tech:kubernetes_k8s_-_cni_-_container_network_interface
Table des matières
Kubernetes K8S - CNI - Container Network Interface
Voir :
- netavark - qui remplace CNI pour podman >= 5
- Création de plugin CNI https://www.youtube.com/watch?v=zmYxdtFzK6s
CNI Network Plugin - Cilium :
CNI Network Plugin - Flannel :
CNI Network Plugin - Slirp https://github.com/mgoltzsche/slirp-cni-plugin
Voir aussi :
- Netavark (alternative à CNI pour Docker / Podman rootless) et aardvark-dns (DNS rootless)
CNI
source https://www.dasblinkenlichten.com/understanding-cni-container-networking-interface/
Installation
mkdir cni cd cni wget https://github.com/containernetworking/cni/releases/download/v0.6.0/cni-amd64-v0.6.0.tgz tar xvf cni-amd64-v0.6.0.tgz wget https://github.com/containernetworking/plugins/releases/download/v0.6.0/cni-plugins-amd64-v0.6.0.tgz tar xvf cni-plugins-amd64-v0.6.0.tgz
Ou
ARCH=$(uname -m) case $ARCH in armv7*) ARCH="arm";; aarch64) ARCH="arm64";; x86_64) ARCH="amd64";; esac mkdir -p /opt/cni/bin curl -O -L https://github.com/containernetworking/plugins/releases/download/v1.5.1/cni-plugins-linux-$ARCH-v1.5.1.tgz tar -C /opt/cni/bin -xzf cni-plugins-linux-$ARCH-v1.5.1.tgz
Paquet Debian
dpkg -S /opt/cni/bin/bridge kubernetes-cni: /opt/cni/bin/bridge
/etc/apt/sources.list.d/kubernetes.list
deb http://apt.kubernetes.io/ kubernetes-xenial main
wget https://packages.cloud.google.com/apt/pool/kubernetes-cni_0.6.0-00_amd64_43460dd3c97073851f84b32f5e8eebdc84fadedb5d5a00d1fc6872f30a4dd42c.deb
Création
mybridge.conf
{ "cniVersion": "0.2.0", "name": "mybridge", "type": "bridge", "bridge": "cni_bridge0", "isGateway": true, "ipMasq": true, "ipam": { "type": "host-local", "subnet": "10.15.20.0/24", "routes": [ { "dst": "0.0.0.0/0" }, { "dst": "1.1.1.1/32", "gw":"10.15.20.1"} ] } }
sudo ip netns add plop sudo CNI_COMMAND=ADD CNI_CONTAINERID=1234567890 CNI_NETNS=/var/run/netns/plop CNI_IFNAME=enp0s8 CNI_PATH=`pwd` ./bridge <mybridge.conf
Utilisation
Utiliser le NS réseau d'un container
PS1='container# ' nsenter -t <PID> -n
Découverte
Voir : https://github.com/containernetworking/cni
sudo iptables -S -t nat |grep mybridge sudo ip netns exec plop ip a sudo ip netns exec plop ip r
cni/blob/master/scripts/priv-net-run.sh
#!/usr/bin/env bash set -e if [[ ${DEBUG} -gt 0 ]]; then set -x; fi # Run a command in a private network namespace # set up by CNI plugins contid=$(printf '%x%x%x%x' $RANDOM $RANDOM $RANDOM $RANDOM) netnspath=/var/run/netns/$contid ip netns add $contid ./exec-plugins.sh add $contid $netnspath function cleanup() { ./exec-plugins.sh del $contid $netnspath ip netns delete $contid } trap cleanup EXIT ip netns exec $contid "$@"
CNI_PATH=$GOPATH/src/github.com/containernetworking/plugins/bin cd $GOPATH/src/github.com/containernetworking/cni/scripts sudo CNI_PATH=$CNI_PATH ./priv-net-run.sh ifconfig
Destruction
sudo CNI_COMMAND=DEL CNI_CONTAINERID=1234567890 CNI_NETNS=/var/run/netns/plop CNI_IFNAME=enp0s8 CNI_PATH=`pwd` ./bridge <mybridge.conf sudo ip netns del plop
Autres
$ sudo ln -s /var/run/docker/netns /var/run/netns $ sudo ip netns list 0f564fcea33c (id: 0) $ sudo ip netns list-id $ ls -l /var/lib/cni/networks/ total 4 drwxr-xr-x 2 root root 4096 Jan 29 14:38 mybridge
https://kubernetes.io/docs/concepts/cluster-administration/networking/
DOCKER_OPTS="--bridge=cbr0 --iptables=false --ip-masq=false"
iptables -t nat -A POSTROUTING ! -d 10.0.0.0/8 -o eth0 -j MASQUERADE sysctl net.ipv4.ip_forward=1
podman ps -p --ns
tech/kubernetes_k8s_-_cni_-_container_network_interface.txt · Dernière modification : de Jean-Baptiste