Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

transport: Support passing CID for linux vsock #287

Merged
merged 1 commit into from
Oct 19, 2023

Conversation

jalaziz
Copy link
Contributor

@jalaziz jalaziz commented Oct 19, 2023

Support passing the vsock CID explicitly as part of the listener address. This can be particularly useful in containerized environments where the /dev/vsock device is not available to lookup the CID.

In particular, we ran into this when trying to use gvproxy with AWS Nitro Enclaves on Kubernetes.

Signed-off-by: Jameel Al-Aziz <jameel@bastion.io>
@cfergeau
Copy link
Contributor

/lgtm

You mention AWS Nitro Enclaves, is this related to https://github.com/brave/nitriding-daemon ? Or do you need this in a different project?

@jalaziz
Copy link
Contributor Author

jalaziz commented Oct 19, 2023

/lgtm

You mention AWS Nitro Enclaves, is this related to https://github.com/brave/nitriding-daemon ? Or do you need this in a different project?

@cfergeau Indeed, we ran into this while testing out nitriding-daemon.

We were also testing AWS's vsock-proxy which works in a containers (but is outbound only). That's what led me to this.

Re-testing with this patch allowed everything to work without having to enable privileged containers or needing to have a device manager installed on the cluster that exposes /dev/vsock to the container.

@cfergeau
Copy link
Contributor

/approve

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 19, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cfergeau, jalaziz

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot merged commit 6271c40 into containers:main Oct 19, 2023
18 checks passed
@jalaziz jalaziz deleted the support-vsock-cid branch February 4, 2024 07:56
@jalaziz jalaziz restored the support-vsock-cid branch February 4, 2024 07:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants