kata-containers Changes

Shortlog

2d29791c1 release: Kata Containers 2.5.0-rc0 f4eea832a release: Adapt kata-deploy for 2.5.0-rc0 96553e8bd runtime: Add documentation of drop-in config file fragments c656457e9 runtime: Add tests of drop-in config file decoding 99f5ca80f runtime: Plug drop-in decoding into decodeConfig() 0f9856c46 runtime: Scan drop-in directory, read files and decode them 2c1efcc69 runtime: Add helpers to copy fields between tomlConfig instances 20f11877b runtime: Add framework to manipulate config structs via reflection 2a4fbd6d8 agent: enhance get handled signal 0ddb34a38 oci: fix serde skip serializing condition acd3302be agent: Run OCI poststart hooks after a container is launched fbb2e9bce agent: Replace some libc functions with nix ones 1f363a386 runtime: overwrite mount type to bind for bind mounts 4e48509ed build: Set safe.directory for runtime repo 433816cca ci/cd: update check-commit-message 48ccd4233 ci: Set safe.directory against tests repository a5a25ed13 runtime: delete Console from Cmd type 323271403 virtcontainers: Remove unused function 0939f5181 config: Expose default_maxmemory 58ff2bd5c clh,qemu: Adapt to using default_maxmemory afdc96042 hypervisor: Add default_maxmemory configuration ab5f1c956 shim: set a non-zero return code if the wait process call failed. e5be5cb08 runtime: device: cleanup outdated comments 5f936f268 virtcontainers: config validation is host specific bdf5e5229 virtcontainers: validate hypervisor config outside of hypervisor itself 469e09854 katautils: don't do validation when loading hypervisor config 1a78c3df2 packaging: Remove unused kata docker configure script 0e2459d13 docs: Add cgroupDriver for containerd 4e30e11b3 shim: support shim v2 logging plugin e32bf5331 device: deduplicate state structures f97d9b45c runtime: device/persist: drop persist dependency from device pkgs f9e96c650 runtime: device: move to top level package 3880e0c07 agent: refactor reading file timing for debugging 93874cb3b packaging: Restrict kernel patches applied to top-level dir 07b1367c2 versions: Update kernel to latest LTS version 5.15.48 1b7d36fdb agent: Allow BUILD_TYPE=debug c70d3a2c3 agent: Update the dependencies 612fd79ba random: Fix "nonminimal-bool" clippy warning d4417f210 netlink: Fix "or-fun-call" clippy warnings e227b4c40 block: Leverage multiqueue for virtio-block 9ff10c083 kernel: Add CONFIG_EFI=y as part of the TDX fragments e7e7dc9df runtime: Add heuristic to get the right value(s) for mem-reserve ef925d40c runtime: enable sandbox feature on qemu 0bbbe7068 snap: fix snap build on ppc64le c7dd10e5e packaging: Remove unused publish kata image script 1b7fd19ac rootfs: Fix chronyd.service failing on boot 28995301b tracing: Remove whitespace from root span 9941588c0 workflow: Removing man-db, workflow kept failing a305bafee docs: Update outdated URLs and keep them available 721ca72a6 runtime: fix error when trying to parse sandbox sizing annotations 90a7763ac snap: Fix debug cli option 5d7fb7b7b build(deps): bump github.com/containerd/containerd in /src/runtime d0ca2fcbb build(deps): bump crossbeam-utils in /src/tools/trace-forwarder a60dcff4d build(deps): bump regex from 1.5.4 to 1.5.6 in /src/tools/agent-ctl dbf50672e build(deps): bump crossbeam-utils in /src/tools/agent-ctl 8e2847bd5 build(deps): bump crossbeam-utils from 0.8.6 to 0.8.8 in /src/libs e9ada165f build(deps): bump regex from 1.5.4 to 1.5.5 in /src/agent adad9cef1 build(deps): bump crossbeam-utils from 0.8.5 to 0.8.8 in /src/agent ac5dbd859 clh: Improve logging related to the net dev addition 0b75522e1 network: Set queues to 1 to ensure we get the network fds 93b61e0f0 network: Add FFI_NO_PI to the netlink flags bf3ddc125 clh: Pass the tuntap fds down to Cloud Hypervisor 55ed32e92 clh: Take care of the VmAdNetdPut request ourselves 01fe09a4e clh: Hotplug the network devices 2e0753833 clh: Expose VmAddNetPut bee770343 docs: Update containerd url link 1a5ba31cb agent: refactor reading file timing for debugging bb26bd73b safe-path: fix clippy warning db5048d52 kernel: build efi_secret module for SEV 1ef0b7ded runtime: Switch to using the rust version of virtiofsd (all but power) 9773838c0 virtiofsd: export env vars needed for building it eff4e1017 shim: change the log level for GetOOMEvent call failures 412441308 docs: Add more kata monitor details 8f10e13e0 config: Allow enable_iommu pod annotation by default b0e090f40 versions: Bump virtiofsd to v1.3.0 1b845978f docs: Add storage limits to arch doc 7ae11cad6 docs: Update source for cri-tools f5099620f tools: Enable extra detail on error 34bcef884 docs: Add agent-ctl examples section 815157bf0 docs: Remove erroneous whitespace

Compatibility with CRI-O

Kata Containers 2.5.0-rc0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.5.0-rc0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.5.0-rc0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.5.0-rc0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

• libseccomp

The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version. However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build a custom kata-agent that does not use the library from sources. For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.5.0-rc0

Default Image Guest OS:

description: | Root filesystem disk image used to boot the guest virtual machine. url: "https://github.com/kata-containers/kata-containers/tools/osbuilder" architecture: aarch64: name: "ubuntu" version: "latest" ppc64le: name: "ubuntu" version: "latest" s390x: name: "ubuntu" version: "latest" x86_64: name: "clearlinux" version: "latest" meta: image-type: "clearlinux"

Default Initrd Guest OS:

description: | Root filesystem initrd used to boot the guest virtual machine. url: "https://github.com/kata-containers/kata-containers/tools/osbuilder" architecture: aarch64: name: "alpine" version: "3.15" ppc64le: name: "ubuntu" version: "20.04" s390x: name: "ubuntu" version: "20.04" x86_64: name: "alpine" version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.5.0-rc0 suggest to use the Linux kernel v5.15.48 See the kernel suggested Guest Kernel patches See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations