Skip to content
This repository was archived by the owner on Jun 28, 2024. It is now read-only.

Commit 1536bac

Browse files
ChengyuZhu6fidencio
ChengyuZhu6
authored and
fidencio
committed
ci: Run the current CC tests offloading the image pull to the guest
This is will ensure we're not breaking anything with this new feature. Depends-on: github.com/kata-containers/kata-containers#7676 Signed-off-by: ChengyuZhu6 <[email protected]>
1 parent 8e4b362 commit 1536bac

File tree

2 files changed

+76
-5
lines changed

2 files changed

+76
-5
lines changed

integration/confidential/lib.sh

Lines changed: 65 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,12 @@ source "${BATS_TEST_DIRNAME}/../../../.ci/lib.sh"
1313
FIXTURES_DIR="${BATS_TEST_DIRNAME}/fixtures"
1414
SHARED_FIXTURES_DIR="${BATS_TEST_DIRNAME}/../../confidential/fixtures"
1515

16+
# Nydus related configurations
17+
NYDUS_SNAPSHOTTER_BINARY="/usr/local/bin/containerd-nydus-grpc"
18+
NYDUS_SNAPSHOTTER_TARFS_CONFIG="/usr/local/share/nydus-snapshotter/config-coco-host-sharing.toml"
19+
NYDUS_SNAPSHOTTER_GUEST_CONFIG="/usr/local/share/nydus-snapshotter/config-coco-guest-pulling.toml"
20+
NYDUS_SNAPSHOTTER_CONFIG="${NYDUS_SNAPSHOTTER_CONFIG:-${NYDUS_SNAPSHOTTER_TARFS_CONFIG}}"
21+
1622
# Toggle between true and false the service_offload configuration of
1723
# the Kata agent.
1824
#
@@ -216,11 +222,13 @@ configure_cc_containerd() {
216222
restart_containerd
217223

218224
# Ensure the cc CRI handler is set.
219-
local cri_handler=$(sudo crictl info | \
220-
jq '.config.containerd.runtimes.kata.cri_handler')
221-
if [[ ! "$cri_handler" =~ cc ]]; then
222-
sudo sed -i 's/\([[:blank:]]*\)\(runtime_type = "io.containerd.kata.v2"\)/\1\2\n\1cri_handler = "cc"/' \
223-
"$containerd_conf_file"
225+
if [ "${IMAGE_OFFLOAD_TO_GUEST:-"no"}" == "no" ]; then
226+
local cri_handler=$(sudo crictl info | \
227+
jq '.config.containerd.runtimes.kata.cri_handler')
228+
if [[ ! "$cri_handler" =~ cc ]]; then
229+
sudo sed -i 's/\([[:blank:]]*\)\(runtime_type = "io.containerd.kata.v2"\)/\1\2\n\1cri_handler = "cc"/' \
230+
"$containerd_conf_file"
231+
fi
224232
fi
225233

226234
if [ "$(sudo crictl info | jq -r '.config.cni.confDir')" = "null" ]; then
@@ -448,3 +456,55 @@ EOF
448456
EOF
449457
fi
450458
}
459+
460+
###############################################################################
461+
462+
# remote-snapshotter
463+
464+
configure_containerd_for_nydus_snapshotter() {
465+
local containerd_config="$1"
466+
snapshotter_socket="/run/containerd-nydus/containerd-nydus-grpc.sock"
467+
proxy_config=" [proxy_plugins.nydus]\n type = \"snapshot\"\n address = \"${snapshotter_socket}\""
468+
469+
if grep -q "\[proxy_plugins\]" "$containerd_config"; then
470+
sudo sed -i '/\[proxy_plugins\]/a\'"$proxy_config" "$containerd_config"
471+
else
472+
sudo echo -e "[proxy_plugins]" >>"$containerd_config"
473+
sudo echo -e "$proxy_config" >>"$containerd_config"
474+
fi
475+
476+
sudo sed -i 's/disable_snapshot_annotations = .*/disable_snapshot_annotations = false/g' "$containerd_config"
477+
sudo sed -i 's/snapshotter = .*/snapshotter = "nydus"/g' "$containerd_config"
478+
}
479+
480+
kill_nydus_snapshotter_process() {
481+
echo "Kill nydus snapshotter"
482+
local bin="containerd-nydus-grpc"
483+
sudo kill -9 $(pidof $bin) || true
484+
sudo rm -rf "/var/lib/containerd-nydus" || true
485+
}
486+
487+
remove_test_image() {
488+
local test_image="$1"
489+
crictl rmi "$1"
490+
pause_name=$(crictl images -o json | jq -r '.images[].repoTags[] | select(. | contains("pause"))')
491+
crictl rmi "$pause_name"
492+
}
493+
494+
restart_nydus_snapshotter() {
495+
kill_nydus_snapshotter_process || true
496+
echo "Restart nydus snapshotter"
497+
sudo "$NYDUS_SNAPSHOTTER_BINARY" --config "$NYDUS_SNAPSHOTTER_CONFIG" >/dev/stdout 2>&1 &
498+
}
499+
500+
configure_nydus_snapshotter() {
501+
echo "Configure nydus snapshotter"
502+
if [ "${IMAGE_OFFLOAD_TO_GUEST:-"no"}" == "yes" ]; then
503+
NYDUS_SNAPSHOTTER_CONFIG="$NYDUS_SNAPSHOTTER_GUEST_CONFIG"
504+
else
505+
NYDUS_SNAPSHOTTER_CONFIG="$NYDUS_SNAPSHOTTER_TARFS_CONFIG"
506+
sudo sed -i "s/export_mode = .*/export_mode = \"$EXPORT_MODE\"/" "$NYDUS_SNAPSHOTTER_CONFIG"
507+
fi
508+
509+
restart_nydus_snapshotter
510+
}

integration/kubernetes/confidential/agent_image.bats

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,9 +31,17 @@ RUNTIMECLASS="${RUNTIMECLASS:-kata}"
3131
test_tag="[cc][agent][kubernetes][containerd]"
3232

3333
setup() {
34+
remove_test_image "$image_unsigned_protected" || true
3435
setup_containerd
36+
if [ "${IMAGE_OFFLOAD_TO_GUEST}" == "yes" ]; then
37+
configure_containerd_for_nydus_snapshotter "/etc/containerd/config.toml"
38+
fi
3539
restart_containerd
3640
reconfigure_kata
41+
if [ "${IMAGE_OFFLOAD_TO_GUEST}" == "yes" ]; then
42+
switch_image_service_offload off
43+
EXPORT_MODE="image_guest_pull" RUNTIMECLASS="$RUNTIMECLASS" configure_nydus_snapshotter
44+
fi
3745
}
3846

3947
@test "$test_tag Test can launch pod with measured boot enabled" {
@@ -154,4 +162,7 @@ setup() {
154162

155163
teardown() {
156164
teardown_common
165+
remove_test_image "$image_unsigned_protected" || true
166+
kill_nydus_snapshotter_process
167+
restart_containerd
157168
}

0 commit comments

Comments
 (0)