RKE provides the following network plug-ins that are deployed as add-ons:

  • Flannel
  • Calico
  • Canal
  • Weave

After you launch the cluster, you cannot change your network provider. Therefore, choose which network provider you want to use carefully, as Kubernetes doesn’t allow switching between network providers. Once a cluster is created with a network provider, changing network providers would require you tear down the entire cluster and all its applications.

Changing the Default Network Plug-in

By default, the network plug-in is canal. If you want to use another network plug-in, you need to specify which network plug-in to enable at the cluster level in the cluster.yml.

# Setting the flannel network plug-in
network:
  plugin: flannel

The images used for network plug-ins are under the system_images directive. For each Kubernetes version, there are default images associated with each network plug-in, but these can be overridden by changing the image tag in system_images.

Disabling Deployment of a Network Plug-in

You can disable deploying a network plug-in by specifying none to the network plugin directive in the cluster configuration.

network:
  plugin: none

Network Plug-in Options

Besides the different images that could be used to deploy network plug-ins, certain network plug-ins support additional options that can be used to customize the network plug-in.

Canal

Canal Network Plug-in Options

network:
  plugin: canal
  options:
    canal_iface: eth1
    canal_flannel_backend_type: vxlan
    canal_autoscaler_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+
    canal_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+

Canal Interface

By setting the canal_iface, you can configure the interface to use for inter-host communication.

The canal_flannel_backend_type option allows you to specify the type of flannel backend to use. By default the vxlan backend is used.

Canal Network Plug-in Tolerations

Available as of v1.2.4

The configured tolerations apply to the calico-kube-controllers Deployment.

network:
  plugin: canal
  tolerations:
  - key: "node.kubernetes.io/unreachable"
    operator: "Exists"
    effect: "NoExecute"
    tolerationseconds: 300
  - key: "node.kubernetes.io/not-ready"
    operator: "Exists"
    effect: "NoExecute"
    tolerationseconds: 300

To check for applied tolerations on the calico-kube-controllers Deployment, use the following command:

kubectl -n kube-system get deploy calico-kube-controllers -o jsonpath='{.spec.template.spec.tolerations}'

Flannel

Flannel Network Plug-in Options

network:
  plugin: flannel
  options:
    flannel_iface: eth1
    flannel_backend_type: vxlan
    flannel_autoscaler_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+
    flannel_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+

Flannel Interface

By setting the flannel_iface, you can configure the interface to use for inter-host communication. The flannel_backend_type option allows you to specify the type of flannel backend to use. By default the vxlan backend is used.

Calico

Calico Network Plug-in Options

network:
  plugin: calico
  options:
    calico_cloud_provider: aws
    calico_autoscaler_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+
    calico_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+

Calico Cloud Provider

Calico currently only supports 2 cloud providers, AWS or GCE, which can be set using calico_cloud_provider.

Valid Options

  • aws
  • gce

Calico Network Plug-in Tolerations

Available as of v1.2.4

The configured tolerations apply to the calico-kube-controllers Deployment.

network:
  plugin: calico
  tolerations:
  - key: "node.kubernetes.io/unreachable"
    operator: "Exists"
    effect: "NoExecute"
    tolerationseconds: 300
  - key: "node.kubernetes.io/not-ready"
    operator: "Exists"
    effect: "NoExecute"
    tolerationseconds: 300

To check for applied tolerations on the calico-kube-controllers Deployment, use the following command:

kubectl -n kube-system get deploy calico-kube-controllers -o jsonpath='{.spec.template.spec.tolerations}'

Weave

Weave Network Plug-in Options

network:
  plugin: weave
  options:
    weave_autoscaler_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+
    weave_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+
  weave_network_provider:
    password: "Q]SZOQ5wp@n$oijz"

Weave Encryption

Weave encryption can be enabled by passing a string password to the network provider config.

Custom Network Plug-ins

It is possible to add a custom network plug-in by using the user-defined add-on functionality of RKE. In the addons field, you can add the add-on manifest of a cluster that has the network plugin-that you want, as shown in this example.