Skip to content

Fix Windows requirements: IPPool patch is reverted by operator#2680

Merged
caseydavenport merged 4 commits into
mainfrom
fix-windows-disable-ipip-operator-docs
May 11, 2026
Merged

Fix Windows requirements: IPPool patch is reverted by operator#2680
caseydavenport merged 4 commits into
mainfrom
fix-windows-disable-ipip-operator-docs

Conversation

@caseydavenport

@caseydavenport caseydavenport commented Apr 30, 2026

Copy link
Copy Markdown
Member

The Windows requirements page tells users to disable IPIP via kubectl patch ippool default-ipv4-ippool ..., but on operator-managed clusters the operator reconciles IP pools from the Installation and silently reverts those edits, so the documented step has no effect. That is what projectcalico/calico#9426 hit.

Split the encapsulation step into two tabs: Operator managed IP pools patches spec.calicoNetwork.ipPools[*].encapsulation on the Installation, and User managed IP pools patches the IPPool directly. Both modes are valid on operator installs, so this framing works on both OSS and Enterprise.

Applied to OSS main, v3.32, v3.31 and Enterprise main, v3.23-1, v3.22-2.

Fixes projectcalico/calico#9426

@caseydavenport caseydavenport requested a review from a team as a code owner April 30, 2026 22:24
@netlify

netlify Bot commented Apr 30, 2026

Copy link
Copy Markdown

Deploy Preview for calico-docs-preview-next ready!

Name Link
🔨 Latest commit b6435f7
🔍 Latest deploy log https://app.netlify.com/projects/calico-docs-preview-next/deploys/6a0244d6da563f0008c8e5cb
😎 Deploy Preview https://deploy-preview-2680--calico-docs-preview-next.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@netlify

netlify Bot commented Apr 30, 2026

Copy link
Copy Markdown

Deploy Preview succeeded!

Name Link
🔨 Latest commit b6435f7
🔍 Latest deploy log https://app.netlify.com/projects/tigera/deploys/6a0244d6a8a28f0008537477
😎 Deploy Preview https://deploy-preview-2680--tigera.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
Lighthouse
Lighthouse
1 paths audited
Performance: 69 (🔴 down 7 from production)
Accessibility: 98 (no change from production)
Best Practices: 83 (🔴 down 9 from production)
SEO: 100 (no change from production)
PWA: -
View the detailed breakdown and full score reports

To edit notification comments on pull requests, go to your Netlify project configuration.

@ctauchen ctauchen left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some suggested wording, and a question about having manifest paths in CE.

Copilot AI review requested due to automatic review settings May 2, 2026 16:37

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the Windows requirements documentation so that disabling IP-in-IP (IPIP) works correctly on operator-managed clusters, where direct IPPool edits are reconciled back by the operator.

Changes:

  • Add Operator vs Manifest instructions for disabling IPIP in Calico OSS Windows requirements (main + v3.31 + v3.32).
  • For operator installs, switch the documented change from patching IPPool to patching the Installation resource’s spec.calicoNetwork.ipPools[*].encapsulation.
  • Update Calico Enterprise Windows requirements (main + v3.22-2 + v3.23-1) to use the Installation patch approach.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 6 comments.

Show a summary per file
File Description
calico/getting-started/kubernetes/windows-calico/requirements.mdx Adds Operator/Manifest tabs and updates guidance so operator users patch Installation instead of IPPool.
calico_versioned_docs/version-3.31/getting-started/kubernetes/windows-calico/requirements.mdx Same as OSS main for v3.31 docs.
calico_versioned_docs/version-3.32/getting-started/kubernetes/windows-calico/requirements.mdx Same as OSS main for v3.32 docs.
calico-enterprise/getting-started/install-on-clusters/windows-calico/requirements.mdx Updates Enterprise Windows requirements to patch Installation for encapsulation.
calico-enterprise_versioned_docs/version-3.22-2/getting-started/install-on-clusters/windows-calico/requirements.mdx Same Enterprise update for v3.22-2 docs.
calico-enterprise_versioned_docs/version-3.23-1/getting-started/install-on-clusters/windows-calico/requirements.mdx Same Enterprise update for v3.23-1 docs.

Comment thread calico/getting-started/kubernetes/windows-calico/requirements.mdx
@caseydavenport

Copy link
Copy Markdown
Member Author

@ctauchen ready for another look. Took your wording on the Enterprise pages, reframed the tabs as Operator managed IP pools vs User managed IP pools (works on both OSS and Enterprise since both pool-management modes are valid on operator installs), and added a BGP-without-encap variant under the user-managed tab on the OSS pages.

@ctauchen

ctauchen commented May 8, 2026

Copy link
Copy Markdown
Collaborator

Thanks @caseydavenport. Please rebase with latest build fixes, then you should be good to go.

The Linux platform requirements section told users to disable IPIP via
'kubectl patch ippool', but the operator now reconciles IP pools from
the Installation and silently reverts those edits. Split the step into
Operator and Manifest tabs: the Operator path patches
spec.calicoNetwork.ipPools[0].encapsulation on the Installation, and
the Manifest path keeps the original IP pool patch. Enterprise gets
the same treatment, with the FelixConfiguration ipipEnabled patch
under the Manifest tab.

Applied to OSS main, v3.32, v3.31 and Enterprise main, v3.23-1, v3.22-2.

Fixes #9426
…rprise

Chris pointed out that Enterprise doesn't support manifest installs, so
the Manifest tab on the Enterprise pages was wrong. Drop it and inline
the operator instructions. OSS keeps both tabs.

Also reworked the operator wording on both per Chris's suggestion: lead
with the patch command, then explain the operator reconciliation
behavior, then cover the multi-pool case.
Per Casey's review thread: the choice isn't operator vs manifest install,
it's whether the IP pools themselves are managed through the Installation
or created directly as IPPool resources. Both can apply on operator
installs. Restored the Tabs in the Enterprise pages with the new framing.
@caseydavenport caseydavenport force-pushed the fix-windows-disable-ipip-operator-docs branch from 5fe4419 to b6435f7 Compare May 11, 2026 21:06
@caseydavenport caseydavenport merged commit ed7f722 into main May 11, 2026
11 checks passed
@caseydavenport caseydavenport deleted the fix-windows-disable-ipip-operator-docs branch May 11, 2026 21:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

The configuration of Calico network when joining a Windows node to the Kubernetes cluster is not effective.

3 participants