From 84dff4405786cd98b727d97f9ed9228806cfbda9 Mon Sep 17 00:00:00 2001 From: Eric Ernst Date: Mon, 7 Mar 2022 11:15:25 -0800 Subject: [PATCH 1/2] release: Adapt kata-deploy for 2.4.0-rc0 kata-deploy files must be adapted to a new release. The cases where it happens are when the release goes from -> to: * main -> stable: * kata-deploy-stable / kata-cleanup-stable: are removed * stable -> stable: * kata-deploy / kata-cleanup: bump the release to the new one. There are no changes when doing an alpha release, as the files on the "main" branch always point to the "latest" and "stable" tags. Signed-off-by: Eric Ernst --- .../base/kata-cleanup-stable.yaml | 46 ------------- .../kata-deploy/base/kata-deploy-stable.yaml | 69 ------------------- 2 files changed, 115 deletions(-) delete mode 100644 tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup-stable.yaml delete mode 100644 tools/packaging/kata-deploy/kata-deploy/base/kata-deploy-stable.yaml diff --git a/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup-stable.yaml b/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup-stable.yaml deleted file mode 100644 index f1d9d0a2f9..0000000000 --- a/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup-stable.yaml +++ /dev/null @@ -1,46 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: kubelet-kata-cleanup - namespace: kube-system -spec: - selector: - matchLabels: - name: kubelet-kata-cleanup - template: - metadata: - labels: - name: kubelet-kata-cleanup - spec: - serviceAccountName: kata-label-node - nodeSelector: - katacontainers.io/kata-runtime: cleanup - containers: - - name: kube-kata-cleanup - image: quay.io/kata-containers/kata-deploy:stable - imagePullPolicy: Always - command: [ "bash", "-c", "/opt/kata-artifacts/scripts/kata-deploy.sh reset" ] - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - securityContext: - privileged: false - volumeMounts: - - name: dbus - mountPath: /var/run/dbus - - name: systemd - mountPath: /run/systemd - volumes: - - name: dbus - hostPath: - path: /var/run/dbus - - name: systemd - hostPath: - path: /run/systemd - updateStrategy: - rollingUpdate: - maxUnavailable: 1 - type: RollingUpdate diff --git a/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy-stable.yaml b/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy-stable.yaml deleted file mode 100644 index 346e4c0ee2..0000000000 --- a/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy-stable.yaml +++ /dev/null @@ -1,69 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: kata-deploy - namespace: kube-system -spec: - selector: - matchLabels: - name: kata-deploy - template: - metadata: - labels: - name: kata-deploy - spec: - serviceAccountName: kata-label-node - containers: - - name: kube-kata - image: quay.io/kata-containers/kata-deploy:stable - imagePullPolicy: Always - lifecycle: - preStop: - exec: - command: ["bash", "-c", "/opt/kata-artifacts/scripts/kata-deploy.sh cleanup"] - command: [ "bash", "-c", "/opt/kata-artifacts/scripts/kata-deploy.sh install" ] - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - securityContext: - privileged: false - volumeMounts: - - name: crio-conf - mountPath: /etc/crio/ - - name: containerd-conf - mountPath: /etc/containerd/ - - name: kata-artifacts - mountPath: /opt/kata/ - - name: dbus - mountPath: /var/run/dbus - - name: systemd - mountPath: /run/systemd - - name: local-bin - mountPath: /usr/local/bin/ - volumes: - - name: crio-conf - hostPath: - path: /etc/crio/ - - name: containerd-conf - hostPath: - path: /etc/containerd/ - - name: kata-artifacts - hostPath: - path: /opt/kata/ - type: DirectoryOrCreate - - name: dbus - hostPath: - path: /var/run/dbus - - name: systemd - hostPath: - path: /run/systemd - - name: local-bin - hostPath: - path: /usr/local/bin/ - updateStrategy: - rollingUpdate: - maxUnavailable: 1 - type: RollingUpdate From a4dcaf3cf41b983349399c15670237d3ab178dc8 Mon Sep 17 00:00:00 2001 From: Eric Ernst Date: Mon, 7 Mar 2022 11:15:25 -0800 Subject: [PATCH 2/2] release: Kata Containers 2.4.0-rc0 - Enhancement: fix comments/logs and delete not used function - storage: make k8s emptyDir volume creation location configurable - Implement direct-assigned volume - Bump containerd to 1.6.1 - experimentally enable vcpu hotplug and virtio-mem on arm64 in kernel part - versions: Upgrade to Cloud Hypervisor v22.0 - katatestutils: remove distro constraints - Minor fixes for the `disable_block_device_use` comments - clh: stop virtofsd if clh fails to boot up the vm - clh: tdx: Don't use sharedFS with Confidential Guests - runtime: Build golang components with extra security options - snap: Use git clone depth 1 for QEMU and dependencies - snap: Don't build cloud-hypevisor on ppc64le - build: always reset ARCH after getting it - virtcontainers: remove temp dir created for vsock in test code - docs: Add unit testing presentation - virtcontainers: Use available s390x hugepages - Update QEMU >= 6.1.0 in configure-hypervisor.sh - Fix monitor listen address - snap: clh: Re-use kata-deploy script here - osbuilder: Add CentOS Stream rootfs - runtime: Gofmt fixes - Update `confidential_guest` comments - cleanup runtime pkgs for Darwin build, add basic Darwin build/unit test - docs: Update Readme document - runtime: use Cmd.StdoutPipe instead of self-created pipe - docs: Developer-Guide build a custom Kata agent with musl - kata-agent: Fix mismatching error of cgroup and mountinfo. - runtime, config: make selinux configurable - Fix unbound variable / typo on error mesage - clh: Add TDX support - virtcontainers: Do not add a virtio-rng-ccw device - kata-monitor: fix collecting metrics for sandboxes not started through CRI - runtime: fix package declaration for ppc64le - Make the hypervisor framework not Linux specific - kata-deploy: Simplify Dockerfile and support s390x - Support nerdctl OCI hooks - shim: log events for CRI-O - docs: Update contributing link - kata-deploy: Use (kata with) qemu as the default shim-v2 binary - kata-monitor: simplify sandbox cache management and attach kubernetes POD metadata to metrics - nydus: add lazyload support for kata with clh - kernel: remove SYS_SUPPORTS_HUGETLBFS from powerpc fragments - packaging: Use `patch` for applying patches - virtcontainers: Remove duplicated assert messages in utils test code - versions: add nydus-snapshotter - docs: Update limitations document - packaging: support qemu-tdx - Kata manager fix install - versions: Linux 5.15.x - trace-forwarder/agent-ctl: run cargo fmt/clippy in make check - docs: Improve top-level README - runtime: use github.com/mdlayher/vsock@v1.1.0 - tools: Build cloud-hypervisor with "--features tdx" - virtiofsd: Use "-o announce_submounts" - feature: hugepages support - tools: clh: Allow to set when to build from sources and the build flags passed down to cargo - docs: Remove docker run and shared memory from limitations - versions: Udpate Cloud Hypervisor to 55479a64d237 - kernel: add missing config fragment for TDx - runtime: The index variable is initialized multiple times in for - scripts: fix a typo while to check build_type - versions: bump CRI-O to its 1.23 release - feature(nydusd): add nydusd support to introduce lazyload ability - docs: Fix relative links in Markdown - kernel: support TDx - device: Actually update PCIDEVICE_ environment variables for the guest - docs: Update link to EFK stack docs - runtime: support QEMU SGX - snap: update qemu version to 6.1.0 for arm - Release process related fixes - openshift-ci: switch to CentOS Stream - virtcontainers: Split the rootless package into OS specific parts - runtime: suppport split firmware - kata-deploy: for testing, make sure we use the PR branch - docs: Remove Zun documentation with kata containers - agent: Fix execute_hook() args error - workflows: stop checking revert commit 84dff440 release: Adapt kata-deploy for 2.4.0-rc0 b257e0e5 rustjail: delete function signal in BaseContainer d647b28b agent: delete meaningless FIXME comment 1b34494b runtime: fix invalid comments for pkg/resourcecontrol afc567a9 storage: make k8s emptyDir creation configurable e76519af runtime: small refactor to improve readability 7e5f11a5 vendor: Update containerd to 1.6.1 42771fa7 runtime: don't set socket and thread for arm/virt 8828ef41 kernel: add arm experimental kernel build support 8a9007fe config: remove 2 config as they are removed in 5.15 1b6f7401 kernel: add arm experimental patches to support vcpu hotplug and virtio-mem f905161b runtime: mount direct-assigned block device fs only once 27fb4902 agent: add get volume stats handler in agent ea51ef1c runtime: forward the stat and resize requests from shimv2 to kata agent c39281ad runtime: update container creation to work with direct assigned volumes 4e00c237 agent: add grpc interface for stat and resize operations e9b5a255 runtime: add stat and resize APIs to containerd-shim-v2 6e0090ab runtime: persist direct volume mount info fa326b4e runtime: augment kata-runtime CLI to support direct-assigned volume b8844fb8 versions: Upgrade to Cloud Hypervisor v22.0 af804734 clh: stop virtofsd if clh fails to boot up the vm 97951a2d clh: Don't use SharedFS with Confidential Guests c30b3a9f clh: Adding a volume is not supported without SharedFS f889f1f9 clh: introduce supportsSharedFS() 54d27ed7 clh: introduce loadVirtiofsDaemon() ae2221ea clh: introduce stopVirtiofsDaemon() e8bc26f9 clh: introduce setupVirtiofsDaemon() 413b3b47 clh: introduce createVirtiofsDaemon() 55cd0c89 runtime: Build golang components with extra security options 76e4f6a2 Revert "hypervisors: Confidential Guests do not support Device hotplug" fa8b9392 config: qemu: Fix disable_block_device_use comments 9615c8bc config: fc: Don't expose disable_block_device_use c1fb4bb7 snap: Don't build cloud-hypevisor on ppc64le 58913694 snap: Use git clone depth 1 for QEMU and dependencies b27c7f40 docs: Add unit testing presentation e64c54a2 monitor: Listen to localhost only by default e6350d3d monitor: Fix build options a67b93bb snap: clh: Re-use kata-deploy script here f31125fe version: Bump cloud-hypervisor to b0324f85571c441f 54d0a672 subsystem: build edf20766 docs: Update Readme document eda8ea15 runtime: Gofmt fixes 4afb278f ci: add github action to exercise darwin build, unit tests e355a718 container: file is not linux specific b31876ee device-manager: move linux-only test to a linux-only file 6a5c6344 resourcecontrol: SystemdCgroup check is not necessarily linux specific cc58cf69 resourcecontrol: convert stats dev_t to unit64types 5be188cc utils: Add darwin stub ad044919 virtcontainers: Convert stats dev_t to uint64 56751089 katautils: Use a syscall wrapper for the hook JSON state 7d64ae7a runtime: Add a syscall wrapper package abc681ca katautils: Add Darwin stub for the netNS API de574662 config: Expand confidential_guest comments 641d475f config: clh: Use "Intel TDX" instead of just "TDX" 0bafa2de config: clh: Mention supported TEEs 81ed269e runtime: use Cmd.StdoutPipe instead of self-created pipe 8edca8bb kata-agent: Fix mismatching error of cgroup and mountinfo. a9ba7c13 clh: Fix typo on HotplugRemoveDevice 827ab82a tools: clh: Fix unbound variable 082d538c runtime: make selinux configurable 1103f5a4 virtcontainers: Use FilesystemSharer for sharing the containers files 533c1c0e virtcontainers: Keep all filesystem sharing prep code to sandbox.go 61590bbd virtcontainers: Add a Linux implementation for the FilesystemSharer 03fc1cbd virtcontainers: Add a filesystem sharing interface 72434333 clh: Add TDX support a13b4d5a clh: Add firmware to the config file a8827e0c hypervisors: Confidential Guests do not support NVDIMM f50ff9f7 hypervisors: Confidential Guests do not support Memory hotplug df8ffecd hypervisors: Confidential Guests do not support Device hotplug 28c4c044 hypervisors: Confidential Guests do not support VCPUs hotplug 29ee870d clh: Add confidential_guest to the config file 9621c596 clh: refactor image / initrd configuration set dcdc412e clh: use common kernel params from the hypervisor code 4c164afb versions: Update Cloud Hypervisor to 5343e09e7b8db b2a65f90 virtcontainers: Use available s390x hugepages cb4230e6 runtime: fix package declaration for ppc64le fec26f8e kata-monitor: trivial: rename symbols & labels 9fd4e551 runtime: Move the resourcecontrol package one layer up 823faee8 virtcontainers: Rename the cgroups package 0d1a7da6 virtcontainers: Rename and clean the cgroup interface ad10e201 virtcontainers: cgroups: Move non Linux routine to utils.go d49d0b6f virtcontainers: cgroups: Define a cgroup interface 3ac52e81 kata-monitor: fix updating sandbox cache at startup 160bb621 kata-monitor: bump version to 0.3.0 1a3381b0 docs: Developer-Guide build a custom Kata agent with musl f6fc1621 shim: log events for CRI-O 1d68a08f docs: Update contributing link 9123fc09 kata-deploy: Simplify Dockerfile and support s390x 11220f05 kata-deploy: Use (kata with) qemu as the default shim-v2 binary 3175aad5 virtiofs-nydus: add lazyload support for kata with clh 94b831eb virtcontainers: remove temp dir created for vsock in test code 8cc1b186 kernel: remove SYS_SUPPORTS_HUGETLBFS from powerpc fragments 5c9d2b41 packaging: Use `patch` for applying patches 5b3fb6f8 kernel: Build SGX as part of the vanilla kernel 2c35d8cb workflows: Stop building the experimental kernel 32e7845d snap: Build vanilla kernel for all arches 27de212f runtime: Always add network endpoints from the pod netns 1cee0a94 virtcontainers: Remove duplicated assert messages in utils test code 6c1d149a docs: Update limitations document 7c4ee6ec packaging/qemu: create no_patches file for qemu-tdx d47c488b versions: add qemu tdx section 77c29bfd container: Remove VFIO lazy attach handling 7241d618 versions: add nydus-snapshotter 26b3f001 virtcontainers: Split hypervisor into Linux and OS agnostic bits fa0e9dc6 virtcontainers: Make all Linux VMMs only build on Linux c91035d0 virtcontainers: Move non QEMU specific constants to hypervisor.go 10ae0591 virtcontainers: Move guest protection definitions to hypervisor.go b28d0274 virtcontainers: Make max vCPU config less QEMU specific a5f6df6a govmm: Define the number of supported vCPUs per architecture a6b40151 tools: clh: Remove unused variables 5816c132 tools: Build cloud-hypervisor with "--features tdx" e6060cb7 versions: Linux 5.15.x 9818cf71 docs: Improve top-level and runtime README 36c3fc12 agent: support hugepages for containers 81a8baa5 runtime: add hugepages support 7df677c0 runtime: Update calculateSandboxMemory to include Hugepages Limit 948a2b09 tools: clh: Ensure the download binary is executable 72bf5496 agent: handle hook process result 80e8dbf1 agent: valid envs for hooks 4f96e3ea katautils: Pass the nerdctl netns annotation to the OCI hooks a871a33b katautils: Run the createRuntime hooks d9dfce14 katautils: Run the preStart hook in the host namespace 6be6d0a3 katautils: Pass the OCI annotations back to the called OCI hooks 493ebc8c utils: Update kata manager docs 34b2e67d utils: Added more kata manager cli options 714c9f56 utils: Improve containerd configuration c464f326 utils: kata-manager: Force containerd sym link creation 4755d004 utils: Fix unused parameter 601be4e6 utils: Fix containerd installation ae21fcc7 utils: Fix Kata tar archive check f4d1e45c utils: Add kata-manager CLI options for kata and containerd 395cff48 docs: Remove docker run and shared memory from limitations e07545a2 tools: clh: Allow passing down a build flag 55cdef22 tools: clh: Add the possibility to always build from sources 3f87835a utils: Switch kata manager to use getopts 4bd945b6 virtiofsd: Use "-o announce_submounts" 37df1678 build: always reset ARCH after getting it 3a641b56 katatestutils: remove distro constraints 90fd625d versions: Udpate Cloud Hypervisor to 55479a64d237 573a37b3 osbuilder: Add CentOS Stream rootfs f10642c8 osbuilder: Source .cargo/env before checking Rust 955d359f kernel: add missing config fragment for TDx 734b618c agent-ctl: run cargo fmt/clippy in make check 12c37faf trace-forwarder: add make check for Rust c1ce67d9 runtime: use github.com/mdlayher/vsock@v1.1.0 42a878e6 runtime: The index variable is initialized multiple times in for 1797b3eb packaging/kernel: build TDX guest kernel 98752529 versions: add url and tag for tdx kernel bc8464e0 packaging/kernel: add option -s option 2d9f89ae feature(nydusd): add nydusd support to introduse lazyload ability b19b6938 docs: Fix relative links in Markdown 9590874d device: Update PCIDEVICE_ environment variables for the guest 7b7f426a device: Keep host to VM PCI mapping persistently 0b2bd641 device: Rework update_spec_pci() to update_env_pci() 982f14fa runtime: support QEMU SGX 40aa43f4 docs: Update link to EFK stack docs 54e1faec scripts: fix a typo while to check build_type 07b9d93f virtcontainer: Simplify the sandbox network creation flow 2c7087ff virtcontainers: Make all endpoints Linux only 49d2cde1 virtcontainers: Split network tests into generic and OS specific parts 0269077e virtcontainers: Remove the netlink package dependency from network.go 7fca5792 virtcontainers: Unify Network endpoints management interface c67109a2 virtcontainers: Remove the Network PostAdd method e0b26443 virtcontainers: Define a Network interface 5e119e90 virtcontainers: Rename the Network structure fields and methods b858d0de virtcontainers: Make all Network fields private 49eee79f virtcontainers: Remove the NetworkNamespace structure 844eb619 virtcontainers: Have CreateVM use a Network reference d7b67a7d virtcontainers: Network API cleanups and simplifications 2edea883 virtcontainers: Make the Network structure manage endpoints 8f48e283 virtcontainers: Expand the Network structure 5ef522f7 runtime: check kvm module `sev` correctly 419d8134 snap: update qemu version to 6.1.0 for arm 00722187 docs: update Release-Process.md 496bc10d tools: check for yq before using it 88a70d32 Revert "workflows: Ensure a label change re-triggers the actions" a9bebb31 openshift-ci: switch to CentOS Stream 89047901 kata-deploy-push: only run if PR modifying tools path 7ffe9e51 virtcontainers: Do not add a virtio-rng-ccw device 1f29478b runtime: suppport split firmware 24796d2f kata-deploy: for testing, make sure we use the PR branch 1cc1c8d0 docs: Remove images from Zun documentation 5861e52f docs: Remove Zun documentation with kata containers 903a6a45 versions: Bump critools to its 1.23 release 63eb1158 versions: bump CRI-O to its 1.23 release 5083ae65 workflows: stop checking revert commit 14e7f52a virtcontainers: Split the rootless package into OS specific parts ab447285 kata-monitor: add kubernetes pod metadata labels to metrics 834e199e kata-monitor: drop unused functions 7516a8c5 kata-monitor: rework the sandbox cache sync with the container manager e78d80ea kata-monitor: silently ignore CHMOD events on the sandboxes fs e9eb34ce kata-monitor: improve debug logging 4fc4c76b agent: Fix execute_hook() args error Signed-off-by: Eric Ernst --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 171f1d5b9c..cbc70e35ba 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4.0-alpha2 +2.4.0-rc0