stackoom
  简体   繁体   中英

Is it possible to change the CNI plugin to Calico in GKE?

 原文  2021-09-29 17:54:35       google-cloud-platform/ google-kubernetes-engine/ calico

Question

It seems like EKS (AWS) has the support for some CNIs here but we couldn't find any similar doc for GKE (GCP)

is it possible to change the CNI plugins of GKE clusters? Can I change the CNI of our GKE v1.18.x cluster to Calico with IP-in-IP encapsulation?

2 answers

solution1
 1  2021-09-30 10:30:19

GKE has built-in support for Calico via.network policy enforcement in clusters which are not using Dataplane V2.

You can enable.network policy enforcement on an existing cluster:

gcloud container clusters update CLUSTER_NAME --update-addons=NetworkPolicy=ENABLED

and then enable it for existing nodepools (which will be recreated):

gcloud container clusters update CLUSTER_NAME --enable-network-policy

This actually installs Calico so you should have access to the entire Calico API.

solution2
 1  2021-09-30 22:33:22

As is mentioned in the feedback from Gari you can follow the next steps in order to enabled the.network policy enforcement.

Enabling.network policy enforcement

Network policy enforcement is built into GKE Dataplane V2. You do not need to enable.network policy enforcement in clusters that use GKE Dataplane V2.

When you enable.network policy enforcement in a GKE cluster that doesn't use GKE Dataplane V2, GKE manages and enforces.network policies within that cluster.

Caution:

By default, enabling.network policy enforcement for your cluster also enables enforcement for the cluster's nodes.

You can enable.network policy enforcement in GKE by using the gcloud tool, the Google Cloud Console, or the GKE API.

To enable.network policy enforcement when creating a new cluster, run the following command:

gcloud container clusters create CLUSTER_NAME --enable-network-policy

Replace CLUSTER_NAME with the name of the new cluster.

To enable.network policy enforcement for an existing cluster, perform the following tasks:

  1. Run the following command to enable the add-on:
gcloud container clusters update CLUSTER_NAME --update-addons=NetworkPolicy=ENABLED

Replace CLUSTER_NAME with the name of the cluster.

  1. Run the following command to enable.network policy enforcement on your cluster, which in turn recreates your cluster's node pools with.network policy enforcement enabled:
gcloud container clusters update CLUSTER_NAME --enable-network-policy

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Change GKE cluster name static/whereabouts IPAM cni plugins bin files are missing after installation in GKE on Prem Change the CIDR subnet of GKE cluster GKE jenkins kubernetes plugin node selector not working How to use OPA Gatekeeper to change GKE deployments? Is it possible to use Cloud NAT with public GKE Cluster? Is it possible to have multiple ingress resources with a single GKE ingress controller How to permanently change sysctl settings on a GKE host node? Failed to pull image "velero/velero-plugin-for-gcp:v1.1.0" while installing Velero in GKE Cluster Jenkins plugin to generate kube config for kubectl after changes to kubectl authentication for GKE
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM