v0.11.0

What's Changed

• V0.10.0 post release tasks by @stevenhorsman in #2081
• build(deps): bump actions/upload-artifact from 2 to 4 by @dependabot in #2054
• build(deps): bump actions/download-artifact from 3 to 4 by @dependabot in #2052
• build(deps): bump docker/build-push-action from 3 to 6 by @dependabot in #2051
• podvm: Make download-image.sh always pull by @stevenhorsman in #2078
• build(deps): bump docker/login-action from 2 to 3 by @dependabot in #2069
• build(deps): bump nick-fields/retry from 2 to 3 by @dependabot in #2070
• Revert upload artifacts bump by @stevenhorsman in #2082
• build(deps): bump azure/login from 1 to 2 by @dependabot in #2087
• APF: Rename KataAgentNamespace by @davidhadas in #2067
• CI: adjust azure nightly workflow for actions/upload-artifact@4 by @mkulke in #2088
• Bump artifact versions in caa multi arch build by @stevenhorsman in #2090
• azure: switch nightly podvm to mkosi-based image by @mkulke in #2064
• checklinks: add link to exclude by @wainersm in #2091
• ci: fix azure nightly mkosi build by @mkulke in #2098
• kbs: Remove oci.kbs version and references by @stevenhorsman in #2077
• build(deps): bump actions/checkout from 2 to 4 by @dependabot in #2085
• build(deps): bump cachix/install-nix-action from 22 to 30 by @dependabot in #2083
• build(deps): bump actions/setup-go from 4 to 5 by @dependabot in #2086
• workflows: Install gh cli on self-hosted runner by @stevenhorsman in #2103
• ci: fix passing of image-id to e2e test by @mkulke in #2102
• workflows: Install kustomize on e2e workflows by @stevenhorsman in #2104
• test: Add checkout kbs helper script by @stevenhorsman in #2105
• test: don't use gh cli in kbs checkout by @mkulke in #2107
• Fix kustomize install for non root by @stevenhorsman in #2109
• SecureComms: Fix needed following changes in other components by @davidhadas in #2073
• util: verify provenance by @mkulke in #2110
• workflow: Fix kustomize permission issue by @stevenhorsman in #2111
• ci: add eastus2 region in azure nightly build by @ksandowi in #2118
• libvirt: Enable multiple PodVM image scenario by @ajaypvictor in #2061
• build(deps): bump actions/cache from 3 to 4 by @dependabot in #2113
• build(deps): bump lycheeverse/lychee-action from 1 to 2 by @dependabot in #2115
• build(deps): bump tim-actions/get-pr-commits from 1.2.0 to 1.3.1 by @dependabot in #2114
• build(deps): bump docker/setup-buildx-action from 1 to 3 by @dependabot in #2112
• ci: Pin the terraform lint runner by @stevenhorsman in #2120
• test: Update Trustee deployment to match the simplifed deployment overlays by @stevenhorsman in #2099
• caa: fixing toolchain not available by @beraldoleal in #2080
• csi-wrapper: pass PublishContext from ControllerPublishVolume to NodeStageVolume by @daniel-weisse in #2108
• csi-wrapper: add support for creating peerpod volumes with manually created persistent volumes by @daniel-weisse in #2106
• Deploy webhook by default and enable e2e by @bpradipt in #2066
• podvm: retrieve guest-components via ORAS by @mkulke in #2074
• workflow: e2e_libvirt fix rust version error by @stevenhorsman in #2125
• test/e2e: kbs: Use the cached kbs-client by @stevenhorsman in #2121
• ci: set golang cache key as **/go.sum glob by @mkulke in #2127
• workflows: Cancel previous jobs if PR/branch is updated by @stevenhorsman in #2129
• GitHub hosted runner support by @stevenhorsman in #2130
• ci: disable concurrency for child workflows by @mkulke in #2133
• versions: Bump fedora base image to f40 by @stevenhorsman in #2135
• workflow: Switch libvirt e2e test to gh-runnner by @stevenhorsman in #2134
• Assessment runner refactors by @stevenhorsman in #2123
• versions: Bump golang-fedora image version by @stevenhorsman in #2136
• podvm_builder: Add s390x gh install support by @stevenhorsman in #2137
• versions: Fix csi-wrapper's base image by @stevenhorsman in #2139
• Misc security related fixes for AWS and Azure by @bpradipt in #2141
• csi-wrapper: azuredisk-csi-driver support by @daniel-weisse in #2122
• podvm: re-arrange service order for sealed secrets by @mkulke in #2143
• SecureComms: Add support for inbound network namespace by @davidhadas in #2048
• SecureComms: Add testing facility for e2e tests by @davidhadas in #2124
• Misc updates to AWS and generic install doc by @bpradipt in #2148
• Docker hub mirror switch by @stevenhorsman in #1900
• podvm: Add --platform option to download-image.sh by @frankbu in #2151
• workflow: Add actionlint workflows by @stevenhorsman in #2146
• e2e: Add sealed secret test by @mkulke in #2147
• workflows: Switch to pin ubuntu runners by @stevenhorsman in #2152
• Enable pod VM image selection via pod annotation by @bpradipt in #2155
• Add support for selecting GPU instance based on Kata pod annotations by @bpradipt in #2132
• ci: install oras specifically for azure e2e tests by @mkulke in #2156
• podvm-mkosi: bump to fedora 40 by @mkulke in #2157
• workflows: enable CodeQL checks by @mythi in #2158
• daemonset: reduce log volume by @mkulke in #2159
• SecComms: Fix flaky tests by @davidhadas in #2154
• Kata 3.11.0 bump by @stevenhorsman in #2162
• optimize process-user-data startup time by @mkulke in #2160
• ci: fix verify-provenance for agent by @mkulke in #2165
• Retiring "DISABLE_CLOUD_CONFIG" variable by @gsid100 in #2161
• e2e: add encrypted image test by @mkulke in #2163
• Kbs key release rework by @stevenhorsman in #2055
• version: Pin operator version by @stevenhorsman in #2166
• doc: Update confidentialcontainers.org links by @stevenhorsman in #2168
• Codeql security fixes by @stevenhorsman in #2169
• SecureComms: Add support daemonConfig by @davidhadas in #2065
• 0.11.0 release by @mkulke in #2174

New Contributors

• @ksandowi made their first contribution in #2118
• @daniel-weisse made their first contribution in #2108
• @frankbu made their first contribution in #2151
• @gsid100 made their first contribution in #2161

Full Changelog: v0.10.0...v0.11.0