tigera / docs Goto Github PK

Unified docs repository for Calico and Tigera

License: Apache License 2.0

JavaScript 1.87% CSS 0.02% SCSS 0.01% Makefile 0.01% HTML 27.83% Shell 0.02% PowerShell 0.26% TypeScript 0.06% MDX 69.92%

docs's People

Contributors

Stargazers

Watchers

Forkers

ctauchen bmckercher123 girishshankaran tigera tigera nelljerram sridhartigera dimitri-nicolo bartolini rene-dekker radtuti josh-tigera onong sujeet-kr mikestephen davido-tigera michalfupso tmjd radixo steventigera lwr20 song-jiang frozenprocess khatrig hjiawei coutinhop sgaist brian-mcm carezkh rajalakshmi-girish gcosgrave smloureiro tigeraphil penkeysuresh remram44 blue-troy asincu jaderhs ti-afra stevegaossou ebcrypto vara2504 aaaaaaaalex fasaxc mrtmarkovshaa sonchoy17 pasanw tomastigera gfyyypt samkookji77 michaelact sknat feize666 misterjacko malavikabala sigsegv1989 kkumtree disconn3ct krisjohnstone caseydavenport ozdanborne rodrigorfk k86td mgleung peterkellydev qhyou11 rorydoherty sabags gantony electricjesus ronanc-tigera mangkoran ashi009 mapgirll grinapo danudey jsoref wallrj diannaowa thongth1998 temitechie carlji sebhoss

docs's Issues

Need to correct the Installation example

Here calico_versioned_docs/version-3.26/operations/image-options/alternate-registry.mdx
at the end we have an example of Installation.
registry field should be spec.registry but in the example it is spec.imagePullSecrets[0].registry

Service Advertisement BGP, update to recent Metallb configuration

Hello. In the documentation regarding load balancer service advertisement with BGP, it mentions to use Metallb to assign the IPs. However, it uses the old configuration method with the ConfigMap instead of the more recent CRDs (metallb v0.13):

kubectl create -f - <<EOF
apiVersion: v1
kind: ConfigMap
metadata:
  namespace: metallb-system
  name: config
data:
  config: |
    address-pools:
    - name: default
      protocol: bgp
      addresses:
      - x.x.x.x/16
EOF

It might be more interesting to propose the newer Metallb configuration:

kubectl create -f - <<EOF
kind: IPAddressPool
metadata:
  name: default
  namespace: metallb-system
spec:
  addresses:
  - x.x.x.x/16
EOF

There might be a reason that I'm not aware of to keep this as it is. Anyways, thank you!

Grammar: regardless

regardless if you doesn't work grammatically, it should be regardless of whether you

Helm installation docs have some error

https://docs.tigera.io/calico-enterprise/3.15/getting-started/install-on-clusters/kubernetes/helm

helm install calico-enterprise tigera-operator-v3.15.5-0.tgz \ --set-file imagePullSecrets.tigera-pull-secret=<path/to/pull/secret>,tigera-prometheus-operator.imagePullSecrets.tigera-pull-secret=<path/to/pull/secret> \ --namespace tigera-operator

There is no chart called calico-enterprise in the archive but only tigera-operator, the overall instruction seems to not working if you don't have already installed calico CRDs

Project calico documentation: Expand calico network policy log documentation

As a Kubernetes beginner, I started to secure the K8s Cluster with Calico Network Policyies and also wanted to log a few of them. I had to struggle with some problems there at the beginning, because I didn't understand how logging works at calico. Therefore I had looked for help in Slack (and got it successfully) :)

To make it easier for more beginners I made some notes and thought about what could be added in the documentation.

I figured out (maybe a bug) that if you want to allow/deny and log something, the "Log" action have to be always before the allow/deny action in the order . When not, nothing will be logged, because that creates two iptables rules. I would name this on the documentation
It would have been a great help to me if the logging of Calico's network policies had been better described . Before I had an conversation with Lance from calico, I didn´t know anything about that. I would explain that calico "only" adds some parameter to the iptables rule like the logging and prefix parameter. Also that the responsibility of calico ends (at least currently) there. Maybe also the standard syslog path like /var/log/messages or /var/log/syslog. I was only looking before at /var/log/calico/...
Best Practise Network Policy Logging: e.g. Global Deny, that logs each connection attempt, which will be dropped
Example Calico Network Policy Log

How-to guide for setting memory and CPU limits, requests.

Based on this issue: projectcalico/calico#7561

We have reference documentation for this, but it's hard to follow if you don't know what you're looking for.

A "How-To" style doc would be really useful for a lot of users - we get this question a lot! It can cover all of the different pods / containers that support this.

CC @bmckercher123

Calico Helm Upgrade from v3.23.0 Missing CRD Update Step

Instructions to update Helm deployed Calico on a Kubernetes cluster is missing a step to update the CRDs if you are upgrading from a version prior to v3.23.0

Following the instructions looks like it passes (no pod errors if you just run a kubectl get pod -n calico-system but looking at the logs for the tigera-operator will reveal many resource update errors. This is because the CRDs have not been updated.

This was partially fixed in the "All other upgrades" section with #637 but the CRD update needs to happen with ALL updates.

PR to resolve incoming.

Spelling

There are a number of errors that cspell doesn't catch that could be fixed...

including...

adminstrators
associat
calicocttl
contrack
docusuarus
eccess
Entreprise
explicitely
feild
gress
hotpots
Kuberentes
loadblalancer
maintenace
neiljerram
outlyers
overriden
parner
runnibng
selctors
seperately
Syle
updting
verison

https://github.com/jsoref/tigera-docs/actions/runs/6887181623#summary-18733976011

Failed to Upgrade Calico v3.25.1 to v3.26.0

I upgraded from calico v3.25.1 to calico v3.26.0 as described in "Upgrading an installation that uses manifests and the Kubernetes API datastore" but it failed. calico-node's status becomes Init:CrashLoopBackOff.

calico-cni-plugin is not created when execute kubectl replace. (calico-cni-plugin was added in v3.26.0 projectcalico/calico#7106 )so I think we need to change kubectl replace to kubectl apply.https://github.com/tigera/docs/blob/main/calico/operations/upgrading/kubernetes-upgrade.mdx?plain=1#L136

# kubectl version
WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short.  Use --output=yaml|json to get the full version.
Client Version: version.Info{Major:"1", Minor:"27", GitVersion:"v1.27.2", GitCommit:"7f6f68fdabc4df88cfea2dcf9a19b2b830f1e647", GitTreeState:"clean", BuildDate:"2023-05-17T14:20:07Z", GoVersion:"go1.20.4", Compiler:"gc", Platform:"linux/amd64"}
Kustomize Version: v5.0.1
Server Version: version.Info{Major:"1", Minor:"27", GitVersion:"v1.27.2", GitCommit:"7f6f68fdabc4df88cfea2dcf9a19b2b830f1e647", GitTreeState:"clean", BuildDate:"2023-05-17T14:13:28Z", GoVersion:"go1.20.4", Compiler:"gc", Platform:"linux/amd64"}

# calicoctl version
Client Version:    v3.25.1
Git commit:        82dadbce1
Cluster Version:   v3.25.1
Cluster Type:      k8s,bgp,kubeadm,kdd

# kubectl replace -f 3.26.0/calico.yaml
poddisruptionbudget.policy/calico-kube-controllers replaced
serviceaccount/calico-kube-controllers replaced
serviceaccount/calico-node replaced
configmap/calico-config replaced
customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/caliconodestatuses.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/ipreservations.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/kubecontrollersconfigurations.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org replaced
customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org replaced
clusterrole.rbac.authorization.k8s.io/calico-kube-controllers replaced
clusterrole.rbac.authorization.k8s.io/calico-node replaced
clusterrole.rbac.authorization.k8s.io/calico-cni-plugin replaced
clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers replaced
clusterrolebinding.rbac.authorization.k8s.io/calico-node replaced
clusterrolebinding.rbac.authorization.k8s.io/calico-cni-plugin replaced
daemonset.apps/calico-node replaced
deployment.apps/calico-kube-controllers replaced
Error from server (NotFound): error when replacing "3.26.0/calico.yaml": serviceaccounts "calico-cni-plugin" not found
Error from server (NotFound): error when replacing "3.26.0/calico.yaml": customresourcedefinitions.apiextensions.k8s.io "bgpfilters.crd.projectcalico.org" not found


# kubectl get pods -n kube-system
NAME                                       READY   STATUS                  RESTARTS      AGE
calico-kube-controllers-786b679988-d9qdv   0/1     Running                 1 (7s ago)    73s
calico-node-l42zf                          0/1     Init:CrashLoopBackOff   3 (21s ago)   75s
calico-node-tjkh5                          0/1     Init:CrashLoopBackOff   2 (20s ago)   45s
coredns-5d78c9869d-l6rd2                   1/1     Running                 0             6m16s
coredns-5d78c9869d-v5jd7                   1/1     Running                 0             6m16s
etcd-k8s-master                            1/1     Running                 16            6m29s
kube-apiserver-k8s-master                  1/1     Running                 16            6m29s
kube-controller-manager-k8s-master         1/1     Running                 12            6m29s
kube-proxy-kl5gx                           1/1     Running                 0             5m43s
kube-proxy-tvxkh                           1/1     Running                 0             6m16s
kube-scheduler-k8s-master                  1/1     Running                 17            6m29s


# kubectl logs -n kube-system calico-node-l42zf -c install-cni
2023-06-07 09:45:50.047 [INFO][1] cni-installer/<nil> <nil>: Running as a Kubernetes pod
2023-06-07 09:45:50.213 [INFO][1] cni-installer/<nil> <nil>: File is already up to date, skipping file="/host/opt/cni/bin/bandwidth"
2023-06-07 09:45:50.213 [INFO][1] cni-installer/<nil> <nil>: Installed /host/opt/cni/bin/bandwidth
2023-06-07 09:45:50.297 [INFO][1] cni-installer/<nil> <nil>: File is already up to date, skipping file="/host/opt/cni/bin/calico"
2023-06-07 09:45:50.297 [INFO][1] cni-installer/<nil> <nil>: Installed /host/opt/cni/bin/calico
2023-06-07 09:45:50.366 [INFO][1] cni-installer/<nil> <nil>: File is already up to date, skipping file="/host/opt/cni/bin/calico-ipam"
2023-06-07 09:45:50.366 [INFO][1] cni-installer/<nil> <nil>: Installed /host/opt/cni/bin/calico-ipam
2023-06-07 09:45:50.368 [INFO][1] cni-installer/<nil> <nil>: File is already up to date, skipping file="/host/opt/cni/bin/flannel"
2023-06-07 09:45:50.368 [INFO][1] cni-installer/<nil> <nil>: Installed /host/opt/cni/bin/flannel
2023-06-07 09:45:50.372 [INFO][1] cni-installer/<nil> <nil>: File is already up to date, skipping file="/host/opt/cni/bin/host-local"
2023-06-07 09:45:50.372 [INFO][1] cni-installer/<nil> <nil>: Installed /host/opt/cni/bin/host-local
2023-06-07 09:45:50.434 [INFO][1] cni-installer/<nil> <nil>: File is already up to date, skipping file="/host/opt/cni/bin/install"
2023-06-07 09:45:50.434 [INFO][1] cni-installer/<nil> <nil>: Installed /host/opt/cni/bin/install
2023-06-07 09:45:50.437 [INFO][1] cni-installer/<nil> <nil>: File is already up to date, skipping file="/host/opt/cni/bin/loopback"
2023-06-07 09:45:50.437 [INFO][1] cni-installer/<nil> <nil>: Installed /host/opt/cni/bin/loopback
2023-06-07 09:45:50.441 [INFO][1] cni-installer/<nil> <nil>: File is already up to date, skipping file="/host/opt/cni/bin/portmap"
2023-06-07 09:45:50.441 [INFO][1] cni-installer/<nil> <nil>: Installed /host/opt/cni/bin/portmap
2023-06-07 09:45:50.444 [INFO][1] cni-installer/<nil> <nil>: File is already up to date, skipping file="/host/opt/cni/bin/tuning"
2023-06-07 09:45:50.444 [INFO][1] cni-installer/<nil> <nil>: Installed /host/opt/cni/bin/tuning
2023-06-07 09:45:50.444 [INFO][1] cni-installer/<nil> <nil>: Wrote Calico CNI binaries to /host/opt/cni/bin

2023-06-07 09:45:50.461 [INFO][1] cni-installer/<nil> <nil>: CNI plugin version: v3.26.0

2023-06-07 09:45:50.461 [INFO][1] cni-installer/<nil> <nil>: /host/secondary-bin-dir is not writeable, skipping
W0607 09:45:50.461386       1 client_config.go:618] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
2023-06-07 09:45:50.874 [ERROR][1] cni-installer/<nil> <nil>: Unable to create token for CNI kubeconfig error=serviceaccounts "calico-cni-plugin" not found
2023-06-07 09:45:50.874 [FATAL][1] cni-installer/<nil> <nil>: Unable to create token for CNI kubeconfig error=serviceaccounts "calico-cni-plugin" not found

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

Jobs

Jooble