In order to provide the right information about the interface that
needs to be added, kata-netmon provisions the new field LinkType of
the Interface structure.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
This commit replaces every place where the "types" package from the
Kata agent was used, with the new "types" package from virtcontainers.
In order to do so, it introduces a few translation functions between
the agent and virtcontainers types, since this is needed by the kata
agent implementation.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Instead of relying on the kata agent to define generic structures,
the logic is to define those as virtcontainers "types" package.
This way, all consumers of those structures, such as kata-runtime,
kata-netmon, and kata-containerd-shim, don't have to import some
dependency from the kata-agent.
Fixes#876
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Build {runtime,netmon} as Position-Independent-Executable (PIE) for improved
security and compliancy with distros packaging guidelines.
Fixes: #875
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Instead of specifying a version for OVMF binary, this patch uses
a tiny script to retrieve the proper URL to download from.
Fixes#289
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
After we scan the netns, we should hotplug the network interface to
the guest after it is kicked off running.
Fixes: #871
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Check that the system golang version is new enough to build with
according to the data from the `versions.yaml` file.
Update the verions in the versions.yaml accordingly, and add a note
describing what the 'newest-version' item represents.
Note, we only do a minimum requirement check, and are not checking
against the 'newest-version' info from the yaml.
Fixes: #148
Inspired-by: Wei Zhang <zhangwei555@huawei.com>
Idea-by: James O. D. Hunt <james.o.hunt@intel.com>
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
Install `yq` before running the tests.
The Makefile now uses `yq` to check the golang version against
the versions file.
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
We need to have `yq` installed before we can 'make', as we
now use it for a version check in the build. But, we may not
have golang installed. Add a script that installs `yq` via
curl'ing from the github releases.
This was cloned from the function in the tests repo .ci scripts
that perform the same action.
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
Improve rootfs.sh usage output to have a consistent layout and
documentation of options and environment variables.
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Both of the netmon and proxy should use the right path
figured out from the configure instead of the default settings
to get their versions.
Fixes: #868
Signed-off-by: Fupan Li <lifupan@gmail.com>
Add support for specifying an optional drop-in path for guest OCI hooks.
This is the runtime side for leveraging the agent change introduced in
kata-containers/agent@980023ec62Fixes: #720
Co-authored-by: Edward Guzman <eguzman@nvidia.com>
Co-authored-by: Felix Abecassis <fabecassis@nvidia.com>
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
Include in the release notes the kubernetes version that
has been tested with the release.
Fixes: #235.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
Fixes#344
Add host cgroup support for kata.
This commits only adds cpu.cfs_period and cpu.cfs_quota support.
It will create 3-level hierarchy, take "cpu" cgroup as an example:
```
/sys/fs/cgroup
|---cpu
|---kata
|---<sandbox-id>
|--vcpu
|---<sandbox-id>
```
* `vc` cgroup is common parent for all kata-container sandbox, it won't be removed
after sandbox removed. This cgroup has no limitation.
* `<sandbox-id>` cgroup is the layer for each sandbox, it contains all other qemu
threads except for vcpu threads. In future, we can consider putting all shim
processes and proxy process here. This cgroup has no limitation yet.
* `vcpu` cgroup contains vcpu threads from qemu. Currently cpu quota and period
constraint applies to this cgroup.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
Signed-off-by: Jingxiao Lu <lujingxiao@huawei.com>
Add new vendor library "github.com/containerd/cgroups"
commit: 5017d4e9a9cf2d4381db99eacd9baf84b95bfb14
This library is for host cgroup support for next commit.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
Now that the agent has split the generic types in their own package,
kata-netmon can use them directly and get rid of the duplication of
those. This is very helpful as it will prevent structures from being
out of sync between kata-netmon and the kata-runtime, without bringing
in the huge overhead that the initial grpc package was introducing.
Fixes#857
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Some agent types definition that were generic enough to be reused
everywhere, have been split from the initial grpc package.
This prevents from importing the entire protobuf package through
the grpc one, and prevents binaries such as kata-netmon to stay
in sync with the types definitions.
Fixes#856
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
The Intel GPU support has been enabled in kata runtime, but the
guest kernel of kata container lacks the support of Intel GPU,
so this commit enables it as default in guest kernel.
CONFIG_DRM, CONFIG_DRM_I915 and CONFIG_DRM_I915_USERPTR are necessary.
Others are obtained by running command "make menuconfig" and selecting
the following options.
Device Drivers
---> Graphics support
---> Direct Rendering Manager (XFree86 4.1.0 and higher DRI support)
Device Drivers
---> Graphics support
---> Intel 8xx/9xx/G3x/G4x/HD Graphics
Fixes#232
Signed-off-by: Zhao Xinda <xinda.zhao@intel.com>
Add new CI tests to ensure that the following installation methods are
also tested:
- "Automatic" method ([`kata-manager`](https://github.com/kata-containers/tests/tree/master/cmd/kata-manager))
- "Scripted" method ([`kata-doc-to-script`](https://github.com/kata-containers/tests/blob/master/.ci/kata-doc-to-script.sh))
**Note:** the "Automatic" method is **not** the same as the existing
`kata-manager` test: the existing test executes the "Manual"
installation method (which runs `kata-manager` to execute the
appropriate distro-specific install guide). However, this new test
executes the `install/installing-with-kata-manager.md` document, which
subsequently calls the `kata-manager` script.
Since the "Automatic" and "Scripted" installation methods are designed
to run "standalone" (without requiring any local git repo clones), the
script which runs these new tests has to take care to ensure the
environment they run in is clean. It does this by using the following
approach:
- Removes any local Kata github repos from the standard `GOPATH`
locations (to ensure the scripts do not inadvertently access local
files) [1].
- Creates a temporary directory containing:
- A copy of *itself*.
- The scripts it generated from the "Automatic" and "Scripted" installation documents.
- Re-exec's itself to run the version in the temporary directory,
passing an option that tells itself to simply execute the scripts in
the specified directory.
- It then runs the scripts in the directory specified.
---
[1] - Since the recursive delete of all local Kata github repos is
potentially dangerous, the test will immediately fail if the standard
`KATA_DEV_MODE` variable is set (since this denotes a developer system)
and will also fail unless the standard `CI` variable is set (denoting
the script is running in a Continuous Integration environment, such as
JenkinsCI.
Fixes#278.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Wrap the function calls in the doc test script in a `main()` function to
simplify future changes.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Split out a function to create a container from
`test_distro_install_guide() in the script used to test install docs.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The script used to test the install docs does not actually use the
golang binary (it only uses the `GOPATH` variables) so remove the
unnecessary call to `go`.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Rework the logic in `check_install_docs()` to make the intention
clearer and support adding additional tests.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Rename the `check_install_guides()` function to `check_install_docs()`
and clean up:
- Improve messages.
- Add more braces around variables.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Update the `kata-doc-to-script` install document to actually execute the
generated scripts, allowing the entire installation to be tested by the CI.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Introduce constants for the network model strings, so as to
avoid using the strings directly at multiple places.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
