Skip to content

Releases: kata-containers/kata-containers

# Release 3.1.0-rc0

15 Feb 21:05
@amshinde amshinde
3.1.0-rc0
This tag was signed with the committer’s verified signature. The key has expired.
amshinde Archana Shinde
GPG key ID: 60DE32E76786F4D4
Expired
Learn about vigilant mode.
4a35d5f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
# Release 3.1.0-rc0 Pre-release
Pre-release

kata-containers Changes

This release includes several improvements inlcuding:

  • Support added for QEMU version v7.2.0
  • Upgrade to Cloud Hypervisor v29.0
  • Closed gaps around networking support for docker/moby.
  • Several runtime-rs improvements including adding support for hugepages
  • Improved qemu logging

Shortlog

5988199 release: Kata Containers 3.1.0-rc0
d144ded release: Adapt kata-deploy for 3.1.0-rc0
9304889 docs: Update how-to-use-kata-containers-with-firecracker.md
8e3863c kata-deploy: Install protobuf-compiler explicitly in shim-v2 Dockerfile
c453919 runtime: tracing: Fix missing ctx return
ca02c9f runtime: add reconnect timeout for vhost user block
67b8f07 SEV: Update ReducedPhysBits
4139d68 runtime-rs: Include target install in conditional branch
c071355 runtime-rs: Improve s390x error message
4e2db96 runtime-rs: Don't try to build on Power
2f5bc0f kata-ctl: Expand unit tests for CPU check
01765e1 runtime: support cgroup v2 metrics marshal guest metrics
e071d92 Typo: change tabs in comment to spaces
bdf20b5 rootfs: support EROFS filesystem
ed02c8a docs: add guide for building rootfs with EROFS
49326fe fix(clippy): fix hypervisor clippy checks
fff0e50 versions: Update runc version
3c48f22 runtime: Improve documentation of appendFDs
94b1d98 cargo: Update Cargo.lock files
f185559 make: Get rid of verbose output while creating tar
c383601 make: clean up obsolete targets
f83115a docs: Fix missing critical steps in how-to-hotplug-memory-arm64.md
3c24e23 README: Update Readme under packaging/kernel
d73f3a8 github-action: Add step to verify kernel config version id updated
ac64b02 clh: Enforce API timeout only for vm.boot request
56071c6 virtiofsd: change cache mod to const
5d37d31 cgroups: upgrade cgroupfs to 0.3.1
ab59a65 runtime-rs: neglect a certain error when delete cgroup
56f0a27 kernel: Add console kernel config for s390
390916b runtime: remove not used shim configurations
9794c52 improvement: Fix naming conventions for span name and log subsystem
57c5e56 Dragonball: add cpu resize ability
59f104c runtime: skip unit test that fail regularly on aarch64
b7dd97c kata-ctl: fix permission deny issue in test_add_remove
f49b89b CI: Set docker version to v20.10 in ubuntu:20.04 for s390x|ppc64le
856ab66 virtiofsd: fix the build on ppc64le
1e531b4 runtime:fix stat uds path
3a63e3c cni: Update cni plugins version to 1.2.0
5107981 dragonball: Improve test cases
dc90c6e dragonball: add more unit test for vm
334c4b8 runtime: Drop QEMU log file support
00dcd90 docs: Add documentation for building agent with seccomp support.
8e8c720 kata-deploy-push: Ensure we build Dragonball specific kernel
b7f4e96 kata-deploy-test: Ensure we build dragonball specific kernel
063dec3 release: Add the dragonball-experimental kernel
0b3c91d kata-deploy: Add kernel-dragonball-experimental target
6199b69 runtime-rs: change cache mode
a33a22c runtime-rs: add missing config section for share-fs
9092c23 runtime: Add hmp for qemu
9f490d1 upcall: add document for upcall
39fe4a4 runtime: Collect QEMU's stderr
a5319c6 runtime: Start QEMU undaemonized
bf4e3a6 runtime: Launch QEMU with cmd.Start()
8a1723a runtime: Pre-establish the QMP connection
8a4f08c govmm: Optionally pass QMP listener to QEMU
219bb8e govmm: Optionally start QMP with a pre-configured connection
2b779cb docs: Update url link in QAT documentation
a85d0e4 versions: update cni plugins version
861c38b versions: Upgrade to Cloud Hypervisor v29.0
ba87e0a runtime: Use consts in kata-runtime check
676d028 versions: Bump QEMU to v7.2.0
bf8848f agent: Eliminate unnecessary metrics
69fc8de runtime:all APIs are hang in the service.mu
8d4c2cf kata-ctl: Allow certain constants to go unused
64c11a6 kata-ctl: Have function to get cpu details to run on specific arch
594b57d utils: Add utility functions to get cpu and distro details.
d33e343 check: Move PROC_CPUINFO from architecture specific files
596037e versions: Update conmon version
cf1bae3 runtime: paas enablevhostuserstore annotation to hypervisor config
095e8fd runk: Use the original Kill command instead of the customed it.
0f9e23a runk: Upgrade liboci-cli to v0.0.4
8551853 runtime: use system pagesize for hugepage test
1592a38 dependency: update cgroups-rs
76437a9 runtime: Use git rev-parse for the kata-monitor tag
923cd3f virtcontainers: split out Linux parts from mount
60ff230 virtcontainers: Split the factory package into Linux and Darwin bits
a962668 virtcontainers: resourcecontrol: Add skeleton for Darwin
ea06fe3 virtcontainers: Add a Network API skeleton for Darwin
73216a8 vendor: revendor netlink to get latest
6ee550e runtime: vCPUs pinning is sandbox specific, not hypervisor
e3d3b72 virtcontainers: use resource control for setting CPU affinity
f137048 resource-control: add helper function for setting CPU affinity
fc17d7c virtcontainers: Fix misspelling in error message
7eb43ce runtime: add test generated file to .gitignore
12fd6ff runtime: fix up disable_netns handling
f8a48ab docs: add hint of probing loop module
64c9114 tools: add --locked option for cargo install
464d4c9 runtime-rs: process single_container
5f9c892 kata-types: add single_container support
fafc7a8 virtcontainers: tests: Ensure Linux specific tests are just run on Linux
86a82ca runtime: change cache mode from none to never
82c59ef runtime-rs: change cache mode from none to never
7b309b5 kata-types: change cache mode from none to never
fee4e7c docs: change cache mode from none to never
f8a93a1 tools: Fix indentation for setup aks script
d48b22b virtcontainers: fs_share: add Darwin skeleton
fa9ae93 virtcontainers: Add a Virtualization.framework skeleton
03de5f4 kata-ctl: remove get_kata_version_by_url function
c21a8d5 kata-ctl: fix build error on s390x
9ec8a13 virtcontainers: introduce hypervisor_darwin
3b4420e runtime: Define Darwin handled signals list
3886aad nydus: net-ns handling needs to be only executed on Linux hosts
efa4fc0 clh: Add hotplug support for network devices
1074d2c clh: Make vmAddNetPutRequest capable of doing hotplugs
85f9094 agent: refactor guest hooks
8bb68a9 vc/network: skip existing endpoints when scanning for new ones
d085389 vc: fix up UT for CreateSandbox API change
578a9c2 vc: rescan network endpoints after running prestart hooks
cb84b0f katautils: run prestart hooks after starting VM
24b05a9 schedcore: Make buildable on !linux
31591d7 dragonball: fix unit test failure case about Kvm.
2b02e0a dragonball: add more unit test for vcpu manager
e256903 runtime-rs: cleanup the run dir of hypervisor when shut down
937a413 kata-ctl: add unit tests for volume ops
8451db7 kata-ctl: direct-volume: add Add and Remove handlers
2d4b2cf runtime-rs: add POST method to shim-client
cae78a6 kata-ctl: add constants for direct-volume commands
86ee24b Runtime: Clarify mutability of global var
dae6670 kata-runtime: add rust runtime path for kata-runtime exec
652021a versions: Upgrade to Cloud Hypervisor v28.1
a2e3715 upcall: remove upcall client when stopping vm
3605062 runtime-rs: add dbs-upcall feature
56e7b5d runtime/Makefile: Get some bits happy on darwin
b4b5d81 docs: remove old and misleading instructions for minikube
0fe24e0 packaging: fix indents in build-kernel.sh
ecb28e2 kernel: adding kmod to do docker env
079462d runk: Fix needless_borrow warning
2c24fcf runtime-rs: Fix clippy::bool-to-int-with-if warnings
025e783 runtime-rs: Fix needless_borrow warnings
4fb163d runtime-rs: Allow clippy:box_default warnings
20121fc runtime-rs: Fix unnecessary_cast warnings
b95364a dragonball: Allow question_mark warning in allocate_device_resources()
0b2f060 dragonball: Fix unnecessary_cast warnings
a545a65 agent: Allow clippy::question_mark warning in Namespace{}
9ced34d agent: Fix explicit_auto_deref warnings
f772204 agent: Fix needless_borrow warnings
7bcdc90 rustjail: Fix unnecessary_cast warnings
41d7dba rustjail: Fix needless_borrow warnings
2a73e05 kata-types: Fix unnecessary_cast warnings
cf9ef18 kata-types: Fix needless_borrow warnings
126187e safe-path: Fix needless_borrow warnings
bb78d35 kata-sys-util: Fix "match-like-matches-macro" warning
668e652 kata-sys-util: Fix unnecessary_cast warnings
c1a8d89 kata-sys-util: Fix needless_borrow warnings
c9c38e6 logging: Allow clippy::type-complexity warning
ffd6fbb logging: Fix needless_borrow warnings
60df300 protocols: Fix unnecessary_cast warnings
0bbeb34 protocols: Fix needless_borrow warnings
dfea6c7 versions: Update the rust toolchain to 1.66.0
03a0c9d kata-ctl: skip test if access GitHub.com fail
1dcbda3 kata-ctl: update Cargo.lock
087515a agent: unset CC for cross-build
afaf17f runtime-rs: enable container hugepage
fc4a67e runtime-rs: enable vm hugepage
fd77eeb runtime-rs: fix the issues mentioned in the code review
0e69207 runtime-rs: Clean up mount points shared to guest
3480780 kata-ctl: add check framework support for non-x86
1bd533f kata-ctl: let check framework arch-agnostic

Compatibility with CRI-O

Kata Containers 3.1.0-rc0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.1.0-rc0 is compatible with contaienrd v1.6.8

OCI Runtime Specification

Kata Containers 3.1.0-rc0 support the OCI Runtime Specification [v1.0.2][ocispec]

Compatibility with Kubernetes

Kata Containers 3.1.0-rc0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following [GNU LGPL-2.1][lgpl-2.1] licensed libseccomp library.

  • [libseccomp][libseccomp]

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code...

Read more
Assets 6
Loading

# Release 3.1.0-alpha1

19 Dec 15:11
@fidencio fidencio
3.1.0-alpha1
This tag was signed with the committer’s verified signature.
fidencio Fabiano Fidêncio
GPG key ID: EE926C2BDACC177B
Learn about vigilant mode.
2e54c8e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
# Release 3.1.0-alpha1

kata-containers Changes

Shortlog

b089612 release: Kata Containers 3.1.0-alpha1
74fa10a docs: remove duplicate sentences
ebe5c5a docs: Update virtiofsd build script in the developer guide Script to execute to build virtiofsd has been changed in #5426 but not in the doc. This commit update the developer guide.
d14c3af dragonball: refactor legacy device initialization
21ec766 docs: add documents for using bundle to start container
ca39a07 runtime-rs: enable start container from bundle
9f465a5 kernel: Add "unload" module to SEV config
ae0dcac tools: Add some new gitignore items
99485d8 shim: return hypervisor's pid not shim's pid
a81ced0 upcall: add upcall into kernel build script
f5c34ed Dragonball: introduce upcall
fbf294d refactor(shim-mgmt): move client side to libs
b5cfd09 kata-ctl: Fixed format for check release options
8dbfc3d kata-ctl: Fixed format for check release options
f3091a9 kata-ctl: Add kata-ctl check release options
1f28ff6 runtime-rs: add binary to exercise shim proper w/o containerd dependencies
eb8c9d3 runtime-rs: add launch of a simple qemu process to start_vm()
2f6d0d4 runtime-rs: support qemu in VirtContainer
1413dfe runtime-rs: add basic empty boilerplate for qemu driver
a577df8 tools: Fix indentation on build kernel script
4661ea8 runtime-rs: fix standalone share fs
79cf38e runtime-rs: clear OCI spec namespace path
62f4603 runtime-rs: reset rdma cgroup
5b6596f runtime-rs: CreateContainerRequest has Default
e9e82ce runtime-rs: fix is_pid_namespace_enabled check
7853215 docs: Add description for guest SELinux support
c617bbe runtime: Pass SELinux policy for containers to the agent
9354769 agent: Add SELinux support for containers
a75f99d osbuilder: Create guest image for SELinux
a9c746f kernel: Add kernel configs for SELinux
8079a97 kata-sys-util: fix issues where umount2 couldn't get the correct path
7fdbbcd agent: Drop the Option for LinuxContainer.cgroup_manager
c5abc5e config: speed up rng init when kernel boot for arm64
b087667 kata-deploy: Fix the pod of kata deploy starts to occur an error
3e6114b tools: Fix indentation for ovmf script
d04d45e runtime: use pidfd to wait for processes on Linux
e9ba0c1 runtime: use exponential backoff for process wait
71491a6 runtime: move process wait logic to another function
92ebe61 runtime: reap force killed processes
0019d65 runtime-rs: fix high cpu
748f22e agent: remove sysinfo dependency
fdf0a7b runtime-rs: fix the issues mentioned in the code review
1d823c4 runtime-rs: umount and permission controls in sandbox level
527b871 runtime-rs: bind mount volumes in sandbox level
46b3845 docs: Update the rust version in the installation documentation
9ccf2eb agent: add signal value to log
fb2c142 runtime-rs: fix some variable names and typos
a5e4cad kata-ctl: add host check for aarch64
7374204 kata-ctl: fix dependency version conflict
f7fc436 workflow: fix cargo-deny-runner.yaml syntax error
d4321ab runtime: Add identification in version for runtime-rs
89574f0 workflow: call cargo in user's $PATH
67fe703 runtime-rs: remove the version number from the commit display message
e12db92 runk: Re-implement start operation using the agent codes
f443b78 build: update golang version to 1.19.3
86cb058 snap: Fix snapcraft setup (unbreak snap releases)
1d93a93 fix(agent): fix iptables binary path in guest
2edbe38 runtime-rs: moving only vCPU threads into sandbox controller
cd85a44 tools: Remove extra tab spaces from kata deploy binaries script
e723bad ci: let static checks don't depend on build
69aae02 actions: use matrix to refactor static checks
d7bb4b5 agent: support systemd cgroup for kata agent
340e24f actions: skip some job using "paths-ignore" filter
1dfd845 runtime: go fix code for 1.19
2426ea9 doc: update runtime-rs "Build and Install"
4b45e13 runtime: don't fail mkdir if the folder is already created
cb199e0 kernel: add CONFIG_X86_SGX into whitelist
b987bbc runtime-rs: block on the current thread when setup the network
6b2ef66 runtime-rs: add conditional compile for virt-sandbox persist
30a7ebf runtime: Log invalid devices in QEMU config
2539f31 runtime: Use containerd v1.6.8
a4099da tools: Fix indentation of build static firecracker script
abb9ebe package: add nydus to release artifacts
b53171b agent: check command before do test_ip_tables
3bb145c runtime: Support virtiofs queue size for qemu and make it configurable
993d05a docs: change mount-info.json to mountInfo.json
6c1e153 docs: update doc "NVIDIA GPU passthrough"
d808ade runtime-rs: support vhost-vsock
e80a9f0 utils: Add utility function to fetch the kernel version.
a636d42 versions: update nydusd version
c46814b runtime-rs:support nydus v5 and v6
36545aa runtime: clh: Re-generate the client code
f4b02c2 versions: Upgrade to Cloud Hypervisor v28.0
e4a6fba docs: update doc "Setup swap device in guest kernel"
2f5f575 log-parser: Simplify check
d94718f runtime: Fix gofmt issues
16b8375 golang: Stop using io/ioutils
66aa330 versions: Update golangci-lint
b3a4a16 versions: bump containerd version
eab8d6b build: update golang version to 1.19.2
e80dbc1 runtime-rs: workaround Dragonball compilation problem
c3f1922 fix(fmt): fix cargo fmt to pass static check
a04afab qemu: early exit from Check if the process was stopped
7e481f2 qemu: set stopped only if StopVM is successful
0e3ac66 clh: return faster with dead clh process from isClhRunning
9ef68e0 clh: fast exit from isClhRunning if the process was stopped
2631b08 clh: don't try to stop clh multiple times
8be0817 tools: Fix indentation of build static virtiofsd script
3e9c3f1 docs: Fix configuration path
936fe35 runtime-rs : fix shim source is ambiguous
f45fe4f versions: update vmm-sys-util and related crates to v0.11.0
29c75cf runtime-rs: delete all cargo patches
f8f97c1 feat(shim-mgmt): iptables handler
9f70a69 tools: Remove empty spaces from build kernel script
5733683 dragonball: add more unit test for device manager
2333700 dragonball: add test utils.
2adb1c1 Dragonball: enable mem_file_path config into hugetlbfs process
fef8e92 runtime-rs:add hypervisor interface capabilities
daeee26 cloud-hypervisor: Fix GetThreadIDs function
40d514a github: Parallelise static checks
27b1913 runtime-rs: blanks filled & fixes made to virtiofsd launch
2508d39 runtime: added vcpus pinning logics Core VCPU threads pinning logics for issue 4476. Also provided docs.
b74c180 runtime-rs: fix shared volume permission issue
16dca4e runk: Ignore an error when calling kill cmd with --all option
df09218 runk: Upgrade libseccomp crate to v0.3.0 in Cargo.lock
990e635 snap: Unbreak docker install
ca69a9a snap: Use metadata for dependencies
39363ff runtime: remove same function
0ed7da3 tools: Fix indentation of build static clh script
43fcb8f virtiofsd: Not use "link-self-contained=yes" on s390x The compile option link-self-contained=yes asks rustc to use C library startup object files that come with the compiler, which are not available on the target s390x-unknown-linux-gnu. A build does not contain any startup files leading to a broken executable entry point (causing segmentation fault).
c0f5bc8 cargo: Add Cargo.lock to version control
474927e gitignore: Add gitignore file
699f821 utils: Add function to drop priveleges
a6fb4e2 versions: bump golangci-lint version
b015f34 runtime-rs: generate config files with the default target
219919e docs: Fix volumeMounts in SGX usage example
9d286af versions: Update Cloud Hypervisor to b4e39427080
144efd1 docs: update rust runtime installation guide
cbd84c3 rustjail: Upgrade libseccomp crate to v0.3.0
748be0f makefile: remove sudo when create symbolic link
44d8de8 agent: remove redundant checks
89e62d4 shim: Ensure pagesize is set when reporting hugetbl stats
e95089b kata-ctl: add basic cpu check for s390x
871d2cf kata-ctl: Limit running tests to x86 and use native-tls on s390x
9f2c7e4 Revert "kata-ctl: Disable network check on s390x"
081ee48 agent: use NLM_F_REPLACE replace NLM_F_EXCL in rtnetlink
abf4f9b docs: kata 3.0 Architecture fix readme content error
72738dc agent: validate hugepage size is supported
f74e328 Makefile: fix an typo in runtime-rs makefile
227e717 qemu: Re-work static-build Dockerfile
9c1ac3d runtime-rs: return port on agent-url req
f205472 Makefile: regulate the comment style for the runtime-rs comments
ac403cf doc: Update how-to-run-kata-containers-with-SNP-VMs.md
00981b3 kata-ctl: Disable network check on s390x
c322d1d kata-ctl: arch: Improve check call
0bc5baa snap: Build virtiofsd using the kata-deploy scripts
cb4ef47 snap: Create a task for installing docker
7e5941c virtiofsd: Build inside a container
9717dc3 Dragonball: remove redundant comments in event manager
35d52d3 versions: Update TDX QEMU
4d9dd87 runtime-rs: fix typo get_contaier_type to get_container_type
70676d4 kata-ctl: improve command descriptions for consistency
86ad832 runtime-rs: force shutdown shim process in it can't exit
9eb73d5 versions: Update TDX kernel
1f1901e dragonball: fix clippy warning for aarch64
a343c57 dragonball: enhance dragonball ci
6a64fb0 ci: skip s390x for dragonball.
a743e37 Dragonball: delete redundant comments in blk_dev_mgr
00a42f6 kata-ctl: cargo: 2021 -> 2018
fb63274 kata-ctl: rustfmt + clippy fixes
2b345ba build: Add kata-ctl to tools list
f7010b8 kata-ctl: docs: Write basic documentation
781e604 docs: Reference kata-ctl README
15c343c kata-ctl: Don't rely on system ssl libs
c235849 kata-ctl: clippy: Resolve warnings and reformat
1336904 kata-ctl: implement CLI argument --check-version-only
eb5423c kata-ctl: switch to use clap derive for CLI handling
018aa89 kata-ctl: Add cpu check
7c9f9a5 kata-ctl: Make arch test run at compile time
b63ba66 kata-ctl: Formatting tweaks
cca7e32...

