PR #2202 changed createSandbox() interface but didn't get a chance
to match with cloud hypervisor change.
Fixes: #2213
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
NEMU deprecation was announced in 1.8 of Kata. Removing from tree.
Thanks for all the fish!
Fixes: #2195
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
For shimv2 case, when hypervisor's debug option set, log out
the firecracker's console output which contains the kernel boot
logs; thus it would be easy for system panic debugging.
When agent debug was enabled by passing "agent.log=debug" to
kernel parameter, it will also log out the agent logs from
the console output.
Fixes: #2201
Signed-off-by: lifupan <lifupan@gmail.com>
Updated to better clarify this configuration option. Currently in QEMU
pre 1.9 release of Kata, vhost-net is used for the virtio-net backend.
This results in efficient network I/O performance, but does rely on the
backend running in ring0 (host kernel). Update comment to clarify this
trade-off for end-users.
Fixes: #2198
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
vhost-net backend is not supported by the Firecracker VMM. It doesn't
make sense to have this in the configuration, and we should explicitly
disable it.
Fixes: #2192
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
firecracker 0.19.0 API is not backward compatible, hence we need
to bump the firecracker minimum supported version to 0.19.0
Signed-off-by: Julio Montes <julio.montes@intel.com>
Prior to the addition of tcMirroring support kata-runtime had
compatibility issues with some CNI plugins some of which were addressed
by the bridged model. With the addition of tc mode there are no gaps in
networking that can be filled by the bridged mode or enlightened mode
(which was never implemented).
Eliminate both of these options to simplify the setup.
Fixes: #1213
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
We do not want to create cgroups in case of rootless.
Fix the logic to implement this.
Fixes#2177
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
FIPS are a set of security standards for encryption algorithms
in user and kernel space among others.
Have Kata support this by starting the VM for a container
in FIPS mode on detecting that the host is running in FIPS mode.
Depends-on: github.com/kata-containers/packaging#788
Fixes#2170
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
cri-tools version was managed in the tests repository, but as
we define here cri-o, containerd and kubernetes versions, it
make sense to have the cri-tools version defined in this repo.
conmon has now to be installed/built separately. So add it
to the list.
Depends-on: github.com/kata-containers/tests#2057
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
Update k8s supported version from 1.15.3 to 1.16.2
and cri-o from 1.15.0 to 1.16.0
Fixes: #2166.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
