diff --git a/src/runtime/virtcontainers/container.go b/src/runtime/virtcontainers/container.go index 314c2b1d73..ae07671d20 100644 --- a/src/runtime/virtcontainers/container.go +++ b/src/runtime/virtcontainers/container.go @@ -821,9 +821,6 @@ func (c *Container) createVirtualVolumeDevices() ([]config.DeviceInfo, error) { return nil, err } deviceInfos = append(deviceInfos, *di) - } else if virtVolume.VolumeType == types.KataVirtualVolumeImageGuestPullType { - ///TODO implement the logic with pulling image in the guest. - continue } } } diff --git a/src/runtime/virtcontainers/fs_share_linux.go b/src/runtime/virtcontainers/fs_share_linux.go index 06c21c3afa..566f3bdd2d 100644 --- a/src/runtime/virtcontainers/fs_share_linux.go +++ b/src/runtime/virtcontainers/fs_share_linux.go @@ -472,6 +472,11 @@ func handleVirtualVolume(c *Container) ([]*grpc.Storage, string, error) { break } } + } else if virtVolume.VolumeType == types.KataVirtualVolumeImageGuestPullType { + vol, err = handleVirtualVolumeStorageObject(c, "", virtVolume) + if err != nil { + return nil, "", err + } } if vol != nil { volumes = append(volumes, vol) @@ -521,7 +526,7 @@ func (f *FilesystemShare) ShareRootFilesystem(ctx context.Context, c *Container) // In the confidential computing, there is no Image information on the host, // so there is no Rootfs.Target. - if f.sandbox.config.ServiceOffload && c.rootFs.Target == "" { + if f.sandbox.config.ServiceOffload && c.rootFs.Target == "" && !HasOptionPrefix(c.rootFs.Options, VirtualVolumePrefix) { return &SharedFile{ containerStorages: nil, guestPath: rootfsGuestPath, diff --git a/src/runtime/virtcontainers/kata_agent.go b/src/runtime/virtcontainers/kata_agent.go index 21b99d3579..bcf47c65a3 100644 --- a/src/runtime/virtcontainers/kata_agent.go +++ b/src/runtime/virtcontainers/kata_agent.go @@ -1575,6 +1575,34 @@ func handleDmVerityBlockVolume(driverType, source string, verityInfo *types.DmVe return vol, nil } +func handleImageGuestPullBlockVolume(c *Container, virtualVolumeInfo *types.KataVirtualVolume, vol *grpc.Storage) (*grpc.Storage, error) { + container_annotations := c.GetAnnotations() + container_type := container_annotations["io.kubernetes.cri.container-type"] + if virtualVolumeInfo.Source == "" { + var image_ref string + if container_type == "sandbox" { + image_ref = "pause" + } else { + image_ref = container_annotations["io.kubernetes.cri.image-name"] + if image_ref == "" { + return nil, fmt.Errorf("Failed to get image name from annotations") + } + } + virtualVolumeInfo.Source = image_ref + virtualVolumeInfo.ImagePull.Metadata = container_annotations + } + + no, err := json.Marshal(virtualVolumeInfo.ImagePull) + if err != nil { + return nil, err + } + vol.Driver = types.KataVirtualVolumeImageGuestPullType + vol.DriverOptions = append(vol.DriverOptions, types.KataVirtualVolumeImageGuestPullType+"="+string(no)) + vol.Source = virtualVolumeInfo.Source + vol.Fstype = typeOverlayFS + return vol, nil +} + func handleBlockVolume(c *Container, device api.Device) (*grpc.Storage, error) { vol := &grpc.Storage{} @@ -1631,8 +1659,13 @@ func handleVirtualVolumeStorageObject(c *Container, blockDeviceId string, virtVo } } } else if virtVolume.VolumeType == types.KataVirtualVolumeImageGuestPullType { - ///TODO implement the logic with pulling image in the guest. - return nil, nil + var err error + vol = &grpc.Storage{} + vol, err = handleImageGuestPullBlockVolume(c, virtVolume, vol) + vol.MountPoint = filepath.Join("/run/kata-containers/", c.id, c.rootfsSuffix) + if err != nil { + return nil, err + } } return vol, nil