We need to have `yq` installed before we can 'make', as we
now use it for a version check in the build. But, we may not
have golang installed. Add a script that installs `yq` via
curl'ing from the github releases.
This was cloned from the function in the tests repo .ci scripts
that perform the same action.
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
Improve rootfs.sh usage output to have a consistent layout and
documentation of options and environment variables.
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Both of the netmon and proxy should use the right path
figured out from the configure instead of the default settings
to get their versions.
Fixes: #868
Signed-off-by: Fupan Li <lifupan@gmail.com>
Add support for specifying an optional drop-in path for guest OCI hooks.
This is the runtime side for leveraging the agent change introduced in
kata-containers/agent@980023ec62Fixes: #720
Co-authored-by: Edward Guzman <eguzman@nvidia.com>
Co-authored-by: Felix Abecassis <fabecassis@nvidia.com>
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
Include in the release notes the kubernetes version that
has been tested with the release.
Fixes: #235.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
Fixes#344
Add host cgroup support for kata.
This commits only adds cpu.cfs_period and cpu.cfs_quota support.
It will create 3-level hierarchy, take "cpu" cgroup as an example:
```
/sys/fs/cgroup
|---cpu
|---kata
|---<sandbox-id>
|--vcpu
|---<sandbox-id>
```
* `vc` cgroup is common parent for all kata-container sandbox, it won't be removed
after sandbox removed. This cgroup has no limitation.
* `<sandbox-id>` cgroup is the layer for each sandbox, it contains all other qemu
threads except for vcpu threads. In future, we can consider putting all shim
processes and proxy process here. This cgroup has no limitation yet.
* `vcpu` cgroup contains vcpu threads from qemu. Currently cpu quota and period
constraint applies to this cgroup.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
Signed-off-by: Jingxiao Lu <lujingxiao@huawei.com>
Add new vendor library "github.com/containerd/cgroups"
commit: 5017d4e9a9cf2d4381db99eacd9baf84b95bfb14
This library is for host cgroup support for next commit.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
Now that the agent has split the generic types in their own package,
kata-netmon can use them directly and get rid of the duplication of
those. This is very helpful as it will prevent structures from being
out of sync between kata-netmon and the kata-runtime, without bringing
in the huge overhead that the initial grpc package was introducing.
Fixes#857
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Some agent types definition that were generic enough to be reused
everywhere, have been split from the initial grpc package.
This prevents from importing the entire protobuf package through
the grpc one, and prevents binaries such as kata-netmon to stay
in sync with the types definitions.
Fixes#856
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
The Intel GPU support has been enabled in kata runtime, but the
guest kernel of kata container lacks the support of Intel GPU,
so this commit enables it as default in guest kernel.
CONFIG_DRM, CONFIG_DRM_I915 and CONFIG_DRM_I915_USERPTR are necessary.
Others are obtained by running command "make menuconfig" and selecting
the following options.
Device Drivers
---> Graphics support
---> Direct Rendering Manager (XFree86 4.1.0 and higher DRI support)
Device Drivers
---> Graphics support
---> Intel 8xx/9xx/G3x/G4x/HD Graphics
Fixes#232
Signed-off-by: Zhao Xinda <xinda.zhao@intel.com>
Add new CI tests to ensure that the following installation methods are
also tested:
- "Automatic" method ([`kata-manager`](https://github.com/kata-containers/tests/tree/master/cmd/kata-manager))
- "Scripted" method ([`kata-doc-to-script`](https://github.com/kata-containers/tests/blob/master/.ci/kata-doc-to-script.sh))
**Note:** the "Automatic" method is **not** the same as the existing
`kata-manager` test: the existing test executes the "Manual"
installation method (which runs `kata-manager` to execute the
appropriate distro-specific install guide). However, this new test
executes the `install/installing-with-kata-manager.md` document, which
subsequently calls the `kata-manager` script.
Since the "Automatic" and "Scripted" installation methods are designed
to run "standalone" (without requiring any local git repo clones), the
script which runs these new tests has to take care to ensure the
environment they run in is clean. It does this by using the following
approach:
- Removes any local Kata github repos from the standard `GOPATH`
locations (to ensure the scripts do not inadvertently access local
files) [1].
- Creates a temporary directory containing:
- A copy of *itself*.
- The scripts it generated from the "Automatic" and "Scripted" installation documents.
- Re-exec's itself to run the version in the temporary directory,
passing an option that tells itself to simply execute the scripts in
the specified directory.
- It then runs the scripts in the directory specified.
---
[1] - Since the recursive delete of all local Kata github repos is
potentially dangerous, the test will immediately fail if the standard
`KATA_DEV_MODE` variable is set (since this denotes a developer system)
and will also fail unless the standard `CI` variable is set (denoting
the script is running in a Continuous Integration environment, such as
JenkinsCI.
Fixes#278.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Wrap the function calls in the doc test script in a `main()` function to
simplify future changes.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Split out a function to create a container from
`test_distro_install_guide() in the script used to test install docs.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The script used to test the install docs does not actually use the
golang binary (it only uses the `GOPATH` variables) so remove the
unnecessary call to `go`.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Rework the logic in `check_install_docs()` to make the intention
clearer and support adding additional tests.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Rename the `check_install_guides()` function to `check_install_docs()`
and clean up:
- Improve messages.
- Add more braces around variables.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Update the `kata-doc-to-script` install document to actually execute the
generated scripts, allowing the entire installation to be tested by the CI.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Introduce constants for the network model strings, so as to
avoid using the strings directly at multiple places.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Introduce a new mode that uses tc filters to redirect traffic from
the network interface created by the network plugin to a
tap interface that we connect to the VM.
This mode will help support ipvlan as well.
Fixes#144
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Converted the plain code blocks in
`install/installing-with-kata-doc-to-script.md` to bash code blocks so
that they are executable by... `kata-doc-to-script.sh`.
Also, removed the backslashes to let github render scroll bars for
consistency with other docs.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Move to golang version 1.10.4 -- the oldest stable golang release at the
time of writing -- since golang 1.10+ is needed to make namespace
handling safe.
Re-ordered a couple of structs (moved `sync.WaitGroup` fields) to keep
the `maligned` linter happy. Previously:
``
virtcontainers/pkg/mock/cc_proxy_mock.go:24:18⚠️ struct of size 160 could be 152 (maligned)
virtcontainers/monitor.go:15:14⚠️ struct of size 80 could be 72 (maligned)
```
See:
- https://github.com/golang/go/issues/20676
- 2595fe7fb6
Also bumped `languages.golang.meta.newest-version` to golang version
1.11, which is the newest stable release at the time of writing.
Fixes#148.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Updated `externals.cri-containerd.version` in `versions.yaml` to the
newest version that includes the fix for building on golang 1.10.2:
- 8b0d53c09c
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
