Merge pull request #836 from beraldoleal/kata-3967

Enable Confidential Containers on Baremetal

Author: beraldoleal

bundle/manifests/sandboxed-containers-operator.clusterserviceversion.yaml

@@ -13,7 +13,7 @@ metadata:
         }
       ]
     capabilities: Seamless Upgrades
-    createdAt: "2025-10-06T16:02:13Z"
+    createdAt: "2025-10-07T13:31:15Z"
     features.operators.openshift.io/cnf: "false"
     features.operators.openshift.io/cni: "false"
     features.operators.openshift.io/csi: "false"
@@ -155,6 +155,14 @@ spec:
           - nodes/status
           verbs:
           - patch
+        - apiGroups:
+          - ""
+          resources:
+          - pods
+          verbs:
+          - get
+          - list
+          - watch
         - apiGroups:
           - ""
           resources:

cmd/manager/main.go

@@ -167,6 +167,15 @@ func main() {
 		setupLog.Error(err, "unable to create controller", "controller", "Credentials")
 		os.Exit(1)
 	}
+
+	if err = (&controllers.RuntimeClassReconciler{
+		Client: mgr.GetClient(),
+		Scheme: mgr.GetScheme(),
+		Log:    ctrl.Log.WithName("controllers").WithName("RuntimeClass"),
+	}).SetupWithManager(mgr); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", "RuntimeClass")
+		os.Exit(1)
+	}
 	// +kubebuilder:scaffold:builder
 
 	setupLog.Info("starting manager")

config/rbac/role.yaml

@@ -17,6 +17,14 @@ rules:
   - nodes/status
   verbs:
   - patch
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - ""
   resources:

controllers/confidential_handler.go

@@ -1,25 +1,53 @@
 package controllers
 
 import (
+	"context"
+	"fmt"
+
+	corev1 "k8s.io/api/core/v1"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
-// When the feature is enabled, handleFeatureConfidential sets config maps to confidential values.
-//
-// Changes the ImageConfigMap, so that the image creation job will create a confidential image.
-// This will happen at the first reconciliation loop, before the image creation job starts.
-//
-// Changes the peer pods configMap to enable confidential.
-// This will happen likely after several reconciliation loops, because it has prerequisites:
+const (
+	// kata-cc runtime class for CoCo BM
+	kataCCRuntimeClassName        = "kata-cc"
+	kataCCRuntimeClassCpuOverhead = "0.25"
+	kataCCRuntimeClassMemOverhead = "350Mi"
+
+	// TEE node labels
+	intelTDXNodeLabel = "intel.feature.node.kubernetes.io/tdx"
+	amdSNPNodeLabel   = "amd.feature.node.kubernetes.io/snp"
+
+	// RuntimeClass handlers for TEE
+	kataCCIntelHandler = "kata-cc-intel"
+	kataCCAmdHandler   = "kata-cc-amd"
+)
+
+// When the feature is enabled, handleFeatureConfidential configures confidential computing support.
 //
-//   - Peer pods must be enabled in the KataConfig.
-//   - The peer pods config map must exist.
+// For peer pods: sets ImageConfigMap and peer pods configMap to enable confidential images and CVM support.
+// For baremetal: creates kata-cc runtime classes with TEE-specific handlers (Intel TDX or AMD SNP).
 //
-// When the feature is disabled, handleFeatureConfidential resets the config maps to non-confidential values.
+// When the feature is disabled, handleFeatureConfidential resets config maps and deletes runtime classes.
 func (r *KataConfigOpenShiftReconciler) handleFeatureConfidential(state FeatureGateState) error {
+	if r.kataConfig.Spec.EnablePeerPods {
+		if err := r.handleConfidentialPeerPods(state); err != nil {
+			return err
+		}
+	}
 
-	// ImageConfigMap
+	if err := r.handleConfidentialBaremetal(state); err != nil {
+		return err
+	}
 
