From 8ae08e7fb0b98396db780b9880726ab858b670ee Mon Sep 17 00:00:00 2001 From: Alex Lyn Date: Mon, 15 Jun 2026 15:47:25 +0800 Subject: [PATCH] runtime-rs: Add dan_conf to allow network devices in host netns for qemu Network devices for VM-based containers are allowed to be placed in the host netns to eliminate as many hops as possible, which is what we aim for to achieve near-native networking performance. This commit introduces the `dan_conf` field to the configuration file. This allows the runtime to specify the configuration path for Direct Attached Network (DAN) devices, enabling interfaces to remain in the host network namespace while being utilized by the VM-based(qemu) containers. Signed-off-by: Alex Lyn --- .../configuration-qemu-coco-dev-runtime-rs.toml.in | 9 +++++++++ .../configuration-qemu-nvidia-gpu-runtime-rs.toml.in | 9 +++++++++ .../configuration-qemu-nvidia-gpu-snp-runtime-rs.toml.in | 9 +++++++++ .../configuration-qemu-nvidia-gpu-tdx-runtime-rs.toml.in | 9 +++++++++ .../config/configuration-qemu-runtime-rs.toml.in | 9 +++++++++ .../config/configuration-qemu-se-runtime-rs.toml.in | 9 +++++++++ src/runtime-rs/config/configuration-remote.toml.in | 9 +++++++++ src/runtime-rs/config/configuration-rs-fc.toml.in | 9 +++++++++ 8 files changed, 72 insertions(+) diff --git a/src/runtime-rs/config/configuration-qemu-coco-dev-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-coco-dev-runtime-rs.toml.in index 22b1dfd056..437cd740c4 100644 --- a/src/runtime-rs/config/configuration-qemu-coco-dev-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-coco-dev-runtime-rs.toml.in @@ -708,3 +708,12 @@ experimental = @DEFAULTEXPFEATURES@ # If enabled, user can run pprof tools with shim v2 process through kata-monitor. # (default: false) enable_pprof = false + +# Base directory of directly attachable network config. +# Network devices for VM-based containers are allowed to be placed in the +# host netns to eliminate as many hops as possible, which is what we +# called a "Directly Attachable Network". The config, set by special CNI +# plugins, is used to tell the Kata containers what devices are attached +# to the hypervisor. +# (default: /run/kata-containers/dans) +dan_conf = "@DEFDANCONF@" diff --git a/src/runtime-rs/config/configuration-qemu-nvidia-gpu-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-nvidia-gpu-runtime-rs.toml.in index c7edc39963..3738301bcd 100644 --- a/src/runtime-rs/config/configuration-qemu-nvidia-gpu-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-nvidia-gpu-runtime-rs.toml.in @@ -823,6 +823,15 @@ experimental = @DEFAULTEXPFEATURES@ # (default: false) enable_pprof = false +# Base directory of directly attachable network config. +# Network devices for VM-based containers are allowed to be placed in the +# host netns to eliminate as many hops as possible, which is what we +# called a "Directly Attachable Network". The config, set by special CNI +# plugins, is used to tell the Kata containers what devices are attached +# to the hypervisor. +# (default: /run/kata-containers/dans) +dan_conf = "@DEFDANCONF@" + # kubelet_root_dir is the kubelet root directory used to match ConfigMap/Secret # volume paths for propagation. Override for distros that use a different path # (e.g. k0s: /var/lib/k0s/kubelet). diff --git a/src/runtime-rs/config/configuration-qemu-nvidia-gpu-snp-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-nvidia-gpu-snp-runtime-rs.toml.in index 7f90fb11c8..06f7a2e9f9 100644 --- a/src/runtime-rs/config/configuration-qemu-nvidia-gpu-snp-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-nvidia-gpu-snp-runtime-rs.toml.in @@ -755,6 +755,15 @@ experimental = @DEFAULTEXPFEATURES@ # (default: false) enable_pprof = false +# Base directory of directly attachable network config. +# Network devices for VM-based containers are allowed to be placed in the +# host netns to eliminate as many hops as possible, which is what we +# called a "Directly Attachable Network". The config, set by special CNI +# plugins, is used to tell the Kata containers what devices are attached +# to the hypervisor. +# (default: /run/kata-containers/dans) +dan_conf = "@DEFDANCONF@" + # kubelet_root_dir is the kubelet root directory used to match ConfigMap/Secret # volume paths for propagation. Override for distros that use a different path # (e.g. k0s: /var/lib/k0s/kubelet). diff --git a/src/runtime-rs/config/configuration-qemu-nvidia-gpu-tdx-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-nvidia-gpu-tdx-runtime-rs.toml.in index 1a70a7bd8d..9ae7041cc5 100644 --- a/src/runtime-rs/config/configuration-qemu-nvidia-gpu-tdx-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-nvidia-gpu-tdx-runtime-rs.toml.in @@ -731,6 +731,15 @@ experimental = @DEFAULTEXPFEATURES@ # (default: false) enable_pprof = false +# Base directory of directly attachable network config. +# Network devices for VM-based containers are allowed to be placed in the +# host netns to eliminate as many hops as possible, which is what we +# called a "Directly Attachable Network". The config, set by special CNI +# plugins, is used to tell the Kata containers what devices are attached +# to the hypervisor. +# (default: /run/kata-containers/dans) +dan_conf = "@DEFDANCONF@" + # kubelet_root_dir is the kubelet root directory used to match ConfigMap/Secret # volume paths for propagation. Override for distros that use a different path # (e.g. k0s: /var/lib/k0s/kubelet). diff --git a/src/runtime-rs/config/configuration-qemu-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-runtime-rs.toml.in index 0ae06f27c4..47adda3409 100644 --- a/src/runtime-rs/config/configuration-qemu-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-runtime-rs.toml.in @@ -798,3 +798,12 @@ experimental = @DEFAULTEXPFEATURES@ # If enabled, user can run pprof tools with shim v2 process through kata-monitor. # (default: false) enable_pprof = false + +# Base directory of directly attachable network config. +# Network devices for VM-based containers are allowed to be placed in the +# host netns to eliminate as many hops as possible, which is what we +# called a "Directly Attachable Network". The config, set by special CNI +# plugins, is used to tell the Kata containers what devices are attached +# to the hypervisor. +# (default: /run/kata-containers/dans) +dan_conf = "@DEFDANCONF@" diff --git a/src/runtime-rs/config/configuration-qemu-se-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-se-runtime-rs.toml.in index 1421b47ff1..7b3d1649e4 100644 --- a/src/runtime-rs/config/configuration-qemu-se-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-se-runtime-rs.toml.in @@ -684,3 +684,12 @@ experimental = @DEFAULTEXPFEATURES@ # If enabled, user can run pprof tools with shim v2 process through kata-monitor. # (default: false) enable_pprof = false + +# Base directory of directly attachable network config. +# Network devices for VM-based containers are allowed to be placed in the +# host netns to eliminate as many hops as possible, which is what we +# called a "Directly Attachable Network". The config, set by special CNI +# plugins, is used to tell the Kata containers what devices are attached +# to the hypervisor. +# (default: /run/kata-containers/dans) +dan_conf = "@DEFDANCONF@" diff --git a/src/runtime-rs/config/configuration-remote.toml.in b/src/runtime-rs/config/configuration-remote.toml.in index baf60df1e3..0fd48a667b 100644 --- a/src/runtime-rs/config/configuration-remote.toml.in +++ b/src/runtime-rs/config/configuration-remote.toml.in @@ -286,3 +286,12 @@ experimental = @DEFAULTEXPFEATURES@ # If enabled, user can run pprof tools with shim v2 process through kata-monitor. # (default: false) enable_pprof = false + +# Base directory of directly attachable network config. +# Network devices for VM-based containers are allowed to be placed in the +# host netns to eliminate as many hops as possible, which is what we +# called a "Directly Attachable Network". The config, set by special CNI +# plugins, is used to tell the Kata containers what devices are attached +# to the hypervisor. +# (default: /run/kata-containers/dans) +dan_conf = "@DEFDANCONF@" diff --git a/src/runtime-rs/config/configuration-rs-fc.toml.in b/src/runtime-rs/config/configuration-rs-fc.toml.in index 881e3bd407..3b47687513 100644 --- a/src/runtime-rs/config/configuration-rs-fc.toml.in +++ b/src/runtime-rs/config/configuration-rs-fc.toml.in @@ -432,3 +432,12 @@ experimental = @DEFAULTEXPFEATURES@ # If enabled, user can run pprof tools with shim v2 process through kata-monitor. # (default: false) enable_pprof = false + +# Base directory of directly attachable network config. +# Network devices for VM-based containers are allowed to be placed in the +# host netns to eliminate as many hops as possible, which is what we +# called a "Directly Attachable Network". The config, set by special CNI +# plugins, is used to tell the Kata containers what devices are attached +# to the hypervisor. +# (default: /run/kata-containers/dans) +dan_conf = "@DEFDANCONF@"