Configure IP autodetection
Big picture
Configure IP autodetection for Calico Cloud nodes to ensure the correct IP address is used for routing.
Value
When you install Calico Cloud on a node, an IP address and subnet is automatically detected. Calico Cloud provides several ways to configure IP/subnet autodetection, and supports configuring specific IPs for:
- Hosts with multiple external interfaces
- Host interfaces with multiple IP addresses
- Changes to cross subnet packet encapsulation
- Changes to host IP address
Concepts
Autodetecting node IP address and subnet
For internode routing, each Calico Cloud node must be configured with an IPv4 address and/or an IPv6 address. When you install Calico Cloud on a node, a node resource is automatically created using routing information that is detected from the host. For some deployments, you may want to update autodetection to ensure nodes get the correct IP address.
Sample default node resource after installation
apiVersion: projectcalico.org/v3
kind: Node
metadata:
name: node-hostname
spec:
bgp:
asNumber: 64512
ipv4Address: 10.244.0.1/24
ipv6Address: 2000:db8:85a3::8a2e:370:7335/120
ipv4IPIPTunnelAddr: 192.168.0.1
Autodetection methods
By default, Calico Cloud uses the firstFound method; the first valid IP address on the first interface (excluding local interfaces such as the docker bridge). However, you can change the default method to any of the following:
- Address used by the node to reach a particular IP or domain (canReach)
- Address assigned to Kubernetes node (kubernetes: InternalIP)
- Regex to include matching interfaces (interface)
- Regex to exclude matching interfaces (skipInterface)
- A list of IP ranges in CIDR format to determine valid IP addresses on the node to choose from (cidrs)
For help on autodetection methods, see NodeAddressAutodetection in the operator Installation reference and for more details see the node configuration reference.
Manually configure IP address and subnet
To manually configure an IP address and subnet, disable autodetection and update the node resources with the IP address.
How to
Change the autodetection method
As noted previously, the default autodetection method is first valid interface found (firstFound). To use a different autodetection method,
configure the NodeAddressAutodetection field(s) in the Installation resource. You can update the Installation resource before applying it
during installation or edit it later with kubectl edit installation default
.
To configure the default autodetection method for IPv6 for any of the below methods, use the field nodeAddressAutodetectionV6
.
-
Kubernetes Node IP
Calico Cloud will select the first internal IP address listed in the Kubernetes node's
Status.Addresses
field.kind: Installation
apiVersion: operator.tigera.io/v1
metadata:
name: default
spec:
calicoNetwork:
nodeAddressAutodetectionV4:
kubernetes: NodeInternalIP -
Source address used to reach an IP or domain name
Calico Cloud will choose the IP address that is used to reach the given "can reach" IP address or domain. For example:
kind: Installation
apiVersion: operator.tigera.io/v1
metadata:
name: default
spec:
calicoNetwork:
nodeAddressAutodetectionV4:
canReach: 8.8.8.8 -
Including matching interfaces
Calico Cloud will choose an address on each node from an interface that matches the given regex. For example:
kind: Installation
apiVersion: operator.tigera.io/v1
metadata:
name: default
spec:
calicoNetwork:
nodeAddressAutodetectionV4:
interface: eth.* -
Excluding matching interfaces
Calico Cloud will choose an address on each node from an interface that does not match the given regex. For example:
kind: Installation
apiVersion: operator.tigera.io/v1
metadata:
name: default
spec:
calicoNetwork:
nodeAddressAutodetectionV4:
skipInterface: eth.* -
Including CIDRs
Calico Cloud will select any IP address from the node that falls within the given CIDRs. For example:
kind: Installation
apiVersion: operator.tigera.io/v1
metadata:
name: default
spec:
calicoNetwork:
nodeAddressAutodetectionV4:
cidrs:
- '192.168.200.0/24' -
IPv4
apiVersion: operator.tigera.io/v1
kind: Installation
metadata:
name: default
spec:
variant: TigeraSecureEnterprise
...
calicoNetwork:
nodeAddressAutodetectionV4:
<autodetection-method>: <value> -
IPv6
apiVersion: operator.tigera.io/v1
kind: Installation
metadata:
name: default
spec:
variant: TigeraSecureEnterprise
...
calicoNetwork:
nodeAddressAutodetectionV6:
<autodetection-method>: <value>
You can use both nodeAddressAutodetectionV4
and nodeAddressAutodetectionV6
to specify IPv4 and IPv6 methods.
Manually configure IP address and subnet for a node
In the following scenarios, you may want to configure a specific IP and subnet:
- Hosts with multiple external interfaces
- Host interfaces with multiple IP addresses
- Changes to cross subnet packet encapsulation
- Changes to host IP address
You can configure specific IP address and subnet for a node by disabling IP autodetection and then updating the Node resource.
Disable autodetection
To disable autodetection method, update the proper NodeAddressAutodetection
field in the Installation resource:
apiVersion: operator.tigera.io/v1
kind: Installation
metadata:
name: default
spec:
variant: TigeraSecureEnterprise
...
calicoNetwork:
nodeAddressAutodetectionV4: {}
# nodeAddressAutodetectionV6: {}
Configure IP and subnet using node resource
You can also configure the IP address and subnet on a Node resource.
When configuring the IP address on a Node resource, you may want to disable IP address options or environment variables on the node. IP options on the container take precedence, and will overwrite the values you configure on the node resource.
Use calicoctl patch
to update the current node configuration. For example:
calicoctl patch node kind-control-plane \
--patch='{"spec":{"bgp": {"ipv4Address": "10.0.2.10/24", "ipv6Address": "fd80:24e2:f998:72d6::/120"}}}'
Additional resources
- For details on autodetection methods, see the node configuration reference.
- For calicoctl environment variables, see Configuring cnx-node
- Node resource