From 528e509f2d6571da32baa3da91e089c893d7c401 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Fri, 16 Aug 2024 12:50:35 +0200 Subject: [PATCH 1/3] ccruntime: Use "guest-pull" for TEEs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Right now, for some reason, we're not setting TEEs to use guest-pull, although we do that on the Kata Containers side. This is done in order to ensure those would also work when testing using CRI-O, as done for peer-pods. Signed-off-by: Fabiano FidĂȘncio --- config/samples/ccruntime/default/kustomization.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/config/samples/ccruntime/default/kustomization.yaml b/config/samples/ccruntime/default/kustomization.yaml index 96a9300b..d2d664b4 100644 --- a/config/samples/ccruntime/default/kustomization.yaml +++ b/config/samples/ccruntime/default/kustomization.yaml @@ -27,13 +27,13 @@ patches: pulltype: "" - name: "kata-qemu-tdx" snapshotter: "nydus" - pulltype: "" + pulltype: "guest-pull" - name: "kata-qemu-sev" snapshotter: "nydus" - pulltype: "" + pulltype: "guest-pull" - name: "kata-qemu-snp" snapshotter: "nydus" - pulltype: "" + pulltype: "guest-pull" - op: add path: /spec/config/defaultRuntimeClassName value: "kata-qemu" From 8087ede378a8b9b277ac0a73aa947908ad8cceab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Fri, 16 Aug 2024 12:52:05 +0200 Subject: [PATCH 2/3] ccruntime: Add kata-qemu-coco-dev to the deployed runtimes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As folks may want to give it a try on non-TEE environments. Signed-off-by: Fabiano FidĂȘncio --- config/samples/ccruntime/default/kustomization.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/samples/ccruntime/default/kustomization.yaml b/config/samples/ccruntime/default/kustomization.yaml index d2d664b4..f4d56857 100644 --- a/config/samples/ccruntime/default/kustomization.yaml +++ b/config/samples/ccruntime/default/kustomization.yaml @@ -25,6 +25,9 @@ patches: - name: "kata-qemu" snapshotter: "nydus" pulltype: "" + - name: "kata-qemu-coco-dev" + snapshotter: "nydus" + pulltype: "guest-pull" - name: "kata-qemu-tdx" snapshotter: "nydus" pulltype: "guest-pull" From 11ba3bf3a5d7937d57518e597cf25880783f4ec1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Fri, 16 Aug 2024 12:52:44 +0200 Subject: [PATCH 3/3] ccruntime: qemu / clh should not use nydus snapshotter MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As those are non-TEE and work better with whatever is the default on the Kata Containers side (virtio-fs, in this case). Signed-off-by: Fabiano FidĂȘncio --- config/samples/ccruntime/default/kustomization.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/samples/ccruntime/default/kustomization.yaml b/config/samples/ccruntime/default/kustomization.yaml index f4d56857..55f8383b 100644 --- a/config/samples/ccruntime/default/kustomization.yaml +++ b/config/samples/ccruntime/default/kustomization.yaml @@ -20,10 +20,10 @@ patches: path: /spec/config/runtimeClasses value: - name: "kata-clh" - snapshotter: "nydus" + snapshotter: "" pulltype: "" - name: "kata-qemu" - snapshotter: "nydus" + snapshotter: "" pulltype: "" - name: "kata-qemu-coco-dev" snapshotter: "nydus"