+	return nil
+}
+
+// handleConfidentialPeerPods configures confidential computing for peer pods deployments.
+// It manages ImageConfigMap and peer pods configMap to control confidential images and CVM support.
+func (r *KataConfigOpenShiftReconciler) handleConfidentialPeerPods(state FeatureGateState) error {
+	// ImageConfigMap
 	if err := InitializeImageGenerator(r.Client); err != nil {
 		return err
 	}
@@ -56,8 +84,6 @@ func (r *KataConfigOpenShiftReconciler) handleFeatureConfidential(state FeatureG
 		}
 	}
 
-	// peer pods config
-
 	// Patch peer pods configMap, if it exists.
 	var peerpodsCMData map[string]string
 	if state == Enabled {
@@ -76,3 +102,81 @@ func (r *KataConfigOpenShiftReconciler) handleFeatureConfidential(state FeatureG
 
 	return nil
 }
+
+// handleConfidentialBaremetal configures confidential computing for baremetal deployments.
+// It manages kata-cc runtime classes with TEE-specific handlers (Intel TDX or AMD SNP).
+func (r *KataConfigOpenShiftReconciler) handleConfidentialBaremetal(state FeatureGateState) error {
+	if state == Enabled {
+		r.Log.Info("Creating " + kataCCRuntimeClassName + " runtime class for confidential containers")
+
+		handler, nodeLabel, err := r.computeTEEHandlerAndLabel()
+		if err != nil {
+			// If peer pods is enabled, just warn and skip baremetal coco
+			if r.kataConfig.Spec.EnablePeerPods {
+				r.Log.Info("WARNING: No TEE hardware detected, skipping baremetal confidential containers (peer pods CVM will handle confidential workloads)", "err", err)
+				return nil
+			}
+			// If peer pods disabled, this is an error - user wants baremetal coco but no hardware
+			r.Log.Info("failed to detect TEE platform", "err", err)
+			return err
+		}
+
+		// Create kata-cc runtime class restricted to the detected TEE subset
+		err = r.createRuntimeClass(kataCCRuntimeClassName, kataCCRuntimeClassCpuOverhead, kataCCRuntimeClassMemOverhead, handler, nodeLabel)
+		if err != nil {
+			r.Log.Info("Error creating "+kataCCRuntimeClassName+" runtime class", "err", err)
+			return fmt.Errorf("Error creating "+kataCCRuntimeClassName+" runtime class: %w", err)
+		}
+
+	} else {
+		r.Log.Info("Deleting " + kataCCRuntimeClassName + " runtime class for confidential containers")
+
+		// Delete kata-cc runtime class
+		err := r.deleteRuntimeClass(kataCCRuntimeClassName)
+		if err != nil {
+			r.Log.Info("Error deleting "+kataCCRuntimeClassName+" runtime class", "err", err)
+			return fmt.Errorf("Error deleting "+kataCCRuntimeClassName+" runtime class: %w", err)
+		}
+	}
+
+	return nil
+}
+
+func (r *KataConfigOpenShiftReconciler) computeTEEHandlerAndLabel() (string, string, error) {
+	selector, err := r.getKataConfigNodeSelectorAsSelector()
+	if err != nil {
+		return "", "", fmt.Errorf("failed to build node selector: %w", err)
+	}
+
+	nodes := &corev1.NodeList{}
+	listOpts := []client.ListOption{
+		client.MatchingLabelsSelector{Selector: selector},
+	}
+	if err := r.Client.List(context.TODO(), nodes, listOpts...); err != nil {
+		return "", "", fmt.Errorf("failed to list nodes: %w", err)
+	}
+
+	var hasIntelTDX bool
+	var hasAmdSNP bool
+	for _, n := range nodes.Items {
+		if v, ok := n.Labels[intelTDXNodeLabel]; ok && v == "true" {
+			hasIntelTDX = true
+		}
+		if v, ok := n.Labels[amdSNPNodeLabel]; ok && v == "true" {
+			hasAmdSNP = true
+		}
+	}
+
+	if hasIntelTDX && hasAmdSNP {
+		return "", "", fmt.Errorf("multiple TEE platforms detected; only one per cluster supported")
+	}
+
+	if hasIntelTDX {
+		return kataCCIntelHandler, intelTDXNodeLabel, nil
+	}
+	if hasAmdSNP {
+		return kataCCAmdHandler, amdSNPNodeLabel, nil
+	}
+
+	return "", "", fmt.Errorf("no TEE platform labels found (expected %s or %s)", intelTDXNodeLabel, amdSNPNodeLabel)
+}

controllers/fg_handler.go

@@ -110,19 +110,17 @@ func (r *KataConfigOpenShiftReconciler) processFeatureGates() error {
 
 	// Check which feature gates are enabled in the FG ConfigMap and
 	// perform the necessary actions
-	if r.kataConfig.Spec.EnablePeerPods {
-		if fgStatus.IsEnabled(ConfidentialFeatureGate) {
-			r.Log.Info("Feature gate is enabled", "featuregate", ConfidentialFeatureGate)
-			// Perform the necessary actions
-			if err := r.handleFeatureConfidential(Enabled); err != nil {
-				return err
-			}
-		} else {
-			r.Log.Info("Feature gate is disabled", "featuregate", ConfidentialFeatureGate)
-			// Perform the necessary actions
-			if err := r.handleFeatureConfidential(Disabled); err != nil {
-				return err
-			}
+	if fgStatus.IsEnabled(ConfidentialFeatureGate) {
+		r.Log.Info("Feature gate is enabled", "featuregate", ConfidentialFeatureGate)
+		// Perform the necessary actions
+		if err := r.handleFeatureConfidential(Enabled); err != nil {
+			return err
+		}
+	} else {
+		r.Log.Info("Feature gate is disabled", "featuregate", ConfidentialFeatureGate)
+		// Perform the necessary actions
+		if err := r.handleFeatureConfidential(Disabled); err != nil {
+			return err
 		}
 	}
 

controllers/migrate.go

@@ -16,10 +16,13 @@ import (
 	"context"
 
 	corev1 "k8s.io/api/core/v1"
+	nodeapi "k8s.io/api/node/v1"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	meta "k8s.io/apimachinery/pkg/api/meta"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 )
 
 // migratePeerPodsLimit moves the PeerPodConfig "Limit" value to peer-pods-cm
@@ -81,3 +84,32 @@ func (r *KataConfigOpenShiftReconciler) migratePeerPodsLimit() error {
 	r.Log.Info("Successfully migrated PeerPodConfig Limit to peer-pods-cm and deleted PeerPodConfig")
 	return nil
 }
+
+// ensureRuntimeClassFinalizers adds finalizers to existing runtime classes that don't have them
+func (r *KataConfigOpenShiftReconciler) ensureRuntimeClassFinalizers() error {
+	runtimeClasses := []string{
+		kataCCRuntimeClassName,
+		peerpodsRuntimeClassName,
+		kataRuntimeClassName,
+	}
+
+	for _, name := range runtimeClasses {
+		rc := &nodeapi.RuntimeClass{}
+		err := r.Client.Get(context.TODO(), types.NamespacedName{Name: name}, rc)
+		if k8serrors.IsNotFound(err) {
+			continue
+		}
+		if err != nil {
+			return err
+		}
+
+		if !controllerutil.ContainsFinalizer(rc, runtimeClassFinalizerName) {
+			r.Log.Info("Adding finalizer to existing runtime class", "runtimeClass", name)
+			controllerutil.AddFinalizer(rc, runtimeClassFinalizerName)
+			if err := r.Client.Update(context.TODO(), rc); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}

controllers/openshift_controller.go

@@ -127,6 +127,12 @@ func (r *KataConfigOpenShiftReconciler) Reconcile(ctx context.Context, req ctrl.
 		return ctrl.Result{}, err
 	}
 
+	err = r.ensureRuntimeClassFinalizers()
+	if err != nil {
+		r.Log.Info("Failed to ensure runtime class finalizers", "err", err)
+		return ctrl.Result{}, err
+	}
+
 	err = r.processFeatureGates()
 	if err != nil {
 		r.Log.Info("Unable to process feature gates", "err", err)
@@ -772,7 +778,7 @@ func (r *KataConfigOpenShiftReconciler) createDaemonsetForMonitor() error {
 	return nil
 }
 
-func (r *KataConfigOpenShiftReconciler) createRuntimeClass(runtimeClassName string, cpuOverhead string, memoryOverhead string) error {
+func (r *KataConfigOpenShiftReconciler) createRuntimeClass(runtimeClassName string, cpuOverhead string, memoryOverhead string, handler string, additionalNodeLabel string) error {
 
 	rc := func() *nodeapi.RuntimeClass {
 		rc := &nodeapi.RuntimeClass{
@@ -781,9 +787,10 @@ func (r *KataConfigOpenShiftReconciler) createRuntimeClass(runtimeClassName stri
 				Kind:       "RuntimeClass",
 			},
 			ObjectMeta: metav1.ObjectMeta{
-				Name: runtimeClassName,
+				Name:       runtimeClassName,
+				Finalizers: []string{runtimeClassFinalizerName},
 			},
-			Handler: runtimeClassName,
+			Handler: handler,
 			Overhead: &nodeapi.Overhead{
 				PodFixed: corev1.ResourceList{
 					corev1.ResourceCPU:    resource.MustParse(cpuOverhead),
@@ -794,6 +801,11 @@ func (r *KataConfigOpenShiftReconciler) createRuntimeClass(runtimeClassName stri
 
 		nodeSelector := r.getNodeSelectorAsMap()
 
+		// Add additional node label if provided
+		if additionalNodeLabel != "" {
+			nodeSelector[additionalNodeLabel] = "true"
+		}
+
 		rc.Scheduling = &nodeapi.Scheduling{
 			NodeSelector: nodeSelector,
 		}
@@ -829,6 +841,34 @@ func (r *KataConfigOpenShiftReconciler) createRuntimeClass(runtimeClassName stri
 	return nil
 }
 
+func (r *KataConfigOpenShiftReconciler) deleteRuntimeClass(runtimeClassName string) error {
+
+	foundRc := &nodeapi.RuntimeClass{}
+	err := r.Client.Get(context.TODO(), types.NamespacedName{Name: runtimeClassName}, foundRc)
+	if err != nil {
+		if k8serrors.IsNotFound(err) {
+			return nil
+		}
+		return err
+	}
+
+	if err := r.Client.Delete(context.TODO(), foundRc); err != nil {
+		if k8serrors.IsNotFound(err) {
+			return nil
+		}
+		return err
+	}
+
+	for i, name := range r.kataConfig.Status.RuntimeClasses {
+		if name == runtimeClassName {
+			r.kataConfig.Status.RuntimeClasses = append(r.kataConfig.Status.RuntimeClasses[:i], r.kataConfig.Status.RuntimeClasses[i+1:]...)
+			break
+		}
+	}
+
+	return nil
+}
+
 // "KataConfigNodeSelector" in the names of the following couple of helper
 // functions refers to the value of KataConfig.spec.kataConfigPoolSelector,
 // i.e. the original selector supplied by the user of KataConfig.
@@ -2197,7 +2237,7 @@ func (r *KataConfigOpenShiftReconciler) deleteScc() error {
 func (r *KataConfigOpenShiftReconciler) postKataInstallation() (*ctrl.Result, error) {
 	r.Log.Info("create runtime class")
 	r.resetInProgressCondition()
-	err := r.createRuntimeClass(kataRuntimeClassName, kataRuntimeClassCpuOverhead, kataRuntimeClassMemOverhead)
+	err := r.createRuntimeClass(kataRuntimeClassName, kataRuntimeClassCpuOverhead, kataRuntimeClassMemOverhead, kataRuntimeClassName, "")
 	if err != nil {
 		return &ctrl.Result{Requeue: true, RequeueAfter: 15 * time.Second}, err
 	}

controllers/peerpods.go

@@ -321,7 +321,7 @@ func (r *KataConfigOpenShiftReconciler) enablePeerPodsMiscConfigs() error {
 	}
 
 	// Create runtimeClass config for peer-pods
-	err = r.createRuntimeClass(peerpodsRuntimeClassName, peerpodsRuntimeClassCpuOverhead, peerpodsRuntimeClassMemOverhead)
+	err = r.createRuntimeClass(peerpodsRuntimeClassName, peerpodsRuntimeClassCpuOverhead, peerpodsRuntimeClassMemOverhead, peerpodsRuntimeClassName, "")
 	if err != nil {
 		r.Log.Info("Error in creating kata remote runtimeclass", "err", err)
 		return err