runtime: update genereated proto code

This should have been part of 10b24a19c8.

Signed-off-by: Markus Rudy <mr@edgeless.systems>

Cargo.lock

@@ -4031,6 +4031,15 @@ dependencies = [
  "syn 2.0.117",
 ]
 
+[[package]]
+name = "msvc_spectre_libs"
+version = "0.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "29e871a9861f3664f18b7e04e9301d4edd55090c2dadb4b1c602e26ab32b1f5b"
+dependencies = [
+ "cc",
+]
+
 [[package]]
 name = "multimap"
 version = "0.8.3"
@@ -5892,18 +5901,22 @@ checksum = "dc897dd8d9e8bd1ed8cdad82b5966c3e0ecae09fb1907d58efaa013543185d0a"
 
 [[package]]
 name = "regorus"
-version = "0.2.8"
+version = "0.9.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "843c3d97f07e3b5ac0955d53ad0af4c91fe4a4f8525843ece5bf014f27829b73"
+checksum = "656c9768f1d2113590ebc05e2e342a9f76baa97a445f2928f24eec9ae1fb14ac"
 dependencies = [
  "anyhow",
  "data-encoding",
  "lazy_static",
- "rand 0.8.5",
+ "msvc_spectre_libs",
+ "num-bigint",
+ "num-traits",
+ "rand 0.9.2",
  "regex",
- "scientific",
  "serde",
  "serde_json",
+ "spin",
+ "thiserror 2.0.18",
 ]
 
 [[package]]
@@ -6535,26 +6548,6 @@ dependencies = [
  "syn 2.0.117",
 ]
 
-[[package]]
-name = "scientific"
-version = "0.5.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "38a4b339a8de779ecb098a772ecbba2ace74e23ed959a5b4f30631d8bf1799a8"
-dependencies = [
- "scientific-macro",
-]
-
-[[package]]
-name = "scientific-macro"
-version = "0.5.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d2ee4885492bb655bfa05d039cd9163eb8fe9f79ddebf00ca23a1637510c2fd2"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.117",
-]
-
 [[package]]
 name = "scopeguard"
 version = "1.2.0"
@@ -7126,6 +7119,12 @@ dependencies = [
  "windows-sys 0.61.2",
 ]
 
+[[package]]
+name = "spin"
+version = "0.9.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
+
 [[package]]
 name = "stable_deref_trait"
 version = "1.2.1"

src/agent/policy/Cargo.toml

@@ -16,7 +16,7 @@ serde.workspace = true
 serde_json.workspace = true
 
 # Agent Policy
-regorus = { version = "0.2.8", default-features = false, features = [
+regorus = { version = "0.9.1", default-features = false, features = [
     "arc",
     "base64",
     "base64url",

src/runtime/virtcontainers/pkg/agent/protocols/grpc/agent.pb.go

@@ -3411,7 +3411,7 @@ type Storage struct {
 	unknownFields protoimpl.UnknownFields
 
 	// Driver is used to define the way the storage is passed through the
-	// virtual machine. It can be "9p", "blk", or something else, but for
+	// virtual machine. It can be "blk", or something else, but for
 	// all cases, this will define if some extra steps are required before
 	// this storage gets mounted into the container.
 	Driver string `protobuf:"bytes,1,opt,name=driver,proto3" json:"driver,omitempty"`
@@ -3427,7 +3427,7 @@ type Storage struct {
 	Source string `protobuf:"bytes,3,opt,name=source,proto3" json:"source,omitempty"`
 	// Fstype represents the filesystem that needs to be used to mount the
 	// storage inside the VM. For instance, it could be "xfs" for block
-	// device, "9p" for shared filesystem, or "tmpfs" for shared /dev/shm.
+	// device, or "tmpfs" for shared /dev/shm.
 	Fstype string `protobuf:"bytes,4,opt,name=fstype,proto3" json:"fstype,omitempty"`
 	// Options describes the additional options that might be needed to
 	// mount properly the storage filesystem.

tools/packaging/kata-deploy/helm-chart/kata-deploy/templates/runtimeclasses.yaml

@@ -26,10 +26,22 @@ handler: kata-{{ .shim }}-{{ .root.Values.env.multiInstallSuffix }}
 {{- else }}
 handler: kata-{{ .shim }}
 {{- end }}
+{{- /* Overhead section - controlled by global or per-shim overheadEnabled flag (default: true) */ -}}
+{{- $shimOverheadEnabled := true -}}
+{{- if hasKey .root.Values.runtimeClasses "overheadEnabled" -}}
+{{- $shimOverheadEnabled = .root.Values.runtimeClasses.overheadEnabled -}}
+{{- end -}}
+{{- with .shimConfig.runtimeClass -}}
+{{- if hasKey . "overheadEnabled" -}}
+{{- $shimOverheadEnabled = .overheadEnabled -}}
+{{- end -}}
+{{- end -}}
+{{- if $shimOverheadEnabled }}
 overhead:
   podFixed:
     memory: {{ .config.memory | quote }}
     cpu: {{ .config.cpu | quote }}
+{{- end }}
 scheduling:
   nodeSelector:
     katacontainers.io/kata-runtime: "true"

tools/packaging/kata-deploy/helm-chart/kata-deploy/values.yaml

@@ -69,6 +69,7 @@ snapshotter:
 #       runtimeClass:
 #         nodeSelector:              # extra node selectors added to the RuntimeClass
 #           example.io/feature: "true"
+#         overheadEnabled: true      # enable/disable overhead in RuntimeClass (default: inherits from runtimeClasses.overheadEnabled)
 #         overhead:                  # override pod overhead (falls back to built-in defaults)
 #           memory: "160Mi"
 #           cpu: "250m"
@@ -344,6 +345,10 @@ runtimeClasses:
   enabled: true
   createDefault: false
   defaultName: "kata"
+  # Global switch for overhead in all RuntimeClasses (default: true)
+  # Set to false to disable overhead for all shims globally.
+  # Individual shims can override this via shims.<name>.runtimeClass.overheadEnabled
+  overheadEnabled: true
 
 env:
   installationPrefix: ""