►
Description
https://github.com/containernetworking/cni
This talk covers the nature of CNI plugins, how they are called by a container runtime or orchestrator, common configurations, and how to chain multiple plugins together to layer different capabilities.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
A
Okay,
the
number
seems
to
be
stabilizing
now
it's
nice
to
see
that
we've
got
a
very
busy
webinar
today.
Welcome
everyone
to
this.
The
seventh
I
believe
CN
CF
webinar.
Today
we're
going
to
be
having
an
introduction
to
CN
I,
very
fortunate,
to
have
two
presenters
today
with
Ken
Owens
from
Esther
card
at
Brown
Boram
from
weave
during
the
webinar
itself.
If
you
have
questions
you're,
not
as
an
attendee
Yanna
able
to
talk
so
please
use
either
the
chat
window
down
the
bottom.
A
All
the
Q&A
functionality
listed
on
the
bottom
as
well
and
I'll,
read
those
and
then
find
opportune
moments
to
interrupt
that,
presents
us
and
ask
them
those
questions,
but
do
feel
free
to
ask
throughout
we'll
also
have
time
for
questions
at
the
end,
but
we
find
that
normally
it's
better.
If
we
ask
questions
during
because
it
makes
it
a
little
bit
more
interactive
I'm
going
to
give
you
some
more
links
for
upcoming
webinars
at
the
end,
but
I
think
now
without
further
ado,
we
should
just
jump
into
it.
B
Yep,
yes
already.
Thank
you
great
thanks
good
afternoon.
Everyone,
and
so
is
it
general
pan
talk
about
what
is
CNI
the
container
networking
interface,
who
uses
CNI
runtimes
and
the
plugins
aspects,
some
of
the
room,
recent
developments
within
the
container
in
space
and
CNI,
and
then
some
of
the
future
things
that
we
believe
would
be
of
great
interest
to
everyone
on
the
call.
C
B
So
I
think
about
what
is
C
and
I.
You
know
the
the
whole
of
CNI
is
really
this
generic
plug-in
based
networking
solution
that
this
for
application
containers
it
on
on
containers
on
container
type
of
software.
It
originated
with
clo'es
as
part
of
rocket
and,
as
as
part
of
this
hints
TF
charter.
We
wanted
to
look
at
bringing
in
not
just
the
the
cni
interface
model
and
the
plugins,
but
also
kind
of
the
ecosystem
and
seeing
around
CNI
and
so
by
angle,
until
the
more
the
the
specifics
around
what
CNI
isn't
what
it
does.
Thanks.
C
The
very
full
operation
you
have
some
kind
of
runtime.
This
is
maybe
a
container
runtime
like
rocket,
or
maybe
that's
an
Orchestrator
like
kubernetes
other
orchestrators,
you
see
and
I'm
a
sauce
for
instance,
and
it
it
makes
a
call
to
a
plugin,
we'll
look
at
more
detail
how
that
works
in
a
second,
but
it
is
based
on
some
configuration
of
how
it
wants
the
network
to
be
set
up,
and
the
plugin
is
the
thing
that
it
specifically
covered
configures
your
network
for
your
containers.
C
C
Network,
if,
if
you
need
one
of
those
or
it
could
be
any
one,
any
kind
of
networking
solution
from
any
provider,
that's
the
hope.
This
kind
of
cloudy
bit
at
the
bottom.
From
the
point
of
view
of
CNI,
we
do
not
care
what
that
is.
We
want
to
make
it
possible
for
anyone
to
come
up
with
the
plug-in
any
network
provider
to
come
up
with
a
plug-in
to
talk
specifically
to
their
network
and
be
told
what
to
do
by
any
tear
in
a
runtime.
C
C
C
So
currently
we
have
three
commands,
add
elf
or
delete,
or
to
inquire
the
version
of
the
plug-in
and
add
means
to
add
a
network
interface
to
a
container
so
also
in
the
environment
variables.
We
need
to
pass
in
container
we're
talking
about
the
network
namespace,
that's
kind
of
a
low-level
detail
of
how
these
things
work,
a
path
which
we'll
get
to
in
a
minute
and
the
name.
You
want
this
interface
inside
the
container
to
be
called.
C
The
last
thing
you
do
is
you
send
in
on
node
in
a
JSON
document
which
defines
how
you
want
the
network
set
up
and
that's
it,
the
the
plugins
just
run,
do
their
job
and
exit
whatever
that
involves.
Maybe
that
involves
calling
out
to
central
controller
for
the
network.
Maybe
that
involves
just
tinkering
with
stuff
on
the
local
Linux
machine.
It
really
depends
on
which
kind
of
a
network
are
you
using?
C
C
We
pass
in
a
name
and
a
type,
the
type
maps
to
the
the
kind
of
network
you're
using.
So
that's
one
of
those
overlay
networks
or
whatever,
and
this
isn't
trying
to
expect
it
to
be
the
name
of
the
binary
which
implements
the
plug-in
so
all
around
it
probably
would
have
been
a
better
idea
to
name
that
thing
plug-in
name,
but
it's
called
pipe.
So
we
make
do
with
that
and
beneath
that
any
parameters
required
for
this
network
I
just
put
foo
in
as
an
example,
some
of
those
parameters
are
defined
by
the
CNI
spec.
C
Some
of
them
will
be
understood
specifically
by
one
plug-in
and
because
jason
we
can,
we
can
put
whatever
we
like
in
there
and
then
the
block
at
the
bottom.
This
is
a
ipam
block
which
turn
IP
address
management,
so
this
is
very
typically
found
in
CNI
definitions
because
because
we
segregated
out
the
job
of
configuring,
the
network
from
the
job
of
allocating
IP
addresses
look
at
that
in
pictorial
terms.
C
So
the
runtime
gather
us
up
its
config
and
makes
a
call
for
the
plug-in
sending
sending
those
environment
variables.
Setting
the
the
Jason
in
on
standard
in
the
network
plug-in
wants
to
call
an
iPad
plug-in
and
when
this
whole
thing
was
being
designed
that
the
thought
was
well.
Okay,
we
need
an
interface
for
that.
Well,
we've
already
got
an
interface
which
is
talking
about
network,
so
we
just
use
the
same
interface.
C
So
basically,
the
first
plug-in
passes
the
same
command
to
the
second
plug
in
to
the
IPAM
plugin,
and
in
this
way
you
can
mix
and
match
so
your
IP
address
allocation.
Maybe
you
want
to
use
DHCP,
you
want
to
use
the
host
local
allocator,
which
is
one
that
the
cni
project
has
created.
Maybe
you
have
a
an
IP
allocator
that
is
specific
to
your
network
that
you
using
it,
doesn't
matter
you
can
mix
and
match
the
network
and
the
IP
allocator
and-
and
we
actually
have
separate
plug-ins
for
those.
B
We've
had
a
couple
questions
Brian,
so
the
first
one
was
I.
Think
I
was
already
answered,
but
just
so
we
answer
it
publicly.
Some
of
these
environment
variables
can
they
be
set
by.
They
contain
a
runtime
or
an
Orchestrator.
What
you
want
to
address
some
of
those
aspects,
Brian
in
terms
of
orchestration,
the.
C
Environment
variables
to
really
be
specific
to
to
every
call
to
the
plug-in.
You
know
the
as
you
as
you
as
your
system,
dynamically
evolves
every
time.
You
add
something
in
kubernetes
terms,
you're
going
to
do
this
once
per
pod
in
rocket
terms
you're
going
to
do
it
once
per
container
the
you're
gonna
you're
going
to
set
that
thing
to
add,
and
then,
when
you
tear
one
of
those
down,
you're
gonna
set
it
to
del.
C
C
So
really
only
only
the
last
couple
of
the
paths
that
could
be
set
once
and
for
all,
because
you're
probably
not
going
to
move
them
around
and
the
interface
name
most
most
runtimes
tend
to
set
a
standard
for
that.
So
so
these
are
generally
things
that
the
runtime,
the
the
the
higher
level
controller,
knows
that
it
wants
they're,
not
really
things
that
a
user
administrator
sets
to
operate
the
system.
Yen.
B
I
haven't
seen
it
used
here
in
the
enterprise
space
run
right
now,
I've
seen
kind
of
used
in
two
way.
So
within
the
pipeline
we've
been
able
to
create
the
ability
to
sort
of
you
know,
add
add
in
the
pipeline
through
the
container,
you
know
with
the
container
ID
in
the
net
path,
and
the
interface
name
fits
into
a
stand
and
we
kind
of
pull
out
of
a
database
and
just
kind
of
populate
all
this
information
and
we
send
it
in
to
the
to
the
plug
in
the
other
way.
B
I've
seen
it's
done
is
more
of
a
you
know,
kind
of,
though
the
pipeline
kicks
out
a
request
for
a
config
to
be.
You
know
a
JSON
document
to
be.
You
know,
popped
in
and
then
once
you
have
that
JSON
document
ready
you
pop
that
into
the
pipeline,
then
the
pipeline
continues
and
so
I've
seen
it
done
in
those
two
ways
and
there's
probably
others.
You
know
if
you
have
different
network
admitted
by
different
ways.
They
want
to
do
this,
but
you
definitely
can't
automate
a
lot
of
this.
If
you
want
you
to
your
pipeline.
C
Yeah
and
maybe
just
distress,
I
wrote
this
as
a
command
line
as
an
illustration.
You
know,
if
I,
if
I,
wanted
to
show
what
to
do.
For
instance,
a
demo
just
on
my
laptop
of
CNI
working,
the
expectation
is,
you
do
not
run
this
command
yourself.
The
expectation
is,
there's
an
interface
between
a
runtime
and
a
plug-in,
and,
and
it's
all
automated
at
that
level,
and
the
higher
level
like,
for
instance,
I,
want
to
put
my
my
path
in
a
different
place,
and
that
would
be
a
configuration
opera
to
the
runtime.
B
B
So
you
know
it's
part
of
the
you
know
bringing
in
CNI
into
the
CNC
F.
We
wanted
to
sort
of
look
at
like
how
do
we?
How
do
we
want
to
work
with
with
the
CNI
project
as
a
whole,
and
so
our
goal
in
the
CNC
app
is
not
to
to
come
in
and
be
like
heavy-handed
and
and
stopped
forward
progress
and
and
require
a
lot
of
new
changes,
and
so
there
was
a
repo
on
github
container
networking,
/t
and
I
said
it's.
The
home
is
the
same
home.
B
It's
been
in
we've,
there's
a
community
sink
meeting
that
happens
like,
and
it's
one
one,
if
not
consist
of
three
repositories.
A
Cena
back
repository,
which
is
this
is
five
maintains,
was
actually
eleven.
Five
kind
of
primary
lead
maintains
eleven
maintain
is
on
the
spec,
there's
a
conventions,
repo
and
then
there's
a
library
where
you
sort
of
have
the
going
meditation
of
the
sea
and
ice.
B
But
I
can
some
of
the
plugins
that
are
available
to
use
as
part
of
your
deployments
overall
and
get
out
there's
about
sixty
three
contributors
from
you
know
over
10
plus
companies
and
75
actually
786.
As
of
now,
if
someone
went
out
and
put
it
just
in
the
time
we
created
this
deck,
so
thank
you,
I
mean
so
the
the
plugin.
You
know,
it's
sort
of
you
know
I
still
kind
of
going
through
each
of
these
and
a
lot
of
detail
right.
B
B
And
then
on
the
ecosystem
part,
it's
a
pretty
interesting
ecosystem
right
now,
as
you
can
see,
we
have
you,
have
the
the
rock
contingent
runtimes
kubernetes
kuma,
the
Cloud
Foundry,
makes
also
are
supported.
In
times
we
had.
Third
parties
from
we've
met:
crunchy
calico,
which
is
a
Cisco
project,
I'm.
Sorry,
no!
It's
a
tiger
project
conch
eat
kunti,
which
I
saw
in
San
Cisco.
Is
this:
if
a
project
s
rivo
io
b,
Infoblox
has
a
plug-in
and
the
scene
ige
me
as
a
as
an
interesting
plugin
as
well
from
kind
of
enterprise.
B
A
B
It's
go,
oh
networking
model,
you
know
another
another
vendor.
The
the
administrators
and
the
operators
understand
very
well.
This
general
networking
terminology
and
I'm,
very
familiar
with
like
logging
in
and
typing
commands
on
the
command
console
to
configure
something
right
and
creating
its
and
then
you
know
getting
approvals
and
all
that
kind
of
stuff
and
so
moving
to
more
of
a
you
know,
orchestrated
system
and
building
in
those
pipeline
and
interesting
trap.
B
For
yeah
enterprise
looking
to
move
down
to
contain
a
look
at
how
to
get
networking
more
integrated
and
then
moving
some
of
the
policies
from
the
legacy
environment.
If
you
will
to
the
new
cloud
native
environment
in
effect,
you're
kind
of
managing
these
environments
together,
there's
not
at
least
most
enterprises,
I
know
of,
cannot
just
do
a
Greenfield
deployment
and
just
ignore
all
of
their
business,
and
so
there's
a
good.
B
You
know
it's
an
interesting
use
case
of
trying
to
move
from
where
you
are
now
to
this
next
generation
of
networking
capabilities,
and
you
want
to
kind
of
leverage
a
transformation
strategy
versus
they
just
kill
what
you
have
and
try
to
move
on
you,
and
so
the
CNI
third
party,
plugins,
really
help
you
take
what
you
have
and
extend
that
into
the
next.
You
know
evolution
of
where
you're
trying
to
take
your
networking
capabilities
as
an
image.
B
And
then
that
you
know
I
kind
of
think
that
it
would
be
good
just
top
and
think
about
this
quote
right,
because
it's
an
interesting
quote
from
from
Adrian.
You
know
that
the
test
network
incapable
written
as
a
scene
I
plug
in
and
we
expect
CNF
to
be,
he
says
for
container
based
networking
on
Amazon.
B
So
it's
a
you
know
it's
sort
of
a
interesting
model
when
you
think
about
how
you
know
the
largest
of
the
cloud
providers
is
basically
saying
we
need
to
think
of
everything
as
a
set
of
networking
components
and
tasks
they
need
to
be
executed
and
then
thought
about.
As
sort
of
you
know,
IIPC
type
of
cause
versus
you
know
large
systems
that
need
to
be
treated
separately
and
special.
C
Turning
into
this,
this
kind
of
nightmarish
thing
that
supports
every
single
possible
feature
in
their
network
and
even
just
a
JSON
file
that
lets
you
define
every
single
possible
feature
in
a
network,
so
so
we
hit
upon
this
idea
of
instead
of
one
plug-in,
that
does
everything
you
need
being
able
to
break
things
down
into
separate
plugins,
and
it
turns
out
this.
This
is
work
really
well
in
practice.
In
a
number
of
cases,
so
we
know
we
now
have
the
ability
to
define
a
list
of
plugins.
C
C
Ipv6
is
a
big
deal
for
a
lot
of
people
that
has
been
chugging
along
for
a
really
long
time,
but
we
did
announce
victory
in
not
point
six
which
came
out
last
week.
So
what
we
did
there.
We
had
to
extend
the
spec
to
allow
multiple
addresses,
because
most
people
will,
in
the
current
time
frame,
will
have
tend
to
have
an
ipv4
and
an
ipv6
address
in
place.
C
So
the
ability
you
configure
an
interface
to
have
multiple
IP
addresses
on
that
one
interface,
that
that
required,
a
spec
change
and
all
those
base
plugins
that
that
ten
went
through
and
the
plugins
repo
now
support.
Ipv6
of
the
address
allocator,
the
the
bridge
plug-in,
will
configure
ipv6
addresses
and
went
through
all
of
those
making
sure
it's
or
making
sure
does
the
right
thing.
C
So
let
me
just
take
a
look
and
I
just
want
to
put
up
an
example
of
the
chaining
technique
that
I
spoke
about.
So
this
is
a
real
example.
You
could
excuse.
You
could
use
this.
The
this
adjacent
file,
which
is
a
list
of
plugins
where
we're
configuring
one
of
them,
is
the
weave
net.
Plugin
I
happen
to
work
on
that.
The
other
one
is
the
port
map
plug-in,
and
this
is
a
great
example
where
we
separated
out
the
functionality.
C
C
If
you
want
to
implement
that
under
the
hood
using
CI,
you
can
chain
on
the
port
map
plugin,
we
wrote
a
capability
line
in
the
Jason
which
tells
the
runtime
to
pass
the
specific
port
mappings
into
this
plug-in
and
there's
a
couple
of
other
parameters
in
there:
I'm
not
going
to
get
into
detail
log.
Just
this
is
just
to
say.
A
D
C
C
C
Okay,
so
let
me
let
me
look
forward
so
as
I
say,
we
are
up
to
the
release,
not
point
six
right.
Now
we
are
planning
to
add
a
get
command,
so
a
runtime
can
ask
about
the
status
of
an
interface
that
it
maybe
doesn't
know
about
on
a
container
as
specific
to
kubernetes
there
there's
this
thing
inside
kubernetes
called
cube
net,
which
is
like
a
very
popular
networking
implementation,
the
this
kind
of
half
done
using
CNI
and
half
with
some
code
inside
the
kubernetes
tree.
C
C
C
C
C
C
D
B
Which
is
okay?
It's
no
problem.
It's
a
weird
question.
I
know
the
other
question
was
in
it
from
like
standpoint.
You
talked
about
chaining
so
that
the
question
was
around
chaining.
So
I
can
tell
you
the
exact
question,
but
it
probably
good
if
you
just
sort
of
talk
more
more
generally
about
how
time
works
in
my
shirt,
how
well
is
understood,
but
the
question
is
well.
If
you
have
three
chains,
think
three
things
in
a
B
and
C,
we'll
see
get
all
of
its
config
and
resolve
from
a
and
B
yeah,
both.
C
Yeah
I
think
the
I
can't
pull
it
up
on
the
screen
really
easily
right
now,
but
there
are
examples
in
the
in
the
repo
and
if
the
examples
aren't
good
enough,
please
raise
an
issue
on
github
or
come
on
our
slack,
we'll
put
the
link
up
at
the
end
or
we
have
an
IRC
channel.
We
have
a
mailing
list.
We
have
a
mailing
list,
this
list
to
Google
Groups.
You
can
and
comfort
us
we're
very
happy
for
people
to
get
in
contact
so
so,
but
yeah
to
the
to
the
question.
C
B
C
C
C
Tuning
plug-in,
which
makes
those
changes,
and
you
would
chain
it
on
to
your
real
plug-in
that
sets
up
the
the
network
interface
and
that's
mean
if
you're
running
on
Linux,
then,
basically,
those
those
traffic
shaping
abilities
are
available
in
the
kernel,
so
that
will
most
likely
work.
Maybe
may
you
know
not
every
not
every
plug-in
is
going
to
be
composable
with
every
other
plug.
We
can't.
C
C
But
but
like
I,
say
people,
people
show
up
every
every
week
with
a
slightly
different
tweak
on
someplace
and
in
general
those
things
can
be
done
as
a
chained
plug-in
a
NASA
Aves
just
having
to
add
it
as
a
configuration
option
on
the
base
plugins
and
what
I
mean
there's
the
the
chainable
plug-in
becomes
usable
in
a
lot
of
other
cases.
You
know
we
we
don't.
We
don't
have
to
go
around
n,
Titans
and
add
the
same
feature
to
n
n
different
plugins
because
they
can
just
be
chained
on
so.
B
B
C
D
C
So
if
you,
if
you
want
one
network
for
your
application
and
another
network
for
your
storage,
let's
say
then,
then
you
need
to
set
up
two
networks
and
certainly
kubernetes
only
understands
the
concept
of
one
network
only
lets
you
configure
one
network
at
the
moment
so
that
service
and
by
my
understanding
how
those
things
came
about
it
wasn't
so
much
the
chaining
idea.
It
was
that
I
want
to
do
two
things
or
three
things.
Three
separate
things,
two
separate
things.
C
It
is
probably
the
case
chaining
can
be
used
instead,
I
I,
don't
know.
We've
heard
from
oh
man.
Anyone
who
was
in
that
situation
and
who's
tried
it
differently.
It
is.
It
is
quite
a
new
thing.
You
know
like
I
said
this,
is
you
like
recent
developments?
So,
for
instance,
as
far
as
kubernetes
was
concerned,
support
for
chaining
only
went
in
in
the
1.7
release,
which
was
a
month
or
so
ago.
C
B
C
Uture,
there
is
also
work
underway,
or
at
least
discussion
on
the
design
of
multiple
networks
that,
in
a
number
of
places,
yes
and
I,
would
expect
that
to
shake
out
as
the
ability
for
the
runtime
to
call
different
plugins
with
different
configs.
So
that
would
be
a
different
thing.
Let
me
just
look
at
that.
Yeah.
If
you
take
this
diagram,
if
you,
if
you
have
need
for
multiple
networks,.
C
D
D
B
I've,
even
you
know,
add
things
like
load,
balancing
and
other
other
network
type
of
services
to
it.
But
in
terms
of
the
question,
how
do
you,
how
does
that
sort
of
work
in
terms
of
security
foot
within
CNI
today
going
forward
and
what
type
of
features
would
fit
into
to
see
and
I?
What
would
this
sort
of
features
that
fall
into
and
in
NC
and
I
yeah
so.
C
C
You
know
with
with
what
was
done
in
kubernetes,
where
a
network
policy
concept
was
added
there
and
and
all
implementations
of
that
are
kind
of
alongside
that
independent
of
CNI.
Oh,
it's
definitely
a
great
question
and
I
think
it's
called
out
on
the
the
homepage
of
the
CNI
repo
or
something
we
should
look
at,
but
not
something
that
anyone
has
actually
got
into
as
yet,
but
we're
you
know
very,
very
open
to
contribute,
or
some
people
coming
on,
to
engage
with
us
on
that
level.
D
C
You
know
a
plugin
is
just
an
executable
that
can
read
Jason
and
right.
Jason
I've
even
seen
one
written
in
bash,
so
yeah
you
can,
if
you,
if
you
can
think
of
something
that
can
be
done
in
the
network
domain,
and
you
know
how
to
write
the
code
for
that.
Then
you
can
write
yourself
a
C
and
I
plug
in
Ian.
You
can
configure
it
into
your
container
runtime
your
container
Orchestrator.
B
And
just
you
know,
one
thing
to
add
is
if
you're
interested
in
sort
of
you
know
things
like
ACLs
and
load
balancing
and
some
of
the
other
aspects
of
services
at
the
network
and
security
layers,
but
then
the
C
and
C.
If
we
have
a
network
workgroup
that
it's
working
closely
with
you
know
the
CNI
maintainer
x'
and
the
kubernetes
container.
D
B
Group,
so
that
I
can
committees
networking
what
group
so
I'm
definitely
difficult
decision
being
part
of
that
you
can
find
what
about
that
on
a
CTF
github
site
under
the
networking.
What
group
so
be
happy
to
kind
of
continue
that
conversation
there
and
you
know
always
looking
for
you
know
especially
users,
input
into
what
are
some
of
the
services
and
functionalities
needed
going
forward.
B
I
mean
we
did
get
one
more
question
in
from
Mike
here
that
will
be
possible
to
change
other
networks,
services
such
as
firewalls,
load,
balancing,
etc,
and
that's
so
that's
a
question
and
the
next
one
after
that
is.
Is
it
going
to
be
a
standard
call
when
we
can
call
multiple
different
load
balancers?
You
know
right,
API
interface,
for
example.
So
come
back
to
your
multi
network
example,
you
gave
Brian
with
it.
Is
it
isn't
going
to
be
possible?
You
think,
in
the
future
to
get
a
megaphone,
a
single
API
call
to
like
kubernetes.
C
Yeah
I
mean
I,
mean
I,
I,
don't
want
to
one
so
before
I
get
into
that.
Let
me,
let
me
stress
CNI,
as
a
solution
across
many
different
orchestrators
is
not
a
kubernetes
specific
solution.
It's
it's
certainly
used
by
me
source
just
by
ranchers
by
Cloud
Foundry.
You
know,
there's
a
there's
a
bunch
of
of
people
and
we're
never
going
to
we're
now
going
to
put
something
into
CNI.
C
That's
just
just
specific
kubernetes,
however,
for
the
for
the
point
of
view
of
me
talking
in
this
in
this
webinar
I
know
more
about
kubernetes
than
I
know
all
those
other
systems.
So
so
let
me
use
that
as
an
example
load
balancing
in
in
a
kubernetes
domain,
where
the
the
orchestrator
has
a
lot
of
information.
It
knows
how
many
containers
are
running
that
will
implement
a
particular
service.
It
knows
what
that
service.
It's
cold
knows
how
that
service
should
be
set
up
from
the
outside
of
the
cluster.
C
C
Kubernetes
again,
just
to
pick
a
one
example
have
a
concept
of
a
load
balanced
service.
It
has
that
as
an
obstruction
and
anyone
to
come
along
and
write
an
implementation
for
that
abstraction.
It
happens
that
there
are
that
many,
but
you
can
go
out
and
find.
Certainly,
certainly
if
you
limit
yourself
to
high-quality
implementations,
the
that's
that's
a
bit
name,
but
but
I
don't
think
it
is
gonna
fit
with
CNIC
and
I
is.
Is
it
at
a
particular
role?
C
It
is
between
the
runtime
and
the
infrastructure
for
a
container,
so
something
like
load
balancing
I
am
understand
the
question
being
something
that
would
span
across
many
containers
really
really
at
a
service
obstruction.
It
sounds
like
another
thing
and
if
we
need
a
if
we
need
a
standard
interface
for
that,
then
let's
yeah,
let's
get
going,
let's,
let's
create
the
container
load,
balancer
interface
and
if
I
miss.
If
the
container
load
balancer
interfaces
the
same
as
the
container
network
interface,
then
we'll
we'll
just
do
it.
B
B
You
know
micro-services
oriented
in
architecture,
rights
or
not
not
try
to
throw
everything
into
one
specification,
because
then
it
becomes
a
monolithic
specification
with
all
of
these
dependencies,
and
you
know
your
packages
become
super
large
package
now
that
we
have
experience
with
that
with
OpenStack
or
anything
like
that.
But
if
we
would
have
had
experience
with
things
like
that,
you'd,
you
can
see
where
this
could
get
pretty
large
and
welding
and
unmanageable
very
quickly.
B
C
I
think
I
think
that
that's
pretty
much
current.
What
was
on
the
slides
just
to
to
sum
up
and
as
I've
said
many
times,
it's
a
simple
interface
CNI
based
on
just
setting
some
environment
variables
and
configuring.
What
you
want
in
adjacent
file,
everything
I've
talked
about
is
open
source.
There
are
lots
of
different
runtimes
meat.
Software
needs,
these
I'm
sure
shift
Cloud
Foundry
lots
of
plugins
of
both
open
source
and
closed
source
very
open
to
implementers
showing
up.
You
know
if
you've
got
a
plug-in,
it's
not
on
the
list,
you
can
add
it.
D
C
C
Yeah,
so
if
you
think
about
a
load,
balancer
wants
to
think
about
about,
for
instance,
not
so
what
I
would
consider
not
so
high
quality
is
there's
exactly
one
process
running
it.
If
that
process
dies,
your
whole
services
get
so
high
availability.
You
know
making
making
aware
of
what
can
happen
when
things
fail
and.
C
Yeah
also
getting
into
considerations
like
like
like
how
many
times
are
you
traversing
the
network
times?
Are
you
going
between?
If
you,
if
you're
on
a
machine
between
kernel
mode
and
user
space,
you
know?
That's
that's.
What's
in
mind
a
little
bit
of
a
throwaway
remark.
I
don't
mean
to
offend
anyone,
but
things
are
sometimes
you
can
you
know
together
in
a
weekend
it
looks
great,
but
it's
it's
not
the
same
thing
that
you
want
to
run
a
business
on
and
every
day.
B
You
know
one
of
the
things
we've
kind
of
kicked
around
the
idea
with
in
the
CN
CF
was
not
not
that
dirty
wood
certification,
but
some
sort
of
a
you
know
quantifiable.
You
know
test
suite
that
at
least
it
passes
this
level
of
assurance
right
so
still
just
sort
of
be
determined.
So
I
wouldn't
hold
your
breath
on
that.
One.
A
A
D
A
Good,
so,
unless
there
are
no,
unless
there
any
more
questions,
that's
all
we've
got
time
for
so
you've
got
about
ten
seconds
now.
Well,
I
quickly
say
the
rest
of
it
on
September
22nd,
it's
not
online
yet,
but
it
will
go
online
soon.
We're
having
a
webinar
in
a
slightly
different
format
where
we've
got
people
from
various
vendors
who'll
be
coming
to
talk
about
all
aspects
of
cloud
native
security
from
container
scanning
all
the
way
up
to
network
security,
and
things
like
this
so
that'd
be
an
interesting
one.
A
I'm
doing
a
panel
setting,
so
five
people
will
be
talking
I'll
be
asking
questions
so
keep
an
eye
on
the
events
page
on
CN,
CF,
dot,
IO
site
for
that.
If
that
sounds
interesting,
there
are
no
more
questions
come
through.
So
the
only
thing
for
me
to
say
now
is
thank
a
huge
thank
you
to
Brian
and
Ken
thanks
for
introducing
us
to
CNI
today
and
as
I
mentioned
earlier
in
the
chat.
If,
if
you
miss
this
or
joined
late,
we
will
be
uploading
this
video
to
the
CN
CF
YouTube
channel.
A
It
will
probably
take
a
few
days
if
you
keep
your
eye
on
that.
I
put
the
link
in
the
chat
earlier,
so
you
can
go
and
watch
it
back
and
we
will
also
link
the
slides
to
the
event
page,
which
I
also
put
in
the
chat.
So
if
you
want
to
go
through
an
X
to
be
able
to
click
on
those
links,
then
then
you
will
be
able
to
do
so.
A
One
more
question
just
came
in.
Can
you
share
the
link
to
the
security
panel
info?
No,
we
can't
because
it's
not
online
yet,
but
it
will
go
online
shortly.
What
I
will
do
is
I
will
give
you
the
general
events
link
for
the
CN
CF
and
if
you
keep
rely
on
that,
it
will
be
turning
up
within
a
few
days
if
there
are
no
more
questions
that
sort
of
got
time
for
now
again
Brian
Ken.
Thank
you
very
much.
Thank
you
to
everyone
else
who
attended
everyone
see
you
next
time.