packages/genpolicy: support GPU containers

This adds the required patches to Genpolicy to allow launching GPU containers on bare-metal Contrast.
edgelesssys · Jan 22, 2025 · 5f748b5 · 5f748b5
1 parent c201276
commit 5f748b5
Show file tree

Hide file tree

Showing 4 changed files with 168 additions and 13 deletions.
diff --git a/packages/by-name/kata/genpolicy/genpolicy_settings_coordinator.patch b/packages/by-name/kata/genpolicy/genpolicy_settings_coordinator.patch
@@ -1,19 +1,18 @@
 diff --git a/genpolicy-settings.json b/genpolicy-settings.json
-index 4e9f6481d..7d0356b90 100644
+index 50406e8ac..8201465ab 100644
 --- a/genpolicy-settings.json
 +++ b/genpolicy-settings.json
-@@ -333,7 +333,8 @@
-                 "^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$",
+@@ -337,7 +337,8 @@
                  "^AZURE_TENANT_ID=[A-Fa-f0-9-]*$",
                  "^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$",
--                "^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$"
-+                "^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$",
+                 "^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$",
+-                "^PCI_RESOURCE_NVIDIA_COM.*=[a-fA-F0-9:.-]*$"
++                "^PCI_RESOURCE_NVIDIA_COM.*=[a-fA-F0-9:.-]*$",
 +                "^CONTRAST_[A-Z0-9_]*=.*$"
              ]
          },
          "CopyFileRequest": [
-@@ -343,9 +343,9 @@
-             "allowed_commands": [],
+@@ -348,7 +349,7 @@
              "regex": []
          },
          "CloseStdinRequest": false,

diff --git a/packages/by-name/kata/genpolicy/genpolicy_settings_dev.patch b/packages/by-name/kata/genpolicy/genpolicy_settings_dev.patch
@@ -1,18 +1,18 @@
 diff --git a/genpolicy-settings.json b/genpolicy-settings.json
-index 4e9f6481d..64f16a760 100644
+index 50406e8ac..77f13c4d3 100644
 --- a/genpolicy-settings.json
 +++ b/genpolicy-settings.json
-@@ -333,7 +333,8 @@
-                 "^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$",
+@@ -337,7 +337,8 @@
                  "^AZURE_TENANT_ID=[A-Fa-f0-9-]*$",
                  "^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$",
--                "^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$"
-+                "^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$",
+                 "^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$",
+-                "^PCI_RESOURCE_NVIDIA_COM.*=[a-fA-F0-9:.-]*$"
++                "^PCI_RESOURCE_NVIDIA_COM.*=[a-fA-F0-9:.-]*$",
 +                "^CONTRAST_[A-Z0-9_]*=.*$"
              ]
          },
          "CopyFileRequest": [
-@@ -341,11 +342,13 @@
+@@ -345,11 +346,13 @@
          ],
          "ExecProcessRequest": {
              "allowed_commands": [],

diff --git a/packages/by-name/kata/kata-runtime/0020-genpolicy-support-dynamic-annotations.patch b/packages/by-name/kata/kata-runtime/0020-genpolicy-support-dynamic-annotations.patch
@@ -0,0 +1,149 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Moritz Sanft <[email protected]>
+Date: Mon, 20 Jan 2025 13:44:00 +0100
+Subject: [PATCH] genpolicy: support dynamic annotations
+
+This adds support for handling annotations with dynamic keys to
+genpolicy. This is necessary for use-cases like GPU containers, where
+in-cluster components (i.e. post policy-generation) instrument
+containers with annotations with varying keys, like `cdi.k8s.io/vfioXY`,
+where `XY` corresponds to a dynamic ID.
+---
+ src/tools/genpolicy/genpolicy-settings.json |  8 ++-
+ src/tools/genpolicy/rules.rego              | 56 +++++++++++++++++++--
+ src/tools/genpolicy/src/policy.rs           |  6 +++
+ 3 files changed, 64 insertions(+), 6 deletions(-)
+
+diff --git a/src/tools/genpolicy/genpolicy-settings.json b/src/tools/genpolicy/genpolicy-settings.json
+index 9b95f9f7462717d04f0b9ce685d97c0455f949da..7dac0e5e0585c25e324a39656d1a2dcfa12e7d96 100644
+--- a/src/tools/genpolicy/genpolicy-settings.json
++++ b/src/tools/genpolicy/genpolicy-settings.json
+@@ -309,7 +309,10 @@
+             "CAP_PERFMON",
+             "CAP_BPF",
+             "CAP_CHECKPOINT_RESTORE"
+-        ]
++        ],
++        "dynamic_annotations": {
++            "^cdi\\.k8s\\.io\\/vfio[0-9]{2}$": "^nvidia.com/gpu=[0-9]+$"
++        }
+     },
+     "kata_config": {
+         "confidential_guest": false,
+@@ -333,7 +336,8 @@
+                 "^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$",
+                 "^AZURE_TENANT_ID=[A-Fa-f0-9-]*$",
+                 "^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$",
+-                "^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$"
++                "^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$",
++                "^PCI_RESOURCE_NVIDIA_COM.*=[a-fA-F0-9:.-]*$"
+             ]
+         },
+         "CopyFileRequest": [
+diff --git a/src/tools/genpolicy/rules.rego b/src/tools/genpolicy/rules.rego
+index 43cb19a56fe8ea5833708f0639c9e85ddd884cb3..271df2aebe05bd4bbd7aa396be24fb6fee0668bf 100644
+--- a/src/tools/genpolicy/rules.rego
++++ b/src/tools/genpolicy/rules.rego
+@@ -199,26 +199,31 @@ allow_anno(p_oci, i_oci) {
+ }
+ allow_anno(p_oci, i_oci) {
+     print("allow_anno 2: p Annotations =", p_oci.Annotations)
++    p_dynamic_annotations := policy_data.common.dynamic_annotations
++    print("allow_anno 2: p Dynamic Annotations =", p_dynamic_annotations)
++
++    i_annotations := i_oci.Annotations
+     print("allow_anno 2: i Annotations =", i_oci.Annotations)
+
+-    i_keys := object.keys(i_oci.Annotations)
++    i_keys := object.keys(i_annotations)
+     print("allow_anno 2: i keys =", i_keys)
+
+     every i_key in i_keys {
+-        allow_anno_key(i_key, p_oci)
++        allow_anno_key(i_key, p_oci, p_dynamic_annotations)
++        allow_dynamic_anno_value(i_key, i_annotations, p_dynamic_annotations)
+     }
+
+     print("allow_anno 2: true")
+ }
+
+-allow_anno_key(i_key, p_oci) {
++allow_anno_key(i_key, p_oci, p_dynamic_annotations) {
+     print("allow_anno_key 1: i key =", i_key)
+
+     startswith(i_key, "io.kubernetes.cri.")
+
+     print("allow_anno_key 1: true")
+ }
+-allow_anno_key(i_key, p_oci) {
++allow_anno_key(i_key, p_oci, p_dynamic_annotations) {
+     print("allow_anno_key 2: i key =", i_key)
+
+     some p_key, _ in p_oci.Annotations
+@@ -227,6 +232,49 @@ allow_anno_key(i_key, p_oci) {
+     print("allow_anno_key 2: true")
+ }
+
++allow_anno_key(i_key, p_oci, p_dynamic_annotations) {
++    print("allow_anno_key 3: i key =", i_key)
++
++    some p_key, _ in p_dynamic_annotations
++    regex.match(p_key, i_key)
++
++    print("allow_anno_key 3: true")
++}
++
++
++# Account for containers without dynamic annotations
++# at all..
++allow_dynamic_anno_value(i_key, i_annotations, p_dynamic_annotations) {
++    print("allow_dynamic_anno_value 1: i key =", i_key)
++
++    not p_dynamic_annotations
++
++    print("allow_dynamic_anno_value 1: true")
++}
++# ..for annotations which do not have a corresponding
++# dynamic annotation set in the settings...
++allow_dynamic_anno_value(i_key, i_annotations, p_dynamic_annotations) {
++    print("allow_dynamic_anno_value 2: i key =", i_key)
++
++    every p_key, _ in p_dynamic_annotations {
++      not regex.match(p_key, i_key)
++    }
++
++    print("allow_dynamic_anno_value 2: true")
++}
++# ...and check those which do.
++allow_dynamic_anno_value(i_key, i_annotations, p_dynamic_annotations) {
++    print("allow_dynamic_anno_value 3: i key =", i_key)
++
++    some p_key, p_value in p_dynamic_annotations
++    regex.match(p_key, i_key)
++
++    i_value := i_annotations[i_key]
++    regex.match(p_value, i_value)
++
++    print("allow_dynamic_anno_value 3: true")
++}
++
+ # Get the value of the S_NAME_KEY annotation and
+ # correlate it with other annotations and process fields.
+ allow_by_anno(p_container, i_oci, i_storages) {
+diff --git a/src/tools/genpolicy/src/policy.rs b/src/tools/genpolicy/src/policy.rs
+index e2012bf6f2d80ffea678a38803d8e85f5369b9dc..80bb6a63b915fa021e60f2b1d60e4bb32b67ba19 100644
+--- a/src/tools/genpolicy/src/policy.rs
++++ b/src/tools/genpolicy/src/policy.rs
+@@ -392,6 +392,12 @@ pub struct CommonData {
+
+     /// Default capabilities for a privileged container.
+     pub privileged_caps: Vec<String>,
++
++    /// Dynamic annotations contains arbitrary metadata for the container.
++    /// It is different to `KataSpec.Annotations` in that it allows dynamic keys *and*
++    /// values, and that they are checked for *all* keys, whereas `Annotations`
++    /// only allows dynamic values, and only checks them for certain keys at all.
++    pub dynamic_annotations: BTreeMap<String, String>,
+ }
+
+ /// Configuration from "kubectl config".
diff --git a/packages/by-name/kata/kata-runtime/package.nix b/packages/by-name/kata/kata-runtime/package.nix
@@ -124,6 +124,13 @@ buildGoModule rec {
       # TODO(msanft): Get native CDI working, which will allow us to drop this patch / undo the revert.
       # See https://dev.azure.com/Edgeless/Edgeless/_workitems/edit/5061
       ./0019-agent-remove-CDI-support.patch
+
+      # This adds support for annotations with dynamic keys *and* values to Genpolicy.
+      # This is required for e.g. GPU containers, which get annotated by an in-cluster
+      # component (i.e. after policy generation based on the Pod spec) with an annotation
+      # like `cdi.k8s.io/vfioXY`, where `XY` corresponds to a dynamic ID.
+      # Upstream issue: https://github.com/kata-containers/kata-containers/issues/10745
+      ./0020-genpolicy-support-dynamic-annotations.patch
     ];
   };