Create a dedicate how-to guide for running Kata with k8s, and link to it
from the original guide location inside the Developer Guide.
Fixes: #333
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
This commit adds documentation for privileged containers and the mounting of host devices
when privileged is used. It has instructions for disabling this functionality when using
Containerd and CRI.
Fixes#529
Signed-off-by: Alex Price <aprice@atlassian.com>
Since virtio-fs is under active development, more
options will be added increasingly. To avaoid frequent
change on runtime side to handle option changes, use
one mingled arg to ease testing new option/feature of
virtiofsd.
See `virtiofsd -h` for more option details.
Fixes: #1999
Signed-off-by: Eric Ren <renzhen@linux.alibaba.com>
When shimv2 was killed by accident, containerd would try to
launch a new shimv2 binarry to cleanup the container. In order
to avoid race condition, the cleanup should be done serialized
in a sandbox. Thus adding a new api to do this by locking the
sandbox.
Fixes:#1832
Signed-off-by: lifupan <lifupan@gmail.com>
`virtcontainers.ensureDestinationExists` will create the bind
destination directory/file, which should be removed properly when
unmounting.
Fixes: #1974
Signed-off-by: Li Yuxuan <liyuxuan04@baidu.com>
Create symlink to patches directory, the list of patches will be
included in the spec and rules files.
Signed-off-by: Julio Montes <julio.montes@intel.com>
If an exec is failed(such as executable file not found in $PATH), the
`execs.id` will be empty. This leads to all the container processes
being killed when calling `Kill` on such exec id.
Fixes: #2001
Signed-off-by: Li Yuxuan <liyuxuan04@baidu.com>
Update kata-check to print by default only relevant information about
the ability to run / create Kata Containers, and omit the list of checks
performed. Checks can still be printed using the --verbose flag.
Fixes: #1944
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
When create container failed, it should delete the container
config from sandbox, otherwise, the following new creating container
would get a wrong resources caculating which would contain the previous
failed container resources such as memory and cpu.
Fixes: #1997
Signed-off-by: lifupan <lifupan@gmail.com>
The following storeSandbox() will store the sandbox config
data, thus there is no need to store it specifically before
run storeSandbox().
Signed-off-by: lifupan <lifupan@gmail.com>
- Run depends-on for packaging CI.
- Change were yq is installed
Depends-on: github.com/kata-containers/runtime#1996
Fixes: #683
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
In order to trim the list of devices, default-configs/i386-softmmu.mak must
be copied after having configured QEMU. This change helps to reduce the
attack surface and the QEMU binary size.
Signed-off-by: Julio Montes <julio.montes@intel.com>
strErr is qemu log message, should add err in error message, or if fail
before launch qemu, can not get corrent message.
Fixes: #1991
Signed-off-by: Ace-Tang <aceapril@126.com>
Since firecracker hasn't support console watching by now, so skip
watching console if the consoleURL is empty.
Fixes: #1970
Signed-off-by: lifupan <lifupan@gmail.com>
so that for qemu, we can save and export virtiofsd pid,
and put it to the same cgroup as the qemu process.
Fixes: #1972
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Running the container with `ctr` when the image is not present
on the system gives an error.
Fixes#536
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Update qemu version to bring the latest fixes and improvements:
* migration: allow private destination ram with x-ignore-shared
* hw/i386: Fix linker error when ISAPC is disabled
* hw/i386: turn off vmport if CONFIG_VMPORT is disabled
Depends-on: github.com/kata-containers/packaging#680
fixes#1978
Signed-off-by: Julio Montes <julio.montes@intel.com>
Refresh installation guide README with a clearer structure, and provide
a list of distribution with official Kata packages. This also updates
the openSUSE Leap versions supported to 15 and 15.1.
Fixes: #533
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
detail commit change
$ git log --no-merges --abbrev-commit --pretty=oneline "5017d4e9a9cf2d4381db99eacd9baf84b95bfb14..c4b9ac5c7601384c965b9646fc515884e091ebb9" | sed 's/^/ /g'
f627015 avoid adding io_serviced and io_service_bytes duplicately
13a3ac4 fixed an issue with invalid soft memory limits
215221e Add makefile for go and protos
0ecd2b6 cgroups: fix MoveTo function fail problem
38dc3ac Correct forked Travis builds
a9a304a Add Go 1.12 to Travis
51dcf5f Fix cgroup hugetlb size prefix for kB
1741ae0 add network stats
453efe3 Return ErrCgroupDeleted when no subsystems
4a9f0f7 Add SkipOpts for handling how subsystems are registered
4dacf2b Check for non-active/supported cgroups
2fd912c Add tests for pids
afd5981 Gofmt cgroup_test
f48bd85 Fixs return error message
64bade4 Take value instead of pointer value
b49c471 Correct ineffassign warning
6b552a8 Fix net_prio typo
a31a0ff Add functionality for retrieving all tasks of a cgroup
7d825b2 Add test for cgroups load when missing hierarchy in one subsystem
f6cbfb4 Change Load function in order to be more lenient on subsystems' checking
ab9ec0e Add go-systemd dep for CI testing
9a09e58 Fix gofmt of systemd.go
e13f6cc Add GoReportCard badge to README
d124595 Add Go 1.11 to Travis
d961ab9 Correct typo
e4cf832 Add project references and use common project travis
9de57ff Add godoc badge to README.md
Signed-off-by: Ace-Tang <aceapril@126.com>
