mirror of https://github.com/kubernetes/kops.git
111 lines
3.3 KiB
Markdown
111 lines
3.3 KiB
Markdown
### Weave
|
|
|
|
⚠ The Weave CNI is not supported for Kubernetes 1.23 or later.
|
|
|
|
#### Installation
|
|
|
|
To use the Weave, specify the following in the cluster spec.
|
|
|
|
```yaml
|
|
networking:
|
|
weave: {}
|
|
```
|
|
|
|
The following command sets up a cluster using Weave.
|
|
|
|
```sh
|
|
export ZONES=mylistofzone
|
|
kops create cluster \
|
|
--zones $ZONES \
|
|
--networking weave \
|
|
--yes \
|
|
--name myclustername.mydns.io
|
|
```
|
|
|
|
### Configuring Weave MTU
|
|
|
|
The Weave MTU is configurable by editing the cluster and setting `mtu` option in the weave configuration.
|
|
AWS VPCs support jumbo frames, so on cluster creation kOps sets the weave MTU to 8912 bytes (9001 minus overhead).
|
|
|
|
```yaml
|
|
spec:
|
|
networking:
|
|
weave:
|
|
mtu: 8912
|
|
```
|
|
|
|
### Configuring Weave Net EXTRA_ARGS
|
|
|
|
Weave allows you to pass command line arguments to weave by adding those arguments to the EXTRA_ARGS environmental variable.
|
|
This can be used for debugging or for customizing the logging level of weave net.
|
|
|
|
```yaml
|
|
spec:
|
|
networking:
|
|
weave:
|
|
netExtraArgs: "--log-level=info"
|
|
```
|
|
|
|
Note that it is possible to break the cluster networking if flags are improperly used and as such this option should be used with caution.
|
|
|
|
### Configuring Weave NPC EXTRA_ARGS
|
|
|
|
Weave-npc (the Weave network policy controller) allows you to customize arguments of the running binary by setting the EXTRA_ARGS environmental variable.
|
|
This can be used for debugging or for customizing the logging level of weave npc.
|
|
|
|
```yaml
|
|
spec:
|
|
networking:
|
|
weave:
|
|
npcExtraArgs: "--log-level=info"
|
|
```
|
|
|
|
Note that it is possible to break the cluster networking if flags are improperly used and as such this option should be used with caution.
|
|
|
|
### Configuring Weave network encryption
|
|
|
|
The Weave network encryption is configurable by creating a weave network secret password.
|
|
Weaveworks recommends choosing a secret with [at least 50 bits of entropy](https://www.weave.works/docs/net/latest/tasks/manage/security-untrusted-networks/).
|
|
If no password is supplied, kOps will generate one at random.
|
|
|
|
```sh
|
|
cat /dev/urandom | tr -dc A-Za-z0-9 | head -c9 > password
|
|
kops create secret weavepassword -f password
|
|
kops update cluster
|
|
```
|
|
|
|
Since unencrypted nodes will not be able to connect to nodes configured with encryption enabled, this configuration cannot be changed easily without downtime.
|
|
|
|
### Override Weave image tag
|
|
{{ kops_feature_table(kops_added_default='1.19', k8s_min='1.12') }}
|
|
|
|
Weave networking comes with default specs and version which are the recommended ones, already configured by kOps .
|
|
In case users want to override Weave image tag, thus default version, specs should be customized as follows:
|
|
```yaml
|
|
spec:
|
|
networking:
|
|
weave:
|
|
version: "2.7.0"
|
|
```
|
|
|
|
### Override default CPU/Memory resources
|
|
|
|
Weave networking comes with default specs related to CPU/Memory requests and limits, already configured by kOps.
|
|
In case users want to override default values, specs should be customized as follows:
|
|
|
|
```yaml
|
|
spec:
|
|
networking:
|
|
weave:
|
|
memoryRequest: 300Mi
|
|
cpuRequest: 100m
|
|
memoryLimit: 300Mi
|
|
cpuLimit: 100m
|
|
npcMemoryRequest: 300Mi
|
|
npcCPURequest: 100m
|
|
npcMemoryLimit: 300Mi
|
|
npcCPULimit: 100m
|
|
```
|
|
|
|
> **NOTE**: These are just example values and not necessarily the recommended values. You should override the default values according to your needs.
|