Configure network in virt-handler

This patch moves most network configuration operations from
virt-launcher into virt-handler. The ultimate goal is to move all of
them from virt-launcher, which should allow to drop NET_ADMIN capability
from launcher pods.

This patch lays foundation for achieving this goal, but doesn't go as
far as to remove all network configuration from launcher pods yet.
Specifically, virt-launcher still starts DHCP server for interfaces that
require it (meaning, masquerade and bridge types).

DHCP server migration out of virt-launcher is left as a separate
exercise because it introduces its own resource management and
availability complexities that are better to handle separately.
(Specifically, there are concerns about what would happen now if
virt-handler is dead or being upgraded - will all VMIs running on the
node lose DHCP service for some time? Another concern is that because
DHCP thread would now be untied from the fate of its corresponding
launcher pod, we will need to handle cleanup of these threads explicitly
on failure of launchers. There may be other complexities with this
migration, hence leaving it out of scope for this patch.)

Once DHCP server is moved from virt-launcher, kubevirt should be ready
to drop NET_ADMIN from launcher pods. Note that libvirtd may have its
own expectations as to NET_ADMIN presence. Specifically, the libvirt
version that we currently use doesn't support using a pre-created tap
device to connect a VM to network. And because creating a tap device
requires NET_ADMIN, we can't easily drop the capability just yet.

But: the latest libvirt releases now support re-using a pre-created tap
device, so once the newest libvirt hits fedora repositories, we should
be able to remove the capability (perhaps with some adjustments on
kubevirt side to pre-create the tap device in virt-handler).

Signed-off-by: Ihar Hrachyshka <[email protected]>

cmd/virt-handler/BUILD.bazel

@@ -62,8 +62,8 @@ load(
 container_image(
     name = "version-container",
     base = select({
-        "@io_bazel_rules_go//go/platform:linux_ppc64le": "@fedora_ppc64le//image",
-        "//conditions:default": "@fedora//image",
+        "@io_bazel_rules_go//go/platform:linux_ppc64le": "@libvirt_ppc64le//image",
+        "//conditions:default": "@libvirt//image",
     }),
     directory = "/",
     files = [

go.mod

@@ -5,6 +5,7 @@ require (
 	github.com/Azure/go-autorest/autorest/adal v0.6.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a
 	github.com/blang/semver v3.5.1+incompatible
+	github.com/containernetworking/plugins v0.8.2
 	github.com/coreos/go-iptables v0.4.3
 	github.com/coreos/go-semver v0.3.0
 	github.com/coreos/prometheus-operator v0.35.0

go.sum

@@ -23,6 +23,8 @@ github.com/Azure/go-autorest/tracing v0.5.0 h1:TRn4WjSnkcSy5AEG3pnbtFSwNtwzjr4VY
 github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
+github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
+github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
@@ -243,6 +245,7 @@ github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28=
 github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
+github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA=
 github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
 github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
@@ -253,6 +256,9 @@ github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/u
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+github.com/juju/errors v0.0.0-20180806074554-22422dad46e1/go.mod h1:W54LbzXuIE0boCoNJfwqpmkKJ1O4TCTZMetAt6jGk7Q=
+github.com/juju/loggo v0.0.0-20190526231331-6e530bcce5d8/go.mod h1:vgyd7OREkbtVEN/8IXZe5Ooef3LQePvuBm9UWj6ZL8U=
+github.com/juju/testing v0.0.0-20190613124551-e81189438503/go.mod h1:63prj8cnj0tU0S9OHjGJn+b1h0ZghCndfnbQolrYTwA=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/k8snetworkplumbingwg/network-attachment-definition-client v0.0.0-20191119172530-79f836b90111 h1:Lq6HJa0JqSg5ko/mkizFWlpIrY7845g9Dzz9qeD5aXI=
 github.com/k8snetworkplumbingwg/network-attachment-definition-client v0.0.0-20191119172530-79f836b90111/go.mod h1:MP2HbArq3QT+oVp8pmtHNZnSnkhdkHtDnc7h6nJXmBU=
@@ -309,6 +315,7 @@ github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8m
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
+github.com/onsi/ginkgo v0.0.0-20151202141238-7f8ab55aaf3b/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.8.0 h1:VkHVNpR4iVnU8XQR6DBm8BqYjN7CRzw+xKUbVVbbW9w=
@@ -366,6 +373,7 @@ github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uY
 github.com/rogpeppe/go-charset v0.0.0-20180617210344-2471d30d28b4/go.mod h1:qgYeAmZ5ZIpBWTGllZSQnw97Dj+woV0toclVaRGI8pc=
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
 github.com/sclevine/spec v1.0.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U=
+github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
 github.com/sirupsen/logrus v1.1.1/go.mod h1:zrgwTnHtNr00buQ1vSptGe8m1f/BbgsPukg8qsT7A+A=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
@@ -420,6 +428,7 @@ go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/
 go.uber.org/zap v0.0.0-20180814183419-67bc79d13d15/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181015023909-0c41d7ab0a0e/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -446,6 +455,7 @@ golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73r
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180911220305-26e67e76b6c3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=

manifests/generated/virt-handler.yaml.in

@@ -66,6 +66,7 @@ spec:
           name: virt-private-dir
         - mountPath: /var/lib/kubelet/device-plugins
           name: device-plugin
+      hostNetwork: true
       hostPID: true
       serviceAccountName: kubevirt-handler
       volumes:

pkg/virt-handler/BUILD.bazel

@@ -6,6 +6,7 @@ go_library(
     importpath = "kubevirt.io/kubevirt/pkg/virt-handler",
     visibility = ["//visibility:public"],
     deps = [
+        "//pkg/container-disk:go_default_library",
         "//pkg/controller:go_default_library",
         "//pkg/handler-launcher-com/cmd/v1:go_default_library",
         "//pkg/host-disk:go_default_library",
@@ -20,6 +21,7 @@ go_library(
         "//pkg/virt-handler/migration-proxy:go_default_library",
         "//pkg/virt-launcher:go_default_library",
         "//pkg/virt-launcher/virtwrap/api:go_default_library",
+        "//pkg/virt-launcher/virtwrap/network:go_default_library",
         "//pkg/watchdog:go_default_library",
         "//staging/src/kubevirt.io/client-go/api/v1:go_default_library",
         "//staging/src/kubevirt.io/client-go/kubecli:go_default_library",
@@ -51,6 +53,7 @@ go_test(
         "//pkg/virt-handler/isolation:go_default_library",
         "//pkg/virt-launcher:go_default_library",
         "//pkg/virt-launcher/virtwrap/api:go_default_library",
+        "//pkg/virt-launcher/virtwrap/network:go_default_library",
         "//pkg/watchdog:go_default_library",
         "//staging/src/kubevirt.io/client-go/api/v1:go_default_library",
         "//staging/src/kubevirt.io/client-go/kubecli:go_default_library",

pkg/virt-handler/isolation/BUILD.bazel

@@ -15,11 +15,11 @@ go_library(
         "//pkg/virt-handler/cmd-client:go_default_library",
         "//staging/src/kubevirt.io/client-go/api/v1:go_default_library",
         "//staging/src/kubevirt.io/client-go/log:go_default_library",
+        "//vendor/github.com/containernetworking/plugins/pkg/ns:go_default_library",
         "//vendor/github.com/golang/mock/gomock:go_default_library",
         "//vendor/github.com/mitchellh/go-ps:go_default_library",
         "//vendor/golang.org/x/sys/unix:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/api/resource:go_default_library",
-        "@com_github_containernetworking_plugins//pkg/ns:go_default_library",
     ],
 )
 

pkg/virt-handler/isolation/generated_mock_isolation.go

@@ -4,6 +4,7 @@
 package isolation
 
 import (
+	ns "github.com/containernetworking/plugins/pkg/ns"
 	gomock "github.com/golang/mock/gomock"
 
 	v1 "kubevirt.io/client-go/api/v1"
@@ -163,3 +164,13 @@ func (_m *MockIsolationResult) NetNamespace() string {
 func (_mr *_MockIsolationResultRecorder) NetNamespace() *gomock.Call {
 	return _mr.mock.ctrl.RecordCall(_mr.mock, "NetNamespace")
 }
+
+func (_m *MockIsolationResult) DoNetNS(_param0 func(ns.NetNS) error) error {
+	ret := _m.ctrl.Call(_m, "DoNetNS", _param0)
+	ret0, _ := ret[0].(error)
+	return ret0
+}
+
+func (_mr *_MockIsolationResultRecorder) DoNetNS(arg0 interface{}) *gomock.Call {
+	return _mr.mock.ctrl.RecordCall(_mr.mock, "DoNetNS", arg0)
+}

pkg/virt-handler/isolation/isolation.go

@@ -39,6 +39,7 @@ import (
 
 	"golang.org/x/sys/unix"
 
+	"github.com/containernetworking/plugins/pkg/ns"
 	ps "github.com/mitchellh/go-ps"
 	"k8s.io/apimachinery/pkg/api/resource"
 
@@ -227,6 +228,7 @@ type IsolationResult interface {
 	MountInfoRoot() (*MountInfo, error)
 	MountNamespace() string
 	NetNamespace() string
+	DoNetNS(func(_ ns.NetNS) error) error
 }
 
 type RealIsolationResult struct {
@@ -235,6 +237,14 @@ type RealIsolationResult struct {
 	controller []string
 }
 
+func (r *RealIsolationResult) DoNetNS(f func(_ ns.NetNS) error) error {
+	netns, err := ns.GetNS(r.NetNamespace())
+	if err != nil {
+		return fmt.Errorf("failed to get launcher pod network namespace: %v", err)
+	}
+	return netns.Do(f)
+}
+
 func (r *RealIsolationResult) PIDNamespace() string {
 	return fmt.Sprintf("/proc/%d/ns/pid", r.pid)
 }

pkg/virt-handler/vm.go

@@ -31,6 +31,8 @@ import (
 	"sync"
 	"time"
 
+	"github.com/containernetworking/plugins/pkg/ns"
+
 	k8sv1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -46,6 +48,7 @@ import (
 	v1 "kubevirt.io/client-go/api/v1"
 	"kubevirt.io/client-go/kubecli"
 	"kubevirt.io/client-go/log"
+	containerdisk "kubevirt.io/kubevirt/pkg/container-disk"
 	"kubevirt.io/kubevirt/pkg/controller"
 	cmdv1 "kubevirt.io/kubevirt/pkg/handler-launcher-com/cmd/v1"
 	hostdisk "kubevirt.io/kubevirt/pkg/host-disk"
@@ -59,6 +62,7 @@ import (
 	migrationproxy "kubevirt.io/kubevirt/pkg/virt-handler/migration-proxy"
 	virtlauncher "kubevirt.io/kubevirt/pkg/virt-launcher"
 	"kubevirt.io/kubevirt/pkg/virt-launcher/virtwrap/api"
+	"kubevirt.io/kubevirt/pkg/virt-launcher/virtwrap/network"
 	"kubevirt.io/kubevirt/pkg/watchdog"
 )
 
@@ -1379,6 +1383,34 @@ func (d *VirtualMachineController) handleMigrationProxy(vmi *v1.VirtualMachineIn
 	return nil
 }
 
+func getDomain(vmi *v1.VirtualMachineInstance) (*api.Domain, error) {
+	// todo: fill in domain with correct values for all keys
+	isBlockPVCMap := make(map[string]bool)
+	isBlockDVMap := make(map[string]bool)
+	diskInfo := make(map[string]*containerdisk.DiskInfo)
+	for _, volume := range vmi.Spec.Volumes {
+		if volume.VolumeSource.PersistentVolumeClaim != nil {
+			isBlockPVCMap[volume.Name] = true
+		} else if volume.VolumeSource.ContainerDisk != nil {
+			diskInfo[volume.Name] = &containerdisk.DiskInfo{}
+		} else if volume.VolumeSource.DataVolume != nil {
+			isBlockDVMap[volume.Name] = true
+		}
+	}
+
+	c := &api.ConverterContext{
+		VirtualMachine: vmi,
+		DiskType:       diskInfo,
+		IsBlockPVC:     isBlockPVCMap,
+		IsBlockDV:      isBlockDVMap,
+	}
+	domain := &api.Domain{}
+	if err := api.Convert_v1_VirtualMachine_To_api_Domain(vmi, domain, c); err != nil {
+		return nil, err
+	}
+	return domain, nil
+}
+
 func (d *VirtualMachineController) processVmUpdate(origVMI *v1.VirtualMachineInstance) error {
 	vmi := origVMI.DeepCopy()
 
@@ -1456,6 +1488,25 @@ func (d *VirtualMachineController) processVmUpdate(origVMI *v1.VirtualMachineIns
 			}
 		}
 
+		res, err := d.podIsolationDetector.Detect(vmi)
+		if err != nil {
+			return fmt.Errorf("failed to detect isolation for launcher pod: %v", err)
+		}
+
+		if err := res.DoNetNS(func(_ ns.NetNS) error {
+			domain, err := getDomain(vmi)
+			if err != nil {
+				return err
+			}
+			// todo: consider getting rid of domain argument completely
+			if err = network.SetupPodNetworkPhase1(vmi, domain); err != nil {
+				return err
+			}
+			return nil
+		}); err != nil {
+			return fmt.Errorf("failed to configure vmi network: %v", err)
+		}
+
 		err = d.podIsolationDetector.AdjustResources(vmi)
 		if err != nil {
 			return fmt.Errorf("failed to adjust resources: %v", err)

pkg/virt-handler/vm_test.go

@@ -54,9 +54,15 @@ import (
 	"kubevirt.io/kubevirt/pkg/virt-handler/isolation"
 	virtlauncher "kubevirt.io/kubevirt/pkg/virt-launcher"
 	"kubevirt.io/kubevirt/pkg/virt-launcher/virtwrap/api"
+	"kubevirt.io/kubevirt/pkg/virt-launcher/virtwrap/network"
 	"kubevirt.io/kubevirt/pkg/watchdog"
 )
 
+func StubOutNetworkForTest() {
+	network.SetupPodNetworkPhase1 = func(vm *v1.VirtualMachineInstance, domain *api.Domain) error { return nil }
+	network.SetupPodNetworkPhase2 = func(vm *v1.VirtualMachineInstance, domain *api.Domain) error { return nil }
+}
+
 var _ = Describe("VirtualMachineInstance", func() {
 	var client *cmdclient.MockLauncherClient
 	var vmiInterface *kubecli.MockVirtualMachineInstanceInterface
@@ -74,6 +80,7 @@ var _ = Describe("VirtualMachineInstance", func() {
 	var mockWatchdog *MockWatchdog
 	var mockGracefulShutdown *MockGracefulShutdown
 	var mockIsolationDetector *isolation.MockPodIsolationDetector
+	var mockIsolationResult *isolation.MockIsolationResult
 
 	var vmiFeeder *testutils.VirtualMachineFeeder
 	var domainFeeder *testutils.DomainFeeder
@@ -128,8 +135,12 @@ var _ = Describe("VirtualMachineInstance", func() {
 		mockGracefulShutdown = &MockGracefulShutdown{shareDir}
 		config, _, _ := testutils.NewFakeClusterConfig(&k8sv1.ConfigMap{})
 
+		mockIsolationResult = isolation.NewMockIsolationResult(ctrl)
+		mockIsolationResult.EXPECT().DoNetNS(gomock.Any()).Return(nil).AnyTimes()
+		mockIsolationResult.EXPECT().Pid().Return(1).AnyTimes()
+
 		mockIsolationDetector = isolation.NewMockPodIsolationDetector(ctrl)
-		mockIsolationDetector.EXPECT().Detect(gomock.Any()).Return(&isolation.RealIsolationResult{}, nil).AnyTimes()
+		mockIsolationDetector.EXPECT().Detect(gomock.Any()).Return(mockIsolationResult, nil).AnyTimes()
 		mockIsolationDetector.EXPECT().AdjustResources(gomock.Any()).Return(nil).AnyTimes()
 
 		controller = NewController(recorder,
@@ -164,6 +175,8 @@ var _ = Describe("VirtualMachineInstance", func() {
 		go domainInformer.Run(stop)
 		go gracefulShutdownInformer.Run(stop)
 		Expect(cache.WaitForCacheSync(stop, vmiSourceInformer.HasSynced, vmiTargetInformer.HasSynced, domainInformer.HasSynced, gracefulShutdownInformer.HasSynced)).To(BeTrue())
+
+		StubOutNetworkForTest()
 	})
 
 	AfterEach(func() {

pkg/virt-launcher/virtwrap/manager.go

@@ -815,8 +815,7 @@ func (l *LibvirtDomainManager) preStartHook(vmi *v1.VirtualMachineInstance, doma
 		}
 	}
 
-	// setup networking
-	err = network.SetupPodNetwork(vmi, domain)
+	err = network.SetupNetworkInterfacesPhase2(vmi, domain)
 	if err != nil {
 		return domain, fmt.Errorf("preparing the pod network failed: %v", err)
 	}

pkg/virt-launcher/virtwrap/manager_test.go

@@ -828,7 +828,8 @@ func newVMI(namespace, name string) *v1.VirtualMachineInstance {
 }
 
 func StubOutNetworkForTest() {
-	network.SetupPodNetwork = func(vm *v1.VirtualMachineInstance, domain *api.Domain) error { return nil }
+	network.SetupPodNetworkPhase1 = func(vm *v1.VirtualMachineInstance, domain *api.Domain) error { return nil }
+	network.SetupPodNetworkPhase2 = func(vm *v1.VirtualMachineInstance, domain *api.Domain) error { return nil }
 }
 
 func addCloudInitDisk(vmi *v1.VirtualMachineInstance, userData string, networkData string) {

pkg/virt-launcher/virtwrap/network/BUILD.bazel

@@ -22,6 +22,7 @@ go_library(
         "//vendor/github.com/golang/mock/gomock:go_default_library",
         "//vendor/github.com/subgraph/libmacouflage:go_default_library",
         "//vendor/github.com/vishvananda/netlink:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/types:go_default_library",
     ],
 )
 
@@ -42,5 +43,6 @@ go_test(
         "//vendor/github.com/onsi/ginkgo:go_default_library",
         "//vendor/github.com/onsi/gomega:go_default_library",
         "//vendor/github.com/vishvananda/netlink:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/types:go_default_library",
     ],
 )