[calico] don't enable ipip encapsulation by default and use vxlan in CI (#8434)

* [calico] make vxlan encapsulation the default * don't enable ipip encapsulation by default * set calico_network_backend by default to vxlan * update sample inventory and documentation * [CI] pin default calico parameters for upgrade tests to ensure proper upgrade * [CI] improve netchecker connectivity testing * [CI] show logs for tests * [calico] tweak task name * [CI] Don't run the provisioner from vagrant since we run it in testcases_run.sh * [CI] move kube-router tests to vagrant to avoid network connectivity issues during netchecker check * service proxy mode still fails connectivity tests so keeping it manual mode * [kube-router] account for containerd use-case
2025-12-14 13:54:37 +03:00 · 2022-03-18 03:05:39 +02:00
parent a86d9bd8e8
commit dd2d95ecdf
26 changed files with 229 additions and 82 deletions
--- a/docs/setting-up-your-first-cluster.md
+++ b/docs/setting-up-your-first-cluster.md
@@ -61,12 +61,12 @@ gcloud compute networks subnets create kubernetes \
 #### Firewall Rules

 Create a firewall rule that allows internal communication across all protocols.
-It is important to note that the ipip protocol has to be allowed in order for
+It is important to note that the vxlan protocol has to be allowed in order for
 the calico (see later) networking plugin to work.

 ```ShellSession
 gcloud compute firewall-rules create kubernetes-the-kubespray-way-allow-internal \
-  --allow tcp,udp,icmp,ipip \
+  --allow tcp,udp,icmp,vxlan \
  --network kubernetes-the-kubespray-way \
  --source-ranges 10.240.0.0/24
 ```