FreeBSD: CNI plugins #2429

akhramov · 2023-08-10T18:55:26Z

FreeBSD has the CNI plugins ported:
https://www.freshports.org/net/containernetworking-plugins/. This allows us to enable CNI networking for FreeBSD containers.

This change adapts the existing linux codebase to work on freebsd:

containerutil: use nullfs instead of bind mounts for resolv.conf, etc.
ocihook: freebsd's bridge plugin uses jail names in contrast to linux's network namespace usages

akhramov · 2023-08-10T18:55:41Z

Depends on: samuelkarp/runj#46

akhramov · 2023-08-26T22:30:09Z

re: CI failures.
https://app.vagrantup.com/generic/boxes/freebsd13 is FreeBSD 13.1. We need at least 13.2. I'm looking into what can be done.

AkihiroSuda · 2023-09-04T00:09:01Z

re: CI failures.
https://app.vagrantup.com/generic/boxes/freebsd13 is FreeBSD 13.1. We need at least 13.2. I'm looking into what can be done.

Does this work? (With installing vbox to CI)
https://app.vagrantup.com/freebsd/boxes/FreeBSD-13.2-RELEASE

AkihiroSuda · 2023-09-06T10:43:06Z

CI failing

    default: Nerdctl is up and running.
    default: + /root/go/bin/nerdctl run --rm dougrabson/freebsd-small:13 nc -zw1 1.1.1.1 443
The SSH command responded with a non-zero exit status. Vagrant
assumes that this means the command failed. The output for this command
should be in the log above. Please read the output to determine what
went wrong.
Error: Process completed with exit code 1.

https://github.com/containerd/nerdctl/actions/runs/6077164574/job/16486397831?pr=2429

akhramov · 2023-09-06T10:45:37Z

Yes, I am trying to repro it locally. Looks like there's no internet connection within the container :)

AkihiroSuda · 2023-09-12T04:27:44Z

Vagrantfile.freebsd

+            }
+          }
+        }
+        EOF


Maybe nerdctl should create this automatically to simplify the setup process

AkihiroSuda · 2023-09-12T04:28:24Z

Vagrantfile.freebsd

+        EOF
+
+        service pf onestart
+


Could you add this config to docs too?

AkihiroSuda · 2023-09-22T18:09:50Z

pkg/ocihook/ocihook_nonfreebsd.go

This should be ocihook_linux.go, as the code is specific to Linux

FreeBSD has the CNI plugins ported: https://www.freshports.org/net/containernetworking-plugins/. This allows us to enable CNI networking for FreeBSD containers. This change adapts the existing linux codebase to work on freebsd: - containerutil: use nullfs instead of bind mounts for resolv.conf, etc. - ocihook: freebsd's bridge plugin uses jail names in contrast to linux's network namespace usages - container creation: configure runj runtime to create vnet jails by default Signed-off-by: Artem Khramov <akhramov@pm.me>

AkihiroSuda added this to the v1.5.1 (tentative) milestone Aug 11, 2023

AkihiroSuda added platform/FreeBSD FreeBSD area/network labels Aug 11, 2023

akhramov force-pushed the feature/CNI-jails branch 6 times, most recently from 7ae4ecb to 208fb83 Compare August 26, 2023 22:24

akhramov force-pushed the feature/CNI-jails branch 9 times, most recently from 443bd6d to 55a8b65 Compare September 4, 2023 19:52

akhramov force-pushed the feature/CNI-jails branch 2 times, most recently from be5647b to 6cd21f3 Compare September 9, 2023 07:04

AkihiroSuda modified the milestones: v1.5.1, v1.5.2 Sep 11, 2023

AkihiroSuda reviewed Sep 12, 2023

View reviewed changes

Vagrantfile.freebsd

EOF

service pf onestart

Copy link

Member

AkihiroSuda Sep 12, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add this config to docs too?

akhramov reacted with thumbs up emoji

akhramov force-pushed the feature/CNI-jails branch from 6cd21f3 to 23348db Compare September 22, 2023 17:54

akhramov force-pushed the feature/CNI-jails branch from 23348db to 70267b6 Compare September 22, 2023 18:07

AkihiroSuda reviewed Sep 22, 2023

View reviewed changes

pkg/ocihook/ocihook_nonfreebsd.go Outdated

Copy link

Member

AkihiroSuda Sep 22, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be ocihook_linux.go, as the code is specific to Linux

akhramov force-pushed the feature/CNI-jails branch from 70267b6 to e663e69 Compare September 22, 2023 18:11

AkihiroSuda removed this from the v1.6.1 (tentative) milestone Oct 8, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

FreeBSD: CNI plugins #2429

FreeBSD: CNI plugins #2429

akhramov commented Aug 10, 2023

akhramov commented Aug 10, 2023

akhramov commented Aug 26, 2023

AkihiroSuda commented Sep 4, 2023

AkihiroSuda commented Sep 6, 2023

akhramov commented Sep 6, 2023

AkihiroSuda Sep 12, 2023

AkihiroSuda Sep 12, 2023

AkihiroSuda Sep 22, 2023

FreeBSD: CNI plugins #2429

Are you sure you want to change the base?

FreeBSD: CNI plugins #2429

Conversation

akhramov commented Aug 10, 2023

akhramov commented Aug 10, 2023

akhramov commented Aug 26, 2023

AkihiroSuda commented Sep 4, 2023

AkihiroSuda commented Sep 6, 2023

akhramov commented Sep 6, 2023

AkihiroSuda Sep 12, 2023

Choose a reason for hiding this comment

AkihiroSuda Sep 12, 2023

Choose a reason for hiding this comment

AkihiroSuda Sep 22, 2023

Choose a reason for hiding this comment