是否可以将 CNI 插件更改为 GKE 中的 Calico?
[英]Is it possible to change the CNI plugin to Calico in GKE?
问题描述
It seems like EKS (AWS) has the support for some CNIs here but we couldn't find any similar doc for GKE (GCP)
似乎 EKS (AWS) 在这里支持某些 CNI,但我们找不到 GKE (GCP) 的任何类似文档
is it possible to change the CNI plugins of GKE clusters?是否可以更改 GKE 集群的 CNI 插件? Can I change the CNI of our GKE v1.18.x cluster to Calico with IP-in-IP encapsulation?我可以将我们的 GKE v1.18.x 集群的 CNI 更改为具有 IP-in-IP 封装的 Calico 吗?
2 个解决方案
解决方案1
1 2021-09-30 10:30:19
GKE has built-in support for Calico via.network policy enforcement in clusters which are not using Dataplane V2. GKE 在未使用 Dataplane V2 的集群中内置了对 Calico via.network 策略实施的支持。
You can enable.network policy enforcement on an existing cluster:您可以在现有集群上启用网络策略实施:
gcloud container clusters update CLUSTER_NAME --update-addons=NetworkPolicy=ENABLED
and then enable it for existing nodepools (which will be recreated):然后为现有节点池启用它(将重新创建):
gcloud container clusters update CLUSTER_NAME --enable-network-policy
This actually installs Calico so you should have access to the entire Calico API.这实际上安装了 Calico,因此您应该可以访问整个 Calico API。
解决方案2
1 2021-09-30 22:33:22
As is mentioned in the feedback from Gari you can follow the next steps in order to enabled the.network policy enforcement.正如 Gari 的反馈中所提到的,您可以按照接下来的步骤来启用 the.network 策略实施。
Enabling.network policy enforcement 启用网络策略实施
Network policy enforcement is built into GKE Dataplane V2.网络策略实施内置于 GKE Dataplane V2 中。 You do not need to enable.network policy enforcement in clusters that use GKE Dataplane V2.您无需在使用 GKE Dataplane V2 的集群中启用网络策略实施。
When you enable.network policy enforcement in a GKE cluster that doesn't use GKE Dataplane V2, GKE manages and enforces.network policies within that cluster.当您在不使用 GKE Dataplane V2 的 GKE 集群中启用网络政策实施时,GKE 会在该集群内管理和实施网络政策。
Caution:警告:
By default, enabling.network policy enforcement for your cluster also enables enforcement for the cluster's nodes.默认情况下,为您的集群启用网络策略实施也会为集群的节点启用实施。
You can enable.network policy enforcement in GKE by using the gcloud tool, the Google Cloud Console, or the GKE API.您可以使用 gcloud 工具、Google Cloud Console 或 GKE API 在 GKE 中启用网络策略实施。
To enable.network policy enforcement when creating a new cluster, run the following command:要在创建新集群时启用网络策略实施,请运行以下命令:
gcloud container clusters create CLUSTER_NAME --enable-network-policy
Replace CLUSTER_NAME with the name of the new cluster.将 CLUSTER_NAME 替换为新集群的名称。
To enable.network policy enforcement for an existing cluster, perform the following tasks:要为现有集群启用网络策略实施,请执行以下任务:
- Run the following command to enable the add-on:运行以下命令以启用加载项:
gcloud container clusters update CLUSTER_NAME --update-addons=NetworkPolicy=ENABLED
Replace CLUSTER_NAME with the name of the cluster.将 CLUSTER_NAME 替换为集群的名称。
- Run the following command to enable.network policy enforcement on your cluster, which in turn recreates your cluster's node pools with.network policy enforcement enabled:运行以下命令以在您的集群上启用网络策略实施,这会在启用网络策略实施的情况下重新创建集群的节点池:
gcloud container clusters update CLUSTER_NAME --enable-network-policy
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.