1.0.0
Release notes for 1.0.0
Highlights
- rename kata-operator to sandboxed-containers-operator
- the payload and daemonset have been removed and replaced by sandboxed-containers RHCOS extension.
Tested features
- enabling and disabling the sandboxed-containers RHCOS extension
- installation of Kata with the operator
- deploy of a pod using the Kata runtime
- deletion of pod that uses the Kata runtime
- uninstall of Kata with the operator
Tested configurations
- Openshift on 4.8 on Google Cloud Platform, 3 masters/3workers, 3 nodes master/worker combined
- Openshift on 4.8 in a disconnected cluster
Note: Installing on other cloud infrastructures or single bare metal machines should work as long as nested VMs are enabled
Known issues:
- Benign errors in kata-operator logs https://bugzilla.redhat.com/show_bug.cgi?id=1890509
- you cannot use the hostPath volume in a OpenShift Container Platform cluster to mount a file or directory from the host node’s file system into your pod. (BZ#1904609)
- If you are running Fedora on OpenShift sandboxed containers, you need a workaround to install some packages. Some packages, like iputils, require file access permission changes that OpenShift Container Platform does not grant to containers by default. To run containers that require such special permissions, it is necessary to add an annotation to the YAML file describing the workload, which tells virtiofsd to accept such file permissions for that workload. The required annotations are:
io.katacontainers.config.hypervisor.virtio_fs_extra_args: [ "-o", "modcaps=+sys_admin", "-o", "xattr" ]
BZ#1915377 - In the 4.8 release, adding a value to kataConfgPoolSelector by using the OpenShift Container Platform web console causes scheduling.nodeSelector to be populated with an empty value. Pods that use RuntimeClass with the value of kata might be scheduled to nodes that do not have the Kata Containers runtime installed.
To work around this issue, specify the nodeSelector value manually in the RuntimeClass kata by running the following command:
$ oc edit runtimeclass kata
The following is an example of a RuntimeClass with the correct nodeSelector statement.
handler: kata
kind: RuntimeClass
metadata:
creationTimestamp: "2021-06-14T12:54:19Z"
name: kata
overhead:
podFixed:
cpu: 250m
memory: 350Mi
scheduling:
nodeSelector:
custom-kata-pool: "true"
- The OpenShift sandboxed containers Operator details page on Operator Hub contains a few missing fields. The missing fields do not prevent you from installing the OpenShift sandboxed containers Operator in 4.8. KATA-826
- Creating multiple KataConfig custom resources results in a silent failure. The OpenShift Container Platform web console does not provide a prompt to notify the user that creating more than one custom resource has failed. KATA-725
- Sometimes the Operator Hub in the OpenShift Container Platform web console does not display icons for an Operator. KATA-804