From 71f3f783a4d0861ec7bf6b7eeced2048b516edbf Mon Sep 17 00:00:00 2001 From: Alex Lyn Date: Mon, 15 Jun 2026 15:52:36 +0800 Subject: [PATCH 1/3] runtime-rs: Remove mem_agent configuration for kata coco dev scenarios As it's useless with memory agent in kata-coco-dev scenarios, this commit aims to remove this items. Signed-off-by: Alex Lyn --- ...iguration-qemu-coco-dev-runtime-rs.toml.in | 96 ------------------- 1 file changed, 96 deletions(-) diff --git a/src/runtime-rs/config/configuration-qemu-coco-dev-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-coco-dev-runtime-rs.toml.in index 33c347c9fd..7460430afa 100644 --- a/src/runtime-rs/config/configuration-qemu-coco-dev-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-coco-dev-runtime-rs.toml.in @@ -571,102 +571,6 @@ create_container_timeout = @DEFCREATECONTAINERTIMEOUT_COCO@ # (default: 50000) cdh_api_timeout_ms = 50000 -[agent.@PROJECT_TYPE@.mem_agent] -# Control the mem-agent function enable or disable. -# Default to false -mem_agent_enable = false - -# Control the mem-agent memcg function disable or enable -# Default to false -memcg_disable = false - -# Control the mem-agent function swap enable or disable. -# Default to false -memcg_swap = false - -# Control the mem-agent function swappiness max number. -# Default to 50 -memcg_swappiness_max = 50 - -# Control the mem-agent memcg function wait period seconds -# Default to 600 -memcg_period_secs = 600 - -# Control the mem-agent memcg wait period PSI percent limit. -# If the percentage of memory and IO PSI stall time within -# the memcg waiting period for a cgroup exceeds this value, -# then the aging and eviction for this cgroup will not be -# executed after this waiting period. -# Default to 1 -memcg_period_psi_percent_limit = 1 - -# Control the mem-agent memcg eviction PSI percent limit. -# If the percentage of memory and IO PSI stall time for a cgroup -# exceeds this value during an eviction cycle, the eviction for -# this cgroup will immediately stop and will not resume until -# the next memcg waiting period. -# Default to 1 -memcg_eviction_psi_percent_limit = 1 - -# Control the mem-agent memcg eviction run aging count min. -# A cgroup will only perform eviction when the number of aging cycles -# in memcg is greater than or equal to memcg_eviction_run_aging_count_min. -# Default to 3 -memcg_eviction_run_aging_count_min = 3 - -# Control the mem-agent compact function disable or enable -# Default to false -compact_disable = false - -# Control the mem-agent compaction function wait period seconds -# Default to 600 -compact_period_secs = 600 - -# Control the mem-agent compaction function wait period PSI percent limit. -# If the percentage of memory and IO PSI stall time within -# the compaction waiting period exceeds this value, -# then the compaction will not be executed after this waiting period. -# Default to 1 -compact_period_psi_percent_limit = 1 - -# Control the mem-agent compaction function compact PSI percent limit. -# During compaction, the percentage of memory and IO PSI stall time -# is checked every second. If this percentage exceeds -# compact_psi_percent_limit, the compaction process will stop. -# Default to 5 -compact_psi_percent_limit = 5 - -# Control the maximum number of seconds for each compaction of mem-agent compact function. -# Default to 180 -compact_sec_max = 180 - -# Control the mem-agent compaction function compact order. -# compact_order is use with compact_threshold. -# Default to 9 -compact_order = 9 - -# Control the mem-agent compaction function compact threshold. -# compact_threshold is the pages number. -# When examining the /proc/pagetypeinfo, if there's an increase in the -# number of movable pages of orders smaller than the compact_order -# compared to the amount following the previous compaction, -# and this increase surpasses a certain threshold—specifically, -# more than 'compact_threshold' number of pages. -# Or the number of free pages has decreased by 'compact_threshold' -# since the previous compaction. -# then the system should initiate another round of memory compaction. -# Default to 1024 -compact_threshold = 1024 - -# Control the mem-agent compaction function force compact times. -# After one compaction, if there has not been a compaction within -# the next compact_force_times times, a compaction will be forced -# regardless of the system's memory situation. -# If compact_force_times is set to 0, will do force compaction each time. -# If compact_force_times is set to 9223372036854775807, will never do force compaction. -# Default to 9223372036854775807 -compact_force_times = 9223372036854775807 - [runtime] # If enabled, the runtime will log additional debug messages to the # system log From b068f7354358f7b09d04ea5716c5b6a823624ac0 Mon Sep 17 00:00:00 2001 From: Alex Lyn Date: Mon, 15 Jun 2026 15:55:08 +0800 Subject: [PATCH 2/3] runtime-rs: add experimental features documentation The experimental configuration allows enabling features not yet stable for production. These features may break compatibility and are prepared for major version bumps. Add documentation with force_guest_pull example across all runtime-rs configuration files. This feature enables guest-side image pulling in CoCo (Confidential Computing) scenarios. Example usage: experimental = ["force_guest_pull"] Fixes inconsistent documentation across configuration files Signed-off-by: Alex Lyn --- .../config/configuration-clh-azure-runtime-rs.toml.in | 3 +++ src/runtime-rs/config/configuration-clh-runtime-rs.toml.in | 3 +++ src/runtime-rs/config/configuration-dragonball.toml.in | 3 +++ .../config/configuration-qemu-coco-dev-runtime-rs.toml.in | 3 +++ .../config/configuration-qemu-nvidia-gpu-runtime-rs.toml.in | 3 +++ .../configuration-qemu-nvidia-gpu-snp-runtime-rs.toml.in | 3 +++ .../configuration-qemu-nvidia-gpu-tdx-runtime-rs.toml.in | 3 +++ src/runtime-rs/config/configuration-qemu-runtime-rs.toml.in | 3 +++ .../config/configuration-qemu-se-runtime-rs.toml.in | 3 +++ .../config/configuration-qemu-snp-runtime-rs.toml.in | 4 ++-- .../config/configuration-qemu-tdx-runtime-rs.toml.in | 4 ++-- src/runtime-rs/config/configuration-remote.toml.in | 3 +++ src/runtime-rs/config/configuration-rs-fc.toml.in | 3 +++ 13 files changed, 37 insertions(+), 4 deletions(-) diff --git a/src/runtime-rs/config/configuration-clh-azure-runtime-rs.toml.in b/src/runtime-rs/config/configuration-clh-azure-runtime-rs.toml.in index 8237012486..308ad7bbd9 100644 --- a/src/runtime-rs/config/configuration-clh-azure-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-clh-azure-runtime-rs.toml.in @@ -509,6 +509,9 @@ sandbox_cgroup_only = @DEFSANDBOXCGROUPONLY_CLH@ # Experimental features are features not stable enough for production, # they may break compatibility, and are prepared for a big version bump. # Supported experimental features: +# for example: +# experimental = ["force_guest_pull"] +# which enables force_guest_pull mode in CoCo scenarios. # (default: []) experimental = @DEFAULTEXPFEATURES@ diff --git a/src/runtime-rs/config/configuration-clh-runtime-rs.toml.in b/src/runtime-rs/config/configuration-clh-runtime-rs.toml.in index 928130ea37..c34e95b152 100644 --- a/src/runtime-rs/config/configuration-clh-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-clh-runtime-rs.toml.in @@ -509,6 +509,9 @@ sandbox_cgroup_only = @DEFSANDBOXCGROUPONLY_CLH@ # Experimental features are features not stable enough for production, # they may break compatibility, and are prepared for a big version bump. # Supported experimental features: +# for example: +# experimental = ["force_guest_pull"] +# which enables force_guest_pull mode in CoCo scenarios. # (default: []) experimental = @DEFAULTEXPFEATURES@ diff --git a/src/runtime-rs/config/configuration-dragonball.toml.in b/src/runtime-rs/config/configuration-dragonball.toml.in index 54ea7abae9..44e5c903f2 100644 --- a/src/runtime-rs/config/configuration-dragonball.toml.in +++ b/src/runtime-rs/config/configuration-dragonball.toml.in @@ -510,6 +510,9 @@ sandbox_cgroup_only = @DEFSANDBOXCGROUPONLY_DB@ # Experimental features are features not stable enough for production, # they may break compatibility, and are prepared for a big version bump. # Supported experimental features: +# for example: +# experimental = ["force_guest_pull"] +# which enables force_guest_pull mode in CoCo scenarios. # (default: []) experimental = @DEFAULTEXPFEATURES@ diff --git a/src/runtime-rs/config/configuration-qemu-coco-dev-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-coco-dev-runtime-rs.toml.in index 7460430afa..22b1dfd056 100644 --- a/src/runtime-rs/config/configuration-qemu-coco-dev-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-coco-dev-runtime-rs.toml.in @@ -699,6 +699,9 @@ emptydir_mode = "@DEFEMPTYDIRMODE_COCO@" # Experimental features are features not stable enough for production, # they may break compatibility, and are prepared for a big version bump. # Supported experimental features: +# for example: +# experimental = ["force_guest_pull"] +# which enables force_guest_pull mode in CoCo scenarios. # (default: []) experimental = @DEFAULTEXPFEATURES@ diff --git a/src/runtime-rs/config/configuration-qemu-nvidia-gpu-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-nvidia-gpu-runtime-rs.toml.in index cb9f4e9b76..c7edc39963 100644 --- a/src/runtime-rs/config/configuration-qemu-nvidia-gpu-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-nvidia-gpu-runtime-rs.toml.in @@ -813,6 +813,9 @@ emptydir_mode = "@DEFEMPTYDIRMODE@" # Experimental features are features not stable enough for production, # they may break compatibility, and are prepared for a big version bump. # Supported experimental features: +# for example: +# experimental = ["force_guest_pull"] +# which enables force_guest_pull mode in CoCo scenarios. # (default: []) experimental = @DEFAULTEXPFEATURES@ diff --git a/src/runtime-rs/config/configuration-qemu-nvidia-gpu-snp-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-nvidia-gpu-snp-runtime-rs.toml.in index 73977a9bf6..7f90fb11c8 100644 --- a/src/runtime-rs/config/configuration-qemu-nvidia-gpu-snp-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-nvidia-gpu-snp-runtime-rs.toml.in @@ -745,6 +745,9 @@ emptydir_mode = "@DEFEMPTYDIRMODE_COCO@" # Experimental features are features not stable enough for production, # they may break compatibility, and are prepared for a big version bump. # Supported experimental features: +# for example: +# experimental = ["force_guest_pull"] +# which enables force_guest_pull mode in CoCo scenarios. # (default: []) experimental = @DEFAULTEXPFEATURES@ diff --git a/src/runtime-rs/config/configuration-qemu-nvidia-gpu-tdx-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-nvidia-gpu-tdx-runtime-rs.toml.in index 5af5b74c51..1a70a7bd8d 100644 --- a/src/runtime-rs/config/configuration-qemu-nvidia-gpu-tdx-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-nvidia-gpu-tdx-runtime-rs.toml.in @@ -721,6 +721,9 @@ emptydir_mode = "@DEFEMPTYDIRMODE_COCO@" # Experimental features are features not stable enough for production, # they may break compatibility, and are prepared for a big version bump. # Supported experimental features: +# for example: +# experimental = ["force_guest_pull"] +# which enables force_guest_pull mode in CoCo scenarios. # (default: []) experimental = @DEFAULTEXPFEATURES@ diff --git a/src/runtime-rs/config/configuration-qemu-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-runtime-rs.toml.in index 23b5bbf611..0ae06f27c4 100644 --- a/src/runtime-rs/config/configuration-qemu-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-runtime-rs.toml.in @@ -789,6 +789,9 @@ emptydir_mode = "@DEFEMPTYDIRMODE@" # Experimental features are features not stable enough for production, # they may break compatibility, and are prepared for a big version bump. # Supported experimental features: +# for example: +# experimental = ["force_guest_pull"] +# which enables force_guest_pull mode in CoCo scenarios. # (default: []) experimental = @DEFAULTEXPFEATURES@ diff --git a/src/runtime-rs/config/configuration-qemu-se-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-se-runtime-rs.toml.in index f3e678d201..1421b47ff1 100644 --- a/src/runtime-rs/config/configuration-qemu-se-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-se-runtime-rs.toml.in @@ -675,6 +675,9 @@ emptydir_mode = "@DEFEMPTYDIRMODE_COCO@" # Experimental features are features not stable enough for production, # they may break compatibility, and are prepared for a big version bump. # Supported experimental features: +# for example: +# experimental = ["force_guest_pull"] +# which enables force_guest_pull mode in CoCo scenarios. # (default: []) experimental = @DEFAULTEXPFEATURES@ diff --git a/src/runtime-rs/config/configuration-qemu-snp-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-snp-runtime-rs.toml.in index b489ff280a..de39c6a424 100644 --- a/src/runtime-rs/config/configuration-qemu-snp-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-snp-runtime-rs.toml.in @@ -722,8 +722,8 @@ emptydir_mode = "@DEFEMPTYDIRMODE_COCO@" # they may break compatibility, and are prepared for a big version bump. # Supported experimental features: # for example: -# experimental=["force_guest_pull"] -# which is for enable force_guest_pull mode in CoCo scenarios. +# experimental = ["force_guest_pull"] +# which enables force_guest_pull mode in CoCo scenarios. # (default: []) experimental = @DEFAULTEXPFEATURES@ diff --git a/src/runtime-rs/config/configuration-qemu-tdx-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-tdx-runtime-rs.toml.in index a9231ae453..ccf5b4da37 100644 --- a/src/runtime-rs/config/configuration-qemu-tdx-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-tdx-runtime-rs.toml.in @@ -700,8 +700,8 @@ emptydir_mode = "@DEFEMPTYDIRMODE_COCO@" # they may break compatibility, and are prepared for a big version bump. # Supported experimental features: # for example: -# experimental=["force_guest_pull"] -# which is for enable force_guest_pull mode in CoCo scenarios. +# experimental = ["force_guest_pull"] +# which enables force_guest_pull mode in CoCo scenarios. # (default: []) experimental = @DEFAULTEXPFEATURES@ diff --git a/src/runtime-rs/config/configuration-remote.toml.in b/src/runtime-rs/config/configuration-remote.toml.in index 04ba2628bd..baf60df1e3 100644 --- a/src/runtime-rs/config/configuration-remote.toml.in +++ b/src/runtime-rs/config/configuration-remote.toml.in @@ -277,6 +277,9 @@ disable_guest_empty_dir = false # Experimental features are features not stable enough for production, # they may break compatibility, and are prepared for a big version bump. # Supported experimental features: +# for example: +# experimental = ["force_guest_pull"] +# which enables force_guest_pull mode in CoCo scenarios. # (default: []) experimental = @DEFAULTEXPFEATURES@ diff --git a/src/runtime-rs/config/configuration-rs-fc.toml.in b/src/runtime-rs/config/configuration-rs-fc.toml.in index 8d7771e2ff..881e3bd407 100644 --- a/src/runtime-rs/config/configuration-rs-fc.toml.in +++ b/src/runtime-rs/config/configuration-rs-fc.toml.in @@ -423,6 +423,9 @@ emptydir_mode = "@DEFEMPTYDIRMODE@" # Experimental features are features not stable enough for production, # they may break compatibility, and are prepared for a big version bump. # Supported experimental features: +# for example: +# experimental = ["force_guest_pull"] +# which enables force_guest_pull mode in CoCo scenarios. # (default: []) experimental = @DEFAULTEXPFEATURES@ From 8ae08e7fb0b98396db780b9880726ab858b670ee Mon Sep 17 00:00:00 2001 From: Alex Lyn Date: Mon, 15 Jun 2026 15:47:25 +0800 Subject: [PATCH 3/3] runtime-rs: Add dan_conf to allow network devices in host netns for qemu Network devices for VM-based containers are allowed to be placed in the host netns to eliminate as many hops as possible, which is what we aim for to achieve near-native networking performance. This commit introduces the `dan_conf` field to the configuration file. This allows the runtime to specify the configuration path for Direct Attached Network (DAN) devices, enabling interfaces to remain in the host network namespace while being utilized by the VM-based(qemu) containers. Signed-off-by: Alex Lyn --- .../configuration-qemu-coco-dev-runtime-rs.toml.in | 9 +++++++++ .../configuration-qemu-nvidia-gpu-runtime-rs.toml.in | 9 +++++++++ .../configuration-qemu-nvidia-gpu-snp-runtime-rs.toml.in | 9 +++++++++ .../configuration-qemu-nvidia-gpu-tdx-runtime-rs.toml.in | 9 +++++++++ .../config/configuration-qemu-runtime-rs.toml.in | 9 +++++++++ .../config/configuration-qemu-se-runtime-rs.toml.in | 9 +++++++++ src/runtime-rs/config/configuration-remote.toml.in | 9 +++++++++ src/runtime-rs/config/configuration-rs-fc.toml.in | 9 +++++++++ 8 files changed, 72 insertions(+) diff --git a/src/runtime-rs/config/configuration-qemu-coco-dev-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-coco-dev-runtime-rs.toml.in index 22b1dfd056..437cd740c4 100644 --- a/src/runtime-rs/config/configuration-qemu-coco-dev-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-coco-dev-runtime-rs.toml.in @@ -708,3 +708,12 @@ experimental = @DEFAULTEXPFEATURES@ # If enabled, user can run pprof tools with shim v2 process through kata-monitor. # (default: false) enable_pprof = false + +# Base directory of directly attachable network config. +# Network devices for VM-based containers are allowed to be placed in the +# host netns to eliminate as many hops as possible, which is what we +# called a "Directly Attachable Network". The config, set by special CNI +# plugins, is used to tell the Kata containers what devices are attached +# to the hypervisor. +# (default: /run/kata-containers/dans) +dan_conf = "@DEFDANCONF@" diff --git a/src/runtime-rs/config/configuration-qemu-nvidia-gpu-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-nvidia-gpu-runtime-rs.toml.in index c7edc39963..3738301bcd 100644 --- a/src/runtime-rs/config/configuration-qemu-nvidia-gpu-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-nvidia-gpu-runtime-rs.toml.in @@ -823,6 +823,15 @@ experimental = @DEFAULTEXPFEATURES@ # (default: false) enable_pprof = false +# Base directory of directly attachable network config. +# Network devices for VM-based containers are allowed to be placed in the +# host netns to eliminate as many hops as possible, which is what we +# called a "Directly Attachable Network". The config, set by special CNI +# plugins, is used to tell the Kata containers what devices are attached +# to the hypervisor. +# (default: /run/kata-containers/dans) +dan_conf = "@DEFDANCONF@" + # kubelet_root_dir is the kubelet root directory used to match ConfigMap/Secret # volume paths for propagation. Override for distros that use a different path # (e.g. k0s: /var/lib/k0s/kubelet). diff --git a/src/runtime-rs/config/configuration-qemu-nvidia-gpu-snp-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-nvidia-gpu-snp-runtime-rs.toml.in index 7f90fb11c8..06f7a2e9f9 100644 --- a/src/runtime-rs/config/configuration-qemu-nvidia-gpu-snp-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-nvidia-gpu-snp-runtime-rs.toml.in @@ -755,6 +755,15 @@ experimental = @DEFAULTEXPFEATURES@ # (default: false) enable_pprof = false +# Base directory of directly attachable network config. +# Network devices for VM-based containers are allowed to be placed in the +# host netns to eliminate as many hops as possible, which is what we +# called a "Directly Attachable Network". The config, set by special CNI +# plugins, is used to tell the Kata containers what devices are attached +# to the hypervisor. +# (default: /run/kata-containers/dans) +dan_conf = "@DEFDANCONF@" + # kubelet_root_dir is the kubelet root directory used to match ConfigMap/Secret # volume paths for propagation. Override for distros that use a different path # (e.g. k0s: /var/lib/k0s/kubelet). diff --git a/src/runtime-rs/config/configuration-qemu-nvidia-gpu-tdx-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-nvidia-gpu-tdx-runtime-rs.toml.in index 1a70a7bd8d..9ae7041cc5 100644 --- a/src/runtime-rs/config/configuration-qemu-nvidia-gpu-tdx-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-nvidia-gpu-tdx-runtime-rs.toml.in @@ -731,6 +731,15 @@ experimental = @DEFAULTEXPFEATURES@ # (default: false) enable_pprof = false +# Base directory of directly attachable network config. +# Network devices for VM-based containers are allowed to be placed in the +# host netns to eliminate as many hops as possible, which is what we +# called a "Directly Attachable Network". The config, set by special CNI +# plugins, is used to tell the Kata containers what devices are attached +# to the hypervisor. +# (default: /run/kata-containers/dans) +dan_conf = "@DEFDANCONF@" + # kubelet_root_dir is the kubelet root directory used to match ConfigMap/Secret # volume paths for propagation. Override for distros that use a different path # (e.g. k0s: /var/lib/k0s/kubelet). diff --git a/src/runtime-rs/config/configuration-qemu-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-runtime-rs.toml.in index 0ae06f27c4..47adda3409 100644 --- a/src/runtime-rs/config/configuration-qemu-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-runtime-rs.toml.in @@ -798,3 +798,12 @@ experimental = @DEFAULTEXPFEATURES@ # If enabled, user can run pprof tools with shim v2 process through kata-monitor. # (default: false) enable_pprof = false + +# Base directory of directly attachable network config. +# Network devices for VM-based containers are allowed to be placed in the +# host netns to eliminate as many hops as possible, which is what we +# called a "Directly Attachable Network". The config, set by special CNI +# plugins, is used to tell the Kata containers what devices are attached +# to the hypervisor. +# (default: /run/kata-containers/dans) +dan_conf = "@DEFDANCONF@" diff --git a/src/runtime-rs/config/configuration-qemu-se-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-se-runtime-rs.toml.in index 1421b47ff1..7b3d1649e4 100644 --- a/src/runtime-rs/config/configuration-qemu-se-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-se-runtime-rs.toml.in @@ -684,3 +684,12 @@ experimental = @DEFAULTEXPFEATURES@ # If enabled, user can run pprof tools with shim v2 process through kata-monitor. # (default: false) enable_pprof = false + +# Base directory of directly attachable network config. +# Network devices for VM-based containers are allowed to be placed in the +# host netns to eliminate as many hops as possible, which is what we +# called a "Directly Attachable Network". The config, set by special CNI +# plugins, is used to tell the Kata containers what devices are attached +# to the hypervisor. +# (default: /run/kata-containers/dans) +dan_conf = "@DEFDANCONF@" diff --git a/src/runtime-rs/config/configuration-remote.toml.in b/src/runtime-rs/config/configuration-remote.toml.in index baf60df1e3..0fd48a667b 100644 --- a/src/runtime-rs/config/configuration-remote.toml.in +++ b/src/runtime-rs/config/configuration-remote.toml.in @@ -286,3 +286,12 @@ experimental = @DEFAULTEXPFEATURES@ # If enabled, user can run pprof tools with shim v2 process through kata-monitor. # (default: false) enable_pprof = false + +# Base directory of directly attachable network config. +# Network devices for VM-based containers are allowed to be placed in the +# host netns to eliminate as many hops as possible, which is what we +# called a "Directly Attachable Network". The config, set by special CNI +# plugins, is used to tell the Kata containers what devices are attached +# to the hypervisor. +# (default: /run/kata-containers/dans) +dan_conf = "@DEFDANCONF@" diff --git a/src/runtime-rs/config/configuration-rs-fc.toml.in b/src/runtime-rs/config/configuration-rs-fc.toml.in index 881e3bd407..3b47687513 100644 --- a/src/runtime-rs/config/configuration-rs-fc.toml.in +++ b/src/runtime-rs/config/configuration-rs-fc.toml.in @@ -432,3 +432,12 @@ experimental = @DEFAULTEXPFEATURES@ # If enabled, user can run pprof tools with shim v2 process through kata-monitor. # (default: false) enable_pprof = false + +# Base directory of directly attachable network config. +# Network devices for VM-based containers are allowed to be placed in the +# host netns to eliminate as many hops as possible, which is what we +# called a "Directly Attachable Network". The config, set by special CNI +# plugins, is used to tell the Kata containers what devices are attached +# to the hypervisor. +# (default: /run/kata-containers/dans) +dan_conf = "@DEFDANCONF@"