Fix Windows requirements: IPPool patch is reverted by operator#2680
Conversation
✅ Deploy Preview for calico-docs-preview-next ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
✅ Deploy Preview succeeded!
To edit notification comments on pull requests, go to your Netlify project configuration. |
ctauchen
left a comment
There was a problem hiding this comment.
Some suggested wording, and a question about having manifest paths in CE.
There was a problem hiding this comment.
Pull request overview
Updates the Windows requirements documentation so that disabling IP-in-IP (IPIP) works correctly on operator-managed clusters, where direct IPPool edits are reconciled back by the operator.
Changes:
- Add Operator vs Manifest instructions for disabling IPIP in Calico OSS Windows requirements (main + v3.31 + v3.32).
- For operator installs, switch the documented change from patching
IPPoolto patching theInstallationresource’sspec.calicoNetwork.ipPools[*].encapsulation. - Update Calico Enterprise Windows requirements (main + v3.22-2 + v3.23-1) to use the
Installationpatch approach.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| calico/getting-started/kubernetes/windows-calico/requirements.mdx | Adds Operator/Manifest tabs and updates guidance so operator users patch Installation instead of IPPool. |
| calico_versioned_docs/version-3.31/getting-started/kubernetes/windows-calico/requirements.mdx | Same as OSS main for v3.31 docs. |
| calico_versioned_docs/version-3.32/getting-started/kubernetes/windows-calico/requirements.mdx | Same as OSS main for v3.32 docs. |
| calico-enterprise/getting-started/install-on-clusters/windows-calico/requirements.mdx | Updates Enterprise Windows requirements to patch Installation for encapsulation. |
| calico-enterprise_versioned_docs/version-3.22-2/getting-started/install-on-clusters/windows-calico/requirements.mdx | Same Enterprise update for v3.22-2 docs. |
| calico-enterprise_versioned_docs/version-3.23-1/getting-started/install-on-clusters/windows-calico/requirements.mdx | Same Enterprise update for v3.23-1 docs. |
|
@ctauchen ready for another look. Took your wording on the Enterprise pages, reframed the tabs as Operator managed IP pools vs User managed IP pools (works on both OSS and Enterprise since both pool-management modes are valid on operator installs), and added a BGP-without-encap variant under the user-managed tab on the OSS pages. |
|
Thanks @caseydavenport. Please rebase with latest build fixes, then you should be good to go. |
The Linux platform requirements section told users to disable IPIP via 'kubectl patch ippool', but the operator now reconciles IP pools from the Installation and silently reverts those edits. Split the step into Operator and Manifest tabs: the Operator path patches spec.calicoNetwork.ipPools[0].encapsulation on the Installation, and the Manifest path keeps the original IP pool patch. Enterprise gets the same treatment, with the FelixConfiguration ipipEnabled patch under the Manifest tab. Applied to OSS main, v3.32, v3.31 and Enterprise main, v3.23-1, v3.22-2. Fixes #9426
…rprise Chris pointed out that Enterprise doesn't support manifest installs, so the Manifest tab on the Enterprise pages was wrong. Drop it and inline the operator instructions. OSS keeps both tabs. Also reworked the operator wording on both per Chris's suggestion: lead with the patch command, then explain the operator reconciliation behavior, then cover the multi-pool case.
Per Casey's review thread: the choice isn't operator vs manifest install, it's whether the IP pools themselves are managed through the Installation or created directly as IPPool resources. Both can apply on operator installs. Restored the Tabs in the Enterprise pages with the new framing.
5fe4419 to
b6435f7
Compare

The Windows requirements page tells users to disable IPIP via
kubectl patch ippool default-ipv4-ippool ..., but on operator-managed clusters the operator reconciles IP pools from theInstallationand silently reverts those edits, so the documented step has no effect. That is what projectcalico/calico#9426 hit.Split the encapsulation step into two tabs: Operator managed IP pools patches
spec.calicoNetwork.ipPools[*].encapsulationon theInstallation, and User managed IP pools patches theIPPooldirectly. Both modes are valid on operator installs, so this framing works on both OSS and Enterprise.Applied to OSS main, v3.32, v3.31 and Enterprise main, v3.23-1, v3.22-2.
Fixes projectcalico/calico#9426