Interconnection with the CNI Network

Overview

The container runtime interface (CRI) is provided to connect to the CNI network, including parsing the CNI network configuration file and adding or removing a pod to or from the CNI network. When a pod needs to support a network through a container network plug-in such as Canal, the CRI needs to be interconnected to Canal so as to provide the network capability for the pod.

Common CNIs

Common CNIs include CNI network configuration items in the CNI network configuration and pod configuration. These CNIs are visible to users.

  • CNI network configuration items in the CNI network configuration refer to those used to specify the path of the CNI network configuration file, path of the binary file of the CNI network plug-in, and network mode. For details, see Table 1.
  • CNI network configuration items in the pod configuration refer to those used to set the additional CNI network list to which the pod is added. By default, the pod is added only to the default CNI network plane. You can add the pod to multiple CNI network planes as required.

Table 1 CNI network configuration items

Function

Command

Configuration File

Description

Path of the binary file of the CNI network plug-in

--cni-bin-dir

"cni-bin-dir": "",

The default value is /opt/cni/bin.

Path of the CNI network configuration file

--cni-conf-dir

"cni-conf-dir": "",

The system traverses all files with the extension .conf, .conflist, or .json in the directory. The default value is /etc/cni/net.d.

Network mode

--network-plugin

"network-plugin": "",

Specifies a network plug-in. The value is a null character by default, indicating that no network configuration is available and the created sandbox has only the loop NIC. The CNI and null characters are supported. Other invalid values will cause iSulad startup failure.

Additional CNI network configuration mode:

Add the network plane configuration item “network.alpha.kubernetes.io/network” to annotations in the pod configuration file.

The network plane is configured in JSON format, including:

  • name: specifies the name of the CNI network plane.
  • interface: specifies the name of a network interface.

The following is an example of the CNI network configuration method:

"annotations" : {
        "network.alpha.kubernetes.io/network": "{\"name\": \"mynet\", \"interface\": \"eth1\"}"
 }

  

CNI Network Configuration Description

The CNI network configuration includes two types, both of which are in the .json file format.

  • Single-network plane configuration file with the file name extension .conf or .json. For details about the configuration items, see Table 1 in the appendix.
  • Multi-network plane configuration file with the file name extension .conflist. For details about the configuration items, see Table 3 in the appendix.

Adding a Pod to the CNI Network List

If –network-plugin=cni is configured for iSulad and the default network plane is configured, a pod is automatically added to the default network plane when the pod is started. If the additional network configuration is configured in the pod configuration, the pod is added to these additional network planes when the pod is started.

port_mappings in the pod configuration is also a network configuration item, which is used to set the port mapping of the pod. To set port mapping, perform the following steps:

"port_mappings":[
     { 
         "protocol": 1,
         "container_port": 80,
         "host_port": 8080
      }
]
  • protocol: protocol used for mapping. The value can be tcp (identified by 0) or udp (identified by 1).
  • container_port: port through which the container is mapped.
  • host_port: port mapped to the host.

Removing a Pod from the CNI Network List

When StopPodSandbox is called, the interface for removing a pod from the CNI network list will be called to clear network resources.

NOTE:

  1. Before calling the RemovePodSandbox interface, you must call the StopPodSandbox interface at least once.
  2. If StopPodSandbox fails to call the CNI, residual network resources may exist.

Usage Restrictions

  • Currently, only CNI 0.3.0 and CNI 0.3.1 are supported. In later versions, CNI 0.1.0 and CNI 0.2.0 may need to be supported. Therefore, when error logs are displayed, the information about CNI 0.1.0 and CNI 0.2.0 is reserved.
  • name: The value must contain lowercase letters, digits, hyphens (-), and periods (.) and cannot be started or ended with a hyphen or period. The value can contain a maximum of 200 characters.
  • The number of configuration files cannot exceed 200, and the size of a single configuration file cannot exceed 1 MB.
  • The extended parameters need to be configured based on the actual network requirements. Optional parameters do not need to be written into the netconf.json file.

有奖捉虫

“有虫”文档片段

存在的问题

提交类型 issue
有点复杂...
找人问问吧。
PR
小问题,全程线上修改...
一键搞定!
问题类型
规范和低错类

● 错别字或拼写错误;标点符号使用错误;

● 链接错误、空单元格、格式错误;

● 英文中包含中文字符;

● 界面和描述不一致,但不影响操作;

● 表述不通顺,但不影响理解;

● 版本号不匹配:如软件包名称、界面版本号;

易用性

● 关键步骤错误或缺失,无法指导用户完成任务;

● 缺少必要的前提条件、注意事项等;

● 图形、表格、文字等晦涩难懂;

● 逻辑不清晰,该分类、分项、分步骤的没有给出;

正确性

● 技术原理、功能、规格等描述和软件不一致,存在错误;

● 原理图、架构图等存在错误;

● 命令、命令参数等错误;

● 代码片段错误;

● 命令无法完成对应功能;

● 界面错误,无法指导操作;

风险提示

● 对重要数据或系统存在风险的操作,缺少安全提示;

内容合规

● 违反法律法规,涉及政治、领土主权等敏感词;

● 内容侵权;

您对文档的总体满意度

非常不满意
非常满意
创Issue赢奖品
根据您的反馈,会自动生成issue模板。您只需点击按钮,创建issue即可。