From 40a2f38b1eb4baf68a03224b9b308bb78dacad0a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <ffidencio@nvidia.com>
Date: Fri, 20 Feb 2026 15:26:09 +0100
Subject: [PATCH] tests: k8s: set CreateContainerRequest (on free runners)
 timeout to 600s
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Set KubeletConfiguration runtimeRequestTimeout to 600s mainly for CoCo
(Confidential Containers) tests, so container creation (attestation,
policy, image pull, VM start) does not hit the default CRI timeout.

Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>
---
 ...how-to-use-k8s-with-containerd-and-kata.md |  2 ++
 tests/gha-run-k8s-common.sh                   | 23 +++++++++++++++++--
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/docs/how-to/how-to-use-k8s-with-containerd-and-kata.md b/docs/how-to/how-to-use-k8s-with-containerd-and-kata.md
index 58bfe9de87..7995dfdda6 100644
--- a/docs/how-to/how-to-use-k8s-with-containerd-and-kata.md
+++ b/docs/how-to/how-to-use-k8s-with-containerd-and-kata.md
@@ -49,6 +49,8 @@ In order to allow Kubelet to use containerd (using the CRI interface), configure
   EOF
   ```
 
+  For Kata Containers (and especially CoCo / Confidential Containers tests), use at least `--runtime-request-timeout=600s` (10m) so CRI CreateContainerRequest does not time out.
+
 - Inform systemd about the new configuration
 
   ```bash
diff --git a/tests/gha-run-k8s-common.sh b/tests/gha-run-k8s-common.sh
index a867910c8e..0d035e427e 100644
--- a/tests/gha-run-k8s-common.sh
+++ b/tests/gha-run-k8s-common.sh
@@ -395,8 +395,27 @@ EOF
    	sudo apt-get -y install kubeadm kubelet kubectl --allow-downgrades
    	sudo apt-mark hold kubeadm kubelet kubectl
 
-	# Deploy k8s using kubeadm
-   	sudo kubeadm init --pod-network-cidr=10.244.0.0/16
+	# Deploy k8s using kubeadm with CreateContainerRequest (CRI) timeout set to 600s,
+	# mainly for CoCo (Confidential Containers) tests (attestation, policy, image pull, VM start).
+	local kubeadm_config
+	kubeadm_config="$(mktemp --tmpdir kubeadm-config.XXXXXX.yaml)"
+	cat <<EOF | tee "${kubeadm_config}"
+apiVersion: kubeadm.k8s.io/v1beta3
+kind: InitConfiguration
+nodeRegistration:
+  criSocket: "/run/containerd/containerd.sock"
+---
+apiVersion: kubeadm.k8s.io/v1beta3
+kind: ClusterConfiguration
+networking:
+  podSubnet: "10.244.0.0/16"
+---
+apiVersion: kubelet.config.k8s.io/v1beta1
+kind: KubeletConfiguration
+runtimeRequestTimeout: "600s"
+EOF
+	sudo kubeadm init --config "${kubeadm_config}"
+	rm -f "${kubeadm_config}"
 	mkdir -p $HOME/.kube
 	sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
 	sudo chown $(id -u):$(id -g) $HOME/.kube/config