CNI plug-ins include two types: CNI Plugin and IPAM (IP Address Management) Plugin. CNI Plugin is responsible for configuring network resources for containers, and IPAM Plugin is responsible for allocating and managing IP addresses of containers. IPAM Plugin works with CNI Plugin as part of CNI Plugin.
CNI Plugin must be an executable program called by the container management system (such as Kubernetes).
The CNI Plugin is responsible for inserting the network interface ( network interface ) into the container network namespace (such as one end of the Veth device pair), making any necessary changes on the host (such as connecting the other end of the Veth device pair to the bridge), and then calling Appropriate IPAM plugins to assign IP addresses to network interfaces and set up correct routing rules.
The operations that CNI Plugin needs to support include ADD (add), DELETE (delete), CHECK (check) and VERSION (version query). The specific implementation of these operations is completed by the executable program of CNI Plugin.
(1) ADD: Add a container to a certain network. The main process is to create a network namespace in the container when the Container Runtime creates the container, and then call the CNI plug-in to complete the configuration of the container network for the netns.
(2) DEL: Delete the container from a network when the container is destroyed.
(3) CHECK: Check whether the container network is set up correctly, and the result is empty (indicating success) or an error message (indicating failure).
(4) VERSION: Query the version number of the CNI specification supported by the network plug-in, without parameters, and the return value is the version number of the CNI specification supported by the network plug-in.