Open nirs opened 3 weeks ago
cfergeau
commented
3 weeks ago This was discussed in https://github.com/crc-org/vfkit/issues/144
The main issue with this is indeed the com.apple.vm.networking requirement.
If your signing keys can enable this entitlement, you can give a try to https://github.com/cfergeau/vfkit/tree/bridge
I haven't been able to test this myself.
nirs
commented
3 weeks ago Thanks! I think this code is valuable even if it does not work for github build. Can we integrate it with a build option, so it is possible to build a version with bridge support?
cfergeau
commented
1 week ago Yes we can add it so that people with the right entitlement can enable it. I'd prefer to get confirmation the code works though before merging it, but I don't have the required entitlement :(
nirs
commented
1 week ago I know that UTM (at least when installed from the app store) have such entitlement, so this is not impossible to do. I think this will the best way for long term.
We can document that bridge network is experimental.
cfergeau
commented
1 week ago I know that UTM (at least when installed from the app store) have such entitlement, so this is not impossible to do.
I'm trying to get this entitlement for vfkit, let's wait a few weeks to see how this works out.
It would be useful to have a shared network like lima:shared via socket_vmnet.
Requirements:
Use case: create multiple k8s clusters for testing managed by OCM. This can be used to test application running on OpenShift and ACM on a laptop. This is possible with minikube and libvirt driver on Linux, and we want to make it possible to do the same using new vfkit driver in minikube.
Looks like gvisor-tap-vsock cannot provide this: https://github.com/containers/gvisor-tap-vsock/issues/383
It seems that the key to get this working is using VZBridgedNetworkDeviceAttachment which is not exposed by vfkit. I understand that his requires code signing with com.apple.vm.networking entitlement, so it may not work for pre-built executables, but can we get this working by building and code signing the executable locally? Our use case is developers and building and code-signing can be automated.