diff --git a/pkg/controller/installation/validation.go b/pkg/controller/installation/validation.go index 6ace6dd767..c6fe9b912b 100644 --- a/pkg/controller/installation/validation.go +++ b/pkg/controller/installation/validation.go @@ -164,21 +164,6 @@ func validateCustomResource(instance *operatorv1.Installation) error { // Check that the encapsulation mode on the IP pool is compatible with the CNI plugin that is in-use. if instance.Spec.CNI.Type == operatorv1.PluginCalico { switch instance.Spec.CNI.IPAM.Type { - case operatorv1.IPAMPluginCalico: - // Verify the specified encapsulation type is valid. - switch pool.Encapsulation { - case operatorv1.EncapsulationIPIP, operatorv1.EncapsulationIPIPCrossSubnet: - // IPIP currently requires BGP to be running in order to program routes. - if instance.Spec.CalicoNetwork.BGP == nil || *instance.Spec.CalicoNetwork.BGP == operatorv1.BGPDisabled { - return fmt.Errorf("IPIP encapsulation requires that BGP is enabled") - } - case operatorv1.EncapsulationVXLAN, operatorv1.EncapsulationVXLANCrossSubnet: - case operatorv1.EncapsulationNone: - // Unencapsulated currently requires BGP to be running in order to program routes. - if instance.Spec.CalicoNetwork.BGP == nil || *instance.Spec.CalicoNetwork.BGP == operatorv1.BGPDisabled { - return fmt.Errorf("unencapsulated IP pools require that BGP is enabled") - } - } case operatorv1.IPAMPluginHostLocal: // The host-local IPAM plugin doesn't support VXLAN. switch pool.Encapsulation { diff --git a/pkg/controller/installation/validation_test.go b/pkg/controller/installation/validation_test.go index a1ed29e5c4..9768e699b5 100644 --- a/pkg/controller/installation/validation_test.go +++ b/pkg/controller/installation/validation_test.go @@ -246,7 +246,10 @@ var _ = Describe("Installation validation tests", func() { Expect(err).NotTo(HaveOccurred()) }) - It("should prevent IPIP if BGP is disabled", func() { + // Previously, IPIP encapsulation were only possible with BGP enabled, + // however, Felix can do the same thing now which means IPIP with BGP disabled + // is supported. + It("should allow IPIP if BGP is disabled", func() { disabled := operator.BGPDisabled instance.Spec.CalicoNetwork.BGP = &disabled instance.Spec.CalicoNetwork.IPPools = []operator.IPPool{ @@ -258,10 +261,10 @@ var _ = Describe("Installation validation tests", func() { }, } err := validateCustomResource(instance) - Expect(err).To(HaveOccurred()) + Expect(err).NotTo(HaveOccurred()) }) - It("should prevent IPIP cross-subnet if BGP is disabled", func() { + It("should allow IPIP cross-subnet if BGP is disabled", func() { disabled := operator.BGPDisabled instance.Spec.CalicoNetwork.BGP = &disabled instance.Spec.CalicoNetwork.IPPools = []operator.IPPool{ @@ -273,7 +276,7 @@ var _ = Describe("Installation validation tests", func() { }, } err := validateCustomResource(instance) - Expect(err).To(HaveOccurred()) + Expect(err).NotTo(HaveOccurred()) }) It("should not error if CalicoNetwork is provided on EKS", func() { diff --git a/pkg/crds/enterprise/crd.projectcalico.org_kubecontrollersconfigurations.yaml b/pkg/crds/enterprise/crd.projectcalico.org_kubecontrollersconfigurations.yaml index 886fae2553..32ddb712d4 100644 --- a/pkg/crds/enterprise/crd.projectcalico.org_kubecontrollersconfigurations.yaml +++ b/pkg/crds/enterprise/crd.projectcalico.org_kubecontrollersconfigurations.yaml @@ -36,6 +36,7 @@ spec: loadBalancer: properties: assignIPs: + default: AllServices type: string type: object namespace: @@ -127,6 +128,7 @@ spec: loadBalancer: properties: assignIPs: + default: AllServices type: string type: object namespace: