Container Network Interface (CNI)
- CNI allows multiple network solutions be compatible with Kubernetes
- CNI is configured in the
kubelet - CNI defines how the plugin should be developed and how container runtimes should invoke them
- Plugins available
bridgevlanipvlanmacvlanwindowsdhcp(3rd party)host-local(3rd party)- Example: bridge plugin
- Container runtime must
- Create network namespace
- Identify network the container must attach to
- Invoke the Network Plugin (bridge) when container is added
- Invoke the Network Plugin (bridge) when container is deleted
- JSON format of the network configuration
- Network Plugin must
- Support command line arguments (add, del, check)
- Support parameters container id, network ns, etc
- Manage IP address assignment to pods
- Return results in a specific format
Networking
- Each
nodemust have at least oneinterfaceconnected to the network - Each
interfacemust have anaddressconfigured Hostsmust have a uniquehostnameandmac address
Ports
kube-apiserver: 6443etcd: 2379 (2380 for etcd p2p connection)kubelet: 10250kube-scheduler: 10251-
kube-controller-manager: 10252 -
Worker node expose services for external access on ports
30000-32767
Networking Model (Between pods)
- Every pod should have an IP Address
- Every pod should be able to communicate with every pod in the same node
- Every pod should be able to communicate with every pod on other nodes without NAT
CNI
- Whenever a container is manipulated,
kubeletexecutes a script defined by the CNI config --cni-conf-dir=/etc/cni/net.d: configuration so that kubelet knows which plugin to use--cni-bin-dir=/etc/cni/bin: binary for all supported plugins
./net-script.sh add "container" "namespace"
ADD- Create veth pair
- Attach veth pair
- Assign IP address
- Bring Up Interface
WeaveWorks
- An weaver
agentis deployed on the node and stores the topology of the entire setup - Agents communicate with each other to update its topology info
- Weaver is deployed as
DaemonSet