github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-31 07:19:06 +00:00
Code Issues Projects Releases Wiki Activity
9,446 Commits 52 Branches 136 Tags 320 MiB
Rust 58%
Go 24.7%
Shell 10%
RPC 5.4%
Makefile 1%
Other 0.8%
ee74231b1c
Go to file
Peng Tao ee74231b1c release: Kata Containers 3.1.0-alpha0 
- libs/kata-types: adjust default_vcpus correctly
- runtime-rs: delete duplicated PASSTHROUGH_FS_DIR const
- Enable ACRN hypervisor support for Kata 2.x release
- agent: reduce reference count for failed mount
- agent: don't exit early if signal fails due to ESRCH
- kata-sys-util: delete duplicated get_bundle_path
- packaging: Mount $HOME/.docker in the 1st layer container
- Upgrade to Cloud Hypervisor v27.0
- microvm: Remove kernel_irqchip=on option
- kata-sys-util: fix typo `unknow`
- dragonball: update ut for kernel config
- versions: Update gperf url to avoid libseccomp random failures
- versions: Update oci version
- dragonball: fix no "as_str" error on Arm
- tools: release: fix bogus version check
- runtime-rs: update Cargo.lock
- refactor(runtime-rs): Use RwLock in runtime-agent
- runtime-rs: fix shim close_io call to support kubectl cp
- runtime-rs: add comments for runtime-rs shared directory
- workflow: trigger test-kata-deploy with pull_request and fix workflow_dispatch
- Dragonball: update linux_loader to 0.6.0
- modify virtio_net_dev_mgr.rs wrong code comments
- docs: Update urls in runk documentation
- runtime-rs: support watchable mount
- runtime-rs: debug console support in runtime
- kata-deploy: ship the rustified runtime binary
- runtime-rs: define VFIO unbind path as a const
- runtime-rs: set agent timeout to 0 for stream RPCs
- Added SNP-Support for Kata-Containers
- packaging: fix typo in configure-hypervisor.sh
- runtime/runtime-rs: update dependency
- release: Revert kata-deploy changes after 3.0.0-rc0 release
- runtime-rs: add test for StaticResource
- runtime-rs: remove hardcoded string
- docs: add README for runtime-rs hypervisor crate
- runtime-rs: use Path.is_file to check regular files
- osbuilder: Export directory variables for libseccomp
- runtime-rs: add unit tests for network resource
- runtime-rs/resource: use macro to reduce duplicated code
- runtime-rs: fix incorrect comments
- kernel: Add crypto kernel config for s390
- Non-root hypervisor uid reuse bug
- Build-in Sandbox: update dragonball-sandbox dependencies
- docs: Update url in virtualization document
- dragonball: Fix problem that stdio console cannot connect to stdout
- runtime-rs: call TomlConfig's validate function after load
- feat(Shimmgmt): Shim management server and client

53f209af4 libs/kata-types: adjust default_vcpus correctly
ef5a2dc3b agent: don't exit early if signal fails due to ESRCH
435c8f181 acrn: Enable ACRN hypervisor support for Kata 2.x release
c31cf7269 agent: reduce reference count for failed mount
4da743f90 packaging: Mount $HOME/.docker in the 1st layer container
067e2b1e3 runtime: clh: Use the new API to boot with TDX firmware (td-shim)
5d63fcf34 runtime: clh: Re-generate the client code
fe6107042 versions: Upgrade to Cloud Hypervisor v27.0
17de94e11 microvm: Remove kernel_irqchip=on option
3aeaa6459 runtime-rs: delete duplicated PASSTHROUGH_FS_DIR const
43ae97233 kata-sys-util: delete duplicated get_bundle_path
ac0483122 kata-sys-util: fix typo `unknow`
a24127659 versions: Update gperf url to avoid libseccomp random failures
a617a6348 versions: Update oci version
6d585d591 dragonball: fix no "as_str" error on Arm
421729f99 tools: release: fix bogus version check
457b0beaf runtime-rs: update Cargo.lock
f89ada2de dragonball: update ut for kernel config
0e899669e runtime-rs: fix shim close_io call to support kubectl cp
96cf21fad runtime-rs: add comments for runtime-rs shared directory
9bd941098 docs: Update urls in runk documentation
90ecc015e Dragonball: update linux_loader to 0.6.0
4a763925e runtime-rs: support watchable mount
abc26b00b dragonball: modify wrong code comments modify virtio_net_dev_mgr.rs wrong code comments
20bcaf0e3 runtime-rs: set agent timeout to 0 for stream RPCs
274de024c docs: add README for runtime-rs hypervisor crate
a4a23457c osbuilder: Export directory variables for libseccomp
d663f110d kata-deploy: get the config path from cri options
c6b3dcb67 kata-deploy: support kata-deploy for runtime-rs
46965739a runtime-rs: remove hardcoded string
a394761a5 kata-deploy: add installation for runtime-rs
50299a329 refactor(runtime-rs): Use RwLock in runtime agent
9628c7df0 runtime: update runc dependency
7fbc88387 runtime-rs: drop dependency on rustc-serialize
bf2be0cf7 release: Revert kata-deploy changes after 3.0.0-rc0 release
e23bfd615 runtime-rs: make function name more understandable
426a43678 runtime-rs: add unit test and eliminate raw string
87959cb72 runtime-rs: debug console support in runtime
d55cf9ab7 docs: Update url in virtualization document
0399da677 runtime-rs: update dependencies
f6f19917a dragonball: update dragonball-sandbox dependencies
2caee1f38 runtime-rs: define VFIO unbind path as a const
3f65ff2d0 runtime-rs: fix incorrect comments
9670a3caa runtime-rs: use Path.is_file to check regular files
d9e6eb11a docs: Guide to use SNP-VMs with Kata-Containers
ded60173d runtime: Enable choice between AMD SEV and SNP
22bda0838 runtime: Support for AMD SEV-SNP VMs
a2bbd2942 kernel: Introduce SNP kernel
0e69405e1 docs: Developer-Guide updated
105eda5b9 runtime: Initrd path option added to config
a8a8a28a3 runtime-rs/resource: use macro to reduce duplicated code
7622452f4 Dragonball: Fix the problem about stdio console
208233288 runtime-rs: add test for StaticResource
adb33a412 packaging: fix typo in configure-hypervisor.sh
f91431987 runtime: store the user name in hypervisor config
86a02c5f6 kernel: Add crypto kernel config for s390
5cafe2177 runtime: make StopVM thread-safe
c3015927a runtime: add more debug logs for non-root user operation
5add50aea runtime-rs: timeout for shim management client
9f13496e1 runtime-rs: shim management client
aaf6d6908 runtime-rs: call TomlConfig's validate function after load
e891295e1 runtime-rs: shim management - agent-url
59aeb776b runtime-rs: shim management
a828292b4 runtime-rs: add unit tests for network resource
7676cde0c workflow: trigger test-kata-deploy with pull_request
f10827357 workflow: require PR num input on test-kata-deploy workflow_dispatch
428d6dc80 workflow: Revert "workflow: trigger test-kata-deploy with pull_request"

Signed-off-by: Peng Tao <bergwolf@hyper.sh>
2022-10-09 11:50:42 +08:00
.github workflow: Revert "workflow: trigger test-kata-deploy with pull_request" 2022-10-09 11:50:42 +08:00
ci github-actions: Add cargo-deny 2022-08-30 09:30:03 -07:00
docs workflow: Revert "workflow: trigger test-kata-deploy with pull_request" 2022-10-09 11:50:42 +08:00
snap kernel: upgrade guest kernel support to 5.19.2 2022-08-19 13:08:13 -05:00
src Merge pull request #5302 from liubin/fix/5285-SetFsSharingSupport-comment 2022-10-09 09:40:31 +08:00
tools packaging: Mount $HOME/.docker in the 1st layer container 2022-10-05 15:25:07 +02:00
utils manager: Change here documents to use standard delimiter 2022-03-10 09:19:29 +00:00
.gitignore log-parser: move the kata-log-parser from the tests repo 2022-05-10 13:23:25 +03:00
CODE_OF_CONDUCT.md docs: Add contributing and code of conduct docs 2018-02-06 10:41:09 +00:00
CODEOWNERS docs: fix static check errors 2020-09-28 11:01:03 +08:00
CONTRIBUTING.md docs: Update contributing link 2022-02-21 17:01:09 +00:00
deny.toml github-actions: Add cargo-deny 2022-08-30 09:30:03 -07:00
Glossary.md docs: Redirect glossary to the wiki 2022-01-20 14:01:24 +00:00
LICENSE Initial commit 2017-12-06 23:01:13 -06:00
Makefile runtime-rs: shim implements for runtime-rs 2022-06-10 19:56:59 +08:00
README.md runtime-rs: add README.md 2022-09-08 16:03:45 +08:00
utils.mk build: format files 2022-06-29 11:19:10 +08:00
VERSION release: Kata Containers 3.1.0-alpha0 2022-10-09 11:50:42 +08:00
versions.yaml versions: Upgrade to Cloud Hypervisor v27.0 2022-10-03 10:25:04 -07:00

README.md

Kata Containers

Welcome to Kata Containers!

This repository is the home of the Kata Containers code for the 2.0 and newer releases.

If you want to learn about Kata Containers, visit the main Kata Containers website.

Introduction

Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.

License

The code is licensed under the Apache 2.0 license. See the license file for further details.

Platform support

Kata Containers currently runs on 64-bit systems supporting the following technologies:

Architecture Virtualization technology
x86_64, amd64 Intel VT-x, AMD SVM
aarch64 ("arm64") ARM Hyp
ppc64le IBM Power
s390x IBM Z & LinuxONE SIE

Hardware requirements

The Kata Containers runtime provides a command to determine if your host system is capable of running and creating a Kata Container:

$ kata-runtime check

Notes:

  • This command runs a number of checks including connecting to the network to determine if a newer release of Kata Containers is available on GitHub. If you do not wish this to check to run, add the --no-network-checks option.

  • By default, only a brief success / failure message is printed. If more details are needed, the --verbose flag can be used to display the list of all the checks performed.

  • If the command is run as the root user additional checks are run (including checking if another incompatible hypervisor is running). When running as root, network checks are automatically disabled.

Getting started

See the installation documentation.

Documentation

See the official documentation including:

Configuration

Kata Containers uses a single configuration file which contains a number of sections for various parts of the Kata Containers system including the runtime, the agent and the hypervisor.

Hypervisors

See the hypervisors document and the Hypervisor specific configuration details.

Community

To learn more about the project, its community and governance, see the community repository. This is the first place to go if you wish to contribute to the project.

Getting help

See the community section for ways to contact us.

Raising issues

Please raise an issue in this repository.

Note: If you are reporting a security issue, please follow the vulnerability reporting process

Developers

See the developer guide.

Components

Main components

The table below lists the core parts of the project:

Component Type Description
runtime core Main component run by a container manager and providing a containerd shimv2 runtime implementation.
runtime-rs core The Rust version runtime.
agent core Management process running inside the virtual machine / POD that sets up the container environment.
libraries core Library crates shared by multiple Kata Container components or published to crates.io
dragonball core An optional built-in VMM brings out-of-the-box Kata Containers experience with optimizations on container workloads
documentation documentation Documentation common to all components (such as design and install documentation).
libraries core Library crates shared by multiple Kata Container components or published to crates.io
tests tests Excludes unit tests which live with the main code.

Additional components

The table below lists the remaining parts of the project:

Component Type Description
packaging infrastructure Scripts and metadata for producing packaged binaries
(components, hypervisors, kernel and rootfs).
kernel kernel Linux kernel used by the hypervisor to boot the guest image. Patches are stored here.
osbuilder infrastructure Tool to create "mini O/S" rootfs and initrd images and kernel for the hypervisor.
agent-ctl utility Tool that provides low-level access for testing the agent.
trace-forwarder utility Agent tracing helper.
runk utility Standard OCI container runtime based on the agent.
ci CI Continuous Integration configuration files and scripts.
katacontainers.io Source for the katacontainers.io site.

Packaging and releases

Kata Containers is now available natively for most distributions. However, packaging scripts and metadata are still used to generate snap and GitHub releases. See the components section for further details.

Glossary of Terms

See the glossary of terms related to Kata Containers.