On commit a649d33 we've started adding the specific version of the image
to be used, in order to ensure people using our content from a tarball
would be relying on the correct image.
However, later on, @bergwolf figured out it had some undesired side
effects, such as
https://github.com/kata-containers/kata-containers/runs/2235812941?check_suite_focus=true
What happens there is that the regular expression used to point the
image to a testing one doesn't take into consideration the $VERSION, and
that breaks the deployment.
Fixes: #1632
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit d43098ec21)
Using "io.containerd.kata.v2" instead of deprecated "io.containerd.runc.v1".
Fixes: #1629
Signed-off-by: bin <bin@hyper.sh>
(cherry picked from commit b0e4618e84)
The installation guide points to 1.x packages from OBS. For 2.x we
decided to stop building packages on OBS in favour of advertising
kata-deploy.
Apart from this, Ubuntu itself doesn't provide packages for
kata-containers.
Fixes: #1588
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit ede1ab8670)
As this repo is specific to the kata-containers 2.x, let's stop
mentioning / referring to the 1.x here, including how to setup and use
the snap package for 1.x.
Fixes: #1601
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 4a38ff41f0)
Update how-to-use-k8s-with-cri-containerd-and-kata.md to fit the latest
Kubernetes way.
And also changed CNI plugin from flannel to bridge, that will be easy to run.
Fixes: #1325
Signed-off-by: bin <bin@hyper.sh>
(cherry picked from commit 2c47277ca1)
There are two changes here. There first one being relying on the
`centos-release-advanced-virtualization` package instead providing the
content of the repo ourselves; and the second one being installing
`kata-containers` (2.x) instead of the `kata-runtime` one (1.x).
Fixes: #1583
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 1ce29fc959)
The package to be installed on Fedora is `kata-containers` instead of
`kata-runtime`. The difference being `kata-runtime` is the 1.x package,
while `kata-containers` is the 2.x one.
Fixes: #1582
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 3f90561bf1)
The content of the SLE installation guide is related to the 1.x
packages, as SUSE doesn't provide katacontainers 2.x packages.
Fixes: #1586
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 2888ceb024)
We don't use the "master" branch for anything in
`kata-containers/kata-containers`.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit ca4dccf980)
This doesn't make much difference for the automated process we have in
place, but makes a whole lot of difference for those trying to have the
binaries deployed locally.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit c2197cbf2b)
Instead of having different VERSION files spread accross the project,
let's always use the one in the topsrcdir and remove all the others,
keeping only a synlink to the topsrcdir one.
Fixes: #1579
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 572aff53e8)
`/test-kata-deploy` command does **not** work, and the output returned
is:
```
Error: Comment didn't contain a valid slash command
```
So, why does this happen?
This is the regex used: `^\/([\w]+)\b *(.*)?$`, being the important part
of the command "\/([\w]+)\b", with the rest being arguments to it.
Okay, `\w` is the key here, as `\w` means: a-z, A-Z, 0-9, including the
_.
Our command is `/test-kata-deploy`, and `-` is not present as part of
`\w`. Knowing this we need to update the command to something like:
`/test_kata_deploy`
Fixes: #1645
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 7873b7a1f9)
This partially reverts commit 1cce930071.
As mentioned in #1635, the malformed yaml wouldn't allow us to actually
test changes that were supposed to be test by this action.
So, this is now reverted and adapted accordingly.
Main differences from what we had before:
* As it tests kata-deploy itself, not the statically built binaries,
let's just use the binaries from 2.0.0 release;
* Adapt download and deploy location to the
`kata-containers/kata-containers` repo, as the original action was
based on 1.x repos;
Fixes: #1640
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit eda8da1ec5)
Currently the action is not running because it's broken, and it was
broken by 50fea9f.
Sadly, I cannot just test a fix on a PR as every single time we end up
triggering what's currently on main, rather than triggering the content
of the PR itself.
With this in mind, let me just remove the file and re-add it as part of
a new PR and, hopefully, have it tested in this way.
Sorry for the breakage, by the way.
Fixes: #1634
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 1cce930071)
Regenerate the client code with the added `go-fmt` step. No functional
changes.
Fixes: #1606
Signed-off-by: Bo Chen <chen.bo@intel.com>
(cherry picked from commit 0c38d9ecc4)
This patch extends the current process of generating client code for
cloud-hypervisor API with an additional step, `go-fmt`, which will remove
the generated `client/go.mod` file and format all auto-generated code.
Fixes: #1606
Signed-off-by: Bo Chen <chen.bo@intel.com>
(cherry picked from commit 52cacf8838)
Highlights for cloud-hypervisor version 0.14.0 include: 1) Structured
event monitoring; 2) MSHV improvements; 3) Improved aarch64 platform; 4)
Updated hotplug documentation; 6) PTY control for serial and
virtio-console; 7) Block device rate limiting; 8) Plan to deprecate the
support of "LinuxBoot" protocol and support PVH protocol only.
Highlights for cloud-hypervisor version 0.13.0 include: 1) Wider VFIO
device support; 2) Improve huge page support; 3) MACvTAP support; 4) VHD
disk image support; 5) Improved Virtio device threading; 6) Clean
shutdown support via synthetic power button.
Details can be found:
https://github.com/cloud-hypervisor/cloud-hypervisor/releases
Note: The client code of cloud-hypervisor's OpenAPI is automatically
generated by `openapi-generator` [1-2]. As the API changes do not
impact usages in Kata, no additional changes in kata's runtime are
needed to work with the latest version of cloud-hypervisor.
[1] https://github.com/OpenAPITools/openapi-generator
[2] https://github.com/kata-containers/kata-containers/blob/main/src/runtime/virtcontainers/pkg/cloud-hypervisor/README.mdFixes: #1591
Signed-off-by: Bo Chen <chen.bo@intel.com>
(cherry picked from commit 84b62dc3b1)
The docker script has been removed as part of
62cbaf4de4, but references to it were left
behind in the artifact-list.sh, release/kata-deploy-binaries.sh, and
kata-deploy/Dockerfile.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
There's no more NEMU, for some time already. Considering this, let's
just remove any mention to it as part of our project.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
There's no reason to ship qemu & qemu-virtiofs when the former already
includes vitiofs support (and that's the default for 2.x deployments).
In case we will enable experimental qemu DAX support, we should add a
new target, a "qemu-experimental" target, as Carlos has been working on.
Fixes: #1424
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
A wrong path was being used for container directory when
virtiofs is utilized. This resulted in a warning message in
logs when a container is killed, or completes:
level=warning msg="Could not remove container share dir"
Without proper removal, they'd later be cleaned up when the shared
path is removed as part of stopping the sandbox.
Fixes: #1559
Signed-off-by: Eric Ernst <eric.g.ernst@gmail.com>
Right now we rely heavily on mount propagation to share host
files/directories to the guest. However, because virtiofsd
pivots and moves itself to a separate mount namespace, the remount
mount is not present in virtiofsd's mount. And it causes guest to be
able to write to the host RO volume.
To fix it, create a private RO mount and then move it to the host mounts
dir so that it will be present readonly in the host-guest shared dir.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
bindmount remount events are not propagated through mount subtrees,
so we have to remount the shared dir mountpoint directly.
E.g.,
```
mkdir -p source dest foo source/foo
mount -o bind --make-shared source dest
mount -o bind foo source/foo
echo bind mount rw
mount | grep foo
echo remount ro
mount -o remount,bind,ro source/foo
mount | grep foo
```
would result in:
```
bind mount rw
/dev/xvda1 on /home/ubuntu/source/foo type ext4 (rw,relatime,discard,data=ordered)
/dev/xvda1 on /home/ubuntu/dest/foo type ext4 (rw,relatime,discard,data=ordered)
remount ro
/dev/xvda1 on /home/ubuntu/source/foo type ext4 (ro,relatime,discard,data=ordered)
/dev/xvda1 on /home/ubuntu/dest/foo type ext4 (rw,relatime,discard,data=ordered)
```
The reason is that bind mount creats new mount structs and attaches them to different mount subtrees.
However, MS_REMOUNT only looks for existing mount structs to modify and does not try to propagate the
change to mount structs in other subtrees.
Fixes: #1061
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
On some setups, starting multiple kata pods (qemu) simultaneously on the same node
might cause kata VMs booting time to increase and the pods to fail with:
Failed to check if grpc server is working: rpc error: code = DeadlineExceeded desc = timed
out connecting to vsock 1358662990:1024: unknown
Increasing default dialing timeout to 30s should cover most cases.
Signed-off-by: Snir Sheriber <ssheribe@redhat.com>
Fixes: #1543
(backport https://github.com/kata-containers/kata-containers/pull/1544)
Let's tag the yet non existent 2.0.2 image, so whoever deploys kata
using kata-deploy from the release tarball is pointed to the correct
image.
Fixes: #1493
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Other RPC calls return Pid of hypervisor, the TaskExit should
return the same Pid.
Fixes: #1497
Signed-off-by: bin <bin@hyper.sh>
(backport https://github.com/kata-containers/kata-containers/pull/1498)
Signed-off-by: Francesco Giudici <fgiudici@redhat.com>
[ fix missing GetHypervisorPid method in MockSandbox ]
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Since the kata's hypervisor process is in the network namespace,
which is close to container's process, and some host metrics
such as cadvisor can use this pid to access the network namespace
to get some network metrics. Thus this commit replace the shim's
pid with the hypervisor's pid.
Fixes: #1451
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
(backport https://github.com/kata-containers/kata-containers/pull/1452)
Signed-off-by: Francesco Giudici <fgiudici@redhat.com>
