csi-kata-directvolume: Support CoCo ephemeral disk

This enables support to pass confidential=true and ephemeral=true to the shim via a feature flag. Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
2025-09-02 09:24:35 +00:00 · 2024-11-18 14:52:11 -06:00
parent ea91b84dcf
commit 7b336e9759
3 changed files with 17 additions and 5 deletions
--- a/src/tools/csi-kata-directvolume/pkg/directvolume/controllerserver.go
+++ b/src/tools/csi-kata-directvolume/pkg/directvolume/controllerserver.go
@@ -62,6 +62,8 @@ func (dv *directVolume) CreateVolume(ctx context.Context, req *csi.CreateVolumeR
 			volumeCtx[utils.KataContainersDirectFsType] = value
 		case utils.KataContainersDirectLoop:
 			volumeCtx[utils.KataContainersDirectLoop] = value
+		case utils.KataContainersDirectCoCoEphemeral:
+			volumeCtx[utils.KataContainersDirectCoCoEphemeral] = value
 		default:
 			klog.Warningf("unknown parameter: %s", key)
 		}
--- a/src/tools/csi-kata-directvolume/pkg/directvolume/nodeserver.go
+++ b/src/tools/csi-kata-directvolume/pkg/directvolume/nodeserver.go
@@ -106,6 +106,11 @@ func (dv *directVolume) NodePublishVolume(ctx context.Context, req *csi.NodePubl
 		guestOptions = options
 	}

+	if isCoCoEphemeralVolume(attrib) {
+		attrib["confidential"] = "true"
+		attrib["ephemeral"] = "true"
+	}
+
 	// kata-containers DirectVolume add
 	mountInfo := utils.MountInfo{
 		VolumeType: volType,
@@ -225,6 +230,10 @@ func isLoopDevice(VolumeCtx map[string]string) bool {
 	return parseBool(VolumeCtx[utils.KataContainersDirectLoop])
 }

+func isCoCoEphemeralVolume(VolumeCtx map[string]string) bool {
+	return parseBool(VolumeCtx[utils.KataContainersDirectCoCoEphemeral])
+}
+
 // getDeviceSymlinkPath returns the path of the symlink that is used to
 // point to the loop device from inside the specified stagingTargetPath
 // directory.
--- a/src/tools/csi-kata-directvolume/pkg/utils/utils.go
+++ b/src/tools/csi-kata-directvolume/pkg/utils/utils.go
@@ -24,11 +24,12 @@ import (
 )

 const (
-	KataContainersDirectVolumeType = "katacontainers.direct.volume/volumetype"
-	KataContainersDirectFsType     = "katacontainers.direct.volume/fstype"
-	KataContainersDirectLoop       = "katacontainers.direct.volume/loop"
-	DirectVolumeTypeName           = "directvol"
-	IsDirectVolume                 = "is_directvolume"
+	KataContainersDirectVolumeType    = "katacontainers.direct.volume/volumetype"
+	KataContainersDirectFsType        = "katacontainers.direct.volume/fstype"
+	KataContainersDirectLoop          = "katacontainers.direct.volume/loop"
+	KataContainersDirectCoCoEphemeral = "katacontainers.direct.volume/cocoephemeral"
+	DirectVolumeTypeName              = "directvol"
+	IsDirectVolume                    = "is_directvolume"
 )

 const (