Merge pull request #10755 from fidencio/topic/ensure-systemd-is-used-as-init-for-coco-cases

rootfs-confidential: Ensure systemd is used as init
2025-07-05 11:36:56 +00:00 · 2025-01-23 15:25:24 +01:00 · 2025-01-23 15:25:24 +01:00 · 66d881a5da
commit 66d881a5da
parent a23d6a1241 734ef71cf7
5 changed files with 10 additions and 1 deletions
--- a/tests/integration/kubernetes/k8s-confidential.bats
+++ b/tests/integration/kubernetes/k8s-confidential.bats
@ -29,6 +29,7 @@ setup() {

 	coco_enabled=""
 	for i in {1..6}; do
+		rm -f "${HOME}/.ssh/known_hosts"
 		if ! pod_ip=$(kubectl get pod -o wide | grep "confidential-unencrypted" | awk '{print $6;}'); then
 			warn "Failed to get pod IP address."
 		else
--- a/tests/integration/kubernetes/runtimeclass_workloads/pod-confidential-unencrypted.yaml
+++ b/tests/integration/kubernetes/runtimeclass_workloads/pod-confidential-unencrypted.yaml
@ -22,6 +22,8 @@ spec:
      app: "confidential-unencrypted"
  template:
    metadata:
+      annotations:
+        io.katacontainers.config.hypervisor.kernel_params: "log_buf_len=4M"
      labels:
        app: "confidential-unencrypted"
    spec:
--- a/tools/packaging/guest-image/build_image.sh
+++ b/tools/packaging/guest-image/build_image.sh
@ -44,7 +44,7 @@ build_initrd() {
 		ROOTFS_BUILD_DEST="${builddir}/initrd-image" \
 		USE_DOCKER=1 \
 		AGENT_TARBALL="${AGENT_TARBALL}" \
-		AGENT_INIT="yes" \
+		AGENT_INIT="${AGENT_INIT:-no}" \
 		AGENT_POLICY="${AGENT_POLICY:-}" \
 		PULL_TYPE="${PULL_TYPE:-default}" \
 		COCO_GUEST_COMPONENTS_TARBALL="${COCO_GUEST_COMPONENTS_TARBALL:-}" \
--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh
@ -98,6 +98,7 @@ SHIM_V2_CONTAINER_BUILDER="${SHIM_V2_CONTAINER_BUILDER:-}"
 TDSHIM_CONTAINER_BUILDER="${TDSHIM_CONTAINER_BUILDER:-}"
 TOOLS_CONTAINER_BUILDER="${TOOLS_CONTAINER_BUILDER:-}"
 VIRTIOFSD_CONTAINER_BUILDER="${VIRTIOFSD_CONTAINER_BUILDER:-}"
+AGENT_INIT="${AGENT_INIT:-no}"
 MEASURED_ROOTFS="${MEASURED_ROOTFS:-}"
 PULL_TYPE="${PULL_TYPE:-default}"
 USE_CACHE="${USE_CACHE:-}"
@ -128,6 +129,7 @@ docker run \
 	--env TDSHIM_CONTAINER_BUILDER="${TDSHIM_CONTAINER_BUILDER}" \
 	--env TOOLS_CONTAINER_BUILDER="${TOOLS_CONTAINER_BUILDER}" \
 	--env VIRTIOFSD_CONTAINER_BUILDER="${VIRTIOFSD_CONTAINER_BUILDER}" \
+	--env AGENT_INIT="${AGENT_INIT}" \
 	--env MEASURED_ROOTFS="${MEASURED_ROOTFS}" \
 	--env PULL_TYPE="${PULL_TYPE}" \
 	--env USE_CACHE="${USE_CACHE}" \
--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@ -454,8 +454,12 @@ install_initrd() {
 			export PAUSE_IMAGE_TARBALL="$(get_pause_image_tarball_path)"
 		fi
 	else
+		# No variant is passed, it means vanilla kata containers
 		os_name="$(get_from_kata_deps ".assets.initrd.architecture.${ARCH}.name")"
 		os_version="$(get_from_kata_deps ".assets.initrd.architecture.${ARCH}.version")"
+		if [ "${os_name}" = "alpine" ]; then
+			export AGENT_INIT=yes
+		fi
 	fi

 	export AGENT_TARBALL=$(get_agent_tarball_path)