github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-29 08:47:56 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #8404 from fidencio/topic/kata-deploy-allow-users-to-enable-hypervisor-annotations

Browse Source 
kata-deploy: Allow users to set hypervisor annotations
This commit is contained in:
Fabiano Fidêncio 2023-11-09 17:44:52 +01:00 committed by GitHub
commit 2b937400fe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 26 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
tests/integration/kubernetes/gha-run.sh
View File

@ -119,6 +119,7 @@ function deploy_kata() {
yq write -i "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" 'spec.template.spec.containers[0].env[5].value' --tag '!!str' "true" yq write -i "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" 'spec.template.spec.containers[0].env[5].value' --tag '!!str' "true"
if [ "${KATA_HOST_OS}" = "cbl-mariner" ]; then if [ "${KATA_HOST_OS}" = "cbl-mariner" ]; then
yq write -i "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" 'spec.template.spec.containers[0].env[6].value' "initrd kernel"
yq write -i "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" 'spec.template.spec.containers[0].env[+].name' "HOST_OS" yq write -i "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" 'spec.template.spec.containers[0].env[+].name' "HOST_OS"
yq write -i "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" 'spec.template.spec.containers[0].env[-1].value' "${KATA_HOST_OS}" yq write -i "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" 'spec.template.spec.containers[0].env[-1].value' "${KATA_HOST_OS}"
fi fi

2
tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml
View File

@ -39,6 +39,8 @@ spec:
value: "false" value: "false"
- name: CREATE_DEFAULT_RUNTIMECLASS - name: CREATE_DEFAULT_RUNTIMECLASS
value: "false" value: "false"
- name: ALLOWED_HYPERVISOR_ANNOTATIONS
value: ""
securityContext: securityContext:
privileged: true privileged: true
volumeMounts: volumeMounts:

34
tools/packaging/kata-deploy/scripts/kata-deploy.sh
View File

@ -15,9 +15,15 @@ containerd_conf_file="/etc/containerd/config.toml"
containerd_conf_file_backup="${containerd_conf_file}.bak" containerd_conf_file_backup="${containerd_conf_file}.bak"
IFS=' ' read -a shims <<< "$SHIMS" IFS=' ' read -a shims <<< "$SHIMS"
default_shim="$DEFAULT_SHIM" default_shim="$DEFAULT_SHIM"
IFS=' ' read -a non_formatted_allowed_hypervisor_annotations <<< "$ALLOWED_HYPERVISOR_ANNOTATIONS"
allowed_hypervisor_annotations=""
for allowed_hypervisor_annotation in "${non_formatted_allowed_hypervisor_annotations[@]}"; do
allowed_hypervisor_annotations+="\"$allowed_hypervisor_annotation\", "
done
allowed_hypervisor_annotations=$(echo $allowed_hypervisor_annotations | sed 's/,$//')
# If we fail for any reason a message will be displayed # If we fail for any reason a message will be displayed
die() { die() {
msg="$*" msg="$*"
@ -105,25 +111,30 @@ function install_artifacts() {
[ -d /opt/kata/runtime-rs/bin ] && \ [ -d /opt/kata/runtime-rs/bin ] && \
chmod +x /opt/kata/runtime-rs/bin/* chmod +x /opt/kata/runtime-rs/bin/*
# Allow enabling debug for Kata Containers config_path="/opt/kata/share/defaults/kata-containers/"
if [[ "${DEBUG}" == "true" ]]; then for shim in "${shims[@]}"; do
config_path="/opt/kata/share/defaults/kata-containers/" local kata_config_file="${config_path}/configuration-${shim}.toml"
for shim in "${shims[@]}"; do # Allow enabling debug for Kata Containers
sed -i -e 's/^#\(enable_debug\).*=.*$/\1 = true/g' "${config_path}/configuration-${shim}.toml" if [[ "${DEBUG}" == "true" ]]; then
sed -i -e 's/^#\(debug_console_enabled\).*=.*$/\1 = true/g' "${config_path}/configuration-${shim}.toml" sed -i -e 's/^#\(enable_debug\).*=.*$/\1 = true/g' "${kata_config_file}"
sed -i -e 's/^kernel_params = "\(.*\)"/kernel_params = "\1 agent.log=debug initcall_debug"/g' "${config_path}/configuration-${shim}.toml" sed -i -e 's/^#\(debug_console_enabled\).*=.*$/\1 = true/g' "${kata_config_file}"
done sed -i -e 's/^kernel_params = "\(.*\)"/kernel_params = "\1 agent.log=debug initcall_debug"/g' "${kata_config_file}"
fi fi
if [ -n "${allowed_hypervisor_annotations}" ]; then
sed -i -e "s/^enable_annotations = \[\(.*\)\]/enable_annotations = [\1, $allowed_hypervisor_annotations]/" "${kata_config_file}"
fi
done
# Allow Mariner to use custom configuration. # Allow Mariner to use custom configuration.
if [ "${HOST_OS:-}" == "cbl-mariner" ]; then if [ "${HOST_OS:-}" == "cbl-mariner" ]; then
config_path="/opt/kata/share/defaults/kata-containers/configuration-clh.toml" config_path="/opt/kata/share/defaults/kata-containers/configuration-clh.toml"
clh_path="/opt/kata/bin/cloud-hypervisor-glibc" clh_path="/opt/kata/bin/cloud-hypervisor-glibc"
sed -i -E 's|(enable_annotations) = .+|\1 = ["enable_iommu", "initrd", "kernel"]|' "${config_path}"
sed -i -E "s|(valid_hypervisor_paths) = .+|\1 = [\"${clh_path}\"]|" "${config_path}" sed -i -E "s|(valid_hypervisor_paths) = .+|\1 = [\"${clh_path}\"]|" "${config_path}"
sed -i -E "s|(path) = \".+/cloud-hypervisor\"|\1 = \"${clh_path}\"|" "${config_path}" sed -i -E "s|(path) = \".+/cloud-hypervisor\"|\1 = \"${clh_path}\"|" "${config_path}"
fi fi
if [[ "${CREATE_RUNTIMECLASSES}" == "true" ]]; then if [[ "${CREATE_RUNTIMECLASSES}" == "true" ]]; then
create_runtimeclasses create_runtimeclasses
fi fi
@ -415,6 +426,7 @@ function main() {
echo "* DEFAULT_SHIM: ${DEFAULT_SHIM}" echo "* DEFAULT_SHIM: ${DEFAULT_SHIM}"
echo "* CREATE_RUNTIMECLASSES: ${CREATE_RUNTIMECLASSES}" echo "* CREATE_RUNTIMECLASSES: ${CREATE_RUNTIMECLASSES}"
echo "* CREATE_DEFAULT_RUNTIMECLASS: ${CREATE_DEFAULT_RUNTIMECLASS}" echo "* CREATE_DEFAULT_RUNTIMECLASS: ${CREATE_DEFAULT_RUNTIMECLASS}"
echo "* ALLOWED_HYPERVISOR_ANNOTATIONS: ${ALLOWED_HYPERVISOR_ANNOTATIONS}"
# script requires that user is root # script requires that user is root
euid=$(id -u) euid=$(id -u)