-
Notifications
You must be signed in to change notification settings - Fork 117
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LoadBalancer IPAM #1788
LoadBalancer IPAM #1788
Conversation
✅ Deploy Preview succeeded!Built without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify site configuration. |
✅ Deploy Preview for calico-docs-preview-next ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this! I've got a few notes for you here, and more that I'll share separately that we can discuss.
:::note | ||
|
||
When using calicoctl in etcd mode, Kubeconfig path is required. It can be specified either as env KUBECONFIG variable or by using the --kubeconfig parameter. | ||
|
||
::: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This note seems a bit out of place. Is there an error message for this situation? I think that would be sufficient, probably the ideal place for this information.
If that's not possible, then we'd want to explain a little better what's happening here. Specifically:
Sounds like it's calicoctl, rather than Calico, that is in etcd mode. Is that right?
For the second sentence, I'd try something like:
To specify the path to your kubeconfig file, you can:
* Add the path to your `KUBECONFIG` environment variable.
* Define the path by using the `--kubeconfig` flag.
| allowedUses _(since v3.21.0)_ | Controls whether the pool will be used for automatic assignments of certain types. See [below](#allowed-uses). | Workload, Tunnel | list of strings | `["Workload", "Tunnel"]` | | ||
| nodeSelector | Selects the nodes that $[prodname] IPAM should assign addresses from this pool to. | | [selector](#node-selector) | all() | | ||
| allowedUses _(since v3.21.0)_ | Controls whether the pool will be used for automatic assignments of certain types. See [below](#allowed-uses). | Workload, Tunnel, LoadBalancer | list of strings | `["Workload", "Tunnel"]` | | ||
| assignmentMode | Controls whether the pool will be used for automatic assignments or only if requested manualy | Automatic, Manual | strings | `Automatic` | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If this
| assignmentMode | Controls whether the pool will be used for automatic assignments or only if requested manualy | Automatic, Manual | strings | `Automatic` | | |
| assignmentMode | Controls whether the pool will be used for automatic assignments or only if requested manually. | Automatic, Manual | strings | `Automatic` | |
If this is obvious, then ignore. After reading this description, I'm left wondering how I can manually request this pool.
@@ -62,6 +64,8 @@ IP pool by creating blocks of incorrect size. | |||
When automatically assigning IP addresses to workloads, only pools with "Workload" in their `allowedUses` field are | |||
consulted. Similarly, when assigning IPs for tunnel devices, only "Tunnel" pools are eligible. | |||
|
|||
LoadBalancer option for `allowedUses` field cannot be used in conjunction with either Tunnel or Workload. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LoadBalancer option for `allowedUses` field cannot be used in conjunction with either Tunnel or Workload. | |
Combining options for the `allowedUses` field is limited. You can specify only the following options and option combinations: | |
* `allowedUses: ["Tunnel","Workload"]` (default) | |
* `allowedUses: ["Tunnel"]` | |
* `allowedUses: ["Workload"]` | |
* `allowedUses: ["LoadBalancer"]` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Aiming for clarity here.
@@ -115,20 +119,15 @@ Increasing the block size from the default (e.g., using `24` for IPv4 to give 25 | |||
|
|||
Reducing the block size from the default (e.g., using `28` for IPv4 to give 16 addresses per block) means more blocks per host and therefore potentially more routes. This can be beneficial if it allows the blocks to be more fairly distributed amongst the hosts. | |||
|
|||
### Assignment Mode | |||
|
|||
Determines if the IP Pool should be used by Calico IPAM for automatic IP assignments. With `Automatic` assignmentMode Calico IPAM will automatically assign IP addresses from this pool. By setting assignmentMode to `Manual` Calico IPAM will not assign IP addresses from this pool unless specified by the user. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Determines if the IP Pool should be used by Calico IPAM for automatic IP assignments. With `Automatic` assignmentMode Calico IPAM will automatically assign IP addresses from this pool. By setting assignmentMode to `Manual` Calico IPAM will not assign IP addresses from this pool unless specified by the user. | |
Determines if the IP pool should be used by Calico IPAM for automatic IP assignments. With `Automatic` assignmentMode, Calico IPAM automatically assigns IP addresses from this pool. If you set `assignmentMode` to `Manual`, Calico IPAM does not assign IP addresses from this pool unless the user specifies this pool. |
- Would be good to end the last sentence explaining how/when that happens.
@@ -117,6 +119,14 @@ $[prodname] datastore. | |||
| ---------------- | ---------------------------------------------------------------- | --------------------------------- | ------- | | |||
| reconcilerPeriod | Period to perform reconciliation with the $[prodname] datastore | [Duration string][parse-duration] | 5m | | |||
|
|||
### LoadBalancerController | |||
|
|||
The loadBalancer controller manages IPAM for Service LoadBalancer |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The loadBalancer controller manages IPAM for Service LoadBalancer | |
The load balancer controller manages IPAM for `LoadBalancer` services. |
@@ -199,28 +199,30 @@ The following steps will configure $[prodname] to advertise Service `status.Load | |||
|
|||
For help see, [BGP configuration resource](../../reference/resources/bgpconfig.mdx). | |||
|
|||
Service LoadBalancer address allocation is outside the current scope of $[prodname], but can be implemented with an external controller. | |||
You can build your own, or use a third-party implementation like the MetalLB project. | |||
$[prodname] IPAM can manage address allocation for Service LoadBalancer with LoadBalancerController. To enable $[prodname] IPAM to start managing addresses to Service LoadBalancer set up an IPPool for LoadBalancer. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Service LoadBalancer: change to LoadBalancer
services. Everywhere.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Or is there a nuance here that I'm missing?
:::note | ||
If you have previously used MetalLB for Service LoadBalancer address management and wish to continue using it, do not create Calico IPPool for LoadBalancer. | ||
::: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this be more generic? I know we documented MetalLB, but surely this applies to any other load balancers?
Do we need to describe a migration path for MetalLB users or for other LB configurations?
Service LoadBalancer address allocation is outside the current scope of $[prodname], but can be implemented with an external controller. | ||
You can build your own, or use a third-party implementation like the MetalLB project. | ||
$[prodname] IPAM can manage address allocation for Service LoadBalancer with LoadBalancerController. To enable $[prodname] IPAM to start managing addresses to Service LoadBalancer set up an IPPool for LoadBalancer. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder whether this section (Advertise service load balancer IP addresses) should have a prerequisite that covers everything in your main doc for creating a loadbalancer? What do you think?
import Tabs from '@theme/Tabs'; | ||
import TabItem from '@theme/TabItem'; | ||
|
||
# LoadBalancer IP address management |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've got questions for this page in a separate doc. Will follow up with you directly.
LGTM, thanks! |
Add docs for LoadBalancer IPAM
Product Version(s):
Issue:
Link to docs preview:
SME review:
DOCS review:
Additional information:
Merge checklist: