relax bind mount regex

the source path can be cached from the first container now

Signed-off-by: Aurélien Bombo <abombo@microsoft.com>

.github/workflows/push-oras-tarball-cache.yaml

@@ -1,10 +1,6 @@
 # Push gperf and busybox tarballs to the ORAS cache (ghcr.io) so that
 # download-with-oras-cache.sh can pull them instead of hitting upstream.
 # Runs when versions.yaml changes on main (e.g. after a PR merge) or manually.
-#
-# We use ORAS (same as kata-deploy-binaries.sh for cached-artefacts). GITHUB_TOKEN
-# can only write to the repository's package namespace, so we use
-# ARTEFACT_REPOSITORY=${{ github.repository }} (ghcr.io/owner/repo/cached-tarballs/).
 name: CI | Push ORAS tarball cache
 on:
   push:
@@ -42,6 +38,6 @@ jobs:
         run: ./tools/packaging/scripts/populate-oras-tarball-cache.sh all
         env:
           ARTEFACT_REGISTRY: ghcr.io
-          ARTEFACT_REPOSITORY: ${{ github.repository }}
+          ARTEFACT_REPOSITORY: kata-containers
           ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }}
           ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}

src/runtime-rs/Makefile

@@ -180,7 +180,7 @@ DEFNETQUEUES := 1
 DEFENABLEANNOTATIONS := [\"enable_iommu\", \"virtio_fs_extra_args\", \"kernel_params\", \"kernel_verity_params\", \"default_vcpus\", \"default_memory\"]
 DEFENABLEANNOTATIONS_COCO := [\"enable_iommu\", \"virtio_fs_extra_args\", \"kernel_params\", \"kernel_verity_params\", \"default_vcpus\", \"default_memory\", \"cc_init_data\"]
 DEFDISABLEGUESTSECCOMP := true
-DEFDISABLEGUESTEMPTYDIR := false
+DEFDISABLEGUESTEMPTYDIR := true
 ##VAR DEFAULTEXPFEATURES=[features] Default experimental features enabled
 DEFAULTEXPFEATURES := []
 DEFDISABLESELINUX := false

src/runtime/Makefile

@@ -220,7 +220,7 @@ DEFBRIDGES := 1
 DEFENABLEANNOTATIONS := [\"enable_iommu\", \"virtio_fs_extra_args\", \"kernel_params\", \"kernel_verity_params\"]
 DEFENABLEANNOTATIONS_COCO := [\"enable_iommu\", \"virtio_fs_extra_args\", \"kernel_params\", \"kernel_verity_params\", \"default_vcpus\", \"default_memory\", \"cc_init_data\"]
 DEFDISABLEGUESTSECCOMP := true
-DEFDISABLEGUESTEMPTYDIR := false
+DEFDISABLEGUESTEMPTYDIR := true
 #Default experimental features enabled
 DEFAULTEXPFEATURES := []
 

src/runtime/virtcontainers/fs_share_linux.go

@@ -83,9 +83,13 @@ type FilesystemShare struct {
 	configVolRegex *regexp.Regexp
 	// Regex to match only the timestamped directory inside the k8's volume mount
 	timestampDirRegex *regexp.Regexp
-	// The same volume mount can be shared by multiple containers in the same sandbox (pod)
-	srcDstMap            map[string][]string
-	srcDstMapLock        sync.Mutex
+	// srcDstMap tracks file-level source to destination mappings for configmap/secret watching
+	srcDstMap     map[string][]string
+	srcDstMapLock sync.Mutex
+	// srcGuestMap caches volume source path to guest path, enabling multiple containers
+	// in the same pod to share the same volume mount
+	srcGuestMap          map[string]string
+	srcGuestMapLock      sync.Mutex
 	eventLoopStarted     bool
 	eventLoopStartedLock sync.Mutex
 	watcherDoneChannel   chan bool
@@ -108,6 +112,7 @@ func NewFilesystemShare(s *Sandbox) (*FilesystemShare, error) {
 		sandbox:            s,
 		watcherDoneChannel: make(chan bool),
 		srcDstMap:          make(map[string][]string),
+		srcGuestMap:        make(map[string]string),
 		watcher:            watcher,
 		configVolRegex:     configVolRegex,
 		timestampDirRegex:  timestampDirRegex,
@@ -309,6 +314,13 @@ func (f *FilesystemShare) ShareFile(ctx context.Context, c *Container, m *Mount)
 	// bind mount it in the shared directory.
 	caps := f.sandbox.hypervisor.Capabilities(ctx)
 	if !caps.IsFsSharingSupported() {
+		f.srcGuestMapLock.Lock()
+		if guestPath, ok := f.srcGuestMap[m.Source]; ok {
+			f.srcGuestMapLock.Unlock()
+			return &SharedFile{guestPath: guestPath}, nil
+		}
+		f.srcGuestMapLock.Unlock()
+
 		f.Logger().Debug("filesystem sharing is not supported, files will be copied")
 
 		var ignored bool
@@ -418,6 +430,11 @@ func (f *FilesystemShare) ShareFile(ctx context.Context, c *Container, m *Mount)
 		m.HostPath = mountDest
 	}
 
+	// Cache the guestPath for this volume source so other containers can share it
+	f.srcGuestMapLock.Lock()
+	defer f.srcGuestMapLock.Unlock()
+	f.srcGuestMap[m.Source] = guestPath
+
 	return &SharedFile{
 		guestPath: guestPath,
 	}, nil
@@ -442,6 +459,10 @@ func (f *FilesystemShare) UnshareFile(ctx context.Context, c *Container, m *Moun
 		}
 	}
 
+	f.srcGuestMapLock.Lock()
+	delete(f.srcGuestMap, m.Source)
+	f.srcGuestMapLock.Unlock()
+
 	return nil
 }
 

src/runtime/virtcontainers/pkg/cloud-hypervisor/client/README.md

@@ -16,7 +16,6 @@ Install the following dependencies:
 ```shell
 go get github.com/stretchr/testify/assert
 go get golang.org/x/oauth2
-go get golang.org/x/net/context
 ```
 
 Put the package under your project folder and add the following in import:
@@ -177,6 +176,3 @@ Each of these functions takes a value of the given basic type and returns a poin
 * `PtrTime`
 
 ## Author
-
-
-

src/tools/csi-kata-directvolume/go.mod

@@ -14,8 +14,8 @@ require (
 	github.com/kubernetes-csi/csi-lib-utils v0.16.0
 	github.com/pborman/uuid v1.2.1
 	github.com/stretchr/testify v1.8.4
-	golang.org/x/net v0.38.0
-	golang.org/x/sys v0.31.0
+	golang.org/x/net v0.50.0
+	golang.org/x/sys v0.41.0
 	google.golang.org/grpc v1.63.2
 	k8s.io/apimachinery v0.28.2
 	k8s.io/klog/v2 v2.110.1
@@ -36,7 +36,7 @@ require (
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/ulikunitz/xz v0.5.15 // indirect
-	golang.org/x/text v0.23.0 // indirect
+	golang.org/x/text v0.34.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240227224415-6ceb2ff114de // indirect
 	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/djherbis/times.v1 v1.3.0 // indirect

src/tools/csi-kata-directvolume/go.sum

@@ -68,6 +68,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
 golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
+golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60=
+golang.org/x/net v0.50.0/go.mod h1:UgoSli3F/pBgdJBHCTc+tp3gmrU4XswgGRgtnwWTfyM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -79,10 +81,14 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
 golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k=
+golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
 golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
+golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk=
+golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=

src/tools/csi-kata-directvolume/pkg/directvolume/controllerserver.go

@@ -8,13 +8,13 @@
 package directvolume
 
 import (
+	"context"
 	"fmt"
 	"os"
 	"strings"
 
 	"github.com/golang/protobuf/ptypes/wrappers"
 	"github.com/pborman/uuid"
-	"golang.org/x/net/context"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 

src/tools/csi-kata-directvolume/pkg/directvolume/controllerserver_test.go

@@ -6,13 +6,13 @@
 package directvolume
 
 import (
+	"context"
 	"os"
 	"path/filepath"
 	"testing"
 
 	csi "github.com/container-storage-interface/spec/lib/go/csi"
 	"github.com/stretchr/testify/require"
-	"golang.org/x/net/context"
 
 	"kata-containers/csi-kata-directvolume/pkg/spdkrpc"
 	"kata-containers/csi-kata-directvolume/pkg/utils"

src/tools/csi-kata-directvolume/pkg/directvolume/identityserver.go

@@ -8,8 +8,9 @@
 package directvolume
 
 import (
+	"context"
+
 	"github.com/container-storage-interface/spec/lib/go/csi"
-	"golang.org/x/net/context"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 	"k8s.io/klog/v2"

src/tools/csi-kata-directvolume/pkg/directvolume/nodeserver.go

@@ -8,6 +8,7 @@
 package directvolume
 
 import (
+	"context"
 	"fmt"
 	"os"
 	"path/filepath"
@@ -17,7 +18,6 @@ import (
 	"kata-containers/csi-kata-directvolume/pkg/utils"
 
 	"github.com/container-storage-interface/spec/lib/go/csi"
-	"golang.org/x/net/context"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 	"k8s.io/klog/v2"

src/tools/csi-kata-directvolume/pkg/directvolume/nodeserver_test.go

@@ -6,6 +6,7 @@
 package directvolume
 
 import (
+	"context"
 	"os"
 	"path/filepath"
 	"strings"
@@ -13,7 +14,6 @@ import (
 
 	csi "github.com/container-storage-interface/spec/lib/go/csi"
 	"github.com/stretchr/testify/require"
-	"golang.org/x/net/context"
 
 	"kata-containers/csi-kata-directvolume/pkg/spdkrpc"
 	"kata-containers/csi-kata-directvolume/pkg/utils"

src/tools/csi-kata-directvolume/pkg/directvolume/server.go

@@ -8,9 +8,9 @@
 package directvolume
 
 import (
+	"context"
 	"sync"
 
-	"golang.org/x/net/context"
 	"google.golang.org/grpc"
 	"k8s.io/klog/v2"
 

src/tools/genpolicy/genpolicy-settings.json

@@ -152,17 +152,6 @@
         }
     },
     "volumes": {
-        "emptyDir": {
-            "mount_type": "local",
-            "mount_source": "^$(cpath)/$(sandbox-id)/rootfs/local/",
-            "mount_point": "^$(cpath)/$(sandbox-id)/rootfs/local/",
-            "driver": "local",
-            "source": "local",
-            "fstype": "local",
-            "options": [
-                "mode=0777"
-            ]
-        },
         "emptyDir_memory": {
             "mount_type": "bind",
             "mount_source": "^/run/kata-containers/sandbox/ephemeral/",

src/tools/genpolicy/rules.rego

@@ -1160,7 +1160,7 @@ mount_source_allows(p_mount, i_mount, bundle_id, sandbox_id) if {
     regex3 := replace(regex2, "$(cpath)", policy_data.common.cpath)
     print("mount_source_allows 2: regex3 =", regex3)
 
-    regex4 := replace(regex3, "$(sandbox-id)", sandbox_id)
+    regex4 := replace(regex3, "$(bundle-id)", "[a-z0-9]{64}")
     print("mount_source_allows 2: regex4 =", regex4)
     regex.match(regex4, i_mount.source)
 

src/tools/genpolicy/src/mount_and_storage.rs

@@ -105,7 +105,6 @@ pub fn get_mount_and_storage(
     storages: &mut Vec<agent::Storage>,
     yaml_volume: &volume::Volume,
     yaml_mount: &pod::VolumeMount,
-    pod_security_context: &Option<pod::PodSecurityContext>,
 ) {
     debug!(
         "get_mount_and_storage: adding mount and storage for: {:?}",
@@ -113,27 +112,18 @@ pub fn get_mount_and_storage(
     );
 
     if let Some(emptyDir) = &yaml_volume.emptyDir {
-        let settings_volumes = &settings.volumes;
-        let mut volume: Option<&settings::EmptyDirVolume> = None;
-
-        if let Some(medium) = &emptyDir.medium {
-            if medium == "Memory" {
-                volume = Some(&settings_volumes.emptyDir_memory);
-            }
+        let is_tmpfs = emptyDir.medium.as_ref().is_some_and(|m| m == "Memory");
+        if is_tmpfs {
+            get_memory_empty_dir_mount_and_storage(settings, p_mounts, storages, yaml_mount);
+        } else {
+            let access = if yaml_mount.readOnly == Some(true) {
+                debug!("setting read only access for emptyDir mount");
+                "ro"
+            } else {
+                "rw"
+            };
+            get_shared_bind_mount(yaml_mount, p_mounts, "rprivate", access);
         }
-
-        if volume.is_none() {
-            volume = Some(&settings_volumes.emptyDir);
-        }
-
-        get_empty_dir_mount_and_storage(
-            settings,
-            p_mounts,
-            storages,
-            yaml_mount,
-            volume.unwrap(),
-            pod_security_context,
-        );
     } else if yaml_volume.persistentVolumeClaim.is_some() || yaml_volume.azureFile.is_some() {
         get_shared_bind_mount(yaml_mount, p_mounts, "rprivate", "rw");
     } else if yaml_volume.hostPath.is_some() {
@@ -149,50 +139,25 @@ pub fn get_mount_and_storage(
     }
 }
 
-fn get_empty_dir_mount_and_storage(
+fn get_memory_empty_dir_mount_and_storage(
     settings: &settings::Settings,
     p_mounts: &mut Vec<policy::KataMount>,
     storages: &mut Vec<agent::Storage>,
     yaml_mount: &pod::VolumeMount,
-    settings_empty_dir: &settings::EmptyDirVolume,
-    pod_security_context: &Option<pod::PodSecurityContext>,
 ) {
-    debug!("Settings emptyDir: {:?}", settings_empty_dir);
+    let settings_empty_dir = &settings.volumes.emptyDir_memory;
+    debug!("Settings emptyDir_memory: {:?}", settings_empty_dir);
 
-    if yaml_mount.subPathExpr.is_none() {
-        let mut options = settings_empty_dir.options.clone();
-        if let Some(gid) = pod_security_context.as_ref().and_then(|sc| sc.fsGroup) {
-            // This matches the runtime behavior of only setting the fsgid if the mountpoint GID is not 0.
-            // https://github.com/kata-containers/kata-containers/blob/b69da5f3ba8385c5833b31db41a846a203812675/src/runtime/virtcontainers/kata_agent.go#L1602-L1607
-            if gid != 0 {
-                options.push(format!("fsgid={gid}"));
-            }
-        }
-        storages.push(agent::Storage {
-            driver: settings_empty_dir.driver.clone(),
-            driver_options: Vec::new(),
-            source: settings_empty_dir.source.clone(),
-            fstype: settings_empty_dir.fstype.clone(),
-            options,
-            mount_point: format!("{}{}$", &settings_empty_dir.mount_point, &yaml_mount.name),
-            fs_group: protobuf::MessageField::none(),
-            special_fields: ::protobuf::SpecialFields::new(),
-        });
-    }
-
-    let source = if yaml_mount.subPathExpr.is_some() {
-        let file_name = Path::new(&yaml_mount.mountPath).file_name().unwrap();
-        let name = OsString::from(file_name).into_string().unwrap();
-        format!("{}{name}$", &settings.volumes.configMap.mount_source)
-    } else {
-        format!("{}{}$", &settings_empty_dir.mount_source, &yaml_mount.name)
-    };
-
-    let mount_type = if yaml_mount.subPathExpr.is_some() {
-        "bind"
-    } else {
-        &settings_empty_dir.mount_type
-    };
+    storages.push(agent::Storage {
+        driver: settings_empty_dir.driver.clone(),
+        driver_options: Vec::new(),
+        source: settings_empty_dir.source.clone(),
+        fstype: settings_empty_dir.fstype.clone(),
+        options: settings_empty_dir.options.clone(),
+        mount_point: format!("{}{}$", &settings_empty_dir.mount_point, &yaml_mount.name),
+        fs_group: protobuf::MessageField::none(),
+        special_fields: ::protobuf::SpecialFields::new(),
+    });
 
     let access = match yaml_mount.readOnly {
         Some(true) => {
@@ -204,8 +169,8 @@ fn get_empty_dir_mount_and_storage(
 
     p_mounts.push(policy::KataMount {
         destination: yaml_mount.mountPath.to_string(),
-        type_: mount_type.to_string(),
-        source,
+        type_: settings_empty_dir.mount_type.clone(),
+        source: format!("{}{}$", &settings_empty_dir.mount_source, &yaml_mount.name),
         options: vec![
             "rbind".to_string(),
             "rprivate".to_string(),
@@ -318,13 +283,7 @@ fn get_shared_bind_mount(
     propagation: &str,
     access: &str,
 ) {
-    // The Kata Shim filepath.Base() to extract the last element of this path, in
-    // https://github.com/kata-containers/kata-containers/blob/5e46f814dd79ab6b34588a83825260413839735a/src/runtime/virtcontainers/fs_share_linux.go#L305
-    // In Rust, Path::file_name() has a similar behavior.
-    let path = Path::new(&yaml_mount.mountPath);
-    let mount_path = path.file_name().unwrap().to_str().unwrap();
-
-    let source = format!("$(sfprefix){mount_path}$");
+    let source = "$(sfprefix)[a-zA-Z0-9_.-]+$".to_string();
 
     let dest = yaml_mount.mountPath.clone();
     let type_ = "bind".to_string();

src/tools/genpolicy/src/settings.rs

@@ -31,7 +31,6 @@ pub struct Settings {
 /// Volume settings loaded from genpolicy-settings.json.
 #[derive(Clone, Debug, Serialize, Deserialize)]
 pub struct Volumes {
-    pub emptyDir: EmptyDirVolume,
     pub emptyDir_memory: EmptyDirVolume,
     pub configMap: ConfigMapVolume,
     pub image_volume: ImageVolume,

src/tools/genpolicy/src/yaml.rs

@@ -304,7 +304,6 @@ pub fn get_container_mounts_and_storages(
                             storages,
                             volume,
                             volume_mount,
-                            &podSpec.securityContext,
                         );
                     }
                 }

tests/gha-run-k8s-common.sh

@@ -9,6 +9,8 @@ source "${tests_dir}/common.bash"
 kubernetes_dir="${tests_dir}/integration/kubernetes"
 helm_chart_dir="${repo_root_dir}/tools/packaging/kata-deploy/helm-chart/kata-deploy"
 
+AZ_REGION="${AZ_REGION:-eastus}"
+AZ_NODEPOOL_TAGS="${AZ_NODEPOOL_TAGS:-}"
 GENPOLICY_PULL_METHOD="${GENPOLICY_PULL_METHOD:-oci-distribution}"
 GH_PR_NUMBER="${GH_PR_NUMBER:-}"
 HELM_DEFAULT_INSTALLATION="${HELM_DEFAULT_INSTALLATION:-false}"
@@ -111,7 +113,7 @@ function create_cluster() {
 		"GENPOLICY_PULL_METHOD=${GENPOLICY_PULL_METHOD:0:1}")
 
 	az group create \
-		-l eastus \
+		-l "${AZ_REGION}" \
 		-n "${rg}"
 
 	# Required by e.g. AKS App Routing for KBS installation.
@@ -129,7 +131,8 @@ function create_cluster() {
 		--node-count 1 \
 		--generate-ssh-keys \
 		--tags "${tags[@]}" \
-		$([[ "${KATA_HOST_OS}" = "cbl-mariner" ]] && echo "--os-sku AzureLinux --workload-runtime KataVmIsolation")
+		$([[ "${KATA_HOST_OS}" = "cbl-mariner" ]] && echo "--os-sku AzureLinux --workload-runtime KataVmIsolation") \
+		$([ -n "${AZ_NODEPOOL_TAGS}" ] && echo "--nodepool-tags "${AZ_NODEPOOL_TAGS}"")
 }
 
 function install_bats() {

tests/integration/kubernetes/k8s-nvidia-nim.bats

@@ -113,6 +113,27 @@ setup_langchain_flow() {
     [[ "$(pip show beautifulsoup4 2>/dev/null | awk '/^Version:/{print $2}')" = "4.13.4" ]] || pip install beautifulsoup4==4.13.4
 }
 
+# Create Docker config for genpolicy so it can authenticate to nvcr.io when
+# pulling image manifests (avoids "UnauthorizedError" from genpolicy's registry pull).
+# Genpolicy (src/tools/genpolicy) uses docker_credential::get_credential() in
+# src/tools/genpolicy/src/registry.rs build_auth(). The docker_credential crate
+# reads config from DOCKER_CONFIG (directory) + "/config.json", so we set
+# DOCKER_CONFIG to a directory containing config.json with nvcr.io auth.
+setup_genpolicy_registry_auth() {
+	if [[ -z "${NGC_API_KEY:-}" ]]; then
+		return
+	fi
+	local auth_dir
+	auth_dir="${BATS_SUITE_TMPDIR}/.docker-genpolicy"
+	mkdir -p "${auth_dir}"
+	# Docker config format: auths -> registry -> auth (base64 of "user:password")
+	echo -n "{\"auths\":{\"nvcr.io\":{\"username\":\"\$oauthtoken\",\"password\":\"${NGC_API_KEY}\",\"auth\":\"$(echo -n "\$oauthtoken:${NGC_API_KEY}" | base64 -w0)\"}}}" \
+		> "${auth_dir}/config.json"
+	export DOCKER_CONFIG="${auth_dir}"
+	# REGISTRY_AUTH_FILE (containers-auth.json format) is the same structure for auths
+	export REGISTRY_AUTH_FILE="${auth_dir}/config.json"
+}
+
 # Create initdata TOML file for genpolicy with CDH configuration.
 # This file is used by genpolicy via --initdata-path. Genpolicy will add the
 # generated policy.rego to it and set it as the cc_init_data annotation.
@@ -222,6 +243,9 @@ setup_file() {
     add_requests_to_policy_settings "${policy_settings_dir}" "ReadStreamRequest"
 
     if [ "${TEE}" = "true" ]; then
+        # So genpolicy can pull nvcr.io image manifests when generating policy (avoids UnauthorizedError).
+        setup_genpolicy_registry_auth
+
         setup_kbs_credentials
         # Overwrite the empty default-initdata.toml with our CDH configuration.
         # This must happen AFTER create_tmp_policy_settings_dir() copies the empty

tests/integration/kubernetes/tests_common.sh

@@ -37,6 +37,8 @@ K8S_TEST_DIR="${kubernetes_dir:-"${BATS_TEST_DIRNAME}"}"
 
 AUTO_GENERATE_POLICY="${AUTO_GENERATE_POLICY:-}"
 GENPOLICY_PULL_METHOD="${GENPOLICY_PULL_METHOD:-}"
+GENPOLICY_BINARY="${GENPOLICY_BINARY:-"/opt/kata/bin/genpolicy"}"
+GENPOLICY_SETTINGS_DIR="${GENPOLICY_SETTINGS_DIR:-"/opt/kata/share/defaults/kata-containers"}"
 KATA_HYPERVISOR="${KATA_HYPERVISOR:-}"
 KATA_HOST_OS="${KATA_HOST_OS:-}"
 
@@ -191,12 +193,11 @@ adapt_common_policy_settings() {
 # and change these settings to use Kata CI cluster's default namespace.
 create_common_genpolicy_settings() {
 	declare -r genpolicy_settings_dir="$1"
-	declare -r default_genpolicy_settings_dir="/opt/kata/share/defaults/kata-containers"
 
 	auto_generate_policy_enabled || return 0
 
-	cp "${default_genpolicy_settings_dir}/genpolicy-settings.json" "${genpolicy_settings_dir}"
-	cp "${default_genpolicy_settings_dir}/rules.rego" "${genpolicy_settings_dir}"
+	cp "${GENPOLICY_SETTINGS_DIR}/genpolicy-settings.json" "${genpolicy_settings_dir}"
+	cp "${GENPOLICY_SETTINGS_DIR}/rules.rego" "${genpolicy_settings_dir}"
 
 	adapt_common_policy_settings "${genpolicy_settings_dir}"
 }
@@ -247,7 +248,7 @@ auto_generate_policy_no_added_flags() {
 	declare -r additional_flags="${4:-""}"
 
 	auto_generate_policy_enabled || return 0
-	local genpolicy_command="RUST_LOG=info /opt/kata/bin/genpolicy -u -y ${yaml_file}"
+	local genpolicy_command="RUST_LOG=info ${GENPOLICY_BINARY} -u -y ${yaml_file}"
 	genpolicy_command+=" -p ${settings_dir}/rules.rego"
 	genpolicy_command+=" -j ${settings_dir}/genpolicy-settings.json"
 

tools/packaging/kata-deploy/helm-chart/kata-deploy/templates/runtimeclasses.yaml

@@ -22,7 +22,7 @@
 {{- end -}}
 {{- end -}}
 
-{{- /* Define runtime class configurations with their overhead settings */ -}}
+{{- /* Define runtime class configurations with their overhead settings and node selectors */ -}}
 {{- $runtimeClassConfigs := dict
   "clh" (dict "memory" "130Mi" "cpu" "250m")
   "cloud-hypervisor" (dict "memory" "130Mi" "cpu" "250m")
@@ -49,6 +49,7 @@
 {{- /* Create RuntimeClass for each enabled shim */ -}}
 {{- range $shim := $enabledShims }}
 {{- $config := index $runtimeClassConfigs $shim }}
+{{- $shimConfig := index $.Values.shims $shim }}
 {{- if $config }}
 ---
 kind: RuntimeClass
@@ -78,6 +79,11 @@ overhead:
 scheduling:
   nodeSelector:
     katacontainers.io/kata-runtime: "true"
+{{- if and $shimConfig.runtimeClass $shimConfig.runtimeClass.nodeSelector }}
+{{- range $key, $value := $shimConfig.runtimeClass.nodeSelector }}
+    {{ $key }}: {{ $value | quote }}
+{{- end }}
+{{- end }}
 {{- end }}
 {{- end }}
 

tools/packaging/kata-deploy/helm-chart/kata-deploy/values.yaml

@@ -114,6 +114,11 @@ shims:
     allowedHypervisorAnnotations: []
     containerd:
       snapshotter: ""
+    runtimeClass:
+      # This label is automatically added by gpu-operator. Override it
+      # if you want to use a different label.
+      nodeSelector:
+        nvidia.com/cc.ready.state: "false"
 
   qemu-nvidia-gpu-snp:
     enabled: ~
@@ -128,6 +133,14 @@ shims:
     agent:
       httpsProxy: ""
       noProxy: ""
+    runtimeClass:
+      # These labels are automatically added by gpu-operator and NFD
+      # respectively. Override if you want to use a different label.
+      # If you don't have NFD, you need to add the snp label by other
+      # means to your SNP nodes.
+      nodeSelector:
+        nvidia.com/cc.ready.state: "true"
+        amd.feature.node.kubernetes.io/snp: "true"
 
   qemu-nvidia-gpu-tdx:
     enabled: ~
@@ -142,6 +155,14 @@ shims:
     agent:
       httpsProxy: ""
       noProxy: ""
+    runtimeClass:
+      # These labels are automatically added by gpu-operator and NFD
+      # respectively. Override if you want to use a different label.
+      # If you don't have NFD, you need to add the tdx label by other
+      # means to your TDX nodes.
+      nodeSelector:
+        nvidia.com/cc.ready.state: "true"
+        intel.feature.node.kubernetes.io/tdx: "true"
 
   qemu-snp:
     enabled: ~

tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh

@@ -45,8 +45,7 @@ BUSYBOX_CONF_FILE="${BUSYBOX_CONF_FILE:-}"
 MEASURED_ROOTFS=${MEASURED_ROOTFS:-no}
 USE_CACHE="${USE_CACHE:-"yes"}"
 ARTEFACT_REGISTRY="${ARTEFACT_REGISTRY:-ghcr.io}"
-# Repo-scoped path for GHCR (same as download-with-oras-cache.sh). GITHUB_REPOSITORY is "owner/repo" in CI.
-ARTEFACT_REPOSITORY="${ARTEFACT_REPOSITORY:-${GITHUB_REPOSITORY:-kata-containers/kata-containers}}"
+ARTEFACT_REPOSITORY="${ARTEFACT_REPOSITORY:-kata-containers}"
 ARTEFACT_REGISTRY_USERNAME="${ARTEFACT_REGISTRY_USERNAME:-}"
 ARTEFACT_REGISTRY_PASSWORD="${ARTEFACT_REGISTRY_PASSWORD:-}"
 GUEST_HOOKS_TARBALL_NAME="${GUEST_HOOKS_TARBALL_NAME:-}"

tools/packaging/scripts/download-with-oras-cache.sh

@@ -30,9 +30,9 @@ install_oras_script="${script_dir}/../kata-deploy/local-build/dockerbuild/instal
 
 # ORAS configuration
 ARTEFACT_REGISTRY="${ARTEFACT_REGISTRY:-ghcr.io}"
-# Default to repo-scoped path: ghcr.io/<owner>/<repo>/cached-tarballs/
-# GITHUB_REPOSITORY in CI is "owner/repo" (e.g. kata-containers/kata-containers). Same as push workflow.
-ARTEFACT_REPOSITORY="${ARTEFACT_REPOSITORY:-${GITHUB_REPOSITORY:-kata-containers/kata-containers}}"
+# Default to upstream kata-containers org to match cached-artefacts pattern
+# Result: ghcr.io/kata-containers/cached-tarballs/<component>:<version>
+ARTEFACT_REPOSITORY="${ARTEFACT_REPOSITORY:-kata-containers}"
 # Reuse PUSH_TO_REGISTRY to control cache pushing
 PUSH_TO_REGISTRY="${PUSH_TO_REGISTRY:-no}"
 
@@ -301,34 +301,38 @@ download_with_cache() {
 					if [[ "${tarball_name}" != gperf-*.tar.gz ]]; then
 						die "GPG verification is only supported for gperf (tarball gperf-*.tar.gz), got: ${tarball_name}"
 					fi
-					# GPG signature file exists - import cached key if available
+					# GPG signature file exists - import cached key and verify
 					if [[ -f "${tarball_name}.gpg-keyring" ]]; then
-						# Import GPG key from cached keyring (no internet needed)
-						gpg --import "${tarball_name}.gpg-keyring" >&2 2>/dev/null || true
-						info "Imported GPG key from cache"
-					fi
-					local key_available="no"
-					for key in "${GPERF_GPG_KEYS[@]}"; do
-						if gpg --list-keys "${key}" &>/dev/null; then
-							key_available="yes"
-							break
+						# Use a temporary GPG home so import works in CI (default keyring may be read-only).
+						# Use --homedir to avoid mutating the environment; trap guarantees cleanup on any return.
+						local gpg_home
+						gpg_home=$(mktemp -d)
+						trap '[[ -n "${gpg_home:-}" ]] && { rm -rf "${gpg_home}" || true; }' RETURN
+						if gpg --homedir "${gpg_home}" --import "${tarball_name}.gpg-keyring" >&2 2>/dev/null; then
+							info "Imported GPG key from cache"
+							if gpg --homedir "${gpg_home}" --verify "${tarball_name}.sig" "${tarball_name}" >&2 2>/dev/null; then
+								info "GPG signature verified for cached ${artifact_name}"
+								popd > /dev/null
+								echo "${tarball_path}"
+								return 0
+							else
+								warn "GPG verification failed for cached ${artifact_name}, downloading from upstream"
+							fi
+						else
+							warn "Failed to import GPG key from cache, downloading from upstream"
 						fi
-					done
-					if [[ "${key_available}" == "yes" ]]; then
+						popd > /dev/null
+					else
+						# No cached keyring: try default keyring (e.g. developer has key installed)
+						warn "No GPG keyring in cache for ${artifact_name}, trying default keyring"
 						if gpg --verify "${tarball_name}.sig" "${tarball_name}" >&2 2>/dev/null; then
-							info "GPG signature verified for cached ${artifact_name}"
+							info "GPG signature verified for cached ${artifact_name} using default keyring"
 							popd > /dev/null
 							echo "${tarball_path}"
 							return 0
-						else
-							warn "GPG verification failed for cached ${artifact_name}, downloading from upstream"
-							popd > /dev/null
 						fi
-					else
-						# Key not available (no cached keyring and not imported locally)
-						warn "GPG key not available, cannot verify ${artifact_name}"
+						warn "GPG verification with default keyring failed for ${artifact_name}, downloading from upstream"
 						popd > /dev/null
-						# Fall through to download from upstream
 					fi
 				else
 					# No verification file, trust the cache
@@ -454,7 +458,7 @@ if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
 			echo ""
 			echo "Environment variables:"
 			echo "  ARTEFACT_REGISTRY          - Registry to use (default: ghcr.io)"
-			echo "  ARTEFACT_REPOSITORY        - Repository org/path (default: GITHUB_REPOSITORY or kata-containers/kata-containers)"
+			echo "  ARTEFACT_REPOSITORY        - Repository org/path (default: kata-containers)"
 			echo "  PUSH_TO_REGISTRY           - Set to 'yes' to push new artifacts to cache"
 			echo "  ARTEFACT_REGISTRY_USERNAME - Username for registry (required for push)"
 			echo "  ARTEFACT_REGISTRY_PASSWORD - Password for registry (required for push)"

tools/packaging/static-build/tools/Dockerfile

@@ -36,6 +36,7 @@ RUN apt-get update && \
 		g++ \
 		gcc \
 		git \
+		gnupg \
 		libssl-dev \
 		make \
 		musl-tools \

tools/testing/kata-webhook/go.mod

@@ -17,9 +17,9 @@ require (
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	golang.org/x/net v0.38.0 // indirect
-	golang.org/x/sys v0.31.0 // indirect
-	golang.org/x/text v0.23.0 // indirect
+	golang.org/x/net v0.50.0 // indirect
+	golang.org/x/sys v0.41.0 // indirect
+	golang.org/x/text v0.34.0 // indirect
 	gomodules.xyz/jsonpatch/v3 v3.0.1 // indirect
 	gomodules.xyz/orderedmap v0.1.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect

tools/testing/kata-webhook/go.sum

@@ -59,8 +59,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
-golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
+golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60=
+golang.org/x/net v0.50.0/go.mod h1:UgoSli3F/pBgdJBHCTc+tp3gmrU4XswgGRgtnwWTfyM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -68,12 +68,12 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
-golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k=
+golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
-golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
+golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk=
+golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=