github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-30 23:06:27 +00:00
Code Issues Projects Releases Wiki Activity
6,416 Commits 52 Branches 136 Tags 320 MiB
Rust 58%
Go 24.7%
Shell 10%
RPC 5.4%
Makefile 1%
Other 0.8%
54832cd052
Go to file
Fabiano Fidêncio 54832cd052 release: Kata Containers 2.2.0-alpha0 
- Update CC=gcc setting for Fedora s390x
- osbuilder: Streamline s390x CMake & musl handling
- runtime: remove the call to storeSandbox at the end of createSandboxFromConfig
- virtcontainers: Add support for Secure Execution
- agent: Conform to the latest nix version (0.21.0)
- docs: Update the stable branch strategy to what was proposed in our ML
- runtime: add more traces for network
- tools/packaging: clone meson and dependencies before building QEMU
- runtime: remove covertool from cli test
- factory: Use lazy unmount
- docs: Fix Release Process document
- Add sandbox and container ID to trace spans
- agent: Fix fd leak caused by netlink
- metrics: Add virtiofsd exporter
- versions: Update kubernetes to 1.21.1
- tracing: Add basic VSOCK tracing
- agent: Upgrade tokio-vsock to fix fd leak of vsock socket
- runtime: fix some comments and logs
- runtime: Add support for PEF
- cleanup TODOs in runtime
- tracing: Make runtime span attributes more consistent
- virtiofsd: refactor qemu.go to use code in virtiofsd.go
- runtime: remove unused doc.go
- cgroup: fix the issue of set mem.limit and mem.swap
- agent: re-enable the standard SIGPIPE behavior
- virtiofsd: Fix file descriptors leak and return correct PID
- runtime: and cgroup and SandboxCgroupOnly check for check sub-command
- kernel: add ppc64le fragments
- docs: Use --ignore-preflight-errors=all flag
- agent: fix start container failed when dropping all capabilities
- agent: Remove unnecessary underscore(_) variables
- docs: Add instructions for getting QEMU source
- qemu: align before memory hotplug on arm64
- workflows: release kata 2.x snap through the stable channel
- Sandbox bindmount cleanup
- docs: Update add customer agent command
- agent: Stop relying in the unmaintained prctl crate
- how-to-use-virtio-mem-with-kata.md: Update doc to make it clear
- docs: Add document for memory hotplug on arm64
- github: Run require porting labels only at main
- kernel: add confidential guest build option
- rustjail: separated the propagation flags from mount flags
- runtime: improve sandbox cleanup logic
- docs: add note for connecting debug console for old versions
- image_build: align image size to 128M for arm64
- agent: avoid reaping the exit signal of execute_hook in the reaper
- agent: move the dependency tempfile to the dev-dependencies section
- docs: Document test repository changes when creating a stable branch
- docs: Remove horizontal ruler markers that disable spell checks
- docs/Developer-Guide: Add instructions to apply QEMU patches
- runtime: make dialing timeout configurable
- Get sandbox metrics cli
- Support TDx
- packaging/kata-cleanup: add k3s containerd volume
- osbuilder: Upgrade alpine version to 3.13.5
- Monitor cleanup
- Open CONFIG_VIRTIO_MEM in x86_64 Linux kernel
- agent: delete code which is no longer used
- cli: delete tracing code for kata-runtime binary
- docs: add per-Pod Kata configurations for `enable_pprof`
- Fix issue of virtio-mem
- Set fixed NOFILE limit value for kata-agent
- ci/install_yq.sh: install_yq: Check version before return
- runtime: use s.ctx instead ctx for checking cancellation
- runtime: fix some comments

a1247bc0 agent: Conform to the latest nix version (0.21.0)
3130e66d runtime: remove storeSandbox at the end of createSandboxFromConfig
7593ebf9 runtime: Use CC=gcc on Fedora s390x
a484d6db osbuilder: Streamline s390x CMake & musl handling
da2d9ab8 osbuilder: Remove CC=gcc for Fedora s390x
c0c05c73 virtcontainers: Add support for Secure Execution
78f21710 virtcontainers/s390x: Put consts into one block
784025bb runtime: add more traces for network
9ec9bbba tools/packaging: clone meson and dependencies before building QEMU
9158ec68 docs: Fix Release Process document
9e3349c1 agent: Fix fd leak caused by netlink
3d0e0b27 tracing: Add network model to span
8ca02072 tracing: Add sandbox and container ID to trace spans
a9a0eccf tracing: Add basic VSOCK tracing
2234b730 metrics: Add virtiofsd exporter
9bf781d7 agent: Upgrade tokio-vsock to fix fd leak of vsock socket
b68334a1 runtime: fix some comments and logs
1f5b229b runtime: remove FIXME in SandboxState about CgroupPath
fee0004a runtime: remove TODO about hot add memory in qemu.go
2e29ef9c runtime: remove TODO comment from StatusContainer
72cd8f5e virtiofsd: refactor qemu.go to use code in virtiofsd.go
0b22c48d runtime: remove unused doc.go
30f4834c cgroup: fix the issue of set mem.limit and mem.swap
0ae364c8 agent: re-enable the standard SIGPIPE behavior
05a46fed tracing: Make runtime span attributes more consistent
727bfc45 runtime: and cgroup and SandboxCgroupOnly check for check sub-command
b25ad1ab tracing: Make trace-forwarder async
45f02227 tracing: Add trace points
773deca2 virtiofsd: Fix file descriptors leak and return correct PID
37a426b4 runtime: Add support for PEF
fe670c5d docs: Use --ignore-preflight-errors=all flag
5b5047bd docs: Add instructions for getting QEMU source
3e4ebe10 agent: fix start container failed when dropping all capabilities
9a43d76d workflows: release kata 2.x snap through the stable channel
7f1030d3 sandbox-bindmount: persist mount information
089a7484 sandbox: Cleanup if failure to setup sandbox-bindmount occurs
f65acc20 docs: Update add customer agent command
20a382c1 agent: Remove unnecessary underscore(_) variables
4b88532c docs: Don't use Docker as an example of a container manager
4142e424 docs: Don't mention 1.x components as part of the stable branch strategy
a0af2bd7 docs: Use stable-2.x / 2.x.y as example in the branch strategy document
a5e1f66a docs: Maintain only one stable branch per major release
419773b8 docs: Emphasize behaviour changes may be a reason for a major bump
54a75008 docs: Refer to `main` branch in the stable branch strategy document
7dde0b5d kernel: add ppc64le fragments
84906181 kernel: skip fragments for ppc64le
9676b86b kernel: move CONFIG_RANDOMIZE_BASE
bd0cde40 factory: Use lazy unmount
f52468be agent/agent-ctl: Replace prctl crate by the capctl one
d289b1d6 agent-ctl: Perform a `cargo update`
bc36b7b4 qemu: align before memory hotplug on arm64
8aefc793 agent: Perform a `cargo update`
785be0bb how-to-use-virtio-mem-with-kata.md: Update doc to make it clear
f8a16c17 kernel: add confidential guest build option
a65f11ea docs: Add document for memory hotplug on arm64
1b607056 runtime: remove covertool from cli test
fc42dc07 github: Run require porting labels only at main
dbef2b29 versions: Update kubernetes to 1.21.1
35151f17 runtime: sandbox delete should succeed after verifying sandbox state
e5fe572f rustjail: separated the propagation flags from mount flags
ffbb4d9b docs: add note for connecting debug console for old versions
a5bb383c agent: avoid reaping the exit signal of execute_hook in the reaper
ce7a5ba2 agent: move the dependency tempfile to the dev-dependencies section
e24e9462 docs/Developer-Guide: Add instructions to apply QEMU patches
850cf8cd docs: Document test repository changes when creating a stable branch
8068a469 kata-runtime: add `metrics` command
37873061 kata-monitor: export get stats for sandbox
01b56d6c runtime: make dialing timeout configurable
e8038718 osbuilder: Upgrade alpine version to 3.13.5
3caed6f8 runtime: shim: dedup client, socket addr code
4bc006c8 runtime: Short the shim-monitor path
5fdf617e docs: Fix spell-check errors found after new text is discovered
42425456 docs: Remove horizontal ruler markers that disable spell checks
3883e4e2 kernel: configs: Open CONFIG_VIRTIO_MEM in x86_64 Linux kernel
4f61f4b4 virtcontainers: Support TDX
0affe886 virtcontainers: define confidential guest framework
539afba0 runtime: define config options to enable confidential computing
79831faf runtime: use s.ctx instead ctx for checking cancellation
f6d5fbf9 runtime: fix some comments
9381e5f3 packaging/kata-cleanup: add k3s containerd volume
7f7c3fc8 qemu.go: qemu: resizeMemory: Fix virtio-mem resize overflow issue
c9053ea3 qemu.go: qemu: setupVirtioMem: let sizeMB be multiple of 2Mib
a188577e agent: Set fixed NOFILE limit value for kata-agent
88cf3db6 runtime: implement CPUFlags function
2b0d5b25 image_build: align image size to 128M for arm64
d601ae34 agent: delete not used comments
6038da19 agent: delete rustjail/src/configs directory
84ee8aa8 agent: delete not used functions
d8896157 ci/install_yq.sh: install_yq: Check version before return
95e54e3f docs: add per-Pod Kata configurations for enable_pprof
13c23fec cli: delete tracing code for kata-runtime binary

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2021-06-11 16:10:01 +02:00
.github/workflows workflows: release kata 2.x snap through the stable channel 2021-05-21 15:48:48 -05:00
ci ci/install_yq.sh: install_yq: Check version before return 2021-04-29 18:19:18 +08:00
docs Merge pull request #1877 from fidencio/wip/update-stable-branch-strategy 2021-06-10 10:26:31 +02:00
pkg/logging logging: Use guard to make threaded logging safe 2021-03-29 14:32:11 +01:00
snap snap: Use qemu.version to build snap 2021-03-24 17:52:52 +00:00
src Merge pull request #1974 from Jakob-Naucke/fix-cc-fedora-s390x 2021-06-11 00:31:51 +02:00
tools release: Kata Containers 2.2.0-alpha0 2021-06-11 16:10:01 +02:00
utils branch: change 2.0-dev to main 2021-01-22 15:49:35 +08:00
.gitignore gitignore: Ignore *~ editor backup files 2021-02-19 09:54:53 +11:00
CODE_OF_CONDUCT.md docs: Add contributing and code of conduct docs 2018-02-06 10:41:09 +00:00
CODEOWNERS docs: fix static check errors 2020-09-28 11:01:03 +08:00
CONTRIBUTING.md docs: Add contributing and code of conduct docs 2018-02-06 10:41:09 +00:00
LICENSE Initial commit 2017-12-06 23:01:13 -06:00
Makefile Makefile: add default rule 2020-06-27 20:16:53 -07:00
README.md branch: change 2.0-dev to main 2021-01-22 15:49:35 +08:00
utils.mk build: Improve top-level Makefile 2020-06-25 11:19:12 +01:00
VERSION release: Kata Containers 2.2.0-alpha0 2021-06-11 16:10:01 +02:00
versions.yaml versions: Update kubernetes to 1.21.1 2021-05-14 00:08:55 +02:00

README.md

Kata Containers

Welcome to Kata Containers!

This repository is the home of the Kata Containers code for the 2.0 and newer releases.

If you want to learn about Kata Containers, visit the main Kata Containers website.

For further details on the older (first generation) Kata Containers 1.x versions, see the Kata Containers 1.x components section.

Introduction

Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.

Getting started

See the installation documentation.

Documentation

See the official documentation (including installation guides, the developer guide, design documents and more).

Community

To learn more about the project, its community and governance, see the community repository. This is the first place to go if you wish to contribute to the project.

Getting help

See the community section for ways to contact us.

Raising issues

Please raise an issue in this repository.

Note: If you are reporting a security issue, please follow the vulnerability reporting process

Kata Containers 1.x versions

For older Kata Containers 1.x releases, please raise an issue in the Kata Containers 1.x component repository that seems most appropriate.

If in doubt, raise an issue in the Kata Containers 1.x runtime repository.

Developers

Components

Component Type Description
agent-ctl utility Tool that provides low-level access for testing the agent.
agent core Management process running inside the virtual machine / POD that sets up the container environment.
documentation documentation Documentation common to all components (such as design and install documentation).
osbuilder infrastructure Tool to create "mini O/S" rootfs and initrd images for the hypervisor.
packaging infrastructure Scripts and metadata for producing packaged binaries
(components, hypervisors, kernel and rootfs).
runtime core Main component run by a container manager and providing a containerd shimv2 runtime implementation.
trace-forwarder utility Agent tracing helper.

Kata Containers 1.x components

For the first generation of Kata Containers (1.x versions), each component was kept in a separate repository.

For information on the Kata Containers 1.x releases, see the Kata Containers 1.x releases page.

For further information on particular Kata Containers 1.x components, see the individual component repositories:

Component Type Description
agent core See components.
documentation documentation
KSM throttler optional core Daemon that monitors containers and deduplicates memory to maximize container density on the host.
osbuilder infrastructure See components.
packaging infrastructure See components.
proxy core Multiplexes communications between the shims, agent and runtime.
runtime core See components.
shim core Handles standard I/O and signals on behalf of the container process.

Note:

  • There are more components for the original Kata Containers 1.x implementation.
  • The current implementation simplifies the design significantly: compare the current and previous generation designs.

Common repositories

The following repositories are used by both the current and first generation Kata Containers implementations:

Component Description Current First generation Notes
CI Continuous Integration configuration files and scripts. Kata 2.x Kata 1.x
kernel The Linux kernel used by the hypervisor to boot the guest image. Kata 2.x Kata 1.x Patches are stored in the packaging component.
tests Test code. Kata 2.x Kata 1.x Excludes unit tests which live with the main code.
www.katacontainers.io Contains the source for the main web site. Kata 2.x Kata 1.x

Packaging and releases

Kata Containers is now available natively for most distributions. However, packaging scripts and metadata are still used to generate snap and GitHub releases. See the components section for further details.