k3s has removed some standard plugins, which we need. So fork and add it back.
Go to file
Riccardo Ravaioli 33ccedc66f Create IPAM files with 0600 permissions
Conform to CIS Benchmarks "1.1.9 Ensure that the Container Network Interface file permissions are set to 600 or more restrictive"
https://www.tenable.com/audits/items/CIS_Kubernetes_v1.20_v1.0.1_Level_1_Master.audit:f1717a5dd65d498074dd41c4a639e47d

Signed-off-by: Riccardo Ravaioli <rravaiol@redhat.com>
2023-10-02 11:59:31 +02:00
.github test: install binaries using go install 2023-07-20 11:15:41 +02:00
integration enable govet and unparam linters 2023-04-11 12:07:04 +02:00
pkg Merge pull request #924 from SirPhuttel/go-iptables_review 2023-07-21 12:23:08 +02:00
plugins Create IPAM files with 0600 permissions 2023-10-02 11:59:31 +02:00
scripts Bump to golang 1.20 to pick up go1.19.6 / go1.20.1 CVE fixes 2023-04-21 05:21:43 +00:00
vendor Merge pull request #926 from containernetworking/dependabot/go_modules/golang.org/x/sys-0.10.0 2023-07-21 11:56:30 +02:00
.gitignore Update Vendor 2018-09-21 00:34:07 +08:00
.golangci.yml ci(lint) extend timeout to 5 min 2023-09-01 20:45:00 +00:00
.yamllint.yml ci(lint): setup yamllint linter 2023-02-25 12:10:11 +00:00
build_linux.sh Add github build & test actions 2020-12-09 17:46:25 +01:00
build_windows.sh Add github build & test actions 2020-12-09 17:46:25 +01:00
CONTRIBUTING.md Merge pull request #396 from oshothebig/contributing-doc 2019-10-09 10:21:03 -05:00
DCO Add missing DCO 2018-10-11 16:15:24 +01:00
go.mod Merge pull request #926 from containernetworking/dependabot/go_modules/golang.org/x/sys-0.10.0 2023-07-21 11:56:30 +02:00
go.sum Merge pull request #926 from containernetworking/dependabot/go_modules/golang.org/x/sys-0.10.0 2023-07-21 11:56:30 +02:00
LICENSE Initial commit 2017-03-10 16:46:52 +01:00
OWNERS.md Update email to gmail 2022-12-07 11:57:16 -07:00
README.md dummy: Create a Dummy CNI plugin that creates a virtual interface. 2022-08-11 13:50:37 +01:00
RELEASING.md Add release process 2017-07-11 13:57:49 -07:00
test_linux.sh Merge pull request #913 from AlinaSecret/dhcp/fix-race-test 2023-07-21 12:55:01 +02:00
test_windows.sh Fix race conditions in DHCP test 2023-06-14 17:57:46 +03:00

test

Plugins

Some CNI network plugins, maintained by the containernetworking team. For more information, see the CNI website.

Read CONTRIBUTING for build and test instructions.

Plugins supplied:

Main: interface-creating

  • bridge: Creates a bridge, adds the host and the container to it.
  • ipvlan: Adds an ipvlan interface in the container.
  • loopback: Set the state of loopback interface to up.
  • macvlan: Creates a new MAC address, forwards all traffic to that to the container.
  • ptp: Creates a veth pair.
  • vlan: Allocates a vlan device.
  • host-device: Move an already-existing device into a container.
  • dummy: Creates a new Dummy device in the container.

Windows: Windows specific

  • win-bridge: Creates a bridge, adds the host and the container to it.
  • win-overlay: Creates an overlay interface to the container.

IPAM: IP address allocation

  • dhcp: Runs a daemon on the host to make DHCP requests on behalf of the container
  • host-local: Maintains a local database of allocated IPs
  • static: Allocate a single static IPv4/IPv6 address to container. It's useful in debugging purpose.

Meta: other plugins

  • tuning: Tweaks sysctl parameters of an existing interface
  • portmap: An iptables-based portmapping plugin. Maps ports from the host's address space to the container.
  • bandwidth: Allows bandwidth-limiting through use of traffic control tbf (ingress/egress).
  • sbr: A plugin that configures source based routing for an interface (from which it is chained).
  • firewall: A firewall plugin which uses iptables or firewalld to add rules to allow traffic to/from the container.

Sample

The sample plugin provides an example for building your own plugin.

Contact

For any questions about CNI, please reach out via:

If you have a security issue to report, please do so privately to the email addresses listed in the OWNERS file.