From 7158148ab768411b0ca5231472370529428632d3 Mon Sep 17 00:00:00 2001 From: Dan Mihai Date: Fri, 13 Feb 2026 18:37:27 +0000 Subject: [PATCH 1/3] tests: k8s-openvpn: enable kata for init pod Enable Kata for the init secrets pod of this test, to be consistent with the other CI pods. Signed-off-by: Dan Mihai --- .../runtimeclass_workloads/openvpn/pod-openvpn-init-secrets.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/integration/kubernetes/runtimeclass_workloads/openvpn/pod-openvpn-init-secrets.yaml b/tests/integration/kubernetes/runtimeclass_workloads/openvpn/pod-openvpn-init-secrets.yaml index 5913c6246c..09fd0262a0 100644 --- a/tests/integration/kubernetes/runtimeclass_workloads/openvpn/pod-openvpn-init-secrets.yaml +++ b/tests/integration/kubernetes/runtimeclass_workloads/openvpn/pod-openvpn-init-secrets.yaml @@ -51,3 +51,4 @@ spec: volumes: - name: openvpn-data emptyDir: {} + runtimeClassName: kata From 4fc479cac99b5c37c007a8b5c3741edae3ea2f65 Mon Sep 17 00:00:00 2001 From: Dan Mihai Date: Wed, 4 Feb 2026 02:41:32 +0000 Subject: [PATCH 2/3] tests: k8s-openvpn: runtime handler annotations This test uses YAML files from a different directory than the other k8s CI tests, so annotations have to be added into these separate files. Signed-off-by: Dan Mihai --- tests/integration/kubernetes/setup.sh | 31 ++++++++++++++++----------- 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/tests/integration/kubernetes/setup.sh b/tests/integration/kubernetes/setup.sh index 75e5aec3f1..c9580c434f 100644 --- a/tests/integration/kubernetes/setup.sh +++ b/tests/integration/kubernetes/setup.sh @@ -129,23 +129,30 @@ add_cbl_mariner_specific_annotations() { fi } -add_runtime_handler_annotations() { - local handler_annotation="io.containerd.cri.runtime-handler" +add_runtime_handler_annotation_to_yaml() { + local -r yaml_file="$1" + if is_confidential_runtime_class "${KATA_HYPERVISOR}"; then + local -r handler_annotation="io.containerd.cri.runtime-handler" + local -r handler_value="kata-${KATA_HYPERVISOR}" + add_annotations_to_yaml "${yaml_file}" "${handler_annotation}" "${handler_value}" + fi +} +add_runtime_handler_annotations() { if [ "$PULL_TYPE" != "guest-pull" ]; then - info "Not adding $handler_annotation annotation for $PULL_TYPE pull type" + info "Not adding runtime-handler annotation for $PULL_TYPE pull type" return fi - # Add runtime handler annotations for confidential computing hypervisors - if is_confidential_runtime_class "${KATA_HYPERVISOR}"; then - info "Add runtime handler annotations for ${KATA_HYPERVISOR}" - local handler_value="kata-${KATA_HYPERVISOR}" - for K8S_TEST_YAML in runtimeclass_workloads_work/*.yaml - do - add_annotations_to_yaml "${K8S_TEST_YAML}" "${handler_annotation}" "${handler_value}" - done - fi + for K8S_TEST_YAML in runtimeclass_workloads_work/*.yaml + do + add_runtime_handler_annotation_to_yaml "${K8S_TEST_YAML}" + done + + for K8S_TEST_YAML in runtimeclass_workloads_work/openvpn/*.yaml + do + add_runtime_handler_annotation_to_yaml "${K8S_TEST_YAML}" + done } main() { From 0828784a03e1dcead74d37d7a4909ae461478b58 Mon Sep 17 00:00:00 2001 From: Dan Mihai Date: Fri, 17 Apr 2026 17:38:11 +0000 Subject: [PATCH 3/3] tests: k8s: fix add_annotations_to_yaml Don't hard-code caller's "${K8S_TEST_YAML}" - use the local "${yaml_file}" as intended. Signed-off-by: Dan Mihai --- tests/integration/kubernetes/setup.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/integration/kubernetes/setup.sh b/tests/integration/kubernetes/setup.sh index c9580c434f..deffbcb942 100644 --- a/tests/integration/kubernetes/setup.sh +++ b/tests/integration/kubernetes/setup.sh @@ -68,21 +68,21 @@ add_annotations_to_yaml() { info "Adding \"${annotation_name}=${annotation_value}\" to ${resource_kind} from ${yaml_file}" yq -i \ ".metadata.annotations.\"${annotation_name}\" = \"${annotation_value}\"" \ - "${K8S_TEST_YAML}" + "${yaml_file}" ;; Deployment|Job|ReplicationController) info "Adding \"${annotation_name}=${annotation_value}\" to ${resource_kind} from ${yaml_file}" yq -i \ ".spec.template.metadata.annotations.\"${annotation_name}\" = \"${annotation_value}\"" \ - "${K8S_TEST_YAML}" + "${yaml_file}" ;; CronJob) info "Adding \"${annotation_name}=${annotation_value}\" to ${resource_kind} from ${yaml_file}" yq -i \ ".spec.jobTemplate.spec.template.metadata.annotations.\"${annotation_name}\" = \"${annotation_value}\"" \ - "${K8S_TEST_YAML}" + "${yaml_file}" ;; List)