The new alpha release brings in following changes:
1f8e4f67 docs: Update travis and go report card url
db93a163 runtime: remove mock shim
e5910c9b sandbox: Stop and clean up containers that fail to create
1283febd ci: checkout TRAVIS_BRANCH
d7f75dce docs: remove shim/proxy topics and fix docs links
0b3cbee8 virtcontainers: Add additional unit tests for sandbox
c0720179 package: enable cloud-hypervisor for arm64
07a307b4 virtcontainers: Remove duplicate unit tests
d914f018 virtcontainers: Move unit tests for types/sandbox.go
33b1865e actions: Pin to a particular sha for actions
8564c99e actions: Add github actions to perform DCO check
c5081624 actions: Add action to perform WIP check for pull requests
7bbb9e81 rootfs-builder: Don't modify /sbin/init on the build host
3d467505 device: Ease device access for rootfs device to allow node creation
f554cdec virtcontainers: Add to bridges unit test
1d7d944f fc: refactor --daemonize option
7f3e8959 console-watcher: use console watcher to monitor guest console outputs
1099a288 kata 2.0: delete use_vsock option and proxy abstraction
73bf9329 cgroup: fix the issue of crashed when meet unsupported cgroup
ab7afae6 docs: Clarifying minimum version of containerd for annotations
5b15e9ef runtime: consolidate types definition
c6e4d092 agent: sandbox shared pid namespace support
afcf269c rustjail: fix the issue of missing join pid namespace
f3da6900 docs: add link to CRI Configuration for pods
4291eb17 runtime: add monitor_address to .gitignore
1c56abb7 runtime: virtcontainers: vhost-user-blk/scsi are block device nodes
bbf85170 runtime: add pprof interface for shim
0790ca49 runtime: add pod overhead metrics
ae83c96d Modifie to proper CPU architecture name for ppc64le.
f404f4d9 Modified Makefile to pick up correct architecture name for ppc64le.
cdbba6ac agent: Make LIBC configurable
2afbfcab virtcontainers: print a warning when the device to append is not supported
919fc4cd virtcontainer/cgroup: create cgroup manager after creating the network
a134c2e0 virtcontainers/network: Change signature of Enpoint Attach method
9a9721c2 drivers: change BindDevicetoVFIO signature
66219d16 device: support vfio cold plug
3eb694c5 device: add ColdPlug flag
3cf8b470 runtime: delete Stateful from SandboxConfig
069505e2 runtime: delete unused sub-commands.
a0a96db2 runtime: handle unimplemented RPC call by NotFound status code
bd8f03a5 runtime: remove agent abstraction
41c04648 runtime: fix wrong issue links
83b23665 config: there is no need to check vhost-vosck for FC
d96b3063 docs: add metrics design documents for Kata 2.0
b28b850a versions: Revert "versions: update QEMU to 5.0.0"
5ff53037 tools: fix branch and runime repo
24ea3f01 virtcontainers: GetOOMEvent should have no timeout
1b75daa0 runtime: add new command to collect metrics from Kata containers
5200ac06 runtime: remove old store
186fed2a runtime: add implementation of GetMetrics
0c4c69de agent: add GetMetrics implementation
9fd3e48c agent: add new pb message GetMetrics
9c501f3d agent: device: Allow "VmPath" to be used when adding block devices
15af20b6 versions: update QEMU to 5.0.0
a06d01e1 versions: specify rust version
7ae4376b clh: vsock: Use the updated VsockConfig
d8a333b9 versions: Move to cloud-hypervisor v0.8.0
9177d3a3 virtiofsd: Use cache=auto
d66f2192 cli: Fix kata-env output on Power
94fdec4e clh: Allow add virtiofs args and cache options from config
653df674 kata_agent: Add unit tests
6da49a04 clh: Clear the "PCIAddr" field while blk device hotplug
2d6c0731 kata_agent: Pass "VirtPath" with "PCIAddr" of blk devices to agent
56ae2099 kata_agent: Allow to use "VirtPath" as volume source for blk devices
bdd386ba qemu: Fix rtc parameter is not set to qemu
51a6d60a qemu: Remove PMU feature for Power (ppc64le) platform
3ece4130 runtime: clean up shim abstraction
3a17e7aa qemu: Remove pmu limitation in nested virtualization of amd/ppc64le
06571f03 build: Add "pmu=off" to default cpu_features option
115dfa19 annotations: add cpu_features
fa9d619e qemu: add cpu_features option
520295b9 network: Detect and add static ARP entries
117ce4ac clh: remove slow boot debug flags from kernel cmdline
70137962 clh: Remove vsock log port in kernel cmdline
fd5d1394 clh: Improve hypervisor logging
21f83348 clh: Set 'virtio-blk' as the default block device driver
8b5eed70 clh: Enable disk block device hotplug support
883af9c7 agent: set hostname when running as init
899b75f2 agent: fix the issue of missing found right shell
2a8650ba agent-ctl: add Cargo.lock
a8430b37 gitignore: ignore more files
be9ca0d5 qemu: Don't leak file descriptors in case of error
60606647 virtiofsd: Improve logging
7e250f29 shim: exit out of oom polling if unimplemented
9f8d1baa virtcontainers: tests fix, nit fix
d3b3e8be virtcontainers: x86: Support microvm machine type
19833936 virtcontainers: add support for getOOMEvent agent endpoint to sandbox
7c205be2 virtcontainers: add support for getOOMEvent agent endpoint to sandbox
380f07ec proto: update agent protocol
dbc1c30d versions: Remove golangci-lint and gometalinter entries
6e7dd435 qemu: arm64: Set defaultGICVersion to 3 to limit the max vCPU number
93d1f7b4 versions: Misc changes to descriptions
17b3021b qemu: arm64: Don't detect gic version by /proc/interrupts
4cda90ab dax: enable dax on arm64
7a440254 Makefile: add trace-forwarder/agent-ctl missing targets
61e011e8 vc: Version support check is ineffective in createSandbox
ebfbca03 osbuilder: use newest golang
0fd1eb59 Makefile: add default rule
3f8d4b68 trace-forwarder: add Cargo.lock
b68d4e45 shimv2: Removing function as no longer used
f570a2cd shimv2 : Remove workaround for sharedPidNs
b2cc403e build: Improve top-level Makefile
f2a19966 agent: Rename check rule to test
ea1d799f qemu: Only one element of qemuPaths map is relevant
5dffffd4 qemu: Remove useless table from qemuArchBase
97a02131 qemu: Detect and fail a bad machine type earlier
d6e7a58a qemu: Clarify test with bad machine type
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Add additional test cases that cover more asset types and functions to
increase unit test coverage.
Fixes#424
Signed-off-by: Chelsea Mafrica <chelsea.e.mafrica@intel.com>
This PR fixes travis and go report carl url for the runtime README for kata
2.0
Fixes#432
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
Use 'remap' behaviour to deal with multiple devices being shared with
a 9p export.
Fixes the following warning:
```
9p: Multiple devices detected in same VirtFS export, which might lead to file
ID collisions and severe misbehaviours on guest!
You should either use a separate export for each device shared from host or
use virtfs option 'multidevs=remap'!
```
fixes#378
Signed-off-by: Julio Montes <julio.montes@intel.com>
New features that can improve/impact in kata containers:
x86:
VMX features can be enabled/disabled via the "-cpu" flag.
When nested virtualization is enabled with an option like
"-cpu Haswell,+vmx", the set of VMX features will also be constrained to
what was available on the corresponding CPU model.
New "microvm" machine type that has virtio-mmio instead of PCI, and no ACPI
support (so no hotplug too). The new machine type is meant as a baseline
for performance optimizations of QEMU, firmware and guests. While inspired
by Firecracker it is not entirely compatible with it (for example it does
not have Firecracker's userspace IP stack and MicroVM Metadata Service).
Reduce memory footprint when booting uncompressed kernels.
ARM:
We now correctly support more than 256 CPUs when using KVM
The virt board now supports memory hotplugging, when used with a UEFI
guest BIOS and ACPI.
virtio-iommu is now supported with machvirt.
The Cortex-M7 CPU is now supported.
s390:
Using KVM now explicitly requires a host kernel version of at least 3.15
(which includes the 'flic' KVM device). This had been broken since QEMU
2.10 already.
ppc64le:
pseries machine type, now consumes less host resources when running a KVM
guest with XIVE (with a recent enough host kernel). This allows running
more concurrent guests with KVM accelerated XIVE.
NVDIMMs with file backend is now supported and SLOF updated to work with
iommu_platform=on for virtio devices.
Signed-off-by: Julio Montes <julio.montes@intel.com>
A container that is created and added to a sandbox can still fail
the final creation steps. In this case, the container must be stopped
and have its resources cleaned up to prevent leaking sandbox mounts.
Forward port of https://github.com/kata-containers/runtime/pull/2826Fixes#2816
Signed-off-by: Evan Foster <efoster@adobe.com>
Add tests for state change, empty string failures for Volumes and
Sockets. Change two function names to accurately reflect tests.
Signed-off-by: Chelsea Mafrica <chelsea.e.mafrica@intel.com>
Now, cloud-hypervisor is capable to work on arm64. it's time to
enable it in kata for arm64.
as cloud-hypervisor can only use virtio-fs, a new patch should be
applied to kernel for virtiofs and some config should be removed
temporarily.
Fixes: #446
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
Remove tests from virtcontainers/sandbox_test.go which were moved to
virtcontainers/types/sandbox_test.go.
Signed-off-by: Chelsea Mafrica <chelsea.e.mafrica@intel.com>
Move unit tests that were in virtcontainers/sandbox_test.go relating
to Socket, Volume, and SandboxState to types/sandbox_test.go.
Change testSandboxStateTransition function to use SandboxState only
instead of Sandbox from virtcontainers/sandbox.go.
Fixes#435
Signed-off-by: Chelsea Mafrica <chelsea.e.mafrica@intel.com>
Since actions can access the github token, lets use a
particular version of sha rather than using master.
Fixes: #437
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
(cherry picked from commit 57b64f35e0)
Action performs a check to verify PR raised has commits
that are signed-off.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
(cherry picked from commit 1b157e5015)
Use github actions for performing WIP checks on PRs.
The action checks for keywords in subject line
as well labels.
Fixes: #437
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
(cherry picked from commit 0d96145c29)
Don't modify /sbin/init on the build host when using command `AGENT_INIT="yes" ./rootfs.sh centos` to build rootfs.
Fixes: #430
Signed-off-by: liangxianlong <liang.xianlong@zte.com.cn>
For docker in docker scenario, the nested container created
has entry "b *:* m" in the list of devices it is allowed to access
under /sys/fs/cgroup/devices/docker/{ctrid}/devices.list.
This entry was causing issues while starting a nested container
as we were denying "m" access to the rootfs block devices.
With this change we add back "m" access, the container would be
allowed to create a device node for the rootfs device but will
not have read-write access to the created device node.
This fixes the docker in docker use case while still making sure
the container is not allowed read/write access to the rootfs.
Note, this could also be fixed by simply skipping {"Type : "b"}
while creating the device cgroup with libcontainer.
But this seems to be undocumented behaviour at this point,
hence refrained from taking this approach.
Fixes#426
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Add function that creates new bridges to increase unit test coverage
for virtcontainers/types/bridges. Also adds test for address formats.
Fixes#422
Signed-off-by: Chelsea Mafrica <chelsea.e.mafrica@intel.com>
Import new console watcher to monitor guest console outputs, and will be
only effective when we turn on enable_debug option.
Guest console outputs may include guest kernel debug info, agent debug info,
etc.
Fixes: #389
Signed-off-by: Penny Zheng penny.zheng@arm.com
With kata containers moving to 2.0, (hybrid-)vsock will be the only
way to directly communicate between host and agent.
And kata-proxy as additional component to handle the multiplexing on
serial port is also no longer needed.
Cleaning up related unit tests, and also add another mock socket type
`MockHybridVSock` to deal with ttrpc-based hybrid-vsock mock server.
Fixes: #389
Signed-off-by: Penny Zheng penny.zheng@arm.com
Using pod annotations requires a minimum version of v1.3.0 of containerd
to pass annotations down to kata. This is already somewhat mentioned in
the corresponding how-to, however, it can be mis-read as the minimum
version of kata-containers instead of containerd. This can cause
extended and futile troubleshooting on older distributions such as
Ubuntu 16.04 which ship a version of 1.2.x of containerd. This patch
attempts to clarify this.
Fixes: #690
Signed-off-by: Georg Kunz <georg.kunz@est.tech>
We do not need the vc types translation for network data structures.
Just use the protocol buffer definitions.
Fixes: #415
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
