CNI

Jan 1, 0001

Definition

CNI (Container Network Interface) is a specification and a set of libraries for configuring network interfaces in Linux containers. It is used primarily in container orchestration platforms like Kubernetes to manage the network connectivity of containers. CNI plugins are responsible for setting up the network interfaces, assigning IP addresses, and ensuring that the network policies are enforced within the containerized environment.

Secure Settings Example

# Example Kubernetes NetworkPolicy using CNI
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-specific-ingress
  namespace: default
spec:
  podSelector:
    matchLabels:
      role: db
  policyTypes:
  - Ingress
  ingress:
  - from:
    - ipBlock:
        cidr: 192.168.1.0/24
    ports:
    - protocol: TCP
      port: 3306

Insecure Settings Example

# Example Kubernetes NetworkPolicy with overly permissive settings
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-all-ingress
  namespace: default
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  ingress:
  - {} # Allows all ingress traffic from any source

CNI

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter