github kata-containers/kata-containers 3.4.0
Kata Containers 3.4.0
on GitHub

latest release: 3.5.0
24 days ago

Survey

Please take the Kata Containers survey:

This will help the Kata Containers community understand:

  • how you use Kata Containers
  • what features and improvements you would like to see in Kata Containers

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.5 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

Kata Containers builder images

  • agent (on all its different flavours): quay.io/kata-containers/builders:agent-65c32735e-8724d7dee-x86_64
  • Kernel (on all its different flavours): quay.io/kata-containers/builders:kernel-4fc34323a-x86_64
  • OVMF (on all its different flavours): quay.io/kata-containers/builders:ovmf-2ee03b5dc-x86_64
  • QEMU (on all its different flavurs): quay.io/kata-containers/builders:qemu-fe5adae5d-x86_64
  • shim-v2: quay.io/kata-containers/builders:shim-v2-go-1.19.3-rust-1.72.0-04d021bd1-x86_64
  • tools: quay.io/kata-containers/builders:tools-77540503f-d915a79e2-9e01732f7-x86_64
  • virtiofsd: quay.io/kata-containers/builders:virtiofsd-1.72.0-musl-2205fb9d0-x86_64

Installation

Follow the Kata installation instructions.

What's Changed

  • docs: Update links in the Documentation Requirements document by @GabyCT in #9307
  • gha: Update journal log names for kubernetes artifacts by @GabyCT in #9309
  • gha: Fix nydus namespace clean up by @GabyCT in #9265
  • Dragonballl: introduce MTRR regs support by @studychao in #9311
  • tests: static checker: Add announce message by @jodh-intel in #9259
  • agent: Add guest-pull to the list of agent features in announce() by @ChengyuZhu6 in #9312
  • docs: Update libseccomp instructions in Developers Guide by @GabyCT in #9324
  • Revert "release: Skip --generate-notes for this release" by @fidencio in #9321
  • runtime-rs: ch: Implement full thread/tid/pid handling by @dborquez in #9255
  • versions: Update nydus-snapshotter to v0.13.11 by @fidencio in #9337
  • runtime-rs: Enable qemu on s390x by @BbolroC in #9280
  • agent: Refactor unit tests to leverage rstest for parameterization by @ChengyuZhu6 in #9313
  • runtime-rs/dragonball: add support building kernel with upcall and GPU hotplug by @Apokleos in #9244
  • agent:image: Refactor code to improve memory efficiency of image service by @ChengyuZhu6 in #9325
  • scripts: Fix unbound variables in k8s setup script by @GabyCT in #9329
  • workflows: Build agent-opa for more archs by @stevenhorsman in #9356
  • Remove additional links to tests directory by @cmaf in #9346
  • docs: Add documents for kata guest image management by @ChengyuZhu6 in #9341
  • Only tag and publish the release when it is fully ready by @gkurz in #9326
  • Support to set timeout to pull large image in guest by @ChengyuZhu6 in #9332
  • k8s: confidential: Update cpuid to its latest release by @fidencio in #9349
  • runtime: remove unimplemented CoCo configurations by @fitzthum in #8046
  • genpolicy: reduce policy debug prints by @danmihai1 in #9347
  • runtime: remove stream copy infinite loop by @danmihai1 in #9367
  • agent: Fix errors in make check by @c3d in #9345
  • gha: Update journal log names for nerdctl artifacts by @GabyCT in #9358
  • kata-agent: Change order of guest hook and bind mount processing by @Apokleos in #9275
  • kata-agent: enabling cgroups-v2 by systemd.unified_cgroup_hierarchy by @Apokleos in #9383
  • versions: Remove runc version information by @GabyCT in #9365
  • gha: add GENPOLICY_PULL_METHOD by @Redent0r in #9385
  • docs: Remove stale kernel information by @GabyCT in #9344
  • versions: Remove conmon information from versions.yaml by @GabyCT in #9397
  • gha: Define GH_PR_NUMBER variable in gha run k8s common script by @GabyCT in #9409
  • tests: k8s-job: wait for job successful create by @danmihai1 in #9411
  • gha: ensure unique resource group name by @Redent0r in #9413
  • bugfix and refactor device increate count by @Apokleos in #8782
  • tdx: Update TDX artefacts to be used with the Ubuntu 23.10 / CentOS 9 stream OSVs. by @fidencio in #8840
  • tests: Support for kbs setup on kcli by @ldoktor in #9273
  • metrics: Improve latency test cleanup by @GabyCT in #9419
  • GHA: Implement secondary GITHUB_WORKSPACE cleanup on 1st failure by @BbolroC in #9415
  • qemu: show the thread name when enable the hypervisor.debug option by @deagon in #9402
  • docs: kata-manager: Update with latest details by @jodh-intel in #9372
  • port attestation agent from CCv0 branch to main branch by @LindaYu17 in #8870
  • agent:image: Support different pause image in the guest for guest pull by @ChengyuZhu6 in #9369
  • gha: Bump various actions to use Node.js 20 by @gkurz in #9421
  • katautils: check number of cores on the system intead of go runtime by @egernst in #9331
  • tests: k8s: improve the Agent Policy tests by @danmihai1 in #9398
  • docs: adding an initial CI documentation by @beraldoleal in #8988
  • genpolicy: Add optional toggle to pull images using containerd by @Redent0r in #9185
  • add onednn and openvino ml-benchmarks by @dborquez in #9391
  • gha: Fix indentation in gha run script by @GabyCT in #9450
  • tests: Improve the kbs_k8s_delete function by @GabyCT in #9423
  • tests: k8s: inject agent policy failures by @danmihai1 in #9439
  • agent: Fix the issue with the "test_new_fs_manager" test by @justxuewei in #9457
  • CC: run guest-pull tests on non-TEE jobs by @wainersm in #9424
  • gha: Define unbound PULL TYPE variable by @GabyCT in #9454
  • agent: shutdown vm on exit when agent is used as init process by @alex-matei in #9430
  • CI: Enable GHA cri-containerd workflow for runtime-rs with QEMU by @BbolroC in #9403
  • kernel: Adjust s390x config for confidential containers by @BbolroC in #9469
  • ci.ocp: Increase the MCP update time by @ldoktor in #9404
  • version: Add coco name and version for {image,initrd} for s390x by @BbolroC in #9471
  • gha: make run-kata-coco-tests inherit secrets by @wainersm in #9479
  • runtime-rs: refactor qemu driver by @pmores in #9353
  • tests: k8s: inject agent policy failures (part2) by @danmihai1 in #9464
  • genpolicy: support insecure registries and custom pause containers by @burgerdev in #9294
  • docs: Document Intel Discrete GPUs usage with Kata by @amshinde in #9084
  • version: add initrd, image NVIDIA sections by @zvonkok in #9473
  • tests/k8s: Add uninstall kbs client command function by @GabyCT in #9461
  • tests: k8s: inject agent policy failures (part 3) by @danmihai1 in #9492
  • rootfs: Make OPA build working in docker for s390x and pp… by @BbolroC in #9489
  • gha: Remove k8s-cri-containerd-rhel9-e2e-tests for s390x by @BbolroC in #9505
  • gha: stale: Remove the start-date by @stevenhorsman in #9503
  • gha: Make integration tests for s390x run on s390x-large runners by @BbolroC in #9508
  • kata: Remove check for "Fixes" in PR by @zvonkok in #9501
  • release: bump version for 3.4.0 release by @sprt in #9516
  • gha: stale: Bump stalebot version by @stevenhorsman in #9513
  • gha: tag k8s tests on ppc64le to ppc64le-runner-01 by @Amulyam24 in #9521
  • update golang.org/x/net by @sparky005 in #9485

New Contributors

Full Changelog: 3.3.0...3.4.0

Check out latest releases or
releases around kata-containers/kata-containers 3.4.0

Don't miss a new kata-containers release

NewReleases is sending notifications on new releases.

Get notifications