Release 3.1.0-alpha0

kata-containers Changes

• runtime: Support for AMD SEV-SNP VMs
• runtime-rs: debug console support in runtime
• runtime-rs: support watchable mount
• runtime-rs/agent locking optimization
• Cloud Hypervisor support upgraded to v27.0
• various bugfix and CI improvements

Shortlog

ee74231b1 release: Kata Containers 3.1.0-alpha0 102a9dda7 workflow: Revert "workflow: trigger test-kata-deploy with pull_request" 68e8a86ae runtime: fix incorrect comment for SetFsSharingSupport function 04bbce8dc virtcontainers: add warn log record for qmp hotplug cpu error 53f209af4 libs/kata-types: adjust default_vcpus correctly 3aeaa6459 runtime-rs: delete duplicated PASSTHROUGH_FS_DIR const 435c8f181 acrn: Enable ACRN hypervisor support for Kata 2.x release c31cf7269 agent: reduce reference count for failed mount ef5a2dc3b agent: don't exit early if signal fails due to ESRCH 43ae97233 kata-sys-util: delete duplicated get_bundle_path 4da743f90 packaging: Mount $HOME/.docker in the 1st layer container 067e2b1e3 runtime: clh: Use the new API to boot with TDX firmware (td-shim) 5d63fcf34 runtime: clh: Re-generate the client code fe6107042 versions: Upgrade to Cloud Hypervisor v27.0 17de94e11 microvm: Remove kernel_irqchip=on option ac0483122 kata-sys-util: fix typo unknow f89ada2de dragonball: update ut for kernel config a24127659 versions: Update gperf url to avoid libseccomp random failures a617a6348 versions: Update oci version 6d585d591 dragonball: fix no "as_str" error on Arm 421729f99 tools: release: fix bogus version check 457b0beaf runtime-rs: update Cargo.lock 50299a329 refactor(runtime-rs): Use RwLock in runtime agent 0e899669e runtime-rs: fix shim close_io call to support kubectl cp 96cf21fad runtime-rs: add comments for runtime-rs shared directory 7676cde0c workflow: trigger test-kata-deploy with pull_request f10827357 workflow: require PR num input on test-kata-deploy workflow_dispatch 90ecc015e Dragonball: update linux_loader to 0.6.0 abc26b00b dragonball: modify wrong code comments modify virtio_net_dev_mgr.rs wrong code comments 9bd941098 docs: Update urls in runk documentation 4a763925e runtime-rs: support watchable mount e23bfd615 runtime-rs: make function name more understandable 426a43678 runtime-rs: add unit test and eliminate raw string 87959cb72 runtime-rs: debug console support in runtime d663f110d kata-deploy: get the config path from cri options c6b3dcb67 kata-deploy: support kata-deploy for runtime-rs a394761a5 kata-deploy: add installation for runtime-rs 2caee1f38 runtime-rs: define VFIO unbind path as a const 20bcaf0e3 runtime-rs: set agent timeout to 0 for stream RPCs d9e6eb11a docs: Guide to use SNP-VMs with Kata-Containers ded60173d runtime: Enable choice between AMD SEV and SNP 22bda0838 runtime: Support for AMD SEV-SNP VMs a2bbd2942 kernel: Introduce SNP kernel 0e69405e1 docs: Developer-Guide updated 105eda5b9 runtime: Initrd path option added to config adb33a412 packaging: fix typo in configure-hypervisor.sh 9628c7df0 runtime: update runc dependency 7fbc88387 runtime-rs: drop dependency on rustc-serialize bf2be0cf7 release: Revert kata-deploy changes after 3.0.0-rc0 release 208233288 runtime-rs: add test for StaticResource 46965739a runtime-rs: remove hardcoded string 274de024c docs: add README for runtime-rs hypervisor crate 9670a3caa runtime-rs: use Path.is_file to check regular files a4a23457c osbuilder: Export directory variables for libseccomp a828292b4 runtime-rs: add unit tests for network resource a8a8a28a3 runtime-rs/resource: use macro to reduce duplicated code 3f65ff2d0 runtime-rs: fix incorrect comments 86a02c5f6 kernel: Add crypto kernel config for s390 f91431987 runtime: store the user name in hypervisor config 5cafe2177 runtime: make StopVM thread-safe c3015927a runtime: add more debug logs for non-root user operation 0399da677 runtime-rs: update dependencies f6f19917a dragonball: update dragonball-sandbox dependencies d55cf9ab7 docs: Update url in virtualization document 7622452f4 Dragonball: Fix the problem about stdio console aaf6d6908 runtime-rs: call TomlConfig's validate function after load 5add50aea runtime-rs: timeout for shim management client 9f13496e1 runtime-rs: shim management client e891295e1 runtime-rs: shim management - agent-url 59aeb776b runtime-rs: shim management

Compatibility with CRI-O

Kata Containers 3.1.0-alpha0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.1.0-alpha0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 3.1.0-alpha0 support the OCI Runtime Specification v1.0.2

Compatibility with Kubernetes

Kata Containers 3.1.0-alpha0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

• libseccomp

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version. However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build a custom kata-agent that does not use the library from sources. For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.1.0-alpha0

Default Image Guest OS:

description: | Root filesystem disk image used to boot the guest virtual machine. url: "https://github.com/kata-containers/kata-containers/tools/osbuilder" architecture: aarch64: name: "ubuntu" version: "latest" ppc64le: name: "ubuntu" version: "latest" s390x: name: "ubuntu" version: "latest" x86_64: name: "clearlinux" version: "latest" meta: image-type: "clearlinux"

Default Initrd Guest OS:

description: | Root filesystem initrd used to boot the guest virtual machine. url: "https://github.com/kata-containers/kata-containers/tools/osbuilder" architecture: aarch64: name: "alpine" version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le: name: "ubuntu" version: "20.04" s390x: name: "ubuntu" version: "20.04" x86_64: name: "alpine" version: "3.15"

Kata Linux Containers Kernel

Kata Containers 3.1.0-alpha0 suggest to use the Linux kernel v5.19.2 See the kernel suggested Guest Kernel patches See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations