Move the guest assets details out of the architecture doc and into a
separate file.
Fixes: #3246.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Move the Kubernetes information out of the architecture doc and into a
separate file.
Partially fixes: #3246.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Move the networking details out of the architecture doc and into a
separate file.
Partially fixes: #3246.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Move the background and example command details out of the architecture
doc and into separate files.
Partially fixes: #3246.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Move the historical details out of the architecture doc
and into a separate file.
Partially fixes: #3246.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Move the architecture document into a new `docs/design/architecture/` directory
in preparation for splitting it into more manageable pieces.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Allow using `expect()` for `Mutex.lock()` because it is almost
unrecoverable if failed in the lock acquisition
Fixes: #3285
Signed-off-by: Zack <zmlcc@linux.alibaba.com>
Refresh the content and formatting of the architecture document.
Out of scope of these changes:
- Diagram updates.
- Updates to the Networking section.
Fixes: #3190.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Change io/ioutil to io/os packages because io/ioutil package
is deprecated from 1.16:
TempDir => os.MkdirTemp
Details: https://go.dev/doc/go1.16#ioutilFixes: #3265
Signed-off-by: bin <bin@hyper.sh>
Unit-Test-Advice.md was moved to kata-containers repo but URLs pointing
to that document were not updated. This patch updates these URLs.
Depends-on: github.com/kata-containers/tests#4273
fixes#3240
Signed-off-by: Julio Montes <julio.montes@intel.com>
With the new rust image pull service skopeo we can parameterise whether to build
and install skopeo and turn it off by default if we don't need
signature verification support
Fixes: #3170
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
This PR removes the information about docker swarm and docker compose
as currently for kata 2.0 we have not support for docker swarm and docker
compose and the links and references that the document is referring are
currently not part of kata 1.0
Fixes#3174
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
Currently we do not have debian as part of the kata CI as we
do not have a mantainer, this PR removes debian as a supported
rootfs in order to have only the distros that we are supporting
and mantainining.
Fixes#3153
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
Weekly merge of main branch into CCv0 26th November
Fixes: #3132
Depends-on: github.com/kata-containers/tests#4226
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
Rather than comparing a string to a literal in the rust example,
use `.is_empty()` as that approach is more idiomatic and preferred.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Add a comment stating that `anyhow` and `thiserror` should be used in
real rust code, rather than the unwieldy default `Result` handling
shown in the example.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Change some headings to avoid using the present continuous tense which
should not be used for headings.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Use a capital letter when referring to Golang and Rust (and remove
unnecessary backticks for Rust).
> **Note:**
>
> We continue refer to "Go" as "Golang" since it's a common alias,
> but, crucially, familiarity with this name makes searching for
> information using this term possible: "Go" is too generic a word.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Unit tests necessarily need to be maintained with the code they test so
it makes sense to keep the Unit Test Advice document into the main repo
since that is where the majority of unit tests reside.
Note: The
[`Unit-Test-Advice.md` file](https://github.com/kata-containers/tests/blob/main/Unit-Test-Advice.md)
was copied from the `tests` repo when it's `HEAD` was
38855f1f40.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Move the documentation requirements document link up so that it appears
immediately below the "How to Contribute" section.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
- Document how to test the signature validation with
a number of different scenarios and test images
- Update ccv0.sh to add policy_path to kernel_params
Fixes: #2682
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
CRI-O deployment documentation was quite outdated, giving info from the
`1.x` era. Let's update this to reflect what we currently have.
Fixes: #2498
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
The links are either pointing to the not-used-anymore `master` branch,
or to the kubernetes-incubator page.
Let's always point to the CRI-O github page, using the `main`branch.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Although the documentation removed is correct, it's not relevant to the
current supported versions of CRI-O.
Related: #2498
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
The main.yaml workflow was created and used only on 1.x. We inherited
it, but we didn't remove it after deprecating the 1.x repos.
While here, let's also update the reference to the `main.yaml` file,
and point to `release.yaml` (the file that's actually used for 2.x).
Fixes: #3033
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
We now support any container engine CRI compliant in kata-monitor.
Update documentation to reflect it.
Fixes: #980
Signed-off-by: Francesco Giudici <fgiudici@redhat.com>
We now support any CRI container engine in kata-monitor, notably CRI-O.
Add both containerd and CRI-O in the kata metrics architecture image.
Signed-off-by: Francesco Giudici <fgiudici@redhat.com>
When the environment variable $SKOPEO_UMOCI is set to "yes", Skopeo and
umoci are built inside the guest build container and installed to the
guest rootfs. The respective build- and runtime dependencies are added.
This respects the (existing) $LIBC variable (gnu/musl) and avoids issues
with glibc mismatches.
This is currently only supported for Ubuntu guests, as the system Golang
packages included in the versions of other distros that we use are too
old to build these packages, and re-enabling installing Golang from
golang.org is cumbersome, given especially that it is unclear how long
we will keep using Skopeo and umoci.
Additionally, when the environment variable $AA_KBC is set,
attestation-agent (with that KBC) is included.
This replaces some logic in ccv0.sh that is removed.
Fixes: #2907
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
