CDI: Add support Edit Container Mount for kata/runtime-rs using direct volume

Try to use CDI to 'patch up' the Container Mount for kata/runtime-rs
using direct volume in K8S/CSI scenario.

related issue and PR as below:
CDI issue: cncf-tags/container-device-interface#162
CDI Mount PR: cncf-tags/container-device-interface#169

Fixes: containerd#9203

Signed-off-by: alex.lyn <[email protected]>

Author: Apokleos

cmd/ctr/commands/run/run_unix.go

@@ -366,7 +366,7 @@ func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli
 		if len(cdiDeviceIDs) > 0 {
 			opts = append(opts, withStaticCDIRegistry())
 		}
-		opts = append(opts, oci.WithCDIDevices(cdiDeviceIDs...))
+		opts = append(opts, oci.WithCDIDevices(cdiDeviceIDs, []string{}))
 
 		rootfsPropagation := context.String("rootfs-propagation")
 		if rootfsPropagation != "" {

oci/spec_opts.go

@@ -1633,7 +1633,7 @@ func WithWindowsNetworkNamespace(ns string) SpecOpts {
 }
 
 // WithCDIDevices injects the requested CDI devices into the OCI specification.
-func WithCDIDevices(devices ...string) SpecOpts {
+func WithCDIDevices(devices, mounts []string) SpecOpts {
 	return func(ctx context.Context, _ Client, c *containers.Container, s *Spec) error {
 		if len(devices) == 0 {
 			return nil
@@ -1653,6 +1653,10 @@ func WithCDIDevices(devices ...string) SpecOpts {
 			return fmt.Errorf("CDI device injection failed: %w", err)
 		}
 
+		if _, err := registry.UpdateMounts(s, mounts...); err != nil {
+			return fmt.Errorf("CDI mount update failed: %w", err)
+		}
+
 		// One crucial thing to keep in mind is that CDI device injection
 		// might add OCI Spec environment variables, hooks, and mounts as
 		// well. Therefore it is important that none of the corresponding

pkg/cri/opts/spec_linux.go

@@ -18,6 +18,7 @@ package opts
 
 import (
 	"context"
+	"encoding/base64"
 	"errors"
 	"fmt"
 	"os"
@@ -134,11 +135,12 @@ func IsCgroup2UnifiedMode() bool {
 }
 
 // WithCDI updates OCI spec with CDI content
-func WithCDI(annotations map[string]string, CDIDevices []*runtime.CDIDevice) oci.SpecOpts {
+func WithCDI(annotations map[string]string, CDIDevices []*runtime.CDIDevice, CDIMounts []*runtime.Mount) oci.SpecOpts {
 	return func(ctx context.Context, client oci.Client, c *containers.Container, s *oci.Spec) error {
 		seen := make(map[string]bool)
 		// Add devices from CDIDevices CRI field
 		var devices []string
+		var mounts []string
 		var err error
 		for _, device := range CDIDevices {
 			deviceName := device.Name
@@ -172,6 +174,19 @@ func WithCDI(annotations map[string]string, CDIDevices []*runtime.CDIDevice) oci
 			log.G(ctx).Debug("Passing CDI devices as annotations will be deprecated soon, please use CRI CDIDevices instead")
 		}
 
-		return oci.WithCDIDevices(devices...)(ctx, client, c, s)
+		for _, mount := range CDIMounts {
+			encodedMntPath := base64.StdEncoding.EncodeToString([]byte(mount.HostPath))
+			// encoded mount path
+			mntName := "direct.volume/direct-volume=" + encodedMntPath
+			if seen[mntName] {
+				log.G(ctx).Debugf("Skipping duplicated CDI Mount %s", mntName)
+				continue
+			}
+
+			mounts = append(mounts, mntName)
+			seen[mntName] = true
+		}
+
+		return oci.WithCDIDevices(devices, mounts)(ctx, client, c, s)
 	}
 }

pkg/cri/opts/spec_nonlinux.go

@@ -35,7 +35,7 @@ func SwapControllerAvailable() bool {
 }
 
 // WithCDI does nothing on non-Linux platforms.
-func WithCDI(_ map[string]string, _ []*runtime.CDIDevice) oci.SpecOpts {
+func WithCDI(_ map[string]string, _ []*runtime.CDIDevice, CDIMounts []*runtime.Mount) oci.SpecOpts {
 	return func(ctx context.Context, client oci.Client, container *containers.Container, spec *oci.Spec) error {
 		return nil
 	}

pkg/cri/sbserver/container_create_linux.go

@@ -106,7 +106,7 @@ func (c *criService) containerSpecOpts(config *runtime.ContainerConfig, imageCon
 		specOpts = append(specOpts, seccompSpecOpts)
 	}
 	if c.config.EnableCDI {
-		specOpts = append(specOpts, customopts.WithCDI(config.Annotations, config.CDIDevices))
+		specOpts = append(specOpts, customopts.WithCDI(config.Annotations, config.CDIDevices, config.GetMounts()))
 	}
 	return specOpts, nil
 }

pkg/cri/sbserver/container_create_linux_test.go

@@ -2054,7 +2054,7 @@ containerEdits:
 			err = reg.Configure(cdi.WithSpecDirs(cdiDir))
 			require.NoError(t, err)
 
-			injectFun := customopts.WithCDI(test.annotations, test.cdiDevices)
+			injectFun := customopts.WithCDI(test.annotations, test.cdiDevices, []*runtime.Mount{})
 			err = injectFun(ctx, nil, testContainer, spec)
 			assert.Equal(t, test.expectError, err != nil)
 

pkg/cri/server/container_create_linux.go

@@ -437,7 +437,7 @@ func (c *criService) containerSpecOpts(config *runtime.ContainerConfig, imageCon
 		specOpts = append(specOpts, seccompSpecOpts)
 	}
 	if c.config.EnableCDI {
-		specOpts = append(specOpts, customopts.WithCDI(config.Annotations, config.CDIDevices))
+		specOpts = append(specOpts, customopts.WithCDI(config.Annotations, config.CDIDevices, config.GetMounts()))
 	}
 	return specOpts, nil
 }

pkg/cri/server/container_create_linux_test.go

@@ -2292,7 +2292,7 @@ containerEdits:
 			err = reg.Configure(cdi.WithSpecDirs(cdiDir))
 			require.NoError(t, err)
 
-			injectFun := customopts.WithCDI(test.annotations, test.cdiDevices)
+			injectFun := customopts.WithCDI(test.annotations, test.cdiDevices, []*runtime.Mount{})
 			err = injectFun(ctx, nil, testContainer, spec)
 			assert.Equal(t, test.expectError, err != nil)