Update Kata Containers runtime (#8797)

* Update Kata containers binary to 2.4.1 version * Update overhead kata runtime values * Fix kata-qemu default values in CRI-O
2 years ago · 02b6e4833a
3 changed files with 14 additions and 10 deletions
--- a/roles/container-engine/cri-o/defaults/main.yml
+++ b/roles/container-engine/cri-o/defaults/main.yml
@ -56,15 +56,11 @@ crio_runtimes:
 # surface and mitigating the consequences of containers breakout.
 kata_runtimes:
  # Kata Containers with the default configured VMM
-  - name: kata-runtime
-    path: /opt/kata/bin/kata-runtime
-    type: oci
-    root: /run/kata-containers
-  # Kata Containers with the QEMU VMM
  - name: kata-qemu
-    path: /opt/kata/bin/kata-qemu
-    type: oci
+    path: /usr/local/bin/containerd-shim-kata-qemu-v2
+    type: vm
    root: /run/kata-containers
+    privileged_without_host_devices: true

 # crun is a fast and low-memory footprint OCI Container Runtime fully written in C.
 crun_runtime:
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@ -71,7 +71,7 @@ nerdctl_extra_flags: '{%- if containerd_insecure_registries is defined and conta
 kubeadm_version: "{{ kube_version }}"
 crun_version: 1.4.4
 runc_version: v1.1.1
-kata_containers_version: 2.2.3
+kata_containers_version: 2.4.1
 youki_version: 0.0.1
 gvisor_version: 20210921
 containerd_version: 1.6.4
@ -734,24 +734,32 @@ kata_containers_binary_checksums:
    2.2.2: 0
    2.2.3: 0
    2.3.0: 0
+    2.4.0: 0
+    2.4.1: 0
  amd64:
    2.0.4: 022a60c2d92a5ab9a5eb83d5a95154a2d06fdc2206b2a473d902ccc86766371a
    2.1.1: a83591d968cd0f1adfb5025d7aa33ca1385d4b1165ff10d74602302fc3c0373f
    2.2.2: 2e3ac77b8abd4d839cf16780b57aee8f3d6e1f19489edd7d6d8069ea3cc3c18a
    2.2.3: e207ab5c8128b50fe61f4f6f98fd34af0fa5ebc0793862be6d13a2674321774f
    2.3.0: 430fa55b387b3bafbbabb7e59aa8c809927a22f8d836732a0719fd2e1d131b31
+    2.4.0: fca40fa4e91efc79c75367ffe09ca32ad795d302aacb91992874f40bfc00348f
+    2.4.1: e234ffce779d451dc2a170b394b91d35b96e44ea50dc4a3256defa603efdf607
  arm64:
    2.0.4: 0
    2.1.1: 0
    2.2.2: 0
    2.2.3: 0
    2.3.0: 0
+    2.4.0: 0
+    2.4.1: 0
  ppc64le:
    2.0.4: 0
    2.1.1: 0
    2.2.2: 0
    2.2.3: 0
    2.3.0: 0
+    2.4.0: 0
+    2.4.1: 0

 gvisor_runsc_binary_checksums:
  arm:
--- a/roles/kubernetes-apps/container_runtimes/kata_containers/defaults/main.yaml
+++ b/roles/kubernetes-apps/container_runtimes/kata_containers/defaults/main.yaml
@ -1,5 +1,5 @@
 ---

 kata_containers_qemu_overhead: true
-kata_containers_qemu_overhead_fixed_cpu: 10m
-kata_containers_qemu_overhead_fixed_memory: 290Mi
+kata_containers_qemu_overhead_fixed_cpu: 250m
+kata_containers_qemu_overhead_fixed_memory: 160Mi