kata-containers Changes

A lot of changes have been done as part of this 3.2.0-alpha4 release, and the highlights are:

• runtime-rs improvements for handling block devices
• GPU / VFIO support improvements
• kata-deploy improvements related to custsomising what's being deployed
• A whole bunch of tests migrated from the tests repo to the kata-containers one

Shortlog

743291c6c release: Fix upload-versions-yaml bee1a628b metrics: Fix json result for tensorflow 51cd99c92 metrics: Round axelnet and resnet results 3b883bf5a metrics: Fix atoi invalid syntax f9dec11a8 checkmetrics: Move checkmetrics to gha-run script 53af71cfd checkmetrics: Add AlexNet value for qemu a435d36fe checkmetrics: Add Resnet value for qemu a79a3a8e1 checkmetrics: Add alexnet value for clh 3c3287504 checkmetrics: Add Resnet value for clh 08dfaa97a metrics: General improvements to the tensorflow script 63b8534b4 metrics: Enable Tensorflow metrics for kata CI 1b111a9aa gha: release: stage must be defined for arm64 / s390x yamls 684a6e1a5 Revert "gha: release: stage must be a string" 8a2c20171 docs: Update links for pods and kubelet 91e1e612c k8s: Rely on the USING_NFD environment variable passed by the jobs 7c857d38c gha: release: stage must be a string 7edc7172c release: Kata Containers 3.2.0-alpha4 6222bd910 tests: Add k8s-file-volume test 187a72d38 tests: Add k8s-volume test 0c8427035 metrics: Add boot time value for qemu 6520dfee3 metrics: Update boot time for kata metrics ff2279061 metrics: Update runtime and configuration paths a5d4e3388 metrics: Add compare virtiofsd dax script 5e937fa62 metrics: Update general FIO tests b0bea47c5 metrics: Add makefile to report generator 73c57b9a1 metrics: Add FIO report files for kata metrics 8353aae41 ci: k8s: Rework get_nodes_and_pods_info() 6ad5d7112 ci: k8s: Do not gather node info before running the tests 5261e3a60 ci: k8s: Group messages to improve readability 9cc6b5f46 ci: k8s: Get logs from kata-deploy 9d285c622 ci: k8s: Let kata-deploy take care of the runtimeclasses 87568ed98 gha: Test split out runtimeclasses are in sync with all-in-one file 39192c608 kata-deploy: Print variables passed to the script 0e157be6f kata-deploy: Allow runtimeclasses to be created by the daemonset a27433324 kata-deploy: Change default values of DEBUG 69535b808 kata-deploy: runtimeclass: Split out entries 9e1710674 kata-runtimeClasses: Alphabetically sort the enrties c8fcd29d9 runtime-rs: use device manager to handle virtio-pmem 901c19225 runtime-rs: support configure vm_rootfs_driver 5d6199f9b runtime-rs: use device manager to handle vm rootfs 20f1f62a2 runtime-rs: change block index to 0 314aec73d agent: fix typo in constant 662f87539 metrics: Add general FIO makefile 37641a543 metrics: Add example config for fio jobs 3c1044d9d metrics: Update FIO paths for k8s runner 6177a0db3 metrics: Add env files for FIO a45900324 metrics: Add fio exec ea198fddc metrics: Add FIO runner k8s 8f7ef41c1 metrics: Add FIO vendor code 6293c17bd metrics: Add FIO benchmark for metrics tests 3aa6c77a0 gha: dragonball: Run only on the dragonball labeled machine c5a87eed2 tests: gha: Add timeout to cluster creation 6daeb08e6 tests: k8s: Clean up node debuggers after running b9f100b39 agent,libs: Remove unused 'mut' keywords 2c8f83424 runtime-rs: remove unneeded 'mut' keywords 4703434b1 tests: k8s: Allow using custom resource group 350f3f70b tests: Import common.bash in run_kubernetes_tests.sh d7f04a64a tests: k8s: Leave runtimeclass_workloads/ alone bdde6aa94 tests: k8s: Split deployment and testing commands 91a0b3b40 tests: aks: Simply delete cluster when cleaning up 371a118ad agent: exclude symlinks from recursive ownership change c8ac56569 cache: kernel: Harmonize commit with fetching side 81775ab1b cache: kernel: Fix SEV kernel caching ff4cfcd8a runk: Add Docker guide