mirror of
https://github.com/aljazceru/kata-containers.git
synced 2026-01-26 09:44:46 +01:00
75f9963872
- test: install mock hook binary before test - cgroups: fix the issue of get wrong online cpus - build: remove unused variables from Makefile - container: on cleanup, rm container directory for mounts path - runtime: add support for QEMU 6 - agent: Enable clean shutdown - runtime: fix virtiofsd RO volume sharing - runtime: update virtcontainers API documentation - runtime: Fix trace span ordering and static checks - fix runtime UTs and enable static check - kata-deploy: Use the correct tag for 2.1-alpha1 release - ci: fix virtiofs-experimental build - Verify container ID - rustjail: rework execute_hook - agent: Allow server address to be specified on kernel command-line - agent: disconnect rpc get_oom_event when destroy_sandbox. - docs: Update QAT instructions to work with Kata 2.0 repos - agent: Update Cargo.lock for earlier dependency change - osbuiler: fixing USE_DOCKER for ppc64le - agent: Fix unused import warning in unit tests - [forwardport] Fixup systemd cgroup handling - runtime: Fix ordering of trace spans - runtime: add support for readonly sandbox bindmounts - Bump to QEMU 5.2.0 - respin - runtime: return hypervisor Pid in TaskExit event - agent: makefile: Add codecov target - Bump to QEMU 5.2.0 - exec: ensure sup groups are added to agent request - rustjail: fix the issue of home_dir function - osbuilder: Port QAT Dockerfile to 2.0 repo - agent-ctl: Unbreak build - rustjail: fix the issue of bind mount device file from guest - musl/arm64: decompression before use the tarball. - osbuilder/arm64: build musl toolchain from source code if needed - runtime: Fix missing 'name' field on containerd-shim-v2 logs - agent: don't error of virtiofs share is already mounted - shimv2: return the hypervisor's pid as the container pid - runtime: check if error loading runtime config - agent: fix clippy for rustc 1.5 - agent: Upgrade tokio to 1.2.0 - rustjail: fix blkio conversion - agent: Agent invokes OCI hooks with wrong PID - kata-deploy: stop mentioning qemu-virtiofsd, as the default qemu supports virtiofsd already (plus some cleanups) - agent: Stop receive message from Receiver if got None - Remove "Docker" & "[kata] runtime" references from the release scripts & process documentation - kata-deploy: Ensure CRI-O uses shimv2 & the "vm" runtime type - makefile: agent: Add self documented help - runtime: connect guest debug console bypass kata-monitor - Clean up PCI path handling - runtime: Create tracer later in shimv2 - Agent: OCI hooks return malformed json - osbuilder: Allow image registry to be customizable - docs: Update licensing strategy to use kata 2.0 repository - runtime: clh-config: add runtime hooks to the clh toml - Fix Snap CI - runtime: cpuset: when creating container, don't pass cpuset details - agent: Remove bogus check from list_interfaces() unit test - cli: Add aliases for `kata-` options - github: Only run kata-deploy-test on pull-requests - docs: Fix the installation directory of virtiofsd - osbuilder: Fix USE_DOCKER on s390x - Add katacontainers end-to-end arch image - Build for glibc on s390x - packaging: Fix vmlinux kernel install on s390x - ci: Upgrade to yq 3.4.1 - kernel: Don't fail if "experimental" dir doesn't exist - kata-deploy: Remove kata-deploy-docker.sh - runtime: migrate from opentracing to opentelemetry - rustjail: use rlimit crate - rustjail: get all capabilities dynamically - agent: README update to install protoc for ppc64le - qemu: Add security fixes for CVE-2020-35517 - Fix lints and remove allow attributes which silence these warnings - arm64: enable acpi for qemu/virt. - osbuilder: Enforcing LIBC=gnu to rootfs build for ppc64le - Fix async problems - kata-monitor: set buildmode to exe to avoid build failing - osbuilder: add description for how to use DISTRO variable - kata-monitor: allow for building for alpine - shimv2: log a warning and continue on post-stop hook failure - kernel: Updates to kernel config for ppc64le - agent: add secure_join to prevent softlink escape - rustjail: fix the issue of container's cgroup root path - osbuilder: remove traces of cmake - versions: Update cloud-hypervisor to release v0.12.0 - clh: Use vanilla kernel. - osbuilder: miscelaneous fixes/improvements - branch: change 2.0-dev to main - snap: Don't release Kata Alpha/RC in snap store - Migrate to rtnetlink - agent: Add underscore for constants - github: Update ubuntu version to 20.04 - agent: implement NVDIMM/PMEM block driver - rustjail: fix the issue of missing destroy contaienr cgroups - agent: switch to async runtime9a4e866container: on cleanup, rm container directory for mounts path48e5e4ftest: install mock hook binary before test1d44881uevent: Add shutdown channel for taskd8d5b4csignal: Move to a new module011f7d7logging: Rework for shutdown7d5f88cagent: Enable clean shutdowndcb39c6main: Create logger task2cf2897main: Use task list for stopping tasks039df1dmain: Refactor main logic into new async function2a648falogging: Use guard to make threaded logging safe38f0d8dconfig: Fix assert_error testing macro3f46e63cgroups: fix the issue of getting wrong online cpuse349244runtime: fix virtiofsd RO volume sharing532ff7cruntime: update virtcontainers API documentation6fcfea8runtime: Fix static check errorsf3ebbb1runtime: Fix trace span ordering5a3ee7dsnap: Use qemu.version to build snap0f78a5dkernel: rename exeperimental kernel symlink.f791052qemu: Build experimental qemu.1555bfdruntime: add support for QEMU 6fc0f93aactions: enable unit tests in PR check74192d1runtime: fix static check errorsa2dee1fruntime: fix vm factory UT failure076bc50agent-ctl: update Cargo.lock0153f76runtime: gofmt code60f6315kata-deploy: Use the correct tag for 2.1-alpha1 releaseb0e51e5qemu: Improve cache buildbc587daqemu: Add suffix for qemu binaries.5493517qemu: add CACHE_TIMEOUT98d01ceqemu: Apply patches for specific versions.190f813runtime/katautils: PFlash should be initializedb2ec5a4runtime: fix cleanupSandboxBindMounts panic9b689earuntime/cli: fix TestMainBeforeSubCommandsLoadConfigurationFail failure8e71c4fruntime: fix missing context argument in mocked sandbox APIs8ff62beruntime: fix vcmock build failure0e4b28erustjail: rework execute_hooka09e58fpackaging: Use local file for assets.451b45fagent: Make use of test consts for error messages8c4d334agent: disconnect rpc get_oom_event when destroy_sandbox.07cfa4cqemu: patches: Fail if not patches directorye221c45versions: Update qemu database5abdd2aqemu: move 5.0.0 patches to its own dir.259c179docs: Update QAT instructions to work with Kata 2.0 repos34e7d5eagent: Validate CIDb265870runtime: Validate CID12e9f7fruntime: Add missing test mock functionea51c17agent: Allow server address to be specified on kernel command-line4bf84b4runtime: Add contexts to calls in unit tests9e4932aruntime: use root span for shimv2 tracing6b0dc60runtime: Fix ordering of trace spans3a77e4ebuild: remove unused variables from Makefiled7cb3dfcgroups: Add systemd detection when creating cgroup managerf659871cgroups: remove unused SystemdCgroup variable and accessor/mutatorsb0e966cagent: Fix unused import warning in unit testsd5a9d56agent: Update Cargo.lock for earlier dependency change0f7950fpackaging: configure QEMU with -O2224c50fsnap: Package virtiofsd and fix pathf0d4985exec: ensure sup groups are added to agent requestb034458runtime: return hypervisor Pid in TaskExit event81607e3rustjail: fix the issue of home_dir functionc258ea2agent-ctl: Function parameter cleanupfcd45deagent-ctl: Unbreak buildefe625dbuild: Remove whitespace48ed8f3runtime: add support for readonly sandbox bindmounts7ae349cagent: makefile: Add codecov targetf580d33musl/arm64: decompression before use the tarball.2da058eosbuild: build musl toolchain from source if needed6417067osbuilder: Port QAT Dockerfile to 2.0 repo85601cdsnap: Update for QEMU 5.2.088cef33versions: update QEMU to 5.2.021bdaafruntime: Fix missing 'name' field on containerd-shim-v2 logs74a893fpackaging: Refactor version comparisons on configure-hypervisor.sh34dc861rustjail: fix the issue of bind mount device file from guest0f70983runtime: check if error loading runtime config6f72076agent: fix clippy for rustc 1.54a21472agent: Fix test02079dbagent: upgrade tokio to 1.0a42dc74agent: Agent invokes OCI hooks with wrong PID17e9a2cagent: don't error of virtiofs share is already mounted947913fagent/protocols: Remove cargo:rerun-if-changed in build.rsbc0ac52shimv2: return the hypervisor's pid as the container pid10ed3darelease: Rename runtime-release-notes to release-notesf5dab6arelease: We're not compatible with Docker.2c8ea0akata-deploy: Add copyright to the kata-deploy's Dockerfile4e494e3packaging: Remove NEMU mentionsf21c54akata-deploy: QEMU, for 2.x, already includes virtiofs657bd78kata-deploy: Get rid of references to the docker scriptdcea086rustjail: fix blkio conversionbc34cbbagent: Stop receive message from Receiver if got None01481d6kata-deploy: Ensure CRI-O uses the VM runtime typed1c7173kata-deploy: Move the containerd workarounds to their own functions5013634kata-deploy: Stop shipping kata-{clh,fc,qemu,qemu-virtiofs} binaries2270f19kata-deploy: Update README to reflect the current distributed artifactsa494c4dmakefile: agent: Add self documented help72cb928vhost-user-blk: Use PciPath type for vhost user devices74f5b5fruntime/block: Use PciPath type through block code32b40f5runtime/network: Use PciPath type through network handling87c5823agent/device: Add unit test for pcipath_to_sysfs()066ce7aagent/device: Pass root bus sysfs path to pcipath_to_sysfs()fda48a9agent/device: Use pci::Path type, name things consistentlyc12b86dagent/device: Generalize PCI path resolution to any number of bridges3715c57agent/device: Rename and clarify semantics of get_pci_device_address()7e92831protocols: Update PCI path names / terminology in agent protocol def8e5fd8eruntime: Introduce PciSlot and PciPath types7464d05agent: PCI path typeb22259aagent: PCI slot type8c2f9e6gitignore: Ignore *~ editor backup filesb412e15osbuilder: Port QAT Dockerfile to 2.0 repo5096103osbuiler: fixing USE_DOCKER for ppc64lea44b272runtime: Create tracer later in shimv249bdbacosbuilder: Allow image registry to be customizablefdc573ddocs: Update licensing strategy to use kata 2.0 repository2e2749aruntime: clh-config: add runtime hooks to the clh tomlef72926ci: snap: run snap CI on every pull request919d512snap: fix kernel setupd054841ci: snap: build targets that not need sudo firsta115338ci: snap: define proxy variablesdf14d38Agent: OCI hooks return malformed json3721351runtime: cpuset: when creating container, don't pass cpuset detailsc9c7c12agent: Remove bogus check from list_interfaces() unit testcb6d2f3osbuilder: alphabetize fields056d742docs: Update documentation with new prefixless config optionsfdcde79cli: use new prefixless config options in tools scripts02ee8b0cli: Add aliases for kata- optionsc6bc43bdocs: Fix broken link to fluentbit.io docs20b27a1docs: Fix the installation directory of virtiofsd11fe6a3osbuilder: Fix USE_DOCKER on s390x10f1c30kata-runtime: use filepath.Join() to compose file pathf4ae9c8docs: Update Developer-Guide.md9963428docs: update document for using debug console44cde6eruntime: connect guest debug console bypass kata-monitor3406502runtime: add jaeger configuration itemsfbab262kernel: Don't fail if "experimental" dir doesn't existe1dce3arustjail: use rlimit crate8045104ci: Upgrade to yq 3.4.13d3e4dcpackaging: Fix vmlinux kernel install on s390xa252d86rustjail: get all capabilities dynamically62cbaf4kata-deploy: Remove kata-deploy-docker.sh50fea9fgithub: Only run kata-deploy-test on pull-requestsb548114qemu: Add security fixes for CVE-2020-3551711680efagent: README update to install protoc for ppc64lef16ab49agent: fix non_camel_case_types lint and stop hiding the warning8ffe4d6agent: fix unused_parens lint and stop hiding the warningf70ca69agent: remove #![allow(unused_unsafe)]e28bf7aagent: fix dead_code lint05da23aagent: fix non_snake_case lint and remove ![allow(non_snake_case)]afb4197osbuilder: Build for glibc on s390xa1cedc5agent: Build for glibc on s390x9f237aadocs: add katacontainers end-to-end arch image254b98drustjail: fix unit test test_processb25575bagent: remove crate signal-hook which are no longer usedb1880b3rustjail: remove unnecessary #[async_trait]83e9414rustjail: add unittest test_execute_hookd204100rustjail: close stdin in execute_hook after it was sentbb08131rustjail: fix fork/child in execute_hook17df9b1runtime: migrate from opentracing to opentelemetry71aeb92osbuilder: updates for feedback8e2b19aosbuilder: add description for how to use DISTRO variableb6c2a60kata-monitor: set buildmode to exe to avoid build failing9f7a7a4osbuilder: Enforcing LIBC=gnu to rootfs build for ppc64lea88b896kernel: Updates to kernel config for ppc64leb7a1f75arm64: enable acpi for qemu/virt.448771frustjail: fix the issue of container's cgroup root pathfd39f0fosbuilder: Add "Agent init" on terms glossarye111093agent: add secure_join to prevent softlink escape1273e48osbuilder: Fix urls to repositoriesba9fa49osbuilder: Use Fedora and CentOS registriesc2d14cdversions: Update cloud-hypervisor to release v0.12.00e57393shimv2: log a warning and continue on post-start hook failuree7043feshimv2: log a warning and continue on post-stop hook failure3718df6osbuilder: Remove leftover pieces related to cmaked1bf829kernel: ACPI: Always build evged for stable kernel6f3d591clh: Use vanilla kernel.fd5592dbranch: change 2.0-dev to main2b880d2snap: Don't release Kata Alpha/RC in snap store14a63ccagent: Add underscore for constantsfa93831agent: Address linter and tests96762abagent: Remove old netlink crate0ea8243github: Update ubuntu version to 20.0433367beagent: Integrate netlink23f3aefagent: Implement new netlink module12551deagent: implement NVDIMM/PMEM block driver6abb1berustjail: fix the issue of missing destroy contaienr cgroupsfe67f57agent: set edition = "2018" in .rustfmt.toml to fix rustfmt about async fndf68771agent-ctl: Update ttrpc to 0.4.14 for agent-ctl37e285bagent: Make debug console asyncf3bd439agent: fix tests for async functions9f79ddbagent: use tokio Notify instead of epoll to fix #1160332fa4cagent: switch to async runtime5561755agent: Initial switch to async runtime2f1cb79kata-monitor: allow for building for alpine Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Kata Containers
