Continental Innovates with Rancher and Kubernetes
RKE provides the following network plug-ins that are deployed as add-ons:
After you launch the cluster, you cannot change your network provider. Therefore, choose which network provider you want to use carefully, as Kubernetes doesn’t allow switching between network providers. Once a cluster is created with a network provider, changing network providers would require you tear down the entire cluster and all its applications.
By default, the network plug-in is canal. If you want to use another network plug-in, you need to specify which network plug-in to enable at the cluster level in the cluster.yml.
canal
cluster.yml
# Setting the flannel network plug-in network: plugin: flannel
The images used for network plug-ins are under the system_images directive. For each Kubernetes version, there are default images associated with each network plug-in, but these can be overridden by changing the image tag in system_images.
system_images
You can disable deploying a network plug-in by specifying none to the network plugin directive in the cluster configuration.
none
plugin
network: plugin: none
Besides the different images that could be used to deploy network plug-ins, certain network plug-ins support additional options that can be used to customize the network plug-in.
network: plugin: canal options: canal_iface: eth1 canal_flannel_backend_type: vxlan canal_autoscaler_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+ canal_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+
By setting the canal_iface, you can configure the interface to use for inter-host communication.
canal_iface
The canal_flannel_backend_type option allows you to specify the type of flannel backend to use. By default the vxlan backend is used.
canal_flannel_backend_type
vxlan
Available as of v1.2.4
The configured tolerations apply to the calico-kube-controllers Deployment.
calico-kube-controllers
network: plugin: canal tolerations: - key: "node.kubernetes.io/unreachable" operator: "Exists" effect: "NoExecute" tolerationseconds: 300 - key: "node.kubernetes.io/not-ready" operator: "Exists" effect: "NoExecute" tolerationseconds: 300
To check for applied tolerations on the calico-kube-controllers Deployment, use the following command:
kubectl -n kube-system get deploy calico-kube-controllers -o jsonpath='{.spec.template.spec.tolerations}'
network: plugin: flannel options: flannel_iface: eth1 flannel_backend_type: vxlan flannel_autoscaler_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+ flannel_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+
By setting the flannel_iface, you can configure the interface to use for inter-host communication. The flannel_backend_type option allows you to specify the type of flannel backend to use. By default the vxlan backend is used.
flannel_iface
flannel_backend_type
network: plugin: calico options: calico_cloud_provider: aws calico_autoscaler_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+ calico_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+
Calico currently only supports 2 cloud providers, AWS or GCE, which can be set using calico_cloud_provider.
calico_cloud_provider
Valid Options
aws
gce
network: plugin: calico tolerations: - key: "node.kubernetes.io/unreachable" operator: "Exists" effect: "NoExecute" tolerationseconds: 300 - key: "node.kubernetes.io/not-ready" operator: "Exists" effect: "NoExecute" tolerationseconds: 300
network: plugin: weave options: weave_autoscaler_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+ weave_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+ weave_network_provider: password: "Q]SZOQ5wp@n$oijz"
Weave encryption can be enabled by passing a string password to the network provider config.
It is possible to add a custom network plug-in by using the user-defined add-on functionality of RKE. In the addons field, you can add the add-on manifest of a cluster that has the network plugin-that you want, as shown in this example.
addons