-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merge peer-pods and CoCo operator/payloads together #561
Comments
@stevenhorsman I think we really don't need the runtime-payload code anymore once we have the remote hypervisor config added to the Kata ccv0 release payload. |
Minor correction. We will still need the runtime-payload for cri-o which we'll base it on the ccv0 release payload. |
@stevenhorsman, I'd go for:
|
FYI I've created |
FYI - kata-containers/kata-containers#6349 - which I have a draft PR for and kata-containers/kata-containers#6351 have closed, so I think we can start removing our own copy of the runtime-payload once we've tested the kata-cc runtime payload works as expected. One blocker for this is until confidential-containers/operator#180 is merged, I think until that merged the latest runtimePayload will be incompatibly with the latest operator, so we'll probably have to wait for that first. |
The operator blocker is now resolved, so I've created confidential-containers/operator#186 to cover updating the coco operator to add the runtime class. I have a question on how much of the custom peer pod cc-runtime we can remove and merge into the coco version in that though |
In the absence of any feedback in I confidential-containers/operator#186 I went for the (not as nice, but potentially less destructive) approach of just adding the kata-remote runtimeclass in the oeprator code and then trying to define the runtimeclass in the CAA version. My attempt of that is https://github.com/confidential-containers/cloud-api-adaptor/compare/staging...stevenhorsman:cloud-api-adaptor:add-remote-runtimeclass?expand=1
which was seen in confidential-containers/operator#183, so supposed to have been resolved, so I'm not sure if I've missed something there? |
I got Fabiano's help on it, who reminded me that the hostPaths have changed with the new base image (so another example where having the peer pods version of cc-runtime isn't ideal as we need to ensure we port across fixes). Re-testing now... |
I've carried on working on this and tried to use https://github.com/stevenhorsman/cloud-api-adaptor/blob/8c5414e30c5cf59f4203cea7e68d6b80a16d4c94/install/yamls/kustomization.yaml to overwrite the values in the cc runtime, so that cc runtime is the same as the coco version and then we can get rid of it, but I can't get the kustomize to work and it's not pulling the image I specify in there, but instead the base image:
so I think someone who understand the operator better than me needs to pick this up and move it along |
With the changes that Pradipta made in confidential-containers/operator#202 I think the main piece of this is complete. What remains is:
These could be split out under a separate issue, or done here. |
@stevenhorsman should this be moved to 0.6.0 for the list of issues not complete yet? |
Thanks for the nudge Ariel, to have track these tasks better I broke them out into individual issues, so I think that can be close now:
I'll add them to the 0.6 release. |
At the moment there is a fair bit of duplication between the peer pod and coco operator, as we look to make peer pods part of the coco release ideally we'd reduce this and maybe even get to the point that we can get rid of the separate peer pod operator completely?
This is my completely non-expert take, so please update this description as necessary to correct things
Runtime-payload
When the peer pods controller was first created we had to have a custom kata-shim as it was built on the remote hypervisor support just in Yohei's branch, but it's since been merged into CCv0, so do we have an opportunity to merge the runtime-payloads closer together now (and perhaps entirely?)
Currently
cloud-api-adaptor/install/runtime-payload/Dockerfile
Lines 1 to 16 in 0591f43
the extras in the peer pods runtime-payload are:
containerd-shim-kata-v2
- I think this is the same binary as in CoCo now so can be removed?CCv0
?Pre-install payload
The peer pod pre-install has some systemd artifacts. It's not clear from #545 (comment) whether these are even needed anymore?
Peer-pod-controller
Could we add extra controllers e.g. peer-pod controller to the CoCo operator?
The text was updated successfully, but these errors were encountered: