github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2026-01-24 22:15:40 +00:00
Code Issues Projects Releases Wiki Activity

kata-deploy: try-kata-values.yaml -> values.yaml

Browse Source 
This makes the user experience better, as the admin can deploy Kata
Containers without having to download / set up any additional file.

Of course, if the admin wants something more specific, examples are
provided.

Tests and documentation are updated to reflect this change.

Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>
This commit is contained in:
Fabiano Fidêncio
2025-11-15 10:11:24 +01:00
parent 71a9ecf9f8
commit 75996945aa
6 changed files with 176 additions and 281 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
tests/gha-run-k8s-common.sh
View File

@@ -503,10 +503,11 @@ function helm_helper() {
popd
# Create temporary values file for customization
# Start with an appropriate example values file based on the hypervisor type
# Start with values.yaml which has all shims enabled by default
# Use example files only for specific hypervisor types that need different configurations
values_yaml=$(mktemp -t values_yaml.XXXXXX)
# Determine which example values file to use as base
# Determine which values file to use as base
local base_values_file="${helm_chart_dir}/values.yaml"
if [[ -n "${KATA_HYPERVISOR}" ]]; then
case "${KATA_HYPERVISOR}" in
@@ -522,12 +523,6 @@ function helm_helper() {
base_values_file="${helm_chart_dir}/try-kata-tee.values.yaml"
fi
;;
*)
# Use all shims example file for standard hypervisors
if [[ -f "${helm_chart_dir}/try-kata.values.yaml" ]]; then
base_values_file="${helm_chart_dir}/try-kata.values.yaml"
fi
;;
esac
fi

100
tools/packaging/kata-deploy/helm-chart/README.md
View File

@@ -235,7 +235,7 @@ defaultShim:
1. **Per-shim configuration**: Each shim can have its own settings for snapshotter, guest pull, agent proxy, etc.
2. **Architecture-aware**: Shims declare which architectures they support
3. **Type safety**: Structured format reduces configuration errors
4. **Better defaults**: Shims are disabled by default, requiring explicit enablement
4. **Easy to use**: All shims are enabled by default in `values.yaml`, so you can use the chart directly without modification
### Example: Enable `qemu` shim with new format
@@ -256,25 +256,38 @@ defaultShim:
The chart maintains full backward compatibility with the legacy `env.*` format. If legacy values are set, they take precedence over the new structured format. This allows for gradual migration.
### Example Values Files
### Default Configuration
To make it easier to try out Kata Containers, we provide several example values files:
#### `try-kata.values.yaml` - All Shims Enabled
This file enables all available Kata Containers shims, making it easy to try out all runtime options:
The default `values.yaml` file has **all shims enabled by default**, making it easy to use the chart directly without modification:
```sh
helm install kata-deploy oci://ghcr.io/kata-containers/kata-deploy-charts/kata-deploy \
--version VERSION \
-f try-kata.values.yaml
--version VERSION
```
This includes:
This includes all available Kata Containers shims:
- Standard shims: `qemu`, `qemu-runtime-rs`, `clh`, `cloud-hypervisor`, `dragonball`, `fc`
- TEE shims: `qemu-snp`, `qemu-tdx`, `qemu-se`, `qemu-se-runtime-rs`, `qemu-cca`, `qemu-coco-dev`, `qemu-coco-dev-runtime-rs`
- NVIDIA GPU shims: `qemu-nvidia-gpu`, `qemu-nvidia-gpu-snp`, `qemu-nvidia-gpu-tdx`
To enable only specific shims, you can override the configuration:
```yaml
# Custom values file - enable only qemu shim
shims:
qemu:
enabled: true
clh:
enabled: false
cloud-hypervisor:
enabled: false
# ... disable other shims as needed
```
### Example Values Files
For convenience, we also provide example values files that demonstrate specific use cases:
#### `try-kata-tee.values.yaml` - Trusted Execution Environment Shims
This file enables only the TEE (Trusted Execution Environment) shims for confidential computing:
@@ -337,10 +350,73 @@ The kata-deploy script will no longer create `runtimeClasses`
## Example: only `qemu` shim and debug enabled
Since all shims are enabled by default, you need to disable the ones you don't want:
```sh
# Using --set flags (disable all except qemu)
$ helm install kata-deploy \
--set shims.clh.enabled=false \
--set shims.cloud-hypervisor.enabled=false \
--set shims.dragonball.enabled=false \
--set shims.fc.enabled=false \
--set shims.qemu-runtime-rs.enabled=false \
--set shims.qemu-nvidia-gpu.enabled=false \
--set shims.qemu-nvidia-gpu-snp.enabled=false \
--set shims.qemu-nvidia-gpu-tdx.enabled=false \
--set shims.qemu-snp.enabled=false \
--set shims.qemu-tdx.enabled=false \
--set shims.qemu-se.enabled=false \
--set shims.qemu-se-runtime-rs.enabled=false \
--set shims.qemu-cca.enabled=false \
--set shims.qemu-coco-dev.enabled=false \
--set shims.qemu-coco-dev-runtime-rs.enabled=false \
--set debug=true \
"${CHART}" --version "${VERSION}"
```
Or use a custom values file:
```yaml
# custom-values.yaml
debug: true
shims:
qemu:
enabled: true
clh:
enabled: false
cloud-hypervisor:
enabled: false
dragonball:
enabled: false
fc:
enabled: false
qemu-runtime-rs:
enabled: false
qemu-nvidia-gpu:
enabled: false
qemu-nvidia-gpu-snp:
enabled: false
qemu-nvidia-gpu-tdx:
enabled: false
qemu-snp:
enabled: false
qemu-tdx:
enabled: false
qemu-se:
enabled: false
qemu-se-runtime-rs:
enabled: false
qemu-cca:
enabled: false
qemu-coco-dev:
enabled: false
qemu-coco-dev-runtime-rs:
enabled: false
```
```sh
$ helm install kata-deploy \
--set env.shims="qemu" \
--set env.debug=true \
-f custom-values.yaml \
"${CHART}" --version "${VERSION}"
```

