Improve cri-o support by using pull_type

api/v1beta1/ccruntime_types.go

@@ -313,12 +313,14 @@ type FailedNodeStatus struct {
 	Error string `json:"error"`
 }
 
-// RuntimeClass holds the name and the snapshotter to be used by a runtime class
+// RuntimeClass holds the name and basic customizations to be used by a runtime class
 type RuntimeClass struct {
 	// Name of the runtime class
 	Name string `json:"name"`
 	// The snapshotter to be used by the runtime class
 	Snapshotter string `json:"snapshotter"`
+	// The pulling image method to be used by the runtime class
+	PullType string `json:"pulltype"`
 }
 
 func init() {

config/samples/ccruntime/default/kustomization.yaml

@@ -20,14 +20,19 @@ patches:
       value:
       - name: "kata-clh"
         snapshotter: "nydus"
+        pulltype: ""
       - name: "kata-qemu"
         snapshotter: "nydus"
+        pulltype: ""
       - name: "kata-qemu-tdx"
         snapshotter: "nydus"
+        pulltype: ""
       - name: "kata-qemu-sev"
         snapshotter: "nydus"
+        pulltype: ""
       - name: "kata-qemu-snp"
         snapshotter: "nydus"
+        pulltype: ""
     - op: add
       path: /spec/config/defaultRuntimeClassName
       value: "kata-qemu"

config/samples/ccruntime/peer-pods/kustomization.yaml

@@ -22,6 +22,7 @@ patches:
       value:
       - name: "kata-remote"
         snapshotter: "nydus"
+        pulltype: "guest-pull"
     - op: add
       path: /spec/config/debug
       value: false

config/samples/ccruntime/s390x/kustomization.yaml

@@ -20,8 +20,10 @@ patches:
       value:
       - name: "kata-qemu"
         snapshotter: "nydus"
+        pulltype: ""
       - name: "kata-qemu-se"
         snapshotter: "nydus"
+        pulltype: ""
     - op: add
       path: /spec/config/defaultRuntimeClassName
       value: "kata-qemu"

config/samples/enclave-cc/base/ccruntime-enclave-cc.yaml

@@ -46,6 +46,7 @@ spec:
     runtimeClasses:
     - name: "enclave-cc"
       snapshotter: "overlayfs"
+      pulltype: ""
     postUninstall:
       image: quay.io/confidential-containers/reqs-payload
       volumeMounts:

controllers/ccruntime_controller.go

@@ -630,6 +630,7 @@ func (r *CcRuntimeReconciler) processDaemonset(operation DaemonOperation) *appsv
 
 	var shims []string
 	var snapshotter_handler_mapping []string
+	var pull_type_mapping []string
 	for _, runtimeClass := range r.ccRuntime.Spec.Config.RuntimeClasses {
 		// Similarly to what's being done for the default shim, let's remove
 		// the "kata-" prefix from the runtime class names
@@ -640,6 +641,11 @@ func (r *CcRuntimeReconciler) processDaemonset(operation DaemonOperation) *appsv
 			mapping := shim + ":" + runtimeClass.Snapshotter
 			snapshotter_handler_mapping = append(snapshotter_handler_mapping, mapping)
 		}
+
+		if runtimeClass.PullType != "" {
+			mapping := shim + ":" + runtimeClass.PullType
+			pull_type_mapping = append(pull_type_mapping, mapping)
+		}
 	}
 
 	var envVars = []corev1.EnvVar{
@@ -675,6 +681,10 @@ func (r *CcRuntimeReconciler) processDaemonset(operation DaemonOperation) *appsv
 			Name:  "SNAPSHOTTER_HANDLER_MAPPING",
 			Value: strings.Join(snapshotter_handler_mapping, ","),
 		},
+		{
+			Name:  "PULL_TYPE_MAPPING",
+			Value: strings.Join(pull_type_mapping, ","),
+		},
 	}
 	envVars = append(envVars, r.ccRuntime.Spec.Config.EnvironmentVariables...)
 

install/pre-install-payload/scripts/reqs-deploy.sh

@@ -31,7 +31,7 @@ function host_systemctl() {
 function get_container_engine() {
 	local container_engine
 	container_engine=$(kubectl get node "$NODE_NAME" -o jsonpath='{.status.nodeInfo.containerRuntimeVersion}' | awk -F '[:]' '{print $1}')
-	if [ "${container_engine}" != "containerd" ]; then
+	if [[ "${container_engine}" != "containerd" && "${container_engine}" != "cri-o" ]]; then
 		die "${container_engine} is not yet supported"
 	fi
 
@@ -86,6 +86,9 @@ function install_nydus_snapshotter_artefacts() {
 }
 
 function install_artifacts() {
+	# There shouldn't be installed additional artifacts for CRI-O
+	[ "${container_engine}" = "cri-o" ] && return
+
 	if [ "${INSTALL_COCO_CONTAINERD}" = "true" ]; then
 		install_coco_containerd_artefacts
 	fi
@@ -150,6 +153,9 @@ function uninstall_nydus_snapshotter_artefacts() {
 }
 
 function uninstall_artifacts() {
+	# It didn't install additional artifacts for CRI-O, so return
+	[ "${container_engine}" = "cri-o" ] && return
+
 	if [ "${INSTALL_NYDUS_SNAPSHOTTER}" = "true" ]; then
 		uninstall_nydus_snapshotter_artefacts
 	fi
@@ -260,13 +266,13 @@ function main() {
 		print_help && die ""
 	fi
 
-	if [ ! -f "${containerd_config}" ]; then
+	set_container_engine
+
+	if [[ ${container_engine} = "containerd" && ! -f "${containerd_config}" ]]; then
 		mkdir -p /etc/containerd
 		containerd config default > /etc/containerd/config.toml
 	fi
 
-	set_container_engine
-
 	case "${action}" in
 	install)
 		install_artifacts