How to consistently enable `netd` in a GKE cluster
Closed this issue · 3 comments
I used to be able to use netd in a GKE cluster by simply using the "rapid" release channel. Lately, however, this does not install netd but still sticks around with kubenet instead of using CNI+netd.
Is there any consistent way on forcing a GKE cluster to use netd? I've been reading documentation everywhere and went through settings everywhere but I cannot find any way to get a GKE cluster running with netd anymore. Any hints/help on this are much appreciated.
I apologize if this is not exactly the right forum to ask this question.
@mheese My apologies on the late response, I started monitoring the newly opened PR/issue but obviously missed this one.
To answer your question, netd is conditionally enabled on a GKE cluster. Essentially you will need to enable this intra-node-visibility feature on the cluster to get netd deployed.
@MrHohn Hi, is the following still true?
Essentially you will need to enable this intra-node-visibility feature on the cluster to get netd deployed.
I've just tried to create a new GKE cluster to test, with Workload Identity, and netd gets deployed as well. Is netd actually needed for that feature? Also in already running clusters I see the same: Workload identity enabled and intra-node visibility disabled but netd runs there.
@sduranc My previous comment is not quite accurate. To state it again, netd will be deployed if one of the following conditions is true:
- Cluster is created with intra node visibility (--enable-intra-node-visibility).
- Cluster is created with dataplane v2 (--enable-dataplane-v2).
- Cluster is created with default snat disabled (--disable-default-snat).
- Workload identity is enabled on the cluster.
Note this is the current state and there may be more cases in the future where netd is deployed.