- Enhancement: fix comments/logs and delete not used function - storage: make k8s emptyDir volume creation location configurable - Implement direct-assigned volume - Bump containerd to 1.6.1 - experimentally enable vcpu hotplug and virtio-mem on arm64 in kernel part - versions: Upgrade to Cloud Hypervisor v22.0 - katatestutils: remove distro constraints - Minor fixes for the `disable_block_device_use` comments - clh: stop virtofsd if clh fails to boot up the vm - clh: tdx: Don't use sharedFS with Confidential Guests - runtime: Build golang components with extra security options - snap: Use git clone depth 1 for QEMU and dependencies - snap: Don't build cloud-hypevisor on ppc64le - build: always reset ARCH after getting it - virtcontainers: remove temp dir created for vsock in test code - docs: Add unit testing presentation - virtcontainers: Use available s390x hugepages - Update QEMU >= 6.1.0 in configure-hypervisor.sh - Fix monitor listen address - snap: clh: Re-use kata-deploy script here - osbuilder: Add CentOS Stream rootfs - runtime: Gofmt fixes - Update `confidential_guest` comments - cleanup runtime pkgs for Darwin build, add basic Darwin build/unit test - docs: Update Readme document - runtime: use Cmd.StdoutPipe instead of self-created pipe - docs: Developer-Guide build a custom Kata agent with musl - kata-agent: Fix mismatching error of cgroup and mountinfo. - runtime, config: make selinux configurable - Fix unbound variable / typo on error mesage - clh: Add TDX support - virtcontainers: Do not add a virtio-rng-ccw device - kata-monitor: fix collecting metrics for sandboxes not started through CRI - runtime: fix package declaration for ppc64le - Make the hypervisor framework not Linux specific - kata-deploy: Simplify Dockerfile and support s390x - Support nerdctl OCI hooks - shim: log events for CRI-O - docs: Update contributing link - kata-deploy: Use (kata with) qemu as the default shim-v2 binary - kata-monitor: simplify sandbox cache management and attach kubernetes POD metadata to metrics - nydus: add lazyload support for kata with clh - kernel: remove SYS_SUPPORTS_HUGETLBFS from powerpc fragments - packaging: Use `patch` for applying patches - virtcontainers: Remove duplicated assert messages in utils test code - versions: add nydus-snapshotter - docs: Update limitations document - packaging: support qemu-tdx - Kata manager fix install - versions: Linux 5.15.x - trace-forwarder/agent-ctl: run cargo fmt/clippy in make check - docs: Improve top-level README - runtime: use github.com/mdlayher/vsock@v1.1.0 - tools: Build cloud-hypervisor with "--features tdx" - virtiofsd: Use "-o announce_submounts" - feature: hugepages support - tools: clh: Allow to set when to build from sources and the build flags passed down to cargo - docs: Remove docker run and shared memory from limitations - versions: Udpate Cloud Hypervisor to 55479a64d237 - kernel: add missing config fragment for TDx - runtime: The index variable is initialized multiple times in for - scripts: fix a typo while to check build_type - versions: bump CRI-O to its 1.23 release - feature(nydusd): add nydusd support to introduce lazyload ability - docs: Fix relative links in Markdown - kernel: support TDx - device: Actually update PCIDEVICE_ environment variables for the guest - docs: Update link to EFK stack docs - runtime: support QEMU SGX - snap: update qemu version to 6.1.0 for arm - Release process related fixes - openshift-ci: switch to CentOS Stream - virtcontainers: Split the rootless package into OS specific parts - runtime: suppport split firmware - kata-deploy: for testing, make sure we use the PR branch - docs: Remove Zun documentation with kata containers - agent: Fix execute_hook() args error - workflows: stop checking revert commit |
||
---|---|---|
.github/workflows | ||
ci | ||
docs | ||
snap | ||
src | ||
tools | ||
utils | ||
.gitignore | ||
CODE_OF_CONDUCT.md | ||
CODEOWNERS | ||
CONTRIBUTING.md | ||
Glossary.md | ||
LICENSE | ||
Makefile | ||
README.md | ||
utils.mk | ||
VERSION | ||
versions.yaml |

Kata Containers
Welcome to Kata Containers!
This repository is the home of the Kata Containers code for the 2.0 and newer releases.
If you want to learn about Kata Containers, visit the main Kata Containers website.
Introduction
Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.
License
The code is licensed under the Apache 2.0 license. See the license file for further details.
Platform support
Kata Containers currently runs on 64-bit systems supporting the following technologies:
Architecture | Virtualization technology |
---|---|
x86_64 , amd64 |
Intel VT-x, AMD SVM |
aarch64 ("arm64 ") |
ARM Hyp |
ppc64le |
IBM Power |
s390x |
IBM Z & LinuxONE SIE |
Hardware requirements
The Kata Containers runtime provides a command to determine if your host system is capable of running and creating a Kata Container:
$ kata-runtime check
Notes:
This command runs a number of checks including connecting to the network to determine if a newer release of Kata Containers is available on GitHub. If you do not wish this to check to run, add the
--no-network-checks
option.By default, only a brief success / failure message is printed. If more details are needed, the
--verbose
flag can be used to display the list of all the checks performed.If the command is run as the
root
user additional checks are run (including checking if another incompatible hypervisor is running). When running asroot
, network checks are automatically disabled.
Getting started
See the installation documentation.
Documentation
See the official documentation including:
Configuration
Kata Containers uses a single configuration file which contains a number of sections for various parts of the Kata Containers system including the runtime, the agent and the hypervisor.
Hypervisors
See the hypervisors document and the Hypervisor specific configuration details.
Community
To learn more about the project, its community and governance, see the community repository. This is the first place to go if you wish to contribute to the project.
Getting help
See the community section for ways to contact us.
Raising issues
Please raise an issue in this repository.
Note: If you are reporting a security issue, please follow the vulnerability reporting process
Developers
See the developer guide.
Components
Main components
The table below lists the core parts of the project:
Component | Type | Description |
---|---|---|
runtime | core | Main component run by a container manager and providing a containerd shimv2 runtime implementation. |
agent | core | Management process running inside the virtual machine / POD that sets up the container environment. |
documentation | documentation | Documentation common to all components (such as design and install documentation). |
tests | tests | Excludes unit tests which live with the main code. |
Additional components
The table below lists the remaining parts of the project:
Component | Type | Description |
---|---|---|
packaging | infrastructure | Scripts and metadata for producing packaged binaries (components, hypervisors, kernel and rootfs). |
kernel | kernel | Linux kernel used by the hypervisor to boot the guest image. Patches are stored here. |
osbuilder | infrastructure | Tool to create "mini O/S" rootfs and initrd images and kernel for the hypervisor. |
agent-ctl |
utility | Tool that provides low-level access for testing the agent. |
trace-forwarder |
utility | Agent tracing helper. |
ci |
CI | Continuous Integration configuration files and scripts. |
katacontainers.io |
Source for the katacontainers.io site. |
Packaging and releases
Kata Containers is now available natively for most distributions. However, packaging scripts and metadata are still used to generate snap and GitHub releases. See the components section for further details.
Glossary of Terms
See the glossary of terms related to Kata Containers.