From 7d9a1437476bdfecedf8d483707ac3f5c04a4749 Mon Sep 17 00:00:00 2001 From: Manuel Huber Date: Mon, 11 May 2026 11:25:07 +0000 Subject: [PATCH] ci: cover EROFS snapshotter default_size=0 path kata-deploy currently hard-codes the EROFS snapshotter default_size to "10G", so the CoCo EROFS CI lane only exercises the path where the snapshotter provides an rwlayer. Use the generic containerd.userDropIn support for the EROFS default_size and thread it through the Kubernetes CI helpers. Keep the kata-deploy default at "10G" to preserve current behavior, but allow the workflow to set "0" for the runtime-rs no-rwlayer path. Expand the existing EROFS snapshotter job to run both values. The override is written to containerd as a TOML string so "0" is not parsed as an integer. Assisted-by: OpenAI Codex Signed-off-by: Manuel Huber --- .github/workflows/run-kata-coco-tests.yaml | 8 +++++-- tests/gha-run-k8s-common.sh | 26 ++++++++++++++++++++++ 2 files changed, 32 insertions(+), 2 deletions(-) diff --git a/.github/workflows/run-kata-coco-tests.yaml b/.github/workflows/run-kata-coco-tests.yaml index 3d730520b2..1b009f23a3 100644 --- a/.github/workflows/run-kata-coco-tests.yaml +++ b/.github/workflows/run-kata-coco-tests.yaml @@ -399,7 +399,7 @@ jobs: # Generate jobs for testing CoCo on non-TEE environments with erofs-snapshotter run-k8s-tests-coco-nontee-with-erofs-snapshotter: - name: run-k8s-tests-coco-nontee-with-erofs-snapshotter + name: run-k8s-tests-coco-nontee-with-erofs-snapshotter-${{ matrix.erofs-mode }} strategy: fail-fast: false matrix: @@ -409,8 +409,11 @@ jobs: - erofs pull-type: - default + erofs-mode: + - disk + - memory concurrency: - group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }} + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-${{ toJSON(matrix) }} cancel-in-progress: true runs-on: ubuntu-24.04 environment: @@ -431,6 +434,7 @@ jobs: CONTAINER_ENGINE_VERSION: "v2.3" PULL_TYPE: ${{ matrix.pull-type }} SNAPSHOTTER: ${{ matrix.snapshotter }} + EROFS_SNAPSHOTTER_MODE: ${{ matrix.erofs-mode }} USE_EXPERIMENTAL_SETUP_SNAPSHOTTER: "true" K8S_TEST_HOST_TYPE: "all" # We are skipping the auto generated policy tests for now, diff --git a/tests/gha-run-k8s-common.sh b/tests/gha-run-k8s-common.sh index 9f8c42eb17..ad6ad54e50 100644 --- a/tests/gha-run-k8s-common.sh +++ b/tests/gha-run-k8s-common.sh @@ -43,6 +43,7 @@ K8S_TEST_HOST_TYPE="${K8S_TEST_HOST_TYPE:-small}" TEST_CLUSTER_NAMESPACE="${TEST_CLUSTER_NAMESPACE:-}" CONTAINER_RUNTIME="${CONTAINER_RUNTIME:-containerd}" SNAPSHOTTER="${SNAPSHOTTER:-}" +EROFS_SNAPSHOTTER_MODE="${EROFS_SNAPSHOTTER_MODE:-}" # Wait for the Kubernetes API to recover after kata-deploy uninstall, then # retry the uninstall to purge any stale helm release state. On k3s/rke2, @@ -814,6 +815,31 @@ function helm_helper() { done fi + if [[ -n "${EROFS_SNAPSHOTTER_MODE}" ]]; then + if [[ "${SNAPSHOTTER}" != "erofs" ]]; then + die "EROFS_SNAPSHOTTER_MODE is only supported with SNAPSHOTTER=erofs" + fi + + local erofs_default_size + case "${EROFS_SNAPSHOTTER_MODE}" in + disk) + erofs_default_size="10G" + ;; + memory) + erofs_default_size="0" + ;; + *) + die "Unsupported EROFS_SNAPSHOTTER_MODE: ${EROFS_SNAPSHOTTER_MODE}" + ;; + esac + + HELM_CONTAINERD_USER_DROP_IN="[plugins.'io.containerd.snapshotter.v1.erofs']"$'\n' + HELM_CONTAINERD_USER_DROP_IN+=" default_size = \"${erofs_default_size}\"" + + HELM_CONTAINERD_USER_DROP_IN="${HELM_CONTAINERD_USER_DROP_IN}" \ + yq -i '.containerd.userDropIn = strenv(HELM_CONTAINERD_USER_DROP_IN)' "${values_yaml}" + fi + if [[ -z "${HELM_SHIMS}" ]]; then die "A list of shims is expected but none was provided" fi