- runtime: Register defer function at early stage - Ensure the go vendored code is up-to-date and that we actually can call `cargo vendor` on every pull-request - ci: add golang 1.16 to the CI - Update outdated comments and do some minor reworks - snap: Build initrd on ppc64le & s390x - ci: static checks: use defined target_branch - trace-forwarder: Add option rustflags, target, build-type for the make - CI: Honour force-skip-ci label - qemu: stop the virtiofsd specifically - tracing: Consolidate tracing into a new katatrace package - runtime: return error if clh's binary doesn't have a normal stat - osbuilder: Fix the order of checking the distro config directory - agent: Fix to parsing of /proc/self/mountinfo - runtime: Fix lint issues - snap: Miscellaneous s390x fixes - runtime: Use CC=gcc on all RPM-based s390x - s390x: Enable virtio-blk-ccw - forwarder: Add dump only option - shimv2: fix the issue of leaking the hypervisor processes - runtime: Remove the version check for cloud hypervisor - agent: fix wrong regular exp to fetch guest-cid - runtime: refact virtcontainers/pkg/oci - agent: enhance tests of execute_hook - agent: Cleanup config - Pass span context from runtime to agent to get a full trace #1968 - agent: update netlink libraries - shimv2: update containerd vendor - runtime: Format golang proto code - agent: delete some lint attributes - docs: Fix url in virtiofs documentation - tools: agent-ctl: Fix build failure - cargo: Use latest nix crate for all Rust code bases - virtcontainers: Don't fail memory hotplug - Add "watchable-mounts" concept to allow for inotify support of specific types of mounts. - tracing: Make runHooks() span creation return context - kernel: Add Secure Execution guest - packaging: Support Podman in QEMU build - Update qat version - docs: Set LIBC=gnu for s390x too - shimv2: fix the issue of leaking wait goroutines - runtime: report finish time in containers stats - docs: Fix typos in Developer Guide - docs: Update urls for Documentation Requirements document - runtime: update default machine type to q35 - docs: fix brackets usage error for developer guide - Remove the pc machine - runtime: do not hot-remove PMEM devices - docs: Update kata-deploy urls for installation document - docs: Update url for installation guides - agent: Add some mount options and sort the options alphabetically - runtime: using detail propertites instead of function name in log field - qemu: Add nvdimm read-only file support - ci: snap: Fetch history to all branches and tags - memory_offset must be larger than 32 bit - containerd-shim-v2: Skip TestIoCopy unit test - ppc64le: Adding test for appendProtectionDevice - agent: Update rust version for tokio - Upgrade mio to v0.7.13 to fix epoll_fd leak problem - osbuilder: fix log message that is not error but seems like an error - docs: Update url for breaking compatibility - docs: Remove docker support with kata 2.x and sysctls - docs: Update README for runtime documentation - Support SEV - test: Add a unit test for ioCopy() - versions: Upgrade to cloud-hypervisor v16.0 |
||
---|---|---|
.github/workflows | ||
ci | ||
docs | ||
pkg/logging | ||
snap | ||
src | ||
tools | ||
utils | ||
.gitignore | ||
CODE_OF_CONDUCT.md | ||
CODEOWNERS | ||
CONTRIBUTING.md | ||
LICENSE | ||
Makefile | ||
README.md | ||
utils.mk | ||
VERSION | ||
versions.yaml |

Kata Containers
Welcome to Kata Containers!
This repository is the home of the Kata Containers code for the 2.0 and newer releases.
If you want to learn about Kata Containers, visit the main Kata Containers website.
For further details on the older (first generation) Kata Containers 1.x versions, see the Kata Containers 1.x components section.
Introduction
Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.
Getting started
See the installation documentation.
Documentation
See the official documentation (including installation guides, the developer guide, design documents and more).
Community
To learn more about the project, its community and governance, see the community repository. This is the first place to go if you wish to contribute to the project.
Getting help
See the community section for ways to contact us.
Raising issues
Please raise an issue in this repository.
Note: If you are reporting a security issue, please follow the vulnerability reporting process
Kata Containers 1.x versions
For older Kata Containers 1.x releases, please raise an issue in the Kata Containers 1.x component repository that seems most appropriate.
If in doubt, raise an issue in the Kata Containers 1.x runtime repository.
Developers
Components
Component | Type | Description |
---|---|---|
agent-ctl | utility | Tool that provides low-level access for testing the agent. |
agent | core | Management process running inside the virtual machine / POD that sets up the container environment. |
documentation | documentation | Documentation common to all components (such as design and install documentation). |
osbuilder | infrastructure | Tool to create "mini O/S" rootfs and initrd images for the hypervisor. |
packaging | infrastructure | Scripts and metadata for producing packaged binaries (components, hypervisors, kernel and rootfs). |
runtime | core | Main component run by a container manager and providing a containerd shimv2 runtime implementation. |
trace-forwarder | utility | Agent tracing helper. |
Kata Containers 1.x components
For the first generation of Kata Containers (1.x versions), each component was kept in a separate repository.
For information on the Kata Containers 1.x releases, see the Kata Containers 1.x releases page.
For further information on particular Kata Containers 1.x components, see the individual component repositories:
Component | Type | Description |
---|---|---|
agent | core | See components. |
documentation | documentation | |
KSM throttler | optional core | Daemon that monitors containers and deduplicates memory to maximize container density on the host. |
osbuilder | infrastructure | See components. |
packaging | infrastructure | See components. |
proxy | core | Multiplexes communications between the shims, agent and runtime. |
runtime | core | See components. |
shim | core | Handles standard I/O and signals on behalf of the container process. |
Note:
- There are more components for the original Kata Containers 1.x implementation.
- The current implementation simplifies the design significantly: compare the current and previous generation designs.
Common repositories
The following repositories are used by both the current and first generation Kata Containers implementations:
Component | Description | Current | First generation | Notes |
---|---|---|---|---|
CI | Continuous Integration configuration files and scripts. | Kata 2.x | Kata 1.x | |
kernel | The Linux kernel used by the hypervisor to boot the guest image. | Kata 2.x | Kata 1.x | Patches are stored in the packaging component. |
tests | Test code. | Kata 2.x | Kata 1.x | Excludes unit tests which live with the main code. |
www.katacontainers.io | Contains the source for the main web site. | Kata 2.x | Kata 1.x |
Packaging and releases
Kata Containers is now available natively for most distributions. However, packaging scripts and metadata are still used to generate snap and GitHub releases. See the components section for further details.