kubernetes-sigs
diff --git a/‎Makefile
Lines changed: 3 additions & 2 deletions b/‎Makefile
Lines changed: 3 additions & 2 deletions
diff --git a/‎Tiltfile
Lines changed: 9 additions & 0 deletions b/‎Tiltfile
Lines changed: 9 additions & 0 deletions
diff --git a/‎docs/book/src/self-managed/addons.md
Lines changed: 15 additions & 0 deletions b/‎docs/book/src/self-managed/addons.md
Lines changed: 15 additions & 0 deletions
diff --git a/‎scripts/ci-configmap.sh
Lines changed: 29 additions & 0 deletions b/‎scripts/ci-configmap.sh
Lines changed: 29 additions & 0 deletions
diff --git a/‎scripts/ci-entrypoint.sh
Lines changed: 25 additions & 0 deletions b/‎scripts/ci-entrypoint.sh
Lines changed: 25 additions & 0 deletions
@@ -536,7 +536,8 @@ generate-e2e-templates: $(KUSTOMIZE) ## Generate Azure infrastructure templates
 generate-addons: fetch-calico-manifests ## Generate metric-server, calico, calico-ipv6, azure cni v1 addons.
 	$(KUSTOMIZE) build $(ADDONS_DIR)/metrics-server > $(ADDONS_DIR)/metrics-server/metrics-server.yaml
 	$(KUSTOMIZE) build $(ADDONS_DIR)/calico > $(ADDONS_DIR)/calico.yaml
-	$(KUSTOMIZE) build $(ADDONS_DIR)/metrics-server > $(ADDONS_DIR)/metrics-server/metrics-server.yaml
+	$(KUSTOMIZE) build $(ADDONS_DIR)/calico-ipv6 > $(ADDONS_DIR)/calico-ipv6.yaml
+	$(KUSTOMIZE) build $(ADDONS_DIR)/calico-dual-stack > $(ADDONS_DIR)/calico-dual-stack.yaml
 	$(KUSTOMIZE) build $(ADDONS_DIR)/azure-cni-v1 > $(ADDONS_DIR)/azure-cni-v1.yaml
 
 .PHONY: generate-aso-crds
@@ -551,7 +552,7 @@ generate-aso-crds: $(YQ)
 		> $(ASO_CRDS_PATH)
 
 # When updating this, make sure to also update the Windows image version in templates/addons/windows/calico.
-export CALICO_VERSION := v3.29.4
+export CALICO_VERSION := v3.26.1
 # Where all downloaded Calico manifests are unpacked and stored.
 CALICO_RELEASES := $(ARTIFACTS)/calico
 # Path to manifests directory in a Calico release archive.
 
@@ -469,6 +469,15 @@ def deploy_worker_templates(template, substitutions):
     echo "API Server of ${CLUSTER_NAME} is accessible";
     '''
 
+    # copy the kubeadm configmap to the calico-system namespace.
+    # This is a workaround needed for the calico-node-windows daemonset to be able to run in the calico-system namespace.
+    if "windows" in flavor_name:
+        flavor_cmd += """
+        until """ + kubectl_cmd + """ --kubeconfig ./${CLUSTER_NAME}.kubeconfig get configmap kubeadm-config --namespace=kube-system > /dev/null 2>&1; do sleep 5; done;
+        """ + kubectl_cmd + """ --kubeconfig ./${CLUSTER_NAME}.kubeconfig create namespace calico-system --dry-run=client -o yaml |         """ + kubectl_cmd + """ --kubeconfig ./${CLUSTER_NAME}.kubeconfig apply -f -;
+        """ + kubectl_cmd + """ --kubeconfig ./${CLUSTER_NAME}.kubeconfig get configmap kubeadm-config --namespace=kube-system -o yaml |         sed 's/namespace: kube-system/namespace: calico-system/' |         """ + kubectl_cmd + """ --kubeconfig ./${CLUSTER_NAME}.kubeconfig apply -f -;
+        """
+
     if "aks_as_mgmt_settings" in settings and needs_vnet_peering(flavor_name):
         flavor_cmd += create_private_dns_zone()
 
 
@@ -63,6 +63,21 @@ helm repo add projectcalico https://docs.tigera.io/calico/charts && \
 helm install calico projectcalico/tigera-operator --version v3.26.1 -f https://raw.githubusercontent.com/kubernetes-sigs/cluster-api-provider-azure/main/templates/addons/calico-dual-stack/values.yaml --set-string "installation.calicoNetwork.ipPools[0].cidr=${IPV4_CIDR_BLOCK}","installation.calicoNetwork.ipPools[1].cidr=${IPV6_CIDR_BLOCK}" --namespace tigera-operator --create-namespace
 ```
 
+<aside class="note">
+
+<h1> Note </h1>
+
+For Windows nodes, you also need to copy the kubeadm-config configmap to the calico-system namespace so the calico-node-windows Daemonset can find it:
+
+```bash
+kubectl create ns calico-system
+kubectl get configmap kubeadm-config --namespace=kube-system -o yaml \
+| sed 's/namespace: kube-system/namespace: calico-system/' \
+| kubectl create -f -
+```
+
+</aside>
+
 For more information, see the [official Calico documentation](https://projectcalico.docs.tigera.io/getting-started/kubernetes/helm).
 
 ## Flannel
 
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# Copyright 2022 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+REPO_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
+KUBECTL="${REPO_ROOT}/hack/tools/bin/kubectl"
+make --directory="${REPO_ROOT}" "${KUBECTL##*/}"
+
+CM_NAMES=("calico-addon" "calico-ipv6-addon" "calico-dual-stack-addon" "calico-windows-addon")
+CM_FILES=("calico.yaml" "calico-ipv6.yaml" "calico-dual-stack.yaml" "windows/calico")
+for i in "${!CM_NAMES[@]}"; do
+	"${KUBECTL}" create configmap "${CM_NAMES[i]}" --from-file="${REPO_ROOT}/templates/addons/${CM_FILES[i]}" --dry-run=client -o yaml | kubectl apply -f -
+done
@@ -146,6 +146,29 @@ create_cluster() {
     export KUBE_SSH_USER
 }
 
+# copy_kubeadm_config_map copies the kubeadm configmap into the calico-system namespace.
+# any retryable operation in this function must return a non-zero exit code on failure so that we can
+# retry it using a `until copy_kubeadm_config_map; do sleep 5; done` pattern;
+# and any statement must be idempotent so that subsequent retry attempts can make forward progress.
+copy_kubeadm_config_map() {
+    # Copy the kubeadm configmap to the calico-system namespace.
+    # This is a workaround needed for the calico-node-windows daemonset
+    # to be able to run in the calico-system namespace.
+    # First, validate that the kubeadm-config configmap has been created.
+    "${KUBECTL}" get configmap kubeadm-config --namespace=kube-system -o yaml || return 1
+    "${KUBECTL}" create namespace calico-system --dry-run=client -o yaml | kubectl apply -f - || return 1
+    if ! "${KUBECTL}" get configmap kubeadm-config --namespace=calico-system; then
+        "${KUBECTL}" get configmap kubeadm-config --namespace=kube-system -o yaml | sed 's/namespace: kube-system/namespace: calico-system/' | "${KUBECTL}" apply -f - || return 1
+    fi
+}
+
+wait_for_copy_kubeadm_config_map() {
+    echo "Copying kubeadm ConfigMap into calico-system namespace"
+    until copy_kubeadm_config_map; do
+        sleep 5
+    done
+}
+
 # wait_for_nodes returns when all nodes in the workload cluster are Ready.
 wait_for_nodes() {
     echo "Waiting for ${CONTROL_PLANE_MACHINE_COUNT} control plane machine(s), ${WORKER_MACHINE_COUNT} worker machine(s), and ${WINDOWS_WORKER_MACHINE_COUNT:-0} windows machine(s) to become Ready"
@@ -183,6 +206,8 @@ wait_for_pods() {
 }
 
 install_addons() {
+    export -f copy_kubeadm_config_map wait_for_copy_kubeadm_config_map
+    timeout --foreground 600 bash -c wait_for_copy_kubeadm_config_map
     # In order to determine the successful outcome of CNI and cloud-provider-azure,
     # we need to wait a little bit for nodes and pods terminal state,
     # so we block successful return upon the cluster being fully operational.