rke canal cni flannel options

Created on 8 Feb 2019 · 7Comments · Source: rancher/rke

rke network-plugins documentation:
https://rancher.com/docs/rke/v0.1.x/en/config-options/add-ons/network-plugins/

paste from the documentation:

Canal Network Plug-in Options

network:
    plugin: canal
    options:
        canal_iface: eth1
        canal_flannel_backend_type: vxlan

But the question is how to configure other "canal_flannel_backend" options? For example if one sets "canal_flannel_backend_type" to "ipsec" (https://github.com/coreos/flannel/blob/master/Documentation/backends.md#ipsec), one needs to also configure "PSK", which is a required setting, and optionally also "UDPEncap" and "ESPProposal" settings.

Is it currently possible to use and configure canal_flannel_backend_types other than vxlan?

In some scenarios it's a requirement to encrypt all the networking between the kubernetes nodes, thus for example flannel ipsec backend would allow doing that.

Thanks!

kinenhancement priorit1 statustale teaca

Source

pasikarkkainen

Most helpful comment

Can we also support Flannel DirectRouting option which is really useful when all your nodes are on the same subnet. Thanks.

tlvenn on 24 Apr 2019

👍8

All 7 comments

According to https://github.com/rancher/rke/blob/master/cluster/network.go#L186-L188, it seems that it's only possible to set "Type" parameter and nothing else.

I'm also interested in setting flannel with ipsec backend, so I don't need to configure the VPN on my own underneath.

invidian on 16 Feb 2019

pull request

https://github.com/rancher/rke/pull/1142

rafal-prasal on 18 Feb 2019

Can we also support Flannel DirectRouting option which is really useful when all your nodes are on the same subnet. Thanks.

tlvenn on 24 Apr 2019

👍8

This issue/PR has been automatically marked as stale because it has not had activity (commit/comment/label) for 60 days. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.