From a6272733e7e2e1fe27da3714644c7483cb0923f5 Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Tue, 7 Nov 2023 00:49:21 -0800 Subject: [PATCH 1/3] network: Fix network hotplug for ipvlan and macvlan endpoints. Since moving from network coldplug to hotplug, the only case verified was veth endpoints. Support for network hotplug for ipvlan and macvlan was broken/not added. Fix it. Fixes: #8391 Signed-off-by: Archana Shinde --- src/runtime/virtcontainers/qemu.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/runtime/virtcontainers/qemu.go b/src/runtime/virtcontainers/qemu.go index 6c052a86a9..6fc6416c7c 100644 --- a/src/runtime/virtcontainers/qemu.go +++ b/src/runtime/virtcontainers/qemu.go @@ -1895,9 +1895,8 @@ func (q *qemu) hotplugNetDevice(ctx context.Context, endpoint Endpoint, op Opera var tap TapInterface switch endpoint.Type() { - case VethEndpointType: - drive := endpoint.(*VethEndpoint) - tap = drive.NetPair.TapInterface + case VethEndpointType, IPVlanEndpointType, MacvlanEndpointType, TuntapEndpointType: + tap = endpoint.NetworkPair().TapInterface case TapEndpointType: drive := endpoint.(*TapEndpoint) tap = drive.TapInterface From 07db673eb9066f8ff4953911397686b8ca67c10d Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Thu, 2 Nov 2023 12:17:32 -0700 Subject: [PATCH 2/3] tests: Add test with nerdctl to verify ipvlan support Add test to verify kata supports ipvlan networks. This test can be bit tricky as it requires knowledge about host interfaces to be used as a master for the ipvlan network. However, with github actions, we can assume interface called eth0 to be present on the host and functioning. Fixes: #8366 Signed-off-by: Archana Shinde --- tests/integration/nerdctl/gha-run.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/integration/nerdctl/gha-run.sh b/tests/integration/nerdctl/gha-run.sh index c4803d5db5..7a6c7ebaaf 100644 --- a/tests/integration/nerdctl/gha-run.sh +++ b/tests/integration/nerdctl/gha-run.sh @@ -68,6 +68,16 @@ function run() { info "Running nerdctl with Kata Containers (${KATA_HYPERVISOR})" sudo nerdctl run --rm --runtime io.containerd.kata-${KATA_HYPERVISOR}.v2 --entrypoint nping instrumentisto/nmap --tcp-connect -c 2 -p 80 www.github.com + + parent_interface="eth0" + # The following creates an ipvlan network with eth0 on host as parent. The test assumes + # that an interface called eth0 exists on the host. + ipvlan_net_name="ipvlan10" + info "Creating ipvlan network with eth0 interface on host as parent" + sudo nerdctl network create ${ipvlan_net_name=} --driver ipvlan --subnet=10.5.74.0/24 -o parent=${parent_interface} + + info "Running nerdctl with Kata Containers (${KATA_HYPERVISOR}) and ipvlan network" + sudo nerdctl run --rm --net ${ipvlan_net_name} --runtime io.containerd.kata-${KATA_HYPERVISOR}.v2 alpine ip a | grep "eth0" } function main() { From c075fa6817c501eed106e77f07050e2633f1fd2c Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Tue, 7 Nov 2023 00:59:22 -0800 Subject: [PATCH 3/3] tests: Add test with nerdctl to verify macvlan support Add test to verify kata supports macvlan networks. Signed-off-by: Archana Shinde --- tests/integration/nerdctl/gha-run.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/integration/nerdctl/gha-run.sh b/tests/integration/nerdctl/gha-run.sh index 7a6c7ebaaf..e867d6c2e9 100644 --- a/tests/integration/nerdctl/gha-run.sh +++ b/tests/integration/nerdctl/gha-run.sh @@ -78,6 +78,15 @@ function run() { info "Running nerdctl with Kata Containers (${KATA_HYPERVISOR}) and ipvlan network" sudo nerdctl run --rm --net ${ipvlan_net_name} --runtime io.containerd.kata-${KATA_HYPERVISOR}.v2 alpine ip a | grep "eth0" + + # The following creates an ipvlan network with eth0 on host as parent. + macvlan_net_name="macvlan20" + info "Creating macvlan network with eth0 interface on host as parent" + sudo nerdctl network create ${macvlan_net_name=} --driver ipvlan --subnet=10.8.0.0/24 -o parent=${parent_interface} + + info "Running nerdctl with Kata Containers (${KATA_HYPERVISOR}) and macvlan network" + sudo nerdctl run --rm --net ${macvlan_net_name} --runtime io.containerd.kata-${KATA_HYPERVISOR}.v2 alpine ip a | grep "eth0" + } function main() {