kata-containers Changes
Highlights for the Kata Containers 2.5.0-alpha1 release include:
- The addition of runk, a OCI container runtime, written in rust, based on a modified version of Kata Contaoner's agent (#2784)
- Cloud Hypervisor bump to v23.0 (#4120)
- Firecracker bump to v0.23.4 (#4001)
- Fixes related to hugepages (#3816, #3695)
- Fixes for pod terminating (#4043, #4081)
- Improvements to direct volume assignment (#4098, #4018)
- Improvements to kata-montior documentation and endpoints (#3704. #4061, #4054)
- Disk and Network rate limitting for Cloud Hypervisor (#4017, #4139)
- Kata Deploy support to RKE2 (#4161)
- Fixes on the agent-ctl tool (#4164)
- A lot of simplifications on the agent tests
- A whole new set of agent tests
- New documentation has been added related to both Firecrackerm and using NV GPUs
Shortlog
4a1e13b rustjail: Add tests for hook_grpc_to_oci
9b863b0 release: Kata Containers 2.5.0-alpha1
70eda2f agent: watchers: ensure uid/gid is preserved on copy/mkdir
33a8b70 clh: Rely on Cloud Hypervisor for generating the device ID
81f6b48 agent: add tests for create_logger_task function
7772f7d runk: set BinaryName for runk for containerd
b221a25 tools: Add runk
2c218a0 agent: Modify Kata agent for runk
b0e439c rustjail: add tests for parse_mount_table
b975f2e Virtcontainers: Enable hot plugging vhost-user-blk device on ARM
7ffe5a1 docs: Direct-assigned volume design
081f6de versions: change qemu tdx url and tag
dd4bd7f doc: Added initial doc update for NV GPUs
666aee5 docs: Add VSOCK localhost example for agent-ctl
86d348e docs: Use VM term in agent-ctl doc
4b9b62b agent-ctl: Fix abstract socket connections
b6467dd clh: Expose disk rate limiter config
7580bb5 clh: Expose net rate limiter config
a88adab clh: Cloud Hypervisor has a built-in Rate Limiter
63c4da0 clh: Implement the Disk RateLimiter logic
511f7f8 config: Add DiskRateLimiter* to Cloud Hypervisor
5b18575 hypervisor: Add disk bandwidth and operations rate limiters
1cf9469 clh: Implement the Network RateLimiter logic
00a5b1b utils: Define DefaultRateLimiterRefillTimeMilliSecs
be1bb7e utils: Move FC's function to revert bytes to utils
c9f6496 config: Add NetRateLimiter* to Cloud Hypervisor
2d35e60 hypervisor: Add network bandwidth and operations rate limiters
ccb0183 kata-deploy: Add support to RKE2
9d39362 kata-deploy: Reestructure the installing section
18d27f7 kata-deploy: Add a missing $
prefix in the README
6948b4b docs: Update containerd link to installation guide
832c33d docs: remove pc machine type supports
1cad3a4 agent/random: Ensure data.len > 0
33c953a agent: Add test_ressed_rng_not_root
39a35b6 agent: Add test to random::reseed_rng()
d8f39fb agent/random: Rename RNDRESEEDRNG to RNDRESEEDCRNG
4b9e78b rustjail: Add tests for mount_grpc_to_oci
b658dcc tools: fix typo in clh directory name
afbd60d packaging: Fix clh build from source fall-back
1b931f4 runtime: Allock mockfs storage to be placed in any directory
ef6d54a runtime: Let MockFSInit create a mock fs driver at any path
5d8438e runtime: Move mockfs control global into mockfs.go
963d03e runtime: Export StoragePathSuffix
1719a8b runtime: Don't abuse MockStorageRootPath() for factory tests
bec59f9 runtime: Make bind mount tests better clean up after themselves
f7ba21c runtime: Clean up mock hook logs in tests
90b2f5b runtime: Make SetupOCIConfigFile clean up after itself
2eeb5dc runtime: Don't use fixed /tmp/mountPoint path
f385b21 rustjail: add tests for mount_from function
96bc3ec rustjail: Add tests for hooks_grpc_to_oci
0239502 agent: modify the type of swappiness to u64
0ad89eb safe-path: add more unit test cases
b63774e libs/safe-path: add crate to safely resolve fs paths
0e7f1a5 agent: move assert_result macro to test_utils file
2256bcb rustjail: Add tests for root_grpc_to_oci
9b6f24b agent: add tests for mount_to_rootfs function
9c22d95 agent: add tests for update_container_namespaces
c3776b1 agent: add tests for is_signal_handled function
29e569a virtcontainers: clh: Re-generate the client code
6012c19 versions: Upgrade to Cloud Hypervisor v23.0
aabcebb agent: best-effort removing mount point
d136c9c test: Fix golangci-lint error for s390x
92c00c7 agent: fsGroup support for direct-assigned volume
532d539 runtime: fsGroup support for direct-assigned volume
6a47b82 proto: fsGroup support for direct-assigned volume
7b2ff02 kata-monitor: add a README file
86977ff kata-monitor: update the hrefs in the debug/pprof index page
354cd3b runtime: Base64 encode the direct volume mountInfo path
6e79042 runtime: no need to write virtiofsd error to log
f8cc5d1 kata-monitor: add some links when generating pages for browsers
78f30c3 agent: Avoid agent panic when reading empty stats
6e9e4e8 docs: Update link to contributions guide
9d5e7ee agent: add tests for mount_storage
1118a3d agent: add test coverage for parse_mount_flags_and_options function
485aeab agent: add tests for do_write_stream function
9d5b03a runtime: delete debug option in virtiofsd
c31cd0e rustjail: add test coverage for process_grpc_to_oci function
eff7c7e agent: Allow the agent to be rebuilt with the change of Cargo features
962d05e protocols: add src/csi.rs to .gitignore
a2f5c17 runtime/virtcontainers: Pass the hugepages resources to agent
4405b18 docs: Add a firecracker installation guide
ff17c75 runtime: Allow and require no initrd for SE
59c7165 test: use T.TempDir
to create temporary test directory
98750d7 clh: Expose service offload configuration
Compatibility with CRI-O
Kata Containers 2.5.0-alpha1 is compatible with CRI-O
Compatibility with containerd
Kata Containers 2.5.0-alpha1 is compatible with contaienrd v1.5.2
OCI Runtime Specification
Kata Containers 2.5.0-alpha1 support the OCI Runtime Specification v1.0.0-rc5
Compatibility with Kubernetes
Kata Containers 2.5.0-alpha1 is compatible with Kubernetes 1.23.1-00
Libseccomp Notices
The kata-agent
binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.
The kata-agent
uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.
If you want to use the kata-agent
which is not statically linked with the library, you can build
a custom kata-agent
that does not use the library from sources.
For the details, please check the developer guide.
Kata Linux Containers image
Agent version: 2.5.0-alpha1
Default Image Guest OS:
description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"
Default Initrd Guest OS:
description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
Do not use Alpine on ppc64le & s390x, the agent cannot use musl because
there is no such Rust target
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"
Kata Linux Containers Kernel
Kata Containers 2.5.0-alpha1 suggest to use the Linux kernel v5.15.26
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config
Installation
Follow the Kata installation instructions.
Issues & limitations
More information Limitations