multus-cni

Multus Thick plugin

Multus CNI can also be deployed using a thick plugin architecture, which is characterized by a client/server architecture.

The client - which will be referred to as “shim” - is a binary executable located on the Kubernetes node’s file-system that speaks CNI: the runtime - Kubernetes - passes parameters to the plugin via environment variables and configuration - which is passed via stdin. The plugin returns a result on stdout on success, or an error on stderr if the operation fails. Configuration and results are a JSON encoded string.

Once the shim is invoked by the runtime (Kubernetes) it will contact the multus-daemon (server) via a unix domain socket which is bind mounted to the host’s file-system; the multus-daemon is the one that will do all the heavy-pulling: fetch the delegate CNI configuration from the corresponding net-attach-def, compute the RuntimeConfig, and finally, invoke the delegate.

It will then return the result of the operation back to the client.

Please refer to the diagram below for a visual representation of the flow described above:

┌─────────┐             ┌───────┐           ┌────────┐             ┌──────────┐
│         │ cni ADD/DEL │       │ REST POST │        │ cni ADD/DEL │          │
│ runtime ├────────────►│ shim  │===========│ daemon ├────────────►│ delegate │
│         │<------------│       │           │        │<------------│          │
└─────────┘             └───────┘           └────────┘             └──────────┘

How to use it

Configure Deployment

If your delegate CNI plugin requires some files which is in container host, please update update deployments/multus-daemonset-thick.yml to add directory into multus-daemon pod. For example, flannel requires /run/flannel/subnet.env, so you need to mount this directory into the multus-daemon pod.

Required directory/files are different for each CNI plugin, so please refer your CNI plugin.

Deployment

There is a dedicated multus daemonset specification for users wanting to use this thick plugin variant. This reference deployment spec of multus can be deployed by following these commands:

kubectl apply -f deployments/multus-daemonset-thick.yml

Command line parameters

The available command line parameters are:

Server / Daemon configuration

The server configuration is encoded in JSON, and allows the following keys:

In addition, you can add any configuration which is in configuration reference. Server configuration override multus CNI configuration (e.g. /etc/cni/net.d/00-multus.conf)

Below you can see an example of the daemon configuration:

{
        "chrootDir": "/hostroot",
        "confDir": "/host/etc/cni/net.d",
        "logToStderr": true,
        "logLevel": "verbose",
        "logFile": "/tmp/multus.log",
        "binDir": "/opt/cni/bin",
        "cniDir": "/var/lib/cni/multus",
        "socketDir": "/host/run/multus/",
        "cniVersion": "0.3.1",
        "cniConfigDir": "/host/etc/cni/net.d",
        "multusConfigFile": "auto",
        "multusAutoconfigDir": "/host/etc/cni/net.d"
    }

Client / Shim configuration

The multus shim configuration is encoded in JSON, and essentially is just a regular CNI configuration, usually available in /etc/cni/net.d/00-multus.conf.

It allows the following keys:

Chroot configuration

In thick plugin case, delegate CNI plugin is executed by multus-daemon from Pod, hence if the delegate CNI requires resources in container host, for example unix socket or even file, then CNI plugin is failed to execute because multus-daemon runs in Pod. Multus-daemon supports “chrootDir” option which executes delegate CNI under chroot (to container host).

This configuration is enabled in deployments/multus-daemonset-thick.yml as default.