Survey

Please take the Kata Containers survey:

• https://openinfrafoundation.formstack.com/forms/kata_containers_user_survey

This will help the Kata Containers community understand:

• how you use Kata Containers
• what features and improvements you would like to see in Kata Containers

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

• libseccomp

The kata-agent uses the libseccomp v2.5.5 which is not modified from the upstream version. However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

Kata Containers builder images

• agent (on all its different flavours): quay.io/kata-containers/builders:agent-65c32735e-8724d7dee-x86_64
• Kernel (on all its different flavours): quay.io/kata-containers/builders:kernel-4fc34323a-x86_64
• OVMF (on all its different flavours): quay.io/kata-containers/builders:ovmf-2ee03b5dc-x86_64
• QEMU (on all its different flavurs): quay.io/kata-containers/builders:qemu-fe5adae5d-x86_64
• shim-v2: quay.io/kata-containers/builders:shim-v2-go-1.19.3-rust-1.72.0-04d021bd1-x86_64
• tools: quay.io/kata-containers/builders:tools-77540503f-d915a79e2-9e01732f7-x86_64
• virtiofsd: quay.io/kata-containers/builders:virtiofsd-1.72.0-musl-2205fb9d0-x86_64

Installation

Follow the Kata installation instructions.

What's Changed

• docs: Update links in the Documentation Requirements document by @GabyCT in https://github.com/kata-containers/kata-containers/pull/9307
• gha: Update journal log names for kubernetes artifacts by @GabyCT in https://github.com/kata-containers/kata-containers/pull/9309
• gha: Fix nydus namespace clean up by @GabyCT in https://github.com/kata-containers/kata-containers/pull/9265
• Dragonballl: introduce MTRR regs support by @studychao in https://github.com/kata-containers/kata-containers/pull/9311
• tests: static checker: Add announce message by @jodh-intel in https://github.com/kata-containers/kata-containers/pull/9259
• agent: Add guest-pull to the list of agent features in announce() by @ChengyuZhu6 in https://github.com/kata-containers/kata-containers/pull/9312
• docs: Update libseccomp instructions in Developers Guide by @GabyCT in https://github.com/kata-containers/kata-containers/pull/9324
• Revert "release: Skip --generate-notes for this release" by @fidencio in https://github.com/kata-containers/kata-containers/pull/9321
• runtime-rs: ch: Implement full thread/tid/pid handling by @dborquez in https://github.com/kata-containers/kata-containers/pull/9255
• versions: Update nydus-snapshotter to v0.13.11 by @fidencio in https://github.com/kata-containers/kata-containers/pull/9337
• runtime-rs: Enable qemu on s390x by @BbolroC in https://github.com/kata-containers/kata-containers/pull/9280
• agent: Refactor unit tests to leverage rstest for parameterization by @ChengyuZhu6 in https://github.com/kata-containers/kata-containers/pull/9313
• runtime-rs/dragonball: add support building kernel with upcall and GPU hotplug by @Apokleos in https://github.com/kata-containers/kata-containers/pull/9244
• agent:image: Refactor code to improve memory efficiency of image service by @ChengyuZhu6 in https://github.com/kata-containers/kata-containers/pull/9325
• scripts: Fix unbound variables in k8s setup script by @GabyCT in https://github.com/kata-containers/kata-containers/pull/9329
• workflows: Build agent-opa for more archs by @stevenhorsman in https://github.com/kata-containers/kata-containers/pull/9356
• Remove additional links to tests directory by @cmaf in https://github.com/kata-containers/kata-containers/pull/9346
• docs: Add documents for kata guest image management by @ChengyuZhu6 in https://github.com/kata-containers/kata-containers/pull/9341
• Only tag and publish the release when it is fully ready by @gkurz in https://github.com/kata-containers/kata-containers/pull/9326
• Support to set timeout to pull large image in guest by @ChengyuZhu6 in https://github.com/kata-containers/kata-containers/pull/9332
• k8s: confidential: Update cpuid to its latest release by @fidencio in https://github.com/kata-containers/kata-containers/pull/9349
• runtime: remove unimplemented CoCo configurations by @fitzthum in https://github.com/kata-containers/kata-containers/pull/8046
• genpolicy: reduce policy debug prints by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/9347
• runtime: remove stream copy infinite loop by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/9367
• agent: Fix errors in make check by @c3d in https://github.com/kata-containers/kata-containers/pull/9345
• gha: Update journal log names for nerdctl artifacts by @GabyCT in https://github.com/kata-containers/kata-containers/pull/9358
• kata-agent: Change order of guest hook and bind mount processing by @Apokleos in https://github.com/kata-containers/kata-containers/pull/9275
• kata-agent: enabling cgroups-v2 by systemd.unified_cgroup_hierarchy by @Apokleos in https://github.com/kata-containers/kata-containers/pull/9383
• versions: Remove runc version information by @GabyCT in https://github.com/kata-containers/kata-containers/pull/9365
• gha: add GENPOLICY_PULL_METHOD by @Redent0r in https://github.com/kata-containers/kata-containers/pull/9385
• docs: Remove stale kernel information by @GabyCT in https://github.com/kata-containers/kata-containers/pull/9344
• versions: Remove conmon information from versions.yaml by @GabyCT in https://github.com/kata-containers/kata-containers/pull/9397
• gha: Define GH_PR_NUMBER variable in gha run k8s common script by @GabyCT in https://github.com/kata-containers/kata-containers/pull/9409
• tests: k8s-job: wait for job successful create by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/9411
• gha: ensure unique resource group name by @Redent0r in https://github.com/kata-containers/kata-containers/pull/9413
• bugfix and refactor device increate count by @Apokleos in https://github.com/kata-containers/kata-containers/pull/8782
• tdx: Update TDX artefacts to be used with the Ubuntu 23.10 / CentOS 9 stream OSVs. by @fidencio in https://github.com/kata-containers/kata-containers/pull/8840
• tests: Support for kbs setup on kcli by @ldoktor in https://github.com/kata-containers/kata-containers/pull/9273
• metrics: Improve latency test cleanup by @GabyCT in https://github.com/kata-containers/kata-containers/pull/9419
• GHA: Implement secondary GITHUB_WORKSPACE cleanup on 1st failure by @BbolroC in https://github.com/kata-containers/kata-containers/pull/9415
• qemu: show the thread name when enable the hypervisor.debug option by @deagon in https://github.com/kata-containers/kata-containers/pull/9402
• docs: kata-manager: Update with latest details by @jodh-intel in https://github.com/kata-containers/kata-containers/pull/9372
• port attestation agent from CCv0 branch to main branch by @LindaYu17 in https://github.com/kata-containers/kata-containers/pull/8870
• agent:image: Support different pause image in the guest for guest pull by @ChengyuZhu6 in https://github.com/kata-containers/kata-containers/pull/9369
• gha: Bump various actions to use Node.js 20 by @gkurz in https://github.com/kata-containers/kata-containers/pull/9421
• katautils: check number of cores on the system intead of go runtime by @egernst in https://github.com/kata-containers/kata-containers/pull/9331
• tests: k8s: improve the Agent Policy tests by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/9398
• docs: adding an initial CI documentation by @beraldoleal in https://github.com/kata-containers/kata-containers/pull/8988
• genpolicy: Add optional toggle to pull images using containerd by @Redent0r in https://github.com/kata-containers/kata-containers/pull/9185
• add onednn and openvino ml-benchmarks by @dborquez in https://github.com/kata-containers/kata-containers/pull/9391
• gha: Fix indentation in gha run script by @GabyCT in https://github.com/kata-containers/kata-containers/pull/9450
• tests: Improve the kbs_k8s_delete function by @GabyCT in https://github.com/kata-containers/kata-containers/pull/9423
• tests: k8s: inject agent policy failures by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/9439
• agent: Fix the issue with the "test_new_fs_manager" test by @justxuewei in https://github.com/kata-containers/kata-containers/pull/9457
• CC: run guest-pull tests on non-TEE jobs by @wainersm in https://github.com/kata-containers/kata-containers/pull/9424
• gha: Define unbound PULL TYPE variable by @GabyCT in https://github.com/kata-containers/kata-containers/pull/9454
• agent: shutdown vm on exit when agent is used as init process by @alex-matei in https://github.com/kata-containers/kata-containers/pull/9430
• CI: Enable GHA cri-containerd workflow for runtime-rs with QEMU by @BbolroC in https://github.com/kata-containers/kata-containers/pull/9403
• kernel: Adjust s390x config for confidential containers by @BbolroC in https://github.com/kata-containers/kata-containers/pull/9469
• ci.ocp: Increase the MCP update time by @ldoktor in https://github.com/kata-containers/kata-containers/pull/9404
• version: Add coco name and version for {image,initrd} for s390x by @BbolroC in https://github.com/kata-containers/kata-containers/pull/9471
• gha: make run-kata-coco-tests inherit secrets by @wainersm in https://github.com/kata-containers/kata-containers/pull/9479
• runtime-rs: refactor qemu driver by @pmores in https://github.com/kata-containers/kata-containers/pull/9353
• tests: k8s: inject agent policy failures (part2) by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/9464
• genpolicy: support insecure registries and custom pause containers by @burgerdev in https://github.com/kata-containers/kata-containers/pull/9294
• docs: Document Intel Discrete GPUs usage with Kata by @amshinde in https://github.com/kata-containers/kata-containers/pull/9084
• version: add initrd, image NVIDIA sections by @zvonkok in https://github.com/kata-containers/kata-containers/pull/9473
• tests/k8s: Add uninstall kbs client command function by @GabyCT in https://github.com/kata-containers/kata-containers/pull/9461
• tests: k8s: inject agent policy failures (part 3) by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/9492
• rootfs: Make OPA build working in docker for s390x and pp… by @BbolroC in https://github.com/kata-containers/kata-containers/pull/9489
• gha: Remove k8s-cri-containerd-rhel9-e2e-tests for s390x by @BbolroC in https://github.com/kata-containers/kata-containers/pull/9505
• gha: stale: Remove the start-date by @stevenhorsman in https://github.com/kata-containers/kata-containers/pull/9503
• gha: Make integration tests for s390x run on s390x-large runners by @BbolroC in https://github.com/kata-containers/kata-containers/pull/9508
• kata: Remove check for "Fixes" in PR by @zvonkok in https://github.com/kata-containers/kata-containers/pull/9501
• release: bump version for 3.4.0 release by @sprt in https://github.com/kata-containers/kata-containers/pull/9516
• gha: stale: Bump stalebot version by @stevenhorsman in https://github.com/kata-containers/kata-containers/pull/9513
• gha: tag k8s tests on ppc64le to ppc64le-runner-01 by @Amulyam24 in https://github.com/kata-containers/kata-containers/pull/9521
• update golang.org/x/net by @sparky005 in https://github.com/kata-containers/kata-containers/pull/9485

New Contributors

• @burgerdev made their first contribution in https://github.com/kata-containers/kata-containers/pull/9294
• @sparky005 made their first contribution in https://github.com/kata-containers/kata-containers/pull/9485

Full Changelog: https://github.com/kata-containers/kata-containers/compare/3.3.0...3.4.0