tencent cloud

14天试用边缘安全加速平台 EO 限时免费

Feedback

Tencent Kubernetes Engine

Cilium-Overlay Mode

Last updated: 2024-10-22 15:26:34

How It Works

The Cilium-Overlay network mode is a container network plugin provided by TKE based on Cilium VXLan. In this mode, you can add external nodes to TKE clusters in distributed cloud scenarios. The features of this mode are as follows:
Cloud nodes and external nodes share the specified container IP range.
Container IP ranges are dynamically assigned without occupying other IP ranges in the VPC instance.
The Cilium VXLan tunnel encapsulation protocol is used to build the Overlay network.
Cross-node Pod access is supported after the VPC network in the cloud and the IDC network of the external node are interconnected through Cloud Connect Network. See the figure below to learn how it works.


Note:
Due to performance loss in the Cilium-Overlay mode, this mode only supports the scenarios where external nodes are configured in distributed cloud, and does not support the scenarios where only cloud nodes are configured. For more information, see External Node Overview.

Usage Limits

There is a performance loss of less than 10% when you use the Cilium VXLan tunnel encapsulation protocol.
The Pod IP cannot be accessed directly outside the cluster.
You must obtain two IPs from the specified subnet to create a private CLB, so that external nodes in IDC can access APIServer and the public cloud services.
The IP ranges of the cluster network and container network cannot overlap.
Static Pod IPs are not supported.

Container IP Assignment Mechanism

For container network terms and quantity calculation, see Container Network Overview.

Pod IP assignment

The following diagram illustrates how it works:


Nodes in a cluster include cloud nodes and external nodes.
Each node of the cluster will use the specified IP range in the container CIDR block for the node to assign IPs to Pods.
The Service IP range of the cluster will select the last segment of the specified IP range in the container CIDR block for Service IPs assignment.
After the node is released, the corresponding container IP range will be returned to the IP range pool as well.
The added nodes automatically select the available IP ranges in the container CIDR block cyclically and sequentially.

Catalog

Contact Us

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

7x24 Phone Support
中国香港
+852 800 906 020 (免费)
美国
+1 844 606 0804 (免费)
英国
+44 808 196 4551 (免费)
加拿大
+1 888 605 7930 (免费)
澳大利亚
+61 1300 986 386 (免费)
EdgeOne 热线
+852 300 80699
更多本地服务热线陆续新增中