A TKG cluster provisioned by the TKG supports two CNI options: Antrea (default) and Calico. Both are open-source software that provide networking for cluster pods, services, and ingress.
TKG clusters provisioned by the
TKG support the following
Container Network Interface (CNI) options:
Antrea is the default CNI for new
TKG clusters. If you are using Antrea, you do not have to specify it as the CNI during cluster provisioning. To use Calico as the CNI you have two options:
- Specify the CNI directly in the cluster YAML. See v1alpha3 Example: TKC with Custom Network.
- Change the default CNI. See v1beta1 Example: Cluster with Calico CNI.
Note: The use of Antrea as the default CNI requires a minimum version of the OVA file for
TKG clusters. See
Updating TKG 2 Clusters on Supervisor.
The table summarizes TKG cluster networking features and their implementation.
| Endpoint | Provider | Description |
|---|---|---|
| Pod connectivity | Antrea or Calico | Container network interface for pods. Antrea uses Open vSwitch. Calico uses the Linux bridge with BGP. |
| Service type: ClusterIP | Antrea or Calico | Default Kubernetes service type that is only accessible from within the cluster. |
| Service type: NodePort | Antrea or Calico | Allows external access through a port opened on each worker node by the Kubernetes network proxy. |
| Service type: LoadBalancer | NSX-T load balancer, NSX Advanced Load Balancer, HAProxy | For NSX-T, one virtual server per service type definition. For NSX Advanced Load Balancer, refer to that section of this documentation.
Note: Some load balancing features may not be available with HAProxy, such as support for static IPs.
|
| Cluster ingress | Third-party ingress controller | Routing for inbound pod traffic; you can use any third-party ingress controller, such as Contour. |
| Network policy | Antrea or Calico | Controls what traffic is allowed to and from selected pods and network endpoints. Antrea uses Open vSwitch. Calico uses Linux IP tables. |
