Azure VM – Deploy CNI plug-in for Docker containers
Everyone is usually aware of CNI in Azure Kubernetes Service; it allows you to expose the POD IP address in Virtual Network directly. So simply, every pod has an IP address from Virtual Network. This functionality can also be reached if you install docker in Virtual Machine. It can be helpful if you would like to build functionality similar to google cloud “… deploy a container to this VM instance by using a container-optimized OS image…”.
You can start reading about this technology here: https://learn.microsoft.com/en-us/azure/virtual-network/deploy-container-networking#download-and-install-the-plug-in and finish with this repo:
https://github.com/Azure/azure-container-networking.
But there is the clue – command by command for Linux and Windows:
Ubuntu 20.04:
sudo su –
sudo apt-get update
sudo apt-get install \
ca-certificates \
curl \
gnupg \
lsb-releasesudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg –dearmor -o /etc/apt/keyrings/docker.gpgecho \
“deb [arch=$(dpkg –print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable” | sudo tee /etc/apt/sources.list.d/docker.list > /dev/nullsudo apt-get update
sudo apt-get -y install docker-ce docker-ce-cli containerd.io docker-compose-plugin
docker ps
git clone https://github.com/Azure/azure-container-networking.git
cd azure-container-networking/scripts/
./install-cni-plugin.sh v1.4.20
chmod u+x docker-run.sh
sudo apt-get update
sudo apt-get -y install jq
#Nic-name and resourcegroup is the Network Interface of Virtual Machine – That one create additional ip on existing network interface
az network nic ip-config create –name container01 –nic-name cni-lin-10603 –private-ip-address 10.224.0.6 –resource-group CNI-Test02iptables -t nat -A POSTROUTING -m addrtype ! –dst-type local ! -d 10.224.0.0/16 -j MASQUERADE
iptables -I DOCKER-USER -d 10.224.0.6 -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -I DOCKER-USER -s 10.224.0.6 -j ACCEPT
./docker-run.sh vnetdockerdemo default alpine
sudo docker exec -it vnetdockerdemo /bin/sh
ifconfig
Windows 2016 with container (Image from Azure):
#Powershell as a admin
Invoke-WebRequest -Uri https://github.com/Azure/azure-container-networking/archive/refs/heads/master.zip -OutFile azure-container-networking.zip
Expand-Archive azure-container-networking.zip -DestinationPath azure-container-networking
cd .\azure-container-networking\azure-container-networking-master\scripts\.\Install-CniPlugin.ps1 v1.4.2
#Nic-name and resourcegroup is the Network Interface of Virtual Machine – That one create additional ip on existing network interface
az network nic ip-config create –name container04 –nic-name cnit-03-win151 –private-ip-address 10.224.0.8 –resource-group CNI-Test02Invoke-WebRequest -Uri https://github.com/stedolan/jq/releases/download/jq-1.6/jq-win64.exe -OutFile C:\windows\system32\jq-win64.exe
jq-win64.exe
C:\k\azurecni\netconf\10-azure.conflist:
{
“cniVersion”: “0.3.0”,
“name”: “azure”,
“adapterName”: “”,
“plugins”: [
{
“type”: “azure-vnet”,
“mode”: “bridge”,
“bridge”: “azure0”,
“capabilities”: {
“portMappings”: true,
“dns”: true
},
“ipam”: {
“type”: “azure-vnet-ipam”
},
“dns”: {
“Nameservers”: [
“10.0.0.10”,
“168.63.129.16”
],
“Search”: [
“svc.cluster.local”
]
},
“AdditionalArgs”: [
{
“Name”: “EndpointPolicy”,
“Value”: {
“Type”: “OutBoundNAT”,
“ExceptionList”: [
“10.224.0.0/12”
]
}
},
{
“Name”: “EndpointPolicy”,
“Value”: {
“Type”: “ACL”,
“Action”: “Allow”,
“Direction”: “In”,
“Priority”: 65500
}
},
{
“Name”: “EndpointPolicy”,
“Value”: {
“Type”: “ACL”,
“Action”: “Allow”,
“Direction”: “Out”,
“Priority”: 65500
}
}
],
“windowsSettings”: {
“enableLoopbackDSR”: true
}
}
]
}.\docker-exec.ps1 vnetdockerdemo default mcr.microsoft.com/windows/servercore/iis add
docker exec -it vnetdockerdemo powershell
ipconfig