- 'reference' CNI plugins, e.g., bridge, macvlan, ipvlan, loopback
- '3rd-party' CNI plugins, e.g., (Calico, Romana, Weave-net)
- 'specialized' CNI plugins, e.g., SR-IOV, DPDK (work-in-progress)
- any generic CNI plugin of choice installed on the host
Without CNI-Genie, the orchestrator is bound to only a single CNI plugin. E.g., for the case of Kubernetes, without CNI-Genie, kubelet is bound to only a single CNI plugin passed to kubelet on start. CNI-Genie allows for the co-existance of multiple CNI plugins in runtime.
Please feel free to post your feedback, questions on CNI-Genie Slack channel
Here is a 6 minute demo video that demonstrates 3 scenarios
- Assign an IP address to a pod from a particular network solution, e.g., 'Weave-net'
- Assign multi-IP addresses to a pod from multiple network solutions, e.g., 1st IP address from 'Weave-net', 2nd IP address from 'Canal'
- Assign an IP address to a pod from the "less congested" network solution, e.g., from 'Canal' that is less congested
Why we created CNI-Genie?
CNI Genie is an add-on to Kubernetes open-source project and is designed to provide the following features:
- wide range of network offerings, CNI plugins, available to the users in runtime. This figure shows Kubernetes CNI Plugin landscape before and after CNI-Genie
- User-story: based on "performance" requirements, "application" requirements, “workload placement” requirements, the user could be interested to use different CNI plugins for different application groups
- Different CNI plugins are different in terms of need for port-mapping, NAT, tunneling, interrupting host ports/interfaces
- Multiple NICs per container & per pod. The user can select multiple NICs to be added to a container upon creating them. Each NIC can get an IP address from an existing CNI plugin of choice. This makes the container reachable across multiple networks. Some use-cases from SIG-Network are depicted in the figure below
Watch multi-NICs per 'pod' demo (IP addresses assigned not only to the container, but also to the Pod)
Network Attachment Definition. CNI-Genie supports NPWG Multi-Network Specification v1 style network attachment to pods, where pods can be assigned IP according to network-attachment-definition CRD objects created by user.
The user can leave the CNI plugin selection to CNI-Genie. CNI-Genie watches the Key Performance Indicator (KPI) that is of interest to the user and selects the CNI plugin, accordingly.
- CNI Genie watches KPI(s) of interest for existing CNI plugins, e.g., occupancy rate, number of subnets, latency, bandwidth
Default plugin support. Another useful feature from genie. Using this, we can ensure to get ip address(es) for a pod by selecting default set of plugins
Network isolation, i.e.,
- Dedicated 'physical' network for a tenant
- Isolated 'logical' networks for different tenants on a shared 'physical'network
CNI-Genie network policy engine for network level ACLs
Real-time switching between different (physical or logical) networks for a given workload. This allows for
- Price minimization: dynamically switching workload to a cheaper network as network prices change
- Maximizing network utilization: dynamically switching workload to the less congested network at a threshold
Note: CNI-Genie itself is NOT a routing solution! It makes a call to CNI plugins that provide routing service