Kata deploy README document only contains Firecracker and Qemu. This PR adds
cloud-hypervisor test command to the README.md file.
Fixes: #2357
Signed-off-by: wangyongchao.bj <wangyongchao.bj@inspur.com>
The old ones are carrying CVEs, do not use them.
PS: In order to update the modules, we're running `make handle_vendor`
target from the runtime's Makefile. This is now part of the CI and
ensures that the vendored code is up-to-date. It's important to note
that older versions of golang may generate different results for those,
but those versions are not supported anymore, so we're good to go with
what we have in the CI (1.15 and 1.16).
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Since the old ones are carrying CVEs. Do not use them.
PS: In order to update the modules, we're running `make handle_vendor`
target from the runtime's Makefile. This is now part of the CI and
ensures that the vendored code is up-to-date. It's important to note
that older versions of golang may generate different results for those,
but those versions are not supported anymore, so we're good to go with
what we have in the CI (1.15 and 1.16).
Fixes: #2338
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Create a document summarising the tracing design proposals
from PR #1937.
Fixes: #2061.
Signed-off-by: bin <bin@hyper.sh>
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Looking at the changes that could cause the static-checks not to run
when a PR is updated I think 7db8a85a1f
could be the one that introduced such a regression.
Let's (try to) fix this by enforcing the workflow to run also when the
PR has been "edited" and "synchronized".
Fixes: #2343
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Add makefile to document possible options to run.
e.g
Default: Create a kata tarball, it will build assets concurrently.
```
$ make
```
Create a tarball build for cloud-hypervisor.
```
$ make cloud-hypervisor
```
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
If alpine image is created inside a container,
it does not get any golang version data. It will try
to get it by installing yq. To install yq curl is used.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
Tarballs are generated on push and merge events.
push: Allows get a tarball from the PR and use locally.
merge: After a PR is merged we have a quick way to get latest
kata-tarball.
The tarball can be downloaded from github page only.
Fixes: #1710
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
kata-deploy buider now reuses the build directory, this
makes faster rebuilds. Update firecracker builder to
not fail if is called twice.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
Use the yq installed in the env. Needed
to build kata from docker. The container builder
has not an initial Go env.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
Add script to build kata using docker.
Allow build kata-deploy binaries using docker.
kata-deploy-binaries-in-docker.sh is a wrapper of
kata-deploy-binaries.sh it will call kata-deploy-binaries.sh in a
container with all the dependencies installed.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
fixed the log parser url to kata 2.x path
(https://github.com/kata-containers/tests/tree/main)
for the How to import Kata Containers logs into Fluentd Doc.
Fixes#2335
Signed-off-by: wangyongchao.bj <wangyongchao.bj@inspur.com>
rather than removing the other line because configuration only contains
the image line ever more and this is how we already do it in tests.
Fixes: #2330
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
This PR updates the proper url for log parser for kata 2.x for
the Developer Guide document.
Fixes#2328
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
There is a new "ReadOnly" option added to nvdimm device in qemu
and now added to kata. However, qemu used for arm64 is a little
old and has no this feature. Here we remove this feature for arm.
Fixes: #2320
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
This PR updates the experimental documentation with the proper reference
to kata 2.x
Fixes#2317
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
This causes the repository to be checked out to a version tag, which is
inconsistent with how we build runtime, and reverts us to a buggy
`snap/snapcraft.yaml`.
Fixes: #2313
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
Let's ensure the runc version installed and used for running our tests
matches the vendored version.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Pior our bump to runc 1.0.1 the manager's Set() would take a Config as
its parameter. Now it takes the Resources directly.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Previously part of the "system" namespace, the RunningInUserNS() has
been moved to the "userns" namespace.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Dependabot brought to us attention that we were still vendoring the runc
code which was affected by CVE-2021-30465.
Although the vulnerability doesn't seem to affect kata-containers, we
better keep our dependencies up-to-date anyways. With this in mind,
let's bump our runc dependency to the latest release.
Fixes: #2309
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Improve security by making rootfs image read-only, nobody
will be able to modify it from the guest.
fixes#1916
Signed-off-by: Julio Montes <julio.montes@intel.com>
Update kata-deploy-binaries.sh cli options.
Add options to allow ask build a tarball for a specific asset.
It will help developers build a specific component and update
a kata-deploy installation. Also build each asset independetly
can help to create cache tarballs per asset in the future.
e.g. Build a tarball with shimv2.
```
./kata-deploy-binaries.sh --build=shim-v2
```
Additionally, the script path is moved to a new directory
as not only will work for releases.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
