Skip to main content

Antrea CNI

Palette supports Antrea controller network interface (CNI) for VMware Kubernetes clusters. Antrea CNI enables each pod to have exclusive IP addresses from the subnet with direct accessibility.

Antrea leverages Open vSwitch to implement pod networking and security features. Open vSwitch enables Antrea to implement Kubernetes network policies efficiently.

Supported Versions

1.9.x

Prerequisites

  • Enable the integrated NodeIPAM controller in the Antrea manifest: NodeIPAM:enable.


  • When deploying a cluster using Palette, use the podCIDR parameter in the Pack section of the Kubernetes manifest. The classless inter-domain routing (CIDR) IP specified in the Kubernetes manifest always takes precedence.


  • When deploying a cluster using kubeadm init to use Antrea CIDRs, you would specify the --pod-network-cidr <cidr> option and provide the IP address with the CIDR. For example:


    --pod-network-cidr=10.244.0.0/16


caution

The CIDR IP specified in Palette using the podCIDR parameter in the Kubernetes manifest always takes precedence.

If you wish to use Antrea CIDRs, the podCIDR and serviceCIDR parameters must be blank in the Kubernetes manifest.

To avoid overlapping your pod network with any of your host networks, you should think of a suitable CIDR block to specify if you deploy a cluster using kubeadm init or as a replacement in your network plugin's YAML.


  • The Open vSwitch kernel module must be present on every Kubernetes node.

Parameters

The Antrea CNI pack supports the following parameters.

ParameterDescriptionRequired (Y/N)
nodeIPAM:enableEnables the integrated NodeIPAM controller in the Antrea manifest. The default is false.Y
clusterCIDRsCIDR ranges for pods in the cluster. The CIDRs can be either IPv4 or IPv6. You can specify up to one CIDR for each IP family.N
serviceCIDRIPv4 CIDR ranges reserved for Services.N
serviceCIDRv6IPv6 CIDR ranges reserved for Services.N
nodeCIDRMaskSizeIPv4Mask size for IPv4 Node CIDR in IPv4 or dual-stack cluster.N
nodeCIDRMaskSizeIPv6Mask size for IPv6 Node CIDR in IPv6 or dual-stack cluster.N
NodeIPAMThe feature toggle for antrea-controller. The default is false. If you use CIDR ranges, set this to true.N
ServiceExternalIPThe feature toggle for antrea-agent and antrea-controller. If you use the LoadBalancer service, set this to true.N

Usage

Kubernetes network policies are supported by default.

Antrea supports LoadBalancer services. Typically, implementing LoadBalancer services requires an external load balancer that is implemented by the Kubernetes cloud provider.

Antrea provides two options for supporting LoadBalancer services without using an external load balancer:


  • Using Antrea’s built-in external IP management for Services of type LoadBalancer.

  • Leveraging MetalLB.

For detailed information, refer to Antrea’s Service of type LoadBalancer documentation.

To learn more about using MetalLB, review Using MetalLB with Antrea.


Troubleshooting

If routing problems occur or some hosts cannot communicate outside their subnet, this indicates overlapping IP addresses or conflicting CIDR IPs.

Ensure you have provided a non-overlapping IP address for your pod network in Palette's Kubernetes manifest using the podCIDR parameter. The CIDR IP specified with the podCIDR parameter in the Kubernetes manifest always takes precedence.

If you wish to use Antrea CIDRs and have deployed a cluster using Palette, ensure that you have done the following:

  • Removed any value for podCIDR and serviceCIDR in the Kubernetes manifest.
  • Provided a non-overlapping IP address for your pod network.

Terraform

You can reference the Antrea CNI pack in Terraform with a data resource.

data "spectrocloud_registry" "public_registry" {
name = "Public Repo"
}

data "spectrocloud_pack_simple" "antrea" {
name = "antrea"
version = "1.9.0"
type = "helm"
registry_uid = data.spectrocloud_registry.public_registry.id
}

References