From ac65feeae3d16dd8ad741a7eab25b217d6a9c1dc Mon Sep 17 00:00:00 2001 From: Eric Ernst Date: Mon, 7 Mar 2022 11:15:25 -0800 Subject: [PATCH] release: Kata Containers 2.4.0-rc0 - Enhancement: fix comments/logs and delete not used function - storage: make k8s emptyDir volume creation location configurable - Implement direct-assigned volume - Bump containerd to 1.6.1 - experimentally enable vcpu hotplug and virtio-mem on arm64 in kernel part - versions: Upgrade to Cloud Hypervisor v22.0 - katatestutils: remove distro constraints - Minor fixes for the `disable_block_device_use` comments - clh: stop virtofsd if clh fails to boot up the vm - clh: tdx: Don't use sharedFS with Confidential Guests - runtime: Build golang components with extra security options - snap: Use git clone depth 1 for QEMU and dependencies - snap: Don't build cloud-hypevisor on ppc64le - build: always reset ARCH after getting it - virtcontainers: remove temp dir created for vsock in test code - docs: Add unit testing presentation - virtcontainers: Use available s390x hugepages - Update QEMU >= 6.1.0 in configure-hypervisor.sh - Fix monitor listen address - snap: clh: Re-use kata-deploy script here - osbuilder: Add CentOS Stream rootfs - runtime: Gofmt fixes - Update `confidential_guest` comments - cleanup runtime pkgs for Darwin build, add basic Darwin build/unit test - docs: Update Readme document - runtime: use Cmd.StdoutPipe instead of self-created pipe - docs: Developer-Guide build a custom Kata agent with musl - kata-agent: Fix mismatching error of cgroup and mountinfo. - runtime, config: make selinux configurable - Fix unbound variable / typo on error mesage - clh: Add TDX support - virtcontainers: Do not add a virtio-rng-ccw device - kata-monitor: fix collecting metrics for sandboxes not started through CRI - runtime: fix package declaration for ppc64le - Make the hypervisor framework not Linux specific - kata-deploy: Simplify Dockerfile and support s390x - Support nerdctl OCI hooks - shim: log events for CRI-O - docs: Update contributing link - kata-deploy: Use (kata with) qemu as the default shim-v2 binary - kata-monitor: simplify sandbox cache management and attach kubernetes POD metadata to metrics - nydus: add lazyload support for kata with clh - kernel: remove SYS_SUPPORTS_HUGETLBFS from powerpc fragments - packaging: Use `patch` for applying patches - virtcontainers: Remove duplicated assert messages in utils test code - versions: add nydus-snapshotter - docs: Update limitations document - packaging: support qemu-tdx - Kata manager fix install - versions: Linux 5.15.x - trace-forwarder/agent-ctl: run cargo fmt/clippy in make check - docs: Improve top-level README - runtime: use github.com/mdlayher/vsock@v1.1.0 - tools: Build cloud-hypervisor with "--features tdx" - virtiofsd: Use "-o announce_submounts" - feature: hugepages support - tools: clh: Allow to set when to build from sources and the build flags passed down to cargo - docs: Remove docker run and shared memory from limitations - versions: Udpate Cloud Hypervisor to 55479a64d237 - kernel: add missing config fragment for TDx - runtime: The index variable is initialized multiple times in for - scripts: fix a typo while to check build_type - versions: bump CRI-O to its 1.23 release - feature(nydusd): add nydusd support to introduce lazyload ability - docs: Fix relative links in Markdown - kernel: support TDx - device: Actually update PCIDEVICE_ environment variables for the guest - docs: Update link to EFK stack docs - runtime: support QEMU SGX - snap: update qemu version to 6.1.0 for arm - Release process related fixes - openshift-ci: switch to CentOS Stream - virtcontainers: Split the rootless package into OS specific parts - runtime: suppport split firmware - kata-deploy: for testing, make sure we use the PR branch - docs: Remove Zun documentation with kata containers - agent: Fix execute_hook() args error - workflows: stop checking revert commit 84dff440 release: Adapt kata-deploy for 2.4.0-rc0 b257e0e5 rustjail: delete function signal in BaseContainer d647b28b agent: delete meaningless FIXME comment 1b34494b runtime: fix invalid comments for pkg/resourcecontrol afc567a9 storage: make k8s emptyDir creation configurable e76519af runtime: small refactor to improve readability 7e5f11a5 vendor: Update containerd to 1.6.1 42771fa7 runtime: don't set socket and thread for arm/virt 8828ef41 kernel: add arm experimental kernel build support 8a9007fe config: remove 2 config as they are removed in 5.15 1b6f7401 kernel: add arm experimental patches to support vcpu hotplug and virtio-mem f905161b runtime: mount direct-assigned block device fs only once 27fb4902 agent: add get volume stats handler in agent ea51ef1c runtime: forward the stat and resize requests from shimv2 to kata agent c39281ad runtime: update container creation to work with direct assigned volumes 4e00c237 agent: add grpc interface for stat and resize operations e9b5a255 runtime: add stat and resize APIs to containerd-shim-v2 6e0090ab runtime: persist direct volume mount info fa326b4e runtime: augment kata-runtime CLI to support direct-assigned volume b8844fb8 versions: Upgrade to Cloud Hypervisor v22.0 af804734 clh: stop virtofsd if clh fails to boot up the vm 97951a2d clh: Don't use SharedFS with Confidential Guests c30b3a9f clh: Adding a volume is not supported without SharedFS f889f1f9 clh: introduce supportsSharedFS() 54d27ed7 clh: introduce loadVirtiofsDaemon() ae2221ea clh: introduce stopVirtiofsDaemon() e8bc26f9 clh: introduce setupVirtiofsDaemon() 413b3b47 clh: introduce createVirtiofsDaemon() 55cd0c89 runtime: Build golang components with extra security options 76e4f6a2 Revert "hypervisors: Confidential Guests do not support Device hotplug" fa8b9392 config: qemu: Fix disable_block_device_use comments 9615c8bc config: fc: Don't expose disable_block_device_use c1fb4bb7 snap: Don't build cloud-hypevisor on ppc64le 58913694 snap: Use git clone depth 1 for QEMU and dependencies b27c7f40 docs: Add unit testing presentation e64c54a2 monitor: Listen to localhost only by default e6350d3d monitor: Fix build options a67b93bb snap: clh: Re-use kata-deploy script here f31125fe version: Bump cloud-hypervisor to b0324f85571c441f 54d0a672 subsystem: build edf20766 docs: Update Readme document eda8ea15 runtime: Gofmt fixes 4afb278f ci: add github action to exercise darwin build, unit tests e355a718 container: file is not linux specific b31876ee device-manager: move linux-only test to a linux-only file 6a5c6344 resourcecontrol: SystemdCgroup check is not necessarily linux specific cc58cf69 resourcecontrol: convert stats dev_t to unit64types 5be188cc utils: Add darwin stub ad044919 virtcontainers: Convert stats dev_t to uint64 56751089 katautils: Use a syscall wrapper for the hook JSON state 7d64ae7a runtime: Add a syscall wrapper package abc681ca katautils: Add Darwin stub for the netNS API de574662 config: Expand confidential_guest comments 641d475f config: clh: Use "Intel TDX" instead of just "TDX" 0bafa2de config: clh: Mention supported TEEs 81ed269e runtime: use Cmd.StdoutPipe instead of self-created pipe 8edca8bb kata-agent: Fix mismatching error of cgroup and mountinfo. a9ba7c13 clh: Fix typo on HotplugRemoveDevice 827ab82a tools: clh: Fix unbound variable 082d538c runtime: make selinux configurable 1103f5a4 virtcontainers: Use FilesystemSharer for sharing the containers files 533c1c0e virtcontainers: Keep all filesystem sharing prep code to sandbox.go 61590bbd virtcontainers: Add a Linux implementation for the FilesystemSharer 03fc1cbd virtcontainers: Add a filesystem sharing interface 72434333 clh: Add TDX support a13b4d5a clh: Add firmware to the config file a8827e0c hypervisors: Confidential Guests do not support NVDIMM f50ff9f7 hypervisors: Confidential Guests do not support Memory hotplug df8ffecd hypervisors: Confidential Guests do not support Device hotplug 28c4c044 hypervisors: Confidential Guests do not support VCPUs hotplug 29ee870d clh: Add confidential_guest to the config file 9621c596 clh: refactor image / initrd configuration set dcdc412e clh: use common kernel params from the hypervisor code 4c164afb versions: Update Cloud Hypervisor to 5343e09e7b8db b2a65f90 virtcontainers: Use available s390x hugepages cb4230e6 runtime: fix package declaration for ppc64le fec26f8e kata-monitor: trivial: rename symbols & labels 9fd4e551 runtime: Move the resourcecontrol package one layer up 823faee8 virtcontainers: Rename the cgroups package 0d1a7da6 virtcontainers: Rename and clean the cgroup interface ad10e201 virtcontainers: cgroups: Move non Linux routine to utils.go d49d0b6f virtcontainers: cgroups: Define a cgroup interface 3ac52e81 kata-monitor: fix updating sandbox cache at startup 160bb621 kata-monitor: bump version to 0.3.0 1a3381b0 docs: Developer-Guide build a custom Kata agent with musl f6fc1621 shim: log events for CRI-O 1d68a08f docs: Update contributing link 9123fc09 kata-deploy: Simplify Dockerfile and support s390x 11220f05 kata-deploy: Use (kata with) qemu as the default shim-v2 binary 3175aad5 virtiofs-nydus: add lazyload support for kata with clh 94b831eb virtcontainers: remove temp dir created for vsock in test code 8cc1b186 kernel: remove SYS_SUPPORTS_HUGETLBFS from powerpc fragments 5c9d2b41 packaging: Use `patch` for applying patches 5b3fb6f8 kernel: Build SGX as part of the vanilla kernel 2c35d8cb workflows: Stop building the experimental kernel 32e7845d snap: Build vanilla kernel for all arches 27de212f runtime: Always add network endpoints from the pod netns 1cee0a94 virtcontainers: Remove duplicated assert messages in utils test code 6c1d149a docs: Update limitations document 7c4ee6ec packaging/qemu: create no_patches file for qemu-tdx d47c488b versions: add qemu tdx section 77c29bfd container: Remove VFIO lazy attach handling 7241d618 versions: add nydus-snapshotter 26b3f001 virtcontainers: Split hypervisor into Linux and OS agnostic bits fa0e9dc6 virtcontainers: Make all Linux VMMs only build on Linux c91035d0 virtcontainers: Move non QEMU specific constants to hypervisor.go 10ae0591 virtcontainers: Move guest protection definitions to hypervisor.go b28d0274 virtcontainers: Make max vCPU config less QEMU specific a5f6df6a govmm: Define the number of supported vCPUs per architecture a6b40151 tools: clh: Remove unused variables 5816c132 tools: Build cloud-hypervisor with "--features tdx" e6060cb7 versions: Linux 5.15.x 9818cf71 docs: Improve top-level and runtime README 36c3fc12 agent: support hugepages for containers 81a8baa5 runtime: add hugepages support 7df677c0 runtime: Update calculateSandboxMemory to include Hugepages Limit 948a2b09 tools: clh: Ensure the download binary is executable 72bf5496 agent: handle hook process result 80e8dbf1 agent: valid envs for hooks 4f96e3ea katautils: Pass the nerdctl netns annotation to the OCI hooks a871a33b katautils: Run the createRuntime hooks d9dfce14 katautils: Run the preStart hook in the host namespace 6be6d0a3 katautils: Pass the OCI annotations back to the called OCI hooks 493ebc8c utils: Update kata manager docs 34b2e67d utils: Added more kata manager cli options 714c9f56 utils: Improve containerd configuration c464f326 utils: kata-manager: Force containerd sym link creation 4755d004 utils: Fix unused parameter 601be4e6 utils: Fix containerd installation ae21fcc7 utils: Fix Kata tar archive check f4d1e45c utils: Add kata-manager CLI options for kata and containerd 395cff48 docs: Remove docker run and shared memory from limitations e07545a2 tools: clh: Allow passing down a build flag 55cdef22 tools: clh: Add the possibility to always build from sources 3f87835a utils: Switch kata manager to use getopts 4bd945b6 virtiofsd: Use "-o announce_submounts" 37df1678 build: always reset ARCH after getting it 3a641b56 katatestutils: remove distro constraints 90fd625d versions: Udpate Cloud Hypervisor to 55479a64d237 573a37b3 osbuilder: Add CentOS Stream rootfs f10642c8 osbuilder: Source .cargo/env before checking Rust 955d359f kernel: add missing config fragment for TDx 734b618c agent-ctl: run cargo fmt/clippy in make check 12c37faf trace-forwarder: add make check for Rust c1ce67d9 runtime: use github.com/mdlayher/vsock@v1.1.0 42a878e6 runtime: The index variable is initialized multiple times in for 1797b3eb packaging/kernel: build TDX guest kernel 98752529 versions: add url and tag for tdx kernel bc8464e0 packaging/kernel: add option -s option 2d9f89ae feature(nydusd): add nydusd support to introduse lazyload ability b19b6938 docs: Fix relative links in Markdown 9590874d device: Update PCIDEVICE_ environment variables for the guest 7b7f426a device: Keep host to VM PCI mapping persistently 0b2bd641 device: Rework update_spec_pci() to update_env_pci() 982f14fa runtime: support QEMU SGX 40aa43f4 docs: Update link to EFK stack docs 54e1faec scripts: fix a typo while to check build_type 07b9d93f virtcontainer: Simplify the sandbox network creation flow 2c7087ff virtcontainers: Make all endpoints Linux only 49d2cde1 virtcontainers: Split network tests into generic and OS specific parts 0269077e virtcontainers: Remove the netlink package dependency from network.go 7fca5792 virtcontainers: Unify Network endpoints management interface c67109a2 virtcontainers: Remove the Network PostAdd method e0b26443 virtcontainers: Define a Network interface 5e119e90 virtcontainers: Rename the Network structure fields and methods b858d0de virtcontainers: Make all Network fields private 49eee79f virtcontainers: Remove the NetworkNamespace structure 844eb619 virtcontainers: Have CreateVM use a Network reference d7b67a7d virtcontainers: Network API cleanups and simplifications 2edea883 virtcontainers: Make the Network structure manage endpoints 8f48e283 virtcontainers: Expand the Network structure 5ef522f7 runtime: check kvm module `sev` correctly 419d8134 snap: update qemu version to 6.1.0 for arm 00722187 docs: update Release-Process.md 496bc10d tools: check for yq before using it 88a70d32 Revert "workflows: Ensure a label change re-triggers the actions" a9bebb31 openshift-ci: switch to CentOS Stream 89047901 kata-deploy-push: only run if PR modifying tools path 7ffe9e51 virtcontainers: Do not add a virtio-rng-ccw device 1f29478b runtime: suppport split firmware 24796d2f kata-deploy: for testing, make sure we use the PR branch 1cc1c8d0 docs: Remove images from Zun documentation 5861e52f docs: Remove Zun documentation with kata containers 903a6a45 versions: Bump critools to its 1.23 release 63eb1158 versions: bump CRI-O to its 1.23 release 5083ae65 workflows: stop checking revert commit 14e7f52a virtcontainers: Split the rootless package into OS specific parts ab447285 kata-monitor: add kubernetes pod metadata labels to metrics 834e199e kata-monitor: drop unused functions 7516a8c5 kata-monitor: rework the sandbox cache sync with the container manager e78d80ea kata-monitor: silently ignore CHMOD events on the sandboxes fs e9eb34ce kata-monitor: improve debug logging 4fc4c76b agent: Fix execute_hook() args error Signed-off-by: Eric Ernst --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 171f1d5b9c..cbc70e35ba 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4.0-alpha2 +2.4.0-rc0