cni
The current DOK version only supports flannel/calico/multus. In the future development plan, more CNI plug-in options will be introduced.
Deploying flannel in DOK is done by executing commands similar to kubectl apply -f fannel.yaml
on the master0 node.
The similarities and differences of the different types of CNI are as follows:
- Overlay: rely on the tunnel to get through, not rely on the underlying network
- Routing: rely on routing to get through, partly rely on the underlying network
- Underlay: rely on the underlying network to get through, strongly rely on the underlying network
Please refer to the chapter on Flannel.
- Calico currently only supports TCP, UDP, ICMP, and ICMPv6 protocols. If you use other four-layer protocols (such as NetBIOS protocol), it is recommended to use other overlay network implementations such as weave and native overlay.
- The communication is realized on the basis of three layers, and there is no encrypted packaging on the second layer, so it can only be used on private and reliable networks.
- Traffic isolation is implemented based on iptables, and the isolation rules that need to be generated are obtained from etcd, which has some hidden dangers in performance.
The kube-ovn installation script has been built into the DOK installation package. Users can create a cluster without CNI and install it manually, or specify --cni
to install kube-ovn as a network plug-in when creating a cluster.
If the network plug-in is not actively selected when the cluster is installed for the first time, flannel will be the default CNI. If you want to install the multi-NIC network plug-in multus after the cluster is created, you can use the following method. More detailed multus For testing, please refer to multus docs
# run on master0
kubectl -f /root/dok-release/network/multus-daemonset.yml
The default network plugin is flannel. If you want to modify the network plugin after the cluster is created and the application is deployed, there is a certain risk.