Merge branch 'main' into ebpf-ipv6-docs

Makefile

@@ -1,3 +1,25 @@
+## This Makefile includes rules for building the docs site, as well as
+## utility rules for updating the Operator API docs.
+##
+## To build the docs site, these rules are the most interesting:
+##
+## init  - initializes the local environment
+## build - builds the site (implies init)
+## serve - starts a web server to serve the site (implies serve)
+## clean - removes the build artifacts
+##
+## To update the operator docs, these rules are the most interesting:
+##
+## autogen - Automatically detects all branches for Calico, Calico
+##           Enterprise, and Calico Cloud, and updates them one by
+##           one
+## autogen_calico / autogen_enterprise / autogen_cloud
+##         - As above, but only for that category of branch (but all
+##           versions of that branch)
+## show_current_branches
+##         - Outputs all of the branch-related targets that you can
+##           use to update a specific branch's operator docs.
+
 GO_BUILD_VER?=v0.87
 CALICO_BUILD?=calico/go-build:$(GO_BUILD_VER)
 LOCAL_USER_ID?=$(shell id -u $$USER)
@@ -91,6 +113,18 @@ autogen_calico: $(CALICO_BRANCHES)
 autogen_enterprise: $(CALICO_ENT_BRANCHES)
 autogen_cloud: $(CALICO_CLOUD_BRANCHES)
 
+.PHONY: show_current_branches
+show_current_branches:
+	$(info Calico branch targets:)
+	$(foreach CAL_BRANCH,$(CALICO_BRANCHES),$(info * $(CAL_BRANCH)))
+	$(info )
+	$(info Calico enterprise branch targets:)
+	$(foreach CAL_BRANCH,$(CALICO_ENT_BRANCHES),$(info * $(CAL_BRANCH)))
+	$(info )
+	$(info Calico cloud branch targets:)
+	$(foreach CAL_BRANCH,$(CALICO_CLOUD_BRANCHES),$(info * $(CAL_BRANCH)))
+	@true
+
 .PHONY: build-operator-reference
 build-operator-reference:
 	@mkdir -p .go-pkg-cache && \
@@ -157,9 +191,9 @@ run-update-cloud-image-list:
 
 # This allow generating the components version for a specific product
 # NOTE: currently only implemented for calico-enterprise; there is validation in the script to check this
-# If you want to use a different product branch from the dafault, specify GIT_VERSION_REF
+# If you want to use a different product branch from the default, specify GIT_VERSION_REF
 # 	e.g. for new versions of v3.18.0-1, GIT_VERSION_REF=3.18-1
-# If you want to use a different doc folder from the dafault, specify DOCS_VERSION_STREAM
+# If you want to use a different doc folder from the default, specify DOCS_VERSION_STREAM
 # 	e.g. for new versions of v3.18.0-2, DOCS_VERSION_STREAM=3.18-2
 # If the version to updates is the latest version for the product, specify IS_LATEST=true
 # 	e.g. if 3,18,1 is the latest version, IS_LATEST=true

README.md

@@ -18,20 +18,21 @@ Or
 * yarn `npm install -g yarn`
 * Fork and clone our docs repo <https://github.com/tigera/docs>
 
-## Local Development
+## Local development
 
 ```bash
 make start 
 ```
-or 
+or
+
 ```bash
 make start CONTAINERIZED=true
 ```
 
 This command starts a local development server on http://localhost:3000. Most changes are reflected live without
 having to restart the server. This build is faster, but does not produce all the warnings and errors of a full build.
 
-## Full Build & Serve
+## Full build and serve
 
 ```bash
 make build
@@ -47,3 +48,64 @@ This command generates static content into the `build` directory and can be serv
 service. This is a full build which is exactly what Netlify runs to build the site, therefore, you will get more
 warning and error output. If you are trying to reproduce an error on Netlify, this is a great place to start.
 
+## Building the site with unreleased docs versions
+
+In production, we don't build or publish unreleased doc sets.
+If you'd like to preview changes to those versions locally, you can run the following commands:
+
+```bash
+make serve-next
+```
+
+```bash
+make build-next
+make serve
+```
+
+# Updating the Operator API docs
+
+This repo includes functionality to automatically update the Operator API docs from the current version of Operator
+for each branch. The following Makefile targets will help you update the docs you want to update:
+
+Automatically update all branches for all products:
+
+```bash
+make autogen
+```
+
+Automatically update all branches for a specific product:
+
+```bash
+make autogen_calico         # To update all Calico OSS releases
+make autogen_enterprise     # To update all Calico Enterprise releases
+make autogen_cloud          # To update all Calico Cloud releases
+```
+
+Detect and print a list of all of the makefile targets for each branch for all products. You
+can then run one of these targets to update the operator reference specifically for that branch.
+
+```bash
+# Get the list of operator reference update targets
+❯ make show_current_branches
+Calico branch targets:
+* calico__operator_reference
+* calico_versioned_docs/version-3.25__operator_reference
+* calico_versioned_docs/version-3.26__operator_reference
+* calico_versioned_docs/version-3.27__operator_reference
+
+Calico enterprise branch targets:
+* calico-enterprise__operator_reference
+* calico-enterprise_versioned_docs/version-3.16__operator_reference
+* calico-enterprise_versioned_docs/version-3.17__operator_reference
+* calico-enterprise_versioned_docs/version-3.18__operator_reference
+* calico-enterprise_versioned_docs/version-3.18-2__operator_reference
+* calico-enterprise_versioned_docs/version-3.19-1__operator_reference
+
+Calico cloud branch targets:
+* calico-cloud__operator_reference
+* calico-cloud_versioned_docs/version-19-1__operator_reference
+
+# Trigger the operator reference update for Calico Enterprise v3.18
+❯ make calico-enterprise_versioned_docs/version-3.18__operator_reference
+...build output here...
+```

calico-cloud/_includes/release-notes/_v3.14.0-pre-release-notes.mdx

@@ -19,7 +19,7 @@
 - In BPF dataplane mode, Felix now handles single-block IPAM pools. Previously single-block pools resulted in a collision when programming the dataplane routes. [felix #2245](https://github.com/projectcalico/felix/pull/2245) (@fasaxc)
 - None required [felix #2233](https://github.com/projectcalico/felix/pull/2233) (@tomastigera)
 - None required [felix #2232](https://github.com/projectcalico/felix/pull/2232) (@tomastigera)
-- [Openstack] Allow DHCP from the workload, on kernels where rp_filter doesn't already [felix #2231](https://github.com/projectcalico/felix/pull/2231) (@neiljerram)
+- [OpenStack] Allow DHCP from the workload, on kernels where rp_filter doesn't already [felix #2231](https://github.com/projectcalico/felix/pull/2231) (@nelljerram)
 - all-interfaces host endpoints now supports normal network policy in addition to pre-dnat policy [felix #2228](https://github.com/projectcalico/felix/pull/2228) (@lmm)
 - Add FelixConfiguration option for setting route information source [libcalico-go #1222](https://github.com/projectcalico/libcalico-go/pull/1222) (@caseydavenport)
 - Added Wireguard configuration. [libcalico-go #1215](https://github.com/projectcalico/libcalico-go/pull/1215) (@realgaurav)
@@ -34,7 +34,7 @@
 - auto host endpoints have a default allow profile [kube-controllers #470](https://github.com/projectcalico/kube-controllers/pull/470) (@lmm)
 - Fix IPAM garbage collection in etcd mode on clusters where node name does not match Kubernetes node name. [kube-controllers #467](https://github.com/projectcalico/kube-controllers/pull/467) (@caseydavenport)
 - Use KubeControllersConfiguration resource for config [kube-controllers #464](https://github.com/projectcalico/kube-controllers/pull/464) (@spikecurtis)
-- Fix kube-controllers attempting to clean up non-existent node resources [kube-controllers #461](https://github.com/projectcalico/kube-controllers/pull/461) (@fcuello-fudo)
+- Fix kube-controllers attempting to clean up nonexistent node resources [kube-controllers #461](https://github.com/projectcalico/kube-controllers/pull/461) (@fcuello-fudo)
 - kube-controllers can now automatically provision host endpoints for nodes in the cluster [kube-controllers #458](https://github.com/projectcalico/kube-controllers/pull/458) (@lmm)
 - Kubernetes network tutorials updated for v1.18. [calico #3447](https://github.com/projectcalico/calico/pull/3447) (@tmjd)
 - With OpenShift install time resources can be created. This means Calico resources can be created before the Calico components are started. [calico #3338](https://github.com/projectcalico/calico/pull/3338) (@tmjd)

calico-cloud/_includes/release-notes/_v3.16.0-release-notes.mdx

@@ -46,7 +46,7 @@ Calico now supports BGP communities! Check out the BGP configuration resource [r
 - In BPF mode, Felix now rate-limits stale BPF map cleanup to save CPU. [felix #2428](https://github.com/projectcalico/felix/pull/2428) (@fasaxc)
 - In BPF mode, Felix now detects BPF support on Red Hat kernels with backports as well as generic kernels. [felix #2409](https://github.com/projectcalico/felix/pull/2409) (@sridhartigera)
 - In BPF mode, Felix now uses a more efficient algorithm to resync the Kubernetes services with the dataplane. This speeds up the initial sync (especially with large numbers of services). [felix #2401](https://github.com/projectcalico/felix/pull/2401) (@tomastigera)
-- eBPF dataplane support for encryption via Wireguard [felix #2389](https://github.com/projectcalico/felix/pull/2389) (@neiljerram)
+- eBPF dataplane support for encryption via Wireguard [felix #2389](https://github.com/projectcalico/felix/pull/2389) (@nelljerram)
 - Reject connections to services with no backends [felix #2380](https://github.com/projectcalico/felix/pull/2380) (@sridhartigera)
 - Implementation to handle setting source-destination-check for AWS EC2 instances. [felix #2381](https://github.com/projectcalico/felix/pull/2381) (@realgaurav)
 - In BPF mode, Felix now applies policy updates without reapplying the BPF programs; this gives a performance boost and closes a window where traffic was not policed. [felix #2363](https://github.com/projectcalico/felix/pull/2363) (@fasaxc)

calico-cloud/_includes/release-notes/_v3.16.1-release-notes.mdx

@@ -3,7 +3,7 @@
 ### Bug fixes
 
 - Fix population of etcd certificates in CNI config [cni-plugin #949](https://github.com/projectcalico/cni-plugin/pull/949) (@caseydavenport)
-- Resolves an issue on nodes whose Kubernetes node name does not exactly match the system hostname [cni-plugin #943](https://github.com/projectcalico/cni-plugin/pull/943) (@neiljerram)
+- Resolves an issue on nodes whose Kubernetes node name does not exactly match the system hostname [cni-plugin #943](https://github.com/projectcalico/cni-plugin/pull/943) (@nelljerram)
 - Fix flannel migration issues when running on Rancher [kube-controllers #506](https://github.com/projectcalico/kube-controllers/pull/506) (@songjiang)
 - Fix `kubectl exec` format for migration controller [kube-controllers #504](https://github.com/projectcalico/kube-controllers/pull/504) (@songjiang)
 - Fix flannel migration for clusters with multiple control plane nodes. [kube-controllers #503](https://github.com/projectcalico/kube-controllers/pull/503) (@caseydavenport)

calico-cloud/get-started/connect/operator-checklist.mdx

@@ -404,7 +404,7 @@ kubectl get tigerastatus
 | 2   | calico                        | TRUE      | FALSE       | FALSE    | 11m   |
 | 3   | cloud-core                    | TRUE      | FALSE       | FALSE    | 11m   |
 | 4   | compliance                    | TRUE      | FALSE       | FALSE    | 9m39s |
-| 5   | intrusion-detection            | TRUE      | FALSE       | FALSE    | 9m49s |
+| 5   | intrusion-detection           | TRUE      | FALSE       | FALSE    | 9m49s |
 | 6   | log-collector                 | TRUE      | FALSE       | FALSE    | 9m29s |
 | 7   | management-cluster-connection | TRUE      | FALSE       | FALSE    | 9m54s |
 | 8   | monitor                       | TRUE      | FALSE       | FALSE    | 11m   |

calico-cloud/image-assurance/scanners/pipeline-scanner.mdx

@@ -52,7 +52,7 @@ If you change the name of above heading, open a ticket to update the hardcoded C
    curl -Lo tigera-scanner {{clouddownloadbase}}/tigera-scanner/{{cloudversion}}/image-assurance-scanner-cli-linux-amd64
    ```
 
-   **MacOS**
+   **macOS**
 
    ```shell
    curl -Lo tigera-scanner {{clouddownloadbase}}/tigera-scanner/{{cloudversion}}/image-assurance-scanner-cli-darwin-amd64
@@ -77,7 +77,7 @@ You must download and set the executable flag each time you get a new version of
    ```
 ### Integrate the scanner into your build pipeline
 
-You can include the CLI scanner in your CI/CD pipelines (for example, Jenkins, Github actions). Ensure the following:
+You can include the CLI scanner in your CI/CD pipelines (for example, Jenkins, GitHub actions). Ensure the following:
 
 - Download the CLI scanner binary onto your CI runner
 - If you are running an ephemeral environment in the pipeline, include the download, and update the executable steps in your pipeline to download the scanner on every execution

calico-cloud/network-policy/beginners/calico-network-policy.mdx

@@ -49,7 +49,7 @@ metadata:
   name: allow-tcp-port-6379
 ```
 
-Because global network policies use **kind: GlobalNetworkPolicy**, they are grouped seperately from **kind: NetworkPolicy**. For example, global network policies will not be returned from `kubectl get networkpolicy.p`, and are rather returned from `kubectl get globalnetworkpolicy`.
+Because global network policies use **kind: GlobalNetworkPolicy**, they are grouped separately from **kind: NetworkPolicy**. For example, global network policies will not be returned from `kubectl get networkpolicy.p`, and are rather returned from `kubectl get globalnetworkpolicy`.
 
 ### Ingress and egress
 

calico-cloud/network-policy/hosts/host-forwarded-traffic.mdx

@@ -110,7 +110,7 @@ spec:
       - 22
 ```
 
-Save this as allow-ssh-maintenace.yaml.
+Save this as allow-ssh-maintenance.yaml.
 
 Apply the policy to the cluster:
 

calico-cloud/operations/ebpf/enabling-ebpf.mdx

@@ -230,7 +230,7 @@ resource to `"BPF"`.
 kubectl patch installation.operator.tigera.io default --type merge -p '{"spec":{"calicoNetwork":{"linuxDataplane":"BPF"}}}'
 ```
 
-When enabling eBPF mode, pre-existing connections continue to use the non-BPF datapath; such connections should
+When enabling eBPF mode, preexisting connections continue to use the non-BPF datapath; such connections should
 not be disrupted, but they do not benefit from eBPF mode’s advantages.
 
 :::note