Read more
Assets 6
Loading

# Release 3.0.1

19 Dec 18:57
@fidencio fidencio
3.0.1
This tag was signed with the committer’s verified signature.
fidencio Fabiano Fidêncio
GPG key ID: EE926C2BDACC177B
Learn about vigilant mode.
cfbc834
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
# Release 3.0.1

kata-containers Changes

Shortlog

ea74df1 release: Kata Containers 3.0.1
c712057 release: Adapt kata-deploy for 3.0.1
bc5bbfa versions: update nydusd version
0afcc57 package: add nydus to release artifacts
bd797ed kata-deploy: Fix the pod of kata deploy starts to occur an error
9cf1af8 runtime: clh: Re-generate the client code
4d6ca76 versions: Upgrade to Cloud Hypervisor v28.0
719017d clh: return faster with dead clh process from isClhRunning
569ecdb clh: fast exit from isClhRunning if the process was stopped
fa8a0ad clh: don't try to stop clh multiple times
8fbf862 cloud-hypervisor: Fix GetThreadIDs function
9141acd versions: Update Cloud Hypervisor to b4e39427080
9a0ab92 runtime: clh: Use the new API to boot with TDX firmware (td-shim)
f3eac35 runtime: clh: Re-generate the client code
8a7e0ef versions: Upgrade to Cloud Hypervisor v27.0
9cf1af8 runtime: clh: Re-generate the client code
4d6ca76 versions: Upgrade to Cloud Hypervisor v28.0
719017d clh: return faster with dead clh process from isClhRunning
569ecdb clh: fast exit from isClhRunning if the process was stopped
fa8a0ad clh: don't try to stop clh multiple times
8fbf862 cloud-hypervisor: Fix GetThreadIDs function
9141acd versions: Update Cloud Hypervisor to b4e39427080
9a0ab92 runtime: clh: Use the new API to boot with TDX firmware (td-shim)
f3eac35 runtime: clh: Re-generate the client code
8a7e0ef versions: Upgrade to Cloud Hypervisor v27.0
a152f60 runk: Ignore an error when calling kill cmd with --all option
50bf443 log-parser: Simplify check
74791ed runtime: Fix gofmt issues
778ebb6 golang: Stop using io/ioutils
b5661e9 versions: Update golangci-lint
88c13b6 versions: bump containerd version
b8ce291 build: update golang version to 1.19.2
f5e5ca4 github: Parallelise static checks
eaa7ab7 snap: Unbreak docker install
8d2fd24 snap: Use metadata for dependencies
ab83ab6 snap: Build virtiofsd using the kata-deploy scripts
1772df5 snap: Create a task for installing docker
2e49586 virtiofsd: Build inside a container

Compatibility with CRI-O

Kata Containers 3.0.1 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.0.1 is compatible with contaienrd v1.6.8

OCI Runtime Specification

Kata Containers 3.0.1 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 3.0.1 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.0.1

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 3.0.1 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

Assets 6
Loading

Kata Containers 3.1.0-alpha0

09 Oct 08:48
@bergwolf bergwolf
3.1.0-alpha0
acd72c4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Kata Containers 3.1.0-alpha0 Pre-release
Pre-release

Release 3.1.0-alpha0

kata-containers Changes

  • runtime: Support for AMD SEV-SNP VMs
  • runtime-rs: debug console support in runtime
  • runtime-rs: support watchable mount
  • runtime-rs/agent locking optimization
  • Cloud Hypervisor support upgraded to v27.0
  • various bugfix and CI improvements

Shortlog

ee74231 release: Kata Containers 3.1.0-alpha0
102a9dd workflow: Revert "workflow: trigger test-kata-deploy with pull_request"
68e8a86 runtime: fix incorrect comment for SetFsSharingSupport function
04bbce8 virtcontainers: add warn log record for qmp hotplug cpu error
53f209a libs/kata-types: adjust default_vcpus correctly
3aeaa64 runtime-rs: delete duplicated PASSTHROUGH_FS_DIR const
435c8f1 acrn: Enable ACRN hypervisor support for Kata 2.x release
c31cf72 agent: reduce reference count for failed mount
ef5a2dc agent: don't exit early if signal fails due to ESRCH
43ae972 kata-sys-util: delete duplicated get_bundle_path
4da743f packaging: Mount $HOME/.docker in the 1st layer container
067e2b1 runtime: clh: Use the new API to boot with TDX firmware (td-shim)
5d63fcf runtime: clh: Re-generate the client code
fe61070 versions: Upgrade to Cloud Hypervisor v27.0
17de94e microvm: Remove kernel_irqchip=on option
ac04831 kata-sys-util: fix typo unknow
f89ada2 dragonball: update ut for kernel config
a241276 versions: Update gperf url to avoid libseccomp random failures
a617a63 versions: Update oci version
6d585d5 dragonball: fix no "as_str" error on Arm
421729f tools: release: fix bogus version check
457b0be runtime-rs: update Cargo.lock
50299a3 refactor(runtime-rs): Use RwLock in runtime agent
0e89966 runtime-rs: fix shim close_io call to support kubectl cp
96cf21f runtime-rs: add comments for runtime-rs shared directory
7676cde workflow: trigger test-kata-deploy with pull_request
f108273 workflow: require PR num input on test-kata-deploy workflow_dispatch
90ecc01 Dragonball: update linux_loader to 0.6.0
abc26b0 dragonball: modify wrong code comments modify virtio_net_dev_mgr.rs wrong code comments
9bd9410 docs: Update urls in runk documentation
4a76392 runtime-rs: support watchable mount
e23bfd6 runtime-rs: make function name more understandable
426a436 runtime-rs: add unit test and eliminate raw string
87959cb runtime-rs: debug console support in runtime
d663f11 kata-deploy: get the config path from cri options
c6b3dcb kata-deploy: support kata-deploy for runtime-rs
a394761 kata-deploy: add installation for runtime-rs
2caee1f runtime-rs: define VFIO unbind path as a const
20bcaf0 runtime-rs: set agent timeout to 0 for stream RPCs
d9e6eb1 docs: Guide to use SNP-VMs with Kata-Containers
ded6017 runtime: Enable choice between AMD SEV and SNP
22bda08 runtime: Support for AMD SEV-SNP VMs
a2bbd29 kernel: Introduce SNP kernel
0e69405 docs: Developer-Guide updated
105eda5 runtime: Initrd path option added to config
adb33a4 packaging: fix typo in configure-hypervisor.sh
9628c7d runtime: update runc dependency
7fbc883 runtime-rs: drop dependency on rustc-serialize
bf2be0c release: Revert kata-deploy changes after 3.0.0-rc0 release
2082332 runtime-rs: add test for StaticResource
4696573 runtime-rs: remove hardcoded string
274de02 docs: add README for runtime-rs hypervisor crate
9670a3c runtime-rs: use Path.is_file to check regular files
a4a2345 osbuilder: Export directory variables for libseccomp
a828292 runtime-rs: add unit tests for network resource
a8a8a28 runtime-rs/resource: use macro to reduce duplicated code
3f65ff2 runtime-rs: fix incorrect comments
86a02c5 kernel: Add crypto kernel config for s390
f914319 runtime: store the user name in hypervisor config
5cafe21 runtime: make StopVM thread-safe
c301592 runtime: add more debug logs for non-root user operation
0399da6 runtime-rs: update dependencies
f6f1991 dragonball: update dragonball-sandbox dependencies
d55cf9a docs: Update url in virtualization document
7622452 Dragonball: Fix the problem about stdio console
aaf6d69 runtime-rs: call TomlConfig's validate function after load
5add50a runtime-rs: timeout for shim management client
9f13496 runtime-rs: shim management client
e891295 runtime-rs: shim management - agent-url
59aeb77 runtime-rs: shim management

Compatibility with CRI-O

Kata Containers 3.1.0-alpha0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.1.0-alpha0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 3.1.0-alpha0 support the OCI Runtime Specification v1.0.2

Compatibility with Kubernetes

Kata Containers 3.1.0-alpha0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.1.0-alpha0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 3.1.0-alpha0 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

Assets 6
Loading

Kata Containers 3.0.0

09 Oct 08:59
@bergwolf bergwolf
3.0.0
e2a8815
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Kata Containers 3.0.0

Release 3.0.0

kata-containers Changes

  • A new runtime implementation based on Rust
  • An optional builtin sandboxing functionality with rust-vmm based hypervisor dragonball
  • GPU VFIO passthrough support
  • Support host cgroup v2
  • Support drop-in config files
  • Support shimv2 logging plugin
  • Agent support FSGroup
  • A new safe-path library to handle path calculation safely for rust components
  • A few new subcommands of runk
  • Switch from C version virtiofsd to virtiofsd-rs
  • Support enabling QEMU sandbox feature
  • io_uring as IO mechanism for QEMU
  • Support for virtio-blk device multiqueue simulation for QEMU and Cloud-hypervisor
  • intel TDX support for QEMU and Cloud-hypervisor
  • QEMU updated to v6.2.0
  • Cloud-hypervisor upgraded to v26.0
  • Firecracker updated to v1.1.0
  • Guest kernel upgraded to v5.19.2

Shortlog

63495cf release: Kata Containers 3.0.0
fb44305 release: Adapt kata-deploy for 3.0.0
20c0252 agent: reduce reference count for failed mount
3eb6f58 agent: don't exit early if signal fails due to ESRCH
8dc8565 versions: Update gperf url to avoid libseccomp random failures
740e7e2 kata-sys-util: fix typo unknow
727f233 release: Kata Containers 3.0.0-rc1
babab16 tools: release: fix bogus version check
af22e71 osbuilder: Export directory variables for libseccomp
d663f11 kata-deploy: get the config path from cri options
c6b3dcb kata-deploy: support kata-deploy for runtime-rs
a394761 kata-deploy: add installation for runtime-rs
b0c5f04 runtime-rs: set agent timeout to 0 for stream RPCs
d44e39e runtime-rs: fix incorrect comments
43b0e95 runtime: store the user name in hypervisor config
8180188 runtime: make StopVM thread-safe
fba39ef runtime: add more debug logs for non-root user operation
6330951 runtime-rs: drop dependency on rustc-serialize
e229a03 runtime: update runc dependency
5835910 release: Kata Containers 3.0.0-rc0
be242a3 release: Adapt kata-deploy for 3.0.0-rc0
156e1c3 runtime-rs: delete some allow(dead_code) attributes
fc9c6f8 kata-types: don't check virtio_fs_daemon for inline-virtio-fs
96c8be7 libs/kata-types: change return type of getting CPU period/quota
2b1d058 runtime-rs: fix host device check pattern
62cf6e6 runtime-rs: remove meaningless comment
84268f8 runtime-rs: update rust runtime roadmap
bcf6bf8 runk: Enable seccomp support by default
36d805f config: add "inline-virtio-fs" as a "shared_fs" type
85b49ce runtime-rs: add README.md
968c2f6 runk: Refactor container builder
b948a8f kernel: fix kernel tarball name for SEV
50f9126 libs/kata-types: replace tabs by spaces in comments
566656b gperf: point URL to mirror site
d23779e Revert "agent: fix unittests for arp neighbors"
d340564 Revert "agent: use rtnetlink's neighbours API to add neighbors"
188d37b kata-deploy: Add debug statement
e879270 runtime-rs: add default agent/runtime/hypervisor for configuration
5f4f5f2 docs: fix unix socket address in agent-ctl doc
41ec711 runtime-rs: split amend_spec function
ff7c78e runtime-rs: static resource mgmt default to false
00f3a6d runtime-rs: make static resource mgmt idiomatic
4a54876 runtime-rs: support static resource management functionality
52bbc3a cargo.lock: update crates to comply with checks
aa581f4 cargo.toml: Add oci to src/libs workplace
7914da7 cargo.tomls: Added Apache 2.0 to cargo.tomls
bed4aab github-actions: Add cargo-deny
373dac2 qemu: Keep passing BUILD_SUFFIX
59e3850 qemu: create no_patches.txt file for SPR-BKC-QEMU-v2.5
54d6d01 qemu: fix tdx qemu tarball directories
9997ab0 sandbox_test: Add test to verify memory hotplug behavior
f390c12 sandbox: don't hotplug too much memory at once
e0142db hypervisor: Add GetTotalMemoryMB to interface
e83b821 docs: Update url in the Developer Guide
0ab49b2 release: Kata Containers 3.0.0-alpha1
b1a8aca versions: Update cni plugins version
749a6a2 docs: Specify language in markdown for syntax highlight
a1fdc08 kernel: Re-work get_tee_kernel()
a658173 kernel: Whitelist cleanup
cce99c5 runtime-rs: delete socket from shim command-line options
c75970b dragonball: add more unit test for config manager
dc32c46 osbuilder: fix ubuntu initrd /dev/ttyS0 hang
cc5f91d osbuilder: add systemd symlinks for kata-agent
731d39d kernel: Add CONFIG_CGROUP_HUGETLB=y as part of the cgroup fragments
f7d41e9 kata-deploy: export CI in the build container
4f90e3c kata-deploy: add dockerbuild/install_yq.sh to gitignore
96d9037 github-actions: Auto-backporting
a355812 runtime-rs: fixed bug on core-sched error handling
591dfa4 runtime-rs: add support for core scheduling
92f7d6b ci: Use versions.yaml for the libseccomp
b535bac runk: Add cli message for init command
c08a863 agent: add some logs for mount operation
c1e3b8f govmm: Refactor qmp functions for adding block device
598884f govmm: Refactor code to get rid of redundant code
00860a7 qmp: Pass aio backend while adding block device
e1b49d7 config: Add block aio as a supported annotation
ed0f1d0 config: Add "block_device_aio" as a config option for qemu
b6cd234 govmm: Add io_uring as AIO type
81cdaf0 govmm: Correct documentation for Linux aio.
763ceeb logging: Replace nix::Error::EINVAL with more descriptive msgs
4ee2b99 kata-deploy: fix threading conflicts
0a6f017 kernel: Ignore CONFIG_SPECULATION_MITIGATIONS for older kernels
6cf16c4 agent-ctl: fix clippy error
4b57c04 runtime-rs: support loading kernel modules in guest vm
dc90eae qemu: Drop unnecessary tdx_guest kernel parameter
d4b6761 clh: Use HVC console with TDX
c0cb3cd clh: Avoid crashing when memory hotplug is not allowed
9f0a57c clh: Increase API and SandboxStop timeouts for TDX
c142fa2 clh: Lift the sharedFS restriction used with TDX
bdf8a57 runk: Move delete logic to libcontainer
a06d819 runtime: cri-o annotations have been moved to podman
ffd1c1f agent-ctl/trace-forwarder: udpate thread_local dependency
69080d7 agent/runk: update regex dependency
e0ec090 runtime-rs: update async-std dependency
326f1cc agent: enrich some error code path
4f53e01 agent: skip test_load_kernel_module if non-root
f508c29 runtime: constify splitIrqChipMachineOptions
2b0587d runtime: VMX is migratible in vm factory case
fa09f0e runtime: remove qemuPaths
a6fbaac runk: add pause/resume commands
8e20150 kernel: fix for set_kmem_limit error
00aadfe kernel: SEV guest kernel upgrade to 5.19.2
0d9d8d6 kernel: upgrade guest kernel support to 5.19.2
57bd3f4 runtime-rs: plug drop-in decoding into config-loading code
87b97b6 runtime-rs: add filesystem-related part of drop-in handling
cf785a1 runtime-rs: add core toml::Value tree merging
09672eb agent: do some rollback works if case of do_create_container failed
8ff5c10 network: Fix error message for setting hardware address on TAP interface
3a597c2 runtime: clh: Use the new 'payload' interface
16baecc runtime: clh: Re-generate the client code
50ea071 versions: Upgrade to Cloud Hypervisor v26.0
fcc1e0c runtime: tracing: End root span at end of trace
78231a3 ci: Update libseccomp version
338c282 dep: update nix dependency
3829ab8 docs: Update CRI-O target link
3474649 libs/test-utils: share test code by create a new crate
eab7c8f runtime-rs: delete vergen dependency
6d6c068 workflow: trigger release for 3.x releases
4d7f3ed runtime-rs: support the functionality of cleanup
5aa8375 runtime-rs: support save to persist file and restore
3e9077f docs: Update url in containerd documentation
52133ef release: Kata Containers 3.0.0-alpha0
c280d69 runtime-rs: delete route model
caada34 runtime-rs: fix design doc's typo
b61dda4 docs: use curl as default downloader for runtime-rs
ca9d16e runtime-rs: update Cargo.lock
99a7b4f workflow: Revert "static-checks: Allow Merge commit to be >75 chars"
d14e80e workflow: Revert "docs: modify move-issues-to-in-progress.yaml"
1f4b6e6 versions: Update libseccomp version
b828190 Merge pull request #4823 from openanolis/runtime-rs-merge-main-runtime-rs
f791169 Merge pull request #4826 from openanolis/runtime-rs-version
8bbffc4 runtime-rs:update rtnetlink version
e403838 runtim-rs: Merge remote-tracking branch 'origin/main' into runtime-rs
9312511 Merge pull request #4817 from openanolis/runtime-rs-s390x-fail
389ae97 runtime-rs:skip the test when the arch is s390x
945e022 runtime-rs:skip the build process when the arch is s390x
8b0e185 Merge pull request #4784 from openanolis/fix-protocol-ci-err
b337390 Merge pull request #4791 from openanolis/runtime-rs-merge-main-1
7247575 runtime-rs:fix cargo clippy
9803393 runtime-rs: Merge branch 'main' into runtime-rs-merge-main-1
86ac653 libs: fix CI error for protocols
993ae24 Merge pull request #4777 from openanolis/runtime-rs-merge
adfad44 Merge remote-tracking branch 'origin/main' into runtime-rs-merge-tmp
5457deb Merge pull request #4741 from openanolis/fix-stop-failed-in-azure
fa0b11f runtime-rs: fix stdin hang in azure
50b0b7c Merge pull request #4681 from Tim-0731-Hzt/runtime-rs-sharepid
1293357 Merge pull request #4727 from openanolis/anolis-fix-network
71384b6 Merge pull request #4713 from openanolis/adjust_default_vcpu
b314741 runtime-rs:add unit test for set share pid ns
1ef3f8e runtime-rs: set share sandbox pid namespace
57c556a runtime-rs: fix stop failed in azure
3f4dd92 Merge pull request #4702 from openanolis/runtime-rs-endpoint-dev
a3127a0 Merge pull request #4721 from openanolis/install-guide-2
c825065 runtime-rs: fix tc filter setup failed
e0194dc runtime-rs: update route destination with prefix
534a492 Merge pull request #4692 from openanolis/support_disable_guest_seccomp
fa85fd5 docs: add rust environment setup for kata 3.0
896478c runtime-rs: add functiona...

Read more
Assets 6
Loading

# Release 3.0.0-rc1

30 Sep 06:45
@gkurz gkurz
3.0.0-rc1
This tag was signed with the committer’s verified signature.
gkurz Greg Kurz
GPG key ID: 71D4D5E5822F73D6
Learn about vigilant mode.
ef49fa9
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
# Release 3.0.0-rc1 Pre-release
Pre-release

kata-containers Changes

Shortlog

727f233 release: Kata Containers 3.0.0-rc1
babab16 tools: release: fix bogus version check
af22e71 osbuilder: Export directory variables for libseccomp
d663f11 kata-deploy: get the config path from cri options
c6b3dcb kata-deploy: support kata-deploy for runtime-rs
a394761 kata-deploy: add installation for runtime-rs
b0c5f04 runtime-rs: set agent timeout to 0 for stream RPCs
d44e39e runtime-rs: fix incorrect comments
43b0e95 runtime: store the user name in hypervisor config
8180188 runtime: make StopVM thread-safe
fba39ef runtime: add more debug logs for non-root user operation
6330951 runtime-rs: drop dependency on rustc-serialize
e229a03 runtime: update runc dependency

Compatibility with CRI-O

Kata Containers 3.0.0-rc1 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.0.0-rc1 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 3.0.0-rc1 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 3.0.0-rc1 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.0.0-rc1

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 3.0.0-rc1 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

Assets 6
Loading

# Release 2.5.2

30 Sep 08:21
@gkurz gkurz
2.5.2
This tag was signed with the committer’s verified signature.
gkurz Greg Kurz
GPG key ID: 71D4D5E5822F73D6
Learn about vigilant mode.
4b39dc0
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
# Release 2.5.2

kata-containers Changes

Shortlog

5c69eb5 release: Kata Containers 2.5.2
309756d release: Adapt kata-deploy for 2.5.2
a818771 tools: release: fix bogus version check
52993b9 runtime: store the user name in hypervisor config
30a8166 runtime: make StopVM thread-safe
7033c97 runtime: add more debug logs for non-root user operation
e8ec0c4 stable-2.5: fix cargo vendor
d92ada7 kernel: upgrade guest kernel support to 5.19.2
565fdf8 kernel: fix for set_kmem_limit error
f174fac sandbox_test: Add test to verify memory hotplug behavior
928654b sandbox: don't hotplug too much memory at once
1c0e6b4 hypervisor: Add GetTotalMemoryMB to interface
8f40927 kernel: Add CONFIG_CGROUP_HUGETLB=y as part of the cgroup fragments

Compatibility with CRI-O

Kata Containers 2.5.2 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.5.2 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.5.2 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.5.2 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.5.2

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.5.2 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

Assets 6
Loading

Kata Containers 3.0.0-rc0

21 Sep 07:16
@bergwolf bergwolf
3.0.0-rc0
32a9d6d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Kata Containers 3.0.0-rc0 Pre-release
Pre-release

Release 3.0.0-rc0

kata-containers Changes

Shortlog

5835910 release: Kata Containers 3.0.0-rc0
be242a3 release: Adapt kata-deploy for 3.0.0-rc0
156e1c3 runtime-rs: delete some allow(dead_code) attributes
fc9c6f8 kata-types: don't check virtio_fs_daemon for inline-virtio-fs
96c8be7 libs/kata-types: change return type of getting CPU period/quota
2b1d058 runtime-rs: fix host device check pattern
62cf6e6 runtime-rs: remove meaningless comment
84268f8 runtime-rs: update rust runtime roadmap
bcf6bf8 runk: Enable seccomp support by default
36d805f config: add "inline-virtio-fs" as a "shared_fs" type
85b49ce runtime-rs: add README.md
968c2f6 runk: Refactor container builder
b948a8f kernel: fix kernel tarball name for SEV
50f9126 libs/kata-types: replace tabs by spaces in comments
566656b gperf: point URL to mirror site

Compatibility with CRI-O

Kata Containers 3.0.0-rc0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.0.0-rc0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 3.0.0-rc0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 3.0.0-rc0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.0.0-rc0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 3.0.0-rc0 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

Assets 6
Loading

# Release 3.0.0-alpha1

07 Sep 04:14
@amshinde amshinde
3.0.0-alpha1
This tag was signed with the committer’s verified signature. The key has expired.
amshinde Archana Shinde
GPG key ID: 60DE32E76786F4D4
Expired
Learn about vigilant mode.
fe55f6a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
# Release 3.0.0-alpha1 Pre-release
Pre-release

kata-containers Changes

Major highlights of this release include:

  • Support for io_uring as I/O mechanism for qemu
  • Upgrade to Cloud Hypervisor v26.0
  • Kernel upgrade to 5.19.2
  • Several improvements in cloud-hypervisor support for Intel TDX
  • Support for static resource management functionality in rust runtime
  • Support for hugetlb cgroups in the guest
  • Addition of cargo-deny to scan for vulnerabilities and license issues wrt rust crates.

Shortlog

d23779e Revert "agent: fix unittests for arp neighbors"
d340564 Revert "agent: use rtnetlink's neighbours API to add neighbors"
188d37b kata-deploy: Add debug statement
e879270 runtime-rs: add default agent/runtime/hypervisor for configuration
5f4f5f2 docs: fix unix socket address in agent-ctl doc
41ec711 runtime-rs: split amend_spec function
ff7c78e runtime-rs: static resource mgmt default to false
00f3a6d runtime-rs: make static resource mgmt idiomatic
4a54876 runtime-rs: support static resource management functionality
52bbc3a cargo.lock: update crates to comply with checks
aa581f4 cargo.toml: Add oci to src/libs workplace
7914da7 cargo.tomls: Added Apache 2.0 to cargo.tomls
bed4aab github-actions: Add cargo-deny
373dac2 qemu: Keep passing BUILD_SUFFIX
59e3850 qemu: create no_patches.txt file for SPR-BKC-QEMU-v2.5
54d6d01 qemu: fix tdx qemu tarball directories
9997ab0 sandbox_test: Add test to verify memory hotplug behavior
f390c12 sandbox: don't hotplug too much memory at once
e0142db hypervisor: Add GetTotalMemoryMB to interface
e83b821 docs: Update url in the Developer Guide
0ab49b2 release: Kata Containers 3.0.0-alpha1
b1a8aca versions: Update cni plugins version
749a6a2 docs: Specify language in markdown for syntax highlight
a1fdc08 kernel: Re-work get_tee_kernel()
a658173 kernel: Whitelist cleanup
cce99c5 runtime-rs: delete socket from shim command-line options
c75970b dragonball: add more unit test for config manager
dc32c46 osbuilder: fix ubuntu initrd /dev/ttyS0 hang
cc5f91d osbuilder: add systemd symlinks for kata-agent
731d39d kernel: Add CONFIG_CGROUP_HUGETLB=y as part of the cgroup fragments
f7d41e9 kata-deploy: export CI in the build container
4f90e3c kata-deploy: add dockerbuild/install_yq.sh to gitignore
96d9037 github-actions: Auto-backporting
a355812 runtime-rs: fixed bug on core-sched error handling
591dfa4 runtime-rs: add support for core scheduling
92f7d6b ci: Use versions.yaml for the libseccomp
b535bac runk: Add cli message for init command
c08a863 agent: add some logs for mount operation
c1e3b8f govmm: Refactor qmp functions for adding block device
598884f govmm: Refactor code to get rid of redundant code
00860a7 qmp: Pass aio backend while adding block device
e1b49d7 config: Add block aio as a supported annotation
ed0f1d0 config: Add "block_device_aio" as a config option for qemu
b6cd234 govmm: Add io_uring as AIO type
81cdaf0 govmm: Correct documentation for Linux aio.
763ceeb logging: Replace nix::Error::EINVAL with more descriptive msgs
4ee2b99 kata-deploy: fix threading conflicts
0a6f017 kernel: Ignore CONFIG_SPECULATION_MITIGATIONS for older kernels
6cf16c4 agent-ctl: fix clippy error
4b57c04 runtime-rs: support loading kernel modules in guest vm
dc90eae qemu: Drop unnecessary tdx_guest kernel parameter
d4b6761 clh: Use HVC console with TDX
c0cb3cd clh: Avoid crashing when memory hotplug is not allowed
9f0a57c clh: Increase API and SandboxStop timeouts for TDX
c142fa2 clh: Lift the sharedFS restriction used with TDX
bdf8a57 runk: Move delete logic to libcontainer
a06d819 runtime: cri-o annotations have been moved to podman
ffd1c1f agent-ctl/trace-forwarder: udpate thread_local dependency
69080d7 agent/runk: update regex dependency
e0ec090 runtime-rs: update async-std dependency
326f1cc agent: enrich some error code path
4f53e01 agent: skip test_load_kernel_module if non-root
f508c29 runtime: constify splitIrqChipMachineOptions
2b0587d runtime: VMX is migratible in vm factory case
fa09f0e runtime: remove qemuPaths
a6fbaac runk: add pause/resume commands
8e20150 kernel: fix for set_kmem_limit error
00aadfe kernel: SEV guest kernel upgrade to 5.19.2
0d9d8d6 kernel: upgrade guest kernel support to 5.19.2
57bd3f4 runtime-rs: plug drop-in decoding into config-loading code
87b97b6 runtime-rs: add filesystem-related part of drop-in handling
cf785a1 runtime-rs: add core toml::Value tree merging
09672eb agent: do some rollback works if case of do_create_container failed
8ff5c10 network: Fix error message for setting hardware address on TAP interface
3a597c2 runtime: clh: Use the new 'payload' interface
16baecc runtime: clh: Re-generate the client code
50ea071 versions: Upgrade to Cloud Hypervisor v26.0
fcc1e0c runtime: tracing: End root span at end of trace
78231a3 ci: Update libseccomp version
338c282 dep: update nix dependency
3829ab8 docs: Update CRI-O target link
3474649 libs/test-utils: share test code by create a new crate

Compatibility with CRI-O

Kata Containers 3.0.0-alpha1 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.0.0-alpha1 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 3.0.0-alpha1 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 3.0.0-alpha1 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.0.0-alpha1

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 3.0.0-alpha1 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

Assets 6
Loading

# Release 2.5.1

02 Sep 01:17
@amshinde amshinde
2.5.1
This tag was signed with the committer’s verified signature. The key has expired.
amshinde Archana Shinde
GPG key ID: 60DE32E76786F4D4
Expired
Learn about vigilant mode.
65dd151
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
# Release 2.5.1

kata-containers Changes

This releases includes security fixes for rust dependencies.
Cloud-hypervisor has been upgraded tp v26.0.
Rust supported version has been also upgraded to 1.59.0.
CONFIG_CGROUP_HUGETLB was added to the kernel to support hugetlb cgroups.
In addition, some minor bug fixes for hadling container create failures
and tracing were added.

Shortlog

d643743 release: Kata Containers 2.5.1
38801e5 release: Adapt kata-deploy for 2.5.1
8f8b93d kernel: Add CONFIG_CGROUP_HUGETLB=y as part of the cgroup fragments
25b1a52 runtime: tracing: End root span at end of trace
5532930 agent: do some rollback works if case of do_create_container failed
6950569 agent-ctl/trace-forwarder: udpate thread_local dependency
48a94f3 agent/runk: update regex dependency
1a396a1 dep: update nix dependency
0128372 versions: Update kernel to 5.15.63
2e3ae3f agent-ctl: Get rid of compiler warning
14a4551 versions: Upgrade rust supported version to 1.59.0
cd898d2 runtime: clh: Use the new 'payload' interface
e851232 runtime: clh: Re-generate the client code
c0b5ba2 versions: Upgrade to Cloud Hypervisor v26.0

Compatibility with CRI-O

Kata Containers 2.5.1 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.5.1 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.5.1 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.5.1 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.5.1

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.5.1 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

Assets 6
Loading