1.3 KiB
| title | description | weight | owner | test |
|---|---|---|---|---|
| CNI plugin | Describes how Istio's CNI plugin works. | 10 | istio/wg-networking-maintainers | n/a |
Kubernetes has a unique and permissive networking model. In order to configure L2-L4 networking between Pods, a Kubernetes cluster requires an interface Container Network Interface (CNI) plugin. This plugin runs whenever a new pod is created, and sets up the network environment for that pod.
If you are using a hosted Kubernetes provider, you usually have limited choice in what CNI plugin you get in your cluster: it is an implementation detail of the hosted implementation.
In order to configure mesh traffic redirection, regardless of what CNI you or your provider choose to use for L2-L4 networking, Istio includes a chained CNI plugin, which runs after all configured CNI interface plugins. The API for defining chained and interface plugins, and for sharing data between them, is part of the CNI specification. Istio works with all CNI implementations that follow the CNI standard, in both sidecar and ambient mode.
The Istio CNI plugin is optional in sidecar mode, and required in {{}}ambient{{< /gloss >}} mode.