2d29791c19
- Drop in cfg files support - agent: enhance get handled signal - oci: fix serde skip serializing condition - agent: Run OCI poststart hooks after a container is launched - agent: Replace some libc functions with nix ones - runtime: overwrite mount type to bind for bind mounts - build: Set safe.directory for runtime repo - ci/cd: update check-commit-message - Set safe.directory against tests repository - runtime: delete Console from Cmd type - Add `default_maxmemory` config option - shim: set a non-zero return code if the wait process call failed. - Refactor how hypervisor config validation is handled - packaging: Remove unused kata docker configure script - kata-with-k8s: Add cgroupDriver for containerd - shim: support shim v2 logging plugin - device package cleanup/refactor - versions: Update kernel to latest LTS version 5.15.48 - agent: Allow BUILD_TYPE=debug - Fix clippy warnings and update agent's vendored code - block: Leverage multiqueue for virtio-block - kernel: Add CONFIG_EFI=y as part of the TDX fragments - runtime: Add heuristic to get the right value(s) for mem-reserve - runtime: enable sandbox feature on qemu - snap: fix snap build on ppc64le - packaging: Remove unused publish kata image script - rootfs: Fix chronyd.service failing on boot - tracing: Remove whitespace from root span - workflow: Removing man-db, workflow kept failing - docs: Update outdated URLs and keep them available - runtime: fix error when trying to parse sandbox sizing annotations - snap: Fix debug cli option - deps: Resolve dependabot bumps of containerd, crossbeam-utils, regex - Allow Cloud Hypervisor to run under the `container_kvm_t` - docs: Update containerd url link - agent: refactor reading file timing for debugging - safe-path: fix clippy warning - kernel building: efi_secret module - runtime: Switch to using the rust version of virtiofsd (all arches but powerpc) - shim: change the log level for GetOOMEvent call failures - docs: Add more kata monitor details - Allow io.katacontainers.config.hypervisor.enable_iommu annotation by … - versions: Bump virtiofsd to v1.3.0 - docs: Add storage limits to arch doc - docs: Update source for cri-tools - tools: Enable extra detail on error - docs: Add agent-ctl examples section |
||
|---|---|---|
| .github/workflows | ||
| ci | ||
| docs | ||
| snap | ||
| src | ||
| tools | ||
| utils | ||
| .gitignore | ||
| CODE_OF_CONDUCT.md | ||
| CODEOWNERS | ||
| CONTRIBUTING.md | ||
| Glossary.md | ||
| LICENSE | ||
| Makefile | ||
| README.md | ||
| utils.mk | ||
| VERSION | ||
| versions.yaml | ||
Kata Containers
Welcome to Kata Containers!
This repository is the home of the Kata Containers code for the 2.0 and newer releases.
If you want to learn about Kata Containers, visit the main Kata Containers website.
Introduction
Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.
License
The code is licensed under the Apache 2.0 license. See the license file for further details.
Platform support
Kata Containers currently runs on 64-bit systems supporting the following technologies:
| Architecture | Virtualization technology |
|---|---|
x86_64, amd64 |
Intel VT-x, AMD SVM |
aarch64 ("arm64") |
ARM Hyp |
ppc64le |
IBM Power |
s390x |
IBM Z & LinuxONE SIE |
Hardware requirements
The Kata Containers runtime provides a command to determine if your host system is capable of running and creating a Kata Container:
$ kata-runtime check
Notes:
This command runs a number of checks including connecting to the network to determine if a newer release of Kata Containers is available on GitHub. If you do not wish this to check to run, add the
--no-network-checksoption.By default, only a brief success / failure message is printed. If more details are needed, the
--verboseflag can be used to display the list of all the checks performed.If the command is run as the
rootuser additional checks are run (including checking if another incompatible hypervisor is running). When running asroot, network checks are automatically disabled.
Getting started
See the installation documentation.
Documentation
See the official documentation including:
Configuration
Kata Containers uses a single configuration file which contains a number of sections for various parts of the Kata Containers system including the runtime, the agent and the hypervisor.
Hypervisors
See the hypervisors document and the Hypervisor specific configuration details.
Community
To learn more about the project, its community and governance, see the community repository. This is the first place to go if you wish to contribute to the project.
Getting help
See the community section for ways to contact us.
Raising issues
Please raise an issue in this repository.
Note: If you are reporting a security issue, please follow the vulnerability reporting process
Developers
See the developer guide.
Components
Main components
The table below lists the core parts of the project:
| Component | Type | Description |
|---|---|---|
| runtime | core | Main component run by a container manager and providing a containerd shimv2 runtime implementation. |
| agent | core | Management process running inside the virtual machine / POD that sets up the container environment. |
| documentation | documentation | Documentation common to all components (such as design and install documentation). |
| libraries | core | Library crates shared by multiple Kata Container components or published to crates.io |
| tests | tests | Excludes unit tests which live with the main code. |
Additional components
The table below lists the remaining parts of the project:
| Component | Type | Description |
|---|---|---|
| packaging | infrastructure | Scripts and metadata for producing packaged binaries (components, hypervisors, kernel and rootfs). |
| kernel | kernel | Linux kernel used by the hypervisor to boot the guest image. Patches are stored here. |
| osbuilder | infrastructure | Tool to create "mini O/S" rootfs and initrd images and kernel for the hypervisor. |
agent-ctl |
utility | Tool that provides low-level access for testing the agent. |
trace-forwarder |
utility | Agent tracing helper. |
runk |
utility | Standard OCI container runtime based on the agent. |
ci |
CI | Continuous Integration configuration files and scripts. |
katacontainers.io |
Source for the katacontainers.io site. |
Packaging and releases
Kata Containers is now available natively for most distributions. However, packaging scripts and metadata are still used to generate snap and GitHub releases. See the components section for further details.
Glossary of Terms
See the glossary of terms related to Kata Containers.