Updated April 15, 2023
Introduction to Kubernetes CNI
Kubernetes uses cni to enable the networking, here CNI stands for container Network Interface. It is a plugin which we can install, and it also helps us to achieve high availability and throughput, minimal network jitter and low latency etc. By installing CNI it allows the Kubernetes pods to have the same IP as they contain the on VPC network, it also controls the allocation of IP address and ENIs for pod startup. In short CNI plugin helps us to enable us or enable us to insert any network interface into the container namespace and allows us to edit the host, after that it basically assign an IP address to the network interface. In the coming section of the tutorial, we will have closer look at the internal working and setup for the Kubernetes cni in our application for better clarity for beginners.
How to use Kubernetes CNI?
As we have already discussed the CNI, enables the networking in Kubernetes, in this section we will see how we can use it and what are the importance of doing that. so let’s get started to see below;
1) Here networking is considering as the central part of the Kubernetes, so here we will understand how it works because it is complicated. during networking we may face different types of problems out of which 4 are defined here;
So we ensure that applications can share machine among them, also ensure that two of the applications does not try to use the same ports. So above are the problems that we can face while implementing the networking model in Kubernetes, so now we will see in what ways we can implement it in Kubernetes, for this we have different approaches out of which CNI is one of them, let’s try to understand how we can use this.
1) Azure CNI: we can make use of Azure CNI, it is a plugin which is open source that helps us to integrates the Kubernetes pods with the VNet that stands for Virtual Network. Now pods can be able to access the Azure services some of them are storage, SQL, which can be protected by the private links or Service endpoints. We can also make use of security policies, routing to filter out the pod’s traffic in the Kubernetes. This plugin helps us to assign an IP address to the Pods, that is pre-configured on the Kubernetes nods.
In this way we can use the Azure CNI plugin, we have a different one but here we mainly discussed the Azure CNI, in the coming part we will have look at the other options available, but all are the open-source plugin here to enable networking in Kubernetes.
It basically supports different things for us out of which few are mentioned below;
- support HostPort : if we want to enable this then we must have to add the ‘portMappings capability’ property inside the ‘cni-conf-dir’.
- Support traffic shaping : if we want to enable this we must have to add an extra plugin that is ‘bandwidth’ to the CNI configuration.
Install CNI plugin & Kubernetes cni examples
In this section we will majorly see the installation process of CNI in Kubernetes, it enables Kubernetes to interact with the networking providers like Calico, so we must install this plugin on every node present in the Kubernetes cluster. For this we may require configuration and some sort of account in place, let’s discuss the process in detail see below;
1) So what it basically does is try to interact with the Kubernetes API while creating the pods, to obtain the additional information and also information stored about the pods.
2) first we will be going to create the CNI key on the Kubernetes master node, to be able to authenticate the CNI plugin and also certificate signing request; see below configuration to do so,
3) To create the key on the master node follow this instruction:
openssl req -newkey rsa:4096 \ -keyout cni.key \ -nodes \ -out cni.csr \ -subj "/CN=calico-cni"
4) For authentication and signing of the certificate we will go to use the below set of configurations;
sudo openssl x509 -req -in cni.csr \ -CA /etc/kubernetes/pki/ca.crt \ -CAkey /etc/kubernetes/pki/ca.key \ -CAcreateserial \ -out cni.crt \ -days 365 sudo chown ubuntu:ubuntu cni.crt
5) Now we have to create the kubeconfig file, which our CNI plugin will allow us to access the Kubernetes. Follow the below instruction, this is common and taken as the reference;
6) Name is as cni.kubeconfig file, and remember we have to do this and copy this file on the every node present on the Kubernetes cluster that we have already discussed above. We are doing this for the master node of the Kubernetes.
Now we will be going to install the plugin on every node follow this step;
1) Run the root command below;
- sudo su
2) try to install the CNI plugin binaries from the below URL, for this we will run the set of command here, which is standard and common, taken as the reference from their official site,
curl -L -o /opt/cni/bin/calico https://github.com/projectcalico/cni-plugin/releases/download/v3.14.0/calico-amd64 chmod 755 /opt/cni/bin/calico curl -L -o /opt/cni/bin/calico-ipam https://github.com/projectcalico/cni-plugin/releases/download/v3.14.0/calico-ipam-amd64 chmod 755 /opt/cni/bin/calico-ipam
3) Once the plugin is installed by the above command we will try to create the config directory to procedd further;
mkdir -p /etc/cni/net.d/
4) Now we will try to copy all the kubeconfig files to this directory for this run the ‘cp’ command on the command prompt.
5) Now we have to write the CNI configuration
6) All done ext. from the root user, and go back to the logged in user again.
7) AT this point we will have CNI install and Kubernetes is ready because Kubernetes contains the networking provider which can be seen by running the below command ;
kubectl get nodes
There are few different features of CNI are described below;
1) high availability
2) low latency
3) high throughout
4) Minimum network jitter
By the use of CNI we have seen various things in the article, it basically enables networking for Kubernetes, which is important. easy to install the plugin, create CNI for every node, and maintainable by the developers.
We hope that this EDUCBA information on “Kubernetes CNI” was beneficial to you. You can view EDUCBA’s recommended articles for more information.