vfkit: add vmnet-shared network

Add new network option for vfkit "vment-shared", connecting vfkit to the
vmnet shared network. Clusters using this network can access other
clusters in the same network, similar to socket_vment with QEMU driver.

If network is not specified, we default to the "nat" network, keeping
the previous behavior. If network is "vment-shared", the vfkit driver
manages 2 processes: vfkit and vmnet-helper.

Like vfkit, vmnet-helper is started in the background, in a new process
group, so it not terminated if the minikube process group is terminate.

Since vment-helper requires root to start the vmnet interface, we start
it with sudo, creating 2 child processes. vment-helper drops privileges
immediately after starting the vment interface, and run as the user and
group running minikube.

Stopping the cluster will stop sudo, which will stop the vmnet-helper
process. Deleting the cluster kill both sudo and vment-helper by killing
the process group.

This change is not complete, but it is good enough to play with the new
shared network.

Example usage:

1. Install vmnet-helper:
   https://github.com/nirs/vmnet-helper?tab=readme-ov-file#installation

2. Setup vment-helper sudoers rule:
   https://github.com/nirs/vmnet-helper?tab=readme-ov-file#granting-permission-to-run-vmnet-helper

3. Start 2 clusters with vmnet-shared network:

    % minikube start -p c1 --driver vfkit --network vment-shared
    ...

    % minikube start -p c2 --driver vfkit --network vmnet-shared
    ...

    % minikube ip -p c1
    192.168.105.18

    % minikube ip -p c2
    192.168.105.19

4. Both cluster can access the other cluster:

    % minikube -p c1 ssh -- ping -c 3 192.168.105.19
    PING 192.168.105.19 (192.168.105.19): 56 data bytes
    64 bytes from 192.168.105.19: seq=0 ttl=64 time=0.621 ms
    64 bytes from 192.168.105.19: seq=1 ttl=64 time=0.989 ms
    64 bytes from 192.168.105.19: seq=2 ttl=64 time=0.490 ms

    --- 192.168.105.19 ping statistics ---
    3 packets transmitted, 3 packets received, 0% packet loss
    round-trip min/avg/max = 0.490/0.700/0.989 ms

    % minikube -p c2 ssh -- ping -c 3 192.168.105.18
    PING 192.168.105.18 (192.168.105.18): 56 data bytes
    64 bytes from 192.168.105.18: seq=0 ttl=64 time=0.289 ms
    64 bytes from 192.168.105.18: seq=1 ttl=64 time=0.798 ms
    64 bytes from 192.168.105.18: seq=2 ttl=64 time=0.993 ms

    --- 192.168.105.18 ping statistics ---
    3 packets transmitted, 3 packets received, 0% packet loss
    round-trip min/avg/max = 0.289/0.693/0.993 ms

Author: nirs

pkg/drivers/vfkit/vfkit.go

@@ -43,6 +43,7 @@ import (
 
 	"k8s.io/klog/v2"
 	pkgdrivers "k8s.io/minikube/pkg/drivers"
+	"k8s.io/minikube/pkg/drivers/vmnet"
 	"k8s.io/minikube/pkg/minikube/exit"
 	"k8s.io/minikube/pkg/minikube/firewall"
 	"k8s.io/minikube/pkg/minikube/out"
@@ -66,8 +67,10 @@ type Driver struct {
 	CPU            int
 	Memory         int
 	Cmdline        string
-	MACAddress     string
 	ExtraDisks     int
+	Network        string        // "", "nat", "vmnet-shared"
+	MACAddress     string        // For network=nat, network=""
+	VmnetHelper    *vmnet.Helper // For network=vmnet-shared
 }
 
 func NewDriver(hostName, storePath string) drivers.Driver {
@@ -135,7 +138,7 @@ func (d *Driver) GetIP() (string, error) {
 	return d.IPAddress, nil
 }
 
-func (d *Driver) GetState() (state.State, error) {
+func (d *Driver) getVfkitState() (state.State, error) {
 	pidfile := d.pidfilePath()
 	pid, err := pkgdrivers.ReadPidfile(pidfile)
 	if err != nil {
@@ -152,6 +155,24 @@ func (d *Driver) GetState() (state.State, error) {
 	return state.Running, nil
 }
 
