Release 3.2.0

kata-containers Changes

The biggest change in 3.2.0 is the conversion of CI to GitHub actions as in the main development branch. This is part of the initiative to deprecate the test repository and to stop using Jenkins for CI.

Shortlog

224ae841ac30 release: Kata Containers 3.2.0 2cda69b2849c release: Adapt kata-deploy for 3.2.0 305e60300879 actions: Move all the checkout actions to v4 52a985e1f731 release: Always use actions/checkout to ensure we're in a git repo dc0fe5d7a22a actions: release: Use GH cli instead of hub 93c7d165dccb ci: k8s: Fix bogus firecracker check in k8s-credentials-secrets.bat 12b8cbb4f6dd tests: Adjust timeout for agent stability test 37c99a46b1af tests: Enable agent stability test 92f283f06258 runtime: Validate hypervisor section name in config file 8cf5506700a7 metrics: fixes common.sh function to always return true 544f261433a6 metrics: skips docker restart when it is not installed or is masked. 26c6ca93d3c2 metrics: removing trailing comma characters from json file. 0e0aabfd872b metrics: removal of reference in the documentation to the dax test. 5d911db5e27b tests: Remove unused function from scability test a380437380c5 tests: Fix path for versions yaml for soak parallel test 4495a797210f tests: Enable scability test for stability CI 961daee9835e scripts: Use install_yq from the kata-containers repo 9b48525af1d8 release: tag_repos: Stop tagging / updating the tests repo 668c8979f022 runtime: fix reading cgroup stats of sandboxes 11e2f2a458d5 versions: Bump virtiofsd to v1.8.0 9eb8723a5b5f clh: arm: Use static_sandbox_resource_mgmt=true e7579d20f767 runtime/qemu: Rework QMP/HMP support f0278f41d71d runtime/virtiofsd: Drop all references to "--cache=none" 4679aa771249 runtime/qemu: Pass "--xattr" to virtiofsd instead of "-o xattr" 03d712ab252c runtime: Allow virtio_fs_extra_args annotation e0513094a02d runtime/vc: runPrestartHooks should ignore GetHypervisorPid failure c17cbd30f0ea runtime: fail early when starting docker container with FC 7e6f8010bd6a runtime: run prestart hooks before starting VM for FC fa824af2349a qemu: tdx: Workaround SMP issue with TDX 1.5 07471cd7a64e qemu: tdx: Adapt to the TDX 1.5 stack 2f28866f262e versions: tdx: Update Kernel to 6.2 + TDX a36064c729f6 versions: tdx: Update TDVF to the "edk2-stable202302" 65e0b99eb4a8 versions: tdx: Update QEMU to v7.2 + TDX v1.10 9ce8ee6c0ca6 runtime/fc: fix image/initrd annotation handling f86bfe0da33d runtime/clh: fix image/initrd annotation handling 59fae423b5f5 runtime/qemu: fix image/initrd annotation handling ef65c5767fd7 kata-agent: use default filemode for block device when it is set to 0 93609aa0cd8b deps: Bump dependent crate versions 7ff98daecffa gha: Add install dependencies for stability tests ef49db59f77a gha: Add general dependencies to stability tests a818f628d7dc tests: Add soak parallel stability test 602c56c0d739 tests: Enable soak parallel test a19553930798 ci: k8s: set KUBERNETES default value c4456c21d92a tests: run k8s-volume on a given node 58ad83330053 tests: run k8s-file-volume on a given node a54bdd00d592 tests: exec_host() now gets the node name 0eaf81c1a270 tests: add get_one_kata_node() to tests_common.sh 5f2c7c78ffdb ci: k8s: set KATA_HYPERVISOR default value 7fceb21362ca ci: k8s: configurable deploy kata timeout c4b0f1f31baf ci: k8s: shellcheck fixes to gha-run.sh 6fb40ad47dd9 kata-deploy: re-format kata-[deploy|cleanup].yaml 5cd2e947dc78 ci: k8s: run_tests() for kcli 56cebfb4857a ci: k8s: add deploy-kata-kcli() to gh-run.sh 6b76d21568d3 ci: k8s: add cleanup-kcli() to gha-run.sh 308ce26438b7 ci: k8s: set default image for deploy_kata() c3b91ed39498 ci: k8s: create k8s clusters with kcli 33791f09447a metrics: stops kata components and k8s deployment when test finishes 621e6e6d8c58 gha: combine coco jobs into a single yaml fe52c0900c7e gha: combine basic amd64 jobs into a single yaml 301a7d94e32d gha: ci: Revert tracing test PR to unbreak CI c1da29b9b152 ci: Port runk tests to this repo 63be808730b8 ci: Add placeholder for runk tests 6541969a8320 ci: Move tracing tests here 5d232c8143b0 ci: Add placeholder for tracing tests 619ef169fb9d ci: Create a function to install docker 16e31dd40946 metrics: Use jq tool to pretty-print json metrics output 1f9a4e908f1b metrics: Enables FIO test for kata containers fe4f72e0a155 gha: Add containerd stability tests to ci yaml 7963298ba26c gha: Add stability gha run script a4e0929054e3 gha: Add stability tests workflow for gha be3a3c221b26 gha: arm64: Ensure the builder is arm64-builder f20164dc75c2 packaging: tools: Remove set -x leftover 1941d87b8402 packaging: release: Mention newly added images 95da1c71ecea packaging: tools: Fix container image env var name 508016fca127 packaging: Allow passing the TOOLS_CONTAINER_BUILDER bb1efe0d461d packaging: stable-3.2: Remove everything related to agent policy 892c9f2f03ab gha: Build the kata-agent as part of our workflows a586b8c5815c packaging: Build the kata-agent 766a5fa1180a agent: Allow specifying DESTDIR and AGENT_POLICY via env vars 050a4260b9b6 packaging: Add get_agent_image_name() 3770b200a861 gha: Fix k0s deployment cf254bc4ee51 tests: Add general stability fixes 1edf2d9bc15e tests: Add agent stability test a8eec39559f4 tests: Add cassandra stress in stability tests 240c584ae298 tests: Add stressng dockerfile for stability tests e95d3b1be56f tests: Add stressor CPU test for stability tests 4393f553e97c metrics: Add stability test for kata CI 362adea8cd42 metrics: Fix general check static warnings 16c349e76c97 docs: Update url in kata vra document 5800be50294c ci: Build src/tools components as part of our tests / releases 41b509e0a67f kata-deploy: Build components from src/tools a5d7ba666215 static-build: Add scripts to build content from src/tools d503daf75e05 packaging: Add get_tools_image_name() b2e432c02468 packaging: Use git abbreviated hash c22fdb46e338 metrics: Increase qemu jitter value 8a1af8689bfa metrics: Increase jitter value for clh f3fcf6cbf974 metrics: Add checkmetrics for latency test ce03e9f97a0d metrics: Add qemu latency value limit cd82a351bd55 metrics: Add latency value limits for kata CI 1709f99975a7 ci: kata-monitor: Move tests over a50c7f1972cc ci: Add placeholder for kata-monitor tests c42d19619dfe ci: Make install_kata aware of container engines 5017435734be ci: Create a generic install_crio function 98e9434be46f ci: Add install_cni_plugins helper c61b488b66f1 ci: Modify containerd default config 7c4617cfac57 metrics: Add init_env function to latency test e106ecd1e4e6 metrics: Fix latency yamls path 665805c81cd6 metrics: Fix spelling warnings b0c9b4254bbe metrics: Fix metrics README c28a0a03f009 metrics: Fix C-Ray documentation 48a9b4ab1393 ci: crio: Trail '\r' from exec_host() output 2de1c8bac27d ci: crio: Enable default capabilities d1d3c7cbdaee kata-deploy: Fix CRI-O detection 0de3216b088f kata-deploy: Add k0s support 468a3218f537 ci: crio: Pass -y to apt 3f2780fca657 metrics: Add latency benchmark for gha 73a084a7d4e8 metrics: Enable latency test in gha run script cf3abd308f82 local-build: Fix .docker ownership before build-payload 8b607ff79a74 gha: Add pandoc as a dependency for static checks 6a9384ed4069 gha: Install hunspell for static checks a11e8867afa8 ci: Trigger payload-after-push on workflow_dispatch 390bde3182a3 ci: Actually enable the CRI-O tests f2953e644882 ci: k8s: rke2: Use sudo to call systemd 08bdb6b5da16 ci: k8s: Add a CRI-O test b41fa6d9467c ci: k8s: Add a method to install CRI-O 67fef9d5c641 ci: k8s: k0s: Allow passing parameters to the k0s installer 2c3f130c8564 ci: kata-deploy: Fix runner name 7a8d848a92e0 ci: Enable kata-deploy tests for all the supported k8s flavours 7fc2f7d003ea ci: kata-deploy: Add the ability to deploy rke2 59a4b00d2962 ci: kata-deploy: Add the ability to deploy k0s 1a605c33add4 ci: kata-deploy: Add deploy-k8s argument to gha-run.sh 19ee6c9fd7ff ci: kata-deploy: Expland tests to run on k0s / rke2 03a8bed32bcf ci: kata-deploy: Add placeholder for tests on GARM f09c255766cf ci: kata-deploy: Export KUBERNETES env var abe9dc9904da ci: Move deploy_k8s() to gha-run-k8s-common.sh ea6489653ede ci: Properly set K8S_TEST_UNION 7892e04dd1e1 ci: Add first letter of the K8S_TEST_HOST_TYPE to resource group name 882d7d7d894a ci: Create clusters in individual resource groups b09a3f8f8e4b metrics: Add parallel bandwidth limit for qemu 63e8c38a7a73 metrics: Enable parallel bandwidth iperf limit f3c42ff5febf nydus: Temporarily skip tests on dragonball 49c1a373300e nydus: Use kata-${KATA_HYPERVISOR} instead of kata ae55c0b5109a static-build: Fix arch error on nydus build 65e5bfe9eb16 tests: nydus: Update nydus tests 079ab1e0acf2 versions: Bump nydus and nydus-snapshotter to its latest release d9e910702bd4 gha: nydus: Populate run() 33a44278456a gha: nydus: Populate install_dependencies() 70c1c7d8685e gha: nydus: Actually install kata when install-kata is called 30efa3e5632b gha: nydus: Get rid of nydus{,-snapshotter} install from nydus_test.sh 9ad600067696 tests: nydus: Add timeout to the crictl calls 6d9b8e243743 tests: nydus: Add uid / namespace to the nydus container / sandbox fd5935da9d64 tests: nydus: Decorate some calls with sudo 4b58777eecc2 tests: nydus: Adapt "source ..." to GHA 82c531978fca tests: nydus: Adapt check to "clh" instead "cloud-hypervisor" 4915605b20e5 tests: common: Add install_nydus_snapshotter() 8e4180f697ad tests: common: Add install_nydus() 625a05aa2a3f ci: static-checks: Clean up static-checks job 9784ded336b3 ci: static-checks: Run tests depending on KVM 668b7effb413 ci: static-checks: Move "sudo make test" to the new test matrix 4b660a4991d7 ci: static-checks: Move "make test" to the new test matrix 9e614ce466e7 runtime-rs: Ensure static-checks-build is a dep of make test d5d21f4cb40f kata-ctl: Use loop instead of kvm module in tests 93577381a5dc kata-ctl: Ensure GENERATED_CODE is a dep of make test 93440dc141f6 agent: Ensure GENERATED_CODE is a dep of make test d269f09a6641 ci: install_libseccomp: Do not depend on the tests repo bb920178ada8 ci: static-checks: Move "make check" to the new test matrix d6996d01c0c6 kata-ctl: Add kata-types to the Cargo.lock file a62e18b27f23 kata-ctl: Ensure GENERATED_CODE is a dep of make check cd6ab3cf07a7 tests: install_rust: Also install clippy d288e1ab8769 ci: static-checks: Move vendor check to its own job 755057c9ed9a tests: Move install_rust.sh from the tests repo d3a04b7b8f20 tests: install_go: Remove tests repo dependency c18c412db762 tests: Move functions from kata_arch script here bb8d1be300da ci: static-checks: Move kernel config check to its own job 7c4a0f7facab ci: Use variable size of VMs depending on the tests running 7019a25f2557 ci: cache: Fix ovmf-sev cache dc9f2c24f14e ci: cache: Check the sha256sum of the component a55c082fa121 ci: cache: Remove the script used to cache artefacts on Jenkins e464bbfc9308 ci: cache: Also store the ${component} sha256sum b5da4ce0d845 ci: cache: Use the cached artefacts from ORAS 2f280659b1cb ci: k8s: Temporarily disable tests that require a bigger VM instance f160effaeefd ci: cache: Push cached artefacts to ghcr.io 6f8ded36b6be kata-deploy: Generate latest_{artefact,image_builder} files 0210db6e34b0 ci: cache: Install ORAS in the kata-deploy binaries builder container 27dd77469dd7 ci: k8s: devmapper: Use a smaller / cheaper VM instance 3b64c8d68719 ci: nydus: Use a smaller / cheaper VM instance 03857041e447 ci: nerdctl: Use a smaller / cheaper VM instance 301edcb92e75 ci: docker: Use a smaller / cheaper VM instance 594fcdce5620 ci: cri-containerd: Use a smaller / cheaper VM instance fa9dd4604195 ci: k8s: Don't set cpu limit request for k8s-inotofy test 767ccb117f5f ci: Reduce the size of the AKS VMs 054895fcdd72 ci: cache: For consistency, read all used env vars 5e22a3085bee ci: cache: Pass the exposed env vars to the kata-deploy binaries in docker bda035449163 ci: cache: Export env vars needed to use ORAS c78f7408544a metrics: Add iperf cpu utilization limit for qemu 73e989c4b10d metrics: Add iperf value for cpu utilization 1c32b31589c0 tests: Apply timeout to 'ctr t kill' 1d78871713ee tests/vfio: Bump VM image to Fedora 38 b40a42699d11 tests/vfio: Accept single device in vfio group for CLH 82a02251592e tests/vfio: Get rid of sync's a1aed0c78e73 gha: vfio: Set test timeout to 15m 32be55aa8a2a packaging: kernel: Enable VIRTIO_IOMMU on x86_64 3b5c5bcfa4ed runtime: clh: Support enabling iommu a0f59829b213 tests/vfio: Give commands 30s to execute 65943d5b77b4 tests/vfio: Configure a value for 'hot_plug_vfio' for both vmms 18a8b8df03f2 runtime: Remove redundant check in checkPCIeConfig d86af5923f2d runtime: Add test cases for checkPCIeConfig 0a918d0d20d0 runtime: Check config for supported CLH (cold|hot)_plug_vfio values 86201ace5a0d runtime: clh: Add hot_plug_vfio entry to config 01265fb21723 tests/vfio: Gather debug info and disable tdp_mmu 44f37f689adc tests/vfio: Capture journal from vm a69d0d1772be tests/vfio: Change to get the test working in GHA e90027f38ca7 tests/vfio: Move dependency installation to gha-run.sh 62804d637ce5 gha: vfio: Import jobs scripts from tests repo 97283b18b49d metrics: Increase jitter value for qemu 3c5bd8c44d1d metrics: Increase value limit for jitter in clh 6abf513f064b ci: docker: nerdtl: Use io.containerd.kata-${KATA_HYPERVISOR}.io 9a664ea8bb6f ci: nerdctl: Create the containerd config 5734c4cbca61 ci: nerdctl: Switch to tcp port 80 ping 55c8a47a406e ci: docker: Switch to tcp port 80 ping 31c3d9bd80c7 metrics: Add iperf bandwidth value for qemu 40ae855f0e96 metrics: Add iperf bandwidth value for kata metrics deadacd58f2c metrics: Ensure docker is running in init_env 31c33f9c1c97 metrics: Add Cassandra Metrics documentation 0968bf1eb9e7 metrics: this PR skips the FIO test temprarily to fix issues e5e395139879 ci: docker: Also run the smoke test with runc c7147dabceea ci: docker: Run the tests after the kata-static is created 33430ad60ccd ci: Add a very basic nerdctl sanity test 69dd11f45938 ci: Add a very basic docker sanity test fcfa6c6e1abb ci: use github.ref_name instead of $GITHUB_REF_NAME 19d9fd9eb17b ci: Add more target-branch related fixes fe4247a90c57 ci: Fix target-branch usage 9f510d059bc8 metrics: Remove warning from metrics documentation 400418bce0ac kata-deploy: Remove curl after it's used 1df997c38c57 kata-deploy: Fix aarch64 image build 61b1a99fcaba gha: Manually rebase PR atop of the target branch before testing db563709e3b4 kata-deploy: Switch to an alpine image bb5dbfbbcebc k8s: ci: Skip "Pod quota" test with firecracker 263ed4afd1d5 ci: k8s: Remove useless skip statement from tests 7e135294a732 ci: k8s: Also check for "fc" (for firecracker) 8892d9a7b28f ci: k8s: Add clean-up-garm argument for gha-run.sh c723a7d9c89d ci: k8s: devmapper tests should be using ubuntu 20.04 aee6f36c86c8 ci: k8s: Add a kata-deploy-garm target 5bb77b628db4 ci: k8s: Export KUBERNETES env var 7ce5c8b3fa90 ci: k8s: Install bats on GARM runners 9fb291d88a62 ci: k8s: Wait some time after restarting k3s 053308eefc56 metrics: fix FIO test initialization 89345b6731cc ci: k8s: Append, instead of overwrite, the devmapper config bb675f810128 ci: k8s: Decrease k3s sleep from 4 to 2 minutes 695c7162ef09 ci: k8s: Use vanilla kubectl with k3s 7f865be39870 ci: k8s: Ensure k3s is deploy with --write-kubeconfig-mode=644 7a96d0a58991 ci: k8s: Use the proper command for sleep 92fdaf971977 metrics: Use TensorFlow optimized image 1b7ffeac531f ci: k8s: Fix typo in