mirror of
https://github.com/aljazceru/kata-containers.git
synced 2026-01-10 01:44:21 +01:00
383e8e673d
- snap: Fix yq error in build - storage: cleanup and support read only block dev hotplug - rootfs: Don't fallthrough in the docker_extra_args() switch - github: Add github actions - shimv2: Avoid double removing of container from sandbox - Agent: return error on trying to persist a pid namespace and minor improvements - rustjail: allow network sysctls - rustjail: fix the issue of sync read - rustjail: fix the issue of bind mount /dev - qemu: no state to save if QEMU isn't running - packaging/qemu: Build and package completely inside the container - agent: upgrade cgroups to 0.2.0 - agent: Simplify .or_else() to .or() - Fix error reporting in listInterfaces() and listRoutes() - improve rustjail validator - Add void "install" targets for both "trace-forwarder" and "agent-ctl" - [forwardport] Add support for Gentoo - oci: fix a typo in "addtionalGids" - Don't update cpusets if no CPUs changed closes #1172 - rootfs: reduce size of debian image - runtime: Allow to overwrite DESTDIR - snap: fix snap release channel - Don't leak fd when reseeding rng - Fixes for make generate-protocols - docs: Fix docs in docs/architecture.md - docs: Update the Cloud Hypervisor description in virtualization.md - agent: exit from exec hangs if background process is present - [forwardport] install: Improve snap documentation - handle vcpus properly utilized in the guest - docs: fix the custom agent binary file path for creating initrd image - shimv2: handle ctx passed by containerd - runtime: clh: Enforce to call 'cleanupVM' for 'stopSandbox' - agent: Adjust OOM Score to avoid agent being killed. - [forward port] cli: make check subcommand more tolerant to failures - docs: add link to VMT on top level README - rustjail: fork a new child process to change the pid ns - rustjail: remove the network ns validation against container - snap: update apps section - runtime: don't wait the second shim process in shim start - agent: create pci root Bus Path for arm64 - agent: enable lto flag for Cargo to get better optimized code - virtcontainers: revert CleanupContainer from PR 1079 - docs: Create hypervisor summary document - Add hyperlink and fix typo - versions: Use CRI-O v1.18.4-4-g6dee3891e - runtime: change configuration key name from EnablePprof to enable_pprof - runtime: delete sandboxlist.go and sandboxlist_test.go - versions: Use release-1.18 (commit ee9128444bec10) - runtime: clh: disable virtiofs DAX when FS cache size is 0 - release: Fix release candidate to major version upgrade check - runtime: sleep 1 second after GetOOMEvent failed - Agent: README updates for build on ppc64le - runtime: clean/refactor code - Forward port annotation doc - versions: Update cloud-hypervisor to release v0.11.0 - docs: Add instructions for enabling VM templating - Revert "version: revert back to crio 1.8.3" - Dump guest memory when kernel panic for QEMU - clh: Consolidate the code path for device unplug - agent: Log ttrpc messages - annotations: Improve asset annotation handling - runtime: readonly volume should be bind mounted readonly on the host - docs: Fix incorrect docs in config file - CI: Fix incorrect URL - docs: Update top-level README - versions: Update crio version - runtime: cloud-hypervisor: reduce memory footprint - agent: Improve unit test coverage for src/sandbox.rs - rustjail: fix the issue of create thread failed causing current thread panic - Improve unit test coverage for rustjail/container.rs - agent: Update build instructions - cli: Provide aliases for kata-* subcommands and options - runtime: Restore QEMUVIRTIOFSPATH variable in Makefile - Use apply_patches.sh in qemu and kernel scripts - clean up agent proto files - agent: fixes the permissions of PID 1's STDIO - Feature/1004 add version for kata monitor - agent: Generate proto files programmatically - runtime: Fix firecracker config - docs: remove the 1.x version description about shim and proxy - arm64: correct bridge type for QEMUVIRT - snap: add GH actions jobs to release the snap package - agent: clear clippy warnings - agent: simplify ttrpc error construction - Replace @RUNTIME_NAME@ with the target in generated files - 2.0 update doc for hypervisor related information - virtcontainers: Append max_ports to virtio-serial device - snap: install libseccomp-dev - runtime: set virtio-fs as default fs sharing method - VirtioFS: backports & default settings to improve performance - tools: Make agent-ctl support more APIs - Validate runtime annotations - kernel: update to 5.4.71 - config: make virtio-fs part of standard kernel - agent: Optimize error handling - versions: Update Kubernetes, containerd, cri-o and cri-tools - agent: fix crashers if API requests empty - rustjail: add length check for uid_mappings in rootless euid mapping - kata-monitor: use regexp to check if runtime is kata containers - docs: update the build kata containers kernel document - cgroup and cpuset fixes from 1.x - docs: Update upgrading guide - agent: fix panic on malformed device resource in container update - Forward port device conflict fixes from Kata 1 / Go agent - docs: Add containerd install guide - agent: simplify codes - agent: fix errorneous parsing for guest block size - agent: use macro to simplify parse_cmdline function in config.rs - fix arm CI - packaging: fix missing cloud_hypervisor_repo - docs: Add crictl example json files - ci: snap: add event filtering - agent: do not follow link when mounting container proc and sysfs - agent-ctl: include cargo lock updates - agent: set init process non-dumpable - runtime: Clear the VCMock 1.x API Methods from 2.0 - virtiofs: Disable DAX - docs: Update docs for enabling agent debug console - Remove compilation warnings - osbuilder: Create target directory for agent - versions: add plugins section - snap: specify python version - packaging: fix image build script - Main packaging fixups - clh: Support VFIO device unplug - ci: add github action to test the snap - docs: update networking description - docs: update dev guide for agent build - rust-agent: Update README - docs: update architecture.md - runtime: add support for SGX - version: upgrade qemu version to v5.1.0 for arm64 - agent: Fix OCI Windows network shared container name typo - github: Remove issue template and use central one - docs: fix broken links - Packaging: release notes script using error kernel path urls - rust-agent: Replaces improper use of match for non-constant patterns - devices: fix go test warning in manager_test.go - action: Allow long lines if non-alphabetic - Indicates never return function and remove unreachable code - agent: propagate the internal detail errors to users - Update Installation Guide to better reflect the current state of the project - ci: fix clone_tests_repo function - agent: Set LIBC=gnu for ppc64le arch by default - fc: integrate Firecracker's metrics - Fix to qemu experimental and improvements - ci: resurrect travis static checkers - agent: fix UT failures due to chdir - agent: Only allow proc mount if it is procfs - kata 2.0: add debug console service - runtime: Call s.newStore.Destroy if globalSandboxList.addSandbox - shimv2: add a comment in checkAndMount() - osbuilder: specify default toolchain verion in rust-init - runtime: Update CLH client pkg to version v0.10.0 - agent/oci: Don't use deprecated Error::description() method - runtime: Fix linter errors in release files - packaging: Build from source if the clh release binary is missing - runtime: add podman configuration to data collection script - ci: use Travis cache to reduce build time - agent: update cgroups crate - docs: Update the reference path of kata-deploy in the packaging - runtime: make kata-check check for newer release - how-to: add privileged_without_host_devices to containerd guide - agent: Unit tests for rustjail/mount.rs - docs: Fix the kata-pkgsync tool's docs script path - Fix developer guide - fix guest panic when running agent as init - packaging: update version file url for kata 2.0 in Makefile - Fix release notes789fd7c1blk-dev: hotplug readonly if applicable12777b26volumes: cleanup / minor refactoringfbc1d123vendor: revendor govmm6cc1920csnap: Fix yq error in buildb329a74frootfs: Fix indentation inside a switch8879f9a0rootfs: apparmor=unconfined is needed for non Red Hat host OSesbbeebcdbrootfs: Always add SYS_ADMIN, CHROOT, and MKNOD caps to docker cmdline90ec2fa8rootfs: Don't fallthrough in the docker_extra_args() switchebd9fcc2actions: Run static checks before make agent0d3736d5rustjail: fix the issue of sync read0dc02f6drustjail: fix the issue of bind mount /dev894fa42arustjail: allow network sysctlsd4cd2554agent: Avoid container stats panic caused by cgroup controller non-exist157e055fagent: upgrade crate cgroups to 0.2.0e3ec1d50agent: Simplify .or_else() to .or()14e7042cagent: Clean up commented use declarations5fe5b321agent: Fix temp prefix on Namespace::test_setup_persistent_ns3a891d4eagent: Return error on trying to persist a pid namespace5c464018shimv2: Avoid double removing of container from sandboxb366af93jail: add more test cases for validatord38a5d3fjail/validator: introduce helpers to reduce duplicated code76ad3213jail/validator: avoid unwrap() for safety51fd624frustjail: add more context info for errors9321e1b2oci: fix two incompatible issues with OCI spec406a91ffagent: consume ttrpc crate from crates.io9a7bccccqemu: no state to save if QEMU isn't running6181570coci: fix a typo in "addtionalGids"a5372e00github: Add github actions4af5bedaagent/sandbox: Don't update cpuset when ncpus = 0e004616bruntime/network: Fix error reporting in listRoutes()1ae8e81aruntime/network: Correct error reporting in listInterfaces()a19263e5agent/protocols: Remove unneeded import from oci.protoa19cf28cagent/protocols: Remove some unnecessary include directives from protoc2b452090agent/protocols: Remove some unneeded dependencies for protocol generationb36c9ea3docs: Fix docs in docs/architecture.md3db1c805agent: Don't leak fd when reseeding rng8ac93f65rootfs-builder: add support for gentoo9897238frootfs: reduce size of debian imaged47122e9docs: Update the Cloud Hypervisor description in virtualization.md10e9bfc6runtime: Allow to overwrite DESTDIRf740032cpackaging/qemu: Delete the temporary containere5c710e8packaging/qemu: Build and package completely in the container4c3377depackaging/qemu: Add QEMU_DESTDIR argument to dockerfilesfaed2369rootfs-builder: add functions to run before and after the container8e5603e6snap: fix snap release channel8f538935install: Improve snap documentation1ca415d8agent: exit from exec hangs if background process is presenta00f7c34docs: fix the custom agent binary file path for creating initrd image0155fe12shimv2: handle ctx passed by containerda793b8d9agent: update cpuset of container path705182d0agent: ignore updating cpuset error when update cgroups647331acruntime: clh: Enforce to call 'cleanupVM' for 'stopSandbox'e684a541docs: add link to VMT on top level README68f66c51agent-ctl: Add void "install" target5e407758trace-forwarder: Add void "install" target70f198d7cli: check modules and permissions before loading a modulecb684cf8cli: don't fail if rate limit is exceeded9216f2adrustjail: fork a new child process to change the pid ns3b08376crustjail: remove the network ns validation against containerc388ec5bruntime: don't wait the second shim process in shim startd6acc4c0agent: enable lto flag for Cargo to get better optimized code13a8e4e3snap: update apps sectionfdbf7d32virtcontainers: revert CleanupContainer from PR 107991a390f0docs: Create hypervisor summary document3eeb25a1docs: Tidied up virtualisation summary table8ec3cf08docs: Adding hyperlink to virtio-net in kata documentation 2.0b5b67db8docs: Fixing typo in virtualization.md file4d46d0f0versions: Use CRI-O v1.18.4-4-g6dee3891e53b5d063agent: Adjust OOM Score to avoid agent being killed.14a21c3aruntime: change configuration key name from EnablePprof to enable_pprof4e3a8c01runtime: remove global sandbox variable29020394runtime: delete sandboxlist.go and sandboxlist_test.go9b88a96bversions: Use release-1.18 (commit ee9128444bec10)36f65ce1runtime: clh: update cloud-hypervisore1396f04runtime: clh: disable virtiofs DAX when FS cache size is 08f38265brelease: Fix release candidate to major version upgrade check2e0bf40atests: Ensure semver build metadata is ignored4024a827release: Make error format string consistentcb0e6094runtime: sleep 1 second after GetOOMEvent failed4c78814bdocs: Fix pre-existing spelling mistakes caught by the CI6c083d94docs: Add a link to document describing how to use annotationsd67921a2docs: Document restricted annotations1fc7b764docs: Repair inconsistencies between 2.0 and 1.x21801a11versions: Revert "version: revert back to crio 1.8.3"b8414045runtime: remove nsentere3510be8runtime: use one line if statement to check if err is nil for qemu.go378308e2docs: Add instructions for enabling VM templating92c1c4c6versions: Update cloud-hypervisor to release v0.11.08907a339agent: Only show ttrpc logs for trace log level21cd7ad1agent: Log ttrpc messages286eebf0agent: Add env var to set log levelb9c6db4bagent: Add env var tests705e9955agent: Add env var comment5ced96e9hypervisor: Remove unused methodse82c9daeannotations: Improve asset annotation handling0f26f1cdannotations: Add missing hypervisor control annotation76064e3easset: Formatting, grammar and whitespace40418f6druntime: add geust memory dumpff13bde3version: revert back to crio 1.8.36c2fc233agent: create pci root Bus Path for arm64a958eaa8runtime: mount shared mountpoint readonly125e21ceruntime: readonly mounts should be readonly bindmount on the host5f0abc20CI: Fix incorrect URLb6f8a1d5docs: Fix incorrect docs in config file93d79625clh: Consolidate the code path for device unplug18a22459Agent: README updates for build on ppc64le655f2649Agent: README updates for build on ppc64le62c7e094docs: Remove credits679df0fbdocs: Update top-level READMEdfe364f8Agent: README updates for build on ppc64le77b50969runtime: cloud-hypervisor: reduce memory footprint2e1a8f0aagent: Improve unit test coverage for src/sandbox.rs87848e87versions: Update crio version172d015erustjail: fix the issue of create thread failed causing thread panic9e93463bagent/rustjail: improve unit test coverage for rustjail/container.rsad4f7b86agent/rustjail: make mount and umount2 public926a6186agent/rustjail: fix typo8130d9b2agent/rustjail: don't use unwrap in container::oci_state5d111071rustjail: add mock implementation for cgroup managere3eff0ebagent: Update build instructions0896ce80agent: update proto file copyright6e9ca457agent: generate proto files properly837343f0agent-ctl: update cargo.lockb3166618runtime: remove the unused proto files54e23c83agent: move gogo.proto out of the github.com namespance583e6ed3agent: types.pb.go is not regeneratedbb19fcb9docs: Update documentation with new subcommand formsd2fe7091cli: Use new subcommand forms in kata-manager script4d9ab0cdcli: Support new subcommand forms in bash completionc5d355e1cli: Remove `kata-` prefix from env and check subcommandsf134b4a3agent: Update build instructions9e9988dfagent/protocols: Move agent.proto out of the mock folder of agente90aa7b4agent: fixes the permissions of PID 1's STDIOb9b281e7packaging: Use apply-patches.sh in build-kernel.sh163e6104packaging: Make qemu/apply_patches.sh commond4cf3057packaging: qemu/apply_patches.sh should sort the patches5b065eb5runtime: change govmm package9cb41507agent/protocols: Fix copyright header checking0d58d919agent/protocols: Stop generate agent proto files in the shellscript7559382bagent/protocols: Ignore generated files and remove these files from repofdc33fb7agent/protocols: Generate proto files programmaticallyf1c3bf6bruntime: let kata-collect-data.sh collect kata-monitor info993a8da3kata-monitor: add version subcommand4ee78120runtime: Restore QEMUVIRTIOFSPATH variable in Makefiledf4ce9faci: add `cargo clippy` for agent2e138788agent: clear match_like_matches_macro/vec_resize_to_zero warnings227edfdcagent: clear module_inception/type_complexity warnings698d25b7agent: clear redundant_field_names clippy warning4dd9bd7aagent: clear clippy `len_zero` warningsbf7dec5cagent: clear clippy warnings56f867eerustjail: clear clippy warnings16757ad4oci: clear clippy warningsf32f49bdlogging: clear clippy warnings5b079a3bsnap: add GH actions jobs to release the snap package2738b18bruntime: Fix firecracker confige5d4259aruntime: Simplify make variables for clh9eab3015arm64: correct bridge type for QEMUVIRTb88aac04docs: Update how-to Readme with hypervisor information.d6464117docs: Update Readme to remove hypervisor informationb4f9fb51docs: Remove docs for nemu96a4ed7dMakefile: Replace @RUNTIME_NAME@ with the target in generated files7159fc2eagent: simplify ttrpc error construction0f894986snap: install libseccomp-dev9a351509package: drop qemu-virtiofs shim6ed669a1packaging: install virtiofsd for normal qemu build as wellda79b4bevirtcontainers: Append max_ports to virtio-serial devicebcf48530runtime: enable virtiofs by defaulte2221d34tools: Improve agent-ctl README2d1f2c7bkernel: update to 5.4.71d3c98620config: make virtio-fs part of standard kerneledf02af1tools: Make agent-ctl support more APIs56201803tools: Remove commented out code in agent-ctl9bac4ee6tools: Log request in agent-ctl tool if debug enabled68821f08tools: Rename agent-ctl command to GetGuestDetails8553f062tools: Fix comment in agent-ctl6ba294a1agent: remove `unwrap()` for `e.as_errno()`e77482feagent: Use `?` instead of `match` when the error returns directly1b7ed328kata-monitor: use regexp to check if runtime is kata containers47ff2fb9agent: use anyhow `context` to attach context to `Error` instead of `match`2f690a2bagent: remove useless match1d8def66agent: Use `ok_or_else` instead of match for Option -> Result84953066agent: Fix crasher if AddARPNeighbors request empty3d084c7dagent: Fix crasher if UpdateRoutes request empty5615e5a7agent: Fix crasher if UpdateInterface request empty0dce817eagent: replace `match Result` with `or_else`7bf4073dagent: replace unnecessary `match Result` with `map_err`7f9e5913agent: replace check! with map_err for readability09aca49eagent: remove `check!` in child process because we cant' see logs.a18899f1agent: refactor namespace::setup to optimize error handlinga3c64e5cagent: replace `if let Err` with `or_else`6ffa8283agent: replace `if let Err` with `map_err`863f918arustjail: add length check for uid_mappings in rootless euid mapping720eab78versions: Update Kubernetes, containerd, cri-o and cri-toolsc5771be2annotations: Correct unit tests to validate new protections398d7918annotations: Split addHypervisorOverrides to reduce complexityb2b3bc7aannotations: Add unit test for checkPathIsInGlobs6f52179cannotations: Add unit test for regexpContains function966bd573makefile: Add missing generated vars to `USER_VARS`be6ee255makefile: Improve names of config entries for annotation checksb1194274annotations: Give better names to local variabes in search functionsb5db114aannotations: Rename checkPathIsInGlobList with checkPathIsInGlobsd65a7d10config: Add better comments in the template files7c6aede5config: Whitelist hypervisor annotations by namef047fcedconfig: Use glob instead of regexp to match paths in annotations11b9c90cannotations: Fix typo in commentc16cdcb2config: Add makefile variables for path lists4e89b885config: Protect file_mem_backend against annotation attacksaae9656dconfig: Protect vhost_user_store_path against annotation attacks55881653config: Add security warning on configuration examplesb21a829cconfig: Protect ctlpath from annotation attack27b6620bconfig: Protect jailer_path annotation07669017config: Add examples for path_list configuration2d431c61annotations: Simplify negative logic2ca9ca89config: Add hypervisor path override through annotations2e093dfdconfig: Fix typo in function namebf13ff0aconfig: Protect virtio_fs_daemon annotation8c75de19config: Add 'List' alternates for hypervisor configuration pathsfc6468efagent: fix panic on malformed device resource in container updated8a8fe47cpuset: don't set cpuset.mems in the guest88cd7128sandbox: consider cpusets if quota is not enforced77a463e5cpuset: support setting mems for sandbox2d690536cpuset: add cpuset pkg1a9515a9runtime: Pass `--thread-pool-size=1` to virtiofsd1c528cd1packaging: Apply virtiofs performance related fixes to 5.x5b520003docs: Update upgrading guide0e0564a5docs: update the build kata containers kernel documentae6b8ec7agent/device: Check type as well as major:minor when looking up devices859301b0agent/device: Index all devices in spec before updating them2477c355agent/device: Forward port update_spec_device_list() unit test08d80c1aagent/device: update_spec_device_list() should error if dev not found12cc0ee1sandbox: don't constrain cpus, mem only cpuset, devicesb6cf68a9cgroups: add ability to update CPUSetb812d4f7virtcontainers: add method for calculating cpuset for sandboxf63f7405agent: fix errorneous parsing for guest block size43d70a32docs: Add containerd install guide11c1ab8bagent: use ok_or/map_err instead of match6b9f9915rustjail: use Iterator to manipulate vector elementsa7251651docs: remove the 1.x version description about shim and proxydc1442c3rustjail: delete codes commented outaa04111drustjail: delete unused test codeeae685dcagent: use chain of Result to avoid early return5e3d1fb6agent: add blank lines between methods980e48caagent: delete unused field in agentService52b821faagent: use no-named closure to reduce codes82e94501packaging: fix cloud-hypervisor binary pathb1f95e8dagent: use a local fn to reduce duplicated codes154a356apackaging: apply qemu v5.1 stable fixesc781a808agent: fix aarch64 build906b3844agent: update not accurate comments78318c18packaging: fix missing cloud_hypervisor_repob7309943agent: use macro to simplify parse_cmdline function in config.rs9834a766docs: add namespace key to pod/container config files37e7de72ci: snap: add event filtering9a02e6ebdocs: Add crictl example json filesb7147edaagent: do not follow link when mounting container proc and sysfs15b71563agent: set init process non-dumpable00ad3fd3agent-ctl: include cargo lock updates8cd62d7bversions: add plugins sectionc4472481virtiofs: Disable DAX3e56de81snap: specify python versione3cdc89bosbuilder: Create target directory for agent7cad865dpackaging: fix image build script0e898c6brust-agent: Treat warnings as error0e4baaabrust-agent: Identify unused results in tests5b2b5652rust-agent: Log returned errors rather than ignore themd617caf1rust-agent: Remove unused importsee739c5drust-agent: Report errors to caller if possibled5b492a1rust-agent: Ignore write errors while writing to the logsc635c46arust-agent: Remove unused code that has undefined behaviorec24f688rust-agent: Remove 'mut' where not neededc8f406d4rust-agent: Remove uses of deprecated functionsf832d8a6rust-agent: Remove or rename unused parameters5a1d3311rust-agent: Remove or rename unused variables27efe291rust-agent: Remove unused functionsd76ece0crust-agent: Remove useless braces3682812erust-agent: Remove unused macros483209bfactions: add kata deploy test07930024packaging: cleaning, updating based on new filepathsf0f205cdpackaging: remove obs-packaging4b1753c5packaging: pull versions, build-image out from obs dir3f6cd4d5packaging: Revert "packaging: Stop providing OBS packages"c33ee54aclh: Support VFIO device unplug1f4dfa31clh: Remove unnecessary VmmPingcc80ae0aversions: cloud-hypervisor: Bump to version 6d30fe050fec7a4ddocs: Change kata_tap0 to tap0_kata3394a6a5docs: update networking description2e83f405dev-guide: update kata-agent install detailsffea705adocs: Update docs for enabling agent debug console777f3981docs: update dev guide for agent buildaa8eefd8ci: add github action to test the snapea1cb37bversions: cloud-hypervisor: bump version0ebffdf2runtime: cloud-hypervisor: tag openapi-generator-cli containere51a1ea3docs: use-cases: Add Intel SGX use case7d638231runtime/vendor: add k8s.io/apimachinery/pkg/api/resource6df165c1runtime: add support for SGXa5b3e1cddocs: drop docker installation guide6c4300c6docs: fix static check errors in docs/install/README.md59224a76docs: update architecture.mda89deb3erust-agent: Update README80c52834github: Remove issue template and use central one0ccbca3bagent: Fix OCI Windows network shared container name typoa6221a74qemu: upgrade qemu version to 5.1.0 for arm64.f30b86f1Packaging: release notes script using error kernel path urlsa7faeaacdocs: fix broken links4501c25aagent: propagate the internal detail errors to users1984e635ci: fix clone_tests_repo function02c1a59fagent: Set LIBC=gnu for ppc64le arch by default7019e72cagent: remove unreachable code942999edagent: Change do_exec return type to ! because it will never return757dfa70fc: integrate Firecracker's metricsb03d958egitignore: ignore agent service file64b4f698agent: fix UT failures due to chdir85d22301runtime: fix TestNewConsole UT failuree90e9a2ctravis: skip static checker for ppc645611283eruntime: fix golint errorsdaf2a54dagent: fix cargo fmtc05c4ba5ci: always checkout 2.0-dev of test repository1569b3b3docs: fix static check errorsdf3119b6runtime: fix make check484a595fruntime: add enable_debug_console configuration item for agentfebdf8f6runtime: add debug console service07d339c7devices: fix go test warning in manager_test.goa4afe3afrust-agent: Replaces improper use of match for non-constant patternsacaa806cagent: Only allow proc mount if it is procfsca501e54osbuilder: specify default toolchain verion in rust-init.03517327action: Allow long lines if non-alphabetic33513fb4rustjail: make the mount error info much more clear45b0b4edagent/oci: Don't use deprecated Error::description() methoda34478ffruntime: Update cloud-hypervisor client pkg to version v0.10.0ce675075static-build/qemu-virtiofs: Refactor apply virtiofs patches512b38cfpackaging/qemu: Add common code to apply patchesedce2712static-build/qemu-virtiofs: Fix to apply QEMU patches86a864b8packaging: Build from source if the clh release binary is missing33585a8eruntime: Fix linter errors in release filese3a0f9b3ci: use export command to export envs instead of env config item36ce7018agent: update cgroups crate3523167druntime: Call s.newStore.Destroy if globalSandboxList.addSandbox9e5a4b8bci: use Travis cache to reduce build time52984b67docs: Update the reference path of kata-deploy in the packagingeae21591runtime: add podman configuration to data collection scriptd1277848how-to: add privileged_without_host_devices to containerd guide98c4d11bdocs: fix k8s containerd howto linksf107b12bdocs: fix up developer guide for 2.09f2f5201docs: Fix the kata-pkgsync tool's docs script path96f8769atravis: enable RUST_BACKTRACEcda7acf7agent/rustjail: add more unit tests98cc979aagent/rustjail: remove makedev functionb99fefadagent/rustjail: add unit tests for ms_move_rootfs and mask_pathd79fad2dagent/rustjail: implement functions to chroot25c91afbagent/rustjail: add unit test for pivot_rootfs7cf0fd95agent/rustjail: implement functions to pivot_root672da4d0agent/rustjail: add unit test for mount_cgroupsab61cf7fagent/rustjail: add unit test for init_rootfs0a0714c9agent/rustjail/mount: don't use unwrap3dc9452bagent/rustjail: add tempfile crate as depedencyd756f52crustjail: implement functions to mount and umount filesa02d1787gitignore: ignore agent version.rsb518ddeaagent: fix agent panic running as init1a77f69eruntime: make kata-check check for newer release61181b9fpackaging: use local version file for kata 2.0 in Makefilee1c6aa27docs: fix release process doc1acfba4dpackaging: fix release notes1839dfd9runtime: Clear the VCMock 1.x API Methods from 2.07225460ashimv2: add a comment in checkAndMount()22ca2da6packaging: Stop providing OBS packagesafa88c1binstall: Add contacts to the distribution packages3955cc89install: Update information about Community Packages218f77d7install: Update SUSE information2a0e76a8install: Update openSUSE information691f1364install: Update RHEL information270fc4b2install: Update Fedora information492b4e90install: Update CentOS information Signed-off-by: Eric Ernst <eric_ernst@apple.com>
Kata Containers
Welcome to Kata Containers!
This repository is the home of the Kata Containers code for the 2.0 and newer releases.
If you want to learn about Kata Containers, visit the main Kata Containers website.
For further details on the older (first generation) Kata Containers 1.x versions, see the Kata Containers 1.x components section.
Introduction
Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.
Getting started
See the installation documentation.
Documentation
See the official documentation (including installation guides, the developer guide, design documents and more).
Community
To learn more about the project, its community and governance, see the community repository. This is the first place to go if you wish to contribute to the project.
Getting help
See the community section for ways to contact us.
Raising issues
Please raise an issue in this repository.
Note: If you are reporting a security issue, please follow the vulnerability reporting process
Kata Containers 1.x versions
For older Kata Containers 1.x releases, please raise an issue in the Kata Containers 1.x component repository that seems most appropriate.
If in doubt, raise an issue in the Kata Containers 1.x runtime repository.
Developers
Components
| Component | Type | Description |
|---|---|---|
| agent-ctl | utility | Tool that provides low-level access for testing the agent. |
| agent | core | Management process running inside the virtual machine / POD that sets up the container environment. |
| documentation | documentation | Documentation common to all components (such as design and install documentation). |
| osbuilder | infrastructure | Tool to create "mini O/S" rootfs and initrd images for the hypervisor. |
| packaging | infrastructure | Scripts and metadata for producing packaged binaries (components, hypervisors, kernel and rootfs). |
| runtime | core | Main component run by a container manager and providing a containerd shimv2 runtime implementation. |
| trace-forwarder | utility | Agent tracing helper. |
Kata Containers 1.x components
For the first generation of Kata Containers (1.x versions), each component was kept in a separate repository.
For information on the Kata Containers 1.x releases, see the Kata Containers 1.x releases page.
For further information on particular Kata Containers 1.x components, see the individual component repositories:
| Component | Type | Description |
|---|---|---|
| agent | core | See components. |
| documentation | documentation | |
| KSM throttler | optional core | Daemon that monitors containers and deduplicates memory to maximize container density on the host. |
| osbuilder | infrastructure | See components. |
| packaging | infrastructure | See components. |
| proxy | core | Multiplexes communications between the shims, agent and runtime. |
| runtime | core | See components. |
| shim | core | Handles standard I/O and signals on behalf of the container process. |
Note:
- There are more components for the original Kata Containers 1.x implementation.
- The current implementation simplifies the design significantly: compare the current and previous generation designs.
Common repositories
The following repositories are used by both the current and first generation Kata Containers implementations:
| Component | Description | Current | First generation | Notes |
|---|---|---|---|---|
| CI | Continuous Integration configuration files and scripts. | Kata 2.x | Kata 1.x | |
| kernel | The Linux kernel used by the hypervisor to boot the guest image. | Kata 2.x | Kata 1.x | Patches are stored in the packaging component. |
| tests | Test code. | Kata 2.x | Kata 1.x | Excludes unit tests which live with the main code. |
| www.katacontainers.io | Contains the source for the main web site. | Kata 2.x | Kata 1.x |
Packaging and releases
Kata Containers is now available natively for most distributions. However, packaging scripts and metadata are still used to generate snap and GitHub releases. See the components section for further details.