github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-29 12:54:10 +00:00
Code Issues Projects Releases Wiki Activity

agent: remove image pull configs

Browse Source 
As image pull ability is moved to CDH, kata-agent does not need the
confugurations of image pulling anymore.

All these configurations reading from kernel cmdline is now implemented
by CDH.

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
This commit is contained in:
Xynnn007 2025-06-13 10:16:10 +08:00
parent 4436fe6d99
commit f67f5c2b69
2 changed files with 0 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/agent/src/confidential_data_hub/mod.rs
View File

@ -83,7 +83,6 @@ impl CDHClient {
Ok(unsealed_secret.plaintext) Ok(unsealed_secret.plaintext)
} }
#[cfg(feature = "guest-pull")]
pub async fn secure_mount( pub async fn secure_mount(
&self, &self,
volume_type: &str, volume_type: &str,

114
src/agent/src/config.rs
View File

@ -32,16 +32,8 @@ const UNIFIED_CGROUP_HIERARCHY_OPTION: &str = "systemd.unified_cgroup_hierarchy"
const CONFIG_FILE: &str = "agent.config_file"; const CONFIG_FILE: &str = "agent.config_file";
const GUEST_COMPONENTS_REST_API_OPTION: &str = "agent.guest_components_rest_api"; const GUEST_COMPONENTS_REST_API_OPTION: &str = "agent.guest_components_rest_api";
const GUEST_COMPONENTS_PROCS_OPTION: &str = "agent.guest_components_procs"; const GUEST_COMPONENTS_PROCS_OPTION: &str = "agent.guest_components_procs";
#[cfg(feature = "guest-pull")]
const IMAGE_REGISTRY_AUTH_OPTION: &str = "agent.image_registry_auth";
const SECURE_STORAGE_INTEGRITY_OPTION: &str = "agent.secure_storage_integrity"; const SECURE_STORAGE_INTEGRITY_OPTION: &str = "agent.secure_storage_integrity";
#[cfg(feature = "guest-pull")]
const ENABLE_SIGNATURE_VERIFICATION: &str = "agent.enable_signature_verification";
#[cfg(feature = "guest-pull")]
const IMAGE_POLICY_FILE: &str = "agent.image_policy_file";
// Configure the proxy settings for HTTPS requests in the guest, // Configure the proxy settings for HTTPS requests in the guest,
// to solve the problem of not being able to access the specified image in some cases. // to solve the problem of not being able to access the specified image in some cases.
const HTTPS_PROXY: &str = "agent.https_proxy"; const HTTPS_PROXY: &str = "agent.https_proxy";
@ -147,13 +139,7 @@ pub struct AgentConfig {
pub no_proxy: String, pub no_proxy: String,
pub guest_components_rest_api: GuestComponentsFeatures, pub guest_components_rest_api: GuestComponentsFeatures,
pub guest_components_procs: GuestComponentsProcs, pub guest_components_procs: GuestComponentsProcs,
#[cfg(feature = "guest-pull")]
pub image_registry_auth: String,
pub secure_storage_integrity: bool, pub secure_storage_integrity: bool,
#[cfg(feature = "guest-pull")]
pub enable_signature_verification: bool,
#[cfg(feature = "guest-pull")]
pub image_policy_file: String,
#[cfg(feature = "agent-policy")] #[cfg(feature = "agent-policy")]
pub policy_file: String, pub policy_file: String,
pub mem_agent: Option<MemAgentConfig>, pub mem_agent: Option<MemAgentConfig>,
@ -184,13 +170,7 @@ pub struct AgentConfigBuilder {
pub no_proxy: Option<String>, pub no_proxy: Option<String>,
pub guest_components_rest_api: Option<GuestComponentsFeatures>, pub guest_components_rest_api: Option<GuestComponentsFeatures>,
pub guest_components_procs: Option<GuestComponentsProcs>, pub guest_components_procs: Option<GuestComponentsProcs>,
#[cfg(feature = "guest-pull")]
pub image_registry_auth: Option<String>,
pub secure_storage_integrity: Option<bool>, pub secure_storage_integrity: Option<bool>,
#[cfg(feature = "guest-pull")]
pub enable_signature_verification: Option<bool>,
#[cfg(feature = "guest-pull")]
pub image_policy_file: Option<String>,
#[cfg(feature = "agent-policy")] #[cfg(feature = "agent-policy")]
pub policy_file: Option<String>, pub policy_file: Option<String>,
pub mem_agent_enable: Option<bool>, pub mem_agent_enable: Option<bool>,
@ -284,13 +264,7 @@ impl Default for AgentConfig {
no_proxy: String::from(""), no_proxy: String::from(""),
guest_components_rest_api: GuestComponentsFeatures::default(), guest_components_rest_api: GuestComponentsFeatures::default(),
guest_components_procs: GuestComponentsProcs::default(), guest_components_procs: GuestComponentsProcs::default(),
#[cfg(feature = "guest-pull")]
image_registry_auth: String::from(""),
secure_storage_integrity: false, secure_storage_integrity: false,
#[cfg(feature = "guest-pull")]
enable_signature_verification: false,
#[cfg(feature = "guest-pull")]
image_policy_file: String::from(""),
#[cfg(feature = "agent-policy")] #[cfg(feature = "agent-policy")]
policy_file: String::from(""), policy_file: String::from(""),
mem_agent: None, mem_agent: None,
@ -333,16 +307,6 @@ impl FromStr for AgentConfig {
guest_components_rest_api guest_components_rest_api
); );
config_override!(agent_config_builder, agent_config, guest_components_procs); config_override!(agent_config_builder, agent_config, guest_components_procs);
#[cfg(feature = "guest-pull")]
{
config_override!(agent_config_builder, agent_config, image_registry_auth);
config_override!(
agent_config_builder,
agent_config,
enable_signature_verification
);
config_override!(agent_config_builder, agent_config, image_policy_file);
}
config_override!(agent_config_builder, agent_config, secure_storage_integrity); config_override!(agent_config_builder, agent_config, secure_storage_integrity);
#[cfg(feature = "agent-policy")] #[cfg(feature = "agent-policy")]
@ -557,27 +521,6 @@ impl AgentConfig {
config.guest_components_procs, config.guest_components_procs,
get_guest_components_procs_value get_guest_components_procs_value
); );
#[cfg(feature = "guest-pull")]
{
parse_cmdline_param!(
param,
IMAGE_REGISTRY_AUTH_OPTION,
config.image_registry_auth,
get_string_value
);
parse_cmdline_param!(
param,
ENABLE_SIGNATURE_VERIFICATION,
config.enable_signature_verification,
get_bool_value
);
parse_cmdline_param!(
param,
IMAGE_POLICY_FILE,
config.image_policy_file,
get_string_value
);
}
parse_cmdline_param!( parse_cmdline_param!(
param, param,
SECURE_STORAGE_INTEGRITY_OPTION, SECURE_STORAGE_INTEGRITY_OPTION,
@ -901,11 +844,6 @@ mod tests {
assert!(!config.dev_mode); assert!(!config.dev_mode);
assert_eq!(config.log_level, DEFAULT_LOG_LEVEL); assert_eq!(config.log_level, DEFAULT_LOG_LEVEL);
assert_eq!(config.hotplug_timeout, DEFAULT_HOTPLUG_TIMEOUT); assert_eq!(config.hotplug_timeout, DEFAULT_HOTPLUG_TIMEOUT);
#[cfg(feature = "guest-pull")]
{
assert!(!config.enable_signature_verification);
assert_eq!(config.image_policy_file, "");
}
} }
#[test] #[test]
@ -931,13 +869,7 @@ mod tests {
no_proxy: &'a str, no_proxy: &'a str,
guest_components_rest_api: GuestComponentsFeatures, guest_components_rest_api: GuestComponentsFeatures,
guest_components_procs: GuestComponentsProcs, guest_components_procs: GuestComponentsProcs,
#[cfg(feature = "guest-pull")]
image_registry_auth: &'a str,
secure_storage_integrity: bool, secure_storage_integrity: bool,
#[cfg(feature = "guest-pull")]
enable_signature_verification: bool,
#[cfg(feature = "guest-pull")]
image_policy_file: &'a str,
#[cfg(feature = "agent-policy")] #[cfg(feature = "agent-policy")]
policy_file: &'a str, policy_file: &'a str,
mem_agent: Option<MemAgentConfig>, mem_agent: Option<MemAgentConfig>,
@ -961,13 +893,7 @@ mod tests {
no_proxy: "", no_proxy: "",
guest_components_rest_api: GuestComponentsFeatures::default(), guest_components_rest_api: GuestComponentsFeatures::default(),
guest_components_procs: GuestComponentsProcs::default(), guest_components_procs: GuestComponentsProcs::default(),
#[cfg(feature = "guest-pull")]
image_registry_auth: "",
secure_storage_integrity: false, secure_storage_integrity: false,
#[cfg(feature = "guest-pull")]
enable_signature_verification: false,
#[cfg(feature = "guest-pull")]
image_policy_file: "",
#[cfg(feature = "agent-policy")] #[cfg(feature = "agent-policy")]
policy_file: "", policy_file: "",
mem_agent: None, mem_agent: None,
@ -1418,18 +1344,6 @@ mod tests {
guest_components_procs: GuestComponentsProcs::None, guest_components_procs: GuestComponentsProcs::None,
..Default::default() ..Default::default()
}, },
#[cfg(feature = "guest-pull")]
TestData {
contents: "agent.image_registry_auth=file:///root/.docker/config.json",
image_registry_auth: "file:///root/.docker/config.json",
..Default::default()
},
#[cfg(feature = "guest-pull")]
TestData {
contents: "agent.image_registry_auth=kbs:///default/credentials/test",
image_registry_auth: "kbs:///default/credentials/test",
..Default::default()
},
TestData { TestData {
contents: "", contents: "",
secure_storage_integrity: false, secure_storage_integrity: false,
@ -1455,24 +1369,6 @@ mod tests {
secure_storage_integrity: false, secure_storage_integrity: false,
..Default::default() ..Default::default()
}, },
#[cfg(feature = "guest-pull")]
TestData {
contents: "agent.enable_signature_verification=true",
enable_signature_verification: true,
..Default::default()
},
#[cfg(feature = "guest-pull")]
TestData {
contents: "agent.image_policy_file=kbs:///default/image-policy/test",
image_policy_file: "kbs:///default/image-policy/test",
..Default::default()
},
#[cfg(feature = "guest-pull")]
TestData {
contents: "agent.image_policy_file=file:///etc/image-policy.json",
image_policy_file: "file:///etc/image-policy.json",
..Default::default()
},
#[cfg(feature = "agent-policy")] #[cfg(feature = "agent-policy")]
// Test environment // Test environment
TestData { TestData {
@ -1575,16 +1471,6 @@ mod tests {
"{}", "{}",
msg msg
); );
#[cfg(feature = "guest-pull")]
{
assert_eq!(d.image_registry_auth, config.image_registry_auth, "{}", msg);
assert_eq!(
d.enable_signature_verification, config.enable_signature_verification,
"{}",
msg
);
assert_eq!(d.image_policy_file, config.image_policy_file, "{}", msg);
}
assert_eq!( assert_eq!(
d.secure_storage_integrity, config.secure_storage_integrity, d.secure_storage_integrity, config.secure_storage_integrity,
"{}", "{}",