Kubernetes networking with Edera

1 min read · Intermediate

Developer Platform Engineer Security

Kubernetes networking with Edera

For Edera-managed pods, Edera should seamlessly use your existing cluster CNI configuration to set up networking for Edera pods.

The following CNIs have been tested with Edera:

Cilium

Both IPv4 and IPv6 mode supported.

⚠️

When using Cilium’s kube-proxy-replacement with Edera, the in-pod socket-level loadbalancer must be disabled for pods by configuring Cilium with socketLB.hostNamespaceOnly=true.

See upstream Cilium docs for more details.

Flannel

Both IPv4 and IPv6 mode supported.

AWS VPC-CNI

Both IPv4 and IPv6 mode supported.

ipvlan

L2, L3, and L3s modes are supported, under both IPv4 and IPv6.

Currently, Edera does not support Multus or CNI configurations that configure multiple links for a single pod.

If there is a CNI misconfiguration, the protect-cri systemd service should report the error and fail to start.

You can check the status of protect-cri with sudo systemctl status protect-cri on an Edera-enabled node.

Note that if your CNI setup uses nonstandard CNI plugin binary or configuration paths, you will need to update /var/lib/edera/protect/cri.toml with the nonstandard paths, and restart the protect-cri service via sudo systemctl restart protect-cri.

See also

cri.toml - to configure Edera with nonstandard CRI config/plugin paths.

Last updated on