- Update kata-deploy to use CRI-O drop-in files - Update dependencies versions - fix build kernel shell error when setup with `-f` - virtcontainers: Fix virtio-fs on s390x - Runtimeclass updates - versions: Upgrade to cloud-hypervisor v15.0 - clh: return error if apiSocketPath failed - runtime: fix dropped error - agent: Update seccomp configuration for errnoRet and flags - Fix the issue that sandbox size is not right after update - docs: Document limitation regarding subpaths - qemu: kill virtiofsd if failure to start VMM - runtime/virtcontainers: Fix typo on qmp error msg - cli: delete not used files - runtime: delete not used function parameter builtIn - add io.katacontainers.config.hypervisor.virtio_fs_extra_args handling - Entropy source annotation - runtime: Fix stdout/stderr output from container being truncated - fix the issue of missing set fsGroup for EphemeralStorage - qemu: Fix assertion failure on shutdown - Assorted clippy fixes for Rust agent - agent: use channel instead of pipe(2) to send exit signal of process - Improve agent shutdown handling - Enable virtio-fs on s390x - block: Generate PCI path for virtio-blk devices on clh - runtime: Disable trace for healthcheck - agent/rustjail: Fix accidental damage from tokio conversion - cli: Use genericGetExpectedHostDetails on s390x - runtime/tests: Change "moo FAILURE" message - Update the information about the release process - remove ProcessListContainer API2047f26f
kata-deploy: Adapt CRI-O config to use drop-in files8de2f914
kata-deploy: Rely on CRIO default's values for manage_ns_lifecycleea9936e0
versions: Bump runc to v1.0.0-rc939c333b2c
versions: Bump CRI-O version to 1.21.xe33f207b
versions: Bump critools version to 1.21.08e5df723
versions: Bump kubernetes version to 1.21.0d15f84c9
versions: Remove Docker entry516f4ec0
versions: Remove OpenShift entrybe101ac1
versions: Remove CRI-O meta dependencies1ca6bedf
versions: Upgrade to cloud-hypervisor v15.0906c0df4
kata-deploy: don't update worker pool nodes3ee61776
virtcontainers: Enable virtio-fs on s390x8385ff95
runtime: Re-vendor GoVMMadba4532
virtcontainers: Revert "virtcontainers: Allow s390x appendVhostUserDevice"ede078bc
kata-deploy: aks-test: bump kubernetes/containerd484af12b
kata-deploy: update to handle new runtimeclass path05c224c3
runtimeclass: add nodeSelectoree7de8ab
tools: fix build kernel shell error7d5a4252
docs: Document limitation regarding subpaths36776408
runtime/virtcontainers: Fix typo on qmp error msg12a65d23
runtimeclass: drop stale runtimeclass definitions0787ea80
cgroupsCreate: not set resources to c.config.Resources831224aa
Sandbox: Fix ContainerConfig ptr in CreateContainer and createContainersa57c8ab1
qemu: kill virtiofsd if failure to start VMMff2b9e54
cli: delete not used files0d0a520d
clh: return error if apiSocketPath failedfc6bb01a
runtime: fix dropped error30ff6ee8
runtime: handle io.katacontainers.config.hypervisor.virtio_fs_extra_args677f0d99
runtime: delete not used function parameter builtIndcb9f403
config: Protect annotation for entropy_sourcef4c26aad
agent: fix the issue of missing set fsGroup for EphemeralStorage628d55bf
kata-agent: fix the issue of fsGroup missing0405beb2
agent: Remove unused Default implementation for NamespaceType7b83b7ec
agent/uevent: Better initialize Uevent in testb0190a40
agent: Use vec![] macro rather than init-then-push1c43245e
agent/device: Remove unneeded Result<> wrappers from uev matcherse41cdb8b
agent: Use str::is_empty() method in config::get_string_value()2377c097
agent: Use CamelCase for NamespaceType values75eca6d5
agent/rustjail: Clean up error path in execute_hook()s async task6ce1e56d
agent/rustjail: Remove an unnecessary PathBuf3c4485ec
agent/rustjail: Clean up some static definitions with vec! macroeaec5a6c
agent/oci: Change name case to make clippy happy3f5fdae0
agent/rustjail: (trivial) Clean up comment on process_grpc_to_oci()210f39a4
agent/rustjail: Simplify renaming importsd4a54137
runtime: Fix stdout/stderr output from container being truncated8ecf8e5c
agent: use channel instead of pipe to send exit signal of process81c5ff12
agent: Update seccomp configuration for errnoRet and flags8a33bd4c
qemu: Fix assertion failure on shutdown7f609113
virtcontainers: Allow s390x appendVhostUserDevice67ac4f45
runtime: update GoVMM for memory backend support6577b01a
agent/rustjail: Fix accidental damage from tokio conversionde2631e7
utils: Make WaitLocalProcess safer9256e590
shutdown: Don't sever console watcher too early51ab8700
utils: Improve WaitLocalProcess507ef636
utils: Add waitLocalProcess function1d5098de
agent/block: Generate PCI path for virtio-blk devices on clhe7c97f0f
runtime/tests: Change "moo FAILURE" message8bc53498
docs: Simplify the repo bumping section8a47b05a
docs: Mention that an app token should be used with hubd434c2e9
docs: OBS account is not require anymore543f9da3
runtime: Disable trace for healthcheck421439c6
API: remove ProcessListContainer/ListProcesses1366f0fb
cli: Use genericGetExpectedHostDetails on s390x Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Kata Containers
Welcome to Kata Containers!
This repository is the home of the Kata Containers code for the 2.0 and newer releases.
If you want to learn about Kata Containers, visit the main Kata Containers website.
For further details on the older (first generation) Kata Containers 1.x versions, see the Kata Containers 1.x components section.
Introduction
Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.
Getting started
See the installation documentation.
Documentation
See the official documentation (including installation guides, the developer guide, design documents and more).
Community
To learn more about the project, its community and governance, see the community repository. This is the first place to go if you wish to contribute to the project.
Getting help
See the community section for ways to contact us.
Raising issues
Please raise an issue in this repository.
Note: If you are reporting a security issue, please follow the vulnerability reporting process
Kata Containers 1.x versions
For older Kata Containers 1.x releases, please raise an issue in the Kata Containers 1.x component repository that seems most appropriate.
If in doubt, raise an issue in the Kata Containers 1.x runtime repository.
Developers
Components
Component | Type | Description |
---|---|---|
agent-ctl | utility | Tool that provides low-level access for testing the agent. |
agent | core | Management process running inside the virtual machine / POD that sets up the container environment. |
documentation | documentation | Documentation common to all components (such as design and install documentation). |
osbuilder | infrastructure | Tool to create "mini O/S" rootfs and initrd images for the hypervisor. |
packaging | infrastructure | Scripts and metadata for producing packaged binaries (components, hypervisors, kernel and rootfs). |
runtime | core | Main component run by a container manager and providing a containerd shimv2 runtime implementation. |
trace-forwarder | utility | Agent tracing helper. |
Kata Containers 1.x components
For the first generation of Kata Containers (1.x versions), each component was kept in a separate repository.
For information on the Kata Containers 1.x releases, see the Kata Containers 1.x releases page.
For further information on particular Kata Containers 1.x components, see the individual component repositories:
Component | Type | Description |
---|---|---|
agent | core | See components. |
documentation | documentation | |
KSM throttler | optional core | Daemon that monitors containers and deduplicates memory to maximize container density on the host. |
osbuilder | infrastructure | See components. |
packaging | infrastructure | See components. |
proxy | core | Multiplexes communications between the shims, agent and runtime. |
runtime | core | See components. |
shim | core | Handles standard I/O and signals on behalf of the container process. |
Note:
- There are more components for the original Kata Containers 1.x implementation.
- The current implementation simplifies the design significantly: compare the current and previous generation designs.
Common repositories
The following repositories are used by both the current and first generation Kata Containers implementations:
Component | Description | Current | First generation | Notes |
---|---|---|---|---|
CI | Continuous Integration configuration files and scripts. | Kata 2.x | Kata 1.x | |
kernel | The Linux kernel used by the hypervisor to boot the guest image. | Kata 2.x | Kata 1.x | Patches are stored in the packaging component. |
tests | Test code. | Kata 2.x | Kata 1.x | Excludes unit tests which live with the main code. |
www.katacontainers.io | Contains the source for the main web site. | Kata 2.x | Kata 1.x |
Packaging and releases
Kata Containers is now available natively for most distributions. However, packaging scripts and metadata are still used to generate snap and GitHub releases. See the components section for further details.