We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CNI还支持Plugin Chains,即指定一个插件列表,由Runtime依次执行每个插件。这对支持portmapping、vm等非常有帮助。
CNI SPEC支持指定网络配置列表,包含多个网络插件,由Runtime依次执行。注意
prevResult
下面的例子展示了bridge+portmap插件的用法。
首先,配置CNI网络使用bridge+portmap插件:
# cat /root/mynet.conflist { "name": "mynet", "cniVersion": "0.3.0", "plugins": [ { "type": "bridge", "bridge": "mynet", "ipMasq": true, "isGateway": true, "ipam": { "type": "host-local", "subnet": "10.244.10.0/24", "routes": [ { "dst": "0.0.0.0/0" } ] } }, { "type": "portmap", "capabilities": {"portMappings": true} } ] }
然后通过CAP_ARGS设置端口映射参数:
CAP_ARGS
# export CAP_ARGS='{ "portMappings": [ { "hostPort": 9090, "containerPort": 80, "protocol": "tcp", "hostIP": "127.0.0.1" } ] }'
测试添加网络接口:
# ip netns add test # CNI_PATH=/opt/cni/bin NETCONFPATH=/root ./cnitool add mynet /var/run/netns/test { "interfaces": [ { "name": "mynet", "mac": "0a:58:0a:f4:0a:01" }, { "name": "veth2cfb1d64", "mac": "4a:dc:1f:b7:56:b1" }, { "name": "eth0", "mac": "0a:58:0a:f4:0a:07", "sandbox": "/var/run/netns/test" } ], "ips": [ { "version": "4", "interface": 2, "address": "10.244.10.7/24", "gateway": "10.244.10.1" } ], "routes": [ { "dst": "0.0.0.0/0" } ], "dns": {} }
可以从iptables规则中看到添加的规则:
# iptables-save | grep 10.244.10.7 -A CNI-DN-be1eedf7a76853f303ebd -d 127.0.0.1/32 -p tcp -m tcp --dport 9090 -j DNAT --to-destination 10.244.10.7:80 -A CNI-SN-be1eedf7a76853f303ebd -s 127.0.0.1/32 -d 10.244.10.7/32 -p tcp -m tcp --dport 80 -j MASQUERADE
最后,清理网络接口:
# CNI_PATH=/opt/cni/bin NETCONFPATH=/root ./cnitool del mynet /var/run/netns/test
The text was updated successfully, but these errors were encountered:
No branches or pull requests
CNI Plugin Chains
CNI还支持Plugin Chains,即指定一个插件列表,由Runtime依次执行每个插件。这对支持portmapping、vm等非常有帮助。
Network Configuration Lists
CNI SPEC支持指定网络配置列表,包含多个网络插件,由Runtime依次执行。注意
prevResult
传递给其后的插件示例
下面的例子展示了bridge+portmap插件的用法。
首先,配置CNI网络使用bridge+portmap插件:
然后通过
CAP_ARGS
设置端口映射参数:测试添加网络接口:
可以从iptables规则中看到添加的规则:
# iptables-save | grep 10.244.10.7 -A CNI-DN-be1eedf7a76853f303ebd -d 127.0.0.1/32 -p tcp -m tcp --dport 9090 -j DNAT --to-destination 10.244.10.7:80 -A CNI-SN-be1eedf7a76853f303ebd -s 127.0.0.1/32 -d 10.244.10.7/32 -p tcp -m tcp --dport 80 -j MASQUERADE
最后,清理网络接口:
The text was updated successfully, but these errors were encountered: