mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-09-15 05:49:05 +00:00
54832cd052
- Update CC=gcc setting for Fedora s390x - osbuilder: Streamline s390x CMake & musl handling - runtime: remove the call to storeSandbox at the end of createSandboxFromConfig - virtcontainers: Add support for Secure Execution - agent: Conform to the latest nix version (0.21.0) - docs: Update the stable branch strategy to what was proposed in our ML - runtime: add more traces for network - tools/packaging: clone meson and dependencies before building QEMU - runtime: remove covertool from cli test - factory: Use lazy unmount - docs: Fix Release Process document - Add sandbox and container ID to trace spans - agent: Fix fd leak caused by netlink - metrics: Add virtiofsd exporter - versions: Update kubernetes to 1.21.1 - tracing: Add basic VSOCK tracing - agent: Upgrade tokio-vsock to fix fd leak of vsock socket - runtime: fix some comments and logs - runtime: Add support for PEF - cleanup TODOs in runtime - tracing: Make runtime span attributes more consistent - virtiofsd: refactor qemu.go to use code in virtiofsd.go - runtime: remove unused doc.go - cgroup: fix the issue of set mem.limit and mem.swap - agent: re-enable the standard SIGPIPE behavior - virtiofsd: Fix file descriptors leak and return correct PID - runtime: and cgroup and SandboxCgroupOnly check for check sub-command - kernel: add ppc64le fragments - docs: Use --ignore-preflight-errors=all flag - agent: fix start container failed when dropping all capabilities - agent: Remove unnecessary underscore(_) variables - docs: Add instructions for getting QEMU source - qemu: align before memory hotplug on arm64 - workflows: release kata 2.x snap through the stable channel - Sandbox bindmount cleanup - docs: Update add customer agent command - agent: Stop relying in the unmaintained prctl crate - how-to-use-virtio-mem-with-kata.md: Update doc to make it clear - docs: Add document for memory hotplug on arm64 - github: Run require porting labels only at main - kernel: add confidential guest build option - rustjail: separated the propagation flags from mount flags - runtime: improve sandbox cleanup logic - docs: add note for connecting debug console for old versions - image_build: align image size to 128M for arm64 - agent: avoid reaping the exit signal of execute_hook in the reaper - agent: move the dependency tempfile to the dev-dependencies section - docs: Document test repository changes when creating a stable branch - docs: Remove horizontal ruler markers that disable spell checks - docs/Developer-Guide: Add instructions to apply QEMU patches - runtime: make dialing timeout configurable - Get sandbox metrics cli - Support TDx - packaging/kata-cleanup: add k3s containerd volume - osbuilder: Upgrade alpine version to 3.13.5 - Monitor cleanup - Open CONFIG_VIRTIO_MEM in x86_64 Linux kernel - agent: delete code which is no longer used - cli: delete tracing code for kata-runtime binary - docs: add per-Pod Kata configurations for `enable_pprof` - Fix issue of virtio-mem - Set fixed NOFILE limit value for kata-agent - ci/install_yq.sh: install_yq: Check version before return - runtime: use s.ctx instead ctx for checking cancellation - runtime: fix some commentsa1247bc0agent: Conform to the latest nix version (0.21.0)3130e66druntime: remove storeSandbox at the end of createSandboxFromConfig7593ebf9runtime: Use CC=gcc on Fedora s390xa484d6dbosbuilder: Streamline s390x CMake & musl handlingda2d9ab8osbuilder: Remove CC=gcc for Fedora s390xc0c05c73virtcontainers: Add support for Secure Execution78f21710virtcontainers/s390x: Put consts into one block784025bbruntime: add more traces for network9ec9bbbatools/packaging: clone meson and dependencies before building QEMU9158ec68docs: Fix Release Process document9e3349c1agent: Fix fd leak caused by netlink3d0e0b27tracing: Add network model to span8ca02072tracing: Add sandbox and container ID to trace spansa9a0eccftracing: Add basic VSOCK tracing2234b730metrics: Add virtiofsd exporter9bf781d7agent: Upgrade tokio-vsock to fix fd leak of vsock socketb68334a1runtime: fix some comments and logs1f5b229bruntime: remove FIXME in SandboxState about CgroupPathfee0004aruntime: remove TODO about hot add memory in qemu.go2e29ef9cruntime: remove TODO comment from StatusContainer72cd8f5evirtiofsd: refactor qemu.go to use code in virtiofsd.go0b22c48druntime: remove unused doc.go30f4834ccgroup: fix the issue of set mem.limit and mem.swap0ae364c8agent: re-enable the standard SIGPIPE behavior05a46fedtracing: Make runtime span attributes more consistent727bfc45runtime: and cgroup and SandboxCgroupOnly check for check sub-commandb25ad1abtracing: Make trace-forwarder async45f02227tracing: Add trace points773deca2virtiofsd: Fix file descriptors leak and return correct PID37a426b4runtime: Add support for PEFfe670c5ddocs: Use --ignore-preflight-errors=all flag5b5047bddocs: Add instructions for getting QEMU source3e4ebe10agent: fix start container failed when dropping all capabilities9a43d76dworkflows: release kata 2.x snap through the stable channel7f1030d3sandbox-bindmount: persist mount information089a7484sandbox: Cleanup if failure to setup sandbox-bindmount occursf65acc20docs: Update add customer agent command20a382c1agent: Remove unnecessary underscore(_) variables4b88532cdocs: Don't use Docker as an example of a container manager4142e424docs: Don't mention 1.x components as part of the stable branch strategya0af2bd7docs: Use stable-2.x / 2.x.y as example in the branch strategy documenta5e1f66adocs: Maintain only one stable branch per major release419773b8docs: Emphasize behaviour changes may be a reason for a major bump54a75008docs: Refer to `main` branch in the stable branch strategy document7dde0b5dkernel: add ppc64le fragments84906181kernel: skip fragments for ppc64le9676b86bkernel: move CONFIG_RANDOMIZE_BASEbd0cde40factory: Use lazy unmountf52468beagent/agent-ctl: Replace prctl crate by the capctl oned289b1d6agent-ctl: Perform a `cargo update`bc36b7b4qemu: align before memory hotplug on arm648aefc793agent: Perform a `cargo update`785be0bbhow-to-use-virtio-mem-with-kata.md: Update doc to make it clearf8a16c17kernel: add confidential guest build optiona65f11eadocs: Add document for memory hotplug on arm641b607056runtime: remove covertool from cli testfc42dc07github: Run require porting labels only at maindbef2b29versions: Update kubernetes to 1.21.135151f17runtime: sandbox delete should succeed after verifying sandbox statee5fe572frustjail: separated the propagation flags from mount flagsffbb4d9bdocs: add note for connecting debug console for old versionsa5bb383cagent: avoid reaping the exit signal of execute_hook in the reaperce7a5ba2agent: move the dependency tempfile to the dev-dependencies sectione24e9462docs/Developer-Guide: Add instructions to apply QEMU patches850cf8cddocs: Document test repository changes when creating a stable branch8068a469kata-runtime: add `metrics` command37873061kata-monitor: export get stats for sandbox01b56d6cruntime: make dialing timeout configurablee8038718osbuilder: Upgrade alpine version to 3.13.53caed6f8runtime: shim: dedup client, socket addr code4bc006c8runtime: Short the shim-monitor path5fdf617edocs: Fix spell-check errors found after new text is discovered42425456docs: Remove horizontal ruler markers that disable spell checks3883e4e2kernel: configs: Open CONFIG_VIRTIO_MEM in x86_64 Linux kernel4f61f4b4virtcontainers: Support TDX0affe886virtcontainers: define confidential guest framework539afba0runtime: define config options to enable confidential computing79831fafruntime: use s.ctx instead ctx for checking cancellationf6d5fbf9runtime: fix some comments9381e5f3packaging/kata-cleanup: add k3s containerd volume7f7c3fc8qemu.go: qemu: resizeMemory: Fix virtio-mem resize overflow issuec9053ea3qemu.go: qemu: setupVirtioMem: let sizeMB be multiple of 2Miba188577eagent: Set fixed NOFILE limit value for kata-agent88cf3db6runtime: implement CPUFlags function2b0d5b25image_build: align image size to 128M for arm64d601ae34agent: delete not used comments6038da19agent: delete rustjail/src/configs directory84ee8aa8agent: delete not used functionsd8896157ci/install_yq.sh: install_yq: Check version before return95e54e3fdocs: add per-Pod Kata configurations for enable_pprof13c23feccli: delete tracing code for kata-runtime binary Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Kata Containers
Welcome to Kata Containers!
This repository is the home of the Kata Containers code for the 2.0 and newer releases.
If you want to learn about Kata Containers, visit the main Kata Containers website.
For further details on the older (first generation) Kata Containers 1.x versions, see the Kata Containers 1.x components section.
Introduction
Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.
Getting started
See the installation documentation.
Documentation
See the official documentation (including installation guides, the developer guide, design documents and more).
Community
To learn more about the project, its community and governance, see the community repository. This is the first place to go if you wish to contribute to the project.
Getting help
See the community section for ways to contact us.
Raising issues
Please raise an issue in this repository.
Note: If you are reporting a security issue, please follow the vulnerability reporting process
Kata Containers 1.x versions
For older Kata Containers 1.x releases, please raise an issue in the Kata Containers 1.x component repository that seems most appropriate.
If in doubt, raise an issue in the Kata Containers 1.x runtime repository.
Developers
Components
| Component | Type | Description |
|---|---|---|
| agent-ctl | utility | Tool that provides low-level access for testing the agent. |
| agent | core | Management process running inside the virtual machine / POD that sets up the container environment. |
| documentation | documentation | Documentation common to all components (such as design and install documentation). |
| osbuilder | infrastructure | Tool to create "mini O/S" rootfs and initrd images for the hypervisor. |
| packaging | infrastructure | Scripts and metadata for producing packaged binaries (components, hypervisors, kernel and rootfs). |
| runtime | core | Main component run by a container manager and providing a containerd shimv2 runtime implementation. |
| trace-forwarder | utility | Agent tracing helper. |
Kata Containers 1.x components
For the first generation of Kata Containers (1.x versions), each component was kept in a separate repository.
For information on the Kata Containers 1.x releases, see the Kata Containers 1.x releases page.
For further information on particular Kata Containers 1.x components, see the individual component repositories:
| Component | Type | Description |
|---|---|---|
| agent | core | See components. |
| documentation | documentation | |
| KSM throttler | optional core | Daemon that monitors containers and deduplicates memory to maximize container density on the host. |
| osbuilder | infrastructure | See components. |
| packaging | infrastructure | See components. |
| proxy | core | Multiplexes communications between the shims, agent and runtime. |
| runtime | core | See components. |
| shim | core | Handles standard I/O and signals on behalf of the container process. |
Note:
- There are more components for the original Kata Containers 1.x implementation.
- The current implementation simplifies the design significantly: compare the current and previous generation designs.
Common repositories
The following repositories are used by both the current and first generation Kata Containers implementations:
| Component | Description | Current | First generation | Notes |
|---|---|---|---|---|
| CI | Continuous Integration configuration files and scripts. | Kata 2.x | Kata 1.x | |
| kernel | The Linux kernel used by the hypervisor to boot the guest image. | Kata 2.x | Kata 1.x | Patches are stored in the packaging component. |
| tests | Test code. | Kata 2.x | Kata 1.x | Excludes unit tests which live with the main code. |
| www.katacontainers.io | Contains the source for the main web site. | Kata 2.x | Kata 1.x |
Packaging and releases
Kata Containers is now available natively for most distributions. However, packaging scripts and metadata are still used to generate snap and GitHub releases. See the components section for further details.