cni | 容器网络接口规范|Container Networking Interface Specification

2022-04-18 19:27:37 浏览数 (1)

Why develop CNI?

为什么要开发CNI?

Application containers on Linux are a rapidly evolving area, and within this area networking is not well addressed as it is highly environment-specific. We believe that many container runtimes and orchestrators will seek to solve the same problem of making the network layer pluggable.

Linux上的容器化应用程序是一个快速发展的领域,在这个领域中,网络没有得到很好的解决,因为它是高度特殊的环境。我们相信,许多容器运行时和编排器都在寻求解决使网络层可插拔这一相同问题。

  1. rapidly 快速
  2. evolving 发展
  3. addressed 解决

To avoid duplication, we think it is prudent to define a common interface between the network plugins and container execution: hence we put forward this specification, along with libraries for Go and a set of plugins.

为了避免重复,我们认为在网络插件和容器执行之间定义一个通用接口是明智的:因此我们提出了这个规范,以及Go库和一组插件。

  1. duplication 重复
  2. prudent 谨慎的,慎重的,深谋远虑董,精明的

Who is using CNI?

谁在使用 CNI?

Container runtimes 容器运行时

  • Kubernetes - a system to simplify container operations一个简化的容器操作系统
  • Containerd - A CRI-compliant container runtime 符合 CRI 标准的容器运行时 An industry-standard container runtime with an emphasis on simplicity, robustness and portability
  • 强调简单性、稳健性和可移植性的行业标准容器运行时
  • As of February 28, 2019, containerd is officially a graduated project within the Cloud Native Computing Foundation, following Kubernetes, Prometheus, Envoy, and CoreDNS. We'd like to thank the amazing containerd community for making this all possible and we're excited for the future of the project
  • .截至 2019 年 2 月 28 日,containerd 正式成为云原生计算基金会的一个毕业项目,仅次于 Kubernetes、Prometheus、Envoy 和 CoreDNS。我们要感谢令人惊叹的容器社区使这一切成为可能,我们对项目的未来感到兴奋。
  • cri-o - A lightweight container runtime 轻量级容器运行时
  • OpenShift - Kubernetes with additional enterprise features 具有附加企业功能特性的 Kubernetes
  • Cloud Foundry - a platform for cloud applications
  • Apache Mesos - a distributed systems kernel
  • Amazon ECS - a highly scalable, high performance container management service
  • Singularity - a container platform optimized for HPC, EPC, and AI
  • OpenSVC - an orchestrator for legacy and containerized application stacks

3rd party plugins 第三方插件

  • Project Calico - a layer 3 virtual network 第 3 层虚拟网络
  • Weave - a multi-host Docker network 多主机 Docker 网络
  • Contiv Networking - policy networking for various use cases 适用于各种用例的策略网络
  • SR-IOV
  • Cilium - BPF & XDP for containers 用于容器的 BPF 和 XDP
  • Infoblox - enterprise IP address management for containers
  • Multus - a Multi plugin
  • Romana - Layer 3 CNI plugin supporting network policy for Kubernetes
  • CNI-Genie - generic CNI network plugin
  • Nuage CNI - Nuage Networks SDN plugin for network policy kubernetes support
  • Silk - a CNI plugin designed for Cloud Foundry
  • Linen - a CNI plugin designed for overlay networks with Open vSwitch and fit in SDN/OpenFlow network environment
  • Vhostuser - a Dataplane network plugin - Supports OVS-DPDK & VPP
  • Amazon ECS CNI Plugins - a collection of CNI Plugins to configure containers with Amazon EC2 elastic network interfaces (ENIs)
  • Bonding CNI - a Link aggregating plugin to address failover and high availability network
  • ovn-kubernetes - a container network plugin built on Open vSwitch (OVS) and Open Virtual Networking (OVN) with support for both Linux and Windows
  • Juniper Contrail / TungstenFabric - provides an overlay SDN solution, delivering multicloud networking, hybrid cloud networking, simultaneous overlay-underlay support, network policy enforcement, network isolation, and service chaining and flexible load balancing
  • Knitter - a CNI plugin supporting multiple networking for Kubernetes
  • DANM - a CNI-compliant networking solution for TelCo workloads running on Kubernetes
  • VMware NSX – a CNI plugin that enables automated NSX L2/L3 networking and L4/L7 Load Balancing; network isolation at the pod, node, and cluster level; and zero-trust security policy for your Kubernetes cluster.
  • cni-route-override - a meta CNI plugin that override route information
  • Terway - a collection of CNI Plugins based on alibaba cloud V**/ECS network product 基于阿里云专有网络/ECS 网络产品的 CNI 插件集合
  • Cisco ACI CNI - on-premise and cloud container networking with a consistent policy and security model
  • Kube-OVN - a CNI plugin that bases on OVN/OVS and provides advanced features like subnet, static ip, ACL, QoS, etc.基于OVN / OVS并提供高级功能(如子网,静态IP,ACL,QoS等)的CNI插件。
  • Project Antrea - an Open vSwitch Kubernetes CNI
  • OVN4NFV-K8S-Plugin - a OVN based CNI controller plugin to provide cloud native based Service function chaining (SFC), Multiple OVN overlay networking

How do I use CNI?

如何使用 CNI?

The CNI spec is language agnostic. To use the Go language libraries in this repository, you’ll need a recent version of Go.

CNI 规范与语言无关。要使用此存储库中的 Go 语言库,您需要最新版本的 Go。

Reference Plugins 参考插件

https://github.com/containernetworking/plugins

Main: interface-creating

  • bridge: Creates a bridge, adds the host and the container to it. 创建桥接,将主机和容器添加到其中。
  • ipvlan: Adds an ipvlan interface in the container. 在容器中添加 ipvlan 接口。
  • loopback: Set the state of loopback interface to up. 将环回接口的状态设置为 up。
  • macvlan: Creates a new MAC address, forwards all traffic to that to the container. 创建一个新的 MAC 地址,将所有流量转发到该地址到容器。
  • ptp: Creates a veth pair. 创建 veth 对。
  • vlan: Allocates a vlan device. 分配虚拟网络设备。
  • host-device: Move an already-existing device into a container. 将现有设备移动到容器中。

IPAM: IP address allocation

  • dhcp: Runs a daemon on the host to make DHCP requests on behalf of the container。在主机上运行守护程序以代表容器发出 DHCP 请求
  • host-local: Maintains a local database of allocated IPs 在本地数据库维护已分配 IP
  • static: Allocate a static IPv4/IPv6 addresses to container and it's useful in debugging purpose.将静态 IPv4/IPv6 地址分配给容器,这在调试目的中很有用。

Meta: other plugins

  • tuning: Tweaks sysctl parameters of an existing interface 调整现有接口的 sysctl 参数
  • portmap: An iptables-based portmapping plugin. Maps ports from the host's address space to the container. 一个基于iptables的端口映射插件。将端口从主机的地址空间映射到容器。
  • bandwidth: Allows bandwidth-limiting through use of traffic control tbf (ingress/egress). 允许通过使用流量控制 tbf(入口/出口)来限制带宽。
  • sbr: A plugin that configures source based routing for an interface (from which it is chained). 为接口(链接接口)配置基于源的路由的插件。
  • firewall: A firewall plugin which uses iptables or firewalld to add rules to allow traffic to/from the container. 一个防火墙插件,它使用 iptables 或 firewalld 来添加规则以允许进出容器的流量。

What might CNI do in the future?

CNI将来会做什么?

CNI currently covers a wide range of needs for network configuration due to its simple model and API. However, in the future CNI might want to branch out into other directions:

CNI由于其简单的模型和API,目前涵盖了广泛的网络配置需求。但是,将来 CNI 可能希望扩展到其他方向:

  • Dynamic updates to existing network configuration 动态更新现有网络配置
  • Dynamic policies for network bandwidth and firewall rules 网络带宽和防火墙规则的动态策略

Where are the binaries?二进制文件在哪里?

https://github.com/containernetworking/plugins

容器 kubernetes ipv6 tcp/ip linux

0 人点赞