From c4f202446c134acf5d7712e47d27c62637282776 Mon Sep 17 00:00:00 2001
From: Wainer dos Santos Moschetta <wainersm@redhat.com>
Date: Thu, 25 Apr 2024 15:37:49 -0300
Subject: [PATCH 1/2] pre-reqs: add support to cri-o

Currently when deploying using cri-o, reqs-deploy dies with "cri-o is
not yet supported". Lets add cri-o support here.

Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
---
 install/pre-install-payload/scripts/reqs-deploy.sh | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/install/pre-install-payload/scripts/reqs-deploy.sh b/install/pre-install-payload/scripts/reqs-deploy.sh
index 5259b1a1..8ae05f00 100755
--- a/install/pre-install-payload/scripts/reqs-deploy.sh
+++ b/install/pre-install-payload/scripts/reqs-deploy.sh
@@ -31,7 +31,7 @@ function host_systemctl() {
 function get_container_engine() {
 	local container_engine
 	container_engine=$(kubectl get node "$NODE_NAME" -o jsonpath='{.status.nodeInfo.containerRuntimeVersion}' | awk -F '[:]' '{print $1}')
-	if [ "${container_engine}" != "containerd" ]; then
+	if [[ "${container_engine}" != "containerd" && "${container_engine}" != "cri-o" ]]; then
 		die "${container_engine} is not yet supported"
 	fi
 
@@ -86,6 +86,9 @@ function install_nydus_snapshotter_artefacts() {
 }
 
 function install_artifacts() {
+	# There shouldn't be installed additional artifacts for CRI-O
+	[ "${container_engine}" = "cri-o" ] && return
+
 	if [ "${INSTALL_COCO_CONTAINERD}" = "true" ]; then
 		install_coco_containerd_artefacts
 	fi
@@ -150,6 +153,9 @@ function uninstall_nydus_snapshotter_artefacts() {
 }
 
 function uninstall_artifacts() {
+	# It didn't install additional artifacts for CRI-O, so return
+	[ "${container_engine}" = "cri-o" ] && return
+
 	if [ "${INSTALL_NYDUS_SNAPSHOTTER}" = "true" ]; then
 		uninstall_nydus_snapshotter_artefacts
 	fi
@@ -260,13 +266,13 @@ function main() {
 		print_help && die ""
 	fi
 
-	if [ ! -f "${containerd_config}" ]; then
+	set_container_engine
+
+	if [[ ${container_engine} = "containerd" && ! -f "${containerd_config}" ]]; then
 		mkdir -p /etc/containerd
 		containerd config default > /etc/containerd/config.toml
 	fi
 
-	set_container_engine
-
 	case "${action}" in
 	install)
 		install_artifacts

From b986227034c9de026cde81c74a362b4367c7d0c2 Mon Sep 17 00:00:00 2001
From: Wainer dos Santos Moschetta <wainersm@redhat.com>
Date: Thu, 25 Apr 2024 16:00:08 -0300
Subject: [PATCH 2/2] controller: add support to pull_type

The same way we can customize the snapshotter to be used by the runtime
class, lets add a new property to customize the pulling image method.

Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Signed-off-by: Beraldo Leal <bleal@redhat.com>
---
 api/v1beta1/ccruntime_types.go                         |  4 +++-
 config/samples/ccruntime/default/kustomization.yaml    |  5 +++++
 config/samples/ccruntime/peer-pods/kustomization.yaml  |  1 +
 config/samples/ccruntime/s390x/kustomization.yaml      |  2 ++
 .../samples/enclave-cc/base/ccruntime-enclave-cc.yaml  |  1 +
 controllers/ccruntime_controller.go                    | 10 ++++++++++
 6 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/api/v1beta1/ccruntime_types.go b/api/v1beta1/ccruntime_types.go
index 727b34a1..f61bf149 100644
--- a/api/v1beta1/ccruntime_types.go
+++ b/api/v1beta1/ccruntime_types.go
@@ -313,12 +313,14 @@ type FailedNodeStatus struct {
 	Error string `json:"error"`
 }
 
-// RuntimeClass holds the name and the snapshotter to be used by a runtime class
+// RuntimeClass holds the name and basic customizations to be used by a runtime class
 type RuntimeClass struct {
 	// Name of the runtime class
 	Name string `json:"name"`
 	// The snapshotter to be used by the runtime class
 	Snapshotter string `json:"snapshotter"`
+	// The pulling image method to be used by the runtime class
+	PullType string `json:"pulltype"`
 }
 
 func init() {
diff --git a/config/samples/ccruntime/default/kustomization.yaml b/config/samples/ccruntime/default/kustomization.yaml
index b22bc16c..23c82200 100644
--- a/config/samples/ccruntime/default/kustomization.yaml
+++ b/config/samples/ccruntime/default/kustomization.yaml
@@ -20,14 +20,19 @@ patches:
       value:
       - name: "kata-clh"
         snapshotter: "nydus"
+        pulltype: ""
       - name: "kata-qemu"
         snapshotter: "nydus"
+        pulltype: ""
       - name: "kata-qemu-tdx"
         snapshotter: "nydus"
+        pulltype: ""
       - name: "kata-qemu-sev"
         snapshotter: "nydus"
+        pulltype: ""
       - name: "kata-qemu-snp"
         snapshotter: "nydus"
+        pulltype: ""
     - op: add
       path: /spec/config/defaultRuntimeClassName
       value: "kata-qemu"
diff --git a/config/samples/ccruntime/peer-pods/kustomization.yaml b/config/samples/ccruntime/peer-pods/kustomization.yaml
index 0f26ecf8..fc8dc7ae 100644
--- a/config/samples/ccruntime/peer-pods/kustomization.yaml
+++ b/config/samples/ccruntime/peer-pods/kustomization.yaml
@@ -22,6 +22,7 @@ patches:
       value:
       - name: "kata-remote"
         snapshotter: "nydus"
+        pulltype: "guest-pull"
     - op: add
       path: /spec/config/debug
       value: false
diff --git a/config/samples/ccruntime/s390x/kustomization.yaml b/config/samples/ccruntime/s390x/kustomization.yaml
index 9ccd41d3..046a8a54 100644
--- a/config/samples/ccruntime/s390x/kustomization.yaml
+++ b/config/samples/ccruntime/s390x/kustomization.yaml
@@ -20,8 +20,10 @@ patches:
       value:
       - name: "kata-qemu"
         snapshotter: "nydus"
+        pulltype: ""
       - name: "kata-qemu-se"
         snapshotter: "nydus"
+        pulltype: ""
     - op: add
       path: /spec/config/defaultRuntimeClassName
       value: "kata-qemu"
diff --git a/config/samples/enclave-cc/base/ccruntime-enclave-cc.yaml b/config/samples/enclave-cc/base/ccruntime-enclave-cc.yaml
index 3b2a018d..396cace3 100644
--- a/config/samples/enclave-cc/base/ccruntime-enclave-cc.yaml
+++ b/config/samples/enclave-cc/base/ccruntime-enclave-cc.yaml
@@ -46,6 +46,7 @@ spec:
     runtimeClasses:
     - name: "enclave-cc"
       snapshotter: "overlayfs"
+      pulltype: ""
     postUninstall:
       image: quay.io/confidential-containers/reqs-payload
       volumeMounts:
diff --git a/controllers/ccruntime_controller.go b/controllers/ccruntime_controller.go
index d418bd8a..8a79cf76 100644
--- a/controllers/ccruntime_controller.go
+++ b/controllers/ccruntime_controller.go
@@ -630,6 +630,7 @@ func (r *CcRuntimeReconciler) processDaemonset(operation DaemonOperation) *appsv
 
 	var shims []string
 	var snapshotter_handler_mapping []string
+	var pull_type_mapping []string
 	for _, runtimeClass := range r.ccRuntime.Spec.Config.RuntimeClasses {
 		// Similarly to what's being done for the default shim, let's remove
 		// the "kata-" prefix from the runtime class names
@@ -640,6 +641,11 @@ func (r *CcRuntimeReconciler) processDaemonset(operation DaemonOperation) *appsv
 			mapping := shim + ":" + runtimeClass.Snapshotter
 			snapshotter_handler_mapping = append(snapshotter_handler_mapping, mapping)
 		}
+
+		if runtimeClass.PullType != "" {
+			mapping := shim + ":" + runtimeClass.PullType
+			pull_type_mapping = append(pull_type_mapping, mapping)
+		}
 	}
 
 	var envVars = []corev1.EnvVar{
@@ -675,6 +681,10 @@ func (r *CcRuntimeReconciler) processDaemonset(operation DaemonOperation) *appsv
 			Name:  "SNAPSHOTTER_HANDLER_MAPPING",
 			Value: strings.Join(snapshotter_handler_mapping, ","),
 		},
+		{
+			Name:  "PULL_TYPE_MAPPING",
+			Value: strings.Join(pull_type_mapping, ","),
+		},
 	}
 	envVars = append(envVars, r.ccRuntime.Spec.Config.EnvironmentVariables...)