This repository has been archived by the owner on Dec 7, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 228
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #308 from luxas/improve_cni
Improve the CNI implementation, and documentation
- Loading branch information
Showing
13 changed files
with
225 additions
and
47 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
# Networking | ||
|
||
The default networking mode is `docker-bridge`, which means that the default docker bridge will be used for the networking setup. | ||
The default docker bridge is a local `docker0` interface, giving out local addresses to containers in the `172.17.0.0/16` range. | ||
|
||
Ignite also supports integration with [CNI](https://github.com/containernetworking/cni), the standard networking interface | ||
for Kubernetes and many other cloud-native projects and container runtimes. Note that CNI itself is only an interface, not | ||
an implementation, so if you use this mode you need to install an implementation of this interface. Any implementation that works | ||
with Kubernetes should technically work with Ignite. | ||
|
||
## Comparison | ||
|
||
### docker-bridge | ||
|
||
**Pros:** | ||
|
||
- **Quick start**: If you're running docker, you can get up and running without installing extra software | ||
- **Port mapping support**: This mode supports port mappings from the VM to the host | ||
|
||
**Cons:** | ||
|
||
- **docker-dependent**: By design, this mode is can only be used with docker, and is hence not portable across container runtimes. | ||
- **No multi-node support**: The IP is local (in the `172.17.0.0/16` range), and hence other computers can't connect to your VM's IP address. | ||
|
||
### CNI | ||
|
||
**Pros:** | ||
|
||
- **Multi-node support**: CNI implementations can often route packets between multiple physical hosts. External computers can access the VM's IP. | ||
- **Kubernetes-compatible**: You can use the same overlay networks as you use with Kubernetes, and hence get your VMs on the same network as your containers. | ||
|
||
**Cons:** | ||
|
||
- **More software needed**: There's now one extra piece of software to install and manage. | ||
- **No port-mapping support** (yet): For the moment, we haven't implemented port mapping support for this mode. | ||
|
||
## Multi-node networking with Weave Net | ||
|
||
To use e.g. Ignite together with [Weave Net](https://github.com/weaveworks/weave), run this on all physical machines that | ||
need to connect to the overlay network: | ||
|
||
```shell | ||
# This tries to autodetect the primary IP address of this machine | ||
# Ref: https://stackoverflow.com/questions/13322485/how-to-get-the-primary-ip-address-of-the-local-machine-on-linux-and-macos | ||
export PRIMARY_IP_ADDRESS=$(ip -o route get 1.1.1.1 | cut -d' ' -f7) | ||
# A space-separated list of all the peers in the overlay network | ||
export KUBE_PEERS="${PRIMARY_IP_ADDRESS}" | ||
# Start Weave Net in a container | ||
docker run -d \ | ||
--privileged \ | ||
--net host \ | ||
--pid host \ | ||
--restart always \ | ||
-e HOSTNAME="$(hostname)" \ | ||
-e KUBE_PEERS="${KUBE_PEERS}" \ | ||
-v /var/lib/weave:/weavedb \ | ||
-v /opt:/host/opt \ | ||
-v /home:/host/home \ | ||
-v /etc:/host/etc \ | ||
-v /var/lib/dbus:/host/var/lib/dbus \ | ||
-v /lib/modules:/lib/modules \ | ||
-v /run/xtables.lock:/run/xtables.lock \ | ||
--entrypoint /home/weave/launch.sh \ | ||
weaveworks/weave-kube:2.5.2 | ||
``` | ||
|
||
If you're running Kubernetes on the physical machine you want to use for Ignite VMs, it should work out of the box, as | ||
the CNI implementation is most probably already running in a `DaemonSet` on that machine. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
package docker | ||
|
||
import ( | ||
"fmt" | ||
"net" | ||
|
||
"github.com/weaveworks/ignite/pkg/network" | ||
"github.com/weaveworks/ignite/pkg/runtime" | ||
) | ||
|
||
const pluginName = "docker-bridge" | ||
|
||
type dockerNetworkPlugin struct { | ||
runtime runtime.Interface | ||
} | ||
|
||
func GetDockerNetworkPlugin(r runtime.Interface) network.Plugin { | ||
return &dockerNetworkPlugin{r} | ||
} | ||
|
||
func (*dockerNetworkPlugin) Name() string { | ||
return pluginName | ||
} | ||
|
||
func (*dockerNetworkPlugin) PrepareContainerSpec(_ *runtime.ContainerConfig) error { | ||
// no-op, we don't need to set any special parameters on the container | ||
return nil | ||
} | ||
|
||
func (plugin *dockerNetworkPlugin) SetupContainerNetwork(containerID string) (*network.Result, error) { | ||
// This is used to fetch the IP address the runtime gives to the VM container | ||
result, err := plugin.runtime.InspectContainer(containerID) | ||
if err != nil { | ||
return nil, fmt.Errorf("failed to inspect container %s: %v", containerID, err) | ||
} | ||
|
||
return &network.Result{ | ||
Addresses: []network.Address{ | ||
{ | ||
IPNet: net.IPNet{ | ||
IP: result.IPAddress, | ||
Mask: net.IPv4Mask(255, 255, 0, 0), | ||
}, | ||
// TODO: Make this auto-detect if the gateway is not using the standard setup | ||
Gateway: net.IPv4(result.IPAddress[0], result.IPAddress[1], result.IPAddress[2], 1), | ||
}, | ||
}, | ||
}, nil | ||
} | ||
|
||
func (*dockerNetworkPlugin) RemoveContainerNetwork(_ string) error { | ||
// no-op for docker, this is handled automatically | ||
return nil | ||
} | ||
|
||
func (*dockerNetworkPlugin) Status() error { | ||
// no-op, we assume the bridge to be working :) | ||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,16 +1,35 @@ | ||
package network | ||
|
||
import ( | ||
"net" | ||
|
||
"github.com/weaveworks/ignite/pkg/runtime" | ||
) | ||
|
||
// Plugin describes a generic network plugin | ||
type Plugin interface { | ||
// Name returns the network plugin's name. | ||
Name() string | ||
|
||
// PrepareContainerSpec sets any needed options on the container spec before starting the container | ||
PrepareContainerSpec(container *runtime.ContainerConfig) error | ||
|
||
// SetupContainerNetwork sets up the networking for a container | ||
SetupContainerNetwork(containerID string) error | ||
// This is ran _after_ the container has been started | ||
SetupContainerNetwork(containerID string) (*Result, error) | ||
|
||
// RemoveContainerNetwork is the method called before a container using the network plugin can be deleted | ||
RemoveContainerNetwork(containerID string) error | ||
|
||
// Status returns error if the network plugin is in error state | ||
Status() error | ||
} | ||
|
||
type Result struct { | ||
Addresses []Address | ||
} | ||
|
||
type Address struct { | ||
net.IPNet | ||
Gateway net.IP | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.