public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-05-17 02:23:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added new section for workaround, added link to it from RKE2 config page

Browse Source
This commit is contained in:
Jennifer Travinski
2022-02-17 15:41:39 -05:00
parent cfcdec188d
commit ffb25ab379
2 changed files with 23 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
content/rancher/v2.6/en/cluster-admin/editing-clusters/rke2-config-reference/_index.md
+4 -2
View File
@@ -33,10 +33,12 @@ The [Network Provider](https://kubernetes.io/docs/concepts/cluster-administratio
Out of the box, Rancher is compatible with the following network providers:
- [Canal](https://github.com/projectcalico/canal)
- [Cilium](https://cilium.io/)
- [Cilium](https://cilium.io/)*
- [Calico](https://docs.projectcalico.org/v3.11/introduction/)
- [Multus](https://github.com/k8snetworkplumbingwg/multus-cni)
\* When using [project network isolation](#project-network-isolation) in the [Cilium CNI]({{<baseurl>}}/rancher/v2.6/en/faq/networking/cni-providers/#cilium), it is possible to enable cross-node ingress routing. Click the [CNI provider docs]({{<baseurl>}}/rancher/v2.6/en/faq/networking/cni-providers/#ingress-routing-across-nodes-in-cilium) to learn more.
For more details on the different networking providers and how to configure them, please view our [RKE2 documentation](https://docs.rke2.io/install/network_options/).
#### Cloud Provider
@@ -139,7 +141,7 @@ Select the image repository to pull Rancher images from. For more details and co
### Upgrade Strategy
#### Controle Plane Concurrency
#### Control Plane Concurrency
Select how many nodes can be upgraded at the same time. Can be a fixed number or percentage.
content/rancher/v2.6/en/faq/networking/cni-providers/_index.md
+19
View File
@@ -124,6 +124,25 @@ Cilium enables networking and network policies (L3, L4, and L7) in Kubernetes. B
Cilium recommends kernel versions greater than 5.2 to be able to leverage the full potential of eBPF. Kubernetes workers should open TCP port `8472` for VXLAN and TCP port `4240` for health checks. In addition, ICMP 8/0 must be enabled for health checks. For more information, check [Cilium System Requirements](https://docs.cilium.io/en/latest/operations/system_requirements/#firewall-requirements).
#### Ingress Routing Across Nodes in Cilium
<br>
By default, Cilium does not allow pods to contact pods on other nodes. To work around this, enable the ingress controller to route requests across nodes with a `CiliumNetworkPolicy`.
After selecting the Cilium CNI and enabling Project Network Isolation for your new cluster, configure as follows:
```
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: hn-nodes
namespace: default
spec:
endpointSelector: {}
ingress:
- fromEntities:
- remote-node
```
## CNI Features by Provider
The following table summarizes the different features available for each CNI network provider provided by Rancher.