1. Introduction to the principle
Regarding the Kubernetes network plug-in, let's start with its initial configuration.
i.e. /etc/systemd/system/kubelet.service.d/10-kubeadm.conf ,
This configuration file defines the network mode enabled by the Kubernetes system. The default network parameters are:
--network-plugin = cni --cni-conf-dir = / etc / cni / net.d --cni-bin-dir = / opt / cni / bin
--network-plugin=cni indicates that k8s uses a network plugin that implements the standard CNI (Container Network Interface)
--cni-conf-dir=/etc/cni/net.d is the path to the folder where the CNI network plugin configuration information is stored
--cni-bin-dir=/opt/cni/bin is the path to the folder where the CNI network plug-in executable is stored
When k8s needs to operate the network (such as creating a network), it will pass the configuration information in cni-conf-dir,
Go to cni-bin-dir to find command files and execute related commands
The received parameters and return values of the command file follow the CNI interface specification to achieve the effect of a unified interface. We will verify through an example below.
2. Example verification
2.1 Development environment
Ubuntu 16.04 LTS Docker 1.12.6 , Golang 1.9.2
2.2 Download and compile CNI Plugin
CNI Plugin is a collection of some network operation commands officially provided by CNI, which is the basis for the work of CNI plug-ins
# cd $GOPATH/src # git clone https://github.com/containernetworking/plugins.git # cd plugins # ./build.sh # cp ./bin/* /opt/cni/bin2.3 Write CNI configuration information
# mkdir -p /etc/cni/net.d
# cat >/etc/cni/net.d/10-mynet.conf <<EOF
{
"cniVersion": "0.2.0",
"name": "mynet",
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"ipam": {
"type": "host-local",
"subnet": "10.22.0.0/16",
"routes": [
{ "dst": "0.0.0.0/0" }
]
}
}
EOF
# cat >/etc/cni/net.d/99-loopback.conf <<EOF
{
"cniVersion": "0.2.0",
"type": "loopback"
}
EOF
2.4 Running container tests
In order to allow Docker to use the CNI network, CNI officially provides a relevant script, through which we run the container
Note that the script CNI configuration file and the path to execute the command need to be told through environment variables
# cd $GOPATH/src # git clone https://github.com/containernetworking/cni.git # cd cni/scripts # export CNI_PATH=/opt/cni/bin/ # export NETCONFPATH=/etc/cni/net.d # ./docker-run.sh --rm busybox ifconfig | grep -Pi "(eth0|lo|inet addr)"
As you can see, the network address of the docker container is the CNI network 10.22.0.0/16 we configured (the bridge used directly at the bottom layer here)
2.5 We can use our own CNI script plugin to see what information is passed to the CNI plugin when the container starts and ends
First, delete the previous CNI configuration file
# rm -f /etc/cni/net.d/*confThen, write a new CNI configuration file
# cat >/etc/cni/net.d/10-mynet.conf <<EOF
{
"cniVersion": "0.2.0",
"name": "my_dummy_network",
"type": "dummy"
}
EOF
Write, CNI executes the script (note that the reception of information includes both the environment variable method and the standard input method, that is, there are two ways to receive parameters)
# cat >/opt/cni/bin/dummy <<EOF
#!/bin/bash
logit () {
>&2 echo \$1
}
logit "CNI method: \$CNI_COMMAND"
logit "CNI container id: \$CNI_CONTAINERID"
logit "-------------- Begin config"
while read line
do
logit "\$line"
done < /dev/stdin
logit "-------------- End config"
EOF
# chmod 0755 /opt/cni/bin/dummyTest to see CNI calls
# cd $GOPATH/src/cni/scripts # ./docker-run.sh --rm busybox ifconfig
It can be seen that the methods respectively execute ADD (add network) DEL (remove network), and pass in network-related information such as container ID,
The CNI plug-in performs actual tasks based on this information, which is the calling principle of the CNI network.