run-k8s-tests-on-garm.yaml 79de72592f84 ci: k8s: Add k8s devmapper tests (part 0) a41a56e32641 ci: k8s: Add a function to configure devmapper for containerd 315288a00010 ci: k8s: Add a function to deploy k3s 899c823c0b88 packaging: do not install docker-compose-plugin for s390x|ppc64le 374e77d3308f metrics: Add write 95 percentile for FIO for qemu 22ce1671a6ad metrics: Add write 95 percentile FIO value 5e90c8e17646 metrics: Add checkmetrics to gha run script 651b89ba413d metrics: Add checkmetrics value for qemu for iperf 907baa3464ef metrics: Add jitter value for clh d9408a72830b metrics: Add test selector to iperf metrics 3583f373f58d metrics: Enable iperf benchmark on gha for kata metrics 7fd7186780e7 CI: switch static-checks-dragonball CI machines to Azure 9b6c5eaff1c5 kata-deploy: Create kata-static.tar with correct ownership 4403af74ec95 metrics: re-enable memory-usage initialization step d2d7c041f300 metrics: fix parsing issue on memory-usage test 8c7a4fd121dd gha: Rebase atop of the target branch 75dcca5a5336 metrics: Add grabdata script for metrics report 59e7c3a34709 gha: Update to checkout@v3 action 8f1cc278ca4b metrics: Add report generator link to general documentation 05180b61a088 metrics: Add README for kata metrics report 17c88a1a7fc1 metrics: Add limit for 90 percentile for qemu value dbb4761c4bf0 metrics: Add limit for write 90 percentile value for clh aebf392e4554 metrics: Enable FIO limits for kata metrics 41d05b885792 metrics: Fix memory footprint qemu limit 349140758117 metrics: Fix memory inside limits for kata metrics 08027f228277 metrics: Add test setup details to metrics report 99103db1fb94 metrics: Add boot lifecycle times to metrics report 75c92ba474e7 metrics: Add memory inside container to metrics report 1c1eb9810700 metrics: Add scaling system footprint in metrics report 01f6e6a1a3a2 metrics: Add metrics reportgen 428eb6908d79 metrics: Add report file titles a8fa3d99da04 metrics: Generate PNGs alongside the PDF report 80625ed5736e metrics: Add metrics report R files 9f8e194e6fd9 metrics: Add report dockerfile 03c206f87f0f metrics: Add metrics report script 2684b267f7c9 tests: Expand confidential test to support TDX 4976629aee81 tests: Expand confidential test to support SNP 019849071e23 tests: Add confidential test for SEV 1b7c7901d962 local-build: Remove $HOME/.docker/buildx/activity/default 6a34bae03da8 gha: Avoid "fail-fast" in tests that are known to be flaky 17d22cae34a0 tests: use unique test name e8c24fa0b92d tests: delete k8s deployment at the test's end 3e07c89d3923 metrics: Remove unused variable in tensorflow nhwc script 5b9a69433d49 kata-deploy: Don't try to remove /opt/kata e99a13d26cca gha: vfio: Run on Ubuntu 23.04 runner 394d146b8949 local-build: Remove GID before creating group 742173722974 metrics: Add TensorFlow ResNet50 fp32 Dockerfile 9acbf2faf788 metrics: Add TensorFlow ResNet50 FP32 benchmark 4f2c9372c3da kata-deploy: Avoid failing on content removal 6ea1d3bffd47 metrics: Add disk link to README ad2036927f96 metrics: Fix FIO path abcb225ce326 metrics: Use function from metrics common in pytorch script 508f1bba15e2 gha: capture additional kata-deploy output d46c300608a5 metrics: Enable kata runtime in K8s for FIO test. 3d3882a06a26 metrics: Update tensorflow name in gha run script 7d0a3dbf24da metrics: Fix check results for tensorflow benchmark 3e2a383b7d04 gha: kata-deploy: Do the runtime class cleanup as part of the cleanup 2c5db14a1ad4 gha: kata-deploy: Add the first kata-deploy test 0b4fb826de33 metrics: Remove unused variable in tensorflow mobilenet script b38624e2b3af tests: common: Ensure test_type is used as part of the cluster's name cdfcd9aba8d6 tests: commob: Don't fail if yq is not part of the cache 74edbaac9671 gha: kata-deploy: Add run-kata-deploy-tests.sh d7130f48b032 gha: k8s: Stop running kata-deploy tests as part of the k8s suite 