- stable-2.x | backports for 2.0.3
- ci: Fix travis for stable-2.0
- stable-2.0 | kata-deploy: Fix test-kata.sh and do some small cleanups / improvements in the kata-deploy script
- stable-2.0 | build: Only keep one VERSION file
- stable-2.0 | cherry-pick fixes for test-kata-deploy GitHub actions
- stable-2.0 | A bunch of backports fixing documentation
- stable-2.0 | agent-ctl: update ttrpc version
- [backport] versions: Update cloud-hypervisor to release v0.14.1
624ff413 release: Do not git add kata-{deploy,cleanup}.yaml for the tests repo
6bb3f441 agent: update cpuset of container path
4d4aba2e kata-deploy: add runtimeclass that includes pod overhead
5f4f8ff3 release: automatically bump the version of the kata-deploy images
f0d63160 kata-cleanup: Explicitly add tag to the container image
4e868ad9 docs: update dev-guide to include fixes from 1.x
1c70ef54 ci: Fix travis for stable-2.0
55bdd1fc kata-deploy: Adapt regex for testing kata-deploy
6586f3b7 docs: update configuration for passing annotations in conatinerd
f5adc4c1 docs: Remove ubuntu installation guide
a67bdc36 docs: Update snap install guide
67be5583 docs: update how-to-use-k8s-with-cri-containerd-and-kata.md
abfff68d docs: Update CentOS install docs
0466ee04 docs: Update Fedora install docs
6b223194 docs: Remove SLE installation guide
fb01d515 agent-ctl: update ttrpc version
144be145 release: Get rid of "master"
017c7cf2 release: Use sudo to install hub
52c6b073 build: Only keep one VERSION file
e7bdeb49 github: Fix slash-command-action usage
c0ca9f9a github: Revert "github: Remove kata-deploy-test action"
81f38990 github: Remove kata-deploy-test action
e3efcfd4 runtime: Fix the format of the client code of cloud-hypervisor APIs
5a92333f runtime: Format auto-generated client code for cloud-hypervisor API
ec0424e1 versions: Update cloud-hypervisor to release v0.14.1
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
The overhead values may not be perfect, but this is a start, and a good
reference.
Fixes: #580
Signed-off-by: Eric Ernst <eric.g.ernst@gmail.com>
(cherry picked from commit 12582c2f6d)
Let's teach `update-repository-version.sh` to automatically bump the
version of the kata-deploy images to be used within that release, when
running against the `kata-containers` repo.
Fixes: #1665
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 2b5f79d685)
We have the tags explicitly set on kata-deploy, let's do the same for
kata-cleanup.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit f444adb51b)
On commit a649d33 we've started adding the specific version of the image
to be used, in order to ensure people using our content from a tarball
would be relying on the correct image.
However, later on, @bergwolf figured out it had some undesired side
effects, such as
https://github.com/kata-containers/kata-containers/runs/2235812941?check_suite_focus=true
What happens there is that the regular expression used to point the
image to a testing one doesn't take into consideration the $VERSION, and
that breaks the deployment.
Fixes: #1632
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit d43098ec21)
We don't use the "master" branch for anything in
`kata-containers/kata-containers`.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit ca4dccf980)
This doesn't make much difference for the automated process we have in
place, but makes a whole lot of difference for those trying to have the
binaries deployed locally.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit c2197cbf2b)
Instead of having different VERSION files spread accross the project,
let's always use the one in the topsrcdir and remove all the others,
keeping only a synlink to the topsrcdir one.
Fixes: #1579
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 572aff53e8)
The docker script has been removed as part of
62cbaf4de4, but references to it were left
behind in the artifact-list.sh, release/kata-deploy-binaries.sh, and
kata-deploy/Dockerfile.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
There's no more NEMU, for some time already. Considering this, let's
just remove any mention to it as part of our project.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
There's no reason to ship qemu & qemu-virtiofs when the former already
includes vitiofs support (and that's the default for 2.x deployments).
In case we will enable experimental qemu DAX support, we should add a
new target, a "qemu-experimental" target, as Carlos has been working on.
Fixes: #1424
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Let's tag the yet non existent 2.0.2 image, so whoever deploys kata
using kata-deploy from the release tarball is pointed to the correct
image.
Fixes: #1493
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
There's no runtime repo anymore, let's avoid making a reference to it,
which may end up confusing people reading the Release-Process file.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
For Kata Containers 2.x, CRI-O should always be using the
`containerd-shim-kata-v2` binary, and always be configured to use the
"vm" runtime type, developed specifically for the shimv2, instead of the
default "oci" runtime type.
I've taken the liberty to try to simplify the CRI-O script and make it
less error prone. In the future, we can start dropping a configuration
file to /etc/crio/crio.conf.d and just removing it as part of the
cleanup, but that's for the future.
Fixes: #1357
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Factoring those pieces of code to their own functions allows us to
easily re-use them when creating & cleaning up the CRI-O configuration
files, as CRI-O is also affected by the issues that are still opened.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Our list was based on what we used to ship for Kata Containers 1.x, not
even taking into account the shimv2 binary.
Let's update it in order to reflect better what we currently distribute.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
- Install the required protobuf-compiler on Ubuntu
- Install correct libc Rust target (glibc on s390x)
- Do not skip Rust installation on s390x
Fixes: #1266
Signed-off-by: Jakob-Naucke <jakob.naucke@ibm.com>
This directory has been automatically removed as there's no files inside
it, as part of d3c9862059
Let's improve the logic in the scripts to avoid failing in case the
"experimental" dir is not present.
Fixes: #1328
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Installing the built uncompressed vmlinux kernel will not work on s390x,
QEMU will complain:
Linux kernel boot failure: An attempt to boot a vmlinux ELF image
failed.
This image does not contain all parts necessary for starting up. Use
bzImage or arch/s390/boot/compressed/vmlinux instead.
Hence, use that kernel image on s390x.
Fixes: #1264
Signed-off-by: Jakob-Naucke <jakob.naucke@ibm.com>
Include on the terms glossary some words about the agent init as
later on README its explain how the agent can be switched between
systemd and init.
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Changed the user-visible urls to point to the right Kata Containers
files/repositories.
Fixes#234
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
To avoid hitting quota limit on docker.io, this changes the Fedora
and CentOS dockerfiles to pull the image from the projects registries.
Fixes#1324
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
This is not needed for Fedora, RHEL, and CentOS, but it is required when
using any other host OS. Having --security-opt apparmor=unconfined used
unconditionally is a no go as it'd break podman.
The reason this was only added when building for SUSE (as target distro)
was because debian and ubuntu condition would fall-through the switch to
the suse case (which makes me think that the fall-through was not
accidental).
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Falling through the switch cases in docker_extra_args() looks like a
typo and causes issues when building with podman, as `--security-opt
apparmor=unconfinded" shouldn't be passed if Apparmor is no enable on
the system.
Fixes: #1241
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Improve Kata Containers memory footprint by reducing debian
image size.
Without this change:
Debian image -> 256MB
With this change:
Debian image -> 128MB
Note: this change *will not* impact ubuntu image.
fixes#1188
Signed-off-by: Julio Montes <julio.montes@intel.com>
Moved the qemu/apply_patches.sh to the common scripts directory and
refactor it so that it can be used as a generic and consistent way
to apply patches.
Fixes#1014
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
It is used a temporary container to pull the QEMU tarball out
of the build image, but this container is never deleted. This
will ensure it gets deleted after its execution.
Fixes#1168
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Currently QEMU is built inside the container, its tarball pulled to
the host, files removed then packaged again. Instead, let's run all
those steps inside the container and the resulting tarball will
be the final version. For that end, it is introduced the
qemu-build-post.sh script which will remove the uneeded files and
create the tarball.
The patterns for directories on qemu.blacklist had to be changed
to work properly with `find -path`.
Fixes#1168
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
The dockerfiles used to build qemu and qemu-virtiofs have the QEMU destination
path hardcoded, which in turn is also on the build scripts. This refactor
the dockerfiles to add the QEMU_DESTDIR argument, which value is passed by the scripts.
Fixes#1168
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Define `before_starting_container` and `after_stopping_container`
functions, these functions run before and after the container that
builds the rootfs respectively.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Otherwise `make install` run from the top directory would just fail as
the target is not defined.
Fixes: #1149
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
For experimental-virtiofs, we use it to test virtiofs with DAX. Let's
rename its virtiofsd to virtiofsd-dax.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
