Skip to content
2.5.0-alpha2
a57515b
Compare
Choose a tag to compare

kata-containers Changes

Shortlog

eb24e97 release: Kata Containers 2.5.0-alpha2
d2df120 docs: describe kata handling for core-scheduling
22b6a94 shim: add support for core scheduling
fe3c1d9 docs: Update storage documentation link
6ecea84 rustjail: get home dir using nix crate
38a3188 runk: Support list sub-command
6d0ff90 docs: Update vGPU use-case
9d27c1f agent: ignore ESRCH error when destroying containers
9726f56 runtime: force stop container after the container process exits
168f325 docs: Update configuration reference for snap documentation
b9fc24f docs: update release process github token instructions
c1476a1 docs: update release process with latest workflow triggering
8b57bf9 workflows: add workflow_dispatch triggering to test-kata-deploy
002f2cd snap: Use helper script and cleanup
9b108d9 docs: Improve snap formatting
894f661 docs: Add warning to snap build
d759f6c snap: Fix CH architecture check
5659180 docs: Improve snap build instructions
cb2b309 snap: Build using destructive mode
60823ab docs: Move snap README
af2ef3f agent-ctl: introduce handle for iptables get/set
65f0cef kata-runtime: add iptables CLI to test http endpoint
3201ad0 shim-client: ensure we check resp status for Put/Post
0706fb2 kata-runtime: shmgmt: make url usage consistent
2a09378 shim-client: add support for DoPut
640173c shim-mgmt: Add endpoint handler for interacting with iptables
0136be2 virtcontainers: plumb iptable set/get from sandbox to agent
bd50d46 agent: iptables: get/set handling for iptables
03176a9 proto: update generated code based on proto update
38ebbc7 proto: update to add set/get iptables
78d45b4 agent: return mount file content if parse mountinfo failed
2e04833 docs: Update Intel QAT documentation links
7c4049a osbuilder: add iptables package
648b8d0 runk: Return error when tty is used without console socket
5205efd runk: Add Podman guide in README
5903815 agent: Pass standard I/O to container launched by runk
c7b3941 runk: Enable test for the agent built with standard-oci-runtime feature
6dbce7c agent: Remove unused import in console test
d862ca0 runk: Handle rootfs path in config.json properly
c95ba63 docs: Remove information related to Kata 1.x
34b8038 docs: Get rid of note related to networking.
dfad572 docs: Mention --cni flag while invoking ctr
fff8328 clh: Update to v24.0
4936174 snap: Build and package rust version of virtiofsd
27d903b snap: Put the yq binary in the staging bin directory
d7b4ce0 snap: Remove unused variable
43de544 snap: Fix unbound variable error
c9b2915 snap: Fix whitespace
122a85e agent: remove bin oci-kata-agent
35619b4 runk: merge oci-kata-agent into runk
10c13d7 qemu: remove virtiofsd option in qemu config
d20bc5a virtiofsd: build rust based virtiofsd from source for non-x86_64
8e7c597 agent: fix direct-assigned volume stats
4428cea runtime: direct-volume stats use correct name
ffdc065 runtime: direct-volume stats update to use GET parameter
f295953 runtime: fix incorrect Action function for direct-volume stats
2a1d394 runtime: Adding the correct detection of mediated PCIe devices
ce2e521 runtime: remove duplicate 'types' import
7a5ccd1 runtime: sync docstrings with function names
834f93c docs: fix annotations example
f4994e4 runtime: allow annotation configuration to use_legacy_serial
c67b9d2 qemu: allow using legacy serial device for the console
44814dc qemu: treat console kernel params within appendConsole
24a2b0f docs: Remove clear containers reference in README
8052fe6 runtime: do not check for EOF error in console watcher
abad33e kernel: Remove nemu.conf from packaging
e87eb13 tools: delete unused param from get_from_kata_deps callers
4b437d9 agent: Fix is_signal_handled failing parsing str to u64
e73b70b runtime: Don't run unit tests verbose by default
f24a6e7 runtime: Consolidate flags setting in unit tests script
cf465fe runtime: Don't change test behaviour based on $CI or $KATA_DEV_MODE
34c4ac5 runtime: Remove redundant subcommands from go-test.sh
0aff5aa runtime: Simplify package listing in go-test.sh
557c4cf runtime: Don't chmod coverage files in Go tests
04c8b52 runtime: Remove HTML coverage option from go-test.sh
7f7691442 runtime: Add coverage.txt.tmp to gitignore
13c2577 runtime: Move go testing script locally
4f586d2 packaging: Add kernel config option for SGX in Gramine
7bc4ab6 ci: Don't run Docs URL Alive Check workflow on forks
b4b9068 tools: Add QEMU patches for SGX numa support
88fb9b7 docs: Update runc containerd runtime
a475956 workflows: Add support for building virtiofsd
71f59f3 local-build: Add support for building virtiofsd
c7ac55b dockerbuild: Install unzip
8e2042d tools: add script to pull virtiofsd
dbedea5 versions: Add virtiofsd entry
4210646 doc: Update log parser link
271933f log-parser: fix some of the documentation
c7dacb1 log-parser: move the kata-log-parser from the tests repo
82ea018 versions: Upgrade to Cloud Hypervisor v23.1
383be22 agent: Add a macro to skip a loop easier
97d7b18 runk: use custom Kill command to support --all option
475e3bf agent: add test coverage for functions find_process and online_resources

Compatibility with CRI-O

Kata Containers 2.5.0-alpha2 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.5.0-alpha2 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.5.0-alpha2 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.5.0-alpha2 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.5.0-alpha2

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.5.0-alpha2 suggest to use the Linux kernel v5.15.26
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

2.4.2
6d93875
Compare
Choose a tag to compare

kata-containers Changes

Shortlog

7fd22d7 release: Kata Containers 2.4.2
607a8a9 release: Adapt kata-deploy for 2.4.2
e5568a3 agent: ignore ESRCH error when destroying containers
322839a runtime: force stop container after the container process exits
b75d5ce docs: update release process github token instructions
e938ce4 docs: update release process with latest workflow triggering
046ba4d workflows: add workflow_dispatch triggering to test-kata-deploy
14ce4b0 runtime: Adding the correct detection of mediated PCIe devices
f54d5cf agent: Fix is_signal_handled failing parsing str to u64
80d5f9e agent: move assert_result macro to test_utils file
50a74df agent: add tests for is_signal_handled function
560247f agent: add tests for update_container_namespaces
47d4e79 agent: add tests for do_write_stream function
e3ce8af agent: add tests for get_memory_info function
ebe9fc2 clh: Update to the v24.0 release
29c9391 agent: fix direct-assigned volume stats
d184852 runtime: direct-volume stats use correct name
338c9f2 runtime: direct-volume stats update to use GET parameter
f528bc0 runtime: fix incorrect Action function for direct-volume stats
3413c85 tools: Add QEMU patches for SGX numa support
db6d4f7 versions: Upgrade to Cloud Hypervisor v23.1

Compatibility with CRI-O

Kata Containers 2.4.2 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.4.2 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.4.2 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.4.2 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.4.2

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.4.2 suggest to use the Linux kernel v5.15.26
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

2.5.0-alpha1
e2f68c6
Compare
Choose a tag to compare
Pre-release

kata-containers Changes

Highlights for the Kata Containers 2.5.0-alpha1 release include:

