urunc-dev · spline2hg · Jan 22, 2026 · Jan 22, 2026 · Jan 22, 2026 · Jan 22, 2026
diff --git a/deployment/urunc-deploy/Dockerfile b/deployment/urunc-deploy/Dockerfile
@@ -95,6 +95,7 @@ COPY --from=intermediate /urunc-artifacts /urunc-artifacts
 COPY --from=intermediate /usr/bin/jq /usr/bin/jq
 COPY --from=intermediate /usr/bin/kubectl /usr/bin/kubectl
 COPY scripts/install.sh /urunc-artifacts/scripts/install.sh
+COPY config.toml /deployment/config.toml
 RUN apk update && \
     apk add --no-cache bash curl py3-pip && \
     pip install --no-cache-dir --break-system-packages yq==3.2.3 && \

diff --git a/deployment/urunc-deploy/config.toml b/deployment/urunc-deploy/config.toml
@@ -0,0 +1,33 @@
+# urunc configuration file generated by urunc-deploy
+
+[log]
+level = "info"
+syslog = false
+
+[timestamps]
+enabled = false
+
+[monitors.qemu]
+default_memory_mb = 256
+default_vcpus = 1
+path = "/opt/urunc/bin/qemu-system-x86_64"
+data_path = "/opt/urunc/share"
+
+[monitors.firecracker]
+default_memory_mb = 256
+default_vcpus = 1
+path = "/opt/urunc/bin/firecracker"
+
+[monitors.spt]
+default_memory_mb = 256
+default_vcpus = 1
+path = "/opt/urunc/bin/solo5-spt"
+
+[monitors.hvt]
+default_memory_mb = 256
+default_vcpus = 1
+path = "/opt/urunc/bin/solo5-hvt"
+
+[extra_binaries.virtiofsd]
+path = "/opt/urunc/libexec/virtiofsd"
+options = "--cache always --sandbox none"
diff --git a/deployment/urunc-deploy/scripts/install.sh b/deployment/urunc-deploy/scripts/install.sh
@@ -24,6 +24,14 @@ containerd_conf_tmpl_file=""
 use_containerd_drop_in_conf_file="false"
 containerd_drop_in_conf_file="/etc/containerd/config.d/urunc-deploy.toml"
 
+# urunc installation directories
+urunc_install_dir="/opt/urunc"
+urunc_bin_dir="${urunc_install_dir}/bin"
+urunc_share_dir="${urunc_install_dir}/share"
+urunc_libexec_dir="${urunc_install_dir}/libexec"
+urunc_config_dir="/etc/urunc"
+urunc_config_file="${urunc_config_dir}/config.toml"
+
 HYPERVISORS="${HYPERVISORS:-"firecracker qemu solo5-hvt solo5-spt"}"
 IFS=' ' read -a hypervisors <<< "$HYPERVISORS"
 
@@ -45,6 +53,9 @@ function install_artifact() {
 function install_artifacts() {
     echo "copying urunc artifacts onto host"
     mkdir -p /host/usr/local/bin
+    mkdir -p /host${urunc_bin_dir}
+    mkdir -p /host${urunc_share_dir}
+    mkdir -p /host${urunc_libexec_dir}
 
     install_artifact /urunc-artifacts/urunc /host/usr/local/bin/urunc
     install_artifact /urunc-artifacts/containerd-shim-urunc-v2 /host/usr/local/bin/containerd-shim-urunc-v2
@@ -58,23 +69,22 @@ function install_artifacts() {
             if which "qemu-system-$(uname -m)" >/dev/null 2>&1; then
                 echo "QEMU is already installed."
             else
-                install_artifact /urunc-artifacts/hypervisors/qemu-system-$(uname -m) /host/usr/local/bin/qemu-system-$(uname -m)
-                install_artifact /urunc-artifacts/libexec/virtiofsd /host/usr/libexec/virtiofsd
-                mkdir -p /host/usr/local/share/qemu/
-                cp -r /urunc-artifacts/opt/kata/share/kata-qemu/qemu /host/usr/local/share
+                install_artifact /urunc-artifacts/hypervisors/qemu-system-$(uname -m) /host${urunc_bin_dir}/qemu-system-$(uname -m)
+                install_artifact /urunc-artifacts/libexec/virtiofsd /host${urunc_libexec_dir}/virtiofsd
+                cp -r /urunc-artifacts/opt/kata/share/kata-qemu/qemu /host${urunc_share_dir}/
             fi
             ;;
         firecracker)
             echo "Installing firecracker"
-            install_artifact /urunc-artifacts/hypervisors/firecracker /host/usr/local/bin/firecracker
+            install_artifact /urunc-artifacts/hypervisors/firecracker /host${urunc_bin_dir}/firecracker
             ;;
         solo5-spt)
             echo "Installing solo5-spt"
-            install_artifact /urunc-artifacts/hypervisors/solo5-spt /host/usr/local/bin/solo5-spt
+            install_artifact /urunc-artifacts/hypervisors/solo5-spt /host${urunc_bin_dir}/solo5-spt
             ;;
         solo5-hvt)
             echo "Installing solo5-hvt"
-            install_artifact /urunc-artifacts/hypervisors/solo5-hvt /host/usr/local/bin/solo5-hvt
+            install_artifact /urunc-artifacts/hypervisors/solo5-hvt /host${urunc_bin_dir}/solo5-hvt
             ;;
         *)
             echo "Unsupported hypervisor: $hypervisor"
@@ -83,39 +93,21 @@ function install_artifacts() {
     done
 }
 
+function install_urunc_config() {
+    echo "Installing urunc configuration file"
+    mkdir -p /host${urunc_config_dir}
+    cp /deployment/config.toml /host${urunc_config_file}
+    echo "urunc configuration file installed at ${urunc_config_file}"
+}
+
 function remove_artifacts() {
+    # Remove urunc related artifacts
     rm -f /host/usr/local/bin/urunc
     rm -f /host/usr/local/bin/containerd-shim-urunc-v2
-    local hypervisors="${HYPERVISORS:-"firecracker qemu solo5-hvt solo5-spt"}"
-    for hypervisor in $hypervisors; do
-        case "$hypervisor" in
-        qemu)
-            if [ -e "/host/usr/local/bin/qemu-system-$(uname -m)" ]; then
-                rm -f "/host/usr/local/bin/qemu-system-$(uname -m)"
-                rm -rf /host/usr/local/share/qemu
-            fi
-            ;;
-        firecracker)
-            if [ -e "/host/usr/local/bin/firecracker" ]; then
-                rm -f "/host/usr/local/bin/firecracker"
-            fi
-            ;;
-        solo5-spt)
-            if [ -e "/host/usr/local/bin/solo5-spt" ]; then
-                rm -f "/host/usr/local/bin/solo5-spt"
-            fi
-            ;;
-        solo5-hvt)
-            if [ -e "/host/usr/local/bin/solo5-hvt" ]; then
-                rm -f "/host/usr/local/bin/solo5-hvt"
-            fi
-            ;;
-        *)
-            echo "Unsupported hypervisor: $hypervisor"
-            ;;
-        esac
-    done
-}
+
+    rm -rf /host${urunc_install_dir}
+    rm -rf /host${urunc_config_dir}
+    }
 
 
 die() {
@@ -377,6 +369,7 @@ function main() {
                 fi
             fi
             install_artifacts
+            install_urunc_config
             configure_cri_runtime "$runtime"
             kubectl label node "$NODE_NAME" --overwrite urunc.io/urunc-runtime=true
             echo "urunc-deploy completed successfully"

diff --git a/docs/installation.md b/docs/installation.md
@@ -355,7 +355,7 @@ path = "/opt/urunc/bin/solo5-hvt"
 path = "/opt/urunc/bin/solo5-spt"
 
 [extra_binaries.virtiofsd]
-path = "/opt/urunc/bin/virtiofsd"
+path = "/opt/urunc/libexec/virtiofsd"
 ```
 
 ### Option 2: Fetching or building from source

diff --git a/docs/tutorials/How-to-urunc-on-k8s.md b/docs/tutorials/How-to-urunc-on-k8s.md
@@ -95,7 +95,7 @@ kubectl get pods
 
 [`urunc-deploy`](https://github.com/urunc-dev/urunc/tree/main/deployment/urunc-deploy) provides a Dockerfile, which contains all of the binaries
 and artifacts required to run `urunc`, as well as reference DaemonSets, which can
-be utilized to install `urunc` runtime  on a running Kubernetes cluster.
+be utilized to install `urunc` runtime on a running Kubernetes cluster.
 
 ### urunc-deploy in k3s
 
@@ -174,23 +174,30 @@ Now, we can create new `urunc` deployments using the [instruction provided in ma
 `urunc-deploy` consists of several components and steps that install `urunc` along with the supported hypervisors,
 configure `containerd` and Kubernetes (k8s) to use `urunc`, and provide a simple way to remove those components from the cluster.
 
+The daemonset automatically installs all required artifacts under `/opt/urunc` and configures `urunc` via a configuration file at `/etc/urunc/config.toml`.
+
 During installation, the following steps take place:
 
 - A RBAC role is created to allow `urunc-deploy` to run with privileged access.
 - The `urunc-deploy` Pod is deployed with privileges on the host, and the `containerd` configuration is mounted inside the Pod.
 - `urunc-deploy` performs the following tasks:
-    * Copies `urunc` and hypervisor binaries to the host under `usr/local/bin`.
+    * Copies `urunc` and `containerd-shim-urunc-v2` binaries to the host under `/usr/local/bin`.
+    * Copies hypervisor binaries to the host under `/opt/urunc/bin`.
+    * Copies QEMU data files to `/opt/urunc/share`.
+    * Installs a configuration file at `/etc/urunc/config.toml`.
     * Creates a backup of the current `containerd` configuration file.
     * Edits the `containerd` configuration file to add `urunc` as a supported runtime.
     * Restarts `containerd`, if necessary.
     * Labels the Node with label `urunc.io/urunc-runtime=true`.
 - Finally, `urunc` is added as a runtime class in k8s.
 
-> Note: `urunc-deploy` will install a static version of QEMU in `/usr/local/bin/` along with the QEMU BIOS files in `/usr/local/share/`. Therefore, files with the same names under these directories will get overwritten.
+> Note: `urunc-deploy` will install a static version of QEMU in `/opt/urunc/bin/` along with the QEMU BIOS files in `/opt/urunc/share/`. If QEMU is already installed system-wide, `urunc-deploy` will skip installation and use the existing QEMU binary.
 
 During cleanup, these changes are reverted:
 
-- The `urunc` and hypervisor binaries are deleted.
+- The `urunc` and `containerd-shim-urunc-v2` binaries are deleted from `/usr/local/bin`.
+- The `/opt/urunc` directory containing hypervisor binaries and QEMU data files is deleted.
+- The `/etc/urunc` configuration directory is deleted.
 - The `containerd` configuration file is restored to the pre-`urunc-deploy` state.
 - The `urunc.io/urunc-runtime=true` label is removed from the Node.
 - The RBAC role, the `urunc-deploy` Pod and the runtime class are removed.