- Update kata-deploy to use CRI-O drop-in files
- Update dependencies versions
- fix build kernel shell error when setup with `-f`
- virtcontainers: Fix virtio-fs on s390x
- Runtimeclass updates
- versions: Upgrade to cloud-hypervisor v15.0
- clh: return error if apiSocketPath failed
- runtime: fix dropped error
- agent: Update seccomp configuration for errnoRet and flags
- Fix the issue that sandbox size is not right after update
- docs: Document limitation regarding subpaths
- qemu: kill virtiofsd if failure to start VMM
- runtime/virtcontainers: Fix typo on qmp error msg
- cli: delete not used files
- runtime: delete not used function parameter builtIn
- add io.katacontainers.config.hypervisor.virtio_fs_extra_args handling
- Entropy source annotation
- runtime: Fix stdout/stderr output from container being truncated
- fix the issue of missing set fsGroup for EphemeralStorage
- qemu: Fix assertion failure on shutdown
- Assorted clippy fixes for Rust agent
- agent: use channel instead of pipe(2) to send exit signal of process
- Improve agent shutdown handling
- Enable virtio-fs on s390x
- block: Generate PCI path for virtio-blk devices on clh
- runtime: Disable trace for healthcheck
- agent/rustjail: Fix accidental damage from tokio conversion
- cli: Use genericGetExpectedHostDetails on s390x
- runtime/tests: Change "moo FAILURE" message
- Update the information about the release process
- remove ProcessListContainer API
2047f26f kata-deploy: Adapt CRI-O config to use drop-in files
8de2f914 kata-deploy: Rely on CRIO default's values for manage_ns_lifecycle
ea9936e0 versions: Bump runc to v1.0.0-rc93
9c333b2c versions: Bump CRI-O version to 1.21.x
e33f207b versions: Bump critools version to 1.21.0
8e5df723 versions: Bump kubernetes version to 1.21.0
d15f84c9 versions: Remove Docker entry
516f4ec0 versions: Remove OpenShift entry
be101ac1 versions: Remove CRI-O meta dependencies
1ca6bedf versions: Upgrade to cloud-hypervisor v15.0
906c0df4 kata-deploy: don't update worker pool nodes
3ee61776 virtcontainers: Enable virtio-fs on s390x
8385ff95 runtime: Re-vendor GoVMM
adba4532 virtcontainers: Revert "virtcontainers: Allow s390x appendVhostUserDevice"
ede078bc kata-deploy: aks-test: bump kubernetes/containerd
484af12b kata-deploy: update to handle new runtimeclass path
05c224c3 runtimeclass: add nodeSelector
ee7de8ab tools: fix build kernel shell error
7d5a4252 docs: Document limitation regarding subpaths
36776408 runtime/virtcontainers: Fix typo on qmp error msg
12a65d23 runtimeclass: drop stale runtimeclass definitions
0787ea80 cgroupsCreate: not set resources to c.config.Resources
831224aa Sandbox: Fix ContainerConfig ptr in CreateContainer and createContainers
a57c8ab1 qemu: kill virtiofsd if failure to start VMM
ff2b9e54 cli: delete not used files
0d0a520d clh: return error if apiSocketPath failed
fc6bb01a runtime: fix dropped error
30ff6ee8 runtime: handle io.katacontainers.config.hypervisor.virtio_fs_extra_args
677f0d99 runtime: delete not used function parameter builtIn
dcb9f403 config: Protect annotation for entropy_source
f4c26aad agent: fix the issue of missing set fsGroup for EphemeralStorage
628d55bf kata-agent: fix the issue of fsGroup missing
0405beb2 agent: Remove unused Default implementation for NamespaceType
7b83b7ec agent/uevent: Better initialize Uevent in test
b0190a40 agent: Use vec![] macro rather than init-then-push
1c43245e agent/device: Remove unneeded Result<> wrappers from uev matchers
e41cdb8b agent: Use str::is_empty() method in config::get_string_value()
2377c097 agent: Use CamelCase for NamespaceType values
75eca6d5 agent/rustjail: Clean up error path in execute_hook()s async task
6ce1e56d agent/rustjail: Remove an unnecessary PathBuf
3c4485ec agent/rustjail: Clean up some static definitions with vec! macro
eaec5a6c agent/oci: Change name case to make clippy happy
3f5fdae0 agent/rustjail: (trivial) Clean up comment on process_grpc_to_oci()
210f39a4 agent/rustjail: Simplify renaming imports
d4a54137 runtime: Fix stdout/stderr output from container being truncated
8ecf8e5c agent: use channel instead of pipe to send exit signal of process
81c5ff12 agent: Update seccomp configuration for errnoRet and flags
8a33bd4c qemu: Fix assertion failure on shutdown
7f609113 virtcontainers: Allow s390x appendVhostUserDevice
67ac4f45 runtime: update GoVMM for memory backend support
6577b01a agent/rustjail: Fix accidental damage from tokio conversion
de2631e7 utils: Make WaitLocalProcess safer
9256e590 shutdown: Don't sever console watcher too early
51ab8700 utils: Improve WaitLocalProcess
507ef636 utils: Add waitLocalProcess function
1d5098de agent/block: Generate PCI path for virtio-blk devices on clh
e7c97f0f runtime/tests: Change "moo FAILURE" message
8bc53498 docs: Simplify the repo bumping section
8a47b05a docs: Mention that an app token should be used with hub
d434c2e9 docs: OBS account is not require anymore
543f9da3 runtime: Disable trace for healthcheck
421439c6 API: remove ProcessListContainer/ListProcesses
1366f0fb cli: Use genericGetExpectedHostDetails on s390x
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
By using drop-in file it simplifies the deployment and maintenance of
the CRI-O configurations by a lot, and all versions of CRI-O that should
be used together with the currently supported versions of kubenertes
support the drop-in configuration file.
Depends-on: github.com/kata-containers/kata-containers#1689
Fixes#1781
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
manage_ns_lifecycle (previously known as manage_network_ns_lifecycle)
has its default value as `true` for all CRI-O versions that should be
used with the kubernetes versions that are still supported / didn't
reach their EOL.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
For CRI-O, let's rely on the "release-1.21" branch, as this is the
branch getting backports for the 1.21.x cycle.
Relying on the branch avoids our needs to keep bumping it every now and
then.
Fixes: #1688
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Tested between Kata Containers and OpenShift are already being done via
the OpenShift CI. This entry is only related to the OpenShift 3.x,
which is not tested anymore via our CI in any possible way.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
CRI-O meta dependencies (crictl and openshift) are a left over from the
OCP 3.x era. Currently we don't need those as we have Kata Containers
onboard with the OpenShift CI, and we don't test OCP 3.x in any way
nowadays.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Quotes from the cloud-hypervisor release v15.0:
This release is the first in a new version numbering scheme to represent that
we believe Cloud Hypervisor is maturing and entering a period of stability.
With this new release we are beginning our new stability guarantees.
Other highlights from the latest release include: 1) Network device rate
limiting; 2) Support for runtime control of `virtio-net` guest offload;
3) `--api-socket` supports file descriptor parameter; 4) Bug fixes on
`virtio-pmem`, PCI BARs alignment, `virtio-net`, etc.; 5) Deprecation of
the "LinuxBoot" protocol for ELF and bzImage in the coming release.
Details can be found: https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v15.0
Note: The client code of cloud-hypervisor's OpenAPI is automatically
generated by `openapi-generator` [1-2]. As the API changes do not
impact usages in Kata, no additional changes in kata's runtime are
needed to work with the current version of cloud-hypervisor.
[1] https://github.com/OpenAPITools/openapi-generator
[2] https://github.com/kata-containers/kata-containers/blob/main/src/runtime/virtcontainers/pkg/cloud-hypervisor/README.mdFixes: #1779
Signed-off-by: Bo Chen <chen.bo@intel.com>
Our cluster's life is shorter than time it takes to update nodes; for
better stability of the kata-deploy test, let's not update the nodes.
Signed-off-by: Eric Ernst <eric_ernst@apple.com>
Allow and configure vhost-user-fs devices (virtio-fs) on s390x. As a
consequence, appendVhostUserDevice now takes a context, which affects
its signature for other architectures.
Fixes: #1753
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
This reverts commit 7f60911333.
Patch allowed other vhost user devices besides FS not supported on s390x
and failed to attach a CCW device number, which results in the
inavailability to use more devices after vhost-user-fs-ccw.
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
To ensure we run on nodes which have Kata installed, let's add the
nodeSelector to the runtimeclass definition, and have it match the label
that we applied during installation of the kata artifacts.
Signed-off-by: Eric Ernst <eric_ernst@apple.com>
Build kernel shell setup with -f, don't find patches directory path,
because patches_path is none, so fix this error.
Fixes: #1768
Signed-off-by: zyt312074545 <zyt312074545@hotmail.com>
- 1.13/1.14 are very old now; let's drop
- move from k8s-1.18 to just runtimeclasses directoy
- update docs to reflect the new reality
Fixes: #1425
Signed-off-by: Eric Ernst <eric_ernst@apple.com>
cgroupsCreate will just keep the CPU resources infomation but not the
others.
Set it to c.config.Resources will clean most of resources of the
container.
This commit remove it to handle the issue.
Fixes: #1758
Signed-off-by: Hui Zhu <teawater@antfin.com>
The pointer that send to newContainer in CreateContainer and
createContainers is not the pointer that point to the address in
s.config.Containers.
This commit fix this issue.
Fixes: #1758
Signed-off-by: Hui Zhu <teawater@antfin.com>
If the QEMU VMM fails to launch, we currently fail to kill virtiofsd,
resulting in leftover processes running on the host. Let's make sure we
kill these, and explicitly cleanup the virtiofs socket on the
filesystem.
Ideally we'll migrate QEMU to utilize the same virtiofsd interface that
CLH uses, but let's fix this bug as a first step.
Fixes: #1755
Signed-off-by: Eric Ernst <eric_ernst@apple.com>
Users can specify extra arguments for virtiofsd in a pod spec using the
io.katacontainers.config.hypervisor.virtio_fs_extra_args annontation.
However, this annotation was ignored so far by the runtime. This commit
fixes the issue by processing the annotation value (if present) and
translating it to the corresponding hypervisor configuration item.
Fixes#1523
Signed-off-by: Pavel Mores <pmores@redhat.com>
Parametr builtIn is not used in function updateRuntimeConfigAgent,
delete it from updateRuntimeConfigAgent and LoadConfiguration
function signature.
Fixes: #1731
Signed-off-by: bin <bin@hyper.sh>
