mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-15 16:13:20 +00:00

acrn containers cri cri-o docker firecracker k8s kubernetes kvm oci qemu security virtual-machine virtualization

Go to file

Eric Ernst 961aaff004 agent: watcher: fixes to make more robust inotify/watchable-mount changes... - Allow up to 16 files. It isn't that uncommon to have 3 files in a secret. In Kubernetes, this results in 9 files in the mount (the presented files, which are symlinks to the latest files, which are symlinks to actual files which are in a seperate hidden directoy on the mount). Bumping from eight to 16 will help ensure we can support "most" secret/tokens, and is still a pretty small number to scan... - Now we will only replace the watched storage with a bindmount if we observe that there are too many files or if its too large. Since the scanning/updating is racy, we should expect that we'll occassionally run into errors (ie, a file deleted between scan / update). Rather than stopping and making a bind mount, continue updating, as the changes will be updated the next time check is called for that entry (every 2 seconds today). To facilitate the 'oversized' handling, we create specific errors for too large or too many files, and handle these specific errors when scanning the storage entry. - When handling an oversided mount, do not remove the prior files -- we'll just overwrite them with the bindmount. This'll help avoid the files disappearing from the user, avoid racy cleanup and simplifies the flow. Similarly, only mark it as a non-watched storage device after the bindmount is created successfully. - When creating bind mount, make sure destination exists. If we hadn't had a successful scan before, this wouldn't exist and the mount would fail. Update logic and unit test to cover this. - In several spots, we were returning when there was an error (both in scan and update). For update case, let's just log an warning and continue; since the scan/update is racy, we should expect that we'll have transient errors which should resolve the next time the watcher runs. Fixes: #2402 Signed-off-by: Eric Ernst <eric_ernst@apple.com>		2021-08-11 08:52:51 -07:00
.github/workflows	workflows: Actually login to quay.io	2021-08-06 10:07:25 +02:00
ci	CI: Call agent shutdown test	2021-07-30 11:03:25 +01:00
docs	docs: update the docs project url from kata 1.x to 2.x	2021-08-10 13:51:54 +08:00
pkg/logging	logging: Use guard to make threaded logging safe	2021-03-29 14:32:11 +01:00
snap	docs: Remove table of contents	2021-07-30 10:58:22 +01:00
src	agent: watcher: fixes to make more robust	2021-08-11 08:52:51 -07:00
tools	Merge pull request #2397 from dgibson/no-go-agent	2021-08-10 09:13:00 -05:00
utils	branch: change 2.0-dev to main	2021-01-22 15:49:35 +08:00
.gitignore	gitignore: Ignore *~ editor backup files	2021-02-19 09:54:53 +11:00
CODE_OF_CONDUCT.md	docs: Add contributing and code of conduct docs	2018-02-06 10:41:09 +00:00
CODEOWNERS	docs: fix static check errors	2020-09-28 11:01:03 +08:00
CONTRIBUTING.md	docs: Add contributing and code of conduct docs	2018-02-06 10:41:09 +00:00
Glossary.md	docs: added a glossary to support SEO tactics	2021-07-20 11:22:58 +02:00
LICENSE	Initial commit	2017-12-06 23:01:13 -06:00
Makefile	kata-deploy: Add Makefile	2021-07-28 19:45:35 +00:00
README.md	docs: Removed mention of 1.x	2021-07-30 10:58:22 +01:00
utils.mk	build: Add `make vendor`	2021-07-14 13:59:41 +02:00
VERSION	release: Kata Containers 2.2.0-alpha1	2021-07-14 17:52:21 +02:00
versions.yaml	versions: Upgrade to Cloud Hypervisor v17.0	2021-07-27 11:56:29 -07:00

README.md

Kata Containers

Welcome to Kata Containers!

This repository is the home of the Kata Containers code for the 2.0 and newer releases.

If you want to learn about Kata Containers, visit the main Kata Containers website.

Introduction

Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.

Getting started

See the installation documentation.

Documentation

See the official documentation (including installation guides, the developer guide, design documents and more).

Community

To learn more about the project, its community and governance, see the community repository. This is the first place to go if you wish to contribute to the project.

Getting help

See the community section for ways to contact us.

Raising issues

Please raise an issue in this repository.

Note: If you are reporting a security issue, please follow the vulnerability reporting process

Developers

Components

Main components

The table below lists the core parts of the project:

Component	Type	Description
runtime	core	Main component run by a container manager and providing a containerd shimv2 runtime implementation.
agent	core	Management process running inside the virtual machine / POD that sets up the container environment.
documentation	documentation	Documentation common to all components (such as design and install documentation).
tests	tests	Excludes unit tests which live with the main code.

Additional components

The table below lists the remaining parts of the project:

Component	Type	Description
packaging	infrastructure	Scripts and metadata for producing packaged binaries (components, hypervisors, kernel and rootfs).
kernel	kernel	Linux kernel used by the hypervisor to boot the guest image. Patches are stored here.
osbuilder	infrastructure	Tool to create "mini O/S" rootfs and initrd images and kernel for the hypervisor.
`agent-ctl`	utility	Tool that provides low-level access for testing the agent.
`trace-forwarder`	utility	Agent tracing helper.
`ci`	CI	Continuous Integration configuration files and scripts.
`katacontainers.io`	Source for the `katacontainers.io` site.

Packaging and releases

Kata Containers is now available natively for most distributions. However, packaging scripts and metadata are still used to generate snap and GitHub releases. See the components section for further details.