mirror of
https://github.com/aljazceru/kata-containers.git
synced 2026-01-02 14:04:22 +01:00
99c46be787
- runtime# make sure the "Shutdown" trace span have a correct end - tracing: Accept multiple dynamic tags - logging: Enable agent debug output for release builds - agent: "Revert agent: Disable seccomp feature on aarch64 temporarily" - runtime: Enhancement for Makefile - osbuilder: build image-builder image from Fedora 34 - agent: refactor process IO processing - agent-ctl: Update for Hybrid VSOCK - docs: Fix outdated links - ci/install_libseccomp: Fix libseccomp build and misc improvement - virtcontainers: simplify read-only mount handling - runtime: add fast-test to let test exit on error - test: Fix random failure for TestIoCopy - cli: Show available guest protection in env output - Update k8s, critools, and CRI-O to their 1.22 release - package: assign proper value to redefined_string in build-kernel.sh - agent: Make wording of error message match CRI-O test suite - docs: Moving from EOT to EOF - virtcontainers: api: update the functions in the api.md docs - release: Upload libseccomp sources with notice to release page - virtcontainers: check that both initrd and image are not set - agent: Fix the configuration sample file - runtime: set tags for trace span - agent-ctl: Implement Linux OCI spec handling - runtime: Remove comments about unsupported features in config for clh - tools/packaging: Add options for VFIO to guest kernel - agent/runtime: Add seccomp feature - ci: test-kata-deploy: Get rid of slash-command-action action - This is to bump the OOT QAT 1.7 driver version to the latest version.… - forwarder: Drop privileges when using hybrid VSOCK - packaging/static-build: s390x fixes - agent-ctl: improve the oci_to_grpc code - agent: do not return error but print it if task wait failed - virtcontainers: delete duplicated notify in watchHypervisor function - agent: Handle uevent remove actions - enable unit test on arm - rustjail: Consistent coding style of LinuxDevice type - cli: Fix outdated kata-runtime bash completion - Allow VFIO devices to be used as VFIO devices in the container - Expose top level hypervisor methods - - Upgrade to Cloud Hypervisor v19.0 - docs: use-cases: Update Intel SGX use case - virtcontainers: clh: Enable the `seccomp` feature - runtime: delete cri containerd plugin from versions.yaml - docs: Write tracing documentation - runtime: delete useless src/runtime/cli/exit.go - snap: add cloud-hypervisor and experimental kernel - osbuilder: Call detect_rust_version() right before install_rust.sh - docs: Updating Developer Guide re qemu-img - versions: Add libseccomp and gperf version - Enable agent tracing for hybrid VSOCK hypervisors - runtime: optimize test code - runtime: use containerd package instead of cri-containerd - runtime: update sandbox root dir cleanup behavior in rootless hypervisor - utils: kata-manager: Update kata-manager.sh for new containerd config - osbuilder: Re-enable building the agent in Docker - agent: Do not fail when trying to adding existing routes - tracing: Fix typo in "package" tag name - kata-deploy: add .dockerignore file - runtime: change name in config settings back to "kata" - tracing: Remove trace mode and trace type09d5d88runtime: tracing: Change method for adding tagsbcf3e82logging: Enable agent debug output for release buildsa239a38osbuilder: build image-builder image from Fedora 34375ad2bruntime: Enhancement for Makefileb468dc5agent: Use dup3 system call in unit tests of seccomp1aaa059agent: "Revert agent: Disable seccomp feature on aarch64 temporarily"1e331f7agent: refactor process IO processing9d3ec58runtime: make sure the "Shutdown" trace span have a correct end3f21af9runtime: add fast-test to let test exit on error9b270d7ci/install_libseccomp: use a temporary work directory98b4406ci/install_libseccomp: Fix fail when DESTDIR is set338ac87virtcontainers: api: update the functions in the api.md docs23496f9release: Upload libseccomp sources with notice to release pagee610fc8runtime: Remove comments about unsupported features in config for clh7e40195agent-ctl: Add stub for AddSwap API82de838agent-ctl: Update for Hybrid VSOCKd1bcf10forwarder: Remove quotes from socket path in doce66d047virtcontainers: simplify read-only mount handlingbdf4824tools/packaging: Add options for VFIO to guest kernelc509a20agent-ctl: Implement Linux OCI spec handling42add7fagent: Disable seccomp feature on aarch64 temporarily5dfedc2docs: Add explanation about seccomp45e7c2cstatic-checks: Add step for installing libseccompa3647e3osbuilder: Set up libseccomp library3be50adagent: Add support for Seccomp4280415agent: Fix the configuration sample fileb0bc71fci: test-kata-deploy: Get rid of slash-command-action action309dae6virtcontainers: check that both initrd and image are not seta10cfffforwarder: Fix changing log level6abccb9forwarder: Drop privileges when using hybrid VSOCKbf00b8dagent-ctl: improve the oci_to_grpc codeb67fa9eforwarder: Make explicit root checke377578forwarder: Fix docs socket path5f30633virtcontainers: delete duplicated notify in watchHypervisor function5f5eca6agent: do not return error but print it if task wait failedd2a7b6fpackaging/static-build: s390x fixes6cc8000cli: Show available guest protection in env output2063b13virtcontainers: Add func AvailableGuestProtectionsa13e2f7agent: Handle uevent remove actions34273daruntime/device: Allow VFIO devices to be presented to guest as VFIO devices68696e0runtime: Add parameter to constrainGRPCSpec to control VFIO handlingd9e2e9eruntime: Rename constraintGRPCSpec to improve grammar57ab408runtime: Introduce "vfio_mode" config variable and annotation730b9c4agent/device: Create device nodes for VFIO devices175f9b0rustjail: Allow container devices in subdirectories9891efcrustjail: Correct sanity checks on device pathd6b62c0rustjail: Change mknod_dev() and bind_dev() to take relative device path2680c0brustjail: Provide useful context on device node creation errors42b92b2agent/device: Allow container devname to differ from the host827a41fagent/device: Refactor update_spec_device_list()8ceadccagent/device: Sanity check guest IOMMU groupsff59db7agent/device: Add function to get IOMMU group for a PCI device13b06a3agent/device: Rebind VFIO devices to VFIO driver inside gueste22bd78agent/device: Add helper function for binding a guest device to a driverb40eedcrustjail: Consistent coding style of LinuxDevice type57c0f93agent: fix race condition when test watcher1a96b8btemplate: disable template unit test on arm43b13a4runtime: DefaultMaxVCPUs should not greater than defaultMaxQemuVCPUsc59c367runtime: current vcpu number should be limitedfa92251runtime: kernel version with '+' as suffix panic in parse52268d0hypervisor: Expose the hypervisor itselfa72bed5hypervisor: update tests based on createSandbox->CreateVM changef434bcbhypervisor: createSandbox is CreateVM76f1ce9hypervisor: startSandbox is StartVMfd24a69hypervisor: waitSandbox is waitVMa6385c8hypervisor: stopSandbox is StopVMf989078hypervisor: resumeSandbox is ResumeVM73b4f27hypervisor: saveSandbox is SaveVM7308610hypervisor: pauseSandbox is nothing but PauseVM8f78e1chypervisor: The SandboxConsole is the VM's console4d47aeehypervisor: Export generic interface methods6baf258hypervisor: Minimal exports of generic hypervisor internal fields37fa453osbuilder: Update QAT driver in Dockerfile8030b6cvirtcontainers: clh: Re-generate the client code8296754versions: Upgrade to Cloud Hypervisor v19.02b13944docs: Fix outdated links4f75ccbdocs: use-cases: Update Intel SGX use case4f018b5runtime: delete useless src/runtime/cli/exit.go7a80aebdocs: Moving from EOT to EOF09a5e03docs: Write tracing documentationb625f62runtime: delete cri containerd plugin from versions.yaml24fff57snap: make curl commands consistent2b9f79csnap: add cloud-hypervisor and experimental kernel273a1a9runtime: optimize test code76f16fdruntime: use containerd package instead of cri-containerd6d55b1bdocs: use containerd to replace cri-containerded02bc9packaging: add containerd to versions.yaml50da26dosbuilder: Call detect_rust_version() right before install_rust.shb4fadc9docs: Updating Developer Guide re qemu-imgb8e69ceversions: Add libseccomp and gperf version17a8c5cruntime: Fix random failure for TestIoCopyf34f67dosbuilder: Specify version when installing Rust135a080osbuilder: Pass CI env to container agent buildeb5dd76osbuilder: Re-enable building the agent in Dockerbcffa26tracing: Fix typo in "package" tag namee61f5e2runtime: Show socket path in kata-env output5b3a349trace-forwarder: Support Hybrid VSOCKe42bc05kata-deploy: add .dockerignore file321be0ftracing: Remove trace mode and trace type7d0b616agent: Do not fail when trying to adding existing routes3f95469runtime: logging: Add variable for syslog tagadc9e0bruntime: fix two bugs in rootless hypervisor51cbe14runtime: Add option "disable_seccomp" to config hypervisor.clh98b7350virtcontainers: clh: Enable the `seccomp` feature46720c6runtime: set tags for trace spand789b42package: assign proper value to redefined_string4d7ddffutils: kata-manager: Update kata-manager.sh for new containerd configf5172d1cli: Fix outdated kata-runtime bash completiond45c86dversions: Update CRI-O to its 1.22 releasec4a6426versions: Update k8s & critools to v1.22881b996agent: Make wording of error message match CRI-O test suite Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Kata Containers
Welcome to Kata Containers!
This repository is the home of the Kata Containers code for the 2.0 and newer releases.
If you want to learn about Kata Containers, visit the main Kata Containers website.
Introduction
Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.
Getting started
See the installation documentation.
Documentation
See the official documentation (including installation guides, the developer guide, design documents and more).
Community
To learn more about the project, its community and governance, see the community repository. This is the first place to go if you wish to contribute to the project.
Getting help
See the community section for ways to contact us.
Raising issues
Please raise an issue in this repository.
Note: If you are reporting a security issue, please follow the vulnerability reporting process
Developers
Components
Main components
The table below lists the core parts of the project:
| Component | Type | Description |
|---|---|---|
| runtime | core | Main component run by a container manager and providing a containerd shimv2 runtime implementation. |
| agent | core | Management process running inside the virtual machine / POD that sets up the container environment. |
| documentation | documentation | Documentation common to all components (such as design and install documentation). |
| tests | tests | Excludes unit tests which live with the main code. |
Additional components
The table below lists the remaining parts of the project:
| Component | Type | Description |
|---|---|---|
| packaging | infrastructure | Scripts and metadata for producing packaged binaries (components, hypervisors, kernel and rootfs). |
| kernel | kernel | Linux kernel used by the hypervisor to boot the guest image. Patches are stored here. |
| osbuilder | infrastructure | Tool to create "mini O/S" rootfs and initrd images and kernel for the hypervisor. |
agent-ctl |
utility | Tool that provides low-level access for testing the agent. |
trace-forwarder |
utility | Agent tracing helper. |
ci |
CI | Continuous Integration configuration files and scripts. |
katacontainers.io |
Source for the katacontainers.io site. |
Packaging and releases
Kata Containers is now available natively for most distributions. However, packaging scripts and metadata are still used to generate snap and GitHub releases. See the components section for further details.