From 76081a10c26fb31aedf9b2245fd3abaa852abc68 Mon Sep 17 00:00:00 2001
From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Date: Sat, 9 Mar 2024 09:48:09 +0900
Subject: [PATCH] kubelet: RuntimeHandler: add SupportsRecursiveReadOnlyMounts

For KEP-3857: Recursive Read-only (RRO) mounts

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
---
 pkg/kubelet/container/runtime.go   | 6 +++++-
 pkg/kubelet/kuberuntime/helpers.go | 7 +++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/pkg/kubelet/container/runtime.go b/pkg/kubelet/container/runtime.go
index 83c872916eb..3727b2d1b09 100644
--- a/pkg/kubelet/container/runtime.go
+++ b/pkg/kubelet/container/runtime.go
@@ -562,6 +562,9 @@ func (r *RuntimeStatus) String() string {
 type RuntimeHandler struct {
 	// Name is the handler name.
 	Name string
+	// SupportsRecursiveReadOnlyMounts is true if the handler has support for
+	// recursive read-only mounts.
+	SupportsRecursiveReadOnlyMounts bool
 	// SupportsUserNamespaces is true if the handler has support for
 	// user namespaces.
 	SupportsUserNamespaces bool
@@ -569,7 +572,8 @@ type RuntimeHandler struct {
 
 // String formats the runtime handler into human readable string.
 func (h *RuntimeHandler) String() string {
-	return fmt.Sprintf("Name=%s SupportsUserNamespaces: %v", h.Name, h.SupportsUserNamespaces)
+	return fmt.Sprintf("Name=%s SupportsRecursiveReadOnlyMounts: %v SupportsUserNamespaces: %v",
+		h.Name, h.SupportsRecursiveReadOnlyMounts, h.SupportsUserNamespaces)
 }
 
 // RuntimeCondition contains condition information for the runtime.
diff --git a/pkg/kubelet/kuberuntime/helpers.go b/pkg/kubelet/kuberuntime/helpers.go
index 9c2d1b500b2..a257e52d75f 100644
--- a/pkg/kubelet/kuberuntime/helpers.go
+++ b/pkg/kubelet/kuberuntime/helpers.go
@@ -221,13 +221,16 @@ func toKubeRuntimeStatus(status *runtimeapi.RuntimeStatus, handlers []*runtimeap
 	}
 	retHandlers := make([]kubecontainer.RuntimeHandler, len(handlers))
 	for i, h := range handlers {
+		supportsRRO := false
 		supportsUserns := false
 		if h.Features != nil {
+			supportsRRO = h.Features.RecursiveReadOnlyMounts
 			supportsUserns = h.Features.UserNamespaces
 		}
 		retHandlers[i] = kubecontainer.RuntimeHandler{
-			Name:                   h.Name,
-			SupportsUserNamespaces: supportsUserns,
+			Name:                            h.Name,
+			SupportsRecursiveReadOnlyMounts: supportsRRO,
+			SupportsUserNamespaces:          supportsUserns,
 		}
 	}
 	return &kubecontainer.RuntimeStatus{Conditions: conditions, Handlers: retHandlers}