KET uses CNI as the solution for cluster networking, and it supports multiple CNI providers out of the box. Choosing the CNI provider will depend on your specific infrastructure and application needs.
The CNI provider is exposed as an Add-On in the KET plan file via the
add_ons.cni.provider field. See the CNI Add-On reference documentation
for more information on how to configure CNI.
The default CNI provider used by KET is Calico for the following reasons:
- Strong network policy support: it supports granular network policy for true SDN patterns at the Pod level.
- Based on routable, layer 2/3 primitives, instead of overlays/encapsulation, making any network debugging much easier and predictable
- Supported by a commercial entity with years of operational experience
However, other CNI plugins provide features and compatibility that may be more appropriate for your particular cloud or architecture requirements.
The following table attempts to list key characteristics of each supported implementation.
| Calico | Weave | Contiv | |
|---|---|---|---|
| Data Path Technique | L3 with BGP Peering or IPIP Encapsulation | UDP Encapsulation | VXLAN |
| Requires etcd cluster | Yes | No | Yes |
| Multicast Support | No | Yes | Yes |
| Ingress Policy | Yes | Yes | Yes1 |
| Egress Policy | Yes | No | Yes |
| Can Encrypt Traffic | No | Yes | No |
1. Contiv does not support the Kubernetes Network Policy API. It uses a custom mechanism for applying policy.
Calicoctl is the command-line utility for managing the Calico network.
If you need to troubleshoot calico, using calicoctl will be useful. This is a quick command that you can use to run calicoctl:
docker run -i \
--net host \
-v /etc/kubernetes:/etc/kubernetes \
-v /etc/calico/calicoctl.cfg:/etc/calico/calicoctl.cfg \
calico/ctl:v1.1.0
Links:
- Troubleshooting docs: http://docs.projectcalico.org/v2.3/usage/troubleshooting/
- Reference docs: http://docs.projectcalico.org/v2.3/reference/
Links:
- How it works: https://www.weave.works/docs/net/latest/concepts/how-it-works/
- Operational Guide: https://www.weave.works/docs/net/latest/operational-guide/
- Troubleshooting: https://www.weave.works/docs/net/latest/troubleshooting/
KET supports Contiv as a "preview", as it is still under active development.
The following are known issues you should be aware of if you choose to install Contiv:
- contiv/netplugin#940
- contiv/netplugin#937
- contiv/netplugin#871
- contiv/netplugin#777
- contiv/netplugin#942
Useful Links: