Skip to content

chore(module): rename containers to support integrity checks #1432

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 19, 2025
Merged

chore(module): rename containers to support integrity checks #1432

merged 2 commits into from
Sep 19, 2025

Conversation

diafour
Copy link
Member

@diafour diafour commented Sep 4, 2025
edited by universal-itengineer
Loading

Description

  1. Rename containers of kubevirt Pods, cdi Pods and dvcr Pods created in non-system namespaces (namespaces without the d8- prefix).

  2. Mount container-disk binary into /var/run in container with user uploaded image (support attaching cvi, vi to vm).

Related PRs:
deckhouse/3p-kubevirt#19
deckhouse/3p-containerized-data-importer#17
#1343

Why do we need it, and what problem does it solve?

Support containerd integrity checking for system images.

What is the expected result?

Checklist

  • The code is covered by unit tests.
  • e2e tests passed.
  • Documentation updated according to the changes.
  • Changes were tested in the Kubernetes cluster manually.

Changelog entries

section: module
type: chore
summary: Support containerd integrity checks for containers with system images running in non-system namespaces.

@diafour diafour added this to the v1.0.0 milestone Sep 4, 2025
@diafour diafour added e2e/user/universal-itengineer e2e/run Run e2e test on cluster of PR author labels Sep 5, 2025
@deckhouse-BOaTswain
Copy link
Contributor

deckhouse-BOaTswain commented Sep 5, 2025
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: cancelled.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Sep 5, 2025
@diafour diafour added the e2e/run Run e2e test on cluster of PR author label Sep 5, 2025
@deckhouse-BOaTswain
Copy link
Contributor

deckhouse-BOaTswain commented Sep 5, 2025
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: failure.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Sep 5, 2025
@diafour diafour added the e2e/run Run e2e test on cluster of PR author label Sep 5, 2025
@deckhouse-BOaTswain
Copy link
Contributor

deckhouse-BOaTswain commented Sep 5, 2025
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: cancelled.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Sep 5, 2025
@diafour diafour added e2e/user/hardcoretime e2e/run Run e2e test on cluster of PR author and removed e2e/user/universal-itengineer labels Sep 5, 2025
@deckhouse-BOaTswain
Copy link
Contributor

deckhouse-BOaTswain commented Sep 5, 2025
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: failure.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Sep 5, 2025
@diafour diafour added the e2e/run Run e2e test on cluster of PR author label Sep 5, 2025
@deckhouse-BOaTswain
Copy link
Contributor

deckhouse-BOaTswain commented Sep 5, 2025
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: failure.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Sep 5, 2025
@diafour diafour added the e2e/run Run e2e test on cluster of PR author label Sep 5, 2025
@deckhouse-BOaTswain
Copy link
Contributor

deckhouse-BOaTswain commented Sep 5, 2025
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: failure.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Sep 5, 2025
@diafour diafour force-pushed the chore/module/support-containerd-integrity-checks branch from b308028 to 5516243 Compare September 8, 2025 09:19
@diafour diafour added the e2e/run Run e2e test on cluster of PR author label Sep 18, 2025
@deckhouse-BOaTswain
Copy link
Contributor

deckhouse-BOaTswain commented Sep 18, 2025
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: failure.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Sep 18, 2025
@diafour diafour added the e2e/run Run e2e test on cluster of PR author label Sep 19, 2025
@deckhouse-BOaTswain
Copy link
Contributor

deckhouse-BOaTswain commented Sep 19, 2025
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: success.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Sep 19, 2025
@diafour diafour force-pushed the chore/module/support-containerd-integrity-checks branch from a8cc837 to 8613738 Compare September 19, 2025 08:11
@diafour diafour changed the base branch from mount-points to main September 19, 2025 08:11
@diafour diafour dismissed stale reviews from yaroslavborbat, universal-itengineer, and z9r5 September 19, 2025 08:11

The base branch was changed.

