-
Notifications
You must be signed in to change notification settings - Fork 14.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Bagus Prabangkoro (babang)
committed
Oct 30, 2019
1 parent
c3444e3
commit 2b849f1
Showing
2 changed files
with
178 additions
and
0 deletions.
There are no files selected for viewing
5 changes: 5 additions & 0 deletions
5
content/id/docs/concepts/extend-kubernetes/compute-storage-net/_index.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| --- | ||
| title: Compute, Storage, and Networking Extensions | ||
| title: Ekstensi Komputasi, Penyimapanan, dan Jaringan | ||
| weight: 30 | ||
| --- |
173 changes: 173 additions & 0 deletions
173
content/id/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,173 @@ | ||
| --- | ||
| reviewers: | ||
| - dcbw | ||
| - freehan | ||
| - thockin | ||
| title: Network Plugins | ||
| title: _Plugin_ Jaringan | ||
| content_template: templates/concept | ||
| weight: 10 | ||
| --- | ||
|
|
||
|
|
||
| {{% capture overview %}} | ||
|
|
||
| {{< feature-state state="alpha" >}} | ||
| {{< warning >}}Fitur-fitur Alpha berubah dengan cepat. {{< /warning >}} | ||
|
|
||
| Network plugins in Kubernetes come in a few flavors: | ||
| _Plugin_ jaringan di Kubernet datang dalam beberapa varian: | ||
|
|
||
| * _Plugin_ CNI : mengikuti spesifikasi appc / CNI, yang dirancang untuk interoperabilitas. | ||
| * _Plugin_ Kubenet : mengimplementasikan dasar `cbr0` menggunakan _plugin_ `bridge` dan `host-local` CNI | ||
|
|
||
| {{% /capture %}} | ||
|
|
||
| {{% capture body %}} | ||
|
|
||
| ## Instalasi | ||
|
|
||
| Kubelet memiliki _plugin_ jaringan bawaan tunggal, dan jaringan bawaan umum untuk seluruh kluster. _Plugin_ ini memeriksa _plugin-plugin_ ketika dijalankan, mengingat apa yang ditemukannya, dan mengeksekusi _plugin_ yang dipilih pada waktu yang tepat dalam siklus pod (ini hanya berlaku untuk Docker, karena rkt mengelola _plugin_ CNI sendiri). Ada dua parameter perintah Kubelet yang perlu diingat saat menggunakan _plugin_: | ||
|
|
||
| * `cni-bin-dir`: Kubelet memeriksa direktori ini untuk _plugin-plugin_ saat startup | ||
| * `network-plugin`: _Plugin_ jaringan untuk digunakan dari `cni-bin-dir`. Ini harus cocok dengan nama yang dilaporkan oleh _plugin_ yang diperiksa dari direktori _plugin_. Untuk _plugin_ CNI, ini hanyalah "cni". | ||
|
|
||
| ## Network Plugin Requirements | ||
|
|
||
| Besides providing the [`NetworkPlugin` interface](https://github.com/kubernetes/kubernetes/tree/{{< param "fullversion" >}}/pkg/kubelet/dockershim/network/plugins.go) to configure and clean up pod networking, the plugin may also need specific support for kube-proxy. The iptables proxy obviously depends on iptables, and the plugin may need to ensure that container traffic is made available to iptables. For example, if the plugin connects containers to a Linux bridge, the plugin must set the `net/bridge/bridge-nf-call-iptables` sysctl to `1` to ensure that the iptables proxy functions correctly. If the plugin does not use a Linux bridge (but instead something like Open vSwitch or some other mechanism) it should ensure container traffic is appropriately routed for the proxy. | ||
|
|
||
| By default if no kubelet network plugin is specified, the `noop` plugin is used, which sets `net/bridge/bridge-nf-call-iptables=1` to ensure simple configurations (like Docker with a bridge) work correctly with the iptables proxy. | ||
|
|
||
| ### CNI | ||
|
|
||
| The CNI plugin is selected by passing Kubelet the `--network-plugin=cni` command-line option. Kubelet reads a file from `--cni-conf-dir` (default `/etc/cni/net.d`) and uses the CNI configuration from that file to set up each pod's network. The CNI configuration file must match the [CNI specification](https://github.com/containernetworking/cni/blob/master/SPEC.md#network-configuration), and any required CNI plugins referenced by the configuration must be present in `--cni-bin-dir` (default `/opt/cni/bin`). | ||
|
|
||
| If there are multiple CNI configuration files in the directory, the first one in lexicographic order of file name is used. | ||
|
|
||
| In addition to the CNI plugin specified by the configuration file, Kubernetes requires the standard CNI [`lo`](https://github.com/containernetworking/plugins/blob/master/plugins/main/loopback/loopback.go) plugin, at minimum version 0.2.0 | ||
|
|
||
| #### Support hostPort | ||
|
|
||
| The CNI networking plugin supports `hostPort`. You can use the official [portmap](https://github.com/containernetworking/plugins/tree/master/plugins/meta/portmap) | ||
| plugin offered by the CNI plugin team or use your own plugin with portMapping functionality. | ||
|
|
||
| If you want to enable `hostPort` support, you must specify `portMappings capability` in your `cni-conf-dir`. | ||
| For example: | ||
|
|
||
| ```json | ||
| { | ||
| "name": "k8s-pod-network", | ||
| "cniVersion": "0.3.0", | ||
| "plugins": [ | ||
| { | ||
| "type": "calico", | ||
| "log_level": "info", | ||
| "datastore_type": "kubernetes", | ||
| "nodename": "127.0.0.1", | ||
| "ipam": { | ||
| "type": "host-local", | ||
| "subnet": "usePodCidr" | ||
| }, | ||
| "policy": { | ||
| "type": "k8s" | ||
| }, | ||
| "kubernetes": { | ||
| "kubeconfig": "/etc/cni/net.d/calico-kubeconfig" | ||
| } | ||
| }, | ||
| { | ||
| "type": "portmap", | ||
| "capabilities": {"portMappings": true} | ||
| } | ||
| ] | ||
| } | ||
| ``` | ||
|
|
||
| #### Support traffic shaping | ||
|
|
||
| The CNI networking plugin also supports pod ingress and egress traffic shaping. You can use the official [bandwidth](https://github.com/containernetworking/plugins/tree/master/plugins/meta/bandwidth) | ||
| plugin offered by the CNI plugin team or use your own plugin with bandwidth control functionality. | ||
|
|
||
| If you want to enable traffic shaping support, you must add a `bandwidth` plugin to your CNI configuration file | ||
| (default `/etc/cni/net.d`). | ||
|
|
||
| ```json | ||
| { | ||
| "name": "k8s-pod-network", | ||
| "cniVersion": "0.3.0", | ||
| "plugins": [ | ||
| { | ||
| "type": "calico", | ||
| "log_level": "info", | ||
| "datastore_type": "kubernetes", | ||
| "nodename": "127.0.0.1", | ||
| "ipam": { | ||
| "type": "host-local", | ||
| "subnet": "usePodCidr" | ||
| }, | ||
| "policy": { | ||
| "type": "k8s" | ||
| }, | ||
| "kubernetes": { | ||
| "kubeconfig": "/etc/cni/net.d/calico-kubeconfig" | ||
| } | ||
| }, | ||
| { | ||
| "type": "bandwidth", | ||
| "capabilities": {"bandwidth": true} | ||
| } | ||
| ] | ||
| } | ||
| ``` | ||
|
|
||
| Now you can add the `kubernetes.io/ingress-bandwidth` and `kubernetes.io/egress-bandwidth` annotations to your pod. | ||
| For example: | ||
|
|
||
| ```yaml | ||
| apiVersion: v1 | ||
| kind: Pod | ||
| metadata: | ||
| annotations: | ||
| kubernetes.io/ingress-bandwidth: 1M | ||
| kubernetes.io/egress-bandwidth: 1M | ||
| ... | ||
| ``` | ||
|
|
||
| ### kubenet | ||
|
|
||
| Kubenet is a very basic, simple network plugin, on Linux only. It does not, of itself, implement more advanced features like cross-node networking or network policy. It is typically used together with a cloud provider that sets up routing rules for communication between nodes, or in single-node environments. | ||
|
|
||
| Kubenet creates a Linux bridge named `cbr0` and creates a veth pair for each pod with the host end of each pair connected to `cbr0`. The pod end of the pair is assigned an IP address allocated from a range assigned to the node either through configuration or by the controller-manager. `cbr0` is assigned an MTU matching the smallest MTU of an enabled normal interface on the host. | ||
|
|
||
| The plugin requires a few things: | ||
|
|
||
| * The standard CNI `bridge`, `lo` and `host-local` plugins are required, at minimum version 0.2.0. Kubenet will first search for them in `/opt/cni/bin`. Specify `cni-bin-dir` to supply additional search path. The first found match will take effect. | ||
| * Kubelet must be run with the `--network-plugin=kubenet` argument to enable the plugin | ||
| * Kubelet should also be run with the `--non-masquerade-cidr=<clusterCidr>` argument to ensure traffic to IPs outside this range will use IP masquerade. | ||
| * The node must be assigned an IP subnet through either the `--pod-cidr` kubelet command-line option or the `--allocate-node-cidrs=true --cluster-cidr=<cidr>` controller-manager command-line options. | ||
|
|
||
| ### Customizing the MTU (with kubenet) | ||
|
|
||
| The MTU should always be configured correctly to get the best networking performance. Network plugins will usually try | ||
| to infer a sensible MTU, but sometimes the logic will not result in an optimal MTU. For example, if the | ||
| Docker bridge or another interface has a small MTU, kubenet will currently select that MTU. Or if you are | ||
| using IPSEC encapsulation, the MTU must be reduced, and this calculation is out-of-scope for | ||
| most network plugins. | ||
|
|
||
| Where needed, you can specify the MTU explicitly with the `network-plugin-mtu` kubelet option. For example, | ||
| on AWS the `eth0` MTU is typically 9001, so you might specify `--network-plugin-mtu=9001`. If you're using IPSEC you | ||
| might reduce it to allow for encapsulation overhead e.g. `--network-plugin-mtu=8873`. | ||
|
|
||
| This option is provided to the network-plugin; currently **only kubenet supports `network-plugin-mtu`**. | ||
|
|
||
| ## Usage Summary | ||
|
|
||
| * `--network-plugin=cni` specifies that we use the `cni` network plugin with actual CNI plugin binaries located in `--cni-bin-dir` (default `/opt/cni/bin`) and CNI plugin configuration located in `--cni-conf-dir` (default `/etc/cni/net.d`). | ||
| * `--network-plugin=kubenet` specifies that we use the `kubenet` network plugin with CNI `bridge` and `host-local` plugins placed in `/opt/cni/bin` or `cni-bin-dir`. | ||
| * `--network-plugin-mtu=9001` specifies the MTU to use, currently only used by the `kubenet` network plugin. | ||
|
|
||
| {{% /capture %}} | ||
|
|
||
| {{% capture whatsnext %}} | ||
|
|
||
| {{% /capture %}} |