add configuration for CDI

Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>

container_opts.go

@@ -328,7 +328,7 @@ func WithoutRefreshedMetadata(i *InfoConfig) {
 }
 
 // WithCDI updates OCI spec with CDI content
-func WithCDI(s *oci.Spec, annotations map[string]string) NewContainerOpts {
+func WithCDI(s *oci.Spec, annotations map[string]string, cdiSpecDirs []string) NewContainerOpts {
 	return func(ctx context.Context, _ *Client, c *containers.Container) error {
 		// TODO: Once CRI is extended with native CDI support this will need to be updated...
 		_, cdiDevices, err := cdi.ParseAnnotations(annotations)
@@ -339,7 +339,7 @@ func WithCDI(s *oci.Spec, annotations map[string]string) NewContainerOpts {
 			return nil
 		}
 
-		registry := cdi.GetRegistry()
+		registry := cdi.GetRegistry(cdi.WithSpecDirs(cdiSpecDirs...))
 		if err = registry.Refresh(); err != nil {
 			// We don't consider registry refresh failure a fatal error.
 			// For instance, a dynamically generated invalid CDI Spec file for

docs/cri/config.md

@@ -120,6 +120,14 @@ version = 2
   # Note that currently default is set to disabled but target change it in future together with enable_unprivileged_ports
   enable_unprivileged_icmp = false
 
+  # enable_cdi enables support of the Container Device Interface (CDI)
+	# For more details about CDI and the syntax of CDI Spec files please refer to
+	# https://github.com/container-orchestrated-devices/container-device-interface.
+	enable_cdi = false
+
+  # cdi_spec_dirs is the list of directories to scan for CDI spec files
+	cdi_spec_dirs = ["/etc/cdi", "/var/run/cdi"]
+
   # 'plugins."io.containerd.grpc.v1.cri".containerd' contains config related to containerd
   [plugins."io.containerd.grpc.v1.cri".containerd]
 

pkg/cri/config/config.go

@@ -302,6 +302,13 @@ type PluginConfig struct {
 	// and if it is not overwritten by PodSandboxConfig
 	// Note that currently default is set to disabled but target change it in future together with EnableUnprivilegedPorts
 	EnableUnprivilegedICMP bool `toml:"enable_unprivileged_icmp" json:"enableUnprivilegedICMP"`
+	// EnableCDI indicates to enable injection of the Container Device Interface Specifications
+	// into the OCI config
+	// For more details about CDI and the syntax of CDI Spec files please refer to
+	// https://github.com/container-orchestrated-devices/container-device-interface.
+	EnableCDI bool `toml:"enable_cdi" json:"enableCDI"`
+	// CDISpecDirs is the list of directories to scan for Container Device Interface Specifications
+	CDISpecDirs []string `toml:"cdi_spec_dirs" json:"cdiSpecDirs"`
 }
 
 // X509KeyPairStreaming contains the x509 configuration for streaming

pkg/cri/config/config_unix.go

@@ -104,5 +104,7 @@ func DefaultConfig() PluginConfig {
 		ImageDecryption: ImageDecryption{
 			KeyModel: KeyModelNode,
 		},
+		EnableCDI:   false,
+		CDISpecDirs: []string{"/etc/cdi", "/var/run/cdi"},
 	}
 }

pkg/cri/server/container_create.go

@@ -238,8 +238,12 @@ func (c *criService) CreateContainer(ctx context.Context, r *runtime.CreateConta
 	if err != nil {
 		return nil, fmt.Errorf("failed to get runtime options: %w", err)
 	}
+
+	if c.config.EnableCDI {
+		opts = append(opts, containerd.WithCDI(spec, config.Annotations, c.config.CDISpecDirs))
+	}
+
 	opts = append(opts,
-		containerd.WithCDI(spec, config.Annotations),
 		containerd.WithSpec(spec, specOpts...),
 		containerd.WithRuntime(sandboxInfo.Runtime.Name, runtimeOptions),
 		containerd.WithContainerLabels(containerLabels),

pkg/cri/server/container_create_linux_test.go

@@ -1507,7 +1507,7 @@ func writeFilesToTempDir(tmpDirPattern string, content []string) (string, error)
 		}
 	}
 
-	return dir, cdi.GetRegistry(cdi.WithSpecDirs(dir)).Refresh()
+	return dir, nil
 }
 
 func TestCDIInjections(t *testing.T) {
@@ -1619,7 +1619,7 @@ containerEdits:
 		}
 		require.NoError(t, err)
 
-		injectFun := containerd.WithCDI(spec, test.annotations)
+		injectFun := containerd.WithCDI(spec, test.annotations, []string{cdiDir})
 		err = injectFun(nil, nil, nil)
 		assert.Equal(t, test.expectError, err != nil)