  • The addition of runk, a OCI container runtime, written in rust, based on a modified version of Kata Contaoner's agent (#2784)
  • Cloud Hypervisor bump to v23.0 (#4120)
  • Firecracker bump to v0.23.4 (#4001)
  • Fixes related to hugepages (#3816, #3695)
  • Fixes for pod terminating (#4043, #4081)
  • Improvements to direct volume assignment (#4098, #4018)
  • Improvements to kata-montior documentation and endpoints (#3704. #4061, #4054)
  • Disk and Network rate limitting for Cloud Hypervisor (#4017, #4139)
  • Kata Deploy support to RKE2 (#4161)
  • Fixes on the agent-ctl tool (#4164)
  • A lot of simplifications on the agent tests
  • A whole new set of agent tests
  • New documentation has been added related to both Firecrackerm and using NV GPUs

Shortlog

4a1e13b rustjail: Add tests for hook_grpc_to_oci
9b863b0 release: Kata Containers 2.5.0-alpha1
70eda2f agent: watchers: ensure uid/gid is preserved on copy/mkdir
33a8b70 clh: Rely on Cloud Hypervisor for generating the device ID
81f6b48 agent: add tests for create_logger_task function
7772f7d runk: set BinaryName for runk for containerd
b221a25 tools: Add runk
2c218a0 agent: Modify Kata agent for runk
b0e439c rustjail: add tests for parse_mount_table
b975f2e Virtcontainers: Enable hot plugging vhost-user-blk device on ARM
7ffe5a1 docs: Direct-assigned volume design
081f6de versions: change qemu tdx url and tag
dd4bd7f doc: Added initial doc update for NV GPUs
666aee5 docs: Add VSOCK localhost example for agent-ctl
86d348e docs: Use VM term in agent-ctl doc
4b9b62b agent-ctl: Fix abstract socket connections
b6467dd clh: Expose disk rate limiter config
7580bb5 clh: Expose net rate limiter config
a88adab clh: Cloud Hypervisor has a built-in Rate Limiter
63c4da0 clh: Implement the Disk RateLimiter logic
511f7f8 config: Add DiskRateLimiter* to Cloud Hypervisor
5b18575 hypervisor: Add disk bandwidth and operations rate limiters
1cf9469 clh: Implement the Network RateLimiter logic
00a5b1b utils: Define DefaultRateLimiterRefillTimeMilliSecs
be1bb7e utils: Move FC's function to revert bytes to utils
c9f6496 config: Add NetRateLimiter* to Cloud Hypervisor
2d35e60 hypervisor: Add network bandwidth and operations rate limiters
ccb0183 kata-deploy: Add support to RKE2
9d39362 kata-deploy: Reestructure the installing section
18d27f7 kata-deploy: Add a missing $ prefix in the README
6948b4b docs: Update containerd link to installation guide
832c33d docs: remove pc machine type supports
1cad3a4 agent/random: Ensure data.len > 0
33c953a agent: Add test_ressed_rng_not_root
39a35b6 agent: Add test to random::reseed_rng()
d8f39fb agent/random: Rename RNDRESEEDRNG to RNDRESEEDCRNG
4b9e78b rustjail: Add tests for mount_grpc_to_oci
b658dcc tools: fix typo in clh directory name
afbd60d packaging: Fix clh build from source fall-back
1b931f4 runtime: Allock mockfs storage to be placed in any directory
ef6d54a runtime: Let MockFSInit create a mock fs driver at any path
5d8438e runtime: Move mockfs control global into mockfs.go
963d03e runtime: Export StoragePathSuffix
1719a8b runtime: Don't abuse MockStorageRootPath() for factory tests
bec59f9 runtime: Make bind mount tests better clean up after themselves
f7ba21c runtime: Clean up mock hook logs in tests
90b2f5b runtime: Make SetupOCIConfigFile clean up after itself
2eeb5dc runtime: Don't use fixed /tmp/mountPoint path
f385b21 rustjail: add tests for mount_from function
96bc3ec rustjail: Add tests for hooks_grpc_to_oci
0239502 agent: modify the type of swappiness to u64
0ad89eb safe-path: add more unit test cases
b63774e libs/safe-path: add crate to safely resolve fs paths
0e7f1a5 agent: move assert_result macro to test_utils file
2256bcb rustjail: Add tests for root_grpc_to_oci
9b6f24b agent: add tests for mount_to_rootfs function
9c22d95 agent: add tests for update_container_namespaces
c3776b1 agent: add tests for is_signal_handled function
29e569a virtcontainers: clh: Re-generate the client code
6012c19 versions: Upgrade to Cloud Hypervisor v23.0
aabcebb agent: best-effort removing mount point
d136c9c test: Fix golangci-lint error for s390x
92c00c7 agent: fsGroup support for direct-assigned volume
532d539 runtime: fsGroup support for direct-assigned volume
6a47b82 proto: fsGroup support for direct-assigned volume
7b2ff02 kata-monitor: add a README file
86977ff kata-monitor: update the hrefs in the debug/pprof index page
354cd3b runtime: Base64 encode the direct volume mountInfo path
6e79042 runtime: no need to write virtiofsd error to log
f8cc5d1 kata-monitor: add some links when generating pages for browsers
78f30c3 agent: Avoid agent panic when reading empty stats
6e9e4e8 docs: Update link to contributions guide
9d5e7ee agent: add tests for mount_storage
1118a3d agent: add test coverage for parse_mount_flags_and_options function
485aeab agent: add tests for do_write_stream function
9d5b03a runtime: delete debug option in virtiofsd
c31cd0e rustjail: add test coverage for process_grpc_to_oci function
eff7c7e agent: Allow the agent to be rebuilt with the change of Cargo features
962d05e protocols: add src/csi.rs to .gitignore
a2f5c17 runtime/virtcontainers: Pass the hugepages resources to agent
4405b18 docs: Add a firecracker installation guide
ff17c75 runtime: Allow and require no initrd for SE
59c7165 test: use T.TempDir to create temporary test directory
98750d7 clh: Expose service offload configuration

Compatibility with CRI-O

Kata Containers 2.5.0-alpha1 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.5.0-alpha1 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.5.0-alpha1 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.5.0-alpha1 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.5.0-alpha1

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.5.0-alpha1 suggest to use the Linux kernel v5.15.26
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

2.4.1
67d67ab
Compare
Choose a tag to compare

kata-containers Changes

Highlights for the Kata Containers 2.4.1 release include:

  • Cloud Hypervisor bump to v23.0 (#4120)
  • Firecracker bump to v0.23.4 (#4001)
  • Fixes related to hugepages (#3816, #3695)
  • Fixes for pod terminating (#4043, #4081)
  • Improvements to direct volume assignment (#4098, #4018)
  • Improvements to kata-montior documentation and endpoints (#3704. #4061, #4054)

Shortlog

99c6726 release: Kata Containers 2.4.1
8e076c8 release: Adapt kata-deploy for 2.4.1
b50b091 agent: watchers: ensure uid/gid is preserved on copy/mkdir
03bc89a clh: Rely on Cloud Hypervisor for generating the device ID
6b2c641 tools: fix typo in clh directory name
81e10fe packaging: Fix clh build from source fall-back
8b21c5f agent: modify the type of swappiness to u64
3f5c6e7 runtime: Allock mockfs storage to be placed in any directory
0bd1aba runtime: Let MockFSInit create a mock fs driver at any path
3e74243 runtime: Move mockfs control global into mockfs.go
aed4fe6 runtime: Export StoragePathSuffix
e1c4f57 runtime: Don't abuse MockStorageRootPath() for factory tests
c49084f runtime: Make bind mount tests better clean up after themselves
4e350f7 runtime: Clean up mock hook logs in tests
415420f runtime: Make SetupOCIConfigFile clean up after itself
688b9ab runtime: Don't use fixed /tmp/mountPoint path
dc1288d kata-monitor: add a README file
78edf82 kata-monitor: add some links when generating pages for browsers
eff74fa agent: fsGroup support for direct-assigned volume
01cd580 proto: fsGroup support for direct-assigned volume
97ad1d5 runtime: fsGroup support for direct-assigned volume
b62cced runtime: no need to write virtiofsd error to log
8242cfd kata-monitor: update the hrefs in the debug/pprof index page
a37d4e5 agent: best-effort removing mount point
d1197ee tools/packaging: Fix error path in 'kata-deploy-binaries.sh -s'
c9c7751 tools/packaging: Fix usage of kata-deploy-binaries.sh
1e62231 tools/packaging/kata-deploy: Copy install_yq.sh in a dedicated script
8fa64e0 packaging: Eliminate TTY_OPT and NO_TTY variables in kata-deploy
8f67f9e tools/packaging/kata-deploy/local-build: Add build to gitignore
3049b77 versions: Bump firecracker to v0.23.4
aedfef2 runtime/virtcontainers: Pass the hugepages resources to agent
c9e1f72 agent: Verify that we allocated as many hugepages as we need
ba858e8 agent: Don't attempt to create directories for hugepage configuration
bc32eff virtcontainers: clh: Re-generate the client code
984ef53 versions: Upgrade to Cloud Hypervisor v23.0
adf6493 runtime: Base64 encode the direct volume mountInfo path
6b41754 agent: Avoid agent panic when reading empty stats

Compatibility with CRI-O

Kata Containers 2.4.1 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.4.1 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.4.1 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.4.1 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.4.1

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.4.1 suggest to use the Linux kernel v5.15.26
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

2.5.0-alpha0
3f668b8
Compare
Choose a tag to compare
Pre-release

What's Changed

  • kernel: fix cve-2022-0847 by @devimc in #3853
  • versions: Upgrade to Cloud Hypervisor v22.1 by @likebreath in #3873
  • various fix/improvements in document, runtime and agent

Shortlog

c9e2443 release: Kata Containers 2.5.0-alpha0
0d5f80b versions: Bump firecracker to v0.23.4
800e4a9 agent: use ms as unit of cputime instead of ticks
0d765bd agent: fix container stop error with signal SIGRTMIN+3
9e4ca0c doc: Improve kata-deploy README.md by changing sh blocks to bash blocks
2b91dcf docs: Remove kata-proxy reference
a63bbf9 kata-monitor: fix duplicated output when printing usage
5e1c30d runtime: add logs around sandbox monitor
fb8be96 runtime: stop getting OOM events when ttrpc: closed error
a779e19 tools/packaging: Fix error path in 'kata-deploy-binaries.sh -s'
0baebd2 tools/packaging: Fix usage of kata-deploy-binaries.sh
93d03cc kata-deploy: fix version bump from -rc to stable
3606923 workflows,release: Ship all the rust vendored code
2eb0745 tools: Add a generate_vendor.sh script
ecf71d6 docs: Remove VPP documentation
66f05c5 runtime: Remove the explicit VirtioMem set and fix the comment
154c8b0 tools/packaging/kata-deploy: Copy install_yq.sh in a dedicated script
1ed7da8 packaging: Eliminate TTY_OPT and NO_TTY variables in kata-deploy
bad859d tools/packaging/kata-deploy/local-build: Add build to gitignore
a931402 docs: Remove kata-proxy references in documentation
0928eb9 agent: Kill the all the container processes of the same cgroup
19f372b runtime: Add more debug logs for container io stream copy
c279632 osbuilder/qat: don't pull kata sources if exist
7743486 docs: fix markdown issues in how-to-run-docker-with-kata.md
459f4bf osbuilder/qat: use centos as base OS
9a5b477 docs: Update vcpu handling document
32131cb Agent: fix unneeded late initialization lint
ebec690 static-build,clh: Add the ability to build from a PR
c77e34d runtime: Move mock hook source
86723b5 virtcontainers: Remove unused install/uninstall targets
0e83c95 virtcontainers: Run mock hook from build tree rather than system bin dir
e65db83 virtcontainers: Remove VC_BIN_DIR
c20ad28 virtcontainers: Remove unused Makefile defines
c776bdf virtcontainers: Remove unused parameter from go-test.sh
168fadf ci: Weekly check whether the docs url is alive
72f7e9e osbuilder: Multistrap Ubuntu
df511bf packaging: Enable cross-building agent
0a313ed osbuilder: Fix use of LIBC in rootfs.sh
2c86b95 osbuilder: Simplify Rust installation
0072cc2 osbuilder: Remove musl installations
5c3e553 osbuilder: apk add --no-cache
efa19c4 device: use const strings for block-driver option instead of hard coding
24b2931 doc: update Intel SGX use cases document
18d4d7f tools: update QEMU to 6.2
6235163 action: Update link for format patch documentation
aa5ae6b runtime: Properly handle ESRCH error when signaling container
5c43427 docs: Update k8s documentation
92ce5e2 rustjail: optimization, merged several writelns into one
dacf6e3 doc: fix filename typo
7a18e32 versions: Upgrade to Cloud Hypervisor v22.1
be12baf manager: Change here documents to use standard delimiter
9576a7d manager: Add options to change self test behaviour
d4d65be manager: Add option to enable component debug
019da91 manager: Whitespace fix
d234cb7 manager: Create containerd link
5d6d39b scripts: Change here document delimiters
c088a3f agent: add tests for get_memory_info function
4b1e2f5 CI: Update GHA secret name
4adf93e tools: release: Do not consider release candidates as stable releases
5ec7592 kernel: fix cve-2022-0847
ffdf961 docs: Update contact link in runtime README
42e3550 agent: Verify that we allocated as many hugepages as we need
608e003 agent: Don't attempt to create directories for hugepage configuration
6a85089 CI: Create GHA to add PR sizing label
2b41d27 release: Revert kata-deploy changes after 2.4.0-rc0 release

Compatibility with CRI-O

Kata Containers 2.5.0-alpha0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.5.0-alpha0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.5.0-alpha0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.5.0-alpha0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.5.0-alpha0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.5.0-alpha0 suggest to use the Linux kernel v5.15.26
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

2.4.0
0ad6f05
Compare
Choose a tag to compare

Highlights for Kata Containers 2.4.0 include:

  • direct assigned volume support: enables volume managers (e.g. csi) to delegate kata agent to manage block storage volumes.
  • VMM selinux is now configurable (@tanweernoor)
  • Ability to build and run unit tests for a subset of runtime packages on Darwin (@egernst, @sameo)
  • Intel® Software Guard Extensions (Intel® SGX) is available as part of the default kernel, and its support has been added to Cloud Hypervisor and QEMU drivers
  • Initial Intel® Trust Domain Extensions (Intel® TDX) support has been added to Kata Containers, to be used together with Cloud Hypervisor and QEMU, and can be used with together with artefacts built by the community, such as Cloud Hypervisor (also part of the released binaries), QEMU, and guest kernel
  • virtio-fs has a new default parameter set up in the configuration file, announce_submounts, which is used to help to prevent inode number collisions
  • Improved and fixed support for OCI hooks, allowing to run nerdctl with Kata Containers. (@sameo, @liubin). As nerdctl exposes a CLI that is very close to the docker one, this brings an easier, docker-like, development workflow with Kata Containers as a backend.
    Hugepages: (@liubin )
  • Native Nydus support to handle container image lazy loading for both QEMU and CLH hypervisors (@liubin @luodw)
  • Static CPU management: Introduce static_sandbox_resource_mgmt flag to allow for better initial VM sizing when sandbox resource requirements are specified (requires containerd >= 1.6, Kubernetes >= 1.23). For more details see https://github.com/kata-containers/kata-containers/blob/main/docs/design/vcpu-handling.md#virtual-cpu-handling-without-hotplug.
  • netmon: support for netmon dropped, as no longer utilized in Kata 2.0
  • Maintainability, refactoring: Much effort was made to help refactor the runtime code base, including hypervisor, network, cgroups, pkg layout, addition of govmm, etc. These aren't user visible, but allow us to add new exciting features, as well as more easily reuse existing packages.
  • agent: Add config file option to cli
  • ARM experimental hotplug support with QEMU
  • kata-monitor (@fgiudici, @jodh-intel): make the binary listen on localhost only by default; detection of sandboxes is no more dependent on CRI, so detection is quicker and metrics are reported also for kata workloads non created through the CRI; attach CRI metadata (if available) to metrics, in order to easily match kubernetes workloads

Compatibility with CRI-O

Kata Containers 2.4.0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.4.0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.4.0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.4.0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.4.0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.4.0 suggest to use the Linux kernel v5.15.26
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

2.4.0-rc0
8d545f7
Compare
Choose a tag to compare

# Release 2.4.0-rc0

Pre-release
Pre-release

kata-containers Changes

Highlights for Kata Containers 2.4.0-rc0 include:

  • direct assigned volume support: enables volume managers (e.g. csi) to delegate kata agent to manage block storage volumes.
  • VMM selinux is now configurable (@tanweernoor)
  • Ability to build and run unit tests for a subset of runtime packages on Darwin (@egernst, @sameo)
  • Intel® Software Guard Extensions (Intel® SGX) is available as part of the default kernel, and its support has been added to Cloud Hypervisor and QEMU drivers
  • Initial Intel® Trust Domain Extensions (Intel® TDX) support has been added to Kata Containers, to be used together with Cloud Hypervisor and QEMU, and can be used with together with artefacts built by the community, such as Cloud Hypervisor (also part of the released binaries), QEMU, and guest kernel
  • virtio-fs has a new default parameter set up in the configuration file, announce_submounts, which is used to help to prevent inode number collisions
  • Improved and fixed support for OCI hooks, allowing to run nerdctl with Kata Containers. (@sameo, @liubin). As nerdctl exposes a CLI that is very close to the docker one, this brings an easier, docker-like, development workflow with Kata Containers as a backend.
  • Hugepages: (@liubin )
  • Native Nydus support to handle container image lazy loading for both QEMU and CLH hypervisors (@liubin @luodw)
  • Static CPU management: Introduce static_sandbox_resource_mgmt flag to allow for better initial VM sizing when sandbox resource requirements are specified (requires containerd >= 1.6, Kubernetes >= 1.23). For more details see https://github.com/kata-containers/kata-containers/blob/main/docs/design/vcpu-handling.md#virtual-cpu-handling-without-hotplug.
  • netmon: support for netmon dropped, as no longer utilized in Kata 2.0
  • Maintainability, refactoring: Much effort was made to help refactor the runtime code base, including hypervisor, network, cgroups, pkg layout, addition of govmm, etc. These aren't user visible, but allow us to add new exciting features, as well as more easily reuse existing packages.
  • agent: Add config file option to cli
  • ARM experimental hotplug support with QEMU
  • kata-monitor (@fgiudici, @jodh-intel): make the binary listen on localhost only by default; detection of sandboxes is no more dependent on CRI, so detection is quicker and metrics are reported also for kata workloads non created through the CRI; attach CRI metadata (if available) to metrics, in order to easily match kubernetes workloads

Shortlog

a4dcaf3 release: Kata Containers 2.4.0-rc0
84dff44 release: Adapt kata-deploy for 2.4.0-rc0
b257e0e rustjail: delete function signal in BaseContainer
d647b28 agent: delete meaningless FIXME comment
1b34494 runtime: fix invalid comments for pkg/resourcecontrol
afc567a storage: make k8s emptyDir creation configurable
e76519a runtime: small refactor to improve readability
f905161 runtime: mount direct-assigned block device fs only once
27fb490 agent: add get volume stats handler in agent
ea51ef1 runtime: forward the stat and resize requests from shimv2 to kata agent
c39281a runtime: update container creation to work with direct assigned volumes
4e00c23 agent: add grpc interface for stat and resize operations
e9b5a25 runtime: add stat and resize APIs to containerd-shim-v2
6e0090a runtime: persist direct volume mount info
fa326b4 runtime: augment kata-runtime CLI to support direct-assigned volume
7e5f11a vendor: Update containerd to 1.6.1
42771fa runtime: don't set socket and thread for arm/virt
8828ef4 kernel: add arm experimental kernel build support
8a9007f config: remove 2 config as they are removed in 5.15
1b6f740 kernel: add arm experimental patches to support vcpu hotplug and virtio-mem
b8844fb versions: Upgrade to Cloud Hypervisor v22.0
3a641b5 katatestutils: remove distro constraints
fa8b939 config: qemu: Fix disable_block_device_use comments
9615c8b config: fc: Don't expose disable_block_device_use
af80473 clh: stop virtofsd if clh fails to boot up the vm
97951a2 clh: Don't use SharedFS with Confidential Guests
c30b3a9 clh: Adding a volume is not supported without SharedFS
f889f1f clh: introduce supportsSharedFS()
54d27ed clh: introduce loadVirtiofsDaemon()
ae2221e clh: introduce stopVirtiofsDaemon()
e8bc26f clh: introduce setupVirtiofsDaemon()
413b3b4 clh: introduce createVirtiofsDaemon()
76e4f6a Revert "hypervisors: Confidential Guests do not support Device hotplug"
55cd0c8 runtime: Build golang components with extra security options
5891369 snap: Use git clone depth 1 for QEMU and dependencies
c1fb4bb snap: Don't build cloud-hypevisor on ppc64le
37df167 build: always reset ARCH after getting it
94b831e virtcontainers: remove temp dir created for vsock in test code
b27c7f4 docs: Add unit testing presentation
b2a65f9 virtcontainers: Use available s390x hugepages
54d0a67 subsystem: build
e64c54a monitor: Listen to localhost only by default
e6350d3 monitor: Fix build options
a67b93b snap: clh: Re-use kata-deploy script here
f31125f version: Bump cloud-hypervisor to b0324f85571c441f
573a37b osbuilder: Add CentOS Stream rootfs
f10642c osbuilder: Source .cargo/env before checking Rust
eda8ea1 runtime: Gofmt fixes
de57466 config: Expand confidential_guest comments
641d475 config: clh: Use "Intel TDX" instead of just "TDX"
0bafa2d config: clh: Mention supported TEEs
4afb278 ci: add github action to exercise darwin build, unit tests
e355a71 container: file is not linux specific
b31876e device-manager: move linux-only test to a linux-only file
6a5c634 resourcecontrol: SystemdCgroup check is not necessarily linux specific
cc58cf6 resourcecontrol: convert stats dev_t to unit64types
5be188c utils: Add darwin stub
ad04491 virtcontainers: Convert stats dev_t to uint64
5675108 katautils: Use a syscall wrapper for the hook JSON state
7d64ae7 runtime: Add a syscall wrapper package
abc681c katautils: Add Darwin stub for the netNS API
edf2076 docs: Update Readme document
81ed269 runtime: use Cmd.StdoutPipe instead of self-created pipe
1a3381b docs: Developer-Guide build a custom Kata agent with musl
8edca8b kata-agent: Fix mismatching error of cgroup and mountinfo.
082d538 runtime: make selinux configurable
a9ba7c1 clh: Fix typo on HotplugRemoveDevice
827ab82 tools: clh: Fix unbound variable
7243433 clh: Add TDX support
a13b4d5 clh: Add firmware to the config file
a8827e0 hypervisors: Confidential Guests do not support NVDIMM
f50ff9f hypervisors: Confidential Guests do not support Memory hotplug
df8ffec hypervisors: Confidential Guests do not support Device hotplug
28c4c04 hypervisors: Confidential Guests do not support VCPUs hotplug
29ee870 clh: Add confidential_guest to the config file
9621c59 clh: refactor image / initrd configuration set
dcdc412 clh: use common kernel params from the hypervisor code
4c164af versions: Update Cloud Hypervisor to 5343e09e7b8db
7ffe9e5 virtcontainers: Do not add a virtio-rng-ccw device
fec26f8 kata-monitor: trivial: rename symbols & labels
3ac52e8 kata-monitor: fix updating sandbox cache at startup
160bb62 kata-monitor: bump version to 0.3.0
cb4230e runtime: fix package declaration for ppc64le
26b3f00 virtcontainers: Split hypervisor into Linux and OS agnostic bits
fa0e9dc virtcontainers: Make all Linux VMMs only build on Linux
c91035d virtcontainers: Move non QEMU specific constants to hypervisor.go
10ae059 virtcontainers: Move guest protection definitions to hypervisor.go
b28d027 virtcontainers: Make max vCPU config less QEMU specific
a5f6df6 govmm: Define the number of supported vCPUs per architecture
9123fc0 kata-deploy: Simplify Dockerfile and support s390x
4f96e3e katautils: Pass the nerdctl netns annotation to the OCI hooks
a871a33 katautils: Run the createRuntime hooks
d9dfce1 katautils: Run the preStart hook in the host namespace
6be6d0a katautils: Pass the OCI annotations back to the called OCI hooks
f6fc162 shim: log events for CRI-O
1d68a08 docs: Update contributing link
11220f0 kata-deploy: Use (kata with) qemu as the default shim-v2 binary
ab44728 kata-monitor: add kubernetes pod metadata labels to metrics
834e199 kata-monitor: drop unused functions
7516a8c kata-monitor: rework the sandbox cache sync with the container manager
e78d80e kata-monitor: silently ignore CHMOD events on the sandboxes fs
e9eb34c kata-monitor: improve debug logging
3175aad virtiofs-nydus: add lazyload support for kata with clh
8cc1b18 kernel: remove SYS_SUPPORTS_HUGETLBFS from powerpc fragments
5c9d2b4 packaging: Use patch for applying patches
1cee0a9 virtcontainers: Remove duplicated assert messages in utils test code
7241d61 versions: add nydus-snapshotter
6c1d149 docs: Update limitations document
7c4ee6e packaging/qemu: create no_patches file for qemu-tdx
d47c488 versions: add qemu tdx section
493ebc8 utils: Update kata manager docs
34b2e67 utils: Added more kata manager cli options
714c9f5 utils: Improve containerd configuration
c464f32 utils: kata-manager: Force containerd sym link creation
4755d00 utils: Fix unused parameter
601be4e utils: Fix containerd installation
ae21fcc utils: Fix Kata tar archive check
f4d1e45 utils: Add kata-manager CLI options for kata and containerd
3f87835 utils: Switch kata manager to use getopts
e6060cb versions: Linux 5.15.x
734b618 agent-ctl: run cargo fmt/clippy in make check
12c37fa trace-forwarder: add make check for Rust
9818cf7 docs: Improve top-level and runtime README
c1ce67d runtime: use github.com/mdlayher/vsock@v1.1.0
a6b4015 tools: clh: Remove unused variables
5816c13 tools: Build cloud-hypervisor with "--features tdx"
4bd945b virtiofsd: Use "-o announce_submounts"
36c3fc1 agent: support hugepages for containers
81a8baa runtime: add hugepages support
7df677c runtime: Update calculateSandboxMemory to include Hugepages Limit
948a2b0 tools: clh: Ensure the download binary is executable
e07545a tools: clh: Allow passing down a build flag
55cdef2 tools: clh: Add the possibility to always build from sources
395cff4 docs: Remove docker run and shared memory from limitations
90fd625 versions: Udpate Cloud Hypervisor to 55479a64d237
955d359 kernel: add missing config fragment for TDx
42a878e runtime: The index variable is initialized multiple times in for
54e1fae scripts: fix a typo while to check build_type
903a6a4 versions: Bump critools to its 1.23 release
63eb115 versions: bump CRI-O to its 1.23 release
2d9f89a feature(nydusd): add nydusd support to introduse lazyload ability
b19b693 docs: Fix relative links in Markdown
1797b3e packaging/kernel: build TDX guest kernel
9875252 versions: add url and tag for tdx kernel
bc8464e packaging/kernel: add option -s option
9590874 device: Update PCIDEVICE_ environment variables for the guest
7b7f426 device: Keep host to VM PCI mapping persistently
0b2bd64 device: Rework update_spec_pci() to update_env_pci()
40aa43f docs: Update link to EFK stack docs
982f14f runtime: support QEMU SGX
419d813 snap: update qemu version to 6.1.0 for arm
0072218 docs: update Release-Process.md
496bc10 tools: check for yq before using it
a9bebb3 openshift-ci: switch to CentOS Stream
14e7f52 virtcontainers: Split the rootless package into OS specific parts
1f29478 runtime: suppport split firmware
8904790 kata-deploy-push: only run if PR modifying tools path
24796d2 kata-deploy: for testing, make sure we use the PR branch
1cc1c8d docs: Remove images from Zun documentation
5861e52 docs: Remove Zun documentation with kata containers
4fc4c76 agent: Fix execute_hook() args error
5083ae6 workflows: stop checking revert commit

Compatibility with CRI-O

Kata Containers 2.4.0-rc0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.4.0-rc0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.4.0-rc0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.4.0-rc0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.4.0-rc0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.4.0-rc0 suggest to use the Linux kernel v5.15.23
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

2.3.3
97cd593
Compare
Choose a tag to compare

kata-containers Changes

Minor fixes for the 2.3 release of Kata Containers. Fixes introduced for hook execution within the guest agent as well as ensuring that SELinux for the VMM process is configurable.

Thanks to all the contributors!

Shortlog

652cff1 release: Kata Containers 2.3.3
0b6e9f8 runtime: make selinux configurable
408477a kata-deploy: Use (kata with) qemu as the default shim-v2 binary
9431498 shim: log events for CRI-O
7af719e agent: handle hook process result
9b34cf4 agent: valid envs for hooks
9c19536 agent: Fix execute_hook() args error
9bea3a4 agent: check environment variables if empty or invalid
406f00a packaging: Use patch for applying patches

Compatibility with CRI-O

Kata Containers 2.3.3 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.3.3 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.3.3 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.3.3 is compatible with Kubernetes 1.22.0-00

Libseccomp Notices

The binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

This uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the which is not statically linked with the library, you can build
a custom that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.3.3

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.13"
**note: Do not use Alpine on ppc64le & s390x, the agent cannot use musl because there is no such Rust target
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.13"

Kata Linux Containers Kernel

Kata Containers 2.3.3 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

What's Changed

  • stable-2.3 | packaging: Use patch for applying patches by @Jakob-Naucke in #3725
  • stable-2.3 | agent: fix invalid hooks env issues by @liubin in #3716
  • stable-2.3 | shim: log events for CRI-O by @liubin in #3744
  • stable-2.3 | kata-deploy: Use (kata with) qemu as the default shim-v2 binary by @fidencio in #3745
  • back port:: runtime: make selinux configurable by @egernst in #3794

Full Changelog: 2.3.2...2.3.3

2.3.2
1af292c
Compare
Choose a tag to compare

kata-containers Changes

Shortlog

67947b5 release: Kata Containers 2.3.2
977f1f5 workflows: Use base instead of head ref for kata-deploy-test
99ed596 workflows: Fix typo in kata-deploy-push action
13b7d93 workflows: Ensure a label change re-triggers the actions
b846322 workflows: Ensure force-skip-ci skips all actions
8c8571f workflows: Use the correct branch ref on test kata-deploy
620bb97 runtime: Provide protection for shared data
770d4ac tools: Fix groupname if it differs from username
cedb01d runtime: close span before return from function in case of error
a661e53 agent: fix the issue of missing create a new session for container
bed0f3c kata-deploy: validate conf file can be created
786c667 kata-monitor: increase delay before syncing with the container manager
3260adc virtcontainers: clh: Re-generate the client code
cc64461 versions: Upgrade to Cloud Hypervisor v21.0
78afa10 agent: resolve unused variables in tests
a829867 agent: remove unused field in mount handling
87f9a69 agent: drop unused fields from network
fc012a2 agent: clear cargo test warnings
63c5a8a uevent: Fix clippy issue in test code
e3b00f3 runtime: -Wl,--s390-pgste for s390x
d1530af kata-manager: Retrieve static tarball
f2c6cd0 ci: Pass function arguments in static-checks.sh

Compatibility with CRI-O

Kata Containers 2.3.2 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.3.2 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.3.2 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.3.2 is compatible with Kubernetes 1.22.0-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.3.2

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "centos"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.13"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.13"

Kata Linux Containers Kernel

Kata Containers 2.3.2 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

2.4.0-alpha2
a31cde1
Compare
Choose a tag to compare

kata-containers Changes

govmm has been merged with kata-containers
For the full changes including govmm's commits refer to Shortlog

Shortlog

26e08b2 release: Kata Containers 2.4.0-alpha2
7c956e0 virtcontainers: Enable initrd for Cloud Hypervisor
bcce1a1 versions: update Rust to 1.58.1
8cde541 runtime: introduce static sandbox resource management
13eb1f8 docs: describe vCPU handling when hotplug is unavailable
c3e97a0 config: updates to configuration clh, fc toml template
aa3fae1 kata-deploy: Fix the tag replacement logic
75ae536 docs: Update networking details in the architecture doc
2f37165 govmm: Unite VirtioNet tests
4a428fd govmm: readonly=on in s390x blkdev test
79ecebb govmm: TestAppendPCIBridgeDevice et al. on !s390x
dc285ab govmm: Remove unnecessary comma in iommu_platform
d23f2eb govmm: Revert "govmm: s390x: Skip broken tests"
fc0e095 runtime: fix handling container spec's memory limit
1721197 ci: Pass function arguments in static-checks.sh
7af40fb docs: Remove docker run, sysctl and docker daemon limitations
5643c6d runtime: update runc and image-spec dependencies
9277317 agent: resolve unused variables in tests
2d799cb virtcontainers: clh: Re-generate the client code
7e15e99 versions: Upgrade to Cloud Hypervisor v21.0
f52ce30 runtime: rectify passing empty options to -ldflags
df6ae1e osbuilder: Remove libseccomp from Dockerfile
ea1a173 agent: fix the issue of creating new namespaces for agent
9c2f1de docs: Remove kata-pkgsync reference
0338fc6 docs: Redirect glossary to the wiki
3924470 workflows: Use base instead of head ref for kata-deploy-test
5ce9011 govmm: s390x: Skip broken tests
8bcaed0 govmm: Adapt license headers to kata-containers
6dd6577 govmm: Ignore govet checks, at least for now
de678a3 govmm: Remove non-relevant top files
ec6655a govmm: Use govmm from our own pkg
e347694 tools: Fix groupname if it differs from username
c3785f6 workflows: Fix typo in kata-deploy-push action
a8b66de release: Escape backticks in Libseccomp Notices
8cc088b packaging: Remove kata-pkgsync tool
fb7f98b Merge govmm into kata-containers
8939b0f qemu: add support for SGX
b17f073 qemu: update readonly flag for block devices
f971801 qemu: only set wait parameter for server mode socket based char device
82cc01d qemu: Fix 32 bit int overflow in test file
1d1a231 qemu: Add support for legacy serial device
9a2bbed qemu: Remove -realtime in favor of -overcommit
fe83c20 qemu: Add support for --no-shutdown Knob
1ed5271 qmp: wait for POWERDOWN event in ExecuteSystemPowerdown()
de039da govmm/qemu: Let IO/memory reservations be specified for bridge devices
5c7998d QMP: Add ExecuteBlockdevAddWithDriverCache
3a9a674 qemu: Add credentials to qemu Cmd
d27256f qmp: Don't use deprecated 'props' field for object-add
d8cdf9a qemu: Drop support for versions older than 5.0
18352c3 qemu: Fix iommu_platform for vhost user CCW
1b02192 Use 'host_device' driver for blockdev backends
9518675 add support for "sandbox" feature to qemu
335fa81 qemu: fix golangci-lint errors
61b6378 .github/workflows: reimplement github actions CI
9d6e797 go: support go modules
0d21263 qemu: support read-only nvdimm
ff34d28 qemu: Consistent parameter building
0e19ffb qemu: Allow hot-plugging memory devices on PCI bridges
c135681 qemu: Add support for PEF
03b55ea qemu: Add support for Secure Execution
7a367dc qemu: Simplify (Object).Valid()
a6cec2d qemu: add support for SevGuest object
abd3c7e qemu: VhostUserDevice CCW device numbers
3eaeda7 qemu: Refactor vhostuserDev.QemuParams
511cf58 Fix qemu commandline issue with empty romfile
b3eac95 qmp: remove frequent, chatty log
3141894 qemu: add support for tdx-guest object
4b136f3 qemu: Append memory backend for non-DIMM setups
6213dea qemu: support QEMU 6
0d47025 qemu: add support for device loaders
e2eb549 qmp: Add ro argument for block-device hotplug funcs
0592c82 qemu: add arm64 to support list of dimm
2079c15 qemu: enable "-pflash"
b8cd705 qmp: add dump-guest-memory support
d783687 qemu: add pvpanic device to get GUEST_PANICKED event
43d774d Add serial to blk device
8cb8b24 Make fw_cfg a slice
cb0d339 contributors: remove CONTRIBUTORS.md file
29ba5a9 qemu: add fw_cfg flag to config
9f309c2 misc: Update for new GitHub organisation name
3d46d08 Add qom-get function
39c372a Add support for hot-plugging IBM VFIO-AP devices
f5bdd53 travis: disable amd64 jobs
1af1c0d github: enable github actions
4831c6e travis: Run coveralls after success
cf0f05d qemu: add iommu_platform knob for qemuParams
6645baf qemu: Add NoReboot config Knob for qemuParams
abca6f3 Add multidevs option to fsdev
cc53876 qemu/qmp: use boolean type for the vhost
e57e86e qemu: add IOMMU Device
b2aa022 Enable Numa support for Power (ppc64le) architecture
29529a5 Add rt clock definition for rtc clock in qemu
0e98b61 qemu: Add max_ports option to virtio-serial device
787c86b qemu: Add microvm machine type support
5378725 qemu: add pmem flag to memory-backend-file
3700c55 qemu: add block device readonly support
88a25a2 Refactor code to support multiple virtio transports at runtime
2ee53b0 qemu: Don't set ".cache-size=" when CacheSize is 0
f1252f6 qemu: Add pcie-root-port device support.
6667f4e qmp_test: Add TestExecMemdevAdd and TestExecQomSet
201fd0a qmp: Add ExecMemdevAdd and ExecQomSet API
e04be2c qmp: add ExecutePCIVhostUserDevAdd API
13aeba0 qmp: support command 'chardev-remove'
6d6b2d8 s390x: add s390x travis support
175ac49 typo fix
cb9f640 virtio-blk: Add support for share-rw flag
9463486 s390x: dimm not supported
164bd8c test/fmt: drop extra newlines
73555a4 qmp: add query-status API
234e0ed qemu: fix memory prealloc handling
30bfcaa qemu: add debug logfile
79e0d53 qmp: support command 'query-qmp-schema'
68cdf64 test: add cpu topology tests
e0cf9d5 qmp: add checks for the CPU toplogy
a5c1190 qemu: support x86 SMP die
8fd28e2 Support x-pci-vendor-id and x-pci-device-id pass to qemu
713d0d9 s390x: add virtio-blk-ccw type
65cc343 test: add devno in the tests for s390x
9cf98da s390x: add devno support
0c900f5 Allow sharing of memory backend file
f695ddf qemu: add migration incoming defer support
f0f18dd qmp: add virtio-blk multiqueue
7d3deea qemu: Add a virtio-blk-pci device driver support
058cda0 qemu: use MiB instead of Gib for virtio-fs cache size
694a7b1 qemu/qmp: re-implement mainLoop
5712b11 qemu/qmp: fix readLoop() reuse scanner.Bytes() underlying array problem
3c84b1d govmm: add VhostUserFS vhost-user device type
4692f6b qmp: Conditionally pass threadID and socketID when CPU device add
1f51b43 Update the versions of Go used to build GoVMM
ad310f9 Fix staticcheck S1023
932fdc7 Fix staticcheck S1023
cb2ce93 Fix staticcheck S1008
f0172cd Fix staticcheck (S1002)
5f2e630 Fix staticcheck (S1025)
4beea51 Fix staticcheck (ST1005) errors
97fc343 contributors: add my name
c891f5f qmp: Add nvdimm support
f9b31c0 qemu: Allow disable-modern option from QMP
d617307 Run tests for the s390x build
b36b5a8 Contributors: Add Clare Chen to CONTRIBUTORS.md
b41939c Contributors: Add my name
dab4cf1 qmp: Add tests
5ea6da1 Verify govmm builds on s390x
ee75813 contributors: add my name
c80fc3b qemu: Add s390x support
ca477a1 Update source file headers
e68e005 Update the CONTRIBUTING.md
2b7db54 Add the CONTRIBUTORS.md file
b3b765c qemu: test Valid for Vsock for Context ID
3becff5 qemu: change of ContextID from uint32 to uint64
f30fd13 qmp: Output error detail when execute QMP command failed
7da6a4c qmp: fix mem-path properties for hotplug memory.
e4892e3 qemu/qmp: preparation for s390x support
110d2fa qemu/qmp: add new function ExecuteBlockdevAddWithCache
a0b0c86 qmp_test: Change QMP version from 2.6 to 2.9
10c36a1 qemu: add support for pidfile option
9c819db qemu: Fix virtio-net-pci QMP command
7fdfc6a qemu: Add support for romfile option
e74de3c Update guidelines on security issue reporting
ec83abe qemu: Add virtio-balloon device suppport.
4697078 qemu: Show full path to qemu binary at launch time
ef72505 qemu: Fix the support of PCIe bridge
56f645e qmp: add ExecuteQueryMigration
a429677 govmm: fix memory prealloc
1130aab qmp: add "query-cpus" support
de5d278 qemu/qmp: add vfio mediated device support on root bus
de00d7a qemu/image: Reduce permissions of .iso creation dir
1a1fee7 qemu/qmp: nic can works without vhost
6c3d84e qemu: Add virtio RNG device.
b16291c qemu/qmp: support query-memory-devices qmp command.
ce070d1 govmm: modify govmm to be compatible with qemu 2.8
0286ff9 qemu/qmp: support hotplug a nic whose qdisc is mq
8515ae4 qmp: Remind users that you must first call ExecuteQMPCapabilities()
21504d3 qemu/qmp: Add netdev_add with chardev support
ed34f61 Add some negative test cases for qmp.go
17cacc7 Add negative test cases for qemu.go
2706a07 qemu: Use the supplied context.Context for launching
e46092e qemu: Do not try and generate invalid RTC parameters
fcaf61d qemu/qmp: add vfio mediated device support
4461c45 disk: Add --share-rw option for hotplugging disks
6851999 qemu/qmp: add addr and bus to hotplug vsock devices
10efa84 qemu/qmp: add function for hotplug network by fds
80ed88e qemu/qmp: implement function to hotplug serial ports
ca46f21 qemu/qmp: implement function to hotplug character devices
03f1a1c qemu/qmp: implement getfd
84b212f qemu: add vhostfd and disable-modern to vsock hotplug
12dfa87 qemu/qmp: implement function for hotplug network
3830b44 qemu: add vhostfd and disable-modern to vhost-vsock-pci
f700a97 qemu/qmp: implement function to hotplug vsock-pci
4ca232e qmp_test: Fix Warning and Error level logs
430e72c qemu,qmp: Enable gas security checker
ffc06e6 qemu,qmp: Add staticcheck to travis and fix errors
54caf78 qmp: add hotplug memory
e66a9b4 qemu: add appendMemoryKnobs helper
8aeca15 qmp: add migrate set arguments
a03d496 qmp: add set migration capabilities
0ace417 qemu: allow to set migration incoming
723bc5f qemu: allow to create a stopped guest
283d7df qemu: add file backed memory device support
30aeacb qemu: Add qemu parameter for PCI address for a bridge.
9130f37 scsi: Allow scsi controller to associate with an IO thread.
a54de18 iothread: Add ability to configure iothreads
0c0ec8f qemu: add initrd support
68f3071 qemu: add DisableModern to SCSIController
693d954 qemu: add options for the machine type
3273aaf scsi: Add function to send device_add qmp command for a scsi device
6d198b8 Compute coverage statistics for unit tests in Travis builds
3a31da3 scsi: Add a scsi controller device
5316779 qemu: Add VSOCK support
f565536 vhost-user: add blk device support
e9e2767 vhost-user: updating comments for accuracy, rename device field
8fe5723 qemu: Add maxcpus attribute to -smp
3baa776 Add badges to the README.md file
d74e3b6 Fix errcheck failures in the unit tests
db60e32 Enable Travis builds
9cb47fc Add .gitignore file.
a8aaf53 Add project documentation
57aafb5 Remove all references to and dependencies on ciao
27709fc Move files to the qemu folder
48feb29 qemu: introduce vhost-user handling
b8ddd24 qemu: Add function to list hotpluggable CPUs
8c428ed qemu: Add function to hotplug CPUs
24b1405 qemu: Add functions to process QMP response
e39da6c qmp: Add support for hot plugging VFIO devices on PCI(E) bridges
bc030d1 qemu: Add a SysProcAttr parameter to CreateCloudInitISO
1197707 qemu: Add a SysProcAttr parameter to LaunchCustomQemu
b639da4 qemu: Add function to hotplug vfio device
7e5614b Networking: Add vhost fd support
14316ce qemu/qmp: Implement function to hot plug PCI devices
83485dc qemu: Implement Bridge struct
cfa8a99 Networking: Add support for handling macvtap interfaces
83126d3 bios: add support for custom bios
3da2ef9 QEMU: Knobs: Huge Page Support: Add support for huge pages
9bfa792 vfio: Add ability to pass VFIO devices to qemu
a70ffd1 Build: Fix the build after repo move.
0c20617 Knobs: Modify the behaviour of the Mlock knob.
ddee41d QEMU: Enable realtime options
4ecb9de qemu: Add support for memory pre-allocation
1fbe6c5 qmp: Update block device deletion for newer versions of qemu
e74aeef qemu: Add disable-modern option for virtio devices
8d617ff qemu: Update virtio-net-pci command line
25a2dc8 qemu: Update blockdev-add qmp command to support newer qemu versions
d4f7710 misc: Remove some of the code flagged by unused linter
a1600dc misc: Remove unused fields identified by structcheck
58a835e misc: Remove unused variables identified by varcheck
d48b5b5 qemu: Add PCI option to the NetDevice
a84228a qemu: Document how cancelling works.
1e7202a qemu: Fix spelling error in qmp_test.go
c6f3345 qemu: Fix command cancelling.
a8a798b qemu, ciao-launcher: Move ConfigDrive ISO creation code to qemu
30cf116 Add missing bus parameter for a CharDevice
2aa5f5a qemu: Add support for serial port addition
6fe338d qemu: Support creating multiple QMP sockets
992b861 qemu: Add the daemonize qemu option to the Knobs structure
997cb23 qemu: Remove dead code
e555f56 qemu: Add support for socket based consoles
eae8fae qemu: Fix security model typo
db06785 qemu: Make Config's FDs field private
12f6ebe qemu: Embed the qemu parameters into the Config structure
e193a77 qemu: Add support for block devices
3908185 qemu: Add MACVTAP support
6d7dfa0 qemu: Get rid of the Driver structure
cc9cb33 qemu: Add QMPSocket specific type
2d736d7 qemu: Add RTC specific types
e543c33 qemu: Probe each qemu device with a driver
eda8607 qemu: Add netdev options to the Device structure
4780e23 qemu: Add multi-queue and vhost definitions to NetDevice
137e7c7 qemu: Add a NetDevice slice to the Config structure
c0e2aac qemu: Add one unit test for the Config strings
5ba8ef7 qemu: Add QMP socket unit tests
7b2f7eb qemu: Add Memory and SMP unit tests
2ea9b9a qemu: Add a Kernel unit test
8e495f6 qemu: Add a Knobs unit test
8aeb3d4 qemu: Add an Object unit test
38e041d qemu: Add Device unit tests
54d32c2 qemu: Add parameters adding unit tests
ebfa382 qemu: Add a Knobs field to the Config structure
fe1bdcd qemu: Remove the extra parameters field from the Config structure
15bce61 qemu: Group all machine configurations into one structure
d94b5af qemu: Add a VGA parameter field to the Config structure
4892d04 qemu: Add a Global parameter field to the Config structure
612a5a9 qemu: Add a RTC field to the Config structure
c63ec09 qemu: Add a SMP field to the Config structure
7cf386a qemu: Add a Memory field to the Config structure
b198bc6 qemu: Add a UUID field to the Config structure
6239e84 qemu: Add a Character Devices slice field to the Config structure
73e2d53 qemu: Add a Filesystem Devices slice field to the Config structure
518ba62 qemu: Add a Kernel field to the Config structure
b973bc5 qemu: Add an Object slice field to the Config structure
8744dfe qemu: Add a Device slice field to the Config structure
5458de7 qemu: Add a QMP socket field to the Config structure
1711827 qemu: Add qemu's name to the Config structure
37a1f50 qemu: Add configuration structure to simplify LaunchQemu
5ccbaf2 ciao-launcher, qemu: Upgrade to new context package.
f572019 qemu: Use null QMP logger when the logger parameter is nil
7d4199a qemu: Fix ineffassign error
7f50a41 qemu: Fix a silly bug in LaunchQemu
fc6bf8c qemu: Add package documentation
306f54a ciao-launcher, qemu: Move launchQemu to qemu
344aa22 qemu: Add the qemu package
f4a4c3c version: bump to kubernetes 1.23
49223e6 runtime: remove enable_swap option
41e0c41 vendor: update govmm
7a87916 workflows: Ensure a label change re-triggers the actions
d87ab14 workflows: Ensure force-skip-ci skips all actions
5285ac2 runtime: -Wl,--s390-pgste for s390x
fc64643 workflows: Use the correct branch ref on test kata-deploy
b5b9de1 kata-deploy: Update API Version of RuntimeClass to v1
adffd3f scripts: Use shebang /usr/bin/env bash
e22a4e2 packaging: Make kernel config accessible to guest
a5829a2 docs: fix a typo in host-cgroups.md doc
2d0ec00 Qemu: Enable the vcpu-hotplug for arm
e4b7a12 qat: Add Debian to the distro examples
6979d5b osbuilder: Remove gentoo rootfs-builder
22c1a09 osbuilder: Remove suse rootfs-builder
85dd587 osbuilder: Remove fedora rootfs-builder
06fae29 osbuilder: Remove centos rootfs-builder
01005c5 docs: Remove ccloudvm reference
878ab93 runtime: Provide protection for shared data
ac7acbf kata-deploy: validate conf file can be created
b133a23 runtime: it should rollback when failed in Sandbox AddInterface
106df33 libs: add some generated files to .gitignore
85f5ae1 runtime: close span before return from function in case of error
7e2bc4d packaging: Remove ccloudvm instructions and script
f6cdf46 docs: Default machine type is q35 meanwhile
7f54674 CI: Revert "CI: Switch to a mirror as gnu.org is down"
c486c2c agent: fix the broken protobuf generation code
b48322d packaging: Remove obs packages testing for kata 2.0
ad16d75 runtime: Remove docker comments for kata 2.0 configuration.tomls
905e124 docs: fix agent proto file path

Compatibility with CRI-O

Kata Containers 2.4.0-alpha2 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.4.0-alpha2 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.4.0-alpha2 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.4.0-alpha2 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.4.0-alpha2

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.4.0-alpha2 suggest to use the Linux kernel v5.10.25
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations