Dockin CNI - Dockin Container Network Interface

Related tags

Network Dockin-CNI
Overview

Dockin CNI - Dockin Container Network Interface

License

English | 中文

For more Dockin components, please visit https://github.com/WeBankFinTech/Dockin

Dockin cni

dockin cni used to manager pod network, interact with resource manager(RM), support:

  • create single network
  • create multiple network
  • only support dockin-ipam ipam plugin
  • only support bridge to manage network

dockin cni must work with

  • dockin-cni, main plugin, used to call bridge to manage network, and communicate with rm
  • dockin-ipam, used to assign ip
  • bridge, used to manage network

Quick Start

1. cni configuration

You should put cni config file to /etc/cni/net.d (Default config path using by kubelet. If you redirect the config path, put the config to the path that your kubelet using).

The name of config file name can named like 00-dockin-cni.json.

configuration sample:

{
    "cniVersion": "0.2.0",
    "name": "dockin-cni",
    "type": "dockin-cni",
    "confDir": "/etc/cni/dockin/net.d",
    "binDir": "/opt/cni/bin",
    "logFile": "/data/kubernetes/dockin-cni.log",
    "logLevel": "debug",
    "backend": "http://localhost:10002/rmController/getPodMultiNetwork"
}

all the parameters a described as follows:

  • cniVersion, support version
  • name, the name about this cni plugin
  • type, binary execution file, always be dockin-cni
  • confDir, the dir about network configuration
  • binDir, the binary execution about bridge
  • logFile, file to store the dockin-cni's log
  • logLevel, log level, support error/info/debug
  • backend, the api address of webhook, here using the api of dockin-RM as the sample.

2. Network configuration

We need to create network config file as well.

Step1: Using webhook to get network type.

Firstly, you should have a web server(webhook) to get the pod (multi)network information, and implement an API with podName query parameter:

:/?podName=

Here we using Dockin-RM as the sample. You can use curl to access RM, for example:

curl 127.0.0.1:10002/rmController/getPodMultiNetwork?podName=

If there is no error, you will get response like this. You web API must return a struct as below as well.

{
    "code": 0,
    "reqId": "1234",
    "message": "success",
    "data": [
        {
            "type": "test",
            "podIp": "192.168.1.2",
            "subnetMask": "255.255.255.0",
            "gateway": "192.168.1.1",
            "ifName": "eth0",
            "master": true
        },
        {
            "type": "dockin",
            "podIp": "192.168.2.2",
            "subnetMask": "255.255.255.0",
            "gateway": "192.168.1.1",
            "ifName": "net0",
            "master": false
        }
    ]
}

in the sample:

  • code, indicates the response code, 0 means success, otherwise failed
  • message, indicates the description about this response, success or failed message
  • data, is the array about network information
    • type, network type,
    • podIp, the ip which will assign to this network
    • subnetMask, mask about this network
    • gateway, the gateway about this network
    • ifName, the network device name about this network, which will show in ifconfig or ip a
    • master, weather the main network, which will show in kubectl get pods, and this must be single in a pod

What we need to pay attention to is the field type. In the sample, there is two types: test and dockin

Step2: create network config file.

network configuration is the bridge configuration, for more details:

https://github.com/containernetworking/plugins/tree/master/plugins/main/bridge

network configuration are json files which stored in confDir set in the cni configuration. and will pass to kubelet create network.

{
  "cniVersion": "0.2.0",
  "name": "dockin",
  "type": "bridge",
  "bridge": "br1"
}
  • cniVersion, indicate the version support in this cni
  • name, the network name, must be same with the rm type
  • type, only support bridge to manage network
  • bridge, the bridge name about this network, multiple network can assign different bridge name

Now, let's start to create network config.

  • Firstly, create config dir:

You can find the path in the 00-dockin-cni.json

mkdir -p /etc/cni/dockin/net.d  
  • Secondly,create config file:

In the sample as above, we need to create two network config file.

1.create config for type test

touch /etc/cni/dockin/net.d/test.json

content:

{
  "cniVersion": "0.2.0",
  "name": "test", // type
  "type": "bridge",
  "bridge": "br0"
}

2.create config for type dockin

touch /etc/cni/dockin/net.d/dockin.json

content:

{
  "cniVersion": "0.2.0",
  "name": "dockin", // type
  "type": "bridge",
  "bridge": "br0"
}

3. Put executable binary to binDir

You can using make to build dockin-cni and dockin-ipam. Then put them to binDir in the 00-dockin-cni.json. The binDir is /opt/cni/bin normally.

Dockin-ipam: static IP address management plugin

Overview

static IPAM is very simple IPAM plugin that assigns IPv4 and IPv6 addresses statically to container. This will be useful in case of assign same IP address in different vlan/vxlan to containers.

Example configuration

{
	"ipam": {
		"type": "static",
		"addresses": [
			{
				"address": "192.168.0.1/24",
				"gateway": "192.168.0.254"
			},
			{
				"address": "3ffe:ffff:0:01ff::1/64",
				"gateway": "3ffe:ffff:0::1"
			}
		],
		"routes": [
			{ "dst": "0.0.0.0/0" },
			{ "dst": "192.168.0.0/16", "gw": "192.168.1.1" },
			{ "dst": "3ffe:ffff:0:01ff::1/64" }
		],
		"dns": {
			"nameservers" : ["8.8.8.8"],
			"domain": "example.com",
			"search": [ "example.com" ]
		}
	}
}

Network configuration reference

  • type (string, required): "static"
  • addresses (array, optional): an array of ip address objects:
    • address (string, required): CIDR notation IP address.
    • gateway (string, optional): IP inside of "subnet" to designate as the gateway.
  • routes (string, optional): list of routes add to the container namespace. Each route is a dictionary with "dst" and optional "gw" fields. If "gw" is omitted, value of "gateway" will be used.
  • dns (string, optional): the dictionary with "nameservers", "domain" and "search".

Supported arguments

The following CNI_ARGS are supported:

  • IP: request a specific CIDR notation IP addresses, comma separated

  • GATEWAY: request a specific gateway address

    (example: CNI_ARGS="IP=192.168.1.1/24;GATEWAY=192.168.1.254")

The plugin also support following capability argument.

  • ips: Pass IP addresses for CNI interface

The following args conventions are supported:

  • ips (array of strings): A list of custom IPs to attempt to allocate, with prefix (e.g. '192.168.1.1/24')

Notice: If some of above are used at same time, only one will work according to the priorities below

  1. capability argument
  2. args conventions
  3. CNI_ARGS
You might also like...
Mount your podman container into WireGuard networks on spawn

wg-pod A tool to quickly join your podman container/pod into a WireGuard network. Explanation wg-pod wires up the tools ip,route,wg and podman. It cre

Hybridnet is an open source container networking solution, integrated with Kubernetes and used officially by following well-known PaaS platforms

Hybridnet What is Hybridnet? Hybridnet is an open source container networking solution, integrated with Kubernetes and used officially by following we

Go application of a gRPC client and server, built for Azure Container Apps

gRPC Sample : Go View this sample in other languages C# Go Java JavaScript Python The following is a sample of a gRPC client calling another container

Traefik plugin to proxy requests to owasp/modsecurity-crs:apache container
Traefik plugin to proxy requests to owasp/modsecurity-crs:apache container

Traefik Modsecurity Plugin Traefik plugin to proxy requests to owasp/modsecurity-crs:apache Traefik Modsecurity Plugin Demo Full Configuration with do

Automatically exposes the remote container's listening ports back to the local machine

Auto-portforward (apf) A handy tool to automatically set up proxies that expose the remote container's listening ports back to the local machine. Just

Go language interface to the Libcircle distributed-queue API

Circle Description The Circle package provides a Go interface to the Libcircle distributed-queue API. Despite the name, Circle has nothing to do with

RS232 / Serial interface for go

A simple serial interface for go. This is a yak I shaved so I could use go both for Arduino work and Amateur radio (APRS) work. There are many things

gnoic is a gNOI client command line interface

gnoic is a gNOI CLI client that provides support for gNOI Certificate Managment, File and System Services. Documentation available at https://gnoic.km

Releases(v0.1.0)
  • v0.1.0(Feb 2, 2021)

    Dockin-CNI v0.1.0

    The first release of dockin-cni.

    • Scroll down to view the English document.

    部署指南

    准备工作

    • 需要一个webhook地址,用于cni获取pod的网络信息

    可在dockin-cni项目的readme中找到更多关于webhook的信息.

    安装

    使用setup.sh脚本部署cni。

    Usage:
    
      sh setup.sh <option> <webhook url> <network types>
    
      * Supported options: install, uninstall 
      * If you have more than one network type, using comma to split.
    

    示例:

    sh setup.sh install http://127.0.0.1:10002/rmController/getPodMultiNetwork test,dockin
    

    如果你的kubelet的使用的不是默认的cni配置项,那么需要关注setup.sh中以下两个配置项,这两个配置项需要跟kubelet实际使用的配置相对应。

    CNI_CONF_PATH="/etc/cni/net.d/"
    BIN_DIR="/opt/cni/bin"
    

    卸载

    使用以下命令卸载dockin-cni。

    PS: 卸载操作不会删除network配置文件,需要自行手动删除,网络配置文件的所在路径默认为/etc/cni/dockin

    sh setup.sh uninstall
    

    Feature

    • MultiNetwork
    • Static IP Address for pod

    Deploy Guide

    Preparations

    • A webhook for cni to get pod network information.

    You can looking for readme.md in dokcin-cni project for more detail about webhook.

    Installation

    Using setup.sh to deploy dockin-cni.

    Usage:
    
      sh setup.sh <option> <webhook url> <network types>
    
      * Supported options: install, uninstall 
      * If you have more than one network type, using comma to split.
    

    For example:

    sh setup.sh install http://127.0.0.1:10002/rmController/getPodMultiNetwork test,dockin
    

    If your kubelet is not using the default CNI configuration, maybe you shoud check the following options in setup.sh.

    CNI_CONF_PATH="/etc/cni/net.d/"
    BIN_DIR="/opt/cni/bin"
    

    Uninstallation

    Using following command to uninstall.

    PS: Uninstall will not remove the network config file, you should delete it manually.

    sh setup.sh uninstall
    
    Source code(tar.gz)
    Source code(zip)
    dockin-cni_0.1.0_dist.tar.gz(5.51 MB)
Owner
WeBankFinTech
WeBankFinTech
Ananas is an experimental project for kubernetes CSI (Container Storage Interface) by using azure disk. Likewise, Ananas is the name of my cute british shorthair.

ananas Ananas is an experimental project for kubernetes CSI (Container Storage Interface) by using azure disk. Likewise, Ananas is the name of my cute

null 7 Aug 4, 2021
A TCP proxy used to expose services onto a tailscale network without root. Ideal for container environments.

tailscale-sidecar This is barely tested software, I don't guarantee it works but please make an issue if you use it and find a bug. Pull requests are

Mark Pashmfouroush 93 Sep 20, 2022
A small tool used to correspond to the IP address according to the name, id, and network alias of the docker container, which can be run as a DNS server

A small tool used to correspond to the IP address according to the name, id, and network alias of the docker container, which can be run as a DNS server

Swift 5 Apr 4, 2022
gNXI Tools - gRPC Network Management/Operations Interface Tools

gNxI Tools gNMI - gRPC Network Management Interface gNOI - gRPC Network Operations Interface A collection of tools for Network Management that use the

Google 221 Sep 12, 2022
Package raw enables reading and writing data at the device driver level for a network interface. MIT Licensed.

raw Package raw enables reading and writing data at the device driver level for a network interface. MIT Licensed. For more information about using ra

Matt Layher 423 Jul 27, 2022
A LoRaWAN nodes' and network simulator that works with a real LoRaWAN environment (such as Chirpstack) and equipped with a web interface for real-time interaction.

LWN Simulator A LoRaWAN nodes' simulator to simulate a LoRaWAN Network. Table of Contents General Info Requirements Installation General Info LWN Simu

ARSLab 26 Jul 16, 2022
Package socket provides a low-level network connection type which integrates with Go's runtime network poller to provide asynchronous I/O and deadline support. MIT Licensed.

socket Package socket provides a low-level network connection type which integrates with Go's runtime network poller to provide asynchronous I/O and d

Matt Layher 44 Aug 3, 2022
Magma is an open-source software platform that gives network operators an open, flexible and extendable mobile core network solution.

Connecting the Next Billion People Magma is an open-source software platform that gives network operators an open, flexible and extendable mobile core

Magma 1.4k Sep 22, 2022
A simple network analyzer that capture http network traffic

httpcap A simple network analyzer that captures http network traffic. support Windows/MacOS/Linux/OpenWrt(x64) https only capture clienthello colorful

null 1 Nov 24, 2021
Zero Trust Network Communication Sentinel provides peer-to-peer, multi-protocol, automatic networking, cross-CDN and other features for network communication.

Thank you for your interest in ZASentinel ZASentinel helps organizations improve information security by providing a better and simpler way to protect

ZTALAB 7 Sep 15, 2022