Use kubernetes device-ownership setting

[vigh-m]

Description of changes:

• Extends packages/containerd/containerd-config-toml_k8s_containerd_sock to support the new setting being added in feat: Add kubernetes device ownership bottlerocket-settings-sdk#69. This is to support the same setting in the containerd CRI plugin as described here

Testing done:

• The setting shows up as expected in an AMI built using this settings-sdk

  # apiclient get settings.kubernetes.device-ownership-from-security-context
  {
    "settings": {
      "kubernetes": {
        "device-ownership-from-security-context": false
      }
    }
  }
  

• Changing the setting works as defined:

  [root@admin]# apiclient set settings.kubernetes.device-ownership-from-security-context="true"
  [root@admin]# apiclient get settings.kubernetes.device-ownership-from-security-context
  {
    "settings": {
      "kubernetes": {
        "device-ownership-from-security-context": true
      }
    }
  }
  [root@admin]# sheltie cat /etc/containerd/config.toml | grep device
  device_ownership_from_security_context = true
  

• The setting has the desired effect on device ownership

  • When true:

    # kubectl exec -it single-node-test -- bash
    ubuntu@single-node-test:/$ ls -lah /dev/ | grep neuron
    crw-------. 1 ubuntu 2000 244, 0 Dec 20 00:25 neuron0
    

  • When false:

    # kubectl exec -it single-node-test -- bash
    ubuntu@single-node-test:/$ ls -lah /dev/ | grep neuron
    crw-------. 1 root root 244, 0 Dec 19 20:03 neuron0
    

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.