CNI (Container Network Interface)
CNI is set of standard that defines how program(plugins) should be developed and how container runtime(docker , rkt) will invoke them so that everyone adhere to single set of standard solve the common networking challenges in container runtime environment.
CNI defines a set of Responsibilities for Container Runtime.
- Container Runtime must create network namespace.
- Identify network the container must attach to.
- Container Runtime to invoke Network plugin(bridge) when container is Added.
- Container Runtime to invoke Network plugin(bridge) when container is Deleted.
- JSON format of the Network Configuration.
In plugin side it should Support-
- Command line arguments- ADD/DEL/CHECK.
- Parameters — container ids, network namespace etc..
- Must manage IP address assignment to PODs.
- Must return result in specific format.
CNI comes with set of supported plugins — BRIDGE , VLAN , IPVLAN , MACVLAN , WINDOWS
There are also third party solutions like — flannel , Calico , weaveworks
All these implements CNI standards.
Kubelet is the process that uses the cni plugin. Some of the configuration path are.
- Check which CNI plugin it’s using:
- Check all the plugin binaries supported:
- CNI plugin configured to be used on this kubernetes cluster?
- What binary executable file will be run by kubelet after a container and its associated namespace are created.
Look at the type
field in file /etc/cni/net.d/10-flannel.conflist
Sample shared in above screen.
POD may sometime fail of the Network is not configured properly.
- Deploy weave-net
networking solution to the cluster:
Reference: — https://www.weave.works/docs/net/latest/kubernetes/kube-addon/
## Weave Net can be installed onto your CNI-enabled Kubernetes cluster with a single command. Use the below commandkubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
- Identify the name of the bridge network/interface created by weave on each node.
- What is the POD IP address range configured by weave?
- What is the default Gateway configured on the PODs scheduled on node03
Now run the ip r to get the route of the pod. As shown below the default gateway is 10.38.0.0 which is using the interface eth0.