Move IPVS-to-iptables prerequisite to all platforms in eBPF docs#2650
Merged
ctauchen merged 3 commits intotigera:mainfrom Apr 16, 2026
Merged
Move IPVS-to-iptables prerequisite to all platforms in eBPF docs#2650ctauchen merged 3 commits intotigera:mainfrom
ctauchen merged 3 commits intotigera:mainfrom
Conversation
The warning about switching from kube-proxy IPVS mode to iptables mode before enabling eBPF was nested under the MKE section, making it appear MKE-specific. This is a prerequisite for all platforms. Move it to a caution admonition at the top of the "Configure kube-proxy" section and add guidance about restarting nodes after the switch. Fixes projectcalico/calico#12476 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
✅ Deploy Preview for calico-docs-preview-next ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
✅ Deploy Preview succeeded!Built without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify project configuration. |
Contributor
There was a problem hiding this comment.
Pull request overview
Moves the IPVS-to-iptables prerequisite for eBPF/kube-proxy migration into a general warning so it’s visible for all platforms, and removes the now-redundant MKE-specific note.
Changes:
- Added a top-level
:::cautionunder “Configure kube-proxy” calling out the required switch from IPVS to iptables mode. - Added guidance to restart/roll after switching modes.
- Removed the duplicated IPVS note from the MKE subsection.
|
|
||
| :::caution | ||
|
|
||
| If you are running `kube-proxy` in IPVS mode, you must switch it to iptables mode before disabling `kube-proxy` or enabling eBPF mode. This applies to all platforms and is required for a successful migration. After switching to iptables mode, restart or roll your nodes before proceeding. |
There was a problem hiding this comment.
“Restart or roll your nodes” is ambiguous and could be interpreted as a full node reboot, which is significantly more disruptive than restarting specific components. Can you clarify exactly what needs to be restarted after switching from IPVS to iptables (for example: kube-proxy DaemonSet pods, calico-node pods, or the nodes themselves) and what “roll” means in this context?
Suggested change
| If you are running `kube-proxy` in IPVS mode, you must switch it to iptables mode before disabling `kube-proxy` or enabling eBPF mode. This applies to all platforms and is required for a successful migration. After switching to iptables mode, restart or roll your nodes before proceeding. | |
| If you are running `kube-proxy` in IPVS mode, you must switch it to iptables mode before disabling `kube-proxy` or enabling eBPF mode. This applies to all platforms and is required for a successful migration. After switching to iptables mode, restart the `kube-proxy` instances on each node before proceeding. For clusters where `kube-proxy` runs as a `DaemonSet`, this means doing a rolling restart so the `kube-proxy` pods are recreated with the updated configuration. For managed environments, use the equivalent provider workflow to roll out the `kube-proxy` configuration change. A full node reboot is not required. |
|
|
||
| :::caution | ||
|
|
||
| If you are running `kube-proxy` in IPVS mode, you must switch it to iptables mode before disabling `kube-proxy` or enabling eBPF mode. This applies to all platforms and is required for a successful migration. After switching to iptables mode, restart or roll your nodes before proceeding. |
There was a problem hiding this comment.
In this caution admonition, iptables is referenced as plain text (“iptables mode”) but later in this same doc (e.g., “kube_proxy_mode to iptables” around line 452) the mode name is formatted as code. Consider using consistent formatting here (for example, iptables mode) to match the rest of the page.
Suggested change
| If you are running `kube-proxy` in IPVS mode, you must switch it to iptables mode before disabling `kube-proxy` or enabling eBPF mode. This applies to all platforms and is required for a successful migration. After switching to iptables mode, restart or roll your nodes before proceeding. | |
| If you are running `kube-proxy` in IPVS mode, you must switch it to `iptables` mode before disabling `kube-proxy` or enabling eBPF mode. This applies to all platforms and is required for a successful migration. After switching to `iptables` mode, restart or roll your nodes before proceeding. |
Apply the same fix from the previous commit to all remaining affected files across Calico Enterprise and versioned docs for both enabling-ebpf.mdx and install.mdx. Affected products/versions: - Calico: current, 3.29, 3.30, 3.31 - Calico Enterprise: current, 3.20-2, 3.21-2, 3.22-2, 3.23-1 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
tomastigera
approved these changes
Apr 16, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
enabling-ebpf.mdx+install.mdx)enabling-ebpf.mdx+install.mdx)Fixes projectcalico/calico#12476
Test plan
🤖 Generated with Claude Code