github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-28 12:31:04 +00:00
Code Issues Projects Releases Wiki Activity

kata-deploy: Allow users to set hypervisor annotations

Browse Source 
Currently the only way one can specify allowed hypervisor annotations is
during build time, which is a big issue for users grabbing kata-deploy
as we provide.

Fixes: #8403

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
This commit is contained in:
Fabiano Fidêncio 2023-11-08 20:53:15 +01:00
parent 50df1129ea
commit 023c4a17cf
2 changed files with 25 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml
View File

@ -39,6 +39,8 @@ spec:
value: "false" value: "false"
- name: CREATE_DEFAULT_RUNTIMECLASS - name: CREATE_DEFAULT_RUNTIMECLASS
value: "false" value: "false"
- name: ALLOWED_HYPERVISOR_ANNOTATIONS
value: ""
securityContext: securityContext:
privileged: true privileged: true
volumeMounts: volumeMounts:

27
tools/packaging/kata-deploy/scripts/kata-deploy.sh
View File

@ -15,9 +15,15 @@ containerd_conf_file="/etc/containerd/config.toml"
containerd_conf_file_backup="${containerd_conf_file}.bak" containerd_conf_file_backup="${containerd_conf_file}.bak"
IFS=' ' read -a shims <<< "$SHIMS" IFS=' ' read -a shims <<< "$SHIMS"
default_shim="$DEFAULT_SHIM" default_shim="$DEFAULT_SHIM"
IFS=' ' read -a non_formatted_allowed_hypervisor_annotations <<< "$ALLOWED_HYPERVISOR_ANNOTATIONS"
allowed_hypervisor_annotations=""
for allowed_hypervisor_annotation in "${non_formatted_allowed_hypervisor_annotations[@]}"; do
allowed_hypervisor_annotations+="\"$allowed_hypervisor_annotation\", "
done
allowed_hypervisor_annotations=$(echo $allowed_hypervisor_annotations | sed 's/,$//')
# If we fail for any reason a message will be displayed # If we fail for any reason a message will be displayed
die() { die() {
msg="$*" msg="$*"
@ -105,16 +111,21 @@ function install_artifacts() {
[ -d /opt/kata/runtime-rs/bin ] && \ [ -d /opt/kata/runtime-rs/bin ] && \
chmod +x /opt/kata/runtime-rs/bin/* chmod +x /opt/kata/runtime-rs/bin/*
# Allow enabling debug for Kata Containers
if [[ "${DEBUG}" == "true" ]]; then
config_path="/opt/kata/share/defaults/kata-containers/" config_path="/opt/kata/share/defaults/kata-containers/"
for shim in "${shims[@]}"; do for shim in "${shims[@]}"; do
sed -i -e 's/^#\(enable_debug\).*=.*$/\1 = true/g' "${config_path}/configuration-${shim}.toml" local kata_config_file="${config_path}/configuration-${shim}.toml"
sed -i -e 's/^#\(debug_console_enabled\).*=.*$/\1 = true/g' "${config_path}/configuration-${shim}.toml" # Allow enabling debug for Kata Containers
sed -i -e 's/^kernel_params = "\(.*\)"/kernel_params = "\1 agent.log=debug initcall_debug"/g' "${config_path}/configuration-${shim}.toml" if [[ "${DEBUG}" == "true" ]]; then
done sed -i -e 's/^#\(enable_debug\).*=.*$/\1 = true/g' "${kata_config_file}"
sed -i -e 's/^#\(debug_console_enabled\).*=.*$/\1 = true/g' "${kata_config_file}"
sed -i -e 's/^kernel_params = "\(.*\)"/kernel_params = "\1 agent.log=debug initcall_debug"/g' "${kata_config_file}"
fi fi
if [ -n "${allowed_hypervisor_annotations}" ]; then
sed -i -e "s/^enable_annotations = \[\(.*\)\]/enable_annotations = [\1, $allowed_hypervisor_annotations]/" "${kata_config_file}"
fi
done
# Allow Mariner to use custom configuration. # Allow Mariner to use custom configuration.
if [ "${HOST_OS:-}" == "cbl-mariner" ]; then if [ "${HOST_OS:-}" == "cbl-mariner" ]; then
config_path="/opt/kata/share/defaults/kata-containers/configuration-clh.toml" config_path="/opt/kata/share/defaults/kata-containers/configuration-clh.toml"
@ -124,6 +135,7 @@ function install_artifacts() {
sed -i -E "s|(path) = \".+/cloud-hypervisor\"|\1 = \"${clh_path}\"|" "${config_path}" sed -i -E "s|(path) = \".+/cloud-hypervisor\"|\1 = \"${clh_path}\"|" "${config_path}"
fi fi
if [[ "${CREATE_RUNTIMECLASSES}" == "true" ]]; then if [[ "${CREATE_RUNTIMECLASSES}" == "true" ]]; then
create_runtimeclasses create_runtimeclasses
fi fi
@ -415,6 +427,7 @@ function main() {
echo "* DEFAULT_SHIM: ${DEFAULT_SHIM}" echo "* DEFAULT_SHIM: ${DEFAULT_SHIM}"
echo "* CREATE_RUNTIMECLASSES: ${CREATE_RUNTIMECLASSES}" echo "* CREATE_RUNTIMECLASSES: ${CREATE_RUNTIMECLASSES}"
echo "* CREATE_DEFAULT_RUNTIMECLASS: ${CREATE_DEFAULT_RUNTIMECLASS}" echo "* CREATE_DEFAULT_RUNTIMECLASS: ${CREATE_DEFAULT_RUNTIMECLASS}"
echo "* ALLOWED_HYPERVISOR_ANNOTATIONS: ${ALLOWED_HYPERVISOR_ANNOTATIONS}"
# script requires that user is root # script requires that user is root
euid=$(id -u) euid=$(id -u)