Currently, the CNI-Meta-Plugins is under beta stage, not ready for production environment yet.
UPDATED: Most of the code in this repository has been migrated to spiderpool, and this repository has been marked as deprecated and is no longer maintained.
The CNI-Meta-Plugin is a collection of cni plugins designed to solve various network communication problems in the case of multiple network interface in the pod. Currently, it includes two plugins, router and veth
veth:Solve the communication problem when the default cni is macvlan or sriov by creating a veth pair. Refer to Design.
router: Solve the communication problem when the default cni is calico or cilium and the macvlan or sriov is configured with multiple network interfaces, move the routing table without cni to a new routing table. Refer to Design.
Refer to installation.
Refer to demo.
-
Supports creating multiple Macvlan NICs or SR-IOV NICs in Pods and solving network communication problems with multiple NICs via policy route.
With
Multus, You can create multiple NICs inside pod simply. But this may have some communication problems: Pod access failure due to default route. Let's see how the plugin works:Note: You can invoke
vethrepeatedly, but not bothvethandrouterplugins`veth`: Keep the route of the first NIC(eth0) in the main table and move the routes of other NICs to the policy route. `router`: Keep the route of the latest NIC in the main table and move the routes of other NICs to the policy route.Examples refer to two-macvlan-standalone and two-macvlan-overlay
-
Supports Pod access to ClusterIP when macvlan is the default CNI
As we all know, when the first NIC of Pod is created by
macvlan, Pod can't access ClusterIP, we fix this problem byvethplugin. -
Fixed mac address support
vethandrouterplugins supports fixed mac address. Including fixing the mac address of the NIC created by calico, macvlan, sriov.> Note: Can't change the mac address of the NIC created by cilium, Otherwise there are communication issues.Here is a cni configuration example:
apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: name: macvlan-standalone namespace: kube-system spec: config: |- { "cniVersion": "0.3.1", "name": "macvlan-standalone", "plugins": [ { "type": "macvlan", "master": "eth0", "mode": "bridge", "ipam": { "type": "spiderpool", "log_level": "DEBUG", "log_file_path": "/var/log/spidernet/spiderpool.log", "log_file_max_size": 100, "log_file_max_age": 30, "log_file_max_count": 10 } },{ "type": "veth", "service_hijack_subnet": ["10.233.0.0/18","fd00:10:96::/112"], "overlay_hijack_subnet": [""10.244.0.0/16","fd00:10:244::/56"], "additional_hijack_subnet": [], "migrate_route": -1, "rp_filter": { "set_host": true, "value": 0 }, "skip_call": false, "mac_prefix": "0a:1b" } ] }
mac_prefixan is the unified mac address prefix, Length is 4 hex digits. Input format like: "1a:2b". -
Detect IPv4/IPv6 address conflicting
The veth and router plugins support IPv4 and IPv6 addresses conflict detection using arp or ndp protocols for the pod's IP, and return an error if the IP is found to be already in use by another host on the LAN. You can enable this feature in the following way:
"log_options": {
"log_level": "debug",
"log_file": "/var/log/meta-plugins/router.log"
},
"ip_conflict": {
"enabled": true,
"interval": "1s",
"retries": 5
},more details refer to Configuration
CNI-Meta-Plugin is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.