861 rustjail: fix the issue of bind mount device file from guest
f580d33 musl/arm64: decompression before use the tarball.
2da058e osbuild: build musl toolchain from source if needed
21bdaaf runtime: Fix missing 'name' field on containerd-shim-v2 logs
17e9a2c agent: don't error of virtiofs share is already mounted
bc0ac52 shimv2: return the hypervisor's pid as the container pid
0f70983 runtime: check if error loading runtime config
6f72076 agent: fix clippy for rustc 1.5
4a21472 agent: Fix test
02079db agent: upgrade tokio to 1.0
947913f agent/protocols: Remove cargo:rerun-if-changed in build.rs
dcea086 rustjail: fix blkio conversion
a42dc74 agent: Agent invokes OCI hooks with wrong PID
2c8ea0a kata-deploy: Add copyright to the kata-deploy's Dockerfile
4e494e3 packaging: Remove NEMU mentions
f21c54a kata-deploy: QEMU, for 2.x, already includes virtiofs
657bd78 kata-deploy: Get rid of references to the docker script
bc34cbb agent: Stop receive message from Receiver if got None
10ed3da release: Rename runtime-release-notes to release-notes
f5dab6a release: We're not compatible with Docker.
01481d6 kata-deploy: Ensure CRI-O uses the VM runtime type
d1c7173 kata-deploy: Move the containerd workarounds to their own functions
5013634 kata-deploy: Stop shipping kata-{clh,fc,qemu,qemu-virtiofs} binaries
2270f19 kata-deploy: Update README to reflect the current distributed artifacts
a494c4d makefile: agent: Add self documented help
10f1c30 kata-runtime: use filepath.Join() to compose file path
f4ae9c8 docs: Update Developer-Guide.md
9963428 docs: update document for using debug console
44cde6e runtime: connect guest debug console bypass kata-monitor
72cb928 vhost-user-blk: Use PciPath type for vhost user devices
74f5b5f runtime/block: Use PciPath type through block code
32b40f5 runtime/network: Use PciPath type through network handling
87c5823 agent/device: Add unit test for pcipath_to_sysfs()
066ce7a agent/device: Pass root bus sysfs path to pcipath_to_sysfs()
fda48a9 agent/device: Use pci::Path type, name things consistently
c12b86d agent/device: Generalize PCI path resolution to any number of bridges
3715c57 agent/device: Rename and clarify semantics of get_pci_device_address()
7e92831 protocols: Update PCI path names / terminology in agent protocol def
8e5fd8e runtime: Introduce PciSlot and PciPath types
7464d05 agent: PCI path type
b22259a agent: PCI slot type
8c2f9e6 gitignore: Ignore *~ editor backup files
a44b272 runtime: Create tracer later in shimv2
df14d38 Agent: OCI hooks return malformed json
49bdbac osbuilder: Allow image registry to be customizable
cb6d2f3 osbuilder: alphabetize fields
fdc573d docs: Update licensing strategy to use kata 2.0 repository
2e2749a runtime: clh-config: add runtime hooks to the clh toml
ef72926 ci: snap: run snap CI on every pull request
919d512 snap: fix kernel setup
d054841 ci: snap: build targets that not need sudo first
a115338 ci: snap: define proxy variables
3721351 runtime: cpuset: when creating container, don't pass cpuset details
c9c7c12 agent: Remove bogus check from list_interfaces() unit test
056d742 docs: Update documentation with new prefixless config options
fdcde79 cli: use new prefixless config options in tools scripts
02ee8b0 cli: Add aliases for kata- options
c6bc43b docs: Fix broken link to fluentbit.io docs
50fea9f github: Only run kata-deploy-test on pull-requests
20b27a1 docs: Fix the installation directory of virtiofsd
11fe6a3 osbuilder: Fix USE_DOCKER on s390x
9f237aa docs: add katacontainers end-to-end arch image
afb4197 osbuilder: Build for glibc on s390x
a1cedc5 agent: Build for glibc on s390x
3d3e4dc packaging: Fix vmlinux kernel install on s390x
8045104 ci: Upgrade to yq 3.4.1
fbab262 kernel: Don't fail if "experimental" dir doesn't exist
62cbaf4 kata-deploy: Remove kata-deploy-docker.sh
3406502 runtime: add jaeger configuration items
17df9b1 runtime: migrate from opentracing to opentelemetry
e1dce3a rustjail: use rlimit crate
a252d86 rustjail: get all capabilities dynamically
11680ef agent: README update to install protoc for ppc64le
b548114 qemu: Add security fixes for CVE-2020-35517
f16ab49 agent: fix non_camel_case_types lint and stop hiding the warning
8ffe4d6 agent: fix unused_parens lint and stop hiding the warning
f70ca69 agent: remove #![allow(unused_unsafe)]
e28bf7a agent: fix dead_code lint
05da23a agent: fix non_snake_case lint and remove ![allow(non_snake_case)]
b7a1f75 arm64: enable acpi for qemu/virt.
71aeb92 osbuilder: updates for feedback
9f7a7a4 osbuilder: Enforcing LIBC=gnu to rootfs build for ppc64le
254b98d rustjail: fix unit test test_process
b25575b agent: remove crate signal-hook which are no longer used
b1880b3 rustjail: remove unnecessary #[async_trait]
83e9414 rustjail: add unittest test_execute_hook
d204100 rustjail: close stdin in execute_hook after it was sent
bb08131 rustjail: fix fork/child in execute_hook
b6c2a60 kata-monitor: set buildmode to exe to avoid build failing
8e2b19a osbuilder: add description for how to use DISTRO variable
2f1cb79 kata-monitor: allow for building for alpine
0e57393 shimv2: log a warning and continue on post-start hook failure
e7043fe shimv2: log a warning and continue on post-stop hook failure
a88b896 kernel: Updates to kernel config for ppc64le
e111093 agent: add secure_join to prevent softlink escape
448771f rustjail: fix the issue of container's cgroup root path
3718df6 osbuilder: Remove leftover pieces related to cmake
c2d14cd versions: Update cloud-hypervisor to release v0.12.0
d1bf829 kernel: ACPI: Always build evged for stable kernel
6f3d591 clh: Use vanilla kernel.
fd39f0f osbuilder: Add "Agent init" on terms glossary
1273e48 osbuilder: Fix urls to repositories
ba9fa49 osbuilder: Use Fedora and CentOS registries
fd5592d branch: change 2.0-dev to main
2b880d2 snap: Don't release Kata Alpha/RC in snap store
fa93831 agent: Address linter and tests
96762ab agent: Remove old netlink crate
33367be agent: Integrate netlink
23f3aef agent: Implement new netlink module
14a63cc agent: Add underscore for constants
0ea8243 github: Update ubuntu version to 20.04
12551de agent: implement NVDIMM/PMEM block driver
6abb1be rustjail: fix the issue of missing destroy contaienr cgroups
fe67f57 agent: set edition = "2018" in .rustfmt.toml to fix rustfmt about async fn
df68771 agent-ctl: Update ttrpc to 0.4.14 for agent-ctl
37e285b agent: Make debug console async
f3bd439 agent: fix tests for async functions
9f79ddb agent: use tokio Notify instead of epoll to fix #1160
332fa4c agent: switch to async runtime
5561755 agent: Initial switch to async runtime
35ea7ee actions: further updates to fix release workflow
ded8e03 actions: fixup release/main workflow
7557a1b packaging: should tag/update tests repo when releasing
437b35b actions: w/a deprecated set-env
49e7151 shimv2: Add tracing
383e8e6 release: Kata Containers 2.1-alpha0
5ce74ba snap: tag yq version
ef1feaf revert: "snap: Fix yq error in build"
6cc1920 snap: Fix yq error in build
789fd7c blk-dev: hotplug readonly if applicable
12777b2 volumes: cleanup / minor refactoring
fbc1d12 vendor: revendor govmm
b329a74 rootfs: Fix indentation inside a switch
8879f9a rootfs: apparmor=unconfined is needed for non Red Hat host OSes
bbeebcd rootfs: Always add SYS_ADMIN, CHROOT, and MKNOD caps to docker cmdline
90ec2fa rootfs: Don't fallthrough in the docker_extra_args() switch
ebd9fcc actions: Run static checks before make agent
a5372e0 github: Add github actions
5c46401 shimv2: Avoid double removing of container from sandbox
14e7042 agent: Clean up commented use declarations
5fe5b32 agent: Fix temp prefix on Namespace::test_setup_persistent_ns
3a891d4 agent: Return error on trying to persist a pid namespace
894fa42 rustjail: allow network sysctls
0d3736d rustjail: fix the issue of sync read
0dc02f6 rustjail: fix the issue of bind mount /dev
9a7bccc qemu: no state to save if QEMU isn't running
f740032 packaging/qemu: Delete the temporary container
e5c710e packaging/qemu: Build and package completely in the container
4c3377d packaging/qemu: Add QEMU_DESTDIR argument to dockerfiles
d4cd255 agent: Avoid container stats panic caused by cgroup controller non-exist
157e055 agent: upgrade crate cgroups to 0.2.0
e3ec1d5 agent: Simplify .or_else() to .or()
e004616 runtime/network: Fix error reporting in listRoutes()
1ae8e81 runtime/network: Correct error reporting in listInterfaces()
b366af9 jail: add more test cases for validator
d38a5d3 jail/validator: introduce helpers to reduce duplicated code
76ad321 jail/validator: avoid unwrap() for safety
51fd624 rustjail: add more context info for errors
68f66c5 agent-ctl: Add void "install" target
5e40775 trace-forwarder: Add void "install" target
8ac93f6 rootfs-builder: add support for gentoo
faed236 rootfs-builder: add functions to run before and after the container
9321e1b oci: fix two incompatible issues with OCI spec
406a91f agent: consume ttrpc crate from crates.io
6181570 oci: fix a typo in "addtionalGids"
4af5bed agent/sandbox: Don't update cpuset when ncpus = 0
9897238 rootfs: reduce size of debian image
10e9bfc runtime: Allow to overwrite DESTDIR
8e5603e snap: fix snap release channel
3db1c80 agent: Don't leak fd when reseeding rng
a19263e agent/protocols: Remove unneeded import from oci.proto
a19cf28 agent/protocols: Remove some unnecessary include directives from protoc
2b45209 agent/protocols: Remove some unneeded dependencies for protocol generation
b36c9ea docs: Fix docs in docs/architecture.md
d47122e docs: Update the Cloud Hypervisor description in virtualization.md
1ca415d agent: exit from exec hangs if background process is present
8f53893 install: Improve snap documentation
a793b8d agent: update cpuset of container path
705182d agent: ignore updating cpuset error when update cgroups
a00f7c3 docs: fix the custom agent binary file path for creating initrd image
0155fe1 shimv2: handle ctx passed by containerd
647331a runtime: clh: Enforce to call 'cleanupVM' for 'stopSandbox'
53b5d06 agent: Adjust OOM Score to avoid agent being killed.
70f198d cli: check modules and permissions before loading a module
cb684cf cli: don't fail if rate limit is exceeded
e684a54 docs: add link to VMT on top level README
9216f2a rustjail: fork a new child process to change the pid ns
3b08376 rustjail: remove the network ns validation against container
13a8e4e snap: update apps section
c388ec5 runtime: don't wait the second shim process in shim start
6c2fc23 agent: create pci root Bus Path for arm64
d6acc4c agent: enable lto flag for Cargo to get better optimized code
fdbf7d3 virtcontainers: revert CleanupContainer from PR 1079
91a390f docs: Create hypervisor summary document
3eeb25a docs: Tidied up virtualisation summary table
8ec3cf0 docs: Adding hyperlink to virtio-net in kata documentation 2.0
b5b67db docs: Fixing typo in virtualization.md file
4d46d0f versions: Use CRI-O v1.18.4-4-g6dee3891e
14a21c3 runtime: change configuration key name from EnablePprof to enable_pprof
4e3a8c0 runtime: remove global sandbox variable
2902039 runtime: delete sandboxlist.go and sandboxlist_test.go
9b88a96 versions: Use release-1.18 (commit ee9128444bec10)
36f65ce runtime: clh: update cloud-hypervisor
e1396f0 runtime: clh: disable virtiofs DAX when FS cache size is 0
8f38265 release: Fix release candidate to major version upgrade check
2e0bf40 tests: Ensure semver build metadata is ignored
4024a82 release: Make error format string consistent
cb0e609 runtime: sleep 1 second after GetOOMEvent failed
18a2245 Agent: README updates for build on ppc64le
655f264 Agent: README updates for build on ppc64le
dfe364f Agent: README updates for build on ppc64le
b841404 runtime: remove nsenter
e3510be runtime: use one line if statement to check if err is nil for qemu.go
4c78814 docs: Fix pre-existing spelling mistakes caught by the CI
6c083d9 docs: Add a link to document describing how to use annotations
d67921a docs: Document restricted annotations
1fc7b76 docs: Repair inconsistencies between 2.0 and 1.x
92c1c4c versions: Update cloud-hypervisor to release v0.11.0
378308e docs: Add instructions for enabling VM templating
21801a1 versions: Revert "version: revert back to crio 1.8.3"
40418f6 runtime: add geust memory dump
5b065eb runtime: change govmm package
93d7962 clh: Consolidate the code path for device unplug
8907a33 agent: Only show ttrpc logs for trace log level
21cd7ad agent: Log ttrpc messages
286eebf agent: Add env var to set log level
b9c6db4 agent: Add env var tests
705e995 agent: Add env var comment
5ced96e hypervisor: Remove unused methods
e82c9da annotations: Improve asset annotation handling
0f26f1c annotations: Add missing hypervisor control annotation
76064e3 asset: Formatting, grammar and whitespace
ff13bde version: revert back to crio 1.8.3
a958eaa runtime: mount shared mountpoint readonly
125e21c runtime: readonly mounts should be readonly bindmount on the host
b6f8a1d docs: Fix incorrect docs in config file
5f0abc2 CI: Fix incorrect URL
62c7e09 docs: Remove credits
679df0f docs: Update top-level README
87848e8 versions: Update crio version
77b5096 runtime: cloud-hypervisor: reduce memory footprint
2e1a8f0 agent: Improve unit test coverage for src/sandbox.rs
172d015 rustjail: fix the issue of create thread failed causing thread panic
9e93463 agent/rustjail: improve unit test coverage for rustjail/container.rs
ad4f7b8 agent/rustjail: make mount and umount2 public
926a618 agent/rustjail: fix typo
8130d9b agent/rustjail: don't use unwrap in container::oci_state
5d11107 rustjail: add mock implementation for cgroup manager
e3eff0e agent: Update build instructions
f134b4a agent: Update build instructions
bb19fcb docs: Update documentation with new subcommand forms
d2fe709 cli: Use new subcommand forms in kata-manager script
4d9ab0c cli: Support new subcommand forms in bash completion
c5d355e cli: Remove kata- prefix from env and check subcommands
4ee7812 runtime: Restore QEMUVIRTIOFSPATH variable in Makefile
b9b281e packaging: Use apply-patches.sh in build-kernel.sh
163e610 packaging: Make qemu/apply_patches.sh common
d4cf305 packaging: qemu/apply_patches.sh should sort the patches
0896ce8 agent: update proto file copyright
6e9ca45 agent: generate proto files properly
837343f agent-ctl: update cargo.lock
b316661 runtime: remove the unused proto files
54e23c8 agent: move gogo.proto out of the github.com namespance
583e6ed agent: types.pb.go is not regenerated
e90aa7b agent: fixes the permissions of PID 1's STDIO
f1c3bf6 runtime: let kata-collect-data.sh collect kata-monitor info
993a8da kata-monitor: add version subcommand
9e9988d agent/protocols: Move agent.proto out of the mock folder of agent
9cb4150 agent/protocols: Fix copyright header checking
0d58d91 agent/protocols: Stop generate agent proto files in the shellscript
7559382 agent/protocols: Ignore generated files and remove these files from repo
fdc33fb agent/protocols: Generate proto files programmatically
2738b18 runtime: Fix firecracker config
e5d4259 runtime: Simplify make variables for clh
a725165 docs: remove the 1.x version description about shim and proxy
9eab301 arm64: correct bridge type for QEMUVIRT
5b079a3 snap: add GH actions jobs to release the snap package
df4ce9f ci: add cargo clippy for agent
2e13878 agent: clear match_like_matches_macro/vec_resize_to_zero warnings
227edfd agent: clear module_inception/type_complexity warnings
698d25b agent: clear redundant_field_names clippy warning
4dd9bd7 agent: clear clippy len_zero warnings
bf7dec5 agent: clear clippy warnings
56f867e rustjail: clear clippy warnings
16757ad oci: clear clippy warnings
f32f49b logging: clear clippy warnings
7159fc2 agent: simplify ttrpc error construction
96a4ed7 Makefile: Replace @RUNTIME_NAME@ with the target in generated files
b88aac0 docs: Update how-to Readme with hypervisor information.
d646411 docs: Update Readme to remove hypervisor information
b4f9fb5 docs: Remove docs for nemu
da79b4b virtcontainers: Append max_ports to virtio-serial device
0f89498 snap: install libseccomp-dev
9a35150 package: drop qemu-virtiofs shim
6ed669a packaging: install virtiofsd for normal qemu build as well
bcf4853 runtime: enable virtiofs by default
1a9515a runtime: Pass --thread-pool-size=1 to virtiofsd
1c528cd packaging: Apply virtiofs performance related fixes to 5.x
e2221d3 tools: Improve agent-ctl README
edf02af tools: Make agent-ctl support more APIs
5620180 tools: Remove commented out code in agent-ctl
9bac4ee tools: Log request in agent-ctl tool if debug enabled
68821f0 tools: Rename agent-ctl command to GetGuestDetails
8553f06 tools: Fix comment in agent-ctl
c5771be annotations: Correct unit tests to validate new protections
398d791 annotations: Split addHypervisorOverrides to reduce complexity
b2b3bc7 annotations: Add unit test for checkPathIsInGlobs
6f52179 annotations: Add unit test for regexpContains function
966bd57 makefile: Add missing generated vars to USER_VARS
be6ee25 makefile: Improve names of config entries for annotation checks
b119427 annotations: Give better names to local variabes in search functions
b5db114 annotations: Rename checkPathIsInGlobList with checkPathIsInGlobs
d65a7d1 config: Add better comments in the template files
7c6aede config: Whitelist hypervisor annotations by name
f047fce config: Use glob instead of regexp to match paths in annotations
11b9c90 annotations: Fix typo in comment
c16cdcb config: Add makefile variables for path lists
4e89b88 config: Protect file_mem_backend against annotation attacks
aae9656 config: Protect vhost_user_store_path against annotation attacks
5588165 config: Add security warning on configuration examples
b21a829 config: Protect ctlpath from annotation attack
27b6620 config: Protect jailer_path annotation
0766901 config: Add examples for path_list configuration
2d431c6 annotations: Simplify negative logic
2ca9ca8 config: Add hypervisor path override through annotations
2e093df config: Fix typo in function name
bf13ff0 config: Protect virtio_fs_daemon annotation
8c75de1 config: Add 'List' alternates for hypervisor configuration paths
2d1f2c7 kernel: update to 5.4.71
d3c9862 config: make virtio-fs part of standard kernel
6ba294a agent: remove unwrap() for e.as_errno()
e77482f agent: Use ? instead of match when the error returns directly
47ff2fb agent: use anyhow context to attach context to Error instead of match
2f690a2 agent: remove useless match
1d8def6 agent: Use ok_or_else instead of match for Option -> Result
0dce817 agent: replace match Result with or_else
7bf4073 agent: replace unnecessary match Result with map_err
7f9e591 agent: replace check! with map_err for readability
09aca49 agent: remove check! in child process because we cant' see logs.
a18899f agent: refactor namespace::setup to optimize error handling
a3c64e5 agent: replace if let Err with or_else
6ffa828 agent: replace if let Err with map_err
720eab7 versions: Update Kubernetes, containerd, cri-o and cri-tools
8495306 agent: Fix crasher if AddARPNeighbors request empty
3d084c7 agent: Fix crasher if UpdateRoutes request empty
5615e5a agent: Fix crasher if UpdateInterface request empty
863f918 rustjail: add length check for uid_mappings in rootless euid mapping
1b7ed32 kata-monitor: use regexp to check if runtime is kata containers
0e0564a docs: update the build kata containers kernel document
d8a8fe4 cpuset: don't set cpuset.mems in the guest
88cd712 sandbox: consider cpusets if quota is not enforced
77a463e cpuset: support setting mems for sandbox
2d69053 cpuset: add cpuset pkg
12cc0ee sandbox: don't constrain cpus, mem only cpuset, devices
b6cf68a cgroups: add ability to update CPUSet
b812d4f virtcontainers: add method for calculating cpuset for sandbox
5b52000 docs: Update upgrading guide
fc6468e agent: fix panic on malformed device resource in container update
ae6b8ec agent/device: Check type as well as major:minor when looking up devices
859301b agent/device: Index all devices in spec before updating them
2477c35 agent/device: Forward port update_spec_device_list() unit test
08d80c1 agent/device: update_spec_device_list() should error if dev not found
43d70a3 docs: Add containerd install guide
11c1ab8 agent: use ok_or/map_err instead of match
6b9f991 rustjail: use Iterator to manipulate vector elements
dc1442c rustjail: delete codes commented out
aa04111 rustjail: delete unused test code
5e3d1fb agent: add blank lines between methods
980e48c agent: delete unused field in agentService
52b821f agent: use no-named closure to reduce codes
b1f95e8 agent: use a local fn to reduce duplicated codes
906b384 agent: update not accurate comments
f63f740 agent: fix errorneous parsing for guest block size
eae685d agent: use chain of Result to avoid early return
b730994 agent: use macro to simplify parse_cmdline function in config.rs
154a356 packaging: apply qemu v5.1 stable fixes
c781a80 agent: fix aarch64 build
82e9450 packaging: fix cloud-hypervisor binary path
78318c1 packaging: fix missing cloud_hypervisor_repo
9834a76 docs: add namespace key to pod/container config files
9a02e6e docs: Add crictl example json files
37e7de7 ci: snap: add event filtering
b7147ed agent: do not follow link when mounting container proc and sysfs
00ad3fd agent-ctl: include cargo lock updates
15b7156 agent: set init process non-dumpable
1839dfd runtime: Clear the VCMock 1.x API Methods from 2.0
c447248 virtiofs: Disable DAX
ffea705 docs: Update docs for enabling agent debug console
0e898c6 rust-agent: Treat warnings as error
0e4baaa rust-agent: Identify unused results in tests
5b2b565 rust-agent: Log returned errors rather than ignore them
d617caf rust-agent: Remove unused imports
ee739c5 rust-agent: Report errors to caller if possible
d5b492a rust-agent: Ignore write errors while writing to the logs
c635c46 rust-agent: Remove unused code that has undefined behavior
ec24f68 rust-agent: Remove 'mut' where not needed
c8f406d rust-agent: Remove uses of deprecated functions
f832d8a rust-agent: Remove or rename unused parameters
5a1d331 rust-agent: Remove or rename unused variables
27efe29 rust-agent: Remove unused functions
d76ece0 rust-agent: Remove useless braces
3682812 rust-agent: Remove unused macros
e3cdc89 osbuilder: Create target directory for agent
8cd62d7 versions: add plugins section
3e56de8 snap: specify python version
7cad865 packaging: fix image build script
483209b actions: add kata deploy test
0793002 packaging: cleaning, updating based on new filepaths
f0f205c packaging: remove obs-packaging
4b1753c packaging: pull versions, build-image out from obs dir
3f6cd4d packaging: Revert "packaging: Stop providing OBS packages"
c33ee54 clh: Support VFIO device unplug
1f4dfa3 clh: Remove unnecessary VmmPing
cc80ae0 versions: cloud-hypervisor: Bump to version 6d30fe05
aa8eefd ci: add github action to test the snap
0fec7a4 docs: Change kata_tap0 to tap0_kata
3394a6a docs: update networking description
2e83f40 dev-guide: update kata-agent install details
777f398 docs: update dev guide for agent build
a89deb3 rust-agent: Update README
a5b3e1c docs: drop docker installation guide
6c4300c docs: fix static check errors in docs/install/README.md
59224a7 docs: update architecture.md
ea1cb37 versions: cloud-hypervisor: bump version
0ebffdf runtime: cloud-hypervisor: tag openapi-generator-cli container
e51a1ea docs: use-cases: Add Intel SGX use case
7d63823 runtime/vendor: add k8s.io/apimachinery/pkg/api/resource
6df165c runtime: add support for SGX
a6221a7 qemu: upgrade qemu version to 5.1.0 for arm64.
0ccbca3 agent: Fix OCI Windows network shared container name typo
80c5283 github: Remove issue template and use central one
a7faeaa docs: fix broken links
f30b86f Packaging: release notes script using error kernel path urls
a4afe3a rust-agent: Replaces improper use of match for non-constant patterns
07d339c devices: fix go test warning in manager_test.go
0351732 action: Allow long lines if non-alphabetic
7019e72 agent: remove unreachable code
942999e agent: Change do_exec return type to ! because it will never return
4501c25 agent: propagate the internal detail errors to users
22ca2da packaging: Stop providing OBS packages
afa88c1 install: Add contacts to the distribution packages
3955cc8 install: Update information about Community Packages
218f77d install: Update SUSE information
2a0e76a install: Update openSUSE information
691f136 install: Update RHEL information
270fc4b install: Update Fedora information
492b4e9 install: Update CentOS information
1984e63 ci: fix clone_tests_repo function
02c1a59 agent: Set LIBC=gnu for ppc64le arch by default
757dfa7 fc: integrate Firecracker's metrics
ce67507 static-build/qemu-virtiofs: Refactor apply virtiofs patches
512b38c packaging/qemu: Add common code to apply patches
edce271 static-build/qemu-virtiofs: Fix to apply QEMU patches
85d2230 runtime: fix TestNewConsole UT failure
e90e9a2 travis: skip static checker for ppc64
5611283 runtime: fix golint errors
daf2a54 agent: fix cargo fmt
c05c4ba ci: always checkout 2.0-dev of test repository
1569b3b docs: fix static check errors
df3119b runtime: fix make check
b03d958 gitignore: ignore agent service file
64b4f69 agent: fix UT failures due to chdir
acaa806 agent: Only allow proc mount if it is procfs
33513fb rustjail: make the mount error info much more clear
484a595 runtime: add enable_debug_console configuration item for agent
febdf8f runtime: add debug console service
3523167 runtime: Call s.newStore.Destroy if globalSandboxList.addSandbox
7225460 shimv2: add a comment in checkAndMount()
ca501e5 osbuilder: specify default toolchain verion in rust-init.
a34478f runtime: Update cloud-hypervisor client pkg to version v0.10.0
45b0b4e agent/oci: Don't use deprecated Error::description() method
33585a8 runtime: Fix linter errors in release files
86a864b packaging: Build from source if the clh release binary is missing
eae2159 runtime: add podman configuration to data collection script
e3a0f9b ci: use export command to export envs instead of env config item
9e5a4b8 ci: use Travis cache to reduce build time
36ce701 agent: update cgroups crate
52984b6 docs: Update the reference path of kata-deploy in the packaging
1a77f69 runtime: make kata-check check for newer release
d127784 how-to: add privileged_without_host_devices to containerd guide
96f8769 travis: enable RUST_BACKTRACE
cda7acf agent/rustjail: add more unit tests
98cc979 agent/rustjail: remove makedev function
b99fefa agent/rustjail: add unit tests for ms_move_rootfs and mask_path
d79fad2 agent/rustjail: implement functions to chroot
25c91af agent/rustjail: add unit test for pivot_rootfs
7cf0fd9 agent/rustjail: implement functions to pivot_root
672da4d agent/rustjail: add unit test for mount_cgroups
ab61cf7 agent/rustjail: add unit test for init_rootfs
0a0714c agent/rustjail/mount: don't use unwrap
3dc9452 agent/rustjail: add tempfile crate as depedency
d756f52 rustjail: implement functions to mount and umount files
9f2f520 docs: Fix the kata-pkgsync tool's docs script path
98c4d11 docs: fix k8s containerd howto links
f107b12 docs: fix up developer guide for 2.0
a02d178 gitignore: ignore agent version.rs
b518dde agent: fix agent panic running as init
61181b9 packaging: use local version file for kata 2.0 in Makefile
e1c6aa2 docs: fix release process doc
1acfba4 packaging: fix release notes

Compatibility with CRI-O

Kata Containers 2.1.0 is compatible with CRI-O

Compatibility with cri-containerd

Kata Containers 2.1.0 is compatible with cri-contaienrd v1.3.7

OCI Runtime Specification

Kata Containers 2.1.0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.1.0 is compatible with Kubernetes 1.21.0-00

Kata Linux Containers image

Agent version: 2.1.0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.12"
ppc64le:
name: "alpine"
version: "3.12"
s390x:
name: "alpine"
version: "3.12"
x86_64:
name: "alpine"
version: "3.12"

Kata Linux Containers Kernel

Kata Containers 2.1.0 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

The 2.0.4 release of the Kata Containers project, the last one of the
stable-2.0 branch, provides:

• A bunch of warnings clean up on the agent code.
• Improvements on QEMU code, avoiding process being left behind.
• Cloud Hypervisor upgrade to v15.0
• Fixes for virtio_fs_extra_args annotation
• Documentation improvements.

FIXME - message this section by hand to produce a summary please

Shortlog

1c62bd1 release: Kata Containers 2.0.4
3d33250 agent: Wrong pid method used
afe4df0 agent: Fix compiler checks
f859f8a agent: Fixes for static and compiler checks
657d755 agent: simplify ttrpc error construction
7d96f22 ci: add cargo clippy for agent
2f67e83 agent: fix clippy for rustc 1.5
4f9b5fa agent: clear match_like_matches_macro/vec_resize_to_zero warnings
974e0e3 agent: clear module_inception/type_complexity warnings
91e1240 agent: clear clippy warnings
02aaab2 agent: clear clippy len_zero warnings
165988a rustjail: clear clippy warnings
9d49a69 oci: clear clippy warnings
cab530c agent: clear redundant_field_names clippy warning
8d16767 logging: clear clippy warnings
01b2bbc runtime: fix static check errors
c60951f actions: enable unit tests in PR check
c750ce1 agent: makefile: Add codecov target
0704641 makefile: agent: Add self documented help
04dcbd4 github: Update ubuntu version to 20.04
f1c6338 github: Add github actions
ee20240 versions: Upgrade to cloud-hypervisor v15.0
aad549f qemu: kill virtiofsd if failure to start VMM
16e358b docs: Document limitation regarding subpaths
a8137ee Makefile: Replace @RUNTIME_NAME@ with the target in generated files
351a01b runtime: handle io.katacontainers.config.hypervisor.virtio_fs_extra_args

Compatibility with CRI-O

Kata Containers 2.0.4 is compatible with CRI-O

Compatibility with cri-containerd

Kata Containers 2.0.4 is compatible with cri-contaienrd v1.3.7

OCI Runtime Specification

Kata Containers 2.0.4 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.0.4 is compatible with Kubernetes 1.21.0-00

Kata Linux Containers image

Agent version: 2.0.4

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.12"
ppc64le:
name: "alpine"
version: "3.12"
s390x:
name: "alpine"
version: "3.12"
x86_64:
name: "alpine"
version: "3.12"

Kata Linux Containers Kernel

Kata Containers 2.0.4 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

Shortlog

4f164b5 release: Kata Containers 2.1.0-alpha2
1189724 release: Do not git add kata-{deploy,cleanup}.yaml for the tests repo
12582c2 kata-deploy: add runtimeclass that includes pod overhead
2b5f79d release: automatically bump the version of the kata-deploy images
f444adb kata-cleanup: Explicitly add tag to the container image
8ea2ce9 agent/device: Remove legacy uevent matching
5d00774 agent/device: Refine uevent matching for pmem devices
a59e07c agent/define: Refine uevent matching for virtio-scsi devices
484a364 agent/device: Rework uevent handling for virtio-blk devices
8682d6b docs: update dev-guide to include fixes from 1.x
d75fe95 virtcontainers: replace newStore by store in Sandbox struct
49eec92 agent: log the tag and mount point if it is already mounted
342eb76 tools/agent-ctl: Update Cargo.lock
24b0703 agent: fix test for the debug console
7903325 agent: async the debug console
9017e11 agent: start to rework the debug console
660b047 oci: Update seccomp configuration
107ceca kernel: update experimental kernel to 5.10.x
d43098e kata-deploy: Adapt regex for testing kata-deploy
ca4dccf release: Get rid of "master"
c2197cb release: Use sudo to install hub
7873b7a github: Fix slash-command-action usage
a938d90 rustjail: fix the issue of missing default home env
0828f9b agent/uevent: Introduce wait_for_uevent() helper
16ed55e agent/device: Use consistent matching for past and future uevents
4b16681 agent/uevent: Put matcher object rather than "device address" in watch list
b8b3224 agent/uevent: Consolidate event matching logic
d2caff6 agent: Re-organize uevent processing
55ed2dd agent: Store uevent watchers in Vec rather than HashMap
91e0ef5 agent/uevent: Report whole Uevents to device watchers
3642005 agent: Store whole Uevent in map, rather than just /dev name
0616202 agent/device: Move GLOBAL_DEVICE_WATCHER into Sandbox
11ae32e agent/device: Fix path matching for PCI devices
4f60880 agent/device: Update test_get_device_name()
e3e670c agent/device: Forward port test for get_device_name() from Kata 1.x
16f732f ci/lib: Use git to clone the tests repository
9281e56 ci/openshift-ci: Add build root dockerfile
b0e4618 docs: update configuration for passing annotations in conatinerd
eda8da1 github: Revert "github: Remove kata-deploy-test action"
13653e7 runtime: increase dial timeout
f365bdb versions: qemu-experimental: 6.0~rc 470dd6
6491b9d qemu: Add support to build static qemu for dev tree
1cce930 github: Remove kata-deploy-test action
52a276f agent: Fix type for PROC_SUPER_MAGIC on s390x
5b7c8b7 agent: Update cgroups-rs to 0.2.5
28bd8c1 kernel: upgrade kernel to 5.10.x for arm64.
ee6a590 agent: add test test_pipestream_shutdown
4a2d437 agent: don't do anything in Pipestream::shutdown
6493942 mount: fix the issue of missing set fsGroup
88e58a4 agent: fix the issue of missing pass fsGroup
ed08980 agent: Remove many "panic message is not string literal" warnings
010d57f osbuilder: Update QAT Dockerfile with new QAT driver version
935460e osbuilder: update dockerfiles to utilize IMAGE_REGISTRY
adb866a kata-deploy: Adapt to the correct tag name
60adc7f VERSION: Use the correct form
572aff5 build: Only keep one VERSION file
a4c125a trace: move gRPC requests from debug to trace
50fff97 trace: move trace span chatter to trace rather than info
0c38d9e runtime: Fix the format of the client code of cloud-hypervisor APIs
52cacf8 runtime: Format auto-generated client code for cloud-hypervisor API
6fe4832 runtime: use concrete KataAgentConfig instead of interface type
84b62dc versions: Update cloud-hypervisor to release v0.14.1
09d454a runtime: import runtime/v2/runc/options to decode request from Docker
6255cc1 virtcontainers/fc: Upgrade Firecracker to v0.23.1
ede1ab8 docs: Remove ubuntu installation guide
4a38ff4 docs: Update snap install guide
2c47277 docs: update how-to-use-k8s-with-cri-containerd-and-kata.md
317f55f docs: Update minimum version for Fedora
1ce29fc docs: Update CentOS install docs
3f90561 docs: Update Fedora install docs
8a1c6c3 action: fix missing qemu tag
a9ff9c8 docs: Remove openSUSE installation guide
2888ceb docs: Remove SLE installation guide
8c1e0d3 kernel: Enable OVERLAY_FS_{METACOPY,XINO_AUTO}
a65519b versions: keep using kernel 5.4.x for ARM
c035cdb versions: kernel 5.10.x
31ced01 virtcontainers: Fix missing contexts in s390x
0b502d1 runtime: makefile allow override DAX value

Compatibility with CRI-O

Kata Containers 2.1.0-alpha2 is compatible with CRI-O v1.18.4-4-g6dee3891e

Compatibility with cri-containerd

Kata Containers 2.1.0-alpha2 is compatible with cri-contaienrd v1.3.7

OCI Runtime Specification

Kata Containers 2.1.0-alpha2 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.1.0-alpha2 is compatible with Kubernetes 1.18.9-00

Kata Linux Containers image

Agent version: 2.1.0-alpha2

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.12"
ppc64le:
name: "alpine"
version: "3.12"
s390x:
name: "alpine"
version: "3.12"
x86_64:
name: "alpine"
version: "3.12"

Kata Linux Containers Kernel

Kata Containers 2.1.0-alpha2 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

The 2.0.3 release of Kata Containers provides:

• Improvements in the project documentation
• Fixes for building agent-ctl
• A newer version of cloud-hypervisor (v0.14.1)
• Improvements and fixes for kata-deploy, such as:
  • Always use the image with the tag corresponding to this release
  • Include pod overhead for the used runtime classes
• Improvements and fixes for scripts used to prepare this release

Shortlog

ea3f9b2 release: Kata Containers 2.0.3
624ff41 release: Do not git add kata-{deploy,cleanup}.yaml for the tests repo
6bb3f44 agent: update cpuset of container path
4d4aba2 kata-deploy: add runtimeclass that includes pod overhead
5f4f8ff release: automatically bump the version of the kata-deploy images
f0d6316 kata-cleanup: Explicitly add tag to the container image
4e868ad docs: update dev-guide to include fixes from 1.x
1c70ef5 ci: Fix travis for stable-2.0
55bdd1f kata-deploy: Adapt regex for testing kata-deploy
144be14 release: Get rid of "master"
017c7cf release: Use sudo to install hub
52c6b07 build: Only keep one VERSION file
e7bdeb4 github: Fix slash-command-action usage
c0ca9f9 github: Revert "github: Remove kata-deploy-test action"
81f3899 github: Remove kata-deploy-test action
6586f3b docs: update configuration for passing annotations in conatinerd
f5adc4c docs: Remove ubuntu installation guide
a67bdc3 docs: Update snap install guide
67be558 docs: update how-to-use-k8s-with-cri-containerd-and-kata.md
abfff68 docs: Update CentOS install docs
0466ee0 docs: Update Fedora install docs
6b22319 docs: Remove SLE installation guide
fb01d51 agent-ctl: update ttrpc version
e3efcfd runtime: Fix the format of the client code of cloud-hypervisor APIs
5a92333 runtime: Format auto-generated client code for cloud-hypervisor API
ec0424e versions: Update cloud-hypervisor to release v0.14.1

Compatibility with CRI-O

Kata Containers 2.0.3 is compatible with CRI-O v1.18.4-2-gee9128444

Compatibility with cri-containerd

Kata Containers 2.0.3 is compatible with cri-contaienrd v1.3.7

OCI Runtime Specification

Kata Containers 2.0.3 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.0.3 is compatible with Kubernetes 1.18.9-00

Kata Linux Containers image

Agent version: 2.0.3

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.12"
ppc64le:
name: "alpine"
version: "3.12"
s390x:
name: "alpine"
version: "3.12"
x86_64:
name: "alpine"
version: "3.12"

Kata Linux Containers Kernel

Kata Containers 2.0.3 suggest to use the Linux kernel v5.4.71
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations