Container Runtime Interface (CRI) is
an ongoing project to allow container
runtimes to integrate with kubernetes via a newly-defined API. This document
specifies the network requirements for container runtime
interface (CRI). CRI networking requirements expand upon kubernetes pod
networking requirements. This document does not specify requirements
from upper layers of kubernetes network stack, such as
background on k8s networking could be found
Kubelet expects the runtime shim to manage pod’s network life cycle. Pod networking should be handled accordingly along with pod sandbox operations.
RunPodSandboxmust set up pod’s network. This includes, but is not limited to allocating a pod IP, configuring the pod’s network interfaces and default network route. Kubelet expects the pod sandbox to have an IP which is routable within the k8s cluster, if
RunPodSandboxmust return an error if it fails to set up the pod’s network. If the pod’s network has already been set up,
RunPodSandboxmust skip network setup and proceed.
StopPodSandboxmust tear down the pod’s network. The runtime shim must return error on network tear down failure. If pod’s network has already been torn down,
StopPodSandboxmust skip network tear down and proceed.
RemovePodSandboxmay tear down pod’s network, if the networking has not been torn down already.
RemovePodSandboxmust return error on network tear down failure.
PodSandboxStatusmust include pod sandbox network status. The runtime shim must return an empty network status if it failed to construct a network status.
User supplied pod networking configurations, which are NOT directly
exposed by the kubernetes API, should be handled directly by runtime
shims. For instance,
non-masquerade-cidr. Kubelet will no longer handle
these configurations after the transition to CRI is complete.
Network configurations that are exposed through the kubernetes API
are communicated to the runtime shim through
podCIDR. For each runtime and network implementation,
some configs may not be applicable. The runtime shim may handle or ignore
network configuration updates from