Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability to set mode=private to a macvlan interface. #1154

Merged
merged 4 commits into from
Mar 1, 2025
Merged

Add ability to set mode=private to a macvlan interface. #1154

merged 4 commits into from
Mar 1, 2025

Conversation

farsonic
Copy link
Contributor

@farsonic farsonic commented Feb 20, 2025
edited by korbit-ai bot
Loading

As discussed in in open issues this is a pull-request to add mode=private to a MACVLAN interfaces, completing all current available options for this type of interface.

Summary by CodeRabbit

  • New Features

    • Introduced a new "private" network interface mode that enables users to configure virtual machines with private networking options.

  • Documentation

    • Updated documentation to explain the behavior of private networking, including how packets are routed through external bridges and routers under this mode.

Description by Korbit AI

What change is being made?

Add support for setting a macvlan interface to mode 'private' in the libvirt domain configuration.

Why are these changes being made?

Previously, the libvirt provider did not support the 'private' mode for macvlan interfaces, preventing users from configuring this networking mode for increased isolation and security within the same host environment. This change addresses the need for more versatile network configuration options by enabling the use of 'private' mode, ensuring that packets are only delivered to virtual machines on the same host through an external router or gateway, if applicable.

Is this description stale? Ask me to generate a new description by commenting /korbit-generate-pr-description

korbit-ai[bot]
korbit-ai bot reviewed Feb 28, 2025
View reviewed changes
Copy link

@korbit-ai korbit-ai bot left a comment
edited by dmacvicar
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've completed my review and didn't find any issues...

farsonic added 3 commits March 1, 2025 01:18
@farsonic @dmacvicar
Update resource_libvirt_domain.go
5db57b0 
Added ability to support mode=private to MACVTAP interface creation.
@farsonic @dmacvicar
Update domain.go
0933f7c 
Added ability to define mode=private to MACVTAP interface
@farsonic @dmacvicar
Update resource_libvirt_domain.go
1a33ece 
Added ability to add mode=private
Repository owner deleted a comment from coderabbitai bot Mar 1, 2025
Repository owner deleted a comment from coderabbitai bot Mar 1, 2025
@dmacvicar
Copy link
Owner

Just for my own context in the future:

The network_interface block in our schema is flattened. This means vepa, macvtap, passthrough represent a device, which then gets converted to libvirt source.direct.dev in all cases, with a differerent mode.

I don't like this, but it is not something we will change in the domain schema (may be a v2).

Adding a private one just follows this approach and should be harmless.

Repository owner deleted a comment from coderabbitai bot Mar 1, 2025
@dmacvicar dmacvicar merged commit c6406ac into dmacvicar:main Mar 1, 2025
5 checks passed
@dmacvicar
Copy link
Owner

Thanks for the contribution 🙏

@BrewTestBot BrewTestBot mentioned this pull request Mar 2, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@korbit-ai korbit-ai[bot] korbit-ai[bot] left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@farsonic @dmacvicar