4.0.0-test

kata-containers/kata-containers

版本发布时间: 2024-03-01 22:07:24

kata-containers/kata-containers最新发布版本:3.4.0(2024-04-20 00:12:32)

Survey

Please take the Kata Containers survey:

https://openinfrafoundation.formstack.com/forms/kata_containers_user_survey

This will help the Kata Containers community understand:

how you use Kata Containers
what features and improvements you would like to see in Kata Containers

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

libseccomp

The kata-agent uses the libseccomp v2.5.5 which is not modified from the upstream version. However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build a custom kata-agent that does not use the library from sources.

Kata Containers builder images

The majority of the components of the project were built using containers. In order to do a step towards build reproducibility we publish those container images, and when those are used combined with the version of the projects listed as part of the "versions.yaml" file, users can get as close to the environment we used to build the release artefacts.

agent (on all its different flavours): quay.io/kata-containers/builders:agent-65c32735e-f3bc6e415-x86_64
Kernel (on all its different flavours): quay.io/kata-containers/builders:kernel-4fc34323a-x86_64
OVMF (on all its different flavours): quay.io/kata-containers/builders:ovmf-6bb2ea819-x86_64
QEMU (on all its different flavurs): quay.io/kata-containers/builders:qemu-0538bbfc4-x86_64
shim-v2: quay.io/kata-containers/builders:shim-v2-go-1.19.3-rust-1.72.0-a13eecf7f-x86_64
tools: quay.io/kata-containers/builders:tools-9b7bd376e-a5f0b92bc-bb4c608b3-x86_64
virtiofsd: quay.io/kata-containers/builders:virtiofsd-1.72.0-musl-2205fb9d0-x86_64

The users who want to rebuild the tarballs using exactly the same images can simply use the following environment variables:

AGENT_CONTAINER_BUILDER
COCO_GUEST_COMPONENTS_CONTAINER_BUILDER
KERNEL_CONTAINER_BUILDER
OVMF_CONTAINER_BUILDER
PAUSE_IMAGE_CONTAINER_BUILDER
QEMU_CONTAINER_BUILDER
SHIM_V2_CONTAINER_BUILDER
TOOLS_CONTAINER_BUILDER
VIRTIOFSD_CONTAINER_BUILDER

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

What's Changed

metrics: Add parallel udp iperf3 benchmark by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8278
runtime-rs: fix a typo in device manager by @ZizhengBian in https://github.com/kata-containers/kata-containers/pull/8294
AArch64: runtime: use pcie root port to do pci/pcie device hotplug by @jongwu in https://github.com/kata-containers/kata-containers/pull/7647
dragonball: add metrics support for balloon device by @lisongqian in https://github.com/kata-containers/kata-containers/pull/7697
kata-manager: Add clh config to containerd config file by @amshinde in https://github.com/kata-containers/kata-containers/pull/8281
gha: add dependencies for spell checker by @cmaf in https://github.com/kata-containers/kata-containers/pull/8317
runtime-rs: Add default configuration file for cloud-hypervisor by @amshinde in https://github.com/kata-containers/kata-containers/pull/8250
tests/git-helper: cancel any previous rebase left halfway by @wainersm in https://github.com/kata-containers/kata-containers/pull/8322
agent: use open_tree()/move_mount() to set up bind mounts between containers directly. by @h56983577 in https://github.com/kata-containers/kata-containers/pull/8033
dragonball: add metrics support for legacy device by @lisongqian in https://github.com/kata-containers/kata-containers/pull/7695
kata-runtime/kata-ctl: Add security details to output by @jodh-intel in https://github.com/kata-containers/kata-containers/pull/8314
dragonball: add tracing feature for dragonball by @lisongqian in https://github.com/kata-containers/kata-containers/pull/7831
utils: kata manager: Fix version checks by @jodh-intel in https://github.com/kata-containers/kata-containers/pull/8323
Enable fio checkmetrics by @dborquez in https://github.com/kata-containers/kata-containers/pull/8202
network: Fix network attach for ipvlan and macvlan by @amshinde in https://github.com/kata-containers/kata-containers/pull/8334
agent: Skip flaky create_tmpfs on s390x by @BbolroC in https://github.com/kata-containers/kata-containers/pull/8289
runtime-rs: Log system enhancement by @TimePrinciple in https://github.com/kata-containers/kata-containers/pull/8311
docs: Fix broken links by @cmaf in https://github.com/kata-containers/kata-containers/pull/8255
cargo: Agent cargo.lock updated by @amshinde in https://github.com/kata-containers/kata-containers/pull/8351
release: Fully migrate from hub to gh by @gkurz in https://github.com/kata-containers/kata-containers/pull/8308
gha: Add workflow to close stale PRs by @fidencio in https://github.com/kata-containers/kata-containers/pull/8348
kata-manager: Fix deployment of containerd on architectures other than amd64. by @brianwang12 in https://github.com/kata-containers/kata-containers/pull/7057
Docs: Fix Dragonball link by @sazzy4o in https://github.com/kata-containers/kata-containers/pull/8285
gha: stale: Fix typo and allow manually triggering it by @fidencio in https://github.com/kata-containers/kata-containers/pull/8368
kata-manager: Accept only "lts" or "active" as containerd versions by @fidencio in https://github.com/kata-containers/kata-containers/pull/8365
runtime-rs: update device pci info for vfio and virtio-blk devices by @amshinde in https://github.com/kata-containers/kata-containers/pull/8284
Updating containerd to a GogoProtobuf free version by @beraldoleal in https://github.com/kata-containers/kata-containers/pull/8061
tests: fixes permission denied when running test by @beraldoleal in https://github.com/kata-containers/kata-containers/pull/8217
runtime-rs: ch: Simplify VSOCK error handling by @jodh-intel in https://github.com/kata-containers/kata-containers/pull/8386
agent: Restrict device access at upper node of container's cgroup by @justxuewei in https://github.com/kata-containers/kata-containers/pull/7531
runtime-rs: Update status for pause and resume by @cmaf in https://github.com/kata-containers/kata-containers/pull/8023
network: Fix network hotplug for ipvlan and macvlan endpoints for qemu and add tests by @amshinde in https://github.com/kata-containers/kata-containers/pull/8367
runtime: Fix TestCheckHostIsVMContainerCapable unstablity issue by @justxuewei in https://github.com/kata-containers/kata-containers/pull/8389
Upgrade to Cloud Hypervisor v36.0 by @likebreath in https://github.com/kata-containers/kata-containers/pull/8379
gha: Fix regex used to get kubectl version from the k3s version by @fidencio in https://github.com/kata-containers/kata-containers/pull/8411
kata-deploy: Allow users to set hypervisor annotations by @fidencio in https://github.com/kata-containers/kata-containers/pull/8404
agent: update AGENT_THREADS metrics value by @gaohuatao-1 in https://github.com/kata-containers/kata-containers/pull/8370
runtime-rs: fix a typo in shm by @studychao in https://github.com/kata-containers/kata-containers/pull/8169
kata-manager: Add support for Docker CLI installation by @fidencio in https://github.com/kata-containers/kata-containers/pull/8376
Update release process documentation by @gkurz in https://github.com/kata-containers/kata-containers/pull/8309
utils: kata-manager: Ensure only one download URL by @jodh-intel in https://github.com/kata-containers/kata-containers/pull/8374
docs: add agent policy documentation by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/8406
dragonball: Introduce vhost-net device by @justxuewei in https://github.com/kata-containers/kata-containers/pull/7675
runtime-rs: ch: Fix TDX by @jodh-intel in https://github.com/kata-containers/kata-containers/pull/8419
metrics: Fix function that completely stops kata containers before running a test by @dborquez in https://github.com/kata-containers/kata-containers/pull/8338
utils: kata-manager: Add option to list versions by @jodh-intel in https://github.com/kata-containers/kata-containers/pull/8383
ci: Re-add tracing tests and move docker/nerdctl to the basic-ci-amd64.yaml file by @fidencio in https://github.com/kata-containers/kata-containers/pull/8174
gha: Remove docker and nerdctl tests from ci.yaml by @justxuewei in https://github.com/kata-containers/kata-containers/pull/8432
runtime: Improve vCPU allocation for the VMMs by @fidencio in https://github.com/kata-containers/kata-containers/pull/7623
kernel: Fix vsock packets drop when the driver initializes by @alex-matei in https://github.com/kata-containers/kata-containers/pull/8431
dragonball: Remove vhost-net dependency on virtio-net by @justxuewei in https://github.com/kata-containers/kata-containers/pull/8426
tests|gha: add nightly tests for s390x by @BbolroC in https://github.com/kata-containers/kata-containers/pull/7987
gha: Keep kata tarballs for 15 days by @ldoktor in https://github.com/kata-containers/kata-containers/pull/8460
tests: Enable stressng scalability test by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8421
metrics: Add iperf udp information to README by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8453
tests|gha: add containerd and k8s tests for s390x by @BbolroC in https://github.com/kata-containers/kata-containers/pull/7931
StratoVirt: add support for a lightweight VMM StratoVirt in Kata by @WenyuanLau in https://github.com/kata-containers/kata-containers/pull/7796
Fixes make check errors by @beraldoleal in https://github.com/kata-containers/kata-containers/pull/8345
runitme-rs/bugfix: kata pod with multi-containers sharing one direct volume by @Apokleos in https://github.com/kata-containers/kata-containers/pull/8332
kata-deploy: Set a default value for ALLOWED_HYPERVISOR_ANNOTATIONS by @BbolroC in https://github.com/kata-containers/kata-containers/pull/8478
dragonball: Uniform the spelling of Virtio by @justxuewei in https://github.com/kata-containers/kata-containers/pull/8465
Dragonball: add PCI bus and PCI interrupt support in mptable Spec by @studychao in https://github.com/kata-containers/kata-containers/pull/8451
CC: Remote hypervisor merge to main by @stevenhorsman in https://github.com/kata-containers/kata-containers/pull/7046
utils: kata-manager: Allow installing kata from a given tarball by @fidencio in https://github.com/kata-containers/kata-containers/pull/8439
runtime: Introduce KataVirtualVolume structure into go runtime by @ChengyuZhu6 in https://github.com/kata-containers/kata-containers/pull/8471
runtime-rs: bringing virtio-fs device in device-manager by @Apokleos in https://github.com/kata-containers/kata-containers/pull/7932
dragonball: add vhost-user connection management logic by @adamqqqplay in https://github.com/kata-containers/kata-containers/pull/8450
tests: k8s: Allow passing rust-runtime env var to kata-deploy by @fidencio in https://github.com/kata-containers/kata-containers/pull/8476
kernel: backport erofs patch to 6.1.52 guest kernel by @ChengyuZhu6 in https://github.com/kata-containers/kata-containers/pull/8481
metrics: Fix result finding in tensorflow benchmark by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8467
runtime-rs on arm64: Fixes unable to Boot Container Image using Cloud… by @brianwang12 in https://github.com/kata-containers/kata-containers/pull/8422
runtime: Fix configmap/secrets updates with FS sharing disabled by @Sumynwa in https://github.com/kata-containers/kata-containers/pull/8239
github: add workflows for building and publishing kata artefacts on ppc64le by @Amulyam24 in https://github.com/kata-containers/kata-containers/pull/8459
runtime: Pass KataVirtualVolume to the guest as devices in go runtime by @ChengyuZhu6 in https://github.com/kata-containers/kata-containers/pull/8494
CODEOWNERS: Expand scope by @jodh-intel in https://github.com/kata-containers/kata-containers/pull/8461
gha: add cri-containerd workflow for ppc64le by @Amulyam24 in https://github.com/kata-containers/kata-containers/pull/8501
gha: Disable stratovirt for gha metrics by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8497
Revert "runtime: confidential: Do not set the max_vcpu to cpu" by @fidencio in https://github.com/kata-containers/kata-containers/pull/8533
tools: Stop building / shipping log-parser-rs by @fidencio in https://github.com/kata-containers/kata-containers/pull/8528
gha: fix artefacts build on ppc64le by @Amulyam24 in https://github.com/kata-containers/kata-containers/pull/8526
runtime: Update hypervisor generated code by @stevenhorsman in https://github.com/kata-containers/kata-containers/pull/8520
osbuilder: add pkg bash for alpine by @cheriL in https://github.com/kata-containers/kata-containers/pull/8456
tests: more k8s-exec-rejected debug output by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/8271
metrics: Fix iperf parallel bandwidth limit by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8531
runtime-rs: Add Hybrid VSOCK device handling for CH by @cmaf in https://github.com/kata-containers/kata-containers/pull/7815
Migrate static checks by @cmaf in https://github.com/kata-containers/kata-containers/pull/8288
build/kata-deploy: Move rust runtime config files to runtime-rs directory -- based on #8445 by @fidencio in https://github.com/kata-containers/kata-containers/pull/8483
libs:logging: Fix logger by @jodh-intel in https://github.com/kata-containers/kata-containers/pull/8547
runtime-rs: Enhancing DirectVolMount Handling with Patching Support by @Apokleos in https://github.com/kata-containers/kata-containers/pull/8301
dragonball: init dbs-pci lib with pci bus & pci conf by @studychao in https://github.com/kata-containers/kata-containers/pull/8480
libs: protection: x86_64: drop root requirement for querying by @jodh-intel in https://github.com/kata-containers/kata-containers/pull/8549
kernel: Add CONFIG_TDX_GUEST_DRIVER to the tdx.conf by @fidencio in https://github.com/kata-containers/kata-containers/pull/8556
gha: Add cloud runtime rs as part of the stability tests by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8550
docs: Update iperf3 network documentation by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8524
docs: Update cri installation url link by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8540
runtime-rs: Launch cloud-hypervisor in given netns by @amshinde in https://github.com/kata-containers/kata-containers/pull/8551
move vsock device into device manager by @Apokleos in https://github.com/kata-containers/kata-containers/pull/8516
runtime-rs: Show config files attempted on config load failure by @jodh-intel in https://github.com/kata-containers/kata-containers/pull/8558
mount: support checking multiple kinds of block device driver by @yuchen0cc in https://github.com/kata-containers/kata-containers/pull/4743
gha: dragonball: Enable, but do not run, cri-containerd, stability, and devmapper tests by @fidencio in https://github.com/kata-containers/kata-containers/pull/8570
Build for measured rootfs improvements by @wainersm in https://github.com/kata-containers/kata-containers/pull/7231
gha: basic-ci: Add a timeout for the tests by @fidencio in https://github.com/kata-containers/kata-containers/pull/8573
image-builder: bugfix incorrect partition location by @Lu-Biao in https://github.com/kata-containers/kata-containers/pull/8436
docs: Update config containerd url link by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8578
runtime-rs: add network hotplug for clh by @amshinde in https://github.com/kata-containers/kata-containers/pull/8580
deployment: Add stable overlay for kata-deploy.yaml by @zvonkok in https://github.com/kata-containers/kata-containers/pull/8509
GHA: remove GITHUB_WORKSPACE when workflow fails due to merge conflict by @BbolroC in https://github.com/kata-containers/kata-containers/pull/8601
metrics: Update TensorFlow ResNet FP32 dockerfile by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8594
gha: nerdctl: Enable cloud hypervisor runtime-rs for nerdctl CI by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8604
Implement and use try_from for DiskConfig by @amshinde in https://github.com/kata-containers/kata-containers/pull/8582
packaging: Add IBM Z SE artifacts to main by @BbolroC in https://github.com/kata-containers/kata-containers/pull/6755
dragonball: introduce vhost-user-fs device by @adamqqqplay in https://github.com/kata-containers/kata-containers/pull/8429
GHA: make secrets inherited for build-kata-static-tarball-s390x by @BbolroC in https://github.com/kata-containers/kata-containers/pull/8612
kata-ctl: Moved log-parser-rs into kata-ctl by @gabevenberg in https://github.com/kata-containers/kata-containers/pull/6826
runtime-rs: fix panic when hypervisor mismatches with configuration by @liubogithub in https://github.com/kata-containers/kata-containers/pull/8566
GHA: Use --client=true for k3s kubectl version by @BbolroC in https://github.com/kata-containers/kata-containers/pull/8622
CI: static-checks: Try multiple user agents by @jodh-intel in https://github.com/kata-containers/kata-containers/pull/8592
GHA: Fix kata-deploy-runtime-classes-check for kata-qemu-se by @BbolroC in https://github.com/kata-containers/kata-containers/pull/8624
rootfs: build OPA binary from source for ppc64le and s390x by @BbolroC in https://github.com/kata-containers/kata-containers/pull/7769
gha: k8s: Add cloud-hypervisor (runtime-rs) support by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8560
dragonball: add --all for fmt ci by @studychao in https://github.com/kata-containers/kata-containers/pull/8599
metrics: cleans k8s iperf deployment when the test finishes. by @dborquez in https://github.com/kata-containers/kata-containers/pull/8542
tests: nerdctl: Enable nerdctl tests for cloud hypervisor runtime-rs by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8617
dragonball: Disable packed virtqueue for vhost-user devices by @justxuewei in https://github.com/kata-containers/kata-containers/pull/8634
runtime-rs: ch: Change state when VM stopped by @jodh-intel in https://github.com/kata-containers/kata-containers/pull/8630
dragonball: add pci root bus and root device by @studychao in https://github.com/kata-containers/kata-containers/pull/8564
kata-deploy: Use tomlq to configure containerd by @fidencio in https://github.com/kata-containers/kata-containers/pull/8639
static-checks: Direct Makefile to use new static checks by @cmaf in https://github.com/kata-containers/kata-containers/pull/8635
GHA: Put all the preliminary steps into pre-action for s390x by @BbolroC in https://github.com/kata-containers/kata-containers/pull/8649
dragonball: Use vhost-net device by default by @justxuewei in https://github.com/kata-containers/kata-containers/pull/8609
runtime-rs: Enhancement of DirectVolume when using a dedicated CSI by @Apokleos in https://github.com/kata-containers/kata-containers/pull/8620
gha: add a post cleanup script for cri-containerd ppc64le workflow by @Amulyam24 in https://github.com/kata-containers/kata-containers/pull/8667
Remove warning for cgroupsv2 only operating systems by @wvell in https://github.com/kata-containers/kata-containers/pull/8589
static-checks: Add some dependencies to static checks for CoCo features by @ChengyuZhu6 in https://github.com/kata-containers/kata-containers/pull/8674
metrics: Update TensorFlow ResNet50 Int8 Dockerfile by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8644
metrics: Improve latency network cleanup by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8659
tests: k8s: Fix indentation in setup script by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8676
runtime-rs: support Memory hotplug by @Tim-0731-Hzt in https://github.com/kata-containers/kata-containers/pull/6876
github-actions: Remove ignore paths for required CI checks by @amshinde in https://github.com/kata-containers/kata-containers/pull/8664
kata-ctl: Add option to dump config files by @jodh-intel in https://github.com/kata-containers/kata-containers/pull/8641
agent: correct CPUShares and CPUWeight value by @jongwu in https://github.com/kata-containers/kata-containers/pull/8341
ci: Use static checks from kata repo for lib functions by @cmaf in https://github.com/kata-containers/kata-containers/pull/8682
runtime-rs: Separate init_config() from new() for struct VsockDevice by @BbolroC in https://github.com/kata-containers/kata-containers/pull/8672
dragonball: Trigger unit tests of dbs_* subcrates by make test by @justxuewei in https://github.com/kata-containers/kata-containers/pull/8700
tests: additional run-runk logging by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/8697
tests: k8s: Fix indentation in confidential common script by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8699
runtime-rs: Update readme to indicate cloud-hypervisor support by @amshinde in https://github.com/kata-containers/kata-containers/pull/8588
gha: kata-deploy: Revert containerd config break by @stevenhorsman in https://github.com/kata-containers/kata-containers/pull/8679
kata-deploy: Update jq as part of the kata-deploy daemonset by @fidencio in https://github.com/kata-containers/kata-containers/pull/8709
tests: retry connection to pod SSH server by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/8688
tests: Use function from Kata repo by @cmaf in https://github.com/kata-containers/kata-containers/pull/8714
tests: Load vhost modules explicitly while Kata installing by @justxuewei in https://github.com/kata-containers/kata-containers/pull/8718
kata-deploy: Allow setting up snapshotters per runtime handler by @fidencio in https://github.com/kata-containers/kata-containers/pull/8655
dragonball: introduce pci msi/msix interrupt by @studychao in https://github.com/kata-containers/kata-containers/pull/8662
kata-deploy: snapshotter typo fixes by @stevenhorsman in https://github.com/kata-containers/kata-containers/pull/8721
runtime-rs: Refactor the code related to PCI paths and VFIO device driver initialize in DM. by @Apokleos in https://github.com/kata-containers/kata-containers/pull/8668
dragonball: Support vhost-user-net device by @justxuewei in https://github.com/kata-containers/kata-containers/pull/8503
runtime-rs: Support vhost-user-net device by @justxuewei in https://github.com/kata-containers/kata-containers/pull/8626
kata-monitor: fix Dockerfile to build image by @liubin in https://github.com/kata-containers/kata-containers/pull/8729
dragonball: introduce vhost-user-blk device by @adamqqqplay in https://github.com/kata-containers/kata-containers/pull/8632
dragonball: introduce vfio support by @studychao in https://github.com/kata-containers/kata-containers/pull/8724
kata-deploy: Fix shim check for snapshotter configuration by @fidencio in https://github.com/kata-containers/kata-containers/pull/8733
runtime-rs: add pci topology for pci devices by @Apokleos in https://github.com/kata-containers/kata-containers/pull/7489
runtime-rs: Add dedicated CSI driver for DirectVolume support in Kata by @Apokleos in https://github.com/kata-containers/kata-containers/pull/8618
Dragonball: add pci vfio passthrough, hot(un)plug support by @studychao in https://github.com/kata-containers/kata-containers/pull/8740
dbs-pci: introduce Cargo.lock to prevent the influence from upstream by @studychao in https://github.com/kata-containers/kata-containers/pull/8771
runtime-rs|agent|protocols|agent-ctl: Bump ttrpc and containerd-shim-protos versions by @justxuewei in https://github.com/kata-containers/kata-containers/pull/8757
dragonball: Fix compilation issue without all net features by @justxuewei in https://github.com/kata-containers/kata-containers/pull/8744
metrics: Improve iperf3 cleanup by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8766
docs: Update docs for new StratoVirt VMM introduction by @fadecoder in https://github.com/kata-containers/kata-containers/pull/8759
tests: Add hypervisor component to kill kata components function by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8776
agent: hold lock while setting new policy by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/8735
agent: Fix an issue reporting OOM events by mistake by @justxuewei in https://github.com/kata-containers/kata-containers/pull/8773
agent: use method params instead of const params in functions by @cheriL in https://github.com/kata-containers/kata-containers/pull/8326
packaging: Fix indentation of build static stratovirt by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8778
tests: Add check images as part of install dependencies by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8789
tests: list the current k8s pods by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/8772
runtime-rs: fixup the of bridge vfio device between runtime-rs and dr… by @Apokleos in https://github.com/kata-containers/kata-containers/pull/8749
TEEs: Introduce kernel-confidential by @fidencio in https://github.com/kata-containers/kata-containers/pull/8753
versions: Update runc version by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8796
runtime-rs: Forward events to containerd via ttrpc by @justxuewei in https://github.com/kata-containers/kata-containers/pull/8780
runtime: Allow no initrd path for IBM Z Secure Execution by @BbolroC in https://github.com/kata-containers/kata-containers/pull/8693
gha: Fix the failure of gha metrics for StratoVirt by @WenyuanLau in https://github.com/kata-containers/kata-containers/pull/8657
tools: add policy generation tool by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/8248
Fix backport check hub by @stevenhorsman in https://github.com/kata-containers/kata-containers/pull/8763
runtime-rs: ch: Unbreak CH driver by @jodh-intel in https://github.com/kata-containers/kata-containers/pull/8803
ci: test dragonball stability and cri-containerd by @Apokleos in https://github.com/kata-containers/kata-containers/pull/8737
metrics: Use a specific python version to run tensorflow benchmark by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8792
genpolicy: "cargo fmt -- --check" clean-up by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/8817
dragonball: Remove unused definition by @justxuewei in https://github.com/kata-containers/kata-containers/pull/8819
tests: cbl-mariner: disable k8s-oom.bats by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/8827
genpolicy: cargo clippy fixes by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/8822
metrics: Remove iperf3 server protocol by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8830
runtime-rs: bugfix for DirectVolume/rawblock when driver is blk by @Apokleos in https://github.com/kata-containers/kata-containers/pull/8708
genpolicy: temporarily disable allow_storages() by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/8837
tools: genpolicy static checks by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/8814
tests: Ignore virtiofs contribution to memory usage when it is disabled. by @dborquez in https://github.com/kata-containers/kata-containers/pull/8808
genpolicy: use root path from cbl-mariner Guest VM by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/8836
runtime-rs: ch: Implement minimal implementation for missing thread/pid APIs by @jodh-intel in https://github.com/kata-containers/kata-containers/pull/8710
tools: install genpolicy settings files by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/8845
GHA: Enable static check for s390x, aarch64 and ppc64le by @BbolroC in https://github.com/kata-containers/kata-containers/pull/8485
runtime-rs: Add qemu cmdline generation framework by @pmores in https://github.com/kata-containers/kata-containers/pull/8185
genpolicy: ignore pod DNS settings by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/8862
versions: Update firecracker version by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8855
gha: get ready to install genpolicy by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/8857
gpu: Add NVIDIA GPU Confidential kernel target by @zvonkok in https://github.com/kata-containers/kata-containers/pull/8872
runtime: remove SharedVersions field dead code by @kalil-pelissier in https://github.com/kata-containers/kata-containers/pull/8812
docs: provide a guide for how to use IBM Secure Execution by @BbolroC in https://github.com/kata-containers/kata-containers/pull/7146
versions: Update libseccomp to version v2.5.5 by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8884
gpu: remove GHA target first then remove the obsoleted Makefile targets by @zvonkok in https://github.com/kata-containers/kata-containers/pull/8901
tests: k8s: bats --show-output-of-passing-tests by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/8898
tools: allow all users to execute genpolicy by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/8908
metrics: Update packages needed for ResNet50 FP32 Dockerfile by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8876
tools: Use defined variable in build base qemu script by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8904
qemu: enable TPM by @zvonkok in https://github.com/kata-containers/kata-containers/pull/8905
packaging: Don't always build the kata-agent by @fidencio in https://github.com/kata-containers/kata-containers/pull/8916
tests: Add IBM SE to the basic confidential test by @BbolroC in https://github.com/kata-containers/kata-containers/pull/8914
genpolicy: add shareProcessNamespace support by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/8909
gha: Cache the agent for non-x86_64 arches by @fidencio in https://github.com/kata-containers/kata-containers/pull/8926
gha: azure: Set the correct subscription to the account by @fidencio in https://github.com/kata-containers/kata-containers/pull/8947
arm64: agent_policy build always pulls amd64 opa binary by @zvonkok in https://github.com/kata-containers/kata-containers/pull/8375
packaging: Build coco-guest-components by @fidencio in https://github.com/kata-containers/kata-containers/pull/8933
genpolicy: ignore the nodeName field by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/8934
genpolicy: optional PodTemplateSpec metadata field by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/8918
runtime-rs: fix unused driverInfo error by @yaoyinnan in https://github.com/kata-containers/kata-containers/pull/8928
gha: cri-o: Bump runners to 22.04 by @fidencio in https://github.com/kata-containers/kata-containers/pull/8959
genpolicy: fix ConfigMap volume mount paths by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/8924
dragonball: fix noop-method-call warning by @kalil-pelissier in https://github.com/kata-containers/kata-containers/pull/8932
runtime-rs: Log qemu's stderr in shim log by @pmores in https://github.com/kata-containers/kata-containers/pull/8938
packaging: Use Ubuntu 20.04 for building an agent by @BbolroC in https://github.com/kata-containers/kata-containers/pull/8956
kata-deploy: fix deprecations on kustomization files by @wainersm in https://github.com/kata-containers/kata-containers/pull/8269
genpolicy: ignore volume configMap optional field by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/8962
tests: Re-arranged nerdctl tests by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8964
genpolicy: allow separate paths for rules and settings files by @malt3 in https://github.com/kata-containers/kata-containers/pull/8941
runtime-rs: report error on missing or empty fields in configuration by @yaoyinnan in https://github.com/kata-containers/kata-containers/pull/8929
runtime: add SingleContainer when obtaining OCI Spec by @yaoyinnan in https://github.com/kata-containers/kata-containers/pull/8974
runtime: merged ValidCgroupPath method by @yaoyinnan in https://github.com/kata-containers/kata-containers/pull/8931
runtime-rs: improving io performance using dragonball's vsock fd passthrough by @frezcirno in https://github.com/kata-containers/kata-containers/pull/7483
genpolicy: support non-default namespace name by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/8977
genpolicy: ignore empty YAML as input by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/8966
ci: aks: switch from eastus2 to eastus region by @sprt in https://github.com/kata-containers/kata-containers/pull/8994
gha: add kubernetes tests workflow for ppc64le by @Amulyam24 in https://github.com/kata-containers/kata-containers/pull/8957
packaging: cache: Fix caching kernels which rely on extra modules by @fidencio in https://github.com/kata-containers/kata-containers/pull/8987
runtime-rs: make compilation for QEMU on s390x by @BbolroC in https://github.com/kata-containers/kata-containers/pull/8454
runtime: Reduce the mount points with namespace isolation by @fadecoder in https://github.com/kata-containers/kata-containers/pull/8760
packaging: Fix pushing artefacts to the registry by @fidencio in https://github.com/kata-containers/kata-containers/pull/9000
ci/openshift-ci: Move openshift-ci from the tests repo here by @ldoktor in https://github.com/kata-containers/kata-containers/pull/8654
packaging: Don't build the confidential / sev kernel twice -- part III by @fidencio in https://github.com/kata-containers/kata-containers/pull/9001
gha: k8s: Add cloud-hypervisor (runtime-rs) support by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8996
runtime: packaging: Use confidential kernel instead of the TDX one by @fidencio in https://github.com/kata-containers/kata-containers/pull/8978
packaging: Add confidential image / initrd by @fidencio in https://github.com/kata-containers/kata-containers/pull/8983
gha: delete azure RG only if it exists by @wainersm in https://github.com/kata-containers/kata-containers/pull/9007
kata-monitor: fix agentUrl from containerd shim by @deagon in https://github.com/kata-containers/kata-containers/pull/9012
runtime: display accurate error msg to avoid misleading users. by @Apokleos in https://github.com/kata-containers/kata-containers/pull/9015
static-checks: Install clang in the ci environments by @ChengyuZhu6 in https://github.com/kata-containers/kata-containers/pull/9005
runtime: Replace TEE specific initrd / image for the confidential one by @fidencio in https://github.com/kata-containers/kata-containers/pull/9011
rootfs: confidential: Install coco-guest-components by @fidencio in https://github.com/kata-containers/kata-containers/pull/9022
runtime: missing port type in the DeviceInfo by @deagon in https://github.com/kata-containers/kata-containers/pull/8552
gha: add GOPATH env var to the ppc64le k8s workflow by @Amulyam24 in https://github.com/kata-containers/kata-containers/pull/9019
cri-containerd: fix loop in TestContainerMemoryUpdate() by @wainersm in https://github.com/kata-containers/kata-containers/pull/9025
rootfs: Add libattest-tdx into the confidential rootfs by @fidencio in https://github.com/kata-containers/kata-containers/pull/9027
gha: Enable nydus snapshotter in CoCo ci tests by @ChengyuZhu6 in https://github.com/kata-containers/kata-containers/pull/8953
gha: Run static-checks on self-hosted runners conditionally by @BbolroC in https://github.com/kata-containers/kata-containers/pull/9020
tests: k8s: Enable tests for cloud hypervisor runtime-rs without devicemapper by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8628
metrics: Update packages for TensorFlow ResNet Int8 Dockerfile by @GabyCT in https://github.com/kata-containers/kata-containers/pull/8951
kata-manager: Add support for nerdctl installation by @fidencio in https://github.com/kata-containers/kata-containers/pull/8958
runtime-rs: implement persist api for cloud-hypervisor by @amshinde in https://github.com/kata-containers/kata-containers/pull/8704
nydus: Bump nydus snapshotter version to v0.13.7 by @ChengyuZhu6 in https://github.com/kata-containers/kata-containers/pull/9045
genpolicy: mount source for non-confidential guest by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/9029
tests: k8s-attach-handlers auto-generated policy by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/8922
runtime-rs: fix assert error in make check by @ChengyuZhu6 in https://github.com/kata-containers/kata-containers/pull/9043
runtime-rs: fix interoperability issues between runtime-rs and cri-o by @pmores in https://github.com/kata-containers/kata-containers/pull/8986
runtime: fix creation of SEV confidential container on SNP enabled host. by @niteeshkd in https://github.com/kata-containers/kata-containers/pull/9037
packaging/osbuilder: allow to pull and unpack pause image by @ChengyuZhu6 in https://github.com/kata-containers/kata-containers/pull/9031
tests:k8s: make add_kernel_initrd_anotations function generic by @GabyCT in https://github.com/kata-containers/kata-containers/pull/9061
gha: Setup nydus snapshotter for CoCo tests by @ChengyuZhu6 in https://github.com/kata-containers/kata-containers/pull/8585
docs: Remove jenkins reference in kernel documentation by @GabyCT in https://github.com/kata-containers/kata-containers/pull/9047
tests: k8s: k8s-copy-file auto-generated policy by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/9051
runtime-rs: Add a new config option for QEMU by @BbolroC in https://github.com/kata-containers/kata-containers/pull/8455
tools: avoid rootfs-image build "ln -s" error by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/9068
tests: cri-o: Use packages from pkgs.k8s.io by @fidencio in https://github.com/kata-containers/kata-containers/pull/8936
tests: k8s: avoid deleting unrelated pods by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/9070
release: Don't ship the pause-image / coco-guest-components as part of the release artefacts by @fidencio in https://github.com/kata-containers/kata-containers/pull/9080
tests: Remove kata-deploy-tdx test and ensure kata-deploy is always cleaned up before starting the tests by @fidencio in https://github.com/kata-containers/kata-containers/pull/9082
tests: Add ability to run non-TEE environments by @GabyCT in https://github.com/kata-containers/kata-containers/pull/9062
packaging: Remove leftovers from the transition from TEE specific kernel / initrd / image to the "confidential" ones by @fidencio in https://github.com/kata-containers/kata-containers/pull/9026
runtime: Update runc to v1.1.12 by @fidencio in https://github.com/kata-containers/kata-containers/pull/9098
packaging: Add the kata manager script by @jodh-intel in https://github.com/kata-containers/kata-containers/pull/9091
CI|k8s: Skip vcpu allocation test for s390x by @BbolroC in https://github.com/kata-containers/kata-containers/pull/9099
tools.kata-webhook: Fix lib path by @ldoktor in https://github.com/kata-containers/kata-containers/pull/9023
runtime: fix checksum mismatch error in make vendor by @ChengyuZhu6 in https://github.com/kata-containers/kata-containers/pull/9112
ci: k8s: Fix checks used to skip confidential tests by @fidencio in https://github.com/kata-containers/kata-containers/pull/9108
packaging: qemu-snp-experimental: support host kernel with gmem by @niteeshkd in https://github.com/kata-containers/kata-containers/pull/9086
Cleanup network to make sure physical interfaces are restores back to original host driver. by @amshinde in https://github.com/kata-containers/kata-containers/pull/8647
gha: nydus: Fix indentation in gha run script by @GabyCT in https://github.com/kata-containers/kata-containers/pull/9088
docs: Update CI link into the README by @GabyCT in https://github.com/kata-containers/kata-containers/pull/9079
gha: docker: Pull docker image as part of the dependencies by @GabyCT in https://github.com/kata-containers/kata-containers/pull/9090
tests: k8s: generated policy for additional tests by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/9073
runtime-rs: bugfix for GPU passthrough failed with InvalidOperation. by @Apokleos in https://github.com/kata-containers/kata-containers/pull/9130
gha: try to cleanup nydus snapshotter before deploying it by @ChengyuZhu6 in https://github.com/kata-containers/kata-containers/pull/9122
gha: bump nydus snapshotter version to v0.13.8 by @ChengyuZhu6 in https://github.com/kata-containers/kata-containers/pull/9132
kata-deploy: Add pause image to confidential rootfs by @ChengyuZhu6 in https://github.com/kata-containers/kata-containers/pull/9119
agent: Run container workload in its own cgroup namespace (cgroup v2 guest only) by @gkurz in https://github.com/kata-containers/kata-containers/pull/9125
scripts: Add an enhanced die function by @GabyCT in https://github.com/kata-containers/kata-containers/pull/9115
build-checks: Install protoc in the ci environments by @ChengyuZhu6 in https://github.com/kata-containers/kata-containers/pull/9142
packaging: release notes: Don't show shortlist by default, and add survey link by @jodh-intel in https://github.com/kata-containers/kata-containers/pull/9076
runtime: remove kata_shim_netdev metric by @littlejawa in https://github.com/kata-containers/kata-containers/pull/9100
docs: Update link for tests in README by @GabyCT in https://github.com/kata-containers/kata-containers/pull/9161
release: Update everything in this repo related to the release and its process by @fidencio in https://github.com/kata-containers/kata-containers/pull/9146
tests/nydus: refactor the teardown() by @wainersm in https://github.com/kata-containers/kata-containers/pull/8949
runtime: clh: minimum 10s timeout for CreateVM + BootVM by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/9153
agent: Add all agent configuration options to README by @ChengyuZhu6 in https://github.com/kata-containers/kata-containers/pull/9110
gha: k8s: prepare AKS workflow to install the CoCo KBS by @wainersm in https://github.com/kata-containers/kata-containers/pull/9116
tests/runk: fix the "run ps command" flaky test by @wainersm in https://github.com/kata-containers/kata-containers/pull/9009
docs: Update Code PR advice document by @GabyCT in https://github.com/kata-containers/kata-containers/pull/9172
release: Add the needed fixes for the release process by @fidencio in https://github.com/kata-containers/kata-containers/pull/9170
releases: Second round of follow-up fixes by @fidencio in https://github.com/kata-containers/kata-containers/pull/9188
docs: renew stale link by @ChengyuZhu6 in https://github.com/kata-containers/kata-containers/pull/9176
rootfs: Fix PAUSE_IMAGE_TARBALL addition to the rootfs by @fidencio in https://github.com/kata-containers/kata-containers/pull/9180
gha: Add cloud-hypervisor (runtime-rs) support to cri-containerd tests by @GabyCT in https://github.com/kata-containers/kata-containers/pull/9182
genpolicy: panic when we see a volume mount subpath by @Redent0r in https://github.com/kata-containers/kata-containers/pull/9139
csi-kata-directvolume: add Dockerfile for building csi image by @Apokleos in https://github.com/kata-containers/kata-containers/pull/9164

New Contributors

@ZizhengBian made their first contribution in https://github.com/kata-containers/kata-containers/pull/8294
@h56983577 made their first contribution in https://github.com/kata-containers/kata-containers/pull/8033
@TimePrinciple made their first contribution in https://github.com/kata-containers/kata-containers/pull/8311
@brianwang12 made their first contribution in https://github.com/kata-containers/kata-containers/pull/7057
@sazzy4o made their first contribution in https://github.com/kata-containers/kata-containers/pull/8285
@WenyuanLau made their first contribution in https://github.com/kata-containers/kata-containers/pull/7796
@adamqqqplay made their first contribution in https://github.com/kata-containers/kata-containers/pull/8450
@Sumynwa made their first contribution in https://github.com/kata-containers/kata-containers/pull/8239
@yuchen0cc made their first contribution in https://github.com/kata-containers/kata-containers/pull/4743
@Lu-Biao made their first contribution in https://github.com/kata-containers/kata-containers/pull/8436
@liubogithub made their first contribution in https://github.com/kata-containers/kata-containers/pull/8566
@wvell made their first contribution in https://github.com/kata-containers/kata-containers/pull/8589
@fadecoder made their first contribution in https://github.com/kata-containers/kata-containers/pull/8759
@kalil-pelissier made their first contribution in https://github.com/kata-containers/kata-containers/pull/8812
@malt3 made their first contribution in https://github.com/kata-containers/kata-containers/pull/8941
@Redent0r made their first contribution in https://github.com/kata-containers/kata-containers/pull/9139

Full Changelog: https://github.com/kata-containers/kata-containers/compare/3.3.0-alpha0...4.0.0-test

相关地址：原始地址下载(tar) 下载(zip)

1、 kata-containers-4.0.0-test-vendor.tar.gz 563.96MB

2、 kata-containers-4.0.0-test-versions.yaml 13.22KB

3、 kata-static-4.0.0-test-amd64.tar.xz 432.31MB

4、 kata-static-4.0.0-test-arm64.tar.xz 139.43MB

5、 kata-static-4.0.0-test-s390x.tar.xz 149.69MB

6、 libseccomp-2.5.5.tar.gz 9B

7、 libseccomp-2.5.5.tar.gz.asc 9B

查看：2024-03-01发行的版本