+func (d *Driver) getVmnetHelperState() (state.State, error) {
+	if d.VmnetHelper == nil {
+		return state.Stopped, nil
+	}
+	return d.VmnetHelper.GetState()
+}
+
+// GetState returns driver state. Since vfkit driver may use 2 processes
+// (vmnet-helper, vfkit), this returns combined state of both processes.
+func (d *Driver) GetState() (state.State, error) {
+	if vfkitState, err := d.getVfkitState(); err != nil {
+		return state.Error, err
+	} else if vfkitState == state.Running {
+		return state.Running, nil
+	}
+	return d.getVmnetHelperState()
+}
+
 func (d *Driver) Create() error {
 	var err error
 	if d.SSHPort, err = d.GetSSHPort(); err != nil {
@@ -193,6 +214,42 @@ func (d *Driver) Create() error {
 }
 
 func (d *Driver) Start() error {
+	var helperSock, vfkitSock *os.File
+	var err error
+
+	if d.VmnetHelper != nil {
+		helperSock, vfkitSock, err = vmnet.Socketpair()
+		if err != nil {
+			return err
+		}
+		defer helperSock.Close()
+		defer vfkitSock.Close()
+
+		if err := d.VmnetHelper.Start(helperSock); err != nil {
+			return err
+		}
+
+		d.MACAddress = d.VmnetHelper.GetMACAddress()
+	}
+
+	if err := d.startVfkit(vfkitSock); err != nil {
+		d.stopVmnetHelper()
+		return err
+	}
+
+	if err := d.setupIP(d.MACAddress); err != nil {
+		d.stopVmnetHelper()
+		return err
+	}
+
+	log.Infof("Waiting for VM to start (ssh -p %d docker@%s)...", d.SSHPort, d.IPAddress)
+
+	return WaitForTCPWithDelay(fmt.Sprintf("%s:%d", d.IPAddress, d.SSHPort), time.Second)
+}
+
+// startVfkit starts the vfkit child process. If vfkitSock is non nil, vfkit is
+// connected to the vmnet network via the socket instead of "nat" network.
+func (d *Driver) startVfkit(vfkitSock *os.File) error {
 	machineDir := filepath.Join(d.StorePath, "machines", d.GetMachineName())
 
 	var startCmd []string
@@ -205,8 +262,15 @@ func (d *Driver) Start() error {
 	startCmd = append(startCmd,
 		"--device", fmt.Sprintf("virtio-blk,path=%s", isoPath))
 
-	startCmd = append(startCmd,
-		"--device", fmt.Sprintf("virtio-net,nat,mac=%s", d.MACAddress))
+	if vfkitSock != nil {
+		// The guest will be able to access other guests in the vmnet network.
+		startCmd = append(startCmd,
+			"--device", fmt.Sprintf("virtio-net,fd=%d,mac=%s", vfkitSock.Fd(), d.MACAddress))
+	} else {
+		// The guest will not be able to access other guests.
+		startCmd = append(startCmd,
+			"--device", fmt.Sprintf("virtio-net,nat,mac=%s", d.MACAddress))
+	}
 
 	startCmd = append(startCmd,
 		"--device", "virtio-rng")
@@ -237,16 +301,7 @@ func (d *Driver) Start() error {
 	if err := cmd.Start(); err != nil {
 		return err
 	}
-	if err := pkgdrivers.WritePidfile(d.pidfilePath(), cmd.Process.Pid); err != nil {
-		return err
-	}
-	if err := d.setupIP(d.MACAddress); err != nil {
-		return err
-	}
-
-	log.Infof("Waiting for VM to start (ssh -p %d docker@%s)...", d.SSHPort, d.IPAddress)
-
-	return WaitForTCPWithDelay(fmt.Sprintf("%s:%d", d.IPAddress, d.SSHPort), time.Second)
+	return pkgdrivers.WritePidfile(d.pidfilePath(), cmd.Process.Pid)
 }
 
 func (d *Driver) setupIP(mac string) error {
@@ -287,7 +342,7 @@ func isBootpdError(err error) bool {
 	return strings.Contains(err.Error(), "could not find an IP address")
 }
 
-func (d *Driver) Stop() error {
+func (d *Driver) stopVfkit() error {
 	if err := d.SetVFKitState("Stop"); err != nil {
 		// vfkit may be already stopped, shutting down, or not listening.
 		log.Debugf("Failed to set vfkit state to 'Stop': %s", err)
@@ -296,6 +351,20 @@ func (d *Driver) Stop() error {
 	return nil
 }
 
+func (d *Driver) stopVmnetHelper() error {
+	if d.VmnetHelper == nil {
+		return nil
+	}
+	return d.VmnetHelper.Stop()
+}
+
+func (d *Driver) Stop() error {
+	if err := d.stopVfkit(); err != nil {
+		return err
+	}
+	return d.stopVmnetHelper()
+}
+
 func (d *Driver) Remove() error {
 	s, err := d.GetState()
 	if err != nil {
@@ -339,7 +408,7 @@ func (d *Driver) extractKernel(isoPath string) error {
 	return nil
 }
 
-func (d *Driver) Kill() error {
+func (d *Driver) killVfkit() error {
 	if err := d.SetVFKitState("HardStop"); err != nil {
 		// Typically fails with EOF.
 		log.Debugf("Failed to set vfkit state to 'HardStop': %s", err)
@@ -348,6 +417,20 @@ func (d *Driver) Kill() error {
 	return nil
 }
 
+func (d *Driver) killVmnetHelper() error {
+	if d.VmnetHelper == nil {
+		return nil
+	}
+	return d.VmnetHelper.Kill()
+}
+
+func (d *Driver) Kill() error {
+	if err := d.killVfkit(); err != nil {
+		return err
+	}
+	return d.killVmnetHelper()
+}
+
 func (d *Driver) StartDocker() error {
 	return fmt.Errorf("hosts without a driver cannot start docker")
 }

pkg/minikube/registry/drvs/vfkit/vfkit.go

@@ -22,10 +22,13 @@ import (
 	"crypto/rand"
 	"fmt"
 	"os/exec"
+	"path/filepath"
 
 	"github.com/docker/machine/libmachine/drivers"
+	"github.com/google/uuid"
 
 	"k8s.io/minikube/pkg/drivers/vfkit"
+	"k8s.io/minikube/pkg/drivers/vmnet"
 	"k8s.io/minikube/pkg/minikube/config"
 	"k8s.io/minikube/pkg/minikube/download"
 	"k8s.io/minikube/pkg/minikube/driver"
@@ -51,24 +54,47 @@ func init() {
 }
 
 func configure(cfg config.ClusterConfig, n config.Node) (interface{}, error) {
-	mac, err := generateMACAddress()
-	if err != nil {
-		return nil, fmt.Errorf("generating MAC address: %v", err)
+	var mac string
+	var helper *vmnet.Helper
+
+	machineName := config.MachineName(cfg, n)
+	storePath := localpath.MiniPath()
+
+	switch cfg.Network {
+	case "nat", "":
+		var err error
+		mac, err = generateMACAddress()
+		if err != nil {
+			return nil, fmt.Errorf("generating MAC address: %v", err)
+		}
+	case "vmnet-shared":
+		u := cfg.UUID
+		if u == "" {
+			u = uuid.NewString()
+		}
+		helper = &vmnet.Helper{
+			MachineDir:  filepath.Join(storePath, "machines", machineName),
+			InterfaceID: u,
+		}
+	default:
+		return nil, fmt.Errorf("unsupported network: %q", cfg.Network)
 	}
 
 	return &vfkit.Driver{
 		BaseDriver: &drivers.BaseDriver{
-			MachineName: config.MachineName(cfg, n),
-			StorePath:   localpath.MiniPath(),
+			MachineName: machineName,
+			StorePath:   storePath,
 			SSHUser:     "docker",
 		},
 		Boot2DockerURL: download.LocalISOResource(cfg.MinikubeISO),
 		DiskSize:       cfg.DiskSize,
 		Memory:         cfg.Memory,
 		CPU:            cfg.CPUs,
-		MACAddress:     mac,
 		Cmdline:        "",
 		ExtraDisks:     cfg.ExtraDisks,
+		Network:        cfg.Network,
+		MACAddress:     mac,
+		VmnetHelper:    helper,
 	}, nil
 }