Allow installation with IPIP/noencap and BGP Disabled

pkg/controller/installation/validation.go

@@ -164,21 +164,6 @@ func validateCustomResource(instance *operatorv1.Installation) error {
 			// Check that the encapsulation mode on the IP pool is compatible with the CNI plugin that is in-use.
 			if instance.Spec.CNI.Type == operatorv1.PluginCalico {
 				switch instance.Spec.CNI.IPAM.Type {
-				case operatorv1.IPAMPluginCalico:
-					// Verify the specified encapsulation type is valid.
-					switch pool.Encapsulation {
-					case operatorv1.EncapsulationIPIP, operatorv1.EncapsulationIPIPCrossSubnet:
-						// IPIP currently requires BGP to be running in order to program routes.
-						if instance.Spec.CalicoNetwork.BGP == nil || *instance.Spec.CalicoNetwork.BGP == operatorv1.BGPDisabled {
-							return fmt.Errorf("IPIP encapsulation requires that BGP is enabled")
-						}
-					case operatorv1.EncapsulationVXLAN, operatorv1.EncapsulationVXLANCrossSubnet:
-					case operatorv1.EncapsulationNone:
-						// Unencapsulated currently requires BGP to be running in order to program routes.
-						if instance.Spec.CalicoNetwork.BGP == nil || *instance.Spec.CalicoNetwork.BGP == operatorv1.BGPDisabled {
-							return fmt.Errorf("unencapsulated IP pools require that BGP is enabled")
-						}
-					}
 				case operatorv1.IPAMPluginHostLocal:
 					// The host-local IPAM plugin doesn't support VXLAN.
 					switch pool.Encapsulation {

pkg/controller/installation/validation_test.go

@@ -246,7 +246,10 @@ var _ = Describe("Installation validation tests", func() {
 		Expect(err).NotTo(HaveOccurred())
 	})
 
-	It("should prevent IPIP if BGP is disabled", func() {
+	// Previously, IPIP encapsulation were only possible with BGP enabled,
+	// however, Felix can do the same thing now which means IPIP with BGP disabled
+	// is supported.
+	It("should allow IPIP if BGP is disabled", func() {
 		disabled := operator.BGPDisabled
 		instance.Spec.CalicoNetwork.BGP = &disabled
 		instance.Spec.CalicoNetwork.IPPools = []operator.IPPool{
@@ -258,10 +261,10 @@ var _ = Describe("Installation validation tests", func() {
 			},
 		}
 		err := validateCustomResource(instance)
-		Expect(err).To(HaveOccurred())
+		Expect(err).NotTo(HaveOccurred())
 	})
 
-	It("should prevent IPIP cross-subnet if BGP is disabled", func() {
+	It("should allow IPIP cross-subnet if BGP is disabled", func() {
 		disabled := operator.BGPDisabled
 		instance.Spec.CalicoNetwork.BGP = &disabled
 		instance.Spec.CalicoNetwork.IPPools = []operator.IPPool{
@@ -273,7 +276,7 @@ var _ = Describe("Installation validation tests", func() {
 			},
 		}
 		err := validateCustomResource(instance)
-		Expect(err).To(HaveOccurred())
+		Expect(err).NotTo(HaveOccurred())
 	})
 
 	It("should not error if CalicoNetwork is provided on EKS", func() {

pkg/crds/enterprise/crd.projectcalico.org_kubecontrollersconfigurations.yaml

@@ -36,6 +36,7 @@ spec:
                     loadBalancer:
                       properties:
                         assignIPs:
+                          default: AllServices
                           type: string
                       type: object
                     namespace:
@@ -127,6 +128,7 @@ spec:
                         loadBalancer:
                           properties:
                             assignIPs:
+                              default: AllServices
                               type: string
                           type: object
                         namespace: