2018-01-24 18:11:17 +08:00
<!DOCTYPE HTML>
< html lang = "zh-hans" >
< head >
< meta charset = "UTF-8" >
< meta content = "text/html; charset=utf-8" http-equiv = "Content-Type" >
< title > CNI - Container Network Interface( 容器网络接口) · Kubernetes Handbook - jimmysong.io< / title >
< meta http-equiv = "X-UA-Compatible" content = "IE=edge" / >
< meta name = "description" content = "" >
< meta name = "generator" content = "GitBook 3.2.2" >
< meta name = "author" content = "Jimmy Song" >
< link rel = "stylesheet" href = "../gitbook/style.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-splitter/splitter.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-page-toc-button/plugin.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-image-captions/image-captions.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-back-to-top-button/plugin.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-search-plus/search.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-tbfed-pagefooter/footer.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-highlight/website.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-fontsettings/website.css" >
< meta name = "HandheldFriendly" content = "true" / >
< meta name = "viewport" content = "width=device-width, initial-scale=1, user-scalable=no" >
< meta name = "apple-mobile-web-app-capable" content = "yes" >
< meta name = "apple-mobile-web-app-status-bar-style" content = "black" >
< link rel = "apple-touch-icon-precomposed" sizes = "152x152" href = "../gitbook/images/apple-touch-icon-precomposed-152.png" >
< link rel = "shortcut icon" href = "../gitbook/images/favicon.ico" type = "image/x-icon" >
< link rel = "next" href = "concepts.html" / >
< link rel = "prev" href = "cri.html" / >
< link rel = "shortcut icon" href = '../favicon.ico' type = "image/x-icon" >
< link rel = "bookmark" href = '../favicon.ico' type = "image/x-icon" >
< style >
@media only screen and (max-width: 640px) {
.book-header .hidden-mobile {
display: none;
}
}
< / style >
< script >
window["gitbook-plugin-github-buttons"] = {"repo":"rootsongjc/kubernetes-handbook","types":["star"],"size":"small"};
< / script >
< / head >
< body >
< div class = "book" >
< div class = "book-summary" >
< div id = "book-search-input" role = "search" >
< input type = "text" placeholder = "输入并搜索" / >
< / div >
< nav role = "navigation" >
< ul class = "summary" >
< li >
< a href = "https://jimmysong.io" target = "_blank" class = "custom-link" > Jimmy Song< / a >
< / li >
< li class = "divider" > < / li >
< li class = "header" > 前言< / li >
< li class = "chapter " data-level = "1.1" data-path = "../" >
< a href = "../" >
< b > 1.1.< / b >
序言
< / a >
< / li >
< li class = "header" > 云原生< / li >
< li class = "chapter " data-level = "2.1" data-path = "../cloud-native/play-with-kubernetes.html" >
< a href = "../cloud-native/play-with-kubernetes.html" >
< b > 2.1.< / b >
Play with Kubernetes
< / a >
< / li >
< li class = "chapter " data-level = "2.2" data-path = "../cloud-native/kubernetes-and-cloud-native-app-overview.html" >
< a href = "../cloud-native/kubernetes-and-cloud-native-app-overview.html" >
< b > 2.2.< / b >
Kubernetes与云原生应用概览
< / a >
< / li >
< li class = "chapter " data-level = "2.3" data-path = "../cloud-native/from-kubernetes-to-cloud-native.html" >
< a href = "../cloud-native/from-kubernetes-to-cloud-native.html" >
< b > 2.3.< / b >
云原生应用之路——从Kubernetes到Cloud Native
< / a >
< / li >
< li class = "header" > 概念与原理< / li >
< li class = "chapter " data-level = "3.1" data-path = "./" >
< a href = "./" >
< b > 3.1.< / b >
Kubernetes架构
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "3.1.1" data-path = "etcd.html" >
< a href = "etcd.html" >
< b > 3.1.1.< / b >
Etcd解析
< / a >
< / li >
< li class = "chapter " data-level = "3.1.2" data-path = "open-interfaces.html" >
< a href = "open-interfaces.html" >
< b > 3.1.2.< / b >
开放接口
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "3.1.2.1" data-path = "cri.html" >
< a href = "cri.html" >
< b > 3.1.2.1.< / b >
CRI - Container Runtime Interface( 容器运行时接口)
< / a >
< / li >
< li class = "chapter active" data-level = "3.1.2.2" data-path = "cni.html" >
< a href = "cni.html" >
< b > 3.1.2.2.< / b >
CNI - Container Network Interface( 容器网络接口)
< / a >
< / li >
< / ul >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "3.2" data-path = "concepts.html" >
< a href = "concepts.html" >
< b > 3.2.< / b >
设计理念
< / a >
< / li >
< li class = "chapter " data-level = "3.3" data-path = "objects.html" >
< a href = "objects.html" >
< b > 3.3.< / b >
资源对象与基本概念解析
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "3.3.1" data-path = "pod-overview.html" >
< a href = "pod-overview.html" >
< b > 3.3.1.< / b >
Pod
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "3.3.1.1" data-path = "pod.html" >
< a href = "pod.html" >
< b > 3.3.1.1.< / b >
Pod解析
< / a >
< / li >
< li class = "chapter " data-level = "3.3.1.2" data-path = "init-containers.html" >
< a href = "init-containers.html" >
< b > 3.3.1.2.< / b >
Init容器
< / a >
< / li >
< li class = "chapter " data-level = "3.3.1.3" data-path = "pod-security-policy.html" >
< a href = "pod-security-policy.html" >
< b > 3.3.1.3.< / b >
Pod安全策略
< / a >
< / li >
< li class = "chapter " data-level = "3.3.1.4" data-path = "pod-lifecycle.html" >
< a href = "pod-lifecycle.html" >
< b > 3.3.1.4.< / b >
Pod的生命周期
< / a >
< / li >
< li class = "chapter " data-level = "3.3.1.5" data-path = "pod-hook.html" >
< a href = "pod-hook.html" >
< b > 3.3.1.5.< / b >
Pod Hook
< / a >
< / li >
< li class = "chapter " data-level = "3.3.1.6" data-path = "pod-preset.html" >
< a href = "pod-preset.html" >
< b > 3.3.1.6.< / b >
Pod Preset
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "3.3.2" data-path = "node.html" >
< a href = "node.html" >
< b > 3.3.2.< / b >
Node
< / a >
< / li >
< li class = "chapter " data-level = "3.3.3" data-path = "namespace.html" >
< a href = "namespace.html" >
< b > 3.3.3.< / b >
Namespace
< / a >
< / li >
< li class = "chapter " data-level = "3.3.4" data-path = "service.html" >
< a href = "service.html" >
< b > 3.3.4.< / b >
Service
< / a >
< / li >
< li class = "chapter " data-level = "3.3.5" data-path = "volume.html" >
< a href = "volume.html" >
< b > 3.3.5.< / b >
2018-01-25 15:01:14 +08:00
Volume
2018-01-24 18:11:17 +08:00
< / a >
2018-01-25 15:01:14 +08:00
< / li >
2018-01-24 18:11:17 +08:00
2018-01-25 15:01:14 +08:00
< li class = "chapter " data-level = "3.3.6" data-path = "persistent-volume.html" >
2018-01-24 18:11:17 +08:00
< a href = "persistent-volume.html" >
2018-01-25 15:01:14 +08:00
< b > 3.3.6.< / b >
2018-01-24 18:11:17 +08:00
Persistent Volume( 持久化卷)
< / a >
< / li >
2018-01-25 15:01:14 +08:00
< li class = "chapter " data-level = "3.3.7" data-path = "deployment.html" >
2018-01-24 18:11:17 +08:00
< a href = "deployment.html" >
2018-01-25 15:01:14 +08:00
< b > 3.3.7.< / b >
2018-01-24 18:11:17 +08:00
Deployment
< / a >
< / li >
2018-01-25 15:01:14 +08:00
< li class = "chapter " data-level = "3.3.8" data-path = "secret.html" >
2018-01-24 18:11:17 +08:00
< a href = "secret.html" >
2018-01-25 15:01:14 +08:00
< b > 3.3.8.< / b >
2018-01-24 18:11:17 +08:00
Secret
< / a >
< / li >
2018-01-25 15:01:14 +08:00
< li class = "chapter " data-level = "3.3.9" data-path = "statefulset.html" >
2018-01-24 18:11:17 +08:00
< a href = "statefulset.html" >
2018-01-25 15:01:14 +08:00
< b > 3.3.9.< / b >
2018-01-24 18:11:17 +08:00
StatefulSet
< / a >
< / li >
2018-01-25 15:01:14 +08:00
< li class = "chapter " data-level = "3.3.10" data-path = "daemonset.html" >
2018-01-24 18:11:17 +08:00
< a href = "daemonset.html" >
2018-01-25 15:01:14 +08:00
< b > 3.3.10.< / b >
2018-01-24 18:11:17 +08:00
DaemonSet
< / a >
< / li >
2018-01-25 15:01:14 +08:00
< li class = "chapter " data-level = "3.3.11" data-path = "serviceaccount.html" >
2018-01-24 18:11:17 +08:00
< a href = "serviceaccount.html" >
2018-01-25 15:01:14 +08:00
< b > 3.3.11.< / b >
2018-01-24 18:11:17 +08:00
ServiceAccount
< / a >
< / li >
2018-01-25 15:01:14 +08:00
< li class = "chapter " data-level = "3.3.12" data-path = "replicaset.html" >
2018-01-24 18:11:17 +08:00
< a href = "replicaset.html" >
2018-01-25 15:01:14 +08:00
< b > 3.3.12.< / b >
2018-01-24 18:11:17 +08:00
ReplicationController和ReplicaSet
< / a >
< / li >
2018-01-25 15:01:14 +08:00
< li class = "chapter " data-level = "3.3.13" data-path = "job.html" >
2018-01-24 18:11:17 +08:00
< a href = "job.html" >
2018-01-25 15:01:14 +08:00
< b > 3.3.13.< / b >
2018-01-24 18:11:17 +08:00
Job
< / a >
< / li >
2018-01-25 15:01:14 +08:00
< li class = "chapter " data-level = "3.3.14" data-path = "cronjob.html" >
2018-01-24 18:11:17 +08:00
< a href = "cronjob.html" >
2018-01-25 15:01:14 +08:00
< b > 3.3.14.< / b >
2018-01-24 18:11:17 +08:00
CronJob
< / a >
< / li >
2018-01-25 15:01:14 +08:00
< li class = "chapter " data-level = "3.3.15" data-path = "ingress.html" >
2018-01-24 18:11:17 +08:00
< a href = "ingress.html" >
2018-01-25 15:01:14 +08:00
< b > 3.3.15.< / b >
2018-01-24 18:11:17 +08:00
Ingress
< / a >
< ul class = "articles" >
2018-01-25 15:01:14 +08:00
< li class = "chapter " data-level = "3.3.15.1" data-path = "traefik-ingress-controller.html" >
2018-01-24 18:11:17 +08:00
< a href = "traefik-ingress-controller.html" >
2018-01-25 15:01:14 +08:00
< b > 3.3.15.1.< / b >
2018-01-24 18:11:17 +08:00
Traefik Ingress Controller
< / a >
< / li >
< / ul >
< / li >
2018-01-25 15:01:14 +08:00
< li class = "chapter " data-level = "3.3.16" data-path = "configmap.html" >
2018-01-24 18:11:17 +08:00
< a href = "configmap.html" >
2018-01-25 15:01:14 +08:00
< b > 3.3.16.< / b >
2018-01-24 18:11:17 +08:00
ConfigMap
< / a >
< ul class = "articles" >
2018-01-25 15:01:14 +08:00
< li class = "chapter " data-level = "3.3.16.1" data-path = "configmap-hot-update.html" >
2018-01-24 18:11:17 +08:00
< a href = "configmap-hot-update.html" >
2018-01-25 15:01:14 +08:00
< b > 3.3.16.1.< / b >
2018-01-24 18:11:17 +08:00
ConfigMap的热更新
< / a >
< / li >
< / ul >
< / li >
2018-01-25 15:01:14 +08:00
< li class = "chapter " data-level = "3.3.17" data-path = "horizontal-pod-autoscaling.html" >
2018-01-24 18:11:17 +08:00
< a href = "horizontal-pod-autoscaling.html" >
2018-01-25 15:01:14 +08:00
< b > 3.3.17.< / b >
2018-01-24 18:11:17 +08:00
Horizontal Pod Autoscaling
< / a >
< ul class = "articles" >
2018-01-25 15:01:14 +08:00
< li class = "chapter " data-level = "3.3.17.1" data-path = "custom-metrics-hpa.html" >
2018-01-24 18:11:17 +08:00
< a href = "custom-metrics-hpa.html" >
2018-01-25 15:01:14 +08:00
< b > 3.3.17.1.< / b >
2018-01-24 18:11:17 +08:00
自定义指标HPA
< / a >
< / li >
< / ul >
< / li >
2018-01-25 15:01:14 +08:00
< li class = "chapter " data-level = "3.3.18" data-path = "label.html" >
2018-01-24 18:11:17 +08:00
< a href = "label.html" >
2018-01-25 15:01:14 +08:00
< b > 3.3.18.< / b >
2018-01-24 18:11:17 +08:00
Label
< / a >
< / li >
2018-01-25 15:01:14 +08:00
< li class = "chapter " data-level = "3.3.19" data-path = "garbage-collection.html" >
2018-01-24 18:11:17 +08:00
< a href = "garbage-collection.html" >
2018-01-25 15:01:14 +08:00
< b > 3.3.19.< / b >
2018-01-24 18:11:17 +08:00
垃圾收集
< / a >
< / li >
2018-01-25 15:01:14 +08:00
< li class = "chapter " data-level = "3.3.20" data-path = "network-policy.html" >
2018-01-24 18:11:17 +08:00
< a href = "network-policy.html" >
2018-01-25 15:01:14 +08:00
< b > 3.3.20.< / b >
2018-01-24 18:11:17 +08:00
NetworkPolicy
< / a >
< / li >
2018-01-25 15:01:14 +08:00
< li class = "chapter " data-level = "3.3.21" data-path = "annotation.html" >
2018-01-24 18:11:17 +08:00
< a href = "annotation.html" >
2018-01-25 15:01:14 +08:00
< b > 3.3.21.< / b >
2018-01-24 18:11:17 +08:00
Annotation
< / a >
< / li >
2018-01-25 15:01:14 +08:00
< li class = "chapter " data-level = "3.3.22" data-path = "aggregated-api-server.html" >
2018-01-24 18:11:17 +08:00
< a href = "aggregated-api-server.html" >
2018-01-25 15:01:14 +08:00
< b > 3.3.22.< / b >
2018-01-24 18:11:17 +08:00
Aggregated API Server
< / a >
< / li >
2018-01-25 15:01:14 +08:00
< li class = "chapter " data-level = "3.3.23" data-path = "custom-resource.html" >
2018-01-24 18:11:17 +08:00
< a href = "custom-resource.html" >
2018-01-25 15:01:14 +08:00
< b > 3.3.23.< / b >
2018-01-24 18:11:17 +08:00
使用自定义资源扩展API
< / a >
< / li >
2018-01-25 15:01:14 +08:00
< li class = "chapter " data-level = "3.3.24" data-path = "apiservice.html" >
2018-01-24 18:11:17 +08:00
< a href = "apiservice.html" >
2018-01-25 15:01:14 +08:00
< b > 3.3.24.< / b >
2018-01-24 18:11:17 +08:00
APIService
< / a >
< / li >
2018-01-25 15:01:14 +08:00
< li class = "chapter " data-level = "3.3.25" data-path = "taint-and-toleration.html" >
2018-01-24 18:11:17 +08:00
< a href = "taint-and-toleration.html" >
2018-01-25 15:01:14 +08:00
< b > 3.3.25.< / b >
2018-01-24 18:11:17 +08:00
Taint和Toleration( 污点和容忍)
< / a >
< / li >
2018-01-25 15:01:14 +08:00
< li class = "chapter " data-level = "3.3.26" data-path = "pod-disruption-budget.html" >
2018-01-24 18:11:17 +08:00
< a href = "pod-disruption-budget.html" >
2018-01-25 15:01:14 +08:00
< b > 3.3.26.< / b >
2018-01-24 18:11:17 +08:00
Pod中断与PDB( Pod中断预算)
< / a >
< / li >
< / ul >
< / li >
< li class = "header" > 用户指南< / li >
< li class = "chapter " data-level = "4.1" data-path = "../guide/" >
< a href = "../guide/" >
< b > 4.1.< / b >
用户指南
< / a >
< / li >
< li class = "chapter " data-level = "4.2" data-path = "../guide/resource-configuration.html" >
< a href = "../guide/resource-configuration.html" >
< b > 4.2.< / b >
资源对象配置
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "4.2.1" data-path = "../guide/configure-liveness-readiness-probes.html" >
< a href = "../guide/configure-liveness-readiness-probes.html" >
< b > 4.2.1.< / b >
配置Pod的liveness和readiness探针
< / a >
< / li >
< li class = "chapter " data-level = "4.2.2" data-path = "../guide/configure-pod-service-account.html" >
< a href = "../guide/configure-pod-service-account.html" >
< b > 4.2.2.< / b >
配置Pod的Service Account
< / a >
< / li >
< li class = "chapter " data-level = "4.2.3" data-path = "../guide/secret-configuration.html" >
< a href = "../guide/secret-configuration.html" >
< b > 4.2.3.< / b >
Secret配置
< / a >
< / li >
< li class = "chapter " data-level = "4.2.4" data-path = "../guide/resource-quota-management.html" >
< a href = "../guide/resource-quota-management.html" >
< b > 4.2.4.< / b >
管理namespace中的资源配额
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "4.3" data-path = "../guide/command-usage.html" >
< a href = "../guide/command-usage.html" >
< b > 4.3.< / b >
命令使用
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "4.3.1" data-path = "../guide/docker-cli-to-kubectl.html" >
< a href = "../guide/docker-cli-to-kubectl.html" >
< b > 4.3.1.< / b >
docker用户过度到kubectl命令行指南
< / a >
< / li >
< li class = "chapter " data-level = "4.3.2" data-path = "../guide/using-kubectl.html" >
< a href = "../guide/using-kubectl.html" >
< b > 4.3.2.< / b >
kubectl命令概览
< / a >
< / li >
< li class = "chapter " data-level = "4.3.3" data-path = "../guide/kubectl-cheatsheet.html" >
< a href = "../guide/kubectl-cheatsheet.html" >
< b > 4.3.3.< / b >
kubectl命令技巧大全
< / a >
< / li >
< li class = "chapter " data-level = "4.3.4" data-path = "../guide/using-etcdctl-to-access-kubernetes-data.html" >
< a href = "../guide/using-etcdctl-to-access-kubernetes-data.html" >
< b > 4.3.4.< / b >
使用etcdctl访问kubernetes数据
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "4.4" data-path = "../guide/cluster-security-management.html" >
< a href = "../guide/cluster-security-management.html" >
< b > 4.4.< / b >
集群安全性管理
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "4.4.1" data-path = "../guide/managing-tls-in-a-cluster.html" >
< a href = "../guide/managing-tls-in-a-cluster.html" >
< b > 4.4.1.< / b >
管理集群中的TLS
< / a >
< / li >
< li class = "chapter " data-level = "4.4.2" data-path = "../guide/kubelet-authentication-authorization.html" >
< a href = "../guide/kubelet-authentication-authorization.html" >
< b > 4.4.2.< / b >
kubelet的认证授权
< / a >
< / li >
< li class = "chapter " data-level = "4.4.3" data-path = "../guide/tls-bootstrapping.html" >
< a href = "../guide/tls-bootstrapping.html" >
< b > 4.4.3.< / b >
TLS bootstrap
< / a >
< / li >
< li class = "chapter " data-level = "4.4.4" data-path = "../guide/kubectl-user-authentication-authorization.html" >
< a href = "../guide/kubectl-user-authentication-authorization.html" >
< b > 4.4.4.< / b >
创建用户认证授权的kubeconfig文件
< / a >
< / li >
< li class = "chapter " data-level = "4.4.5" data-path = "../guide/rbac.html" >
< a href = "../guide/rbac.html" >
< b > 4.4.5.< / b >
RBAC——基于角色的访问控制
< / a >
< / li >
< li class = "chapter " data-level = "4.4.6" data-path = "../guide/ip-masq-agent.html" >
< a href = "../guide/ip-masq-agent.html" >
< b > 4.4.6.< / b >
IP伪装代理
< / a >
< / li >
< li class = "chapter " data-level = "4.4.7" data-path = "../guide/auth-with-kubeconfig-or-token.html" >
< a href = "../guide/auth-with-kubeconfig-or-token.html" >
< b > 4.4.7.< / b >
使用kubeconfig或token进行用户身份认证
< / a >
< / li >
< li class = "chapter " data-level = "4.4.8" data-path = "../guide/authentication.html" >
< a href = "../guide/authentication.html" >
< b > 4.4.8.< / b >
Kubernetes中的用户与身份认证授权
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "4.5" data-path = "../guide/access-kubernetes-cluster.html" >
< a href = "../guide/access-kubernetes-cluster.html" >
< b > 4.5.< / b >
访问Kubernetes集群
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "4.5.1" data-path = "../guide/access-cluster.html" >
< a href = "../guide/access-cluster.html" >
< b > 4.5.1.< / b >
访问集群
< / a >
< / li >
< li class = "chapter " data-level = "4.5.2" data-path = "../guide/authenticate-across-clusters-kubeconfig.html" >
< a href = "../guide/authenticate-across-clusters-kubeconfig.html" >
< b > 4.5.2.< / b >
使用kubeconfig文件配置跨集群认证
< / a >
< / li >
< li class = "chapter " data-level = "4.5.3" data-path = "../guide/connecting-to-applications-port-forward.html" >
< a href = "../guide/connecting-to-applications-port-forward.html" >
< b > 4.5.3.< / b >
通过端口转发访问集群中的应用程序
< / a >
< / li >
< li class = "chapter " data-level = "4.5.4" data-path = "../guide/service-access-application-cluster.html" >
< a href = "../guide/service-access-application-cluster.html" >
< b > 4.5.4.< / b >
使用service访问群集中的应用程序
< / a >
< / li >
< li class = "chapter " data-level = "4.5.5" data-path = "../guide/accessing-kubernetes-pods-from-outside-of-the-cluster.html" >
< a href = "../guide/accessing-kubernetes-pods-from-outside-of-the-cluster.html" >
< b > 4.5.5.< / b >
从外部访问Kubernetes中的Pod
< / a >
< / li >
< li class = "chapter " data-level = "4.5.6" data-path = "../guide/cabin-mobile-dashboard-for-kubernetes.html" >
< a href = "../guide/cabin-mobile-dashboard-for-kubernetes.html" >
< b > 4.5.6.< / b >
Cabin - Kubernetes手机客户端
< / a >
< / li >
< li class = "chapter " data-level = "4.5.7" data-path = "../guide/kubernetes-desktop-client.html" >
< a href = "../guide/kubernetes-desktop-client.html" >
< b > 4.5.7.< / b >
Kubernetic - Kubernetes桌面客户端
< / a >
< / li >
< li class = "chapter " data-level = "4.5.8" data-path = "../guide/kubernator-kubernetes-ui.html" >
< a href = "../guide/kubernator-kubernetes-ui.html" >
< b > 4.5.8.< / b >
Kubernator - 更底层的Kubernetes UI
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "4.6" data-path = "../guide/application-development-deployment-flow.html" >
< a href = "../guide/application-development-deployment-flow.html" >
< b > 4.6.< / b >
在Kubernetes中开发部署应用
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "4.6.1" data-path = "../guide/deploy-applications-in-kubernetes.html" >
< a href = "../guide/deploy-applications-in-kubernetes.html" >
< b > 4.6.1.< / b >
适用于kubernetes的应用开发部署流程
< / a >
< / li >
< li class = "chapter " data-level = "4.6.2" data-path = "../guide/migrating-hadoop-yarn-to-kubernetes.html" >
< a href = "../guide/migrating-hadoop-yarn-to-kubernetes.html" >
< b > 4.6.2.< / b >
迁移传统应用到Kubernetes中——以Hadoop YARN为例
< / a >
< / li >
< li class = "chapter " data-level = "4.6.3" data-path = "../guide/using-statefulset.html" >
< a href = "../guide/using-statefulset.html" >
< b > 4.6.3.< / b >
使用StatefulSet部署用状态应用
< / a >
< / li >
< / ul >
< / li >
< li class = "header" > 最佳实践< / li >
< li class = "chapter " data-level = "5.1" data-path = "../practice/" >
< a href = "../practice/" >
< b > 5.1.< / b >
最佳实践概览
< / a >
< / li >
< li class = "chapter " data-level = "5.2" data-path = "../practice/install-kubernetes-on-centos.html" >
< a href = "../practice/install-kubernetes-on-centos.html" >
< b > 5.2.< / b >
在CentOS上部署Kubernetes集群
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "5.2.1" data-path = "../practice/create-tls-and-secret-key.html" >
< a href = "../practice/create-tls-and-secret-key.html" >
< b > 5.2.1.< / b >
创建TLS证书和秘钥
< / a >
< / li >
< li class = "chapter " data-level = "5.2.2" data-path = "../practice/create-kubeconfig.html" >
< a href = "../practice/create-kubeconfig.html" >
< b > 5.2.2.< / b >
创建kubeconfig文件
< / a >
< / li >
< li class = "chapter " data-level = "5.2.3" data-path = "../practice/etcd-cluster-installation.html" >
< a href = "../practice/etcd-cluster-installation.html" >
< b > 5.2.3.< / b >
创建高可用etcd集群
< / a >
< / li >
< li class = "chapter " data-level = "5.2.4" data-path = "../practice/kubectl-installation.html" >
< a href = "../practice/kubectl-installation.html" >
< b > 5.2.4.< / b >
安装kubectl命令行工具
< / a >
< / li >
< li class = "chapter " data-level = "5.2.5" data-path = "../practice/master-installation.html" >
< a href = "../practice/master-installation.html" >
< b > 5.2.5.< / b >
部署master节点
< / a >
< / li >
< li class = "chapter " data-level = "5.2.6" data-path = "../practice/flannel-installation.html" >
< a href = "../practice/flannel-installation.html" >
< b > 5.2.6.< / b >
安装flannel网络插件
< / a >
< / li >
< li class = "chapter " data-level = "5.2.7" data-path = "../practice/node-installation.html" >
< a href = "../practice/node-installation.html" >
< b > 5.2.7.< / b >
部署node节点
< / a >
< / li >
< li class = "chapter " data-level = "5.2.8" data-path = "../practice/kubedns-addon-installation.html" >
< a href = "../practice/kubedns-addon-installation.html" >
< b > 5.2.8.< / b >
安装kubedns插件
< / a >
< / li >
< li class = "chapter " data-level = "5.2.9" data-path = "../practice/dashboard-addon-installation.html" >
< a href = "../practice/dashboard-addon-installation.html" >
< b > 5.2.9.< / b >
安装dashboard插件
< / a >
< / li >
< li class = "chapter " data-level = "5.2.10" data-path = "../practice/heapster-addon-installation.html" >
< a href = "../practice/heapster-addon-installation.html" >
< b > 5.2.10.< / b >
安装heapster插件
< / a >
< / li >
< li class = "chapter " data-level = "5.2.11" data-path = "../practice/efk-addon-installation.html" >
< a href = "../practice/efk-addon-installation.html" >
< b > 5.2.11.< / b >
安装EFK插件
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "5.3" data-path = "../practice/service-discovery-and-loadbalancing.html" >
< a href = "../practice/service-discovery-and-loadbalancing.html" >
< b > 5.3.< / b >
服务发现与负载均衡
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "5.3.1" data-path = "../practice/traefik-ingress-installation.html" >
< a href = "../practice/traefik-ingress-installation.html" >
< b > 5.3.1.< / b >
安装Traefik ingress
< / a >
< / li >
< li class = "chapter " data-level = "5.3.2" data-path = "../practice/distributed-load-test.html" >
< a href = "../practice/distributed-load-test.html" >
< b > 5.3.2.< / b >
分布式负载测试
< / a >
< / li >
< li class = "chapter " data-level = "5.3.3" data-path = "../practice/network-and-cluster-perfermance-test.html" >
< a href = "../practice/network-and-cluster-perfermance-test.html" >
< b > 5.3.3.< / b >
网络和集群性能测试
< / a >
< / li >
< li class = "chapter " data-level = "5.3.4" data-path = "../practice/edge-node-configuration.html" >
< a href = "../practice/edge-node-configuration.html" >
< b > 5.3.4.< / b >
边缘节点配置
< / a >
< / li >
< li class = "chapter " data-level = "5.3.5" data-path = "../practice/nginx-ingress-installation.html" >
< a href = "../practice/nginx-ingress-installation.html" >
< b > 5.3.5.< / b >
安装Nginx ingress
< / a >
< / li >
< li class = "chapter " data-level = "5.3.6" data-path = "../practice/configuring-dns.html" >
< a href = "../practice/configuring-dns.html" >
< b > 5.3.6.< / b >
配置内置DNS( kube-dns)
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "5.4" data-path = "../practice/operation.html" >
< a href = "../practice/operation.html" >
< b > 5.4.< / b >
运维管理
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "5.4.1" data-path = "../practice/service-rolling-update.html" >
< a href = "../practice/service-rolling-update.html" >
< b > 5.4.1.< / b >
服务滚动升级
< / a >
< / li >
< li class = "chapter " data-level = "5.4.2" data-path = "../practice/app-log-collection.html" >
< a href = "../practice/app-log-collection.html" >
< b > 5.4.2.< / b >
应用日志收集
< / a >
< / li >
< li class = "chapter " data-level = "5.4.3" data-path = "../practice/configuration-best-practice.html" >
< a href = "../practice/configuration-best-practice.html" >
< b > 5.4.3.< / b >
配置最佳实践
< / a >
< / li >
< li class = "chapter " data-level = "5.4.4" data-path = "../practice/monitor.html" >
< a href = "../practice/monitor.html" >
< b > 5.4.4.< / b >
集群及应用监控
< / a >
< / li >
< li class = "chapter " data-level = "5.4.5" data-path = "../practice/data-persistence-problem.html" >
< a href = "../practice/data-persistence-problem.html" >
< b > 5.4.5.< / b >
数据持久化问题
< / a >
< / li >
< li class = "chapter " data-level = "5.4.6" data-path = "../practice/manage-compute-resources-container.html" >
< a href = "../practice/manage-compute-resources-container.html" >
< b > 5.4.6.< / b >
管理容器的计算资源
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "5.5" data-path = "../practice/storage.html" >
< a href = "../practice/storage.html" >
< b > 5.5.< / b >
存储管理
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "5.5.1" data-path = "../practice/glusterfs.html" >
< a href = "../practice/glusterfs.html" >
< b > 5.5.1.< / b >
GlusterFS
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "5.5.1.1" data-path = "../practice/using-glusterfs-for-persistent-storage.html" >
< a href = "../practice/using-glusterfs-for-persistent-storage.html" >
< b > 5.5.1.1.< / b >
使用GlusterFS做持久化存储
< / a >
< / li >
< li class = "chapter " data-level = "5.5.1.2" data-path = "../practice/storage-for-containers-using-glusterfs-with-openshift.html" >
< a href = "../practice/storage-for-containers-using-glusterfs-with-openshift.html" >
< b > 5.5.1.2.< / b >
在OpenShift中使用GlusterFS做持久化存储
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "5.5.2" data-path = "../practice/cephfs.html" >
< a href = "../practice/cephfs.html" >
< b > 5.5.2.< / b >
CephFS
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "5.5.2.1" data-path = "../practice/using-ceph-for-persistent-storage.html" >
< a href = "../practice/using-ceph-for-persistent-storage.html" >
< b > 5.5.2.1.< / b >
使用Ceph做持久化存储
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "5.5.3" data-path = "../practice/openebs.html" >
< a href = "../practice/openebs.html" >
< b > 5.5.3.< / b >
OpenEBS
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "5.5.3.1" data-path = "../practice/using-openebs-for-persistent-storage.html" >
< a href = "../practice/using-openebs-for-persistent-storage.html" >
< b > 5.5.3.1.< / b >
使用OpenEBS做持久化存储
< / a >
< / li >
< / ul >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "5.6" data-path = "../practice/monitoring.html" >
< a href = "../practice/monitoring.html" >
< b > 5.6.< / b >
集群与应用监控
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "5.6.1" data-path = "../practice/heapster.html" >
< a href = "../practice/heapster.html" >
< b > 5.6.1.< / b >
Heapster
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "5.6.1.1" data-path = "../practice/using-heapster-to-get-object-metrics.html" >
< a href = "../practice/using-heapster-to-get-object-metrics.html" >
< b > 5.6.1.1.< / b >
使用Heapster获取集群和对象的metric数据
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "5.6.2" data-path = "../practice/prometheus.html" >
< a href = "../practice/prometheus.html" >
< b > 5.6.2.< / b >
Prometheus
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "5.6.2.1" data-path = "../practice/using-prometheus-to-monitor-kuberentes-cluster.html" >
< a href = "../practice/using-prometheus-to-monitor-kuberentes-cluster.html" >
< b > 5.6.2.1.< / b >
使用Prometheus监控kubernetes集群
< / a >
< / li >
< / ul >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "5.7" data-path = "../practice/services-management-tool.html" >
< a href = "../practice/services-management-tool.html" >
< b > 5.7.< / b >
服务编排管理
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "5.7.1" data-path = "../practice/helm.html" >
< a href = "../practice/helm.html" >
< b > 5.7.1.< / b >
使用Helm管理kubernetes应用
< / a >
< / li >
< li class = "chapter " data-level = "5.7.2" data-path = "../practice/create-private-charts-repo.html" >
< a href = "../practice/create-private-charts-repo.html" >
< b > 5.7.2.< / b >
构建私有Chart仓库
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "5.8" data-path = "../practice/ci-cd.html" >
< a href = "../practice/ci-cd.html" >
< b > 5.8.< / b >
持续集成与发布
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "5.8.1" data-path = "../practice/jenkins-ci-cd.html" >
< a href = "../practice/jenkins-ci-cd.html" >
< b > 5.8.1.< / b >
使用Jenkins进行持续集成与发布
< / a >
< / li >
< li class = "chapter " data-level = "5.8.2" data-path = "../practice/drone-ci-cd.html" >
< a href = "../practice/drone-ci-cd.html" >
< b > 5.8.2.< / b >
使用Drone进行持续集成与发布
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "5.9" data-path = "../practice/update-and-upgrade.html" >
< a href = "../practice/update-and-upgrade.html" >
< b > 5.9.< / b >
更新与升级
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "5.9.1" data-path = "../practice/manually-upgrade.html" >
< a href = "../practice/manually-upgrade.html" >
< b > 5.9.1.< / b >
手动升级Kubernetes集群
< / a >
< / li >
< li class = "chapter " data-level = "5.9.2" data-path = "../practice/dashboard-upgrade.html" >
< a href = "../practice/dashboard-upgrade.html" >
< b > 5.9.2.< / b >
升级dashboard
< / a >
< / li >
< / ul >
< / li >
< li class = "header" > 领域应用< / li >
< li class = "chapter " data-level = "6.1" data-path = "../usecases/" >
< a href = "../usecases/" >
< b > 6.1.< / b >
领域应用概览
< / a >
< / li >
< li class = "chapter " data-level = "6.2" data-path = "../usecases/microservices.html" >
< a href = "../usecases/microservices.html" >
< b > 6.2.< / b >
微服务架构
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "6.2.1" data-path = "../usecases/service-discovery-in-microservices.html" >
< a href = "../usecases/service-discovery-in-microservices.html" >
< b > 6.2.1.< / b >
微服务中的服务发现
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "6.3" data-path = "../usecases/service-mesh.html" >
< a href = "../usecases/service-mesh.html" >
< b > 6.3.< / b >
Service Mesh 服务网格
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "6.3.1" data-path = "../usecases/istio.html" >
< a href = "../usecases/istio.html" >
< b > 6.3.1.< / b >
Istio
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "6.3.1.1" data-path = "../usecases/istio-installation.html" >
< a href = "../usecases/istio-installation.html" >
< b > 6.3.1.1.< / b >
安装并试用Istio service mesh
< / a >
< / li >
< li class = "chapter " data-level = "6.3.1.2" data-path = "../usecases/configuring-request-routing.html" >
< a href = "../usecases/configuring-request-routing.html" >
< b > 6.3.1.2.< / b >
配置请求的路由规则
< / a >
< / li >
< li class = "chapter " data-level = "6.3.1.3" data-path = "../usecases/install-and-expand-istio-mesh.html" >
< a href = "../usecases/install-and-expand-istio-mesh.html" >
< b > 6.3.1.3.< / b >
安装和拓展Istio service mesh
< / a >
< / li >
< li class = "chapter " data-level = "6.3.1.4" data-path = "../usecases/integrating-vms.html" >
< a href = "../usecases/integrating-vms.html" >
< b > 6.3.1.4.< / b >
集成虚拟机
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "6.3.2" data-path = "../usecases/linkerd.html" >
< a href = "../usecases/linkerd.html" >
< b > 6.3.2.< / b >
Linkerd
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "6.3.2.1" data-path = "../usecases/linkerd-user-guide.html" >
< a href = "../usecases/linkerd-user-guide.html" >
< b > 6.3.2.1.< / b >
Linkerd 使用指南
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "6.3.3" data-path = "../usecases/conduit.html" >
< a href = "../usecases/conduit.html" >
< b > 6.3.3.< / b >
Conduit
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "6.3.3.1" data-path = "../usecases/conduit-overview.html" >
< a href = "../usecases/conduit-overview.html" >
< b > 6.3.3.1.< / b >
Condiut概览
< / a >
< / li >
< li class = "chapter " data-level = "6.3.3.2" data-path = "../usecases/conduit-installation.html" >
< a href = "../usecases/conduit-installation.html" >
< b > 6.3.3.2.< / b >
安装Conduit
< / a >
< / li >
< / ul >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "6.4" data-path = "../usecases/big-data.html" >
< a href = "../usecases/big-data.html" >
< b > 6.4.< / b >
大数据
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "6.4.1" data-path = "../usecases/spark-standalone-on-kubernetes.html" >
< a href = "../usecases/spark-standalone-on-kubernetes.html" >
< b > 6.4.1.< / b >
Spark standalone on Kubernetes
< / a >
< / li >
< li class = "chapter " data-level = "6.4.2" data-path = "../usecases/running-spark-with-kubernetes-native-scheduler.html" >
< a href = "../usecases/running-spark-with-kubernetes-native-scheduler.html" >
< b > 6.4.2.< / b >
运行支持Kubernetes原生调度的Spark程序
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "6.5" data-path = "../usecases/serverless.html" >
< a href = "../usecases/serverless.html" >
< b > 6.5.< / b >
Serverless架构
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "6.5.1" data-path = "../usecases/understanding-serverless.html" >
< a href = "../usecases/understanding-serverless.html" >
< b > 6.5.1.< / b >
理解Serverless
< / a >
< / li >
< li class = "chapter " data-level = "6.5.2" data-path = "../usecases/faas.html" >
< a href = "../usecases/faas.html" >
< b > 6.5.2.< / b >
FaaS-函数即服务
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "6.5.2.1" data-path = "../usecases/openfaas-quick-start.html" >
< a href = "../usecases/openfaas-quick-start.html" >
< b > 6.5.2.1.< / b >
OpenFaaS快速入门指南
< / a >
< / li >
< / ul >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "6.6" data-path = "../usecases/edge-computing.html" >
< a href = "../usecases/edge-computing.html" >
< b > 6.6.< / b >
边缘计算
< / a >
< / li >
< li class = "header" > 开发指南< / li >
< li class = "chapter " data-level = "7.1" data-path = "../develop/" >
< a href = "../develop/" >
< b > 7.1.< / b >
开发指南概览
< / a >
< / li >
< li class = "chapter " data-level = "7.2" data-path = "../develop/sigs-and-working-group.html" >
< a href = "../develop/sigs-and-working-group.html" >
< b > 7.2.< / b >
SIG和工作组
< / a >
< / li >
< li class = "chapter " data-level = "7.3" data-path = "../develop/developing-environment.html" >
< a href = "../develop/developing-environment.html" >
< b > 7.3.< / b >
开发环境搭建
< / a >
< / li >
< li class = "chapter " data-level = "7.4" data-path = "../develop/testing.html" >
< a href = "../develop/testing.html" >
< b > 7.4.< / b >
单元测试和集成测试
< / a >
< / li >
< li class = "chapter " data-level = "7.5" data-path = "../develop/client-go-sample.html" >
< a href = "../develop/client-go-sample.html" >
< b > 7.5.< / b >
client-go示例
< / a >
< / li >
< li class = "chapter " data-level = "7.6" data-path = "../develop/operator.html" >
< a href = "../develop/operator.html" >
< b > 7.6.< / b >
Operator
< / a >
< / li >
< li class = "chapter " data-level = "7.7" data-path = "../develop/contribute.html" >
< a href = "../develop/contribute.html" >
< b > 7.7.< / b >
社区贡献
< / a >
< / li >
< li class = "chapter " data-level = "7.8" data-path = "../develop/minikube.html" >
< a href = "../develop/minikube.html" >
< b > 7.8.< / b >
Minikube
< / a >
< / li >
< li class = "header" > 附录< / li >
< li class = "chapter " data-level = "8.1" data-path = "../appendix/" >
< a href = "../appendix/" >
< b > 8.1.< / b >
附录说明
< / a >
< / li >
< li class = "chapter " data-level = "8.2" data-path = "../appendix/debug-kubernetes-services.html" >
< a href = "../appendix/debug-kubernetes-services.html" >
< b > 8.2.< / b >
Kubernetes中的应用故障排查
< / a >
< / li >
< li class = "chapter " data-level = "8.3" data-path = "../appendix/material-share.html" >
< a href = "../appendix/material-share.html" >
< b > 8.3.< / b >
Kubernetes相关资讯和情报链接
< / a >
< / li >
< li class = "chapter " data-level = "8.4" data-path = "../appendix/docker-best-practice.html" >
< a href = "../appendix/docker-best-practice.html" >
< b > 8.4.< / b >
Docker最佳实践
< / a >
< / li >
< li class = "chapter " data-level = "8.5" data-path = "../appendix/tricks.html" >
< a href = "../appendix/tricks.html" >
< b > 8.5.< / b >
使用技巧
< / a >
< / li >
< li class = "chapter " data-level = "8.6" data-path = "../appendix/issues.html" >
< a href = "../appendix/issues.html" >
< b > 8.6.< / b >
问题记录
< / a >
< / li >
< li class = "chapter " data-level = "8.7" data-path = "../appendix/kubernetes-changelog.html" >
< a href = "../appendix/kubernetes-changelog.html" >
< b > 8.7.< / b >
Kubernetes版本更新日志
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "8.7.1" data-path = "../appendix/kubernetes-1.7-changelog.html" >
< a href = "../appendix/kubernetes-1.7-changelog.html" >
< b > 8.7.1.< / b >
Kubernetes1.7更新日志
< / a >
< / li >
< li class = "chapter " data-level = "8.7.2" data-path = "../appendix/kubernetes-1.8-changelog.html" >
< a href = "../appendix/kubernetes-1.8-changelog.html" >
< b > 8.7.2.< / b >
Kubernetes1.8更新日志
< / a >
< / li >
< li class = "chapter " data-level = "8.7.3" data-path = "../appendix/kubernetes-1.9-changelog.html" >
< a href = "../appendix/kubernetes-1.9-changelog.html" >
< b > 8.7.3.< / b >
Kubernetes1.9更新日志
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "8.8" data-path = "../appendix/summary-and-outlook.html" >
< a href = "../appendix/summary-and-outlook.html" >
< b > 8.8.< / b >
Kubernetes及云原生年度总结及展望
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "8.8.1" data-path = "../appendix/kubernetes-and-cloud-native-summary-in-2017-and-outlook-for-2018.html" >
< a href = "../appendix/kubernetes-and-cloud-native-summary-in-2017-and-outlook-for-2018.html" >
< b > 8.8.1.< / b >
Kubernetes与云原生2017年年终总结及2018年展望
< / a >
< / li >
< / ul >
< / li >
< li class = "divider" > < / li >
< li >
< a href = "https://www.gitbook.com" target = "blank" class = "gitbook-link" >
本书使用 GitBook 发布
< / a >
< / li >
< / ul >
< / nav >
< / div >
< div class = "book-body" >
< div class = "body-inner" >
< div class = "book-header" role = "navigation" >
<!-- Title -->
< h1 >
< i class = "fa fa-circle-o-notch fa-spin" > < / i >
< a href = ".." > CNI - Container Network Interface( 容器网络接口) < / a >
< / h1 >
< / div >
< div class = "page-wrapper" tabindex = "-1" role = "main" >
< div class = "page-inner" >
< div class = "search-plus" id = "book-search-results" >
< div class = "search-noresults" >
< section class = "normal markdown-section" >
< h1 id = "cni---container-network-interface(容器网络接口)" > CNI - Container Network Interface( 容 器 网 络 接 口 ) < / h1 >
< p > CNI( Container Network Interface) 是 CNCF旗 下 的 一 个 项 目 , 由 一 组 用 于 配 置 Linux容 器 的 网 络 接 口 的 规 范 和 库 组 成 , 同 时 还 包 含 了 一 些 插 件 。 CNI仅 关 心 容 器 创 建 时 的 网 络 分 配 , 和 当 容 器 被 删 除 时 释 放 网 络 资 源 。 通 过 此 链 接 浏 览 该 项 目 : < a href = "https://github.com/containernetworking/cni" target = "_blank" > https://github.com/containernetworking/cni< / a > 。 < / p >
< p > Kubernetes源 码 的 < code > vendor/github.com/containernetworking/cni/libcni< / code > 目 录 中 已 经 包 含 了 CNI的 代 码 , 也 就 是 说 kubernetes中 已 经 内 置 了 CNI。 < / p >
< h2 id = "接口定义" > 接 口 定 义 < / h2 >
< p > CNI的 接 口 中 包 括 以 下 几 个 方 法 : < / p >
< pre > < code class = "lang-go" > < span class = "hljs-keyword" > type< / span > CNI < span class = "hljs-keyword" > interface< / span > {
AddNetworkList(net *NetworkConfigList, rt *RuntimeConf) (types.Result, error)
DelNetworkList(net *NetworkConfigList, rt *RuntimeConf) error
AddNetwork(net *NetworkConfig, rt *RuntimeConf) (types.Result, error)
DelNetwork(net *NetworkConfig, rt *RuntimeConf) error
}
< / code > < / pre >
< p > 该 接 口 只 有 四 个 方 法 , 添 加 网 络 、 删 除 网 络 、 添 加 网 络 列 表 、 删 除 网 络 列 表 。 < / p >
< h2 id = "设计考量" > 设 计 考 量 < / h2 >
< p > CNI设 计 的 时 候 考 虑 了 以 下 问 题 : < / p >
< ul >
< li > 容 器 运 行 时 必 须 在 调 用 任 何 插 件 之 前 为 容 器 创 建 一 个 新 的 网 络 命 名 空 间 。 < / li >
< li > 然 后 , 运 行 时 必 须 确 定 这 个 容 器 应 属 于 哪 个 网 络 , 并 为 每 个 网 络 确 定 哪 些 插 件 必 须 被 执 行 。 < / li >
< li > 网 络 配 置 采 用 JSON格 式 , 可 以 很 容 易 地 存 储 在 文 件 中 。 网 络 配 置 包 括 必 填 字 段 , 如 < code > name< / code > 和 < code > type< / code > 以 及 插 件 ( 类 型 ) 。 网 络 配 置 允 许 字 段 在 调 用 之 间 改 变 值 。 为 此 , 有 一 个 可 选 的 字 段 < code > args< / code > , 必 须 包 含 不 同 的 信 息 。 < / li >
< li > 容 器 运 行 时 必 须 按 顺 序 为 每 个 网 络 执 行 相 应 的 插 件 , 将 容 器 添 加 到 每 个 网 络 中 。 < / li >
< li > 在 完 成 容 器 生 命 周 期 后 , 运 行 时 必 须 以 相 反 的 顺 序 执 行 插 件 ( 相 对 于 执 行 添 加 容 器 的 顺 序 ) 以 将 容 器 与 网 络 断 开 连 接 。 < / li >
< li > 容 器 运 行 时 不 能 为 同 一 容 器 调 用 并 行 操 作 , 但 可 以 为 不 同 的 容 器 调 用 并 行 操 作 。 < / li >
< li > 容 器 运 行 时 必 须 为 容 器 订 阅 ADD和 DEL操 作 , 这 样 ADD后 面 总 是 跟 着 相 应 的 DEL。 DEL可 能 跟 着 额 外 的 DEL, 但 是 , 插 件 应 该 允 许 处 理 多 个 DEL( 即 插 件 DEL应 该 是 幂 等 的 ) 。 < / li >
< li > 容 器 必 须 由 ContainerID唯 一 标 识 。 存 储 状 态 的 插 件 应 该 使 用 ( 网 络 名 称 , 容 器 ID) 的 主 键 来 完 成 。 < / li >
< li > 运 行 时 不 能 调 用 同 一 个 网 络 名 称 或 容 器 ID执 行 两 次 ADD( 没 有 相 应 的 DEL) 。 换 句 话 说 , 给 定 的 容 器 ID必 须 只 能 添 加 到 特 定 的 网 络 一 次 。 < / li >
< / ul >
< h2 id = "cni插件" > CNI插 件 < / h2 >
< p > CNI插 件 必 须 实 现 一 个 可 执 行 文 件 , 这 个 文 件 可 以 被 容 器 管 理 系 统 ( 例 如 rkt或 Kubernetes) 调 用 。 < / p >
< p > CNI插 件 负 责 将 网 络 接 口 插 入 容 器 网 络 命 名 空 间 ( 例 如 , veth对 的 一 端 ) , 并 在 主 机 上 进 行 任 何 必 要 的 改 变 ( 例 如 将 veth的 另 一 端 连 接 到 网 桥 ) 。 然 后 将 IP分 配 给 接 口 , 并 通 过 调 用 适 当 的 IPAM插 件 来 设 置 与 “ IP地 址 管 理 ” 部 分 一 致 的 路 由 。 < / p >
< h3 id = "参数" > 参 数 < / h3 >
< p > CNI插 件 必 须 支 持 以 下 操 作 : < / p >
< h4 id = "将容器添加到网络" > 将 容 器 添 加 到 网 络 < / h4 >
< p > 参 数 : < / p >
< ul >
< li > < strong > 版 本 < / strong > 。 调 用 者 正 在 使 用 的 CNI规 范 ( 容 器 管 理 系 统 或 调 用 插 件 ) 的 版 本 。 < / li >
< li > < strong > 容 器 ID < / strong > 。 由 运 行 时 分 配 的 容 器 的 唯 一 明 文 标 识 符 。 一 定 不 能 是 空 的 。 < / li >
< li > < strong > 网 络 命 名 空 间 路 径 < / strong > 。 要 添 加 的 网 络 名 称 空 间 的 路 径 , 即 < code > /proc/[pid]/ns/net< / code > 或 绑 定 挂 载 /链 接 。 < / li >
< li > < strong > 网 络 配 置 < / strong > 。 描 述 容 器 可 以 加 入 的 网 络 的 JSON文 档 。 架 构 如 下 所 述 。 < / li >
< li > < strong > 额 外 的 参 数 < / strong > 。 这 提 供 了 一 个 替 代 机 制 , 允 许 在 每 个 容 器 上 简 单 配 置 CNI插 件 。 < / li >
< li > < strong > 容 器 内 接 口 的 名 称 < / strong > 。 这 是 应 该 分 配 给 容 器 ( 网 络 命 名 空 间 ) 内 创 建 的 接 口 的 名 称 ; 因 此 它 必 须 符 合 Linux接 口 名 称 上 的 标 准 限 制 。 < / li >
< / ul >
< p > 结 果 : < / p >
< ul >
< li > < strong > 接 口 列 表 < / strong > 。 根 据 插 件 的 不 同 , 这 可 以 包 括 沙 箱 ( 例 如 容 器 或 管 理 程 序 ) 接 口 名 称 和 /或 主 机 接 口 名 称 , 每 个 接 口 的 硬 件 地 址 以 及 接 口 所 在 的 沙 箱 ( 如 果 有 的 话 ) 的 详 细 信 息 。 < / li >
< li > < strong > 分 配 给 每 个 接 口 的 IP配 置 < / strong > 。 分 配 给 沙 箱 和 /或 主 机 接 口 的 IPv4和 /或 IPv6地 址 , 网 关 和 路 由 。 < / li >
< li > < strong > DNS信 息 < / strong > 。 包 含 nameserver、 domain、 search domain和 option的 DNS信 息 的 字 典 。 < / li >
< / ul >
< h4 id = "从网络中删除容器" > 从 网 络 中 删 除 容 器 < / h4 >
< p > 参 数 : < / p >
< ul >
< li > < strong > 版 本 < / strong > 。 调 用 者 正 在 使 用 的 CNI规 范 ( 容 器 管 理 系 统 或 调 用 插 件 ) 的 版 本 。 < / li >
< li > < strong > 容 器 ID < / strong > , 如 上 所 述 。 < / li >
< li > < strong > 网 络 命 名 空 间 路 径 < / strong > , 如 上 定 义 。 < / li >
< li > < strong > 网 络 配 置 < / strong > , 如 上 所 述 。 < / li >
< li > < strong > 额 外 的 参 数 < / strong > , 如 上 所 述 。 < / li >
< li > < strong > 上 面 定 义 的 容 器 < / strong > 内 的 接 口 的 名 称 。 < / li >
< / ul >
< ul >
< li > 所 有 参 数 应 与 传 递 给 相 应 的 添 加 操 作 的 参 数 相 同 。 < / li >
< li > 删 除 操 作 应 释 放 配 置 的 网 络 中 提 供 的 containerid拥 有 的 所 有 资 源 。 < / li >
< / ul >
< p > 报 告 版 本 < / p >
< ul >
< li > 参 数 : 无 。 < / li >
< li > 结 果 : 插 件 支 持 的 CNI规 范 版 本 信 息 。 < / li >
< / ul >
< pre > < code class = "lang-json" > {
“ cniVersion” : “ < span class = "hljs-number" > 0.3< / span > < span class = "hljs-number" > .1< / span > ” , < span class = "hljs-comment" > //此 输 出 使 用 的 CNI规 范 的 版 本 < / span >
“ supportedVersions” : [“ < span class = "hljs-number" > 0.1< / span > < span class = "hljs-number" > .0< / span > ” , “ < span class = "hljs-number" > 0.2< / span > < span class = "hljs-number" > .0< / span > ” , “ < span class = "hljs-number" > 0.3< / span > < span class = "hljs-number" > .0< / span > ” , “ < span class = "hljs-number" > 0.3< / span > < span class = "hljs-number" > .1< / span > ” ] < span class = "hljs-comment" > //此 插 件 支 持 的 CNI规 范 版 本 列 表 < / span >
}
< / code > < / pre >
< p > CNI插 件 的 详 细 说 明 请 参 考 : < a href = "https://github.com/containernetworking/cni/blob/master/SPEC.md" target = "_blank" > CNI SPEC< / a > 。 < / p >
< h3 id = "ip分配" > IP分 配 < / h3 >
< p > 作 为 容 器 网 络 管 理 的 一 部 分 , CNI插 件 需 要 为 接 口 分 配 ( 并 维 护 ) IP地 址 , 并 安 装 与 该 接 口 相 关 的 所 有 必 要 路 由 。 这 给 了 CNI插 件 很 大 的 灵 活 性 , 但 也 给 它 带 来 了 很 大 的 负 担 。 众 多 的 CNI插 件 需 要 编 写 相 同 的 代 码 来 支 持 用 户 需 要 的 多 种 IP管 理 方 案 ( 例 如 dhcp、 host-local) 。 < / p >
< p > 为 了 减 轻 负 担 , 使 IP管 理 策 略 与 CNI插 件 类 型 解 耦 , 我 们 定 义 了 IP地 址 管 理 插 件 ( IPAM插 件 ) 。 CNI插 件 的 职 责 是 在 执 行 时 恰 当 地 调 用 IPAM插 件 。 IPAM插 件 必 须 确 定 接 口 IP/subnet, 网 关 和 路 由 , 并 将 此 信 息 返 回 到 “ 主 ” 插 件 来 应 用 配 置 。 IPAM插 件 可 以 通 过 协 议 ( 例 如 dhcp) 、 存 储 在 本 地 文 件 系 统 上 的 数 据 、 网 络 配 置 文 件 的 “ ipam” 部 分 或 上 述 的 组 合 来 获 得 信 息 。 < / p >
< h4 id = "ipam插件" > IPAM插 件 < / h4 >
< p > 像 CNI插 件 一 样 , 调 用 IPAM插 件 的 可 执 行 文 件 。 可 执 行 文 件 位 于 预 定 义 的 路 径 列 表 中 , 通 过 < code > CNI_PATH< / code > 指 示 给 CNI插 件 。 IPAM插 件 必 须 接 收 所 有 传 入 CNI插 件 的 相 同 环 境 变 量 。 就 像 CNI插 件 一 样 , IPAM插 件 通 过 stdin接 收 网 络 配 置 。 < / p >
< h2 id = "可用插件" > 可 用 插 件 < / h2 >
< h3 id = "main:接口创建" > Main: 接 口 创 建 < / h3 >
< ul >
< li > < strong > bridge< / strong > : 创 建 网 桥 , 并 添 加 主 机 和 容 器 到 该 往 桥 < / li >
< li > < strong > ipvlan< / strong > : 在 容 器 中 添 加 一 个 < a href = "https://www.kernel.org/doc/Documentation/networking/ipvlan.txt" target = "_blank" > ipvlan< / a > 接 口 < / li >
< li > < strong > loopback< / strong > : 创 建 一 个 回 环 接 口 < / li >
< li > < strong > macvlan< / strong > : 创 建 一 个 新 的 MAC地 址 , 将 所 有 的 流 量 转 发 到 容 器 < / li >
< li > < strong > ptp< / strong > : 创 建 veth对 < / li >
< li > < strong > vlan< / strong > : 分 配 一 个 vlan设 备 < / li >
< / ul >
< h3 id = "ipam:ip地址分配" > IPAM: IP地 址 分 配 < / h3 >
< ul >
< li > < strong > dhcp< / strong > : 在 主 机 上 运 行 守 护 程 序 , 代 表 容 器 发 出 DHCP请 求 < / li >
< li > < strong > host-local< / strong > : 维 护 分 配 IP的 本 地 数 据 库 < / li >
< / ul >
< h3 id = "meta:其它插件" > Meta: 其 它 插 件 < / h3 >
< ul >
< li > < strong > flannel< / strong > : 根 据 flannel的 配 置 文 件 创 建 接 口 < / li >
< li > < strong > tuning< / strong > : 调 整 现 有 接 口 的 sysctl参 数 < / li >
< li > < strong > portmap< / strong > : 一 个 基 于 iptables的 portmapping插 件 。 将 端 口 从 主 机 的 地 址 空 间 映 射 到 容 器 。 < / li >
< / ul >
< h2 id = "参考" > 参 考 < / h2 >
< ul >
< li > < a href = "https://github.com/containernetworking/cni" target = "_blank" > https://github.com/containernetworking/cni< / a > < / li >
< li > < a href = "https://github.com/containernetworking/plugins" target = "_blank" > https://github.com/containernetworking/plugins< / a > < / li >
< li > < a href = "https://github.com/containernetworking/cni/blob/master/SPEC.md#container-networking-interface-specification" target = "_blank" > Container Networking Interface Specification< / a > < / li >
< li > < a href = "https://github.com/containernetworking/cni/blob/master/CONVENTIONS.md" target = "_blank" > CNI Extension conventions< / a > < / li >
< / ul >
< footer class = "page-footer" > < span class = "copyright" > Copyright © jimmysong.io 2017 all right reserved, powered by Gitbook< / span > < span class = "footer-modification" > Updated:
2018-01-24 18:06:09
< / span > < / footer >
< / section >
< / div >
< div class = "search-results" >
< div class = "has-results" >
< h1 class = "search-results-title" > < span class = 'search-results-count' > < / span > results matching "< span class = 'search-query' > < / span > "< / h1 >
< ul class = "search-results-list" > < / ul >
< / div >
< div class = "no-results" >
< h1 class = "search-results-title" > No results matching "< span class = 'search-query' > < / span > "< / h1 >
< / div >
< / div >
< / div >
< / div >
< / div >
< / div >
< a href = "cri.html" class = "navigation navigation-prev " aria-label = "Previous page: CRI - Container Runtime Interface( 容器运行时接口) " >
< i class = "fa fa-angle-left" > < / i >
< / a >
< a href = "concepts.html" class = "navigation navigation-next " aria-label = "Next page: 设计理念" >
< i class = "fa fa-angle-right" > < / i >
< / a >
< / div >
< script >
var gitbook = gitbook || [];
gitbook.push(function() {
2018-01-25 15:01:14 +08:00
gitbook.page.hasChanged({"page":{"title":"CNI - Container Network Interface( 容器网络接口) ","level":"3.1.2.2","depth":3,"next":{"title":"设计理念","level":"3.2","depth":1,"path":"concepts/concepts.md","ref":"concepts/concepts.md","articles":[]},"previous":{"title":"CRI - Container Runtime Interface( 容器运行时接口) ","level":"3.1.2.1","depth":3,"path":"concepts/cri.md","ref":"concepts/cri.md","articles":[]},"dir":"ltr"},"config":{"plugins":["github","codesnippet","splitter","page-toc-button","image-captions","editlink","back-to-top-button","-lunr","-search","search-plus","github-buttons@2.1.0","favicon@^0.0.2","tbfed-pagefooter@^0.0.1","3-ba","theme-default"],"styles":{"ebook":"styles/ebook.css","epub":"styles/epub.css","mobi":"styles/mobi.css","pdf":"styles/pdf.css","print":"styles/print.css","website":"styles/website.css"},"pluginsConfig":{"tbfed-pagefooter":{"copyright":"Copyright © jimmysong.io 2017","modify_label":"Updated:","modify_format":"YYYY-MM-DD HH:mm:ss"},"github":{"url":"https://github.com/rootsongjc/kubernetes-handbook"},"editlink":{"label":"编辑本页","multilingual":false,"base":"https://github.com/rootsongjc/kubernetes-handbook/blob/master/"},"splitter":{},"codesnippet":{},"fontsettings":{"theme":"white","family":"sans","size":2},"highlight":{},"favicon":{"shortcut":"favicon.ico","bookmark":"favicon.ico"},"page-toc-button":{},"back-to-top-button":{},"github-buttons":{"repo":"rootsongjc/kubernetes-handbook","types":["star"],"size":"small"},"3-ba":{"configuration":"auto","token":"11f7d254cfa4e0ca44b175c66d379ecc"},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"theme-default":{"showLevel":true,"styles":{"ebook":"styles/ebook.css","epub":"styles/epub.css","mobi":"styles/mobi.css","pdf":"styles/pdf.css","print":"styles/print.css","website":"styles/website.css"}},"search-plus":{},"image-captions":{"caption":"图片 - _CAPTION_","variable_name":"_pictures"}},"theme":"default","author":"Jimmy Song","pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56}},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"variables":{"_pictures":[{"backlink":"cloud-native/play-with-kubernetes.html#fig2.1.1","level":"2.1","list_caption":"Figure: Play with Kubernetes网页截图","alt":"Play with Kubernetes网页截图","nro":1,"url":"../images/play-with-kubernetes.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Play with Kubernetes网页截图","attributes":{},"skip":false,"key":"2.1.1"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.2.1","level":"2.2","list_caption":"Figure: 云计算演进历程","alt":"云计算演进历程","nro":2,"url":"../images/cloud-computing-evolution-road.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"云计算演进历程","attributes":{},"skip":false,"key":"2.2.1"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.2.2","level":"2.2","list_caption":"Figure: 来自Twitter @MarcWilczek","alt":"来自Twitter @MarcWilczek","nro":3,"url":"../images/cloud-native-comes-of-age.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"来自Twitter @MarcWilczek","attributes":{},"skip":false,"key":"2.2.2"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.2.3","level":"2.2","list_caption":"Figure: Cloud native思维导图","alt":"Cloud native思维导图","nro":4,"url":"../images/cloud-native-architecutre-mindnode.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"Cloud native思维导图","attributes":{},"skip":false,"key":"2.2.3"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.2.4","level":"2.2","list_caption":"Figure: 十二因素应用","alt":"十二因素应用","nro":5,"url":"../images/12-factor-app.png","index":4,"capt
2018-01-24 18:11:17 +08:00
});
< / script >
< / div >
< script src = "../gitbook/gitbook.js" > < / script >
< script src = "../gitbook/theme.js" > < / script >
< script src = "../gitbook/gitbook-plugin-github/plugin.js" > < / script >
< script src = "../gitbook/gitbook-plugin-splitter/splitter.js" > < / script >
< script src = "../gitbook/gitbook-plugin-page-toc-button/plugin.js" > < / script >
< script src = "../gitbook/gitbook-plugin-editlink/plugin.js" > < / script >
< script src = "../gitbook/gitbook-plugin-back-to-top-button/plugin.js" > < / script >
< script src = "../gitbook/gitbook-plugin-search-plus/jquery.mark.min.js" > < / script >
< script src = "../gitbook/gitbook-plugin-search-plus/search.js" > < / script >
< script src = "../gitbook/gitbook-plugin-github-buttons/plugin.js" > < / script >
< script src = "../gitbook/gitbook-plugin-3-ba/plugin.js" > < / script >
< script src = "../gitbook/gitbook-plugin-sharing/buttons.js" > < / script >
< script src = "../gitbook/gitbook-plugin-fontsettings/fontsettings.js" > < / script >
< / body >
< / html >