diff --git a/nodeinstaller/internal/constants/constants.go b/nodeinstaller/internal/constants/constants.go index de5d2dc751..db0e05db34 100644 --- a/nodeinstaller/internal/constants/constants.go +++ b/nodeinstaller/internal/constants/constants.go @@ -137,6 +137,10 @@ func ContainerdRuntimeConfigFragment(baseDir, snapshotter string, platform platf cfg.Options = map[string]any{ "ConfigPath": filepath.Join(baseDir, "etc", "configuration-qemu-snp.toml"), } + // For GPU support, we need to pass through the CDI annotations. + if platform == platforms.K3sQEMUSNPGPU { + cfg.PodAnnotations = append(cfg.PodAnnotations, "cdi.k8s.io/*") + } default: return nil, fmt.Errorf("unsupported platform: %s", platform) } diff --git a/nodeinstaller/node-installer_test.go b/nodeinstaller/node-installer_test.go index a1d14a4fc4..526a99d79f 100644 --- a/nodeinstaller/node-installer_test.go +++ b/nodeinstaller/node-installer_test.go @@ -22,6 +22,8 @@ var ( expectedConfBareMetalQEMUTDX []byte //go:embed testdata/expected-bare-metal-qemu-snp.toml expectedConfBareMetalQEMUSNP []byte + //go:embed testdata/expected-bare-metal-qemu-snp-gpu.toml + expectedConfBareMetalQEMUSNPGPU []byte ) func TestPatchContainerdConfig(t *testing.T) { @@ -44,7 +46,7 @@ func TestPatchContainerdConfig(t *testing.T) { }, "BareMetalQEMUSNPGPU": { platform: platforms.K3sQEMUSNPGPU, - expected: expectedConfBareMetalQEMUSNP, + expected: expectedConfBareMetalQEMUSNPGPU, }, "Unknown": { platform: platforms.Unknown, diff --git a/nodeinstaller/testdata/expected-bare-metal-qemu-snp-gpu.toml b/nodeinstaller/testdata/expected-bare-metal-qemu-snp-gpu.toml new file mode 100644 index 0000000000..3cf6bb66e2 --- /dev/null +++ b/nodeinstaller/testdata/expected-bare-metal-qemu-snp-gpu.toml @@ -0,0 +1,81 @@ +version = 2 + +[debug] +level = 'debug' + +[metrics] +address = '0.0.0.0:10257' + +[plugins] +[plugins.'io.containerd.grpc.v1.cri'] +sandbox_image = 'mcr.microsoft.com/oss/kubernetes/pause:3.6' + +[plugins.'io.containerd.grpc.v1.cri'.cni] +bin_dir = '/opt/cni/bin' +conf_dir = '/etc/cni/net.d' +conf_template = '/etc/containerd/kubenet_template.conf' + +[plugins.'io.containerd.grpc.v1.cri'.containerd] +default_runtime_name = 'runc' +disable_snapshot_annotations = false +discard_unpacked_layers = false + +[plugins.'io.containerd.grpc.v1.cri'.containerd.runtimes] +[plugins.'io.containerd.grpc.v1.cri'.containerd.runtimes.kata] +runtime_type = 'io.containerd.kata.v2' + +[plugins.'io.containerd.grpc.v1.cri'.containerd.runtimes.kata-cc] +pod_annotations = ['io.katacontainers.*'] +privileged_without_host_devices = true +runtime_type = 'io.containerd.kata-cc.v2' +snapshotter = 'tardev' + +[plugins.'io.containerd.grpc.v1.cri'.containerd.runtimes.kata-cc.options] +ConfigPath = '/opt/confidential-containers/share/defaults/kata-containers/configuration-clh-snp.toml' + +[plugins.'io.containerd.grpc.v1.cri'.containerd.runtimes.katacli] +runtime_type = 'io.containerd.runc.v1' + +[plugins.'io.containerd.grpc.v1.cri'.containerd.runtimes.katacli.options] +BinaryName = '/usr/bin/kata-runtime' +CriuPath = '' +IoGid = 0 +IoUid = 0 +NoNewKeyring = false +NoPivotRoot = false +Root = '' +ShimCgroup = '' +SystemdCgroup = false + +[plugins.'io.containerd.grpc.v1.cri'.containerd.runtimes.my-runtime] +runtime_type = 'io.containerd.contrast-cc.v2' +runtime_path = '/opt/edgeless/my-runtime/bin/containerd-shim-contrast-cc-v2' +pod_annotations = ['io.katacontainers.*', 'cdi.k8s.io/*'] +privileged_without_host_devices = true +snapshotter = 'nydus-my-runtime' + +[plugins.'io.containerd.grpc.v1.cri'.containerd.runtimes.my-runtime.options] +ConfigPath = '/opt/edgeless/my-runtime/etc/configuration-qemu-snp.toml' + +[plugins.'io.containerd.grpc.v1.cri'.containerd.runtimes.runc] +runtime_type = 'io.containerd.runc.v2' + +[plugins.'io.containerd.grpc.v1.cri'.containerd.runtimes.runc.options] +BinaryName = '/usr/bin/runc' + +[plugins.'io.containerd.grpc.v1.cri'.containerd.runtimes.untrusted] +runtime_type = 'io.containerd.runc.v2' + +[plugins.'io.containerd.grpc.v1.cri'.containerd.runtimes.untrusted.options] +BinaryName = '/usr/bin/runc' + +[plugins.'io.containerd.grpc.v1.cri'.registry] +config_path = '/etc/containerd/certs.d' + +[plugins.'io.containerd.grpc.v1.cri'.registry.headers] +X-Meta-Source-Client = ['azure/aks'] + +[proxy_plugins] +[proxy_plugins.nydus-my-runtime] +type = 'snapshot' +address = '/run/containerd/containerd-nydus-grpc-my-runtime.sock'