github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-31 16:36:38 +00:00
Code Issues Projects Releases Wiki Activity
14,948 Commits 40 Branches 137 Tags
9105c1fa0c38cef11533d35afc60d3d0501e05bd
Commit Graph

14948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Saul Paredes
9105c1fa0c policy: add constants to rules.rego 
Reuse constants where applicable

Signed-off-by: Saul Paredes <saulparedes@microsoft.com>
 2024-12-02 08:28:58 -08:00
Hyounggyu Choi
6f4f94a9f0 Merge pull request #10595 from BbolroC/add-zvsi-devmapper-to-gatekeeper-required-jobs 
gatekeeper: add run-k8s-tests-on-zvsi(devmapper) to required jobs
 2024-12-02 15:28:14 +01:00
Hyounggyu Choi
de3452f8e1 gatekeeper: add run-k8s-tests-on-zvsi(devmapper) to required jobs 
As the following CI job has been marked as required:

- kata-containers-ci-on-push / run-k8s-tests-on-zvsi / run-k8s-tests (devmapper, qemu, kubeadm)

we need to add it to the gatekeeper's required job list.

Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
 2024-11-28 12:46:47 +01:00
Fabiano Fidêncio
bdf10e651a Merge pull request #10597 from kata-containers/topic/unbreak-ci-3rd-time-s-a-charm 
Unbreak the CI, 3rd attempt
 2024-11-28 12:36:09 +01:00
Fabiano Fidêncio
92b8091f62 Revert "ci: unbreak: Reallow no-op builds" 
This reverts commit 559018554b.

As we've noticed that this is causing issues with initrd builds in the
CI.

Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
 2024-11-28 12:02:40 +01:00
Fabiano Fidêncio
ca2098f828 build: Allow dummy builds (for when adding a new target) 
This will help us to simply allow a new dummy build whenever a new
component is added.

As long as the format `$(call DUMMY,$@)` is followed, we should be good
to go without taking the risk of breaking the CI.

Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
 2024-11-28 11:13:24 +01:00
Fabiano Fidêncio
f9930971a2 Merge pull request #10594 from sprt/sprt/unbreak-ci-noop-build 
ci: unbreak: Reallow no-op builds
 2024-11-28 07:38:25 +01:00
Aurélien Bombo
559018554b ci: unbreak: Reallow no-op builds 
#9838 previously modified the static build so as not to repeatedly
copy the same assets on each matrix iteration:

https://github.com/kata-containers/kata-containers/pull/9838#issuecomment-2169299202

However, that implementation breaks specifiying no-op/WIP build targets
such as done in e43c59a. Such no-op builds have been a historical of the
project requirement because of a GHA limitation. The breakage is due to
no-op builds not generating a tar file corresponding to the asset:

https://github.com/kata-containers/kata-containers/actions/runs/12059743390/job/33628926474?pr=10592

To address this breakage, we revert to the `cp -r` implementation and
add the `--no-clobber` flag to still preserve the current behavior. Note
that `-r` will also create the destination directory if it doesn't
exist.

Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
 2024-11-27 18:40:29 -06:00
Fabiano Fidêncio
9699c7ed06 Merge pull request #10589 from kata-containers/sprt/fix-csi-publish 
gha: Unbreak CI and work around workflow limit
 2024-11-27 23:52:55 +01:00
Aurélien Bombo
eac197d3b7 Merge pull request #10564 from microsoft/danmihai1/clh-endpoint-type 
runtime: clh: addNet() logging clean-up
 2024-11-27 14:44:14 -06:00
Aurélien Bombo
7f659f3d63 gha: Unbreak CI and work around workflow limit 
#10561 inadvertently broke the CI by going over the limit of
20 reusable workflows:

https://github.com/kata-containers/kata-containers/actions/runs/12054648658/workflow

This commit fixes that by inlining the job.

Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
 2024-11-27 12:23:15 -06:00
Aurélien Bombo
16a91fccbe Merge pull request #10561 from sprt/csi-driver-ci 
coco: ci: Lay groundwork for compiling and publishing CSI driver image [1/x]
 2024-11-27 10:26:45 -06:00
Fabiano Fidêncio
175fe8bc66 Merge pull request #10585 from fidencio/topic/kata-deploy-use-drop-in-containerd-config-whenever-it-is-possible 
kata-deploy: Use drop-in files whenever it's possible
 2024-11-27 16:36:18 +01:00
Steve Horsman
6bb00d9a1d Merge pull request #10583 from squarti/agent-startup-cdh-client 
agent: fix startup when guest_components_procs is set to none
 2024-11-27 11:43:07 +00:00
Fabiano Fidêncio
500508a592 kata-deploy: Use drop-in files whenever it's possible 
This will make our lives considerably easier when it comes to cleaning
up content added, while it's also a groundwork needed for having
multiple installations running in parallel.

Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
 2024-11-27 12:27:08 +01:00
Steve Horsman
3240f8a4b8 Merge pull request #10586 from stevenhorsman/delete-rootfs-binary-assets-after-rootfs-build 
workflows: Remove rootfs binary artifacts
 2024-11-27 10:03:20 +00:00
Fabiano Fidêncio
c472fe1924 Merge pull request #10584 from fidencio/topic/kata-deploy-prepare-for-containerd-config-version-3 
kata-deploy: Support containerd configuration version 3
 2024-11-26 18:44:56 +01:00
stevenhorsman
3e5d360185 workflows: Remove rootfs binary artifacts 
We need the publish certain artefacts for the rootfs,
like the agent, guest-components, pause bundle etc
as they are consumed in the `build-asset-rootfs` step.
However after this point they aren't needed and probably
shouldn't be included in the overall kata tarball, so delete
them once they aren't needed any more to avoid them
being included.

Fixes: #10575
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
 2024-11-26 15:24:20 +00:00
Fabiano Fidêncio
6f70ab9169 kata-deploy: Adapt how the containerd version is checked for k0s 
Let's actually mount the whole /etc/k0s as /etc/containerd, so we can
easily access the containerd configuration file which has the version in
it, allowing us to parse it instead of just making a guess based on
kubernetes distro being used.

Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
 2024-11-26 16:15:11 +01:00
Silenio Quarti
1230bc77f2 agent: fix startup when guest_components_procs is set to none 
This PR ensures that OCICRYPT_CONFIG_PATH file is initialized only
when CDH socket exists. This prevents startup error if attestation
binaries are not installed in PodVM.

Fixes: https://github.com/kata-containers/kata-containers/issues/10568

Signed-off-by: Silenio Quarti <silenio_quarti@ca.ibm.com>
 2024-11-26 09:57:04 -05:00
Fabiano Fidêncio
f5a9aaa100 kata-deploy: Support containerd config version 3 
On Ubuntu 24.04, with the distro default containerd, we're already
getting:
```
$ containerd config default | grep "version = "
version = 3
```

With that in mind, let's make sure that we're ready to support this from
the next release.

Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
 2024-11-26 14:01:50 +01:00
Fupan Li
28166c8a32 Merge pull request #10577 from Apokleos/fix-vfiodev-name 
runtime-rs: fix vfio device name combination issue
 2024-11-26 09:35:45 +08:00
Dan Mihai
d93900c128 Merge pull request #10543 from microsoft/danmihai1/regorus-warning 
genpolicy: avoid regorus warning
 2024-11-25 16:47:33 -08:00
Zvonko Kaiser
1b10e82559 Merge pull request #10516 from zvonkok/kata-agent-cdi 
ci: Fix error on self-hosted machines
 2024-11-25 18:49:37 -05:00
Ryan Savino
e46d24184a Merge pull request #10386 from kimullaa/fix-build-error-when-using-sev-snp 
docs: Fix several build failures  when I tried the procedures in "Kata Containers with AMD SEV-SNP VMs"
 2024-11-25 16:58:52 -06:00
Dan Mihai
f340b31c41 genpolicy: avoid regorus warning 
Avoid adding to the Guest console warnings about "agent_policy:10:8".

"import input" is unnecessary.

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
 2024-11-25 21:19:01 +00:00
Zvonko Kaiser
c3d1b3c5e3 Merge pull request #10464 from zvonkok/nvidia-gpu-rootfs 
gpu: NVIDIA GPU initrd/image build
 2024-11-25 16:16:42 -05:00
Fabiano Fidêncio
8763a9bc90 Merge pull request #10520 from fidencio/topic/drop-clear-linux-rootfs 
osbuilder: Drop Clear Linux
 2024-11-25 21:16:03 +01:00
Dan Mihai
78cbf33f1d runtime: clh: addNet() logging clean-up 
Avoid logging the same endpoint fields twice from addNet().

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
 2024-11-25 19:58:54 +00:00
alex.lyn
5dba680afb runtime-rs: fix vfio device name combination issue 
Fixes #10576

Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
 2024-11-25 14:01:43 +08:00
Steve Horsman
322073bea1 Merge pull request #10447 from ldoktor/required-jobs 
ci: Required jobs
 2024-11-22 09:15:11 +00:00
Aurélien Bombo
5e4990bcf5 coco: ci: Add no-op steps to deploy CSI driver 
This adds no-op steps that'll be used to deploy and clean up the CSI driver
used for testing.

Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
 2024-11-21 16:08:06 -06:00
Aurélien Bombo
893f6a4ca0 ci: Introduce job to publish CSI driver image 
This adds a new job to build and publish the CSI driver Docker image.

Of course this job will fail after we merge this PR because the CSI driver
compilation job hasn't been implemented yet. However that will be implemented
directly after in #10561.

Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
 2024-11-21 16:07:59 -06:00
Aurélien Bombo
e43c59a2c6 ci: Add no-op step to compile CSI driver 
This adds a no-op build step to compile the CSI driver. The actual compilation
will be implemented in an ulterior PR, so as to ensure we don't break the CI.

Addresses: #10560

Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
 2024-11-21 16:06:55 -06:00
Zvonko Kaiser
0debf77770 gpu: NVIDIA gpu initrd/image build 
With each release make sure we ship a GPU enabled rootfs/initrd

Fixes: #6554

Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
 2024-11-21 18:57:23 +00:00
Steve Horsman
b4da4b5e3b Merge pull request #10377 from coolljt0725/fix_build 
osbuilder: Fix build dependency of ubuntu rootfs with Docker
 2024-11-21 08:45:59 +00:00
Jitang Lei
ed4c727c12 osbuilder: Fix build dependency of ubuntu rootfs with Docker 
Build ubuntu rootfs with Docker failed with error:
`Unable to find libclang`

Fix this error by adding libclang-dev to the dependency.

Signed-off-by: Jitang Lei <leijitang@outlook.com>
 2024-11-21 10:49:27 +08:00
Zvonko Kaiser
e9f36f8187 ci: Fixing simple typo 
change evn to env

Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
 2024-11-20 18:40:14 +00:00
Zvonko Kaiser
a5733877a4 ci: Fix error on self-hosted machines 
We need to clean-up any created files/dirs otherwise
we cause problems on self-hosted runners. Using tempdir which
will be removed automatically.

Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
 2024-11-20 18:40:13 +00:00
Lukáš Doktor
62e8815a5a ci: Add documentation to cover mapping format 
to help people with adding new entries.

Signed-off-by: Lukáš Doktor <ldoktor@redhat.com>
 2024-11-20 17:25:59 +01:00
Lukáš Doktor
64306dc888 ci: Set required-tests according to GH required tests 
this should record the current list of required tests from GH.

Signed-off-by: Lukáš Doktor <ldoktor@redhat.com>
 2024-11-20 17:25:57 +01:00
Steve Horsman
358ebf5134 Merge pull request #10558 from AdithyaKrishnan/main 
ci: Re-enable SNP CI
 2024-11-20 10:27:41 +00:00
Steve Horsman
30bad4ee43 Merge pull request #10562 from stevenhorsman/remove-release-artifactor-skips 
workflows: Remove skipping of artifact uploads
3.11.0 		2024-11-20 08:45:37 +00:00
Adithya Krishnan Kannan
2242aee099 ci: Skip the failing tests in SNP 
Per [Issue#10549](https://github.com/kata-containers/kata-containers/issues/10549),
the following tests are failing on SNP.
1. k8s-guest-pull-image-encrypted.bats
2. k8s-guest-pull-image-authenticated.bats
3. k8s-guest-pull-image-signature.bats
4. k8s-confidential-attestation.bats

Per @fidencio 's comment on
[PR#10558](https://github.com/kata-containers/kata-containers/pull/10558),
I am skipping the same.

Signed-Off-By: Adithya Krishnan Kannan <AdithyaKrishnan.Kannan@amd.com>
 2024-11-19 10:41:43 -06:00
stevenhorsman
da5f6b77c7 workflows: Remove skipping of artifact uploads 
Now we are downloading artifacts to create the rootfs
we need to ensure they are uploaded always,
even on releases

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
 2024-11-19 13:28:02 +00:00
Steve Horsman
817438d1f6 Merge pull request #10552 from stevenhorsman/3.11.0-release 
release: Bump version to 3.11.0
 2024-11-19 09:44:35 +00:00
Saul Paredes
eab48c9884 Merge pull request #10545 from microsoft/cameronbaird/sync-clh-logging 
runtime: fix comment to accurately reflect clh behavior
 2024-11-18 11:25:58 -08:00
Adithya Krishnan Kannan
ef367d81f2 ci: Re-enable SNP CI 
We've debugged the SNP Node and we
wish to test the fixes on GHA.

Signed-Off-By: Adithya Krishnan Kannan <AdithyaKrishnan.Kannan@amd.com>
 2024-11-18 11:11:27 -06:00
stevenhorsman
7a8ba14959 release: Bump version to 3.11.0 
Bump `VERSION` and helm-chart versions

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
 2024-11-18 11:13:15 +00:00
Steve Horsman
0ce3f5fc6f Merge pull request #10514 from squarti/pause_command 
agent: overwrite OCI process spec when overwriting pause image
 2024-11-15 18:03:58 +00:00