Skip to content

How to configure Calico Node IP Autodetection in an RKE/RKE2 cluster

Article Number: 000021401

Environment

  • A Rancher-provisioned or standalone RKE/RKE2 cluster using the Calico CNI.
  • Kubernetes cluster nodes with multiple network interfaces or interfaces configured with multiple addresses.

Situation

Calico uses a single IPv4 (and/or an IPv6 address if running a dual-stack or IPv6 only cluster) per node to route pod traffic between nodes. By default, Calico selects the first address on the first valid interface, using the "first-found" autodetection method.

In environments with multiple network interfaces on cluster nodes, or multiple addresses on a single interface, this may result in selection of an address that prevents successful routing of pod traffic between some or all nodes in the cluster.

To prevent this, the method used to determine the network interface used by Calico can be specified, per the Calico documentation.

For example, the interface parameter can be used to select a specific network interface by name, or cidr can be used to specify CIDRs from which an address on the node should be selected.

Resolution

In the examples below, the interface autodetection method is configured so that Calico selects the address from the interface named ens192.

RKE2

Rancher-provisioned RKE2 clusters

In a Rancher-provisioned RKE2 cluster, you can specify the Calico autodetection method via the cluster add-on configuration:

  1. Navigate to Cluster Management within the Rancher UI.
  2. Click Edit Config for the desired RKE2 cluster.
  3. Under Cluster Configuration click Add-on: Calico.
  4. Enter the desired autodetection method(s) into the calicoNetwork block. In the example below, the IPv4 autodetection method is set to interface: ens192.
affinity: {}
apiServer:
  enabled: false
calicoctl:
  image: rancher/mirrored-calico-ctl
  tag: v3.28.1
[...]
installation:
  [...]
  calicoNetwork:
    nodeAddressAutodetectionV4:
       interface: ens192
[...]

Standalone RKE2 clusters

In a standalone RKE2 cluster, you can specify the Calico autodetection method via a HelmChartConfig resource.

Write the HelmChartConfig to a file in the manifests directory on the cluster controlplane nodes (i.e. /var/lib/rancher/rke2/server/manifests/rke2-calico-config.yaml).

In the example below, the IPv4 autodetection method is set to interface: ens192.

apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: rke2-calico
  namespace: kube-system
spec:
  valuesContent: |-
    installation:
      calicoNetwork:
        nodeAddressAutodetectionV4:
          interface: ens192

RKE

In RKE, you can specify the Calico autodetection method by creating a ConfigMap kubernetes-services-endpoint, in the kube-system namespace, using the field IP_AUTODETECTION_METHOD (and IP6_AUTODETECTION_METHOD for IPv6).

In the example below, the IPv4 autodetection method is set to interface: ens192.

apiVersion: v1
kind: ConfigMap
metadata:
  name: kubernetes-services-endpoint
  namespace: kube-system
data:
  IP_AUTODETECTION_METHOD: interface=ens192