From 99c46be787788d6407decb47a2eade104598c2c4 Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Fri, 5 Nov 2021 10:49:54 +0000 Subject: [PATCH] release: Kata Containers 2.3.0-rc0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - runtime# make sure the "Shutdown" trace span have a correct end - tracing: Accept multiple dynamic tags - logging: Enable agent debug output for release builds - agent: "Revert agent: Disable seccomp feature on aarch64 temporarily" - runtime: Enhancement for Makefile - osbuilder: build image-builder image from Fedora 34 - agent: refactor process IO processing - agent-ctl: Update for Hybrid VSOCK - docs: Fix outdated links - ci/install_libseccomp: Fix libseccomp build and misc improvement - virtcontainers: simplify read-only mount handling - runtime: add fast-test to let test exit on error - test: Fix random failure for TestIoCopy - cli: Show available guest protection in env output - Update k8s, critools, and CRI-O to their 1.22 release - package: assign proper value to redefined_string in build-kernel.sh - agent: Make wording of error message match CRI-O test suite - docs: Moving from EOT to EOF - virtcontainers: api: update the functions in the api.md docs - release: Upload libseccomp sources with notice to release page - virtcontainers: check that both initrd and image are not set - agent: Fix the configuration sample file - runtime: set tags for trace span - agent-ctl: Implement Linux OCI spec handling - runtime: Remove comments about unsupported features in config for clh - tools/packaging: Add options for VFIO to guest kernel - agent/runtime: Add seccomp feature - ci: test-kata-deploy: Get rid of slash-command-action action - This is to bump the OOT QAT 1.7 driver version to the latest version.… - forwarder: Drop privileges when using hybrid VSOCK - packaging/static-build: s390x fixes - agent-ctl: improve the oci_to_grpc code - agent: do not return error but print it if task wait failed - virtcontainers: delete duplicated notify in watchHypervisor function - agent: Handle uevent remove actions - enable unit test on arm - rustjail: Consistent coding style of LinuxDevice type - cli: Fix outdated kata-runtime bash completion - Allow VFIO devices to be used as VFIO devices in the container - Expose top level hypervisor methods - - Upgrade to Cloud Hypervisor v19.0 - docs: use-cases: Update Intel SGX use case - virtcontainers: clh: Enable the `seccomp` feature - runtime: delete cri containerd plugin from versions.yaml - docs: Write tracing documentation - runtime: delete useless src/runtime/cli/exit.go - snap: add cloud-hypervisor and experimental kernel - osbuilder: Call detect_rust_version() right before install_rust.sh - docs: Updating Developer Guide re qemu-img - versions: Add libseccomp and gperf version - Enable agent tracing for hybrid VSOCK hypervisors - runtime: optimize test code - runtime: use containerd package instead of cri-containerd - runtime: update sandbox root dir cleanup behavior in rootless hypervisor - utils: kata-manager: Update kata-manager.sh for new containerd config - osbuilder: Re-enable building the agent in Docker - agent: Do not fail when trying to adding existing routes - tracing: Fix typo in "package" tag name - kata-deploy: add .dockerignore file - runtime: change name in config settings back to "kata" - tracing: Remove trace mode and trace type 09d5d88 runtime: tracing: Change method for adding tags bcf3e82 logging: Enable agent debug output for release builds a239a38 osbuilder: build image-builder image from Fedora 34 375ad2b runtime: Enhancement for Makefile b468dc5 agent: Use dup3 system call in unit tests of seccomp 1aaa059 agent: "Revert agent: Disable seccomp feature on aarch64 temporarily" 1e331f7 agent: refactor process IO processing 9d3ec58 runtime: make sure the "Shutdown" trace span have a correct end 3f21af9 runtime: add fast-test to let test exit on error 9b270d7 ci/install_libseccomp: use a temporary work directory 98b4406 ci/install_libseccomp: Fix fail when DESTDIR is set 338ac87 virtcontainers: api: update the functions in the api.md docs 23496f9 release: Upload libseccomp sources with notice to release page e610fc8 runtime: Remove comments about unsupported features in config for clh 7e40195 agent-ctl: Add stub for AddSwap API 82de838 agent-ctl: Update for Hybrid VSOCK d1bcf10 forwarder: Remove quotes from socket path in doc e66d047 virtcontainers: simplify read-only mount handling bdf4824 tools/packaging: Add options for VFIO to guest kernel c509a20 agent-ctl: Implement Linux OCI spec handling 42add7f agent: Disable seccomp feature on aarch64 temporarily 5dfedc2 docs: Add explanation about seccomp 45e7c2c static-checks: Add step for installing libseccomp a3647e3 osbuilder: Set up libseccomp library 3be50ad agent: Add support for Seccomp 4280415 agent: Fix the configuration sample file b0bc71f ci: test-kata-deploy: Get rid of slash-command-action action 309dae6 virtcontainers: check that both initrd and image are not set a10cfff forwarder: Fix changing log level 6abccb9 forwarder: Drop privileges when using hybrid VSOCK bf00b8d agent-ctl: improve the oci_to_grpc code b67fa9e forwarder: Make explicit root check e377578 forwarder: Fix docs socket path 5f30633 virtcontainers: delete duplicated notify in watchHypervisor function 5f5eca6 agent: do not return error but print it if task wait failed d2a7b6f packaging/static-build: s390x fixes 6cc8000 cli: Show available guest protection in env output 2063b13 virtcontainers: Add func AvailableGuestProtections a13e2f7 agent: Handle uevent remove actions 34273da runtime/device: Allow VFIO devices to be presented to guest as VFIO devices 68696e0 runtime: Add parameter to constrainGRPCSpec to control VFIO handling d9e2e9e runtime: Rename constraintGRPCSpec to improve grammar 57ab408 runtime: Introduce "vfio_mode" config variable and annotation 730b9c4 agent/device: Create device nodes for VFIO devices 175f9b0 rustjail: Allow container devices in subdirectories 9891efc rustjail: Correct sanity checks on device path d6b62c0 rustjail: Change mknod_dev() and bind_dev() to take relative device path 2680c0b rustjail: Provide useful context on device node creation errors 42b92b2 agent/device: Allow container devname to differ from the host 827a41f agent/device: Refactor update_spec_device_list() 8ceadcc agent/device: Sanity check guest IOMMU groups ff59db7 agent/device: Add function to get IOMMU group for a PCI device 13b06a3 agent/device: Rebind VFIO devices to VFIO driver inside guest e22bd78 agent/device: Add helper function for binding a guest device to a driver b40eedc rustjail: Consistent coding style of LinuxDevice type 57c0f93 agent: fix race condition when test watcher 1a96b8b template: disable template unit test on arm 43b13a4 runtime: DefaultMaxVCPUs should not greater than defaultMaxQemuVCPUs c59c367 runtime: current vcpu number should be limited fa92251 runtime: kernel version with '+' as suffix panic in parse 52268d0 hypervisor: Expose the hypervisor itself a72bed5 hypervisor: update tests based on createSandbox->CreateVM change f434bcb hypervisor: createSandbox is CreateVM 76f1ce9 hypervisor: startSandbox is StartVM fd24a69 hypervisor: waitSandbox is waitVM a6385c8 hypervisor: stopSandbox is StopVM f989078 hypervisor: resumeSandbox is ResumeVM 73b4f27 hypervisor: saveSandbox is SaveVM 7308610 hypervisor: pauseSandbox is nothing but PauseVM 8f78e1c hypervisor: The SandboxConsole is the VM's console 4d47aee hypervisor: Export generic interface methods 6baf258 hypervisor: Minimal exports of generic hypervisor internal fields 37fa453 osbuilder: Update QAT driver in Dockerfile 8030b6c virtcontainers: clh: Re-generate the client code 8296754 versions: Upgrade to Cloud Hypervisor v19.0 2b13944 docs: Fix outdated links 4f75ccb docs: use-cases: Update Intel SGX use case 4f018b5 runtime: delete useless src/runtime/cli/exit.go 7a80aeb docs: Moving from EOT to EOF 09a5e03 docs: Write tracing documentation b625f62 runtime: delete cri containerd plugin from versions.yaml 24fff57 snap: make curl commands consistent 2b9f79c snap: add cloud-hypervisor and experimental kernel 273a1a9 runtime: optimize test code 76f16fd runtime: use containerd package instead of cri-containerd 6d55b1b docs: use containerd to replace cri-containerd ed02bc9 packaging: add containerd to versions.yaml 50da26d osbuilder: Call detect_rust_version() right before install_rust.sh b4fadc9 docs: Updating Developer Guide re qemu-img b8e69ce versions: Add libseccomp and gperf version 17a8c5c runtime: Fix random failure for TestIoCopy f34f67d osbuilder: Specify version when installing Rust 135a080 osbuilder: Pass CI env to container agent build eb5dd76 osbuilder: Re-enable building the agent in Docker bcffa26 tracing: Fix typo in "package" tag name e61f5e2 runtime: Show socket path in kata-env output 5b3a349 trace-forwarder: Support Hybrid VSOCK e42bc05 kata-deploy: add .dockerignore file 321be0f tracing: Remove trace mode and trace type 7d0b616 agent: Do not fail when trying to adding existing routes 3f95469 runtime: logging: Add variable for syslog tag adc9e0b runtime: fix two bugs in rootless hypervisor 51cbe14 runtime: Add option "disable_seccomp" to config hypervisor.clh 98b7350 virtcontainers: clh: Enable the `seccomp` feature 46720c6 runtime: set tags for trace span d789b42 package: assign proper value to redefined_string 4d7ddff utils: kata-manager: Update kata-manager.sh for new containerd config f5172d1 cli: Fix outdated kata-runtime bash completion d45c86d versions: Update CRI-O to its 1.22 release c4a6426 versions: Update k8s & critools to v1.22 881b996 agent: Make wording of error message match CRI-O test suite Signed-off-by: Peng Tao --- VERSION | 2 +- .../base/kata-cleanup-stable.yaml | 46 ------------- .../kata-cleanup/base/kata-cleanup.yaml | 2 +- .../kata-deploy/base/kata-deploy-stable.yaml | 69 ------------------- .../kata-deploy/base/kata-deploy.yaml | 2 +- 5 files changed, 3 insertions(+), 118 deletions(-) delete mode 100644 tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup-stable.yaml delete mode 100644 tools/packaging/kata-deploy/kata-deploy/base/kata-deploy-stable.yaml diff --git a/VERSION b/VERSION index 3bc2d286d..b717ad066 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3.0-alpha2 +2.3.0-rc0 diff --git a/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup-stable.yaml b/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup-stable.yaml deleted file mode 100644 index f1d9d0a2f..000000000 --- a/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup-stable.yaml +++ /dev/null @@ -1,46 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: kubelet-kata-cleanup - namespace: kube-system -spec: - selector: - matchLabels: - name: kubelet-kata-cleanup - template: - metadata: - labels: - name: kubelet-kata-cleanup - spec: - serviceAccountName: kata-label-node - nodeSelector: - katacontainers.io/kata-runtime: cleanup - containers: - - name: kube-kata-cleanup - image: quay.io/kata-containers/kata-deploy:stable - imagePullPolicy: Always - command: [ "bash", "-c", "/opt/kata-artifacts/scripts/kata-deploy.sh reset" ] - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - securityContext: - privileged: false - volumeMounts: - - name: dbus - mountPath: /var/run/dbus - - name: systemd - mountPath: /run/systemd - volumes: - - name: dbus - hostPath: - path: /var/run/dbus - - name: systemd - hostPath: - path: /run/systemd - updateStrategy: - rollingUpdate: - maxUnavailable: 1 - type: RollingUpdate diff --git a/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml b/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml index 851e958a4..fe49f2bc2 100644 --- a/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml +++ b/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml @@ -18,7 +18,7 @@ spec: katacontainers.io/kata-runtime: cleanup containers: - name: kube-kata-cleanup - image: quay.io/kata-containers/kata-deploy:latest + image: quay.io/kata-containers/kata-deploy:2.3.0-rc0 imagePullPolicy: Always command: [ "bash", "-c", "/opt/kata-artifacts/scripts/kata-deploy.sh reset" ] env: diff --git a/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy-stable.yaml b/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy-stable.yaml deleted file mode 100644 index 346e4c0ee..000000000 --- a/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy-stable.yaml +++ /dev/null @@ -1,69 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: kata-deploy - namespace: kube-system -spec: - selector: - matchLabels: - name: kata-deploy - template: - metadata: - labels: - name: kata-deploy - spec: - serviceAccountName: kata-label-node - containers: - - name: kube-kata - image: quay.io/kata-containers/kata-deploy:stable - imagePullPolicy: Always - lifecycle: - preStop: - exec: - command: ["bash", "-c", "/opt/kata-artifacts/scripts/kata-deploy.sh cleanup"] - command: [ "bash", "-c", "/opt/kata-artifacts/scripts/kata-deploy.sh install" ] - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - securityContext: - privileged: false - volumeMounts: - - name: crio-conf - mountPath: /etc/crio/ - - name: containerd-conf - mountPath: /etc/containerd/ - - name: kata-artifacts - mountPath: /opt/kata/ - - name: dbus - mountPath: /var/run/dbus - - name: systemd - mountPath: /run/systemd - - name: local-bin - mountPath: /usr/local/bin/ - volumes: - - name: crio-conf - hostPath: - path: /etc/crio/ - - name: containerd-conf - hostPath: - path: /etc/containerd/ - - name: kata-artifacts - hostPath: - path: /opt/kata/ - type: DirectoryOrCreate - - name: dbus - hostPath: - path: /var/run/dbus - - name: systemd - hostPath: - path: /run/systemd - - name: local-bin - hostPath: - path: /usr/local/bin/ - updateStrategy: - rollingUpdate: - maxUnavailable: 1 - type: RollingUpdate diff --git a/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml b/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml index a03a56b84..cc3638e57 100644 --- a/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml +++ b/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml @@ -16,7 +16,7 @@ spec: serviceAccountName: kata-label-node containers: - name: kube-kata - image: quay.io/kata-containers/kata-deploy:latest + image: quay.io/kata-containers/kata-deploy:2.3.0-rc0 imagePullPolicy: Always lifecycle: preStop: