Support sharing image on the host for layer block mode #560

ChengyuZhu6 · 2023-12-04T10:04:31Z

Nydus snapshotter supports both image block and layer block modes, with or without dm-verity. However, for confidential containers, nydus-snapshotter only supports image block mode, with or without dm-verity. Therefore, we need to extend nydus-snapshotter to support layer block mode, with or without dm-verity, for confidential containers as well.

options example for pulling docker.io/library/nginx:latest

workdir=/var/lib/containerd-nydus/snapshots/8/work upperdir=/var/lib/containerd-nydus/snapshots/8/fs lowerdir=/var/lib/containerd-nydus/snapshots/7/fs
io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvNTE3MzU3ODMxOTY3ODVkMWY2MDRkYzc3MTFlYTcwZmIzZmFiM2NkOWQ5OWVhZWZmOTkxYzVhZmJmYTBmMjBlOC5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiNmYzOTgyODNhMDBhNjllZTRmMWRkN2Y0MWJhNWEzNmRmY2FmYWY4ODNmYmQ5MzU2NmQ1ZmZlYmIxNzk2Njg0ZCIsImJsb2NrbnVtIjoxMDM4LCJibG9ja3NpemUiOjUxMiwiaGFzaHNpemUiOjQwOTYsIm9mZnNldCI6NTMyNDgwfX0=
io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvODRiMWZmMTAzODdiMjZlMjk1MmYwMDZjMGE0ZmU0YzZmM2MwNzQzY2IwOGVlNDQ4YmI3MTU3MjIwYWQyZmM4Zi5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiODUxOGE2Y2UwOGY4NTViNzc1YWU1ZTFkNmU1YTAyMjBjMzA3ZmZlMGQ4ZGI1ZjY3NzlhNzMzN2M4ZTkyZDQ1OCIsImJsb2NrbnVtIjoxMDM0LCJibG9ja3NpemUiOjUxMiwiaGFzaHNpemUiOjQwOTYsIm9mZnNldCI6NTMyNDgwfX0= 
io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvYzZlZGYzM2UyNTI0YjI0MWEwYjE5MWQwYTBkMmNhM2Q4ZDRhZTc0NzAzMzNiMDU5ZGQ5N2JhMzBlNjYzYTFhMy5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiZmIzODQ1MDliZDU4NzFiN2JlMTA3Mjc0NjcxYWE1YWJiNTMwODgyYjBmMjA1NWU5YjljNDBiODMyNWFkZGM2ZSIsImJsb2NrbnVtIjoxMDI5LCJibG9ja3NpemUiOjUxMiwiaGFzaHNpemUiOjQwOTYsIm9mZnNldCI6NTI4Mzg0fX0= 
io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvOWVhMjdiMDc0ZjcxZDU3NjZhNTljZGJmYWExNWY0Y2QzZDE3YmZmYjgzZmVkMDY2MzczZWIyODczMjZhYmJkMy5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiZjMzZjJlOWU3YmYxNjkzNGE3YTMxMjQxNDU1ZjYxNDRmMGRmOWNiNGNjZDEzMjNiMDczYmUwNjRiODg2ZDNkOCIsImJsb2NrbnVtIjoxMDMzLCJibG9ja3NpemUiOjUxMiwiaGFzaHNpemUiOjQwOTYsIm9mZnNldCI6NTMyNDgwfX0= 
io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvOWE1OWQxOWY5YzViYjFlYmRmZWYyMjU1NDk2YjFiYjVkNjU4ZmRjY2MzMDBjNGMxZjBkMThjNzNmMWJiMTRiNS5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiZDRlYTQ1NjhjNDFhNzVmZTAzMTZiY2QwMjc4YjNlMzMwMGQ1M2RlNzEwNGUwOTYyNDI1ZjgwYmQwNjg5ZjBiNiIsImJsb2NrbnVtIjoxMDMxLCJibG9ja3NpemUiOjUxMiwiaGFzaHNpemUiOjQwOTYsIm9mZnNldCI6NTI4Mzg0fX0= 
io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvOWIxNmM5NGJiNjg2Mjg3NTNhOTRiODlkZGYyNmFiYzA5NzRjZDM1YTk2Zjc4NTg5NWFiMDExZDliNTA0MmVlNS5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiZTc4ZjI2MjNiMWFlY2U5OGYyZjQ4ZmVjMGMyMmNlOTZlNDczZjYwN2M2OTc2ZDI2MWM1MGM3YzQxNDNjOTdjOCIsImJsb2NrbnVtIjoyMjE4MzEsImJsb2Nrc2l6ZSI6NTEyLCJoYXNoc2l6ZSI6NDA5Niwib2Zmc2V0IjoxMTM1Nzc5ODR9fQ== 
io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvMWY3Y2UyZmE0NmFiMzk0MmZlYWJlZTY1NDkzMzk0ODgyMTMwM2E1YTgyMTc4OWRkZGFiMmQ4YzNkZjU5ZTIyNy5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiYTY0NDcwYjZkNDA0NGEyODVjNTNkOTEwNWM4ZTZhNjZmNmU3NGQwZGRmNTJjZTk1YjZjMTRkOGEzY2VlMTI5MyIsImJsb2NrbnVtIjoxNTQxMzksImJsb2Nrc2l6ZSI6NTEyLCJoYXNoc2l6ZSI6NDA5Niwib2Zmc2V0Ijo3ODkyMTcyOH19

decoded data:

{"volume_type":"layer_raw_block","source":"/var/lib/containerd-nydus/cache/51735783196785d1f604dc7711ea70fb3fab3cd9d99eaeff991c5afbfa0f20e8.layer.disk","fs_type":"erofs","options":["ro"],"dm_verity":{"hashtype":"sha256","hash":"6f398283a00a69ee4f1dd7f41ba5a36dfcafaf883fbd93566d5ffebb1796684d","blocknum":1038,"blocksize":512,"hashsize":4096,"offset":532480}}
{"volume_type":"layer_raw_block","source":"/var/lib/containerd-nydus/cache/84b1ff10387b26e2952f006c0a4fe4c6f3c0743cb08ee448bb7157220ad2fc8f.layer.disk","fs_type":"erofs","options":["ro"],"dm_verity":{"hashtype":"sha256","hash":"8518a6ce08f855b775ae5e1d6e5a0220c307ffe0d8db5f6779a7337c8e92d458","blocknum":1034,"blocksize":512,"hashsize":4096,"offset":532480}}
{"volume_type":"layer_raw_block","source":"/var/lib/containerd-nydus/cache/c6edf33e2524b241a0b191d0a0d2ca3d8d4ae7470333b059dd97ba30e663a1a3.layer.disk","fs_type":"erofs","options":["ro"],"dm_verity":{"hashtype":"sha256","hash":"fb384509bd5871b7be107274671aa5abb530882b0f2055e9b9c40b8325addc6e","blocknum":1029,"blocksize":512,"hashsize":4096,"offset":528384}}
{"volume_type":"layer_raw_block","source":"/var/lib/containerd-nydus/cache/9ea27b074f71d5766a59cdbfaa15f4cd3d17bffb83fed066373eb287326abbd3.layer.disk","fs_type":"erofs","options":["ro"],"dm_verity":{"hashtype":"sha256","hash":"f33f2e9e7bf16934a7a31241455f6144f0df9cb4ccd1323b073be064b886d3d8","blocknum":1033,"blocksize":512,"hashsize":4096,"offset":532480}}
{"volume_type":"layer_raw_block","source":"/var/lib/containerd-nydus/cache/9a59d19f9c5bb1ebdfef2255496b1bb5d658fdccc300c4c1f0d18c73f1bb14b5.layer.disk","fs_type":"erofs","options":["ro"],"dm_verity":{"hashtype":"sha256","hash":"d4ea4568c41a75fe0316bcd0278b3e3300d53de7104e0962425f80bd0689f0b6","blocknum":1031,"blocksize":512,"hashsize":4096,"offset":528384}}
{"volume_type":"layer_raw_block","source":"/var/lib/containerd-nydus/cache/9b16c94bb68628753a94b89ddf26abc0974cd35a96f785895ab011d9b5042ee5.layer.disk","fs_type":"erofs","options":["ro"],"dm_verity":{"hashtype":"sha256","hash":"e78f2623b1aece98f2f48fec0c22ce96e473f607c6976d261c50c7c4143c97c8","blocknum":221831,"blocksize":512,"hashsize":4096,"offset":113577984}}
{"volume_type":"layer_raw_block","source":"/var/lib/containerd-nydus/cache/1f7ce2fa46ab3942feabee654933948821303a5a821789dddab2d8c3df59e227.layer.disk","fs_type":"erofs","options":["ro"],"dm_verity":{"hashtype":"sha256","hash":"a64470b6d4044a285c53d9105c8e6a66f6e74d0ddf52ce95b6c14d8a3cee1293","blocknum":154139,"blocksize":512,"hashsize":4096,"offset":78921728}}

Fixes: #559

ChengyuZhu6 · 2023-12-04T11:51:52Z

/cc @jiangliu

codecov · 2023-12-04T12:20:04Z

Codecov Report

Merging #560 (4473328) into main (5009c52) will decrease coverage by 0.12%.
Report is 8 commits behind head on main.
The diff coverage is 0.00%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #560      +/-   ##
==========================================
- Coverage   33.63%   33.52%   -0.12%     
==========================================
  Files          65       65              
  Lines        8259     8287      +28     
==========================================
  Hits         2778     2778              
- Misses       5166     5194      +28     
  Partials      315      315

Files	Coverage Δ
snapshot/process.go	`0.00% <0.00%> (ø)`
snapshot/snapshot.go	`0.00% <0.00%> (ø)`
snapshot/mount_option.go	`22.88% <0.00%> (-2.51%)`	⬇️

Introduce a function to get the path of layer disk file. Fixes: containerd#559 Signed-off-by: ChengyuZhu6 <[email protected]>

jiangliu · 2023-12-07T03:36:04Z

pkg/tarfs/tarfs.go

-	} else if !wholeImage != perLayer {
+	}
+
+	if exportDisk && !perLayer && !wholeImage && !withVerity {


Could you please help to add a comment about what's this condition for?

By design，the function ExportBlockData() should not be called for rw layer. So could you please help to confirm the call stack?

Could you please help to add a comment about what's this condition for?

Fixed.

if !exportDisk && !withVerity { return updateFields, nil } else if !wholeImage != perLayer { // Special handling for `layer_block` mode if exportDisk && !withVerity && !perLayer { labels[label.NydusLayerBlockInfo] = "" updateFields = append(updateFields, "labels."+label.NydusLayerBlockInfo) } return updateFields, nil }

jiangliu · 2023-12-07T03:48:32Z

snapshot/mount_option.go

@@ -151,10 +151,14 @@ func (o *snapshotter) mountWithKataVolume(ctx context.Context, id string, overla

 func (o *snapshotter) mountWithProxyVolume(rafs rafs.Rafs) ([]string, error) {
 	options := []string{}
+	source := ""


how about simplifying it as :

source := rafs.Annotations[label.CRIImageRef]

When the layer_block mode is enabled, the remote snapshot does not contain the `containerd.io/snapshot/nydus-layer-block` label, which prevents the creation of a kata volume. Therefore, we need to add the `containerd.io/snapshot/nydus-layer-block` label to the remote snapshot. Signed-off-by: ChengyuZhu6 <[email protected]>

Introduce a function to prepare KataVirtualVolume for both guest pull image and host sharing image modes to eliminate redundant code. Signed-off-by: ChengyuZhu6 <[email protected]>

jiangliu · 2023-12-07T08:19:18Z

snapshot/mount_option.go

-		if len(info) > 0 {
-			dmverity, err := parseTarfsDmVerityInfo(info)
+
+		options = append(options, opt)


It would be better to return here，to protect from a abnormal case where both NydusImageBlockInfo and NydusLayerBlockInfo are set.

jiangliu · 2023-12-07T08:24:34Z

An kata volume option takes about 500-bytes as

io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvNTE3MzU3ODMxOTY3ODVkMWY2MDRkYzc3MTFlYTcwZmIzZmFiM2NkOWQ5OWVhZWZmOTkxYzVhZmJmYTBmMjBlOC5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiNmYzOTgyODNhMDBhNjllZTRmMWRkN2Y0MWJhNWEzNmRmY2FmYWY4ODNmYmQ5MzU2NmQ1ZmZlYmIxNzk2Njg0ZCIsImJsb2NrbnVtIjoxMDM4LCJibG9ja3NpemUiOjUxMiwiaGFzaHNpemUiOjQwOTYsIm9mZnNldCI6NTMyNDgwfX0=

And mount options are limited to 4096 bytes by containerd, so seems only max 8-layers may be supported by this way.

You have test an image with 7 layers, so could you please help to test an image with more layers?

ChengyuZhu6 · 2023-12-07T08:28:57Z

An kata volume option takes about 500-bytes as
io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvNTE3MzU3ODMxOTY3ODVkMWY2MDRkYzc3MTFlYTcwZmIzZmFiM2NkOWQ5OWVhZWZmOTkxYzVhZmJmYTBmMjBlOC5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiNmYzOTgyODNhMDBhNjllZTRmMWRkN2Y0MWJhNWEzNmRmY2FmYWY4ODNmYmQ5MzU2NmQ1ZmZlYmIxNzk2Njg0ZCIsImJsb2NrbnVtIjoxMDM4LCJibG9ja3NpemUiOjUxMiwiaGFzaHNpemUiOjQwOTYsIm9mZnNldCI6NTMyNDgwfX0=
And mount options are limited to 4096 bytes by containerd, so seems only max 8-layers may be supported by this way.

You have test an image with 7 layers, so could you please help to test an image with more layers?

Sure, I’d be happy to help.

Support to handle kata volume for layer block and reconstruct functions about handling kata virtual volumes. Signed-off-by: ChengyuZhu6 <[email protected]>

The sandbox image (pause image) name cannot be stored in annotations by containerd, so snapshotter is unable to retrieve it. This means that the source field of `KataVirtualVolume` has to be set to "" to support guest pull in proxy mode now. However, once containerd fixes this bug (containerd/containerd#9419), I think the nydus snapshotter could be able to get the sandbox image name from annotations directly. I recommend that we can support to obtain the image name through "containerd.io/snapshot/cri.image-ref" in snapshotter. If this value is empty, the source should be set to "", otherwise it should be set to the image name. Signed-off-by: ChengyuZhu6 <[email protected]>

ChengyuZhu6 · 2023-12-07T09:06:57Z

@jiangliu I try to pull docker.io/library/mysql:latest with nydus snapshotter when enabling layer_block mode and it works:

docker inspect --format='{{json .RootFS.Layers}}' docker.io/library/mysql:latest | jq .
[
  "sha256:d6fe63e8be63d078aeef9739f2c7ea101e6cc1a3f998d179af63a10e7f0f959d",
  "sha256:69ef53c77128b4110395e0a6088180a9b721ad4e657519af3833b582be1025e3",
  "sha256:69a630646f651d14ff89d41075d81b1277f918cb11a4f7fe90176bc19be360e2",
  "sha256:9458eec006d024a88859da375e58cba647138e67c0f28929a2e55f57bd7cc059",
  "sha256:01cbaaa2e3b944b563eb5bbbb9c4594ea9ec4bf2c61d4004223df75c6396d3e4",
  "sha256:f159770d104df09d0d2f7c6ba8556cafe3a8e9de56f799c9d5d570bbb8abdb53",
  "sha256:235367ebc71a6828430323a7c33e0c462c6c1fd335fa917625de7145b36ff5af",
  "sha256:867dc881a6cfbc6311a5d77214854881768bf1c34c48fab6a0fa0c82b0c08d50",
  "sha256:1af6e691b2c1e8acb910e66b74cc5e6acb7a995213d796b01ad3dd5587cf9633",
  "sha256:eff93312e2490ea70bca3cdb18a0e653da5432ee287a1f4b8e379f378345465f"
]

options:

fuse.nydus-overlayfs mount options [workdir=/var/lib/containerd-nydus/snapshots/13/work upperdir=/var/lib/containerd-nydus/snapshots/13/fs lowerdir=/var/lib/containerd-nydus/snapshots/10/fs 
io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvOTQyYmVmNjJhMTQ2ZmU3ODllZmM5YTMyNTQ5MDAzM2ZlN2MzMWU5OTJmNDE2NzRlZjJkYzViYTJkZDE2YmIwMy5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiZDIwZGM0ZWZmN2EzZGIzYWRlMGNmMjM4YzY1MjVjYmUzODY0MDE2MTA5NTRjMjEzYTdkZjcxNmMyZmE2NWM3MCIsImJsb2NrbnVtIjoxMDU4LCJibG9ja3NpemUiOjUxMiwiaGFzaHNpemUiOjQwOTYsIm9mZnNldCI6NTQ0NzY4fX0= 
io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvY2JjODQ3YmFiNTk4ZTcxNmRmMTZlNzQ1MzhkOGE3YWEzN2MxZDExMzQxNDkxMDk0Njc3M2Y3MDUyYjU2NjVjYy5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiYmMxMjI2MmM3MTNkYTllZGFlMjUwMGQwMDAyNjU0NTcxODY5NjI5MGQ0NmQ1ZmM1NGFiNDNlOWRhZDQ3ZDdjNCIsImJsb2NrbnVtIjo1NjM5OTYsImJsb2Nrc2l6ZSI6NTEyLCJoYXNoc2l6ZSI6NDA5Niwib2Zmc2V0IjoyODg3NjgwMDB9fQ== 
io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvNTA5MDY4ZTQ5NDg4MjFjOWRlZTZjYjY5YjNmZGNjNDliMTcwMDQzNmNjY2NlNTc2YThkYjEyZTQxODIxZTQwYy5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiNTYzMWRiYzVhNjI1NGVjOGRkYmFkZTQ5YTFmZjEwNmZlNDkzOGM5NGE1M2VlZWM4MzY1MDIwYWE0ZmYxMjFmMiIsImJsb2NrbnVtIjoxMDMwLCJibG9ja3NpemUiOjUxMiwiaGFzaHNpemUiOjQwOTYsIm9mZnNldCI6NTI4Mzg0fX0= 
io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvNWZjM2M4NDBmYWNjOTllMTc5OTQyM2RjZjg3MTdjODEzNWQ0Zjg1ODAyYTY5NmUwMDYwM2VhYWY1NDU1NTU3OS5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiZThlM2Y3ZTMxN2YyNjBjOTJhYmNkZTg0Yjc4ZjNlMWZlOTE2NGZhYzg3NTBkMjFkZjVhYWUxMTIzOTE3ODc5NyIsImJsb2NrbnVtIjozOTE0NTYsImJsb2Nrc2l6ZSI6NTEyLCJoYXNoc2l6ZSI6NDA5Niwib2Zmc2V0IjoyMDA0MjU0NzJ9fQ== 
io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvZjdmMDI0ZGZiMzI5MmVmMWQ3NGJkZGQwMDFiMzJkNDk3ZDA4ODhjYzYzMWRjNjcyZDk4Y2JiZTA1YjcyMmRlNC5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiZjBjZjFiNjI1YWU0MjNkM2FmYmFmZDAzMTk4NDYyODNiZTlkNWQ4MzYwNjBiMGI5NTQ1Y2UxMjBlZjkyZmIzNyIsImJsb2NrbnVtIjoxMDMwLCJibG9ja3NpemUiOjUxMiwiaGFzaHNpemUiOjQwOTYsIm9mZnNldCI6NTI4Mzg0fX0= 
io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvY2U1OTQ5MTkzZTRjMGExMjg4NGQ2ZjVjOGQxNDUwNjU1YzI5NGI3YWE5OTUzZGJhODdmNzgyN2Y1ODRkYjNjYy5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiOGUzZWU3Nzc1NzNhZmFiOTg1YTUzNWNlZWUzMmFmZjYyMzdjMGEzNGI0YWM4MTJhYjg3YmFlYjY1ZjM3ODRhMSIsImJsb2NrbnVtIjoxMDM3LCJibG9ja3NpemUiOjUxMiwiaGFzaHNpemUiOjQwOTYsIm9mZnNldCI6NTMyNDgwfX0= 
io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvNGE3ZDdmMTFhYTFlZjkxNDY4MmZiYTgwZDYxZjEyZDkyZDMzYmNiMzMwMzE3Yzc4NjE1OWY4N2YyYWJlNDQ1Ny5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiYjFiYjYyNWMzODkyNDM2N2ZmMjQxNzcxNTMyZGI2MWUyMGExZjYwYzY3OGEzZjk5ZTE4YTkwNjIwZjU0ZGI1MyIsImJsb2NrbnVtIjoyNzk2OCwiYmxvY2tzaXplIjo1MTIsImhhc2hzaXplIjo0MDk2LCJvZmZzZXQiOjE0MzE5NjE2fX0= 
io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvZDg4ZDAzY2UxMzliYmE3OTg1MDU5ZTczN2ZjMGQ5MjY3NmQ4ZGUwYjI4ZGQyOTM3M2NkNzNkNTFkZjVlYjkxNy5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiMDBmZGY0MzU0MTIyYWUzMjFiOThjMWM3NTRmMjg0NTNjOTNlNjUyMWE2OTM2YTJiMjc5YWNhNjZmYmNiNWQwOSIsImJsb2NrbnVtIjo1NjMxLCJibG9ja3NpemUiOjUxMiwiaGFzaHNpemUiOjQwOTYsIm9mZnNldCI6Mjg4MzU4NH19 
io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvMmQyYzUyNzE4ZjY1OTU3NWQ5ODVjMzMzZTdjN2RiYTIzNWFkNTI1ZWUyMjQ3OTQzYWE4MzA5ZTcyYWRiZjQxNS5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiNTVhMjU2YzFkYWM3Y2IyMTUyODc3OGU0YjUwMDhkYjU1OGE1MjY3YThhNmE5NTAzNzQwYWE3NDI5YzMxZmM1MCIsImJsb2NrbnVtIjoxMDQ2LCJibG9ja3NpemUiOjUxMiwiaGFzaHNpemUiOjQwOTYsIm9mZnNldCI6NTM2NTc2fX0= 
io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvOGUwMTc2YWRjMThjNDc2YmRmY2M3MDFmMDFjZGE1YWNmNDliYzhlNmQ3ZmFkYWM4MDcyMDkxYTQzZmFmYmIyNS5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiOTdmZDIxNDk4YmYyYzhiNDZiZWYwMDgwOWM2OTA4MDE5NTk3MWI3MTJhODM5Y2E3ZjJkODI5MWYwMzkzOTRkYiIsImJsb2NrbnVtIjoyMTUxNzMsImJsb2Nrc2l6ZSI6NTEyLCJoYXNoc2l6ZSI6NDA5Niwib2Zmc2V0IjoxMTAxNzAxMTJ9fQ==

the decoded data:

{"volume_type":"layer_raw_block","source":"/var/lib/containerd-nydus/cache/942bef62a146fe789efc9a325490033fe7c31e992f41674ef2dc5ba2dd16bb03.layer.disk","fs_type":"erofs","options":["ro"],"dm_verity":{"hashtype":"sha256","hash":"d20dc4eff7a3db3ade0cf238c6525cbe386401610954c213a7df716c2fa65c70","blocknum":1058,"blocksize":512,"hashsize":4096,"offset":544768}}
{"volume_type":"layer_raw_block","source":"/var/lib/containerd-nydus/cache/cbc847bab598e716df16e74538d8a7aa37c1d113414910946773f7052b5665cc.layer.disk","fs_type":"erofs","options":["ro"],"dm_verity":{"hashtype":"sha256","hash":"bc12262c713da9edae2500d00026545718696290d46d5fc54ab43e9dad47d7c4","blocknum":563996,"blocksize":512,"hashsize":4096,"offset":288768000}}
{"volume_type":"layer_raw_block","source":"/var/lib/containerd-nydus/cache/509068e4948821c9dee6cb69b3fdcc49b1700436cccce576a8db12e41821e40c.layer.disk","fs_type":"erofs","options":["ro"],"dm_verity":{"hashtype":"sha256","hash":"5631dbc5a6254ec8ddbade49a1ff106fe4938c94a53eeec8365020aa4ff121f2","blocknum":1030,"blocksize":512,"hashsize":4096,"offset":528384}}
{"volume_type":"layer_raw_block","source":"/var/lib/containerd-nydus/cache/5fc3c840facc99e1799423dcf8717c8135d4f85802a696e00603eaaf54555579.layer.disk","fs_type":"erofs","options":["ro"],"dm_verity":{"hashtype":"sha256","hash":"e8e3f7e317f260c92abcde84b78f3e1fe9164fac8750d21df5aae11239178797","blocknum":391456,"blocksize":512,"hashsize":4096,"offset":200425472}}
{"volume_type":"layer_raw_block","source":"/var/lib/containerd-nydus/cache/f7f024dfb3292ef1d74bddd001b32d497d0888cc631dc672d98cbbe05b722de4.layer.disk","fs_type":"erofs","options":["ro"],"dm_verity":{"hashtype":"sha256","hash":"f0cf1b625ae423d3afbafd0319846283be9d5d836060b0b9545ce120ef92fb37","blocknum":1030,"blocksize":512,"hashsize":4096,"offset":528384}}
{"volume_type":"layer_raw_block","source":"/var/lib/containerd-nydus/cache/ce5949193e4c0a12884d6f5c8d1450655c294b7aa9953dba87f7827f584db3cc.layer.disk","fs_type":"erofs","options":["ro"],"dm_verity":{"hashtype":"sha256","hash":"8e3ee777573afab985a535ceee32aff6237c0a34b4ac812ab87baeb65f3784a1","blocknum":1037,"blocksize":512,"hashsize":4096,"offset":532480}}
{"volume_type":"layer_raw_block","source":"/var/lib/containerd-nydus/cache/4a7d7f11aa1ef914682fba80d61f12d92d33bcb330317c786159f87f2abe4457.layer.disk","fs_type":"erofs","options":["ro"],"dm_verity":{"hashtype":"sha256","hash":"b1bb625c38924367ff241771532db61e20a1f60c678a3f99e18a90620f54db53","blocknum":27968,"blocksize":512,"hashsize":4096,"offset":14319616}}
{"volume_type":"layer_raw_block","source":"/var/lib/containerd-nydus/cache/d88d03ce139bba7985059e737fc0d92676d8de0b28dd29373cd73d51df5eb917.layer.disk","fs_type":"erofs","options":["ro"],"dm_verity":{"hashtype":"sha256","hash":"00fdf4354122ae321b98c1c754f28453c93e6521a6936a2b279aca66fbcb5d09","blocknum":5631,"blocksize":512,"hashsize":4096,"offset":2883584}}
{"volume_type":"layer_raw_block","source":"/var/lib/containerd-nydus/cache/2d2c52718f659575d985c333e7c7dba235ad525ee2247943aa8309e72adbf415.layer.disk","fs_type":"erofs","options":["ro"],"dm_verity":{"hashtype":"sha256","hash":"55a256c1dac7cb21528778e4b5008db558a5267a8a6a9503740aa7429c31fc50","blocknum":1046,"blocksize":512,"hashsize":4096,"offset":536576}}
{"volume_type":"layer_raw_block","source":"/var/lib/containerd-nydus/cache/8e0176adc18c476bdfcc701f01cda5acf49bc8e6d7fadac8072091a43fafbb25.layer.disk","fs_type":"erofs","options":["ro"],"dm_verity":{"hashtype":"sha256","hash":"97fd21498bf2c8b46bef00809c69080195971b712a839ca7f2d8291f039394db","blocknum":215173,"blocksize":512,"hashsize":4096,"offset":110170112}}

In kata log:

"KataVirtualVolume volume = io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvOTQyYmVmNjJhMTQ2ZmU3ODllZmM5YTMyNTQ5MDAzM2ZlN2MzMWU5OTJmNDE2NzRlZjJkYzViYTJkZDE2YmIwMy5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiZDIwZGM0ZWZmN2EzZGIzYWRlMGNmMjM4YzY1MjVjYmUzODY0MDE2MTA5NTRjMjEzYTdkZjcxNmMyZmE2NWM3MCIsImJsb2NrbnVtIjoxMDU4LCJibG9ja3NpemUiOjUxMiwiaGFzaHNpemUiOjQwOTYsIm9mZnNldCI6NTQ0NzY4fX0=" container=05ae8dc7e45da4f3af9868707dd957f6ba159b3e620af92c3208b3e08b54b9d3 name=containerd-shim-v2 pid=3787938 sandbox=05ae8dc7e45da4f3af9868707dd957f6ba159b3e620af92c3208b3e08b54b9d3 source=virtcontainers subsystem=container
"KataVirtualVolume volume = io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvY2JjODQ3YmFiNTk4ZTcxNmRmMTZlNzQ1MzhkOGE3YWEzN2MxZDExMzQxNDkxMDk0Njc3M2Y3MDUyYjU2NjVjYy5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiYmMxMjI2MmM3MTNkYTllZGFlMjUwMGQwMDAyNjU0NTcxODY5NjI5MGQ0NmQ1ZmM1NGFiNDNlOWRhZDQ3ZDdjNCIsImJsb2NrbnVtIjo1NjM5OTYsImJsb2Nrc2l6ZSI6NTEyLCJoYXNoc2l6ZSI6NDA5Niwib2Zmc2V0IjoyODg3NjgwMDB9fQ==" container=05ae8dc7e45da4f3af9868707dd957f6ba159b3e620af92c3208b3e08b54b9d3 name=containerd-shim-v2 pid=3787938 sandbox=05ae8dc7e45da4f3af9868707dd957f6ba159b3e620af92c3208b3e08b54b9d3 source=virtcontainers subsystem=container
"KataVirtualVolume volume = io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvNTA5MDY4ZTQ5NDg4MjFjOWRlZTZjYjY5YjNmZGNjNDliMTcwMDQzNmNjY2NlNTc2YThkYjEyZTQxODIxZTQwYy5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiNTYzMWRiYzVhNjI1NGVjOGRkYmFkZTQ5YTFmZjEwNmZlNDkzOGM5NGE1M2VlZWM4MzY1MDIwYWE0ZmYxMjFmMiIsImJsb2NrbnVtIjoxMDMwLCJibG9ja3NpemUiOjUxMiwiaGFzaHNpemUiOjQwOTYsIm9mZnNldCI6NTI4Mzg0fX0=" container=05ae8dc7e45da4f3af9868707dd957f6ba159b3e620af92c3208b3e08b54b9d3 name=containerd-shim-v2 pid=3787938 sandbox=05ae8dc7e45da4f3af9868707dd957f6ba159b3e620af92c3208b3e08b54b9d3 source=virtcontainers subsystem=container
"KataVirtualVolume volume = io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvNWZjM2M4NDBmYWNjOTllMTc5OTQyM2RjZjg3MTdjODEzNWQ0Zjg1ODAyYTY5NmUwMDYwM2VhYWY1NDU1NTU3OS5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiZThlM2Y3ZTMxN2YyNjBjOTJhYmNkZTg0Yjc4ZjNlMWZlOTE2NGZhYzg3NTBkMjFkZjVhYWUxMTIzOTE3ODc5NyIsImJsb2NrbnVtIjozOTE0NTYsImJsb2Nrc2l6ZSI6NTEyLCJoYXNoc2l6ZSI6NDA5Niwib2Zmc2V0IjoyMDA0MjU0NzJ9fQ==" container=05ae8dc7e45da4f3af9868707dd957f6ba159b3e620af92c3208b3e08b54b9d3 name=containerd-shim-v2 pid=3787938 sandbox=05ae8dc7e45da4f3af9868707dd957f6ba159b3e620af92c3208b3e08b54b9d3 source=virtcontainers subsystem=container
"KataVirtualVolume volume = io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvZjdmMDI0ZGZiMzI5MmVmMWQ3NGJkZGQwMDFiMzJkNDk3ZDA4ODhjYzYzMWRjNjcyZDk4Y2JiZTA1YjcyMmRlNC5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiZjBjZjFiNjI1YWU0MjNkM2FmYmFmZDAzMTk4NDYyODNiZTlkNWQ4MzYwNjBiMGI5NTQ1Y2UxMjBlZjkyZmIzNyIsImJsb2NrbnVtIjoxMDMwLCJibG9ja3NpemUiOjUxMiwiaGFzaHNpemUiOjQwOTYsIm9mZnNldCI6NTI4Mzg0fX0=" container=05ae8dc7e45da4f3af9868707dd957f6ba159b3e620af92c3208b3e08b54b9d3 name=containerd-shim-v2 pid=3787938 sandbox=05ae8dc7e45da4f3af9868707dd957f6ba159b3e620af92c3208b3e08b54b9d3 source=virtcontainers subsystem=container
"KataVirtualVolume volume = io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvY2U1OTQ5MTkzZTRjMGExMjg4NGQ2ZjVjOGQxNDUwNjU1YzI5NGI3YWE5OTUzZGJhODdmNzgyN2Y1ODRkYjNjYy5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiOGUzZWU3Nzc1NzNhZmFiOTg1YTUzNWNlZWUzMmFmZjYyMzdjMGEzNGI0YWM4MTJhYjg3YmFlYjY1ZjM3ODRhMSIsImJsb2NrbnVtIjoxMDM3LCJibG9ja3NpemUiOjUxMiwiaGFzaHNpemUiOjQwOTYsIm9mZnNldCI6NTMyNDgwfX0=" container=05ae8dc7e45da4f3af9868707dd957f6ba159b3e620af92c3208b3e08b54b9d3 name=containerd-shim-v2 pid=3787938 sandbox=05ae8dc7e45da4f3af9868707dd957f6ba159b3e620af92c3208b3e08b54b9d3 source=virtcontainers subsystem=container
"KataVirtualVolume volume = io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvNGE3ZDdmMTFhYTFlZjkxNDY4MmZiYTgwZDYxZjEyZDkyZDMzYmNiMzMwMzE3Yzc4NjE1OWY4N2YyYWJlNDQ1Ny5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiYjFiYjYyNWMzODkyNDM2N2ZmMjQxNzcxNTMyZGI2MWUyMGExZjYwYzY3OGEzZjk5ZTE4YTkwNjIwZjU0ZGI1MyIsImJsb2NrbnVtIjoyNzk2OCwiYmxvY2tzaXplIjo1MTIsImhhc2hzaXplIjo0MDk2LCJvZmZzZXQiOjE0MzE5NjE2fX0=" container=05ae8dc7e45da4f3af9868707dd957f6ba159b3e620af92c3208b3e08b54b9d3 name=containerd-shim-v2 pid=3787938 sandbox=05ae8dc7e45da4f3af9868707dd957f6ba159b3e620af92c3208b3e08b54b9d3 source=virtcontainers subsystem=container
"KataVirtualVolume volume = io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvZDg4ZDAzY2UxMzliYmE3OTg1MDU5ZTczN2ZjMGQ5MjY3NmQ4ZGUwYjI4ZGQyOTM3M2NkNzNkNTFkZjVlYjkxNy5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiMDBmZGY0MzU0MTIyYWUzMjFiOThjMWM3NTRmMjg0NTNjOTNlNjUyMWE2OTM2YTJiMjc5YWNhNjZmYmNiNWQwOSIsImJsb2NrbnVtIjo1NjMxLCJibG9ja3NpemUiOjUxMiwiaGFzaHNpemUiOjQwOTYsIm9mZnNldCI6Mjg4MzU4NH19" container=05ae8dc7e45da4f3af9868707dd957f6ba159b3e620af92c3208b3e08b54b9d3 name=containerd-shim-v2 pid=3787938 sandbox=05ae8dc7e45da4f3af9868707dd957f6ba159b3e620af92c3208b3e08b54b9d3 source=virtcontainers subsystem=container
"KataVirtualVolume volume = io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvMmQyYzUyNzE4ZjY1OTU3NWQ5ODVjMzMzZTdjN2RiYTIzNWFkNTI1ZWUyMjQ3OTQzYWE4MzA5ZTcyYWRiZjQxNS5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiNTVhMjU2YzFkYWM3Y2IyMTUyODc3OGU0YjUwMDhkYjU1OGE1MjY3YThhNmE5NTAzNzQwYWE3NDI5YzMxZmM1MCIsImJsb2NrbnVtIjoxMDQ2LCJibG9ja3NpemUiOjUxMiwiaGFzaHNpemUiOjQwOTYsIm9mZnNldCI6NTM2NTc2fX0=" container=05ae8dc7e45da4f3af9868707dd957f6ba159b3e620af92c3208b3e08b54b9d3 name=containerd-shim-v2 pid=3787938 sandbox=05ae8dc7e45da4f3af9868707dd957f6ba159b3e620af92c3208b3e08b54b9d3 source=virtcontainers subsystem=container
"KataVirtualVolume volume = io.katacontainers.volume=eyJ2b2x1bWVfdHlwZSI6ImxheWVyX3Jhd19ibG9jayIsInNvdXJjZSI6Ii92YXIvbGliL2NvbnRhaW5lcmQtbnlkdXMvY2FjaGUvOGUwMTc2YWRjMThjNDc2YmRmY2M3MDFmMDFjZGE1YWNmNDliYzhlNmQ3ZmFkYWM4MDcyMDkxYTQzZmFmYmIyNS5sYXllci5kaXNrIiwiZnNfdHlwZSI6ImVyb2ZzIiwib3B0aW9ucyI6WyJybyJdLCJkbV92ZXJpdHkiOnsiaGFzaHR5cGUiOiJzaGEyNTYiLCJoYXNoIjoiOTdmZDIxNDk4YmYyYzhiNDZiZWYwMDgwOWM2OTA4MDE5NTk3MWI3MTJhODM5Y2E3ZjJkODI5MWYwMzkzOTRkYiIsImJsb2NrbnVtIjoyMTUxNzMsImJsb2Nrc2l6ZSI6NTEyLCJoYXNoc2l6ZSI6NDA5Niwib2Zmc2V0IjoxMTAxNzAxMTJ9fQ==" container=05ae8dc7e45da4f3af9868707dd957f6ba159b3e620af92c3208b3e08b54b9d3 name=containerd-shim-v2 pid=3787938 sandbox=05ae8dc7e45da4f3af9868707dd957f6ba159b3e620af92c3208b3e08b54b9d3 source=virtcontainers subsystem=container

jiangliu · 2023-12-07T10:05:29Z

Seems strange，need to confirm whether containerd has a 4K limitation for annotations。

ChengyuZhu6 · 2023-12-07T10:11:52Z

Seems strange，need to confirm whether containerd has a 4K limitation for annotations。

Sure.

ChengyuZhu6 · 2023-12-11T08:19:23Z

Seems strange，need to confirm whether containerd has a 4K limitation for annotations。

Containerd has a 4096-byte limit for labels (https://github.com/containerd/containerd/blob/a68efb1bad631a7a6c37953af791abf1d551790f/api/services/snapshots/v1/snapshots.proto#L49). However, this limit does not apply to the mounts returned by the snapshotter. Each mount can have an arbitrary length. (https://github.com/containerd/containerd/blob/a68efb1bad631a7a6c37953af791abf1d551790f/api/types/mount.proto)

ChengyuZhu6 force-pushed the layer_block branch from 659424d to 9de4ab8 Compare December 4, 2023 11:07

ChengyuZhu6 changed the title ~~[WIP] Support sharing image on the host for layer block mode~~ Support sharing image on the host for layer block mode Dec 4, 2023

ChengyuZhu6 force-pushed the layer_block branch 6 times, most recently from 9719d39 to a80586b Compare December 4, 2023 11:47

ChengyuZhu6 force-pushed the layer_block branch 2 times, most recently from 9700477 to ffb6713 Compare December 4, 2023 12:11

ChengyuZhu6 force-pushed the layer_block branch 3 times, most recently from b224a87 to 00ceb1c Compare December 5, 2023 01:22

tarfs: Introduce a function to get the path of layer disk file

49f347e

Introduce a function to get the path of layer disk file. Fixes: containerd#559 Signed-off-by: ChengyuZhu6 <[email protected]>

ChengyuZhu6 force-pushed the layer_block branch 3 times, most recently from 685b2e1 to 723b3b2 Compare December 5, 2023 01:28

jiangliu reviewed Dec 7, 2023

View reviewed changes

ChengyuZhu6 force-pushed the layer_block branch 5 times, most recently from 1a02642 to 24d2230 Compare December 7, 2023 05:20

ChengyuZhu6 requested a review from jiangliu December 7, 2023 05:20

ChengyuZhu6 added 2 commits December 7, 2023 14:14

snapshot: Introduce a function to prepare KataVirtualVolume

7ead21f

Introduce a function to prepare KataVirtualVolume for both guest pull image and host sharing image modes to eliminate redundant code. Signed-off-by: ChengyuZhu6 <[email protected]>

ChengyuZhu6 force-pushed the layer_block branch from 24d2230 to 5a3efca Compare December 7, 2023 06:18

jiangliu reviewed Dec 7, 2023

View reviewed changes

jiangliu approved these changes Dec 7, 2023

View reviewed changes

ChengyuZhu6 force-pushed the layer_block branch from 5a3efca to f8f4416 Compare December 7, 2023 08:26

ChengyuZhu6 added 2 commits December 7, 2023 16:31

snapshot: support to handle kata volume for layer block

671c414

Support to handle kata volume for layer block and reconstruct functions about handling kata virtual volumes. Signed-off-by: ChengyuZhu6 <[email protected]>

ChengyuZhu6 force-pushed the layer_block branch from f8f4416 to 4473328 Compare December 7, 2023 08:34

imeoer approved these changes Dec 12, 2023

View reviewed changes

imeoer merged commit 47d4311 into containerd:main Dec 25, 2023
16 checks passed

ChengyuZhu6 deleted the layer_block branch December 27, 2023 04:18

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support sharing image on the host for layer block mode #560

Support sharing image on the host for layer block mode #560

ChengyuZhu6 commented Dec 4, 2023 •

edited

Loading

ChengyuZhu6 commented Dec 4, 2023

codecov bot commented Dec 4, 2023 •

edited

Loading

jiangliu Dec 7, 2023

jiangliu Dec 7, 2023

ChengyuZhu6 Dec 7, 2023

jiangliu Dec 7, 2023

ChengyuZhu6 Dec 7, 2023

jiangliu Dec 7, 2023

ChengyuZhu6 Dec 7, 2023

jiangliu Dec 7, 2023

jiangliu commented Dec 7, 2023 •

edited

Loading

ChengyuZhu6 commented Dec 7, 2023

ChengyuZhu6 commented Dec 7, 2023

jiangliu commented Dec 7, 2023

ChengyuZhu6 commented Dec 7, 2023

ChengyuZhu6 commented Dec 11, 2023

Support sharing image on the host for layer block mode #560

Support sharing image on the host for layer block mode #560

Conversation

ChengyuZhu6 commented Dec 4, 2023 • edited Loading

ChengyuZhu6 commented Dec 4, 2023

codecov bot commented Dec 4, 2023 • edited Loading

Codecov Report

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

jiangliu commented Dec 7, 2023 • edited Loading

ChengyuZhu6 commented Dec 7, 2023

ChengyuZhu6 commented Dec 7, 2023

jiangliu commented Dec 7, 2023

ChengyuZhu6 commented Dec 7, 2023

ChengyuZhu6 commented Dec 11, 2023

ChengyuZhu6 commented Dec 4, 2023 •

edited

Loading

codecov bot commented Dec 4, 2023 •

edited

Loading

jiangliu commented Dec 7, 2023 •

edited

Loading