Skip to content

Releases: kata-containers/kata-containers

Kata Containers 3.0.0

09 Oct 08:59
@bergwolf bergwolf
3.0.0
e2a8815
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Kata Containers 3.0.0

Release 3.0.0

kata-containers Changes

  • A new runtime implementation based on Rust
  • An optional builtin sandboxing functionality with rust-vmm based hypervisor dragonball
  • GPU VFIO passthrough support
  • Support host cgroup v2
  • Support drop-in config files
  • Support shimv2 logging plugin
  • Agent support FSGroup
  • A new safe-path library to handle path calculation safely for rust components
  • A few new subcommands of runk
  • Switch from C version virtiofsd to virtiofsd-rs
  • Support enabling QEMU sandbox feature
  • io_uring as IO mechanism for QEMU
  • Support for virtio-blk device multiqueue simulation for QEMU and Cloud-hypervisor
  • intel TDX support for QEMU and Cloud-hypervisor
  • QEMU updated to v6.2.0
  • Cloud-hypervisor upgraded to v26.0
  • Firecracker updated to v1.1.0
  • Guest kernel upgraded to v5.19.2

Shortlog

63495cf release: Kata Containers 3.0.0
fb44305 release: Adapt kata-deploy for 3.0.0
20c0252 agent: reduce reference count for failed mount
3eb6f58 agent: don't exit early if signal fails due to ESRCH
8dc8565 versions: Update gperf url to avoid libseccomp random failures
740e7e2 kata-sys-util: fix typo unknow
727f233 release: Kata Containers 3.0.0-rc1
babab16 tools: release: fix bogus version check
af22e71 osbuilder: Export directory variables for libseccomp
d663f11 kata-deploy: get the config path from cri options
c6b3dcb kata-deploy: support kata-deploy for runtime-rs
a394761 kata-deploy: add installation for runtime-rs
b0c5f04 runtime-rs: set agent timeout to 0 for stream RPCs
d44e39e runtime-rs: fix incorrect comments
43b0e95 runtime: store the user name in hypervisor config
8180188 runtime: make StopVM thread-safe
fba39ef runtime: add more debug logs for non-root user operation
6330951 runtime-rs: drop dependency on rustc-serialize
e229a03 runtime: update runc dependency
5835910 release: Kata Containers 3.0.0-rc0
be242a3 release: Adapt kata-deploy for 3.0.0-rc0
156e1c3 runtime-rs: delete some allow(dead_code) attributes
fc9c6f8 kata-types: don't check virtio_fs_daemon for inline-virtio-fs
96c8be7 libs/kata-types: change return type of getting CPU period/quota
2b1d058 runtime-rs: fix host device check pattern
62cf6e6 runtime-rs: remove meaningless comment
84268f8 runtime-rs: update rust runtime roadmap
bcf6bf8 runk: Enable seccomp support by default
36d805f config: add "inline-virtio-fs" as a "shared_fs" type
85b49ce runtime-rs: add README.md
968c2f6 runk: Refactor container builder
b948a8f kernel: fix kernel tarball name for SEV
50f9126 libs/kata-types: replace tabs by spaces in comments
566656b gperf: point URL to mirror site
d23779e Revert "agent: fix unittests for arp neighbors"
d340564 Revert "agent: use rtnetlink's neighbours API to add neighbors"
188d37b kata-deploy: Add debug statement
e879270 runtime-rs: add default agent/runtime/hypervisor for configuration
5f4f5f2 docs: fix unix socket address in agent-ctl doc
41ec711 runtime-rs: split amend_spec function
ff7c78e runtime-rs: static resource mgmt default to false
00f3a6d runtime-rs: make static resource mgmt idiomatic
4a54876 runtime-rs: support static resource management functionality
52bbc3a cargo.lock: update crates to comply with checks
aa581f4 cargo.toml: Add oci to src/libs workplace
7914da7 cargo.tomls: Added Apache 2.0 to cargo.tomls
bed4aab github-actions: Add cargo-deny
373dac2 qemu: Keep passing BUILD_SUFFIX
59e3850 qemu: create no_patches.txt file for SPR-BKC-QEMU-v2.5
54d6d01 qemu: fix tdx qemu tarball directories
9997ab0 sandbox_test: Add test to verify memory hotplug behavior
f390c12 sandbox: don't hotplug too much memory at once
e0142db hypervisor: Add GetTotalMemoryMB to interface
e83b821 docs: Update url in the Developer Guide
0ab49b2 release: Kata Containers 3.0.0-alpha1
b1a8aca versions: Update cni plugins version
749a6a2 docs: Specify language in markdown for syntax highlight
a1fdc08 kernel: Re-work get_tee_kernel()
a658173 kernel: Whitelist cleanup
cce99c5 runtime-rs: delete socket from shim command-line options
c75970b dragonball: add more unit test for config manager
dc32c46 osbuilder: fix ubuntu initrd /dev/ttyS0 hang
cc5f91d osbuilder: add systemd symlinks for kata-agent
731d39d kernel: Add CONFIG_CGROUP_HUGETLB=y as part of the cgroup fragments
f7d41e9 kata-deploy: export CI in the build container
4f90e3c kata-deploy: add dockerbuild/install_yq.sh to gitignore
96d9037 github-actions: Auto-backporting
a355812 runtime-rs: fixed bug on core-sched error handling
591dfa4 runtime-rs: add support for core scheduling
92f7d6b ci: Use versions.yaml for the libseccomp
b535bac runk: Add cli message for init command
c08a863 agent: add some logs for mount operation
c1e3b8f govmm: Refactor qmp functions for adding block device
598884f govmm: Refactor code to get rid of redundant code
00860a7 qmp: Pass aio backend while adding block device
e1b49d7 config: Add block aio as a supported annotation
ed0f1d0 config: Add "block_device_aio" as a config option for qemu
b6cd234 govmm: Add io_uring as AIO type
81cdaf0 govmm: Correct documentation for Linux aio.
763ceeb logging: Replace nix::Error::EINVAL with more descriptive msgs
4ee2b99 kata-deploy: fix threading conflicts
0a6f017 kernel: Ignore CONFIG_SPECULATION_MITIGATIONS for older kernels
6cf16c4 agent-ctl: fix clippy error
4b57c04 runtime-rs: support loading kernel modules in guest vm
dc90eae qemu: Drop unnecessary tdx_guest kernel parameter
d4b6761 clh: Use HVC console with TDX
c0cb3cd clh: Avoid crashing when memory hotplug is not allowed
9f0a57c clh: Increase API and SandboxStop timeouts for TDX
c142fa2 clh: Lift the sharedFS restriction used with TDX
bdf8a57 runk: Move delete logic to libcontainer
a06d819 runtime: cri-o annotations have been moved to podman
ffd1c1f agent-ctl/trace-forwarder: udpate thread_local dependency
69080d7 agent/runk: update regex dependency
e0ec090 runtime-rs: update async-std dependency
326f1cc agent: enrich some error code path
4f53e01 agent: skip test_load_kernel_module if non-root
f508c29 runtime: constify splitIrqChipMachineOptions
2b0587d runtime: VMX is migratible in vm factory case
fa09f0e runtime: remove qemuPaths
a6fbaac runk: add pause/resume commands
8e20150 kernel: fix for set_kmem_limit error
00aadfe kernel: SEV guest kernel upgrade to 5.19.2
0d9d8d6 kernel: upgrade guest kernel support to 5.19.2
57bd3f4 runtime-rs: plug drop-in decoding into config-loading code
87b97b6 runtime-rs: add filesystem-related part of drop-in handling
cf785a1 runtime-rs: add core toml::Value tree merging
09672eb agent: do some rollback works if case of do_create_container failed
8ff5c10 network: Fix error message for setting hardware address on TAP interface
3a597c2 runtime: clh: Use the new 'payload' interface
16baecc runtime: clh: Re-generate the client code
50ea071 versions: Upgrade to Cloud Hypervisor v26.0
fcc1e0c runtime: tracing: End root span at end of trace
78231a3 ci: Update libseccomp version
338c282 dep: update nix dependency
3829ab8 docs: Update CRI-O target link
3474649 libs/test-utils: share test code by create a new crate
eab7c8f runtime-rs: delete vergen dependency
6d6c068 workflow: trigger release for 3.x releases
4d7f3ed runtime-rs: support the functionality of cleanup
5aa8375 runtime-rs: support save to persist file and restore
3e9077f docs: Update url in containerd documentation
52133ef release: Kata Containers 3.0.0-alpha0
c280d69 runtime-rs: delete route model
caada34 runtime-rs: fix design doc's typo
b61dda4 docs: use curl as default downloader for runtime-rs
ca9d16e runtime-rs: update Cargo.lock
99a7b4f workflow: Revert "static-checks: Allow Merge commit to be >75 chars"
d14e80e workflow: Revert "docs: modify move-issues-to-in-progress.yaml"
1f4b6e6 versions: Update libseccomp version
b828190 Merge pull request #4823 from openanolis/runtime-rs-merge-main-runtime-rs
f791169 Merge pull request #4826 from openanolis/runtime-rs-version
8bbffc4 runtime-rs:update rtnetlink version
e403838 runtim-rs: Merge remote-tracking branch 'origin/main' into runtime-rs
9312511 Merge pull request #4817 from openanolis/runtime-rs-s390x-fail
389ae97 runtime-rs:skip the test when the arch is s390x
945e022 runtime-rs:skip the build process when the arch is s390x
8b0e185 Merge pull request #4784 from openanolis/fix-protocol-ci-err
b337390 Merge pull request #4791 from openanolis/runtime-rs-merge-main-1
7247575 runtime-rs:fix cargo clippy
9803393 runtime-rs: Merge branch 'main' into runtime-rs-merge-main-1
86ac653 libs: fix CI error for protocols
993ae24 Merge pull request #4777 from openanolis/runtime-rs-merge
adfad44 Merge remote-tracking branch 'origin/main' into runtime-rs-merge-tmp
5457deb Merge pull request #4741 from openanolis/fix-stop-failed-in-azure
fa0b11f runtime-rs: fix stdin hang in azure
50b0b7c Merge pull request #4681 from Tim-0731-Hzt/runtime-rs-sharepid
1293357 Merge pull request #4727 from openanolis/anolis-fix-network
71384b6 Merge pull request #4713 from openanolis/adjust_default_vcpu
b314741 runtime-rs:add unit test for set share pid ns
1ef3f8e runtime-rs: set share sandbox pid namespace
57c556a runtime-rs: fix stop failed in azure
3f4dd92 Merge pull request #4702 from openanolis/runtime-rs-endpoint-dev
a3127a0 Merge pull request #4721 from openanolis/install-guide-2
c825065 runtime-rs: fix tc filter setup failed
e0194dc runtime-rs: update route destination with prefix
534a492 Merge pull request #4692 from openanolis/support_disable_guest_seccomp
fa85fd5 docs: add rust environment setup for kata 3.0
896478c runtime-rs: add functiona...

Read more
Assets 6

# Release 3.0.0-rc1

30 Sep 06:45
@gkurz gkurz
3.0.0-rc1
This tag was signed with the committer’s verified signature.
gkurz Greg Kurz
GPG key ID: 71D4D5E5822F73D6
Learn about vigilant mode.
ef49fa9
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
# Release 3.0.0-rc1 Pre-release
Pre-release

kata-containers Changes

Shortlog

727f233 release: Kata Containers 3.0.0-rc1
babab16 tools: release: fix bogus version check
af22e71 osbuilder: Export directory variables for libseccomp
d663f11 kata-deploy: get the config path from cri options
c6b3dcb kata-deploy: support kata-deploy for runtime-rs
a394761 kata-deploy: add installation for runtime-rs
b0c5f04 runtime-rs: set agent timeout to 0 for stream RPCs
d44e39e runtime-rs: fix incorrect comments
43b0e95 runtime: store the user name in hypervisor config
8180188 runtime: make StopVM thread-safe
fba39ef runtime: add more debug logs for non-root user operation
6330951 runtime-rs: drop dependency on rustc-serialize
e229a03 runtime: update runc dependency

Compatibility with CRI-O

Kata Containers 3.0.0-rc1 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.0.0-rc1 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 3.0.0-rc1 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 3.0.0-rc1 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.0.0-rc1

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 3.0.0-rc1 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

Assets 6

# Release 2.5.2

30 Sep 08:21
@gkurz gkurz
2.5.2
This tag was signed with the committer’s verified signature.
gkurz Greg Kurz
GPG key ID: 71D4D5E5822F73D6
Learn about vigilant mode.
4b39dc0
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
# Release 2.5.2

kata-containers Changes

Shortlog

5c69eb5 release: Kata Containers 2.5.2
309756d release: Adapt kata-deploy for 2.5.2
a818771 tools: release: fix bogus version check
52993b9 runtime: store the user name in hypervisor config
30a8166 runtime: make StopVM thread-safe
7033c97 runtime: add more debug logs for non-root user operation
e8ec0c4 stable-2.5: fix cargo vendor
d92ada7 kernel: upgrade guest kernel support to 5.19.2
565fdf8 kernel: fix for set_kmem_limit error
f174fac sandbox_test: Add test to verify memory hotplug behavior
928654b sandbox: don't hotplug too much memory at once
1c0e6b4 hypervisor: Add GetTotalMemoryMB to interface
8f40927 kernel: Add CONFIG_CGROUP_HUGETLB=y as part of the cgroup fragments

Compatibility with CRI-O

Kata Containers 2.5.2 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.5.2 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.5.2 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.5.2 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.5.2

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.5.2 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

Assets 6

Kata Containers 3.0.0-rc0

21 Sep 07:16
@bergwolf bergwolf
3.0.0-rc0
32a9d6d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Kata Containers 3.0.0-rc0 Pre-release
Pre-release

Release 3.0.0-rc0

kata-containers Changes

Shortlog

5835910 release: Kata Containers 3.0.0-rc0
be242a3 release: Adapt kata-deploy for 3.0.0-rc0
156e1c3 runtime-rs: delete some allow(dead_code) attributes
fc9c6f8 kata-types: don't check virtio_fs_daemon for inline-virtio-fs
96c8be7 libs/kata-types: change return type of getting CPU period/quota
2b1d058 runtime-rs: fix host device check pattern
62cf6e6 runtime-rs: remove meaningless comment
84268f8 runtime-rs: update rust runtime roadmap
bcf6bf8 runk: Enable seccomp support by default
36d805f config: add "inline-virtio-fs" as a "shared_fs" type
85b49ce runtime-rs: add README.md
968c2f6 runk: Refactor container builder
b948a8f kernel: fix kernel tarball name for SEV
50f9126 libs/kata-types: replace tabs by spaces in comments
566656b gperf: point URL to mirror site

Compatibility with CRI-O

Kata Containers 3.0.0-rc0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.0.0-rc0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 3.0.0-rc0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 3.0.0-rc0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.0.0-rc0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 3.0.0-rc0 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

Assets 6

# Release 3.0.0-alpha1

07 Sep 04:14
@amshinde amshinde
3.0.0-alpha1
This tag was signed with the committer’s verified signature.
amshinde Archana Shinde
GPG key ID: 60DE32E76786F4D4
Learn about vigilant mode.
fe55f6a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
# Release 3.0.0-alpha1 Pre-release
Pre-release

kata-containers Changes

Major highlights of this release include:

  • Support for io_uring as I/O mechanism for qemu
  • Upgrade to Cloud Hypervisor v26.0
  • Kernel upgrade to 5.19.2
  • Several improvements in cloud-hypervisor support for Intel TDX
  • Support for static resource management functionality in rust runtime
  • Support for hugetlb cgroups in the guest
  • Addition of cargo-deny to scan for vulnerabilities and license issues wrt rust crates.

Shortlog

d23779e Revert "agent: fix unittests for arp neighbors"
d340564 Revert "agent: use rtnetlink's neighbours API to add neighbors"
188d37b kata-deploy: Add debug statement
e879270 runtime-rs: add default agent/runtime/hypervisor for configuration
5f4f5f2 docs: fix unix socket address in agent-ctl doc
41ec711 runtime-rs: split amend_spec function
ff7c78e runtime-rs: static resource mgmt default to false
00f3a6d runtime-rs: make static resource mgmt idiomatic
4a54876 runtime-rs: support static resource management functionality
52bbc3a cargo.lock: update crates to comply with checks
aa581f4 cargo.toml: Add oci to src/libs workplace
7914da7 cargo.tomls: Added Apache 2.0 to cargo.tomls
bed4aab github-actions: Add cargo-deny
373dac2 qemu: Keep passing BUILD_SUFFIX
59e3850 qemu: create no_patches.txt file for SPR-BKC-QEMU-v2.5
54d6d01 qemu: fix tdx qemu tarball directories
9997ab0 sandbox_test: Add test to verify memory hotplug behavior
f390c12 sandbox: don't hotplug too much memory at once
e0142db hypervisor: Add GetTotalMemoryMB to interface
e83b821 docs: Update url in the Developer Guide
0ab49b2 release: Kata Containers 3.0.0-alpha1
b1a8aca versions: Update cni plugins version
749a6a2 docs: Specify language in markdown for syntax highlight
a1fdc08 kernel: Re-work get_tee_kernel()
a658173 kernel: Whitelist cleanup
cce99c5 runtime-rs: delete socket from shim command-line options
c75970b dragonball: add more unit test for config manager
dc32c46 osbuilder: fix ubuntu initrd /dev/ttyS0 hang
cc5f91d osbuilder: add systemd symlinks for kata-agent
731d39d kernel: Add CONFIG_CGROUP_HUGETLB=y as part of the cgroup fragments
f7d41e9 kata-deploy: export CI in the build container
4f90e3c kata-deploy: add dockerbuild/install_yq.sh to gitignore
96d9037 github-actions: Auto-backporting
a355812 runtime-rs: fixed bug on core-sched error handling
591dfa4 runtime-rs: add support for core scheduling
92f7d6b ci: Use versions.yaml for the libseccomp
b535bac runk: Add cli message for init command
c08a863 agent: add some logs for mount operation
c1e3b8f govmm: Refactor qmp functions for adding block device
598884f govmm: Refactor code to get rid of redundant code
00860a7 qmp: Pass aio backend while adding block device
e1b49d7 config: Add block aio as a supported annotation
ed0f1d0 config: Add "block_device_aio" as a config option for qemu
b6cd234 govmm: Add io_uring as AIO type
81cdaf0 govmm: Correct documentation for Linux aio.
763ceeb logging: Replace nix::Error::EINVAL with more descriptive msgs
4ee2b99 kata-deploy: fix threading conflicts
0a6f017 kernel: Ignore CONFIG_SPECULATION_MITIGATIONS for older kernels
6cf16c4 agent-ctl: fix clippy error
4b57c04 runtime-rs: support loading kernel modules in guest vm
dc90eae qemu: Drop unnecessary tdx_guest kernel parameter
d4b6761 clh: Use HVC console with TDX
c0cb3cd clh: Avoid crashing when memory hotplug is not allowed
9f0a57c clh: Increase API and SandboxStop timeouts for TDX
c142fa2 clh: Lift the sharedFS restriction used with TDX
bdf8a57 runk: Move delete logic to libcontainer
a06d819 runtime: cri-o annotations have been moved to podman
ffd1c1f agent-ctl/trace-forwarder: udpate thread_local dependency
69080d7 agent/runk: update regex dependency
e0ec090 runtime-rs: update async-std dependency
326f1cc agent: enrich some error code path
4f53e01 agent: skip test_load_kernel_module if non-root
f508c29 runtime: constify splitIrqChipMachineOptions
2b0587d runtime: VMX is migratible in vm factory case
fa09f0e runtime: remove qemuPaths
a6fbaac runk: add pause/resume commands
8e20150 kernel: fix for set_kmem_limit error
00aadfe kernel: SEV guest kernel upgrade to 5.19.2
0d9d8d6 kernel: upgrade guest kernel support to 5.19.2
57bd3f4 runtime-rs: plug drop-in decoding into config-loading code
87b97b6 runtime-rs: add filesystem-related part of drop-in handling
cf785a1 runtime-rs: add core toml::Value tree merging
09672eb agent: do some rollback works if case of do_create_container failed
8ff5c10 network: Fix error message for setting hardware address on TAP interface
3a597c2 runtime: clh: Use the new 'payload' interface
16baecc runtime: clh: Re-generate the client code
50ea071 versions: Upgrade to Cloud Hypervisor v26.0
fcc1e0c runtime: tracing: End root span at end of trace
78231a3 ci: Update libseccomp version
338c282 dep: update nix dependency
3829ab8 docs: Update CRI-O target link
3474649 libs/test-utils: share test code by create a new crate

Compatibility with CRI-O

Kata Containers 3.0.0-alpha1 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.0.0-alpha1 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 3.0.0-alpha1 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 3.0.0-alpha1 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.0.0-alpha1

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 3.0.0-alpha1 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

Assets 6

# Release 2.5.1

02 Sep 01:17
@amshinde amshinde
2.5.1
This tag was signed with the committer’s verified signature.
amshinde Archana Shinde
GPG key ID: 60DE32E76786F4D4
Learn about vigilant mode.
65dd151
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
# Release 2.5.1

kata-containers Changes

This releases includes security fixes for rust dependencies.
Cloud-hypervisor has been upgraded tp v26.0.
Rust supported version has been also upgraded to 1.59.0.
CONFIG_CGROUP_HUGETLB was added to the kernel to support hugetlb cgroups.
In addition, some minor bug fixes for hadling container create failures
and tracing were added.

Shortlog

d643743 release: Kata Containers 2.5.1
38801e5 release: Adapt kata-deploy for 2.5.1
8f8b93d kernel: Add CONFIG_CGROUP_HUGETLB=y as part of the cgroup fragments
25b1a52 runtime: tracing: End root span at end of trace
5532930 agent: do some rollback works if case of do_create_container failed
6950569 agent-ctl/trace-forwarder: udpate thread_local dependency
48a94f3 agent/runk: update regex dependency
1a396a1 dep: update nix dependency
0128372 versions: Update kernel to 5.15.63
2e3ae3f agent-ctl: Get rid of compiler warning
14a4551 versions: Upgrade rust supported version to 1.59.0
cd898d2 runtime: clh: Use the new 'payload' interface
e851232 runtime: clh: Re-generate the client code
c0b5ba2 versions: Upgrade to Cloud Hypervisor v26.0

Compatibility with CRI-O

Kata Containers 2.5.1 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.5.1 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.5.1 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.5.1 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.5.1

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.5.1 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

Assets 6

# Release 3.0.0-alpha0

16 Aug 06:32
@bergwolf bergwolf
3.0.0-alpha0
8cd1e50
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
# Release 3.0.0-alpha0 Pre-release
Pre-release

kata-containers Changes

The biggest highlights of the first 3.0 alpha release are the addition of a rustified
runtime and the integrated rust hypervisor (dragonball), contributed by engineers from
Alibaba Cloud and Ant Group. The new runtime will further improve Kata's resource
comsumption, speed, and management simplicity. It is still an on-going work and we
expect it to stablize and mature in the coming few months.

Other new changes include:

  • A new safe-path library to handle path calculation safely for rust components
  • A few new subcommands of runk
  • Support host cgroup v2
  • Support drop-in config files
  • Quite a few dependency updates and bugfixes etc.

Shortlog

3e9077f docs: Update url in containerd documentation
52133ef release: Kata Containers 3.0.0-alpha0
c280d69 runtime-rs: delete route model
caada34 runtime-rs: fix design doc's typo
b61dda4 docs: use curl as default downloader for runtime-rs
ca9d16e runtime-rs: update Cargo.lock
99a7b4f workflow: Revert "static-checks: Allow Merge commit to be >75 chars"
d14e80e workflow: Revert "docs: modify move-issues-to-in-progress.yaml"
1f4b6e6 versions: Update libseccomp version
b828190 Merge pull request #4823 from openanolis/runtime-rs-merge-main-runtime-rs
f791169 Merge pull request #4826 from openanolis/runtime-rs-version
8bbffc4 runtime-rs:update rtnetlink version
e403838 runtim-rs: Merge remote-tracking branch 'origin/main' into runtime-rs
9312511 Merge pull request #4817 from openanolis/runtime-rs-s390x-fail
389ae97 runtime-rs:skip the test when the arch is s390x
945e022 runtime-rs:skip the build process when the arch is s390x
8b0e185 Merge pull request #4784 from openanolis/fix-protocol-ci-err
b337390 Merge pull request #4791 from openanolis/runtime-rs-merge-main-1
7247575 runtime-rs:fix cargo clippy
9803393 runtime-rs: Merge branch 'main' into runtime-rs-merge-main-1
86ac653 libs: fix CI error for protocols
993ae24 Merge pull request #4777 from openanolis/runtime-rs-merge
adfad44 Merge remote-tracking branch 'origin/main' into runtime-rs-merge-tmp
5457deb Merge pull request #4741 from openanolis/fix-stop-failed-in-azure
fa0b11f runtime-rs: fix stdin hang in azure
50b0b7c Merge pull request #4681 from Tim-0731-Hzt/runtime-rs-sharepid
1293357 Merge pull request #4727 from openanolis/anolis-fix-network
71384b6 Merge pull request #4713 from openanolis/adjust_default_vcpu
b314741 runtime-rs:add unit test for set share pid ns
1ef3f8e runtime-rs: set share sandbox pid namespace
57c556a runtime-rs: fix stop failed in azure
3f4dd92 Merge pull request #4702 from openanolis/runtime-rs-endpoint-dev
a3127a0 Merge pull request #4721 from openanolis/install-guide-2
c825065 runtime-rs: fix tc filter setup failed
e0194dc runtime-rs: update route destination with prefix
534a492 Merge pull request #4692 from openanolis/support_disable_guest_seccomp
fa85fd5 docs: add rust environment setup for kata 3.0
896478c runtime-rs: add functionalities support for macvlan and vlan endpoints
43045be runtime-rs: handle default_vcpus greator than default_maxvcpu
54f53d5 runtime-rs: support disable_guest_seccomp
5403038 Merge pull request #4688 from quanweiZhou/fix_sandbox_cgroup_false
7c146a5 Merge pull request #4684 from quanweiZhou/fix-ctr-exit-error
08a6581 Merge pull request #4662 from openanolis/runtime-rs-user-manaul
4331ef8 Runtime-rs: add installation guide for rust-runtime
4c3bd6b Merge pull request #4656 from openanolis/runtime-rs-ipvlan
960f2a7 Merge pull request #4678 from Tim-0731-Hzt/runtime-rs-makefile-2
e9988f0 runtime-rs: fix sandbox_cgroup_only=false panic
cebbebb runtime-rs: fix ctr exit failed
758cc47 Merge pull request #4671 from liubin/4670-upgrade-nix
25be4d0 Merge pull request #4676 from openanolis/xuejun/runtime-rs
62182db runtime-rs: add unit test for ipvlan endpoint
99654ce runtime-rs: update dbs-xxx dependencies
f4c3adf runtime-rs: Add compile option file
545ae3f runtime-rs: fix warning
19eca71 runtime-rs: remove the value of hypervisor path in DB config
d8920b0 runtime-rs: support functionalities of ipvlan endpoint
2b01e9b dragonball: fix warning
996a6b8 kata-sys-util: upgrade nix version
9f49f7a Merge pull request #4493 from openanolis/runtime-rs-dev
3c98952 dragonball: update for review
274598a kata-runtime: add dragonball config check support.
1befbe6 runtime-rs: Cargo lock for fix version problem
3d6156f runtime-rs: support dragonball and runtime-binary
3f6123b libs: update configuration and annotations
f3335c9 Merge pull request #4614 from Tim-0731-Hzt/runtime-rs-merge-main
b424cf3 Merge pull request #4544 from openanolis/anolis/virtio_device_aarch64
d258499 dragonball: fix dependency unused warning
458f6f4 dragonball: use const string for legacy device type
58b0fc4 Merge pull request #4192 from Tim-0731-Hzt/runtime-rs
0826a21 Merge remote-tracking branch 'origin/main' into runtime-rs-1
939959e docs: add Dragonball to hypervisors
f6f96b8 dragonball: add legacy device support for aarch64
7a41839 dragonball: add device info support for aarch64
30da3fb Merge pull request #4515 from openanolis/anolis/dragonball-3
9cee521 fmt: do cargo fmt and add a dependency for blk_dev
47a4142 fs: change vhostuser and virtio into const
e14e98b cpu_topo: add handle_cpu_topology function
5d3b53e downtime: add downtime support
6a1fe85 vfio: add vfio as TODO
5ea35dd refractor: remove redundant by_id
b646d7c config: remove ht_enabled
cb54ac6 memory: remove reserve_memory_bytes
bde6609 hotplug: add room for other hotplug solution
d88b1bf dragonball: update vsock dependency
dd003eb Dragonball: change error name and fix compile error
38957fe UT: fix compile error in unit tests
11b3f95 dragonball: add virtio-fs device support
948381b dragonball: add virtio-net device support
3d20387 dragonball: add virtio-blk device support
87d38ae Doc: add document for Dragonball API
2bb1eea docs: further questions related to upcall
026aaee docs: add FAQ to the report
fffcb81 docs: update the content of the report
42ea854 docs: kata 3.0 Architecture
090de2d dragonball: fix the clippy errors.
a159332 dragonball: add vsock api to api server
89b9ba8 dragonball: add set_vm_configuration api
95fa0c7 dragonball: add start microvm support
5c1ccc3 dragonball: add Vmm struct
4d234f5 dragonball: refactor code layout
cfd5dae dragonball: add vm struct
527b73a dragonball: remove unused feature in AddressSpaceMgr
514b4e7 Merge pull request #4543 from openanolis/anolis/add_vcpu_configure_aarch64
7120afe dragonball: add vcpu test function for aarch64
648d285 dragonball: add vcpu support for aarch64
7dad7c8 dragonball: update dbs-xxx dependency
59cab9e Merge pull request #4380 from Tim-0731-Hzt/rund/makefile
1809325 Merge pull request #4527 from Tim-0731-Hzt/rund-new/netlink
07231b2 runtime-rs:refactor network model with netlink
c8a9052 build: format files
242992e build: put install methods in utils.mk
8a69726 build: makefile for dragonball config
9c52629 runtime-rs:refactor network model with netlink
12c1b9e Merge pull request #4536 from Tim-0731-Hzt/runtime-rs-kata-main
f3907aa runtime-rs:Merge remote-tracking branch 'origin/main' into runtime-rs-newv
badbbcd Merge pull request #4400 from openanolis/anolis/dragonball-2
71db2dd hotplug: add room for future acpi hotplug mechanism
8bb00a3 dragonball: fix a bug when generating kernel boot args
2aedd4d doc: add document for vCPU, api and device
bec22ad dragonball: add api module
07f44c3 dragonball: add vcpu manager
78c9718 dragonball: add upcall support
7d1953b dragonball: add vcpu
468c73b dragonball: add kvm context
98f041e Merge pull request #4486 from openanolis/runtime-rs-merge-main
86123f4 Merge branch 'main' into runtime-rs
e89e650 dragonball: add signal handler
b6cb2c4 dragonball: add metrics system
e80e0c4 dragonball: add io manager wrapper
f23d709 Merge pull request #4265 from openanolis/anolis/dragonball-1
d5ee3fc safe-path: fix clippy warning
93c10df runtime-rs: add crosvm license in Dragonball
dfe6de7 dragonball: add dragonball into kata README
39ff85d dragonball: green ci
71f24d8 dragonball: add Makefile.
a1df6d0 Doc: Update Dragonball Readme and add document for device
8619f2b dragonball: add virtio vsock device manager.
52d42af dragonball: add device manager.
c1c1e51 dragonball: add kernel config.
6850ef9 dragonball: add configuration manager.
0bcb422 dragonball: add legacy devices manager
3c45c07 dragonball: add console manager.
3d38bb3 dragonball: add address space manager.
aff6040 dragonball: add resource manager support.
8835db6 dragonball: initial commit
9cb15ab agent: add the FSGroup support
ff7874b protobuf: upgrade the protobuf version to 2.27.0
06f398a runtime-rs: use withContext to evaluate lazily
fd4c26f runtime-rs: support network resource
4be7185 runtime-rs: runtime part implement
10343b1 runtime-rs: enhance runtimes
9887272 libs: enhance kata-sys-util and kata-types
3ff0db0 runtime-rs: support rootfs volume for resource
234d7bc runtime-rs: support cgroup resource
75e282b runtime-rs: hypervisor base define
bdfee00 runtime-rs: service and runtime framework
4296e30 runtime-rs: agent implements
d3da156 runtime-rs: uint FsType for s390x
e705ee0 runtime-rs: update containerd-shim-protos to 0.2.0
8c0a60e runtime-rs: modify the review suggestion
278f843 runtime-rs: shim implements for runtime-rs
641b736 libs: enhance kata-sys-util
69ba1ae trans: fix the issue of wrong swapness type
d2a9bc6 agent: agent-protocol support async
aee9633 libs/sys-util: provide functions to execute hooks
8509de0 libs/sys-util: add function to detect ...

Read more
Assets 2

# Release 2.5.0

17 Aug 02:53
@bergwolf bergwolf
2.5.0
94c7f6e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
# Release 2.5.0

kata-containers Changes

Feature highlights include:

  • Firecracker has been updated to v1.1.0
  • Nydus has been updated to v2.1.0-alpha.4
  • Cloud Hypervisor has been updated to v25.0
  • Support containerd shimv2 logging plugin
  • Support virtio-block multiqueue
  • Support QEMU sandbox feature
  • Switch to rust version virtiofsd
  • Support core scheduling with containerd
  • kata-runtime iptables subcommand to manipulate iptables in the guest
  • A few new subcommands for runk
  • Support direct-assigned volumes
  • Many bugfix, CI and packaging improvements.

Shortlog

da875e7 release: Kata Containers 2.5.0
05b2096 release: Adapt kata-deploy for 2.5.0
1b93015 build: Fix clh source build as normal user
01c889f runtime: Fix DisableSelinux config
59bd5c2 container: kill all of the processes in this container
22c005f nydus: upgrade nydus/nydus-snapshotter version
8220e54 runtime: add unlock before return in sendReq
4f0ca40 versions: Update Firecracker version to v1.1.0
da24fd8 clh: Don't crash if no network device is set by the upper layer
ed25d2c versions: Update Cloud Hypervisor to v25.0
dfc1413 action: extend commit message line limit to 150 bytes
2d29791 release: Kata Containers 2.5.0-rc0
f4eea83 release: Adapt kata-deploy for 2.5.0-rc0
96553e8 runtime: Add documentation of drop-in config file fragments
c656457 runtime: Add tests of drop-in config file decoding
99f5ca8 runtime: Plug drop-in decoding into decodeConfig()
0f9856c runtime: Scan drop-in directory, read files and decode them
2c1efcc runtime: Add helpers to copy fields between tomlConfig instances
20f1187 runtime: Add framework to manipulate config structs via reflection
2a4fbd6 agent: enhance get handled signal
0ddb34a oci: fix serde skip serializing condition
acd3302 agent: Run OCI poststart hooks after a container is launched
fbb2e9b agent: Replace some libc functions with nix ones
1f363a3 runtime: overwrite mount type to bind for bind mounts
4e48509 build: Set safe.directory for runtime repo
433816c ci/cd: update check-commit-message
48ccd42 ci: Set safe.directory against tests repository
a5a25ed runtime: delete Console from Cmd type
3232714 virtcontainers: Remove unused function
0939f51 config: Expose default_maxmemory
58ff2bd clh,qemu: Adapt to using default_maxmemory
afdc960 hypervisor: Add default_maxmemory configuration
ab5f1c9 shim: set a non-zero return code if the wait process call failed.
e5be5cb runtime: device: cleanup outdated comments
5f936f2 virtcontainers: config validation is host specific
bdf5e52 virtcontainers: validate hypervisor config outside of hypervisor itself
469e098 katautils: don't do validation when loading hypervisor config
1a78c3d packaging: Remove unused kata docker configure script
0e2459d docs: Add cgroupDriver for containerd
4e30e11 shim: support shim v2 logging plugin
e32bf53 device: deduplicate state structures
f97d9b4 runtime: device/persist: drop persist dependency from device pkgs
f9e96c6 runtime: device: move to top level package
3880e0c agent: refactor reading file timing for debugging
93874cb packaging: Restrict kernel patches applied to top-level dir
07b1367 versions: Update kernel to latest LTS version 5.15.48
1b7d36f agent: Allow BUILD_TYPE=debug
c70d3a2 agent: Update the dependencies
612fd79 random: Fix "nonminimal-bool" clippy warning
d4417f2 netlink: Fix "or-fun-call" clippy warnings
e227b4c block: Leverage multiqueue for virtio-block
9ff10c0 kernel: Add CONFIG_EFI=y as part of the TDX fragments
e7e7dc9 runtime: Add heuristic to get the right value(s) for mem-reserve
ef925d4 runtime: enable sandbox feature on qemu
0bbbe70 snap: fix snap build on ppc64le
c7dd10e packaging: Remove unused publish kata image script
1b7fd19 rootfs: Fix chronyd.service failing on boot
2899530 tracing: Remove whitespace from root span
9941588 workflow: Removing man-db, workflow kept failing
a305baf docs: Update outdated URLs and keep them available
721ca72 runtime: fix error when trying to parse sandbox sizing annotations
90a7763 snap: Fix debug cli option
5d7fb7b build(deps): bump github.com/containerd/containerd in /src/runtime
d0ca2fc build(deps): bump crossbeam-utils in /src/tools/trace-forwarder
a60dcff build(deps): bump regex from 1.5.4 to 1.5.6 in /src/tools/agent-ctl
dbf5067 build(deps): bump crossbeam-utils in /src/tools/agent-ctl
8e2847b build(deps): bump crossbeam-utils from 0.8.6 to 0.8.8 in /src/libs
e9ada16 build(deps): bump regex from 1.5.4 to 1.5.5 in /src/agent
adad9ce build(deps): bump crossbeam-utils from 0.8.5 to 0.8.8 in /src/agent
ac5dbd8 clh: Improve logging related to the net dev addition
0b75522 network: Set queues to 1 to ensure we get the network fds
93b61e0 network: Add FFI_NO_PI to the netlink flags
bf3ddc1 clh: Pass the tuntap fds down to Cloud Hypervisor
55ed32e clh: Take care of the VmAdNetdPut request ourselves
01fe09a clh: Hotplug the network devices
2e07538 clh: Expose VmAddNetPut
bee7703 docs: Update containerd url link
1a5ba31 agent: refactor reading file timing for debugging
bb26bd7 safe-path: fix clippy warning
db5048d kernel: build efi_secret module for SEV
1ef0b7d runtime: Switch to using the rust version of virtiofsd (all but power)
9773838 virtiofsd: export env vars needed for building it
eff4e10 shim: change the log level for GetOOMEvent call failures
4124413 docs: Add more kata monitor details
8f10e13 config: Allow enable_iommu pod annotation by default
b0e090f versions: Bump virtiofsd to v1.3.0
1b84597 docs: Add storage limits to arch doc
7ae11ca docs: Update source for cri-tools
f509962 tools: Enable extra detail on error
34bcef8 docs: Add agent-ctl examples section
815157b docs: Remove erroneous whitespace
eb24e97 release: Kata Containers 2.5.0-alpha2
d2df120 docs: describe kata handling for core-scheduling
22b6a94 shim: add support for core scheduling
fe3c1d9 docs: Update storage documentation link
6ecea84 rustjail: get home dir using nix crate
38a3188 runk: Support list sub-command
6d0ff90 docs: Update vGPU use-case
9d27c1f agent: ignore ESRCH error when destroying containers
9726f56 runtime: force stop container after the container process exits
168f325 docs: Update configuration reference for snap documentation
b9fc24f docs: update release process github token instructions
c1476a1 docs: update release process with latest workflow triggering
8b57bf9 workflows: add workflow_dispatch triggering to test-kata-deploy
002f2cd snap: Use helper script and cleanup
9b108d9 docs: Improve snap formatting
894f661 docs: Add warning to snap build
d759f6c snap: Fix CH architecture check
5659180 docs: Improve snap build instructions
cb2b309 snap: Build using destructive mode
60823ab docs: Move snap README
af2ef3f agent-ctl: introduce handle for iptables get/set
65f0cef kata-runtime: add iptables CLI to test http endpoint
3201ad0 shim-client: ensure we check resp status for Put/Post
0706fb2 kata-runtime: shmgmt: make url usage consistent
2a09378 shim-client: add support for DoPut
640173c shim-mgmt: Add endpoint handler for interacting with iptables
0136be2 virtcontainers: plumb iptable set/get from sandbox to agent
bd50d46 agent: iptables: get/set handling for iptables
03176a9 proto: update generated code based on proto update
38ebbc7 proto: update to add set/get iptables
78d45b4 agent: return mount file content if parse mountinfo failed
2e04833 docs: Update Intel QAT documentation links
7c4049a osbuilder: add iptables package
648b8d0 runk: Return error when tty is used without console socket
5205efd runk: Add Podman guide in README
5903815 agent: Pass standard I/O to container launched by runk
c7b3941 runk: Enable test for the agent built with standard-oci-runtime feature
6dbce7c agent: Remove unused import in console test
d862ca0 runk: Handle rootfs path in config.json properly
c95ba63 docs: Remove information related to Kata 1.x
34b8038 docs: Get rid of note related to networking.
dfad572 docs: Mention --cni flag while invoking ctr
fff8328 clh: Update to v24.0
4936174 snap: Build and package rust version of virtiofsd
27d903b snap: Put the yq binary in the staging bin directory
d7b4ce0 snap: Remove unused variable
43de544 snap: Fix unbound variable error
c9b2915 snap: Fix whitespace
122a85e agent: remove bin oci-kata-agent
35619b4 runk: merge oci-kata-agent into runk
10c13d7 qemu: remove virtiofsd option in qemu config
d20bc5a virtiofsd: build rust based virtiofsd from source for non-x86_64
8e7c597 agent: fix direct-assigned volume stats
4428cea runtime: direct-volume stats use correct name
ffdc065 runtime: direct-volume stats update to use GET parameter
f295953 runtime: fix incorrect Action function for direct-volume stats
2a1d394 runtime: Adding the correct detection of mediated PCIe devices
ce2e521 runtime: remove duplicate 'types' import
7a5ccd1 runtime: sync docstrings with function names
834f93c docs: fix annotations example
f4994e4 runtime: allow annotation configuration to use_legacy_serial
c67b9d2 qemu: allow using legacy serial device for the console
44814dc qemu: treat console kernel params within appendConsole
24a2b0f docs: Remove clear containers reference in README
8052fe6 runtime: do not check for EOF error in console watcher
abad33e kernel: Remove nemu.conf from packaging
e87eb13 tools: delete unused param from get_from_kata_deps callers
4b437d9 agent: Fix is_signal_handled failing parsing str to u64
e73b70b runtime: Don't run unit tests verbose by default
f24a6e7 runtime: Consolidate flags setting in unit tests script
cf465fe runtime: Don't change test behaviour based on $CI or $KATA_DEV_MODE
34c4ac5 runtime: Remove redundant subcommands from go-test.sh
0aff5aa runtime: Simplify package listing in go-test.sh
557c4cf runtime: Don't chmod coverage files...

Read more
Assets 6

# Release 2.5.0-rc0

06 Jul 06:31
@fidencio fidencio
2.5.0-rc0
This tag was signed with the committer’s verified signature.
fidencio Fabiano Fidêncio
GPG key ID: EE926C2BDACC177B
Learn about vigilant mode.
ac91fb7
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
# Release 2.5.0-rc0 Pre-release
Pre-release

kata-containers Changes

Shortlog

2d29791 release: Kata Containers 2.5.0-rc0
f4eea83 release: Adapt kata-deploy for 2.5.0-rc0
96553e8 runtime: Add documentation of drop-in config file fragments
c656457 runtime: Add tests of drop-in config file decoding
99f5ca8 runtime: Plug drop-in decoding into decodeConfig()
0f9856c runtime: Scan drop-in directory, read files and decode them
2c1efcc runtime: Add helpers to copy fields between tomlConfig instances
20f1187 runtime: Add framework to manipulate config structs via reflection
2a4fbd6 agent: enhance get handled signal
0ddb34a oci: fix serde skip serializing condition
acd3302 agent: Run OCI poststart hooks after a container is launched
fbb2e9b agent: Replace some libc functions with nix ones
1f363a3 runtime: overwrite mount type to bind for bind mounts
4e48509 build: Set safe.directory for runtime repo
433816c ci/cd: update check-commit-message
48ccd42 ci: Set safe.directory against tests repository
a5a25ed runtime: delete Console from Cmd type
3232714 virtcontainers: Remove unused function
0939f51 config: Expose default_maxmemory
58ff2bd clh,qemu: Adapt to using default_maxmemory
afdc960 hypervisor: Add default_maxmemory configuration
ab5f1c9 shim: set a non-zero return code if the wait process call failed.
e5be5cb runtime: device: cleanup outdated comments
5f936f2 virtcontainers: config validation is host specific
bdf5e52 virtcontainers: validate hypervisor config outside of hypervisor itself
469e098 katautils: don't do validation when loading hypervisor config
1a78c3d packaging: Remove unused kata docker configure script
0e2459d docs: Add cgroupDriver for containerd
4e30e11 shim: support shim v2 logging plugin
e32bf53 device: deduplicate state structures
f97d9b4 runtime: device/persist: drop persist dependency from device pkgs
f9e96c6 runtime: device: move to top level package
3880e0c agent: refactor reading file timing for debugging
93874cb packaging: Restrict kernel patches applied to top-level dir
07b1367 versions: Update kernel to latest LTS version 5.15.48
1b7d36f agent: Allow BUILD_TYPE=debug
c70d3a2 agent: Update the dependencies
612fd79 random: Fix "nonminimal-bool" clippy warning
d4417f2 netlink: Fix "or-fun-call" clippy warnings
e227b4c block: Leverage multiqueue for virtio-block
9ff10c0 kernel: Add CONFIG_EFI=y as part of the TDX fragments
e7e7dc9 runtime: Add heuristic to get the right value(s) for mem-reserve
ef925d4 runtime: enable sandbox feature on qemu
0bbbe70 snap: fix snap build on ppc64le
c7dd10e packaging: Remove unused publish kata image script
1b7fd19 rootfs: Fix chronyd.service failing on boot
2899530 tracing: Remove whitespace from root span
9941588 workflow: Removing man-db, workflow kept failing
a305baf docs: Update outdated URLs and keep them available
721ca72 runtime: fix error when trying to parse sandbox sizing annotations
90a7763 snap: Fix debug cli option
5d7fb7b build(deps): bump github.com/containerd/containerd in /src/runtime
d0ca2fc build(deps): bump crossbeam-utils in /src/tools/trace-forwarder
a60dcff build(deps): bump regex from 1.5.4 to 1.5.6 in /src/tools/agent-ctl
dbf5067 build(deps): bump crossbeam-utils in /src/tools/agent-ctl
8e2847b build(deps): bump crossbeam-utils from 0.8.6 to 0.8.8 in /src/libs
e9ada16 build(deps): bump regex from 1.5.4 to 1.5.5 in /src/agent
adad9ce build(deps): bump crossbeam-utils from 0.8.5 to 0.8.8 in /src/agent
ac5dbd8 clh: Improve logging related to the net dev addition
0b75522 network: Set queues to 1 to ensure we get the network fds
93b61e0 network: Add FFI_NO_PI to the netlink flags
bf3ddc1 clh: Pass the tuntap fds down to Cloud Hypervisor
55ed32e clh: Take care of the VmAdNetdPut request ourselves
01fe09a clh: Hotplug the network devices
2e07538 clh: Expose VmAddNetPut
bee7703 docs: Update containerd url link
1a5ba31 agent: refactor reading file timing for debugging
bb26bd7 safe-path: fix clippy warning
db5048d kernel: build efi_secret module for SEV
1ef0b7d runtime: Switch to using the rust version of virtiofsd (all but power)
9773838 virtiofsd: export env vars needed for building it
eff4e10 shim: change the log level for GetOOMEvent call failures
4124413 docs: Add more kata monitor details
8f10e13 config: Allow enable_iommu pod annotation by default
b0e090f versions: Bump virtiofsd to v1.3.0
1b84597 docs: Add storage limits to arch doc
7ae11ca docs: Update source for cri-tools
f509962 tools: Enable extra detail on error
34bcef8 docs: Add agent-ctl examples section
815157b docs: Remove erroneous whitespace

Compatibility with CRI-O

Kata Containers 2.5.0-rc0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.5.0-rc0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.5.0-rc0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.5.0-rc0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.5.0-rc0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.5.0-rc0 suggest to use the Linux kernel v5.15.48
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

Assets 6

# Release 2.4.3

06 Jul 06:33
@fidencio fidencio
2.4.3
This tag was signed with the committer’s verified signature.
fidencio Fabiano Fidêncio
GPG key ID: EE926C2BDACC177B
Learn about vigilant mode.
6330386
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
# Release 2.4.3

kata-containers Changes

Shortlog

8470031 release: Kata Containers 2.4.3
396fed4 release: Adapt kata-deploy for 2.4.3
025e3ea shim: set a non-zero return code if the wait process call failed.
f32a146 snap: Fix debug cli option
0718b9b rootfs: Fix chronyd.service failing on boot

Compatibility with CRI-O

Kata Containers 2.4.3 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.4.3 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.4.3 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.4.3 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.4.3

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.4.3 suggest to use the Linux kernel v5.15.48
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

Assets 6