kata-deploy: helm: Add INSTALLATION_PREFIX option

This will allow users to properly set the INSTALLATION_PREFIX when deploying Kata Containers. Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
2025-08-28 12:31:04 +00:00 · 2024-08-22 12:21:40 +02:00 · 2024-08-22 12:21:40 +02:00 · 0cb93ed1bb
commit 0cb93ed1bb
parent 7be77ebee5
4 changed files with 64 additions and 2 deletions
--- a/tools/packaging/kata-deploy/helm-chart/kata-deploy/templates/kata-deploy.yaml
+++ b/tools/packaging/kata-deploy/helm-chart/kata-deploy/templates/kata-deploy.yaml
@ -52,6 +52,8 @@ spec:
          value: {{ .Values.env.agentNoProxy | quote }}
        - name: PULL_TYPE_MAPPING
          value: {{ .Values.env.pullTypeMapping | quote }}
+        - name: INSTALLATION_PREFIX
+          value: {{ .Values.env.installationPrefix | quote }}
 {{- with .Values.env.hostOS }}
        - name: HOST_OS
          value: {{ . | quote }}
--- a/tools/packaging/kata-deploy/helm-chart/kata-deploy/values.yaml
+++ b/tools/packaging/kata-deploy/helm-chart/kata-deploy/values.yaml
@ -16,4 +16,5 @@ env:
  agentHttpsProxy: ""
  agentNoProxy: ""
  pullTypeMapping: ""
+  installationPrefix: ""
  hostOS: ""
--- a/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml
+++ b/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml
@ -50,6 +50,8 @@ spec:
              value: ""
            - name: PULL_TYPE_MAPPING
              value: ""
+            - name: INSTALLATION_PREFIX
+              value: ""
          securityContext:
            privileged: true
          volumeMounts:
--- a/tools/packaging/kata-deploy/scripts/kata-deploy.sh
+++ b/tools/packaging/kata-deploy/scripts/kata-deploy.sh
@ -36,8 +36,17 @@ AGENT_NO_PROXY="${AGENT_NO_PROXY:-}"
 PULL_TYPE_MAPPING="${PULL_TYPE_MAPPING:-}"
 IFS=',' read -a pull_types <<< "$PULL_TYPE_MAPPING"

-dest_dir="/opt/kata"
-host_install_dir="/host/${dest_dir}"
+INSTALLATION_PREFIX="${INSTALLATION_PREFIX:-}"
+default_dest_dir="/opt/kata"
+dest_dir="${default_dest_dir}"
+if [ -n "${INSTALLATION_PREFIX}" ]; then
+	# There's no `/` in between ${INSTALLATION_PREFIX} and ${default_dest_dir}
+	# as, otherwise, we'd have it doubled there, as: `/foo/bar//opt/kata`
+	dest_dir="${INSTALLATION_PREFIX}${default_dest_dir}"
+fi
+# Here, again, there's no `/` between /host and ${dest_dir}, otherwise we'd have it
+# doubled here as well, as: `/host//opt/kata`
+host_install_dir="/host${dest_dir}"

 # If we fail for any reason a message will be displayed
 die() {
@ -238,6 +247,43 @@ function get_tdx_ovmf_path_from_distro() {
 	esac
 }

+function adjust_qemu_cmdline() {
+	shim="${1}"
+	config_path="${2}"
+	qemu_share="${shim}"
+
+	# The paths on the kata-containers tarball side look like:
+	# ${dest_dir}/opt/kata/share/kata-qemu/qemu
+	# ${dest_dir}/opt/kata/share/kata-qemu-snp-experimnental/qemu
+	[[ "${shim}" =~ ^(qemu-snp|qemu-nvidia-snp)$ ]] && qemu_share=${shim}-experimental
+		
+	qemu_binary=$(tomlq '.hypervisor.qemu.path' ${config_path} | tr -d \")
+	qemu_binary_script="${qemu_binary}-installation-prefix"
+	qemu_binary_script_host_path="/host/${qemu_binary_script}"
+
+	if [[ ! -f ${qemu_binary_script_host_path} ]]; then
+		# From the QEMU man page:
+		# ```
+		# -L  path
+		# 	Set the directory for the BIOS, VGA BIOS and keymaps.
+		# 	To list all the data directories, use -L help.
+		# ```
+		#
+		# The reason we have to do this here, is because otherwise QEMU
+		# will only look for those files in specific paths, which are
+		# tied to the location of the PREFIX used during build time
+		# (/opt/kata, in our case).
+		cat <<EOF >${qemu_binary_script_host_path}
+#!/usr/bin/env bash
+
+exec ${qemu_binary} "\$@" -L ${dest_dir}/share/kata-${qemu_share}/qemu/
+EOF
+		chmod +x ${qemu_binary_script_host_path}
+	fi
+
+	sed -i -e "s|${qemu_binary}|${qemu_binary_script}|" ${config_path}
+}
+
 function install_artifacts() {
 	echo "copying kata artifacts onto host"

@ -303,6 +349,16 @@ function install_artifacts() {
 					;;
 			esac	
 		fi
+
+		if [ -n "${INSTALLATION_PREFIX}" ]; then
+			# We could always do this sed, regardless, but I have a strong preference
+			# on not touching the configuration files unless extremelly needed
+			sed -i -e "s|${default_dest_dir}|${dest_dir}|g" "${kata_config_file}"
+
+			# Let's only adjust qemu_cmdline for the QEMUs that we build and ship ourselves
+			[[ "${shim}" =~ ^(qemu|qemu-snp|qemu-nvidia-gpu|qemu-nvidia-gpu-snp|qemu-sev|qemu-se)$ ]] && \
+				adjust_qemu_cmdline "${shim}" "${kata_config_file}"
+		fi
 	done

 	# Allow Mariner to use custom configuration.
@ -602,6 +658,7 @@ function main() {
 	echo "* AGENT_HTTPS_PROXY: ${AGENT_HTTPS_PROXY}"
 	echo "* AGENT_NO_PROXY: ${AGENT_NO_PROXY}"
 	echo "* PULL_TYPE_MAPPING: ${PULL_TYPE_MAPPING}"
+	echo "* INSTALLATION_PREFIX: ${INSTALLATION_PREFIX}"

 	# script requires that user is root
 	euid=$(id -u)