Skip to content

Instantly share code, notes, and snippets.

@s1061123

s1061123/gist:a0b94ff6ee77c48c711158e27fe9ace7

Last active July 31, 2019 08:15
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save s1061123/a0b94ff6ee77c48c711158e27fe9ace7 to your computer and use it in GitHub Desktop.
Save s1061123/a0b94ff6ee77c48c711158e27fe9ace7 to your computer and use it in GitHub Desktop.
Download ZIP
cni-route-override examples
Raw
gistfile1.log
# Initial Config (without cni-route-override)
[tohayash@tohayash-lab ~]$ cat /etc/cni/net.d/87-podman-bridge.conflist
{
"cniVersion": "0.3.1",
"name": "podman",
"plugins": [
{
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"ipam": {
"type": "host-local",
"subnet": "10.88.0.0/16",
"routes": [
{ "dst": "0.0.0.0/0" },
{ "dst": "192.1.1.0/24", "gw": "10.88.0.254" }
]
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
[tohayash@tohayash-lab ~]$ sudo podman run --network=podman -it docker.io/centos/tools:latest bash
[root@61c4fb920ba8 /]# ip route
default via 10.88.0.1 dev eth0
10.88.0.0/16 dev eth0 proto kernel scope link src 10.88.0.33
192.1.1.0/24 via 10.88.0.254 dev eth0
# with cni-route-override (just added, nothing happen ;)
[tohayash@tohayash-lab ~]$ cat 87-podman-bridge.conflist
{
"cniVersion": "0.3.1",
"name": "podman",
"plugins": [
{
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"ipam": {
"type": "host-local",
"subnet": "10.88.0.0/16",
"routes": [
{ "dst": "0.0.0.0/0" },
{ "dst": "192.1.1.0/24", "gw": "10.88.0.254" }
]
}
},
{
"type": "route-overwrite"
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
[tohayash@tohayash-lab ~]$ sudo podman run --network=podman -it docker.io/centos/tools:latest bash
[root@6b5579af452f /]# ip route
default via 10.88.0.1 dev eth0
10.88.0.0/16 dev eth0 proto kernel scope link src 10.88.0.34
192.1.1.0/24 via 10.88.0.254 dev eth0
# Flush all routes with cni-route-override
[tohayash@tohayash-lab ~]$ cat 87-podman-bridge.conflist
{
"cniVersion": "0.3.1",
"name": "podman",
"plugins": [
{
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"ipam": {
"type": "host-local",
"subnet": "10.88.0.0/16",
"routes": [
{ "dst": "0.0.0.0/0" },
{ "dst": "192.1.1.0/24", "gw": "10.88.0.254" }
]
}
},
{
"type": "route-overwrite",
"flushgateway": false,
"flushroutes": true
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
[tohayash@tohayash-lab ~]$ sudo podman run --network=podman -it docker.io/centos/tools:latest bash
[root@272646f92216 /]# ip route
10.88.0.0/16 dev eth0 proto kernel scope link src 10.88.0.35
Note: in case of flush all routes, we keep interface routes above.
# Flush gateway only
[tohayash@tohayash-lab ~]$ cat /etc/cni/net.d/87-podman-bridge.conflist
{
"cniVersion": "0.3.1",
"name": "podman",
"plugins": [
{
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"ipam": {
"type": "host-local",
"subnet": "10.88.0.0/16",
"routes": [
{ "dst": "0.0.0.0/0" },
{ "dst": "192.1.1.0/24", "gw": "10.88.0.254" }
]
}
},
{
"type": "route-overwrite",
"flushgateway": true,
"flushroutes": false
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
[tohayash@tohayash-lab ~]$ sudo podman run --network=podman -it docker.io/centos/tools:latest bash
[root@48d9f2e3d229 /]# ip route
10.88.0.0/16 dev eth0 proto kernel scope link src 10.88.0.37
192.1.1.0/24 via 10.88.0.254 dev eth0
# Add route
[tohayash@tohayash-lab ~]$ cat /etc/cni/net.d/87-podman-bridge.conflist
{
"cniVersion": "0.3.1",
"name": "podman",
"plugins": [
{
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"ipam": {
"type": "host-local",
"subnet": "10.88.0.0/16",
"routes": [
{ "dst": "0.0.0.0/0" },
{ "dst": "192.1.1.0/24", "gw": "10.88.0.254" }
]
}
},
{
"type": "route-overwrite",
"addroutes": [ {
"dst": "192.168.0.0/24",
"gw": "10.88.0.254"
} ],
"flushgateway": false,
"flushroutes": false
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
[tohayash@tohayash-lab ~]$ sudo podman run --network=podman -it docker.io/centos/tools:latest bash
[root@22969ab6ab24 /]# ip route
default via 10.88.0.1 dev eth0
10.88.0.0/16 dev eth0 proto kernel scope link src 10.88.0.38
192.1.1.0/24 via 10.88.0.254 dev eth0
192.168.0.0/24 via 10.88.0.254 dev eth0
# Delete route
[tohayash@tohayash-lab ~]$ cat /etc/cni/net.d/87-podman-bridge.conflist
{
"cniVersion": "0.3.1",
"name": "podman",
"plugins": [
{
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"ipam": {
"type": "host-local",
"subnet": "10.88.0.0/16",
"routes": [
{ "dst": "0.0.0.0/0" },
{ "dst": "192.1.1.0/24", "gw": "10.88.0.254" }
]
}
},
{
"type": "route-overwrite",
"delroutes": [ {
"dst": "192.1.1.0/24"
} ],
"flushgateway": false,
"flushroutes": false
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
[tohayash@tohayash-lab ~]$ sudo podman run --network=podman -it docker.io/centos/tools:latest bash
[root@725f4724e0a7 /]# ip route
default via 10.88.0.1 dev eth0
10.88.0.0/16 dev eth0 proto kernel scope link src 10.88.0.39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment