cni
So what is CNI? To put it succinctly, it is an interface between a network namespace and network plugin. A container runtime (eg. Docker, Rocket) is a network namespace. Network Plugin is the implementation that follows the CNI specification to take a container runtime and configure (attach, detach) it to the network, that the plugin implements.

cni parameters

  • cniVersion: The version of the CNI spec in which the definition works with
  • name: The network name
  • type: The name of the plugin you wish to use. In this case, the actual name of the plugin executable
    args: Optional additional parameters
  • ipMasq: Configure outbound masquerade (source NAT) for this network
  • ipam:
    • type: The name of the IPAM plugin executable
    • subnet: The subnet to allocate out of (this is actually part of the IPAM plugin)
    • routes:
      • dst: The subnet you wish to reach
      • gw: The IP address of the next hop to reach the dst. If not specified the default gateway for the subnet is assumed
  • dns:
    • nameservers: A list of nameservers you wish to use with this network
    • domain: The search domain to use for DNS requests
    • search: A list of search domains
    • options: A list of options to be passed to the receiv

plugins supplied

  • Main: interface-creating
    bridge: Creates a bridge, adds the host and the container to it.
    ipvlan: Adds an ipvlan interface in the container.
    loopback: Set the state of loopback interface to up.
    macvlan: Creates a new MAC address, forwards all traffic to that to the container.
    ptp: Creates a veth pair.
    vlan: Allocates a vlan device.
    host-device: Move an already-existing device into a container.

  • IPAM: IP address allocation
    dhcp: Runs a daemon on the host to make DHCP requests on behalf of the container
    host-local: Maintains a local database of allocated IPs
    static: Allocate a static IPv4/IPv6 addresses to container and it’s useful in debugging purpose.

  • other plugins:
    flannel: Generates an interface corresponding to a flannel config file
    tuning: Tweaks sysctl parameters of an existing interface
    portmap: An iptables-based portmapping plugin. Maps ports from the host’s address space to the container.
    bandwidth: Allows bandwidth-limiting through use of traffic control tbf (ingress/egress).
    sbr: A plugin that configures source based routing for an interface (from which it is chained).
    firewall: A firewall plugin which uses iptables or firewalld to add rules to allow traffic to/from the container.

how a pod gets an IP address
refer

cni

Container network
refer

libnetwork
refer

cnm
compare
cnm
cni