controllers: support addon artifact images

ANJANA-ARK · ANJANA-ARK · commit 7aec8ca2f198 · 2025-11-11T03:09:56.000-08:00
Add support for installing custom kernel/initrd artifacts from container images in DaemonSet mode. Introduces osc-kata-addons-install.sh script and ConfigMap-based configuration (kata-addon-artifacts).

Reuses extract_container_image from lib.sh. Minimal changes to existing flows. Provider-specific config updates (configuration-se.toml, configuration-tdx.toml, etc.) based on ConfigMap provider field.

Signed-off-by: ANJANA-ARK &lt;aark@redhat.com&gt;
diff --git a/config/baremetal/kata-addon-artifacts.yaml b/config/baremetal/kata-addon-artifacts.yaml
@@ -4,7 +4,7 @@ metadata:
   name: kata-addon-artifacts
   namespace: openshift-sandboxed-containers-operator
 data:
-  addonImage: "quay.io/ajvictor/kata-se-artifacts:v1.0"
+  addonImage: "quay.io/<username>/kata-se-artifacts:v1.0"
   
   # Required: Provider type (se, tdx, snp, etc.)
   # This determines which config file to update: kata-<provider>/configuration.toml
@@ -16,4 +16,5 @@ data:
   # Optional: Path within the container image where initrd is located  
   initrdPath: "/artifacts/initrd/kata-containers-initrd.img"
   
-  version: "v1.0"
+  # Define the OSC version
+  version: "v1.11"
diff --git a/scripts/kata-install/Dockerfile b/scripts/kata-install/Dockerfile
@@ -8,7 +8,7 @@ RUN mkdir -p /scripts
 
 ADD osc-kata-install.sh osc-configs-script.sh osc-log-level.sh lib.sh osc-kata-install.sh osc-kata-addons-install.sh /scripts/
 
-RUN curl -sSL "https://github.com/opencontainers/umoci/releases/download/v0.5.0/umoci.linux.s390x" -o "/usr/local/bin/umoci" &&\
+RUN curl -sSL "https://github.com/opencontainers/umoci/releases/download/v0.4.7/umoci.amd64" -o "/usr/local/bin/umoci" &&\
     chmod +x "/usr/local/bin/umoci"
 
 CMD ["/scripts/osc-kata-install.sh"] 
diff --git a/scripts/kata-install/osc-kata-addons-install.sh b/scripts/kata-install/osc-kata-addons-install.sh
@@ -65,31 +65,8 @@ update_provider_config() {
             fi
         fi
         echo "  Updated initrd: $initrd_path"
-    else
-	echo "No initrd path provided — commenting out existing initrd entries"
-        sed -i 's|^\(initrd[[:space:]]*=\)|# \1|g' "$config_file"
     fi
 
-    #Update confidential_guest 
-    local conf_guest_pattern='^[[:space:]]*#*[[:space:]]*confidential_guest[[:space:]]*='
-
-    if [ -n "$kernel_path" ] && [ -z "$initrd_path" ]; then
-        # Only kernel provided — enable confidential_guest
-        echo "Only kernel provided — enabling confidential_guest"
-        # Uncomment or add confidential_guest = true
-        if grep -Eq "$conf_guest_pattern" "$config_file"; then
-            sed -i 's|^[[:space:]]*#*[[:space:]]*confidential_guest[[:space:]]*=.*|confidential_guest = true|g' "$config_file"
-        else
-            echo "confidential_guest = true" >> "$config_file"
-        fi
-    elif [ -n "$kernel_path" ] && [ -n "$initrd_path" ]; then
-        # Both kernel and initrd provided — disable confidential_guest
-        echo "Kernel and initrd provided — commenting confidential_guest"
-        sed -i 's|^[[:space:]]*confidential_guest[[:space:]]*=.*|# confidential_guest = true|g' "$config_file"
-    else
-        echo "No kernel path provided — leaving confidential_guest unchanged"
-    fi
-    
     return 0
 }
 