to README 4a5ab38f1 metrics: General improvements to json.bash script a56f96bb2 kata-deploy: Allow shim creation based on what's passed to the daemonset 717f775f3 gha: ci: Add skeleton of vfio job 1fc715bc6 s390x: Add AP Attach/Detach test 545de5042 vfio: Fix tests 62aa6750e vfio: Added better handling of VFIO Control Devices dd422ccb6 vfio: Remove obsolete HotplugVFIOonRootBus 114542e2b s390x: Fixing device.Bus assignment b7c9867d6 release: Mention the container images used to build the project d4eba3698 kata-deploy-binaries: kernel_cache: Take module_dir into account 7c4b59781 ci: nydus: Fix typo in "source" 6a680e241 gha: ci: Add placeholder for the nydus tests as part of the CI fb4f7a002 gha: nydus: Add a no-op GHA for nydus 4a207a16f gha: nydus: Bring tests as they are from the tests repo bbd3c1b6a Dragonball: migrate dragonball-sandbox crates to Kata e91f5edba ci: cri-containerd: Fix default typo for testContainerStart() 8b8aef09a ci: cri-containerd: Temporarily disable TestContainerSwap 56767001c ci: cri-containerd: Add namespace / uid to the pods a84773652 ci: cri-containerd: Always use sudo to call crictl 99ba86a1b ci: cri-containerd: Add /usr/local/go/bin to the PATH 7f3b30999 ci: cri-containerd: Add function before each function fde22d6bc ci: cri-containerd: Assume podman is always used 9465a0496 ci: cri-containerd: Adapt "source ..." to this repo df8d14411 ci: cri-containerd: Remove CI variable f90570aef ci: cri-containerd: Remove unused runc_runtime_bin c3637039f ci: cri-containerd: Remove KILL_VMM_TEST env var bc4919f9b ci: cri-containerd: Always run shim-v2 tests f9e332c6d ci: cri-containerd: Stop cloning containerd cfd662fee ci: cri-containerd: Remove ununsed SNAP_CI var d36c3395c ci: cri-containerd: Update copyright b5be8a4a8 ci: cri-containerd: Move integration-tests.sh as it was f2e00c95c ci: cri-containerd: Populate install_dependencies() 897955252 versions: Add "latest" field for cri-tools 1bbcbafa6 ci: Add clone_cri_container() f66c68a2b ci: Add install_cri_tools() 4dd828414 ci: Add install_cri_containerd() ad47d1b9f ci: Add download_github_project_tarball() 788c562a9 ci: Add get_latest_patch_release_from_a_github_project() 6742f3a89 ci: Use function before each install_go.sh function 5eacecffc ci: Adjust paths for install_go.sh 8ed1595f9 ci: Update copyright for install_go.sh 6123d0db2 ci: Move install_go.sh as it was 8653be71b ci: Do not take cross-build into consideration for kata-arch.sh 6a76bf92c ci: Fix style / identation if kata-arch.sh 72743851c ci: Add function before each kata-arch.sh function 9f6d4892c ci: Update copyright for kata-arch.sh 6f73a7283 ci: Move kata-arch.sh as it was 3615d7343 ci: Add get_from_kata_deps() 34779491e gha: kubernetes: Avoid declaring repo_root_dir f3738beac tests: Use $HOME/go as fallback for $GOPATH b87ed2741 tests: Move ensure_yq to common.bash 124e39033 tests: common: Fix quoting when globbing db77c9a43 tests: Make install_kata take care of the links 13715db1f tests: Do not call install_check_metrics when installing kata 630634c5d ci: k8s: Group logs to make them easier to read 228b30f31 ci: k8s: Gather node info during the cleanup 81f99543e ci: k8s: Cleanup cluster before deleting it 38a7b5325 packaging/tools: Add kata-debug 309e23255 cache: kernel: Consider changes in tools/packaging/kernel ae6e8d2b3 kata-deploy: Properly get the path of the versions.yaml file 59fdd69b8 kata-deploy: Add VERSION and versions.yaml to the final tarball 5dddd7c5d release: Upload versions.yaml as part of the release 87d99a71e versions: Remove "kernel-experimental" bad3ac84b metrics: Rename C-Ray to cpu performance tests 556e663fc metrics: Add disk link to general metrics README 98c121709 metrics: Add C-Ray README 8e7d9926e metrics: Add C-Ray Dockerfile e2ee76978 metrics: Add C-Ray performance test e64edf41e metrics: Add tensorflow function in gha-run script 67a6fff4f metrics: Enable tensorflow benchmark on gha 843006805 metrics: Add function to memory inside container script 01450deb6 Revert "metrics: Replace backslashes used to escape double quoted key in jq expr." 6a7a32365 versions: Bump virtiofsd to v1.7.0 55e2f0955 metrics: stop hypervirsor and shim at init_env stage fad801d0f ci: k8s: Adapt "source ..." to the new location of gha-run.sh 2ee2cd307 ci: k8s: Move gha-run.sh to the kubernetes dir 88eaff533 ci: tdx: Adjust KUBECONFIG c09e268a1 versions: Downgrade SEV(-SNP) kernel back to v5.19.x 950b89ffa versions: Update kernel to version v6.1.38 6c91af0a2 agent: Fix exec hang issues with a backgroud process f72cb2fc1 agent: Remove shadowed function, add slog-term 07810bf71 agent: Ignore already mounted dev/fs/pseudo-fs ac5f5353b ci: k8s: Bring TDX tests back 8ccc1e5c9 metrics: Update machine learning documentation f50d2b066 gha: ci: cri-containerd: Fix KATA_HYPERVSIOR typo 620b94597 metrics: Add Tensorflow Mobilenet documentation a864d0e34 tests: Add tensorflow mobilenet dockerfile 788d2a254 tests: Add tensorflow mobilenet performance test 468f017e2 metrics: Replace backslashes used to escape double quoted key in jq expr. 283f809dd runtime-rs: Enhancing Device Manager for network endpoints. ed23b47c7 tracing: Add tracing to runtime-rs 150e54d02 runtime-rs: ignore unconfigured network interfaces 59f4731bb metrics: Stop running kata-env before kata is properly installed. 3ae02f920 metrics: use rm -f to remove older continerd config file. 2c8dfde16 kernel: Update kernel config name 64f013f3b ci: k8s: Enable debug when running the tests 8f4b1df9c kata-deploy: Give users the ability to run it on DEBUG mode 6787c6390 runtime-rs: add parameter for propagation of (u)mount events 62080f83c kata-sys-util: Fix compilation errors 02d99caf6 static-checks: Make cargo clippy pass. 982420682 agent: Make the static checks pass for agent 61e4032b0 kata-ctl: Remove all utility functions to get platform protection a24dbdc78 kata-sys-util: Move utilities to get platform protection dacdf7c28 kata-ctl: Remove cpu related functions from kata-ctl f5d195717 kata-sys-util: Move additional functionality to cpu.rs 304b9d914 kata-sys-util: Move CPU info functions 6e5679bc4 tests: Add function before function name in common.bash for metrics 3fed61e7a tests: Add storage link to general metrics documentation b34dda4ca tests: Add storage blogbench metrics documentation 6924d14df metrics: Fix metrics ts generator to treat numbers as decimals 7319cff77 ci: cri-containerd: Add LTS / Active versions for containerd 2a957d41c ci: cri-containerd: Export GOPATH 75a294b74 ci: cri-containerd: Ensure deps are installed a65291ad7 agent: rustjail: update test_mknod_dev 46b81dd7d agent: clippy: fix cargo clippy warnings c4771d9e8 agent: Makefile: enable set SECCOMP dynamically a88212e2c utils.mk: update BUILD_TYPE argument 883b4db38 dragonball: fix cargo test on aarch64 aedc586e1 dragonball: Makefile: add coverage target 9e048c8ee checkmetrics: Add blogbench read value for qemu 2935aeb7d checkmetrics: Add blogbench write value for qemu 02031e29a checkmetrics: Add blogbench read value for clh 107fae033 checkmetrics: Add blogbench write value for clh 8c75c2f4b metrics: Update blogbench Dockerfile 49723a9ec metrics: Add double quotes to variables dc67d902e metrics: Enable blogbench test 7f961461b tests: Add machine learning README 063f7aa7c tests: Add Pytorch Dockerfile 1af03b9b3 tests: Add Pytorch performance test 4cecd6237 tests: Add tensorflow Dockerfile c4094f62c tests: Add metrics machine learning performance tests 438fe3b82 gha: ci: Add cri-containerd tests skeleton bd08d745f tests: metrics: Move metrics specific function to metrics gha-run.sh 3ffd48bc1 tests: common: Move a few utility functions to common.bash bb2ef4ca3 tests: Add function before each function 310e069f7 checkmetrics: Enable checkmetrics for memory inside test 2be342023 checkmetrics: Add memory usage inside container value for qemu 6ca34f949 checkmetrics: Add memory inside container value for clh 6c6892423 metrics: Enable memory inside container metrics 307cfc8f7 tools: Use a consistent target name when building mariner initrd 8c9d08e87 gha: ci: Gather info about the node / pods 6822029c8 runtime-rs: Do not scan network if network model is "none" 89b622dcb gha: k8s: tdx: Temporarily disable TDX tests ce54e43eb metrics: Update memory usage script fbc2a91ab gha: Cancel previous jobs if a PR is updated d780cc08f gha: nightly: Also use workflow_dispatch to trigger it b99ff3026 gha: nightly: Fix name size limit for AKS 1363fbbf1 README: Add badge for our Nightly CI 1776b18fa gha: Do not run all the tests if only docs are updated 28c29b248 bugfix: plus default_memory when calculating mem size 0c1cbd01d gha: ci: after-push: Use github.sha to get the last commit reference 37a955678 gha: ci: nightly: Use github.sha to get the last commit reference 96e9374d4 dragonball: Don't fail if a request asks for more CPUs than allowed 38f0aaa51 Revert "gha: k8s: dragonball: Skip k8s-number-cpus" 828a72183 gha: k8s: dragonball: Skip k8s-oom a79505b66 gha: k8s: dragonball: Skip k8s-number-cpus 275c84e7b Revert "agent: fix the issue of exec hang with a backgroud process" 0ad298895 gha: ci: Fix refernce passed to checkout@v3 86904909a gha: ci: Avoid using env also in the ci-nightly and payload-after-push c45f646b9 gha: k8s: Ensure cluster doesn't exist before creating it 1d05b9cc7 gha: ci: Pass down secrets to ci-on-push / ci-nightly c5b4164cb gha: ci: Fix tarball-suffix passed to the metrics tests b568c7f7d tests/integration: Provide default value for KATA_HOST_OS d6e96ea06 tests/integration: Use AzureLinux instead of Mariner 40c46c75e tests/integration: Perform yq install in run_tests() 1c211cd73 gha: Swap asset/release in build matrix 0152c9aba tools: Introduce USE_CACHE environment variable 2b5975689 tests: Build CLH with glibc for Mariner 80c78eadc tests: Use baked-in kernel with Mariner 532755ce3 tests: Build Mariner rootfs initrd b535c7cbd tests: Enable running k8s tests on Mariner 11e3ccfa4 gha: ci: Avoid using env unless it's really needed 1a7bbcd39 gha: ci: Fix typo pull_requesst -> pull_request ddf4afb96 gha: ci: Fix set-fake-pr-number job 8a0a66655 gha: ci: schedule expects a list, not a map 5c0269dc5 gha: ci: Add pr-number input to the correct job de83cd9de gha: ci: Use $VAR instead of ${{ env.VAR }} 6acce83e1 metrics: Fix the call to check_metrics function 5a61065ab checkmetrics: Add checkmetrics value for memory usage in qemu 78086ed1f checkmetrics: Add memory usage value for clh 1c3dbafbf metrics: Fix function of how to retrieve multiple values 18968f428 metrics: Add function to have uniformity d8f90e89d metrics: Rename function at memory usage script b9d66e0d5 metrics: Fix double quotes variables in memory usage script 476a11194 tests: Enable memory usage metrics tests e067d1833 gha: Add a nightly CI job 106e30571 gha: Create a re-usable ci.yaml file cc3993d86 gha: Pass event specific info from the caller workflow 4e396e728 metrics: Add function keyword to to helper metrics functions 1ca17c2f7 metrics: storing metrics workflow artifacts 7c0de8703 gha: k8s: Ensure tests are running on a specific namespace 35d096b60 metrics: Adds blogbench and webtool metrics tests 477856c1e gha: dragonball: Correctly propagate PATH update 5681caad5 versions: Upgrade to Cloud Hypervisor v33.0 0504bd725 agent: convert the sl macros to functions 0860fbd41 agent: convert the ttrpc_error macro to a function 0e5d6ce6d agent: convert the is_allowed macro to a function f680fc52b agent: change AGENT_CONFIG's lazy type to just AgentConfig 72fd562bd gha: release: Use a specific release of hub d8b8f7e94 metrics: Enable launch tests time metrics 0502354b4 checkmetrics: Add checkmetrics json for qemu b481ef188 makefile: Add -buildvcs=false flag to go build e94aaed3c ci_worker: Add checkmetrics ci worker for cloud hypervisor 917576e6f metrics: Add double quotes in all variables cc8f0a24e metrics: Add checkmetrics to gha-run.sh for metrics CI 6bb2ea819 packaging: Fix indentation of build.sh script at ovmf d035955ef doc: Add documentation for the virtualization reference architecture 9318e022a gpu: Add CC relates configs b7932be4b gpu: Add Arm64 Kernel Settings 211b0ab26 gpu: Update Kernel Config 5f103003d gpu: Update kernel building to the latest changes 0f454d0c0 gpu: Fixing typos for PCIe topology changes 8330fb8ee gpu: Update unit tests 72f2cb84e gpu: Reset cold or hot plug after overriding fbacc0964 gpu: PCIe topology, consider vhost-user-block in Virt b11246c3a gpu: Various fixes for virt machine type 40101ea7d vfio: Added annotation for hot(cold) plug 8f0d4e261 vfio: Cleanup of Cold and Hot Plug b5c4677e0 vfio: Rearrange the bus assignemnt b1aa8c8a2 gpu: Moved the PCIe configs to drivers 55a66eb7f gpu: Add config to TOML da42801c3 gpu: Add config settings tests for hot-plug de39fb7d3 runtime: Add support for GPUDirect and GPUDirect RDMA PCIe topology b2ce8b4d6 metrics: Add memory footprint tests to the CI 6a21e20c6 runtime: Add "none" as a shared_fs option beb706368 metrics: Uniformity across function names bff4672f7 runtime-rs: support physical endpoint using device manager 6fd25968c runtime-rs: bugfix for direct volume path's validation. 32cba7e44 metrics: Fix retrieving hypervisor version on metrics 1f3e837e4 runtime-rs: fix build error on AArch64 415578cf3 docs: Add general README aa7946de4 checkmetrics: Add general checkmetrics documentation 2fac2b72f checkmetrics: Add checkmetrics makefile e45899ae0 docs: Add time tests documentation reference 28130d3ce docs: Add boot time metrics documentation 0df2fc270 runtime-rs: add support spdk/vhost-user based volume. adf88eaa8 static-build: Remove kata-version parameter 210a15794 dragonball: avoid obtaining lock twice in create_stdio_console 17198089e vendor: Add vendor checkmetrics dependencies c4ee601bf metrics: Add checkmetrics for kata metrics CI 859359424 metrics: enable launch-times test on gha-run metrics script f1dfea6e8 docs: Add metrics documentation reference 71071bdb6 docs: Add general metrics documentation 59510cfee runtime-rs: add support vfio device based volume 1e3b372bb runtime-rs: add support vfio device manager e0d6475b4 gha: Don't automatically trigger CI 610f7986e check: Relax the unrestricted_guest check when running in a VM 1b406b9d0 kata-ctl:Implement functionality to check host is capable of running VM 56d2ea9b7 kata-ctl: Refactor kernel module check 09720babc docs: fix spelling of "crate" 21294b868 packaging: Fix indentation in init.sh script 7185afc50 gha: Fix gha actions fad3ac9f5 metrics: install kata and launch-times test 4bbfcfaf1 tests: Move tests helper script to this repo f152f0e8c metrics: Add launch-times to metrics tests 3cefa43e7 tests: Add json script for metrics tests 6a3710055 initramfs: Build dependencies as part of the Dockerfile aa2380fdd packaging: Add infra to push the initramfs builder image 1c7fcc6cb packaging: Use existing image to build the initramfs 6b0848930 gha: Fix format for run launchtimes metrics yaml c3043a6c6 tests: Add tests lib common script a43ea24df virtiofsd: Convert legacy -o sub-options to their -- replacement 8e00dc694 virtiofsd: Drop -o no_posix_lock 2a15ad978 virtiofsd: Stop using deprecated -f option b16e0de73 gha: Add base branch on SHA on pull requst bc152b114 gha: ci-on-push: Run metrics tests dad731d5c docs: Update Developer Guide 347385b4e runtime-rs: Enhance flexibility of virtio-fs config 21d227853 versions: Update firecracker version to 1.3.3 35e4938e8 tools: Fix no-op builds 213773998 runtime-rs: update Cargo.lock 0e2379909 gha: Fix stage definition in matrix ae2cfa826 doc: add vcpu handlint doc for runtime-rs 7b1e67819 fix(clippy): fix clippy error 67972ec48 feat(runtime-rs): calculate initial size aaa96c749 feat(runtime-rs): modify onlineCpuMemRequest d66f7572d feat(runtime-rs): clear cpuset in runtime side a0385e138 feat(runtime-rs): update linux resource when stop_process a39e1e6cd feat(runtime-rs): merge the update_cgroups in update_linux_resources fa6dff9f7 feat(runtime-rs): support vcpu resizing on runtime side 8cb4238b4 packaging: Remove snap package 9f7a45996 gha: Add rootfs-initrd-mariner build target f28a62164 gha: Add cloud-hypervisor-glibc build target 8fb7ab751 dragonball: introduce virtio-balloon device 7ed949497 dragonball: introduce virtio-mem device a8e0f51c5 dragonball: extend DeviceOpContext f6afae9c7 packaging: Add rootfs-image-tdx-tarball target f62b2670c config: Add root hash value and measure config to kernel params 008058807 kernel: Integrate initramfs into Guest kernel 28b264562 initramfs: Add build script to generate initramfs 5cb02a806 image-build: generate root hash as an separate partition for rootfs 31c0ad207 packaging: Add cryptsetup support in Guest kernel and rootfs 776a15e09 runtime-rs: add support direct volume. abae11404 runtime-rs: refactor device manager implementation 69668ce87 tests: gha-run: Use correct env variable for repo f487199ed gha: aks: Fix argument in call to gha-run.sh 77519fd12 kata-ctl: Switch to slog logging; add --log-level, --json-logging args 980d084f4 log-parser: Update log parser link at README aab603096 gha: aks: Extract run commands to a script e4eb664d2 runtime-rs: update rust to 1.69.0 ed37715e0 runtime-rs: handle copy files when share_fs is not available 410bc1814 agent-ctl: fix the compile error 25d2fb0fd agent: fix the issue of exec hang with a backgroud process 5f6fc3ed7 runtime-rs: bugfix: update Cargo.lock 1c6d22c80 gha: aks: Use short SHA in cluster name 3c1f6d36d readme: Update Kata Containers logo 388684113 readme: Add status badge for the "Publish Artefacts" job 26f752038 kata-deploy: Change how we get the Ubuntu k8s key aebd3b47d gha: aks: Ensure host_os is used everywhere needed 433b5add4 kubernetes: add agnhost command in pod yaml 4b89a6bda release: Standardize kata static file name 43e73bdef packaging: make BUILDER_REGISTRY configurable 0c8282c22 gha: aks: Add the host_os as part of the aks cluster's name 9228815ad kernel: Modify build-kernel.sh to accomodate for changes in version.yaml 03027a739 gha: Fix Mariner cluster creation af16d3fca gha: Unbreak CI and fix cluster creation step ffe3157a4 dragonball: add arm64 patches for upcall 560442e6e dragonball: add vcpu_boot_onlined vector e31772cfe dragonball: add support resize_vcpu on aarch64 64c764c14 dragonball: update dbs-boot to v0.4.0 fd9b41464 dragonball: update comment for init_microvm eee7aae71 runtime-rs/sandbox_bindmounts: add support for sandbox bindmounts 5ddc4f94c runtime-rs/kata-ctl: Enhancement of DirectVolumeMount. 4af4ced1a gha: Create Mariner host as part of k8s tests 2bda92fac netlink: Fix the issue of update_interface 557b84081 gha: aks: Wait longer to start running the tests c04c872c4 gha: aks: Increase the timeout time 0e47cfc4c runtime: sending SIGKILL to qemu c477ac551 dragonball: Convert VirtioNetDeviceMgr function to method 4659facb7 dragonball: Convert BlockDeviceMgr function to method ee6deef09 dragonball: Remove virtio-net and vsock devices gracefully 428041624 kata-deploy: Improve shim backup / restore 6a0035e41 doc: Update git commands 14c3f1e9f kata-deploy: Fix indentation on kata deploy merge script

Compatibility with CRI-O

Kata Containers 3.2.0-alpha4 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.2.0-alpha4 is compatible with contaienrd v1.6.8

OCI Runtime Specification

Kata Containers 3.2.0-alpha4 support the OCI Runtime Specification v1.0.2

Compatibility with Kubernetes

Kata Containers 3.2.0-alpha4 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

• libseccomp

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version. However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build a custom kata-agent that does not use the library from sources. For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.2.0-alpha4

Default Image Guest OS:

description: | Root filesystem disk image used to boot the guest virtual machine. url: "https://github.com/kata-containers/kata-containers/tools/osbuilder" architecture: aarch64: name: "ubuntu" version: "latest" ppc64le: name: "ubuntu" version: "latest" s390x: name: "ubuntu" version: "latest" x86_64: name: "ubuntu" version: "latest" tdx: name: "ubuntu" version: "latest" meta: image-type: "ubuntu"

Default Initrd Guest OS:

description: | Root filesystem initrd used to boot the guest virtual machine. url: "https://github.com/kata-containers/kata-containers/tools/osbuilder" architecture: aarch64: name: "alpine" version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le: name: "ubuntu" version: "20.04" s390x: name: "ubuntu" version: "20.04" x86_64: name: "alpine" version: "3.15" mariner: name: "cbl-mariner" version: "2.0" sev: name: "ubuntu" version: "20.04"

Kata Containers builder images

The majority of the components of the project were built using containers. In order to do a step towards build reproducibility we publish those container images, and when those are used combined with the version of the projects listed as part of the "versions.yaml" file, users can get as close to the environment we used to build the release artefacts.

• Kernel (on all its different flavours): quay.io/kata-containers/builders:kernel-0080588075f1a09d6ed38f6e109a312905bfbefb-x86_64
• OVMF (on all its different flavours): quay.io/kata-containers/builders:ovmf-6bb2ea81952ec66e65da3557572814d50ba5b323-x86_64
• QEMU (on all its different flavurs): quay.io/kata-containers/builders:qemu-f7b7c187ec1a947ac56ea4b21e11b9ec4fae3913-x86_64
• shim-v2: quay.io/kata-containers/builders:shim-v2-go-1.19.3-rust-1.69.0-f62b2670c04a2a09ca33b95b7a3365a1c22f5f92-x86_64
• virtiofsd: quay.io/kata-containers/builders:virtiofsd-1.66.0-musl-194d5dc8a6e92a56077dff8684d8b9b49a95b83b-x86_64

The users who want to rebuild the tarballs using exactly the same images can simply use the following environment variables:

• KERNEL_CONTAINER_BUILDER
• OVMF_CONTAINER_BUILDER
• QEMU_CONTAINER_BUILDER
• SHIM_V2_CONTAINER_BUILDER
• VIRTIOFSD_CONTAINER_BUILDER

Kata Linux Containers Kernel

Kata Containers 3.2.0-alpha4 suggest to use the Linux kernel v6.1.38 See the kernel suggested Guest Kernel patches See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations