Release 3.3.0-alpha0

kata-containers Changes

• This release enables the Cloud Hypervisor driver in the runtime-rs (rust) Kata runtime. Note that this currently requires a different configuration file (configuration-cloud-hypervisor.toml rather than configuration-clh.toml). See https://github.com/kata-containers/kata-containers/pull/8250 for further details.
• Version 3.3.0-alpha0 also includes the conversion of CI to GitHub actions. This is part of the initiative to deprecate the test repository and to stop using Jenkins for CI.

Shortlog

c5cfad7023bb actions: Move all the checkout actions to v4 b32c6bf805cb release: Always use actions/checkout to ensure we're in a git repo 710eb8ab9d6e actions: release: Use GH cli instead of hub 026f6a1a4cd9 release: Adapt the CIs using the kata-deploy image 52aaf10759d4 agent: no endpoint blocking from agent-config.toml 0fb69ddf6a04 release: Kata Containers 3.3.0-alpha0 a58afe70b8e6 metrics: Add iperf udp benchmark a93fdb014b84 kata-deploy-stable: Adapt to what we're using in the stable branch 9b14dda147a3 libs: protection: Fix typo in TDX output 36109da93f7b ci: k8s: Fix bogus firecracker check in k8s-credentials-secrets.bat d01daf749b59 tests: Adjust timeout for agent stability test 82a0814fc252 tests: Enable agent stability test 2ef2b2a6dcaa docs: Fix paths to build kernel in SNP VMs documentation 0e0867f15d2d runtime-rs: ch: Add TDX CH features check 409eadddb284 runtime-rs: ch: Improve readability of guest protection checks 3e8cf6959cbb runtime: Validate hypervisor section name in config file 32be8e3a8799 tests: query data from the OPA service fbc8f8f466e1 scripts: Use install_yq from the kata-containers repo 65b1a2d277b3 release: tag_repos: Stop tagging / updating the tests repo 4f9681b411c5 metrics: fixes common.sh function to always return true 908519db9d49 metrics: skips docker restart when it is not installed or is masked. c2763120aa1d metrics: removing trailing comma characters from json file. b6ec621389d4 policy: allow access to ReseedRandomDev 500d1c5ceef4 kata-ctl: update rustls-webpki/webpki dependency d7660d82a02e runtime: unify gopkg.in/yaml.v3 to v3.0.1 fc9a107e8eef runtime: unify swag and testify dependency 79ebb959c5a6 runtime: update runc dependency to v1.1.9 7f3e8bd65eee runtime: unify golang.org/x/text to v0.7.0 df325ae371be runtime: update golang.org/x/net to v0.7.0 408b59c02c04 runtime-rs: fix bugs to support Nydus v5 157caea9fefc Revert "nydus: Temporarily skip tests on dragonball" 678fe3cd314e Dragonball: fix Nydus config serde problem 89c9454fca44 metrics: removal of reference in the documentation to the dax test. 87b760f569d2 runtime-rs: ch: Detect Intel TDX version 73e81f5e39ca runitme-rs: unify base64 encoding for direct-volume ef6388e81581 tests: Remove unused function from scability test c6463cb5aea4 tests: Fix path for versions yaml for soak parallel test 30ff58904eb0 tests: Enable scability test for stability CI 8d6f7b90964c runtime-rs: Add support for handling vfio device for cloud-hypervisor e786b2b019da gha: Add install dependencies for stability tests 84e3d884e4c7 gha: Add general dependencies to stability tests dec3951ca55f tests: Add soak parallel stability test 0f04d527d9cb tests: Enable soak parallel test dbfe6512fc09 dragonball: vcpu metrics change to be recorded per vcpu fa60fbe02326 dragonball: METRICS is refactored to RwLock<DragonballMetrics> e669282c25f3 ci: k8s: set KUBERNETES default value c30c3ff1853c tests: run k8s-volume on a given node 666993da8d75 tests: run k8s-file-volume on a given node 3a00fc910122 tests: exec_host() now gets the node name 61c9c17bff55 tests: add get_one_kata_node() to tests_common.sh 68f083c4d082 ci: k8s: set KATA_HYPERVISOR default value 6677a61fe410 ci: k8s: configurable deploy kata timeout 200e542921a8 ci: k8s: shellcheck fixes to gha-run.sh 4af78be13aa2 kata-deploy: re-format kata-[deploy|cleanup].yaml d54e6d9cdaae ci: k8s: run_tests() for kcli c2ef1f0fb089 ci: k8s: add deploy-kata-kcli() to gh-run.sh d2be8eef1a43 ci: k8s: add cleanup-kcli() to gha-run.sh cbb9aa15b6d2 ci: k8s: set default image for deploy_kata() 89bef7d03665 ci: k8s: create k8s clusters with kcli bba34910df00 metrics: stops kata components and k8s deployment when test finishes 954d40cce5b4 gha: combine coco jobs into a single yaml b60e0a9b5788 gha: combine basic amd64 jobs into a single yaml e9bd85211399 gha: ci: Revert tracing test PR to unbreak CI b8a46a4b856c runtime-rs: ch: Enable feature da91c9df88c7 ci: Port runk tests to this repo 7f2377276388 ci: Add placeholder for runk tests 9205acc3d26d ci: Move tracing tests here 3bb2923e5d14 ci: Add placeholder for tracing tests 2c3bf406dc33 ci: Create a function to install docker 8c498ef5eecc metrics: Use jq tool to pretty-print json metrics output a2159a636120 metrics: Enables FIO test for kata containers 0f2dc8c675c3 gha: Add containerd stability tests to ci yaml 85d290a04830 gha: Add stability gha run script 54f0c8f88ee4 gha: Add stability tests workflow for gha 119f03de262b gha: arm64: Ensure the builder is arm64-builder 560bbffb5770 packaging: tools: Remove set -x leftover 18fa483d907d packaging: release: Mention newly added images ca3b8883716a packaging: tools: Fix container image env var name 5ca66795c7f5 packaging: Allow passing the TOOLS_CONTAINER_BUILDER 02acef9575b5 gha: Build the kata-agent as part of our workflows 5208386ab18a packaging: Build the kata-agent 1727487eef00 agent: Allow specifying DESTDIR and AGENT_POLICY via env vars 45c1188839f3 packaging: Add get_agent_image_name() 0db8fb8f9837 versions: migrate out of k8s.gcr.io a1a0543671b6 doc: Fix spelling 59ae244442e2 doc: Update crictl pod-config 70e7ec3e2302 gha: Fix k0s deployment 6339605a14e9 tests: Add general stability fixes fd19f4082fd9 tests: Add agent stability test 215577032f5b tests: Add cassandra stress in stability tests f2d3ea988dfd tests: Add stressng dockerfile for stability tests 6493aa309e02 tests: Add stressor CPU test for stability tests ef68a3a36b5a metrics: Add stability test for kata CI d7def8317a59 metrics: Fix general check static warnings 928553d1bac1 docs: Update url in kata vra document 7c934dc7da11 gpu: Fix cold-plug of VFIO devices a6b1f5e21b21 ci: Build src/tools components as part of our tests / releases 501a168a8132 kata-deploy: Build components from src/tools 6ef42db5ecc8 static-build: Add scripts to build content from src/tools 4d08ec29bc42 packaging: Add get_tools_image_name() 98097c96deae packaging: Use git abbreviated hash 8d66ef51855c metrics: Increase qemu jitter value 5600e28b54a7 metrics: Increase jitter value for clh 8cb7df1bedd7 metrics: Add checkmetrics for latency test e90440ae2426 metrics: Add qemu latency value limit a74a8f8a9da9 metrics: Add latency value limits for kata CI 94e2ccc2d592 runtime: fix reading cgroup stats of sandboxes dfd0c9fa9ac7 runtime: clh: Re-generate the client code 8f9f087e35cc versions: Upgrade to Cloud Hypervisor v35.0 489caf1ad0fa ci: kata-monitor: Move tests over a3fb067f1bcc ci: Add placeholder for kata-monitor tests 57cb4ce204c9 ci: Make install_kata aware of container engines de1eeee334a5 ci: Create a generic install_crio function 64a20008590b ci: Add install_cni_plugins helper 8132fe15c939 ci: Modify containerd default config 9ac29b8d38f0 metrics: Add init_env function to latency test 81c8babca9e0 metrics: Fix latency yamls path 97e73b22344a metrics: Fix spelling warnings 36c8cd6f1fb0 metrics: Fix metrics README 48157368207f metrics: Fix C-Ray documentation b0a3293d53b5 runtime-rs: ch: Enable Intel TDX 523399c32997 runtime-rs: ch: Add more consts dea8065811e6 runtime-rs: ch: Remove unused function 995f2c015f9c runtime-rs: ch: Only handle particular pending device types b1b96a5c4981 runtime-rs: ch: Remove erroneous "virtio-blk-mmio" check ef63d67c411e ci: crio: Trail '\r' from exec_host() output 74c12b29270d ci: crio: Enable default capabilities 358dc2f5695e kata-deploy: Fix CRI-O detection ebaa4fa4c10e ci: crio: Pass -y to apt 08bc8e4db4e6 metrics: Add latency benchmark for gha 6776b55d7e2a metrics: Enable latency test in gha run script 15425a2b80ab local-build: Fix .docker ownership before build-payload 9c233bb9e0fb test: Add test to verify try_from for clh Netconfig 9049d311df05 runtime-rs: Add network support for cloud-hypervisor 3a6510ad61c0 osbuild: Reduce guest components binary size with strip 13ca7d9f9714 gha: Add pandoc as a dependency for static checks 28cbc3b51cb4 ci: rootfs-image build-asset is failing Fixes: #8027 a16b0962b5da chore(cargo): update cargo lock 202049f35eaa feat(runtime-rs): introduce huge page type to select VM RAM's backend d507d189bbfd fc: Add support for noflush cache option 2ca781518af4 clh: Direct IO support for block devices 87a861648846 gha: Install hunspell for static checks 0c95697cc4d8 ci: Trigger payload-after-push on workflow_dispatch 8c3c50ca8ae6 ci: Actually enable the CRI-O tests 730ef51693cc deps: updating dependencies 604a9dd673ad protocol: remove gogoprotobuff tests 07a6e63a6bd9 ci: k8s: rke2: Use sudo to call systemd 03b82e84840d ci: k8s: Add a CRI-O test d7105cf7a498 ci: k8s: Add a method to install CRI-O 54c0a471b1fa ci: k8s: k0s: Allow passing parameters to the k0s installer 82ff2db460fc runtime: support kernel params including spaces 3a2c83d69b64 ci: kata-deploy: Fix runner name 9aa8d1c9170c metrics: Add parallel bandwidth limit for qemu af59d4bf4a3f metrics: Enable parallel bandwidth iperf limit f7fa7f602aa4 ci: Enable kata-deploy tests for all the supported k8s flavours 2c908b598cbb ci: kata-deploy: Add the ability to deploy rke2 eaf61649163a ci: kata-deploy: Add the ability to deploy k0s 001525763606 ci: kata-deploy: Add deploy-k8s argument to gha-run.sh bf2cb0228306 ci: kata-deploy: Expland tests to run on k0s / rke2 b12b9e1886fa ci: kata-deploy: Add placeholder for tests on GARM 9e1fb8a96660 ci: kata-deploy: Export KUBERNETES env var 09cc0ed43853 ci: Move deploy_k8s() to gha-run-k8s-common.sh 486fe14c99c4 ci: Properly set K8S_TEST_UNION d9ef1352af13 ci: Add first letter of the K8S_TEST_HOST_TYPE to resource group name 68267a399620 ci: Create clusters in individual resource groups 44c7c082d9f7 versions: Bump virtiofsd to v1.8.0 72599f191109 clh: arm: Use static_sandbox_resource_mgmt=true aba36ab188fd nydus: Temporarily skip tests on dragonball b8a8dfcd15aa nydus: Use kata-${KATA_HYPERVISOR} instead of kata f6df3d6efb62 static-build: Fix arch error on nydus build 2f9c9e2e63c7 tests: nydus: Update nydus tests c9a4e7e46de5 versions: Bump nydus and nydus-snapshotter to its latest release b73bde320d65 gha: nydus: Populate run() b3904a1a308e gha: nydus: Populate install_dependencies() d2b3b67f5de2 gha: nydus: Actually install kata when install-kata is called 0ec00ad42e0a gha: nydus: Get rid of nydus{,-snapshotter} install from nydus_test.sh 568439c77b5a tests: nydus: Add timeout to the crictl calls 5ac3b76eb12a tests: nydus: Add uid / namespace to the nydus container / sandbox 376574a16c65 tests: nydus: Decorate some calls with sudo 4290fd4b67d1 tests: nydus: Adapt "source ..." to GHA a84efa3e875c tests: nydus: Adapt check to "clh" instead "cloud-hypervisor" 56a14b395096 tests: common: Add install_nydus_snapshotter() b6563783e278 tests: common: Add install_nydus() 1f16b6627be2 runtime/qemu: Rework QMP/HMP support 7f5e77bcb815 kernel: enable Arm pl011 support 241c355e07c5 clh:arm64: use arm AMBA uart for hypervisor debug c69a1e33bde4 ci: Use variable size of VMs depending on the tests running 8b1e9b0c758b ci: static-checks: Clean up static-checks job 2c5ca2eaf816 ci: static-checks: Run tests depending on KVM 509c309ab220 ci: static-checks: Move "sudo make test" to the new test matrix 4e963cedf4f8 ci: static-checks: Move "make test" to the new test matrix 08f2e5ae0bbd runtime-rs: Ensure static-checks-build is a dep of make test 2bc3a616aec1 kata-ctl: Use loop instead of kvm module in tests 46daddc5005c kata-ctl: Ensure GENERATED_CODE is a dep of make test ec826f328f88 agent: Ensure GENERATED_CODE is a dep of make test 1d32410a832c ci: install_libseccomp: Do not depend on the tests repo bf888b9a5eb9 ci: static-checks: Move "make check" to the new test matrix 473ec8780675 kata-ctl: Add kata-types to the Cargo.lock file ea19549a997f kata-ctl: Ensure GENERATED_CODE is a dep of make check e1257758634c tests: install_rust: Also install clippy e2c61a152c0b ci: static-checks: Move vendor check to its own job 6794d4c843e9 tests: Move install_rust.sh from the tests repo e64508c3089e tests: install_go: Remove tests repo dependency 11dff731b74d tests: Move functions from kata_arch script here 75c974c8024d ci: static-checks: Move kernel config check to its own job 1636abbe1c70 runtime: issue with non-empty []Endpoint in RemoveEndpoints eecd5bf2aabf ci: cache: Fix ovmf-sev cache 86c41074b403 ci: cache: Check the sha256sum of the component 460988c5f70e ci: cache: Remove the script used to cache artefacts on Jenkins 4533a7a4163d ci: cache: Also store the ${component} sha256sum eccc76df6357 ci: cache: Use the cached artefacts from ORAS fb24fb0dc1d5 ci: k8s: devmapper: Use a smaller / cheaper VM instance 1daf02f5d4f6 ci: nydus: Use a smaller / cheaper VM instance e60d81f554b8 ci: nerdctl: Use a smaller / cheaper VM instance 4db416997c2d ci: docker: Use a smaller / cheaper VM instance 32841827b8c5 ci: cri-containerd: Use a smaller / cheaper VM instance 094b6b2cf8a2 ci: k8s: Temporarily disable tests that require a bigger VM instance 92fff129fdae ci: k8s: Don't set cpu limit request for k8s-inotofy test faf98c0623d6 ci: Reduce the size of the AKS VMs d0c257b3a77f ci: cache: Push cached artefacts to ghcr.io 108f1b60ddf2 kata-deploy: Generate latest_{artefact,image_builder} files be2eb7b378ee ci: cache: Install ORAS in the kata-deploy binaries builder container adc18ecdb110 ci: cache: For consistency, read all used env vars c7a851efd788 ci: cache: Pass the exposed env vars to the kata-deploy binaries in docker cd4fd1292a9b metrics: Add iperf cpu utilization limit for qemu df5cd10ea0d2 metrics: Add iperf value for cpu utilization 6bd15a85d531 ci: cache: Export env vars needed to use ORAS a96050a7ad6e tests: Apply timeout to 'ctr t kill' 9d9303678381 tests/vfio: Bump VM image to Fedora 38 faee59b520a7 tests/vfio: Accept single device in vfio group for CLH df3dc1105c31 tests/vfio: Get rid of sync's 7211c3dccc9a gha: vfio: Set test timeout to 15m 1b02f89e4f9c packaging: kernel: Enable VIRTIO_IOMMU on x86_64 3a1db7a86ba1 runtime: clh: Support enabling iommu 9f1a42c6cc94 tests/vfio: Give commands 30s to execute b46b0ecf8b9a tests/vfio: Configure a value for 'hot_plug_vfio' for both vmms bfc93927fbc4 runtime: Remove redundant check in checkPCIeConfig 7c4e73b609a6 runtime: Add test cases for checkPCIeConfig fc51e4b9eb2d runtime: Check config for supported CLH (cold|hot)_plug_vfio values 509771e6f531 runtime: clh: Add hot_plug_vfio entry to config 5f6475a28a63 tests/vfio: Gather debug info and disable tdp_mmu 8fffdc81c598 tests/vfio: Capture journal from vm df815087e774 tests/vfio: Change to get the test working in GHA a92ddeea15e1 tests/vfio: Move dependency installation to gha-run.sh 5a551a85b1b3 gha: vfio: Import jobs scripts from tests repo c0ad914766b4 tests: fix kernel and initrd annotations 49e2fa189c89 metrics: Increase jitter value for qemu 49234433a71a metrics: Increase value limit for jitter in clh 0aa073967d98 metrics: Add iperf bandwidth value for qemu 615c1cbf19a0 metrics: Add iperf bandwidth value for kata metrics ad08321b83c6 metrics: Add Cassandra Metrics documentation 060499dcaefe metrics: Remove warning from metrics documentation 813bfdec0178 ci: docker: nerdtl: Use io.containerd.kata-${KATA_HYPERVISOR}.io 46bc0b1c017b ci: nerdctl: Create the containerd config 13968aa7f6cd ci: nerdctl: Switch to tcp port 80 ping e0c811678bf3 ci: docker: Switch to tcp port 80 ping ca4b6b051d53 runtime: Naming conflict of network devices ead724bec132 protocol: removing gogo.nullable feature d8e4bb985946 protocol: remove unused PROTO_FILE env 5e1106a7700d protocol: remove unused import_path 87accaaecb1c protocol: use workdir during build 711a7ed96518 protocol: remove mapping definitions 8db84c1bd22a protocol: force GOPATH to be set 68156d77ac7f protocol: breaking lines to improve readability d53eb73eecf4 metrics: Ensure docker is running in init_env a58ea66592ed metrics: this PR skips the FIO test temprarily to fix issues f536ef5ce1ba ci: docker: Also run the smoke test with runc c83f167c5981 ci: docker: Run the tests after the kata-static is created 12d833d07d36 ci: Add a very basic nerdctl sanity test c0f697fcc5fd runtime: Allow kernel_params annotation 976d10150c6c runtime-rs: hypervisor: Remove debug kernel options 52f6449b7001 kata-manager: Remove initcall_debug kernel option a75fd5eb811b runk: Fix rust unecessary mut error a31c14517262 kata-ctl: useless-vec warning c8419fc3bb22 kata-ctl: Resolve non-minimal-cfg warning 3eaf68d954da agent-ctl: Allow clippy lint 1d8b78959d01 runtime-rs: Fix useless-vec warning 99f3d69e9486 runtime-rs: Remove mut 16fbc27b09d1 dragonball: Allow ambiguous-glob-reexports bbf19195165d dragonball: Resolve non-minimal-cfg warning 75cfdd5d59d4 agent: config: Allow clippy lint f3a0fd5907b9 agent: config: Fix useles-vec warning 9e423bd3d61f libs: Fix clippy unnecesary hashes error 444395050a0e versions: Bump rust version 348b8644d6e0 ci: Add a very basic docker sanity test b03e49794eec dragonball: fix for non-deterministic builds 7870b33a2d41 runtime-rs: bring hybridVsock devices in manager. f811b064cab4 ci: use github.ref_name instead of $GITHUB_REF_NAME 6d795c089eb6 ci: Add more target-branch related fixes 8509c3187056 ci: Fix target-branch usage 470d065415e0 agent: optimize the code of systemd cgroup manager bd24afcf737f gha: Manually rebase PR atop of the target branch before testing fde34610cd63 kernel: Add erofs patches needed for CC related work dc6a4588a287 versions: Bump kernel to the latest LTS release (6.1.52) 8b4a0b368f54 kata-deploy: Remove curl after it's used 139c7f03ab67 kata-deploy: Fix aarch64 image build 72c510d057a2 runtime/virtiofsd: Drop all references to "--cache=none" 81536f21af71 runtime/qemu: Pass "--xattr" to virtiofsd instead of "-o xattr" 670a8e9c73d5 kata-deploy: Switch to an alpine image 3a427795eac9 metrics: Use TensorFlow optimized image adfea55b8f34 metrics: fix FIO test initialization 9d74b7ccc913 k8s: ci: Skip "Pod quota" test with firecracker f6cd3930c5ad ci: k8s: Remove useless skip statement from tests 3cc20b47a683 ci: k8s: Also check for "fc" (for firecracker) b5bad3cb0ff5 ci: k8s: Add clean-up-garm argument for gha-run.sh aaec5a09f325 ci: k8s: devmapper tests should be using ubuntu 20.04 27fa7d828d2f ci: k8s: Add a kata-deploy-garm target fa62a4c01b9f ci: k8s: Export KUBERNETES env var 8c9380a7980a ci: k8s: Install bats on GARM runners 3de23034f882 ci: k8s: Wait some time after restarting k3s 2df183fd9993 ci: k8s: Append, instead of overwrite, the devmapper config 369a8af8f74b ci: k8s: Decrease k3s sleep from 4 to 2 minutes ada65b988a33 ci: k8s: Use vanilla kubectl with k3s ad45ab5d337b ci: k8s: Ensure k3s is deploy with --write-kubeconfig-mode=644 028a97e0d555 ci: k8s: Use the proper command for sleep b151cfd14014 metrics: re-enable memory-usage initialization step deed1b927dd8 Dragonball: optimize the placement of dbs-upcall features 8d99972a8a3c ci: k8s: Fix typo in run-k8s-tests-on-garm.yaml 0e8bd50cbbe9 ci: k8s: Add k8s devmapper tests (part 0) b28b54df04be ci: k8s: Add a function to configure devmapper for containerd 54f71172129d ci: k8s: Add a function to deploy k3s 18c94ebbe352 kata-deploy: Create kata-static.tar with correct ownership 2e4c874726a9 runtime/vc: runPrestartHooks should ignore GetHypervisorPid failure 21204caf20a5 runtime: fail early when starting docker container with FC 32fd013716fa runtime: run prestart hooks before starting VM for FC 438fbf9669d6 metrics: Add write 95 percentile for FIO for qemu 024b4d2ffeac metrics: Add write 95 percentile FIO value b1dd09a4d345 runtime: Allow virtio_fs_extra_args annotation 2efda20c7789 packaging: do not install docker-compose-plugin for s390x|ppc64le 268e84655812 runtime-rs: Fix volumes and rootfs cleanup issues e98e5cdea2c4 metrics: Add checkmetrics to gha run script c1edfe551133 metrics: Add checkmetrics value for qemu for iperf 6a79ecedf9ae metrics: Add jitter value for clh f609a9a75437 metrics: Add test selector to iperf metrics 5b8db30422ff metrics: Enable iperf benchmark on gha for kata metrics 60f733d30109 CI: switch static-checks-dragonball CI machines to Azure 9f21fa9b39f2 metrics: Add report generator link to general documentation c0ed5ea0ad71 metrics: Add README for kata metrics report 211de08d9edf osbuilder: Remove chcon operation for guest SELinux c290eaed8c9e kata-sys-util: protection: Update TDX checks 57e7bf14a6b9 agent: refine StorageDeviceGeneric::cleanup() 53edb1937441 agent: implement StorageDeviceGeneric::cleanup() 0c63453e2846 types: make StorageDevice::cleanup() return possible error code 3a3d77b3b572 agent: move StorageDeviceGeneric from kata-types into agent 9cd706d1c9b3 agent: avoid possible leakage of storage device f3e1a6a94fb1 osbuilder: alpine: Change mirror ac612aef5e36 osbuilder: alpine: Match the version on versions.yaml bf21411e9032 tests: add policy to k8s tests d0e06106792b runtime: config: use the SEV initrd for SNP 67fed26f18c4 runtime: Use TDX image with in the qemu-tdx config ac939c458cde gha: Rebase atop of the target branch d7a996c68686 gha: Update to checkout@v3 action 82cd14ba391c versions: Update alpine to its 3.18 version c2ba29c15b21 runtime: Fix data race in ioCopy 666882575233 metrics: Add grabdata script for metrics report 00e7ffd988cd tests: check vmx only on Intel machines 80146f2078dd tests: Fixes cpuType check on AMD machines a7b59a5bf945 metrics: Add limit for 90 percentile for qemu value 99db6568e959 metrics: Add limit for write 90 percentile value for clh 6e06392c5562 metrics: Enable FIO limits for kata metrics 7e364716dd65 metrics: Add test setup details to metrics report 17dc1b976044 metrics: Add boot lifecycle times to metrics report 3b0d6538f2c3 metrics: Add memory inside container to metrics report 79fbb9d2430d metrics: Add scaling system footprint in metrics report 8e6d4e6f3d4b metrics: Add metrics reportgen 139ffd4f758e metrics: Add report file titles 878d1a2e7dab metrics: Generate PNGs alongside the PDF report fce2487971a2 metrics: Add metrics report R files 08812074d12d metrics: Add report dockerfile 69781fc027ec metrics: Add metrics report script c8dd3c07376c metrics: Fix memory footprint qemu limit 8877ec62fbb5 metrics: Fix memory inside limits for kata metrics 538c965c2b79 metrics: fix parsing issue on memory-usage test 39e67b06e98c dragonball: vsock add fifo/pipe stream support for passed fd hybridStream e286e842c1a0 tests: Expand confidential test to support TDX e31f099be179 tests: Expand confidential test to support SNP c3b9d4945e03 tests: Add confidential test for SEV 3818bf3311a5 local-build: Remove $HOME/.docker/buildx/activity/default d1b54ede290e qemu: tdx: Workaround SMP issue with TDX 1.5 1e34220c41c8 qemu: tdx: Adapt to the TDX 1.5 stack 8115a0522db7 versions: tdx: Update Kernel to 6.2 + TDX ec18180f3498 versions: tdx: Update TDVF to the "edk2-stable202302" 9803b24286e0 versions: tdx: Update QEMU to v7.2 + TDX v1.10 6a974679f214 tests: delete k8s deployment at the test's end 183f51d6f632 tests: use unique test name dffc16e5b347 runtime-rs: check peer close in log_forwarder fb49d5d7ce85 gha: Avoid "fail-fast" in tests that are known to be flaky aaa5ab1264a0 agent: simplify storage device by removing StorageDeviceObject 0e7248264db3 agent: move storage device related code into dedicated files 8f49ee33b2cb agent: refine storage related code a bit 60ca12ccb09b agent: switch to new storage subsystem fcbda0b41965 kata-types: introduce StorageDevice and StorageHandlerManager b03b1f613436 agent: simplify the way to manage storage object 8392c71bf279 sys-util: support more mount flags in parse_mount_options() c00d8f3d4842 agent: use create_mount_destination() from kata-sys-util 5e867f05382b types: add more mount related constants 880e6c9a76f3 agent: use function from kata-sys-utils to reduce code 32a778b6da92 metrics: Remove unused variable in tensorflow nhwc script d8f3ce6497ba kata-deploy: Don't try to remove /opt/kata 959ca49447d5 metrics: Add TensorFlow ResNet50 fp32 Dockerfile 4b7d72c4a8c3 metrics: Add TensorFlow ResNet50 FP32 benchmark 936e8091a7d3 gha: vfio: Run on Ubuntu 23.04 runner 40914b25d4dc kata-agent: use default filemode for block device when it is set to 0 4aee3eade0ab kata-types: implement serde methods for KataVirtualVolume b875e3932329 kata-types: validate KataVirtualVolume object fa2fdc10572a kata-types: implement two conversion helpers for KataVirtualVolume 6326af20e343 kata-types: introduce KataVirtualVolume 22d8f335d6ac libs,tests: fix typo disable_guest_seccomp in configuration-anno-1.toml 3b881fbc0edb local-build: Remove GID before creating group 5cba38c1750f kata-deploy: Avoid failing on content removal 18d42da21ea1 runtime/fc: fix image/initrd annotation handling 9fda7059a50b runtime/clh: fix image/initrd annotation handling 1a0092d6316a runtime/qemu: fix image/initrd annotation handling 8afd158cef8f metrics: Add disk link to README eee2ee6eebed metrics: Fix FIO path 400eb8874322 gha: capture additional kata-deploy output 39bc3488f575 metrics: Use function from metrics common in pytorch script fb571f8be9bf metrics: Enable kata runtime in K8s for FIO test. c8b43f8b3ed1 metrics: Fix README for pytorch 8616c050ae3c metrics: Remove unused variable in tensorflow mobilenet script cb056f8cb313 rootfs: agent: Policy support with AGENT_INIT=yes 2d896ad12fe3 gha: kata-deploy: Do the runtime class cleanup as part of the cleanup 4ffc2c86f3e3 gha: kata-deploy: Add the first kata-deploy test 285e616b5eb8 tests: common: Ensure test_type is used as part of the cluster's name 790bd3548d30 tests: commob: Don't fail if yq is not part of the cache ce6adecd0a28 gha: kata-deploy: Add run-kata-deploy-tests.sh cfc29c11a307 gha: k8s: Stop running kata-deploy tests as part of the k8s suite 85c02828e113 metrics: Update tensorflow name in gha run script e8a511934355 metrics: Fix check results for tensorflow benchmark bade6a5c3b7b docs: Fix TensorFlow word across the document 1a1b20776066 docs: Add Tensorflow Resnet50 documentation 24baededc041 metrics: Add Dockerfile for ResNet50 int8 6d971ba8df26 metrics: Add Tensorflow ResNet50 int8 benchmark f4dd15286345 tests: k8s: Call ensure_yq() in setup.sh 339569b69c4a kata-deploy: Properly create default runtime class 76dac8f22c86 agent: simplify error handling 2a491e9b1f6b metrics: Fix MobileNet help me description d19a75e80c61 gha: ci: Start running kata-deploy tests 25d151bd1b99 runk: Modify kill command's error message for containerd tests d90f7ac689ad runtime-rs: add unit test for block driver e44919f0da6e runtime-rs: add load_test_config for unit test 7f48a69379c3 runtime-rs: add driver option b3592ab25cc7 gha: cri-containerd: Enable tests 84dd02e0f9ba gha: cri-containerd: Add timeout to the crictl calls on testContainerStop b29782984a0f gha: cri-containerd: Show pod before deleting it ae0930824aa2 gha: cri-containerd: Print kata logs in case of error 6c8b2ffa603c gha: cri-containerd: Group containerd logs 9e898701f583 gha: cri-containerd: Ensure RUNTIME takes KATA_HYPERVISOR into account 18a7fd8e4e41 metrics: Rename tensorflow scripts e55fa93db984 tests: kata-deploy: Add placeholder for kata-deploy-tests-on-tdx d9ee17aaecb4 tests: kata-deploy: Add placeholder for kata-deploy-tests-on-aks 831e73ff9184 tests: kata-deploy: Add functional/kata-deploy/gha-run.sh placeholder af1b46bbf2ee tests: Add gha-run-k8s-common.sh ab829d10383e agent: runtime: add the Agent Policy feature f1d8de9be605 runk: Allow runk to launch a container without pid namespace 5d0f0d43c72a metrics: Add cassandra statefulset yaml c1dcc1396f68 metrics: Add cassandra service yaml 2297a0d1c504 metrics: Add block loop pvc yaml for cassandra e3d511946ff1 metrics: Add block loop pv yaml for cassandra test 989027159419 metrics: Add block loop pvc for cassandra test 349b89969ab7 metrics: Add Cassandra Kubernetes benchmark for kata metrics fdcd52ff78ff metrics: Add check containers are running in tensorflow mobilenet 36337ee146de metrics: Add check containers are up in tensorflow script f700f9b0ba02 metrics: Remove unused variable in tensorflow script 833cf7a68465 metrics: Add check containers are running function 918c783084d7 metrics: Add check containers are up in tensorflow mobilenet script 9d57a1fab450 metrics: Use check containers are up in tensorflow script 1c84680d8c97 metrics: Add check containers are up in common script d3e57cf4548a metrics: Use collect_results function in tensorflow mobilenet test 286de046af2a metrics: Remove collect results function definition 9879709aae78 metrics: Add common functions to the common script 767434d50a41 metrics: fix the loop used to stop kata components #7629 416445e7eb3d docs: Remove installation step in virtcontainers doc 8815ed0665bb runtime: Remove config warnings afe1a6ac5ae6 agent: support copying of directories and symlinks ab13ef87eea3 runtime: propagate configmap/secrets etc changes for remote-hyp c074ec4df16a runtime: Copy shared files recursively 72cbcf040bb1 kata-deploy: Add k0s support c52d090522f5 gha: static-checks: Move to the Azure instances 4746fa3daa66 docs: Specify supported Firecracker version using versions.yaml cc922be5ec43 versions: Update firecracker version to 1.4.0 845eeb4d7bce agent: Allow clippy::redundant_clone in the unit tests 729b2dd61102 agent: avoid creating new Vec instances when easily avoidable 473b0d3a31a1 metrics: compute tensorflow statistics d1a629622168 metrics: Add nginx documentation to network README 498f7c054978 metrics: Add nginx kubernetes yaml f8a5255cf7cc metrics: Add network nginx benchmark e6649698620a metrics: install kata once and run multiple checks 03d1fa67b1c6 ci: unencrypted-image: Fix build context eb463b38ec02 ci: unencrypted-image: Don't fail to build on s390x a2d731ad26df ci: create-confidential-image: Add dependent actions 43fe5d1b905b ci: k8s: tees: Ensure PR_NUMBER is exported 54f6a7850068 ci: {{ pr-number }} should be {{ inputs.pr-number }} fac8ccf5cd83 ci: Add build-and-publish-tee-confidential-unencrypted-image ab5f603ffa24 ci: k8s: Add the image used for unencrypted confidential tests 034d7aab876c tests: k8s: Ensure the runtime classes are properly created 1e8fe131bd5c k8s: tests: Take advantage of SHIMS and DEFAULT_SHIM env vars aeaec9dae949 tests: upgrade bats version baabfa9f1f10 agent: refine implementation of mount related code 98ba211a3441 agent: fix a bug in update_ephemeral_mounts() 5333618d70fc agent: make add_storage() take &[Storage] instead of Vec<Storage> 37f34781d11e agent: simplify function online_cpu_memory() d3c54223793c agent: refine style of code related to sandbox 71a9f67781de agent: avoid unwrap() in function do_remove_container() 84badd89d752 agent: avoid clone objects when possible b23c5ed15594 deps: Bump dependent crate versions 28e5e9c86ee9 runtime-rs: fix number of queues handling in dragonball share fs device 3958a39d079c runtime-rs: Introduce directly attachable network 863283716dde metrics: General improvements to mobilenet tensorflow test 3c319d8d4c50 metrics: Add iperf to gha run script 5b5caf89081f gha: Add iperf network metrics 1b21a46246f5 docs: Use control-plane term instead of master c36572418f97 agent: avoid unnecessary calls to Arc::clone 66db5b53500b metrics: Add latency test to network README 3b45060b6169 metrics: Add latency server yaml 9bb8451df5e2 metrics: Add latency client yaml 64fdb98704e6 metrics: Add network latency test 4fbe0a3a5336 runtime: bind-mount mounted block device into container 7e1b1949d433 runtime: add support for kata overlays 6c867d9e8640 agent: add io.katacontainers.fs-opt.overlay-rw option 6163c3565712 agent: skip mount options that start with "io.katacontainers." b2ff97aa01db dragonball: use version 0.10.4 of fuse-backend-rs 3230dec950e4 kata-deploy: Use host's systemctl 1163fc9de2c7 release: Revert kata-deploy changes after 3.2.0-rc0 release 1e15369e59fa metrics: Improve naming testing containers in launch times test 5dbe88330f0d metrics: Clean kata components before start a metric test. a81ad3b58723 runtime-rs: Add block device handling in cloud hypervisor

Compatibility with CRI-O

Kata Containers 3.3.0-alpha0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.3.0-alpha0 is compatible with contaienrd v1.6.8

OCI Runtime Specification

Kata Containers 3.3.0-alpha0 support the OCI Runtime Specification v1.0.2

Compatibility with Kubernetes

Kata Containers 3.3.0-alpha0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

• libseccomp

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version. However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build a custom kata-agent that does not use the library from sources. For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.3.0-alpha0

Default Image Guest OS:

description: | Root filesystem disk image used to boot the guest virtual machine. url: "https://github.com/kata-containers/kata-containers/tools/osbuilder" architecture: aarch64: name: "ubuntu" version: "latest" ppc64le: name: "ubuntu" version: "latest" s390x: name: "ubuntu" version: "latest" x86_64: name: "ubuntu" version: "latest" tdx: name: "ubuntu" version: "latest" meta: image-type: "ubuntu"

Default Initrd Guest OS:

description: | Root filesystem initrd used to boot the guest virtual machine. url: "https://github.com/kata-containers/kata-containers/tools/osbuilder" architecture: aarch64: name: "alpine" version: "3.18"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le: name: "ubuntu" version: "20.04" s390x: name: "ubuntu" version: "20.04" x86_64: name: "alpine" version: "3.18" mariner: name: "cbl-mariner" version: "2.0" sev: name: "ubuntu" version: "20.04"

Kata Containers builder images

The majority of the components of the project were built using containers. In order to do a step towards build reproducibility we publish those container images, and when those are used combined with the version of the projects listed as part of the "versions.yaml" file, users can get as close to the environment we used to build the release artefacts.

• agent (on all its different flavours): quay.io/kata-containers/builders:agent-9b14dda147a3-52aaf10759d4
• Kernel (on all its different flavours): quay.io/kata-containers/builders:kernel-7923de8999de-x86_64
• OVMF (on all its different flavours): quay.io/kata-containers/builders:ovmf-6bb2ea81952e-x86_64
• QEMU (on all its different flavurs): quay.io/kata-containers/builders:qemu-7ffc0c1225c3-x86_64
• shim-v2: quay.io/kata-containers/builders:shim-v2-go-1.19.3-rust-1.72.0-11631c681ae8-x86_64
• tools: quay.io/kata-containers/builders:tools-45e82b6581b9-9b14dda147a3-52aaf10759d4
• virtiofsd: quay.io/kata-containers/builders:virtiofsd-1.72.0-musl-2205fb9d050a-x86_64

The users who want to rebuild the tarballs using exactly the same images can simply use the following environment variables:

• AGENT_CONTAINER_BUILDER
• KERNEL_CONTAINER_BUILDER
• OVMF_CONTAINER_BUILDER
• QEMU_CONTAINER_BUILDER
• SHIM_V2_CONTAINER_BUILDER
• TOOLS_CONTAINER_BUILDER
• VIRTIOFSD_CONTAINER_BUILDER

Kata Linux Containers Kernel

Kata Containers 3.3.0-alpha0 suggest to use the Linux kernel v6.1.52 See the kernel suggested Guest Kernel patches See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations