From c8e39063c99d5501b0f0d07d9a4a71c69d39f975 Mon Sep 17 00:00:00 2001 From: Michal Fupso Date: Mon, 3 Mar 2025 09:06:27 -0800 Subject: [PATCH 1/3] Update host endpoint controller configuration --- .../network-policy/hosts/kubernetes-nodes.mdx | 3 ++ .../resources/kubecontrollersconfig.mdx | 36 +++++++++++++++---- 2 files changed, 33 insertions(+), 6 deletions(-) diff --git a/calico/network-policy/hosts/kubernetes-nodes.mdx b/calico/network-policy/hosts/kubernetes-nodes.mdx index a5f98de4e7..2cb5852bcf 100644 --- a/calico/network-policy/hosts/kubernetes-nodes.mdx +++ b/calico/network-policy/hosts/kubernetes-nodes.mdx @@ -28,6 +28,9 @@ $[prodname] creates a wildcard host endpoint for each node, with the host endpoi $[prodname] will ensure these managed host endpoints maintain the same labels and IP addresses as its node by periodic syncs. This means that policy targeting these automatic host endpoints will function correctly with the policy put in place to select those nodes, even if over time the node's IPs or labels change. +$[prodname] is also able to create and manage custom host endpoints for nodes, based on user specified templates. +This allows you to fine tune which interfaces should be included in the host endpoint and for which nodes these host endpoints should be created. The host endpoint templates can be enabled by updating [KubeControllersConfig](../../reference/resources/kubecontrollersconfig) + Automatic host endpoints are differentiated from other host endpoints by the label `projectcalico.org/created-by: calico-kube-controllers`. Enable or disable automatic host endpoints by configuring the default KubeControllersConfiguration resource. diff --git a/calico/reference/resources/kubecontrollersconfig.mdx b/calico/reference/resources/kubecontrollersconfig.mdx index 686a66bde8..dae2c90931 100644 --- a/calico/reference/resources/kubecontrollersconfig.mdx +++ b/calico/reference/resources/kubecontrollersconfig.mdx @@ -4,6 +4,8 @@ description: API for KubeControllersConfiguration resource. # Kubernetes controllers configuration +import Selectors from '@site/calico/_includes/content/_selectors.mdx'; + A $[prodname] [Kubernetes controllers](../kube-controllers/configuration.mdx) configuration resource (`KubeControllersConfiguration`) represents configuration options for the $[prodname] Kubernetes controllers. ## Sample YAML @@ -25,6 +27,7 @@ spec: syncLabels: Enabled hostEndpoint: autoCreate: Disabled + createDefaultHostEndpoint: Enabled policy: reconcilerPeriod: 5m workloadEndpoint: @@ -73,16 +76,37 @@ The node controller automatically cleans up configuration for nodes that no long | Field | Description | Accepted Values | Schema | Default | | ---------------- | --------------------------------------------------------------------------------- | ----------------- | --------------------------------- | ------- | -| reconcilerPeriod | Period to perform reconciliation with the $[prodname] datastore | | [Duration string][parse-duration] | 5m | -| syncLabels | When enabled, Kubernetes node labels will be copied to $[prodname] node objects. | Enabled, Disabled | string | Enabled | -| hostEndpoint | Controls allocation of host endpoints | | [HostEndpoint](#hostendpoint) | | +| reconcilerPeriod | Period to perform reconciliation with the $[prodname] datastore | | [Duration string][parse-duration] | 5m | +| syncLabels | When enabled, Kubernetes node labels will be copied to $[prodname] node objects. | Enabled, Disabled | string | Enabled | +| hostEndpoint | Configure the host endpoint controller | | [HostEndpoint](#hostendpoint) | | | leakGracePeriod | Grace period to use when garbage collecting suspected leaked IP addresses. | | [Duration string][parse-duration] | 15m | ### HostEndpoint -| Field | Description | Accepted Values | Schema | Default | -| ---------- | ---------------------------------------------------------------- | ----------------- | ------ | -------- | -| autoCreate | When enabled, automatically create a host endpoint for each node | Enabled, Disabled | string | Disabled | +| Field | Description | Accepted Values | Schema | Default | +| ------------------------- | ---------------------------------------------------------------- | ----------------- | --------------------- | -------- | +| autoCreate | When enabled, automatically create a host endpoints | Enabled, Disabled | string | Disabled | +| createDefaultHostEndpoint | When enabled, default host endpoint will be created | Enabled, Disabled | string | Enabled | +| templates | Controlls creation of custom host endpoints | | [Template](#template) | | + +### Template + +| Field | Description | Accepted Values | Schema | Default | +| ------------------------- | ----------------------------------------------------------------------------------- | ------------------- | ---------------------- | -------- | +| name | Unique name used as suffix for host endpoints created based on this template | Alphanumeric string | string | | +| nodeSelector | Selects the nodes for which this template should create host endpoint | | [Selector](#selectors) | all() | +| interfaceSelectorCIDR | List of networks specified in CIDR notation | List of valid CIDRs | List string | | +| labels | Labels to be added to generated host endpoints matching this template | | [Label](#label) | | + +### Label +| Field | Description | Accepted Values | Schema | Default | +| ------------------------- | ---------------------------------------------------------------- | ------------------- | --------- | -------- | +| name | Name for the label | Alphanumeric string | string | | +| value | Label value | Alphanumeric string | string | | + +### Selectors + + ### PolicyController From a05dd15b6cb15dbf3629fed3634745cb79c87d00 Mon Sep 17 00:00:00 2001 From: Michal Fupso Date: Wed, 5 Mar 2025 14:20:56 -0800 Subject: [PATCH 2/3] Update kubecontrollerconfiguration example --- .../network-policy/hosts/kubernetes-nodes.mdx | 3 +- .../resources/kubecontrollersconfig.mdx | 35 ++++++++++--------- 2 files changed, 20 insertions(+), 18 deletions(-) diff --git a/calico/network-policy/hosts/kubernetes-nodes.mdx b/calico/network-policy/hosts/kubernetes-nodes.mdx index 2cb5852bcf..46c673c13b 100644 --- a/calico/network-policy/hosts/kubernetes-nodes.mdx +++ b/calico/network-policy/hosts/kubernetes-nodes.mdx @@ -29,7 +29,8 @@ $[prodname] will ensure these managed host endpoints maintain the same labels an This means that policy targeting these automatic host endpoints will function correctly with the policy put in place to select those nodes, even if over time the node's IPs or labels change. $[prodname] is also able to create and manage custom host endpoints for nodes, based on user specified templates. -This allows you to fine tune which interfaces should be included in the host endpoint and for which nodes these host endpoints should be created. The host endpoint templates can be enabled by updating [KubeControllersConfig](../../reference/resources/kubecontrollersconfig) +This allows you to fine-tune which interfaces should be included in the host endpoint and for which nodes these host endpoints should be created. +The host endpoint templates can be enabled by updating [KubeControllersConfig](../../reference/resources/kubecontrollersconfig.mdx). Automatic host endpoints are differentiated from other host endpoints by the label `projectcalico.org/created-by: calico-kube-controllers`. Enable or disable automatic host endpoints by configuring the default KubeControllersConfiguration resource. diff --git a/calico/reference/resources/kubecontrollersconfig.mdx b/calico/reference/resources/kubecontrollersconfig.mdx index dae2c90931..5cb432b14f 100644 --- a/calico/reference/resources/kubecontrollersconfig.mdx +++ b/calico/reference/resources/kubecontrollersconfig.mdx @@ -2,10 +2,10 @@ description: API for KubeControllersConfiguration resource. --- -# Kubernetes controllers configuration - import Selectors from '@site/calico/_includes/content/_selectors.mdx'; +# Kubernetes controllers configuration + A $[prodname] [Kubernetes controllers](../kube-controllers/configuration.mdx) configuration resource (`KubeControllersConfiguration`) represents configuration options for the $[prodname] Kubernetes controllers. ## Sample YAML @@ -28,6 +28,13 @@ spec: hostEndpoint: autoCreate: Disabled createDefaultHostEndpoint: Enabled + templates: + - name: custom-host-endpoint + interfaceSelectorCIDR: + - 1.2.3.0/24 + nodeSelector: "has(my-label)" + labels: + key: value policy: reconcilerPeriod: 5m workloadEndpoint: @@ -78,31 +85,25 @@ The node controller automatically cleans up configuration for nodes that no long | ---------------- | --------------------------------------------------------------------------------- | ----------------- | --------------------------------- | ------- | | reconcilerPeriod | Period to perform reconciliation with the $[prodname] datastore | | [Duration string][parse-duration] | 5m | | syncLabels | When enabled, Kubernetes node labels will be copied to $[prodname] node objects. | Enabled, Disabled | string | Enabled | -| hostEndpoint | Configure the host endpoint controller | | [HostEndpoint](#hostendpoint) | | +| hostEndpoint | Configures the host endpoint controller | | [HostEndpoint](#hostendpoint) | | | leakGracePeriod | Grace period to use when garbage collecting suspected leaked IP addresses. | | [Duration string][parse-duration] | 15m | ### HostEndpoint | Field | Description | Accepted Values | Schema | Default | | ------------------------- | ---------------------------------------------------------------- | ----------------- | --------------------- | -------- | -| autoCreate | When enabled, automatically create a host endpoints | Enabled, Disabled | string | Disabled | +| autoCreate | When enabled, automatically create host endpoints | Enabled, Disabled | string | Disabled | | createDefaultHostEndpoint | When enabled, default host endpoint will be created | Enabled, Disabled | string | Enabled | -| templates | Controlls creation of custom host endpoints | | [Template](#template) | | +| templates | Controls creation of custom host endpoints | | [Template](#template) | | ### Template -| Field | Description | Accepted Values | Schema | Default | -| ------------------------- | ----------------------------------------------------------------------------------- | ------------------- | ---------------------- | -------- | -| name | Unique name used as suffix for host endpoints created based on this template | Alphanumeric string | string | | -| nodeSelector | Selects the nodes for which this template should create host endpoint | | [Selector](#selectors) | all() | -| interfaceSelectorCIDR | List of networks specified in CIDR notation | List of valid CIDRs | List string | | -| labels | Labels to be added to generated host endpoints matching this template | | [Label](#label) | | - -### Label -| Field | Description | Accepted Values | Schema | Default | -| ------------------------- | ---------------------------------------------------------------- | ------------------- | --------- | -------- | -| name | Name for the label | Alphanumeric string | string | | -| value | Label value | Alphanumeric string | string | | +| Field | Description | Accepted Values | Schema | Default | +| ------------------------- | ----------------------------------------------------------------------------------- | ------------------- | ----------------------------------- | -------- | +| name | Unique name used as suffix for host endpoints created based on this template | Alphanumeric string | string | | +| nodeSelector | Selects the nodes for which this template should create host endpoints | | [Selector](#selectors) | all() | +| interfaceSelectorCIDR | List of networks specified in CIDR notation | List of valid CIDRs | List string | | +| labels | Labels to be added to generated host endpoints matching this template | | map of string key to string values | | ### Selectors From c7b7e84e41a87b81e5f9fa0509a31493569df612 Mon Sep 17 00:00:00 2001 From: Michal Fupso Date: Wed, 5 Mar 2025 14:28:37 -0800 Subject: [PATCH 3/3] copy docs to ee and cloud --- .../network-policy/hosts/kubernetes-nodes.mdx | 4 ++ .../resources/kubecontrollersconfig.mdx | 39 +++++++++++++++---- .../network-policy/hosts/kubernetes-nodes.mdx | 4 ++ .../resources/kubecontrollersconfig.mdx | 39 +++++++++++++++---- .../resources/kubecontrollersconfig.mdx | 6 +-- 5 files changed, 75 insertions(+), 17 deletions(-) diff --git a/calico-cloud/network-policy/hosts/kubernetes-nodes.mdx b/calico-cloud/network-policy/hosts/kubernetes-nodes.mdx index 0f9717c97c..b309935403 100644 --- a/calico-cloud/network-policy/hosts/kubernetes-nodes.mdx +++ b/calico-cloud/network-policy/hosts/kubernetes-nodes.mdx @@ -28,6 +28,10 @@ $[prodname] creates a wildcard host endpoint for each node, with the host endpoi $[prodname] will ensure these managed host endpoints maintain the same labels and IP addresses as its node by periodic syncs. This means that policy targeting these automatic host endpoints will function correctly with the policy put in place to select those nodes, even if over time the node's IPs or labels change. +$[prodname] is also able to create and manage custom host endpoints for nodes, based on user specified templates. +This allows you to fine-tune which interfaces should be included in the host endpoint and for which nodes these host endpoints should be created. +The host endpoint templates can be enabled by updating [KubeControllersConfig](../../reference/resources/kubecontrollersconfig.mdx). + Automatic host endpoints are differentiated from other host endpoints by the label `projectcalico.org/created-by: calico-kube-controllers`. Enable or disable automatic host endpoints by configuring the default KubeControllersConfiguration resource. diff --git a/calico-cloud/reference/resources/kubecontrollersconfig.mdx b/calico-cloud/reference/resources/kubecontrollersconfig.mdx index 47e1a96784..e495c66bc1 100644 --- a/calico-cloud/reference/resources/kubecontrollersconfig.mdx +++ b/calico-cloud/reference/resources/kubecontrollersconfig.mdx @@ -2,6 +2,8 @@ description: API for KubeControllersConfiguration resource. --- +import Selectors from '@site/calico-cloud/_includes/content/_selectors.mdx'; + # Kubernetes controllers configuration A $[prodname] [Kubernetes controllers](../component-resources/kube-controllers/configuration.mdx) configuration resource (`KubeControllersConfiguration`) represents configuration options for the $[prodname] Kubernetes controllers. @@ -24,6 +26,14 @@ spec: syncLabels: Enabled hostEndpoint: autoCreate: Disabled + createDefaultHostEndpoint: Enabled + templates: + - name: custom-host-endpoint + interfaceSelectorCIDR: + - 1.2.3.0/24 + nodeSelector: "has(my-label)" + labels: + key: value loadbalancer: assignIPs: AllServices ``` @@ -59,18 +69,33 @@ spec: The node controller automatically cleans up configuration for nodes that no longer exist. Optionally, it can create host endpoints for all Kubernetes nodes. -| Field | Description | Accepted Values | Schema | Default | -| ---------------- | --------------------------------------------------------------------------------- | ----------------- | --------------------------------- | ------- | +| Field | Description | Accepted Values | Schema | Default | +| ---------------- | -------------------------------------------------------------------------------- | ----------------- | --------------------------------- | ------- | | reconcilerPeriod | Period to perform reconciliation with the $[prodname] datastore | | [Duration string][parse-duration] | 5m | | syncLabels | When enabled, Kubernetes node labels will be copied to $[prodname] node objects. | Enabled, Disabled | string | Enabled | -| hostEndpoint | Controls allocation of host endpoints | | [HostEndpoint](#hostendpoint) | | -| leakGracePeriod | Grace period to use when garbage collecting suspected leaked IP addresses. | | [Duration string][parse-duration] | 15m | +| hostEndpoint | Configures the host endpoint controller | | [HostEndpoint](#hostendpoint) | | +| leakGracePeriod | Grace period to use when garbage collecting suspected leaked IP addresses. | | [Duration string][parse-duration] | 15m | ### HostEndpoint -| Field | Description | Accepted Values | Schema | Default | -| ---------- | ---------------------------------------------------------------- | ----------------- | ------ | -------- | -| autoCreate | When enabled, automatically create a host endpoint for each node | Enabled, Disabled | string | Disabled | +| Field | Description | Accepted Values | Schema | Default | +| ------------------------- | ---------------------------------------------------------------- | ----------------- | --------------------- | -------- | +| autoCreate | When enabled, automatically create host endpoints | Enabled, Disabled | string | Disabled | +| createDefaultHostEndpoint | When enabled, default host endpoint will be created | Enabled, Disabled | string | Enabled | +| templates | Controls creation of custom host endpoints | | [Template](#template) | | + +### Template + +| Field | Description | Accepted Values | Schema | Default | +| ------------------------- | ----------------------------------------------------------------------------------- | ------------------- | ----------------------------------- | -------- | +| name | Unique name used as suffix for host endpoints created based on this template | Alphanumeric string | string | | +| nodeSelector | Selects the nodes for which this template should create host endpoints | | [Selector](#selectors) | all() | +| interfaceSelectorCIDR | List of networks specified in CIDR notation | List of valid CIDRs | List string | | +| labels | Labels to be added to generated host endpoints matching this template | | map of string key to string values | | + +### Selectors + + ### FederatedServicesController diff --git a/calico-enterprise/network-policy/hosts/kubernetes-nodes.mdx b/calico-enterprise/network-policy/hosts/kubernetes-nodes.mdx index c150726e5a..8fb50e17e3 100644 --- a/calico-enterprise/network-policy/hosts/kubernetes-nodes.mdx +++ b/calico-enterprise/network-policy/hosts/kubernetes-nodes.mdx @@ -28,6 +28,10 @@ $[prodname] creates a wildcard host endpoint for each node, with the host endpoi $[prodname] will ensure these managed host endpoints maintain the same labels and IP addresses as its node by periodic syncs. This means that policy targeting these automatic host endpoints will function correctly with the policy put in place to select those nodes, even if over time the node's IPs or labels change. +$[prodname] is also able to create and manage custom host endpoints for nodes, based on user specified templates. +This allows you to fine-tune which interfaces should be included in the host endpoint and for which nodes these host endpoints should be created. +The host endpoint templates can be enabled by updating [KubeControllersConfig](../../reference/resources/kubecontrollersconfig.mdx). + Automatic host endpoints are differentiated from other host endpoints by the label `projectcalico.org/created-by: calico-kube-controllers`. Enable or disable automatic host endpoints by configuring the default KubeControllersConfiguration resource. diff --git a/calico-enterprise/reference/resources/kubecontrollersconfig.mdx b/calico-enterprise/reference/resources/kubecontrollersconfig.mdx index f528c9cdca..a50e9be1fc 100644 --- a/calico-enterprise/reference/resources/kubecontrollersconfig.mdx +++ b/calico-enterprise/reference/resources/kubecontrollersconfig.mdx @@ -2,6 +2,8 @@ description: API for KubeControllersConfiguration resource. --- +import Selectors from '@site/calico-enterprise/_includes/content/_selectors.mdx'; + # Kubernetes controllers configuration A $[prodname] [Kubernetes controllers](../component-resources/kube-controllers/configuration.mdx) configuration resource (`KubeControllersConfiguration`) represents configuration options for the $[prodname] Kubernetes controllers. @@ -24,6 +26,14 @@ spec: syncLabels: Enabled hostEndpoint: autoCreate: Disabled + createDefaultHostEndpoint: Enabled + templates: + - name: custom-host-endpoint + interfaceSelectorCIDR: + - 1.2.3.0/24 + nodeSelector: "has(my-label)" + labels: + key: value loadbalancer: assignIPs: AllServices ``` @@ -58,18 +68,33 @@ spec: The node controller automatically cleans up configuration for nodes that no longer exist. Optionally, it can create host endpoints for all Kubernetes nodes. -| Field | Description | Accepted Values | Schema | Default | -| ---------------- | --------------------------------------------------------------------------------- | ----------------- | --------------------------------- | ------- | +| Field | Description | Accepted Values | Schema | Default | +| ---------------- | -------------------------------------------------------------------------------- | ----------------- | --------------------------------- | ------- | | reconcilerPeriod | Period to perform reconciliation with the $[prodname] datastore | | [Duration string][parse-duration] | 5m | | syncLabels | When enabled, Kubernetes node labels will be copied to $[prodname] node objects. | Enabled, Disabled | string | Enabled | -| hostEndpoint | Controls allocation of host endpoints | | [HostEndpoint](#hostendpoint) | | -| leakGracePeriod | Grace period to use when garbage collecting suspected leaked IP addresses. | | [Duration string][parse-duration] | 15m | +| hostEndpoint | Configures the host endpoint controlle | | [HostEndpoint](#hostendpoint) | | +| leakGracePeriod | Grace period to use when garbage collecting suspected leaked IP addresses. | | [Duration string][parse-duration] | 15m | ### HostEndpoint -| Field | Description | Accepted Values | Schema | Default | -| ---------- | ---------------------------------------------------------------- | ----------------- | ------ | -------- | -| autoCreate | When enabled, automatically create a host endpoint for each node | Enabled, Disabled | string | Disabled | +| Field | Description | Accepted Values | Schema | Default | +| ------------------------- | ---------------------------------------------------------------- | ----------------- | --------------------- | -------- | +| autoCreate | When enabled, automatically create host endpoints | Enabled, Disabled | string | Disabled | +| createDefaultHostEndpoint | When enabled, default host endpoint will be created | Enabled, Disabled | string | Enabled | +| templates | Controls creation of custom host endpoints | | [Template](#template) | | + +### Template + +| Field | Description | Accepted Values | Schema | Default | +| ------------------------- | ----------------------------------------------------------------------------------- | ------------------- | ----------------------------------- | -------- | +| name | Unique name used as suffix for host endpoints created based on this template | Alphanumeric string | string | | +| nodeSelector | Selects the nodes for which this template should create host endpoints | | [Selector](#selectors) | all() | +| interfaceSelectorCIDR | List of networks specified in CIDR notation | List of valid CIDRs | List string | | +| labels | Labels to be added to generated host endpoints matching this template | | map of string key to string values | | + +### Selectors + + ### FederatedServicesController diff --git a/calico/reference/resources/kubecontrollersconfig.mdx b/calico/reference/resources/kubecontrollersconfig.mdx index 5cb432b14f..32edc2db2c 100644 --- a/calico/reference/resources/kubecontrollersconfig.mdx +++ b/calico/reference/resources/kubecontrollersconfig.mdx @@ -85,16 +85,16 @@ The node controller automatically cleans up configuration for nodes that no long | ---------------- | --------------------------------------------------------------------------------- | ----------------- | --------------------------------- | ------- | | reconcilerPeriod | Period to perform reconciliation with the $[prodname] datastore | | [Duration string][parse-duration] | 5m | | syncLabels | When enabled, Kubernetes node labels will be copied to $[prodname] node objects. | Enabled, Disabled | string | Enabled | -| hostEndpoint | Configures the host endpoint controller | | [HostEndpoint](#hostendpoint) | | +| hostEndpoint | Configures the host endpoint controller | | [HostEndpoint](#hostendpoint) | | | leakGracePeriod | Grace period to use when garbage collecting suspected leaked IP addresses. | | [Duration string][parse-duration] | 15m | ### HostEndpoint | Field | Description | Accepted Values | Schema | Default | | ------------------------- | ---------------------------------------------------------------- | ----------------- | --------------------- | -------- | -| autoCreate | When enabled, automatically create host endpoints | Enabled, Disabled | string | Disabled | +| autoCreate | When enabled, automatically create host endpoints | Enabled, Disabled | string | Disabled | | createDefaultHostEndpoint | When enabled, default host endpoint will be created | Enabled, Disabled | string | Enabled | -| templates | Controls creation of custom host endpoints | | [Template](#template) | | +| templates | Controls creation of custom host endpoints | | [Template](#template) | | ### Template