kata-deploy: Let helm deal with runtimeClass creation

We had this logic inside the script when we didn't use the helm chart.
However, this only makes the shim script more convoluted for no reason.

Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>

tools/packaging/kata-deploy/helm-chart/README.md

@@ -126,6 +126,9 @@ All values can be overridden with --set key=value or a custom `-f myvalues.yaml`
 | `image.tag` | Tag of the image reference | `""` |
 | `k8sDistribution` | Set the k8s distribution to use: `k8s`, `k0s`, `k3s`, `rke2`, `microk8s` | `k8s` |
 | `nodeSelector` | Node labels for pod assignment. Allows restricting deployment to specific nodes | `{}` |
+| `runtimeClasses.enabled` | Enable Helm-managed `runtimeClass` creation (recommended) | `true` |
+| `runtimeClasses.createDefault` | Create a default `runtimeClass` alias for the default shim | `false` |
+| `runtimeClasses.defaultName` | Name for the default `runtimeClass` | `kata` |
 | `env.debug` | Enable debugging in the `configuration.toml` | `false` |
 | `env.shims` | List of shims to deploy | `clh cloud-hypervisor dragonball fc qemu qemu-coco-dev qemu-runtime-rs qemu-se-runtime-rs qemu-snp qemu-tdx stratovirt qemu-nvidia-gpu qemu-nvidia-gpu-snp qemu-nvidia-gpu-tdx qemu-cca` |
 | `env.shims_x86_64` | List of shims to deploy for x86_64 (if set, overrides `shims`) | `""` |
@@ -137,9 +140,9 @@ All values can be overridden with --set key=value or a custom `-f myvalues.yaml`
 | `env.defaultShim_aarch64` | The default shim to use if none specified for aarch64 (if set, overrides `defaultShim`) | `""` |
 | `env.defaultShim_s390x` | The default shim to use if none specified for s390x (if set, overrides `defaultShim`) | `""` |
 | `env.defaultShim_ppc64le` | The default shim to use if none specified for ppc64le (if set, overrides `defaultShim`) | `""` |
-| `env.createRuntimeClasses` | Create the k8s `runtimeClasses` | `true` |
-| `env.createDefaultRuntimeClass` | Create the default k8s `runtimeClass` (if `createDefaultRuntimeClass` is set **OR** `defaultRuntimeClassName` is set, a default runtime class will be created, and its default  name is `kata`) | `false` |
-| `env.defaultRuntimeClassName` | The default k8s `runtimeClass` name (if `createDefaultRuntimeClass` is set **OR** `defaultRuntimeClassName` is set, a `default runtime class will be created, and its default name is `kata`) | "" |
+| `env.createRuntimeClasses` | **DEPRECATED** - Use `runtimeClasses.enabled` instead. Script-based `runtimeClass` creation | `false` |
+| `env.createDefaultRuntimeClass` | **DEPRECATED** - Use `runtimeClasses.createDefault` instead | `false` |
+| `env.defaultRuntimeClassName` | **DEPRECATED** - Use `runtimeClasses.defaultName` instead | `""` |
 | `env.allowedHypervisorAnnotations` | Enable the provided annotations to be enabled when launching a Container or Pod, per default the annotations are disabled | `""` |
 | `env.snapshotterHandlerMapping` | Provide the snapshotter handler for each shim | `""` |
 | `env.snapshotterHandlerMapping_x86_64` | Provide the snapshotter handler for each shim for x86_64 (if set, overrides `snapshotterHandlerMapping`) | `""` |
@@ -163,6 +166,29 @@ All values can be overridden with --set key=value or a custom `-f myvalues.yaml`
 | `env._experimentalForceGuestPull_s390x` | Enables `experimental_force_guest_pull` for the shim(s) specified as the value for s390x (if set, overrides `_experimentalForceGuestPull`) | `""` |
 | `env._experimentalForceGuestPull_ppc64le` | Enables `experimental_force_guest_pull` for the shim(s) specified as the value for ppc64le (if set, overrides `_experimentalForceGuestPull`) | `""` |
 
+## `RuntimeClass` Management
+
+**NEW**: Starting with Kata Containers v3.23.0, `runtimeClasses` are managed by
+         Helm by default, providing better lifecycle management and integration.
+
+### Features:
+- **Automatic Creation**: `runtimeClasses` are automatically created for all configured shims
+- **Lifecycle Management**: Helm manages creation, updates, and deletion of `runtimeClasses`
+
+### Configuration:
+```yaml
+runtimeClasses:
+  enabled: true                  # Enable Helm-managed `runtimeClasses` (default)
+  createDefault: false           # Create a default "kata" `runtimeClass`
+  defaultName: "kata"            # Name for the default `runtimeClass`
+```
+
+When `runtimeClasses.enabled: true` (default), the Helm chart creates
+`runtimeClass` resources for all shims specified in `env.shims`.
+
+The kata-deploy script will no longer create `runtimeClasses`
+(`env.createRuntimeClasses` defaults to `"false"`).
+
 ## Example: only `qemu` shim and debug enabled
 
 ```sh
@@ -211,10 +237,12 @@ $ helm install kata-deploy-cicd       \
   -n kata-deploy-cicd                 \
   --set env.multiInstallSuffix=cicd   \
   --set env.debug=true                \
-  --set env.createRuntimeClasses=true \
   "${CHART}" --version  "${VERSION}"
 ```
 
+Note: `runtimeClasses` are automatically created by Helm (via
+      `runtimeClasses.enabled=true`, which is the default).
+
 Now verify the installation by examining the `runtimeClasses`:
 
 ```sh

tools/packaging/kata-deploy/helm-chart/kata-deploy/templates/runtimeclasses.yaml

@@ -0,0 +1,79 @@
+{{- if .Values.runtimeClasses.enabled }}
+{{- $multiInstallSuffix := .Values.env.multiInstallSuffix }}
+{{- $defaultShim := .Values.env.defaultShim }}
+{{- $createDefaultRC := .Values.runtimeClasses.createDefault }}
+{{- $defaultRCName := .Values.runtimeClasses.defaultName }}
+
+{{- /* Parse the shims string into a list */ -}}
+{{- $shims := splitList " " .Values.env.shims }}
+
+{{- /* Define runtime class configurations with their overhead settings */ -}}
+{{- $runtimeClassConfigs := dict
+  "clh" (dict "memory" "130Mi" "cpu" "250m")
+  "cloud-hypervisor" (dict "memory" "130Mi" "cpu" "250m")
+  "dragonball" (dict "memory" "130Mi" "cpu" "250m")
+  "fc" (dict "memory" "130Mi" "cpu" "250m")
+  "qemu" (dict "memory" "160Mi" "cpu" "250m")
+  "qemu-coco-dev" (dict "memory" "160Mi" "cpu" "250m")
+  "qemu-runtime-rs" (dict "memory" "160Mi" "cpu" "250m")
+  "qemu-se-runtime-rs" (dict "memory" "1024Mi" "cpu" "1.0")
+  "qemu-se" (dict "memory" "1024Mi" "cpu" "1.0")
+  "qemu-snp" (dict "memory" "2048Mi" "cpu" "1.0")
+  "qemu-tdx" (dict "memory" "2048Mi" "cpu" "1.0")
+  "qemu-nvidia-gpu" (dict "memory" "4096Mi" "cpu" "1.0")
+  "qemu-nvidia-gpu-snp" (dict "memory" "4096Mi" "cpu" "1.0")
+  "qemu-nvidia-gpu-tdx" (dict "memory" "4096Mi" "cpu" "1.0")
+  "qemu-cca" (dict "memory" "2048Mi" "cpu" "1.0")
+  "stratovirt" (dict "memory" "130Mi" "cpu" "250m")
+  "remote" (dict "memory" "120Mi" "cpu" "250m")
+}}
+
+{{- /* Create RuntimeClass for each shim */ -}}
+{{- range $shim := $shims }}
+{{- $config := index $runtimeClassConfigs $shim }}
+{{- if $config }}
+---
+kind: RuntimeClass
+apiVersion: node.k8s.io/v1
+metadata:
+{{- if $multiInstallSuffix }}
+  name: kata-{{ $shim }}-{{ $multiInstallSuffix }}
+{{- else }}
+  name: kata-{{ $shim }}
+{{- end }}
+{{- if $multiInstallSuffix }}
+handler: kata-{{ $shim }}-{{ $multiInstallSuffix }}
+{{- else }}
+handler: kata-{{ $shim }}
+{{- end }}
+overhead:
+  podFixed:
+    memory: {{ $config.memory | quote }}
+    cpu: {{ $config.cpu | quote }}
+scheduling:
+  nodeSelector:
+    katacontainers.io/kata-runtime: "true"
+{{- end }}
+{{- end }}
+
+{{- /* Create default RuntimeClass if requested */ -}}
+{{- if and $createDefaultRC (not $multiInstallSuffix) }}
+{{- $defaultConfig := index $runtimeClassConfigs $defaultShim }}
+{{- if $defaultConfig }}
+---
+kind: RuntimeClass
+apiVersion: node.k8s.io/v1
+metadata:
+  name: {{ $defaultRCName }}
+handler: kata-{{ $defaultShim }}
+overhead:
+  podFixed:
+    memory: {{ $defaultConfig.memory | quote }}
+    cpu: {{ $defaultConfig.cpu | quote }}
+scheduling:
+  nodeSelector:
+    katacontainers.io/kata-runtime: "true"
+{{- end }}
+{{- end }}
+{{- end }}
+

tools/packaging/kata-deploy/helm-chart/kata-deploy/values.yaml

@@ -11,6 +11,20 @@ k8sDistribution: "k8s"
 #   kata-containers: "enabled"
 #   node-type: "worker"
 nodeSelector: {}
+
+# RuntimeClass configuration
+# When enabled, RuntimeClasses will be created by the Helm chart instead of by the kata-deploy script
+runtimeClasses:
+  # Enable RuntimeClass creation via Helm
+  enabled: true
+  # Create a default RuntimeClass (alias for the default shim)
+  # NOTE: Default RuntimeClass creation is NOT supported with multiInstallSuffix.
+  #       When multiInstallSuffix is set, this option will be ignored to avoid naming conflicts.
+  #       In multi-install scenarios, use the fully qualified RuntimeClass names (e.g., kata-qemu-suffix1).
+  createDefault: false
+  # Name for the default RuntimeClass (defaults to "kata" if not specified)
+  defaultName: "kata"
+
 env:
   debug: "false"
   shims: "clh cloud-hypervisor dragonball fc qemu qemu-coco-dev qemu-runtime-rs qemu-se-runtime-rs qemu-snp qemu-tdx stratovirt qemu-nvidia-gpu qemu-nvidia-gpu-snp qemu-nvidia-gpu-tdx qemu-cca"
@@ -23,7 +37,10 @@ env:
   defaultShim_aarch64: ""
   defaultShim_s390x: ""
   defaultShim_ppc64le: ""
-  createRuntimeClasses: "true"
+  # createRuntimeClasses: DEPRECATED - Use runtimeClasses.enabled instead
+  # When runtimeClasses.enabled is true (default), this is automatically set to "false"
+  # to let Helm manage RuntimeClasses instead of the kata-deploy script
+  createRuntimeClasses: "false"
   createDefaultRuntimeClass: "false"
   allowedHypervisorAnnotations: ""
   snapshotterHandlerMapping: ""
@@ -40,6 +57,9 @@ env:
   pullTypeMapping_ppc64le: ""
   installationPrefix: ""
   hostOS: ""
+  # Suffix for multi-install deployments to avoid conflicts between multiple Kata installations
+  # NOTE: When set, the default RuntimeClass (runtimeClasses.createDefault) will NOT be created
+  #       to avoid naming conflicts. Use fully qualified RuntimeClass names (e.g., kata-qemu-suffix1).
   multiInstallSuffix: ""
   _experimentalSetupSnapshotter: ""
   _experimentalForceGuestPull: ""