Skip to content

How to Change the MTU Value for the Canal CNI in an RKE2 Cluster

Article Number: 000022203

Environment

All RKE2 using Canal CNI

Situation

This article explains how to modify the MTU value used by the Canal CNI plugin on RKE2 clusters.

In Canal deployments, Calico’s vethuMTU is rendered as veth_mtu in the Calico configuration, as documented in the upstream chart templates.

Resolution

1. Create a HelmChartConfig to Override the MTU

For Rancher Provisioned RKE2 cluster:
Under Cluster Management locate the desired cluster. Click on the 3-dot menu on the right of the cluster, and select Edit Config -> Cluster Configuration -> Add-on: Canal. Look for the vethuMTU field and change the value as desired.

For Standalone RKE2 cluster:
Create the following file on each RKE2 server node:

/var/lib/rancher/rke2/server/manifests/rke2-canal-config.yaml

apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: rke2-canal
  namespace: kube-system
spec:
  valuesContent: |-
    calico:
      vethuMTU: 1400

Note: RKE2 server nodes will automatically detect and apply changes made to files in the manifests directory

2. Restart the Canal DaemonSet

After applying the configuration, restart Canal to load the updated MTU settings:

kubectl rollout restart ds rke2-canal -n kube-system

3. Verify That the Configuration Was Applied

Check that the new MTU value is present in the generated Canal ConfigMap:

 kubectl -n kube-system get configmap rke2-canal-config -o yaml | grep -A2 veth_mtu

You should see the value applied in Step 1, for example:

veth_mtu: "1400"

4. Important Note: MTU changes take effect for newly created pods

Calico applies MTU settings only when a pod network interface is created.
This means:

  • Existing pods retain the old MTU
  • New pods created after the configuration change will use the updated MTU
  • This behaviour is consistent with Calico’s MTU design

To test the new MTU, you must create a new pod.

5. Test With a New Pod

Create a test pod to verify that Calico now provisions interfaces using the updated MTU:

kubectl run mtu-test --image=busybox -it --restart=Never -- sh

6. Verify MTU on the Node

You can inspect MTU values using:

ip link show
# or
ip addr
# or
ifconfig -a

You may still see older caliXXXX interfaces at the previous MTU. Only new pod veth interfaces will reflect the updated MTU.

Then, on the node where the pod is scheduled:

ip link show | grep -A1 cali

Example Output (Lab Validation)

11: cali1ec7f9e9a2d@if2: ... mtu 1450 ...
27: calif30d30f9a04@if2: ... mtu 1450 ...
29: calie10924b7eb7@if2: ... mtu 1450 ...
34: cali18f8745c1f0@if2: ... mtu 1400 ...

Interface 34 corresponds to the new pod and correctly reflects the MTU value of 1400.