Container Network Interface

Container Network Interface

MKE supports Calico open-source as a Container Network Interface (CNI) plugin to enable the networking functionalities needed for container communication and management within a cluster.

⚠️
Calico configuration is not migrated during the MKE3 to MKE4 upgrade.

Configuration example

The network section of the MKE configuration file renders as follows:

network:
  serviceCIDR: 10.96.0.0/16
  nodePortRange: 32768-35535
  kubeProxy:
    disabled: false
    mode: iptables
    metricsbindaddress: 0.0.0.0:10249
    iptables:
      masqueradebit: null
      masqueradeall: false
      localhostnodeports: null
      syncperiod:
        duration: 0s
      minsyncperiod:
        duration: 0s
    ipvs:
      syncperiod:
        duration: 0s
      minsyncperiod:
        duration: 0s
      scheduler: ""
      excludecidrs: []
      strictarp: false
      tcptimeout:
        duration: 0s
      tcpfintimeout:
        duration: 0s
      udptimeout:
        duration: 0s
    nodeportaddresses: []
  nllb:
    disabled: true
  cplb:
    disabled: true
  providers:
  - provider: calico
    enabled: true
    CALICO_DISABLE_FILE_LOGGING: true
    CALICO_STARTUP_LOGLEVEL: DEBUG
    FELIX_LOGSEVERITYSCREEN: DEBUG
    clusterCIDRIPv4: 192.168.0.0/16
    deployWithOperator: false
    enableWireguard: false
    ipAutodetectionMethod: null
    mode: vxlan
    overlay: Always
    vxlanPort: 4789
    vxlanVNI: 10000
  - provider: kuberouter
    enabled: false
    deployWithOperator: false
  - provider: custom
    enabled: false
    deployWithOperator: false

Network configuration

The following table includes details on all of the configurable network fields.

FieldDescriptionValuesDefault
serviceCIDRSets the IPv4 range of IP addresses for services in a Kubernetes cluster.Valid IPv4 CIDR10.96.0.0/16
providersSets the provider for the active CNI.calicocalico

Providers configuration

The following table includes details on the configurable settings for the Calico provider.

FieldDescriptionValuesDefault
enabledSets the name of the external storage provider. AWS is currently the only available option.truetrue
clusterCIDRIPv4Sets the IP pool in the Kubernetes cluster from which Pods are allocated.Valid IPv4 CIDR192.168.0.0/16
ipAutodetectionMethodSets the autodetecting method for the IPv4 address for the host.Provider specific1None
modeSets the IPv4 overlay networking mode.2ipip, vxlanvxlan
vxlanPortSets the VXLAN port for the VXLAN mode.Valid port number4789
vxlanVNISets the VXLAN VNI for the VXLAN mode.Valid VNI number10000
CALICO_STARTUP_LOGLEVELSets the early log level for calico/node.Provider specific1DEBUG
FELIX_LOGSEVERITYSCREENSets the log level for calico/felix.Provider specific1DEBUG
ℹ️
  • MKE4 uses a static port range for Kubernetes NodePorts, from 32768 to 35535.
  • Following a successful MKE3 to MKE4 upgrade, a list displays that presents the ports that no longer need to be opened on manager or worker nodes. These ports can be blocked.

Limitations

  • MKE4 does not support Calico Enterprise.
  • Only clusters that use the default Kubernetes proxier iptables can be upgraded from MKE3 to MKE4.
  • As MKE4 uses KDD as a networking datastore, you may notice degraded networking performance degradation on cluster sizes in excess of 100 nodes.
  • Only KDD-backed MKE3 clusters can be upgraded to MKE4.

  1. Refer to your Calico provider documentation for the available values. ↩︎ ↩︎ ↩︎

  2. MKE4 does not support mode field modifications following installation. ↩︎

Last updated on