Refactored ccv0.sh to utilise new automated tests for pulling encrypted images and creating a pod.
Fixes: #4512
Depends-on: github.com/kata-containers/tests#4866
Co-authored-by: Megan Wright <Megan.Wright@ibm.com>
Signed-off-by: Georgina Kinge <georgina.kinge@ibm.com>
- Update `ccv0.sh` to use the new lib method which updates the CC pod config yaml
to add a a unique id
for compatibility with crictl 1.24.0+
Fixes: #4867
Depends-on: github.com/kata-containers/tests#4867
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
- Ensure that our documented crictl pod config file contents have
uid and namespace fields for compatibility with crictl 1.24+
Fixes: #4513
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
Encrypted image support with offline_fs_kbc mode
of the attesation-agent, currently required skopeo
so update the doc to clarify this
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
By comparing the content of the old url and the new url,
ensure that their content is consistent and does not contain ambiguities
Fixes: #4454
Signed-off-by: Binbin Zhang <binbin36520@gmail.com>
Updated the architecture document to explain that if you wish to
constrain the amount of disk space a container uses, you need to use an
existing facility such as `quota(1)`s or device mapper limits.
Fixes: #4430.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
This PR updates the storage documentation link for the devicemapper
snapshotter.
Fixes#4398
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
Now that #4213 is merged we need updated documentation for vGPU time-sliced or vGPU MIG-backed.
Fixes: #4343
Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
- Solve `fatal: unsafe repository` ownership error by using `lib.sh`
code to check out the kata-containers repo
- Update `~/rustup` and repo directory ownership to `${USER}`
in order to allow subsequent build steps to work as a non-root
user
Fixes: #4241
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
Since Kata 2.x does not support runtime cli, remove information
related to it. Update the configuration snippet accordingly.
Fixes#3870
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
One may want to use standalone containerd without k8s
and still have network enabled for the container.
Getting rid of note due to inaccuracy.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Specify that the `--cni` flag needs to be passed to the `ctr` tool
while starting a container in order to have networking enabled for the
container. This flag allows containerd to call into the configured
network plugin which in turn creates a network interface for the
container.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
As we are using a containerd version > 1.4 we need to update
the runc containerd runtime.
Fixes#4263
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
This commit updates the "Run Kata Containers with Kubernetes" to include
cgroupDriver configuration via "KubeletConfiguration". Without this
setting kubeadm defaults to systemd cgroupDriver. Containerd with Kata
cannot spawn conntainers with systemd cgroup driver.
Fixes: #4262
Signed-off-by: Suraj Deshmukh <suraj.deshmukh@microsoft.com>
