controllers: support addon artifact images #1334
Conversation
openshift-ci
bot
added
the
needs-ok-to-test
|
Hi @ANJANA-ARK. Thanks for your PR. I'm waiting for a github.com member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Add support for installing custom kernel/initrd artifacts from container images in DaemonSet mode. Introduces osc-kata-addons-install.sh script and ConfigMap-based configuration (kata-addon-artifacts). Reuses extract_container_image from lib.sh. Minimal changes to existing flows. Provider-specific config updates (configuration-se.toml, configuration-tdx.toml, etc.) based on ConfigMap provider field. Signed-off-by: ANJANA-ARK <[email protected]>
ANJANA-ARK
force-pushed
the
osc-addon-changes
branch
from
7aec8ca to
78673f5
Compare
|
|
||
| sleep infinity | ||
| ;; | ||
| upgrade) |
There was a problem hiding this comment.
Could you explain how this would be executed in the script? Currently, the controller cannot set upgrade as the action for the DaemonSet. Do you have plans to extend the controller to handle that?
| # 0 on success | ||
| ####################################### | ||
| upgrade_addons() { | ||
| local version_file="/usr/share/kata-containers/.addon-version" |
There was a problem hiding this comment.
Both the installation and uninstallation use "/etc/kata-containers/.addon-version". I don’t see /usr used anywhere else. I’m not very familiar with Kata - does it create this file? Otherwise, the upgrade would always call install_addons.
| name: kata-addon-artifacts | ||
| namespace: openshift-sandboxed-containers-operator | ||
| data: | ||
| addonImage: "quay.io/<username>/kata-se-artifacts:v1.0" |
| @@ -0,0 +1,20 @@ | |||
| apiVersion: v1 | |||
| kind: ConfigMap | |||
There was a problem hiding this comment.
are we introducing this new cm or should we use kataconfig? @gkurz any comments here?
| initrdPath: "/artifacts/initrd/kata-containers-initrd.img" | ||
|
|
||
| # Define the OSC version | ||
| version: "v1.11" |
There was a problem hiding this comment.
Do you mind expanding a bit on the comments why this version is needed? In which situation we could have OSC version installed X and here using Y?
|
|
||
| if err != nil { | ||
| if errors.IsNotFound(err) { | ||
| // ConfigMap not found - addon not configured |
There was a problem hiding this comment.
Do plan to add a specific log msg here? If not, this if is unnecessary.
| }) | ||
|
|
||
| return envVars | ||
| } |
There was a problem hiding this comment.
I haven't tested my proposal, but maybe a less verbose method, with two structures for optional and mandatory?
var cm corev1.ConfigMap
if err := r.Client.Get(context.Background(),
types.NamespacedName{Name: "kata-addon-artifacts", Namespace: OperatorNamespace},
&cm,
); err != nil {
if !errors.IsNotFound(err) {
r.Log.Error(err, "Failed to get addon ConfigMap")
}
return nil
}
data := cm.Data
// --- Mandatory variables ---
mandatory := []struct {
key, env string
}{
{"addonImage", "ADDON_IMAGE"},
}
var envs []corev1.EnvVar
for _, v := range mandatory {
val := data[v.key]
if val == "" {
return nil // mandatory missing → addon not configured
}
envs = append(envs, corev1.EnvVar{Name: v.env, Value: val})
}
// --- Optional variables ---
optional := []struct {
key, env string
}{
{"provider", "ADDON_PROVIDER"},
{"kernelPath", "ADDON_KERNEL_PATH"},
{"initrdPath", "ADDON_INITRD_PATH"},
{"version", "ADDON_VERSION"},
}
for _, v := range optional {
val := data[v.key]
if v.key == "version" && val == "" {
val = extractVersionFromImage(data["addonImage"])
}
if val != "" {
envs = append(envs, corev1.EnvVar{Name: v.env, Value: val})
}
}
r.Log.Info("Addon artifacts configured", "image", data["addonImage"])
return envs
|
|
||
| # Required: Provider type (se, tdx, snp, etc.) | ||
| # This determines which config file to update: kata-<provider>/configuration.toml | ||
| provider: "se" |
There was a problem hiding this comment.
AFAIK this is for IBM SE only and it is unlikely to change anytime soon. Let's keep it simple and drop that.
| fi | ||
| echo " Updated initrd: $initrd_path" | ||
| fi | ||
|
|
There was a problem hiding this comment.
It seems that all this logic could be replaced with a simple config drop in. Something like :
cat<<EOF>/etc/kata-containers/kata-se/config.d/coco-guest.toml
[hypervisor.qemu]
kernel = "${kernel_path}"
initrd = "${initrd_path}"
EOF
4 participants
Add support for installing custom kernel/initrd artifacts from container images in DaemonSet mode. Introduces osc-kata-addons-install.sh script and ConfigMap-based configuration (kata-addon-artifacts).
Reuses extract_container_image from lib.sh. Minimal changes to existing flows. Provider-specific config updates (configuration-se.toml, configuration-tdx.toml, etc.) based on ConfigMap provider field.