0
0
Kubernetesdevops~5 mins

Container Network Interface (CNI) in Kubernetes - Commands & Configuration

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Introduction
Containers need a way to talk to each other and the outside world. Container Network Interface (CNI) is a simple standard that helps connect containers with networks so they can communicate smoothly.
When you want your Kubernetes pods to communicate with each other inside the cluster.
When you need to connect containers to external networks or the internet.
When setting up a Kubernetes cluster and you need to choose how networking works.
When you want to add or change the network plugin that manages pod networking.
When troubleshooting network issues between containers or pods.
Config File - 10-calico.conflist
10-calico.conflist
{
  "cniVersion": "0.4.0",
  "name": "calico-k8s-network",
  "plugins": [
    {
      "type": "calico",
      "log_level": "info",
      "datastore_type": "kubernetes",
      "nodename": "node1",
      "ipam": {
        "type": "calico-ipam"
      },
      "policy": {
        "type": "k8s"
      },
      "kubernetes": {
        "kubeconfig": "/etc/cni/net.d/calico-kubeconfig"
      }
    }
  ]
}

This file configures the Calico CNI plugin for Kubernetes networking.

cniVersion: Specifies the CNI spec version.

name: The network name.

plugins: Lists the network plugins used; here it uses Calico.

ipam: Handles IP address assignment.

policy: Enables Kubernetes network policies.

kubernetes.kubeconfig: Path to Kubernetes config for Calico to communicate with the cluster.

Commands
This command installs the Calico CNI plugin on your Kubernetes cluster to manage pod networking.
Terminal
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
Expected OutputExpected
namespace/calico-system created customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org created customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org created serviceaccount/calico-node created clusterrole.rbac.authorization.k8s.io/calico-node created clusterrolebinding.rbac.authorization.k8s.io/calico-node created daemonset.apps/calico-node created configmap/calico-config created
This command checks if the Calico pods are running properly after installation.
Terminal
kubectl get pods -n calico-system
Expected OutputExpected
NAME READY STATUS RESTARTS AGE calico-node-abcde 1/1 Running 0 1m calico-node-fghij 1/1 Running 0 1m
-n - Specifies the namespace to look for pods
This command shows the nodes with their IP addresses to verify Calico has assigned pod networking correctly.
Terminal
kubectl get nodes -o wide
Expected OutputExpected
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME node1 Ready <none> 10m v1.26.0 192.168.1.10 <none> Ubuntu 22.04.1 LTS 5.15.0-76-generic containerd://1.6.18 node2 Ready <none> 10m v1.26.0 192.168.1.11 <none> Ubuntu 22.04.1 LTS 5.15.0-76-generic containerd://1.6.18
-o wide - Shows detailed information including IP addresses
This command creates a simple pod to test if networking works between pods using the installed CNI.
Terminal
kubectl run test-pod --image=busybox --restart=Never -- sleep 3600
Expected OutputExpected
pod/test-pod created
This command tests network connectivity from the test pod to another node's IP address.
Terminal
kubectl exec test-pod -- ping -c 3 192.168.1.11
Expected OutputExpected
PING 192.168.1.11 (192.168.1.11): 56 data bytes 64 bytes from 192.168.1.11: seq=0 ttl=64 time=0.123 ms 64 bytes from 192.168.1.11: seq=1 ttl=64 time=0.110 ms 64 bytes from 192.168.1.11: seq=2 ttl=64 time=0.105 ms --- 192.168.1.11 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 0.105/0.112/0.123 ms
Key Concept

If you remember nothing else from this pattern, remember: CNI plugins connect containers to networks so pods can communicate inside and outside the Kubernetes cluster.

Common Mistakes
Not installing any CNI plugin after setting up Kubernetes cluster
Without a CNI plugin, pods cannot get IP addresses or communicate with each other.
Always install a CNI plugin like Calico or Flannel right after cluster setup.
Applying CNI manifests before the cluster is fully ready
The CNI pods may fail to start or configure networking properly if the cluster is not ready.
Wait until all control plane components are healthy before applying CNI manifests.
Using incompatible CNI config files or versions
This can cause pod networking failures or errors in pod creation.
Use CNI config files and plugins that match your Kubernetes version and follow official docs.
Summary
Install a CNI plugin like Calico to enable pod networking in Kubernetes.
Verify the CNI pods are running and nodes have proper IP addresses.
Test pod-to-pod or pod-to-node connectivity to confirm networking works.