Epic Goal

Ensure builds can run in Kata, aka "sandboxed" containers.

Why is this important?

• Kata containers provide hypervisor isolation on top of regular container isolation (provided by Kubernetes runtimes).
• Kata containers also allow builds to connect to remote virtual machines with different CPU architectures. This is needed to enable builds on CPU architectures that are not supported by OpenShift, or are not universally supported by public cloud providers (ex: s390x, RISC-V)

Feature Tracker

This epic tracks the implementation of SHIP-0040: Build Runtime Class.

GitHub Feature Tracker: shipwright-io/community#282

SHIP-0040 extends the Build and BuildRun APIs to let build pods select their RuntimeClass for execution. This allows builds to run with alternative container runtimes, such as Kata containers, which adds hardware virtualization to the existing mechanisms for isolating containers.

Scenarios

Build containers with Kata as the container runtime class

Build containers with another container runtime class provider

Acceptance Criteria (Mandatory)

• CI - MUST be running successfully with tests automated
• Release Technical Enablement - Provide necessary release enablement details and documents.
• ...

Dependencies (internal and external)

1. ...

Previous Work (Optional):

…

Open questions::

1. …

Done Checklist

• Acceptance criteria are met
• Non-functional properties of the Feature have been validated (such as performance, resource, UX, security or privacy aspects)
• User Journey automation is delivered
• Support and SRE teams are provided with enough skills to support the feature in production environment