mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-19 01:39:48 +00:00

acrn containers cri cri-o docker firecracker k8s kubernetes kvm oci qemu security virtual-machine virtualization

Go to file

Snir Sheriber eb24e97150 release: Kata Containers 2.5.0-alpha2 - docs: Update storage documentation link - rustjail: get home dir using nix crate - runk: Support `list` sub-command - docs: Update vGPU use-case - runtime: ignore ESRCH error from stop container - docs: Update configuration reference for snap documentation - workflows: add workflow_dispatch triggering to test-kata-deploy - snap: Use helper script and cleanup - feature: add ability to interact with IPTables within the guest - agent: return mount file content if parse mountinfo failed - docs: Update Intel QAT documentation links - osbuilder: add iptables package - runk: Return error when tty is used without console socket - runk: Add Podman guide in README - agent: Pass standard I/O to container launched by runk - agent, runk: Enable test for the agent built with standard-oci-runtime feature - runk: Handle rootfs path in config.json properly - Update containerd docs - clh: Update to v24.0 - snap: Build and package rust version of virtiofsd - runk: merge oci-kata-agent into runk - virtiofsd: static build virtiofsd from rust code for non-x86 - Fix issues with direct-volume stats feature - runtime: fix incorrect Action function for direct-volume stats - runtime: Adding the correct detection of mediated PCIe devices - runtime: remove duplicate 'types' import - runtime: sync docstrings with function names - qemu: allow using legacy serial device for the console - docs: Remove clear containers reference in README - runtime: do not check for EOF error in console watcher - kernel: Remove nemu.conf from packaging - tools: delete unused param from get_from_kata_deps callers - agent: Fix is_signal_handled failing parsing str to u64 - Improve Go unit test script - packaging: Add kernel config option for SGX in Gramine - ci: Don't run Docs URL Alive Check workflow on forks - tools: Add QEMU patches for SGX numa support - docs: Update runc containerd runtime - Build and distribute the rust version of virtiofsd - doc: Update log parser link - Move the kata-log-parser from the tests repo - versions: Upgrade to Cloud Hypervisor v23.1 - agent: Add a macro to skip a loop easier - runk: use custom Kill command to support --all option - agent: add test coverage for functions find_process and online_resources `fe3c1d9cd` docs: Update storage documentation link `9d27c1fce` agent: ignore ESRCH error when destroying containers `9726f56fd` runtime: force stop container after the container process exits `168f325c4` docs: Update configuration reference for snap documentation `38a318820` runk: Support `list` sub-command `b9fc24ff3` docs: update release process github token instructions `c1476a174` docs: update release process with latest workflow triggering `002f2cd10` snap: Use helper script and cleanup `2e04833fb` docs: Update Intel QAT documentation links `8b57bf97a` workflows: add workflow_dispatch triggering to test-kata-deploy `6d0ff901a` docs: Update vGPU use-case `9b108d993` docs: Improve snap formatting `894f661cc` docs: Add warning to snap build `d759f6c3e` snap: Fix CH architecture check `590381574` agent: Pass standard I/O to container launched by runk `af2ef3f7a` agent-ctl: introduce handle for iptables get/set `65f0cef16` kata-runtime: add iptables CLI to test http endpoint `3201ad083` shim-client: ensure we check resp status for Put/Post `0706fb28a` kata-runtime: shmgmt: make url usage consistent `2a09378dd` shim-client: add support for DoPut `640173cfc` shim-mgmt: Add endpoint handler for interacting with iptables `0136be22c` virtcontainers: plumb iptable set/get from sandbox to agent `bd50d463b` agent: iptables: get/set handling for iptables `7c4049aab` osbuilder: add iptables package `03176a9e0` proto: update generated code based on proto update `38ebbc705` proto: update to add set/get iptables `78d45b434` agent: return mount file content if parse mountinfo failed `c7b3941c9` runk: Enable test for the agent built with standard-oci-runtime feature `6dbce7c3d` agent: Remove unused import in console test `6ecea84bc` rustjail: get home dir using nix crate `648b8d0ae` runk: Return error when tty is used without console socket `5205efd9b` runk: Add Podman guide in README `d862ca059` runk: Handle rootfs path in config.json properly `56591804b` docs: Improve snap build instructions `cb2b30970` snap: Build using destructive mode `60823abb9` docs: Move snap README `fff832874` clh: Update to v24.0 `49361749e` snap: Build and package rust version of virtiofsd `27d903b76` snap: Put the yq binary in the staging bin directory `d7b4ce049` snap: Remove unused variable `43de5440e` snap: Fix unbound variable error `c9b291509` snap: Fix whitespace `122a85e22` agent: remove bin oci-kata-agent `35619b45a` runk: merge oci-kata-agent into runk `10c13d719` qemu: remove virtiofsd option in qemu config `d20bc5a4d` virtiofsd: build rust based virtiofsd from source for non-x86_64 `c95ba63c0` docs: Remove information related to Kata 1.x `34b80382b` docs: Get rid of note related to networking. `dfad5728a` docs: Mention --cni flag while invoking ctr `8e7c5975c` agent: fix direct-assigned volume stats `4428ceae1` runtime: direct-volume stats use correct name `ffdc065b4` runtime: direct-volume stats update to use GET parameter `f29595318` runtime: fix incorrect Action function for direct-volume stats `7a5ccd126` runtime: sync docstrings with function names `ce2e521a0` runtime: remove duplicate 'types' import `834f93ce8` docs: fix annotations example `f4994e486` runtime: allow annotation configuration to use_legacy_serial `24a2b0f6a` docs: Remove clear containers reference in README `abad33eba` kernel: Remove nemu.conf from packaging `e87eb13c4` tools: delete unused param from get_from_kata_deps callers `8052fe62f` runtime: do not check for EOF error in console watcher `c67b9d297` qemu: allow using legacy serial device for the console `44814dce1` qemu: treat console kernel params within appendConsole `4f586d2a9` packaging: Add kernel config option for SGX in Gramine `4b437d91f` agent: Fix is_signal_handled failing parsing str to u64 `88fb9b72e` docs: Update runc containerd runtime `d1f2852d8` tools: Stop building virtiofsd with qemu (for x86_64) `c39852e83` runtime: Use ${LIBEXEC}/virtiofsd as the default virtiofsd path `b4b9068cb` tools: Add QEMU patches for SGX numa support `a475956ab` workflows: Add support for building virtiofsd `71f59f3a7` local-build: Add support for building virtiofsd `c7ac55b6d` dockerbuild: Install unzip `8e2042d05` tools: add script to pull virtiofsd `dbedea508` versions: Add virtiofsd entry `e73b70baf` runtime: Don't run unit tests verbose by default `f24a6e761` runtime: Consolidate flags setting in unit tests script `cf465feb0` runtime: Don't change test behaviour based on $CI or $KATA_DEV_MODE `34c4ac599` runtime: Remove redundant subcommands from go-test.sh `0aff5aaa3` runtime: Simplify package listing in go-test.sh `557c4cfd0` runtime: Don't chmod coverage files in Go tests `04c8b52e0` runtime: Remove HTML coverage option from go-test.sh `7f7691442` runtime: Add coverage.txt.tmp to gitignore `13c257700` runtime: Move go testing script locally `421064680` doc: Update log parser link `271933fec` log-parser: fix some of the documentation `c7dacb121` log-parser: move the kata-log-parser from the tests repo `82ea01828` versions: Upgrade to Cloud Hypervisor v23.1 `2a1d39414` runtime: Adding the correct detection of mediated PCIe devices `7bc4ab68c` ci: Don't run Docs URL Alive Check workflow on forks `475e3bf38` agent: add test coverage for functions find_process and online_resources `383be2203` agent: Add a macro to skip a loop easier `97d7b1845` runk: use custom Kill command to support --all option Signed-off-by: Snir Sheriber <ssheribe@redhat.com>		2022-06-08 11:56:30 +03:00
.github/workflows	workflows: add workflow_dispatch triggering to test-kata-deploy	2022-06-01 16:21:01 +03:00
ci	runtime: Move go testing script locally	2022-05-13 13:14:37 +10:00
docs	docs: Update storage documentation link	2022-06-06 14:48:34 +00:00
snap	docs: Update configuration reference for snap documentation	2022-06-02 14:55:06 +00:00
src	Merge pull request #4300 from justxuewei/fix/rustjail/home-env	2022-06-06 11:03:46 +08:00
tools	Merge pull request #4322 from jodh-intel/snap-cleanup	2022-06-02 11:47:02 +02:00
utils	manager: Change here documents to use standard delimiter	2022-03-10 09:19:29 +00:00
.gitignore	log-parser: move the kata-log-parser from the tests repo	2022-05-10 13:23:25 +03:00
CODE_OF_CONDUCT.md	docs: Add contributing and code of conduct docs	2018-02-06 10:41:09 +00:00
CODEOWNERS	docs: fix static check errors	2020-09-28 11:01:03 +08:00
CONTRIBUTING.md	docs: Update contributing link	2022-02-21 17:01:09 +00:00
Glossary.md	docs: Redirect glossary to the wiki	2022-01-20 14:01:24 +00:00
LICENSE	Initial commit	2017-12-06 23:01:13 -06:00
Makefile	log-parser: move the kata-log-parser from the tests repo	2022-05-10 13:23:25 +03:00
README.md	docs: Move snap README	2022-05-26 15:56:36 +01:00
utils.mk	packaging: Enable cross-building agent	2022-03-07 11:58:46 +01:00
VERSION	release: Kata Containers 2.5.0-alpha2	2022-06-08 11:56:30 +03:00
versions.yaml	clh: Update to v24.0	2022-05-26 08:51:18 +00:00

README.md

Kata Containers

Welcome to Kata Containers!

This repository is the home of the Kata Containers code for the 2.0 and newer releases.

If you want to learn about Kata Containers, visit the main Kata Containers website.

Introduction

Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.

License

The code is licensed under the Apache 2.0 license. See the license file for further details.

Platform support

Kata Containers currently runs on 64-bit systems supporting the following technologies:

Architecture	Virtualization technology
`x86_64`, `amd64`	Intel VT-x, AMD SVM
`aarch64` ("`arm64`")	ARM Hyp
`ppc64le`	IBM Power
`s390x`	IBM Z & LinuxONE SIE

Hardware requirements

The Kata Containers runtime provides a command to determine if your host system is capable of running and creating a Kata Container:

$ kata-runtime check

Notes:

This command runs a number of checks including connecting to the network to determine if a newer release of Kata Containers is available on GitHub. If you do not wish this to check to run, add the --no-network-checks option.

By default, only a brief success / failure message is printed. If more details are needed, the --verbose flag can be used to display the list of all the checks performed.

If the command is run as the root user additional checks are run (including checking if another incompatible hypervisor is running). When running as root, network checks are automatically disabled.

Getting started

See the installation documentation.

Documentation

See the official documentation including:

Configuration

Kata Containers uses a single configuration file which contains a number of sections for various parts of the Kata Containers system including the runtime, the agent and the hypervisor.

Hypervisors

See the hypervisors document and the Hypervisor specific configuration details.

Community

To learn more about the project, its community and governance, see the community repository. This is the first place to go if you wish to contribute to the project.

Getting help

See the community section for ways to contact us.

Raising issues

Please raise an issue in this repository.

Note: If you are reporting a security issue, please follow the vulnerability reporting process

Developers

See the developer guide.

Components

Main components

The table below lists the core parts of the project:

Component	Type	Description
runtime	core	Main component run by a container manager and providing a containerd shimv2 runtime implementation.
agent	core	Management process running inside the virtual machine / POD that sets up the container environment.
documentation	documentation	Documentation common to all components (such as design and install documentation).
libraries	core	Library crates shared by multiple Kata Container components or published to `crates.io`
tests	tests	Excludes unit tests which live with the main code.

Additional components

The table below lists the remaining parts of the project:

Component	Type	Description
packaging	infrastructure	Scripts and metadata for producing packaged binaries (components, hypervisors, kernel and rootfs).
kernel	kernel	Linux kernel used by the hypervisor to boot the guest image. Patches are stored here.
osbuilder	infrastructure	Tool to create "mini O/S" rootfs and initrd images and kernel for the hypervisor.
`agent-ctl`	utility	Tool that provides low-level access for testing the agent.
`trace-forwarder`	utility	Agent tracing helper.
`runk`	utility	Standard OCI container runtime based on the agent.
`ci`	CI	Continuous Integration configuration files and scripts.
`katacontainers.io`	Source for the `katacontainers.io` site.

Packaging and releases

Kata Containers is now available natively for most distributions. However, packaging scripts and metadata are still used to generate snap and GitHub releases. See the components section for further details.

Glossary of Terms

See the glossary of terms related to Kata Containers.