Fabric of kubernetes CNI plug-in

CNI（Container Networking Interface） It is the interface between the container runtime and the network implementation . It allows different projects , Such as  Tungsten Fabric, Provide CNI Plug in implementation , And use them to manage  Kubernetes  Network in cluster . In this post , You will learn how to use Tungsten Fabric As Kubernetes CNI Plug in to ensure the network connection between the container and bare metal . You will also see a use TF CNI The plug-in will Kubernetes Cluster nested deployment to OpenStack VM Example in .

CNI The interface itself is very simple . The most important operation it must implement is ADD and DEL. seeing the name of a thing one thinks of its function ,ADD The function of is to add containers to the network , and DEL The function of is to delete the container from the network . That's it . But are these functions implemented ？ 

The first thing to do ：kubelet It runs on every node in the cluster Kubernetes A daemon . When the user creates a new Pod when ,Kubernetes API The server will command one to run in this Pod On the scheduled node kubelet To create Pod. then kubelet Will be for pod Create a network namespace , And by running the so-called “ Pause ” Container to allocate it . One of the functions of this container is to maintain the network namespace , The namespace will be in pod Shared among all containers in . That's why pod Inner containers can use loopback interfaces to interact “ dialogue ” Why . then , about pod Each container defined in ,kubelet Will be called CNI plug-in unit . 

But how does it know how to use each plug-in ？ First , It is in the predefined directory （  Default by /etc/cni/net.d ） Search for CNI The configuration file . When using Tungsten Fabric when ,kubelet You will find such a file ：

{
    "cniVersion": "0.3.1",
    "contrail" : {
        "cluster-name"  : "<CLUSTER-NAME>",
        "meta-plugin"   : "<CNI-META-PLUGIN>",
        "vrouter-ip"    : "<VROUTER-IP>",
        "vrouter-port"  : <VROUTER-PORT>,
        "config-dir"    : "/var/lib/contrail/ports/vm",
        "poll-timeout"  : <POLL-TIMEOUT>,
        "poll-retries"  : <POLL-RETRIES>,
        "log-file"      : "/var/log/contrail/cni/opencontrail.log",
        "log-level"     : "<LOG-LEVEL>"
    },
    "name": "contrail-k8s-cni",
    "type": "contrail-k8s-cni"
  }

This file, along with other parameters, specifies CNI The name of the plug-in and vRouter Acting IP (vrouter-ip) And port (vrouter-port). By viewing this file ,kubelet Know that it should be called “contrail-k8s-cni” Of CNI Plug in binaries . It is in the predefined directory （  Default by /opt/cni/bin ） Find it in , When it wants to create a new container , Use the command passed through the environment variable ADD And other parameters （ for example ：pod The path of the network ） Execute its namespace 、 Containers ID And container network interface name .Contrail-k8s-cni Binary （ You can   Here, Find its source code ） These parameters will be read and reported to vRouter The agent sends the appropriate request .

  chart 1. Use Kubernetes Conduct Tungsten Fabric Calculation  

vRouter Agent Our job is to create the actual interface for the container . But how does it know how to configure an interface ？ As you can see in the above figure , It is from Tungsten Fabric Control Get all this information . that ,Tungsten Fabric Control Is how to know all pod、 Their namespaces and so on ？ This is it. Tungsten Fabric Kube Manager（ You can   Here, Find its source code ） Where it comes in handy . It is a separate service , And others Tungsten Fabric SDN Start the controller components together . You can see it in the lower left corner of the figure below .

Kubemanager It's a monitor Kubernetes API Server events , for example ：pod establish 、 Namespace creation 、 Service creation 、 Delete . It monitors these events , Deal with them , And then in Tungsten Fabric Config API Created in 、 Modify or delete the appropriate object . then ,Tungsten Fabric Control These objects will be found and information about them will be provided to vRouter agent . then vRouter The agent can finally create a properly configured interface for the container . This is it. Tungsten Fabric It can be used as Kubernetes CNI How plug-ins work .

because Tungsten Fabric and Kubernetes It's integrated , Container based workloads can be combined with virtual machine or bare metal server workloads . Besides , The connection rules between these environments can be managed in one place .

Tungsten Fabric Nested deployment

From the perspective of the Internet , Virtual machines and containers for Tungsten Fabric It's almost the same thing , Therefore, it is possible to deploy them together . Besides , except Kubernetes,Tungsten Fabric You can also OpenStack Integrate . Thanks to that , These two platforms can be combined . Suppose we have used Tungsten Fabric Deployed OpenStack, But we want to deploy some workloads using containers . Use Tungsten Fabric, We can create so-called nested deployments ——OpenStack Computing virtual machines , Its upper part is signed Kubernetes colony ,Tungsten Fabric As CNI plug-in unit . 

You don't need to deploy all Tungsten Components , Because most of them are already running and controlling OpenStack The Internet . however , In nesting Kubernetes On a node in the cluster , It is best to Kubernetes Master node , We have to start Tungsten Fabric Kube Manager（ As mentioned above ）. It will connect to Kubernetes API Server and usage OpenStack The deployment of Tungsten Fabric Config Api The server . 

Last ,Tungsten Fabric CNI The plug-in and its configuration file must exist in every nested Kubernetes On calculation node . Please note that ,Tungsten Fabric vRouter and vRouter Agent There is no need to deploy in nested Kubernetes Node , Because these components are already in OpenStack Run on the compute node , also Tungsten Fabric CNI Plug ins can send requests directly to them .

chart 3. OpenStack Upper Kubernetes And Tungsten Fabric The Internet  （ Zoom in ） 

         And Tungsten Fabric Integrated Kubernetes Nested deployment of clusters is a simple way to start deploying container based workloads , Especially for those who have been using OpenStack For enterprises that manage their virtual machines . Network administrators can use their Tungsten Fabric Professional knowledge , Without having to master new tools and concepts .

Translation links ：Tungsten Fabric as a Kubernetes CNI plugin - Tungsten Fabric