The general Trace() function accepts one map as a set of tags. Modify it
to accept multiple sets of tags so that additional ones can be added at
Trace() and not as a subsequent call.
Additionally, we should not iterate over the maps unless tracing tracing
is enabled.
Fixes#2512
Signed-off-by: Chelsea Mafrica <chelsea.e.mafrica@intel.com>
Tracing tags are stored inconsistently throughout the runtime. Change
all instances of tracing tags to variables.
Fixes#2512
Signed-off-by: Chelsea Mafrica <chelsea.e.mafrica@intel.com>
The client code (and APIs) for Cloud Hypervisor has been changed
dramatically due to the upgrade to `openapi-generator` v5.2.1. This
patch migrate the Cloud Hypervisor driver in the kata-runtime to use
those updated APIs.
The main change from the client code is that it now uses "pointer" type
to represent "optional" attributes from the input openapi specification
file.
Signed-off-by: Bo Chen <chen.bo@intel.com>
The script runs apt sync at some point which scans all possible fds
in order to close them. The operation is incredibly slow on VMs
and may lead to build timeouts.
Fix it by limiting the container runtime fds to a sane limit.
Fixes: #2510
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Once the ${ROOTFS_DIR} is created, the tool can't run the second
time since the directory is populated and the debootstrap tool
will fail.
Fix by deleting the contents of ${ROOTFS_DIR} if the directory exists.
Note that running make clean will also allow the re-run, it
is only an optimization for some cases the build fails in the middle.
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Let the DISTRO variable to be set from outside,
allowing "sudo -E DISTRO=<ANY> make clean" to delete the correct files.
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
the katatestutils GoDoc url stilled using the kata 1.x branch url. This PR fixed the
url from kata-containers/runtime/pkg/katatestutils to
kata-containers/kata-containers/src/runtime/pkg/katatestutils
Fixes: #2500
Signed-off-by: wangyongchao.bj <wangyongchao.bj@inspur.com>
Remove the `Kata Containers with Firecracker` additional configuration steps.
From kata 2.x, the config of `firecracker` is same to `qemu` and `cloud-hypervisor`.
Fixes: #2492
Signed-off-by: wangyongchao.bj <wangyongchao.bj@inspur.com>
update cri plugin source path to containerd pkg in the
how-to-use-k8s-with-cri-containerd-and-kata.md file. The cri project was moved to containerd project pkg directory.
Fixes: #2490
Signed-off-by: wangyongchao.bj <wangyongchao.bj@inspur.com>
To improve the quality and correctness of the auto-generated code, this
patch upgrade the `openapi-generator` to its latest stable release
v5.2.1.
Fixes: #2487
Signed-off-by: Bo Chen <chen.bo@intel.com>
In order to avoid hit the pull requests limit of docker.io, this changed the
openshift-ci/images/Dockerfile.buildroot dockerfile to pull the centos image
from registry.centos.org.
Fixes#1636
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Generate `config-generated.go` file under src/runtime/cli/containerd-shim-kata-v2 before excuting test or coverage.
Fixes#2479
Signed-off-by: Binbin Zhang <binbin36520@gmail.com>
- use CRI in kata-monitor
- config: Enable jailer by default when using firecracker
- workflows: Actually push the release to quay.io
- docs: update general wording for installation documentation
- Cleanup kernel packaging
- tracing: Return context in runHooks() span creation
- osbuilder: Document no Alpine support on s390x
- osbuilder: Upgrade Ubuntu guest to 20.04
- agent: watcher / inotify stability fixes
- enable snap build for arm64
- agent: Fix cargo 1.54 clippy warning
- osbuilder: Drop Go agent support
- kernel: PTP_KVM support for arm/arm64 in Kata
- docs: update the docs project url from kata 1.x to 2.x
- clh: correct cloud-hypervisor installation on non-x86
- virtcontainers: fc: properly remove jailed block device
- CI: Call agent shutdown test
- kata deploy: always update the base image
- docs: Remove kata-proxy and invalid script reference
- workflows: Actually login to quay.io
- kata-deploy: Update our content to use / point to quay.io/kata-containers rather than katadocker
- agent: Create the process CWD when it does not exist
- Update Kata to allow it to use Qemu 6.1
- osbuilder/dracut: Add missing libraries
- osbuilder: pass env OS_VERSION
- tools: shorten directory path
- virtcontainers: clh: Do not use the default HTTP client
- docs: update kata deploy README doc to add cloud-hypervisor test command
- Container: Add initConfigResourcesMemory and call it in newContainer
- qemu/arm: remove nvdimm/"ReadOnly" option on arm64
- Fix issue container start fail if io.katacontainers.container.resource.swap_in_bytes and memory_limit_in_bytes are not set
- docs: Add tracing proposals doc
- docs: Remove table of contents
- static-checks: Check for the `force-skip-ci` label on each step
- docs: update the kata release url in the kata deploy document
- kata-deploy: Allow build kata-deploy tarball from HEAD
- mod: unify runc and containerd dependencies
- how-to-use-virtio-mem-with-kata.md: Remove undefined ${REPORT_DIR}
- ci: Run static checks when PRs are updated
- docs: update url for log parser in how-to-import-kata-logs-with-fluen…
- versions: Upgrade to Cloud Hypervisor v17.0
- snap: Substitute image configuration with initrd
- docs: Update url for log parser in Developer guide
- mount: fix the issue of missing check file exists
- build(deps): bump github.com/containerd/containerd from 1.5.2 to 1.5.4 in /src/runtime
- docs: Update experimental documentation
- snap: do not export agent version
- Upgrade runc to 1.0.1
- runtime: read-only NVDIMM
- osbuilder/scripts: add support to yq version 4 and above
- osbuilder: update centos arm rootfs image config 'GPG_KEY_ARCH_URL'
- monitor: mv the monitor socket into sbs directory
- fix govet fieldalignment
- docs: added a glossary to support SEO tactics
- ci: expand $CI to nothing
- Add swap support
- snap: fixed snap aarch64 qemu patches dir in snapcraft.yaml file
- agent: clear MsFlags if the option has clear flag set
- snap: Remove QEMU before clone
- docs: fix minikube installation guide runtimeclasses error
- docs: fixed kata-deploy path for kata logs with fluentd doc
- agent/agent-ctl: update tokio to 1.8.1
- ci: set -o nounset
- static-checks: Add a make target to run static-checks locally
- virtiofsd: fix the issue of missing stop virtiofsd
- docs: Update containerd configuration format
- osbuilder: Skip installing golang for building rootfs
- agent-ctl: Use a common Makefile style like other components
- vsock-exporter: switch to tokio runtime
- config: Fix description for OCI hooks
- shimv2: fix the issue of kata-runtime exec failed
7a5ffd4a config: Enable jailer by default when using firecracker
2cb7b513 docs: update general wording for installation documentation
76f4588f workflows: Actually push the release to quay.io
b980c62f packaging/kernel: Update kernel build doc
99e9a6ad packaging/kernel: Update versions.yaml kernel urls
c23ffef4 packaging/kernel: Remove old Jenkins pipeline
9586d482 tracing: Return context in runHooks() span creation
6a6dee7c osbuilder: Document no Alpine support on s390x
71f304ce agent: watcher: cleanup mount if needed when container is removed
f1a505db agent: Temporarily allow unknown linters
961aaff0 agent: watcher: fixes to make more robust
7effbdeb osbuilder: Upgrade Ubuntu guest to 20.04
99ab91df docs: update the docs project url from kata 1.x to 2.x
4fe23b19 kernel: PTP_KVM support for arm/arm64 in Kata
f981fc64 clh: correct cloud-hypervisor installation
f87cee9d kata-deploy: Rely directly on a centos:7 image
6871aeaa snap: enable snap build for arm64
15e0a3c8 kata-deploy: Remove unneeded yum cached files
d01aebeb kata-deploy: Ensure the system is up-to-date
77160e59 workflows: Actually login to quay.io
b9e03a1c docs: update the image repository to quay.io
f47cad3d tools: Update the image repository to quay.io
9fa1febf workflows: Also push the image to quay.io
233b53c0 agent: Fix cargo 1.54 clippy warning
2d8386ea kata-monitor: add few unit tests
8714a350 kata-monitor: make code to identify kata pods simpler
68a6f011 kata-monitor: drop the runtime info from the sandbox cache
97dcc5f7 kata-monitor: drop getMonitorAddress()
0b03d97d vendor: update vendors for kata-monitor
c2f03e89 kata-monitor: talk to the container engine via the CRI
c867d1e0 osbuilder: Drop Go agent support
1d25d7d4 docs: Remove kata-proxy and binaries reference
64dd35ba virtcontainers: fc: properly remove jailed block device
b8133a18 osbuilder/dracut: Add missing libraries
831c2fee packaging: Remove reference to sheepdog driver
2e28b714 packaging: Drop support for qemu < 5.0
d5f85698 vendor: Update govmm
31650956 runtime/qemu: Use explicit "on" for kernel_irqchip parameter
a72b0811 osbuilder: pass env OS_VERSION
d007bb85 kata-deploy: shorten directory path
e6408fe6 Container: Add initConfigResourcesMemory and call it in newContainer
49083bfa agent: Create the process CWD when it does not exist
ee90affc newContainer: Initialize c.config.Resources.Memory if it is nil
767a41ce updateResources: Log result after calculateSandboxMemory
760ec4e5 virtcontainers: clh: Do not use the default HTTP client
3fe6695b static-checks: Check for the `force-skip-ci` label on each step
7df56301 CI: Call agent shutdown test
57b696a5 docs: Removed mention of 1.x
4f0726bc docs: Remove table of contents
f186c5e2 docs: Fix invalid URLs
7c610a6f docs: Fix shell code
80afba15 docs: update kata deploy README doc to add cloud-hypervisor test command
5a0d3c4f docs: update the kata release url in the kata deploy document
9514dda5 mod: unity containerd dependency
6ffe37b9 mod: unify runc dependency
5b514177 docs: Add tracing proposals doc
b53e8405 how-to-use-virtio-mem-with-kata.md: Remove undefined ${REPORT_DIR}
5957bc7d ci: Run static checks when PRs are updated
81e6bf6f kata-deploy: Split shimv2 build in a separate container.
d46ae324 kernel: build: Add container build
b789a935 actions: release: Use new kata-deploy scripts.
85987c6d kata-deploy: Add Makefile
b9d2eea3 kata-deploy: Add script to merge kata tarballs.
4895747f Rootfs: Add curl to alpine rootfs builder.
fc90bb53 Actions: Add new workflow to create static tarballs
bbb06c49 actions: Remove scripts from actions directory.
2f9859ab build: Reuse firecracker directory on builds.
3533a5b6 Packaging: stop using GOPATH for yq.
0c5ded4b kata-deploy: build kata only with docker in host
2ec31093 docs: update url for log parser in how-to-import-kata-logs-with-fluentd.md
cc0bb9ae versions: Upgrade to Cloud Hypervisor v17.0
8e9ffe6f snap: Substitute image configuration with initrd
8b15eafa docs: Update url for log parser in Developer guide
77604de8 qemu/arm: remove nvdimm/"ReadOnly" option on arm64
4fbae549 docs: Update experimental documentation
07f7ad9d build(deps): bump github.com/containerd/containerd in /src/runtime
9c0b8a7f snap: do not export agent version
3727caf7 versions: Update runc to 1.0.1
116c29c8 cgroups: manager's Set() now takes Resources as its parameter
c0f801c0 rootless: RunningInUserNS() is now part of userns namespace
b5293c52 runtime: update runc dependency to 1.0.1
2859600a runtime: virtcontainers: make rootfs image read-only
8befb1f3 kata-deploy: Refactor builder options.
7125f5d8 image-builder: Allow build image and initrd independently.
0f8c0dbc osbuilder/scripts: add support to yq version 4 and above
070590fb vendor: update govmm
b4c45df8 runtime: tools/packaging/cmd/kata-pkgsync: fix govet fieldalignment
aec53090 runtime: virtcontainers/utils: fix govet fieldalignment
1e4f7faa runtime: virtcontainers/types: fix govet fieldalignment
bb9495c0 runtime: virtcontainers/pkg: fix govet fieldalignment
80ab91ac runtime: virtcontainers/persist: fix govet fieldalignment
54bdd018 runtime: virtcontainers/factory: fix govet fieldalignment
dd58de36 runtime: virtcontainers/device: fix govet fieldalignment
47d95dc1 runtime: virtcontainers: fix govet fieldalignment
8ca7a7c5 runtime: netmon: fix govet fieldalignment
31de8eb7 runtime: pkg: fix govet fieldalignment
2b80091e runtime: containerd-shim-v2: fix govet fieldalignment
0dc59df6 runtime: cli: fix govet fieldalignment
c1042523 ci: expand $CI to nothing
add480ed monitor: mv the monitor socket into sbs directory
f7c6f170 docs: added a glossary to support SEO tactics
a8649acf snap: fixed snap aarch64 qemu patches dir in snapcraft.yaml file
38826194 osbuilder: update centos arm rootfs image config 'GPG_KEY_ARCH_URL'
c5fdc0db docs: fix minikube installation guide runtimeclasses error
f2ef25c6 docs: fixed kata-deploy path for kata logs with fluentd doc
cb6b7667 runtime: Add option "enable_guest_swap" to config hypervisor.qemu
a733f537 runtime: newContainer: Handle the annotations of SWAP
2c835b60 ContainerConfig: Set ocispec.Annotations to containerConfig.Annotations
243d4b86 runtime: Sandbox: Add addSwap and removeSwap
e1b91986 runtime: Update golang proto code for AddSwap
4f066db8 agent: agent.proto: Add AddSwap
4f23b8cd ci: set -o nounset
35cbc93d agent: clear MsFlags if the option has clear flag set
ff87da72 config: Fix description for OCI hooks
8e0daf67 shimv2: fix the issue of kata-runtime exec failed
b12b21f3 osbuilder: Skip installing golang for building rootfs
558f1be6 snap: Remove QEMU before clone
5371b921 mount: fix the issue of missing check file exists
27b299b2 agent-ctl: Use a common Makefile style like other components
05084699 agent-ctl: bump to latest tokio
acf69328 agent: update tokio to 1.8.1
dcd29867 static-checks: Call the static-checks make target
afd97850 makefile: Add static-checks target
34828df9 virtiofsd: fix the issue of missing stop virtiofsd
73d3798c vsock-exporter: switch to tokio runtime
7960689e tracing: replace SimpleSpanProcessor with BatchSpanProcessor
e887b39e docs: Update containerd configuration format
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Now that we have enabled CI tests for jailed firecracker and we have
fixed the issue with removing the block storage device #2387, we
should leverage the full power of firecracker and enable jailer by
default.
Fixes: #2455
Signed-off-by: Jack Rieck <jack.rieck@sendgrid.com>
Remove duplicated information, reduce text separation, and rewrite notes
to be more clear and concise.
Fixes: #2449
Signed-off-by: Joao Vanzuita <joaovanzuita@me.com>
As quay.io is becoming our de-facto image registry, let's actually push
the kata-deploy release to it. This commit should've been part of
9fa1febfd9 but ended up slipping out.
Fixes: #2306
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
The call to Trace() in runHooks() should return a context so that
subsequent calls to runHook() produce properly ordered trace spans.
Fixes#2423
Signed-off-by: Chelsea Mafrica <chelsea.e.mafrica@intel.com>
Alpine used to work as guest under 1.x, but because there is no musl
target for Rust on s390x, Alpine will not work for 2.x. Document this.
Fixes: #2436
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
inotify/watchable-mount changes...
- Allow up to 16 files. It isn't that uncommon to have 3 files in a secret.
In Kubernetes, this results in 9 files in the mount (the presented files,
which are symlinks to the latest files, which are symlinks to actual files
which are in a seperate hidden directoy on the mount). Bumping from eight to 16 will
help ensure we can support "most" secret/tokens, and is still a pretty
small number to scan...
- Now we will only replace the watched storage with a bindmount if we observe
that there are too many files or if its too large. Since the scanning/updating is racy,
we should expect that we'll occassionally run into errors (ie, a file
deleted between scan / update). Rather than stopping and making a bind
mount, continue updating, as the changes will be updated the next time
check is called for that entry (every 2 seconds today).
To facilitate the 'oversized' handling, we create specific errors for too large
or too many files, and handle these specific errors when scanning the storage entry.
- When handling an oversided mount, do not remove the prior files -- we'll just
overwrite them with the bindmount. This'll help avoid the files
disappearing from the user, avoid racy cleanup and simplifies the flow.
Similarly, only mark it as a non-watched storage device after the
bindmount is created successfully.
- When creating bind mount, make sure destination exists. If we hadn't
had a successful scan before, this wouldn't exist and the mount would
fail. Update logic and unit test to cover this.
- In several spots, we were returning when there was an error (both in
scan and update). For update case, let's just log an warning and continue;
since the scan/update is racy, we should expect that we'll have
transient errors which should resolve the next time the watcher runs.
Fixes: #2402
Signed-off-by: Eric Ernst <eric_ernst@apple.com>