@diafour diafour added the e2e/run Run e2e test on cluster of PR author label Sep 19, 2025
@deckhouse-BOaTswain
Copy link
Contributor

deckhouse-BOaTswain commented Sep 19, 2025
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: success.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Sep 19, 2025
YuryLysov and others added 2 commits September 19, 2025 13:06
@YuryLysov @diafour @universal-itengineer
chore(module): add pre-created mount points to images
6a151e6 
Images with pre-created mount points:

- cdi-apiserver
- cdi-cloner
- cdi-controller
- cdi-importer
- cdi-operator
- dvcr
- dvcr-importer
- dvcr-uploader
- kube-api-rewriter
- virt-api
- virt-controller
- virt-handler
- virt-launcher
- virt-operator
- virtualization-api
- virtualization-audit
- virtualization-controller
- hp pods

Some notes:

- Create /var/run subdirectories in /run, as /var/run is a symlink to ../run.
- Add /var, /run and symlink /var/run -> ../run in 'distroless' base image.
- Pre-create /var, /run and symlink /var/run -> ../run in kube-api-rewriter image.
- Remove unused extraheaders settings in dvcr-importer and dvcr-uploader.

Signed-off-by: YuryLysov <[email protected]>

Co-authored-by: Ivan Mikheykin <[email protected]>
Co-authored-by: Nikita Korolev <[email protected]>
Signed-off-by: Nikita Korolev <[email protected]>
Signed-off-by: Ivan Mikheykin <[email protected]>
@diafour
chore(module): rename containers to support integrity checks
8d9d3d1 
1. Rename containers of kubevirt Pods, cdi Pods and dvcr Pods created in non-system namespaces (namespaces without d8- prefix).

2. Mount container-disk binary into /var/run in container with user uploaded image (support attaching cvi, vi to vm).

Related PRs:
deckhouse/3p-kubevirt#19
deckhouse/3p-containerized-data-importer#17

Signed-off-by: Ivan Mikheykin <[email protected]>
@diafour diafour force-pushed the chore/module/support-containerd-integrity-checks branch from 8613738 to 8d9d3d1 Compare September 19, 2025 10:06
@diafour diafour merged commit c6cff23 into main Sep 19, 2025
26 of 27 checks passed
@diafour diafour deleted the chore/module/support-containerd-integrity-checks branch September 19, 2025 10:27
@deckhouse-BOaTswain deckhouse-BOaTswain mentioned this pull request Sep 19, 2025
Open
@diafour
Copy link
Member Author

diafour commented Sep 19, 2025

Note: rebase merged 2PRs: #1343 + #1432

@universal-itengineer
Copy link
Member

/backport v1.0

@deckhouse-BOaTswain
Copy link
Contributor

Cherry pick PR 1483 to the branch release-1.0 successful!

@diafour diafour mentioned this pull request Sep 22, 2025
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@universal-itengineer universal-itengineer universal-itengineer approved these changes

@Isteb4k Isteb4k Awaiting requested review from Isteb4k Isteb4k is a code owner

@fl64 fl64 Awaiting requested review from fl64 fl64 is a code owner

@nevermarine nevermarine Awaiting requested review from nevermarine nevermarine is a code owner

@hardcoretime hardcoretime Awaiting requested review from hardcoretime

@danilrwx danilrwx Awaiting requested review from danilrwx

@goganat goganat Awaiting requested review from goganat

@LopatinDmitr LopatinDmitr Awaiting requested review from LopatinDmitr

@z9r5 z9r5 Awaiting requested review from z9r5

@yaroslavborbat yaroslavborbat Awaiting requested review from yaroslavborbat yaroslavborbat is a code owner

Assignees

@diafour diafour

Labels
e2e/user/hardcoretime status/backport/success
Projects
None yet
Milestone
v1.1.0
Development

Successfully merging this pull request may close these issues.
7 participants
@diafour @deckhouse-BOaTswain @universal-itengineer @z9r5 @yaroslavborbat @nevermarine @YuryLysov