FIPS are a set of security standards for encryption algorithms
in user and kernel space among others.
Have Kata support this by starting the VM for a container
in FIPS mode on detecting that the host is running in FIPS mode.
Depends-on: github.com/kata-containers/packaging#788
Fixes#2170
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
The repos of the CI builds are not used anywhere so let's be friendly to
the OBS infrastructure and do not publish them.
Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
cri-tools version was managed in the tests repository, but as
we define here cri-o, containerd and kubernetes versions, it
make sense to have the cri-tools version defined in this repo.
conmon has now to be installed/built separately. So add it
to the list.
Depends-on: github.com/kata-containers/tests#2057
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
Bump test fails because Kata version at this moment is alfa and
only bumps from alpha to rc0 are allowed. Just use rc0 as use-case
for all, there is not any other constrain at the moment.
Fixes: #795
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
This adds an option to the agent to control the hotplug timeout of block devices.
Retains the previous behaviour of defaulting to 3 seconds if not specified.
Can be increased when block device hot plugging is taking longer than expected.
fixes#62
Signed-off-by: Alex Price <aprice@atlassian.com>
Update k8s supported version from 1.15.3 to 1.16.2
and cri-o from 1.15.0 to 1.16.0
Fixes: #2166.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
The `skip_*` macros will be useful across the different tests so having
them in a separate module can help with code duplication. This change
creates a new module and exports the macros at crate level.
Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
This will allow us to run a VM in fips mode.
The intention is to check if the host is running in fips mode
and then start a container in fips mode as well.
Fixes#787
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Fixes to allow the rust agent to be built using a gnu target.
Specifically, remove assumptions about musl-specific types.
Fixes: #70.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Since build with --release produces corrupted binary in ci, we removed
--release. However, the make install target cannot find the binary,
set BUILDTYPE to debug
Fixes: #67
Signed-off-by: Yang Bo <bo@hyper.sh>
in order to make launchpad happy again, next changes are required:
* Install podman and cni plugings
* Use podman to build the rootfs or initrd image
* Depending on the architecture, build rootfs or initrd image
fixes#678
Signed-off-by: Julio Montes <julio.montes@intel.com>
- sandbox/cgroups: don't constrain if using SandboxCgroupsOnly
- cli: add kata-overhead subcommand
- versions: support specify version in versions.yaml for rust agent.
- virtcontainers/sandbox: calculate container's CPU from sandbox.contai…
- ci: Fix versions_checker.sh
- ci: Fix versions_checker.sh
- virtcontainers: unmount host mounts if container can't be created
- virtcontainers/store: make VCStoreUUIDPath rootless
- virtcontainers/annotations: use right domain name for kata annotations
- v2: Change the event and error behavior of pause/resume
- Update cni plugin version
- Load state early so that hypervisor can store the correct state
e4c816b versions: support specify version in versions.yaml for rust agent.
691a6a7 sandbox/cgroups: don't constrain if using SandboxCgroupsOnly
7fe0100 cli: add kata-overhead command
1bbc1d5 virtcontainers: add StatsSandbox to vc API
569bd78 virtcontainers: change pass by value to pass by reference
5b226d0 ci: Fix versions_checker.sh
f8b84d7 ci: Fix versions_checker.sh
24d7aff virtcontainers: change pass by value to pass by reference
abec17f virtcontainers/store: make VCStoreUUIDPath rootless
eca7bd2 virtcontainers: unmount host mounts if container can't be created
91bd095 virtcontainers/annotations: use right domain name for kata annotations
c1060a3 v2: Change the event and error behavior of pause/resume
f6a10bc state: Refactor code to move all the state load code
fa4acad state: Load the state from storage early on
929c4e7 network: Change NewNS() call
c0995c6 vendor: Vendor the latest CNI plugins
86d8346 version: Update the version for cni plugins
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
- release: Fix typos and organization issues
- kata-deploy: fix qemu-virtiofs entry on crio configuration
- Add actions release automation
- tags: Tag all repos with the same kata VERSION
- kata-deploy: Add qemu-virtiofs to containerd configuration
- release: Fixing message information
- kata-deploy: Add qemu-virtiofs wrapper
- doc: Fixes for release.md
- deploy: Skip installing nemu
84e004e kata-deploy: fix qemu-virtiofs entry on crio configuration
d56dec0 release: Fix typos and organization issues
9a7d692 kata-deploy: Add a simple GitHub Action
4eb376b artifact-list: provide script to get items to build
4f89e97 kata-deploy: look for kata artifacts locally
dc8fe05 release: Allow functions to take release versions
6c8df7f release: Call kata-deploy-binaries.sh main only if it not sourced
5307b03 release: Define a default value for destdir
7a932cf release: Create tarballs after every stage
420eb6e qemu-virtiofs: Fix tar naming for qemu with virtiofs support
f2ef841 release: don't checkout packaging from packaging
643ddf9 release: Add option to generate versions based on tag
b8dcb1c tags: Tag all repos with the same kata VERSION
eea8cea kata-deploy: Fix indentation issues.
8234f9a kata-deploy: Add qemu-virtiofs to containerd configuration
aafd329 release: Fixing message information
dab8087 kata-deploy: Add qemu-virtiofs wrapper
7c26509 doc: Fixes for release.md
8eb5cf3 deploy: Skip installing nemu
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
The get_key_value method is currently only avaiable in nightly rust.
As only this feature is required it worth to refactor and enable building
in the stable channel.
The method was removed by first getting the value from the CGROUPS hashmap,
then key is get by iterating over all the keys. The checks for an empty key and
key == "devices" were moved out of the hashmap block.
The README.md was updated as well to detail the instructions for stable rust.
Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
Create a config module and add more tests. Also enable setting the log
level from the kernel command-line.
Fixes: #59, #63.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
adopt-info is a snapcraft feature that allows us to specify the snap grade and
version at runtime. Depending on the environment the master or the latest
stable branch can be used to build the Kata Containers snap, for the kata
CI and launchpad snap-master branch, the master branch are used, otherwise
the latest stable branch.
Signed-off-by: Julio Montes <julio.montes@intel.com>
