Container Networking Interface

Giriş

Pluginler açısından açıklaması şöyle

The Container Networking Interface (CNI) is a specification and set of tools for configuring networking in containerized environments, such as those provided by Kubernetes. The goal of CNI is to provide a common standard for network plugins so that container runtimes and orchestration systems can work with any networking solution that supports the CNI API.

CNI defines a standard way for container runtimes, such as Docker or CRI-O, to call networking plugins to configure the network interfaces of containers. The plugins are responsible for creating and configuring network interfaces for the containers, as well as configuring the network namespace and routing tables.

...

The use of CNI provides several benefits in containerized environments. First, it allows for a common standard that can be used by multiple container runtimes and orchestration systems. This means that network plugins can be developed independently of the container runtime or orchestration system, which promotes flexibility and compatibility.

Second, CNI provides a modular and extensible architecture that allows for easy integration with other networking solutions. This enables users to choose the best networking solution for their specific use case and avoid vendor lock-in.

Finally, CNI provides a simple and flexible API for configuring container networking, which makes it easy for developers to create and deploy custom networking solutions tailored to their needs.

Açıklaması şöyle. Yani CNI eklentileri tek başına çalışan bir şey olabilir

CNI plugins can be either built into the container runtime or provided as standalone binaries. There are many CNI plugins available, each with its own strengths and weaknesses. Some popular CNI plugins include Calico, Flannel, and Weave Net.

Podlar Arasında İletişim İçin

Açıklaması şöyle. Yani Pod'lar arasında NAT gerektirmeden iletişim için CNI gerekir

In Kubernetes, each Pod is assigned a unique IP address and can communicate with other Pods without requiring NAT. To provide networking to Pods, Kubernetes uses Container Network Interface (CNI), a library for configuring network interfaces in Linux containers. The kubelet is responsible for setting up the network for new Pods using the CNI plugin specified in the configuration file located in the /etc/cni/net.d/ directory on the node.

Pluginler açısından açıklaması şöyle

In Kubernetes, CNI is used by the kubelet to configure the network interfaces of pods. When a pod is created, the kubelet invokes the CNI plugin to configure the pod’s network. The CNI plugin then creates and configures the network interfaces for the pod, sets up any necessary routing rules, and adds the pod’s IP address to the appropriate network namespace.

Pod İçin CNI Eklentisi Nerede Tanımlanır

Açıklaması şöyle

In Kubernetes, the kubelet is responsible for setting up the network for a new Pod using the CNI plugin specified in the network configuration file located in the /etc/cni/net.d/ directory on the node. This configuration file contains necessary parameters to configure the network for the Pod.

The required CNI plugins referenced by the configuration should be installed in the /opt/cni/bin directory, which is the directory used by Kubernetes to store the CNI plugin binaries that manage network connectivity for Pods.

When a pod is created, the kubelet reads the network configuration file and identifies the CNI plugin specified in the file. The kubelet then loads the CNI plugin and invokes its “ADD” command with the Pod’s network configuration parameters. The CNI plugin takes over and creates a network namespace, configures the network interface, and sets up routing and firewall rules based on the configuration parameters provided by the kubelet. The kubelet saves the actual network configuration parameters used by the CNI plugin in a file in the Pod’s network namespace, located in the /var/run/netns/ directory on the node.

Finally, the kubelet notifies the container runtime, such as Docker, that the network is ready for the Pod to start.

/etc/cni/net.d/ Dizini

network configuration file dosyaları bu dizindedir. Yani Pod'un kullanmasını istediğimiz eklentiler bu dizinde tanımlanır

Örnek 

Şöyle yaparız. Burada bridge CNI eklentisi kullanılıyor

{
    "cniVersion": "0.3.1",
    "name": "mynet",
    "type": "bridge",
    "bridge": "mybridge",
    "isGateway": true,
    "ipMasq": true,
    "ipam": {
        "type": "host-local",
        "subnet": "10.244.0.0/16",
        "routes": [
            { "dst": "0.0.0.0/0" }
        ]
    }
}   

Açıklaması şöyle

cniVersion: The version of the CNI specification that the configuration file adheres to.

name: A name that uniquely identifies the network configuration.

type: The type of the network plugin to use.

bridge: The name of the bridge device to create.

isGateway: A boolean value that specifies whether the bridge device should be used as the default gateway for containers.

ipMasq: A boolean value that specifies whether to enable IP masquerading for traffic leaving the network.

ipam: The IP address management plugin to use. In this example, it is set to "host-local". This plugin assigns IP addresses to containers based on the network namespace where the container is created.

subnet: The subnet from which to allocate IP addresses.

routes: The routing table entries to add to the container's network namespace.