google kubernetes 引擎的网络插件
networking addon for google kubernetes engine
我只是在检查用于 google kubernetes engine 的网络驱动程序。似乎 calico 是网络策略的默认 GKE 驱动程序。
networkPolicyConfig: {}
clusterIpv4Cidr: 172.31.92.0/22
createTime: '2022-01-18T19:41:27+00:00'
--
networkPolicy:
enabled: true
provider: CALICO
是否可以更改 calico 并用其他 networking addon 代替 gke?
Calico 仅用于 GKE 中的网络策略。默认情况下,GKE 使用 Google 网络插件。您还可以选择启用基于 eBPF 的 Dataplane V2。
在这两种情况下,插件都由 Google 管理,您无法更改它们
补充;
您不能更改网络插件,但是如果您选择 disable Network Policy:
Note that this connectivity differs drastically depending on whether you use GKE's native Container Network Interface (CNI) or choose to use Calico's implementation by enabling Network policy when you create the cluster.
If you use GKE's CNI, one end of the Virtual Ethernet Device (veth) pair is attached to the Pod in its namespace, and the other is connected to the Linux bridge device cbr0.1 In this case, the following command shows the various Pods' MAC addresses attached to cbr0:
arp -n
Running the following command in the toolbox container shows the root namespace end of each veth pair attached to cbr0:
brctl show cbr0
If Network Policy is enabled, one end of the veth pair is attached to the Pod and the other to eth0. In this case, the following command shows the various Pods' MAC addresses attached to different veth devices:
arp -n
运行 工具箱容器中的以下命令显示没有名为 cbr0:
的 Linux 桥接设备
brctl show
The iptables rules that facilitate forwarding within the cluster differ from one scenario to the other. It is important to have this distinction in mind during detailed troubleshooting of connectivity issues.
另请查看有关 Migrating from Calico to Dataplane v.2 的文档,这也可能会影响网络。
此外,您可能还会发现 Network overview for GKE documentation 有用。
这里还有一个很详细的解释networking inside GKE.
我只是在检查用于 google kubernetes engine 的网络驱动程序。似乎 calico 是网络策略的默认 GKE 驱动程序。
networkPolicyConfig: {}
clusterIpv4Cidr: 172.31.92.0/22
createTime: '2022-01-18T19:41:27+00:00'
--
networkPolicy:
enabled: true
provider: CALICO
是否可以更改 calico 并用其他 networking addon 代替 gke?
Calico 仅用于 GKE 中的网络策略。默认情况下,GKE 使用 Google 网络插件。您还可以选择启用基于 eBPF 的 Dataplane V2。
在这两种情况下,插件都由 Google 管理,您无法更改它们
补充
您不能更改网络插件,但是如果您选择 disable Network Policy:
Note that this connectivity differs drastically depending on whether you use GKE's native Container Network Interface (CNI) or choose to use Calico's implementation by enabling Network policy when you create the cluster.
If you use GKE's CNI, one end of the Virtual Ethernet Device (
veth) pair is attached to the Pod in its namespace, and the other is connected to the Linux bridge device cbr0.1 In this case, the following command shows the various Pods' MAC addresses attached tocbr0:
arp -n
Running the following command in the toolbox container shows the root namespace end of each veth pair attached to
cbr0:
brctl show cbr0
If Network Policy is enabled, one end of the veth pair is attached to the Pod and the other to
eth0. In this case, the following command shows the various Pods' MAC addresses attached to different veth devices:
arp -n
运行 工具箱容器中的以下命令显示没有名为 cbr0:
brctl show
The iptables rules that facilitate forwarding within the cluster differ from one scenario to the other. It is important to have this distinction in mind during detailed troubleshooting of connectivity issues.
另请查看有关 Migrating from Calico to Dataplane v.2 的文档,这也可能会影响网络。
此外,您可能还会发现 Network overview for GKE documentation 有用。
这里还有一个很详细的解释networking inside GKE.