v1.5.2

What's Changed

• Document must-gather for developers by @tbuskey in #365 (https://issues.redhat.com/browse/KATA-815)
• Fix md formatting by @gkurz in #370
• image-generator: fix image creation edge cases by @snir911 in #369 (https://issues.redhat.com/browse/KATA-2618)
• Merge to main for 1.5.2 by @gkurz in #372
• Bump OSC to 1.5.2 by @gkurz in #373
• Bump main to 1.5.2 by @gkurz in #374

New Contributors

• @tbuskey made their first contribution in #365

Full Changelog: v1.5.1...v1.5.2

v1.5.1

What's Changed

• image-generator: add CLOUD_PROVIDER variable to job scripts by @snir911 in #364
• Fix upgrade from OSC 1.4.1 by @gkurz in #366
• Bump OSC to 1.5.1 by @gkurz in #367
• Merge to main for 1.5.1 by @gkurz in #368

Full Changelog: v1.5.0...v1.5.1

sandboxed containers operator v1.5.0

What's Changed

• Fast-forward devel to peer-pods-tech-preview by @pmores in #315
• Merge main into devel after v1.4.0 release by @gkurz in #325
• image-job: fix payload url by @snir911 in #324
• Allow monitor pods to run on tainted nodes by @gkurz in #328
• Fix kataconfig status handling to support installation updates by @pmores in #327
• New way of showing kata nodes in kataconfig status by @pmores in #329
• Switch to condition for progress status reporting by @pmores in #330
• Bump outdated versions of OSC components by @gkurz in #332
• Update machineconfig to enable required annotations for flexible instance types by @bpradipt in #335
• Add snir911 to reviewers and approvers by @jensfr in #334
• Remove legacy kata config status parts by @pmores in #333
• Fix kataconfig status handling to support installation updates (port to main) by @gkurz in #339
• Use raw Azure base image for peer-pods by @bpradipt in #340
• Support multiple runtimeclasses in kataconfig.status.runtimeClass by @pmores in #344
• PR #344 fixup by @pmores in #345
• Update peerpodconfig-ctl dep by @bpradipt in #342
• Peer-pods: switch runtime class name to 'kata-remote' instead of 'kata… by @littlejawa in #346
• podvm: run image jobs from the controller automatically by @snir911 in #343
• don't let KataConfig deletion start while installation is still in progress by @pmores in #349
• peer-pods: validate CM and Secret are set by @snir911 in #353
• Bump OSC to 1.5.0 by @gkurz in #355
• Merge to main for 1.5 by @gkurz in #357
• peerpod-ctrl: bump to fix dangling VMs by @snir911 in #360
• makefile: match operator, bundle and catalog versioning by @snir911 in #361
• image-generator: skip image creation for unsupported providers by @snir911 in #362
• Merge to main for 1.5 by @gkurz in #363

Full Changelog: v1.4.1...v1.5.0

sandboxed containers operator v1.4.1

What's Changed

• Fixes for 1.4.1 by @gkurz in #331

Full Changelog: v1.4.0...v1.4.1

sandboxed containers operator v1.4.0

Highlights

• Peer Pods : use an remote hypervisor (AWS or Azure) to run the kata VMs
• Massive improvements in the installation/uninstallation logic of the KataConfig CR

What's Changed

• Makefile: update VERSION to 1.3.4 by @jensfr in #258
• Makefile: Target bundle-build requires bundle by @etrunko in #257
• Upgrade operator sdk 125 by @littlejawa in #240
• Update Owners, add @littlejawa by @jensfr in #236
• switch MCP watching to full EventHandler implementation by @pmores in #269
• Encode log timestamps as RFC3339 by @gkurz in #261
• set version to 1.4.0 by @jensfr in #270
• Update operator SDK instructions. by @smuda in #264
• Add controller-tools module to go.mod by @jensfr in #273
• Fix "kata-oc" node role handling by @pmores in #271
• Setup os dependent machine config extensions. by @smuda in #266
• Fix kata node selector handling by @pmores in #275
• Fix corner case node selector handling by @pmores in #276
• Fix machine config extension by @gkurz in #277
• Peer pods rebase by @gkurz in #278
• controller: fix wrong amout of cpu request in RuntimeClass by @jensfr in #279
• bundle: add peerpodconfig crd file by @jensfr in #281
• controller: use new naming peerpodconfig-ctrl by @snir911 in #282
• Add controller-tools mods back for downstream builds by @cpmeadors in #286
• controller: checkNodeEligibility vs peerpods: noop by @beraldoleal in #287
• Reformat go code by @gkurz in #290
• Apply peerpod related MachineConfigs by @bpradipt in #292
• Optionally use public images by @smuda in #274
• Add controller tools back by @jensfr in #293
• docs: small fix on displayName by @beraldoleal in #285
• Include a direct dependency to controller-tools by @bpradipt in #295
• Include a direct dependency to controller-tools. by @bpradipt in #296
• Revert PR 294 by @bpradipt in #297
• Add unused references to go modules in the import section. by @bpradipt in #299
• Improve installation steps by @pmores in #291
• controller: automatically create a Secret containing the cluster's pull-secret by @esposem in #289
• Revert "Include a direct dependency to controller-tools" by @gkurz in #301
• Merge main into peer-pods-tech-preview by @gkurz in #302
• Update the base container images to align with 4.13 images by @bpradipt in #303
• controller: fix incorrect logs in createAuthJsonSecret by @esposem in #304
• peerpod ctrl by @snir911 in #283
• Ensure KataConfigPoolSelector is used for PeerPodConfig CRD by @bpradipt in #305
• Improve uninstallation flow by @pmores in #300
• Revert "Fix errors during envtest teardown" by @gkurz in #307
• Bump up peerpod-ctrl and peerpodconfig-ctrl deps by @bpradipt in #309
• add image creation jobs for aws and azure by @snir911 in #306
• Rebase devel on peer pods by @gkurz in #311
• Rebase peer pods on devel by @gkurz in #312
• Fix kataconfig deletion when no kata nodes are on cluster by @pmores in #314
• Fix envtest tearing down by @gkurz in #316
• KATA-2159: add cloud-api-adaptor images as relatedImage by @jensfr in #313
• Install peerpods mutating webhook by @bpradipt in #319
• Allow to skip go test by @gkurz in #320
• hide peerpods and peerpodconfigs internal objects by @snir911 in #318
• Sync main with peer-pods-tech-preview by @beraldoleal in #321

New Contributors

• @etrunko made their first contribution in #257
• @smuda made their first contribution in #264
• @beraldoleal made their first contribution in #287
• @esposem made their first contribution in #289

Full Changelog: v1.3.3...v1.4.0

sandboxed containers operator v1.3.3

What's Changed

• Update version and change default channel by @jensfr in #256

Full Changelog: v1.3.2...v1.3.3

sandboxed containers operator v1.3.2

Changelog

v1.3.2 (2023-01-18)

Full Changelog

Closed issues:

• Update to golang 1.18 #214
• add .dockerignore from operator-sdk #212
• Modified files after building #209
• Add build artifacts to .gitignore #208
• DEVELOPMENT.md is out of date and does not work #207
• Basic CI for PR checks #206
• run 'make test' during pre-merge test #174
• error 'failed to check Node eligibility' when running make test #173
• status not updated when nodes are added/removed from machine config pool #170
• release-1.1: deployment breaks due to flag provided but not defined: -metrics-addr #159
• release-1.1 deployment instructions is pointing to wrong links #158
• Create and publish a release-4.9 branch #157
• README from master doesn't point to 4.8 nor 4.9 README #156
• Add Dockerfile and related artefacts for kata-monitor #150
• Deployment instructions are missing #139
• fix retrieving list of nodes #135
• Cannot install 1.1.0 operator in OCP 4.9 #133
• add more operator debug data to must-gather image #129
• Removed unused code #121
• NodeSelector is not being set for RuntimeClass when using MatchExpressions in KataConfigPoolSelector #118
• [Question] What steps can I take to manually verify that the kata runtime is indeed being used by the example workload provided? #115
• Kata deployment stalls with invalid extensions error #113
• [RFE] Get rid of sleeps in our codebase #87
• [RFE] Support sandboxed-containers-operator as part of OKD #86
• followed "without a git repo checkout" steps, failed to launch qemu #65
• Limit the installation to known and tested cases #60
• installation stuck when selected node is in custo machine-config pool #56
• cordoned workers are ignored, installation won't finish #52
• daemon: "E1123 Unable to rotate token " #33

Merged pull requests:

• manifests: add back valid-subscription annotation #241 (jensfr)
• Upgrade to operator-sdk v1.24 #238 (littlejawa)
• Update to operator-sdk 1.23.0 #237 (littlejawa)
• Upgrade to operator-sdk 1.22.0 #235 (littlejawa)
• set version to 1.3.2 #234 (jensfr)
• Update to operator-sdk 1.21.0 #233 (littlejawa)
• Add controller-tools to go.mod for downstream build #232 (cpmeadors)
• README: s/master/main/ #231 (jensfr)
• Update OWNERS, add cpmeadors #229 (jensfr)
• make upstream values default #228 (cpmeadors)
• remove bundle.Dockerfile #227 (cpmeadors)
• use generated bundle.dockerfile; remove bundle from .dockerignore #226 (cpmeadors)
• Use numerical uid/gid in Dockerfile #225 (gkurz)
• Add gkurz to OWNERS #223 (jensfr)
• Add cleanup rules to Makefile #221 (gkurz)
• generate files in dockerfiles #219 (cpmeadors)
• Add security contexts to the operator #217 (gkurz)
• Remove kata monitor image #216 (pmores)
• Remove generated files and update docs to generate files as they were #211 (cpmeadors)
• Fix 1.2-style MCP #204 (gkurz)
• Fix 1.2-style SCC #202 (gkurz)
• Update doc links to latest OCP version #199 (gkurz)
• Small changes #198 (bpradipt)
• Fix some error paths in the controller #197 (gkurz)
• Move SELinuxOptions to kata-monitor #196 (gkurz)
• Rename setRuntimeClass to createRuntimeClass and change return values #195 (bpradipt)
• Add namespace label to align with Pod Security Admission requirements #194 (bpradipt)
• Tie SCC lifecycle with KataConfig #193 (bpradipt)
• Upgrade operator-sdk #192 (bpradipt)
• Improve developer documentation #190 (gkurz)
• Adding a PrometheusRule for kata monitor #189 (littlejawa)
• kata-monitor DaemonSet: add the "listen-address" arg #188 (fgiudici)
• KATA-1321: add versions of kata and qemu to must-gather output #187 (pmores)
• KATA-1444: remove nodeSelector from controller deployment #185 (jensfr)
• KATA-1374: Create monitor daemonset post runtimeclass creation #183 (bpradipt)
• KATA-1340: allow re-install on all workers #181 (jensfr)
• Simple changes #180 ([bpradipt](https://github.com/bpradip...

1.0.0

Release notes for 1.0.0

Highlights

• rename kata-operator to sandboxed-containers-operator
• the payload and daemonset have been removed and replaced by sandboxed-containers RHCOS extension.

Tested features

• enabling and disabling the sandboxed-containers RHCOS extension
• installation of Kata with the operator
• deploy of a pod using the Kata runtime
• deletion of pod that uses the Kata runtime
• uninstall of Kata with the operator

Tested configurations

• Openshift on 4.8 on Google Cloud Platform, 3 masters/3workers, 3 nodes master/worker combined
• Openshift on 4.8 in a disconnected cluster

Note: Installing on other cloud infrastructures or single bare metal machines should work as long as nested VMs are enabled

Known issues:

• Benign errors in kata-operator logs https://bugzilla.redhat.com/show_bug.cgi?id=1890509
• you cannot use the hostPath volume in a OpenShift Container Platform cluster to mount a file or directory from the host node’s file system into your pod. (BZ#1904609)
• If you are running Fedora on OpenShift sandboxed containers, you need a workaround to install some packages. Some packages, like iputils, require file access permission changes that OpenShift Container Platform does not grant to containers by default. To run containers that require such special permissions, it is necessary to add an annotation to the YAML file describing the workload, which tells virtiofsd to accept such file permissions for that workload. The required annotations are: io.katacontainers.config.hypervisor.virtio_fs_extra_args: [ "-o", "modcaps=+sys_admin", "-o", "xattr" ] BZ#1915377
• In the 4.8 release, adding a value to kataConfgPoolSelector by using the OpenShift Container Platform web console causes scheduling.nodeSelector to be populated with an empty value. Pods that use RuntimeClass with the value of kata might be scheduled to nodes that do not have the Kata Containers runtime installed.
  To work around this issue, specify the nodeSelector value manually in the RuntimeClass kata by running the following command:
  $ oc edit runtimeclass kata
  The following is an example of a RuntimeClass with the correct nodeSelector statement.

handler: kata
kind: RuntimeClass
metadata:
  creationTimestamp: "2021-06-14T12:54:19Z"
  name: kata
overhead:
  podFixed:
    cpu: 250m
    memory: 350Mi
scheduling:
  nodeSelector:
    custom-kata-pool: "true"

KATA-764

• The OpenShift sandboxed containers Operator details page on Operator Hub contains a few missing fields. The missing fields do not prevent you from installing the OpenShift sandboxed containers Operator in 4.8. KATA-826
• Creating multiple KataConfig custom resources results in a silent failure. The OpenShift Container Platform web console does not provide a prompt to notify the user that creating more than one custom resource has failed. KATA-725
• Sometimes the Operator Hub in the OpenShift Container Platform web console does not display icons for an Operator. KATA-804

4.7

Release notes for 4.7:

Highlights

• upgraded operator to Operator SDK v1.0
• support for custom payload images (dev and test only feature)
• Bugfix "increase memory limits and requests for manager container", PR #42
• use digests instead of tags for container images to allow offline use of the operator

Tested features

• Installation of Kata with the operator
• Deploy of a pod using the Kata runtime
• Deletion of pod that uses the Kata runtime
• Uninstall of Kata with the operator

Tested configurations

• Openshift on 4.7 on Google Cloud Platform, 3 masters/3workers, 3 nodes master/worker combined
• Openshift on 4.7 in a disconnected cluster

Note:Installing on other infrastructures or baremetal should work as long as nested VMs are enabled

Known issues:

• Benign errors in kata-operator logs
  https://bugzilla.redhat.com/show_bug.cgi?id=1890509
• Uninstall daemonset is not removed when kataconfig CR is deleted, leaving system in ambiguous state
  https://bugzilla.redhat.com/show_bug.cgi?id=1925597

Full list of changes

v4.7 (02/12/2021)

• clean up configmap example - @jensfr
• for bundle build use --squash-all and --no-cache - @jensfr
• update daemon container url - @jensfr
• add deploy.sh for simpler deployment - @jensfr
• format example yaml correctly - @jensfr
• make sure images are pushed as schema v2 - @jensfr
• daemon: use env variables to download payload from private registry - @jensfr
• controller: add environment variables for daemon secret - @jensfr
• Revert "add test for installation" - @jensfr
• set imagePullPolicy to Always for controller container - @jensfr
• controllers: Prevent host devices from being passed to privileged containers - @fidencio
• add test for installation - @jensfr
• use digests for kube-rbac-proxy and kata-operator-daemon images - @jensfr
• add support for master/worker combined nodes - @jensfr
• increase memory limits and requests for manager container - @jensfr
• add example catalogsource - @jensfr
• Prevent multile KataConfig CRs - @harche
• use payload image url from environment variable - @jensfr
• openshift: allow custom payload images for development - @jensfr
• fix README, change release-4.7 to master branch - @jensfr
• Create PULL_REQUEST_TEMPLATE.md - @jensfr
• Create ISSUE_TEMPLATE.md - @jensfr
• openshift: add PodOverhead to RuntimeClass definition - @jensfr
• Fix description and URLs of containers in README - @jensfr
• change kata-operator-daemon container image - @jensfr
• Changes to make the kata install daemon work with operator sdk 1.0 - @harche
• fix runtime class in example-fedora.yaml - @jensfr
• use official container image in README - @jensfr
• fix command run at preStop event - @jensfr
• Update README.md - @jensfr
• Add hint to release-4.6 in README - @jensfr
• schedule controller only on master nodes - @harche
• set the operator version - @harche
• add license file - @harche
• Add build from source instructions in README - @harche
• remove operator yaml - @harche
• upgrade operator sdk to 1.0 - @harche

4.6

Installation

The release-4.6 branch README.md contains instructions specific to this release.
https://github.com/openshift/kata-operator/blob/release-4.6/README.md

Tested Features

• Installation of Kata with the operator
• Deploy of a pod using the Kata runtime
• Deletion of pod that uses the Kata runtime
• Uninstall of Kata with the operator

Tested configurations

Openshift on 4.6 on Google Cloud Platform

Note:Installing on other infrastructures or baremetal should work as long as nested VMs are enabled

Known issues

Benign errors in kata-operator logs
https://bugzilla.redhat.com/show_bug.cgi?id=1890509