plugins/README.md

[![Build Status](https://travis-ci.org/appc/cni.svg?branch=master)](https://travis-ci.org/appc/cni)
[![Coverage Status](https://coveralls.io/repos/github/appc/cni/badge.svg?branch=master)](https://coveralls.io/github/appc/cni?branch=master)

# CNI - the Container Network Interface

## What is CNI?

CNI, the _Container Network Interface_, is a proposed standard for configuring network interfaces for Linux application containers.
The standard consists of a simple specification for how executable plugins can be used to configure network namespaces; this repository also contains a go library implementing that specification.

CNI concerns itself with setting up network connectivity of containers and removing allocated resources when the container is deleted.
Because of this focus CNI has a wide range of support and the specification is simple to implement.

The specification itself is contained in [SPEC.md](SPEC.md).

## Why develop CNI?

Application containers on Linux are a rapidly evolving area, and within this space networking is a particularly unsolved problem, as it is highly environment-specific.
We believe that every container runtime will seek to solve the same problem of making the network layer pluggable.

To avoid duplication, we think it is prudent to define a common interface between the network plugins and container execution.
Hence we are proposing this specification, along with an initial set of plugins that can be used by different container runtime systems.

## Who is using CNI?

- [rkt - container engine](https://coreos.com/blog/rkt-cni-networking.html)
- [Kurma - container runtime](http://kurma.io/)
- [Kubernetes - a system to simplify container operations](http://kubernetes.io/docs/admin/network-plugins/)
- [Cloud Foundry - a platform for cloud applications](https://github.com/cloudfoundry-incubator/guardian-cni-adapter)
- [Weave - a multi-host Docker network](https://github.com/weaveworks/weave)
- [Project Calico - a layer 3 virtual network](https://github.com/projectcalico/calico-cni)

## Contributing to CNI

We welcome contributions, including [bug reports](https://github.com/appc/cni/issues), and code and documentation improvements.
If you intend to contribute to code or documentation, please read [CONTRIBUTING.md](CONTRIBUTING.md). Also see the [contact section](#contact) in this README.

## How do I use CNI?

### Requirements
CNI requires Go 1.5+ to build.

Go 1.5 users will need to set GO15VENDOREXPERIMENT=1 to get vendored
dependencies. This flag is set by default in 1.6.

### Included Plugins
This repository includes a number of common plugins in the `plugins/` directory.
Please see the [Documentation/](Documentation/) directory for documentation about particular plugins.

### Running the plugins
The scripts/ directory contains two scripts, `priv-net-run.sh` and `docker-run.sh`, that can be used to exercise the plugins.

**note - priv-net-run.sh depends on `jq`**

Start out by creating a netconf file to describe a network:

```bash
$ mkdir -p /etc/cni/net.d
$ cat >/etc/cni/net.d/10-mynet.conf <<EOF
{
	"name": "mynet",
	"type": "bridge",
	"bridge": "cni0",
	"isGateway": true,
	"ipMasq": true,
	"ipam": {
		"type": "host-local",
		"subnet": "10.22.0.0/16",
		"routes": [
			{ "dst": "0.0.0.0/0" }
		]
	}
}
EOF
$ cat >/etc/cni/net.d/99-loopback.conf <<EOF
{
	"type": "loopback"
}
EOF
```

The directory `/etc/cni/net.d` is the default location in which the scripts will look for net configurations.

Next, build the plugins:

```bash
$ ./build
```

Finally, execute a command (`ifconfig` in this example) in a private network namespace that has joined the `mynet` network:

```bash
$ CNI_PATH=`pwd`/bin
$ cd scripts
$ sudo CNI_PATH=$CNI_PATH ./priv-net-run.sh ifconfig
eth0      Link encap:Ethernet  HWaddr f2:c2:6f:54:b8:2b  
          inet addr:10.22.0.2  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::f0c2:6fff:fe54:b82b/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:1 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:1 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:90 (90.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
```

The environment variable `CNI_PATH` tells the scripts and library where to look for plugin executables.

## Running a Docker container with network namespace set up by CNI plugins

Use the instructions in the previous section to define a netconf and build the plugins.
Next, docker-run.sh script wraps `docker run`, to execute the plugins prior to entering the container:

```bash
$ CNI_PATH=`pwd`/bin
$ cd scripts
$ sudo CNI_PATH=$CNI_PATH ./docker-run.sh --rm busybox:latest ifconfig
eth0      Link encap:Ethernet  HWaddr fa:60:70:aa:07:d1  
          inet addr:10.22.0.2  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::f860:70ff:feaa:7d1/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:1 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:1 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:90 (90.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
```

## Contact

For any questions about CNI, please reach out on the mailing list or IRC:
- Email: [cni-dev](https://groups.google.com/forum/#!forum/cni-dev)
- IRC: #[appc](irc://irc.freenode.org:6667/#appc) IRC channel on freenode.org
Adds travis badge, now we have more tests 2016-03-02 16:43:27 +00:00			`[![Build Status](https://travis-ci.org/appc/cni.svg?branch=master)](https://travis-ci.org/appc/cni)`
travis & README: add coveralls coverage report Also, don't use sudo for the entire test script 2016-03-04 19:19:26 +00:00			`[![Coverage Status](https://coveralls.io/repos/github/appc/cni/badge.svg?branch=master)](https://coveralls.io/github/appc/cni?branch=master)`
Adds travis badge, now we have more tests 2016-03-02 16:43:27 +00:00
docs: cosmetic edits to README.md 2016-04-01 09:58:25 +00:00			`# CNI - the Container Network Interface`
*: first cut at SPEC and README 2015-04-16 00:07:46 +00:00
			`## What is CNI?`

			`CNI, the _Container Network Interface_, is a proposed standard for configuring network interfaces for Linux application containers.`
Factor an API out into a module This takes some of the machinery from CNI and from the rkt networking code, and turns it into a library that can be linked into go apps. Included is an example command-line application that uses the library, called `cnitool`. Other headline changes: * Plugin exec'ing is factored out The motivation here is to factor out the protocol for invoking plugins. To that end, a generalisation of the code from api.go and pkg/plugin/ipam.go goes into pkg/invoke/exec.go. * Move argument-handling and conf-loading into public API The fact that the arguments get turned into an environment for the plugin is incidental to the API; so, provide a way of supplying them as a struct or saying "just use the same arguments as I got" (the latter is for IPAM plugins). 2015-08-07 15:27:52 +00:00			`The standard consists of a simple specification for how executable plugins can be used to configure network namespaces; this repository also contains a go library implementing that specification.`

README: add some more details on what CNI is We needed a bit more intro material to scope what CNI does. Here is my attempt. 2016-04-11 01:22:38 +00:00			`CNI concerns itself with setting up network connectivity of containers and removing allocated resources when the container is deleted.`
			`Because of this focus CNI has a wide range of support and the specification is simple to implement.`

docs: cosmetic edits to README.md 2016-04-01 09:58:25 +00:00			`The specification itself is contained in [SPEC.md](SPEC.md).`
*: first cut at SPEC and README 2015-04-16 00:07:46 +00:00
			`## Why develop CNI?`

			`Application containers on Linux are a rapidly evolving area, and within this space networking is a particularly unsolved problem, as it is highly environment-specific.`
			`We believe that every container runtime will seek to solve the same problem of making the network layer pluggable.`
docs: cosmetic edits to README.md 2016-04-01 09:58:25 +00:00
			`To avoid duplication, we think it is prudent to define a common interface between the network plugins and container execution.`
*: first cut at SPEC and README 2015-04-16 00:07:46 +00:00			`Hence we are proposing this specification, along with an initial set of plugins that can be used by different container runtime systems.`

README: add a list of CNI users 2016-03-30 22:59:16 +00:00			`## Who is using CNI?`

			`- [rkt - container engine](https://coreos.com/blog/rkt-cni-networking.html)`
			`- [Kurma - container runtime](http://kurma.io/)`
			`- [Kubernetes - a system to simplify container operations](http://kubernetes.io/docs/admin/network-plugins/)`
			`- [Cloud Foundry - a platform for cloud applications](https://github.com/cloudfoundry-incubator/guardian-cni-adapter)`
README: add Calico and Weave as CNI users 2016-03-31 13:06:49 +00:00			`- [Weave - a multi-host Docker network](https://github.com/weaveworks/weave)`
			`- [Project Calico - a layer 3 virtual network](https://github.com/projectcalico/calico-cni)`
README: add a list of CNI users 2016-03-30 22:59:16 +00:00
docs: add brief section on contributing, to README 2016-04-01 11:34:49 +00:00			`## Contributing to CNI`

