Allow runtime class for workshop containers to be set globally.

carvel-packages/training-platform/bundle/config/00-schema.yaml

@@ -41,6 +41,18 @@ imageVersions:
   - name: ""
     image: ""
 
+#! Settings for customizing container runtime used for Educates deployments.
+
+clusterRuntime:
+
+  #! Runtime class applied to deployments. Can be set where pods should be run
+  #! using a container runtime other than the default. For example one could
+  #! select Kata containers as runtime so workshop containers are isolated in an
+  #! additional lightweight VM. Only workshop containers currently have this
+  #! runtime class applied. 
+
+  class: ""
+
 #! Settings for customizing ingress details by which Educates will be accessed.
 
 clusterIngress:

session-manager/handlers/operator_config.py

@@ -36,6 +36,8 @@
 else:
     IMAGE_REPOSITORY = "registry.default.svc.cluster.local:5001"
 
+RUNTIME_CLASS = xget(config_values, "clusterRuntime.class", "")
+
 INGRESS_DOMAIN = xget(config_values, "clusterIngress.domain", "educates-local-dev.xyz")
 INGRESS_CLASS = xget(config_values, "clusterIngress.class", "")
 

session-manager/handlers/workshopsession.py

@@ -26,6 +26,7 @@
     OPERATOR_STATUS_KEY,
     OPERATOR_NAME_PREFIX,
     IMAGE_REPOSITORY,
+    RUNTIME_CLASS,
     INGRESS_DOMAIN,
     INGRESS_PROTOCOL,
     INGRESS_SECRET,
@@ -1393,6 +1394,9 @@ def resolve_security_policy(name):
 
     deployment_pod_template_spec = deployment_body["spec"]["template"]["spec"]
 
+    if RUNTIME_CLASS:
+        deployment_pod_template_spec["runtimeClassName"] = RUNTIME_CLASS
+
     token_enabled = (
         workshop_spec["session"]
         .get("namespaces", {})