kubernetes cni 網絡插件調試
最近搭建k8s集羣的時候使用的網絡插件是 bridge + host-local
關於cni插件
安裝kubelet的時候會有一個kubernetes-cni-version-0.x86_64.rpm的依賴文件,安裝了之後會在/opt/cni/bin下面會有各種網絡插件
# rpm -qpl kubernetes-cni-0.7.5-0.x86_64.rpm
warning: kubernetes-cni-0.7.5-0.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 3e1ba8d5: NOKEY
/opt/cni
/opt/cni/bin
/opt/cni/bin/bridge
/opt/cni/bin/dhcp
/opt/cni/bin/flannel
/opt/cni/bin/host-device
/opt/cni/bin/host-local
/opt/cni/bin/ipvlan
/opt/cni/bin/loopback
/opt/cni/bin/macvlan
/opt/cni/bin/portmap
/opt/cni/bin/ptp
/opt/cni/bin/sample
/opt/cni/bin/tuning
/opt/cni/bin/vlan
所有的cni插件在 spec-v0.3.1之前只實現兩個接口 add, del。在spec-v0.4.0之後會在del之前執行check,所以多了一個check接口。
版本差異:Container Network Interface Specification
配置文件使用的cni版本
cni插件使用的插件配置地址/etc/cni/net.d/下面的文件,根據排序取第一個
配置文件信息
# cat /etc/cni/net.d/cni.conf
{
"cniVersion": "0.3.1",
"name": "mynet",
"type": "bridge",
"bridge": "cni0",
"isDefaultGateway": true,
"forceAddress": false,
"ipMasq": true,
"hairpinMode": true,
"ipam": {
"type": "host-local",
"ranges": [
[
{
"subnet": "10.13.0.0/22",
"rangeStart": "10.13.3.8",
"rangeEnd": "10.13.3.253",
"gateway": "10.13.3.254"
}
]
],
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"dataDir": "/opt/data/cni"
}
}
配置具體信息可以查看 源碼plugins裏面的插件README.md
比如我們使用的host-local,我需要知道cni版本怎麼查看呢?
查看安裝的kubernetes-cni版本
安裝的時候知道是kubernetes-cni-0.7.5-0.x86_64.rpm,所以對應的版本信息是0.7.5
查看源碼host-local註冊的版本信息
選擇plugin插件版本是0.7.5,查看host-local註冊信息 源碼
func main() {
skel.PluginMain(cmdAdd, cmdDel, version.All)
}
可以看到版本是All
查看plugin使用的cni版本
同上一步,選擇源碼文件的提交tag爲0.7.5,查看plugins使用的cni版本信息 源碼
// Legacy PluginInfo describes a plugin that is backwards compatible with the
// CNI spec version 0.1.0. In particular, a runtime compiled against the 0.1.0
// library ought to work correctly with a plugin that reports support for
// Legacy versions.
//
// Any future CNI spec versions which meet this definition should be added to
// this list.
var Legacy = PluginSupports("0.1.0", "0.2.0")
var All = PluginSupports("0.1.0", "0.2.0", "0.3.0", "0.3.1")
可以看到All對應的版本信息支持 “0.1.0”, “0.2.0”, “0.3.0”, “0.3.1”,所以我就可以寫 0.3.1了
調試cni
在上面我們的cni版本是0.3.1,所以在查看 源碼 的時候選擇 spec-v0.3.1
在README.md裏面有測試方法
$ CNI_PATH=$GOPATH/src/github.com/containernetworking/plugins/bin
$ cd $GOPATH/src/github.com/containernetworking/cni/scripts
$ sudo CNI_PATH=$CNI_PATH ./priv-net-run.sh ifconfig
eth0 Link encap:Ethernet HWaddr f2:c2:6f:54:b8:2b
inet addr:10.22.0.2 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::f0c2:6fff:fe54:b82b/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:1 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:1 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:90 (90.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
其中我們只需要使用到 scripts下面的 priv-net-run.sh 和 exec-plugins.sh 這兩個文件
把這兩個文件下載到本地,然後添加可執行權限
添加/etc/cni/net.d/下面的cni配置,添加CNI_PATH
[root@10 tmp]# export CNI_PATH=/opt/cni/bin/
[root@10 tmp]# ./priv-net-run.sh
其中/opt/cni/bin就是 kubernetes-cni-0.7.5-0.x86_64.rpm 對應的插件目錄,如果沒有修改就是用這個就可以了
可以修改shell腳本來調試cni插件,比如我下面修改之後可以看到執行過程
[root@10 tmp]# ./priv-net-run.sh
add 7ac145c133dc63c2 /var/run/netns/7ac145c133dc63c2
netconf:/etc/cni/net.d/cni.conf
name:mynet
plugin:bridge
res:{
"cniVersion": "0.3.1",
"interfaces": [
{
"name": "cni0",
"mac": "76:02:71:5b:9c:79"
},
{
"name": "vetheb50e2bb",
"mac": "76:02:71:5b:9c:79"
},
{
"name": "eth0",
"mac": "ce:bf:1f:fc:ff:d1",
"sandbox": "/var/run/netns/7ac145c133dc63c2"
}
],
"ips": [
{
"version": "4",
"interface": 2,
"address": "10.13.3.23/22",
"gateway": "10.13.3.254"
}
],
"routes": [
{
"dst": "0.0.0.0/0"
},
{
"dst": "0.0.0.0/0",
"gw": "10.13.3.254"
}
],
"dns": {}
}
No command specified
del 7ac145c133dc63c2 /var/run/netns/7ac145c133dc63c2
netconf:/etc/cni/net.d/cni.conf
name:mynet
plugin:bridge
res:
參考資料: 淺談k8s cni 插件