@bergwolf bergwolf released this Nov 23, 2018 · 74 commits to master since this release

Assets 3

Release 1.4.0

agent Changes

Highlights:

  • Return agent details and capabilities to runtime in GetGuestDetails grpc call.
  • Support guest rootfs image based hooks.

Shortlog

0aae82b release: Kata Containers 1.4.0
7b4c337 vendor: Update vendor/github.com/containerd/console
8dedf30 agent: build as Position-Independent-Executable
dc635d4 test: Add test for ipvlan routes in l3 mode
69ee60f network: Refactor to reduce cyclomatic complexity
4005c33 network: Handle default route where gateway is empty
83138df pkg: types: Add a new field type
a13144b proto: Split reusable structures into their own package
3a678a9 agent: Fix the issue of stdout hang on builtin proxy
980023e agent: add support for guest-hooks
d12910e agent: judge whether /sys/devices/system/memory/block_size_bytes exist.
e03f7d7 memory: Fix update memory path.
a396a23 grpc: Add seccomp status to guest details
7b71c10 grpc: Add agent details to guest details call

proxy Changes

Highlights:

  • Number of golang threads are now throttled so that kata-proxy does not take too many pids.

Shortlog

209cb5f release: Kata Containers 1.4.0
88bc241 make: interpret LIBEXECDIR as an absolute path
d95ae4c proxy: build as Position-Independent-Executable
5dcbe7e Makefile: trigger build on VERSION file changes
4544880 threads: restrict number of golang threads if not set

runtime Changes

Highlights:

  • Enable host cgroups support to restrict qemu process and vcpu threads.
  • Enable support for macvlan and ipvlan networking.
  • Add support for new machine type virt introduced by the NEMU project.
  • VM factory network interfaces are now hotplugged by default so that guests have the default network connectivity.
  • When creating new containers, memory resource is checked and hotplugged on demand.
  • A new NetInterworkingModel none is added and it works with tap endpoint types so that enlighted CNI plugins can add tap devices to a sandbox directly, bypassing host network namespaces and thus provide better performance with less network setup complexity.
  • A new NetInterworkingModel tcfilter is added. It bridges host netns veth and guest tap device with TC filters.
  • Guest rootfs image can now have a guest_hook_path to save a bunch of prestart/poststart/prestop/poststop hook binaries, and they will be executed in the guest at specified container life cycle point accordingly.
  • Add several sandbox level APIs in preparation of the upcoming containerd-shim-v2 support.

Shortlog

7b63f21 release: Kata Containers 1.4.0
a2799bb versions: Update Kubernetes, containerd and cri-o
cba7a88 virtcontainers: fix sandbox store struct VFIODevice bug
0796f2e virtcontainers: Add function supportGuestMemoryHotplug
d73f27c test: set arch for test TestHotplugRemoveMemory
58c1db5 make: notify user if yq is going to be installed
ab43e2a make: add ability to skip go version check
bf56858 cli: Fix console for big endian architecture
4b9a471 virtcontainers: fix not close socket with ethtool
b185f31 build: introduction of archConvertStatFs function
2f98b3e network: support hotplug a nic several times
982381b api: Cleanup StartContainer()
5777381 sandbox: Create and export Pause/ResumeContainer() to the API level
b298ec4 sandbox: Create and export ProcessListContainer() to the API level
3add296 sandbox: Create and export KillContainer() to the API level
7653726 sandbox: Create and export StopContainer() to the API level
109e12a sandbox: Export Stop() to the API level
6c3e266 sandbox: Export Start() to the API level
f5048b7 golang.mk: Check and install yq before use it
842a00a cli: refactor the config into a separated package
193b324 newContainer: Not attach device if it is a CDROM
95f4fdb build: check golang version meets min req.
eaa5c7a CI: travis: call yq installer
cbf7fb2 CI: travis: add yq installer script
8ddc0ce network: Use constant string for "none" network model
658bdb1 runtime,netmon: build as Position-Independent-Executable
5199777 virtcontainers: Rely on new interface LinkType field
45b2191 netmon: Rely on new interface field LinkType
7bf84d0 types: Replace agent/pkg/types with virtcontainers/pkg/types
39b95cc virtcontainers: Create a new package "types"
e9aa870 network: enable network hotplug for vm factory
21a671e network: set endpoint pci address when hotplug
11c6753 cli: fix the issue of using wrong path to get version
33abb3e cli: add guest hook path option in the configuration file
32ef29b factory: use customised deep compare
eb77a41 qemu: make saveSandbox wait for migration completion
0acbbf0 network: Add support for ipvlan
34fe3b9 cgroups: add host cgroup support
523d49c vendor: add github.com/containerd/cgroups lib
31cf6fb vfio: Change the way the driver is fetched
38d56c9 netmon: Rely on agent/pkg/types instead of duplicating types
309dcf9 vendor: Update the agent vendoring based on pkg/types
c38792e config: Add documentation for tcfilter in configuration.toml
17be8e3 network: Introduce constants for the network model strings
5da973d test: Add test to verify tc redirect
e20dbd0 network: Use tc redirect filter to redirect traffic to the VM
7a5a57d cli: test: add unit test for kata-env and kata-check
14e5437 cli: add configuration option to use or not use host netns
6935279 network: add new NetInterworkingModel "none" and endpoint type TapEndpoint
f8f2962 virtcontainers: refactor hotplug qmp functions
526d55b versions: Update golang to 1.10.4
62992f5 versions: Update cri containerd version for golang 1.10.2 fix
21d38e9 network: Marshal BridgedMacvlanEndpoint and MacvtapEndpoint
b72a3cd device: fix the issue of passing wrong device address using virtio-blk
8831245 create/run: Make bundle path default to cwd
ee9275f virtcontainers: Add missing API trace calls
36306e2 sandbox/virtcontainers: modify tests relate to memory hotplug.
14f480a sandbox/virtcontainers: combine addResources and updateResources
8e2ee68 sandbox/virtcontainers: memory resource hotplug when create container.
3f39d6e virtcontainers: Add missing API release calls
0ae5b14 qemu: Disable the default romfile used by virtio-pci
6f0873a vendor: Update govmm vendoring
b04691e network: Collapse log calls for endpoint Attach and Detach
ab15498 network: Explicitly check for veth type
3c590b0 network: Rename VirtualEndpoint to VethEndpoint
df8f21d network: Refactor network tests.
adcd910 network: Refactor network.go
8f1b28d network: Sort endpoints by name
dffb4f9 virtcontainers: qemu: Add proper support for virt machine type
0de7572 vendor: Update govmm vendoring
3c7cf58 tests: Add additional network tests to verifu link creation functions
378191a tests: Add tests for macvlan and macvtap endpoints
def070d golint: Refactor to reduce cyclomatic complexity
417c1f0 macvtap: Add support for macvtap
581ff17 macvlan: Assign random MAC address
8847af8 network: Add support for macvlan driver
1f5792e test: fix unit test nil pointer.
4697cf3 memory: update: Update state using the memory removed.
0cab192 block: Advertise block support for q35
f4cf213 vendor: fix govmm package

shim Changes

Highlight changes:

  1. Number of golang threads are now throttled so that each kata-shim process does not take too many pids.

Shortlog

147ffb1 release: Kata Containers 1.4.0
fc6ba19 make: add support for DESTDIR
eca4281 shim: build as Position-Independent-Executable
e57ab67 threads: restrict number of golang threads if not set

Compatibility with Docker

Kata Containers 1.4.0 is compatible with Docker v18.06-ce

Compatibility with CRI-O

Kata Containers 1.4.0 is compatible with CRI-O fa540c8e806d28c2cbcd157bdf8acf2b20990ab6

Compatibility with cri-containerd

Kata Containers 1.4.0 is compatible with cri-contaienrd 54b1c00b3b307b0fadd10c02d9467a6545c2c4d5

OCI Runtime Specification

Kata Containers 1.4.0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 1.4.0 is compatible with Kubernetes 1.12.2-00

Kata Linux Containers image

Agent version: 1.4.0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: https://github.com/kata-containers/osbuilder
architecture:
aarch64:
name: fedora
version: latest
ppc64le:
name: centos
version: latest
x86_64:
name: clearlinux
version: "20640"
meta:
image-type: clearlinux

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: https://github.com/kata-containers/osbuilder
architecture:
aarch64:
name: alpine
version: "3.7"
ppc64le:
name: alpine
version: "3.7"
x86_64:
name: alpine
version: "3.7"

Kata Linux Containers Kernel

Kata Containers 1.4.0 suggest to use the Linux kernel v4.14.67
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions:

Issues & limitations

More information Limitations