Day 12/100daysofK8s
We know that K8s is compatible with the CNI rules and hence can use the networking plugins abiding to CNI rules. But to know where to look for these plugins, we specify a few cni related config in the service that is responsible for creating containers because it is also responsible for establishing networking in the containers, i.e. kubelet service. These plugins must be invoked after a container is created/destroyed.
kubelet.service
--------network-plugin=cni
--cni-config-dir=/etc/cni/net.d
--cni-bin-dir=/opt/cni/bin
--cni-bin-dir contains binaries of all the available networking plugins.
--cni-config-dir has plugin specific configuration in the standard format defined for a plugin configuration file.
Sample conf file —
/etc/cni/net.d/87-podman-bridge.conflist
----------
{
"cniVersion": "0.4.0",
"name": "podman",
"plugins": [
{
"type": "bridge",
"bridge": "cni-podman0",
"isGateway": true,
"ipMasq": true,
"hairpinMode": true,
"ipam": {
"type": "host-local",
"routes": [{ "dst": "0.0.0.0/0" }],
"ranges": [
[
{
"subnet": "10.88.0.0/16",
"gateway": "10.88.0.1"
}
]
]
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
},
{
"type": "firewall"
},
{
"type": "tuning"
}
]
}name ->name of the plugin
plugin.type ->plugin type
plugin.isGateway -> whether an IP address should be assigned to it to act as a gateway
plugin.ipMasq ->whether a NAT rule should be added to the routing table for IP Masquerading
plugin.ipam -> defined IPAM configuration where we define an IP range for the private subnet or the range of IP addresses that will be assigned to the pods and any necessary routes.
plugin.ipam.type -> here is host-local indicates that the addresses are managed locally on this host. The type can be set to DHCP to do a remote management via an external DHCP server.
