Merge pull request #12101 from stevenhorsman/release/3.23.0

release: Bump version to 3.23.0
2026-03-02 02:32:06 +00:00 · 2025-11-17 21:09:45 +00:00 · 2025-11-17 19:27:25 +00:00 · 2025-11-17 20:13:04 +01:00 · 2025-11-17 20:13:04 +01:00 · 2025-11-17 20:13:04 +01:00
21 changed files with 1642 additions and 555 deletions
--- a/2
+++ b/2
@@ -1 +1 @@
-3.22.0
+3.23.0
--- a/src/dragonball/Cargo.lock
+++ b/src/dragonball/Cargo.lock
@@ -4,18 +4,18 @@ version = 4

 [[package]]
 name = "addr2line"
-version = "0.21.0"
+version = "0.25.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8a30b2e23b9e17a9f90641c7ab1549cd9b44f296d3ccbf309d2863cfe398a0cb"
+checksum = "1b5d307320b3181d6d7954e663bd7c774a838b8220fe0593c86d9fb09f498b4b"
 dependencies = [
 "gimli",
 ]

 [[package]]
-name = "adler"
-version = "1.0.2"
+name = "adler2"
+version = "2.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
+checksum = "320119579fcad9c21884f5c4861d16174d0e06250625266f50fe6898340abefa"

 [[package]]
 name = "android-tzdata"
@@ -64,17 +64,17 @@ checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"

 [[package]]
 name = "backtrace"
-version = "0.3.69"
+version = "0.3.76"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2089b7e3f35b9dd2d0ed921ead4f6d318c27680d4a5bd167b3ee120edb105837"
+checksum = "bb531853791a215d7c62a30daf0dde835f381ab5de4589cfe7c649d2cbe92bd6"
 dependencies = [
 "addr2line",
- "cc",
 "cfg-if",
 "libc",
 "miniz_oxide",
 "object",
 "rustc-demangle",
+ "windows-link",
 ]

 [[package]]
@@ -638,9 +638,9 @@ dependencies = [

 [[package]]
 name = "flate2"
-version = "1.0.27"
+version = "1.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c6c98ee8095e9d1dcbf2fcc6d95acccb90d1c81db1e44725c6a984b1dbdfb010"
+checksum = "bfe33edd8e85a12a67454e37f8c75e730830d83e313556ab9ebf9ee7fbeb3bfb"
 dependencies = [
 "crc32fast",
 "libz-sys",
@@ -780,9 +780,9 @@ dependencies = [

 [[package]]
 name = "gimli"
-version = "0.28.0"
+version = "0.32.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6fb8d784f27acf97159b40fc4db5ecd8aa23b9ad5ef69cdd136d3bc80665f0c0"
+checksum = "e629b9b98ef3dd8afe6ca2bd0f89306cec16d43d907889945bc5d6687f2f13c7"

 [[package]]
 name = "h2"
@@ -1250,11 +1250,12 @@ checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a"

 [[package]]
 name = "miniz_oxide"
-version = "0.7.1"
+version = "0.8.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7"
+checksum = "1fa76a2c86f704bdb222d66965fb3d63269ce38518b83cb0575fca855ebb6316"
 dependencies = [
- "adler",
+ "adler2",
+ "simd-adler32",
 ]

 [[package]]
@@ -1452,9 +1453,9 @@ dependencies = [

 [[package]]
 name = "object"
-version = "0.32.1"
+version = "0.37.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9cf5f9dd3933bd50a9e1f149ec995f39ae2c496d31fd772c1fd45ebc27e902b0"
+checksum = "ff76201f031d8863c38aa7f905eca4f53abbfa15f609db4277d44cd8938f33fe"
 dependencies = [
 "memchr",
 ]
@@ -1756,9 +1757,9 @@ dependencies = [

 [[package]]
 name = "rustc-demangle"
-version = "0.1.23"
+version = "0.1.26"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76"
+checksum = "56f7d92ca342cea22a06f2121d944b4fd82af56988c270852495420f961d4ace"

 [[package]]
 name = "rustix"
@@ -1926,6 +1927,12 @@ version = "1.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"

+[[package]]
+name = "simd-adler32"
+version = "0.3.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d66dc143e6b11c1eddc06d5c423cfc97062865baf299914ab64caa38182078fe"
+
 [[package]]
 name = "slab"
 version = "0.4.11"
@@ -2553,6 +2560,12 @@ dependencies = [
 "windows-targets 0.48.5",
 ]

+[[package]]
+name = "windows-link"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5"
+
 [[package]]
 name = "windows-sys"
 version = "0.48.0"
--- a/src/runtime-rs/Cargo.lock
+++ b/src/runtime-rs/Cargo.lock
@@ -25,19 +25,13 @@ dependencies = [

 [[package]]
 name = "addr2line"
-version = "0.20.0"
+version = "0.25.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f4fa78e18c64fce05e902adecd7a5eed15a5e0a3439f7b0e169f0252214865e3"
+checksum = "1b5d307320b3181d6d7954e663bd7c774a838b8220fe0593c86d9fb09f498b4b"
 dependencies = [
 "gimli",
 ]

-[[package]]
-name = "adler"
-version = "1.0.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
-
 [[package]]
 name = "adler2"
 version = "2.0.1"
@@ -344,17 +338,17 @@ checksum = "cc17ab023b4091c10ff099f9deebaeeb59b5189df07e554c4fef042b70745d68"

 [[package]]
 name = "backtrace"
-version = "0.3.68"
+version = "0.3.76"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4319208da049c43661739c5fade2ba182f09d1dc2299b32298d3a31692b17e12"
+checksum = "bb531853791a215d7c62a30daf0dde835f381ab5de4589cfe7c649d2cbe92bd6"
 dependencies = [
 "addr2line",
- "cc",
 "cfg-if 1.0.0",
 "libc",
 "miniz_oxide 0.7.1",
 "object",
 "rustc-demangle",
+ "windows-link 0.2.1",
 ]

 [[package]]
@@ -621,7 +615,7 @@ dependencies = [
 "js-sys",
 "num-traits",
 "wasm-bindgen",
- "windows-link",
+ "windows-link 0.1.3",
 ]

 [[package]]
@@ -1674,9 +1668,9 @@ dependencies = [

 [[package]]
 name = "gimli"
-version = "0.27.3"
+version = "0.32.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b6c80984affa11d98d1b88b66ac8853f143217b399d3c74116778ff8fdb4ed2e"
+checksum = "e629b9b98ef3dd8afe6ca2bd0f89306cec16d43d907889945bc5d6687f2f13c7"

 [[package]]
 name = "glob"
@@ -2510,15 +2504,6 @@ version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"

-[[package]]
-name = "miniz_oxide"
-version = "0.7.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7"
-dependencies = [
- "adler",
-]
-
 [[package]]
 name = "miniz_oxide"
 version = "0.8.9"
@@ -2910,9 +2895,9 @@ dependencies = [

 [[package]]
 name = "object"
-version = "0.31.1"
+version = "0.37.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8bda667d9f2b5051b8833f59f3bf748b28ef54f850f4fcb389a252aa383866d1"
+checksum = "ff76201f031d8863c38aa7f905eca4f53abbfa15f609db4277d44cd8938f33fe"
 dependencies = [
 "memchr",
 ]
@@ -4055,9 +4040,9 @@ dependencies = [

 [[package]]
 name = "rustc-demangle"
-version = "0.1.23"
+version = "0.1.26"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76"
+checksum = "56f7d92ca342cea22a06f2121d944b4fd82af56988c270852495420f961d4ace"

 [[package]]
 name = "rustix"
@@ -5696,6 +5681,12 @@ version = "0.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5e6ad25900d524eaabdbbb96d20b4311e1e7ae1699af4fb28c17ae66c80d798a"

+[[package]]
+name = "windows-link"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5"
+
 [[package]]
 name = "windows-result"
 version = "0.1.2"
--- a/src/runtime-rs/Makefile
+++ b/src/runtime-rs/Makefile
@@ -328,7 +328,7 @@ ifneq (,$(QEMUCMD))
    KERNELPATH_COCO = $(KERNELDIR)/$(KERNEL_NAME_COCO)

    # overriding options
-    DEFSTATICRESOURCEMGMT_QEMU := false
+    DEFSTATICRESOURCEMGMT_QEMU := true

    # qemu-specific options
    DEFSANDBOXCGROUPONLY_QEMU := false
--- a/src/runtime-rs/crates/shim/Cargo.toml
+++ b/src/runtime-rs/crates/shim/Cargo.toml
@@ -14,9 +14,8 @@ path = "src/bin/main.rs"

 [dependencies]
 anyhow = { workspace = true }
-backtrace = { version = ">=0.3.35", features = [
+backtrace = { version = ">=0.3.76", features = [
    "libunwind",
-    "libbacktrace",
    "std",
 ], default-features = false }
 containerd-shim-protos = { workspace = true }
--- a/src/runtime/virtcontainers/kata_agent.go
+++ b/src/runtime/virtcontainers/kata_agent.go
@@ -36,6 +36,7 @@ import (
 	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/rootless"
 	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/types"
 	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/utils"
+	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/utils/retry"

 	ctrAnnotations "github.com/containerd/containerd/pkg/cri/annotations"
 	crioAnnotations "github.com/cri-o/cri-o/pkg/annotations"
@@ -597,7 +598,31 @@ func (k *kataAgent) updateInterface(ctx context.Context, ifc *pbTypes.Interface)
 	ifcReq := &grpc.UpdateInterfaceRequest{
 		Interface: ifc,
 	}
-	resultingInterface, err := k.sendReq(ctx, ifcReq)
+	// Since the network device hotplug is an asynchronous operation,
+	// it's possible that the hotplug operation had returned, but the network device
+	// hasn't ready in guest, thus it's better to retry on this operation to
+	// wait until the device ready in guest.
+
+	var resultingInterface interface{}
+
+	err := retry.Do(func() error {
+		if resInterface, nerr := k.sendReq(ctx, ifcReq); nerr != nil {
+			errMsg := nerr.Error()
+			if !strings.Contains(errMsg, "Link not found") {
+				return retry.Unrecoverable(nerr)
+			}
+
+			return nerr
+		} else {
+			resultingInterface = resInterface
+			return nil
+		}
+	},
+
+		retry.Attempts(20),
+		retry.LastErrorOnly(true),
+		retry.Delay(20*time.Millisecond))
+
 	if err != nil {
 		k.Logger().WithFields(logrus.Fields{
 			"interface-requested": fmt.Sprintf("%+v", ifc),
--- a/src/tools/agent-ctl/Cargo.lock
+++ b/src/tools/agent-ctl/Cargo.lock
@@ -25,19 +25,13 @@ dependencies = [

 [[package]]
 name = "addr2line"
-version = "0.22.0"
+version = "0.25.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6e4503c46a5c0c7844e948c9a4d6acd9f50cccb4de1c48eb9e291ea17470c678"
+checksum = "1b5d307320b3181d6d7954e663bd7c774a838b8220fe0593c86d9fb09f498b4b"
 dependencies = [
 "gimli",
 ]

-[[package]]
-name = "adler"
-version = "1.0.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
-
 [[package]]
 name = "adler2"
 version = "2.0.0"
@@ -540,17 +534,17 @@ dependencies = [

 [[package]]
 name = "backtrace"
-version = "0.3.73"
+version = "0.3.76"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5cc23269a4f8976d0a4d2e7109211a419fe30e8d88d677cd60b6bc79c5732e0a"
+checksum = "bb531853791a215d7c62a30daf0dde835f381ab5de4589cfe7c649d2cbe92bd6"
 dependencies = [
 "addr2line",
- "cc",
 "cfg-if 1.0.1",
 "libc",
- "miniz_oxide 0.7.3",
+ "miniz_oxide",
 "object",
 "rustc-demangle",
+ "windows-link",
 ]

 [[package]]
@@ -1885,8 +1879,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4a3d7db9596fecd151c5f638c0ee5d5bd487b6e0ea232e5dc96d5250f6f94b1d"
 dependencies = [
 "crc32fast",
- "libz-sys",
- "miniz_oxide 0.8.9",
+ "miniz_oxide",
 ]

 [[package]]
@@ -2089,9 +2082,9 @@ dependencies = [

 [[package]]
 name = "gimli"
-version = "0.29.0"
+version = "0.32.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "40ecd4077b5ae9fd2e9e169b102c6c330d0605168eb0e8bf79952b256dbefffd"
+checksum = "e629b9b98ef3dd8afe6ca2bd0f89306cec16d43d907889945bc5d6687f2f13c7"

 [[package]]
 name = "glob"
@@ -3025,17 +3018,6 @@ dependencies = [
 "uuid 0.8.2",
 ]

-[[package]]
-name = "libz-sys"
-version = "1.1.22"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b70e7a7df205e92a1a4cd9aaae7898dac0aa555503cc0a649494d0d60e7651d"
-dependencies = [
- "cc",
- "pkg-config",
- "vcpkg",
-]
-
 [[package]]
 name = "linux-raw-sys"
 version = "0.3.8"
@@ -3178,15 +3160,6 @@ version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"

-[[package]]
-name = "miniz_oxide"
-version = "0.7.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "87dfd01fe195c66b572b37921ad8803d010623c0aca821bea2302239d155cdae"
-dependencies = [
- "adler",
-]
-
 [[package]]
 name = "miniz_oxide"
 version = "0.8.9"
@@ -3421,9 +3394,9 @@ dependencies = [

 [[package]]
 name = "object"
-version = "0.36.0"
+version = "0.37.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "576dfe1fc8f9df304abb159d767a29d0476f7750fbf8aa7ad07816004a207434"
+checksum = "ff76201f031d8863c38aa7f905eca4f53abbfa15f609db4277d44cd8938f33fe"
 dependencies = [
 "memchr",
 ]
@@ -6272,12 +6245,6 @@ version = "1.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5e395fcf16a7a3d8127ec99782007af141946b4795001f876d54fb0d55978560"

-[[package]]
-name = "vcpkg"
-version = "0.2.15"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
-
 [[package]]
 name = "version_check"
 version = "0.9.4"
@@ -6559,6 +6526,12 @@ dependencies = [
 "syn 2.0.87",
 ]

+[[package]]
+name = "windows-link"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5"
+
 [[package]]
 name = "windows-registry"
 version = "0.2.0"
--- a/src/tools/csi-kata-directvolume/go.mod
+++ b/src/tools/csi-kata-directvolume/go.mod
@@ -35,7 +35,7 @@ require (
 	github.com/pkg/xattr v0.4.9 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/sirupsen/logrus v1.9.0 // indirect
-	github.com/ulikunitz/xz v0.5.14 // indirect
+	github.com/ulikunitz/xz v0.5.15 // indirect
 	golang.org/x/text v0.23.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240227224415-6ceb2ff114de // indirect
 	google.golang.org/protobuf v1.33.0 // indirect
--- a/src/tools/csi-kata-directvolume/go.sum
+++ b/src/tools/csi-kata-directvolume/go.sum
@@ -55,6 +55,8 @@ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcU
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/ulikunitz/xz v0.5.14 h1:uv/0Bq533iFdnMHZdRBTOlaNMdb1+ZxXIlHDZHIHcvg=
 github.com/ulikunitz/xz v0.5.14/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
+github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY=
+github.com/ulikunitz/xz v0.5.15/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
--- a/src/tools/genpolicy/Cargo.lock
+++ b/src/tools/genpolicy/Cargo.lock
@@ -4,19 +4,13 @@ version = 4

 [[package]]
 name = "addr2line"
-version = "0.21.0"
+version = "0.25.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8a30b2e23b9e17a9f90641c7ab1549cd9b44f296d3ccbf309d2863cfe398a0cb"
+checksum = "1b5d307320b3181d6d7954e663bd7c774a838b8220fe0593c86d9fb09f498b4b"
 dependencies = [
 "gimli",
 ]

-[[package]]
-name = "adler"
-version = "1.0.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
-
 [[package]]
 name = "adler2"
 version = "2.0.1"
@@ -206,17 +200,17 @@ dependencies = [

 [[package]]
 name = "backtrace"
-version = "0.3.69"
+version = "0.3.76"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2089b7e3f35b9dd2d0ed921ead4f6d318c27680d4a5bd167b3ee120edb105837"
+checksum = "bb531853791a215d7c62a30daf0dde835f381ab5de4589cfe7c649d2cbe92bd6"
 dependencies = [
 "addr2line",
- "cc",
 "cfg-if",
 "libc",
- "miniz_oxide 0.7.1",
+ "miniz_oxide",
 "object",
 "rustc-demangle",
+ "windows-link",
 ]

 [[package]]
@@ -809,8 +803,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bfe33edd8e85a12a67454e37f8c75e730830d83e313556ab9ebf9ee7fbeb3bfb"
 dependencies = [
 "crc32fast",
- "libz-sys",
- "miniz_oxide 0.8.9",
+ "miniz_oxide",
 ]

 [[package]]
@@ -1013,9 +1006,9 @@ dependencies = [

 [[package]]
 name = "gimli"
-version = "0.28.0"
+version = "0.32.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6fb8d784f27acf97159b40fc4db5ecd8aa23b9ad5ef69cdd136d3bc80665f0c0"
+checksum = "e629b9b98ef3dd8afe6ca2bd0f89306cec16d43d907889945bc5d6687f2f13c7"

 [[package]]
 name = "glob"
@@ -1630,17 +1623,6 @@ version = "0.2.174"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1171693293099992e19cddea4e8b849964e9846f4acee11b3948bcc337be8776"

-[[package]]
-name = "libz-sys"
-version = "1.1.22"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b70e7a7df205e92a1a4cd9aaae7898dac0aa555503cc0a649494d0d60e7651d"
-dependencies = [
- "cc",
- "pkg-config",
- "vcpkg",
-]
-
 [[package]]
 name = "linked-hash-map"
 version = "0.5.6"
@@ -1714,15 +1696,6 @@ version = "0.3.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2a60c7ce501c71e03a9c9c0d35b861413ae925bd979cc7a4e30d060069aaac8d"

-[[package]]
-name = "miniz_oxide"
-version = "0.7.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7"
-dependencies = [
- "adler",
-]
-
 [[package]]
 name = "miniz_oxide"
 version = "0.8.9"
@@ -1820,9 +1793,9 @@ dependencies = [

 [[package]]
 name = "object"
-version = "0.32.1"
+version = "0.37.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9cf5f9dd3933bd50a9e1f149ec995f39ae2c496d31fd772c1fd45ebc27e902b0"
+checksum = "ff76201f031d8863c38aa7f905eca4f53abbfa15f609db4277d44cd8938f33fe"
 dependencies = [
 "memchr",
 ]
@@ -2521,9 +2494,9 @@ dependencies = [

 [[package]]
 name = "rustc-demangle"
-version = "0.1.23"
+version = "0.1.26"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76"
+checksum = "56f7d92ca342cea22a06f2121d944b4fd82af56988c270852495420f961d4ace"

 [[package]]
 name = "rustix"
@@ -3656,6 +3629,12 @@ dependencies = [
 "syn 2.0.104",
 ]

+[[package]]
+name = "windows-link"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5"
+
 [[package]]
 name = "windows-result"
 version = "0.1.2"
--- a/src/tools/kata-ctl/Cargo.lock
+++ b/src/tools/kata-ctl/Cargo.lock
--- a/src/tools/runk/Cargo.lock
+++ b/src/tools/runk/Cargo.lock
@@ -4,18 +4,18 @@ version = 4

 [[package]]
 name = "addr2line"
-version = "0.22.0"
+version = "0.25.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6e4503c46a5c0c7844e948c9a4d6acd9f50cccb4de1c48eb9e291ea17470c678"
+checksum = "1b5d307320b3181d6d7954e663bd7c774a838b8220fe0593c86d9fb09f498b4b"
 dependencies = [
 "gimli",
 ]

 [[package]]
-name = "adler"
-version = "1.0.2"
+name = "adler2"
+version = "2.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
+checksum = "320119579fcad9c21884f5c4861d16174d0e06250625266f50fe6898340abefa"

 [[package]]
 name = "ahash"
@@ -308,17 +308,17 @@ checksum = "cc17ab023b4091c10ff099f9deebaeeb59b5189df07e554c4fef042b70745d68"

 [[package]]
 name = "backtrace"
-version = "0.3.73"
+version = "0.3.76"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5cc23269a4f8976d0a4d2e7109211a419fe30e8d88d677cd60b6bc79c5732e0a"
+checksum = "bb531853791a215d7c62a30daf0dde835f381ab5de4589cfe7c649d2cbe92bd6"
 dependencies = [
 "addr2line",
- "cc",
 "cfg-if",
 "libc",
 "miniz_oxide",
 "object",
 "rustc-demangle",
+ "windows-link",
 ]

 [[package]]
@@ -1087,12 +1087,11 @@ checksum = "37ab347416e802de484e4d03c7316c48f1ecb56574dfd4a46a80f173ce1de04d"

 [[package]]
 name = "flate2"
-version = "1.0.30"
+version = "1.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f54427cfd1c7829e2a139fcefea601bf088ebca651d2bf53ebc600eac295dae"
+checksum = "bfe33edd8e85a12a67454e37f8c75e730830d83e313556ab9ebf9ee7fbeb3bfb"
 dependencies = [
 "crc32fast",
- "libz-sys",
 "miniz_oxide",
 ]

@@ -1278,9 +1277,9 @@ dependencies = [

 [[package]]
 name = "gimli"
-version = "0.29.0"
+version = "0.32.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "40ecd4077b5ae9fd2e9e169b102c6c330d0605168eb0e8bf79952b256dbefffd"
+checksum = "e629b9b98ef3dd8afe6ca2bd0f89306cec16d43d907889945bc5d6687f2f13c7"

 [[package]]
 name = "glob"
@@ -1551,7 +1550,6 @@ dependencies = [
 "num_cpus",
 "oci-spec",
 "regex",
- "safe-path",
 "serde",
 "serde-enum-str",
 "serde_json",
@@ -1654,17 +1652,6 @@ dependencies = [
 "uuid 0.8.2",
 ]

-[[package]]
-name = "libz-sys"
-version = "1.1.22"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b70e7a7df205e92a1a4cd9aaae7898dac0aa555503cc0a649494d0d60e7651d"
-dependencies = [
- "cc",
- "pkg-config",
- "vcpkg",
-]
-
 [[package]]
 name = "linux-raw-sys"
 version = "0.1.4"
@@ -1761,11 +1748,12 @@ checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"

 [[package]]
 name = "miniz_oxide"
-version = "0.7.4"
+version = "0.8.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b8a240ddb74feaf34a79a7add65a741f3167852fba007066dcac1ca548d89c08"
+checksum = "1fa76a2c86f704bdb222d66965fb3d63269ce38518b83cb0575fca855ebb6316"
 dependencies = [
- "adler",
+ "adler2",
+ "simd-adler32",
 ]

 [[package]]
@@ -1904,9 +1892,9 @@ dependencies = [

 [[package]]
 name = "object"
-version = "0.36.1"
+version = "0.37.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "081b846d1d56ddfc18fdf1a922e4f6e07a11768ea1b92dec44e42b72712ccfce"
+checksum = "ff76201f031d8863c38aa7f905eca4f53abbfa15f609db4277d44cd8938f33fe"
 dependencies = [
 "memchr",
 ]
@@ -2809,6 +2797,12 @@ dependencies = [
 "libc",
 ]

+[[package]]
+name = "simd-adler32"
+version = "0.3.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d66dc143e6b11c1eddc06d5c423cfc97062865baf299914ab64caa38182078fe"
+
 [[package]]
 name = "simdutf8"
 version = "0.1.4"
@@ -3400,12 +3394,6 @@ dependencies = [
 "log",
 ]

-[[package]]
-name = "vcpkg"
-version = "0.2.15"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
-
 [[package]]
 name = "version_check"
 version = "0.9.4"
@@ -3584,6 +3572,12 @@ dependencies = [
 "syn 2.0.87",
 ]

+[[package]]
+name = "windows-link"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5"
+
 [[package]]
 name = "windows-result"
 version = "0.1.2"
--- a/tests/gha-run-k8s-common.sh
+++ b/tests/gha-run-k8s-common.sh
@@ -503,10 +503,11 @@ function helm_helper() {
 	popd

 	# Create temporary values file for customization
-	# Start with an appropriate example values file based on the hypervisor type
+	# Start with values.yaml which has all shims enabled by default
+	# Use example files only for specific hypervisor types that need different configurations
 	values_yaml=$(mktemp -t values_yaml.XXXXXX)

-	# Determine which example values file to use as base
+	# Determine which values file to use as base
 	local base_values_file="${helm_chart_dir}/values.yaml"
 	if [[ -n "${KATA_HYPERVISOR}" ]]; then
 		case "${KATA_HYPERVISOR}" in
@@ -522,12 +523,6 @@ function helm_helper() {
 					base_values_file="${helm_chart_dir}/try-kata-tee.values.yaml"
 				fi
 				;;
-			*)
-				# Use all shims example file for standard hypervisors
-				if [[ -f "${helm_chart_dir}/try-kata.values.yaml" ]]; then
-					base_values_file="${helm_chart_dir}/try-kata.values.yaml"
-				fi
-				;;
 		esac
 	fi

--- a/tests/integration/kubernetes/k8s-cpu-ns.bats
+++ b/tests/integration/kubernetes/k8s-cpu-ns.bats
@@ -12,6 +12,7 @@ setup() {
 	[ "${KATA_HYPERVISOR}" == "firecracker" ] && skip "test not working see: ${fc_limitations}"
 	[ "${KATA_HYPERVISOR}" == "fc" ] && skip "test not working see: ${fc_limitations}"
 	[ "${KATA_HYPERVISOR}" == "qemu-se-runtime-rs" ] && skip "Requires CPU hotplug which isn't supported on ${KATA_HYPERVISOR} yet"
+	[ "${KATA_HYPERVISOR}" == "qemu-runtime-rs" ] && skip "Requires CPU hotplug which isn't supported on ${KATA_HYPERVISOR} yet"
 	[[ "${KATA_HYPERVISOR}" == qemu-coco-dev* ]] && skip "Requires CPU hotplug which disabled by static_sandbox_resource_mgmt"
 	( [ "${KATA_HYPERVISOR}" == "qemu-tdx" ] || [ "${KATA_HYPERVISOR}" == "qemu-snp" ] || \
 		[ "${KATA_HYPERVISOR}" == "qemu-se" ] ) \
@@ -82,9 +83,6 @@ setup() {
 		[ "$total_cpus_container" -eq "$total_cpus" ] && break
 		sleep 1
 	done
-
-	info "total_cpus_container = $total_cpus_container"
-
 	[ "$total_cpus_container" -eq "$total_cpus" ]

 	# Check the total of requests
@@ -120,8 +118,10 @@ setup() {
 teardown() {
 	[ "${KATA_HYPERVISOR}" == "firecracker" ] && skip "test not working see: ${fc_limitations}"
 	[ "${KATA_HYPERVISOR}" == "fc" ] && skip "test not working see: ${fc_limitations}"
+	[ "${KATA_HYPERVISOR}" == "dragonball" ] && skip "test not working see: ${dragonball_limitations}"
+	[ "${KATA_HYPERVISOR}" == "qemu-runtime-rs" ] && skip "Requires CPU hotplug which isn't supported on ${KATA_HYPERVISOR} yet"
 	[ "${KATA_HYPERVISOR}" == "qemu-se-runtime-rs" ] && skip "Requires CPU hotplug which isn't supported on ${KATA_HYPERVISOR} yet"
-	[ "${KATA_HYPERVISOR}" == "qemu-coco-dev*" ] && skip "test not working see: ${fc_limitations}"
+	[ "${KATA_HYPERVISOR}" == "cloud-hypervisor" ] && skip "https://github.com/kata-containers/kata-containers/issues/9039"
 	( [ "${KATA_HYPERVISOR}" == "qemu-tdx" ] || [ "${KATA_HYPERVISOR}" == "qemu-snp" ] || \
 		[ "${KATA_HYPERVISOR}" == "qemu-se" ] ) \
 		&& skip "TEEs do not support memory / CPU hotplug"
--- a/tests/integration/kubernetes/k8s-number-cpus.bats
+++ b/tests/integration/kubernetes/k8s-number-cpus.bats
@@ -9,6 +9,8 @@ load "${BATS_TEST_DIRNAME}/../../common.bash"
 load "${BATS_TEST_DIRNAME}/tests_common.sh"

 setup() {
+	[ "${KATA_HYPERVISOR}" = "cloud-hypervisor" ] && skip "test not working https://github.com/kata-containers/kata-containers/issues/9039"
+	[ "${KATA_HYPERVISOR}" = "qemu-runtime-rs" ] && skip "Requires CPU hotplug which isn't supported on ${KATA_HYPERVISOR} yet"
 	[ "${KATA_HYPERVISOR}" = "qemu-se-runtime-rs" ] && skip "Requires CPU hotplug which isn't supported on ${KATA_HYPERVISOR} yet"
 	pod_name="cpu-test"
 	container_name="c1"
@@ -50,6 +52,8 @@ setup() {
 }

 teardown() {
+	[ "${KATA_HYPERVISOR}" = "cloud-hypervisor" ] && skip "test not working https://github.com/kata-containers/kata-containers/issues/9039"
+	[ "${KATA_HYPERVISOR}" = "qemu-runtime-rs" ] && skip "Requires CPU hotplug which isn't supported on ${KATA_HYPERVISOR} yet"
 	[ "${KATA_HYPERVISOR}" = "qemu-se-runtime-rs" ] && skip "Requires CPU hotplug which isn't supported on ${KATA_HYPERVISOR} yet"
 	# Debugging information
 	kubectl describe "pod/$pod_name"
--- a/tools/packaging/kata-deploy/helm-chart/README.md
+++ b/tools/packaging/kata-deploy/helm-chart/README.md
@@ -235,7 +235,7 @@ defaultShim:
 1. **Per-shim configuration**: Each shim can have its own settings for snapshotter, guest pull, agent proxy, etc.
 2. **Architecture-aware**: Shims declare which architectures they support
 3. **Type safety**: Structured format reduces configuration errors
-4. **Better defaults**: Shims are disabled by default, requiring explicit enablement
+4. **Easy to use**: All shims are enabled by default in `values.yaml`, so you can use the chart directly without modification

 ### Example: Enable `qemu` shim with new format

@@ -256,25 +256,38 @@ defaultShim:

 The chart maintains full backward compatibility with the legacy `env.*` format. If legacy values are set, they take precedence over the new structured format. This allows for gradual migration.

-### Example Values Files
+### Default Configuration

-To make it easier to try out Kata Containers, we provide several example values files:
-
-#### `try-kata.values.yaml` - All Shims Enabled
-
-This file enables all available Kata Containers shims, making it easy to try out all runtime options:
+The default `values.yaml` file has **all shims enabled by default**, making it easy to use the chart directly without modification:

 ```sh
 helm install kata-deploy oci://ghcr.io/kata-containers/kata-deploy-charts/kata-deploy \
-  --version VERSION \
-  -f try-kata.values.yaml
+  --version VERSION
 ```

-This includes:
+This includes all available Kata Containers shims:
 - Standard shims: `qemu`, `qemu-runtime-rs`, `clh`, `cloud-hypervisor`, `dragonball`, `fc`
 - TEE shims: `qemu-snp`, `qemu-tdx`, `qemu-se`, `qemu-se-runtime-rs`, `qemu-cca`, `qemu-coco-dev`, `qemu-coco-dev-runtime-rs`
 - NVIDIA GPU shims: `qemu-nvidia-gpu`, `qemu-nvidia-gpu-snp`, `qemu-nvidia-gpu-tdx`

+To enable only specific shims, you can override the configuration:
+
+```yaml
+# Custom values file - enable only qemu shim
+shims:
+  qemu:
+    enabled: true
+  clh:
+    enabled: false
+  cloud-hypervisor:
+    enabled: false
+  # ... disable other shims as needed
+```
+
+### Example Values Files
+
+For convenience, we also provide example values files that demonstrate specific use cases:
+
 #### `try-kata-tee.values.yaml` - Trusted Execution Environment Shims

 This file enables only the TEE (Trusted Execution Environment) shims for confidential computing:
@@ -337,10 +350,73 @@ The kata-deploy script will no longer create `runtimeClasses`

 ## Example: only `qemu` shim and debug enabled

+Since all shims are enabled by default, you need to disable the ones you don't want:
+
+```sh
+# Using --set flags (disable all except qemu)
+$ helm install kata-deploy \
+  --set shims.clh.enabled=false \
+  --set shims.cloud-hypervisor.enabled=false \
+  --set shims.dragonball.enabled=false \
+  --set shims.fc.enabled=false \
+  --set shims.qemu-runtime-rs.enabled=false \
+  --set shims.qemu-nvidia-gpu.enabled=false \
+  --set shims.qemu-nvidia-gpu-snp.enabled=false \
+  --set shims.qemu-nvidia-gpu-tdx.enabled=false \
+  --set shims.qemu-snp.enabled=false \
+  --set shims.qemu-tdx.enabled=false \
+  --set shims.qemu-se.enabled=false \
+  --set shims.qemu-se-runtime-rs.enabled=false \
+  --set shims.qemu-cca.enabled=false \
+  --set shims.qemu-coco-dev.enabled=false \
+  --set shims.qemu-coco-dev-runtime-rs.enabled=false \
+  --set debug=true \
+  "${CHART}" --version  "${VERSION}"
+```
+
+Or use a custom values file:
+
+```yaml
+# custom-values.yaml
+debug: true
+shims:
+  qemu:
+    enabled: true
+  clh:
+    enabled: false
+  cloud-hypervisor:
+    enabled: false
+  dragonball:
+    enabled: false
+  fc:
+    enabled: false
+  qemu-runtime-rs:
+    enabled: false
+  qemu-nvidia-gpu:
+    enabled: false
+  qemu-nvidia-gpu-snp:
+    enabled: false
+  qemu-nvidia-gpu-tdx:
+    enabled: false
+  qemu-snp:
+    enabled: false
+  qemu-tdx:
+    enabled: false
+  qemu-se:
+    enabled: false
+  qemu-se-runtime-rs:
+    enabled: false
+  qemu-cca:
+    enabled: false
+  qemu-coco-dev:
+    enabled: false
+  qemu-coco-dev-runtime-rs:
+    enabled: false
+```
+
 ```sh
 $ helm install kata-deploy \
-  --set env.shims="qemu" \
-  --set env.debug=true \
+  -f custom-values.yaml \
  "${CHART}" --version  "${VERSION}"
 ```

--- a/tools/packaging/kata-deploy/helm-chart/kata-deploy/Chart.yaml
+++ b/tools/packaging/kata-deploy/helm-chart/kata-deploy/Chart.yaml
@@ -15,13 +15,13 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: "3.22.0"
+version: "3.23.0"

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "3.22.0"
+appVersion: "3.23.0"

 dependencies:
  - name: node-feature-discovery
--- a/tools/packaging/kata-deploy/helm-chart/kata-deploy/try-kata-nvidia-gpu.values.yaml
+++ b/tools/packaging/kata-deploy/helm-chart/kata-deploy/try-kata-nvidia-gpu.values.yaml
@@ -12,7 +12,36 @@ snapshotter:
  setup: []

 # Enable NVIDIA GPU shims
+# First disable all shims (since values.yaml enables all by default)
 shims:
+  clh:
+    enabled: false
+  cloud-hypervisor:
+    enabled: false
+  dragonball:
+    enabled: false
+  fc:
+    enabled: false
+  qemu:
+    enabled: false
+  qemu-runtime-rs:
+    enabled: false
+  qemu-snp:
+    enabled: false
+  qemu-tdx:
+    enabled: false
+  qemu-se:
+    enabled: false
+  qemu-se-runtime-rs:
+    enabled: false
+  qemu-cca:
+    enabled: false
+  qemu-coco-dev:
+    enabled: false
+  qemu-coco-dev-runtime-rs:
+    enabled: false
+
+  # Now enable NVIDIA GPU shims
  qemu-nvidia-gpu:
    enabled: true
    supportedArches:
--- a/tools/packaging/kata-deploy/helm-chart/kata-deploy/try-kata-tee.values.yaml
+++ b/tools/packaging/kata-deploy/helm-chart/kata-deploy/try-kata-tee.values.yaml
@@ -12,7 +12,28 @@ snapshotter:
  setup: ["nydus"]  # TEE shims typically use nydus snapshotter

 # Enable TEE (Trusted Execution Environment) shims
+# First disable all shims (since values.yaml enables all by default)
 shims:
+  clh:
+    enabled: false
+  cloud-hypervisor:
+    enabled: false
+  dragonball:
+    enabled: false
+  fc:
+    enabled: false
+  qemu:
+    enabled: false
+  qemu-runtime-rs:
+    enabled: false
+  qemu-nvidia-gpu:
+    enabled: false
+  qemu-nvidia-gpu-snp:
+    enabled: false
+  qemu-nvidia-gpu-tdx:
+    enabled: false
+
+  # Now enable TEE shims (qemu-snp, qemu-tdx, qemu-se, qemu-se-runtime-rs, qemu-cca, qemu-coco-dev, qemu-coco-dev-runtime-rs)
  qemu-snp:
    enabled: true
    supportedArches:
--- a/tools/packaging/kata-deploy/helm-chart/kata-deploy/try-kata.values.yaml
+++ b/tools/packaging/kata-deploy/helm-chart/kata-deploy/try-kata.values.yaml
@@ -1,220 +0,0 @@
-# Example values file to enable all available Kata Containers shims
-# This is useful for trying out all the different runtime options available.
-#
-# Usage:
-#   helm install kata-deploy oci://ghcr.io/kata-containers/kata-deploy-charts/kata-deploy \
-#     --version VERSION \
-#     -f try-kata.values.yaml
-
-debug: false
-
-snapshotter:
-  setup: []  # ["nydus", "erofs"] or []
-
-# Enable all available shims
-shims:
-  clh:
-    enabled: true
-    supportedArches:
-      - amd64
-      - arm64
-    allowedHypervisorAnnotations: []
-    containerd:
-      snapshotter: ""
-
-  cloud-hypervisor:
-    enabled: true
-    supportedArches:
-      - amd64
-      - arm64
-    allowedHypervisorAnnotations: []
-    containerd:
-      snapshotter: ""
-
-  dragonball:
-    enabled: true
-    supportedArches:
-      - amd64
-      - arm64
-    allowedHypervisorAnnotations: []
-    containerd:
-      snapshotter: ""
-
-  fc:
-    enabled: true
-    supportedArches:
-      - amd64
-      - arm64
-    allowedHypervisorAnnotations: []
-    containerd:
-      snapshotter: "devmapper" # requires pre-configuration on the user side
-
-  qemu:
-    enabled: true
-    supportedArches:
-      - amd64
-      - arm64
-      - s390x
-      - ppc64le
-    allowedHypervisorAnnotations: []
-    containerd:
-      snapshotter: ""
-
-  qemu-runtime-rs:
-    enabled: true
-    supportedArches:
-      - amd64
-      - s390x
-    allowedHypervisorAnnotations: []
-    containerd:
-      snapshotter: ""
-
-  qemu-nvidia-gpu:
-    enabled: true
-    supportedArches:
-      - amd64
-      - arm64
-    allowedHypervisorAnnotations: []
-    containerd:
-      snapshotter: ""
-
-  qemu-nvidia-gpu-snp:
-    enabled: true
-    supportedArches:
-      - amd64
-    allowedHypervisorAnnotations: []
-    containerd:
-      snapshotter: ""
-      forceGuestPull: true
-    crio:
-      guestPull: true
-    agent:
-      httpsProxy: ""
-      noProxy: ""
-
-  qemu-nvidia-gpu-tdx:
-    enabled: true
-    supportedArches:
-      - amd64
-    allowedHypervisorAnnotations: []
-    containerd:
-      snapshotter: ""
-      forceGuestPull: true
-    crio:
-      guestPull: true
-    agent:
-      httpsProxy: ""
-      noProxy: ""
-
-  qemu-snp:
-    enabled: true
-    supportedArches:
-      - amd64
-    allowedHypervisorAnnotations: []
-    containerd:
-      snapshotter: nydus
-      forceGuestPull: false
-    crio:
-      guestPull: true
-    agent:
-      httpsProxy: ""
-      noProxy: ""
-
-  qemu-tdx:
-    enabled: true
-    supportedArches:
-      - amd64
-    allowedHypervisorAnnotations: []
-    containerd:
-      snapshotter: nydus
-      forceGuestPull: false
-    crio:
-      guestPull: true
-    agent:
-      httpsProxy: ""
-      noProxy: ""
-
-  qemu-se:
-    enabled: true
-    supportedArches:
-      - s390x
-    allowedHypervisorAnnotations: []
-    containerd:
-      snapshotter: nydus
-      forceGuestPull: false
-    crio:
-      guestPull: true
-    agent:
-      httpsProxy: ""
-      noProxy: ""
-
-  qemu-se-runtime-rs:
-    enabled: true
-    supportedArches:
-      - s390x
-    allowedHypervisorAnnotations: []
-    containerd:
-      snapshotter: nydus
-      forceGuestPull: false
-    crio:
-      guestPull: true
-    agent:
-      httpsProxy: ""
-      noProxy: ""
-
-  qemu-cca:
-    enabled: true
-    supportedArches:
-      - arm64
-    allowedHypervisorAnnotations: []
-    containerd:
-      snapshotter: nydus
-      forceGuestPull: false
-    crio:
-      guestPull: true
-    agent:
-      httpsProxy: ""
-      noProxy: ""
-
-  qemu-coco-dev:
-    enabled: true
-    supportedArches:
-      - amd64
-      - s390x
-    allowedHypervisorAnnotations: []
-    containerd:
-      snapshotter: nydus
-      forceGuestPull: false
-    crio:
-      guestPull: true
-    agent:
-      httpsProxy: ""
-      noProxy: ""
-
-  qemu-coco-dev-runtime-rs:
-    enabled: true
-    supportedArches:
-      - amd64
-      - s390x
-    allowedHypervisorAnnotations: []
-    containerd:
-      snapshotter: nydus
-      forceGuestPull: false
-    crio:
-      guestPull: true
-    agent:
-      httpsProxy: ""
-      noProxy: ""
-
-# Default shim per architecture
-defaultShim:
-  amd64: qemu
-  arm64: qemu
-  s390x: qemu
-  ppc64le: qemu
-
-runtimeClasses:
-  enabled: true
-  createDefault: false
-  defaultName: "kata"
-
--- a/tools/packaging/kata-deploy/helm-chart/kata-deploy/values.yaml
+++ b/tools/packaging/kata-deploy/helm-chart/kata-deploy/values.yaml
@@ -20,11 +20,10 @@ debug: false
 snapshotter:
  setup: []  # ["nydus", "erofs"] or []

-# See MAINTENANCE.md for field descriptions and maintenance guide
-# NOTE: All shims are disabled by default. Enable the ones you need explicitly.
+# Enable all available shims
 shims:
-  clh: # cloud-hypervisor, golang runtime
-    enabled: false
+  clh:
+    enabled: true
    supportedArches:
      - amd64
      - arm64
@@ -32,8 +31,8 @@ shims:
    containerd:
      snapshotter: ""

-  cloud-hypervisor: # rust runtime
-    enabled: false
+  cloud-hypervisor:
+    enabled: true
    supportedArches:
      - amd64
      - arm64
@@ -41,17 +40,17 @@ shims:
    containerd:
      snapshotter: ""

-  dragonball: # rust runtime
-    enabled: false
+  dragonball:
+    enabled: true
    supportedArches:
      - amd64
      - arm64
    allowedHypervisorAnnotations: []
    containerd:
      snapshotter: ""
-  
-  fc: # firecracker, golang runtime
-    enabled: false
+
+  fc:
+    enabled: true
    supportedArches:
      - amd64
      - arm64
@@ -59,8 +58,8 @@ shims:
    containerd:
      snapshotter: "devmapper" # requires pre-configuration on the user side

-  qemu: # golang runtime
-    enabled: false
+  qemu:
+    enabled: true
    supportedArches:
      - amd64
      - arm64
@@ -70,17 +69,17 @@ shims:
    containerd:
      snapshotter: ""

-  qemu-runtime-rs: # rust runtime
-    enabled: false
+  qemu-runtime-rs:
+    enabled: true
    supportedArches:
      - amd64
      - s390x
    allowedHypervisorAnnotations: []
    containerd:
      snapshotter: ""
- 
-  qemu-nvidia-gpu: # golang runtime
-    enabled: false
+
+  qemu-nvidia-gpu:
+    enabled: true
    supportedArches:
      - amd64
      - arm64
@@ -88,8 +87,8 @@ shims:
    containerd:
      snapshotter: ""

-  qemu-nvidia-gpu-snp: # golang runtime
-    enabled: false
+  qemu-nvidia-gpu-snp:
+    enabled: true
    supportedArches:
      - amd64
    allowedHypervisorAnnotations: []
@@ -102,8 +101,8 @@ shims:
      httpsProxy: ""
      noProxy: ""

-  qemu-nvidia-gpu-tdx: # golang runtime
-    enabled: false
+  qemu-nvidia-gpu-tdx:
+    enabled: true
    supportedArches:
      - amd64
    allowedHypervisorAnnotations: []
@@ -116,8 +115,8 @@ shims:
      httpsProxy: ""
      noProxy: ""

-  qemu-snp: # golang runtime
-    enabled: false
+  qemu-snp:
+    enabled: true
    supportedArches:
      - amd64
    allowedHypervisorAnnotations: []
@@ -130,8 +129,8 @@ shims:
      httpsProxy: ""
      noProxy: ""

-  qemu-tdx: # golang runtime
-    enabled: false
+  qemu-tdx:
+    enabled: true
    supportedArches:
      - amd64
    allowedHypervisorAnnotations: []
@@ -144,8 +143,8 @@ shims:
      httpsProxy: ""
      noProxy: ""

-  qemu-se: # golang runtime
-    enabled: false
+  qemu-se:
+    enabled: true
    supportedArches:
      - s390x
    allowedHypervisorAnnotations: []
@@ -158,8 +157,8 @@ shims:
      httpsProxy: ""
      noProxy: ""

-  qemu-se-runtime-rs: # rust runtime
-    enabled: false
+  qemu-se-runtime-rs:
+    enabled: true
    supportedArches:
      - s390x
    allowedHypervisorAnnotations: []
@@ -172,8 +171,8 @@ shims:
      httpsProxy: ""
      noProxy: ""

-  qemu-cca: # golang runtime
-    enabled: false
+  qemu-cca:
+    enabled: true
    supportedArches:
      - arm64
    allowedHypervisorAnnotations: []
@@ -186,8 +185,8 @@ shims:
      httpsProxy: ""
      noProxy: ""

-  qemu-coco-dev: # golang runtime
-    enabled: false
+  qemu-coco-dev:
+    enabled: true
    supportedArches:
      - amd64
      - s390x
@@ -201,8 +200,8 @@ shims:
      httpsProxy: ""
      noProxy: ""

-  qemu-coco-dev-runtime-rs: # rust runtime
-    enabled: false
+  qemu-coco-dev-runtime-rs:
+    enabled: true
    supportedArches:
      - amd64
      - s390x
@@ -217,11 +216,6 @@ shims:
      noProxy: ""

 # Default shim per architecture
-# Since shims are disabled by default, you must explicitly configure defaultShim
-# for the architectures you're using.
-# Example:
-#   defaultShim:
-#     amd64: shim
 defaultShim:
  amd64: qemu
  arm64: qemu
Author	SHA1	Message	Date
Steve Horsman	650ada7bcc	Merge pull request #12101 from stevenhorsman/release/3.23.0 release: Bump version to 3.23.0	2025-11-17 21:09:45 +00:00
stevenhorsman	70f1f4a3ac	release: Bump version to 3.23.0 Bump VERSION and helm-chart versions Signed-off-by: stevenhorsman <steven@uk.ibm.com>	2025-11-17 19:27:25 +00:00
stevenhorsman	c47e8d0ab8	kata-ctl: update backtrace and local references Similar to #12075, bump-backtrace to 0.3.76 to remove the dependency on adler, which is unmaintained - contributing to mitigating RUSTSEC-2025-0056 As a side effect this brought in loads of other crate changes, which I think are due to it bumping the local dependencies that this package builds on. Signed-off-by: stevenhorsman <steven@uk.ibm.com>	2025-11-17 20:13:04 +01:00
stevenhorsman	d16620bae1	runk: update backtrace to 0.3.76 Similar to #12075, bump-backtrace to remove the dependency on adler, which is unmaintained - contributing to mitigating RUSTSEC-2025-0056 Signed-off-by: stevenhorsman <steven@uk.ibm.com>	2025-11-17 20:13:04 +01:00
stevenhorsman	0b259e4fcf	agent-ctl: update backtrace to 0.3.76 Similar to #12075, bump-backtrace to remove the dependency on adler, which is unmaintained - contributing to mitigating RUSTSEC-2025-0056 Signed-off-by: stevenhorsman <steven@uk.ibm.com>	2025-11-17 20:13:04 +01:00
stevenhorsman	4abf79f16f	genpolicy: update backtrace to 0.3.76 Similar to #12075, bump-backtrace to remove the dependency on adler, which is unmaintained - contributing to mitigating RUSTSEC-2025-0056 Signed-off-by: stevenhorsman <steven@uk.ibm.com>	2025-11-17 20:13:04 +01:00
stevenhorsman	4158d9a94a	runtime-rs: update flate2 & backtrace Similar to #12075, bump flate2 and backtrace to remove the dependency on adler, which is unmaintained - contributing to mitigating RUSTSEC-2025-0056 Signed-off-by: stevenhorsman <steven@uk.ibm.com>	2025-11-17 20:13:04 +01:00
stevenhorsman	fe10db233c	runtime-rs: Remove libbacktrace feature from backtrace This feature was removed in https://github.com/rust-lang/backtrace-rs/pull/615 which shows that the implementation was removed over two years ago, so get rid of this feature, so we can move to newer versions Signed-off-by: stevenhorsman <steven@uk.ibm.com>	2025-11-17 20:13:04 +01:00
stevenhorsman	398e7987cd	dragonball: update flate2 & backtrace Similar to #12075, bump flate2 and backtrace to remove the dependency on adler, which is unmaintained - contributing to mitigating RUSTSEC-2025-0056 Signed-off-by: stevenhorsman <steven@uk.ibm.com>	2025-11-17 20:13:04 +01:00
Steve Horsman	04c7d11689	Merge pull request #12044 from lifupan/fix_update_interface runtime: fix the issue of update interface error	2025-11-17 14:45:36 +00:00
Fupan Li	763a0d8675	runtime: fix the issue of update interface error Since the network device hotplug is an asynchronous operation, it's possible that the hotplug operation had returned, but the network device hasn't ready in guest, thus it's better to retry on this operation to wait until the device ready in guest. Signed-off-by: Fupan Li <fupan.lfp@antgroup.com>	2025-11-17 13:58:36 +01:00
Steve Horsman	b3eb794662	Merge pull request #12098 from stevenhorsman/csi-kata-direct-volume-xz-0.5.15-bump csi-kata-directvolume: Bump xz module	2025-11-17 12:47:28 +00:00
Fabiano Fidêncio	75996945aa	kata-deploy: try-kata-values.yaml -> values.yaml This makes the user experience better, as the admin can deploy Kata Containers without having to download / set up any additional file. Of course, if the admin wants something more specific, examples are provided. Tests and documentation are updated to reflect this change. Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>	2025-11-17 12:16:17 +01:00
Alex Lyn	71a9ecf9f8	Merge pull request #12095 from lifupan/fix_vcpu_number runtime-rs: fix the issue of wrong vcpu number	2025-11-17 19:11:48 +08:00
stevenhorsman	502a3ce3b6	csi-kata-directvolume: Bump xz module Bump github.com/ulikunitz/xz to v0.5.15, to remediate vulnerability GO-2025-3922 Signed-off-by: stevenhorsman <steven@uk.ibm.com>	2025-11-17 10:20:50 +00:00
@@ -1 +1 @@
 .22.0
 .23.0