mirror of
https://github.com/aljazceru/kata-containers.git
synced 2026-01-01 21:44:22 +01:00
799433d863
- Update kata-deploy to use CRI-O drop-in files - Update dependencies versions - fix build kernel shell error when setup with `-f` - virtcontainers: Fix virtio-fs on s390x - Runtimeclass updates - versions: Upgrade to cloud-hypervisor v15.0 - clh: return error if apiSocketPath failed - runtime: fix dropped error - agent: Update seccomp configuration for errnoRet and flags - Fix the issue that sandbox size is not right after update - docs: Document limitation regarding subpaths - qemu: kill virtiofsd if failure to start VMM - runtime/virtcontainers: Fix typo on qmp error msg - cli: delete not used files - runtime: delete not used function parameter builtIn - add io.katacontainers.config.hypervisor.virtio_fs_extra_args handling - Entropy source annotation - runtime: Fix stdout/stderr output from container being truncated - fix the issue of missing set fsGroup for EphemeralStorage - qemu: Fix assertion failure on shutdown - Assorted clippy fixes for Rust agent - agent: use channel instead of pipe(2) to send exit signal of process - Improve agent shutdown handling - Enable virtio-fs on s390x - block: Generate PCI path for virtio-blk devices on clh - runtime: Disable trace for healthcheck - agent/rustjail: Fix accidental damage from tokio conversion - cli: Use genericGetExpectedHostDetails on s390x - runtime/tests: Change "moo FAILURE" message - Update the information about the release process - remove ProcessListContainer API2047f26fkata-deploy: Adapt CRI-O config to use drop-in files8de2f914kata-deploy: Rely on CRIO default's values for manage_ns_lifecycleea9936e0versions: Bump runc to v1.0.0-rc939c333b2cversions: Bump CRI-O version to 1.21.xe33f207bversions: Bump critools version to 1.21.08e5df723versions: Bump kubernetes version to 1.21.0d15f84c9versions: Remove Docker entry516f4ec0versions: Remove OpenShift entrybe101ac1versions: Remove CRI-O meta dependencies1ca6bedfversions: Upgrade to cloud-hypervisor v15.0906c0df4kata-deploy: don't update worker pool nodes3ee61776virtcontainers: Enable virtio-fs on s390x8385ff95runtime: Re-vendor GoVMMadba4532virtcontainers: Revert "virtcontainers: Allow s390x appendVhostUserDevice"ede078bckata-deploy: aks-test: bump kubernetes/containerd484af12bkata-deploy: update to handle new runtimeclass path05c224c3runtimeclass: add nodeSelectoree7de8abtools: fix build kernel shell error7d5a4252docs: Document limitation regarding subpaths36776408runtime/virtcontainers: Fix typo on qmp error msg12a65d23runtimeclass: drop stale runtimeclass definitions0787ea80cgroupsCreate: not set resources to c.config.Resources831224aaSandbox: Fix ContainerConfig ptr in CreateContainer and createContainersa57c8ab1qemu: kill virtiofsd if failure to start VMMff2b9e54cli: delete not used files0d0a520dclh: return error if apiSocketPath failedfc6bb01aruntime: fix dropped error30ff6ee8runtime: handle io.katacontainers.config.hypervisor.virtio_fs_extra_args677f0d99runtime: delete not used function parameter builtIndcb9f403config: Protect annotation for entropy_sourcef4c26aadagent: fix the issue of missing set fsGroup for EphemeralStorage628d55bfkata-agent: fix the issue of fsGroup missing0405beb2agent: Remove unused Default implementation for NamespaceType7b83b7ecagent/uevent: Better initialize Uevent in testb0190a40agent: Use vec![] macro rather than init-then-push1c43245eagent/device: Remove unneeded Result<> wrappers from uev matcherse41cdb8bagent: Use str::is_empty() method in config::get_string_value()2377c097agent: Use CamelCase for NamespaceType values75eca6d5agent/rustjail: Clean up error path in execute_hook()s async task6ce1e56dagent/rustjail: Remove an unnecessary PathBuf3c4485ecagent/rustjail: Clean up some static definitions with vec! macroeaec5a6cagent/oci: Change name case to make clippy happy3f5fdae0agent/rustjail: (trivial) Clean up comment on process_grpc_to_oci()210f39a4agent/rustjail: Simplify renaming importsd4a54137runtime: Fix stdout/stderr output from container being truncated8ecf8e5cagent: use channel instead of pipe to send exit signal of process81c5ff12agent: Update seccomp configuration for errnoRet and flags8a33bd4cqemu: Fix assertion failure on shutdown7f609113virtcontainers: Allow s390x appendVhostUserDevice67ac4f45runtime: update GoVMM for memory backend support6577b01aagent/rustjail: Fix accidental damage from tokio conversionde2631e7utils: Make WaitLocalProcess safer9256e590shutdown: Don't sever console watcher too early51ab8700utils: Improve WaitLocalProcess507ef636utils: Add waitLocalProcess function1d5098deagent/block: Generate PCI path for virtio-blk devices on clhe7c97f0fruntime/tests: Change "moo FAILURE" message8bc53498docs: Simplify the repo bumping section8a47b05adocs: Mention that an app token should be used with hubd434c2e9docs: OBS account is not require anymore543f9da3runtime: Disable trace for healthcheck421439c6API: remove ProcessListContainer/ListProcesses1366f0fbcli: Use genericGetExpectedHostDetails on s390x Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Kata Containers
Welcome to Kata Containers!
This repository is the home of the Kata Containers code for the 2.0 and newer releases.
If you want to learn about Kata Containers, visit the main Kata Containers website.
For further details on the older (first generation) Kata Containers 1.x versions, see the Kata Containers 1.x components section.
Introduction
Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.
Getting started
See the installation documentation.
Documentation
See the official documentation (including installation guides, the developer guide, design documents and more).
Community
To learn more about the project, its community and governance, see the community repository. This is the first place to go if you wish to contribute to the project.
Getting help
See the community section for ways to contact us.
Raising issues
Please raise an issue in this repository.
Note: If you are reporting a security issue, please follow the vulnerability reporting process
Kata Containers 1.x versions
For older Kata Containers 1.x releases, please raise an issue in the Kata Containers 1.x component repository that seems most appropriate.
If in doubt, raise an issue in the Kata Containers 1.x runtime repository.
Developers
Components
| Component | Type | Description |
|---|---|---|
| agent-ctl | utility | Tool that provides low-level access for testing the agent. |
| agent | core | Management process running inside the virtual machine / POD that sets up the container environment. |
| documentation | documentation | Documentation common to all components (such as design and install documentation). |
| osbuilder | infrastructure | Tool to create "mini O/S" rootfs and initrd images for the hypervisor. |
| packaging | infrastructure | Scripts and metadata for producing packaged binaries (components, hypervisors, kernel and rootfs). |
| runtime | core | Main component run by a container manager and providing a containerd shimv2 runtime implementation. |
| trace-forwarder | utility | Agent tracing helper. |
Kata Containers 1.x components
For the first generation of Kata Containers (1.x versions), each component was kept in a separate repository.
For information on the Kata Containers 1.x releases, see the Kata Containers 1.x releases page.
For further information on particular Kata Containers 1.x components, see the individual component repositories:
| Component | Type | Description |
|---|---|---|
| agent | core | See components. |
| documentation | documentation | |
| KSM throttler | optional core | Daemon that monitors containers and deduplicates memory to maximize container density on the host. |
| osbuilder | infrastructure | See components. |
| packaging | infrastructure | See components. |
| proxy | core | Multiplexes communications between the shims, agent and runtime. |
| runtime | core | See components. |
| shim | core | Handles standard I/O and signals on behalf of the container process. |
Note:
- There are more components for the original Kata Containers 1.x implementation.
- The current implementation simplifies the design significantly: compare the current and previous generation designs.
Common repositories
The following repositories are used by both the current and first generation Kata Containers implementations:
| Component | Description | Current | First generation | Notes |
|---|---|---|---|---|
| CI | Continuous Integration configuration files and scripts. | Kata 2.x | Kata 1.x | |
| kernel | The Linux kernel used by the hypervisor to boot the guest image. | Kata 2.x | Kata 1.x | Patches are stored in the packaging component. |
| tests | Test code. | Kata 2.x | Kata 1.x | Excludes unit tests which live with the main code. |
| www.katacontainers.io | Contains the source for the main web site. | Kata 2.x | Kata 1.x |
Packaging and releases
Kata Containers is now available natively for most distributions. However, packaging scripts and metadata are still used to generate snap and GitHub releases. See the components section for further details.