Welcome to Kata Containers!
This repository is the home of the Kata Containers code for the 2.0 and newer releases.
If you want to learn about Kata Containers, visit the main Kata Containers website.
For further details on the older (first generation) Kata Containers 1.x versions, see the Kata Containers 1.x components section.
Introduction
Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.
Getting started
See the installation documentation.
Documentation
See the official documentation (including installation guides, the developer guide, design documents and more).
Community
To learn more about the project, its community and governance, see the community repository. This is the first place to go if you wish to contribute to the project.
Getting help
See the community section for ways to contact us.
Raising issues
Please raise an issue in this repository.
Note: If you are reporting a security issue, please follow the vulnerability reporting process
Kata Containers 1.x versions
For older Kata Containers 1.x releases, please raise an issue in the Kata Containers 1.x component repository that seems most appropriate.
If in doubt, raise an issue in the Kata Containers 1.x runtime repository.
Developers
Components
| Component | Type | Description |
|---|---|---|
| agent-ctl | utility | Tool that provides low-level access for testing the agent. |
| agent | core | Management process running inside the virtual machine / POD that sets up the container environment. |
| documentation | documentation | Documentation common to all components (such as design and install documentation). |
| osbuilder | infrastructure | Tool to create "mini O/S" rootfs and initrd images for the hypervisor. |
| packaging | infrastructure | Scripts and metadata for producing packaged binaries (components, hypervisors, kernel and rootfs). |
| runtime | core | Main component run by a container manager and providing a containerd shimv2 runtime implementation. |
| trace-forwarder | utility | Agent tracing helper. |
Kata Containers 1.x components
For the first generation of Kata Containers (1.x versions), each component was kept in a separate repository.
For information on the Kata Containers 1.x releases, see the Kata Containers 1.x releases page.
For further information on particular Kata Containers 1.x components, see the individual component repositories:
| Component | Type | Description |
|---|---|---|
| agent | core | See components. |
| documentation | documentation | |
| KSM throttler | optional core | Daemon that monitors containers and deduplicates memory to maximize container density on the host. |
| osbuilder | infrastructure | See components. |
| packaging | infrastructure | See components. |
| proxy | core | Multiplexes communications between the shims, agent and runtime. |
| runtime | core | See components. |
| shim | core | Handles standard I/O and signals on behalf of the container process. |
Note:
- There are more components for the original Kata Containers 1.x implementation.
- The current implementation simplifies the design significantly: compare the current and previous generation designs.
Common repositories
The following repositories are used by both the current and first generation Kata Containers implementations:
| Component | Description | Current | First generation | Notes |
|---|---|---|---|---|
| CI | Continuous Integration configuration files and scripts. | Kata 2.x | Kata 1.x | |
| kernel | The Linux kernel used by the hypervisor to boot the guest image. | Kata 2.x | Kata 1.x | Patches are stored in the packaging component. |
| tests | Test code. | Kata 2.x | Kata 1.x | Excludes unit tests which live with the main code. |
| www.katacontainers.io | Contains the source for the main web site. | Kata 2.x | Kata 1.x |
Packaging and releases
Kata Containers is now available natively for most distributions. However, packaging scripts and metadata are still used to generate snap and GitHub releases. See the components section for further details.