A Tanzu Kubernetes Grid Service cluster provisioned by the Tanzu Kubernetes Grid Service supports two CNI options: Antrea (default) and Calico. Both are open-source software that provide networking for cluster pods, services, and ingress.

Tanzu Kubernetes Grid Service clusters provisioned by the Tanzu Kubernetes Grid Service support the following Container Network Interface (CNI) options:
Antrea is the default CNI for new Tanzu Kubernetes Grid Service clusters. If you are using Antrea, you do not have to specify it as the CNI during cluster provisioning. To use Calico as the CNI you have two options:
Note: The use of Antrea as the default CNI requires a minimum version of the OVA file for Tanzu Kubernetes Grid Service clusters. See Verify Tanzu Kubernetes Cluster Compatibility for Update.

The table summarizes Tanzu Kubernetes Grid Service cluster networking features and their implementation.

Table 1. Tanzu Kubernetes Grid Service Cluster Networking
Endpoint Provider Description
Pod connectivity Antrea or Calico Container network interface for pods. Antrea uses Open vSwitch. Calico uses the Linux bridge with BGP.
Service type: ClusterIP Antrea or Calico Default Kubernetes service type that is only accessible from within the cluster.
Service type: NodePort Antrea or Calico Allows external access through a port opened on each worker node by the Kubernetes network proxy.
Service type: LoadBalancer NSX-T load balancer, NSX Advanced Load Balancer, HAProxy For NSX-T, one virtual server per service type definition. For NSX Advanced Load Balancer, refer to that section of this documentation.
Note: Some load balancing features may not be available with HAProxy, such as support for static IPs.
Cluster ingress Third-party ingress controller Routing for inbound pod traffic; you can use any third-party ingress controller, such as Contour.
Network policy Antrea or Calico Controls what traffic is allowed to and from selected pods and network endpoints. Antrea uses Open vSwitch. Calico uses Linux IP tables.