From 97845c93d8cd619fa75aa4ca679a63cfef0cc3f5 Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Tue, 7 Nov 2023 00:49:21 -0800 Subject: [PATCH 1/3] network: Fix network hotplug for ipvlan and macvlan endpoints. Since moving from network coldplug to hotplug, the only case verified was veth endpoints. Support for network hotplug for ipvlan and macvlan was broken/not added. Fix it. Fixes: #8391 Signed-off-by: Archana Shinde (cherry picked from commit a6272733e7e2e1fe27da3714644c7483cb0923f5) --- src/runtime/virtcontainers/qemu.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/runtime/virtcontainers/qemu.go b/src/runtime/virtcontainers/qemu.go index 03b5fa676a..3ab0747484 100644 --- a/src/runtime/virtcontainers/qemu.go +++ b/src/runtime/virtcontainers/qemu.go @@ -1884,9 +1884,8 @@ func (q *qemu) hotplugNetDevice(ctx context.Context, endpoint Endpoint, op Opera var tap TapInterface switch endpoint.Type() { - case VethEndpointType: - drive := endpoint.(*VethEndpoint) - tap = drive.NetPair.TapInterface + case VethEndpointType, IPVlanEndpointType, MacvlanEndpointType, TuntapEndpointType: + tap = endpoint.NetworkPair().TapInterface case TapEndpointType: drive := endpoint.(*TapEndpoint) tap = drive.TapInterface From 4667b837c8541e9c1685eac254cb802baf93d077 Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Thu, 2 Nov 2023 12:17:32 -0700 Subject: [PATCH 2/3] tests: Add test with nerdctl to verify ipvlan support Add test to verify kata supports ipvlan networks. This test can be bit tricky as it requires knowledge about host interfaces to be used as a master for the ipvlan network. However, with github actions, we can assume interface called eth0 to be present on the host and functioning. Fixes: #8366 Signed-off-by: Archana Shinde (cherry picked from commit 07db673eb9066f8ff4953911397686b8ca67c10d) --- tests/integration/nerdctl/gha-run.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/integration/nerdctl/gha-run.sh b/tests/integration/nerdctl/gha-run.sh index c4803d5db5..7a6c7ebaaf 100644 --- a/tests/integration/nerdctl/gha-run.sh +++ b/tests/integration/nerdctl/gha-run.sh @@ -68,6 +68,16 @@ function run() { info "Running nerdctl with Kata Containers (${KATA_HYPERVISOR})" sudo nerdctl run --rm --runtime io.containerd.kata-${KATA_HYPERVISOR}.v2 --entrypoint nping instrumentisto/nmap --tcp-connect -c 2 -p 80 www.github.com + + parent_interface="eth0" + # The following creates an ipvlan network with eth0 on host as parent. The test assumes + # that an interface called eth0 exists on the host. + ipvlan_net_name="ipvlan10" + info "Creating ipvlan network with eth0 interface on host as parent" + sudo nerdctl network create ${ipvlan_net_name=} --driver ipvlan --subnet=10.5.74.0/24 -o parent=${parent_interface} + + info "Running nerdctl with Kata Containers (${KATA_HYPERVISOR}) and ipvlan network" + sudo nerdctl run --rm --net ${ipvlan_net_name} --runtime io.containerd.kata-${KATA_HYPERVISOR}.v2 alpine ip a | grep "eth0" } function main() { From 08152dd4684a043ee33d42c24fb33fc7be851ffd Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Tue, 7 Nov 2023 00:59:22 -0800 Subject: [PATCH 3/3] tests: Add test with nerdctl to verify macvlan support Add test to verify kata supports macvlan networks. Signed-off-by: Archana Shinde (cherry picked from commit c075fa6817c501eed106e77f07050e2633f1fd2c) --- tests/integration/nerdctl/gha-run.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/integration/nerdctl/gha-run.sh b/tests/integration/nerdctl/gha-run.sh index 7a6c7ebaaf..e867d6c2e9 100644 --- a/tests/integration/nerdctl/gha-run.sh +++ b/tests/integration/nerdctl/gha-run.sh @@ -78,6 +78,15 @@ function run() { info "Running nerdctl with Kata Containers (${KATA_HYPERVISOR}) and ipvlan network" sudo nerdctl run --rm --net ${ipvlan_net_name} --runtime io.containerd.kata-${KATA_HYPERVISOR}.v2 alpine ip a | grep "eth0" + + # The following creates an ipvlan network with eth0 on host as parent. + macvlan_net_name="macvlan20" + info "Creating macvlan network with eth0 interface on host as parent" + sudo nerdctl network create ${macvlan_net_name=} --driver ipvlan --subnet=10.8.0.0/24 -o parent=${parent_interface} + + info "Running nerdctl with Kata Containers (${KATA_HYPERVISOR}) and macvlan network" + sudo nerdctl run --rm --net ${macvlan_net_name} --runtime io.containerd.kata-${KATA_HYPERVISOR}.v2 alpine ip a | grep "eth0" + } function main() {