diff --git a/tools/packaging/kata-deploy/binary/src/artifacts/install.rs b/tools/packaging/kata-deploy/binary/src/artifacts/install.rs index c1d6d688aa..d66e855f77 100644 --- a/tools/packaging/kata-deploy/binary/src/artifacts/install.rs +++ b/tools/packaging/kata-deploy/binary/src/artifacts/install.rs @@ -34,6 +34,7 @@ const ALL_SHIMS: &[&str] = &[ "qemu-nvidia-gpu-snp", "qemu-nvidia-gpu-snp-runtime-rs", "qemu-nvidia-gpu-tdx", + "qemu-nvidia-gpu-tdx-runtime-rs", "qemu-runtime-rs", "qemu-se", "qemu-se-runtime-rs", @@ -669,6 +670,7 @@ fn get_qemu_share_name(shim: &str) -> Option { "qemu-nvidia-gpu-snp" => "qemu-snp-experimental", "qemu-nvidia-gpu-snp-runtime-rs" => "qemu-snp-experimental", "qemu-nvidia-gpu-tdx" => "qemu-tdx-experimental", + "qemu-nvidia-gpu-tdx-runtime-rs" => "qemu-tdx-experimental", _ => "qemu", }; @@ -1062,6 +1064,7 @@ mod tests { #[case("qemu-nvidia-gpu-snp", "qemu")] #[case("qemu-nvidia-gpu-snp-runtime-rs", "qemu")] #[case("qemu-nvidia-gpu-tdx", "qemu")] + #[case("qemu-nvidia-gpu-tdx-runtime-rs", "qemu")] #[case("qemu-runtime-rs", "qemu")] #[case("qemu-coco-dev-runtime-rs", "qemu")] #[case("qemu-se-runtime-rs", "qemu")] diff --git a/tools/packaging/kata-deploy/binary/src/config.rs b/tools/packaging/kata-deploy/binary/src/config.rs index a539bae91c..1e9283e9c3 100644 --- a/tools/packaging/kata-deploy/binary/src/config.rs +++ b/tools/packaging/kata-deploy/binary/src/config.rs @@ -718,7 +718,7 @@ fn parse_custom_runtimes() -> Result> { /// Returns only shims that are supported for that architecture fn get_default_shims_for_arch(arch: &str) -> &'static str { match arch { - "x86_64" => "clh cloud-hypervisor dragonball fc qemu qemu-coco-dev qemu-coco-dev-runtime-rs qemu-runtime-rs qemu-nvidia-gpu qemu-nvidia-gpu-runtime-rs qemu-nvidia-gpu-snp qemu-nvidia-gpu-snp-runtime-rs qemu-nvidia-gpu-tdx qemu-snp qemu-snp-runtime-rs qemu-tdx qemu-tdx-runtime-rs", + "x86_64" => "clh cloud-hypervisor dragonball fc qemu qemu-coco-dev qemu-coco-dev-runtime-rs qemu-runtime-rs qemu-nvidia-gpu qemu-nvidia-gpu-runtime-rs qemu-nvidia-gpu-snp qemu-nvidia-gpu-snp-runtime-rs qemu-nvidia-gpu-tdx qemu-nvidia-gpu-tdx-runtime-rs qemu-snp qemu-snp-runtime-rs qemu-tdx qemu-tdx-runtime-rs", "aarch64" => "clh cloud-hypervisor dragonball fc qemu qemu-runtime-rs qemu-nvidia-gpu qemu-nvidia-gpu-runtime-rs qemu-cca", "s390x" => "qemu qemu-runtime-rs qemu-se qemu-se-runtime-rs qemu-coco-dev qemu-coco-dev-runtime-rs", "ppc64le" => "qemu", diff --git a/tools/packaging/kata-deploy/binary/src/utils/system.rs b/tools/packaging/kata-deploy/binary/src/utils/system.rs index 534ebf4414..7e4a1dd095 100644 --- a/tools/packaging/kata-deploy/binary/src/utils/system.rs +++ b/tools/packaging/kata-deploy/binary/src/utils/system.rs @@ -12,6 +12,7 @@ pub const RUST_SHIMS: &[&str] = &[ "qemu-runtime-rs", "qemu-nvidia-gpu-runtime-rs", "qemu-nvidia-gpu-snp-runtime-rs", + "qemu-nvidia-gpu-tdx-runtime-rs", "qemu-coco-dev-runtime-rs", "qemu-se-runtime-rs", "qemu-snp-runtime-rs", diff --git a/tools/packaging/kata-deploy/helm-chart/kata-deploy/templates/runtimeclasses.yaml b/tools/packaging/kata-deploy/helm-chart/kata-deploy/templates/runtimeclasses.yaml index c89d9e4f1a..a5a1809f7a 100644 --- a/tools/packaging/kata-deploy/helm-chart/kata-deploy/templates/runtimeclasses.yaml +++ b/tools/packaging/kata-deploy/helm-chart/kata-deploy/templates/runtimeclasses.yaml @@ -101,6 +101,7 @@ scheduling: "qemu-nvidia-gpu-snp" (dict "memory" "10240Mi" "cpu" "1.0") "qemu-nvidia-gpu-snp-runtime-rs" (dict "memory" "10240Mi" "cpu" "1.0") "qemu-nvidia-gpu-tdx" (dict "memory" "10240Mi" "cpu" "1.0") + "qemu-nvidia-gpu-tdx-runtime-rs" (dict "memory" "10240Mi" "cpu" "1.0") "qemu-cca" (dict "memory" "2048Mi" "cpu" "1.0") "stratovirt" (dict "memory" "130Mi" "cpu" "250m") "remote" (dict "memory" "120Mi" "cpu" "250m") diff --git a/tools/packaging/kata-deploy/helm-chart/kata-deploy/try-kata-nvidia-gpu.values.yaml b/tools/packaging/kata-deploy/helm-chart/kata-deploy/try-kata-nvidia-gpu.values.yaml index bd1c7dd366..53d189e8df 100644 --- a/tools/packaging/kata-deploy/helm-chart/kata-deploy/try-kata-nvidia-gpu.values.yaml +++ b/tools/packaging/kata-deploy/helm-chart/kata-deploy/try-kata-nvidia-gpu.values.yaml @@ -1,5 +1,5 @@ # Example values file to enable NVIDIA GPU shims -# This includes all NVIDIA GPU-enabled shims: qemu-nvidia-gpu, qemu-nvidia-gpu-runtime-rs, qemu-nvidia-gpu-snp, qemu-nvidia-gpu-snp-runtime-rs, qemu-nvidia-gpu-tdx +# This includes all NVIDIA GPU-enabled shims: qemu-nvidia-gpu, qemu-nvidia-gpu-runtime-rs, qemu-nvidia-gpu-snp, qemu-nvidia-gpu-snp-runtime-rs, qemu-nvidia-gpu-tdx, qemu-nvidia-gpu-tdx-runtime-rs # # Usage: # helm install kata-deploy oci://ghcr.io/kata-containers/kata-deploy-charts/kata-deploy \ @@ -111,6 +111,28 @@ shims: nvidia.com/cc.ready.state: "true" intel.feature.node.kubernetes.io/tdx: "true" + qemu-nvidia-gpu-tdx-runtime-rs: + enabled: true + supportedArches: + - amd64 + allowedHypervisorAnnotations: [] + containerd: + snapshotter: "nydus" + forceGuestPull: false + crio: + guestPull: true + agent: + httpsProxy: "" + noProxy: "" + runtimeClass: + # These labels are automatically added by gpu-operator and NFD + # respectively. Override if you want to use a different label. + # If you don't have NFD, you need to add the tdx label by other + # means to your TDX nodes. + nodeSelector: + nvidia.com/cc.ready.state: "true" + intel.feature.node.kubernetes.io/tdx: "true" + # Default shim per architecture (prefer NVIDIA GPU shims) defaultShim: amd64: qemu-nvidia-gpu # Can be changed to qemu-nvidia-gpu-snp or qemu-nvidia-gpu-tdx if preferred diff --git a/tools/packaging/kata-deploy/helm-chart/kata-deploy/values.yaml b/tools/packaging/kata-deploy/helm-chart/kata-deploy/values.yaml index b0f7600346..b4c958a7e8 100644 --- a/tools/packaging/kata-deploy/helm-chart/kata-deploy/values.yaml +++ b/tools/packaging/kata-deploy/helm-chart/kata-deploy/values.yaml @@ -222,6 +222,24 @@ shims: nvidia.com/cc.ready.state: "true" intel.feature.node.kubernetes.io/tdx: "true" + qemu-nvidia-gpu-tdx-runtime-rs: + enabled: ~ + supportedArches: + - amd64 + allowedHypervisorAnnotations: [] + containerd: + snapshotter: "nydus" + forceGuestPull: false + crio: + guestPull: true + agent: + httpsProxy: "" + noProxy: "" + runtimeClass: + nodeSelector: + nvidia.com/cc.ready.state: "true" + intel.feature.node.kubernetes.io/tdx: "true" + qemu-snp: enabled: ~ supportedArches: