confidential-containers · fidencio · Aug 7, 2023 · Jul 31, 2023 · Jul 31, 2023 · Jul 31, 2023
@@ -162,6 +162,16 @@ type CcInstallConfig struct {
 	// +optional
 	RuntimeClassNames []string `json:"runtimeClassNames,omitempty"`
 
+	// This specifies the RuntimeClass to be used as the default one
+	// If not set, the default "kata" runtime class will NOT be created. Otherwise, the default "kata" runtime class will be created
+	// as as "alias" for the value set here
+	// +optional
+	DefaultRuntimeClassName string `json:"defaultRuntimeClassName,omitempty"`
+
+	// This specifies whether the CcRuntime (kata or enclave-cc) will be running on debug mode
+	// +optional
+	Debug bool `json:"debug,omitempty"`
+
 	// This specifies the environment variables required by the daemon set
 	// +optional
 	EnvironmentVariables []corev1.EnvVar `json:"environmentVariables,omitempty"`

@@ -102,6 +102,16 @@ spec:
                     items:
                       type: string
                     type: array
+                  debug:
+                    description: This specifies whether the CcRuntime (kata or enclave-cc)
+                      will be running on debug mode
+                    type: boolean
+                  defaultRuntimeClassName:
+                    description: This specifies the RuntimeClass to be used as the
+                      default one If not set, the default "kata" runtime class will
+                      NOT be created. Otherwise, the default "kata" runtime class
+                      will be created as as "alias" for the value set here
+                    type: string
                   environmentVariables:
                     description: This specifies the environment variables required
                       by the daemon set

@@ -17,6 +17,12 @@ patches:
 - patch: |-
     - op: replace
       path: /spec/config/runtimeClassNames
-      value: ["kata", "kata-clh", "kata-clh-tdx", "kata-qemu", "kata-qemu-tdx", "kata-qemu-sev", "kata-qemu-snp"]
+      value: ["kata-clh", "kata-clh-tdx", "kata-qemu", "kata-qemu-tdx", "kata-qemu-sev", "kata-qemu-snp"]
+    - op: add
+      path: /spec/config/defaultRuntimeClassName
+      value: "kata-qemu"
+    - op: add
+      path: /spec/config/debug
+      value: false
   target:
     kind: CcRuntime
@@ -18,5 +18,8 @@ patches:
     - op: replace
       path: /spec/config/runtimeClassNames
       value: ["kata-remote"]
+    - op: add
+      path: /spec/config/debug
+      value: false
   target:
     kind: CcRuntime
@@ -15,6 +15,12 @@ patches:
 - patch: |-
     - op: replace
       path: /spec/config/runtimeClassNames
-      value: ["kata", "kata-qemu", "kata-qemu-se"]
+      value: ["kata-qemu", "kata-qemu-se"]
+    - op: add
+      path: /spec/config/defaultRuntimeClassName
+      value: "kata-qemu"
+    - op: add
+      path: /spec/config/debug
+      value: false
   target:
     kind: CcRuntime
@@ -19,6 +19,7 @@ package controllers
 import (
 	"context"
 	"fmt"
+	"strconv"
 	"strings"
 	"time"
 
@@ -32,7 +33,6 @@ import (
 	"github.com/go-logr/logr"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
-	nodeapi "k8s.io/api/node/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
@@ -463,10 +463,6 @@ func (r *CcRuntimeReconciler) monitorCcRuntimeInstallation() (ctrl.Result, error
 
 	// If the installation of the binaries is successful on all nodes, proceed with creating the runtime classes
 	if r.allNodesInstalled() {
-		rs, err := r.setRuntimeClass()
-		if err != nil {
-			return rs, err
-		}
 		// Add finalizer for this CR
 		if !contains(r.ccRuntime.GetFinalizers(), RuntimeConfigFinalizer) {
 			if err := r.addFinalizer(); err != nil {
@@ -556,63 +552,6 @@ func (r *CcRuntimeReconciler) allNodesInstalled() bool {
 		r.ccRuntime.Status.InstallationStatus.Completed.CompletedNodesCount == r.ccRuntime.Status.TotalNodesCount
 }
 
-func (r *CcRuntimeReconciler) setRuntimeClass() (ctrl.Result, error) {
-	runtimeClassNames := []string{"kata-clh", "kata-qemu", "kata"}
-
-	if r.ccRuntime.Spec.Config.RuntimeClassNames != nil {
-		r.Log.Info("Setting RuntimeClassNames from CRD")
-		runtimeClassNames = r.ccRuntime.Spec.Config.RuntimeClassNames
-	}
-
-	for _, runtimeClassName := range runtimeClassNames {
-		rc := func() *nodeapi.RuntimeClass {
-			rc := &nodeapi.RuntimeClass{
-				TypeMeta: metav1.TypeMeta{
-					APIVersion: "node.k8s.io/v1",
-					Kind:       "RuntimeClass",
-				},
-				ObjectMeta: metav1.ObjectMeta{
-					Name: runtimeClassName,
-				},
-				Handler: runtimeClassName,
-			}
-
-			if r.ccRuntime.Spec.CcNodeSelector != nil {
-				rc.Scheduling = &nodeapi.Scheduling{
-					NodeSelector: r.ccRuntime.Spec.CcNodeSelector.MatchLabels,
-				}
-			}
-			return rc
-		}()
-
-		// Set CcRuntime r.ccRuntime as the owner and controller
-		if err := controllerutil.SetControllerReference(r.ccRuntime, rc, r.Scheme); err != nil {
-			return ctrl.Result{}, err
-		}
-
-		foundRc := &nodeapi.RuntimeClass{}
-		err := r.Client.Get(context.TODO(), types.NamespacedName{Name: rc.Name}, foundRc)
-		if err != nil && errors.IsNotFound(err) {
-			r.Log.Info("Creating a new RuntimeClass", "rc.Name", rc.Name)
-			err = r.Client.Create(context.TODO(), rc)
-			if err != nil {
-				return ctrl.Result{}, err
-			}
-		}
-
-	}
-
-	r.ccRuntime.Status.RuntimeClass = strings.Join(runtimeClassNames, ",")
-	err := r.Client.Status().Update(context.TODO(), r.ccRuntime)
-	if (err != nil && !errors.IsConflict(err)) ||
-		(err != nil && !errors.IsAlreadyExists(err)) {
-		r.Log.Error(err, "can't set runtimeclass")
-		return ctrl.Result{}, err
-	}
-
-	return ctrl.Result{}, nil
-}
-
 func (r *CcRuntimeReconciler) processDaemonset(operation DaemonOperation) *appsv1.DaemonSet {
 	runPrivileged := true
 	var runAsUser int64 = 0
@@ -651,6 +590,43 @@ func (r *CcRuntimeReconciler) processDaemonset(operation DaemonOperation) *appsv
 		containerCommand = r.ccRuntime.Spec.Config.UninstallCmd
 	}
 
+	var debug = strconv.FormatBool(r.ccRuntime.Spec.Config.Debug)
+
+	var defaultShim = ""
+	var createDefaultRuntimeClass = "false"
+	if strings.HasPrefix(r.ccRuntime.Spec.Config.DefaultRuntimeClassName, "kata-") {
+		// Remove the "kata-" prefix from DefaultRuntimeClassName
+		defaultShim = strings.TrimPrefix(r.ccRuntime.Spec.Config.DefaultRuntimeClassName, "kata-")
+		createDefaultRuntimeClass = "true"
+	}
+
+	var runtimeClasses = strings.Join(r.ccRuntime.Spec.Config.RuntimeClassNames, " ")
+	var shims = strings.ReplaceAll(runtimeClasses, "kata-", "")
+
+	var envVars = []corev1.EnvVar{
+		{
+			Name:  "DEBUG",
+			Value: debug,
+		},
+		{
+			Name:  "DEFAULT_SHIM",
+			Value: defaultShim,
+		},
+		{
+			Name:  "CREATE_DEFAULT_RUNTIMECLASS",
+			Value: createDefaultRuntimeClass,
+		},
+		{
+			Name:  "CREATE_RUNTIMECLASSES",
+			Value: "true",
+		},
+		{
+			Name:  "SHIMS",
+			Value: shims,
+		},
+	}
+	envVars = append(envVars, r.ccRuntime.Spec.Config.EnvironmentVariables...)
+
 	return &appsv1.DaemonSet{
 		TypeMeta: metav1.TypeMeta{
 			APIVersion: "apps/v1",
@@ -692,7 +668,7 @@ func (r *CcRuntimeReconciler) processDaemonset(operation DaemonOperation) *appsv
 								RunAsUser:  &runAsUser,
 							},
 							Command:      containerCommand,
-							Env:          r.ccRuntime.Spec.Config.EnvironmentVariables,
+							Env:          envVars,
 							VolumeMounts: r.ccRuntime.Spec.Config.InstallerVolumeMounts,
 						},
 					},