What is Container Network Interface (CNI)?
Hey there! ๐
Previous article gave an intro to Container Networking and now Iโd like to focus on CNI (Container Network Interface) specifically. If you were ever to deal with a non-Docker runtime, chances are high youโve heard of it. So, what is it? As usual, first the image and then the details!
(click on image to enlarge)
๐ต ๐๐จ๐ง๐ญ๐๐ข๐ง๐๐ซ๐ฌ ๐ก๐๐ฏ๐ ๐ง๐จ ๐๐จ๐ง๐ง๐๐๐ญ๐ข๐ฏ๐ข๐ญ๐ฒ ๐๐ฒ ๐๐๐๐๐ฎ๐ฅ๐ญ - and this is really interesting! Try starting a container using "containerd" and then try pinging anything outside of it. It doesn't work! And that's because, out of the box, containers come with very few things set up. That's where Container Networking solutions come into game.
๐ธ ๐๐ก๐๐ซ๐ ๐๐ซ๐ ๐ฆ๐๐ง๐ฒ ๐ฌ๐จ๐ฅ๐ฎ๐ญ๐ข๐จ๐ง๐ฌ ๐จ๐ฎ๐ญ ๐ญ๐ก๐๐ซ๐ - Docker uses it's own logic to set up the networking, containerd relies on CNI, whereas Kubernetes allows you to specify your own CRI (Container Runtime Interface) compliant solution.
โก ๐๐๐ ๐ข๐ฌ ๐ ๐ฌ๐ข๐ฆ๐ฉ๐ฅ๐ ๐๐ง๐ ๐ฒ๐๐ญ ๐ฉ๐จ๐ฐ๐๐ซ๐๐ฎ๐ฅ ๐๐ซ๐๐ฆ๐๐ฐ๐จ๐ซ๐ค - although not the ONLY one out there (as can be seen on screenshot above) it appears to be the most popular framework for solving the network configuration problem. And the beauty of it is that it's REALLY SIMPLE. Itโs simple because it boils down to specifying a config file and using existing (or writing new) plugins to do the actual work for you.
โ ๐๐๐ฌ๐๐ซ๐ข๐๐ ๐ฒ๐จ๐ฎ๐ซ ๐ง๐๐ญ๐ฐ๐จ๐ซ๐ค - first step is to create a manifest file (fancy word for a simple JSON config file, really) that describes which interfaces you need, which subnets to use, which ports to open, etc. And this is usually done by your network admin. Hereโs the default one I used for testing purposes:
๐ ๐๐ข๐ฏ๐ข๐๐ & ๐๐จ๐ง๐ช๐ฎ๐๐ซ - instead of wasting time implementing billion different solutions by itself, CNI went the other route - YOU are supposed to write a program that takes YOUR manifest and does something useful with it. And that program is called "plugin". Luckily for us, there's tons of prebuilt plugins for common scenarios, but if you need something specific you are more than free to write it! Hereโs an example of how it looks like now:
Do note two things, though: 1) I specified โโcniโ parameter, which tells containerd to use CNI plugin, and 2) it loads manifest file from โ/etc/cni/net.dโ (and yes, this maps to D:\etc\cni\net.d on Windows :)).
๐ฎโโโ ๐๐๐ ๐๐ง๐ฌ๐ฎ๐ซ๐๐ฌ ๐ฉ๐ซ๐จ๐๐๐ฌ๐ฌ ๐ข๐ฌ ๐๐๐ซ๐ซ๐ข๐๐ ๐ญ๐ก๐ซ๐จ๐ฎ๐ ๐ก - if you check official CNI website, you will notice that they call it a FRAMEWORK which specifies the format of MANIFEST and how plugins communicate with Runtime. It doesn't say HOW you configure stuff, but it rather ensures there's a common language between Runtime, Containers & Plugins.
And that's pretty much all about it :) CNI works pretty well on Windows and, as such, makes for a great candidate for your container journey ;)
Next article will likely deal a bit more with Container Runtimes, but until then, if you havenโt subscribed already, nowโs the time to do so!
P.S. If you missed some of the previous articles, here are the last three that were published:
