From 4d3df964cf1d17f8f8e353750e9a87992ad0cb8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Sat, 4 Apr 2026 12:13:07 +0200 Subject: [PATCH] kata-deploy: Add qemu-nvidia-gpu-tdx-runtime-rs shim MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Register the new qemu-nvidia-gpu-tdx-runtime-rs shim across the kata-deploy stack so it is built, installed, and exposed as a RuntimeClass. This adds the shim to the Rust binary's RUST_SHIMS list (so it uses the runtime-rs binary), SHIMS list, the qemu-tdx-experimental share name mapping, and the x86_64 default shim set. The Helm chart gets the new shim entry in values.yaml, try-kata-nvidia-gpu.values.yaml, and the RuntimeClass overhead definition in runtimeclasses.yaml. Signed-off-by: Fabiano FidĂȘncio Signed-off-by: Alex Lyn --- .../binary/src/artifacts/install.rs | 3 +++ .../kata-deploy/binary/src/config.rs | 2 +- .../kata-deploy/binary/src/utils/system.rs | 1 + .../kata-deploy/templates/runtimeclasses.yaml | 1 + .../try-kata-nvidia-gpu.values.yaml | 24 ++++++++++++++++++- .../helm-chart/kata-deploy/values.yaml | 18 ++++++++++++++ 6 files changed, 47 insertions(+), 2 deletions(-) diff --git a/tools/packaging/kata-deploy/binary/src/artifacts/install.rs b/tools/packaging/kata-deploy/binary/src/artifacts/install.rs index f2e9502bd6..8925cd9f85 100644 --- a/tools/packaging/kata-deploy/binary/src/artifacts/install.rs +++ b/tools/packaging/kata-deploy/binary/src/artifacts/install.rs @@ -34,6 +34,7 @@ const ALL_SHIMS: &[&str] = &[ "qemu-nvidia-gpu-snp", "qemu-nvidia-gpu-snp-runtime-rs", "qemu-nvidia-gpu-tdx", + "qemu-nvidia-gpu-tdx-runtime-rs", "qemu-runtime-rs", "qemu-se", "qemu-se-runtime-rs", @@ -668,6 +669,7 @@ fn get_qemu_share_name(shim: &str) -> Option { "qemu-nvidia-gpu-snp" => "qemu-snp-experimental", "qemu-nvidia-gpu-snp-runtime-rs" => "qemu-snp-experimental", "qemu-nvidia-gpu-tdx" => "qemu-tdx-experimental", + "qemu-nvidia-gpu-tdx-runtime-rs" => "qemu-tdx-experimental", _ => "qemu", }; @@ -1061,6 +1063,7 @@ mod tests { #[case("qemu-nvidia-gpu-snp", "qemu")] #[case("qemu-nvidia-gpu-snp-runtime-rs", "qemu")] #[case("qemu-nvidia-gpu-tdx", "qemu")] + #[case("qemu-nvidia-gpu-tdx-runtime-rs", "qemu")] #[case("qemu-runtime-rs", "qemu")] #[case("qemu-coco-dev-runtime-rs", "qemu")] #[case("qemu-se-runtime-rs", "qemu")] diff --git a/tools/packaging/kata-deploy/binary/src/config.rs b/tools/packaging/kata-deploy/binary/src/config.rs index 153a70b2d9..1e6ddb4fca 100644 --- a/tools/packaging/kata-deploy/binary/src/config.rs +++ b/tools/packaging/kata-deploy/binary/src/config.rs @@ -737,7 +737,7 @@ fn parse_custom_runtimes() -> Result> { /// Returns only shims that are supported for that architecture fn get_default_shims_for_arch(arch: &str) -> &'static str { match arch { - "x86_64" => "clh clh-runtime-rs dragonball fc qemu qemu-coco-dev qemu-coco-dev-runtime-rs qemu-runtime-rs qemu-nvidia-gpu qemu-nvidia-gpu-runtime-rs qemu-nvidia-gpu-snp qemu-nvidia-gpu-snp-runtime-rs qemu-nvidia-gpu-tdx qemu-snp qemu-snp-runtime-rs qemu-tdx qemu-tdx-runtime-rs", + "x86_64" => "clh clh-runtime-rs dragonball fc qemu qemu-coco-dev qemu-coco-dev-runtime-rs qemu-runtime-rs qemu-nvidia-gpu qemu-nvidia-gpu-runtime-rs qemu-nvidia-gpu-snp qemu-nvidia-gpu-snp-runtime-rs qemu-nvidia-gpu-tdx qemu-nvidia-gpu-tdx-runtime-rs qemu-snp qemu-snp-runtime-rs qemu-tdx qemu-tdx-runtime-rs", "aarch64" => "clh clh-runtime-rs dragonball fc qemu qemu-coco-dev-runtime-rs qemu-runtime-rs qemu-nvidia-gpu qemu-cca", "s390x" => "qemu qemu-runtime-rs qemu-se qemu-se-runtime-rs qemu-coco-dev qemu-coco-dev-runtime-rs", "ppc64le" => "qemu", diff --git a/tools/packaging/kata-deploy/binary/src/utils/system.rs b/tools/packaging/kata-deploy/binary/src/utils/system.rs index 106160940c..2e3d3ad83e 100644 --- a/tools/packaging/kata-deploy/binary/src/utils/system.rs +++ b/tools/packaging/kata-deploy/binary/src/utils/system.rs @@ -12,6 +12,7 @@ pub const RUST_SHIMS: &[&str] = &[ "qemu-runtime-rs", "qemu-nvidia-gpu-runtime-rs", "qemu-nvidia-gpu-snp-runtime-rs", + "qemu-nvidia-gpu-tdx-runtime-rs", "qemu-coco-dev-runtime-rs", "qemu-se-runtime-rs", "qemu-snp-runtime-rs", diff --git a/tools/packaging/kata-deploy/helm-chart/kata-deploy/templates/runtimeclasses.yaml b/tools/packaging/kata-deploy/helm-chart/kata-deploy/templates/runtimeclasses.yaml index a05334645d..e57801b485 100644 --- a/tools/packaging/kata-deploy/helm-chart/kata-deploy/templates/runtimeclasses.yaml +++ b/tools/packaging/kata-deploy/helm-chart/kata-deploy/templates/runtimeclasses.yaml @@ -113,6 +113,7 @@ scheduling: "qemu-nvidia-gpu-snp" (dict "memory" "10240Mi" "cpu" "1.0") "qemu-nvidia-gpu-snp-runtime-rs" (dict "memory" "10240Mi" "cpu" "1.0") "qemu-nvidia-gpu-tdx" (dict "memory" "10240Mi" "cpu" "1.0") + "qemu-nvidia-gpu-tdx-runtime-rs" (dict "memory" "10240Mi" "cpu" "1.0") "qemu-cca" (dict "memory" "2048Mi" "cpu" "1.0") "stratovirt" (dict "memory" "130Mi" "cpu" "250m") "remote" (dict "memory" "120Mi" "cpu" "250m") diff --git a/tools/packaging/kata-deploy/helm-chart/kata-deploy/try-kata-nvidia-gpu.values.yaml b/tools/packaging/kata-deploy/helm-chart/kata-deploy/try-kata-nvidia-gpu.values.yaml index e93f896604..bffbfab4f9 100644 --- a/tools/packaging/kata-deploy/helm-chart/kata-deploy/try-kata-nvidia-gpu.values.yaml +++ b/tools/packaging/kata-deploy/helm-chart/kata-deploy/try-kata-nvidia-gpu.values.yaml @@ -1,5 +1,5 @@ # Example values file to enable NVIDIA GPU shims -# This includes all NVIDIA GPU-enabled shims: qemu-nvidia-gpu, qemu-nvidia-gpu-runtime-rs, qemu-nvidia-gpu-snp, qemu-nvidia-gpu-snp-runtime-rs, qemu-nvidia-gpu-tdx +# This includes all NVIDIA GPU-enabled shims: qemu-nvidia-gpu, qemu-nvidia-gpu-runtime-rs, qemu-nvidia-gpu-snp, qemu-nvidia-gpu-snp-runtime-rs, qemu-nvidia-gpu-tdx, qemu-nvidia-gpu-tdx-runtime-rs # # Usage: # helm install kata-deploy oci://ghcr.io/kata-containers/kata-deploy-charts/kata-deploy \ @@ -109,6 +109,28 @@ shims: nvidia.com/cc.ready.state: "true" intel.feature.node.kubernetes.io/tdx: "true" + qemu-nvidia-gpu-tdx-runtime-rs: + enabled: true + supportedArches: + - amd64 + allowedHypervisorAnnotations: [] + containerd: + snapshotter: "nydus" + forceGuestPull: false + crio: + guestPull: true + agent: + httpsProxy: "" + noProxy: "" + runtimeClass: + # These labels are automatically added by gpu-operator and NFD + # respectively. Override if you want to use a different label. + # If you don't have NFD, you need to add the tdx label by other + # means to your TDX nodes. + nodeSelector: + nvidia.com/cc.ready.state: "true" + intel.feature.node.kubernetes.io/tdx: "true" + # Default shim per architecture (prefer NVIDIA GPU shims) defaultShim: amd64: qemu-nvidia-gpu # Can be changed to qemu-nvidia-gpu-snp or qemu-nvidia-gpu-tdx if preferred diff --git a/tools/packaging/kata-deploy/helm-chart/kata-deploy/values.yaml b/tools/packaging/kata-deploy/helm-chart/kata-deploy/values.yaml index aede32d34a..2b86af56b4 100644 --- a/tools/packaging/kata-deploy/helm-chart/kata-deploy/values.yaml +++ b/tools/packaging/kata-deploy/helm-chart/kata-deploy/values.yaml @@ -232,6 +232,24 @@ shims: nvidia.com/cc.ready.state: "true" intel.feature.node.kubernetes.io/tdx: "true" + qemu-nvidia-gpu-tdx-runtime-rs: + enabled: ~ + supportedArches: + - amd64 + allowedHypervisorAnnotations: [] + containerd: + snapshotter: "nydus" + forceGuestPull: false + crio: + guestPull: true + agent: + httpsProxy: "" + noProxy: "" + runtimeClass: + nodeSelector: + nvidia.com/cc.ready.state: "true" + intel.feature.node.kubernetes.io/tdx: "true" + qemu-snp: enabled: ~ supportedArches: