Skip to content

Commit ed7f722

Browse files
Fix Windows requirements: IPPool patch is reverted by operator (#2680)
1 parent 2b7739e commit ed7f722

6 files changed

Lines changed: 165 additions & 9 deletions

File tree

  • calico-enterprise_versioned_docs
    • version-3.22-2/getting-started/install-on-clusters/windows-calico
    • version-3.23-1/getting-started/install-on-clusters/windows-calico
  • calico-enterprise/getting-started/install-on-clusters/windows-calico
  • calico_versioned_docs
  • calico/getting-started/kubernetes/windows-calico

calico-enterprise/getting-started/install-on-clusters/windows-calico/requirements.mdx

Lines changed: 25 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,9 @@
22
description: Cluster and Windows host requirements you must meet before installing Calico Enterprise for Windows.
33
---
44

5+
import Tabs from '@theme/Tabs';
6+
import TabItem from '@theme/TabItem';
7+
58
# Requirements
69

710
## What's supported in this release
@@ -50,12 +53,32 @@ When using Operator install and Windows hostprocess containers (HPC), see [here
5053

5154
- At least four Linux Kubernetes worker nodes to run $[prodname]'s cluster-wide components that meets [Linux system requirements](../requirements.mdx), and is installed with $[prodname] v3.5.0+
5255
- Must not be running in eBPF mode
53-
- VXLAN or BGP without encapsulation is supported if using $[prodname] CNI. IPIP ($[prodname]'s default encapsulation mode) is not supported. Use the following command to turn off IPIP.
56+
- VXLAN or BGP without encapsulation is supported if using $[prodname] CNI. IPIP ($[prodname]'s default encapsulation mode) is not supported. Turn off IPIP on the default IP pool.
57+
58+
<Tabs groupId="ip-pool-management">
59+
<TabItem label="Operator managed IP pools" value="operator-managed">
60+
61+
For IP pools managed through the `Installation` resource, patch the `Installation` to update the encapsulation. The operator reconciles these `IPPool` resources from the `Installation`, so direct edits to the `IPPool` are silently reverted.
62+
63+
```bash
64+
kubectl patch installation default --type=json \
65+
-p '[{"op":"replace","path":"/spec/calicoNetwork/ipPools/0/encapsulation","value":"VXLAN"}]'
66+
```
67+
68+
If your cluster has additional operator-managed IP pools, repeat the command for each, replacing `0` in `/spec/calicoNetwork/ipPools/0` with the index of the pool. Use `"None"` instead of `"VXLAN"` for BGP without encapsulation.
69+
70+
</TabItem>
71+
<TabItem label="User managed IP pools" value="user-managed">
72+
73+
For `IPPool` resources created directly (not through the `Installation`), patch the `IPPool`:
5474

5575
```bash
56-
kubectl patch felixconfiguration default -p '{"spec":{"ipipEnabled":false}}'
76+
kubectl patch ippool default-ipv4-ippool -p '{"spec":{"ipipMode":"Never","vxlanMode":"Always"}}'
5777
```
5878

79+
</TabItem>
80+
</Tabs>
81+
5982
- If using $[prodname] IPAM, strict affinity of IPAM configuration must be set to `true`.
6083

6184
```bash

calico-enterprise_versioned_docs/version-3.22-2/getting-started/install-on-clusters/windows-calico/requirements.mdx

Lines changed: 25 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,9 @@
22
description: Cluster and Windows host requirements you must meet before installing Calico Enterprise for Windows.
33
---
44

5+
import Tabs from '@theme/Tabs';
6+
import TabItem from '@theme/TabItem';
7+
58
# Requirements
69

710
## What's supported in this release
@@ -50,12 +53,32 @@ When using Operator install and Windows hostprocess containers (HPC), see [here
5053

5154
- At least four Linux Kubernetes worker nodes to run $[prodname]'s cluster-wide components that meets [Linux system requirements](../requirements.mdx), and is installed with $[prodname] v3.5.0+
5255
- Must not be running in eBPF mode
53-
- VXLAN or BGP without encapsulation is supported if using $[prodname] CNI. IPIP ($[prodname]'s default encapsulation mode) is not supported. Use the following command to turn off IPIP.
56+
- VXLAN or BGP without encapsulation is supported if using $[prodname] CNI. IPIP ($[prodname]'s default encapsulation mode) is not supported. Turn off IPIP on the default IP pool.
57+
58+
<Tabs groupId="ip-pool-management">
59+
<TabItem label="Operator managed IP pools" value="operator-managed">
60+
61+
For IP pools managed through the `Installation` resource, patch the `Installation` to update the encapsulation. The operator reconciles these `IPPool` resources from the `Installation`, so direct edits to the `IPPool` are silently reverted.
62+
63+
```bash
64+
kubectl patch installation default --type=json \
65+
-p '[{"op":"replace","path":"/spec/calicoNetwork/ipPools/0/encapsulation","value":"VXLAN"}]'
66+
```
67+
68+
If your cluster has additional operator-managed IP pools, repeat the command for each, replacing `0` in `/spec/calicoNetwork/ipPools/0` with the index of the pool. Use `"None"` instead of `"VXLAN"` for BGP without encapsulation.
69+
70+
</TabItem>
71+
<TabItem label="User managed IP pools" value="user-managed">
72+
73+
For `IPPool` resources created directly (not through the `Installation`), patch the `IPPool`:
5474

5575
```bash
56-
kubectl patch felixconfiguration default -p '{"spec":{"ipipEnabled":false}}'
76+
kubectl patch ippool default-ipv4-ippool -p '{"spec":{"ipipMode":"Never","vxlanMode":"Always"}}'
5777
```
5878

79+
</TabItem>
80+
</Tabs>
81+
5982
- If using $[prodname] IPAM, strict affinity of IPAM configuration must be set to `true`.
6083

6184
```bash

calico-enterprise_versioned_docs/version-3.23-1/getting-started/install-on-clusters/windows-calico/requirements.mdx

Lines changed: 25 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,9 @@
22
description: Cluster and Windows host requirements you must meet before installing Calico Enterprise for Windows.
33
---
44

5+
import Tabs from '@theme/Tabs';
6+
import TabItem from '@theme/TabItem';
7+
58
# Requirements
69

710
## What's supported in this release
@@ -50,12 +53,32 @@ When using Operator install and Windows hostprocess containers (HPC), see [here
5053

5154
- At least four Linux Kubernetes worker nodes to run $[prodname]'s cluster-wide components that meets [Linux system requirements](../requirements.mdx), and is installed with $[prodname] v3.5.0+
5255
- Must not be running in eBPF mode
53-
- VXLAN or BGP without encapsulation is supported if using $[prodname] CNI. IPIP ($[prodname]'s default encapsulation mode) is not supported. Use the following command to turn off IPIP.
56+
- VXLAN or BGP without encapsulation is supported if using $[prodname] CNI. IPIP ($[prodname]'s default encapsulation mode) is not supported. Turn off IPIP on the default IP pool.
57+
58+
<Tabs groupId="ip-pool-management">
59+
<TabItem label="Operator managed IP pools" value="operator-managed">
60+
61+
For IP pools managed through the `Installation` resource, patch the `Installation` to update the encapsulation. The operator reconciles these `IPPool` resources from the `Installation`, so direct edits to the `IPPool` are silently reverted.
62+
63+
```bash
64+
kubectl patch installation default --type=json \
65+
-p '[{"op":"replace","path":"/spec/calicoNetwork/ipPools/0/encapsulation","value":"VXLAN"}]'
66+
```
67+
68+
If your cluster has additional operator-managed IP pools, repeat the command for each, replacing `0` in `/spec/calicoNetwork/ipPools/0` with the index of the pool. Use `"None"` instead of `"VXLAN"` for BGP without encapsulation.
69+
70+
</TabItem>
71+
<TabItem label="User managed IP pools" value="user-managed">
72+
73+
For `IPPool` resources created directly (not through the `Installation`), patch the `IPPool`:
5474

5575
```bash
56-
kubectl patch felixconfiguration default -p '{"spec":{"ipipEnabled":false}}'
76+
kubectl patch ippool default-ipv4-ippool -p '{"spec":{"ipipMode":"Never","vxlanMode":"Always"}}'
5777
```
5878

79+
</TabItem>
80+
</Tabs>
81+
5982
- If using $[prodname] IPAM, strict affinity of IPAM configuration must be set to `true`.
6083

6184
```bash

calico/getting-started/kubernetes/windows-calico/requirements.mdx

Lines changed: 30 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,9 @@
22
description: Cluster and Windows host requirements you must meet before installing Calico Open Source for Windows.
33
---
44

5+
import Tabs from '@theme/Tabs';
6+
import TabItem from '@theme/TabItem';
7+
58
# Requirements
69

710
## What's supported in this release
@@ -54,12 +57,38 @@ Earlier versions may work, but we do not actively test $[prodnameWindows] agains
5457
### Linux platform requirements
5558

5659
- At least one Linux Kubernetes worker node to run $[prodname]'s cluster-wide components that meets [Linux system requirements](../requirements.mdx), and is installed with $[prodname]. $[prodname] v3.27+ is required for Operator installs.
57-
- VXLAN or BGP without encapsulation is supported if using $[prodname] CNI. IPIP ($[prodname]'s default encapsulation mode) is not supported. Use the following command to turn off IPIP on the default IP pool.
60+
- VXLAN or BGP without encapsulation is supported if using $[prodname] CNI. IPIP ($[prodname]'s default encapsulation mode) is not supported. Turn off IPIP on the default IP pool.
61+
62+
<Tabs groupId="ip-pool-management">
63+
<TabItem label="Operator managed IP pools" value="operator-managed">
64+
65+
For IP pools managed through the `Installation` resource, patch the `Installation` to update the encapsulation. The operator reconciles these `IPPool` resources from the `Installation`, so direct edits to the `IPPool` are silently reverted.
66+
67+
```bash
68+
kubectl patch installation default --type=json \
69+
-p '[{"op":"replace","path":"/spec/calicoNetwork/ipPools/0/encapsulation","value":"VXLAN"}]'
70+
```
71+
72+
If your cluster has additional operator-managed IP pools, repeat the command for each, replacing `0` in `/spec/calicoNetwork/ipPools/0` with the index of the pool. Use `"None"` instead of `"VXLAN"` for BGP without encapsulation.
73+
74+
</TabItem>
75+
<TabItem label="User managed IP pools" value="user-managed">
76+
77+
For `IPPool` resources created directly (not through the `Installation`), patch the `IPPool`. For VXLAN:
5878

5979
```bash
6080
kubectl patch ippool default-ipv4-ippool -p '{"spec":{"ipipMode":"Never","vxlanMode":"Always"}}'
6181
```
6282

83+
For BGP without encapsulation, set both modes to `Never`:
84+
85+
```bash
86+
kubectl patch ippool default-ipv4-ippool -p '{"spec":{"ipipMode":"Never","vxlanMode":"Never"}}'
87+
```
88+
89+
</TabItem>
90+
</Tabs>
91+
6392
- If using $[prodname] IPAM, strict affinity of IPAM configuration must be set to `true`.
6493

6594
```bash

calico_versioned_docs/version-3.31/getting-started/kubernetes/windows-calico/requirements.mdx

Lines changed: 30 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,9 @@
22
description: Review the requirements for Calico for Windows.
33
---
44

5+
import Tabs from '@theme/Tabs';
6+
import TabItem from '@theme/TabItem';
7+
58
# Requirements
69

710
## What's supported in this release
@@ -54,12 +57,38 @@ Earlier versions may work, but we do not actively test $[prodnameWindows] agains
5457
### Linux platform requirements
5558

5659
- At least one Linux Kubernetes worker node to run $[prodname]'s cluster-wide components that meets [Linux system requirements](../requirements.mdx), and is installed with $[prodname]. $[prodname] v3.27+ is required for Operator installs.
57-
- VXLAN or BGP without encapsulation is supported if using $[prodname] CNI. IPIP ($[prodname]'s default encapsulation mode) is not supported. Use the following command to turn off IPIP on the default IP pool.
60+
- VXLAN or BGP without encapsulation is supported if using $[prodname] CNI. IPIP ($[prodname]'s default encapsulation mode) is not supported. Turn off IPIP on the default IP pool.
61+
62+
<Tabs groupId="ip-pool-management">
63+
<TabItem label="Operator managed IP pools" value="operator-managed">
64+
65+
For IP pools managed through the `Installation` resource, patch the `Installation` to update the encapsulation. The operator reconciles these `IPPool` resources from the `Installation`, so direct edits to the `IPPool` are silently reverted.
66+
67+
```bash
68+
kubectl patch installation default --type=json \
69+
-p '[{"op":"replace","path":"/spec/calicoNetwork/ipPools/0/encapsulation","value":"VXLAN"}]'
70+
```
71+
72+
If your cluster has additional operator-managed IP pools, repeat the command for each, replacing `0` in `/spec/calicoNetwork/ipPools/0` with the index of the pool. Use `"None"` instead of `"VXLAN"` for BGP without encapsulation.
73+
74+
</TabItem>
75+
<TabItem label="User managed IP pools" value="user-managed">
76+
77+
For `IPPool` resources created directly (not through the `Installation`), patch the `IPPool`. For VXLAN:
5878

5979
```bash
6080
kubectl patch ippool default-ipv4-ippool -p '{"spec":{"ipipMode":"Never","vxlanMode":"Always"}}'
6181
```
6282

83+
For BGP without encapsulation, set both modes to `Never`:
84+
85+
```bash
86+
kubectl patch ippool default-ipv4-ippool -p '{"spec":{"ipipMode":"Never","vxlanMode":"Never"}}'
87+
```
88+
89+
</TabItem>
90+
</Tabs>
91+
6392
- If using $[prodname] IPAM, strict affinity of IPAM configuration must be set to `true`.
6493

6594
```bash

calico_versioned_docs/version-3.32/getting-started/kubernetes/windows-calico/requirements.mdx

Lines changed: 30 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,9 @@
22
description: Cluster and Windows host requirements you must meet before installing Calico Open Source for Windows.
33
---
44

5+
import Tabs from '@theme/Tabs';
6+
import TabItem from '@theme/TabItem';
7+
58
# Requirements
69

710
## What's supported in this release
@@ -54,12 +57,38 @@ Earlier versions may work, but we do not actively test $[prodnameWindows] agains
5457
### Linux platform requirements
5558

5659
- At least one Linux Kubernetes worker node to run $[prodname]'s cluster-wide components that meets [Linux system requirements](../requirements.mdx), and is installed with $[prodname]. $[prodname] v3.27+ is required for Operator installs.
57-
- VXLAN or BGP without encapsulation is supported if using $[prodname] CNI. IPIP ($[prodname]'s default encapsulation mode) is not supported. Use the following command to turn off IPIP on the default IP pool.
60+
- VXLAN or BGP without encapsulation is supported if using $[prodname] CNI. IPIP ($[prodname]'s default encapsulation mode) is not supported. Turn off IPIP on the default IP pool.
61+
62+
<Tabs groupId="ip-pool-management">
63+
<TabItem label="Operator managed IP pools" value="operator-managed">
64+
65+
For IP pools managed through the `Installation` resource, patch the `Installation` to update the encapsulation. The operator reconciles these `IPPool` resources from the `Installation`, so direct edits to the `IPPool` are silently reverted.
66+
67+
```bash
68+
kubectl patch installation default --type=json \
69+
-p '[{"op":"replace","path":"/spec/calicoNetwork/ipPools/0/encapsulation","value":"VXLAN"}]'
70+
```
71+
72+
If your cluster has additional operator-managed IP pools, repeat the command for each, replacing `0` in `/spec/calicoNetwork/ipPools/0` with the index of the pool. Use `"None"` instead of `"VXLAN"` for BGP without encapsulation.
73+
74+
</TabItem>
75+
<TabItem label="User managed IP pools" value="user-managed">
76+
77+
For `IPPool` resources created directly (not through the `Installation`), patch the `IPPool`. For VXLAN:
5878

5979
```bash
6080
kubectl patch ippool default-ipv4-ippool -p '{"spec":{"ipipMode":"Never","vxlanMode":"Always"}}'
6181
```
6282

83+
For BGP without encapsulation, set both modes to `Never`:
84+
85+
```bash
86+
kubectl patch ippool default-ipv4-ippool -p '{"spec":{"ipipMode":"Never","vxlanMode":"Never"}}'
87+
```
88+
89+
</TabItem>
90+
</Tabs>
91+
6392
- If using $[prodname] IPAM, strict affinity of IPAM configuration must be set to `true`.
6493

6594
```bash

0 commit comments

Comments
 (0)