multus的配置,默认在/etc/cni/net.d目录下
cni的配置文件后缀为.conf或.conflist 如:
{
"cniVersion": "0.3.1",
"name": "multus-cni-network",
"type": "multus",
"capabilities": {
"portMappings": true
},
"kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig",
"delegates": [
{
"name": "kube-ovn",
"cniVersion": "0.3.1",
"plugins": [
{
"type": "kube-ovn",
"server_socket": "/run/openvswitch/kube-ovn-daemon.sock"
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
]
}
创建pod时,会以此执行plugin里的二进制可执行文件,如上例中,会执行kube-ovn和portmap 如果再添加一个 "type": "route-override",则创建pod时也会执行route-override,注意是所有pod都会。 如果希望只对部分pod执行cni插件,如route-override,可以在该pod使用的NetworkAttachmentDefinition上定义,不在/etc/cni/net.d/00-multus.conf里配置,因为/etc/cni/net.d/00-multus.conf是全局的,对所有pod都会生效。
通过NetworkAttachmentDefinition对部份pod生效的例子: 只有使用gw202的NetworkAttachmentDefinition才会执行route-override
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
name: gw202
namespace: default
spec:
config: '{
"cniVersion": "0.3.0",
"plugins": [
{
"type": "kube-ovn",
"server_socket": "/run/openvswitch/kube-ovn-daemon.sock",
"provider": "gw202.default.ovn"
},
{
"type": "route-override",
"delroutes": [],
"addroutes": [
{
"dst": "10.1.1.0/24",
"gw": "20.0.1.1"
}
],
"flushroutes": true
}
]
}'
即使route-override的pod被删了,但是/opt/cni/bin下还有route-override的bin文件,配置net-attach-def时加上route-override,也是可以执行route-override的。
