diff --git a/tools/packaging/kata-deploy/helm-chart/README.md b/tools/packaging/kata-deploy/helm-chart/README.md index 8b8d6bb4f7..65008fe934 100644 --- a/tools/packaging/kata-deploy/helm-chart/README.md +++ b/tools/packaging/kata-deploy/helm-chart/README.md @@ -126,6 +126,9 @@ All values can be overridden with --set key=value or a custom `-f myvalues.yaml` | `image.tag` | Tag of the image reference | `""` | | `k8sDistribution` | Set the k8s distribution to use: `k8s`, `k0s`, `k3s`, `rke2`, `microk8s` | `k8s` | | `nodeSelector` | Node labels for pod assignment. Allows restricting deployment to specific nodes | `{}` | +| `runtimeClasses.enabled` | Enable Helm-managed `runtimeClass` creation (recommended) | `true` | +| `runtimeClasses.createDefault` | Create a default `runtimeClass` alias for the default shim | `false` | +| `runtimeClasses.defaultName` | Name for the default `runtimeClass` | `kata` | | `env.debug` | Enable debugging in the `configuration.toml` | `false` | | `env.shims` | List of shims to deploy | `clh cloud-hypervisor dragonball fc qemu qemu-coco-dev qemu-runtime-rs qemu-se-runtime-rs qemu-snp qemu-tdx stratovirt qemu-nvidia-gpu qemu-nvidia-gpu-snp qemu-nvidia-gpu-tdx qemu-cca` | | `env.shims_x86_64` | List of shims to deploy for x86_64 (if set, overrides `shims`) | `""` | @@ -137,9 +140,9 @@ All values can be overridden with --set key=value or a custom `-f myvalues.yaml` | `env.defaultShim_aarch64` | The default shim to use if none specified for aarch64 (if set, overrides `defaultShim`) | `""` | | `env.defaultShim_s390x` | The default shim to use if none specified for s390x (if set, overrides `defaultShim`) | `""` | | `env.defaultShim_ppc64le` | The default shim to use if none specified for ppc64le (if set, overrides `defaultShim`) | `""` | -| `env.createRuntimeClasses` | Create the k8s `runtimeClasses` | `true` | -| `env.createDefaultRuntimeClass` | Create the default k8s `runtimeClass` (if `createDefaultRuntimeClass` is set **OR** `defaultRuntimeClassName` is set, a default runtime class will be created, and its default name is `kata`) | `false` | -| `env.defaultRuntimeClassName` | The default k8s `runtimeClass` name (if `createDefaultRuntimeClass` is set **OR** `defaultRuntimeClassName` is set, a `default runtime class will be created, and its default name is `kata`) | "" | +| `env.createRuntimeClasses` | **DEPRECATED** - Use `runtimeClasses.enabled` instead. Script-based `runtimeClass` creation | `false` | +| `env.createDefaultRuntimeClass` | **DEPRECATED** - Use `runtimeClasses.createDefault` instead | `false` | +| `env.defaultRuntimeClassName` | **DEPRECATED** - Use `runtimeClasses.defaultName` instead | `""` | | `env.allowedHypervisorAnnotations` | Enable the provided annotations to be enabled when launching a Container or Pod, per default the annotations are disabled | `""` | | `env.snapshotterHandlerMapping` | Provide the snapshotter handler for each shim | `""` | | `env.snapshotterHandlerMapping_x86_64` | Provide the snapshotter handler for each shim for x86_64 (if set, overrides `snapshotterHandlerMapping`) | `""` | @@ -163,6 +166,29 @@ All values can be overridden with --set key=value or a custom `-f myvalues.yaml` | `env._experimentalForceGuestPull_s390x` | Enables `experimental_force_guest_pull` for the shim(s) specified as the value for s390x (if set, overrides `_experimentalForceGuestPull`) | `""` | | `env._experimentalForceGuestPull_ppc64le` | Enables `experimental_force_guest_pull` for the shim(s) specified as the value for ppc64le (if set, overrides `_experimentalForceGuestPull`) | `""` | +## `RuntimeClass` Management + +**NEW**: Starting with Kata Containers v3.23.0, `runtimeClasses` are managed by + Helm by default, providing better lifecycle management and integration. + +### Features: +- **Automatic Creation**: `runtimeClasses` are automatically created for all configured shims +- **Lifecycle Management**: Helm manages creation, updates, and deletion of `runtimeClasses` + +### Configuration: +```yaml +runtimeClasses: + enabled: true # Enable Helm-managed `runtimeClasses` (default) + createDefault: false # Create a default "kata" `runtimeClass` + defaultName: "kata" # Name for the default `runtimeClass` +``` + +When `runtimeClasses.enabled: true` (default), the Helm chart creates +`runtimeClass` resources for all shims specified in `env.shims`. + +The kata-deploy script will no longer create `runtimeClasses` +(`env.createRuntimeClasses` defaults to `"false"`). + ## Example: only `qemu` shim and debug enabled ```sh @@ -211,10 +237,12 @@ $ helm install kata-deploy-cicd \ -n kata-deploy-cicd \ --set env.multiInstallSuffix=cicd \ --set env.debug=true \ - --set env.createRuntimeClasses=true \ "${CHART}" --version "${VERSION}" ``` +Note: `runtimeClasses` are automatically created by Helm (via + `runtimeClasses.enabled=true`, which is the default). + Now verify the installation by examining the `runtimeClasses`: ```sh diff --git a/tools/packaging/kata-deploy/helm-chart/kata-deploy/templates/runtimeclasses.yaml b/tools/packaging/kata-deploy/helm-chart/kata-deploy/templates/runtimeclasses.yaml new file mode 100644 index 0000000000..8c877b2795 --- /dev/null +++ b/tools/packaging/kata-deploy/helm-chart/kata-deploy/templates/runtimeclasses.yaml @@ -0,0 +1,79 @@ +{{- if .Values.runtimeClasses.enabled }} +{{- $multiInstallSuffix := .Values.env.multiInstallSuffix }} +{{- $defaultShim := .Values.env.defaultShim }} +{{- $createDefaultRC := .Values.runtimeClasses.createDefault }} +{{- $defaultRCName := .Values.runtimeClasses.defaultName }} + +{{- /* Parse the shims string into a list */ -}} +{{- $shims := splitList " " .Values.env.shims }} + +{{- /* Define runtime class configurations with their overhead settings */ -}} +{{- $runtimeClassConfigs := dict + "clh" (dict "memory" "130Mi" "cpu" "250m") + "cloud-hypervisor" (dict "memory" "130Mi" "cpu" "250m") + "dragonball" (dict "memory" "130Mi" "cpu" "250m") + "fc" (dict "memory" "130Mi" "cpu" "250m") + "qemu" (dict "memory" "160Mi" "cpu" "250m") + "qemu-coco-dev" (dict "memory" "160Mi" "cpu" "250m") + "qemu-runtime-rs" (dict "memory" "160Mi" "cpu" "250m") + "qemu-se-runtime-rs" (dict "memory" "1024Mi" "cpu" "1.0") + "qemu-se" (dict "memory" "1024Mi" "cpu" "1.0") + "qemu-snp" (dict "memory" "2048Mi" "cpu" "1.0") + "qemu-tdx" (dict "memory" "2048Mi" "cpu" "1.0") + "qemu-nvidia-gpu" (dict "memory" "4096Mi" "cpu" "1.0") + "qemu-nvidia-gpu-snp" (dict "memory" "4096Mi" "cpu" "1.0") + "qemu-nvidia-gpu-tdx" (dict "memory" "4096Mi" "cpu" "1.0") + "qemu-cca" (dict "memory" "2048Mi" "cpu" "1.0") + "stratovirt" (dict "memory" "130Mi" "cpu" "250m") + "remote" (dict "memory" "120Mi" "cpu" "250m") +}} + +{{- /* Create RuntimeClass for each shim */ -}} +{{- range $shim := $shims }} +{{- $config := index $runtimeClassConfigs $shim }} +{{- if $config }} +--- +kind: RuntimeClass +apiVersion: node.k8s.io/v1 +metadata: +{{- if $multiInstallSuffix }} + name: kata-{{ $shim }}-{{ $multiInstallSuffix }} +{{- else }} + name: kata-{{ $shim }} +{{- end }} +{{- if $multiInstallSuffix }} +handler: kata-{{ $shim }}-{{ $multiInstallSuffix }} +{{- else }} +handler: kata-{{ $shim }} +{{- end }} +overhead: + podFixed: + memory: {{ $config.memory | quote }} + cpu: {{ $config.cpu | quote }} +scheduling: + nodeSelector: + katacontainers.io/kata-runtime: "true" +{{- end }} +{{- end }} + +{{- /* Create default RuntimeClass if requested */ -}} +{{- if and $createDefaultRC (not $multiInstallSuffix) }} +{{- $defaultConfig := index $runtimeClassConfigs $defaultShim }} +{{- if $defaultConfig }} +--- +kind: RuntimeClass +apiVersion: node.k8s.io/v1 +metadata: + name: {{ $defaultRCName }} +handler: kata-{{ $defaultShim }} +overhead: + podFixed: + memory: {{ $defaultConfig.memory | quote }} + cpu: {{ $defaultConfig.cpu | quote }} +scheduling: + nodeSelector: + katacontainers.io/kata-runtime: "true" +{{- end }} +{{- end }} +{{- end }} + diff --git a/tools/packaging/kata-deploy/helm-chart/kata-deploy/values.yaml b/tools/packaging/kata-deploy/helm-chart/kata-deploy/values.yaml index b86b2264b5..7c74cb3ecf 100644 --- a/tools/packaging/kata-deploy/helm-chart/kata-deploy/values.yaml +++ b/tools/packaging/kata-deploy/helm-chart/kata-deploy/values.yaml @@ -11,6 +11,20 @@ k8sDistribution: "k8s" # kata-containers: "enabled" # node-type: "worker" nodeSelector: {} + +# RuntimeClass configuration +# When enabled, RuntimeClasses will be created by the Helm chart instead of by the kata-deploy script +runtimeClasses: + # Enable RuntimeClass creation via Helm + enabled: true + # Create a default RuntimeClass (alias for the default shim) + # NOTE: Default RuntimeClass creation is NOT supported with multiInstallSuffix. + # When multiInstallSuffix is set, this option will be ignored to avoid naming conflicts. + # In multi-install scenarios, use the fully qualified RuntimeClass names (e.g., kata-qemu-suffix1). + createDefault: false + # Name for the default RuntimeClass (defaults to "kata" if not specified) + defaultName: "kata" + env: debug: "false" shims: "clh cloud-hypervisor dragonball fc qemu qemu-coco-dev qemu-runtime-rs qemu-se-runtime-rs qemu-snp qemu-tdx stratovirt qemu-nvidia-gpu qemu-nvidia-gpu-snp qemu-nvidia-gpu-tdx qemu-cca" @@ -23,7 +37,10 @@ env: defaultShim_aarch64: "" defaultShim_s390x: "" defaultShim_ppc64le: "" - createRuntimeClasses: "true" + # createRuntimeClasses: DEPRECATED - Use runtimeClasses.enabled instead + # When runtimeClasses.enabled is true (default), this is automatically set to "false" + # to let Helm manage RuntimeClasses instead of the kata-deploy script + createRuntimeClasses: "false" createDefaultRuntimeClass: "false" allowedHypervisorAnnotations: "" snapshotterHandlerMapping: "" @@ -40,6 +57,9 @@ env: pullTypeMapping_ppc64le: "" installationPrefix: "" hostOS: "" + # Suffix for multi-install deployments to avoid conflicts between multiple Kata installations + # NOTE: When set, the default RuntimeClass (runtimeClasses.createDefault) will NOT be created + # to avoid naming conflicts. Use fully qualified RuntimeClass names (e.g., kata-qemu-suffix1). multiInstallSuffix: "" _experimentalSetupSnapshotter: "" _experimentalForceGuestPull: ""