Voir :

• netavark - qui remplace CNI pour podman >= 5
• https://github.com/containernetworking/cni
• https://github.com/containernetworking/cni/tree/master/cnitool
• Comparatif des solutions réseaux pour Kubernetes
• https://gvisor.dev/docs/tutorials/cni/
• https://www.cni.dev/docs/cnitool/
• https://github.com/containernetworking/cni/tree/master/cnitool
• Création de plugin CNI https://www.youtube.com/watch?v=zmYxdtFzK6s
• https://www.adaltas.com/fr/2016/07/06/namespace-reseau-sans-docker/
• https://www.redhat.com/en/blog/container-ip-address-podman

CNI Network Plugin - Cilium :

CNI Network Plugin - Flannel :

• https://blog.wescale.fr/flannel-les-reseaux-de-conteneurs-par-coreos

CNI Network Plugin - Slirp https://github.com/mgoltzsche/slirp-cni-plugin

Voir aussi :

• Netavark (alternative à CNI pour Docker / Podman rootless) et aardvark-dns (DNS rootless)

CNI

source https://www.dasblinkenlichten.com/understanding-cni-container-networking-interface/

mkdir cni
cd cni
 
wget https://github.com/containernetworking/cni/releases/download/v0.6.0/cni-amd64-v0.6.0.tgz
tar xvf cni-amd64-v0.6.0.tgz
 
wget https://github.com/containernetworking/plugins/releases/download/v0.6.0/cni-plugins-amd64-v0.6.0.tgz
tar xvf cni-plugins-amd64-v0.6.0.tgz

Ou

ARCH=$(uname -m)
  case $ARCH in
    armv7*) ARCH="arm";;
    aarch64) ARCH="arm64";;
    x86_64) ARCH="amd64";;
  esac
mkdir -p /opt/cni/bin
curl -O -L https://github.com/containernetworking/plugins/releases/download/v1.5.1/cni-plugins-linux-$ARCH-v1.5.1.tgz
tar -C /opt/cni/bin -xzf cni-plugins-linux-$ARCH-v1.5.1.tgz

Source : https://github.com/flannel-io/flannel

dpkg -S /opt/cni/bin/bridge
kubernetes-cni: /opt/cni/bin/bridge

/etc/apt/sources.list.d/kubernetes.list

deb http://apt.kubernetes.io/ kubernetes-xenial main

wget https://packages.cloud.google.com/apt/pool/kubernetes-cni_0.6.0-00_amd64_43460dd3c97073851f84b32f5e8eebdc84fadedb5d5a00d1fc6872f30a4dd42c.deb

mybridge.conf

{
    "cniVersion": "0.2.0",
    "name": "mybridge",
    "type": "bridge",
    "bridge": "cni_bridge0",
    "isGateway": true,
    "ipMasq": true,
    "ipam": {
        "type": "host-local",
        "subnet": "10.15.20.0/24",
        "routes": [
            { "dst": "0.0.0.0/0" },
            { "dst": "1.1.1.1/32", "gw":"10.15.20.1"}
        ]
    }
}

sudo ip netns add plop
sudo CNI_COMMAND=ADD CNI_CONTAINERID=1234567890 CNI_NETNS=/var/run/netns/plop CNI_IFNAME=enp0s8 CNI_PATH=`pwd` ./bridge <mybridge.conf

Utiliser le NS réseau d'un container

PS1='container# ' nsenter -t <PID> -n

Voir : https://github.com/containernetworking/cni

sudo iptables -S -t nat |grep mybridge
sudo ip netns exec plop ip a
sudo ip netns exec plop ip r

cni/blob/master/scripts/priv-net-run.sh

#!/usr/bin/env bash
set -e
if [[ ${DEBUG} -gt 0 ]]; then set -x; fi
 
# Run a command in a private network namespace
# set up by CNI plugins
contid=$(printf '%x%x%x%x' $RANDOM $RANDOM $RANDOM $RANDOM)
netnspath=/var/run/netns/$contid
 
ip netns add $contid
./exec-plugins.sh add $contid $netnspath
 
 
function cleanup() {
	./exec-plugins.sh del $contid $netnspath
	ip netns delete $contid
}
trap cleanup EXIT
 
ip netns exec $contid "$@"

CNI_PATH=$GOPATH/src/github.com/containernetworking/plugins/bin
cd $GOPATH/src/github.com/containernetworking/cni/scripts
sudo CNI_PATH=$CNI_PATH ./priv-net-run.sh ifconfig

sudo CNI_COMMAND=DEL CNI_CONTAINERID=1234567890 CNI_NETNS=/var/run/netns/plop CNI_IFNAME=enp0s8 CNI_PATH=`pwd` ./bridge <mybridge.conf
sudo ip netns del plop

$ sudo ln -s /var/run/docker/netns  /var/run/netns
$ sudo ip netns list
0f564fcea33c (id: 0)

$ sudo ip netns list-id

$ ls -l /var/lib/cni/networks/
total 4
drwxr-xr-x 2 root root 4096 Jan 29 14:38 mybridge

https://kubernetes.io/docs/concepts/cluster-administration/networking/

DOCKER_OPTS="--bridge=cbr0 --iptables=false --ip-masq=false"

iptables -t nat -A POSTROUTING ! -d 10.0.0.0/8 -o eth0 -j MASQUERADE
sysctl net.ipv4.ip_forward=1

podman ps -p --ns