Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reconsider using Canal CNI or document the reasoning behind it #256

Closed
xmudrii opened this issue Mar 12, 2019 · 5 comments · Fixed by #432
Closed

Reconsider using Canal CNI or document the reasoning behind it #256

xmudrii opened this issue Mar 12, 2019 · 5 comments · Fixed by #432
Milestone
v0.7

Comments

@xmudrii
Copy link
Member

xmudrii commented Mar 12, 2019

Previously we used Flannel as a CNI plugin but later we switched to Canal as it provides NetworkPolicies. The switch to Canal was made in #123 and was proposed in the issue #122.

After discussion, it's decided that we should reconsider using Canal, as other CNIs are more feature complete and more secure. For example, WeaveNet includes encryption of the CNI network. If we decide to continue using Canal we should document our reasoning behind that.
@kron4eg
Copy link
Member

kron4eg commented Mar 14, 2019

https://itnext.io/benchmark-results-of-kubernetes-network-plugins-cni-over-10gbit-s-network-36475925a560

More or less all the CNI plugins are the same in terms of speed, expect weavenet+encryption.

Also weavenet since that post got support for Egress NetworkPolicies

@xmudrii xmudrii added this to the Someday milestone Mar 18, 2019
@mrIncompetent mrIncompetent modified the milestone: Someday Apr 17, 2019
@xmudrii xmudrii modified the milestones: Someday, v0.7.0 Apr 25, 2019
@kron4eg kron4eg modified the milestones: v0.7.0, v0.8.0 May 5, 2019
@kron4eg kron4eg mentioned this issue May 11, 2019
Merged
@xmudrii xmudrii modified the milestones: v0.8.0, v0.7.0 May 13, 2019
@edernucci
Copy link

@kron4eg is it ready to use on 0.9?

@kron4eg
Copy link
Member

kron4eg commented Jul 11, 2019

Yes, absolutely.

@edernucci
Copy link

@kron4eg I have searched (https://github.com/kubermatic/kubeone/search?q=weave&unscoped_q=weave) but didn't find any docs on how to enable it.

Can you give me a briefing?

@kron4eg
Copy link
Member

kron4eg commented Jul 11, 2019

@edernucci using kubeone config print --full you could get full example config (template for it is here: https://github.com/kubermatic/kubeone/blob/master/pkg/cmd/config.go#L422) so to enable weave flag need to be specified.

Here is concrete example:

clusterNetwork:
  cni:
    provider: weave-net
    encrypted: true # this is optionally, can be omitted (which means disabled)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.7
Development

Successfully merging a pull request may close this issue.

Add weave-net as an alternative CNI plugin kubermatic/kubeone
4 participants
@kron4eg @edernucci @mrIncompetent @xmudrii