Now that we have been moved the CI to ubuntu 18.04, we need to update the
README.
Fixes#1300
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
Adds uscan key/values for all items with a Version field that are pulled
from a repo with version info (such as github) so we can perform
automated upstream version update checks.
Fixes: #1250
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
run all CI test to increase testing coverage on kernel config changes.
Fixes: #346
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
We want to make sure Kata runs on latest stable kernels so that it
benefits from the latest features.
Fixes: #358
Signed-off-by: Nitesh Konkar <niteshkonkar@in.ibm.com>
We have 7 types of endpoints, but forget ipvlan in unmarshal funciton.
So add it and refactor for cyclomatic complexity reason.
Fixes#1254
Signed-off-by: Ruidong Cao <caoruidong@huawei.com>
snap-build scripts were used to cross-build snap images in local environments.
Currently we are using launchpad to build and release the snaps, hence those
old scripts are no more needed.
fixes#350
Signed-off-by: Julio Montes <julio.montes@intel.com>
sandbox cgroup use V1NoConstraints, this only create memory subsystem,
but when delete, load parent cgroup always use `cgroups.V1`, so other
subsystem path can not be find, sandbox cgroup can not be deleted.
Fixes: #1263
Signed-off-by: Ace-Tang <aceapril@126.com>
we add the rough kernel config v4.19.23 for arm64, here we let
'make oldconfig'(setting default) to do the transformation from
v4.14.X to v4.19.X.
Fixes: #337
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
We need to bump the kernel version from 4.14.67 to 4.19.24 in order
to follow the recent kernel config bump.
Fixes#618Fixes#1029
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Commit affd6e3216 ("devices: add reference
count for devices.") introduced an attach count for devices. The
vhost-user-blk device increments the counter instead of decrementing it
when detaching.
Fixes: #1259
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Sometimes qemu/qmp commands error out and VM files
get left behind on the host filesystem. Clen them up
irrespective of `stopSandbox` succeeds or fails.
Fixes: #1246
Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com
container is killed by force, container's state MUST change its state to stop
immediately to avoid leaving it in a bad state.
fixes#1088
Signed-off-by: Julio Montes <julio.montes@intel.com>
All containers run in different cgroups even the sandbox, with this new
implementation the sandbox cpu cgroup wil be equal to the sum of all its
containers and the hypervisor process will be placed there impacting to the
containers running in the sandbox (VM). The default number of vcpus is
used when the sandbox has no constraints. For example, if default_vcpus
is 2, then quota will be 200000 and period 100000.
**c-ray test**
http://www.futuretech.blinkenlights.nl/c-ray.html
```
+=============================================+
| | 6 threads 6cpus | 1 thread 1 cpu |
+=============================================+
| current | 40 seconds | 122 seconds |
+==============================================
| new | 37 seconds | 124 seconds |
+==============================================
```
current = current cgroups implementation
new = new cgroups implementation
**workload**
```yaml
apiVersion: v1
kind: Pod
metadata:
name: c-ray
annotations:
io.kubernetes.cri.untrusted-workload: "true"
spec:
restartPolicy: Never
containers:
- name: c-ray-1
image: docker.io/devimc/c-ray:latest
imagePullPolicy: IfNotPresent
args: ["-t", "6", "-s", "1600x1200", "-r", "8", "-i",
"/c-ray-1.1/sphfract", "-o", "/tmp/output.ppm"]
resources:
limits:
cpu: 6
- name: c-ray-2
image: docker.io/devimc/c-ray:latest
imagePullPolicy: IfNotPresent
args: ["-t", "1", "-s", "1600x1200", "-r", "8", "-i",
"/c-ray-1.1/sphfract", "-o", "/tmp/output.ppm"]
resources:
limits:
cpu: 1
```
fixes#1153
Signed-off-by: Julio Montes <julio.montes@intel.com>
cpu cgroups are container's specific hence all containers even the sandbox
should be able o create, delete and update their cgroups. The cgroup crated
matches with the cgroup path passed by the containers manager.
fixes#1117fixes#1118fixes#1021
Signed-off-by: Julio Montes <julio.montes@intel.com>
When a container does not exist, runc does not fail. Lets mimic this
behavior, sometimes kuberentes will try to force delete containers that
could not be created and gets confused if delete --force fails.
Fixes: #1219
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
kata-deploy inserts 'manage_network_ns_lifecycle' into crio.conf without any
prior checks and if there is a previous entry in the file, this becomes a
duplicate causing crio service restart issues. This patch addresses that
particular scenario.
Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
Docker 18.09 removed devicemapper support but did not provide an
alternative. This can cause problems for users so update the install
docs to install Docker at version 18.06 (the last version that supports
devicemapper).
This is a temporary solution until either docker provide an alternative
or we find a way to work around the Docker feature being removed.
Note the extra logic required for Fedora since 18.06 is not available
for that release.
Fixes#373.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The `arch(1)` command is not available on some systems so use the
`uname(1)` command for the equivalent functionality.
Fixes#150.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
$ dep ensure
error while parsing /home/teawater/gopath/src/github.com/kata-containers/runtime/Gopkg.lock: Unable to parse the lock as TOML: (697, 6): missing comma
Add missing comma to Gopkg.lock and dep ensure to handle the issue.
Fixes: #1241
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Update:
- k8s to version 1.13.3
- cri-o to version 1.13.0
- containerd to version 1.2.4, which
according to its release notes, uses
cri plugin version da0c016c830b2ea97fd1d737c49a568a816bf964
Fixes: #1238.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>