github.com/apprenda/kismatic@v1.12.0/docs/networking.md

github.com/apprenda/kismatic@v1.12.0/docs/networking.md (about)

     1  # Networking
     2  KET uses CNI as the solution for cluster networking, and it supports multiple
     3  CNI providers out of the box. Choosing the CNI provider will depend on your specific
     4  infrastructure and application needs. 
     5  
     6  The CNI provider is exposed as an Add-On in the KET plan file via the 
     7  `add_ons.cni.provider` field. See the [CNI Add-On reference documentation](add_ons.md#cni)
     8  for more information on how to configure CNI.
     9  
    10  
    11  ### Default CNI Provider
    12  The default CNI provider used by KET is Calico for the following reasons:
    13  * Strong network policy support: it supports granular network policy for true SDN patterns at the Pod level.
    14  * Based on routable, layer 2/3 primitives, instead of overlays/encapsulation, making any network debugging much easier and predictable
    15  * Supported by a commercial entity with years of operational experience
    16  
    17  However, other CNI plugins provide features and compatibility that may be more appropriate for your particular cloud or architecture requirements.
    18  
    19  ### CNI Provider Comparison
    20  The following table attempts to list key characteristics of each supported implementation.
    21  
    22  |  | [Calico](https://www.projectcalico.org/) | [Weave](https://www.weave.works/oss/net/) | [Contiv](https://contiv.github.io/) |
    23  |---|--------|-------|--------|
    24  | Data Path Technique | L3 with BGP Peering or IPIP Encapsulation | UDP Encapsulation | VXLAN |
    25  | Requires etcd cluster | Yes | No | Yes |
    26  | Multicast Support | No | Yes | Yes |
    27  | Ingress Policy | Yes | Yes | Yes<sup>1</sup> |
    28  | Egress Policy | Yes | No | Yes |
    29  | Can Encrypt Traffic | No | Yes | No |
    30  
    31  <sup>1. Contiv does not support the Kubernetes Network Policy API. It uses a custom mechanism for applying policy.</sup>
    32  
    33  ## Calico Notes
    34  Calicoctl is the command-line utility for managing the Calico network.
    35  
    36  If you need to troubleshoot calico, using calicoctl will be useful. This is
    37  a quick command that you can use to run calicoctl:
    38  ```
    39  docker run -i \
    40      --net host \
    41      -v /etc/kubernetes:/etc/kubernetes \
    42      -v /etc/calico/calicoctl.cfg:/etc/calico/calicoctl.cfg \
    43      calico/ctl:v1.1.0
    44  ```
    45  
    46  Links: 
    47  * Troubleshooting docs: http://docs.projectcalico.org/v2.3/usage/troubleshooting/
    48  * Reference docs: http://docs.projectcalico.org/v2.3/reference/
    49  
    50  ## Weave Notes
    51  
    52  Links:
    53  * How it works: https://www.weave.works/docs/net/latest/concepts/how-it-works/
    54  * Operational Guide: https://www.weave.works/docs/net/latest/operational-guide/
    55  * Troubleshooting: https://www.weave.works/docs/net/latest/troubleshooting/
    56  
    57  ## Contiv Notes
    58  KET supports Contiv as a "preview", as it is still under active development.
    59  
    60  The following are known issues you should be aware of if you choose to install Contiv:
    61  * https://github.com/contiv/netplugin/issues/940
    62  * https://github.com/contiv/netplugin/issues/937
    63  * https://github.com/contiv/netplugin/issues/871
    64  * https://github.com/contiv/netplugin/issues/777
    65  * https://github.com/contiv/netplugin/issues/942
    66  
    67  Useful Links:
    68  * Policies: https://contiv.github.io/documents/networking/policies.html
    69  * Admin guide: https://contiv.github.io/documents/admin/index.html
    70  * CLI reference: https://contiv.github.io/documents/reference/netctlcli.html