From 59d223e6061e50c54dba66d4f1ea8433d45eee67 Mon Sep 17 00:00:00 2001 From: Christopher Tauchen Date: Tue, 7 Jan 2025 11:08:18 +0000 Subject: [PATCH] DOCS-2416: Moves ALP requirements from system requirements to feature docs --- calico/getting-started/kubernetes/requirements.mdx | 9 --------- calico/network-policy/istio/app-layer-policy.mdx | 1 + calico/network-policy/istio/enforce-policy-istio.mdx | 4 +++- .../getting-started/kubernetes/requirements.mdx | 9 --------- .../network-policy/istio/app-layer-policy.mdx | 1 + .../network-policy/istio/enforce-policy-istio.mdx | 4 +++- 6 files changed, 8 insertions(+), 20 deletions(-) diff --git a/calico/getting-started/kubernetes/requirements.mdx b/calico/getting-started/kubernetes/requirements.mdx index ca929cf258..47d4d0619c 100644 --- a/calico/getting-started/kubernetes/requirements.mdx +++ b/calico/getting-started/kubernetes/requirements.mdx @@ -123,15 +123,6 @@ IP ranges in your network, including: - The Kubernetes service cluster IP range - The range from which host IPs are allocated -## Application layer policy requirements - -- [MutatingAdmissionWebhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook) enabled -- Istio [v1.9](https://istio.io/v1.9/) or [v1.10](https://archive.istio.io/v1.10/) - -Note that Kubernetes version 1.16+ requires Istio version 1.2 or greater. -Note that Istio version 1.9 requires Kubernetes version 1.17-1.20. -Note that Istio version 1.10 is supported on Kubernetes version 1.18-1.21, but has been tested on Kubernetes version 1.22. - ## Kernel Dependencies :::tip diff --git a/calico/network-policy/istio/app-layer-policy.mdx b/calico/network-policy/istio/app-layer-policy.mdx index d4d110998e..83e93cfc7d 100644 --- a/calico/network-policy/istio/app-layer-policy.mdx +++ b/calico/network-policy/istio/app-layer-policy.mdx @@ -40,6 +40,7 @@ See [Enforce network policy using Istio tutorial](enforce-policy-istio.mdx) to l - [$[prodname] is installed](../../getting-started/kubernetes/index.mdx) - [calicoctl is installed and configured](../../operations/calicoctl/install.mdx) +- [MutatingAdmissionWebhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook) enabled **Istio support** diff --git a/calico/network-policy/istio/enforce-policy-istio.mdx b/calico/network-policy/istio/enforce-policy-istio.mdx index 3948aa17fb..8b51bd8af3 100644 --- a/calico/network-policy/istio/enforce-policy-istio.mdx +++ b/calico/network-policy/istio/enforce-policy-istio.mdx @@ -22,10 +22,12 @@ This tutorial was verified using Istio v1.10.2. Some content may not apply to th 3. Install the [calicoctl command line tool](../../operations/calicoctl/install.mdx). **Note**: Ensure calicoctl is configured to connect with your datastore. -4. [Enable application layer policy](app-layer-policy.mdx). +4. Enable [MutatingAdmissionWebhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook). +5. [Enable application layer policy](app-layer-policy.mdx). **Note**: Label the default namespace for the Istio sidecar injection (`istio-injection=enabled`). `kubectl label namespace default istio-injection=enabled` + ### Install the demo application We will use a simple microservice application to demonstrate $[prodname] diff --git a/calico_versioned_docs/version-3.29/getting-started/kubernetes/requirements.mdx b/calico_versioned_docs/version-3.29/getting-started/kubernetes/requirements.mdx index 74ab015084..432b7af18e 100644 --- a/calico_versioned_docs/version-3.29/getting-started/kubernetes/requirements.mdx +++ b/calico_versioned_docs/version-3.29/getting-started/kubernetes/requirements.mdx @@ -123,15 +123,6 @@ IP ranges in your network, including: - The Kubernetes service cluster IP range - The range from which host IPs are allocated -## Application layer policy requirements - -- [MutatingAdmissionWebhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook) enabled -- Istio [v1.9](https://istio.io/v1.9/) or [v1.10](https://archive.istio.io/v1.10/) - -Note that Kubernetes version 1.16+ requires Istio version 1.2 or greater. -Note that Istio version 1.9 requires Kubernetes version 1.17-1.20. -Note that Istio version 1.10 is supported on Kubernetes version 1.18-1.21, but has been tested on Kubernetes version 1.22. - ## Kernel Dependencies :::tip diff --git a/calico_versioned_docs/version-3.29/network-policy/istio/app-layer-policy.mdx b/calico_versioned_docs/version-3.29/network-policy/istio/app-layer-policy.mdx index d4d110998e..83e93cfc7d 100644 --- a/calico_versioned_docs/version-3.29/network-policy/istio/app-layer-policy.mdx +++ b/calico_versioned_docs/version-3.29/network-policy/istio/app-layer-policy.mdx @@ -40,6 +40,7 @@ See [Enforce network policy using Istio tutorial](enforce-policy-istio.mdx) to l - [$[prodname] is installed](../../getting-started/kubernetes/index.mdx) - [calicoctl is installed and configured](../../operations/calicoctl/install.mdx) +- [MutatingAdmissionWebhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook) enabled **Istio support** diff --git a/calico_versioned_docs/version-3.29/network-policy/istio/enforce-policy-istio.mdx b/calico_versioned_docs/version-3.29/network-policy/istio/enforce-policy-istio.mdx index 3948aa17fb..8b51bd8af3 100644 --- a/calico_versioned_docs/version-3.29/network-policy/istio/enforce-policy-istio.mdx +++ b/calico_versioned_docs/version-3.29/network-policy/istio/enforce-policy-istio.mdx @@ -22,10 +22,12 @@ This tutorial was verified using Istio v1.10.2. Some content may not apply to th 3. Install the [calicoctl command line tool](../../operations/calicoctl/install.mdx). **Note**: Ensure calicoctl is configured to connect with your datastore. -4. [Enable application layer policy](app-layer-policy.mdx). +4. Enable [MutatingAdmissionWebhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook). +5. [Enable application layer policy](app-layer-policy.mdx). **Note**: Label the default namespace for the Istio sidecar injection (`istio-injection=enabled`). `kubectl label namespace default istio-injection=enabled` + ### Install the demo application We will use a simple microservice application to demonstrate $[prodname]