Merge pull request kata-containers#10755 from fidencio/topic/ensure-s…

…ystemd-is-used-as-init-for-coco-cases rootfs-confidential: Ensure systemd is used as init
bergwolf · Jan 23, 2025 · 66d881a · 66d881a
2 parents a23d6a1 + 734ef71
commit 66d881a
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 1 deletion.
diff --git a/tests/integration/kubernetes/k8s-confidential.bats b/tests/integration/kubernetes/k8s-confidential.bats
@@ -29,6 +29,7 @@ setup() {
 
 	coco_enabled=""
 	for i in {1..6}; do
+		rm -f "${HOME}/.ssh/known_hosts"
 		if ! pod_ip=$(kubectl get pod -o wide | grep "confidential-unencrypted" | awk '{print $6;}'); then
 			warn "Failed to get pod IP address."
 		else

diff --git a/tests/integration/kubernetes/runtimeclass_workloads/pod-confidential-unencrypted.yaml b/tests/integration/kubernetes/runtimeclass_workloads/pod-confidential-unencrypted.yaml
@@ -22,6 +22,8 @@ spec:
       app: "confidential-unencrypted"
   template:
     metadata:
+      annotations:
+        io.katacontainers.config.hypervisor.kernel_params: "log_buf_len=4M"
       labels:
         app: "confidential-unencrypted"
     spec:

diff --git a/tools/packaging/guest-image/build_image.sh b/tools/packaging/guest-image/build_image.sh
@@ -44,7 +44,7 @@ build_initrd() {
 		ROOTFS_BUILD_DEST="${builddir}/initrd-image" \
 		USE_DOCKER=1 \
 		AGENT_TARBALL="${AGENT_TARBALL}" \
-		AGENT_INIT="yes" \
+		AGENT_INIT="${AGENT_INIT:-no}" \
 		AGENT_POLICY="${AGENT_POLICY:-}" \
 		PULL_TYPE="${PULL_TYPE:-default}" \
 		COCO_GUEST_COMPONENTS_TARBALL="${COCO_GUEST_COMPONENTS_TARBALL:-}" \

diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh
@@ -98,6 +98,7 @@ SHIM_V2_CONTAINER_BUILDER="${SHIM_V2_CONTAINER_BUILDER:-}"
 TDSHIM_CONTAINER_BUILDER="${TDSHIM_CONTAINER_BUILDER:-}"
 TOOLS_CONTAINER_BUILDER="${TOOLS_CONTAINER_BUILDER:-}"
 VIRTIOFSD_CONTAINER_BUILDER="${VIRTIOFSD_CONTAINER_BUILDER:-}"
+AGENT_INIT="${AGENT_INIT:-no}"
 MEASURED_ROOTFS="${MEASURED_ROOTFS:-}"
 PULL_TYPE="${PULL_TYPE:-default}"
 USE_CACHE="${USE_CACHE:-}"
@@ -128,6 +129,7 @@ docker run \
 	--env TDSHIM_CONTAINER_BUILDER="${TDSHIM_CONTAINER_BUILDER}" \
 	--env TOOLS_CONTAINER_BUILDER="${TOOLS_CONTAINER_BUILDER}" \
 	--env VIRTIOFSD_CONTAINER_BUILDER="${VIRTIOFSD_CONTAINER_BUILDER}" \
+	--env AGENT_INIT="${AGENT_INIT}" \
 	--env MEASURED_ROOTFS="${MEASURED_ROOTFS}" \
 	--env PULL_TYPE="${PULL_TYPE}" \
 	--env USE_CACHE="${USE_CACHE}" \

diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@@ -454,8 +454,12 @@ install_initrd() {
 			export PAUSE_IMAGE_TARBALL="$(get_pause_image_tarball_path)"
 		fi
 	else
+		# No variant is passed, it means vanilla kata containers
 		os_name="$(get_from_kata_deps ".assets.initrd.architecture.${ARCH}.name")"
 		os_version="$(get_from_kata_deps ".assets.initrd.architecture.${ARCH}.version")"
+		if [ "${os_name}" = "alpine" ]; then
+			export AGENT_INIT=yes
+		fi
 	fi
 
 	export AGENT_TARBALL=$(get_agent_tarball_path)