confidential-containers · fidencio · Aug 25, 2023 · Aug 22, 2023 · Aug 22, 2023
@@ -158,9 +158,9 @@ type CcInstallConfig struct {
 	// +optional
 	CleanupCmd []string `json:"cleanupCmd,omitempty"`
 
-	// This specifies the RuntimeClasses that needs to be created
+	// This specifies the RuntimeClasses that need to be created, with its name and an associated snapshotter to be used
 	// +optional
-	RuntimeClassNames []string `json:"runtimeClassNames,omitempty"`
+	RuntimeClasses []RuntimeClass `json:"runtimeClasses,omitempty"`
 
 	// This specifies the RuntimeClass to be used as the default one
 	// If not set, the default "kata" runtime class will NOT be created. Otherwise, the default "kata" runtime class will be created
@@ -313,6 +313,14 @@ type FailedNodeStatus struct {
 	Error string `json:"error"`
 }
 
+// RuntimeClass holds the name and the snapshotter to be used by a runtime class
+type RuntimeClass struct {
+	// Name of the runtime class
+	Name string `json:"name"`
+	// The snapshotter to be used by the runtime class
+	Snapshotter string `json:"snapshotter"`
+}
+
 func init() {
 	SchemeBuilder.Register(&CcRuntime{}, &CcRuntimeList{})
 }
@@ -5677,11 +5677,23 @@ spec:
                           type: object
                         type: array
                     type: object
-                  runtimeClassNames:
-                    description: This specifies the RuntimeClasses that needs to be
-                      created
+                  runtimeClasses:
+                    description: This specifies the RuntimeClasses that need to be
+                      created, with its name and an associated snapshotter to be used
                     items:
-                      type: string
+                      description: RuntimeClass holds the name and the snapshotter
+                        to be used by a runtime class
+                      properties:
+                        name:
+                          description: Name of the runtime class
+                          type: string
+                        snapshotter:
+                          description: The snapshotter to be used by the runtime class
+                          type: string
+                      required:
+                      - name
+                      - snapshotter
+                      type: object
                     type: array
                   runtimeImage:
                     description: This specifies the location of the container image

@@ -44,10 +44,10 @@ spec:
     installCmd: ["/opt/kata-artifacts/scripts/kata-deploy.sh", "install"]
     uninstallCmd: ["/opt/kata-artifacts/scripts/kata-deploy.sh", "cleanup"]
     cleanupCmd: ["/opt/kata-artifacts/scripts/kata-deploy.sh", "reset"]
-    # Uncomment and add the required RuntimeClassNames to be created
+    # Uncomment and add the required RuntimeClasses to be created
     # If this is commented, then the operator creates 3 default runtimeclasses "kata", "kata-clh", "kata-qemu"
-    runtimeClassNames: 
-      [""]
+    runtimeClasses: 
+      []
     postUninstall:
       image: quay.io/confidential-containers/container-engine-for-cc-payload
       volumeMounts:

@@ -16,8 +16,20 @@ images:
 patches:
 - patch: |-
     - op: replace
-      path: /spec/config/runtimeClassNames
-      value: ["kata-clh", "kata-clh-tdx", "kata-qemu", "kata-qemu-tdx", "kata-qemu-sev", "kata-qemu-snp"]
+      path: /spec/config/runtimeClasses
+      value:
+      - name: "kata-clh"
+        snapshotter: "overlayfs"
+      - name: "kata-clh-tdx"
+        snapshotter: "overlayfs"
+      - name: "kata-qemu"
+        snapshotter: "overlayfs"
+      - name: "kata-qemu-tdx"
+        snapshotter: "overlayfs"
+      - name: "kata-qemu-sev"
+        snapshotter: "overlayfs"
+      - name: "kata-qemu-snp"
+        snapshotter: "overlayfs"
     - op: add
       path: /spec/config/defaultRuntimeClassName
       value: "kata-qemu"

@@ -16,8 +16,10 @@ images:
 patches:
 - patch: |-
     - op: replace
-      path: /spec/config/runtimeClassNames
-      value: ["kata-remote"]
+      path: /spec/config/runtimeClasses
+      value:
+      - name: "kata-remote"
+        snapshotter: "overlayfs"
     - op: add
       path: /spec/config/debug
       value: false

@@ -14,8 +14,12 @@ images:
 patches:
 - patch: |-
     - op: replace
-      path: /spec/config/runtimeClassNames
-      value: ["kata-qemu", "kata-qemu-se"]
+      path: /spec/config/runtimeClasses
+      value:
+      - name: "kata-qemu"
+        snapshotter: "overlayfs"
+      - name: "kata-qemu-se"
+        snapshotter: "overlayfs"
     - op: add
       path: /spec/config/defaultRuntimeClassName
       value: "kata-qemu"

@@ -15,8 +15,14 @@ images:
 patches:
 - patch: |-
     - op: replace
-      path: /spec/config/runtimeClassNames
-      value: ["kata", "kata-clh", "kata-qemu"]
+      path: /spec/config/runtimeClasses
+      value:
+      - name: "kata"
+        snapshotter: "overlayfs"
+      - name: "kata-clh"
+        snapshotter: "overlayfs"
+      - name: "kata-qemu"
+        snapshotter: "overlayfs"
   target:
     kind: CcRuntime
 
@@ -43,7 +43,9 @@ spec:
     installCmd: ["/opt/enclave-cc-artifacts/scripts/enclave-cc-deploy.sh", "install"]
     uninstallCmd: ["/opt/enclave-cc-artifacts/scripts/enclave-cc-deploy.sh", "cleanup"]
     cleanupCmd: ["/opt/enclave-cc-artifacts/scripts/enclave-cc-deploy.sh", "reset"]
-    runtimeClassNames: ["enclave-cc"]
+    runtimeClasses:
+    - name: "enclave-cc"
+      snapshotter: "overlayfs"
     postUninstall:
       image: quay.io/confidential-containers/container-engine-for-cc-payload:98a790e8abdcc06c4b629b290ebaa217bf82e305
       volumeMounts:

@@ -465,14 +465,16 @@ func (r *CcRuntimeReconciler) monitorCcRuntimeInstallation() (ctrl.Result, error
 	// If the installation of the binaries is successful on all nodes, proceed with creating the runtime classes
 	if r.allNodesInstalled() {
 		// Update runtimeClass field
-		runtimeClassNames := r.ccRuntime.Spec.Config.RuntimeClassNames
-		for _, runtimeClassName := range runtimeClassNames {
+		var runtimeClassNames []string
+		runtimeClasses := r.ccRuntime.Spec.Config.RuntimeClasses
+		for _, runtimeClass := range runtimeClasses {
 			foundRc := &nodeapi.RuntimeClass{}
-			err := r.Client.Get(context.TODO(), types.NamespacedName{Name: runtimeClassName}, foundRc)
+			err := r.Client.Get(context.TODO(), types.NamespacedName{Name: runtimeClass.Name}, foundRc)
 			if errors.IsNotFound(err) {
-				r.Log.Info("The runtime payload failed to create the runtime class named %s", runtimeClassName)
+				r.Log.Info("The runtime payload failed to create the runtime class named %s", runtimeClass.Name)
 				return ctrl.Result{}, err
 			}
+			runtimeClassNames = append(runtimeClassNames, runtimeClass.Name)
 		}
 		r.ccRuntime.Status.RuntimeClass = strings.Join(runtimeClassNames, ",")
 
@@ -613,7 +615,19 @@ func (r *CcRuntimeReconciler) processDaemonset(operation DaemonOperation) *appsv
 		createDefaultRuntimeClass = "true"
 	}
 
-	var runtimeClasses = strings.Join(r.ccRuntime.Spec.Config.RuntimeClassNames, " ")
+	var runtimeClassNames []string
+	var snapshotter = ""
+	for _, runtimeClass := range r.ccRuntime.Spec.Config.RuntimeClasses {
+		runtimeClassNames = append(runtimeClassNames, runtimeClass.Name)
+		// FIXME: This will need to be changed by the moment the kata-containers
+		//        payload script supports setting one snapshotter per runtime handler.
+		//        For now, for the v0.8.0 release, we're fine assuming that all the
+		//        set snapshotters are going to be the same.
+		if snapshotter != "" {
+			snapshotter = runtimeClass.Snapshotter
+		}
+	}
+	var runtimeClasses = strings.Join(runtimeClassNames, " ")
 	var shims = strings.ReplaceAll(runtimeClasses, "kata-", "")
 
 	var envVars = []corev1.EnvVar{
@@ -637,6 +651,10 @@ func (r *CcRuntimeReconciler) processDaemonset(operation DaemonOperation) *appsv
 			Name:  "SHIMS",
 			Value: shims,
 		},
+		{
+			Name:  "SNAPSHOTTER",
+			Value: snapshotter,
+		},
 	}
 	envVars = append(envVars, r.ccRuntime.Spec.Config.EnvironmentVariables...)