Merge pull request #8679 from stevenhorsman/kata-deploy-containerd-config-fix

gha: kata-deploy: Revert containerd config break

tests/functional/kata-deploy/kata-deploy.bats

@@ -64,7 +64,7 @@ setup() {
 	sleep 30s
 }
 
-@test "Test runtimeclasses are being properly created" {
+@test "Test runtimeclasses are being properly created and container runtime not broken" {
 	# We filter `kata-mshv-vm-isolation` out as that's present on AKS clusters, but that's not coming from kata-deploy
 	current_runtime_classes=$(kubectl get runtimeclasses | grep -v "kata-mshv-vm-isolation" | grep "kata" | wc -l)
 	[[ ${current_runtime_classes} -eq ${expected_runtime_classes} ]]
@@ -73,6 +73,20 @@ setup() {
 	do
 		kubectl get runtimeclass | grep -E "${handler_re}"
 	done
+
+	# Ensure that kata-deploy didn't corrupt containerd config, by trying to get the container runtime and node status
+	echo "::group::kubectl node debug"
+	kubectl get node -o wide
+	kubectl describe nodes
+	echo "::endgroup::"
+
+	# Wait to see if the nodes get back into Ready state - if not then containerd might be having issues
+	kubectl wait nodes --timeout=60s --all --for condition=Ready=True
+
+	# Check that the container runtime verison doesn't have unknown, which happens when containerd can't start properly
+	container_runtime_version=$(kubectl get nodes --no-headers -o custom-columns=CONTAINER_RUNTIME:.status.nodeInfo.containerRuntimeVersion)
+	[[ ${container_runtime_version} != *"containerd://Unknown"* ]]
+
 }
 
 teardown() {

tools/packaging/kata-deploy/scripts/kata-deploy.sh

@@ -350,18 +350,42 @@ function configure_containerd_runtime() {
 	if grep -q "version = 2\>" $containerd_conf_file || [ "$1" == "k0s-worker" ] || [ "$1" == "k0s-controller" ]; then
 		pluginid=\"io.containerd.grpc.v1.cri\"
 	fi
-	local runtime_table=".plugins.${pluginid}.containerd.runtimes.\"${runtime}\""
-	local runtime_options_table="${runtime_table}.options"
-	local runtime_type=\"io.containerd."${runtime}".v2\"
-	local runtime_config_path=\"$(get_kata_containers_config_path "${shim}")/${configuration}.toml\"
+	local runtime_table="plugins.${pluginid}.containerd.runtimes.$runtime"
+	local runtime_type="io.containerd.$runtime.v2"
+	local options_table="$runtime_table.options"
+	local config_path="$(get_kata_containers_config_path "${shim}")/$configuration.toml"
+	if grep -q "\[$runtime_table\]" $containerd_conf_file; then
+		echo "Configuration exists for $runtime_table, overwriting"
+		sed -i "/\[$runtime_table\]/,+1s#runtime_type.*#runtime_type = \"${runtime_type}\"#" $containerd_conf_file
+	else
+		cat <<EOF | tee -a "$containerd_conf_file"
+[$runtime_table]
+  runtime_type = "${runtime_type}"
+  privileged_without_host_devices = true
+  pod_annotations = ["io.katacontainers.*"]
+EOF
+	fi
 
-	tomlq -i -t $(printf '%s.runtime_type=%s' ${runtime_table} ${runtime_type}) ${containerd_conf_file}
-	tomlq -i -t $(printf '%s.privileged_without_host_devices=true' ${runtime_table}) ${containerd_conf_file}
-	tomlq -i -t $(printf '%s.pod_annotations=["io.katacontainers.*"]' ${runtime_table}) ${containerd_conf_file}
-	tomlq -i -t $(printf '%s.ConfigPath=%s' ${runtime_options_table} ${runtime_config_path}) ${containerd_conf_file}
+	if grep -q "\[$options_table\]" $containerd_conf_file; then
+		echo "Configuration exists for $options_table, overwriting"
+		sed -i "/\[$options_table\]/,+1s#ConfigPath.*#ConfigPath = \"${config_path}\"#" $containerd_conf_file
+	else
+		cat <<EOF | tee -a "$containerd_conf_file"
+  [$options_table]
+    ConfigPath = "${config_path}"
+EOF
+	fi
 
 	if [ "${DEBUG}" == "true" ]; then
-		tomlq -i -t '.debug.level = "debug"' ${containerd_conf_file}
+		if grep -q "\[debug\]" $containerd_conf_file; then
+			sed -i 's/level.*/level = \"debug\"/' $containerd_conf_file
+		else
+			cat <<EOF | tee -a "$containerd_conf_file"
+[debug]
+  level = "debug"
+EOF
+		fi
+
 	fi
 }