Merge pull request #17832 from hakman/calico-encapsulation

k8s-ci-robot · web-flow · commit 6562c4b82a92 · 2025-12-19T01:50:31.000-08:00
azure: Use VXLAN encapsulation for pod traffic with Calico
diff --git a/pkg/apis/kops/validation/validation.go b/pkg/apis/kops/validation/validation.go
@@ -1569,6 +1569,11 @@ func validateNetworkingCalico(c *kops.ClusterSpec, v *kops.CalicoNetworkingSpec,
 			// backend in order to allow use of BGP to distribute routes for pod traffic.
 			allErrs = append(allErrs, field.Forbidden(fldPath.Child("encapsulationMode"), "encapsulationMode \"none\" is only supported for IPv6 clusters"))
 		}
+
+		if v.EncapsulationMode != "vxlan" && c.CloudProvider.Azure != nil {
+			// IPIP packets are blocked by the Azure network fabric. This requires the use of VXLAN encapsulation for pod traffic.
+			allErrs = append(allErrs, field.Forbidden(fldPath.Child("encapsulationMode"), "Azure requires an encapsulationMode of \"vxlan\""))
+		}
 	}
 
 	if v.IPIPMode != "" {
diff --git a/pkg/model/components/calico.go b/pkg/model/components/calico.go
@@ -40,5 +40,10 @@ func (b *CalicoOptionsBuilder) BuildOptions(o *kops.Cluster) error {
 		c.EncapsulationMode = "none"
 	}
 
+	if o.GetCloudProvider() == kops.CloudProviderAzure {
+		c.EncapsulationMode = "vxlan"
+		c.VXLANMode = "Always"
+	}
+
 	return nil
 }

Original file line number	Diff line number	Diff line change
`@@ -1569,6 +1569,11 @@ func validateNetworkingCalico(c kops.ClusterSpec, v kops.CalicoNetworkingSpec,`
`1569`	`1569`	`// backend in order to allow use of BGP to distribute routes for pod traffic.`
`1570`	`1570`	`allErrs = append(allErrs, field.Forbidden(fldPath.Child("encapsulationMode"), "encapsulationMode \"none\" is only supported for IPv6 clusters"))`
`1571`	`1571`	`}`
	`1572`	`+`
	`1573`	`+ if v.EncapsulationMode != "vxlan" && c.CloudProvider.Azure != nil {`
	`1574`	`+ // IPIP packets are blocked by the Azure network fabric. This requires the use of VXLAN encapsulation for pod traffic.`
	`1575`	`+ allErrs = append(allErrs, field.Forbidden(fldPath.Child("encapsulationMode"), "Azure requires an encapsulationMode of \"vxlan\""))`
	`1576`	`+ }`
`1572`	`1577`	`}`
`1573`	`1578`
`1574`	`1579`	`if v.IPIPMode != "" {`
Original file line number	Diff line number	Diff line change
`@@ -40,5 +40,10 @@ func (b CalicoOptionsBuilder) BuildOptions(o kops.Cluster) error {`
`40`	`40`	`c.EncapsulationMode = "none"`
`41`	`41`	`}`
`42`	`42`
	`43`	`+ if o.GetCloudProvider() == kops.CloudProviderAzure {`
	`44`	`+ c.EncapsulationMode = "vxlan"`
	`45`	`+ c.VXLANMode = "Always"`
	`46`	`+ }`
	`47`	`+`
`43`	`48`	`return nil`
`44`	`49`	`}`