tigera / docs Goto Github PK
View Code? Open in Web Editor NEWUnified docs repository for Calico and Tigera
License: Apache License 2.0
Unified docs repository for Calico and Tigera
License: Apache License 2.0
regardless if you
doesn't work grammatically, it should be regardless of whether you
Hello. In the documentation regarding load balancer service advertisement with BGP, it mentions to use Metallb to assign the IPs. However, it uses the old configuration method with the ConfigMap instead of the more recent CRDs (metallb v0.13):
kubectl create -f - <<EOF
apiVersion: v1
kind: ConfigMap
metadata:
namespace: metallb-system
name: config
data:
config: |
address-pools:
- name: default
protocol: bgp
addresses:
- x.x.x.x/16
EOF
It might be more interesting to propose the newer Metallb configuration:
kubectl create -f - <<EOF
kind: IPAddressPool
metadata:
name: default
namespace: metallb-system
spec:
addresses:
- x.x.x.x/16
EOF
There might be a reason that I'm not aware of to keep this as it is. Anyways, thank you!
Instructions to update Helm deployed Calico on a Kubernetes cluster is missing a step to update the CRDs if you are upgrading from a version prior to v3.23.0
Following the instructions looks like it passes (no pod errors if you just run a kubectl get pod -n calico-system
but looking at the logs for the tigera-operator
will reveal many resource update errors. This is because the CRDs have not been updated.
This was partially fixed in the "All other upgrades" section with #637 but the CRD update needs to happen with ALL updates.
PR to resolve incoming.
https://docs.tigera.io/calico-enterprise/3.15/getting-started/install-on-clusters/kubernetes/helm
helm install calico-enterprise tigera-operator-v3.15.5-0.tgz \ --set-file imagePullSecrets.tigera-pull-secret=<path/to/pull/secret>,tigera-prometheus-operator.imagePullSecrets.tigera-pull-secret=<path/to/pull/secret> \ --namespace tigera-operator
There is no chart called calico-enterprise in the archive but only tigera-operator, the overall instruction seems to not working if you don't have already installed calico CRDs
Based on this issue: projectcalico/calico#7561
We have reference documentation for this, but it's hard to follow if you don't know what you're looking for.
A "How-To" style doc would be really useful for a lot of users - we get this question a lot! It can cover all of the different pods / containers that support this.
Following the guide to create a Kubernetes Cluster with Windows Nodes using Install using Operator ends up with pod/calico-node-windows
not spawning due to encapsulation being set by default on VXLANCrossSubnet
, which is not supported.
The missing step from the guide is the part presented in the manual installation guide on If using Calico VXLAN networking
/cc @coutinhop
Here calico_versioned_docs/version-3.26/operations/image-options/alternate-registry.mdx
at the end we have an example of Installation.
registry field should be spec.registry but in the example it is spec.imagePullSecrets[0].registry
As a Kubernetes beginner, I started to secure the K8s Cluster with Calico Network Policyies and also wanted to log a few of them. I had to struggle with some problems there at the beginning, because I didn't understand how logging works at calico. Therefore I had looked for help in Slack (and got it successfully) :)
To make it easier for more beginners I made some notes and thought about what could be added in the documentation.
I figured out (maybe a bug) that if you want to allow/deny and log something, the "Log" action have to be always before the allow/deny action in the order . When not, nothing will be logged, because that creates two iptables rules. I would name this on the documentation
It would have been a great help to me if the logging of Calico's network policies had been better described . Before I had an conversation with Lance from calico, I didn´t know anything about that. I would explain that calico "only" adds some parameter to the iptables rule like the logging and prefix parameter. Also that the responsibility of calico ends (at least currently) there. Maybe also the standard syslog path like /var/log/messages or /var/log/syslog. I was only looking before at /var/log/calico/...
Best Practise Network Policy Logging: e.g. Global Deny, that logs each connection attempt, which will be dropped
Example Calico Network Policy Log
There are a number of errors that cspell doesn't catch that could be fixed...
adminstrators
associat
calicocttl
contrack
docusuarus
eccess
Entreprise
explicitely
feild
gress
hotpots
Kuberentes
loadblalancer
maintenace
neiljerram
outlyers
overriden
parner
runnibng
selctors
seperately
Syle
updting
verison
https://github.com/jsoref/tigera-docs/actions/runs/6887181623#summary-18733976011
I upgraded from calico v3.25.1 to calico v3.26.0 as described in "Upgrading an installation that uses manifests and the Kubernetes API datastore" but it failed. calico-node's status becomes Init:CrashLoopBackOff
.
calico-cni-plugin
is not created when execute kubectl replace
. (calico-cni-plugin was added in v3.26.0 projectcalico/calico#7106 )so I think we need to change kubectl replace
to kubectl apply
.https://github.com/tigera/docs/blob/main/calico/operations/upgrading/kubernetes-upgrade.mdx?plain=1#L136
# kubectl version
WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short. Use --output=yaml|json to get the full version.
Client Version: version.Info{Major:"1", Minor:"27", GitVersion:"v1.27.2", GitCommit:"7f6f68fdabc4df88cfea2dcf9a19b2b830f1e647", GitTreeState:"clean", BuildDate:"2023-05-17T14:20:07Z", GoVersion:"go1.20.4", Compiler:"gc", Platform:"linux/amd64"}
Kustomize Version: v5.0.1
Server Version: version.Info{Major:"1", Minor:"27", GitVersion:"v1.27.2", GitCommit:"7f6f68fdabc4df88cfea2dcf9a19b2b830f1e647", GitTreeState:"clean", BuildDate:"2023-05-17T14:13:28Z", GoVersion:"go1.20.4", Compiler:"gc", Platform:"linux/amd64"}
# calicoctl version
Client Version: v3.25.1
Git commit: 82dadbce1
Cluster Version: v3.25.1
Cluster Type: k8s,bgp,kubeadm,kdd
# kubectl replace -f 3.26.0/calico.yaml
poddisruptionbudget.policy/calico-kube-controllers replaced
serviceaccount/calico-kube-controllers replaced
serviceaccount/calico-node replaced
configmap/calico-config replaced
customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/caliconodestatuses.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/ipreservations.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/kubecontrollersconfigurations.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org replaced
clusterrole.rbac.authorization.k8s.io/calico-kube-controllers replaced
clusterrole.rbac.authorization.k8s.io/calico-node replaced
clusterrole.rbac.authorization.k8s.io/calico-cni-plugin replaced
clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers replaced
clusterrolebinding.rbac.authorization.k8s.io/calico-node replaced
clusterrolebinding.rbac.authorization.k8s.io/calico-cni-plugin replaced
daemonset.apps/calico-node replaced
deployment.apps/calico-kube-controllers replaced
Error from server (NotFound): error when replacing "3.26.0/calico.yaml": serviceaccounts "calico-cni-plugin" not found
Error from server (NotFound): error when replacing "3.26.0/calico.yaml": customresourcedefinitions.apiextensions.k8s.io "bgpfilters.crd.projectcalico.org" not found
# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-786b679988-d9qdv 0/1 Running 1 (7s ago) 73s
calico-node-l42zf 0/1 Init:CrashLoopBackOff 3 (21s ago) 75s
calico-node-tjkh5 0/1 Init:CrashLoopBackOff 2 (20s ago) 45s
coredns-5d78c9869d-l6rd2 1/1 Running 0 6m16s
coredns-5d78c9869d-v5jd7 1/1 Running 0 6m16s
etcd-k8s-master 1/1 Running 16 6m29s
kube-apiserver-k8s-master 1/1 Running 16 6m29s
kube-controller-manager-k8s-master 1/1 Running 12 6m29s
kube-proxy-kl5gx 1/1 Running 0 5m43s
kube-proxy-tvxkh 1/1 Running 0 6m16s
kube-scheduler-k8s-master 1/1 Running 17 6m29s
# kubectl logs -n kube-system calico-node-l42zf -c install-cni
2023-06-07 09:45:50.047 [INFO][1] cni-installer/<nil> <nil>: Running as a Kubernetes pod
2023-06-07 09:45:50.213 [INFO][1] cni-installer/<nil> <nil>: File is already up to date, skipping file="/host/opt/cni/bin/bandwidth"
2023-06-07 09:45:50.213 [INFO][1] cni-installer/<nil> <nil>: Installed /host/opt/cni/bin/bandwidth
2023-06-07 09:45:50.297 [INFO][1] cni-installer/<nil> <nil>: File is already up to date, skipping file="/host/opt/cni/bin/calico"
2023-06-07 09:45:50.297 [INFO][1] cni-installer/<nil> <nil>: Installed /host/opt/cni/bin/calico
2023-06-07 09:45:50.366 [INFO][1] cni-installer/<nil> <nil>: File is already up to date, skipping file="/host/opt/cni/bin/calico-ipam"
2023-06-07 09:45:50.366 [INFO][1] cni-installer/<nil> <nil>: Installed /host/opt/cni/bin/calico-ipam
2023-06-07 09:45:50.368 [INFO][1] cni-installer/<nil> <nil>: File is already up to date, skipping file="/host/opt/cni/bin/flannel"
2023-06-07 09:45:50.368 [INFO][1] cni-installer/<nil> <nil>: Installed /host/opt/cni/bin/flannel
2023-06-07 09:45:50.372 [INFO][1] cni-installer/<nil> <nil>: File is already up to date, skipping file="/host/opt/cni/bin/host-local"
2023-06-07 09:45:50.372 [INFO][1] cni-installer/<nil> <nil>: Installed /host/opt/cni/bin/host-local
2023-06-07 09:45:50.434 [INFO][1] cni-installer/<nil> <nil>: File is already up to date, skipping file="/host/opt/cni/bin/install"
2023-06-07 09:45:50.434 [INFO][1] cni-installer/<nil> <nil>: Installed /host/opt/cni/bin/install
2023-06-07 09:45:50.437 [INFO][1] cni-installer/<nil> <nil>: File is already up to date, skipping file="/host/opt/cni/bin/loopback"
2023-06-07 09:45:50.437 [INFO][1] cni-installer/<nil> <nil>: Installed /host/opt/cni/bin/loopback
2023-06-07 09:45:50.441 [INFO][1] cni-installer/<nil> <nil>: File is already up to date, skipping file="/host/opt/cni/bin/portmap"
2023-06-07 09:45:50.441 [INFO][1] cni-installer/<nil> <nil>: Installed /host/opt/cni/bin/portmap
2023-06-07 09:45:50.444 [INFO][1] cni-installer/<nil> <nil>: File is already up to date, skipping file="/host/opt/cni/bin/tuning"
2023-06-07 09:45:50.444 [INFO][1] cni-installer/<nil> <nil>: Installed /host/opt/cni/bin/tuning
2023-06-07 09:45:50.444 [INFO][1] cni-installer/<nil> <nil>: Wrote Calico CNI binaries to /host/opt/cni/bin
2023-06-07 09:45:50.461 [INFO][1] cni-installer/<nil> <nil>: CNI plugin version: v3.26.0
2023-06-07 09:45:50.461 [INFO][1] cni-installer/<nil> <nil>: /host/secondary-bin-dir is not writeable, skipping
W0607 09:45:50.461386 1 client_config.go:618] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
2023-06-07 09:45:50.874 [ERROR][1] cni-installer/<nil> <nil>: Unable to create token for CNI kubeconfig error=serviceaccounts "calico-cni-plugin" not found
2023-06-07 09:45:50.874 [FATAL][1] cni-installer/<nil> <nil>: Unable to create token for CNI kubeconfig error=serviceaccounts "calico-cni-plugin" not found
[background]
I am building a Windows-supported Kubernetes cluster with OCI.
OKE, OCI's managed Kubernetes, does not support Windows, so the Cluster API is used to build the cluster.
I thought it would be nice to have a supplement there, so I'd like to include it in the documentation if you don't mind.
[ex]
I would like to create a PR once I get your review.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.