Configuring networking
Default networking
By default, Anjuna Confidential Containers are configured to use the default libvirt network, which normally operates in NAT mode. You can control the networking configuration by providing a customized libvirt domain XML file when starting an Anjuna Confidential Container, as well as by defining your own custom libvirt network.
To learn more about libvirt networking, refer to the libvirt networking documentation.
Connecting to a VLAN
The following provides an example of changing the network configuration to connect an Anjuna Confidential Container to a VLAN.
First, build a new disk image, passing in a file path to save a copy of the default libvirt XML. This file can then be amended to add your own configuration:
$ anjuna-metal disk create disk.tar.gz \
--docker-uri=hello-world \
--save-libvirt-xml=domain.libvirt.xmlUpdate the resulting libvirt domain XML file by replacing the interface element
within devices with the following:
<interface type='direct'>
<mac address='52:54:00:f5:02:ea'/>
<source dev='<vlan>' mode='bridge'/>
<model type='virtio'/>
<driver iommu='on'/>
</interface>Here we provide the Anjuna Confidential Container with a static MAC address,
which can, for example, be used to define a static DHCP IP reservation.
You can use any MAC address with a 52:54:00: prefix (the above is just an example),
and you should replace <vlan> with the name of your VLAN interface.
You can now start the Anjuna Confidential Container as follows:
$ anjuna-metal instance create hello --disk=disk.tar.gz --libvirt-xml=domain.libvirt.xmlTo find the IP address assigned to the Anjuna Confidential Container, check the log files for the instance using the instructions provided in the quickstart guide.