From 57ca4dd1df1a30e6de9ec25886e3abc92d2c1dee Mon Sep 17 00:00:00 2001 From: eaudetcobello Date: Wed, 8 Jan 2025 14:09:40 -0500 Subject: [PATCH] Alternative CNI How-to (#900) --- .../snap/howto/networking/alternative-cni.md | 133 ++++++++++++++++++ docs/src/snap/howto/networking/index.md | 1 + 2 files changed, 134 insertions(+) create mode 100644 docs/src/snap/howto/networking/alternative-cni.md diff --git a/docs/src/snap/howto/networking/alternative-cni.md b/docs/src/snap/howto/networking/alternative-cni.md new file mode 100644 index 000000000..53f100f54 --- /dev/null +++ b/docs/src/snap/howto/networking/alternative-cni.md @@ -0,0 +1,133 @@ +# How to use an alternative CNI + +While {{product}} ships with a default [Container Network Interface] (CNI) that +we ensure is fully compatible with our distribution, it's possible to use a +different CNI plugin for your specific networking requirements. This guide +explains how to safely replace the default CNI with an alternative solution. + +## Prerequisites + +This guide assumes the following: + +- Root or sudo access to the machine. +- Basic understanding of Kubernetes networking concepts. +- Basic knowledge of [Helm]. + +## Disable default network implementation + +For an existing cluster, disable the default network +plugin: + +``` +sudo k8s disable ingress gateway network +``` + +For a new cluster, create a bootstrap configuration that disables networking: + +``` +cat < bootstrap-config.yaml +cluster-config: + network: + enabled: false +EOF +``` + +Then, bootstrap the cluster with this configuration: + +``` +sudo k8s bootstrap --file bootstrap-config.yaml +``` + +## Configure Helm repository + +Add the CNI's Helm repository to {{product}}'s Helm installation. This guide +uses [Calico] as an example: + +``` +sudo k8s helm repo add projectcalico https://docs.tigera.io/calico/charts +``` + +## Install alternative CNI + +Create a values file with the basic configuration for Calico: + +``` +cat < values.yaml +apiServer: + enabled: false +calicoctl: + image: ghcr.io/canonical/k8s-snap/calico/ctl + tag: v3.28.0 +installation: + calicoNetwork: + ipPools: + - cidr: 10.1.0.0/16 + encapsulation: VXLAN + name: ipv4-ippool + registry: ghcr.io/canonical/k8s-snap +serviceCIDRs: +- 10.152.183.0/24 +tigeraOperator: + image: tigera/operator + registry: ghcr.io/canonical/k8s-snap + version: v1.34.0 +EOF +``` + +After saving the values file, create the required namespace: + +``` +sudo k8s kubectl create namespace tigera-operator +``` + +Deploy Calico using Helm: + +``` +sudo k8s helm install calico projectcalico/tigera-operator --version v3.28.0 -f values.yaml --namespace tigera-operator +``` + +## Verify deployment + +Monitor the status of the calico pods: + +``` +watch sudo k8s kubectl get pods -n calico-system +``` + +If Calico is deployed successfully, the output will be similar to: + +``` +NAME READY STATUS RESTARTS AGE +calico-kube-controllers-7bc846689c-9p2kp 1/1 Running 0 22h +calico-node-2bm8m 1/1 Running 0 22h +calico-typha-56f55cb75-cj2jk 1/1 Running 0 22h +csi-node-driver-vth9t 2/2 Running 0 22h +``` + +## Reverting + +If the deployment does not work as expected, you can always revert to the +default networking configuration. + +Remove all resources associated with Calico: + +``` +sudo k8s helm uninstall calico --namespace tigera-operator +``` + +Remove the alternative CNI's namespace: + +``` +sudo k8s kubectl delete namespace tigera-operator +``` + +Enable the default networking features: + +``` +sudo k8s enable ingress gateway network +``` + + +[Container Network Interface]: https://github.com/containernetworking/cni +[Calico]: https://docs.tigera.io/ +[Helm]: https://helm.sh/docs diff --git a/docs/src/snap/howto/networking/index.md b/docs/src/snap/howto/networking/index.md index d015577a2..15aa44450 100644 --- a/docs/src/snap/howto/networking/index.md +++ b/docs/src/snap/howto/networking/index.md @@ -15,6 +15,7 @@ Use default DNS Use default network Use default Ingress Use default load-balancer +Use an alternative CNI Enable Dual-Stack networking Set up an IPv6-only cluster Configure proxy settings