From 081823b38890a06564b1706a46cd17309a172d0e Mon Sep 17 00:00:00 2001 From: stevenhorsman Date: Thu, 21 Aug 2025 19:26:10 +0100 Subject: [PATCH] runtime: Enable init_data annotation In #11693 the cc_init_data annotation was changes to be hypervisor scoped, so each hypervisor needs to explicitly allow it in order to use it now, so add this to both the go and rust runtime's remote configurations Signed-off-by: stevenhorsman --- src/runtime-rs/config/configuration-remote.toml.in | 6 +++--- src/runtime/config/configuration-remote.toml.in | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/runtime-rs/config/configuration-remote.toml.in b/src/runtime-rs/config/configuration-remote.toml.in index 052a4146c8..b4549c0867 100644 --- a/src/runtime-rs/config/configuration-remote.toml.in +++ b/src/runtime-rs/config/configuration-remote.toml.in @@ -29,7 +29,7 @@ remote_hypervisor_timeout = 600 # # Known limitations: # * Does not work by design: -# - CPU Hotplug +# - CPU Hotplug # - Memory Hotplug # - NVDIMM devices # @@ -41,7 +41,7 @@ remote_hypervisor_timeout = 600 # Each member of the list is a regular expression, which is the base name # of the annotation, e.g. "path" for io.katacontainers.config.hypervisor.path" # Note: Remote hypervisor is only handling the following annotations -enable_annotations = ["machine_type", "default_memory", "default_vcpus", "default_gpus", "default_gpu_model"] +enable_annotations = ["machine_type", "default_memory", "default_vcpus", "default_gpus", "default_gpu_model", "cc_init_data"] # Optional space-separated list of options to pass to the guest kernel. # For example, use `kernel_params = "vsyscall=emulate"` if you are having @@ -251,7 +251,7 @@ disable_guest_seccomp=true # with `internetworking_model=none`. The tap device will be in the host network namespace and can connect to a bridge # (like OVS) directly. # (default: false) -# Note: The remote hypervisor has a different networking model, which requires true +# Note: The remote hypervisor has a different networking model, which requires true disable_new_netns = false # if enabled, the runtime will add all the kata processes inside one dedicated cgroup. diff --git a/src/runtime/config/configuration-remote.toml.in b/src/runtime/config/configuration-remote.toml.in index b89d804fda..7984b09194 100644 --- a/src/runtime/config/configuration-remote.toml.in +++ b/src/runtime/config/configuration-remote.toml.in @@ -26,7 +26,7 @@ remote_hypervisor_timeout = 600 # # Known limitations: # * Does not work by design: -# - CPU Hotplug +# - CPU Hotplug # - Memory Hotplug # - NVDIMM devices # @@ -38,7 +38,7 @@ remote_hypervisor_timeout = 600 # Each member of the list is a regular expression, which is the base name # of the annotation, e.g. "path" for io.katacontainers.config.hypervisor.path" # Note: Remote hypervisor is only handling the following annotations -enable_annotations = ["machine_type", "default_memory", "default_vcpus", "image", "default_gpus", "gpu_model"] +enable_annotations = ["machine_type", "default_memory", "default_vcpus", "image", "default_gpus", "gpu_model", "cc_init_data"] # Optional space-separated list of options to pass to the guest kernel. # For example, use `kernel_params = "vsyscall=emulate"` if you are having @@ -231,7 +231,7 @@ disable_guest_seccomp=true # with `internetworking_model=none`. The tap device will be in the host network namespace and can connect to a bridge # (like OVS) directly. # (default: false) -# Note: The remote hypervisor has a different networking model, which requires true +# Note: The remote hypervisor has a different networking model, which requires true disable_new_netns = true # if enabled, the runtime will add all the kata processes inside one dedicated cgroup. @@ -291,9 +291,9 @@ experimental=@DEFAULTEXPFEATURES@ # Indicates the CreateContainer request timeout needed for the workload(s) # It using guest_pull this includes the time to pull the image inside the guest -# Defaults to @DEFCREATECONTAINERTIMEOUT@ second(s) -# Note: The effective timeout is determined by the lesser of two values: runtime-request-timeout from kubelet config -# (https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/#:~:text=runtime%2Drequest%2Dtimeout) and create_container_timeout. +# Defaults to @DEFCREATECONTAINERTIMEOUT@ second(s) +# Note: The effective timeout is determined by the lesser of two values: runtime-request-timeout from kubelet config +# (https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/#:~:text=runtime%2Drequest%2Dtimeout) and create_container_timeout. # In essence, the timeout used for guest pull=runtime-request-timeout