-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support shared network #180
Comments
This was discussed in #144 |
Thanks! I think this code is valuable even if it does not work for github build. Can we integrate it with a build option, so it is possible to build a version with bridge support? |
Yes we can add it so that people with the right entitlement can enable it. I'd prefer to get confirmation the code works though before merging it, but I don't have the required entitlement :( |
I know that UTM (at least when installed from the app store) have such entitlement, so this is not impossible to do. I think this will the best way for long term. We can document that bridge network is experimental. |
I'm trying to get this entitlement for vfkit, let's wait a few weeks to see how this works out. |
This did not work out so well, either I did not file my request in the right place, or they did not understand what I was asking for :-/ In short, I still do not have access to this entitlement. |
See Code-Hex/vz#180 (comment) |
Yes, I mentioned socket_vmnet it in the description. There are 2 issues with this solution:
socket_vmnet supports now only the qemu socket device (
Instead of:
This leads to poor performance and high cpu usage since every packet is copied twice, once over the unix socket, and again over the unixgram socket. Lima packet forwarding: This is even worse because socket_vmnet is implementing a virtual hub instead of a virtual switch. It forwards packets to all vms connected to the daemon, so every packets is duplicated N times. You can check the issue here: Even if socket_vmnet fixes the issue with multiple vms, it is still 10 times slower than VZBridgedNetworkDeviceAttachment. I tested this configurations:
We use lima with socket_vmnet and 3 vms and it is good enough for testing DR flows locally, but we don't have much choices. So the best solution is using the entitlement. This many work only if vfkit is installed via the app store, but I think this is good enough. I'm not sure Apple will be happy with this but we should try. If this is not possible we can use a helper to connect the a unix datagram socket to vmnet network, or socket_vment if lima-vm/socket_vmnet#77 is implemented. |
try this: https://github.com/njhsi/macos-virtio-net.git |
Turns out that UTM installed from brew has "com.apple.vm.networking" entitlement: |
It would be useful to have a shared network like lima:shared via socket_vmnet.
Requirements:
Use case: create multiple k8s clusters for testing managed by OCM. This can be used to test application running on OpenShift and ACM on a laptop. This is possible with minikube and libvirt driver on Linux, and we want to make it possible to do the same using new vfkit driver in minikube.
Looks like gvisor-tap-vsock cannot provide this: containers/gvisor-tap-vsock#383
It seems that the key to get this working is using VZBridgedNetworkDeviceAttachment which is not exposed by vfkit. I understand that his requires code signing with com.apple.vm.networking entitlement, so it may not work for pre-built executables, but can we get this working by building and code signing the executable locally? Our use case is developers and building and code-signing can be automated.
The text was updated successfully, but these errors were encountered: