Skip to content

Kata Containers 3.5.0

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 15 May 10:27
· 197 commits to main since this release
3.5.0
6a4ff08
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Survey

Please take the Kata Containers survey:

This will help the Kata Containers community understand:

  • how you use Kata Containers
  • what features and improvements you would like to see in Kata Containers

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.5 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

Kata Containers builder images

  • agent (on all its different flavours): quay.io/kata-containers/builders:agent-65c32735e-8724d7dee-x86_64
  • Kernel (on all its different flavours): quay.io/kata-containers/builders:kernel-4fc34323a-x86_64
  • OVMF (on all its different flavours): quay.io/kata-containers/builders:ovmf-4292c4c3b-x86_64
  • QEMU (on all its different flavurs): quay.io/kata-containers/builders:qemu-fe5adae5d-x86_64
  • shim-v2: quay.io/kata-containers/builders:shim-v2-go-1.22.2-rust-1.72.0-04d021bd1-x86_64
  • tools: quay.io/kata-containers/builders:tools-ddf6b367c-cc6b67110-b4360e7e3-x86_64
  • virtiofsd: quay.io/kata-containers/builders:virtiofsd-1.72.0-musl-2205fb9d0-x86_64

Installation

Follow the Kata installation instructions.

What's Changed

  • gha: move attestation tests to run-k8s-tests-coco-nontee by @wainersm in #9490
  • agent: update cargo.lock by @danmihai1 in #9518
  • runtime-rs: Update storage source for pci block devices by @amshinde in #9517
  • passfd-io: fix FIFO opening and vsock handling by @Tim-Zhang in #9335
  • runtime: Call CreateRuntime hooks at container creation time by @littlejawa in #9524
  • CC: Enable guest-pull tests on non-TEE for s390x by @BbolroC in #9494
  • clh: isClhRunning waits for full timeout when clh exits by @alex-matei in #9432
  • kata-deploy: Stop append log_level = "debug" for CRI-O by @fidencio in #9535
  • genpolicy: implement default methods for K8sResource trait by @arc9693 in #9428
  • agent: use regorus instead of opa by @danmihai1 in #9510
  • gha: Enable k8s tests for cloud hypervisor with devicemapper by @jodh-intel in #9525
  • build: Fix tarball not building correctly in docker by @JakubLedworowski in #9549
  • genpolicy: changing caching so the tool can run concurrently with itself by @Redent0r in #9530
  • runtime-rs: Add RTC to QEMU cmdline by @emanuellima1 in #9519
  • doc: fix missing document link by @cncal in #9528
  • build: Update golang version to 1.22.2 by @BbolroC in #9562
  • rootfs: Stop building and shipping OPA by @fidencio in #9559
  • runtime-rs: support IOMMU in qemu VMs by @pmores in #9551
  • workflow: static-checks: Skip commit checks for dependabout by @stevenhorsman in #9570
  • runtime: new qemu-coco-dev configuration by @wainersm in #9552
  • kata-deploy: configure debugging for crio by @littlejawa in #9573
  • build: Build the shipped agent with policy enabled by @fidencio in #9563
  • config: Add NVIDIA GPU SNP, TDX configuration files by @zvonkok in #9476
  • tests: adapt Mariner CI to unblock CH v39 upgrade by @sprt in #9592
  • build(deps): bump the go_modules group across 5 directories with 8 updates by @dependabot in #9568
  • versions: Remove oci information from versions file by @GabyCT in #9600
  • build: fix the confusing build message if yq doesn't exist in GOPATH/bin by @cncal in #9582
  • runtime-rs: fix the issue of the leak of dead shim by @lifupan in #9598
  • qemu: the error is logged only when it occurs by @cncal in #9601
  • ci: Stop building TDX specific QEMU and OVMF by @fidencio in #9607
  • db: fix the issue of failed to init pci root bus by @lifupan in #9596
  • tests: pull-image: Don't run on TEEs by @fidencio in #9609
  • kernel: Add caching of kernel-headers by @zvonkok in #9482
  • tdx: Adapt kata-deploy to use QEMU / OVMF from the distros by @fidencio in #9608
  • deploy: Add runtimeClasses relating to the NVIDIA GPU by @zvonkok in #9484
  • deploy: Fix wrong pushing of artifacts by @zvonkok in #9616
  • build: nvidia-gpu: Fix cache usage of the headers tarball by @fidencio in #9622
  • release: Bump VERSIONS file to 3.5.0 by @fidencio in #9626
  • runtime-rs: Fix constructing the RTC struct by @emanuellima1 in #9571
  • debugging: adding a script and instructions for debugging the GO shim by @littlejawa in #9585
  • kata-deploy: Fix tdx_not_supported call by @ldoktor in #9629
  • local-build: Ensure the default rootfs is built with AGENT_POLICY=yes by @BbolroC in #9632

New Contributors

Full Changelog: 3.4.0...3.5.0

Contributors

sprt, fidencio, and 20 other contributors
Assets 10