charts/values: add disabled all runtime classes values

Added default values which will disable all runtime classes by default to override only expected ones.

Signed-off-by: Pawel Proskurnicki <pawel.proskurnicki@intel.com>

Author: pawelpros

QUICKSTART.md

@@ -52,6 +52,9 @@ helm install coco oci://ghcr.io/confidential-containers/charts/confidential-cont
 
 #### For remote (peer-pods)
 
+> [!NOTE]
+> Support for peer-pods requires installation using the [Cloud API Adaptor peer-pods helm charts](https://github.com/confidential-containers/cloud-api-adaptor/tree/main/src/cloud-api-adaptor/install/charts/peerpods) project.
+
 ```bash
 helm install coco oci://ghcr.io/confidential-containers/charts/confidential-containers \
   -f https://raw.githubusercontent.com/confidential-containers/charts/main/values/kata-remote.yaml \
@@ -63,6 +66,19 @@ helm install coco oci://ghcr.io/confidential-containers/charts/confidential-cont
 
 - Remote runtime (`kata-remote`) - peer-pods / Cloud API Adaptor integration
 
+#### For custom setups
+
+```bash
+helm install coco oci://ghcr.io/confidential-containers/charts/confidential-containers \
+  -f https://raw.githubusercontent.com/confidential-containers/charts/main/values/all-runtimeclasses-disabled.yaml \
+  --namespace coco-system \
+  --create-namespace
+```
+
+**What you get:**
+
+- No runtime classes installed by default.
+
 ### Installing from Local Repository (Development)
 
 If you're developing or customizing the chart:
@@ -309,12 +325,21 @@ helm install coco oci://ghcr.io/confidential-containers/charts/confidential-cont
        ```
 
 2. Install chart using your custom values file:
-   ```bash
-   helm install coco oci://ghcr.io/confidential-containers/charts/confidential-containers \
-     -f my-values.yaml \
-     --namespace coco-system \
-     --create-namespace
-   ```
+    1. Install with default **all runtime classes disabled** and enabled only explicitly from your values:
+       ```bash
+       helm install coco oci://ghcr.io/confidential-containers/charts/confidential-containers \
+         -f https://raw.githubusercontent.com/confidential-containers/charts/main/values/all-runtimeclasses-disabled.yaml \
+         -f my-values.yaml \
+         --namespace coco-system \
+         --create-namespace
+       ```
+    2. Install with **all runtimeclasses** enabled and customized using `my-values`:
+        ```bash
+        helm install coco oci://ghcr.io/confidential-containers/charts/confidential-containers \
+          -f my-values.yaml \
+          --namespace coco-system \
+          --create-namespace
+        ```
 
 ## Advanced Configuration
 

README.md

@@ -96,10 +96,13 @@ helm install coco oci://ghcr.io/confidential-containers/charts/confidential-cont
   --create-namespace
 ```
 
+> [!NOTE]
+> Support for peer-pods requires installation using the [Cloud API Adaptor peer-pods helm charts](https://github.com/confidential-containers/cloud-api-adaptor/tree/main/src/cloud-api-adaptor/install/charts/peerpods) project.
+
 ### Detailed Installation Instructions
 
-For complete installation instructions, customization options, and troubleshooting, see **[QUICKSTART.md](QUICKSTART.md)
-**, which includes:
+For complete installation instructions, customization options, and troubleshooting, see [QUICKSTART.md](QUICKSTART.md),
+which includes:
 
 - Installation from OCI registry and local chart
 - Common customizations (debug logging, node selectors, image pull policy, private registries, k8s distributions)
@@ -175,6 +178,9 @@ The available RuntimeClasses depend on the architecture:
 |---------------|-------------|
 | `kata-remote` | Peer-pods   |
 
+> [!NOTE]
+> Support for peer-pods requires installation using the [Cloud API Adaptor peer-pods helm charts](https://github.com/confidential-containers/cloud-api-adaptor/tree/main/src/cloud-api-adaptor/install/charts/peerpods) project.
+
 ### Verification
 
 ```bash
@@ -196,6 +202,7 @@ The chart provides architecture-specific kata runtime configuration files:
 - [values.yaml](./values.yaml): x86_64 defaults (SNP, TDX, and development shims)
 - [values/kata-s390x.yaml](./values/kata-s390x.yaml): IBM SE shim and development shims
 - [values/kata-remote.yaml](./values/kata-remote.yaml): Peer-pods
+- [values/all-runtimeclasses-disabled.yaml](./values/all-runtimeclasses-disabled.yaml): Disables all runtime classes (for custom setups)
 
 ### Key Configuration Parameters
 

values/all-runtimeclasses-disabled.yaml

@@ -0,0 +1,49 @@
+kata-as-coco-runtime:
+  shims:
+    clh:
+      enabled: false
+
+    cloud-hypervisor:
+      enabled: false
+
+    dragonball:
+      enabled: false
+
+    fc:
+      enabled: false
+
+    qemu:
+      enabled: false
+
+    qemu-cca:
+      enabled: false
+
+    qemu-coco-dev:
+      enabled: false
+
+    qemu-coco-dev-runtime-rs:
+      enabled: false
+
+    qemu-nvidia-gpu:
+      enabled: false
+
+    qemu-nvidia-gpu-snp:
+      enabled: false
+
+    qemu-nvidia-gpu-tdx:
+      enabled: false
+
+    qemu-runtime-rs:
+      enabled: false
+
+    qemu-se:
+      enabled: false
+
+    qemu-se-runtime-rs:
+      enabled: false
+
+    qemu-snp:
+      enabled: false
+
+    qemu-tdx:
+      enabled: false

values/kata-remote.yaml

@@ -10,16 +10,22 @@ kata-as-coco-runtime:
   k8sDistribution: k8s
 
   shims:
-    qemu-snp:
+    clh:
       enabled: false
 
-    qemu-tdx:
+    cloud-hypervisor:
       enabled: false
 
-    qemu-se:
+    dragonball:
       enabled: false
 
-    qemu-se-runtime-rs:
+    fc:
+      enabled: false
+
+    qemu:
+      enabled: false
+
+    qemu-cca:
       enabled: false
 
     qemu-coco-dev:
@@ -28,20 +34,26 @@ kata-as-coco-runtime:
     qemu-coco-dev-runtime-rs:
       enabled: false
 
-    clh:
+    qemu-nvidia-gpu:
       enabled: false
 
-    cloud-hypervisor:
+    qemu-nvidia-gpu-snp:
       enabled: false
 
-    dragonball:
+    qemu-nvidia-gpu-tdx:
       enabled: false
 
-    fc:
+    qemu-runtime-rs:
       enabled: false
 
-    qemu:
+    qemu-se:
       enabled: false
 
-    qemu-runtime-rs:
+    qemu-se-runtime-rs:
+      enabled: false
+
+    qemu-snp:
+      enabled: false
+
+    qemu-tdx:
       enabled: false