Antrea implements the Container Network Interface (CNI) to enable pod networking in a Kubernetes cluster. It also functions as a NetworkPolicy controller to optionally enforce security at the network layer. Antrea is implemented with Open vSwitch and IPSec.
By default, Antrea encrypts traffic between nodes.
kURL does not install the necessary kernel modules to enable traffic encryption.
An installer is blocked if encryption is enabled and the host does not have the required
wireguard module installed.
If you do not want to install
wireguard manually, you can disable encryption by setting
spec: antrea: version: "1.4.0" isEncryptionDisabled: true podCIDR: "10.32.0.0/22" podCidrRange: "/22"
|version||The version of antrea to be installed.|
|isEncryptionDisabled||Encrypt network communication between nodes in the cluster.|
|podCIDR||The subnet where pods will be found.|
|podCidrRange||The size of the CIDR where pods can be found.|