Survey

Please take the Kata Containers survey:

• https://openinfrafoundation.formstack.com/forms/kata_containers_user_survey

This will help the Kata Containers community understand:

• how you use Kata Containers
• what features and improvements you would like to see in Kata Containers

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

• libseccomp

The kata-agent uses the libseccomp v2.5.5 which is not modified from the upstream version. However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

Kata Containers builder images

• agent (on all its different flavours): quay.io/kata-containers/builders:agent-65c32735e-8724d7dee-x86_64
• Kernel (on all its different flavours): quay.io/kata-containers/builders:kernel-4fc34323a-x86_64
• OVMF (on all its different flavours): quay.io/kata-containers/builders:ovmf-4292c4c3b-x86_64
• QEMU (on all its different flavurs): quay.io/kata-containers/builders:qemu-fe5adae5d-x86_64
• shim-v2: quay.io/kata-containers/builders:shim-v2-go-1.22.2-rust-1.72.0-04d021bd1-x86_64
• tools: quay.io/kata-containers/builders:tools-ddf6b367c-cc6b67110-b4360e7e3-x86_64
• virtiofsd: quay.io/kata-containers/builders:virtiofsd-1.72.0-musl-2205fb9d0-x86_64

Installation

Follow the Kata installation instructions.

What's Changed

• gha: move attestation tests to run-k8s-tests-coco-nontee by @wainersm in https://github.com/kata-containers/kata-containers/pull/9490
• agent: update cargo.lock by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/9518
• runtime-rs: Update storage source for pci block devices by @amshinde in https://github.com/kata-containers/kata-containers/pull/9517
• passfd-io: fix FIFO opening and vsock handling by @Tim-Zhang in https://github.com/kata-containers/kata-containers/pull/9335
• runtime: Call CreateRuntime hooks at container creation time by @littlejawa in https://github.com/kata-containers/kata-containers/pull/9524
• CC: Enable guest-pull tests on non-TEE for s390x by @BbolroC in https://github.com/kata-containers/kata-containers/pull/9494
• clh: isClhRunning waits for full timeout when clh exits by @alex-matei in https://github.com/kata-containers/kata-containers/pull/9432
• kata-deploy: Stop append log_level = "debug" for CRI-O by @fidencio in https://github.com/kata-containers/kata-containers/pull/9535
• genpolicy: implement default methods for K8sResource trait by @arc9693 in https://github.com/kata-containers/kata-containers/pull/9428
• agent: use regorus instead of opa by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/9510
• gha: Enable k8s tests for cloud hypervisor with devicemapper by @jodh-intel in https://github.com/kata-containers/kata-containers/pull/9525
• build: Fix tarball not building correctly in docker by @JakubLedworowski in https://github.com/kata-containers/kata-containers/pull/9549
• genpolicy: changing caching so the tool can run concurrently with itself by @Redent0r in https://github.com/kata-containers/kata-containers/pull/9530
• runtime-rs: Add RTC to QEMU cmdline by @emanuellima1 in https://github.com/kata-containers/kata-containers/pull/9519
• doc: fix missing document link by @cncal in https://github.com/kata-containers/kata-containers/pull/9528
• build: Update golang version to 1.22.2 by @BbolroC in https://github.com/kata-containers/kata-containers/pull/9562
• rootfs: Stop building and shipping OPA by @fidencio in https://github.com/kata-containers/kata-containers/pull/9559
• runtime-rs: support IOMMU in qemu VMs by @pmores in https://github.com/kata-containers/kata-containers/pull/9551
• workflow: static-checks: Skip commit checks for dependabout by @stevenhorsman in https://github.com/kata-containers/kata-containers/pull/9570
• runtime: new qemu-coco-dev configuration by @wainersm in https://github.com/kata-containers/kata-containers/pull/9552
• kata-deploy: configure debugging for crio by @littlejawa in https://github.com/kata-containers/kata-containers/pull/9573
• build: Build the shipped agent with policy enabled by @fidencio in https://github.com/kata-containers/kata-containers/pull/9563
• config: Add NVIDIA GPU SNP, TDX configuration files by @zvonkok in https://github.com/kata-containers/kata-containers/pull/9476
• tests: adapt Mariner CI to unblock CH v39 upgrade by @sprt in https://github.com/kata-containers/kata-containers/pull/9592
• build(deps): bump the go_modules group across 5 directories with 8 updates by @dependabot in https://github.com/kata-containers/kata-containers/pull/9568
• versions: Remove oci information from versions file by @GabyCT in https://github.com/kata-containers/kata-containers/pull/9600
• build: fix the confusing build message if yq doesn't exist in GOPATH/bin by @cncal in https://github.com/kata-containers/kata-containers/pull/9582
• runtime-rs: fix the issue of the leak of dead shim by @lifupan in https://github.com/kata-containers/kata-containers/pull/9598
• qemu: the error is logged only when it occurs by @cncal in https://github.com/kata-containers/kata-containers/pull/9601
• ci: Stop building TDX specific QEMU and OVMF by @fidencio in https://github.com/kata-containers/kata-containers/pull/9607
• db: fix the issue of failed to init pci root bus by @lifupan in https://github.com/kata-containers/kata-containers/pull/9596
• tests: pull-image: Don't run on TEEs by @fidencio in https://github.com/kata-containers/kata-containers/pull/9609
• kernel: Add caching of kernel-headers by @zvonkok in https://github.com/kata-containers/kata-containers/pull/9482
• tdx: Adapt kata-deploy to use QEMU / OVMF from the distros by @fidencio in https://github.com/kata-containers/kata-containers/pull/9608
• deploy: Add runtimeClasses relating to the NVIDIA GPU by @zvonkok in https://github.com/kata-containers/kata-containers/pull/9484
• deploy: Fix wrong pushing of artifacts by @zvonkok in https://github.com/kata-containers/kata-containers/pull/9616
• build: nvidia-gpu: Fix cache usage of the headers tarball by @fidencio in https://github.com/kata-containers/kata-containers/pull/9622
• release: Bump VERSIONS file to 3.5.0 by @fidencio in https://github.com/kata-containers/kata-containers/pull/9626
• runtime-rs: Fix constructing the RTC struct by @emanuellima1 in https://github.com/kata-containers/kata-containers/pull/9571
• debugging: adding a script and instructions for debugging the GO shim by @littlejawa in https://github.com/kata-containers/kata-containers/pull/9585
• kata-deploy: Fix tdx_not_supported call by @ldoktor in https://github.com/kata-containers/kata-containers/pull/9629
• local-build: Ensure the default rootfs is built with AGENT_POLICY=yes by @BbolroC in https://github.com/kata-containers/kata-containers/pull/9632

New Contributors

• @arc9693 made their first contribution in https://github.com/kata-containers/kata-containers/pull/9428
• @JakubLedworowski made their first contribution in https://github.com/kata-containers/kata-containers/pull/9549
• @emanuellima1 made their first contribution in https://github.com/kata-containers/kata-containers/pull/9519
• @cncal made their first contribution in https://github.com/kata-containers/kata-containers/pull/9528

Full Changelog: https://github.com/kata-containers/kata-containers/compare/3.4.0...3.5.0