github.com/coreos/rocket@v1.30.1-0.20200224141603-171c416fac02/Documentation/networking/examples-bridge.md

github.com/coreos/rocket@v1.30.1-0.20200224141603-171c416fac02/Documentation/networking/examples-bridge.md (about)

     1  ## Using NAT with bridge
     2  
     3  The [bridge plugin][cni-bridge] can be configured to create a separate network on the host that will be NAT'ed similar to the _default_ network.
     4  The difference to a ptp configured network is that the pods will be able to communicate directly through the bridge and don't have to pass the host as a gateway.
     5  
     6  ```json
     7  $ cat /etc/rkt/net.d/10-bridge-nat.conf
     8  {
     9      "name": "bridge-nat",
    10      "type": "bridge",
    11      "bridge": "rkt-bridge-nat",
    12      "ipMasq": true,
    13      "isGateway": true,
    14      "ipam": {
    15          "type": "host-local",
    16          "subnet": "10.2.0.0/24",
    17          "routes": [
    18                  { "dst": "0.0.0.0/0" }
    19          ]
    20      }
    21  }
    22  ```
    23  
    24  This will add a bridge interface named _rkt-bridge-nat_ on the host and attach the pod's veth endpoint to it.
    25  It will not attach any other interface to the bridge, which remains the user's responsibility.
    26  
    27  Inside the pod, the interface configuration looks like this:
    28  
    29  ```
    30  $ sudo rkt run --net=bridge-nat --interactive --debug kinvolk.io/aci/busybox:1.24
    31  (...)
    32  # ip -4 address
    33  1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue
    34      inet 127.0.0.1/8 scope host lo
    35         valid_lft forever preferred_lft forever
    36  3: eth0@if68: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
    37      inet 10.2.0.2/24 scope global eth0
    38         valid_lft forever preferred_lft forever
    39  5: eth1@if69: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
    40      inet 172.16.28.2/24 scope global eth1
    41         valid_lft forever preferred_lft forever
    42  # ip -4 route
    43  default via 10.2.0.1 dev eth0
    44  10.2.0.0/24 dev eth0  src 10.2.0.2
    45  172.16.28.0/24 via 172.16.28.1 dev eth1  src 172.16.28.2
    46  172.16.28.1 dev eth1  src 172.16.28.2
    47  ```
    48  
    49  Note that the _[default-restricted][default-restricted]_ network has been loaded in addition to the requested network.
    50  
    51  
    52  [cni-bridge]: https://github.com/containernetworking/plugins/blob/master/plugins/main/bridge/README.md
    53  [default-restricted]: overview.md#the-default-restricted-network