29
tools/packaging/kata-deploy/helm-chart/kata-deploy/try-kata-nvidia-gpu.values.yaml
View File

@@ -12,7 +12,36 @@ snapshotter:
setup: []
# Enable NVIDIA GPU shims
# First disable all shims (since values.yaml enables all by default)
shims:
clh:
enabled: false
cloud-hypervisor:
enabled: false
dragonball:
enabled: false
fc:
enabled: false
qemu:
enabled: false
qemu-runtime-rs:
enabled: false
qemu-snp:
enabled: false
qemu-tdx:
enabled: false
qemu-se:
enabled: false
qemu-se-runtime-rs:
enabled: false
qemu-cca:
enabled: false
qemu-coco-dev:
enabled: false
qemu-coco-dev-runtime-rs:
enabled: false
# Now enable NVIDIA GPU shims
qemu-nvidia-gpu:
enabled: true
supportedArches:

21
tools/packaging/kata-deploy/helm-chart/kata-deploy/try-kata-tee.values.yaml
View File

@@ -12,7 +12,28 @@ snapshotter:
setup: ["nydus"] # TEE shims typically use nydus snapshotter
# Enable TEE (Trusted Execution Environment) shims
# First disable all shims (since values.yaml enables all by default)
shims:
clh:
enabled: false
cloud-hypervisor:
enabled: false
dragonball:
enabled: false
fc:
enabled: false
qemu:
enabled: false
qemu-runtime-rs:
enabled: false
qemu-nvidia-gpu:
enabled: false
qemu-nvidia-gpu-snp:
enabled: false
qemu-nvidia-gpu-tdx:
enabled: false
# Now enable TEE shims (qemu-snp, qemu-tdx, qemu-se, qemu-se-runtime-rs, qemu-cca, qemu-coco-dev, qemu-coco-dev-runtime-rs)
qemu-snp:
enabled: true
supportedArches:

220
tools/packaging/kata-deploy/helm-chart/kata-deploy/try-kata.values.yaml
View File

@@ -1,220 +0,0 @@
# Example values file to enable all available Kata Containers shims
# This is useful for trying out all the different runtime options available.
#
# Usage:
# helm install kata-deploy oci://ghcr.io/kata-containers/kata-deploy-charts/kata-deploy \
# --version VERSION \
# -f try-kata.values.yaml
debug: false
snapshotter:
setup: [] # ["nydus", "erofs"] or []
# Enable all available shims
shims:
clh:
enabled: true
supportedArches:
- amd64
- arm64
allowedHypervisorAnnotations: []
containerd:
snapshotter: ""
cloud-hypervisor:
enabled: true
supportedArches:
- amd64
- arm64
allowedHypervisorAnnotations: []
containerd:
snapshotter: ""
dragonball:
enabled: true
supportedArches:
- amd64
- arm64
allowedHypervisorAnnotations: []
containerd:
snapshotter: ""
fc:
enabled: true
supportedArches:
- amd64
- arm64
allowedHypervisorAnnotations: []
containerd:
snapshotter: "devmapper" # requires pre-configuration on the user side
qemu:
enabled: true
supportedArches:
- amd64
- arm64
- s390x
- ppc64le
allowedHypervisorAnnotations: []
containerd:
snapshotter: ""
qemu-runtime-rs:
enabled: true
supportedArches:
- amd64
- s390x
allowedHypervisorAnnotations: []
containerd:
snapshotter: ""
qemu-nvidia-gpu:
enabled: true
supportedArches:
- amd64
- arm64
allowedHypervisorAnnotations: []
containerd:
snapshotter: ""
qemu-nvidia-gpu-snp:
enabled: true
supportedArches:
- amd64
allowedHypervisorAnnotations: []
containerd:
snapshotter: ""
forceGuestPull: true
crio:
guestPull: true
agent:
httpsProxy: ""
noProxy: ""
qemu-nvidia-gpu-tdx:
enabled: true
supportedArches:
- amd64
allowedHypervisorAnnotations: []
containerd:
snapshotter: ""
forceGuestPull: true
crio:
guestPull: true
agent:
httpsProxy: ""
noProxy: ""
qemu-snp:
enabled: true
supportedArches:
- amd64
allowedHypervisorAnnotations: []
containerd:
snapshotter: nydus
forceGuestPull: false
crio:
guestPull: true
agent:
httpsProxy: ""
noProxy: ""
qemu-tdx:
enabled: true
supportedArches:
- amd64
allowedHypervisorAnnotations: []
containerd:
snapshotter: nydus
forceGuestPull: false
crio:
guestPull: true
agent:
httpsProxy: ""
noProxy: ""
qemu-se:
enabled: true
supportedArches:
- s390x
allowedHypervisorAnnotations: []
containerd:
snapshotter: nydus
forceGuestPull: false
crio:
guestPull: true
agent:
httpsProxy: ""
noProxy: ""
qemu-se-runtime-rs:
enabled: true
supportedArches:
- s390x
allowedHypervisorAnnotations: []
containerd:
snapshotter: nydus
forceGuestPull: false
crio:
guestPull: true
agent:
httpsProxy: ""
noProxy: ""
qemu-cca:
enabled: true
supportedArches:
- arm64
allowedHypervisorAnnotations: []
containerd:
snapshotter: nydus
forceGuestPull: false
crio:
guestPull: true
agent:
httpsProxy: ""
noProxy: ""
qemu-coco-dev:
enabled: true
supportedArches:
- amd64
- s390x
allowedHypervisorAnnotations: []
containerd:
snapshotter: nydus
forceGuestPull: false
crio:
guestPull: true
agent:
httpsProxy: ""
noProxy: ""
qemu-coco-dev-runtime-rs:
enabled: true
supportedArches:
- amd64
- s390x
allowedHypervisorAnnotations: []
containerd:
snapshotter: nydus
forceGuestPull: false
crio:
guestPull: true
agent:
httpsProxy: ""
noProxy: ""
# Default shim per architecture
defaultShim:
amd64: qemu
arm64: qemu
s390x: qemu
ppc64le: qemu
runtimeClasses:
enabled: true
createDefault: false
defaultName: "kata"

76
tools/packaging/kata-deploy/helm-chart/kata-deploy/values.yaml
View File

@@ -20,11 +20,10 @@ debug: false
snapshotter:
setup: [] # ["nydus", "erofs"] or []
# See MAINTENANCE.md for field descriptions and maintenance guide
# NOTE: All shims are disabled by default. Enable the ones you need explicitly.
# Enable all available shims
shims:
clh: # cloud-hypervisor, golang runtime
enabled: false
clh:
enabled: true
supportedArches:
- amd64
- arm64
@@ -32,8 +31,8 @@ shims:
containerd:
snapshotter: ""
cloud-hypervisor: # rust runtime
enabled: false
cloud-hypervisor:
enabled: true
supportedArches:
- amd64
- arm64
@@ -41,17 +40,17 @@ shims:
containerd:
snapshotter: ""
dragonball: # rust runtime
enabled: false
dragonball:
enabled: true
supportedArches:
- amd64
- arm64
allowedHypervisorAnnotations: []
containerd:
snapshotter: ""
fc: # firecracker, golang runtime
enabled: false
fc:
enabled: true
supportedArches:
- amd64
- arm64
@@ -59,8 +58,8 @@ shims:
containerd:
snapshotter: "devmapper" # requires pre-configuration on the user side
qemu: # golang runtime
enabled: false
qemu:
enabled: true
supportedArches:
- amd64
- arm64
@@ -70,17 +69,17 @@ shims:
containerd:
snapshotter: ""
qemu-runtime-rs: # rust runtime
enabled: false
qemu-runtime-rs:
enabled: true
supportedArches:
- amd64
- s390x
allowedHypervisorAnnotations: []
containerd:
snapshotter: ""
qemu-nvidia-gpu: # golang runtime
enabled: false
qemu-nvidia-gpu:
enabled: true
supportedArches:
- amd64
- arm64
@@ -88,8 +87,8 @@ shims:
containerd:
snapshotter: ""
qemu-nvidia-gpu-snp: # golang runtime
enabled: false
qemu-nvidia-gpu-snp:
enabled: true
supportedArches:
- amd64
allowedHypervisorAnnotations: []
@@ -102,8 +101,8 @@ shims:
httpsProxy: ""
noProxy: ""
qemu-nvidia-gpu-tdx: # golang runtime
enabled: false
qemu-nvidia-gpu-tdx:
enabled: true
supportedArches:
- amd64
allowedHypervisorAnnotations: []
@@ -116,8 +115,8 @@ shims:
httpsProxy: ""
noProxy: ""
qemu-snp: # golang runtime
enabled: false
qemu-snp:
enabled: true
supportedArches:
- amd64
allowedHypervisorAnnotations: []
@@ -130,8 +129,8 @@ shims:
httpsProxy: ""
noProxy: ""
qemu-tdx: # golang runtime
enabled: false
qemu-tdx:
enabled: true
supportedArches:
- amd64
allowedHypervisorAnnotations: []
@@ -144,8 +143,8 @@ shims:
httpsProxy: ""
noProxy: ""
qemu-se: # golang runtime
enabled: false
qemu-se:
enabled: true
supportedArches:
- s390x
allowedHypervisorAnnotations: []
@@ -158,8 +157,8 @@ shims:
httpsProxy: ""
noProxy: ""
qemu-se-runtime-rs: # rust runtime
enabled: false
qemu-se-runtime-rs:
enabled: true
supportedArches:
- s390x
allowedHypervisorAnnotations: []
@@ -172,8 +171,8 @@ shims:
httpsProxy: ""
noProxy: ""
qemu-cca: # golang runtime
enabled: false
qemu-cca:
enabled: true
supportedArches:
- arm64
allowedHypervisorAnnotations: []
@@ -186,8 +185,8 @@ shims:
httpsProxy: ""
noProxy: ""
qemu-coco-dev: # golang runtime
enabled: false
qemu-coco-dev:
enabled: true
supportedArches:
- amd64
- s390x
@@ -201,8 +200,8 @@ shims:
httpsProxy: ""
noProxy: ""
qemu-coco-dev-runtime-rs: # rust runtime
enabled: false
qemu-coco-dev-runtime-rs:
enabled: true
supportedArches:
- amd64
- s390x
@@ -217,11 +216,6 @@ shims:
noProxy: ""
# Default shim per architecture
# Since shims are disabled by default, you must explicitly configure defaultShim
# for the architectures you're using.
# Example:
# defaultShim:
# amd64: shim
defaultShim:
amd64: qemu
arm64: qemu