how to customize a CNI chain - Container Service for Kubernetes

Container Network Interface (CNI) is a specification for configuring network interfaces in Kubernetes. CNI chain is a mode that allows you to use multiple CNI plug-ins to configure networks in a more flexible manner. In a Container Service for Kubernetes (ACK) cluster, a CNI chain can link multiple CNI plug-ins. Each CNI plug-in handles a network task, such as IP address allocation or routing. When ACK creates containers, the CNI chain calls the first plug-in and transmits the output to the next plug-in until all plug-ins in the chain complete their tasks.

Warning

ACK does not guarantee that CNI plug-ins can collaborate with each other. Configuring custom CNI chains is a high-risk operation. Make sure that you understand how a CNI chain works and exercise caution when you configure a CNI chain. Configuration errors can result in business interruptions.

Prerequisites

An ACK managed cluster is created and the cluster uses Terway. For more information, see Create an ACK managed cluster.

Limits

The Terway version is 1.5.6. For more information about how to update a component, see Manage components.

Configure a custom CNI chain

To use a CNI chain, you need to add the CNI plug-ins to be used to the configuration file of Terway. The following portmap is used as an example to demonstrate how to configure a custom CNI chain.

Run the following command to modify the eni-config file:
```
kubectl edit cm -nkube-system eni-config
```

Add 10-terway.conflist below data in the configuration file.

kind: ConfigMap
apiVersion: v1
metadata:
  name: eni-config
  namespace: kube-system
data:
#  Define two CNI plug-ins. The Terway plug-in is used to manage elastic network interfaces (ENIs) and allocate IP addresses. The portmap plug-in is used to map ports. 
  10-terway.conflist: |
      {
# Use the plugins parameter to specify the CNI plug-ins to be used. 
        "plugins": [
          {
            "cniVersion": "0.4.0",
            "name": "terway",
            "type": "terway",
            "capabilities": {"bandwidth": true} # Set bandwidth to true to allow bandwidth plan association. 
          },
          {
            "type": "portmap",
            "capabilities": {"portMappings": true},
            "externalSetMarkChain":"KUBE-MARK-MASQ" # Apply Kubernetes marks to the masquerade mark chain. 
          }
        ]
      }
# The Terway plug-in is used to manage ENIs and allocate IP addresses. 
  10-terway.conf: |
    {
      "cniVersion": "0.4.0",
      "name": "terway",
      "type": "terway",
      "capabilities": {"bandwidth": true} # Allow bandwidth plan association. 
    }

After you save the configuration, run the following command to delete and recreate the Terway pod:
```
kubectl delete pod -l app=terway-eniip -nkube-system
```
Expected output:
```
pod "terway-eniip-******" deleted
```

Run the following command to query the content of the configuration file 10-terway.conflist:

cat /etc/cni/net.d/10-terway.conflist

Expected output:

{
  "cniVersion": "0.4.0",
  "name": "terway-chainer",
  "plugins": [
    {
      "capabilities": {
        "bandwidth": true
      },
      "type": "terway"
    },
    {
      "capabilities": {
        "portMappings": true
      },
      "externalSetMarkChain": "KUBE-MARK-MASQ",
      "type": "portmap"
    }
  ]
}

The configuration file /etc/cni/net.d/10-terway.conflist is generated on the node that hosts the recreated Terway pod. The output indicates that the custom CNI chain is successfully created.