			`We welcome contributions, including [bug reports](https://github.com/appc/cni/issues), and code and documentation improvements.`
			`If you intend to contribute to code or documentation, please read [CONTRIBUTING.md](CONTRIBUTING.md). Also see the [contact section](#contact) in this README.`

*: first cut at SPEC and README 2015-04-16 00:07:46 +00:00			`## How do I use CNI?`
Add plugin code This adds basic plugins. "main" types: veth, bridge, macvlan "ipam" type: host-local The code has been ported over from github.com/coreos/rkt project and adapted to fit the CNI spec. 2015-04-15 22:35:02 +00:00
docs: cosmetic edits to README.md 2016-04-01 09:58:25 +00:00			`### Requirements`
Moves to official vendoring solution 2016-03-16 15:38:20 +00:00			`CNI requires Go 1.5+ to build.`

			`Go 1.5 users will need to set GO15VENDOREXPERIMENT=1 to get vendored`
			`dependencies. This flag is set by default in 1.6.`
Fix environment bug,version of golang should be 1.4+, add reminding in Readme.md 2015-07-07 05:08:32 +00:00
docs: cosmetic edits to README.md 2016-04-01 09:58:25 +00:00			`### Included Plugins`
			This repository includes a number of common plugins in the `plugins/` directory.
			`Please see the [Documentation/](Documentation/) directory for documentation about particular plugins.`
Add plugin code This adds basic plugins. "main" types: veth, bridge, macvlan "ipam" type: host-local The code has been ported over from github.com/coreos/rkt project and adapted to fit the CNI spec. 2015-04-15 22:35:02 +00:00
docs: cosmetic edits to README.md 2016-04-01 09:58:25 +00:00			`### Running the plugins`
Create a plugin for up'ing a lo device - Believe we need sudo to create netns - Use syscall instead of relying on ip netns - Add sudo to .travis.yml - Needs more -E - Revert Godeps GoVersion to 1.4.2 - in travis, test command is run with all necessary env vars - Loopback plugin only works on 'lo' interface - Update README, add loopback plugin config - note script dependency on jq Signed-off-by: Gabe Rosenhouse <grosenhouse@pivotal.io> 2016-02-12 17:30:10 +00:00			The scripts/ directory contains two scripts, `priv-net-run.sh` and `docker-run.sh`, that can be used to exercise the plugins.

			note - priv-net-run.sh depends on `jq`
Add plugin code This adds basic plugins. "main" types: veth, bridge, macvlan "ipam" type: host-local The code has been ported over from github.com/coreos/rkt project and adapted to fit the CNI spec. 2015-04-15 22:35:02 +00:00
			`Start out by creating a netconf file to describe a network:`

Update README.md Highlight bash/shell code in markdown for readability. Signed-off-by: chengtiesheng <chengtiesheng@huawei.com> 2016-01-06 08:25:02 +00:00			```bash
Add plugin code This adds basic plugins. "main" types: veth, bridge, macvlan "ipam" type: host-local The code has been ported over from github.com/coreos/rkt project and adapted to fit the CNI spec. 2015-04-15 22:35:02 +00:00			`$ mkdir -p /etc/cni/net.d`
			`$ cat >/etc/cni/net.d/10-mynet.conf <<EOF`
			`{`
			`"name": "mynet",`
			`"type": "bridge",`
			`"bridge": "cni0",`
			`"isGateway": true,`
			`"ipMasq": true,`
			`"ipam": {`
			`"type": "host-local",`
			`"subnet": "10.22.0.0/16",`
			`"routes": [`
			`{ "dst": "0.0.0.0/0" }`
			`]`
			`}`
			`}`
			`EOF`
Create a plugin for up'ing a lo device - Believe we need sudo to create netns - Use syscall instead of relying on ip netns - Add sudo to .travis.yml - Needs more -E - Revert Godeps GoVersion to 1.4.2 - in travis, test command is run with all necessary env vars - Loopback plugin only works on 'lo' interface - Update README, add loopback plugin config - note script dependency on jq Signed-off-by: Gabe Rosenhouse <grosenhouse@pivotal.io> 2016-02-12 17:30:10 +00:00			`$ cat >/etc/cni/net.d/99-loopback.conf <<EOF`
			`{`
			`"type": "loopback"`
			`}`
			`EOF`
Add plugin code This adds basic plugins. "main" types: veth, bridge, macvlan "ipam" type: host-local The code has been ported over from github.com/coreos/rkt project and adapted to fit the CNI spec. 2015-04-15 22:35:02 +00:00			```

Factor an API out into a module This takes some of the machinery from CNI and from the rkt networking code, and turns it into a library that can be linked into go apps. Included is an example command-line application that uses the library, called `cnitool`. Other headline changes: * Plugin exec'ing is factored out The motivation here is to factor out the protocol for invoking plugins. To that end, a generalisation of the code from api.go and pkg/plugin/ipam.go goes into pkg/invoke/exec.go. * Move argument-handling and conf-loading into public API The fact that the arguments get turned into an environment for the plugin is incidental to the API; so, provide a way of supplying them as a struct or saying "just use the same arguments as I got" (the latter is for IPAM plugins). 2015-08-07 15:27:52 +00:00			The directory `/etc/cni/net.d` is the default location in which the scripts will look for net configurations.

Add plugin code This adds basic plugins. "main" types: veth, bridge, macvlan "ipam" type: host-local The code has been ported over from github.com/coreos/rkt project and adapted to fit the CNI spec. 2015-04-15 22:35:02 +00:00			`Next, build the plugins:`

Update README.md Highlight bash/shell code in markdown for readability. Signed-off-by: chengtiesheng <chengtiesheng@huawei.com> 2016-01-06 08:25:02 +00:00			```bash
Add plugin code This adds basic plugins. "main" types: veth, bridge, macvlan "ipam" type: host-local The code has been ported over from github.com/coreos/rkt project and adapted to fit the CNI spec. 2015-04-15 22:35:02 +00:00			`$ ./build`
			```

docs: cosmetic edits to README.md 2016-04-01 09:58:25 +00:00			Finally, execute a command (`ifconfig` in this example) in a private network namespace that has joined the `mynet` network:
Add plugin code This adds basic plugins. "main" types: veth, bridge, macvlan "ipam" type: host-local The code has been ported over from github.com/coreos/rkt project and adapted to fit the CNI spec. 2015-04-15 22:35:02 +00:00
Update README.md Highlight bash/shell code in markdown for readability. Signed-off-by: chengtiesheng <chengtiesheng@huawei.com> 2016-01-06 08:25:02 +00:00			```bash
Add plugin code This adds basic plugins. "main" types: veth, bridge, macvlan "ipam" type: host-local The code has been ported over from github.com/coreos/rkt project and adapted to fit the CNI spec. 2015-04-15 22:35:02 +00:00			$ CNI_PATH=`pwd`/bin
			`$ cd scripts`
			`$ sudo CNI_PATH=$CNI_PATH ./priv-net-run.sh ifconfig`
			`eth0 Link encap:Ethernet HWaddr f2:c2:6f:54:b8:2b`
			`inet addr:10.22.0.2 Bcast:0.0.0.0 Mask:255.255.0.0`
			`inet6 addr: fe80::f0c2:6fff:fe54:b82b/64 Scope:Link`
			`UP BROADCAST MULTICAST MTU:1500 Metric:1`
			`RX packets:1 errors:0 dropped:0 overruns:0 frame:0`
			`TX packets:0 errors:0 dropped:1 overruns:0 carrier:0`
			`collisions:0 txqueuelen:0`
			`RX bytes:90 (90.0 B) TX bytes:0 (0.0 B)`

			`lo Link encap:Local Loopback`
			`inet addr:127.0.0.1 Mask:255.0.0.0`
			`inet6 addr: ::1/128 Scope:Host`
			`UP LOOPBACK RUNNING MTU:65536 Metric:1`
			`RX packets:0 errors:0 dropped:0 overruns:0 frame:0`
			`TX packets:0 errors:0 dropped:0 overruns:0 carrier:0`
			`collisions:0 txqueuelen:0`
			`RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)`
			```

Factor an API out into a module This takes some of the machinery from CNI and from the rkt networking code, and turns it into a library that can be linked into go apps. Included is an example command-line application that uses the library, called `cnitool`. Other headline changes: * Plugin exec'ing is factored out The motivation here is to factor out the protocol for invoking plugins. To that end, a generalisation of the code from api.go and pkg/plugin/ipam.go goes into pkg/invoke/exec.go. * Move argument-handling and conf-loading into public API The fact that the arguments get turned into an environment for the plugin is incidental to the API; so, provide a way of supplying them as a struct or saying "just use the same arguments as I got" (the latter is for IPAM plugins). 2015-08-07 15:27:52 +00:00			The environment variable `CNI_PATH` tells the scripts and library where to look for plugin executables.

Add plugin code This adds basic plugins. "main" types: veth, bridge, macvlan "ipam" type: host-local The code has been ported over from github.com/coreos/rkt project and adapted to fit the CNI spec. 2015-04-15 22:35:02 +00:00			`## Running a Docker container with network namespace set up by CNI plugins`

docs: cosmetic edits to README.md 2016-04-01 09:58:25 +00:00			`Use the instructions in the previous section to define a netconf and build the plugins.`
			Next, docker-run.sh script wraps `docker run`, to execute the plugins prior to entering the container:
Add plugin code This adds basic plugins. "main" types: veth, bridge, macvlan "ipam" type: host-local The code has been ported over from github.com/coreos/rkt project and adapted to fit the CNI spec. 2015-04-15 22:35:02 +00:00
Update README.md Highlight bash/shell code in markdown for readability. Signed-off-by: chengtiesheng <chengtiesheng@huawei.com> 2016-01-06 08:25:02 +00:00			```bash
Add plugin code This adds basic plugins. "main" types: veth, bridge, macvlan "ipam" type: host-local The code has been ported over from github.com/coreos/rkt project and adapted to fit the CNI spec. 2015-04-15 22:35:02 +00:00			$ CNI_PATH=`pwd`/bin
			`$ cd scripts`
Update README.md No need for full path to ifconfig (and the given path doesn't work...) 2016-01-05 01:06:30 +00:00			`$ sudo CNI_PATH=$CNI_PATH ./docker-run.sh --rm busybox:latest ifconfig`
Add plugin code This adds basic plugins. "main" types: veth, bridge, macvlan "ipam" type: host-local The code has been ported over from github.com/coreos/rkt project and adapted to fit the CNI spec. 2015-04-15 22:35:02 +00:00			`eth0 Link encap:Ethernet HWaddr fa:60:70:aa:07:d1`
			`inet addr:10.22.0.2 Bcast:0.0.0.0 Mask:255.255.0.0`
			`inet6 addr: fe80::f860:70ff:feaa:7d1/64 Scope:Link`
			`UP BROADCAST MULTICAST MTU:1500 Metric:1`
			`RX packets:1 errors:0 dropped:0 overruns:0 frame:0`
			`TX packets:0 errors:0 dropped:1 overruns:0 carrier:0`
			`collisions:0 txqueuelen:0`
			`RX bytes:90 (90.0 B) TX bytes:0 (0.0 B)`

			`lo Link encap:Local Loopback`
			`inet addr:127.0.0.1 Mask:255.0.0.0`
			`inet6 addr: ::1/128 Scope:Host`
			`UP LOOPBACK RUNNING MTU:65536 Metric:1`
			`RX packets:0 errors:0 dropped:0 overruns:0 frame:0`
			`TX packets:0 errors:0 dropped:0 overruns:0 carrier:0`
			`collisions:0 txqueuelen:0`
			`RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)`
			```
README/CONTRIBUTING: mention cni-dev@ list 2015-10-01 19:43:43 +00:00
			`## Contact`

			`For any questions about CNI, please reach out on the mailing list or IRC:`
			`- Email: [cni-dev](https://groups.google.com/forum/#!forum/cni-dev)`
			`- IRC: #[appc](irc://irc.freenode.org:6667/#appc) IRC channel on freenode.org`