Container Network Interface (CNI) is a specification for configuring network interfaces in Kubernetes. CNI chain is a mode that allows you to use multiple CNI plug-ins to configure networks in a more flexible manner. In a Container Service for Kubernetes (ACK) cluster, a CNI chain can link multiple CNI plug-ins. Each CNI plug-in handles a network task, such as IP address allocation or routing. When ACK creates containers, the CNI chain calls the first plug-in and transmits the output to the next plug-in until all plug-ins in the chain complete their tasks.
ACK does not guarantee that CNI plug-ins can collaborate with each other. Configuring custom CNI chains is a high-risk operation. Make sure that you understand how a CNI chain works and exercise caution when you configure a CNI chain. Configuration errors can result in business interruptions.
Prerequisites
An ACK managed cluster is created and the cluster uses Terway. For more information, see Create an ACK managed cluster.
Limits
The Terway version is 1.5.6. For more information about how to update a component, see Manage components.
Configure a custom CNI chain
To use a CNI chain, you need to add the CNI plug-ins to be used to the configuration file of Terway. The following portmap
is used as an example to demonstrate how to configure a custom CNI chain.
Run the following command to modify the
eni-config
file:kubectl edit cm -nkube-system eni-config
Add
10-terway.conflist
belowdata
in the configuration file.kind: ConfigMap apiVersion: v1 metadata: name: eni-config namespace: kube-system data: # Define two CNI plug-ins. The Terway plug-in is used to manage elastic network interfaces (ENIs) and allocate IP addresses. The portmap plug-in is used to map ports. 10-terway.conflist: | { # Use the plugins parameter to specify the CNI plug-ins to be used. "plugins": [ { "cniVersion": "0.4.0", "name": "terway", "type": "terway", "capabilities": {"bandwidth": true} # Set bandwidth to true to allow bandwidth plan association. }, { "type": "portmap", "capabilities": {"portMappings": true}, "externalSetMarkChain":"KUBE-MARK-MASQ" # Apply Kubernetes marks to the masquerade mark chain. } ] } # The Terway plug-in is used to manage ENIs and allocate IP addresses. 10-terway.conf: | { "cniVersion": "0.4.0", "name": "terway", "type": "terway", "capabilities": {"bandwidth": true} # Allow bandwidth plan association. }
After you save the configuration, run the following command to delete and recreate the Terway pod:
kubectl delete pod -l app=terway-eniip -nkube-system
Expected output:
pod "terway-eniip-******" deleted
Run the following command to query the content of the configuration file
10-terway.conflist
:cat /etc/cni/net.d/10-terway.conflist
Expected output:
{ "cniVersion": "0.4.0", "name": "terway-chainer", "plugins": [ { "capabilities": { "bandwidth": true }, "type": "terway" }, { "capabilities": { "portMappings": true }, "externalSetMarkChain": "KUBE-MARK-MASQ", "type": "portmap" } ] }
The configuration file
/etc/cni/net.d/10-terway.conflist
is generated on the node that hosts the recreated Terway pod. The output indicates that the custom CNI chain is successfully created.