Merge pull request #11482 from Apokleos/fix-force-guestpull

runtime-rs: refactor and fix the implementation of guest-pull
2025-07-12 06:38:11 +00:00 · 2025-07-04 11:29:33 +08:00 · 2025-07-04 11:29:33 +08:00 · 2e35a8067d
commit 2e35a8067d
parent fe532f9d04 2b95facc6f
2 changed files with 23 additions and 6 deletions
--- a/src/libs/kata-types/src/mount.rs
+++ b/src/libs/kata-types/src/mount.rs
@ -47,6 +47,9 @@ pub const SANDBOX_BIND_MOUNTS_RO: &str = ":ro";
 /// SANDBOX_BIND_MOUNTS_RO is for sandbox bindmounts with readwrite
 pub const SANDBOX_BIND_MOUNTS_RW: &str = ":rw";

+/// KATA_VIRTUAL_VOLUME_PREFIX is for container image guest pull
+pub const KATA_VIRTUAL_VOLUME_PREFIX: &str = "io.katacontainers.volume=";
+
 /// Directly assign a block volume to vm and mount it inside guest.
 pub const KATA_VIRTUAL_VOLUME_DIRECT_BLOCK: &str = "direct_block";
 /// Present a container image as a generic block device.
@ -384,7 +387,15 @@ impl KataVirtualVolume {
    pub fn from_base64(value: &str) -> Result<Self> {
        let json = base64::decode(value)?;
        let volume: KataVirtualVolume = serde_json::from_slice(&json)?;
+
+        Ok(volume)
+    }
+
+    /// Decode and deserialize a virtual volume object from base64 encoded json string and validate it.
+    pub fn from_base64_and_validate(value: &str) -> Result<Self> {
+        let volume = Self::from_base64(value)?;
        volume.validate()?;
+
        Ok(volume)
    }
 }
@ -532,7 +543,7 @@ pub fn adjust_rootfs_mounts() -> Result<Vec<Mount>> {
    // Create a new Vec<Mount> with a single Mount entry.
    // This Mount's options will contain the base64-encoded virtual volume.
    Ok(vec![Mount {
-        options: vec![format!("{}={}", "io.katacontainers.volume", b64_vol)],
+        options: vec![format!("{}{}", KATA_VIRTUAL_VOLUME_PREFIX, b64_vol)],
        ..Default::default() // Use default values for other Mount fields
    }])
 }
@ -647,7 +658,8 @@ mod tests {
        volume.direct_volume = Some(DirectAssignedVolume { metadata });

        let value = volume.to_base64().unwrap();
-        let volume2: KataVirtualVolume = KataVirtualVolume::from_base64(value.as_str()).unwrap();
+        let volume2: KataVirtualVolume =
+            KataVirtualVolume::from_base64_and_validate(value.as_str()).unwrap();
        assert_eq!(volume.volume_type, volume2.volume_type);
        assert_eq!(volume.source, volume2.source);
        assert_eq!(volume.fs_type, volume2.fs_type);
--- a/src/runtime-rs/crates/resource/src/rootfs/virtual_volume.rs
+++ b/src/runtime-rs/crates/resource/src/rootfs/virtual_volume.rs
@ -9,6 +9,7 @@ use std::{collections::HashMap, path::PathBuf};

 use anyhow::{anyhow, Context, Result};
 use async_trait::async_trait;
+use kata_types::mount::ImagePullVolume;
 use oci_spec::runtime as oci;
 use serde_json;
 use tokio::sync::RwLock;
@ -17,13 +18,12 @@ use hypervisor::device::device_manager::DeviceManager;
 use kata_types::{
    annotations,
    container::ContainerType,
-    mount::{KataVirtualVolume, KATA_VIRTUAL_VOLUME_IMAGE_GUEST_PULL},
+    mount::{KataVirtualVolume, KATA_VIRTUAL_VOLUME_IMAGE_GUEST_PULL, KATA_VIRTUAL_VOLUME_PREFIX},
 };

 /// Image guest-pull related consts
 const KUBERNETES_CRI_IMAGE_NAME: &str = "io.kubernetes.cri.image-name";
 const KUBERNETES_CRIO_IMAGE_NAME: &str = "io.kubernetes.cri-o.ImageName";
-const KATA_VIRTUAL_VOLUME_PREFIX: &str = "io.katacontainers.volume=";
 const KATA_VIRTUAL_VOLUME_TYPE_OVERLAY_FS: &str = "overlayfs";
 const KATA_GUEST_ROOT_SHARED_FS: &str = "/run/kata-containers/";

@ -85,11 +85,16 @@ fn handle_virtual_volume_storage(

        let mut virtual_volume_info = virt_volume.clone();
        // Merge metadata
-        for (k, v) in annotations.iter() {
-            if let Some(ref mut image_pull) = virtual_volume_info.image_pull {
+        if let Some(ref mut image_pull) = virtual_volume_info.image_pull {
+            for (k, v) in annotations.iter() {
                image_pull.metadata.insert(k.to_owned(), v.to_owned());
            }
+        } else {
+            virtual_volume_info.image_pull = Some(ImagePullVolume {
+                metadata: annotations.clone(),
+            });
        }
+
        // Serialize ImagePull as JSON
        let image_pull_info = serde_json::to_string(&virtual_volume_info.image_pull)
            .map_err(|e| anyhow!(e.to_string()))?;