Kubernetes CNI Installation & Troubleshooting Guide (CKA-Style)

This guide covers all possible ways the CNI question can appear in the CKA exam and provides a step‑by‑step formula to solve it reliably.

Question: Install a CNI (Flannel or Calico)

You may be asked to install:

  • Flannel v0.26.1 (kube-flannel.yml)
  • Calico v3.28.2 (tigera-operator.yaml)

But the cluster may have a different PodCIDR than what the manifests assume. This causes nodes NOT to get subnets → CNI fails.

This guide solves that.

✅ Possible Exam Scenarios (Only 3)

These are the only situations the CNI question can appear in the CKA exam:

Scenario 1 — Normal CNI install (Pod‑to‑Pod communication must work)

  • Both manifests (Flannel + Calico) are provided.
  • No extra requirement.
  • You can use either one.

Scenario 2 — NetworkPolicies must work

  • Both manifests (Flannel + Calico) are provided.
  • Question says: “NetworkPolicy must be enforced.”
  • You must choose Calico (Flannel does NOT support NetworkPolicy).

Scenario 3 — Use the provided Pod CIDR

  • They give a specific CIDR.
  • Must deploy a CNI using that exact CIDR.
  • You must edit the manifest (Flannel or Calico) before applying.

✅ Find the REAL PodCIDR

Always run this first:

kubectl get cm -n kube-system -o yaml | grep -i cidr

This gives you something like:

clusterCIDR: 172.17.0.0/16

Use THIS CIDR in the CNI config.

✅ How to Deploy Flannel (Step-by-Step)

Flannel default PodCIDR = 10.244.0.0/16

Step 1 — Download Flannel manifest

wget -O kube-flannel.yml \
https://github.com/flannel-io/flannel/releases/download/v0.26.1/kube-flannel.yml

Step 2 — Edit Flannel CIDR

Inside the file, find:

net-conf.json: |
  {
    "Network": "10.244.0.0/16",

Replace with:

"Network": "<CLUSTER-CIDR>",

(Replace from the CIDR command above.)

Step 3 — Apply Flannel

kubectl apply -f kube-flannel.yml

Step 4 — Restart Flannel (Optional)

kubectl delete pod -n kube-system -l app=flannel

Done. Flannel installed.

✅ How to Deploy Calico (Step-by-Step)

Very IMPORTANT differences:

  • The operator must be installed using kubectl create -f
  • The custom-resources file should be downloaded using wget -O and edited
  • THEN applied

Step 1 — Install Calico Operator (DO NOT USE apply)

kubectl create -f \
https://raw.githubusercontent.com/projectcalico/calico/v3.28.2/manifests/tigera-operator.yaml

Step 2 — Download custom-resources.yaml

wget -O custom-resources.yaml \
https://raw.githubusercontent.com/projectcalico/calico/v3.28.2/manifests/custom-resources.yaml

Step 3 — Edit Calico Pod CIDR

Find:

cidr: 192.168.0.0/16

Replace with:

cidr: <CLUSTER-CIDR>

Step 4 — Apply custom resources

kubectl apply -f custom-resources.yaml

Step 5 — Restart Calico (if needed)

kubectl delete pod -n calico-system -l k8s-app=calico-node

Done. Calico installed.

🎯 Final CKA Formula (Very Short)

  1. Find cluster CIDR → grep -i cidr command
  2. Edit the CNI manifest (Flannel → net-conf.json, Calico → IPPool)

  3. Install the correct CNI:

  4. Flannel → kubectl apply -f kube-flannel.yml

  5. Calico → kubectl create -f tigera-operator.yaml; kubectl apply -f custom-resources.yaml
  6. Restart CNI pods if needed.
  7. Check node readiness → kubectl get nodes

This is all you need.