Weave

Weave

⚠ The Weave CNI is not supported for Kubernetes 1.23 or later.

Installation

To use the Weave, specify the following in the cluster spec.

  1.   networking:
  2.     weave: {}

The following command sets up a cluster using Weave.

  1. export ZONES=mylistofzone
  2. kops create cluster \
  3.   --zones $ZONES \
  4.   --networking weave \
  5.   --yes \
  6.   --name myclustername.mydns.io

Configuring Weave MTU

The Weave MTU is configurable by editing the cluster and setting mtu option in the weave configuration. AWS VPCs support jumbo frames, so on cluster creation kOps sets the weave MTU to 8912 bytes (9001 minus overhead).

  1. spec:
  2.   networking:
  3.     weave:
  4.       mtu: 8912

Configuring Weave Net EXTRA_ARGS

Weave allows you to pass command line arguments to weave by adding those arguments to the EXTRA_ARGS environmental variable. This can be used for debugging or for customizing the logging level of weave net.

  1. spec:
  2.   networking:
  3.     weave:
  4.       netExtraArgs: "--log-level=info"

Note that it is possible to break the cluster networking if flags are improperly used and as such this option should be used with caution.

Configuring Weave NPC EXTRA_ARGS

Weave-npc (the Weave network policy controller) allows you to customize arguments of the running binary by setting the EXTRA_ARGS environmental variable. This can be used for debugging or for customizing the logging level of weave npc.

  1. spec:
  2.   networking:
  3.     weave:
  4.       npcExtraArgs: "--log-level=info"

Note that it is possible to break the cluster networking if flags are improperly used and as such this option should be used with caution.

Configuring Weave network encryption

The Weave network encryption is configurable by creating a weave network secret password. Weaveworks recommends choosing a secret with at least 50 bits of entropy. If no password is supplied, kOps will generate one at random.

  1. cat /dev/urandom | tr -dc A-Za-z0-9 | head -c9 > password
  2. kops create secret weavepassword -f password
  3. kops update cluster

Since unencrypted nodes will not be able to connect to nodes configured with encryption enabled, this configuration cannot be changed easily without downtime.

Override Weave image tag

IntroducedMinimum K8s Version
kOps 1.19k8s 1.12

Weave networking comes with default specs and version which are the recommended ones, already configured by kOps . In case users want to override Weave image tag, thus default version, specs should be customized as follows:

  1. spec:
  2.   networking:
  3.     weave:
  4.       version: "2.7.0"

Override default CPU/Memory resources

Weave networking comes with default specs related to CPU/Memory requests and limits, already configured by kOps. In case users want to override default values, specs should be customized as follows:

  1. spec:
  2.   networking:
  3.     weave:
  4.       memoryRequest: 300Mi
  5.       cpuRequest: 100m
  6.       memoryLimit: 300Mi
  7.       cpuLimit: 100m
  8.       npcMemoryRequest: 300Mi
  9.       npcCPURequest: 100m
  10.       npcMemoryLimit: 300Mi
  11.       npcCPULimit: 100m

NOTE: These are just example values and not necessarily the recommended values. You should override the default values according to your needs.