Highlights for Kata Containers 2.4.0 include:
- direct assigned volume support: enables volume managers (e.g. csi) to delegate kata agent to manage block storage volumes.
- VMM selinux is now configurable (@tanweernoor)
- Ability to build and run unit tests for a subset of runtime packages on Darwin (@egernst, @sameo)
- Intel® Software Guard Extensions (Intel® SGX) is available as part of the default kernel, and its support has been added to Cloud Hypervisor and QEMU drivers
- Initial Intel® Trust Domain Extensions (Intel® TDX) support has been added to Kata Containers, to be used together with Cloud Hypervisor and QEMU, and can be used with together with artefacts built by the community, such as Cloud Hypervisor (also part of the released binaries), QEMU, and guest kernel
- virtio-fs has a new default parameter set up in the configuration file, announce_submounts, which is used to help to prevent inode number collisions
- Improved and fixed support for OCI hooks, allowing to run nerdctl with Kata Containers. (@sameo, @liubin). As nerdctl exposes a CLI that is very close to the docker one, this brings an easier, docker-like, development workflow with Kata Containers as a backend.
Hugepages: (@liubin ) - Native Nydus support to handle container image lazy loading for both QEMU and CLH hypervisors (@liubin @luodw)
- Static CPU management: Introduce static_sandbox_resource_mgmt flag to allow for better initial VM sizing when sandbox resource requirements are specified (requires containerd >= 1.6, Kubernetes >= 1.23). For more details see https://github.com/kata-containers/kata-containers/blob/main/docs/design/vcpu-handling.md#virtual-cpu-handling-without-hotplug.
- netmon: support for netmon dropped, as no longer utilized in Kata 2.0
- Maintainability, refactoring: Much effort was made to help refactor the runtime code base, including hypervisor, network, cgroups, pkg layout, addition of govmm, etc. These aren't user visible, but allow us to add new exciting features, as well as more easily reuse existing packages.
- agent: Add config file option to cli
- ARM experimental hotplug support with QEMU
- kata-monitor (@fgiudici, @jodh-intel): make the binary listen on localhost only by default; detection of sandboxes is no more dependent on CRI, so detection is quicker and metrics are reported also for kata workloads non created through the CRI; attach CRI metadata (if available) to metrics, in order to easily match kubernetes workloads
Compatibility with CRI-O
Kata Containers 2.4.0 is compatible with CRI-O
Compatibility with containerd
Kata Containers 2.4.0 is compatible with contaienrd v1.5.2
OCI Runtime Specification
Kata Containers 2.4.0 support the OCI Runtime Specification v1.0.0-rc5
Compatibility with Kubernetes
Kata Containers 2.4.0 is compatible with Kubernetes 1.23.1-00
Libseccomp Notices
The kata-agent
binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.
The kata-agent
uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.
If you want to use the kata-agent
which is not statically linked with the library, you can build
a custom kata-agent
that does not use the library from sources.
For the details, please check the developer guide.
Kata Linux Containers image
Agent version: 2.4.0
Default Image Guest OS:
description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"
Default Initrd Guest OS:
description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"
Kata Linux Containers Kernel
Kata Containers 2.4.0 suggest to use the Linux kernel v5.15.26
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config
Installation
Follow the Kata installation instructions.
Issues & limitations
More information Limitations