810507e8a303 tests: k8s: Call ensure_yq() in setup.sh 915bace795b2 kata-deploy: Properly create default runtime class 870d8004a0e6 metrics: Fix MobileNet help me description 145450544db7 gha: ci: Start running kata-deploy tests bd29413721a6 docs: Fix TensorFlow word across the document a845e94139e7 docs: Add Tensorflow Resnet50 documentation 6e5a5b82499c metrics: Add Dockerfile for ResNet50 int8 5d85cac1d697 metrics: Add Tensorflow ResNet50 int8 benchmark 7474e50ae2d9 gha: cri-containerd: Enable tests 20be3d93d538 gha: cri-containerd: Add timeout to the crictl calls on testContainerStop 10058f718ae6 gha: cri-containerd: Show pod before deleting it 585d5fba03be gha: cri-containerd: Print kata logs in case of error 2fea5a5f8b04 gha: cri-containerd: Group containerd logs 3c7597f4ba38 gha: cri-containerd: Ensure RUNTIME takes KATA_HYPERVISOR into account 738d808cace4 metrics: Rename tensorflow scripts 4bb8fcc0c014 tests: kata-deploy: Add placeholder for kata-deploy-tests-on-tdx f5e14ef28309 tests: kata-deploy: Add placeholder for kata-deploy-tests-on-aks e812c437fecb tests: kata-deploy: Add functional/kata-deploy/gha-run.sh placeholder c19cebfa801e tests: Add gha-run-k8s-common.sh 4e8c512346ee metrics: fix the loop used to stop kata components #7629 47f32c4983b1 metrics: Add cassandra statefulset yaml d5a14449fca7 metrics: Add cassandra service yaml 1292b51092bc metrics: Add block loop pvc yaml for cassandra 105a556a308b metrics: Add block loop pv yaml for cassandra test 1b126eb4ceb3 metrics: Add block loop pvc for cassandra test 671ad98451f2 metrics: Add Cassandra Kubernetes benchmark for kata metrics 058b3044553b gha: static-checks: Move to the Azure instances b600659df21f metrics: Add check containers are running in tensorflow mobilenet 1b30aa818e29 metrics: Add check containers are up in tensorflow script 3502bb4b203e metrics: Remove unused variable in tensorflow script b07c19eb5f91 metrics: Add check containers are running function fc893927454a metrics: Add check containers are up in tensorflow mobilenet script 73843b786d2b metrics: Use check containers are up in tensorflow script 7fffa7f9ce0e metrics: Add check containers are up in common script 1b68145b6aac metrics: Use collect_results function in tensorflow mobilenet test f29f8114704d metrics: Remove collect results function definition 6b6a6ee724ed metrics: Add common functions to the common script a341c2f3249a metrics: compute tensorflow statistics b8b4ca10e964 ci: unencrypted-image: Fix build context dcc35781f737 ci: unencrypted-image: Don't fail to build on s390x babbd4186c94 ci: create-confidential-image: Add dependent actions cecb30dbb234 metrics: Add nginx documentation to network README 1971fe49865f metrics: Add nginx kubernetes yaml 6c921ce3db8f metrics: Add network nginx benchmark a5a3e4124ff6 ci: k8s: tees: Ensure PR_NUMBER is exported 3a21c485bf1e ci: {{ pr-number }} should be {{ inputs.pr-number }} 218d83bd3fbe tests: k8s: Ensure the runtime classes are properly created 0625d8dfc1bd ci: Add build-and-publish-tee-confidential-unencrypted-image 6ae591c6188e ci: k8s: Add the image used for unencrypted confidential tests 8d4f9ef256b1 tests: upgrade bats version a48466689053 metrics: install kata once and run multiple checks 759b0fa38587 metrics: General improvements to mobilenet tensorflow test d6398ccf9ecc metrics: Add iperf to gha run script a75db201676e gha: Add iperf network metrics b33d4de01366 metrics: Add latency test to network README db23b95b53e5 metrics: Add latency server yaml 2b60fe0fe087 metrics: Add latency client yaml aa71d6f9311d metrics: Add network latency test b2c627aac919 metrics: Improve naming testing containers in launch times test ea1fdd2cb937 metrics: Clean kata components before start a metric test. 7d5f65be7ce9 kata-deploy: Use host's systemctl 2881bad407b0 dragonball: use version 0.10.4 of fuse-backend-rs

Compatibility with CRI-O

Kata Containers 3.2.0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.2.0 is compatible with contaienrd v1.6.8

OCI Runtime Specification

Kata Containers 3.2.0 support the OCI Runtime Specification v1.0.2

Compatibility with Kubernetes

Kata Containers 3.2.0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

• libseccomp

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version. However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build a custom kata-agent that does not use the library from sources. For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.2.0

Default Image Guest OS:

description: | Root filesystem disk image used to boot the guest virtual machine. url: "https://github.com/kata-containers/kata-containers/tools/osbuilder" architecture: aarch64: name: "ubuntu" version: "latest" ppc64le: name: "ubuntu" version: "latest" s390x: name: "ubuntu" version: "latest" x86_64: name: "ubuntu" version: "latest" tdx: name: "ubuntu" version: "latest" meta: image-type: "ubuntu"

Default Initrd Guest OS:

description: | Root filesystem initrd used to boot the guest virtual machine. url: "https://github.com/kata-containers/kata-containers/tools/osbuilder" architecture: aarch64: name: "alpine" version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le: name: "ubuntu" version: "20.04" s390x: name: "ubuntu" version: "20.04" x86_64: name: "alpine" version: "3.15" mariner: name: "cbl-mariner" version: "2.0" sev: name: "ubuntu" version: "20.04"

Kata Containers builder images

The majority of the components of the project were built using containers. In order to do a step towards build reproducibility we publish those container images, and when those are used combined with the version of the projects listed as part of the "versions.yaml" file, users can get as close to the environment we used to build the release artefacts.

• agent (on all its different flavours): quay.io/kata-containers/builders:agent-901c19225121-ef65c5767fd7
• Kernel (on all its different flavours): quay.io/kata-containers/builders:kernel-7923de8999de-x86_64
• OVMF (on all its different flavours): quay.io/kata-containers/builders:ovmf-6bb2ea81952e-x86_64
• QEMU (on all its different flavurs): quay.io/kata-containers/builders:qemu-7ffc0c1225c3-x86_64
• shim-v2: quay.io/kata-containers/builders:shim-v2-go-1.19.3-rust-1.69.0-11631c681ae8-x86_64
• tools: quay.io/kata-containers/builders:tools-d5d21f4cb40f-901c19225121-ef65c5767fd7
• virtiofsd: quay.io/kata-containers/builders:virtiofsd-1.72.0-musl-2205fb9d050a-x86_64

The users who want to rebuild the tarballs using exactly the same images can simply use the following environment variables:

• AGENT_CONTAINER_BUILDER
• KERNEL_CONTAINER_BUILDER
• OVMF_CONTAINER_BUILDER
• QEMU_CONTAINER_BUILDER
• SHIM_V2_CONTAINER_BUILDER
• TOOLS_CONTAINER_BUILDER
• VIRTIOFSD_CONTAINER_BUILDER

Kata Linux Containers Kernel

Kata Containers 3.2.0 suggest to use the Linux kernel v6.1.38 See the kernel suggested Guest Kernel patches See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations