diff --git a/Makefile b/Makefile
index 352920a359..e0ec6f2a17 100644
--- a/Makefile
+++ b/Makefile
@@ -157,9 +157,9 @@ run-update-cloud-image-list:
# This allow generating the components version for a specific product
# NOTE: currently only implemented for calico-enterprise; there is validation in the script to check this
-# If you want to use a different product branch from the dafault, specify GIT_VERSION_REF
+# If you want to use a different product branch from the default, specify GIT_VERSION_REF
# e.g. for new versions of v3.18.0-1, GIT_VERSION_REF=3.18-1
-# If you want to use a different doc folder from the dafault, specify DOCS_VERSION_STREAM
+# If you want to use a different doc folder from the default, specify DOCS_VERSION_STREAM
# e.g. for new versions of v3.18.0-2, DOCS_VERSION_STREAM=3.18-2
# If the version to updates is the latest version for the product, specify IS_LATEST=true
# e.g. if 3,18,1 is the latest version, IS_LATEST=true
diff --git a/calico-cloud/_includes/release-notes/_v3.14.0-pre-release-notes.mdx b/calico-cloud/_includes/release-notes/_v3.14.0-pre-release-notes.mdx
index ff8c910e9b..1eec76858a 100644
--- a/calico-cloud/_includes/release-notes/_v3.14.0-pre-release-notes.mdx
+++ b/calico-cloud/_includes/release-notes/_v3.14.0-pre-release-notes.mdx
@@ -19,7 +19,7 @@
- In BPF dataplane mode, Felix now handles single-block IPAM pools. Previously single-block pools resulted in a collision when programming the dataplane routes. [felix #2245](https://github.com/projectcalico/felix/pull/2245) (@fasaxc)
- None required [felix #2233](https://github.com/projectcalico/felix/pull/2233) (@tomastigera)
- None required [felix #2232](https://github.com/projectcalico/felix/pull/2232) (@tomastigera)
-- [Openstack] Allow DHCP from the workload, on kernels where rp_filter doesn't already [felix #2231](https://github.com/projectcalico/felix/pull/2231) (@neiljerram)
+- [OpenStack] Allow DHCP from the workload, on kernels where rp_filter doesn't already [felix #2231](https://github.com/projectcalico/felix/pull/2231) (@nelljerram)
- all-interfaces host endpoints now supports normal network policy in addition to pre-dnat policy [felix #2228](https://github.com/projectcalico/felix/pull/2228) (@lmm)
- Add FelixConfiguration option for setting route information source [libcalico-go #1222](https://github.com/projectcalico/libcalico-go/pull/1222) (@caseydavenport)
- Added Wireguard configuration. [libcalico-go #1215](https://github.com/projectcalico/libcalico-go/pull/1215) (@realgaurav)
@@ -34,7 +34,7 @@
- auto host endpoints have a default allow profile [kube-controllers #470](https://github.com/projectcalico/kube-controllers/pull/470) (@lmm)
- Fix IPAM garbage collection in etcd mode on clusters where node name does not match Kubernetes node name. [kube-controllers #467](https://github.com/projectcalico/kube-controllers/pull/467) (@caseydavenport)
- Use KubeControllersConfiguration resource for config [kube-controllers #464](https://github.com/projectcalico/kube-controllers/pull/464) (@spikecurtis)
-- Fix kube-controllers attempting to clean up non-existent node resources [kube-controllers #461](https://github.com/projectcalico/kube-controllers/pull/461) (@fcuello-fudo)
+- Fix kube-controllers attempting to clean up nonexistent node resources [kube-controllers #461](https://github.com/projectcalico/kube-controllers/pull/461) (@fcuello-fudo)
- kube-controllers can now automatically provision host endpoints for nodes in the cluster [kube-controllers #458](https://github.com/projectcalico/kube-controllers/pull/458) (@lmm)
- Kubernetes network tutorials updated for v1.18. [calico #3447](https://github.com/projectcalico/calico/pull/3447) (@tmjd)
- With OpenShift install time resources can be created. This means Calico resources can be created before the Calico components are started. [calico #3338](https://github.com/projectcalico/calico/pull/3338) (@tmjd)
diff --git a/calico-cloud/_includes/release-notes/_v3.16.0-release-notes.mdx b/calico-cloud/_includes/release-notes/_v3.16.0-release-notes.mdx
index 1a6fa9627c..788cbfb1e7 100644
--- a/calico-cloud/_includes/release-notes/_v3.16.0-release-notes.mdx
+++ b/calico-cloud/_includes/release-notes/_v3.16.0-release-notes.mdx
@@ -46,7 +46,7 @@ Calico now supports BGP communities! Check out the BGP configuration resource [r
- In BPF mode, Felix now rate-limits stale BPF map cleanup to save CPU. [felix #2428](https://github.com/projectcalico/felix/pull/2428) (@fasaxc)
- In BPF mode, Felix now detects BPF support on Red Hat kernels with backports as well as generic kernels. [felix #2409](https://github.com/projectcalico/felix/pull/2409) (@sridhartigera)
- In BPF mode, Felix now uses a more efficient algorithm to resync the Kubernetes services with the dataplane. This speeds up the initial sync (especially with large numbers of services). [felix #2401](https://github.com/projectcalico/felix/pull/2401) (@tomastigera)
-- eBPF dataplane support for encryption via Wireguard [felix #2389](https://github.com/projectcalico/felix/pull/2389) (@neiljerram)
+- eBPF dataplane support for encryption via Wireguard [felix #2389](https://github.com/projectcalico/felix/pull/2389) (@nelljerram)
- Reject connections to services with no backends [felix #2380](https://github.com/projectcalico/felix/pull/2380) (@sridhartigera)
- Implementation to handle setting source-destination-check for AWS EC2 instances. [felix #2381](https://github.com/projectcalico/felix/pull/2381) (@realgaurav)
- In BPF mode, Felix now applies policy updates without reapplying the BPF programs; this gives a performance boost and closes a window where traffic was not policed. [felix #2363](https://github.com/projectcalico/felix/pull/2363) (@fasaxc)
diff --git a/calico-cloud/_includes/release-notes/_v3.16.1-release-notes.mdx b/calico-cloud/_includes/release-notes/_v3.16.1-release-notes.mdx
index 4ceb8c19e6..5ab00e3744 100644
--- a/calico-cloud/_includes/release-notes/_v3.16.1-release-notes.mdx
+++ b/calico-cloud/_includes/release-notes/_v3.16.1-release-notes.mdx
@@ -3,7 +3,7 @@
### Bug fixes
- Fix population of etcd certificates in CNI config [cni-plugin #949](https://github.com/projectcalico/cni-plugin/pull/949) (@caseydavenport)
-- Resolves an issue on nodes whose Kubernetes node name does not exactly match the system hostname [cni-plugin #943](https://github.com/projectcalico/cni-plugin/pull/943) (@neiljerram)
+- Resolves an issue on nodes whose Kubernetes node name does not exactly match the system hostname [cni-plugin #943](https://github.com/projectcalico/cni-plugin/pull/943) (@nelljerram)
- Fix flannel migration issues when running on Rancher [kube-controllers #506](https://github.com/projectcalico/kube-controllers/pull/506) (@songjiang)
- Fix `kubectl exec` format for migration controller [kube-controllers #504](https://github.com/projectcalico/kube-controllers/pull/504) (@songjiang)
- Fix flannel migration for clusters with multiple control plane nodes. [kube-controllers #503](https://github.com/projectcalico/kube-controllers/pull/503) (@caseydavenport)
diff --git a/calico-cloud/get-started/connect/operator-checklist.mdx b/calico-cloud/get-started/connect/operator-checklist.mdx
index 7ac55c68bb..b1e1111a14 100644
--- a/calico-cloud/get-started/connect/operator-checklist.mdx
+++ b/calico-cloud/get-started/connect/operator-checklist.mdx
@@ -404,7 +404,7 @@ kubectl get tigerastatus
| 2 | calico | TRUE | FALSE | FALSE | 11m |
| 3 | cloud-core | TRUE | FALSE | FALSE | 11m |
| 4 | compliance | TRUE | FALSE | FALSE | 9m39s |
-| 5 | intrusion-detection | TRUE | FALSE | FALSE | 9m49s |
+| 5 | intrusion-detection | TRUE | FALSE | FALSE | 9m49s |
| 6 | log-collector | TRUE | FALSE | FALSE | 9m29s |
| 7 | management-cluster-connection | TRUE | FALSE | FALSE | 9m54s |
| 8 | monitor | TRUE | FALSE | FALSE | 11m |
diff --git a/calico-cloud/image-assurance/scanners/pipeline-scanner.mdx b/calico-cloud/image-assurance/scanners/pipeline-scanner.mdx
index b2e86433df..17d83bc9f8 100644
--- a/calico-cloud/image-assurance/scanners/pipeline-scanner.mdx
+++ b/calico-cloud/image-assurance/scanners/pipeline-scanner.mdx
@@ -52,7 +52,7 @@ If you change the name of above heading, open a ticket to update the hardcoded C
curl -Lo tigera-scanner {{clouddownloadbase}}/tigera-scanner/{{cloudversion}}/image-assurance-scanner-cli-linux-amd64
```
- **MacOS**
+ **macOS**
```shell
curl -Lo tigera-scanner {{clouddownloadbase}}/tigera-scanner/{{cloudversion}}/image-assurance-scanner-cli-darwin-amd64
@@ -77,7 +77,7 @@ You must download and set the executable flag each time you get a new version of
```
### Integrate the scanner into your build pipeline
-You can include the CLI scanner in your CI/CD pipelines (for example, Jenkins, Github actions). Ensure the following:
+You can include the CLI scanner in your CI/CD pipelines (for example, Jenkins, GitHub actions). Ensure the following:
- Download the CLI scanner binary onto your CI runner
- If you are running an ephemeral environment in the pipeline, include the download, and update the executable steps in your pipeline to download the scanner on every execution
diff --git a/calico-cloud/network-policy/beginners/calico-network-policy.mdx b/calico-cloud/network-policy/beginners/calico-network-policy.mdx
index 245a923675..148af8fffb 100644
--- a/calico-cloud/network-policy/beginners/calico-network-policy.mdx
+++ b/calico-cloud/network-policy/beginners/calico-network-policy.mdx
@@ -49,7 +49,7 @@ metadata:
name: allow-tcp-port-6379
```
-Because global network policies use **kind: GlobalNetworkPolicy**, they are grouped seperately from **kind: NetworkPolicy**. For example, global network policies will not be returned from `kubectl get networkpolicy.p`, and are rather returned from `kubectl get globalnetworkpolicy`.
+Because global network policies use **kind: GlobalNetworkPolicy**, they are grouped separately from **kind: NetworkPolicy**. For example, global network policies will not be returned from `kubectl get networkpolicy.p`, and are rather returned from `kubectl get globalnetworkpolicy`.
### Ingress and egress
diff --git a/calico-cloud/network-policy/hosts/host-forwarded-traffic.mdx b/calico-cloud/network-policy/hosts/host-forwarded-traffic.mdx
index 2a8858b279..3e26ac8422 100644
--- a/calico-cloud/network-policy/hosts/host-forwarded-traffic.mdx
+++ b/calico-cloud/network-policy/hosts/host-forwarded-traffic.mdx
@@ -110,7 +110,7 @@ spec:
- 22
```
-Save this as allow-ssh-maintenace.yaml.
+Save this as allow-ssh-maintenance.yaml.
Apply the policy to the cluster:
diff --git a/calico-cloud/operations/ebpf/enabling-ebpf.mdx b/calico-cloud/operations/ebpf/enabling-ebpf.mdx
index a5af8d5a1e..a6ec15e3eb 100644
--- a/calico-cloud/operations/ebpf/enabling-ebpf.mdx
+++ b/calico-cloud/operations/ebpf/enabling-ebpf.mdx
@@ -230,7 +230,7 @@ resource to `"BPF"`.
kubectl patch installation.operator.tigera.io default --type merge -p '{"spec":{"calicoNetwork":{"linuxDataplane":"BPF"}}}'
```
-When enabling eBPF mode, pre-existing connections continue to use the non-BPF datapath; such connections should
+When enabling eBPF mode, preexisting connections continue to use the non-BPF datapath; such connections should
not be disrupted, but they do not benefit from eBPF mode’s advantages.
:::note
diff --git a/calico-cloud/operations/monitor/metrics/recommended-metrics.mdx b/calico-cloud/operations/monitor/metrics/recommended-metrics.mdx
index dbbe334843..d53fa3ba90 100644
--- a/calico-cloud/operations/monitor/metrics/recommended-metrics.mdx
+++ b/calico-cloud/operations/monitor/metrics/recommended-metrics.mdx
@@ -61,7 +61,7 @@ This section provides metrics recommendations for maintaining optimal cluster op
| Metric | Note: Syncer (type) is Typha's internal name for a client (type). Individual syncer values: (typha_cache_size\{syncer="bgp"\}) (typha_cache_size\{syncer="dpi"\}) typha_cache_size\{syncer="felix"\}) (typha_cache_size\{syncer="node-status"\}) (typha_cache_size\{syncer="tunnel-ip-allocation"\})
Sum of all syncers: The sum of all cache sizes (each syncer type has a cache). sum by (instance)(typha_cache_size)
Largest syncer: max by (instance)(typha_cache_size) |
| Example value | Example of: max by (instance)(typha_cache_size\{syncer="felix"\})
\{instance="10.0.1.20:9093"\} 661 \{instance="10.0.1.31:9093"\} 661 |
| Explanation | The total number of key/value pairs in Typha's in-memory cache.This metric represents the scale of the {{prodname}} datastore as it tracks how many WEPs (pods and services), HEPs (hostendpoints), networksets, globalnetworksets, {{prodname}} Network Policies etc that Typha is aware of across the entire Calico Federation.You can use this metric to monitor individual syncers to Typha (like Felix, BGP etc), or to get a sum of all syncers. We recommend that you monitor the largest syncer but it is completely up to you. This is a good metric to understand how much data is in Typha. Note: If all Typhas are in sync then they should have the same value for this metric. |
-| Threshold value recommendation | The value of this metric will depend on the scale of the Calico Federation and will always increase as WEPs, {{prodname}} network policie,s and clusters are added. Achieve a baseline first, then monitor for any unexpected increases from the baseline. |
+| Threshold value recommendation | The value of this metric will depend on the scale of the Calico Federation and will always increase as WEPs, {{prodname}} network policies and clusters are added. Achieve a baseline first, then monitor for any unexpected increases from the baseline. |
| Threshold breach symptoms | Unexpected increases may indicate memory leaks and performance issues with Typha. |
| Threshold breach recommendations | Check CPU usage on Typha pods and Kubernetes nodes. Increase resources if needed, rollout and restart Typha(s) if needed. |
| Priority level | Optional. |
@@ -261,7 +261,7 @@ The following metrics are applicable only if you have implemented [Cluster mesh]
| Example value | \{instance="10.0.1.20:9093"\} NaN |
| Explanation | The median time to stream the initial datastore snapshot to each client. It is useful to know the time it takes for a client to receive the data when it connects; it does not include time to process the data. |
| Threshold value recommendation | Investigate if this value is moving towards 10s of seconds. |
-| Threshold breach symptoms | High values of this metric could indicate that newly-started clients are taking a long time to get the latest snapshot of the datastore, increasing the window of time where networking/policy updates are not being applied to the dataplane during a restart/upgrade. Typha has a write timeout for writing the snapshot; if a client cannot receive the snapshot within that timeout, it isdisconnected. Clients falling behind on information and updates contained in the datastore (for example, {{prodname}} network policy object may not be current). |
+| Threshold breach symptoms | High values of this metric could indicate that newly-started clients are taking a long time to get the latest snapshot of the datastore, increasing the window of time where networking/policy updates are not being applied to the dataplane during a restart/upgrade. Typha has a write timeout for writing the snapshot; if a client cannot receive the snapshot within that timeout, it is disconnected. Clients falling behind on information and updates contained in the datastore (for example, {{prodname}} network policy object may not be current). |
| Threshold breach recommendations | Check Typha and calico-node logs and resource usage. Check for network congestion. Investigate why a particular calico-node is slow; it is likely on an overloaded node with insufficient CPU). |
| Priority level | Optional. |
@@ -352,7 +352,7 @@ The following policy metrics are a separate endpoint exposed by Felix that are u
| Metric | rate(process_cpu_seconds_total\{30s\}) \* 100 |
| Example value | \{endpoint="metrics-port", instance="10.0.1.20:9091", job="felix-metrics-svc", namespace="calico-system", pod="calico-node-qzpkt", service="felix-metrics-svc"\}3.1197504199664072 |
| Explanation | CPU in use by calico-node represented as a percentage of a core. |
-| Threshold value recommendation | A spike at startup is normal. It is recommended to first achieve a baseline and then monitor for any unexpected increases from this baseline. Investigage if maintained CPU usage goes above 90%. |
+| Threshold value recommendation | A spike at startup is normal. It is recommended to first achieve a baseline and then monitor for any unexpected increases from this baseline. Investigate if maintained CPU usage goes above 90%. |
| Threshold breach symptoms | Unexpected maintained CPU usage could cause Felix to fall behind and could cause delays to policy updates. |
| Threshold breach recommendations | Check CPU usage on Kubernetes nodes. Increase resources if needed, rollout restart calico-node(s) if needed. |
| Priority level | Recommended. |
@@ -459,7 +459,7 @@ The following policy metrics are a separate endpoint exposed by Felix that are u
| Metric | felix_logs_dropped |
| Example value | felix_logs_dropped\{endpoint="metrics-port", instance="10.0.1.20:9091", job="felix-metrics-svc", namespace="calico-system", pod="calico-node-qzpkt", service="felix-metrics-svc"\} 0 |
| Explanation | The number of logs Felix has dropped. Note that this metric does not count flow-logs; it counts logs to stdout. |
-| Threshold value recommendation | Occasional drops are normal. Investigate if frop counters rapidily rise. |
+| Threshold value recommendation | Occasional drops are normal. Investigate if drop counters rapidly rise. |
| Threshold breach symptoms | Felix will drop logs if it cannot keep up with writing them out. These are ordinary code logs, not flow logs. Calico-node may be under resource constraints. |
| Threshold breach recommendations | Check CPU usage on calico-nodes and Kubernetes nodes. Increase resources if needed, and rollout restart calico-node(s) if needed. |
| Priority level | Optional. |
diff --git a/calico-cloud/reference/architecture/design/l2-interconnect-fabric.mdx b/calico-cloud/reference/architecture/design/l2-interconnect-fabric.mdx
index 259f1f7038..76199c2efa 100644
--- a/calico-cloud/reference/architecture/design/l2-interconnect-fabric.mdx
+++ b/calico-cloud/reference/architecture/design/l2-interconnect-fabric.mdx
@@ -186,7 +186,7 @@ Each plane would constitute an IP network, so the blue plane would be
orange and red planes would be 2001:db8:3000::/36 and 2001:db8:4000::/36
respectively. [^3]
-Each IP network (plane) requires it's own BGP route reflectors. Those
+Each IP network (plane) requires its own BGP route reflectors. Those
route reflectors need to be peered with each other within the plane, but
the route reflectors in each plane do not need to be peered with one
another. Therefore, a fabric of four planes would have four route
diff --git a/calico-cloud/reference/component-resources/node/felix/configuration.mdx b/calico-cloud/reference/component-resources/node/felix/configuration.mdx
index 21fed5b528..da0c43dc32 100644
--- a/calico-cloud/reference/component-resources/node/felix/configuration.mdx
+++ b/calico-cloud/reference/component-resources/node/felix/configuration.mdx
@@ -62,7 +62,7 @@ The full list of parameters which can be set is as follows.
| `HealthEnabled` | `FELIX_HEALTHENABLED` | When enabled, exposes felix health information via an http endpoint. | boolean |
| `HealthHost` | `FELIX_HEALTHHOST` | The address on which Felix will respond to health requests. [Default: `localhost`] | string |
| `HealthPort` | `FELIX_HEALTHPORT` | The port on which Felix will respond to health requests. [Default: `9099`] | int |
-| `HealthTimeoutOverrides` | `FELIX_HEALTHTIMEOUTOVERRIDES` | Allows the internal watchdog timeouts of individual subcomponents to be overriden; example: "InternalDataplaneMainLoop=30s,CalculationGraph=2m". This is useful for working around "false positive" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs. [Default: ``] | Comma-delimited list of key/value pairs where the values are durations: `1s`, `10s`, `5m`, etc. |
+| `HealthTimeoutOverrides` | `FELIX_HEALTHTIMEOUTOVERRIDES` | Allows the internal watchdog timeouts of individual subcomponents to be overridden; example: "InternalDataplaneMainLoop=30s,CalculationGraph=2m". This is useful for working around "false positive" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs. [Default: ``] | Comma-delimited list of key/value pairs where the values are durations: `1s`, `10s`, `5m`, etc. |
| `IpInIpEnabled` | `FELIX_IPINIPENABLED` | Optional, you shouldn't need to change this setting as Felix calculates if IPIP should be enabled based on the existing IP Pools. When set, this overrides whether Felix should configure an IPinIP interface on the host. When explicitly disabled in FelixConfiguration, Felix will not clean up addresses from the `tunl0` interface (use this if you need to add addresses to that interface and don't want to have them removed). [Default: unset] | optional boolean |
| `IpInIpMtu` | `FELIX_IPINIPMTU` | The MTU to set on the IPIP tunnel device. Zero value means auto-detect. See [Configuring MTU](../../../../networking/configuring/mtu.mdx) [Default: `0`] | int |
| `IPv4VXLANTunnelAddr` | | IP address of the IPv4 VXLAN tunnel. This is system configured and should not be updated manually. | string |
@@ -272,7 +272,7 @@ for 1022 endpoints on the host.
| `L7LogsFileMaxFileSizeMB` | `FELIX_L7LOGSFILEMAXFILESIZEMB` | `100` | The max size in MB of L7 log files before rotation. This parameter only takes effect when `L7LogsFileEnabled` is `true`. |
| `L7LogsFlushInterval` | `FELIX_L7LOGSFLUSHINTERVAL` | `300` | The period, in seconds, at which Felix exports L7 logs. |
| `L7LogsFileAggregationHTTPHeaderInfo` | `FELIX_L7LOGSFILEAGGREGATIONHTTPHEADERINFO` | `ExcludeL7HTTPHeaderInfo` | How to handle HTTP header information for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7HTTPHeaderInfo` and `IncludeL7HTTPHeaderInfo`. |
-| `L7LogsFileAggregationHTTPMethod` | `FELIX_L7LOGSFILEAGGREGATIONHTTPMETHOD` | `IncludeL7HTTPMethod` | How to handle HTTP method data for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7HTTPMethod` and `IncludeL7HTTPMethod`. |
+| `L7LogsFileAggregationHTTPMethod` | `FELIX_L7LOGSFILEAGGREGATIONHTTPMETHOD` | `IncludeL7HTTPMethod` | How to handle HTTP method data for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7HTTPMethod` and `IncludeL7HTTPMethod`. |
| `L7LogsFileAggregationServiceInfo` | `FELIX_L7LOGSFILEAGGREGATIONSERVICEINFO` | `IncludeL7ServiceInfo` | How to handle service information for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7ServiceInfo` and `IncludeL7ServiceInfo`. |
| `L7LogsFileAggregationDestinationInfo` | `FELIX_L7LOGSFILEAGGREGATIONDESTINATIONINFO` | `IncludeL7DestinationInfo` | How to handle destination metadata for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7DestinationInfo` and `IncludeL7DestinationInfo`. |
| `L7LogsFileAggregationSourceInfo` | `FELIX_L7LOGSFILEAGGREGATIONSOURCEINFO` | `IncludeL7SourceInfoNoPort` | How to handle source metadata for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7SourceInfo`, `IncludeL7SourceInfoNoPort`, and `IncludeL7SourceInfo`. |
diff --git a/calico-cloud/reference/component-resources/node/felix/prometheus.mdx b/calico-cloud/reference/component-resources/node/felix/prometheus.mdx
index f2260e7131..2391699f9a 100644
--- a/calico-cloud/reference/component-resources/node/felix/prometheus.mdx
+++ b/calico-cloud/reference/component-resources/node/felix/prometheus.mdx
@@ -23,13 +23,13 @@ existing metrics.
| `felix_active_local_selectors` | Number of active selectors on this host. |
| `felix_active_local_tags` | Number of active tags on this host. |
| `felix_bpf_conntrack_cleaned` | Number of entries cleaned during a conntrack table sweep. |
-| `felix_bpf_conntrack_cleaned_total` | Total number of entries cleaned during conntrack table sweeps, incremented for each clean individually. |
+| `felix_bpf_conntrack_cleaned_total` | Total number of entries cleaned during conntrack table sweeps, incremented for each clean individually. |
| `felix_bpf_conntrack_expired` | Number of entries cleaned during a conntrack table sweep due to expiration. |
| `felix_bpf_conntrack_expired_total` | Total number of entries cleaned during conntrack table sweep due to expiration - by reason. |
| `felix_bpf_conntrack_inforeader_blocks` | Conntrack InfoReader would-blocks. |
| `felix_bpf_conntrack_stale_nat` | Number of entries cleaned during a conntrack table sweep due to stale NAT. |
| `felix_bpf_conntrack_stale_nat_total` | Total number of entries cleaned during conntrack table sweeps due to stale NAT. |
-| `felix_bpf_conntrack_sweeps` | Number of contrack table sweeps made so far. |
+| `felix_bpf_conntrack_sweeps` | Number of conntrack table sweeps made so far. |
| `felix_bpf_conntrack_used` | Number of used entries visited during a conntrack table sweep. |
| `felix_bpf_conntrack_sweep_duration` | Conntrack sweep execution time (ns). |
| `felix_bpf_num_ip_sets` | Number of BPF IP sets managed in the dataplane. |
diff --git a/calico-cloud/reference/installation/_api.mdx b/calico-cloud/reference/installation/_api.mdx
index eefffd5f38..8991e936be 100644
--- a/calico-cloud/reference/installation/_api.mdx
+++ b/calico-cloud/reference/installation/_api.mdx
@@ -488,7 +488,7 @@ WAFStatusType
WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster.
-When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
+When enabled, Services may opt-in to having ingress traffic examined by ModSecurity.
@@ -4352,7 +4352,7 @@ WAFStatusType
WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster.
-When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
+When enabled, Services may opt-in to having ingress traffic examined by ModSecurity.
@@ -9157,7 +9157,7 @@ int32
(Optional)
-BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from
+BlockSize specifies the CIDR prefix length to use when allocating per-node IP blocks from
the main IP pool CIDR.
Default: 26 (IPv4), 122 (IPv6)
@@ -10078,7 +10078,7 @@ int32
MTU is the most recently observed value for pod network MTU. This may be an explicitly
-configured value, or based on Calico’s native auto-detetion.
+configured value, or based on Calico’s native auto-detection.
diff --git a/calico-cloud/reference/public-cloud/azure.mdx b/calico-cloud/reference/public-cloud/azure.mdx
index c3a958e65d..a60610ac8b 100644
--- a/calico-cloud/reference/public-cloud/azure.mdx
+++ b/calico-cloud/reference/public-cloud/azure.mdx
@@ -23,7 +23,7 @@ You can use {{prodname}} policy with one of the following networking options.
To configure Azure user-defined routes (UDR):
- Create an [Azure route table][azureudrcreate] and
- associatе it with the VMs subnet.
+ associate it with the VMs subnet.
- Enable [IP forwarding enabled][azureipforward] in your
VM network interfaces.
diff --git a/calico-cloud/reference/resources/deeppacketinspection.mdx b/calico-cloud/reference/resources/deeppacketinspection.mdx
index cf96f1dd1b..c69711f3c9 100644
--- a/calico-cloud/reference/resources/deeppacketinspection.mdx
+++ b/calico-cloud/reference/resources/deeppacketinspection.mdx
@@ -64,10 +64,10 @@ spec:
### Error Conditions
-| Field | Description |
-| ----------- | ------------------------------------------------------------------ |
+| Field | Description |
+| ----------- | ------------------------------------------------------------------- |
| message | Errors preventing deep packet inspection from running successfully. |
-| lastUpdated | Time when the [error](#error-conditions) was updated. |
+| lastUpdated | Time when the [error](#error-conditions) was updated. |
### Selector
diff --git a/calico-cloud/reference/resources/managedcluster.mdx b/calico-cloud/reference/resources/managedcluster.mdx
index 9897be7255..ba2d89b376 100644
--- a/calico-cloud/reference/resources/managedcluster.mdx
+++ b/calico-cloud/reference/resources/managedcluster.mdx
@@ -64,7 +64,7 @@ plane and managed plane will be reported as following:
- `True` when both planes have an established connection
- `False` when neither planes have an established connection
-| Field | Description | Accepted Values | Schema | Default |
-| ------ | ------------------------------------------------------------------------- | ------------------------- | ------ | ------------------------- |
-| type | Type of status that is being reported | - | string | `ManagedClusterConnected` |
+| Field | Description | Accepted Values | Schema | Default |
+| ------ | ------------------------------------------------------------------------- | -------------------------- | ------ | ------------------------- |
+| type | Type of status that is being reported | - | string | `ManagedClusterConnected` |
| status | Status of the connection between a Managed cluster and management cluster | `Unknown`, `True`, `False` | string | `Unknown` |
diff --git a/calico-cloud/reference/resources/securityeventwebhook.mdx b/calico-cloud/reference/resources/securityeventwebhook.mdx
index bd28ce1d9f..b9c2857153 100644
--- a/calico-cloud/reference/resources/securityeventwebhook.mdx
+++ b/calico-cloud/reference/resources/securityeventwebhook.mdx
@@ -75,15 +75,15 @@ The value must conform to the following rules:
| Field | Description | Schema | Required |
| ------------ | -------------------------------------------------------------------------- | --------------------------------------------------------------------------- | ----------------------------------- |
| name | Configuration variable name. | string | yes |
-| value | Direct value for the variable. | string | yes if `valueFrom` is not specifed |
-| valueFrom | Value defined either in a Kubernetes ConfigMap or in a Kubernetesa Secret. | [SecurityEventWebhookConfigVarSource](#securityeventwebhookconfigvarsource) | yes if `value` is not specified |
+| value | Direct value for the variable. | string | yes if `valueFrom` is not specified |
+| valueFrom | Value defined either in a Kubernetes ConfigMap or in a Kubernetes Secret. | [SecurityEventWebhookConfigVarSource](#securityeventwebhookconfigvarsource) | yes if `value` is not specified |
### SecurityEventWebhookConfigVarSource
| Field | Description | Schema | Required |
| ---------------- | --------------------------------- | ------------------------------------------------------------------------------------------------------------ | ----------------------------------------- |
| configMapKeyRef | Kubernetes ConfigMap reference. | `ConfigMapKeySelector` (referenced ConfigMap key should exist in the `tigera-intrusion-detection` namespace) | yes if `secretKeyRef` is not specified |
-| secretKeyRef | Kubernetes Secret reference. | `SecretKeySelector` (referenced Secret key should exist in the `tigera-intrusion-detection` namespace) | yes if `configMapKeyRef` is not specifed |
+| secretKeyRef | Kubernetes Secret reference. | `SecretKeySelector` (referenced Secret key should exist in the `tigera-intrusion-detection` namespace) | yes if `configMapKeyRef` is not specified |
### Status
diff --git a/calico-cloud/threat/configuring-webhooks.mdx b/calico-cloud/threat/configuring-webhooks.mdx
index a852625166..cdc5c39d0b 100644
--- a/calico-cloud/threat/configuring-webhooks.mdx
+++ b/calico-cloud/threat/configuring-webhooks.mdx
@@ -24,7 +24,7 @@ See [Sending messages using Incoming Webhooks](https://api.slack.com/messaging/w
See [Manage API tokens for your Atlassian account](https://support.atlassian.com/atlassian-account/docs/manage-api-tokens-for-your-atlassian-account/) for details on how to obtain an API token.
You also need:
* Your Atlassian site URL. If you access Jira at the URL `https://.atlassian.net/jira`, then your site URL is `.atlassian.net`.
- * A Jira project key. This is the Jira project where your {{prodname}} webhook creates new issues. Ths user associated with your API token must have write permissions to this project.
+ * A Jira project key. This is the Jira project where your {{prodname}} webhook creates new issues. This user associated with your API token must have write permissions to this project.
* **Generic JSON**. You must have a webhook URL for any other application you want the {{prodname}} webhook to send alerts to.
## Create a webhook for security event alerts
diff --git a/calico-cloud/threat/security-posture-overview.mdx b/calico-cloud/threat/security-posture-overview.mdx
index 2ee862e350..7868340b66 100644
--- a/calico-cloud/threat/security-posture-overview.mdx
+++ b/calico-cloud/threat/security-posture-overview.mdx
@@ -53,7 +53,7 @@ This feature is currently part of an active Beta program and will include signif
- The current bias of the dashboard is to include the Image Assurance feature as a contributing risk, even if you do not use the feature. If you are not using Image Assurance, the Cluster Security Score assumes a perfect score (100) for "High Risk Images" and "Unscanned Images" risks. However, Image Assurance is weighted at 50%; although you are not seeing the widest view of risk available without it, you can still make progress with the other 50% contributing risks. To use Image Assurance, see [Image Assurance scanner](../image-assurance/scanners/overview.mdx).
-- Currently, the historical score graph does not properly display a single data point, which is the case when the dasbhoard first starts assessing your cluster. With time, the historical graph will properly display data.
+- Currently, the historical score graph does not properly display a single data point, which is the case when the dashboard first starts assessing your cluster. With time, the historical graph will properly display data.
- You cannot customize the dashboard
diff --git a/calico-cloud/tutorials/applications/egress-controls.mdx b/calico-cloud/tutorials/applications/egress-controls.mdx
index 972bc51fff..fa5f94fff6 100644
--- a/calico-cloud/tutorials/applications/egress-controls.mdx
+++ b/calico-cloud/tutorials/applications/egress-controls.mdx
@@ -28,7 +28,7 @@ In this example, we have a microservice that requires egress access to two exter
`svc3` pods needs egress access to:
- A repo named, `app2-repo` at domain `app2-repo.example.com`, port 443
-- A parner named, `app2-partners` at endpoint `10.10.10.10/32`, port 1010 and 53
+- A partner named, `app2-partners` at endpoint `10.10.10.10/32`, port 1010 and 53
First, we define a domain-based NetworkSet. Using `allowedEgressDomains` we can specify the trusted repo by its URL, `app2-repo.example.com`.
diff --git a/calico-cloud/tutorials/enterprise-security/global-egress.mdx b/calico-cloud/tutorials/enterprise-security/global-egress.mdx
index 6a50d02ce5..276e44a488 100644
--- a/calico-cloud/tutorials/enterprise-security/global-egress.mdx
+++ b/calico-cloud/tutorials/enterprise-security/global-egress.mdx
@@ -6,7 +6,7 @@ description: Implement global egress access controls.
In this article you will learn how to implement egress access controls cluster-wide for all applications and microservices.
-In this example, we will implement global egress eccess controls for **dev1 team**:
+In this example, we will implement global egress access controls for **dev1 team**:
- Egress access control for all applications managed by dev1: applications (**app1**) and microservices (**app2**)
- dev1 pods can egress access to a repo named, `repo.acme.corp` at port 443
diff --git a/calico-cloud/tutorials/kubernetes-tutorials/kubernetes-demo.mdx b/calico-cloud/tutorials/kubernetes-tutorials/kubernetes-demo.mdx
index 1762ebedbc..0d230c3902 100644
--- a/calico-cloud/tutorials/kubernetes-tutorials/kubernetes-demo.mdx
+++ b/calico-cloud/tutorials/kubernetes-tutorials/kubernetes-demo.mdx
@@ -69,7 +69,7 @@ kubectl create -f {{tutorialFilesURL}}/allow-ui.yaml
kubectl create -f {{tutorialFilesURL}}/allow-ui-client.yaml
```
-After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other any more.
+After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other anymore.
### 4) Create the backend-policy.yaml file to allow traffic from the frontend to the backend
diff --git a/calico-cloud/visibility/elastic/flow/aggregation.mdx b/calico-cloud/visibility/elastic/flow/aggregation.mdx
index dc8e89ff7f..7f0b1195d0 100644
--- a/calico-cloud/visibility/elastic/flow/aggregation.mdx
+++ b/calico-cloud/visibility/elastic/flow/aggregation.mdx
@@ -97,9 +97,9 @@ When viewing traffic flows, note that **null values** for `source_ip` and `dest_
The following table summarizes the aggregation levels by flow log traffic.
| Flow log aggregation by... | Available for... | Aggregates all flows that share... |
-| --------------------------- | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| Pod prefix | Allowed and denied traffic (default is allowed) | `FlowLogsFileAggregationKindForAllowed` **0**, No aggregation **1**, A source port on each node. **2, (default)** Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
-| Source port | Allowed and denied traffic | `FlowLogsFileAggregationKindForAllowed` `FlowLogsFileAggregationKindForDenied` **0**, No aggregation **1, (default)** Source port on each node. **2**, Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
+| -------------------------- | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Pod prefix | Allowed and denied traffic (default is allowed) | `FlowLogsFileAggregationKindForAllowed` **0**, No aggregation **1**, A source port on each node. **2, (default)** Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
+| Source port | Allowed and denied traffic | `FlowLogsFileAggregationKindForAllowed` `FlowLogsFileAggregationKindForDenied` **0**, No aggregation **1, (default)** Source port on each node. **2**, Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
## How to
diff --git a/calico-cloud/visibility/elastic/flow/datatypes.mdx b/calico-cloud/visibility/elastic/flow/datatypes.mdx
index b1fc02a703..4a15f0610c 100644
--- a/calico-cloud/visibility/elastic/flow/datatypes.mdx
+++ b/calico-cloud/visibility/elastic/flow/datatypes.mdx
@@ -61,7 +61,7 @@ The following table details the key/value pairs in the JSON blob, including thei
| `tcp_max_min_rtt` | long | Maximum MinRTT in micro seconds. This field is only available if flowLogsEnableTcpStats is enabled |
| `tcp_mean_mss` | long | Mean TCP MSS. This field is only available if flowLogsEnableTcpStats is enabled |
| `tcp_min_mss` | long | Minimum TCP MSS. This field is only available if flowLogsEnableTcpStats is enabled |
-| `tcp_total_retransmissions` | long | Total retransmitted packets. This field is only available if flowLogsEnableTcpStats is enabled |
+| `tcp_total_retransmissions` | long | Total retransmitted packets. This field is only available if flowLogsEnableTcpStats is enabled |
| `tcp_lost_packets` | long | Total lost packets. This field is only available if flowLogsEnableTcpStats is enabled |
| `tcp_unrecovered_to` | long | Total unrecovered timeouts. This field is only available if flowLogsEnableTcpStats is enabled |
diff --git a/calico-cloud_versioned_docs/version-19-1/_includes/release-notes/_v3.14.0-pre-release-notes.mdx b/calico-cloud_versioned_docs/version-19-1/_includes/release-notes/_v3.14.0-pre-release-notes.mdx
index ff8c910e9b..1eec76858a 100644
--- a/calico-cloud_versioned_docs/version-19-1/_includes/release-notes/_v3.14.0-pre-release-notes.mdx
+++ b/calico-cloud_versioned_docs/version-19-1/_includes/release-notes/_v3.14.0-pre-release-notes.mdx
@@ -19,7 +19,7 @@
- In BPF dataplane mode, Felix now handles single-block IPAM pools. Previously single-block pools resulted in a collision when programming the dataplane routes. [felix #2245](https://github.com/projectcalico/felix/pull/2245) (@fasaxc)
- None required [felix #2233](https://github.com/projectcalico/felix/pull/2233) (@tomastigera)
- None required [felix #2232](https://github.com/projectcalico/felix/pull/2232) (@tomastigera)
-- [Openstack] Allow DHCP from the workload, on kernels where rp_filter doesn't already [felix #2231](https://github.com/projectcalico/felix/pull/2231) (@neiljerram)
+- [OpenStack] Allow DHCP from the workload, on kernels where rp_filter doesn't already [felix #2231](https://github.com/projectcalico/felix/pull/2231) (@nelljerram)
- all-interfaces host endpoints now supports normal network policy in addition to pre-dnat policy [felix #2228](https://github.com/projectcalico/felix/pull/2228) (@lmm)
- Add FelixConfiguration option for setting route information source [libcalico-go #1222](https://github.com/projectcalico/libcalico-go/pull/1222) (@caseydavenport)
- Added Wireguard configuration. [libcalico-go #1215](https://github.com/projectcalico/libcalico-go/pull/1215) (@realgaurav)
@@ -34,7 +34,7 @@
- auto host endpoints have a default allow profile [kube-controllers #470](https://github.com/projectcalico/kube-controllers/pull/470) (@lmm)
- Fix IPAM garbage collection in etcd mode on clusters where node name does not match Kubernetes node name. [kube-controllers #467](https://github.com/projectcalico/kube-controllers/pull/467) (@caseydavenport)
- Use KubeControllersConfiguration resource for config [kube-controllers #464](https://github.com/projectcalico/kube-controllers/pull/464) (@spikecurtis)
-- Fix kube-controllers attempting to clean up non-existent node resources [kube-controllers #461](https://github.com/projectcalico/kube-controllers/pull/461) (@fcuello-fudo)
+- Fix kube-controllers attempting to clean up nonexistent node resources [kube-controllers #461](https://github.com/projectcalico/kube-controllers/pull/461) (@fcuello-fudo)
- kube-controllers can now automatically provision host endpoints for nodes in the cluster [kube-controllers #458](https://github.com/projectcalico/kube-controllers/pull/458) (@lmm)
- Kubernetes network tutorials updated for v1.18. [calico #3447](https://github.com/projectcalico/calico/pull/3447) (@tmjd)
- With OpenShift install time resources can be created. This means Calico resources can be created before the Calico components are started. [calico #3338](https://github.com/projectcalico/calico/pull/3338) (@tmjd)
diff --git a/calico-cloud_versioned_docs/version-19-1/_includes/release-notes/_v3.16.0-release-notes.mdx b/calico-cloud_versioned_docs/version-19-1/_includes/release-notes/_v3.16.0-release-notes.mdx
index 1a6fa9627c..788cbfb1e7 100644
--- a/calico-cloud_versioned_docs/version-19-1/_includes/release-notes/_v3.16.0-release-notes.mdx
+++ b/calico-cloud_versioned_docs/version-19-1/_includes/release-notes/_v3.16.0-release-notes.mdx
@@ -46,7 +46,7 @@ Calico now supports BGP communities! Check out the BGP configuration resource [r
- In BPF mode, Felix now rate-limits stale BPF map cleanup to save CPU. [felix #2428](https://github.com/projectcalico/felix/pull/2428) (@fasaxc)
- In BPF mode, Felix now detects BPF support on Red Hat kernels with backports as well as generic kernels. [felix #2409](https://github.com/projectcalico/felix/pull/2409) (@sridhartigera)
- In BPF mode, Felix now uses a more efficient algorithm to resync the Kubernetes services with the dataplane. This speeds up the initial sync (especially with large numbers of services). [felix #2401](https://github.com/projectcalico/felix/pull/2401) (@tomastigera)
-- eBPF dataplane support for encryption via Wireguard [felix #2389](https://github.com/projectcalico/felix/pull/2389) (@neiljerram)
+- eBPF dataplane support for encryption via Wireguard [felix #2389](https://github.com/projectcalico/felix/pull/2389) (@nelljerram)
- Reject connections to services with no backends [felix #2380](https://github.com/projectcalico/felix/pull/2380) (@sridhartigera)
- Implementation to handle setting source-destination-check for AWS EC2 instances. [felix #2381](https://github.com/projectcalico/felix/pull/2381) (@realgaurav)
- In BPF mode, Felix now applies policy updates without reapplying the BPF programs; this gives a performance boost and closes a window where traffic was not policed. [felix #2363](https://github.com/projectcalico/felix/pull/2363) (@fasaxc)
diff --git a/calico-cloud_versioned_docs/version-19-1/_includes/release-notes/_v3.16.1-release-notes.mdx b/calico-cloud_versioned_docs/version-19-1/_includes/release-notes/_v3.16.1-release-notes.mdx
index 4ceb8c19e6..5ab00e3744 100644
--- a/calico-cloud_versioned_docs/version-19-1/_includes/release-notes/_v3.16.1-release-notes.mdx
+++ b/calico-cloud_versioned_docs/version-19-1/_includes/release-notes/_v3.16.1-release-notes.mdx
@@ -3,7 +3,7 @@
### Bug fixes
- Fix population of etcd certificates in CNI config [cni-plugin #949](https://github.com/projectcalico/cni-plugin/pull/949) (@caseydavenport)
-- Resolves an issue on nodes whose Kubernetes node name does not exactly match the system hostname [cni-plugin #943](https://github.com/projectcalico/cni-plugin/pull/943) (@neiljerram)
+- Resolves an issue on nodes whose Kubernetes node name does not exactly match the system hostname [cni-plugin #943](https://github.com/projectcalico/cni-plugin/pull/943) (@nelljerram)
- Fix flannel migration issues when running on Rancher [kube-controllers #506](https://github.com/projectcalico/kube-controllers/pull/506) (@songjiang)
- Fix `kubectl exec` format for migration controller [kube-controllers #504](https://github.com/projectcalico/kube-controllers/pull/504) (@songjiang)
- Fix flannel migration for clusters with multiple control plane nodes. [kube-controllers #503](https://github.com/projectcalico/kube-controllers/pull/503) (@caseydavenport)
diff --git a/calico-cloud_versioned_docs/version-19-1/get-started/connect/operator-checklist.mdx b/calico-cloud_versioned_docs/version-19-1/get-started/connect/operator-checklist.mdx
index 7ac55c68bb..b1e1111a14 100644
--- a/calico-cloud_versioned_docs/version-19-1/get-started/connect/operator-checklist.mdx
+++ b/calico-cloud_versioned_docs/version-19-1/get-started/connect/operator-checklist.mdx
@@ -404,7 +404,7 @@ kubectl get tigerastatus
| 2 | calico | TRUE | FALSE | FALSE | 11m |
| 3 | cloud-core | TRUE | FALSE | FALSE | 11m |
| 4 | compliance | TRUE | FALSE | FALSE | 9m39s |
-| 5 | intrusion-detection | TRUE | FALSE | FALSE | 9m49s |
+| 5 | intrusion-detection | TRUE | FALSE | FALSE | 9m49s |
| 6 | log-collector | TRUE | FALSE | FALSE | 9m29s |
| 7 | management-cluster-connection | TRUE | FALSE | FALSE | 9m54s |
| 8 | monitor | TRUE | FALSE | FALSE | 11m |
diff --git a/calico-cloud_versioned_docs/version-19-1/image-assurance/scanners/pipeline-scanner.mdx b/calico-cloud_versioned_docs/version-19-1/image-assurance/scanners/pipeline-scanner.mdx
index b2e86433df..17d83bc9f8 100644
--- a/calico-cloud_versioned_docs/version-19-1/image-assurance/scanners/pipeline-scanner.mdx
+++ b/calico-cloud_versioned_docs/version-19-1/image-assurance/scanners/pipeline-scanner.mdx
@@ -52,7 +52,7 @@ If you change the name of above heading, open a ticket to update the hardcoded C
curl -Lo tigera-scanner {{clouddownloadbase}}/tigera-scanner/{{cloudversion}}/image-assurance-scanner-cli-linux-amd64
```
- **MacOS**
+ **macOS**
```shell
curl -Lo tigera-scanner {{clouddownloadbase}}/tigera-scanner/{{cloudversion}}/image-assurance-scanner-cli-darwin-amd64
@@ -77,7 +77,7 @@ You must download and set the executable flag each time you get a new version of
```
### Integrate the scanner into your build pipeline
-You can include the CLI scanner in your CI/CD pipelines (for example, Jenkins, Github actions). Ensure the following:
+You can include the CLI scanner in your CI/CD pipelines (for example, Jenkins, GitHub actions). Ensure the following:
- Download the CLI scanner binary onto your CI runner
- If you are running an ephemeral environment in the pipeline, include the download, and update the executable steps in your pipeline to download the scanner on every execution
diff --git a/calico-cloud_versioned_docs/version-19-1/network-policy/beginners/calico-network-policy.mdx b/calico-cloud_versioned_docs/version-19-1/network-policy/beginners/calico-network-policy.mdx
index 245a923675..148af8fffb 100644
--- a/calico-cloud_versioned_docs/version-19-1/network-policy/beginners/calico-network-policy.mdx
+++ b/calico-cloud_versioned_docs/version-19-1/network-policy/beginners/calico-network-policy.mdx
@@ -49,7 +49,7 @@ metadata:
name: allow-tcp-port-6379
```
-Because global network policies use **kind: GlobalNetworkPolicy**, they are grouped seperately from **kind: NetworkPolicy**. For example, global network policies will not be returned from `kubectl get networkpolicy.p`, and are rather returned from `kubectl get globalnetworkpolicy`.
+Because global network policies use **kind: GlobalNetworkPolicy**, they are grouped separately from **kind: NetworkPolicy**. For example, global network policies will not be returned from `kubectl get networkpolicy.p`, and are rather returned from `kubectl get globalnetworkpolicy`.
### Ingress and egress
diff --git a/calico-cloud_versioned_docs/version-19-1/network-policy/hosts/host-forwarded-traffic.mdx b/calico-cloud_versioned_docs/version-19-1/network-policy/hosts/host-forwarded-traffic.mdx
index 2a8858b279..3e26ac8422 100644
--- a/calico-cloud_versioned_docs/version-19-1/network-policy/hosts/host-forwarded-traffic.mdx
+++ b/calico-cloud_versioned_docs/version-19-1/network-policy/hosts/host-forwarded-traffic.mdx
@@ -110,7 +110,7 @@ spec:
- 22
```
-Save this as allow-ssh-maintenace.yaml.
+Save this as allow-ssh-maintenance.yaml.
Apply the policy to the cluster:
diff --git a/calico-cloud_versioned_docs/version-19-1/operations/ebpf/enabling-ebpf.mdx b/calico-cloud_versioned_docs/version-19-1/operations/ebpf/enabling-ebpf.mdx
index 97e4146991..1c5d91057e 100644
--- a/calico-cloud_versioned_docs/version-19-1/operations/ebpf/enabling-ebpf.mdx
+++ b/calico-cloud_versioned_docs/version-19-1/operations/ebpf/enabling-ebpf.mdx
@@ -230,7 +230,7 @@ resource to `"BPF"`.
kubectl patch installation.operator.tigera.io default --type merge -p '{"spec":{"calicoNetwork":{"linuxDataplane":"BPF"}}}'
```
-When enabling eBPF mode, pre-existing connections continue to use the non-BPF datapath; such connections should
+When enabling eBPF mode, preexisting connections continue to use the non-BPF datapath; such connections should
not be disrupted, but they do not benefit from eBPF mode’s advantages.
:::note
diff --git a/calico-cloud_versioned_docs/version-19-1/operations/monitor/metrics/recommended-metrics.mdx b/calico-cloud_versioned_docs/version-19-1/operations/monitor/metrics/recommended-metrics.mdx
index dbbe334843..d53fa3ba90 100644
--- a/calico-cloud_versioned_docs/version-19-1/operations/monitor/metrics/recommended-metrics.mdx
+++ b/calico-cloud_versioned_docs/version-19-1/operations/monitor/metrics/recommended-metrics.mdx
@@ -61,7 +61,7 @@ This section provides metrics recommendations for maintaining optimal cluster op
| Metric | Note: Syncer (type) is Typha's internal name for a client (type). Individual syncer values: (typha_cache_size\{syncer="bgp"\}) (typha_cache_size\{syncer="dpi"\}) typha_cache_size\{syncer="felix"\}) (typha_cache_size\{syncer="node-status"\}) (typha_cache_size\{syncer="tunnel-ip-allocation"\})
Sum of all syncers: The sum of all cache sizes (each syncer type has a cache). sum by (instance)(typha_cache_size)
Largest syncer: max by (instance)(typha_cache_size) |
| Example value | Example of: max by (instance)(typha_cache_size\{syncer="felix"\})
\{instance="10.0.1.20:9093"\} 661 \{instance="10.0.1.31:9093"\} 661 |
| Explanation | The total number of key/value pairs in Typha's in-memory cache.This metric represents the scale of the {{prodname}} datastore as it tracks how many WEPs (pods and services), HEPs (hostendpoints), networksets, globalnetworksets, {{prodname}} Network Policies etc that Typha is aware of across the entire Calico Federation.You can use this metric to monitor individual syncers to Typha (like Felix, BGP etc), or to get a sum of all syncers. We recommend that you monitor the largest syncer but it is completely up to you. This is a good metric to understand how much data is in Typha. Note: If all Typhas are in sync then they should have the same value for this metric. |
-| Threshold value recommendation | The value of this metric will depend on the scale of the Calico Federation and will always increase as WEPs, {{prodname}} network policie,s and clusters are added. Achieve a baseline first, then monitor for any unexpected increases from the baseline. |
+| Threshold value recommendation | The value of this metric will depend on the scale of the Calico Federation and will always increase as WEPs, {{prodname}} network policies and clusters are added. Achieve a baseline first, then monitor for any unexpected increases from the baseline. |
| Threshold breach symptoms | Unexpected increases may indicate memory leaks and performance issues with Typha. |
| Threshold breach recommendations | Check CPU usage on Typha pods and Kubernetes nodes. Increase resources if needed, rollout and restart Typha(s) if needed. |
| Priority level | Optional. |
@@ -261,7 +261,7 @@ The following metrics are applicable only if you have implemented [Cluster mesh]
| Example value | \{instance="10.0.1.20:9093"\} NaN |
| Explanation | The median time to stream the initial datastore snapshot to each client. It is useful to know the time it takes for a client to receive the data when it connects; it does not include time to process the data. |
| Threshold value recommendation | Investigate if this value is moving towards 10s of seconds. |
-| Threshold breach symptoms | High values of this metric could indicate that newly-started clients are taking a long time to get the latest snapshot of the datastore, increasing the window of time where networking/policy updates are not being applied to the dataplane during a restart/upgrade. Typha has a write timeout for writing the snapshot; if a client cannot receive the snapshot within that timeout, it isdisconnected. Clients falling behind on information and updates contained in the datastore (for example, {{prodname}} network policy object may not be current). |
+| Threshold breach symptoms | High values of this metric could indicate that newly-started clients are taking a long time to get the latest snapshot of the datastore, increasing the window of time where networking/policy updates are not being applied to the dataplane during a restart/upgrade. Typha has a write timeout for writing the snapshot; if a client cannot receive the snapshot within that timeout, it is disconnected. Clients falling behind on information and updates contained in the datastore (for example, {{prodname}} network policy object may not be current). |
| Threshold breach recommendations | Check Typha and calico-node logs and resource usage. Check for network congestion. Investigate why a particular calico-node is slow; it is likely on an overloaded node with insufficient CPU). |
| Priority level | Optional. |
@@ -352,7 +352,7 @@ The following policy metrics are a separate endpoint exposed by Felix that are u
| Metric | rate(process_cpu_seconds_total\{30s\}) \* 100 |
| Example value | \{endpoint="metrics-port", instance="10.0.1.20:9091", job="felix-metrics-svc", namespace="calico-system", pod="calico-node-qzpkt", service="felix-metrics-svc"\}3.1197504199664072 |
| Explanation | CPU in use by calico-node represented as a percentage of a core. |
-| Threshold value recommendation | A spike at startup is normal. It is recommended to first achieve a baseline and then monitor for any unexpected increases from this baseline. Investigage if maintained CPU usage goes above 90%. |
+| Threshold value recommendation | A spike at startup is normal. It is recommended to first achieve a baseline and then monitor for any unexpected increases from this baseline. Investigate if maintained CPU usage goes above 90%. |
| Threshold breach symptoms | Unexpected maintained CPU usage could cause Felix to fall behind and could cause delays to policy updates. |
| Threshold breach recommendations | Check CPU usage on Kubernetes nodes. Increase resources if needed, rollout restart calico-node(s) if needed. |
| Priority level | Recommended. |
@@ -459,7 +459,7 @@ The following policy metrics are a separate endpoint exposed by Felix that are u
| Metric | felix_logs_dropped |
| Example value | felix_logs_dropped\{endpoint="metrics-port", instance="10.0.1.20:9091", job="felix-metrics-svc", namespace="calico-system", pod="calico-node-qzpkt", service="felix-metrics-svc"\} 0 |
| Explanation | The number of logs Felix has dropped. Note that this metric does not count flow-logs; it counts logs to stdout. |
-| Threshold value recommendation | Occasional drops are normal. Investigate if frop counters rapidily rise. |
+| Threshold value recommendation | Occasional drops are normal. Investigate if drop counters rapidly rise. |
| Threshold breach symptoms | Felix will drop logs if it cannot keep up with writing them out. These are ordinary code logs, not flow logs. Calico-node may be under resource constraints. |
| Threshold breach recommendations | Check CPU usage on calico-nodes and Kubernetes nodes. Increase resources if needed, and rollout restart calico-node(s) if needed. |
| Priority level | Optional. |
diff --git a/calico-cloud_versioned_docs/version-19-1/reference/architecture/design/l2-interconnect-fabric.mdx b/calico-cloud_versioned_docs/version-19-1/reference/architecture/design/l2-interconnect-fabric.mdx
index 259f1f7038..76199c2efa 100644
--- a/calico-cloud_versioned_docs/version-19-1/reference/architecture/design/l2-interconnect-fabric.mdx
+++ b/calico-cloud_versioned_docs/version-19-1/reference/architecture/design/l2-interconnect-fabric.mdx
@@ -186,7 +186,7 @@ Each plane would constitute an IP network, so the blue plane would be
orange and red planes would be 2001:db8:3000::/36 and 2001:db8:4000::/36
respectively. [^3]
-Each IP network (plane) requires it's own BGP route reflectors. Those
+Each IP network (plane) requires its own BGP route reflectors. Those
route reflectors need to be peered with each other within the plane, but
the route reflectors in each plane do not need to be peered with one
another. Therefore, a fabric of four planes would have four route
diff --git a/calico-cloud_versioned_docs/version-19-1/reference/component-resources/node/felix/configuration.mdx b/calico-cloud_versioned_docs/version-19-1/reference/component-resources/node/felix/configuration.mdx
index 21fed5b528..da0c43dc32 100644
--- a/calico-cloud_versioned_docs/version-19-1/reference/component-resources/node/felix/configuration.mdx
+++ b/calico-cloud_versioned_docs/version-19-1/reference/component-resources/node/felix/configuration.mdx
@@ -62,7 +62,7 @@ The full list of parameters which can be set is as follows.
| `HealthEnabled` | `FELIX_HEALTHENABLED` | When enabled, exposes felix health information via an http endpoint. | boolean |
| `HealthHost` | `FELIX_HEALTHHOST` | The address on which Felix will respond to health requests. [Default: `localhost`] | string |
| `HealthPort` | `FELIX_HEALTHPORT` | The port on which Felix will respond to health requests. [Default: `9099`] | int |
-| `HealthTimeoutOverrides` | `FELIX_HEALTHTIMEOUTOVERRIDES` | Allows the internal watchdog timeouts of individual subcomponents to be overriden; example: "InternalDataplaneMainLoop=30s,CalculationGraph=2m". This is useful for working around "false positive" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs. [Default: ``] | Comma-delimited list of key/value pairs where the values are durations: `1s`, `10s`, `5m`, etc. |
+| `HealthTimeoutOverrides` | `FELIX_HEALTHTIMEOUTOVERRIDES` | Allows the internal watchdog timeouts of individual subcomponents to be overridden; example: "InternalDataplaneMainLoop=30s,CalculationGraph=2m". This is useful for working around "false positive" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs. [Default: ``] | Comma-delimited list of key/value pairs where the values are durations: `1s`, `10s`, `5m`, etc. |
| `IpInIpEnabled` | `FELIX_IPINIPENABLED` | Optional, you shouldn't need to change this setting as Felix calculates if IPIP should be enabled based on the existing IP Pools. When set, this overrides whether Felix should configure an IPinIP interface on the host. When explicitly disabled in FelixConfiguration, Felix will not clean up addresses from the `tunl0` interface (use this if you need to add addresses to that interface and don't want to have them removed). [Default: unset] | optional boolean |
| `IpInIpMtu` | `FELIX_IPINIPMTU` | The MTU to set on the IPIP tunnel device. Zero value means auto-detect. See [Configuring MTU](../../../../networking/configuring/mtu.mdx) [Default: `0`] | int |
| `IPv4VXLANTunnelAddr` | | IP address of the IPv4 VXLAN tunnel. This is system configured and should not be updated manually. | string |
@@ -272,7 +272,7 @@ for 1022 endpoints on the host.
| `L7LogsFileMaxFileSizeMB` | `FELIX_L7LOGSFILEMAXFILESIZEMB` | `100` | The max size in MB of L7 log files before rotation. This parameter only takes effect when `L7LogsFileEnabled` is `true`. |
| `L7LogsFlushInterval` | `FELIX_L7LOGSFLUSHINTERVAL` | `300` | The period, in seconds, at which Felix exports L7 logs. |
| `L7LogsFileAggregationHTTPHeaderInfo` | `FELIX_L7LOGSFILEAGGREGATIONHTTPHEADERINFO` | `ExcludeL7HTTPHeaderInfo` | How to handle HTTP header information for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7HTTPHeaderInfo` and `IncludeL7HTTPHeaderInfo`. |
-| `L7LogsFileAggregationHTTPMethod` | `FELIX_L7LOGSFILEAGGREGATIONHTTPMETHOD` | `IncludeL7HTTPMethod` | How to handle HTTP method data for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7HTTPMethod` and `IncludeL7HTTPMethod`. |
+| `L7LogsFileAggregationHTTPMethod` | `FELIX_L7LOGSFILEAGGREGATIONHTTPMETHOD` | `IncludeL7HTTPMethod` | How to handle HTTP method data for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7HTTPMethod` and `IncludeL7HTTPMethod`. |
| `L7LogsFileAggregationServiceInfo` | `FELIX_L7LOGSFILEAGGREGATIONSERVICEINFO` | `IncludeL7ServiceInfo` | How to handle service information for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7ServiceInfo` and `IncludeL7ServiceInfo`. |
| `L7LogsFileAggregationDestinationInfo` | `FELIX_L7LOGSFILEAGGREGATIONDESTINATIONINFO` | `IncludeL7DestinationInfo` | How to handle destination metadata for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7DestinationInfo` and `IncludeL7DestinationInfo`. |
| `L7LogsFileAggregationSourceInfo` | `FELIX_L7LOGSFILEAGGREGATIONSOURCEINFO` | `IncludeL7SourceInfoNoPort` | How to handle source metadata for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7SourceInfo`, `IncludeL7SourceInfoNoPort`, and `IncludeL7SourceInfo`. |
diff --git a/calico-cloud_versioned_docs/version-19-1/reference/component-resources/node/felix/prometheus.mdx b/calico-cloud_versioned_docs/version-19-1/reference/component-resources/node/felix/prometheus.mdx
index f2260e7131..2391699f9a 100644
--- a/calico-cloud_versioned_docs/version-19-1/reference/component-resources/node/felix/prometheus.mdx
+++ b/calico-cloud_versioned_docs/version-19-1/reference/component-resources/node/felix/prometheus.mdx
@@ -23,13 +23,13 @@ existing metrics.
| `felix_active_local_selectors` | Number of active selectors on this host. |
| `felix_active_local_tags` | Number of active tags on this host. |
| `felix_bpf_conntrack_cleaned` | Number of entries cleaned during a conntrack table sweep. |
-| `felix_bpf_conntrack_cleaned_total` | Total number of entries cleaned during conntrack table sweeps, incremented for each clean individually. |
+| `felix_bpf_conntrack_cleaned_total` | Total number of entries cleaned during conntrack table sweeps, incremented for each clean individually. |
| `felix_bpf_conntrack_expired` | Number of entries cleaned during a conntrack table sweep due to expiration. |
| `felix_bpf_conntrack_expired_total` | Total number of entries cleaned during conntrack table sweep due to expiration - by reason. |
| `felix_bpf_conntrack_inforeader_blocks` | Conntrack InfoReader would-blocks. |
| `felix_bpf_conntrack_stale_nat` | Number of entries cleaned during a conntrack table sweep due to stale NAT. |
| `felix_bpf_conntrack_stale_nat_total` | Total number of entries cleaned during conntrack table sweeps due to stale NAT. |
-| `felix_bpf_conntrack_sweeps` | Number of contrack table sweeps made so far. |
+| `felix_bpf_conntrack_sweeps` | Number of conntrack table sweeps made so far. |
| `felix_bpf_conntrack_used` | Number of used entries visited during a conntrack table sweep. |
| `felix_bpf_conntrack_sweep_duration` | Conntrack sweep execution time (ns). |
| `felix_bpf_num_ip_sets` | Number of BPF IP sets managed in the dataplane. |
diff --git a/calico-cloud_versioned_docs/version-19-1/reference/installation/_api.mdx b/calico-cloud_versioned_docs/version-19-1/reference/installation/_api.mdx
index eefffd5f38..8991e936be 100644
--- a/calico-cloud_versioned_docs/version-19-1/reference/installation/_api.mdx
+++ b/calico-cloud_versioned_docs/version-19-1/reference/installation/_api.mdx
@@ -488,7 +488,7 @@ WAFStatusType
WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster.
-When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
+When enabled, Services may opt-in to having ingress traffic examined by ModSecurity.
@@ -4352,7 +4352,7 @@ WAFStatusType
WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster.
-When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
+When enabled, Services may opt-in to having ingress traffic examined by ModSecurity.
@@ -9157,7 +9157,7 @@ int32
(Optional)
-BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from
+BlockSize specifies the CIDR prefix length to use when allocating per-node IP blocks from
the main IP pool CIDR.
Default: 26 (IPv4), 122 (IPv6)
@@ -10078,7 +10078,7 @@ int32
MTU is the most recently observed value for pod network MTU. This may be an explicitly
-configured value, or based on Calico’s native auto-detetion.
+configured value, or based on Calico’s native auto-detection.
diff --git a/calico-cloud_versioned_docs/version-19-1/reference/public-cloud/azure.mdx b/calico-cloud_versioned_docs/version-19-1/reference/public-cloud/azure.mdx
index c3a958e65d..a60610ac8b 100644
--- a/calico-cloud_versioned_docs/version-19-1/reference/public-cloud/azure.mdx
+++ b/calico-cloud_versioned_docs/version-19-1/reference/public-cloud/azure.mdx
@@ -23,7 +23,7 @@ You can use {{prodname}} policy with one of the following networking options.
To configure Azure user-defined routes (UDR):
- Create an [Azure route table][azureudrcreate] and
- associatе it with the VMs subnet.
+ associate it with the VMs subnet.
- Enable [IP forwarding enabled][azureipforward] in your
VM network interfaces.
diff --git a/calico-cloud_versioned_docs/version-19-1/reference/resources/deeppacketinspection.mdx b/calico-cloud_versioned_docs/version-19-1/reference/resources/deeppacketinspection.mdx
index be2aa9655e..0a798ff064 100644
--- a/calico-cloud_versioned_docs/version-19-1/reference/resources/deeppacketinspection.mdx
+++ b/calico-cloud_versioned_docs/version-19-1/reference/resources/deeppacketinspection.mdx
@@ -64,10 +64,10 @@ spec:
### Error Conditions
-| Field | Description |
-| ----------- | ------------------------------------------------------------------ |
+| Field | Description |
+| ----------- | ------------------------------------------------------------------- |
| message | Errors preventing deep packet inspection from running successfully. |
-| lastUpdated | Time when the [error](#error-conditions) was updated. |
+| lastUpdated | Time when the [error](#error-conditions) was updated. |
### Selector
diff --git a/calico-cloud_versioned_docs/version-19-1/reference/resources/managedcluster.mdx b/calico-cloud_versioned_docs/version-19-1/reference/resources/managedcluster.mdx
index 9897be7255..ba2d89b376 100644
--- a/calico-cloud_versioned_docs/version-19-1/reference/resources/managedcluster.mdx
+++ b/calico-cloud_versioned_docs/version-19-1/reference/resources/managedcluster.mdx
@@ -64,7 +64,7 @@ plane and managed plane will be reported as following:
- `True` when both planes have an established connection
- `False` when neither planes have an established connection
-| Field | Description | Accepted Values | Schema | Default |
-| ------ | ------------------------------------------------------------------------- | ------------------------- | ------ | ------------------------- |
-| type | Type of status that is being reported | - | string | `ManagedClusterConnected` |
+| Field | Description | Accepted Values | Schema | Default |
+| ------ | ------------------------------------------------------------------------- | -------------------------- | ------ | ------------------------- |
+| type | Type of status that is being reported | - | string | `ManagedClusterConnected` |
| status | Status of the connection between a Managed cluster and management cluster | `Unknown`, `True`, `False` | string | `Unknown` |
diff --git a/calico-cloud_versioned_docs/version-19-1/reference/resources/securityeventwebhook.mdx b/calico-cloud_versioned_docs/version-19-1/reference/resources/securityeventwebhook.mdx
index bd28ce1d9f..b9c2857153 100644
--- a/calico-cloud_versioned_docs/version-19-1/reference/resources/securityeventwebhook.mdx
+++ b/calico-cloud_versioned_docs/version-19-1/reference/resources/securityeventwebhook.mdx
@@ -75,15 +75,15 @@ The value must conform to the following rules:
| Field | Description | Schema | Required |
| ------------ | -------------------------------------------------------------------------- | --------------------------------------------------------------------------- | ----------------------------------- |
| name | Configuration variable name. | string | yes |
-| value | Direct value for the variable. | string | yes if `valueFrom` is not specifed |
-| valueFrom | Value defined either in a Kubernetes ConfigMap or in a Kubernetesa Secret. | [SecurityEventWebhookConfigVarSource](#securityeventwebhookconfigvarsource) | yes if `value` is not specified |
+| value | Direct value for the variable. | string | yes if `valueFrom` is not specified |
+| valueFrom | Value defined either in a Kubernetes ConfigMap or in a Kubernetes Secret. | [SecurityEventWebhookConfigVarSource](#securityeventwebhookconfigvarsource) | yes if `value` is not specified |
### SecurityEventWebhookConfigVarSource
| Field | Description | Schema | Required |
| ---------------- | --------------------------------- | ------------------------------------------------------------------------------------------------------------ | ----------------------------------------- |
| configMapKeyRef | Kubernetes ConfigMap reference. | `ConfigMapKeySelector` (referenced ConfigMap key should exist in the `tigera-intrusion-detection` namespace) | yes if `secretKeyRef` is not specified |
-| secretKeyRef | Kubernetes Secret reference. | `SecretKeySelector` (referenced Secret key should exist in the `tigera-intrusion-detection` namespace) | yes if `configMapKeyRef` is not specifed |
+| secretKeyRef | Kubernetes Secret reference. | `SecretKeySelector` (referenced Secret key should exist in the `tigera-intrusion-detection` namespace) | yes if `configMapKeyRef` is not specified |
### Status
diff --git a/calico-cloud_versioned_docs/version-19-1/release-notes/index.mdx b/calico-cloud_versioned_docs/version-19-1/release-notes/index.mdx
index 94f3956937..11e737f1cf 100644
--- a/calico-cloud_versioned_docs/version-19-1/release-notes/index.mdx
+++ b/calico-cloud_versioned_docs/version-19-1/release-notes/index.mdx
@@ -82,7 +82,7 @@ This release adds support for Kubernetes 1.28.
* The anomaly detection feature is removed in this release.
If you enabled this feature, you will now stop receiving anomaly detection alerts.
-* The AWS security groups integeration is deprecated in this release.
+* The AWS security groups integration is deprecated in this release.
It will be removed in a future release.
* The ingress log collection feature is deprecated in this release.
It will be removed in future release.
@@ -405,7 +405,7 @@ For more information, see [Create policy recommendation](../network-policy/recom
#### Create custom roles for Calico Cloud users
-Calico Cloud adminstrators can now define granular roles and permissions for users using custom role-based access controls.
+Calico Cloud administrators can now define granular roles and permissions for users using custom role-based access controls.
For more information, see [Create and assign custom roles](../users/create-and-assign-custom-roles.mdx).
@@ -532,7 +532,7 @@ To help meet your compliance requirements, we've added documentation to export l
-{{prodname}} has made the configuration and deployment of anomaly detection jobs for threat detection and performance hotpots more granular, allowing you to selectively enable jobs depending on your use case.
+{{prodname}} has made the configuration and deployment of anomaly detection jobs for threat detection and performance hotspots more granular, allowing you to selectively enable jobs depending on your use case.
### Improvement: Manager UI now displays cluster installation progress and streaming logs
diff --git a/calico-cloud_versioned_docs/version-19-1/threat/configuring-webhooks.mdx b/calico-cloud_versioned_docs/version-19-1/threat/configuring-webhooks.mdx
index a852625166..cdc5c39d0b 100644
--- a/calico-cloud_versioned_docs/version-19-1/threat/configuring-webhooks.mdx
+++ b/calico-cloud_versioned_docs/version-19-1/threat/configuring-webhooks.mdx
@@ -24,7 +24,7 @@ See [Sending messages using Incoming Webhooks](https://api.slack.com/messaging/w
See [Manage API tokens for your Atlassian account](https://support.atlassian.com/atlassian-account/docs/manage-api-tokens-for-your-atlassian-account/) for details on how to obtain an API token.
You also need:
* Your Atlassian site URL. If you access Jira at the URL `https://.atlassian.net/jira`, then your site URL is `.atlassian.net`.
- * A Jira project key. This is the Jira project where your {{prodname}} webhook creates new issues. Ths user associated with your API token must have write permissions to this project.
+ * A Jira project key. This is the Jira project where your {{prodname}} webhook creates new issues. This user associated with your API token must have write permissions to this project.
* **Generic JSON**. You must have a webhook URL for any other application you want the {{prodname}} webhook to send alerts to.
## Create a webhook for security event alerts
diff --git a/calico-cloud_versioned_docs/version-19-1/threat/security-posture-overview.mdx b/calico-cloud_versioned_docs/version-19-1/threat/security-posture-overview.mdx
index 2ee862e350..7868340b66 100644
--- a/calico-cloud_versioned_docs/version-19-1/threat/security-posture-overview.mdx
+++ b/calico-cloud_versioned_docs/version-19-1/threat/security-posture-overview.mdx
@@ -53,7 +53,7 @@ This feature is currently part of an active Beta program and will include signif
- The current bias of the dashboard is to include the Image Assurance feature as a contributing risk, even if you do not use the feature. If you are not using Image Assurance, the Cluster Security Score assumes a perfect score (100) for "High Risk Images" and "Unscanned Images" risks. However, Image Assurance is weighted at 50%; although you are not seeing the widest view of risk available without it, you can still make progress with the other 50% contributing risks. To use Image Assurance, see [Image Assurance scanner](../image-assurance/scanners/overview.mdx).
-- Currently, the historical score graph does not properly display a single data point, which is the case when the dasbhoard first starts assessing your cluster. With time, the historical graph will properly display data.
+- Currently, the historical score graph does not properly display a single data point, which is the case when the dashboard first starts assessing your cluster. With time, the historical graph will properly display data.
- You cannot customize the dashboard
diff --git a/calico-cloud_versioned_docs/version-19-1/tutorials/applications/egress-controls.mdx b/calico-cloud_versioned_docs/version-19-1/tutorials/applications/egress-controls.mdx
index 972bc51fff..fa5f94fff6 100644
--- a/calico-cloud_versioned_docs/version-19-1/tutorials/applications/egress-controls.mdx
+++ b/calico-cloud_versioned_docs/version-19-1/tutorials/applications/egress-controls.mdx
@@ -28,7 +28,7 @@ In this example, we have a microservice that requires egress access to two exter
`svc3` pods needs egress access to:
- A repo named, `app2-repo` at domain `app2-repo.example.com`, port 443
-- A parner named, `app2-partners` at endpoint `10.10.10.10/32`, port 1010 and 53
+- A partner named, `app2-partners` at endpoint `10.10.10.10/32`, port 1010 and 53
First, we define a domain-based NetworkSet. Using `allowedEgressDomains` we can specify the trusted repo by its URL, `app2-repo.example.com`.
diff --git a/calico-cloud_versioned_docs/version-19-1/tutorials/enterprise-security/global-egress.mdx b/calico-cloud_versioned_docs/version-19-1/tutorials/enterprise-security/global-egress.mdx
index 6a50d02ce5..276e44a488 100644
--- a/calico-cloud_versioned_docs/version-19-1/tutorials/enterprise-security/global-egress.mdx
+++ b/calico-cloud_versioned_docs/version-19-1/tutorials/enterprise-security/global-egress.mdx
@@ -6,7 +6,7 @@ description: Implement global egress access controls.
In this article you will learn how to implement egress access controls cluster-wide for all applications and microservices.
-In this example, we will implement global egress eccess controls for **dev1 team**:
+In this example, we will implement global egress access controls for **dev1 team**:
- Egress access control for all applications managed by dev1: applications (**app1**) and microservices (**app2**)
- dev1 pods can egress access to a repo named, `repo.acme.corp` at port 443
diff --git a/calico-cloud_versioned_docs/version-19-1/tutorials/kubernetes-tutorials/kubernetes-demo.mdx b/calico-cloud_versioned_docs/version-19-1/tutorials/kubernetes-tutorials/kubernetes-demo.mdx
index 1762ebedbc..0d230c3902 100644
--- a/calico-cloud_versioned_docs/version-19-1/tutorials/kubernetes-tutorials/kubernetes-demo.mdx
+++ b/calico-cloud_versioned_docs/version-19-1/tutorials/kubernetes-tutorials/kubernetes-demo.mdx
@@ -69,7 +69,7 @@ kubectl create -f {{tutorialFilesURL}}/allow-ui.yaml
kubectl create -f {{tutorialFilesURL}}/allow-ui-client.yaml
```
-After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other any more.
+After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other anymore.
### 4) Create the backend-policy.yaml file to allow traffic from the frontend to the backend
diff --git a/calico-cloud_versioned_docs/version-19-1/visibility/elastic/flow/aggregation.mdx b/calico-cloud_versioned_docs/version-19-1/visibility/elastic/flow/aggregation.mdx
index dc8e89ff7f..7f0b1195d0 100644
--- a/calico-cloud_versioned_docs/version-19-1/visibility/elastic/flow/aggregation.mdx
+++ b/calico-cloud_versioned_docs/version-19-1/visibility/elastic/flow/aggregation.mdx
@@ -97,9 +97,9 @@ When viewing traffic flows, note that **null values** for `source_ip` and `dest_
The following table summarizes the aggregation levels by flow log traffic.
| Flow log aggregation by... | Available for... | Aggregates all flows that share... |
-| --------------------------- | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| Pod prefix | Allowed and denied traffic (default is allowed) | `FlowLogsFileAggregationKindForAllowed` **0**, No aggregation **1**, A source port on each node. **2, (default)** Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
-| Source port | Allowed and denied traffic | `FlowLogsFileAggregationKindForAllowed` `FlowLogsFileAggregationKindForDenied` **0**, No aggregation **1, (default)** Source port on each node. **2**, Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
+| -------------------------- | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Pod prefix | Allowed and denied traffic (default is allowed) | `FlowLogsFileAggregationKindForAllowed` **0**, No aggregation **1**, A source port on each node. **2, (default)** Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
+| Source port | Allowed and denied traffic | `FlowLogsFileAggregationKindForAllowed` `FlowLogsFileAggregationKindForDenied` **0**, No aggregation **1, (default)** Source port on each node. **2**, Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
## How to
diff --git a/calico-cloud_versioned_docs/version-19-1/visibility/elastic/flow/datatypes.mdx b/calico-cloud_versioned_docs/version-19-1/visibility/elastic/flow/datatypes.mdx
index b1fc02a703..4a15f0610c 100644
--- a/calico-cloud_versioned_docs/version-19-1/visibility/elastic/flow/datatypes.mdx
+++ b/calico-cloud_versioned_docs/version-19-1/visibility/elastic/flow/datatypes.mdx
@@ -61,7 +61,7 @@ The following table details the key/value pairs in the JSON blob, including thei
| `tcp_max_min_rtt` | long | Maximum MinRTT in micro seconds. This field is only available if flowLogsEnableTcpStats is enabled |
| `tcp_mean_mss` | long | Mean TCP MSS. This field is only available if flowLogsEnableTcpStats is enabled |
| `tcp_min_mss` | long | Minimum TCP MSS. This field is only available if flowLogsEnableTcpStats is enabled |
-| `tcp_total_retransmissions` | long | Total retransmitted packets. This field is only available if flowLogsEnableTcpStats is enabled |
+| `tcp_total_retransmissions` | long | Total retransmitted packets. This field is only available if flowLogsEnableTcpStats is enabled |
| `tcp_lost_packets` | long | Total lost packets. This field is only available if flowLogsEnableTcpStats is enabled |
| `tcp_unrecovered_to` | long | Total unrecovered timeouts. This field is only available if flowLogsEnableTcpStats is enabled |
diff --git a/calico-enterprise/_includes/components/InstallEKS.js b/calico-enterprise/_includes/components/InstallEKS.js
index 6f7ec74e0a..fd7ba4ecb6 100644
--- a/calico-enterprise/_includes/components/InstallEKS.js
+++ b/calico-enterprise/_includes/components/InstallEKS.js
@@ -138,7 +138,7 @@ spec:
plane nodes will not be able to initiate network connections to {prodname} pods. (This is a general limitation
of EKS's custom networking support, not specific to {prodname}.) As a workaround, trusted pods that require
control plane nodes to connect to them, such as those implementing admission controller webhooks, can include{' '}
- hostNetwork:true in their pod spec. See the Kuberentes API{' '}
+ hostNetwork:true in their pod spec. See the Kubernetes API{' '}
pod spec
{' '}
diff --git a/calico-enterprise/getting-started/install-on-clusters/aws.mdx b/calico-enterprise/getting-started/install-on-clusters/aws.mdx
index 15d5633700..09f4d051ac 100644
--- a/calico-enterprise/getting-started/install-on-clusters/aws.mdx
+++ b/calico-enterprise/getting-started/install-on-clusters/aws.mdx
@@ -86,7 +86,7 @@ To use kOps to create a cluster with {{prodname}} networking and network policy:
:::
-1. The provisioned kOps cluster will assign it's own set of pod network CIDR in the kube-proxy instance different than the one {{prodname}} expects. To set the cluster cidr for the kube-proxy to match the one expected by {{prodname}} edit the cluster config `kops edit cluster ` and add the `kubeProxy` config with the `clusterCIDR` expected by the default {{prodname}} installation.
+1. The provisioned kOps cluster will assign its own set of pod network CIDR in the kube-proxy instance different than the one {{prodname}} expects. To set the cluster cidr for the kube-proxy to match the one expected by {{prodname}} edit the cluster config `kops edit cluster ` and add the `kubeProxy` config with the `clusterCIDR` expected by the default {{prodname}} installation.
```yaml noValidation
spec:
diff --git a/calico-enterprise/getting-started/install-on-clusters/requirements.mdx b/calico-enterprise/getting-started/install-on-clusters/requirements.mdx
index f5664735f1..414786c466 100644
--- a/calico-enterprise/getting-started/install-on-clusters/requirements.mdx
+++ b/calico-enterprise/getting-started/install-on-clusters/requirements.mdx
@@ -14,11 +14,11 @@ This installation must use the Kubernetes default CNI configuration directory (`
## Other network providers
-Generally, you can not use {{prodname}} together with another network provider.
+Generally, you cannot use {{prodname}} together with another network provider.
Notable exceptions include certain platform-specific CNIs, such as the [AWS VPC CNI](https://github.com/aws/amazon-vpc-cni-k8s/blob/master/README.md) and [Azure VNET CNI](https://github.com/Azure/azure-container-networking/blob/master/docs/cni.md) plugins.
-If you're working with a cluster that already uses another CNI, you can not migrate to {{prodname}}.
+If you're working with a cluster that already uses another CNI, you cannot migrate to {{prodname}}.
## Supported kube-proxy modes
diff --git a/calico-enterprise/network-policy/beginners/calico-network-policy.mdx b/calico-enterprise/network-policy/beginners/calico-network-policy.mdx
index 6dbb5bae8f..bfe24c3c87 100644
--- a/calico-enterprise/network-policy/beginners/calico-network-policy.mdx
+++ b/calico-enterprise/network-policy/beginners/calico-network-policy.mdx
@@ -49,7 +49,7 @@ metadata:
name: allow-tcp-port-6379
```
-Because global network policies use **kind: GlobalNetworkPolicy**, they are grouped seperately from **kind: NetworkPolicy**. For example, global network policies will not be returned from `kubectl get networkpolicy.p`, and are rather returned from `kubectl get globalnetworkpolicy`.
+Because global network policies use **kind: GlobalNetworkPolicy**, they are grouped separately from **kind: NetworkPolicy**. For example, global network policies will not be returned from `kubectl get networkpolicy.p`, and are rather returned from `kubectl get globalnetworkpolicy`.
### Ingress and egress
diff --git a/calico-enterprise/network-policy/get-started/kubernetes-demo.mdx b/calico-enterprise/network-policy/get-started/kubernetes-demo.mdx
index 61dfb32b0c..6bd390dbf3 100644
--- a/calico-enterprise/network-policy/get-started/kubernetes-demo.mdx
+++ b/calico-enterprise/network-policy/get-started/kubernetes-demo.mdx
@@ -67,7 +67,7 @@ kubectl create -f {{tutorialFilesURL}}/allow-ui.yaml
kubectl create -f {{tutorialFilesURL}}/allow-ui-client.yaml
```
-After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other any more.
+After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other anymore.
### 4) Create the backend-policy.yaml file to allow traffic from the frontend to the backend
diff --git a/calico-enterprise/network-policy/hosts/host-forwarded-traffic.mdx b/calico-enterprise/network-policy/hosts/host-forwarded-traffic.mdx
index ae65428f74..edef086c7f 100644
--- a/calico-enterprise/network-policy/hosts/host-forwarded-traffic.mdx
+++ b/calico-enterprise/network-policy/hosts/host-forwarded-traffic.mdx
@@ -110,7 +110,7 @@ spec:
- 22
```
-Save this as allow-ssh-maintenace.yaml.
+Save this as allow-ssh-maintenance.yaml.
Apply the policy to the cluster:
diff --git a/calico-enterprise/network-policy/hosts/protect-hosts.mdx b/calico-enterprise/network-policy/hosts/protect-hosts.mdx
index 8aab3e501f..c4d4031a54 100644
--- a/calico-enterprise/network-policy/hosts/protect-hosts.mdx
+++ b/calico-enterprise/network-policy/hosts/protect-hosts.mdx
@@ -24,7 +24,7 @@ Each host has one or more network interfaces that it uses to communicate externa
### Failsafe rules
-It is easy to inadvertently cut all host connectivity because of non-existent or misconfigured network policy. To avoid this, {{prodname}} provides failsafe rules with default/configurable ports that are open on all host endpoints.
+It is easy to inadvertently cut all host connectivity because of nonexistent or misconfigured network policy. To avoid this, {{prodname}} provides failsafe rules with default/configurable ports that are open on all host endpoints.
### Default behavior of workload to host traffic
@@ -58,7 +58,7 @@ If you are already running {{prodname}} for Kubernetes, you are good to go. If y
### Avoid accidentally cutting all host connectivity
-To avoid inadvertently cutting all host connectivity because of non-existent or misconfigured network policy, {{prodname}} uses failsafe rules that open specific ports and CIDRs on all host endpoints.
+To avoid inadvertently cutting all host connectivity because of nonexistent or misconfigured network policy, {{prodname}} uses failsafe rules that open specific ports and CIDRs on all host endpoints.
Review the following table to determine if the defaults work for your implementation. If not, change the default ports using the parameters, **FailsafeInboundHostPorts** and **FailsafeOutboundHostPorts** in [Configuring Felix](../../reference/component-resources/node/felix/configuration.mdx#environment-variables).
diff --git a/calico-enterprise/operations/clis/calicoctl/install.mdx b/calico-enterprise/operations/clis/calicoctl/install.mdx
index 15d816db17..3f238b93c1 100644
--- a/calico-enterprise/operations/clis/calicoctl/install.mdx
+++ b/calico-enterprise/operations/clis/calicoctl/install.mdx
@@ -122,8 +122,8 @@ to a location that's in your `PATH`. For example, `C:\Windows`.
{'{{version}}' === 'master'
- ? `Invoke-WebRequest -Uri "{{filesUrl}}/download/binaries/${version}/calicoctl-windows-amd64.exe" -OutFile "calicocttl.exe"`
- : `Invoke-WebRequest -Uri "{{downloadsurl}}/ee/binaries/${version}/calicoctl-windows-amd64.exe" -OutFile "calicocttl.exe"`}
+ ? `Invoke-WebRequest -Uri "{{filesUrl}}/download/binaries/${version}/calicoctl-windows-amd64.exe" -OutFile "calicoctl.exe"`
+ : `Invoke-WebRequest -Uri "{{downloadsurl}}/ee/binaries/${version}/calicoctl-windows-amd64.exe" -OutFile "calicoctl.exe"`}
diff --git a/calico-enterprise/operations/ebpf/enabling-ebpf.mdx b/calico-enterprise/operations/ebpf/enabling-ebpf.mdx
index ea80f24764..e13105469b 100644
--- a/calico-enterprise/operations/ebpf/enabling-ebpf.mdx
+++ b/calico-enterprise/operations/ebpf/enabling-ebpf.mdx
@@ -186,7 +186,7 @@ resource to `"BPF"`.
kubectl patch installation.operator.tigera.io default --type merge -p '{"spec":{"calicoNetwork":{"linuxDataplane":"BPF"}}}'
```
-When enabling eBPF mode, pre-existing connections continue to use the non-BPF datapath; such connections should
+When enabling eBPF mode, preexisting connections continue to use the non-BPF datapath; such connections should
not be disrupted, but they do not benefit from eBPF mode’s advantages.
:::note
diff --git a/calico-enterprise/operations/monitor/metrics/elasticsearch-and-fluentd-metrics.mdx b/calico-enterprise/operations/monitor/metrics/elasticsearch-and-fluentd-metrics.mdx
index dc845982b1..e1255928ce 100644
--- a/calico-enterprise/operations/monitor/metrics/elasticsearch-and-fluentd-metrics.mdx
+++ b/calico-enterprise/operations/monitor/metrics/elasticsearch-and-fluentd-metrics.mdx
@@ -82,7 +82,7 @@ investigation."
severity: Critical
annotations:
summary: "Elasticsearch pod {{$labels.name}}'s disk space is critically low."
- description: "Elasticsearch pod {{$labels.name}} in Elasticsearch cluster {{$labels.name}} has less then 10% of
+ description: "Elasticsearch pod {{$labels.name}} in Elasticsearch cluster {{$labels.name}} has less than 10% of
free disk space left. To avoid service disruption review the LogStorage resource limits and curation settings."
- alert: ElasticsearchPodLowDiskSpace
expr: elasticsearch_filesystem_data_available_bytes / elasticsearch_filesystem_data_size_bytes < 0.25
@@ -90,7 +90,7 @@ free disk space left. To avoid service disruption review the LogStorage resource
severity: Warning
annotations:
summary: "Elasticsearch pod {{$labels.name}}'s disk space is getting low."
- description: "Elasticsearch pod {{$labels.name}} in Elasticsearch cluster {{$labels.name}} has less then 25% of
+ description: "Elasticsearch pod {{$labels.name}} in Elasticsearch cluster {{$labels.name}} has less than 25% of
free disk space left. To avoid service disruption review the LogStorage resource limits and curation settings."
- alert: ElasticsearchConsistentlyHighCPUUsage
expr: avg_over_time(elasticsearch_os_cpu_percent[10m]) > 90
diff --git a/calico-enterprise/operations/monitor/metrics/recommended-metrics.mdx b/calico-enterprise/operations/monitor/metrics/recommended-metrics.mdx
index 64a2713820..ebf664b106 100644
--- a/calico-enterprise/operations/monitor/metrics/recommended-metrics.mdx
+++ b/calico-enterprise/operations/monitor/metrics/recommended-metrics.mdx
@@ -61,7 +61,7 @@ This section provides metrics recommendations for maintaining optimal cluster op
| Metric | Note: Syncer (type) is Typha's internal name for a client (type). Individual syncer values: (typha_cache_size\{syncer="bgp"\}) (typha_cache_size\{syncer="dpi"\}) typha_cache_size\{syncer="felix"\}) (typha_cache_size\{syncer="node-status"\}) (typha_cache_size\{syncer="tunnel-ip-allocation"\})
Sum of all syncers: The sum of all cache sizes (each syncer type has a cache). sum by (instance)(typha_cache_size)
Largest syncer: max by (instance)(typha_cache_size) |
| Example value | Example of: max by (instance)(typha_cache_size\{syncer="felix"\})
\{instance="10.0.1.20:9093"\} 661 \{instance="10.0.1.31:9093"\} 661 |
| Explanation | The total number of key/value pairs in Typha's in-memory cache.This metric represents the scale of the {{prodname}} datastore as it tracks how many WEPs (pods and services), HEPs (hostendpoints), networksets, globalnetworksets, {{prodname}} Network Policies etc that Typha is aware of across the entire Calico Federation.You can use this metric to monitor individual syncers to Typha (like Felix, BGP etc), or to get a sum of all syncers. We recommend that you monitor the largest syncer but it is completely up to you. This is a good metric to understand how much data is in Typha. Note: If all Typhas are in sync then they should have the same value for this metric. |
-| Threshold value recommendation | The value of this metric will depend on the scale of the Calico Federation and will always increase as WEPs, {{prodname}} network policie,s and clusters are added. Achieve a baseline first, then monitor for any unexpected increases from the baseline. |
+| Threshold value recommendation | The value of this metric will depend on the scale of the Calico Federation and will always increase as WEPs, {{prodname}} network policies and clusters are added. Achieve a baseline first, then monitor for any unexpected increases from the baseline. |
| Threshold breach symptoms | Unexpected increases may indicate memory leaks and performance issues with Typha. |
| Threshold breach recommendations | Check CPU usage on Typha pods and Kubernetes nodes. Increase resources if needed, rollout and restart Typha(s) if needed. |
| Priority level | Optional. |
@@ -261,7 +261,7 @@ The following metrics are applicable only if you have implemented [Cluster mesh]
| Example value | \{instance="10.0.1.20:9093"\} NaN |
| Explanation | The median time to stream the initial datastore snapshot to each client. It is useful to know the time it takes for a client to receive the data when it connects; it does not include time to process the data. |
| Threshold value recommendation | Investigate if this value is moving towards 10s of seconds. |
-| Threshold breach symptoms | High values of this metric could indicate that newly-started clients are taking a long time to get the latest snapshot of the datastore, increasing the window of time where networking/policy updates are not being applied to the dataplane during a restart/upgrade. Typha has a write timeout for writing the snapshot; if a client cannot receive the snapshot within that timeout, it isdisconnected. Clients falling behind on information and updates contained in the datastore (for example, {{prodname}} network policy object may not be current). |
+| Threshold breach symptoms | High values of this metric could indicate that newly-started clients are taking a long time to get the latest snapshot of the datastore, increasing the window of time where networking/policy updates are not being applied to the dataplane during a restart/upgrade. Typha has a write timeout for writing the snapshot; if a client cannot receive the snapshot within that timeout, it is disconnected. Clients falling behind on information and updates contained in the datastore (for example, {{prodname}} network policy object may not be current). |
| Threshold breach recommendations | Check Typha and calico-node logs and resource usage. Check for network congestion. Investigate why a particular calico-node is slow; it is likely on an overloaded node with insufficient CPU). |
| Priority level | Optional. |
@@ -352,7 +352,7 @@ The following policy metrics are a separate endpoint exposed by Felix that are u
| Metric | rate(process_cpu_seconds_total\{30s\}) \* 100 |
| Example value | \{endpoint="metrics-port", instance="10.0.1.20:9091", job="felix-metrics-svc", namespace="calico-system", pod="calico-node-qzpkt", service="felix-metrics-svc"\}3.1197504199664072 |
| Explanation | CPU in use by calico-node represented as a percentage of a core. |
-| Threshold value recommendation | A spike at startup is normal. It is recommended to first achieve a baseline and then monitor for any unexpected increases from this baseline. Investigage if maintained CPU usage goes above 90%. |
+| Threshold value recommendation | A spike at startup is normal. It is recommended to first achieve a baseline and then monitor for any unexpected increases from this baseline. Investigate if maintained CPU usage goes above 90%. |
| Threshold breach symptoms | Unexpected maintained CPU usage could cause Felix to fall behind and could cause delays to policy updates. |
| Threshold breach recommendations | Check CPU usage on Kubernetes nodes. Increase resources if needed, rollout restart calico-node(s) if needed. |
| Priority level | Recommended. |
@@ -459,7 +459,7 @@ The following policy metrics are a separate endpoint exposed by Felix that are u
| Metric | felix_logs_dropped |
| Example value | felix_logs_dropped\{endpoint="metrics-port", instance="10.0.1.20:9091", job="felix-metrics-svc", namespace="calico-system", pod="calico-node-qzpkt", service="felix-metrics-svc"\} 0 |
| Explanation | The number of logs Felix has dropped. Note that this metric does not count flow-logs; it counts logs to stdout. |
-| Threshold value recommendation | Occasional drops are normal. Investigate if frop counters rapidily rise. |
+| Threshold value recommendation | Occasional drops are normal. Investigate if drop counters rapidly rise. |
| Threshold breach symptoms | Felix will drop logs if it cannot keep up with writing them out. These are ordinary code logs, not flow logs. Calico-node may be under resource constraints. |
| Threshold breach recommendations | Check CPU usage on calico-nodes and Kubernetes nodes. Increase resources if needed, and rollout restart calico-node(s) if needed. |
| Priority level | Optional. |
diff --git a/calico-enterprise/reference/architecture/design/l2-interconnect-fabric.mdx b/calico-enterprise/reference/architecture/design/l2-interconnect-fabric.mdx
index 9d91a6386b..a0c6c5388a 100644
--- a/calico-enterprise/reference/architecture/design/l2-interconnect-fabric.mdx
+++ b/calico-enterprise/reference/architecture/design/l2-interconnect-fabric.mdx
@@ -50,7 +50,7 @@ context.
In a classical Ethernet data center fabric, there is a _churn_ event each time an endpoint is created,
destroyed, or moved. In a large data center, with hundreds of thousands of endpoints, this _churn_ could run into tens of events per second, every second of the day, with peaks easily in the hundreds or thousands of events per second. In a {{prodname}} network, however, the _churn_ is very low. The only event that would lead to _churn_
- orders of magnitude more than what is normally experienced), there would only be two thousand events per **day**. Any switch that can not handle that volume of change in the network should not be used
+ orders of magnitude more than what is normally experienced), there would only be two thousand events per **day**. Any switch that cannot handle that volume of change in the network should not be used
for any application.
- High volume of broadcast traffic
@@ -87,7 +87,7 @@ In this diagram, each ToR is segmented into four logical switches (possibly by u
Each plane would constitute an IP network, so the blue plane would be 2001:db8:1000::/36, the green would be 2001:db8:2000::/36, and the orange and red planes would be 2001:db8:3000::/36 and 2001:db8:4000::/36 respectively ([note 3](#note-3)).
-Each IP network (plane) requires it's own BGP route reflectors. Those route reflectors need to be peered with each other within the plane, but the route reflectors in each plane do not need to be peered with one another. Therefore, a fabric of four planes would have four route reflector meshes. Each compute server, border router, _etc._ would need
+Each IP network (plane) requires its own BGP route reflectors. Those route reflectors need to be peered with each other within the plane, but the route reflectors in each plane do not need to be peered with one another. Therefore, a fabric of four planes would have four route reflector meshes. Each compute server, border router, _etc._ would need
to be a route reflector client of at least one route reflector in each plane, and very preferably two or more in each plane.
The following diagram visualizes the route reflector environment.
diff --git a/calico-enterprise/reference/clis/calicoctl/delete.mdx b/calico-enterprise/reference/clis/calicoctl/delete.mdx
index 4bb2230e38..90fef1663a 100644
--- a/calico-enterprise/reference/clis/calicoctl/delete.mdx
+++ b/calico-enterprise/reference/clis/calicoctl/delete.mdx
@@ -78,7 +78,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to delete a resource that does not exists is treated as a
terminating error unless the --skip-not-exists flag is set. If this flag is
diff --git a/calico-enterprise/reference/clis/calicoctl/get.mdx b/calico-enterprise/reference/clis/calicoctl/get.mdx
index 18b6406b61..d0213695a7 100644
--- a/calico-enterprise/reference/clis/calicoctl/get.mdx
+++ b/calico-enterprise/reference/clis/calicoctl/get.mdx
@@ -81,7 +81,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to get resources that do not exist will simply return no results.
diff --git a/calico-enterprise/reference/clis/calicoctl/label.mdx b/calico-enterprise/reference/clis/calicoctl/label.mdx
index 48c684f65c..29f892c06e 100644
--- a/calico-enterprise/reference/clis/calicoctl/label.mdx
+++ b/calico-enterprise/reference/clis/calicoctl/label.mdx
@@ -52,10 +52,10 @@ Options:
--overwrite If true, overwrite the value when the key is already
present in labels. Otherwise reports error when the
labeled resource already have the key in its labels.
- Can not be used with --remove.
+ Cannot be used with --remove.
--remove If true, remove the specified key in labels of the
resource. Reports error when specified key does not
- exist. Can not be used with --overwrite.
+ exist. Cannot be used with --overwrite.
--context= The name of the kubeconfig context to use.
Description:
@@ -75,7 +75,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to label resources that do not exist will get an error.
@@ -133,10 +133,10 @@ Description:
--overwrite If true, overwrite the value when the key is already
present in labels. Otherwise reports error when the
labeled resource already have the key in its labels.
- Can not be used with --remove.
+ Cannot be used with --remove.
--remove If true, remove the specified key in labels of the
resource. Reports error when specified key does not
- exist. Can not be used with --overwrite.
+ exist. Cannot be used with --overwrite.
```
### General options
diff --git a/calico-enterprise/reference/clis/calicoctl/node/run.mdx b/calico-enterprise/reference/clis/calicoctl/node/run.mdx
index 0368cc597c..6f1bff857c 100644
--- a/calico-enterprise/reference/clis/calicoctl/node/run.mdx
+++ b/calico-enterprise/reference/clis/calicoctl/node/run.mdx
@@ -100,7 +100,7 @@ Options:
system.
--no-default-ippools Do not create default pools upon startup.
Default IP pools will be created if this is not set
- and there are no pre-existing Calico IP pools.
+ and there are no preexisting Calico IP pools.
--disable-docker-networking
Disable Docker networking.
--docker-networking-ifprefix=
@@ -342,7 +342,7 @@ terminating `,` character does not need to be specified for those cases.
system.
--no-default-ippools Do not create default pools upon startup.
Default IP pools will be created if this is not set
- and there are no pre-existing Calico IP pools.
+ and there are no preexisting Calico IP pools.
--disable-docker-networking
Disable Docker networking.
--docker-networking-ifprefix=
diff --git a/calico-enterprise/reference/clis/calicoctl/overview.mdx b/calico-enterprise/reference/clis/calicoctl/overview.mdx
index 8a2528b64f..30ff8fee91 100644
--- a/calico-enterprise/reference/clis/calicoctl/overview.mdx
+++ b/calico-enterprise/reference/clis/calicoctl/overview.mdx
@@ -37,7 +37,7 @@ Usage:
replace Replace a resource by file, directory or stdin.
apply Apply a resource by file, directory or stdin. This creates a resource
if it does not exist, and replaces a resource if it does exists.
- patch Patch a pre-existing resource in place.
+ patch Patch a preexisting resource in place.
delete Delete a resource identified by file, directory, stdin or resource type and
name.
get Get a resource identified by file, directory, stdin or resource type and
@@ -115,7 +115,7 @@ See [Configuring Felix](../../component-resources/node/felix/configuration.mdx)
## Supported resource definition aliases
The following table lists supported aliases for {{prodname}} resources when using `calicoctl`. Note that all aliases
-are **case insensitive**.
+are **case-insensitive**.
| Resource definition | Supported calicoctl aliases |
| :----------------------------------- | :----------------------------------------------------------- |
diff --git a/calico-enterprise/reference/clis/calicoctl/patch.mdx b/calico-enterprise/reference/clis/calicoctl/patch.mdx
index 2cf6c404fb..db187d25bc 100644
--- a/calico-enterprise/reference/clis/calicoctl/patch.mdx
+++ b/calico-enterprise/reference/clis/calicoctl/patch.mdx
@@ -59,7 +59,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to patch a resource that does not exists is treated as a
terminating error unless the --skip-not-exists flag is set. If this flag is
set, resources that do not exist are skipped.
diff --git a/calico-enterprise/reference/component-resources/node/felix/configuration.mdx b/calico-enterprise/reference/component-resources/node/felix/configuration.mdx
index 4e7724d9a4..33ca8d8961 100644
--- a/calico-enterprise/reference/component-resources/node/felix/configuration.mdx
+++ b/calico-enterprise/reference/component-resources/node/felix/configuration.mdx
@@ -63,7 +63,7 @@ The full list of parameters which can be set is as follows.
| `HealthEnabled` | `FELIX_HEALTHENABLED` | When enabled, exposes felix health information via an http endpoint. | boolean |
| `HealthHost` | `FELIX_HEALTHHOST` | The address on which Felix will respond to health requests. [Default: `localhost`] | string |
| `HealthPort` | `FELIX_HEALTHPORT` | The port on which Felix will respond to health requests. [Default: `9099`] | int |
-| `HealthTimeoutOverrides` | `FELIX_HEALTHTIMEOUTOVERRIDES` | Allows the internal watchdog timeouts of individual subcomponents to be overriden; example: "InternalDataplaneMainLoop=30s,CalculationGraph=2m". This is useful for working around "false positive" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs. [Default: ``] | Comma-delimited list of key/value pairs where the values are durations: `1s`, `10s`, `5m`, etc. |
+| `HealthTimeoutOverrides` | `FELIX_HEALTHTIMEOUTOVERRIDES` | Allows the internal watchdog timeouts of individual subcomponents to be overridden; example: "InternalDataplaneMainLoop=30s,CalculationGraph=2m". This is useful for working around "false positive" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs. [Default: ``] | Comma-delimited list of key/value pairs where the values are durations: `1s`, `10s`, `5m`, etc. |
| `IpInIpEnabled` | `FELIX_IPINIPENABLED` | Optional, you shouldn't need to change this setting as Felix calculates if IPIP should be enabled based on the existing IP Pools. When set, this overrides whether Felix should configure an IPinIP interface on the host. When explicitly disabled in FelixConfiguration, Felix will not clean up addresses from the `tunl0` interface (use this if you need to add addresses to that interface and don't want to have them removed). [Default: unset] | optional boolean |
| `IpInIpMtu` | `FELIX_IPINIPMTU` | The MTU to set on the IPIP tunnel device. Zero value means auto-detect. See [Configuring MTU](../../../../networking/configuring/mtu.mdx) [Default: `0`] | int |
| `IPv4VXLANTunnelAddr` | | IP address of the IPv4 VXLAN tunnel. This is system configured and should not be updated manually. | string |
@@ -105,7 +105,7 @@ The full list of parameters which can be set is as follows.
#### Feature Gates
-* `BPFConnectTimeLoadBalancingWorkaround` - Use when connect-time loadblalancer (CTLB) is turned off or if you want to turn it off for UDP only. When CTLB is turned off, host networked processes cannot always reach services. This workaround makes sure that they can. When CTLB is turned on, UDP clients may get stuck sending traffic to endpoint that does not exist anymore. So CTLB needs to be turned off sometimes.
+* `BPFConnectTimeLoadBalancingWorkaround` - Use when connect-time loadbalancer (CTLB) is turned off or if you want to turn it off for UDP only. When CTLB is turned off, host networked processes cannot always reach services. This workaround makes sure that they can. When CTLB is turned on, UDP clients may get stuck sending traffic to endpoint that does not exist anymore. So CTLB needs to be turned off sometimes.
* `enabled` - when CTLB is turned off make sure that services are always accessible.
* `udp` - turns off CTLB for UDP only and makes sure that services are always accessible. Preferred setting to make sure that DNS works.
@@ -282,7 +282,7 @@ for 1022 endpoints on the host.
| `L7LogsFileMaxFileSizeMB` | `FELIX_L7LOGSFILEMAXFILESIZEMB` | `100` | The max size in MB of L7 log files before rotation. This parameter only takes effect when `L7LogsFileEnabled` is `true`. |
| `L7LogsFlushInterval` | `FELIX_L7LOGSFLUSHINTERVAL` | `300` | The period, in seconds, at which Felix exports L7 logs. |
| `L7LogsFileAggregationHTTPHeaderInfo` | `FELIX_L7LOGSFILEAGGREGATIONHTTPHEADERINFO` | `ExcludeL7HTTPHeaderInfo` | How to handle HTTP header information for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7HTTPHeaderInfo` and `IncludeL7HTTPHeaderInfo`. |
-| `L7LogsFileAggregationHTTPMethod` | `FELIX_L7LOGSFILEAGGREGATIONHTTPMETHOD` | `IncludeL7HTTPMethod` | How to handle HTTP method data for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7HTTPMethod` and `IncludeL7HTTPMethod`. |
+| `L7LogsFileAggregationHTTPMethod` | `FELIX_L7LOGSFILEAGGREGATIONHTTPMETHOD` | `IncludeL7HTTPMethod` | How to handle HTTP method data for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7HTTPMethod` and `IncludeL7HTTPMethod`. |
| `L7LogsFileAggregationServiceInfo` | `FELIX_L7LOGSFILEAGGREGATIONSERVICEINFO` | `IncludeL7ServiceInfo` | How to handle service information for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7ServiceInfo` and `IncludeL7ServiceInfo`. |
| `L7LogsFileAggregationDestinationInfo` | `FELIX_L7LOGSFILEAGGREGATIONDESTINATIONINFO` | `IncludeL7DestinationInfo` | How to handle destination metadata for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7DestinationInfo` and `IncludeL7DestinationInfo`. |
| `L7LogsFileAggregationSourceInfo` | `FELIX_L7LOGSFILEAGGREGATIONSOURCEINFO` | `IncludeL7SourceInfoNoPort` | How to handle source metadata for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7SourceInfo`, `IncludeL7SourceInfoNoPort`, and `IncludeL7SourceInfo`. |
diff --git a/calico-enterprise/reference/component-resources/node/felix/prometheus.mdx b/calico-enterprise/reference/component-resources/node/felix/prometheus.mdx
index f2260e7131..2391699f9a 100644
--- a/calico-enterprise/reference/component-resources/node/felix/prometheus.mdx
+++ b/calico-enterprise/reference/component-resources/node/felix/prometheus.mdx
@@ -23,13 +23,13 @@ existing metrics.
| `felix_active_local_selectors` | Number of active selectors on this host. |
| `felix_active_local_tags` | Number of active tags on this host. |
| `felix_bpf_conntrack_cleaned` | Number of entries cleaned during a conntrack table sweep. |
-| `felix_bpf_conntrack_cleaned_total` | Total number of entries cleaned during conntrack table sweeps, incremented for each clean individually. |
+| `felix_bpf_conntrack_cleaned_total` | Total number of entries cleaned during conntrack table sweeps, incremented for each clean individually. |
| `felix_bpf_conntrack_expired` | Number of entries cleaned during a conntrack table sweep due to expiration. |
| `felix_bpf_conntrack_expired_total` | Total number of entries cleaned during conntrack table sweep due to expiration - by reason. |
| `felix_bpf_conntrack_inforeader_blocks` | Conntrack InfoReader would-blocks. |
| `felix_bpf_conntrack_stale_nat` | Number of entries cleaned during a conntrack table sweep due to stale NAT. |
| `felix_bpf_conntrack_stale_nat_total` | Total number of entries cleaned during conntrack table sweeps due to stale NAT. |
-| `felix_bpf_conntrack_sweeps` | Number of contrack table sweeps made so far. |
+| `felix_bpf_conntrack_sweeps` | Number of conntrack table sweeps made so far. |
| `felix_bpf_conntrack_used` | Number of used entries visited during a conntrack table sweep. |
| `felix_bpf_conntrack_sweep_duration` | Conntrack sweep execution time (ns). |
| `felix_bpf_num_ip_sets` | Number of BPF IP sets managed in the dataplane. |
diff --git a/calico-enterprise/reference/component-resources/typha/configuration.mdx b/calico-enterprise/reference/component-resources/typha/configuration.mdx
index 0ac2403157..f34a22d77d 100644
--- a/calico-enterprise/reference/component-resources/typha/configuration.mdx
+++ b/calico-enterprise/reference/component-resources/typha/configuration.mdx
@@ -10,7 +10,7 @@ import TabItem from '@theme/TabItem';
-Typha configuration can not be modified when Calico Enterprise is installed via the operator.
+Typha configuration cannot be modified when Calico Enterprise is installed via the operator.
diff --git a/calico-enterprise/reference/installation/_api.mdx b/calico-enterprise/reference/installation/_api.mdx
index eefffd5f38..8991e936be 100644
--- a/calico-enterprise/reference/installation/_api.mdx
+++ b/calico-enterprise/reference/installation/_api.mdx
@@ -488,7 +488,7 @@ WAFStatusType
WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster.
-When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
+When enabled, Services may opt-in to having ingress traffic examined by ModSecurity.
@@ -4352,7 +4352,7 @@ WAFStatusType
WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster.
-When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
+When enabled, Services may opt-in to having ingress traffic examined by ModSecurity.
@@ -9157,7 +9157,7 @@ int32
(Optional)
-BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from
+BlockSize specifies the CIDR prefix length to use when allocating per-node IP blocks from
the main IP pool CIDR.
Default: 26 (IPv4), 122 (IPv6)
@@ -10078,7 +10078,7 @@ int32
MTU is the most recently observed value for pod network MTU. This may be an explicitly
-configured value, or based on Calico’s native auto-detetion.
+configured value, or based on Calico’s native auto-detection.
diff --git a/calico-enterprise/reference/public-cloud/azure.mdx b/calico-enterprise/reference/public-cloud/azure.mdx
index 91b716ea0a..4d32410b92 100644
--- a/calico-enterprise/reference/public-cloud/azure.mdx
+++ b/calico-enterprise/reference/public-cloud/azure.mdx
@@ -23,7 +23,7 @@ You can use {{prodname}} policy with one of the following networking options.
To configure Azure user-defined routes (UDR):
- Create an [Azure route table][azureudrcreate] and
- associatе it with the VMs subnet.
+ associate it with the VMs subnet.
- Enable [IP forwarding enabled][azureipforward] in your
VM network interfaces.
diff --git a/calico-enterprise/reference/resources/deeppacketinspection.mdx b/calico-enterprise/reference/resources/deeppacketinspection.mdx
index 03c5e2901d..9abb5525d0 100644
--- a/calico-enterprise/reference/resources/deeppacketinspection.mdx
+++ b/calico-enterprise/reference/resources/deeppacketinspection.mdx
@@ -64,10 +64,10 @@ spec:
### Error Conditions
-| Field | Description |
-| ----------- | ------------------------------------------------------------------ |
+| Field | Description |
+| ----------- | ------------------------------------------------------------------- |
| message | Errors preventing deep packet inspection from running successfully. |
-| lastUpdated | Time when the [error](#error-conditions) was updated. |
+| lastUpdated | Time when the [error](#error-conditions) was updated. |
### Selector
diff --git a/calico-enterprise/reference/resources/managedcluster.mdx b/calico-enterprise/reference/resources/managedcluster.mdx
index 27923a8509..13cfb42bc4 100644
--- a/calico-enterprise/reference/resources/managedcluster.mdx
+++ b/calico-enterprise/reference/resources/managedcluster.mdx
@@ -64,9 +64,9 @@ plane and managed plane will be reported as following:
- `True` when both planes have an established connection
- `False` when neither planes have an established connection
-| Field | Description | Accepted Values | Schema | Default |
-| ------ | ------------------------------------------------------------------------- | ------------------------- | ------ | ------------------------- |
-| type | Type of status that is being reported | - | string | `ManagedClusterConnected` |
+| Field | Description | Accepted Values | Schema | Default |
+| ------ | ------------------------------------------------------------------------- | -------------------------- | ------ | ------------------------- |
+| type | Type of status that is being reported | - | string | `ManagedClusterConnected` |
| status | Status of the connection between a Managed cluster and management cluster | `Unknown`, `True`, `False` | string | `Unknown` |
[Multi-cluster management](../../multicluster/set-up-multi-cluster-management/standard-install/create-a-management-cluster.mdx)
diff --git a/calico-enterprise/reference/resources/securityeventwebhook.mdx b/calico-enterprise/reference/resources/securityeventwebhook.mdx
index bd28ce1d9f..b9c2857153 100644
--- a/calico-enterprise/reference/resources/securityeventwebhook.mdx
+++ b/calico-enterprise/reference/resources/securityeventwebhook.mdx
@@ -75,15 +75,15 @@ The value must conform to the following rules:
| Field | Description | Schema | Required |
| ------------ | -------------------------------------------------------------------------- | --------------------------------------------------------------------------- | ----------------------------------- |
| name | Configuration variable name. | string | yes |
-| value | Direct value for the variable. | string | yes if `valueFrom` is not specifed |
-| valueFrom | Value defined either in a Kubernetes ConfigMap or in a Kubernetesa Secret. | [SecurityEventWebhookConfigVarSource](#securityeventwebhookconfigvarsource) | yes if `value` is not specified |
+| value | Direct value for the variable. | string | yes if `valueFrom` is not specified |
+| valueFrom | Value defined either in a Kubernetes ConfigMap or in a Kubernetes Secret. | [SecurityEventWebhookConfigVarSource](#securityeventwebhookconfigvarsource) | yes if `value` is not specified |
### SecurityEventWebhookConfigVarSource
| Field | Description | Schema | Required |
| ---------------- | --------------------------------- | ------------------------------------------------------------------------------------------------------------ | ----------------------------------------- |
| configMapKeyRef | Kubernetes ConfigMap reference. | `ConfigMapKeySelector` (referenced ConfigMap key should exist in the `tigera-intrusion-detection` namespace) | yes if `secretKeyRef` is not specified |
-| secretKeyRef | Kubernetes Secret reference. | `SecretKeySelector` (referenced Secret key should exist in the `tigera-intrusion-detection` namespace) | yes if `configMapKeyRef` is not specifed |
+| secretKeyRef | Kubernetes Secret reference. | `SecretKeySelector` (referenced Secret key should exist in the `tigera-intrusion-detection` namespace) | yes if `configMapKeyRef` is not specified |
### Status
diff --git a/calico-enterprise/release-notes/index.mdx b/calico-enterprise/release-notes/index.mdx
index beffb70bbb..530151c31c 100644
--- a/calico-enterprise/release-notes/index.mdx
+++ b/calico-enterprise/release-notes/index.mdx
@@ -35,7 +35,7 @@ We've added the following improvements to the [Security events dashboard](../thr
- Added threat feed alerts
- If you have implemented global threat feeds for suspicious activity (domains or suspious IPs), alerts are now visible in the Security Overview dashboard. For more information on threatfeeds, see [Trace and block suspicious IPs](.../threat/suspicious-ips).
+ If you have implemented global threat feeds for suspicious activity (domains or suspicious IPs), alerts are now visible in the Security Overview dashboard. For more information on threatfeeds, see [Trace and block suspicious IPs](.../threat/suspicious-ips).
### Deprecated and removed features
diff --git a/calico-enterprise/threat/configuring-webhooks.mdx b/calico-enterprise/threat/configuring-webhooks.mdx
index a852625166..cdc5c39d0b 100644
--- a/calico-enterprise/threat/configuring-webhooks.mdx
+++ b/calico-enterprise/threat/configuring-webhooks.mdx
@@ -24,7 +24,7 @@ See [Sending messages using Incoming Webhooks](https://api.slack.com/messaging/w
See [Manage API tokens for your Atlassian account](https://support.atlassian.com/atlassian-account/docs/manage-api-tokens-for-your-atlassian-account/) for details on how to obtain an API token.
You also need:
* Your Atlassian site URL. If you access Jira at the URL `https://.atlassian.net/jira`, then your site URL is `.atlassian.net`.
- * A Jira project key. This is the Jira project where your {{prodname}} webhook creates new issues. Ths user associated with your API token must have write permissions to this project.
+ * A Jira project key. This is the Jira project where your {{prodname}} webhook creates new issues. This user associated with your API token must have write permissions to this project.
* **Generic JSON**. You must have a webhook URL for any other application you want the {{prodname}} webhook to send alerts to.
## Create a webhook for security event alerts
diff --git a/calico-enterprise/visibility/elastic/flow/aggregation.mdx b/calico-enterprise/visibility/elastic/flow/aggregation.mdx
index af65bd2fc1..69ade36b7b 100644
--- a/calico-enterprise/visibility/elastic/flow/aggregation.mdx
+++ b/calico-enterprise/visibility/elastic/flow/aggregation.mdx
@@ -97,9 +97,9 @@ When viewing traffic flows, note that **null values** for `source_ip` and `dest_
The following table summarizes the aggregation levels by flow log traffic.
| Flow log aggregation by... | Available for... | Aggregates all flows that share... |
-| --------------------------- | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| Pod prefix | Allowed and denied traffic (default is allowed) | `FlowLogsFileAggregationKindForAllowed` **0**, No aggregation **1**, A source port on each node. **2, (default)** Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
-| Source port | Allowed and denied traffic | `FlowLogsFileAggregationKindForAllowed` `FlowLogsFileAggregationKindForDenied` **0**, No aggregation **1, (default)** Source port on each node. **2**, Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
+| -------------------------- | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Pod prefix | Allowed and denied traffic (default is allowed) | `FlowLogsFileAggregationKindForAllowed` **0**, No aggregation **1**, A source port on each node. **2, (default)** Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
+| Source port | Allowed and denied traffic | `FlowLogsFileAggregationKindForAllowed` `FlowLogsFileAggregationKindForDenied` **0**, No aggregation **1, (default)** Source port on each node. **2**, Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
## How to
diff --git a/calico-enterprise/visibility/elastic/flow/datatypes.mdx b/calico-enterprise/visibility/elastic/flow/datatypes.mdx
index 012e075cd1..dd4af63568 100644
--- a/calico-enterprise/visibility/elastic/flow/datatypes.mdx
+++ b/calico-enterprise/visibility/elastic/flow/datatypes.mdx
@@ -61,7 +61,7 @@ The following table details the key/value pairs in the JSON blob, including thei
| `tcp_max_min_rtt` | long | Maximum MinRTT in micro seconds. This field is only available if flowLogsEnableTcpStats is enabled |
| `tcp_mean_mss` | long | Mean TCP MSS. This field is only available if flowLogsEnableTcpStats is enabled |
| `tcp_min_mss` | long | Minimum TCP MSS. This field is only available if flowLogsEnableTcpStats is enabled |
-| `tcp_total_retransmissions` | long | Total retransmitted packets. This field is only available if flowLogsEnableTcpStats is enabled |
+| `tcp_total_retransmissions` | long | Total retransmitted packets. This field is only available if flowLogsEnableTcpStats is enabled |
| `tcp_lost_packets` | long | Total lost packets. This field is only available if flowLogsEnableTcpStats is enabled |
| `tcp_unrecovered_to` | long | Total unrecovered timeouts. This field is only available if flowLogsEnableTcpStats is enabled |
diff --git a/calico-enterprise_versioned_docs/version-3.16/_includes/components/InstallEKS.js b/calico-enterprise_versioned_docs/version-3.16/_includes/components/InstallEKS.js
index d11476cd30..9316d91501 100644
--- a/calico-enterprise_versioned_docs/version-3.16/_includes/components/InstallEKS.js
+++ b/calico-enterprise_versioned_docs/version-3.16/_includes/components/InstallEKS.js
@@ -143,7 +143,7 @@ spec:
plane nodes will not be able to initiate network connections to {prodname} pods. (This is a general limitation
of EKS's custom networking support, not specific to {prodname}.) As a workaround, trusted pods that require
control plane nodes to connect to them, such as those implementing admission controller webhooks, can include{' '}
- hostNetwork:true in their pod spec. See the Kuberentes API{' '}
+ hostNetwork:true in their pod spec. See the Kubernetes API{' '}
pod spec
{' '}
diff --git a/calico-enterprise_versioned_docs/version-3.16/getting-started/install-on-clusters/aws.mdx b/calico-enterprise_versioned_docs/version-3.16/getting-started/install-on-clusters/aws.mdx
index 15d5633700..09f4d051ac 100644
--- a/calico-enterprise_versioned_docs/version-3.16/getting-started/install-on-clusters/aws.mdx
+++ b/calico-enterprise_versioned_docs/version-3.16/getting-started/install-on-clusters/aws.mdx
@@ -86,7 +86,7 @@ To use kOps to create a cluster with {{prodname}} networking and network policy:
:::
-1. The provisioned kOps cluster will assign it's own set of pod network CIDR in the kube-proxy instance different than the one {{prodname}} expects. To set the cluster cidr for the kube-proxy to match the one expected by {{prodname}} edit the cluster config `kops edit cluster ` and add the `kubeProxy` config with the `clusterCIDR` expected by the default {{prodname}} installation.
+1. The provisioned kOps cluster will assign its own set of pod network CIDR in the kube-proxy instance different than the one {{prodname}} expects. To set the cluster cidr for the kube-proxy to match the one expected by {{prodname}} edit the cluster config `kops edit cluster ` and add the `kubeProxy` config with the `clusterCIDR` expected by the default {{prodname}} installation.
```yaml noValidation
spec:
diff --git a/calico-enterprise_versioned_docs/version-3.16/getting-started/install-on-clusters/requirements.mdx b/calico-enterprise_versioned_docs/version-3.16/getting-started/install-on-clusters/requirements.mdx
index f5664735f1..414786c466 100644
--- a/calico-enterprise_versioned_docs/version-3.16/getting-started/install-on-clusters/requirements.mdx
+++ b/calico-enterprise_versioned_docs/version-3.16/getting-started/install-on-clusters/requirements.mdx
@@ -14,11 +14,11 @@ This installation must use the Kubernetes default CNI configuration directory (`
## Other network providers
-Generally, you can not use {{prodname}} together with another network provider.
+Generally, you cannot use {{prodname}} together with another network provider.
Notable exceptions include certain platform-specific CNIs, such as the [AWS VPC CNI](https://github.com/aws/amazon-vpc-cni-k8s/blob/master/README.md) and [Azure VNET CNI](https://github.com/Azure/azure-container-networking/blob/master/docs/cni.md) plugins.
-If you're working with a cluster that already uses another CNI, you can not migrate to {{prodname}}.
+If you're working with a cluster that already uses another CNI, you cannot migrate to {{prodname}}.
## Supported kube-proxy modes
diff --git a/calico-enterprise_versioned_docs/version-3.16/network-policy/beginners/calico-network-policy.mdx b/calico-enterprise_versioned_docs/version-3.16/network-policy/beginners/calico-network-policy.mdx
index 5b73a6eaf1..0ef2df3d8c 100644
--- a/calico-enterprise_versioned_docs/version-3.16/network-policy/beginners/calico-network-policy.mdx
+++ b/calico-enterprise_versioned_docs/version-3.16/network-policy/beginners/calico-network-policy.mdx
@@ -49,7 +49,7 @@ metadata:
name: allow-tcp-port-6379
```
-Because global network policies use **kind: GlobalNetworkPolicy**, they are grouped seperately from **kind: NetworkPolicy**. For example, global network policies will not be returned from `kubectl get networkpolicy.p`, and are rather returned from `kubectl get globalnetworkpolicy`.
+Because global network policies use **kind: GlobalNetworkPolicy**, they are grouped separately from **kind: NetworkPolicy**. For example, global network policies will not be returned from `kubectl get networkpolicy.p`, and are rather returned from `kubectl get globalnetworkpolicy`.
### Ingress and egress
diff --git a/calico-enterprise_versioned_docs/version-3.16/network-policy/get-started/kubernetes-demo.mdx b/calico-enterprise_versioned_docs/version-3.16/network-policy/get-started/kubernetes-demo.mdx
index 61dfb32b0c..6bd390dbf3 100644
--- a/calico-enterprise_versioned_docs/version-3.16/network-policy/get-started/kubernetes-demo.mdx
+++ b/calico-enterprise_versioned_docs/version-3.16/network-policy/get-started/kubernetes-demo.mdx
@@ -67,7 +67,7 @@ kubectl create -f {{tutorialFilesURL}}/allow-ui.yaml
kubectl create -f {{tutorialFilesURL}}/allow-ui-client.yaml
```
-After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other any more.
+After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other anymore.
### 4) Create the backend-policy.yaml file to allow traffic from the frontend to the backend
diff --git a/calico-enterprise_versioned_docs/version-3.16/network-policy/hosts/host-forwarded-traffic.mdx b/calico-enterprise_versioned_docs/version-3.16/network-policy/hosts/host-forwarded-traffic.mdx
index c20a8a998c..c5191cc65d 100644
--- a/calico-enterprise_versioned_docs/version-3.16/network-policy/hosts/host-forwarded-traffic.mdx
+++ b/calico-enterprise_versioned_docs/version-3.16/network-policy/hosts/host-forwarded-traffic.mdx
@@ -110,7 +110,7 @@ spec:
- 22
```
-Save this as allow-ssh-maintenace.yaml.
+Save this as allow-ssh-maintenance.yaml.
Apply the policy to the cluster:
diff --git a/calico-enterprise_versioned_docs/version-3.16/network-policy/hosts/protect-hosts.mdx b/calico-enterprise_versioned_docs/version-3.16/network-policy/hosts/protect-hosts.mdx
index 8aab3e501f..c4d4031a54 100644
--- a/calico-enterprise_versioned_docs/version-3.16/network-policy/hosts/protect-hosts.mdx
+++ b/calico-enterprise_versioned_docs/version-3.16/network-policy/hosts/protect-hosts.mdx
@@ -24,7 +24,7 @@ Each host has one or more network interfaces that it uses to communicate externa
### Failsafe rules
-It is easy to inadvertently cut all host connectivity because of non-existent or misconfigured network policy. To avoid this, {{prodname}} provides failsafe rules with default/configurable ports that are open on all host endpoints.
+It is easy to inadvertently cut all host connectivity because of nonexistent or misconfigured network policy. To avoid this, {{prodname}} provides failsafe rules with default/configurable ports that are open on all host endpoints.
### Default behavior of workload to host traffic
@@ -58,7 +58,7 @@ If you are already running {{prodname}} for Kubernetes, you are good to go. If y
### Avoid accidentally cutting all host connectivity
-To avoid inadvertently cutting all host connectivity because of non-existent or misconfigured network policy, {{prodname}} uses failsafe rules that open specific ports and CIDRs on all host endpoints.
+To avoid inadvertently cutting all host connectivity because of nonexistent or misconfigured network policy, {{prodname}} uses failsafe rules that open specific ports and CIDRs on all host endpoints.
Review the following table to determine if the defaults work for your implementation. If not, change the default ports using the parameters, **FailsafeInboundHostPorts** and **FailsafeOutboundHostPorts** in [Configuring Felix](../../reference/component-resources/node/felix/configuration.mdx#environment-variables).
diff --git a/calico-enterprise_versioned_docs/version-3.16/operations/clis/calicoctl/install.mdx b/calico-enterprise_versioned_docs/version-3.16/operations/clis/calicoctl/install.mdx
index 15d816db17..3f238b93c1 100644
--- a/calico-enterprise_versioned_docs/version-3.16/operations/clis/calicoctl/install.mdx
+++ b/calico-enterprise_versioned_docs/version-3.16/operations/clis/calicoctl/install.mdx
@@ -122,8 +122,8 @@ to a location that's in your `PATH`. For example, `C:\Windows`.
{'{{version}}' === 'master'
- ? `Invoke-WebRequest -Uri "{{filesUrl}}/download/binaries/${version}/calicoctl-windows-amd64.exe" -OutFile "calicocttl.exe"`
- : `Invoke-WebRequest -Uri "{{downloadsurl}}/ee/binaries/${version}/calicoctl-windows-amd64.exe" -OutFile "calicocttl.exe"`}
+ ? `Invoke-WebRequest -Uri "{{filesUrl}}/download/binaries/${version}/calicoctl-windows-amd64.exe" -OutFile "calicoctl.exe"`
+ : `Invoke-WebRequest -Uri "{{downloadsurl}}/ee/binaries/${version}/calicoctl-windows-amd64.exe" -OutFile "calicoctl.exe"`}
diff --git a/calico-enterprise_versioned_docs/version-3.16/operations/ebpf/enabling-ebpf.mdx b/calico-enterprise_versioned_docs/version-3.16/operations/ebpf/enabling-ebpf.mdx
index f1268e2f07..80dc74e82f 100644
--- a/calico-enterprise_versioned_docs/version-3.16/operations/ebpf/enabling-ebpf.mdx
+++ b/calico-enterprise_versioned_docs/version-3.16/operations/ebpf/enabling-ebpf.mdx
@@ -186,7 +186,7 @@ resource to `"BPF"`; you must also clear the `hostPorts` setting because host po
kubectl patch installation.operator.tigera.io default --type merge -p '{"spec":{"calicoNetwork":{"linuxDataplane":"BPF", "hostPorts":null}}}'
```
-When enabling eBPF mode, pre-existing connections continue to use the non-BPF datapath; such connections should
+When enabling eBPF mode, preexisting connections continue to use the non-BPF datapath; such connections should
not be disrupted, but they do not benefit from eBPF mode’s advantages.
:::note
diff --git a/calico-enterprise_versioned_docs/version-3.16/operations/monitor/metrics/elasticsearch-and-fluentd-metrics.mdx b/calico-enterprise_versioned_docs/version-3.16/operations/monitor/metrics/elasticsearch-and-fluentd-metrics.mdx
index dc845982b1..e1255928ce 100644
--- a/calico-enterprise_versioned_docs/version-3.16/operations/monitor/metrics/elasticsearch-and-fluentd-metrics.mdx
+++ b/calico-enterprise_versioned_docs/version-3.16/operations/monitor/metrics/elasticsearch-and-fluentd-metrics.mdx
@@ -82,7 +82,7 @@ investigation."
severity: Critical
annotations:
summary: "Elasticsearch pod {{$labels.name}}'s disk space is critically low."
- description: "Elasticsearch pod {{$labels.name}} in Elasticsearch cluster {{$labels.name}} has less then 10% of
+ description: "Elasticsearch pod {{$labels.name}} in Elasticsearch cluster {{$labels.name}} has less than 10% of
free disk space left. To avoid service disruption review the LogStorage resource limits and curation settings."
- alert: ElasticsearchPodLowDiskSpace
expr: elasticsearch_filesystem_data_available_bytes / elasticsearch_filesystem_data_size_bytes < 0.25
@@ -90,7 +90,7 @@ free disk space left. To avoid service disruption review the LogStorage resource
severity: Warning
annotations:
summary: "Elasticsearch pod {{$labels.name}}'s disk space is getting low."
- description: "Elasticsearch pod {{$labels.name}} in Elasticsearch cluster {{$labels.name}} has less then 25% of
+ description: "Elasticsearch pod {{$labels.name}} in Elasticsearch cluster {{$labels.name}} has less than 25% of
free disk space left. To avoid service disruption review the LogStorage resource limits and curation settings."
- alert: ElasticsearchConsistentlyHighCPUUsage
expr: avg_over_time(elasticsearch_os_cpu_percent[10m]) > 90
diff --git a/calico-enterprise_versioned_docs/version-3.16/reference/architecture/design/l2-interconnect-fabric.mdx b/calico-enterprise_versioned_docs/version-3.16/reference/architecture/design/l2-interconnect-fabric.mdx
index 9d91a6386b..a0c6c5388a 100644
--- a/calico-enterprise_versioned_docs/version-3.16/reference/architecture/design/l2-interconnect-fabric.mdx
+++ b/calico-enterprise_versioned_docs/version-3.16/reference/architecture/design/l2-interconnect-fabric.mdx
@@ -50,7 +50,7 @@ context.
In a classical Ethernet data center fabric, there is a _churn_ event each time an endpoint is created,
destroyed, or moved. In a large data center, with hundreds of thousands of endpoints, this _churn_ could run into tens of events per second, every second of the day, with peaks easily in the hundreds or thousands of events per second. In a {{prodname}} network, however, the _churn_ is very low. The only event that would lead to _churn_
- orders of magnitude more than what is normally experienced), there would only be two thousand events per **day**. Any switch that can not handle that volume of change in the network should not be used
+ orders of magnitude more than what is normally experienced), there would only be two thousand events per **day**. Any switch that cannot handle that volume of change in the network should not be used
for any application.
- High volume of broadcast traffic
@@ -87,7 +87,7 @@ In this diagram, each ToR is segmented into four logical switches (possibly by u
Each plane would constitute an IP network, so the blue plane would be 2001:db8:1000::/36, the green would be 2001:db8:2000::/36, and the orange and red planes would be 2001:db8:3000::/36 and 2001:db8:4000::/36 respectively ([note 3](#note-3)).
-Each IP network (plane) requires it's own BGP route reflectors. Those route reflectors need to be peered with each other within the plane, but the route reflectors in each plane do not need to be peered with one another. Therefore, a fabric of four planes would have four route reflector meshes. Each compute server, border router, _etc._ would need
+Each IP network (plane) requires its own BGP route reflectors. Those route reflectors need to be peered with each other within the plane, but the route reflectors in each plane do not need to be peered with one another. Therefore, a fabric of four planes would have four route reflector meshes. Each compute server, border router, _etc._ would need
to be a route reflector client of at least one route reflector in each plane, and very preferably two or more in each plane.
The following diagram visualizes the route reflector environment.
diff --git a/calico-enterprise_versioned_docs/version-3.16/reference/clis/calicoctl/delete.mdx b/calico-enterprise_versioned_docs/version-3.16/reference/clis/calicoctl/delete.mdx
index 4bb2230e38..90fef1663a 100644
--- a/calico-enterprise_versioned_docs/version-3.16/reference/clis/calicoctl/delete.mdx
+++ b/calico-enterprise_versioned_docs/version-3.16/reference/clis/calicoctl/delete.mdx
@@ -78,7 +78,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to delete a resource that does not exists is treated as a
terminating error unless the --skip-not-exists flag is set. If this flag is
diff --git a/calico-enterprise_versioned_docs/version-3.16/reference/clis/calicoctl/get.mdx b/calico-enterprise_versioned_docs/version-3.16/reference/clis/calicoctl/get.mdx
index 18b6406b61..d0213695a7 100644
--- a/calico-enterprise_versioned_docs/version-3.16/reference/clis/calicoctl/get.mdx
+++ b/calico-enterprise_versioned_docs/version-3.16/reference/clis/calicoctl/get.mdx
@@ -81,7 +81,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to get resources that do not exist will simply return no results.
diff --git a/calico-enterprise_versioned_docs/version-3.16/reference/clis/calicoctl/label.mdx b/calico-enterprise_versioned_docs/version-3.16/reference/clis/calicoctl/label.mdx
index 48c684f65c..29f892c06e 100644
--- a/calico-enterprise_versioned_docs/version-3.16/reference/clis/calicoctl/label.mdx
+++ b/calico-enterprise_versioned_docs/version-3.16/reference/clis/calicoctl/label.mdx
@@ -52,10 +52,10 @@ Options:
--overwrite If true, overwrite the value when the key is already
present in labels. Otherwise reports error when the
labeled resource already have the key in its labels.
- Can not be used with --remove.
+ Cannot be used with --remove.
--remove If true, remove the specified key in labels of the
resource. Reports error when specified key does not
- exist. Can not be used with --overwrite.
+ exist. Cannot be used with --overwrite.
--context= The name of the kubeconfig context to use.
Description:
@@ -75,7 +75,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to label resources that do not exist will get an error.
@@ -133,10 +133,10 @@ Description:
--overwrite If true, overwrite the value when the key is already
present in labels. Otherwise reports error when the
labeled resource already have the key in its labels.
- Can not be used with --remove.
+ Cannot be used with --remove.
--remove If true, remove the specified key in labels of the
resource. Reports error when specified key does not
- exist. Can not be used with --overwrite.
+ exist. Cannot be used with --overwrite.
```
### General options
diff --git a/calico-enterprise_versioned_docs/version-3.16/reference/clis/calicoctl/node/run.mdx b/calico-enterprise_versioned_docs/version-3.16/reference/clis/calicoctl/node/run.mdx
index 0368cc597c..6f1bff857c 100644
--- a/calico-enterprise_versioned_docs/version-3.16/reference/clis/calicoctl/node/run.mdx
+++ b/calico-enterprise_versioned_docs/version-3.16/reference/clis/calicoctl/node/run.mdx
@@ -100,7 +100,7 @@ Options:
system.
--no-default-ippools Do not create default pools upon startup.
Default IP pools will be created if this is not set
- and there are no pre-existing Calico IP pools.
+ and there are no preexisting Calico IP pools.
--disable-docker-networking
Disable Docker networking.
--docker-networking-ifprefix=
@@ -342,7 +342,7 @@ terminating `,` character does not need to be specified for those cases.
system.
--no-default-ippools Do not create default pools upon startup.
Default IP pools will be created if this is not set
- and there are no pre-existing Calico IP pools.
+ and there are no preexisting Calico IP pools.
--disable-docker-networking
Disable Docker networking.
--docker-networking-ifprefix=
diff --git a/calico-enterprise_versioned_docs/version-3.16/reference/clis/calicoctl/overview.mdx b/calico-enterprise_versioned_docs/version-3.16/reference/clis/calicoctl/overview.mdx
index 8a2528b64f..30ff8fee91 100644
--- a/calico-enterprise_versioned_docs/version-3.16/reference/clis/calicoctl/overview.mdx
+++ b/calico-enterprise_versioned_docs/version-3.16/reference/clis/calicoctl/overview.mdx
@@ -37,7 +37,7 @@ Usage:
replace Replace a resource by file, directory or stdin.
apply Apply a resource by file, directory or stdin. This creates a resource
if it does not exist, and replaces a resource if it does exists.
- patch Patch a pre-existing resource in place.
+ patch Patch a preexisting resource in place.
delete Delete a resource identified by file, directory, stdin or resource type and
name.
get Get a resource identified by file, directory, stdin or resource type and
@@ -115,7 +115,7 @@ See [Configuring Felix](../../component-resources/node/felix/configuration.mdx)
## Supported resource definition aliases
The following table lists supported aliases for {{prodname}} resources when using `calicoctl`. Note that all aliases
-are **case insensitive**.
+are **case-insensitive**.
| Resource definition | Supported calicoctl aliases |
| :----------------------------------- | :----------------------------------------------------------- |
diff --git a/calico-enterprise_versioned_docs/version-3.16/reference/clis/calicoctl/patch.mdx b/calico-enterprise_versioned_docs/version-3.16/reference/clis/calicoctl/patch.mdx
index 2cf6c404fb..db187d25bc 100644
--- a/calico-enterprise_versioned_docs/version-3.16/reference/clis/calicoctl/patch.mdx
+++ b/calico-enterprise_versioned_docs/version-3.16/reference/clis/calicoctl/patch.mdx
@@ -59,7 +59,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to patch a resource that does not exists is treated as a
terminating error unless the --skip-not-exists flag is set. If this flag is
set, resources that do not exist are skipped.
diff --git a/calico-enterprise_versioned_docs/version-3.16/reference/component-resources/node/felix/configuration.mdx b/calico-enterprise_versioned_docs/version-3.16/reference/component-resources/node/felix/configuration.mdx
index 8d0bb1832a..8f78e7dcb3 100644
--- a/calico-enterprise_versioned_docs/version-3.16/reference/component-resources/node/felix/configuration.mdx
+++ b/calico-enterprise_versioned_docs/version-3.16/reference/component-resources/node/felix/configuration.mdx
@@ -62,7 +62,7 @@ The full list of parameters which can be set is as follows.
| `HealthEnabled` | `FELIX_HEALTHENABLED` | When enabled, exposes felix health information via an http endpoint. | boolean |
| `HealthHost` | `FELIX_HEALTHHOST` | The address on which Felix will respond to health requests. [Default: `localhost`] | string |
| `HealthPort` | `FELIX_HEALTHPORT` | The port on which Felix will respond to health requests. [Default: `9099`] | int |
-| `HealthTimeoutOverrides` | `FELIX_HEALTHTIMEOUTOVERRIDES` | Allows the internal watchdog timeouts of individual subcomponents to be overriden; example: "InternalDataplaneMainLoop=30s,CalculationGraph=2m". This is useful for working around "false positive" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs. [Default: ``] | Comma-delimited list of key/value pairs where the values are durations: `1s`, `10s`, `5m`, etc. |
+| `HealthTimeoutOverrides` | `FELIX_HEALTHTIMEOUTOVERRIDES` | Allows the internal watchdog timeouts of individual subcomponents to be overridden; example: "InternalDataplaneMainLoop=30s,CalculationGraph=2m". This is useful for working around "false positive" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs. [Default: ``] | Comma-delimited list of key/value pairs where the values are durations: `1s`, `10s`, `5m`, etc. |
| `IpInIpEnabled` | `FELIX_IPINIPENABLED` | Optional, you shouldn't need to change this setting as Felix calculates if IPIP should be enabled based on the existing IP Pools. When set, this overrides whether Felix should configure an IPinIP interface on the host. When explicitly disabled in FelixConfiguration, Felix will not clean up addresses from the `tunl0` interface (use this if you need to add addresses to that interface and don't want to have them removed). [Default: unset] | optional boolean |
| `IpInIpMtu` | `FELIX_IPINIPMTU` | The MTU to set on the IPIP tunnel device. Zero value means auto-detect. See [Configuring MTU](../../../../networking/configuring/mtu.mdx) [Default: `0`] | int |
| `IPv4VXLANTunnelAddr` | | IP address of the IPv4 VXLAN tunnel. This is system configured and should not be updated manually. | string |
@@ -272,7 +272,7 @@ for 1022 endpoints on the host.
| `L7LogsFileMaxFileSizeMB` | `FELIX_L7LOGSFILEMAXFILESIZEMB` | `100` | The max size in MB of L7 log files before rotation. This parameter only takes effect when `L7LogsFileEnabled` is `true`. |
| `L7LogsFlushInterval` | `FELIX_L7LOGSFLUSHINTERVAL` | `300` | The period, in seconds, at which Felix exports L7 logs. |
| `L7LogsFileAggregationHTTPHeaderInfo` | `FELIX_L7LOGSFILEAGGREGATIONHTTPHEADERINFO` | `ExcludeL7HTTPHeaderInfo` | How to handle HTTP header information for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7HTTPHeaderInfo` and `IncludeL7HTTPHeaderInfo`. |
-| `L7LogsFileAggregationHTTPMethod` | `FELIX_L7LOGSFILEAGGREGATIONHTTPMETHOD` | `IncludeL7HTTPMethod` | How to handle HTTP method data for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7HTTPMethod` and `IncludeL7HTTPMethod`. |
+| `L7LogsFileAggregationHTTPMethod` | `FELIX_L7LOGSFILEAGGREGATIONHTTPMETHOD` | `IncludeL7HTTPMethod` | How to handle HTTP method data for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7HTTPMethod` and `IncludeL7HTTPMethod`. |
| `L7LogsFileAggregationServiceInfo` | `FELIX_L7LOGSFILEAGGREGATIONSERVICEINFO` | `IncludeL7ServiceInfo` | How to handle service information for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7ServiceInfo` and `IncludeL7ServiceInfo`. |
| `L7LogsFileAggregationDestinationInfo` | `FELIX_L7LOGSFILEAGGREGATIONDESTINATIONINFO` | `IncludeL7DestinationInfo` | How to handle destination metadata for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7DestinationInfo` and `IncludeL7DestinationInfo`. |
| `L7LogsFileAggregationSourceInfo` | `FELIX_L7LOGSFILEAGGREGATIONSOURCEINFO` | `IncludeL7SourceInfoNoPort` | How to handle source metadata for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7SourceInfo`, `IncludeL7SourceInfoNoPort`, and `IncludeL7SourceInfo`. |
diff --git a/calico-enterprise_versioned_docs/version-3.16/reference/component-resources/node/felix/prometheus.mdx b/calico-enterprise_versioned_docs/version-3.16/reference/component-resources/node/felix/prometheus.mdx
index e234fc63ff..76a92eee6a 100644
--- a/calico-enterprise_versioned_docs/version-3.16/reference/component-resources/node/felix/prometheus.mdx
+++ b/calico-enterprise_versioned_docs/version-3.16/reference/component-resources/node/felix/prometheus.mdx
@@ -23,13 +23,13 @@ existing metrics.
| `felix_active_local_selectors` | Number of active selectors on this host. |
| `felix_active_local_tags` | Number of active tags on this host. |
| `felix_bpf_conntrack_cleaned` | Number of entries cleaned during a conntrack table sweep. |
-| `felix_bpf_conntrack_cleaned_total` | Total number of entries cleaned during conntrack table sweeps, incremented for each clean individually. |
+| `felix_bpf_conntrack_cleaned_total` | Total number of entries cleaned during conntrack table sweeps, incremented for each clean individually. |
| `felix_bpf_conntrack_expired` | Number of entries cleaned during a conntrack table sweep due to expiration. |
| `felix_bpf_conntrack_expired_total` | Total number of entries cleaned during conntrack table sweep due to expiration - by reason. |
| `felix_bpf_conntrack_inforeader_blocks` | Conntrack InfoReader would-blocks. |
| `felix_bpf_conntrack_stale_nat` | Number of entries cleaned during a conntrack table sweep due to stale NAT. |
| `felix_bpf_conntrack_stale_nat_total` | Total number of entries cleaned during conntrack table sweeps due to stale NAT. |
-| `felix_bpf_conntrack_sweeps` | Number of contrack table sweeps made so far. |
+| `felix_bpf_conntrack_sweeps` | Number of conntrack table sweeps made so far. |
| `felix_bpf_conntrack_used` | Number of used entries visited during a conntrack table sweep. |
| `felix_bpf_conntrack_sweep_duration` | Conntrack sweep execution time (ns). |
| `felix_bpf_num_ip_sets` | Number of BPF IP sets managed in the dataplane. |
diff --git a/calico-enterprise_versioned_docs/version-3.16/reference/component-resources/typha/configuration.mdx b/calico-enterprise_versioned_docs/version-3.16/reference/component-resources/typha/configuration.mdx
index 7e772e4a38..c1b5001c38 100644
--- a/calico-enterprise_versioned_docs/version-3.16/reference/component-resources/typha/configuration.mdx
+++ b/calico-enterprise_versioned_docs/version-3.16/reference/component-resources/typha/configuration.mdx
@@ -10,7 +10,7 @@ import TabItem from '@theme/TabItem';
-Typha configuration can not be modified when Calico Enterprise is installed via the operator.
+Typha configuration cannot be modified when Calico Enterprise is installed via the operator.
diff --git a/calico-enterprise_versioned_docs/version-3.16/reference/installation/_api.mdx b/calico-enterprise_versioned_docs/version-3.16/reference/installation/_api.mdx
index 45031d13a1..94138f7c08 100644
--- a/calico-enterprise_versioned_docs/version-3.16/reference/installation/_api.mdx
+++ b/calico-enterprise_versioned_docs/version-3.16/reference/installation/_api.mdx
@@ -484,7 +484,7 @@ WAFStatusType
WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster.
-When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
+When enabled, Services may opt-in to having ingress traffic examined by ModSecurity.
@@ -3944,7 +3944,7 @@ WAFStatusType
WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster.
-When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
+When enabled, Services may opt-in to having ingress traffic examined by ModSecurity.
@@ -7746,7 +7746,7 @@ int32
(Optional)
-BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from
+BlockSize specifies the CIDR prefix length to use when allocating per-node IP blocks from
the main IP pool CIDR.
Default: 26 (IPv4), 122 (IPv6)
@@ -8512,7 +8512,7 @@ int32
MTU is the most recently observed value for pod network MTU. This may be an explicitly
-configured value, or based on Calico’s native auto-detetion.
+configured value, or based on Calico’s native auto-detection.
diff --git a/calico-enterprise_versioned_docs/version-3.16/reference/public-cloud/azure.mdx b/calico-enterprise_versioned_docs/version-3.16/reference/public-cloud/azure.mdx
index 91b716ea0a..4d32410b92 100644
--- a/calico-enterprise_versioned_docs/version-3.16/reference/public-cloud/azure.mdx
+++ b/calico-enterprise_versioned_docs/version-3.16/reference/public-cloud/azure.mdx
@@ -23,7 +23,7 @@ You can use {{prodname}} policy with one of the following networking options.
To configure Azure user-defined routes (UDR):
- Create an [Azure route table][azureudrcreate] and
- associatе it with the VMs subnet.
+ associate it with the VMs subnet.
- Enable [IP forwarding enabled][azureipforward] in your
VM network interfaces.
diff --git a/calico-enterprise_versioned_docs/version-3.16/reference/resources/deeppacketinspection.mdx b/calico-enterprise_versioned_docs/version-3.16/reference/resources/deeppacketinspection.mdx
index de3ab83b31..a3e84c5b6b 100644
--- a/calico-enterprise_versioned_docs/version-3.16/reference/resources/deeppacketinspection.mdx
+++ b/calico-enterprise_versioned_docs/version-3.16/reference/resources/deeppacketinspection.mdx
@@ -64,10 +64,10 @@ spec:
### Error Conditions
-| Field | Description |
-| ----------- | ------------------------------------------------------------------ |
+| Field | Description |
+| ----------- | ------------------------------------------------------------------- |
| message | Errors preventing deep packet inspection from running successfully. |
-| lastUpdated | Time when the [error](#error-conditions) was updated. |
+| lastUpdated | Time when the [error](#error-conditions) was updated. |
### Selector
diff --git a/calico-enterprise_versioned_docs/version-3.16/reference/resources/managedcluster.mdx b/calico-enterprise_versioned_docs/version-3.16/reference/resources/managedcluster.mdx
index 0a8a54fb4e..1e9329b4f1 100644
--- a/calico-enterprise_versioned_docs/version-3.16/reference/resources/managedcluster.mdx
+++ b/calico-enterprise_versioned_docs/version-3.16/reference/resources/managedcluster.mdx
@@ -64,9 +64,9 @@ plane and managed plane will be reported as following:
- `True` when both planes have an established connection
- `False` when neither planes have an established connection
-| Field | Description | Accepted Values | Schema | Default |
-| ------ | ------------------------------------------------------------------------- | ------------------------- | ------ | ------------------------- |
-| type | Type of status that is being reported | - | string | `ManagedClusterConnected` |
+| Field | Description | Accepted Values | Schema | Default |
+| ------ | ------------------------------------------------------------------------- | -------------------------- | ------ | ------------------------- |
+| type | Type of status that is being reported | - | string | `ManagedClusterConnected` |
| status | Status of the connection between a Managed cluster and management cluster | `Unknown`, `True`, `False` | string | `Unknown` |
[Multi-cluster management](../../multicluster/create-a-management-cluster.mdx)
diff --git a/calico-enterprise_versioned_docs/version-3.16/visibility/elastic/flow/aggregation.mdx b/calico-enterprise_versioned_docs/version-3.16/visibility/elastic/flow/aggregation.mdx
index af65bd2fc1..69ade36b7b 100644
--- a/calico-enterprise_versioned_docs/version-3.16/visibility/elastic/flow/aggregation.mdx
+++ b/calico-enterprise_versioned_docs/version-3.16/visibility/elastic/flow/aggregation.mdx
@@ -97,9 +97,9 @@ When viewing traffic flows, note that **null values** for `source_ip` and `dest_
The following table summarizes the aggregation levels by flow log traffic.
| Flow log aggregation by... | Available for... | Aggregates all flows that share... |
-| --------------------------- | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| Pod prefix | Allowed and denied traffic (default is allowed) | `FlowLogsFileAggregationKindForAllowed` **0**, No aggregation **1**, A source port on each node. **2, (default)** Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
-| Source port | Allowed and denied traffic | `FlowLogsFileAggregationKindForAllowed` `FlowLogsFileAggregationKindForDenied` **0**, No aggregation **1, (default)** Source port on each node. **2**, Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
+| -------------------------- | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Pod prefix | Allowed and denied traffic (default is allowed) | `FlowLogsFileAggregationKindForAllowed` **0**, No aggregation **1**, A source port on each node. **2, (default)** Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
+| Source port | Allowed and denied traffic | `FlowLogsFileAggregationKindForAllowed` `FlowLogsFileAggregationKindForDenied` **0**, No aggregation **1, (default)** Source port on each node. **2**, Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
## How to
diff --git a/calico-enterprise_versioned_docs/version-3.16/visibility/elastic/flow/datatypes.mdx b/calico-enterprise_versioned_docs/version-3.16/visibility/elastic/flow/datatypes.mdx
index 9f57229655..87663de94a 100644
--- a/calico-enterprise_versioned_docs/version-3.16/visibility/elastic/flow/datatypes.mdx
+++ b/calico-enterprise_versioned_docs/version-3.16/visibility/elastic/flow/datatypes.mdx
@@ -61,7 +61,7 @@ The following table details the key/value pairs in the JSON blob, including thei
| `tcp_max_min_rtt` | long | Maximum MinRTT in micro seconds. This field is only available if flowLogsEnableTcpStats is enabled |
| `tcp_mean_mss` | long | Mean TCP MSS. This field is only available if flowLogsEnableTcpStats is enabled |
| `tcp_min_mss` | long | Minimum TCP MSS. This field is only available if flowLogsEnableTcpStats is enabled |
-| `tcp_total_retransmissions` | long | Total retransmitted packets. This field is only available if flowLogsEnableTcpStats is enabled |
+| `tcp_total_retransmissions` | long | Total retransmitted packets. This field is only available if flowLogsEnableTcpStats is enabled |
| `tcp_lost_packets` | long | Total lost packets. This field is only available if flowLogsEnableTcpStats is enabled |
| `tcp_unrecovered_to` | long | Total unrecovered timeouts. This field is only available if flowLogsEnableTcpStats is enabled |
diff --git a/calico-enterprise_versioned_docs/version-3.17/_includes/components/InstallEKS.js b/calico-enterprise_versioned_docs/version-3.17/_includes/components/InstallEKS.js
index 6f7ec74e0a..fd7ba4ecb6 100644
--- a/calico-enterprise_versioned_docs/version-3.17/_includes/components/InstallEKS.js
+++ b/calico-enterprise_versioned_docs/version-3.17/_includes/components/InstallEKS.js
@@ -138,7 +138,7 @@ spec:
plane nodes will not be able to initiate network connections to {prodname} pods. (This is a general limitation
of EKS's custom networking support, not specific to {prodname}.) As a workaround, trusted pods that require
control plane nodes to connect to them, such as those implementing admission controller webhooks, can include{' '}
- hostNetwork:true in their pod spec. See the Kuberentes API{' '}
+ hostNetwork:true in their pod spec. See the Kubernetes API{' '}
pod spec
{' '}
diff --git a/calico-enterprise_versioned_docs/version-3.17/getting-started/install-on-clusters/aws.mdx b/calico-enterprise_versioned_docs/version-3.17/getting-started/install-on-clusters/aws.mdx
index 15d5633700..09f4d051ac 100644
--- a/calico-enterprise_versioned_docs/version-3.17/getting-started/install-on-clusters/aws.mdx
+++ b/calico-enterprise_versioned_docs/version-3.17/getting-started/install-on-clusters/aws.mdx
@@ -86,7 +86,7 @@ To use kOps to create a cluster with {{prodname}} networking and network policy:
:::
-1. The provisioned kOps cluster will assign it's own set of pod network CIDR in the kube-proxy instance different than the one {{prodname}} expects. To set the cluster cidr for the kube-proxy to match the one expected by {{prodname}} edit the cluster config `kops edit cluster ` and add the `kubeProxy` config with the `clusterCIDR` expected by the default {{prodname}} installation.
+1. The provisioned kOps cluster will assign its own set of pod network CIDR in the kube-proxy instance different than the one {{prodname}} expects. To set the cluster cidr for the kube-proxy to match the one expected by {{prodname}} edit the cluster config `kops edit cluster ` and add the `kubeProxy` config with the `clusterCIDR` expected by the default {{prodname}} installation.
```yaml noValidation
spec:
diff --git a/calico-enterprise_versioned_docs/version-3.17/getting-started/install-on-clusters/requirements.mdx b/calico-enterprise_versioned_docs/version-3.17/getting-started/install-on-clusters/requirements.mdx
index f5664735f1..414786c466 100644
--- a/calico-enterprise_versioned_docs/version-3.17/getting-started/install-on-clusters/requirements.mdx
+++ b/calico-enterprise_versioned_docs/version-3.17/getting-started/install-on-clusters/requirements.mdx
@@ -14,11 +14,11 @@ This installation must use the Kubernetes default CNI configuration directory (`
## Other network providers
-Generally, you can not use {{prodname}} together with another network provider.
+Generally, you cannot use {{prodname}} together with another network provider.
Notable exceptions include certain platform-specific CNIs, such as the [AWS VPC CNI](https://github.com/aws/amazon-vpc-cni-k8s/blob/master/README.md) and [Azure VNET CNI](https://github.com/Azure/azure-container-networking/blob/master/docs/cni.md) plugins.
-If you're working with a cluster that already uses another CNI, you can not migrate to {{prodname}}.
+If you're working with a cluster that already uses another CNI, you cannot migrate to {{prodname}}.
## Supported kube-proxy modes
diff --git a/calico-enterprise_versioned_docs/version-3.17/network-policy/beginners/calico-network-policy.mdx b/calico-enterprise_versioned_docs/version-3.17/network-policy/beginners/calico-network-policy.mdx
index 5b73a6eaf1..0ef2df3d8c 100644
--- a/calico-enterprise_versioned_docs/version-3.17/network-policy/beginners/calico-network-policy.mdx
+++ b/calico-enterprise_versioned_docs/version-3.17/network-policy/beginners/calico-network-policy.mdx
@@ -49,7 +49,7 @@ metadata:
name: allow-tcp-port-6379
```
-Because global network policies use **kind: GlobalNetworkPolicy**, they are grouped seperately from **kind: NetworkPolicy**. For example, global network policies will not be returned from `kubectl get networkpolicy.p`, and are rather returned from `kubectl get globalnetworkpolicy`.
+Because global network policies use **kind: GlobalNetworkPolicy**, they are grouped separately from **kind: NetworkPolicy**. For example, global network policies will not be returned from `kubectl get networkpolicy.p`, and are rather returned from `kubectl get globalnetworkpolicy`.
### Ingress and egress
diff --git a/calico-enterprise_versioned_docs/version-3.17/network-policy/get-started/kubernetes-demo.mdx b/calico-enterprise_versioned_docs/version-3.17/network-policy/get-started/kubernetes-demo.mdx
index 61dfb32b0c..6bd390dbf3 100644
--- a/calico-enterprise_versioned_docs/version-3.17/network-policy/get-started/kubernetes-demo.mdx
+++ b/calico-enterprise_versioned_docs/version-3.17/network-policy/get-started/kubernetes-demo.mdx
@@ -67,7 +67,7 @@ kubectl create -f {{tutorialFilesURL}}/allow-ui.yaml
kubectl create -f {{tutorialFilesURL}}/allow-ui-client.yaml
```
-After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other any more.
+After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other anymore.
### 4) Create the backend-policy.yaml file to allow traffic from the frontend to the backend
diff --git a/calico-enterprise_versioned_docs/version-3.17/network-policy/hosts/host-forwarded-traffic.mdx b/calico-enterprise_versioned_docs/version-3.17/network-policy/hosts/host-forwarded-traffic.mdx
index ae65428f74..edef086c7f 100644
--- a/calico-enterprise_versioned_docs/version-3.17/network-policy/hosts/host-forwarded-traffic.mdx
+++ b/calico-enterprise_versioned_docs/version-3.17/network-policy/hosts/host-forwarded-traffic.mdx
@@ -110,7 +110,7 @@ spec:
- 22
```
-Save this as allow-ssh-maintenace.yaml.
+Save this as allow-ssh-maintenance.yaml.
Apply the policy to the cluster:
diff --git a/calico-enterprise_versioned_docs/version-3.17/network-policy/hosts/protect-hosts.mdx b/calico-enterprise_versioned_docs/version-3.17/network-policy/hosts/protect-hosts.mdx
index 8aab3e501f..c4d4031a54 100644
--- a/calico-enterprise_versioned_docs/version-3.17/network-policy/hosts/protect-hosts.mdx
+++ b/calico-enterprise_versioned_docs/version-3.17/network-policy/hosts/protect-hosts.mdx
@@ -24,7 +24,7 @@ Each host has one or more network interfaces that it uses to communicate externa
### Failsafe rules
-It is easy to inadvertently cut all host connectivity because of non-existent or misconfigured network policy. To avoid this, {{prodname}} provides failsafe rules with default/configurable ports that are open on all host endpoints.
+It is easy to inadvertently cut all host connectivity because of nonexistent or misconfigured network policy. To avoid this, {{prodname}} provides failsafe rules with default/configurable ports that are open on all host endpoints.
### Default behavior of workload to host traffic
@@ -58,7 +58,7 @@ If you are already running {{prodname}} for Kubernetes, you are good to go. If y
### Avoid accidentally cutting all host connectivity
-To avoid inadvertently cutting all host connectivity because of non-existent or misconfigured network policy, {{prodname}} uses failsafe rules that open specific ports and CIDRs on all host endpoints.
+To avoid inadvertently cutting all host connectivity because of nonexistent or misconfigured network policy, {{prodname}} uses failsafe rules that open specific ports and CIDRs on all host endpoints.
Review the following table to determine if the defaults work for your implementation. If not, change the default ports using the parameters, **FailsafeInboundHostPorts** and **FailsafeOutboundHostPorts** in [Configuring Felix](../../reference/component-resources/node/felix/configuration.mdx#environment-variables).
diff --git a/calico-enterprise_versioned_docs/version-3.17/operations/clis/calicoctl/install.mdx b/calico-enterprise_versioned_docs/version-3.17/operations/clis/calicoctl/install.mdx
index 15d816db17..3f238b93c1 100644
--- a/calico-enterprise_versioned_docs/version-3.17/operations/clis/calicoctl/install.mdx
+++ b/calico-enterprise_versioned_docs/version-3.17/operations/clis/calicoctl/install.mdx
@@ -122,8 +122,8 @@ to a location that's in your `PATH`. For example, `C:\Windows`.
{'{{version}}' === 'master'
- ? `Invoke-WebRequest -Uri "{{filesUrl}}/download/binaries/${version}/calicoctl-windows-amd64.exe" -OutFile "calicocttl.exe"`
- : `Invoke-WebRequest -Uri "{{downloadsurl}}/ee/binaries/${version}/calicoctl-windows-amd64.exe" -OutFile "calicocttl.exe"`}
+ ? `Invoke-WebRequest -Uri "{{filesUrl}}/download/binaries/${version}/calicoctl-windows-amd64.exe" -OutFile "calicoctl.exe"`
+ : `Invoke-WebRequest -Uri "{{downloadsurl}}/ee/binaries/${version}/calicoctl-windows-amd64.exe" -OutFile "calicoctl.exe"`}
diff --git a/calico-enterprise_versioned_docs/version-3.17/operations/ebpf/enabling-ebpf.mdx b/calico-enterprise_versioned_docs/version-3.17/operations/ebpf/enabling-ebpf.mdx
index cd083c24e1..c92d7fbdc1 100644
--- a/calico-enterprise_versioned_docs/version-3.17/operations/ebpf/enabling-ebpf.mdx
+++ b/calico-enterprise_versioned_docs/version-3.17/operations/ebpf/enabling-ebpf.mdx
@@ -186,7 +186,7 @@ resource to `"BPF"`; you must also clear the `hostPorts` setting because host po
kubectl patch installation.operator.tigera.io default --type merge -p '{"spec":{"calicoNetwork":{"linuxDataplane":"BPF", "hostPorts":null}}}'
```
-When enabling eBPF mode, pre-existing connections continue to use the non-BPF datapath; such connections should
+When enabling eBPF mode, preexisting connections continue to use the non-BPF datapath; such connections should
not be disrupted, but they do not benefit from eBPF mode’s advantages.
:::note
diff --git a/calico-enterprise_versioned_docs/version-3.17/operations/monitor/metrics/elasticsearch-and-fluentd-metrics.mdx b/calico-enterprise_versioned_docs/version-3.17/operations/monitor/metrics/elasticsearch-and-fluentd-metrics.mdx
index dc845982b1..e1255928ce 100644
--- a/calico-enterprise_versioned_docs/version-3.17/operations/monitor/metrics/elasticsearch-and-fluentd-metrics.mdx
+++ b/calico-enterprise_versioned_docs/version-3.17/operations/monitor/metrics/elasticsearch-and-fluentd-metrics.mdx
@@ -82,7 +82,7 @@ investigation."
severity: Critical
annotations:
summary: "Elasticsearch pod {{$labels.name}}'s disk space is critically low."
- description: "Elasticsearch pod {{$labels.name}} in Elasticsearch cluster {{$labels.name}} has less then 10% of
+ description: "Elasticsearch pod {{$labels.name}} in Elasticsearch cluster {{$labels.name}} has less than 10% of
free disk space left. To avoid service disruption review the LogStorage resource limits and curation settings."
- alert: ElasticsearchPodLowDiskSpace
expr: elasticsearch_filesystem_data_available_bytes / elasticsearch_filesystem_data_size_bytes < 0.25
@@ -90,7 +90,7 @@ free disk space left. To avoid service disruption review the LogStorage resource
severity: Warning
annotations:
summary: "Elasticsearch pod {{$labels.name}}'s disk space is getting low."
- description: "Elasticsearch pod {{$labels.name}} in Elasticsearch cluster {{$labels.name}} has less then 25% of
+ description: "Elasticsearch pod {{$labels.name}} in Elasticsearch cluster {{$labels.name}} has less than 25% of
free disk space left. To avoid service disruption review the LogStorage resource limits and curation settings."
- alert: ElasticsearchConsistentlyHighCPUUsage
expr: avg_over_time(elasticsearch_os_cpu_percent[10m]) > 90
diff --git a/calico-enterprise_versioned_docs/version-3.17/reference/architecture/design/l2-interconnect-fabric.mdx b/calico-enterprise_versioned_docs/version-3.17/reference/architecture/design/l2-interconnect-fabric.mdx
index 9d91a6386b..a0c6c5388a 100644
--- a/calico-enterprise_versioned_docs/version-3.17/reference/architecture/design/l2-interconnect-fabric.mdx
+++ b/calico-enterprise_versioned_docs/version-3.17/reference/architecture/design/l2-interconnect-fabric.mdx
@@ -50,7 +50,7 @@ context.
In a classical Ethernet data center fabric, there is a _churn_ event each time an endpoint is created,
destroyed, or moved. In a large data center, with hundreds of thousands of endpoints, this _churn_ could run into tens of events per second, every second of the day, with peaks easily in the hundreds or thousands of events per second. In a {{prodname}} network, however, the _churn_ is very low. The only event that would lead to _churn_
- orders of magnitude more than what is normally experienced), there would only be two thousand events per **day**. Any switch that can not handle that volume of change in the network should not be used
+ orders of magnitude more than what is normally experienced), there would only be two thousand events per **day**. Any switch that cannot handle that volume of change in the network should not be used
for any application.
- High volume of broadcast traffic
@@ -87,7 +87,7 @@ In this diagram, each ToR is segmented into four logical switches (possibly by u
Each plane would constitute an IP network, so the blue plane would be 2001:db8:1000::/36, the green would be 2001:db8:2000::/36, and the orange and red planes would be 2001:db8:3000::/36 and 2001:db8:4000::/36 respectively ([note 3](#note-3)).
-Each IP network (plane) requires it's own BGP route reflectors. Those route reflectors need to be peered with each other within the plane, but the route reflectors in each plane do not need to be peered with one another. Therefore, a fabric of four planes would have four route reflector meshes. Each compute server, border router, _etc._ would need
+Each IP network (plane) requires its own BGP route reflectors. Those route reflectors need to be peered with each other within the plane, but the route reflectors in each plane do not need to be peered with one another. Therefore, a fabric of four planes would have four route reflector meshes. Each compute server, border router, _etc._ would need
to be a route reflector client of at least one route reflector in each plane, and very preferably two or more in each plane.
The following diagram visualizes the route reflector environment.
diff --git a/calico-enterprise_versioned_docs/version-3.17/reference/clis/calicoctl/delete.mdx b/calico-enterprise_versioned_docs/version-3.17/reference/clis/calicoctl/delete.mdx
index 4bb2230e38..90fef1663a 100644
--- a/calico-enterprise_versioned_docs/version-3.17/reference/clis/calicoctl/delete.mdx
+++ b/calico-enterprise_versioned_docs/version-3.17/reference/clis/calicoctl/delete.mdx
@@ -78,7 +78,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to delete a resource that does not exists is treated as a
terminating error unless the --skip-not-exists flag is set. If this flag is
diff --git a/calico-enterprise_versioned_docs/version-3.17/reference/clis/calicoctl/get.mdx b/calico-enterprise_versioned_docs/version-3.17/reference/clis/calicoctl/get.mdx
index 18b6406b61..d0213695a7 100644
--- a/calico-enterprise_versioned_docs/version-3.17/reference/clis/calicoctl/get.mdx
+++ b/calico-enterprise_versioned_docs/version-3.17/reference/clis/calicoctl/get.mdx
@@ -81,7 +81,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to get resources that do not exist will simply return no results.
diff --git a/calico-enterprise_versioned_docs/version-3.17/reference/clis/calicoctl/label.mdx b/calico-enterprise_versioned_docs/version-3.17/reference/clis/calicoctl/label.mdx
index 48c684f65c..29f892c06e 100644
--- a/calico-enterprise_versioned_docs/version-3.17/reference/clis/calicoctl/label.mdx
+++ b/calico-enterprise_versioned_docs/version-3.17/reference/clis/calicoctl/label.mdx
@@ -52,10 +52,10 @@ Options:
--overwrite If true, overwrite the value when the key is already
present in labels. Otherwise reports error when the
labeled resource already have the key in its labels.
- Can not be used with --remove.
+ Cannot be used with --remove.
--remove If true, remove the specified key in labels of the
resource. Reports error when specified key does not
- exist. Can not be used with --overwrite.
+ exist. Cannot be used with --overwrite.
--context= The name of the kubeconfig context to use.
Description:
@@ -75,7 +75,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to label resources that do not exist will get an error.
@@ -133,10 +133,10 @@ Description:
--overwrite If true, overwrite the value when the key is already
present in labels. Otherwise reports error when the
labeled resource already have the key in its labels.
- Can not be used with --remove.
+ Cannot be used with --remove.
--remove If true, remove the specified key in labels of the
resource. Reports error when specified key does not
- exist. Can not be used with --overwrite.
+ exist. Cannot be used with --overwrite.
```
### General options
diff --git a/calico-enterprise_versioned_docs/version-3.17/reference/clis/calicoctl/node/run.mdx b/calico-enterprise_versioned_docs/version-3.17/reference/clis/calicoctl/node/run.mdx
index 0368cc597c..6f1bff857c 100644
--- a/calico-enterprise_versioned_docs/version-3.17/reference/clis/calicoctl/node/run.mdx
+++ b/calico-enterprise_versioned_docs/version-3.17/reference/clis/calicoctl/node/run.mdx
@@ -100,7 +100,7 @@ Options:
system.
--no-default-ippools Do not create default pools upon startup.
Default IP pools will be created if this is not set
- and there are no pre-existing Calico IP pools.
+ and there are no preexisting Calico IP pools.
--disable-docker-networking
Disable Docker networking.
--docker-networking-ifprefix=
@@ -342,7 +342,7 @@ terminating `,` character does not need to be specified for those cases.
system.
--no-default-ippools Do not create default pools upon startup.
Default IP pools will be created if this is not set
- and there are no pre-existing Calico IP pools.
+ and there are no preexisting Calico IP pools.
--disable-docker-networking
Disable Docker networking.
--docker-networking-ifprefix=
diff --git a/calico-enterprise_versioned_docs/version-3.17/reference/clis/calicoctl/overview.mdx b/calico-enterprise_versioned_docs/version-3.17/reference/clis/calicoctl/overview.mdx
index 8a2528b64f..30ff8fee91 100644
--- a/calico-enterprise_versioned_docs/version-3.17/reference/clis/calicoctl/overview.mdx
+++ b/calico-enterprise_versioned_docs/version-3.17/reference/clis/calicoctl/overview.mdx
@@ -37,7 +37,7 @@ Usage:
replace Replace a resource by file, directory or stdin.
apply Apply a resource by file, directory or stdin. This creates a resource
if it does not exist, and replaces a resource if it does exists.
- patch Patch a pre-existing resource in place.
+ patch Patch a preexisting resource in place.
delete Delete a resource identified by file, directory, stdin or resource type and
name.
get Get a resource identified by file, directory, stdin or resource type and
@@ -115,7 +115,7 @@ See [Configuring Felix](../../component-resources/node/felix/configuration.mdx)
## Supported resource definition aliases
The following table lists supported aliases for {{prodname}} resources when using `calicoctl`. Note that all aliases
-are **case insensitive**.
+are **case-insensitive**.
| Resource definition | Supported calicoctl aliases |
| :----------------------------------- | :----------------------------------------------------------- |
diff --git a/calico-enterprise_versioned_docs/version-3.17/reference/clis/calicoctl/patch.mdx b/calico-enterprise_versioned_docs/version-3.17/reference/clis/calicoctl/patch.mdx
index 2cf6c404fb..db187d25bc 100644
--- a/calico-enterprise_versioned_docs/version-3.17/reference/clis/calicoctl/patch.mdx
+++ b/calico-enterprise_versioned_docs/version-3.17/reference/clis/calicoctl/patch.mdx
@@ -59,7 +59,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to patch a resource that does not exists is treated as a
terminating error unless the --skip-not-exists flag is set. If this flag is
set, resources that do not exist are skipped.
diff --git a/calico-enterprise_versioned_docs/version-3.17/reference/component-resources/node/felix/configuration.mdx b/calico-enterprise_versioned_docs/version-3.17/reference/component-resources/node/felix/configuration.mdx
index d389022f69..905f024e0d 100644
--- a/calico-enterprise_versioned_docs/version-3.17/reference/component-resources/node/felix/configuration.mdx
+++ b/calico-enterprise_versioned_docs/version-3.17/reference/component-resources/node/felix/configuration.mdx
@@ -62,7 +62,7 @@ The full list of parameters which can be set is as follows.
| `HealthEnabled` | `FELIX_HEALTHENABLED` | When enabled, exposes felix health information via an http endpoint. | boolean |
| `HealthHost` | `FELIX_HEALTHHOST` | The address on which Felix will respond to health requests. [Default: `localhost`] | string |
| `HealthPort` | `FELIX_HEALTHPORT` | The port on which Felix will respond to health requests. [Default: `9099`] | int |
-| `HealthTimeoutOverrides` | `FELIX_HEALTHTIMEOUTOVERRIDES` | Allows the internal watchdog timeouts of individual subcomponents to be overriden; example: "InternalDataplaneMainLoop=30s,CalculationGraph=2m". This is useful for working around "false positive" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs. [Default: ``] | Comma-delimited list of key/value pairs where the values are durations: `1s`, `10s`, `5m`, etc. |
+| `HealthTimeoutOverrides` | `FELIX_HEALTHTIMEOUTOVERRIDES` | Allows the internal watchdog timeouts of individual subcomponents to be overridden; example: "InternalDataplaneMainLoop=30s,CalculationGraph=2m". This is useful for working around "false positive" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs. [Default: ``] | Comma-delimited list of key/value pairs where the values are durations: `1s`, `10s`, `5m`, etc. |
| `IpInIpEnabled` | `FELIX_IPINIPENABLED` | Optional, you shouldn't need to change this setting as Felix calculates if IPIP should be enabled based on the existing IP Pools. When set, this overrides whether Felix should configure an IPinIP interface on the host. When explicitly disabled in FelixConfiguration, Felix will not clean up addresses from the `tunl0` interface (use this if you need to add addresses to that interface and don't want to have them removed). [Default: unset] | optional boolean |
| `IpInIpMtu` | `FELIX_IPINIPMTU` | The MTU to set on the IPIP tunnel device. Zero value means auto-detect. See [Configuring MTU](../../../../networking/configuring/mtu.mdx) [Default: `0`] | int |
| `IPv4VXLANTunnelAddr` | | IP address of the IPv4 VXLAN tunnel. This is system configured and should not be updated manually. | string |
@@ -104,7 +104,7 @@ The full list of parameters which can be set is as follows.
#### Feature Gates
-* `BPFConnectTimeLoadBalancingWorkaround` - Use when connect-time loadblalancer (CTLB) is turned off or if you want to turn it off for UDP only. When CTLB is turned off, host networked processes cannot always reach services. This workaround makes sure that they can. When CTLB is turned on, UDP clients may get stuck sending traffic to endpoint that does not exist anymore. So CTLB needs to be turned off sometimes.
+* `BPFConnectTimeLoadBalancingWorkaround` - Use when connect-time loadbalancer (CTLB) is turned off or if you want to turn it off for UDP only. When CTLB is turned off, host networked processes cannot always reach services. This workaround makes sure that they can. When CTLB is turned on, UDP clients may get stuck sending traffic to endpoint that does not exist anymore. So CTLB needs to be turned off sometimes.
* `enabled` - when CTLB is turned off make sure that services are always accessible.
* `udp` - turns off CTLB for UDP only and makes sure that services are always accessible. Preferred setting to make sure that DNS works.
@@ -281,7 +281,7 @@ for 1022 endpoints on the host.
| `L7LogsFileMaxFileSizeMB` | `FELIX_L7LOGSFILEMAXFILESIZEMB` | `100` | The max size in MB of L7 log files before rotation. This parameter only takes effect when `L7LogsFileEnabled` is `true`. |
| `L7LogsFlushInterval` | `FELIX_L7LOGSFLUSHINTERVAL` | `300` | The period, in seconds, at which Felix exports L7 logs. |
| `L7LogsFileAggregationHTTPHeaderInfo` | `FELIX_L7LOGSFILEAGGREGATIONHTTPHEADERINFO` | `ExcludeL7HTTPHeaderInfo` | How to handle HTTP header information for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7HTTPHeaderInfo` and `IncludeL7HTTPHeaderInfo`. |
-| `L7LogsFileAggregationHTTPMethod` | `FELIX_L7LOGSFILEAGGREGATIONHTTPMETHOD` | `IncludeL7HTTPMethod` | How to handle HTTP method data for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7HTTPMethod` and `IncludeL7HTTPMethod`. |
+| `L7LogsFileAggregationHTTPMethod` | `FELIX_L7LOGSFILEAGGREGATIONHTTPMETHOD` | `IncludeL7HTTPMethod` | How to handle HTTP method data for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7HTTPMethod` and `IncludeL7HTTPMethod`. |
| `L7LogsFileAggregationServiceInfo` | `FELIX_L7LOGSFILEAGGREGATIONSERVICEINFO` | `IncludeL7ServiceInfo` | How to handle service information for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7ServiceInfo` and `IncludeL7ServiceInfo`. |
| `L7LogsFileAggregationDestinationInfo` | `FELIX_L7LOGSFILEAGGREGATIONDESTINATIONINFO` | `IncludeL7DestinationInfo` | How to handle destination metadata for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7DestinationInfo` and `IncludeL7DestinationInfo`. |
| `L7LogsFileAggregationSourceInfo` | `FELIX_L7LOGSFILEAGGREGATIONSOURCEINFO` | `IncludeL7SourceInfoNoPort` | How to handle source metadata for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7SourceInfo`, `IncludeL7SourceInfoNoPort`, and `IncludeL7SourceInfo`. |
diff --git a/calico-enterprise_versioned_docs/version-3.17/reference/component-resources/node/felix/prometheus.mdx b/calico-enterprise_versioned_docs/version-3.17/reference/component-resources/node/felix/prometheus.mdx
index e234fc63ff..76a92eee6a 100644
--- a/calico-enterprise_versioned_docs/version-3.17/reference/component-resources/node/felix/prometheus.mdx
+++ b/calico-enterprise_versioned_docs/version-3.17/reference/component-resources/node/felix/prometheus.mdx
@@ -23,13 +23,13 @@ existing metrics.
| `felix_active_local_selectors` | Number of active selectors on this host. |
| `felix_active_local_tags` | Number of active tags on this host. |
| `felix_bpf_conntrack_cleaned` | Number of entries cleaned during a conntrack table sweep. |
-| `felix_bpf_conntrack_cleaned_total` | Total number of entries cleaned during conntrack table sweeps, incremented for each clean individually. |
+| `felix_bpf_conntrack_cleaned_total` | Total number of entries cleaned during conntrack table sweeps, incremented for each clean individually. |
| `felix_bpf_conntrack_expired` | Number of entries cleaned during a conntrack table sweep due to expiration. |
| `felix_bpf_conntrack_expired_total` | Total number of entries cleaned during conntrack table sweep due to expiration - by reason. |
| `felix_bpf_conntrack_inforeader_blocks` | Conntrack InfoReader would-blocks. |
| `felix_bpf_conntrack_stale_nat` | Number of entries cleaned during a conntrack table sweep due to stale NAT. |
| `felix_bpf_conntrack_stale_nat_total` | Total number of entries cleaned during conntrack table sweeps due to stale NAT. |
-| `felix_bpf_conntrack_sweeps` | Number of contrack table sweeps made so far. |
+| `felix_bpf_conntrack_sweeps` | Number of conntrack table sweeps made so far. |
| `felix_bpf_conntrack_used` | Number of used entries visited during a conntrack table sweep. |
| `felix_bpf_conntrack_sweep_duration` | Conntrack sweep execution time (ns). |
| `felix_bpf_num_ip_sets` | Number of BPF IP sets managed in the dataplane. |
diff --git a/calico-enterprise_versioned_docs/version-3.17/reference/component-resources/typha/configuration.mdx b/calico-enterprise_versioned_docs/version-3.17/reference/component-resources/typha/configuration.mdx
index 7e772e4a38..c1b5001c38 100644
--- a/calico-enterprise_versioned_docs/version-3.17/reference/component-resources/typha/configuration.mdx
+++ b/calico-enterprise_versioned_docs/version-3.17/reference/component-resources/typha/configuration.mdx
@@ -10,7 +10,7 @@ import TabItem from '@theme/TabItem';
-Typha configuration can not be modified when Calico Enterprise is installed via the operator.
+Typha configuration cannot be modified when Calico Enterprise is installed via the operator.
diff --git a/calico-enterprise_versioned_docs/version-3.17/reference/installation/_api.mdx b/calico-enterprise_versioned_docs/version-3.17/reference/installation/_api.mdx
index 5871c5c14b..fd8e00bb46 100644
--- a/calico-enterprise_versioned_docs/version-3.17/reference/installation/_api.mdx
+++ b/calico-enterprise_versioned_docs/version-3.17/reference/installation/_api.mdx
@@ -486,7 +486,7 @@ WAFStatusType
WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster.
-When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
+When enabled, Services may opt-in to having ingress traffic examined by ModSecurity.
@@ -4098,7 +4098,7 @@ WAFStatusType
WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster.
-When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
+When enabled, Services may opt-in to having ingress traffic examined by ModSecurity.
@@ -9103,7 +9103,7 @@ int32
(Optional)
-BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from
+BlockSize specifies the CIDR prefix length to use when allocating per-node IP blocks from
the main IP pool CIDR.
Default: 26 (IPv4), 122 (IPv6)
@@ -9908,7 +9908,7 @@ int32
MTU is the most recently observed value for pod network MTU. This may be an explicitly
-configured value, or based on Calico’s native auto-detetion.
+configured value, or based on Calico’s native auto-detection.
diff --git a/calico-enterprise_versioned_docs/version-3.17/reference/public-cloud/azure.mdx b/calico-enterprise_versioned_docs/version-3.17/reference/public-cloud/azure.mdx
index 91b716ea0a..4d32410b92 100644
--- a/calico-enterprise_versioned_docs/version-3.17/reference/public-cloud/azure.mdx
+++ b/calico-enterprise_versioned_docs/version-3.17/reference/public-cloud/azure.mdx
@@ -23,7 +23,7 @@ You can use {{prodname}} policy with one of the following networking options.
To configure Azure user-defined routes (UDR):
- Create an [Azure route table][azureudrcreate] and
- associatе it with the VMs subnet.
+ associate it with the VMs subnet.
- Enable [IP forwarding enabled][azureipforward] in your
VM network interfaces.
diff --git a/calico-enterprise_versioned_docs/version-3.17/reference/resources/deeppacketinspection.mdx b/calico-enterprise_versioned_docs/version-3.17/reference/resources/deeppacketinspection.mdx
index 3f95e785d6..90248a6203 100644
--- a/calico-enterprise_versioned_docs/version-3.17/reference/resources/deeppacketinspection.mdx
+++ b/calico-enterprise_versioned_docs/version-3.17/reference/resources/deeppacketinspection.mdx
@@ -64,10 +64,10 @@ spec:
### Error Conditions
-| Field | Description |
-| ----------- | ------------------------------------------------------------------ |
+| Field | Description |
+| ----------- | ------------------------------------------------------------------- |
| message | Errors preventing deep packet inspection from running successfully. |
-| lastUpdated | Time when the [error](#error-conditions) was updated. |
+| lastUpdated | Time when the [error](#error-conditions) was updated. |
### Selector
diff --git a/calico-enterprise_versioned_docs/version-3.17/reference/resources/managedcluster.mdx b/calico-enterprise_versioned_docs/version-3.17/reference/resources/managedcluster.mdx
index 0a8a54fb4e..1e9329b4f1 100644
--- a/calico-enterprise_versioned_docs/version-3.17/reference/resources/managedcluster.mdx
+++ b/calico-enterprise_versioned_docs/version-3.17/reference/resources/managedcluster.mdx
@@ -64,9 +64,9 @@ plane and managed plane will be reported as following:
- `True` when both planes have an established connection
- `False` when neither planes have an established connection
-| Field | Description | Accepted Values | Schema | Default |
-| ------ | ------------------------------------------------------------------------- | ------------------------- | ------ | ------------------------- |
-| type | Type of status that is being reported | - | string | `ManagedClusterConnected` |
+| Field | Description | Accepted Values | Schema | Default |
+| ------ | ------------------------------------------------------------------------- | -------------------------- | ------ | ------------------------- |
+| type | Type of status that is being reported | - | string | `ManagedClusterConnected` |
| status | Status of the connection between a Managed cluster and management cluster | `Unknown`, `True`, `False` | string | `Unknown` |
[Multi-cluster management](../../multicluster/create-a-management-cluster.mdx)
diff --git a/calico-enterprise_versioned_docs/version-3.17/visibility/elastic/flow/aggregation.mdx b/calico-enterprise_versioned_docs/version-3.17/visibility/elastic/flow/aggregation.mdx
index af65bd2fc1..69ade36b7b 100644
--- a/calico-enterprise_versioned_docs/version-3.17/visibility/elastic/flow/aggregation.mdx
+++ b/calico-enterprise_versioned_docs/version-3.17/visibility/elastic/flow/aggregation.mdx
@@ -97,9 +97,9 @@ When viewing traffic flows, note that **null values** for `source_ip` and `dest_
The following table summarizes the aggregation levels by flow log traffic.
| Flow log aggregation by... | Available for... | Aggregates all flows that share... |
-| --------------------------- | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| Pod prefix | Allowed and denied traffic (default is allowed) | `FlowLogsFileAggregationKindForAllowed` **0**, No aggregation **1**, A source port on each node. **2, (default)** Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
-| Source port | Allowed and denied traffic | `FlowLogsFileAggregationKindForAllowed` `FlowLogsFileAggregationKindForDenied` **0**, No aggregation **1, (default)** Source port on each node. **2**, Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
+| -------------------------- | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Pod prefix | Allowed and denied traffic (default is allowed) | `FlowLogsFileAggregationKindForAllowed` **0**, No aggregation **1**, A source port on each node. **2, (default)** Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
+| Source port | Allowed and denied traffic | `FlowLogsFileAggregationKindForAllowed` `FlowLogsFileAggregationKindForDenied` **0**, No aggregation **1, (default)** Source port on each node. **2**, Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
## How to
diff --git a/calico-enterprise_versioned_docs/version-3.17/visibility/elastic/flow/datatypes.mdx b/calico-enterprise_versioned_docs/version-3.17/visibility/elastic/flow/datatypes.mdx
index 9f57229655..87663de94a 100644
--- a/calico-enterprise_versioned_docs/version-3.17/visibility/elastic/flow/datatypes.mdx
+++ b/calico-enterprise_versioned_docs/version-3.17/visibility/elastic/flow/datatypes.mdx
@@ -61,7 +61,7 @@ The following table details the key/value pairs in the JSON blob, including thei
| `tcp_max_min_rtt` | long | Maximum MinRTT in micro seconds. This field is only available if flowLogsEnableTcpStats is enabled |
| `tcp_mean_mss` | long | Mean TCP MSS. This field is only available if flowLogsEnableTcpStats is enabled |
| `tcp_min_mss` | long | Minimum TCP MSS. This field is only available if flowLogsEnableTcpStats is enabled |
-| `tcp_total_retransmissions` | long | Total retransmitted packets. This field is only available if flowLogsEnableTcpStats is enabled |
+| `tcp_total_retransmissions` | long | Total retransmitted packets. This field is only available if flowLogsEnableTcpStats is enabled |
| `tcp_lost_packets` | long | Total lost packets. This field is only available if flowLogsEnableTcpStats is enabled |
| `tcp_unrecovered_to` | long | Total unrecovered timeouts. This field is only available if flowLogsEnableTcpStats is enabled |
diff --git a/calico-enterprise_versioned_docs/version-3.18-2/_includes/components-temp/InstallEKS-temp.js b/calico-enterprise_versioned_docs/version-3.18-2/_includes/components-temp/InstallEKS-temp.js
index c0dd9ab9d4..06e7b8e470 100644
--- a/calico-enterprise_versioned_docs/version-3.18-2/_includes/components-temp/InstallEKS-temp.js
+++ b/calico-enterprise_versioned_docs/version-3.18-2/_includes/components-temp/InstallEKS-temp.js
@@ -138,7 +138,7 @@ spec:
plane nodes will not be able to initiate network connections to {prodname} pods. (This is a general limitation
of EKS's custom networking support, not specific to {prodname}.) As a workaround, trusted pods that require
control plane nodes to connect to them, such as those implementing admission controller webhooks, can include{' '}
- hostNetwork:true in their pod spec. See the Kuberentes API{' '}
+ hostNetwork:true in their pod spec. See the Kubernetes API{' '}
pod spec
{' '}
diff --git a/calico-enterprise_versioned_docs/version-3.18-2/_includes/components/InstallEKS.js b/calico-enterprise_versioned_docs/version-3.18-2/_includes/components/InstallEKS.js
index 6f7ec74e0a..fd7ba4ecb6 100644
--- a/calico-enterprise_versioned_docs/version-3.18-2/_includes/components/InstallEKS.js
+++ b/calico-enterprise_versioned_docs/version-3.18-2/_includes/components/InstallEKS.js
@@ -138,7 +138,7 @@ spec:
plane nodes will not be able to initiate network connections to {prodname} pods. (This is a general limitation
of EKS's custom networking support, not specific to {prodname}.) As a workaround, trusted pods that require
control plane nodes to connect to them, such as those implementing admission controller webhooks, can include{' '}
- hostNetwork:true in their pod spec. See the Kuberentes API{' '}
+ hostNetwork:true in their pod spec. See the Kubernetes API{' '}
pod spec
{' '}
diff --git a/calico-enterprise_versioned_docs/version-3.18-2/getting-started/install-on-clusters/aws.mdx b/calico-enterprise_versioned_docs/version-3.18-2/getting-started/install-on-clusters/aws.mdx
index 15d5633700..09f4d051ac 100644
--- a/calico-enterprise_versioned_docs/version-3.18-2/getting-started/install-on-clusters/aws.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18-2/getting-started/install-on-clusters/aws.mdx
@@ -86,7 +86,7 @@ To use kOps to create a cluster with {{prodname}} networking and network policy:
:::
-1. The provisioned kOps cluster will assign it's own set of pod network CIDR in the kube-proxy instance different than the one {{prodname}} expects. To set the cluster cidr for the kube-proxy to match the one expected by {{prodname}} edit the cluster config `kops edit cluster ` and add the `kubeProxy` config with the `clusterCIDR` expected by the default {{prodname}} installation.
+1. The provisioned kOps cluster will assign its own set of pod network CIDR in the kube-proxy instance different than the one {{prodname}} expects. To set the cluster cidr for the kube-proxy to match the one expected by {{prodname}} edit the cluster config `kops edit cluster ` and add the `kubeProxy` config with the `clusterCIDR` expected by the default {{prodname}} installation.
```yaml noValidation
spec:
diff --git a/calico-enterprise_versioned_docs/version-3.18-2/getting-started/install-on-clusters/requirements.mdx b/calico-enterprise_versioned_docs/version-3.18-2/getting-started/install-on-clusters/requirements.mdx
index f5664735f1..414786c466 100644
--- a/calico-enterprise_versioned_docs/version-3.18-2/getting-started/install-on-clusters/requirements.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18-2/getting-started/install-on-clusters/requirements.mdx
@@ -14,11 +14,11 @@ This installation must use the Kubernetes default CNI configuration directory (`
## Other network providers
-Generally, you can not use {{prodname}} together with another network provider.
+Generally, you cannot use {{prodname}} together with another network provider.
Notable exceptions include certain platform-specific CNIs, such as the [AWS VPC CNI](https://github.com/aws/amazon-vpc-cni-k8s/blob/master/README.md) and [Azure VNET CNI](https://github.com/Azure/azure-container-networking/blob/master/docs/cni.md) plugins.
-If you're working with a cluster that already uses another CNI, you can not migrate to {{prodname}}.
+If you're working with a cluster that already uses another CNI, you cannot migrate to {{prodname}}.
## Supported kube-proxy modes
diff --git a/calico-enterprise_versioned_docs/version-3.18-2/network-policy/beginners/calico-network-policy.mdx b/calico-enterprise_versioned_docs/version-3.18-2/network-policy/beginners/calico-network-policy.mdx
index 6dbb5bae8f..bfe24c3c87 100644
--- a/calico-enterprise_versioned_docs/version-3.18-2/network-policy/beginners/calico-network-policy.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18-2/network-policy/beginners/calico-network-policy.mdx
@@ -49,7 +49,7 @@ metadata:
name: allow-tcp-port-6379
```
-Because global network policies use **kind: GlobalNetworkPolicy**, they are grouped seperately from **kind: NetworkPolicy**. For example, global network policies will not be returned from `kubectl get networkpolicy.p`, and are rather returned from `kubectl get globalnetworkpolicy`.
+Because global network policies use **kind: GlobalNetworkPolicy**, they are grouped separately from **kind: NetworkPolicy**. For example, global network policies will not be returned from `kubectl get networkpolicy.p`, and are rather returned from `kubectl get globalnetworkpolicy`.
### Ingress and egress
diff --git a/calico-enterprise_versioned_docs/version-3.18-2/network-policy/get-started/kubernetes-demo.mdx b/calico-enterprise_versioned_docs/version-3.18-2/network-policy/get-started/kubernetes-demo.mdx
index 61dfb32b0c..6bd390dbf3 100644
--- a/calico-enterprise_versioned_docs/version-3.18-2/network-policy/get-started/kubernetes-demo.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18-2/network-policy/get-started/kubernetes-demo.mdx
@@ -67,7 +67,7 @@ kubectl create -f {{tutorialFilesURL}}/allow-ui.yaml
kubectl create -f {{tutorialFilesURL}}/allow-ui-client.yaml
```
-After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other any more.
+After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other anymore.
### 4) Create the backend-policy.yaml file to allow traffic from the frontend to the backend
diff --git a/calico-enterprise_versioned_docs/version-3.18-2/network-policy/hosts/host-forwarded-traffic.mdx b/calico-enterprise_versioned_docs/version-3.18-2/network-policy/hosts/host-forwarded-traffic.mdx
index ae65428f74..edef086c7f 100644
--- a/calico-enterprise_versioned_docs/version-3.18-2/network-policy/hosts/host-forwarded-traffic.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18-2/network-policy/hosts/host-forwarded-traffic.mdx
@@ -110,7 +110,7 @@ spec:
- 22
```
-Save this as allow-ssh-maintenace.yaml.
+Save this as allow-ssh-maintenance.yaml.
Apply the policy to the cluster:
diff --git a/calico-enterprise_versioned_docs/version-3.18-2/network-policy/hosts/protect-hosts.mdx b/calico-enterprise_versioned_docs/version-3.18-2/network-policy/hosts/protect-hosts.mdx
index 8aab3e501f..c4d4031a54 100644
--- a/calico-enterprise_versioned_docs/version-3.18-2/network-policy/hosts/protect-hosts.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18-2/network-policy/hosts/protect-hosts.mdx
@@ -24,7 +24,7 @@ Each host has one or more network interfaces that it uses to communicate externa
### Failsafe rules
-It is easy to inadvertently cut all host connectivity because of non-existent or misconfigured network policy. To avoid this, {{prodname}} provides failsafe rules with default/configurable ports that are open on all host endpoints.
+It is easy to inadvertently cut all host connectivity because of nonexistent or misconfigured network policy. To avoid this, {{prodname}} provides failsafe rules with default/configurable ports that are open on all host endpoints.
### Default behavior of workload to host traffic
@@ -58,7 +58,7 @@ If you are already running {{prodname}} for Kubernetes, you are good to go. If y
### Avoid accidentally cutting all host connectivity
-To avoid inadvertently cutting all host connectivity because of non-existent or misconfigured network policy, {{prodname}} uses failsafe rules that open specific ports and CIDRs on all host endpoints.
+To avoid inadvertently cutting all host connectivity because of nonexistent or misconfigured network policy, {{prodname}} uses failsafe rules that open specific ports and CIDRs on all host endpoints.
Review the following table to determine if the defaults work for your implementation. If not, change the default ports using the parameters, **FailsafeInboundHostPorts** and **FailsafeOutboundHostPorts** in [Configuring Felix](../../reference/component-resources/node/felix/configuration.mdx#environment-variables).
diff --git a/calico-enterprise_versioned_docs/version-3.18-2/operations/clis/calicoctl/install.mdx b/calico-enterprise_versioned_docs/version-3.18-2/operations/clis/calicoctl/install.mdx
index 15d816db17..3f238b93c1 100644
--- a/calico-enterprise_versioned_docs/version-3.18-2/operations/clis/calicoctl/install.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18-2/operations/clis/calicoctl/install.mdx
@@ -122,8 +122,8 @@ to a location that's in your `PATH`. For example, `C:\Windows`.
{'{{version}}' === 'master'
- ? `Invoke-WebRequest -Uri "{{filesUrl}}/download/binaries/${version}/calicoctl-windows-amd64.exe" -OutFile "calicocttl.exe"`
- : `Invoke-WebRequest -Uri "{{downloadsurl}}/ee/binaries/${version}/calicoctl-windows-amd64.exe" -OutFile "calicocttl.exe"`}
+ ? `Invoke-WebRequest -Uri "{{filesUrl}}/download/binaries/${version}/calicoctl-windows-amd64.exe" -OutFile "calicoctl.exe"`
+ : `Invoke-WebRequest -Uri "{{downloadsurl}}/ee/binaries/${version}/calicoctl-windows-amd64.exe" -OutFile "calicoctl.exe"`}
diff --git a/calico-enterprise_versioned_docs/version-3.18-2/operations/ebpf/enabling-ebpf.mdx b/calico-enterprise_versioned_docs/version-3.18-2/operations/ebpf/enabling-ebpf.mdx
index 3064c0ea3a..330db01e02 100644
--- a/calico-enterprise_versioned_docs/version-3.18-2/operations/ebpf/enabling-ebpf.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18-2/operations/ebpf/enabling-ebpf.mdx
@@ -186,7 +186,7 @@ resource to `"BPF"`.
kubectl patch installation.operator.tigera.io default --type merge -p '{"spec":{"calicoNetwork":{"linuxDataplane":"BPF"}}}'
```
-When enabling eBPF mode, pre-existing connections continue to use the non-BPF datapath; such connections should
+When enabling eBPF mode, preexisting connections continue to use the non-BPF datapath; such connections should
not be disrupted, but they do not benefit from eBPF mode’s advantages.
:::note
diff --git a/calico-enterprise_versioned_docs/version-3.18-2/operations/monitor/metrics/elasticsearch-and-fluentd-metrics.mdx b/calico-enterprise_versioned_docs/version-3.18-2/operations/monitor/metrics/elasticsearch-and-fluentd-metrics.mdx
index dc845982b1..e1255928ce 100644
--- a/calico-enterprise_versioned_docs/version-3.18-2/operations/monitor/metrics/elasticsearch-and-fluentd-metrics.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18-2/operations/monitor/metrics/elasticsearch-and-fluentd-metrics.mdx
@@ -82,7 +82,7 @@ investigation."
severity: Critical
annotations:
summary: "Elasticsearch pod {{$labels.name}}'s disk space is critically low."
- description: "Elasticsearch pod {{$labels.name}} in Elasticsearch cluster {{$labels.name}} has less then 10% of
+ description: "Elasticsearch pod {{$labels.name}} in Elasticsearch cluster {{$labels.name}} has less than 10% of
free disk space left. To avoid service disruption review the LogStorage resource limits and curation settings."
- alert: ElasticsearchPodLowDiskSpace
expr: elasticsearch_filesystem_data_available_bytes / elasticsearch_filesystem_data_size_bytes < 0.25
@@ -90,7 +90,7 @@ free disk space left. To avoid service disruption review the LogStorage resource
severity: Warning
annotations:
summary: "Elasticsearch pod {{$labels.name}}'s disk space is getting low."
- description: "Elasticsearch pod {{$labels.name}} in Elasticsearch cluster {{$labels.name}} has less then 25% of
+ description: "Elasticsearch pod {{$labels.name}} in Elasticsearch cluster {{$labels.name}} has less than 25% of
free disk space left. To avoid service disruption review the LogStorage resource limits and curation settings."
- alert: ElasticsearchConsistentlyHighCPUUsage
expr: avg_over_time(elasticsearch_os_cpu_percent[10m]) > 90
diff --git a/calico-enterprise_versioned_docs/version-3.18-2/operations/monitor/metrics/recommended-metrics.mdx b/calico-enterprise_versioned_docs/version-3.18-2/operations/monitor/metrics/recommended-metrics.mdx
index 64a2713820..ebf664b106 100644
--- a/calico-enterprise_versioned_docs/version-3.18-2/operations/monitor/metrics/recommended-metrics.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18-2/operations/monitor/metrics/recommended-metrics.mdx
@@ -61,7 +61,7 @@ This section provides metrics recommendations for maintaining optimal cluster op
| Metric | Note: Syncer (type) is Typha's internal name for a client (type). Individual syncer values: (typha_cache_size\{syncer="bgp"\}) (typha_cache_size\{syncer="dpi"\}) typha_cache_size\{syncer="felix"\}) (typha_cache_size\{syncer="node-status"\}) (typha_cache_size\{syncer="tunnel-ip-allocation"\})
Sum of all syncers: The sum of all cache sizes (each syncer type has a cache). sum by (instance)(typha_cache_size)
Largest syncer: max by (instance)(typha_cache_size) |
| Example value | Example of: max by (instance)(typha_cache_size\{syncer="felix"\})
\{instance="10.0.1.20:9093"\} 661 \{instance="10.0.1.31:9093"\} 661 |
| Explanation | The total number of key/value pairs in Typha's in-memory cache.This metric represents the scale of the {{prodname}} datastore as it tracks how many WEPs (pods and services), HEPs (hostendpoints), networksets, globalnetworksets, {{prodname}} Network Policies etc that Typha is aware of across the entire Calico Federation.You can use this metric to monitor individual syncers to Typha (like Felix, BGP etc), or to get a sum of all syncers. We recommend that you monitor the largest syncer but it is completely up to you. This is a good metric to understand how much data is in Typha. Note: If all Typhas are in sync then they should have the same value for this metric. |
-| Threshold value recommendation | The value of this metric will depend on the scale of the Calico Federation and will always increase as WEPs, {{prodname}} network policie,s and clusters are added. Achieve a baseline first, then monitor for any unexpected increases from the baseline. |
+| Threshold value recommendation | The value of this metric will depend on the scale of the Calico Federation and will always increase as WEPs, {{prodname}} network policies and clusters are added. Achieve a baseline first, then monitor for any unexpected increases from the baseline. |
| Threshold breach symptoms | Unexpected increases may indicate memory leaks and performance issues with Typha. |
| Threshold breach recommendations | Check CPU usage on Typha pods and Kubernetes nodes. Increase resources if needed, rollout and restart Typha(s) if needed. |
| Priority level | Optional. |
@@ -261,7 +261,7 @@ The following metrics are applicable only if you have implemented [Cluster mesh]
| Example value | \{instance="10.0.1.20:9093"\} NaN |
| Explanation | The median time to stream the initial datastore snapshot to each client. It is useful to know the time it takes for a client to receive the data when it connects; it does not include time to process the data. |
| Threshold value recommendation | Investigate if this value is moving towards 10s of seconds. |
-| Threshold breach symptoms | High values of this metric could indicate that newly-started clients are taking a long time to get the latest snapshot of the datastore, increasing the window of time where networking/policy updates are not being applied to the dataplane during a restart/upgrade. Typha has a write timeout for writing the snapshot; if a client cannot receive the snapshot within that timeout, it isdisconnected. Clients falling behind on information and updates contained in the datastore (for example, {{prodname}} network policy object may not be current). |
+| Threshold breach symptoms | High values of this metric could indicate that newly-started clients are taking a long time to get the latest snapshot of the datastore, increasing the window of time where networking/policy updates are not being applied to the dataplane during a restart/upgrade. Typha has a write timeout for writing the snapshot; if a client cannot receive the snapshot within that timeout, it is disconnected. Clients falling behind on information and updates contained in the datastore (for example, {{prodname}} network policy object may not be current). |
| Threshold breach recommendations | Check Typha and calico-node logs and resource usage. Check for network congestion. Investigate why a particular calico-node is slow; it is likely on an overloaded node with insufficient CPU). |
| Priority level | Optional. |
@@ -352,7 +352,7 @@ The following policy metrics are a separate endpoint exposed by Felix that are u
| Metric | rate(process_cpu_seconds_total\{30s\}) \* 100 |
| Example value | \{endpoint="metrics-port", instance="10.0.1.20:9091", job="felix-metrics-svc", namespace="calico-system", pod="calico-node-qzpkt", service="felix-metrics-svc"\}3.1197504199664072 |
| Explanation | CPU in use by calico-node represented as a percentage of a core. |
-| Threshold value recommendation | A spike at startup is normal. It is recommended to first achieve a baseline and then monitor for any unexpected increases from this baseline. Investigage if maintained CPU usage goes above 90%. |
+| Threshold value recommendation | A spike at startup is normal. It is recommended to first achieve a baseline and then monitor for any unexpected increases from this baseline. Investigate if maintained CPU usage goes above 90%. |
| Threshold breach symptoms | Unexpected maintained CPU usage could cause Felix to fall behind and could cause delays to policy updates. |
| Threshold breach recommendations | Check CPU usage on Kubernetes nodes. Increase resources if needed, rollout restart calico-node(s) if needed. |
| Priority level | Recommended. |
@@ -459,7 +459,7 @@ The following policy metrics are a separate endpoint exposed by Felix that are u
| Metric | felix_logs_dropped |
| Example value | felix_logs_dropped\{endpoint="metrics-port", instance="10.0.1.20:9091", job="felix-metrics-svc", namespace="calico-system", pod="calico-node-qzpkt", service="felix-metrics-svc"\} 0 |
| Explanation | The number of logs Felix has dropped. Note that this metric does not count flow-logs; it counts logs to stdout. |
-| Threshold value recommendation | Occasional drops are normal. Investigate if frop counters rapidily rise. |
+| Threshold value recommendation | Occasional drops are normal. Investigate if drop counters rapidly rise. |
| Threshold breach symptoms | Felix will drop logs if it cannot keep up with writing them out. These are ordinary code logs, not flow logs. Calico-node may be under resource constraints. |
| Threshold breach recommendations | Check CPU usage on calico-nodes and Kubernetes nodes. Increase resources if needed, and rollout restart calico-node(s) if needed. |
| Priority level | Optional. |
diff --git a/calico-enterprise_versioned_docs/version-3.18-2/reference/architecture/design/l2-interconnect-fabric.mdx b/calico-enterprise_versioned_docs/version-3.18-2/reference/architecture/design/l2-interconnect-fabric.mdx
index 9d91a6386b..a0c6c5388a 100644
--- a/calico-enterprise_versioned_docs/version-3.18-2/reference/architecture/design/l2-interconnect-fabric.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18-2/reference/architecture/design/l2-interconnect-fabric.mdx
@@ -50,7 +50,7 @@ context.
In a classical Ethernet data center fabric, there is a _churn_ event each time an endpoint is created,
destroyed, or moved. In a large data center, with hundreds of thousands of endpoints, this _churn_ could run into tens of events per second, every second of the day, with peaks easily in the hundreds or thousands of events per second. In a {{prodname}} network, however, the _churn_ is very low. The only event that would lead to _churn_
- orders of magnitude more than what is normally experienced), there would only be two thousand events per **day**. Any switch that can not handle that volume of change in the network should not be used
+ orders of magnitude more than what is normally experienced), there would only be two thousand events per **day**. Any switch that cannot handle that volume of change in the network should not be used
for any application.
- High volume of broadcast traffic
@@ -87,7 +87,7 @@ In this diagram, each ToR is segmented into four logical switches (possibly by u
Each plane would constitute an IP network, so the blue plane would be 2001:db8:1000::/36, the green would be 2001:db8:2000::/36, and the orange and red planes would be 2001:db8:3000::/36 and 2001:db8:4000::/36 respectively ([note 3](#note-3)).
-Each IP network (plane) requires it's own BGP route reflectors. Those route reflectors need to be peered with each other within the plane, but the route reflectors in each plane do not need to be peered with one another. Therefore, a fabric of four planes would have four route reflector meshes. Each compute server, border router, _etc._ would need
+Each IP network (plane) requires its own BGP route reflectors. Those route reflectors need to be peered with each other within the plane, but the route reflectors in each plane do not need to be peered with one another. Therefore, a fabric of four planes would have four route reflector meshes. Each compute server, border router, _etc._ would need
to be a route reflector client of at least one route reflector in each plane, and very preferably two or more in each plane.
The following diagram visualizes the route reflector environment.
diff --git a/calico-enterprise_versioned_docs/version-3.18-2/reference/clis/calicoctl/delete.mdx b/calico-enterprise_versioned_docs/version-3.18-2/reference/clis/calicoctl/delete.mdx
index 4bb2230e38..90fef1663a 100644
--- a/calico-enterprise_versioned_docs/version-3.18-2/reference/clis/calicoctl/delete.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18-2/reference/clis/calicoctl/delete.mdx
@@ -78,7 +78,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to delete a resource that does not exists is treated as a
terminating error unless the --skip-not-exists flag is set. If this flag is
diff --git a/calico-enterprise_versioned_docs/version-3.18-2/reference/clis/calicoctl/get.mdx b/calico-enterprise_versioned_docs/version-3.18-2/reference/clis/calicoctl/get.mdx
index 18b6406b61..d0213695a7 100644
--- a/calico-enterprise_versioned_docs/version-3.18-2/reference/clis/calicoctl/get.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18-2/reference/clis/calicoctl/get.mdx
@@ -81,7 +81,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to get resources that do not exist will simply return no results.
diff --git a/calico-enterprise_versioned_docs/version-3.18-2/reference/clis/calicoctl/label.mdx b/calico-enterprise_versioned_docs/version-3.18-2/reference/clis/calicoctl/label.mdx
index 48c684f65c..29f892c06e 100644
--- a/calico-enterprise_versioned_docs/version-3.18-2/reference/clis/calicoctl/label.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18-2/reference/clis/calicoctl/label.mdx
@@ -52,10 +52,10 @@ Options:
--overwrite If true, overwrite the value when the key is already
present in labels. Otherwise reports error when the
labeled resource already have the key in its labels.
- Can not be used with --remove.
+ Cannot be used with --remove.
--remove If true, remove the specified key in labels of the
resource. Reports error when specified key does not
- exist. Can not be used with --overwrite.
+ exist. Cannot be used with --overwrite.
--context= The name of the kubeconfig context to use.
Description:
@@ -75,7 +75,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to label resources that do not exist will get an error.
@@ -133,10 +133,10 @@ Description:
--overwrite If true, overwrite the value when the key is already
present in labels. Otherwise reports error when the
labeled resource already have the key in its labels.
- Can not be used with --remove.
+ Cannot be used with --remove.
--remove If true, remove the specified key in labels of the
resource. Reports error when specified key does not
- exist. Can not be used with --overwrite.
+ exist. Cannot be used with --overwrite.
```
### General options
diff --git a/calico-enterprise_versioned_docs/version-3.18-2/reference/clis/calicoctl/node/run.mdx b/calico-enterprise_versioned_docs/version-3.18-2/reference/clis/calicoctl/node/run.mdx
index 0368cc597c..6f1bff857c 100644
--- a/calico-enterprise_versioned_docs/version-3.18-2/reference/clis/calicoctl/node/run.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18-2/reference/clis/calicoctl/node/run.mdx
@@ -100,7 +100,7 @@ Options:
system.
--no-default-ippools Do not create default pools upon startup.
Default IP pools will be created if this is not set
- and there are no pre-existing Calico IP pools.
+ and there are no preexisting Calico IP pools.
--disable-docker-networking
Disable Docker networking.
--docker-networking-ifprefix=
@@ -342,7 +342,7 @@ terminating `,` character does not need to be specified for those cases.
system.
--no-default-ippools Do not create default pools upon startup.
Default IP pools will be created if this is not set
- and there are no pre-existing Calico IP pools.
+ and there are no preexisting Calico IP pools.
--disable-docker-networking
Disable Docker networking.
--docker-networking-ifprefix=
diff --git a/calico-enterprise_versioned_docs/version-3.18-2/reference/clis/calicoctl/overview.mdx b/calico-enterprise_versioned_docs/version-3.18-2/reference/clis/calicoctl/overview.mdx
index 8a2528b64f..30ff8fee91 100644
--- a/calico-enterprise_versioned_docs/version-3.18-2/reference/clis/calicoctl/overview.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18-2/reference/clis/calicoctl/overview.mdx
@@ -37,7 +37,7 @@ Usage:
replace Replace a resource by file, directory or stdin.
apply Apply a resource by file, directory or stdin. This creates a resource
if it does not exist, and replaces a resource if it does exists.
- patch Patch a pre-existing resource in place.
+ patch Patch a preexisting resource in place.
delete Delete a resource identified by file, directory, stdin or resource type and
name.
get Get a resource identified by file, directory, stdin or resource type and
@@ -115,7 +115,7 @@ See [Configuring Felix](../../component-resources/node/felix/configuration.mdx)
## Supported resource definition aliases
The following table lists supported aliases for {{prodname}} resources when using `calicoctl`. Note that all aliases
-are **case insensitive**.
+are **case-insensitive**.
| Resource definition | Supported calicoctl aliases |
| :----------------------------------- | :----------------------------------------------------------- |
diff --git a/calico-enterprise_versioned_docs/version-3.18-2/reference/clis/calicoctl/patch.mdx b/calico-enterprise_versioned_docs/version-3.18-2/reference/clis/calicoctl/patch.mdx
index 2cf6c404fb..db187d25bc 100644
--- a/calico-enterprise_versioned_docs/version-3.18-2/reference/clis/calicoctl/patch.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18-2/reference/clis/calicoctl/patch.mdx
@@ -59,7 +59,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to patch a resource that does not exists is treated as a
terminating error unless the --skip-not-exists flag is set. If this flag is
set, resources that do not exist are skipped.
diff --git a/calico-enterprise_versioned_docs/version-3.18-2/reference/component-resources/node/felix/configuration.mdx b/calico-enterprise_versioned_docs/version-3.18-2/reference/component-resources/node/felix/configuration.mdx
index bbf08f5901..88c155839b 100644
--- a/calico-enterprise_versioned_docs/version-3.18-2/reference/component-resources/node/felix/configuration.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18-2/reference/component-resources/node/felix/configuration.mdx
@@ -62,7 +62,7 @@ The full list of parameters which can be set is as follows.
| `HealthEnabled` | `FELIX_HEALTHENABLED` | When enabled, exposes felix health information via an http endpoint. | boolean |
| `HealthHost` | `FELIX_HEALTHHOST` | The address on which Felix will respond to health requests. [Default: `localhost`] | string |
| `HealthPort` | `FELIX_HEALTHPORT` | The port on which Felix will respond to health requests. [Default: `9099`] | int |
-| `HealthTimeoutOverrides` | `FELIX_HEALTHTIMEOUTOVERRIDES` | Allows the internal watchdog timeouts of individual subcomponents to be overriden; example: "InternalDataplaneMainLoop=30s,CalculationGraph=2m". This is useful for working around "false positive" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs. [Default: ``] | Comma-delimited list of key/value pairs where the values are durations: `1s`, `10s`, `5m`, etc. |
+| `HealthTimeoutOverrides` | `FELIX_HEALTHTIMEOUTOVERRIDES` | Allows the internal watchdog timeouts of individual subcomponents to be overridden; example: "InternalDataplaneMainLoop=30s,CalculationGraph=2m". This is useful for working around "false positive" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs. [Default: ``] | Comma-delimited list of key/value pairs where the values are durations: `1s`, `10s`, `5m`, etc. |
| `IpInIpEnabled` | `FELIX_IPINIPENABLED` | Optional, you shouldn't need to change this setting as Felix calculates if IPIP should be enabled based on the existing IP Pools. When set, this overrides whether Felix should configure an IPinIP interface on the host. When explicitly disabled in FelixConfiguration, Felix will not clean up addresses from the `tunl0` interface (use this if you need to add addresses to that interface and don't want to have them removed). [Default: unset] | optional boolean |
| `IpInIpMtu` | `FELIX_IPINIPMTU` | The MTU to set on the IPIP tunnel device. Zero value means auto-detect. See [Configuring MTU](../../../../networking/configuring/mtu.mdx) [Default: `0`] | int |
| `IPv4VXLANTunnelAddr` | | IP address of the IPv4 VXLAN tunnel. This is system configured and should not be updated manually. | string |
@@ -104,7 +104,7 @@ The full list of parameters which can be set is as follows.
#### Feature Gates
-* `BPFConnectTimeLoadBalancingWorkaround` - Use when connect-time loadblalancer (CTLB) is turned off or if you want to turn it off for UDP only. When CTLB is turned off, host networked processes cannot always reach services. This workaround makes sure that they can. When CTLB is turned on, UDP clients may get stuck sending traffic to endpoint that does not exist anymore. So CTLB needs to be turned off sometimes.
+* `BPFConnectTimeLoadBalancingWorkaround` - Use when connect-time loadbalancer (CTLB) is turned off or if you want to turn it off for UDP only. When CTLB is turned off, host networked processes cannot always reach services. This workaround makes sure that they can. When CTLB is turned on, UDP clients may get stuck sending traffic to endpoint that does not exist anymore. So CTLB needs to be turned off sometimes.
* `enabled` - when CTLB is turned off make sure that services are always accessible.
* `udp` - turns off CTLB for UDP only and makes sure that services are always accessible. Preferred setting to make sure that DNS works.
@@ -281,7 +281,7 @@ for 1022 endpoints on the host.
| `L7LogsFileMaxFileSizeMB` | `FELIX_L7LOGSFILEMAXFILESIZEMB` | `100` | The max size in MB of L7 log files before rotation. This parameter only takes effect when `L7LogsFileEnabled` is `true`. |
| `L7LogsFlushInterval` | `FELIX_L7LOGSFLUSHINTERVAL` | `300` | The period, in seconds, at which Felix exports L7 logs. |
| `L7LogsFileAggregationHTTPHeaderInfo` | `FELIX_L7LOGSFILEAGGREGATIONHTTPHEADERINFO` | `ExcludeL7HTTPHeaderInfo` | How to handle HTTP header information for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7HTTPHeaderInfo` and `IncludeL7HTTPHeaderInfo`. |
-| `L7LogsFileAggregationHTTPMethod` | `FELIX_L7LOGSFILEAGGREGATIONHTTPMETHOD` | `IncludeL7HTTPMethod` | How to handle HTTP method data for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7HTTPMethod` and `IncludeL7HTTPMethod`. |
+| `L7LogsFileAggregationHTTPMethod` | `FELIX_L7LOGSFILEAGGREGATIONHTTPMETHOD` | `IncludeL7HTTPMethod` | How to handle HTTP method data for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7HTTPMethod` and `IncludeL7HTTPMethod`. |
| `L7LogsFileAggregationServiceInfo` | `FELIX_L7LOGSFILEAGGREGATIONSERVICEINFO` | `IncludeL7ServiceInfo` | How to handle service information for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7ServiceInfo` and `IncludeL7ServiceInfo`. |
| `L7LogsFileAggregationDestinationInfo` | `FELIX_L7LOGSFILEAGGREGATIONDESTINATIONINFO` | `IncludeL7DestinationInfo` | How to handle destination metadata for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7DestinationInfo` and `IncludeL7DestinationInfo`. |
| `L7LogsFileAggregationSourceInfo` | `FELIX_L7LOGSFILEAGGREGATIONSOURCEINFO` | `IncludeL7SourceInfoNoPort` | How to handle source metadata for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7SourceInfo`, `IncludeL7SourceInfoNoPort`, and `IncludeL7SourceInfo`. |
diff --git a/calico-enterprise_versioned_docs/version-3.18-2/reference/component-resources/node/felix/prometheus.mdx b/calico-enterprise_versioned_docs/version-3.18-2/reference/component-resources/node/felix/prometheus.mdx
index f2260e7131..2391699f9a 100644
--- a/calico-enterprise_versioned_docs/version-3.18-2/reference/component-resources/node/felix/prometheus.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18-2/reference/component-resources/node/felix/prometheus.mdx
@@ -23,13 +23,13 @@ existing metrics.
| `felix_active_local_selectors` | Number of active selectors on this host. |
| `felix_active_local_tags` | Number of active tags on this host. |
| `felix_bpf_conntrack_cleaned` | Number of entries cleaned during a conntrack table sweep. |
-| `felix_bpf_conntrack_cleaned_total` | Total number of entries cleaned during conntrack table sweeps, incremented for each clean individually. |
+| `felix_bpf_conntrack_cleaned_total` | Total number of entries cleaned during conntrack table sweeps, incremented for each clean individually. |
| `felix_bpf_conntrack_expired` | Number of entries cleaned during a conntrack table sweep due to expiration. |
| `felix_bpf_conntrack_expired_total` | Total number of entries cleaned during conntrack table sweep due to expiration - by reason. |
| `felix_bpf_conntrack_inforeader_blocks` | Conntrack InfoReader would-blocks. |
| `felix_bpf_conntrack_stale_nat` | Number of entries cleaned during a conntrack table sweep due to stale NAT. |
| `felix_bpf_conntrack_stale_nat_total` | Total number of entries cleaned during conntrack table sweeps due to stale NAT. |
-| `felix_bpf_conntrack_sweeps` | Number of contrack table sweeps made so far. |
+| `felix_bpf_conntrack_sweeps` | Number of conntrack table sweeps made so far. |
| `felix_bpf_conntrack_used` | Number of used entries visited during a conntrack table sweep. |
| `felix_bpf_conntrack_sweep_duration` | Conntrack sweep execution time (ns). |
| `felix_bpf_num_ip_sets` | Number of BPF IP sets managed in the dataplane. |
diff --git a/calico-enterprise_versioned_docs/version-3.18-2/reference/component-resources/typha/configuration.mdx b/calico-enterprise_versioned_docs/version-3.18-2/reference/component-resources/typha/configuration.mdx
index 0ac2403157..f34a22d77d 100644
--- a/calico-enterprise_versioned_docs/version-3.18-2/reference/component-resources/typha/configuration.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18-2/reference/component-resources/typha/configuration.mdx
@@ -10,7 +10,7 @@ import TabItem from '@theme/TabItem';
-Typha configuration can not be modified when Calico Enterprise is installed via the operator.
+Typha configuration cannot be modified when Calico Enterprise is installed via the operator.
diff --git a/calico-enterprise_versioned_docs/version-3.18-2/reference/installation/_api.mdx b/calico-enterprise_versioned_docs/version-3.18-2/reference/installation/_api.mdx
index 11bfe96cd2..c58cf0c104 100644
--- a/calico-enterprise_versioned_docs/version-3.18-2/reference/installation/_api.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18-2/reference/installation/_api.mdx
@@ -488,7 +488,7 @@ WAFStatusType
WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster.
-When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
+When enabled, Services may opt-in to having ingress traffic examined by ModSecurity.
@@ -4296,7 +4296,7 @@ WAFStatusType
WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster.
-When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
+When enabled, Services may opt-in to having ingress traffic examined by ModSecurity.
@@ -9101,7 +9101,7 @@ int32
(Optional)
-BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from
+BlockSize specifies the CIDR prefix length to use when allocating per-node IP blocks from
the main IP pool CIDR.
Default: 26 (IPv4), 122 (IPv6)
@@ -10022,7 +10022,7 @@ int32
MTU is the most recently observed value for pod network MTU. This may be an explicitly
-configured value, or based on Calico’s native auto-detetion.
+configured value, or based on Calico’s native auto-detection.
diff --git a/calico-enterprise_versioned_docs/version-3.18-2/reference/public-cloud/azure.mdx b/calico-enterprise_versioned_docs/version-3.18-2/reference/public-cloud/azure.mdx
index 91b716ea0a..4d32410b92 100644
--- a/calico-enterprise_versioned_docs/version-3.18-2/reference/public-cloud/azure.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18-2/reference/public-cloud/azure.mdx
@@ -23,7 +23,7 @@ You can use {{prodname}} policy with one of the following networking options.
To configure Azure user-defined routes (UDR):
- Create an [Azure route table][azureudrcreate] and
- associatе it with the VMs subnet.
+ associate it with the VMs subnet.
- Enable [IP forwarding enabled][azureipforward] in your
VM network interfaces.
diff --git a/calico-enterprise_versioned_docs/version-3.18-2/reference/resources/deeppacketinspection.mdx b/calico-enterprise_versioned_docs/version-3.18-2/reference/resources/deeppacketinspection.mdx
index a9e9ea7dda..ed78fec861 100644
--- a/calico-enterprise_versioned_docs/version-3.18-2/reference/resources/deeppacketinspection.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18-2/reference/resources/deeppacketinspection.mdx
@@ -64,10 +64,10 @@ spec:
### Error Conditions
-| Field | Description |
-| ----------- | ------------------------------------------------------------------ |
+| Field | Description |
+| ----------- | ------------------------------------------------------------------- |
| message | Errors preventing deep packet inspection from running successfully. |
-| lastUpdated | Time when the [error](#error-conditions) was updated. |
+| lastUpdated | Time when the [error](#error-conditions) was updated. |
### Selector
diff --git a/calico-enterprise_versioned_docs/version-3.18-2/reference/resources/managedcluster.mdx b/calico-enterprise_versioned_docs/version-3.18-2/reference/resources/managedcluster.mdx
index 27923a8509..13cfb42bc4 100644
--- a/calico-enterprise_versioned_docs/version-3.18-2/reference/resources/managedcluster.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18-2/reference/resources/managedcluster.mdx
@@ -64,9 +64,9 @@ plane and managed plane will be reported as following:
- `True` when both planes have an established connection
- `False` when neither planes have an established connection
-| Field | Description | Accepted Values | Schema | Default |
-| ------ | ------------------------------------------------------------------------- | ------------------------- | ------ | ------------------------- |
-| type | Type of status that is being reported | - | string | `ManagedClusterConnected` |
+| Field | Description | Accepted Values | Schema | Default |
+| ------ | ------------------------------------------------------------------------- | -------------------------- | ------ | ------------------------- |
+| type | Type of status that is being reported | - | string | `ManagedClusterConnected` |
| status | Status of the connection between a Managed cluster and management cluster | `Unknown`, `True`, `False` | string | `Unknown` |
[Multi-cluster management](../../multicluster/set-up-multi-cluster-management/standard-install/create-a-management-cluster.mdx)
diff --git a/calico-enterprise_versioned_docs/version-3.18-2/visibility/elastic/flow/aggregation.mdx b/calico-enterprise_versioned_docs/version-3.18-2/visibility/elastic/flow/aggregation.mdx
index af65bd2fc1..69ade36b7b 100644
--- a/calico-enterprise_versioned_docs/version-3.18-2/visibility/elastic/flow/aggregation.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18-2/visibility/elastic/flow/aggregation.mdx
@@ -97,9 +97,9 @@ When viewing traffic flows, note that **null values** for `source_ip` and `dest_
The following table summarizes the aggregation levels by flow log traffic.
| Flow log aggregation by... | Available for... | Aggregates all flows that share... |
-| --------------------------- | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| Pod prefix | Allowed and denied traffic (default is allowed) | `FlowLogsFileAggregationKindForAllowed` **0**, No aggregation **1**, A source port on each node. **2, (default)** Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
-| Source port | Allowed and denied traffic | `FlowLogsFileAggregationKindForAllowed` `FlowLogsFileAggregationKindForDenied` **0**, No aggregation **1, (default)** Source port on each node. **2**, Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
+| -------------------------- | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Pod prefix | Allowed and denied traffic (default is allowed) | `FlowLogsFileAggregationKindForAllowed` **0**, No aggregation **1**, A source port on each node. **2, (default)** Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
+| Source port | Allowed and denied traffic | `FlowLogsFileAggregationKindForAllowed` `FlowLogsFileAggregationKindForDenied` **0**, No aggregation **1, (default)** Source port on each node. **2**, Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
## How to
diff --git a/calico-enterprise_versioned_docs/version-3.18-2/visibility/elastic/flow/datatypes.mdx b/calico-enterprise_versioned_docs/version-3.18-2/visibility/elastic/flow/datatypes.mdx
deleted file mode 100644
index 9f57229655..0000000000
--- a/calico-enterprise_versioned_docs/version-3.18-2/visibility/elastic/flow/datatypes.mdx
+++ /dev/null
@@ -1,103 +0,0 @@
----
-description: Data that Calico Enterprise sends to Elasticsearch.
----
-
-# Flow log data types
-
-## Big picture
-
-{{prodname}} sends the following data to Elasticsearch.
-
-The following table details the key/value pairs in the JSON blob, including their [Elasticsearch datatype](https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-types.html).
-
-| Name | Datatype | Description |
-| --------------------------------- | ----------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `host` | keyword | Name of the node that collected the flow log entry. |
-| `start_time` | date | Start time of log collection in UNIX timestamp format. |
-| `end_time` | date | End time of log collection in UNIX timestamp format. |
-| `action` | keyword | - `allow`: {{prodname}} accepted the flow. - `deny`: {{prodname}} denied the flow. |
-| `bytes_in` | long | Number of incoming bytes since the last export. |
-| `bytes_out` | long | Number of outgoing bytes since the last export. |
-| `dest_ip` | ip | IP address of the destination pod. A null value indicates aggregation. |
-| `dest_name` | keyword | Contains one of the following values: - Name of the destination pod. - Name of the pod that was aggregated or the endpoint is not a pod. Check dest_name_aggr for more information, such as the name of the pod if it was aggregated. |
-| `dest_name_aggr` | keyword | Contains one of the following values: - Aggregated name of the destination pod. - `pvt`: endpoint is not a pod. Its IP address belongs to a private subnet. - `pub`: endpoint is not a pod. Its IP address does not belong to a private subnet. It is probably an endpoint on the public internet. |
-| `dest_namespace` | keyword | Namespace of the destination endpoint. A `-` means the endpoint is not namespaced. |
-| `dest_port` | long | Destination port. Not applicable for ICMP packets. |
-| `dest_service_name` | keyword | Name of the destination service. A `-` means the original destination did not correspond to a known Kubernetes service (e.g. a services ClusterIP). |
-| `dest_service_namespace` | keyword | Namespace of the destination service. A `-` means the original destination did not correspond to a known Kubernetes service (e.g. a services ClusterIP). |
-| `dest_service_port` | keyword | Port name of the destination service. A `-` means : - the original destination did not correspond to a known Kubernetes service (e.g. a services ClusterIP), or - the destination port is aggregated. A `*` means there are multiple service port names matching the destination port number. |
-| `dest_type` | keyword | Destination endpoint type. Possible values: - `wep`: A workload endpoint, a pod in Kubernetes. - `ns`: A Networkset. If multiple Networksets match, then the one with the longest prefix match is chosen. - `net`: A Network. The IP address did not fall into a known endpoint type. |
-| `dest_labels` | array of keywords | Labels applied to the destination pod. A hyphen indicates aggregation. |
-| `dest_domains` | array of keywords | Top level domains associated with the destination IP. Only valid for source reported flows to destinations external to the cluster. Please note that `dest_domains: ["A"]` does not necessarily mean that this flow describes a connection to domain name `A`. It just means that the destination IP is known to be associated with domain name `A` - but it might also be associated with other domain names as well (that Calico has not yet been able to capture). |
-| `reporter` | keyword | - `src`: flow came from the pod that initiated the connection. - `dst`: flow came from the pod that received the initial connection. |
-| `num_flows` | long | Number of flows aggregated into this entry during this export interval. |
-| `num_flows_completed` | long | Number of flows that were completed during the export interval. |
-| `num_flows_started` | long | Number of flows that were started during the export interval. |
-| `num_process_names` | long | Number of unique process names aggregated into this entry during this export interval. |
-| `num_process_ids` | long | Number of unique process ids aggregated into this entry during this export interval. |
-| `num_process_args` | long | Number of unique process args aggregated into this entry during this export interval. |
-| `nat_outgoing_ports` | array of ints | List of [NAT](https://en.wikipedia.org/wiki/Network_address_translation) outgoing ports for the packets that were Source NAT'd in the flow |
-| `packets_in` | long | Number of incoming packets since the last export. |
-| `packets_out` | long | Number of outgoing packets since the last export. |
-| `proto` | keyword | Protocol. |
-| `policies` | array of keywords | List of policies that interacted with this flow. See [Format of the policies field](#format-of-the-policies-field). |
-| `process_name` | keyword | The name of the process that initiated or received the connection or connection request. This field will have the executable path if flowLogsCollectProcessPath is enabled. A "-" indicates that the process name is not logged. A "\*" indicates that the per flow process limit has exceeded and the process names are now aggregated. |
-| `process_id` | keyword | The process ID of the corresponding process (indicated by the `process_name` field) that initiated or received the connection or connection request. A "-" indicates that the process ID is not logged. A "\*" indicates that there are more than one unique process IDs for the corresponding process name. |
-| `process_args` | array of strings | The arguments with which the executable was invoked. The size of the list depends on the per flow process args limit. |
-| `source_ip` | ip | IP address of the source pod. A null value indicates aggregation. |
-| `source_name` | keyword | Contains one of the following values: - Name of the source pod. - Name of the pod that was aggregated or the endpoint is not a pod. Check source_name_aggr for more information, such as the name of the pod if it was aggregated. |
-| `source_name_aggr` | keyword | Contains one of the following values: - Aggregated name of the source pod. - `pvt`: Endpoint is not a pod. Its IP address belongs to a private subnet. - `pub`: the endpoint is not a pod. Its IP address does not belong to a private subnet. It is probably an endpoint on the public internet. |
-| `source_namespace` | keyword | Namespace of the source endpoint. A `-` means the endpoint is not namespaced. |
-| `source_port` | long | Source port. A null value indicates aggregation. |
-| `source_type` | keyword | The type of source endpoint. Possible values: - `wep`: A workload endpoint, a pod in Kubernetes. - `ns`: A Networkset. If multiple Networksets match, then the one with the longest prefix match is chosen. - `net`: A Network. The IP address did not fall into a known endpoint type. |
-| `source_labels` | array of keywords | Labels applied to the source pod. A hyphen indicates aggregation. |
-| `original_source_ips` | array of ips | List of external IP addresses collected from requests made to the cluster through an ingress resource. This field is only available if capturing external IP addresses is configured. |
-| `num_original_source_ips` | long | Number of unique external IP addresses collected from requests made to the cluster through an ingress resource. This count includes the IP addresses included in the `original_source_ips` field. This field is only available if capturing external IP addresses is configured. |
-| `tcp_mean_send_congestion_window` | long | Mean tcp send congestion window size. This field is only available if flowLogsEnableTcpStats is enabled |
-| `tcp_min_send_congestion_window` | long | Minimum tcp send congestion window size. This field is only available if flowLogsEnableTcpStats is enabled |
-| `tcp_mean_smooth_rtt` | long | Mean smooth RTT in micro seconds. This field is only available if flowLogsEnableTcpStats is enabled |
-| `tcp_max_smooth_rtt` | long | Maximum smooth RTT in micro seconds. This field is only available if flowLogsEnableTcpStats is enabled |
-| `tcp_mean_min_rtt` | long | Mean MinRTT in micro seconds. This field is only available if flowLogsEnableTcpStats is enabled |
-| `tcp_max_min_rtt` | long | Maximum MinRTT in micro seconds. This field is only available if flowLogsEnableTcpStats is enabled |
-| `tcp_mean_mss` | long | Mean TCP MSS. This field is only available if flowLogsEnableTcpStats is enabled |
-| `tcp_min_mss` | long | Minimum TCP MSS. This field is only available if flowLogsEnableTcpStats is enabled |
-| `tcp_total_retransmissions` | long | Total retransmitted packets. This field is only available if flowLogsEnableTcpStats is enabled |
-| `tcp_lost_packets` | long | Total lost packets. This field is only available if flowLogsEnableTcpStats is enabled |
-| `tcp_unrecovered_to` | long | Total unrecovered timeouts. This field is only available if flowLogsEnableTcpStats is enabled |
-
-### Format of the policies field
-
-The `policies` field contains a comma-delimited list of policy rules that matched the flow. Each entry in the
-list has the following format:
-
-```
-||||
-```
-
-Where,
-
-* `` numbers the order in which the rules were hit, starting with `0`.
- :::tip
- Sort the entries of the list by the `` to see the order that rules were hit. The entries are displayed in
- random order due to the way they are stored in the datastore.
- :::
-
-* `` is the name of the policy tier containing the policy, or `__PROFILE__` for a rule derived from a
- `Profile` resource (this is the internal datatype used to represent a Kubernetes namespace and its associated
- "default allow" rule).
-* `` is the name of the policy/profile; its format depends on the type of policy:
-
- * `.` for {{prodname}} `GlobalNetworkPolicy`.
- * `/knp.default.` for Kubernetes `NetworkPolicy`.
- * `/.` for {{prodname}} `NetworkPolicy`.
-
- Staged policy names are prefixed with "staged:".
-
-* `` is the action performed by the rule; one of `allow`, `deny`, `pass`.
-* `` if non-negative, is the index of the rule that was matched within the policy, starting with 0.
- Otherwise, a special value:
-
- * `-1` means the reporting endpoint was selected by the policy but no rule matched. The traffic hit the default
- action for the tier. In this case, the `` is selected arbitrarily from the set of policies within
- the tier that apply to the endpoint.
- * `-2` means "unknown". The rule index was not recorded.
diff --git a/calico-enterprise_versioned_docs/version-3.18/_includes/components/InstallEKS.js b/calico-enterprise_versioned_docs/version-3.18/_includes/components/InstallEKS.js
index 6f7ec74e0a..fd7ba4ecb6 100644
--- a/calico-enterprise_versioned_docs/version-3.18/_includes/components/InstallEKS.js
+++ b/calico-enterprise_versioned_docs/version-3.18/_includes/components/InstallEKS.js
@@ -138,7 +138,7 @@ spec:
plane nodes will not be able to initiate network connections to {prodname} pods. (This is a general limitation
of EKS's custom networking support, not specific to {prodname}.) As a workaround, trusted pods that require
control plane nodes to connect to them, such as those implementing admission controller webhooks, can include{' '}
- hostNetwork:true in their pod spec. See the Kuberentes API{' '}
+ hostNetwork:true in their pod spec. See the Kubernetes API{' '}
pod spec
{' '}
diff --git a/calico-enterprise_versioned_docs/version-3.18/getting-started/install-on-clusters/aws.mdx b/calico-enterprise_versioned_docs/version-3.18/getting-started/install-on-clusters/aws.mdx
index 15d5633700..09f4d051ac 100644
--- a/calico-enterprise_versioned_docs/version-3.18/getting-started/install-on-clusters/aws.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18/getting-started/install-on-clusters/aws.mdx
@@ -86,7 +86,7 @@ To use kOps to create a cluster with {{prodname}} networking and network policy:
:::
-1. The provisioned kOps cluster will assign it's own set of pod network CIDR in the kube-proxy instance different than the one {{prodname}} expects. To set the cluster cidr for the kube-proxy to match the one expected by {{prodname}} edit the cluster config `kops edit cluster ` and add the `kubeProxy` config with the `clusterCIDR` expected by the default {{prodname}} installation.
+1. The provisioned kOps cluster will assign its own set of pod network CIDR in the kube-proxy instance different than the one {{prodname}} expects. To set the cluster cidr for the kube-proxy to match the one expected by {{prodname}} edit the cluster config `kops edit cluster ` and add the `kubeProxy` config with the `clusterCIDR` expected by the default {{prodname}} installation.
```yaml noValidation
spec:
diff --git a/calico-enterprise_versioned_docs/version-3.18/getting-started/install-on-clusters/requirements.mdx b/calico-enterprise_versioned_docs/version-3.18/getting-started/install-on-clusters/requirements.mdx
index f5664735f1..414786c466 100644
--- a/calico-enterprise_versioned_docs/version-3.18/getting-started/install-on-clusters/requirements.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18/getting-started/install-on-clusters/requirements.mdx
@@ -14,11 +14,11 @@ This installation must use the Kubernetes default CNI configuration directory (`
## Other network providers
-Generally, you can not use {{prodname}} together with another network provider.
+Generally, you cannot use {{prodname}} together with another network provider.
Notable exceptions include certain platform-specific CNIs, such as the [AWS VPC CNI](https://github.com/aws/amazon-vpc-cni-k8s/blob/master/README.md) and [Azure VNET CNI](https://github.com/Azure/azure-container-networking/blob/master/docs/cni.md) plugins.
-If you're working with a cluster that already uses another CNI, you can not migrate to {{prodname}}.
+If you're working with a cluster that already uses another CNI, you cannot migrate to {{prodname}}.
## Supported kube-proxy modes
diff --git a/calico-enterprise_versioned_docs/version-3.18/network-policy/beginners/calico-network-policy.mdx b/calico-enterprise_versioned_docs/version-3.18/network-policy/beginners/calico-network-policy.mdx
index 6dbb5bae8f..bfe24c3c87 100644
--- a/calico-enterprise_versioned_docs/version-3.18/network-policy/beginners/calico-network-policy.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18/network-policy/beginners/calico-network-policy.mdx
@@ -49,7 +49,7 @@ metadata:
name: allow-tcp-port-6379
```
-Because global network policies use **kind: GlobalNetworkPolicy**, they are grouped seperately from **kind: NetworkPolicy**. For example, global network policies will not be returned from `kubectl get networkpolicy.p`, and are rather returned from `kubectl get globalnetworkpolicy`.
+Because global network policies use **kind: GlobalNetworkPolicy**, they are grouped separately from **kind: NetworkPolicy**. For example, global network policies will not be returned from `kubectl get networkpolicy.p`, and are rather returned from `kubectl get globalnetworkpolicy`.
### Ingress and egress
diff --git a/calico-enterprise_versioned_docs/version-3.18/network-policy/get-started/kubernetes-demo.mdx b/calico-enterprise_versioned_docs/version-3.18/network-policy/get-started/kubernetes-demo.mdx
index 61dfb32b0c..6bd390dbf3 100644
--- a/calico-enterprise_versioned_docs/version-3.18/network-policy/get-started/kubernetes-demo.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18/network-policy/get-started/kubernetes-demo.mdx
@@ -67,7 +67,7 @@ kubectl create -f {{tutorialFilesURL}}/allow-ui.yaml
kubectl create -f {{tutorialFilesURL}}/allow-ui-client.yaml
```
-After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other any more.
+After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other anymore.
### 4) Create the backend-policy.yaml file to allow traffic from the frontend to the backend
diff --git a/calico-enterprise_versioned_docs/version-3.18/network-policy/hosts/host-forwarded-traffic.mdx b/calico-enterprise_versioned_docs/version-3.18/network-policy/hosts/host-forwarded-traffic.mdx
index ae65428f74..edef086c7f 100644
--- a/calico-enterprise_versioned_docs/version-3.18/network-policy/hosts/host-forwarded-traffic.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18/network-policy/hosts/host-forwarded-traffic.mdx
@@ -110,7 +110,7 @@ spec:
- 22
```
-Save this as allow-ssh-maintenace.yaml.
+Save this as allow-ssh-maintenance.yaml.
Apply the policy to the cluster:
diff --git a/calico-enterprise_versioned_docs/version-3.18/network-policy/hosts/protect-hosts.mdx b/calico-enterprise_versioned_docs/version-3.18/network-policy/hosts/protect-hosts.mdx
index 8aab3e501f..c4d4031a54 100644
--- a/calico-enterprise_versioned_docs/version-3.18/network-policy/hosts/protect-hosts.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18/network-policy/hosts/protect-hosts.mdx
@@ -24,7 +24,7 @@ Each host has one or more network interfaces that it uses to communicate externa
### Failsafe rules
-It is easy to inadvertently cut all host connectivity because of non-existent or misconfigured network policy. To avoid this, {{prodname}} provides failsafe rules with default/configurable ports that are open on all host endpoints.
+It is easy to inadvertently cut all host connectivity because of nonexistent or misconfigured network policy. To avoid this, {{prodname}} provides failsafe rules with default/configurable ports that are open on all host endpoints.
### Default behavior of workload to host traffic
@@ -58,7 +58,7 @@ If you are already running {{prodname}} for Kubernetes, you are good to go. If y
### Avoid accidentally cutting all host connectivity
-To avoid inadvertently cutting all host connectivity because of non-existent or misconfigured network policy, {{prodname}} uses failsafe rules that open specific ports and CIDRs on all host endpoints.
+To avoid inadvertently cutting all host connectivity because of nonexistent or misconfigured network policy, {{prodname}} uses failsafe rules that open specific ports and CIDRs on all host endpoints.
Review the following table to determine if the defaults work for your implementation. If not, change the default ports using the parameters, **FailsafeInboundHostPorts** and **FailsafeOutboundHostPorts** in [Configuring Felix](../../reference/component-resources/node/felix/configuration.mdx#environment-variables).
diff --git a/calico-enterprise_versioned_docs/version-3.18/operations/clis/calicoctl/install.mdx b/calico-enterprise_versioned_docs/version-3.18/operations/clis/calicoctl/install.mdx
index 15d816db17..3f238b93c1 100644
--- a/calico-enterprise_versioned_docs/version-3.18/operations/clis/calicoctl/install.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18/operations/clis/calicoctl/install.mdx
@@ -122,8 +122,8 @@ to a location that's in your `PATH`. For example, `C:\Windows`.
{'{{version}}' === 'master'
- ? `Invoke-WebRequest -Uri "{{filesUrl}}/download/binaries/${version}/calicoctl-windows-amd64.exe" -OutFile "calicocttl.exe"`
- : `Invoke-WebRequest -Uri "{{downloadsurl}}/ee/binaries/${version}/calicoctl-windows-amd64.exe" -OutFile "calicocttl.exe"`}
+ ? `Invoke-WebRequest -Uri "{{filesUrl}}/download/binaries/${version}/calicoctl-windows-amd64.exe" -OutFile "calicoctl.exe"`
+ : `Invoke-WebRequest -Uri "{{downloadsurl}}/ee/binaries/${version}/calicoctl-windows-amd64.exe" -OutFile "calicoctl.exe"`}
diff --git a/calico-enterprise_versioned_docs/version-3.18/operations/ebpf/enabling-ebpf.mdx b/calico-enterprise_versioned_docs/version-3.18/operations/ebpf/enabling-ebpf.mdx
index 6b2dc553dd..392a70873c 100644
--- a/calico-enterprise_versioned_docs/version-3.18/operations/ebpf/enabling-ebpf.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18/operations/ebpf/enabling-ebpf.mdx
@@ -186,7 +186,7 @@ resource to `"BPF"`.
kubectl patch installation.operator.tigera.io default --type merge -p '{"spec":{"calicoNetwork":{"linuxDataplane":"BPF"}}}'
```
-When enabling eBPF mode, pre-existing connections continue to use the non-BPF datapath; such connections should
+When enabling eBPF mode, preexisting connections continue to use the non-BPF datapath; such connections should
not be disrupted, but they do not benefit from eBPF mode’s advantages.
:::note
diff --git a/calico-enterprise_versioned_docs/version-3.18/operations/monitor/metrics/elasticsearch-and-fluentd-metrics.mdx b/calico-enterprise_versioned_docs/version-3.18/operations/monitor/metrics/elasticsearch-and-fluentd-metrics.mdx
index dc845982b1..e1255928ce 100644
--- a/calico-enterprise_versioned_docs/version-3.18/operations/monitor/metrics/elasticsearch-and-fluentd-metrics.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18/operations/monitor/metrics/elasticsearch-and-fluentd-metrics.mdx
@@ -82,7 +82,7 @@ investigation."
severity: Critical
annotations:
summary: "Elasticsearch pod {{$labels.name}}'s disk space is critically low."
- description: "Elasticsearch pod {{$labels.name}} in Elasticsearch cluster {{$labels.name}} has less then 10% of
+ description: "Elasticsearch pod {{$labels.name}} in Elasticsearch cluster {{$labels.name}} has less than 10% of
free disk space left. To avoid service disruption review the LogStorage resource limits and curation settings."
- alert: ElasticsearchPodLowDiskSpace
expr: elasticsearch_filesystem_data_available_bytes / elasticsearch_filesystem_data_size_bytes < 0.25
@@ -90,7 +90,7 @@ free disk space left. To avoid service disruption review the LogStorage resource
severity: Warning
annotations:
summary: "Elasticsearch pod {{$labels.name}}'s disk space is getting low."
- description: "Elasticsearch pod {{$labels.name}} in Elasticsearch cluster {{$labels.name}} has less then 25% of
+ description: "Elasticsearch pod {{$labels.name}} in Elasticsearch cluster {{$labels.name}} has less than 25% of
free disk space left. To avoid service disruption review the LogStorage resource limits and curation settings."
- alert: ElasticsearchConsistentlyHighCPUUsage
expr: avg_over_time(elasticsearch_os_cpu_percent[10m]) > 90
diff --git a/calico-enterprise_versioned_docs/version-3.18/reference/architecture/design/l2-interconnect-fabric.mdx b/calico-enterprise_versioned_docs/version-3.18/reference/architecture/design/l2-interconnect-fabric.mdx
index 9d91a6386b..a0c6c5388a 100644
--- a/calico-enterprise_versioned_docs/version-3.18/reference/architecture/design/l2-interconnect-fabric.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18/reference/architecture/design/l2-interconnect-fabric.mdx
@@ -50,7 +50,7 @@ context.
In a classical Ethernet data center fabric, there is a _churn_ event each time an endpoint is created,
destroyed, or moved. In a large data center, with hundreds of thousands of endpoints, this _churn_ could run into tens of events per second, every second of the day, with peaks easily in the hundreds or thousands of events per second. In a {{prodname}} network, however, the _churn_ is very low. The only event that would lead to _churn_
- orders of magnitude more than what is normally experienced), there would only be two thousand events per **day**. Any switch that can not handle that volume of change in the network should not be used
+ orders of magnitude more than what is normally experienced), there would only be two thousand events per **day**. Any switch that cannot handle that volume of change in the network should not be used
for any application.
- High volume of broadcast traffic
@@ -87,7 +87,7 @@ In this diagram, each ToR is segmented into four logical switches (possibly by u
Each plane would constitute an IP network, so the blue plane would be 2001:db8:1000::/36, the green would be 2001:db8:2000::/36, and the orange and red planes would be 2001:db8:3000::/36 and 2001:db8:4000::/36 respectively ([note 3](#note-3)).
-Each IP network (plane) requires it's own BGP route reflectors. Those route reflectors need to be peered with each other within the plane, but the route reflectors in each plane do not need to be peered with one another. Therefore, a fabric of four planes would have four route reflector meshes. Each compute server, border router, _etc._ would need
+Each IP network (plane) requires its own BGP route reflectors. Those route reflectors need to be peered with each other within the plane, but the route reflectors in each plane do not need to be peered with one another. Therefore, a fabric of four planes would have four route reflector meshes. Each compute server, border router, _etc._ would need
to be a route reflector client of at least one route reflector in each plane, and very preferably two or more in each plane.
The following diagram visualizes the route reflector environment.
diff --git a/calico-enterprise_versioned_docs/version-3.18/reference/clis/calicoctl/delete.mdx b/calico-enterprise_versioned_docs/version-3.18/reference/clis/calicoctl/delete.mdx
index 4bb2230e38..90fef1663a 100644
--- a/calico-enterprise_versioned_docs/version-3.18/reference/clis/calicoctl/delete.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18/reference/clis/calicoctl/delete.mdx
@@ -78,7 +78,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to delete a resource that does not exists is treated as a
terminating error unless the --skip-not-exists flag is set. If this flag is
diff --git a/calico-enterprise_versioned_docs/version-3.18/reference/clis/calicoctl/get.mdx b/calico-enterprise_versioned_docs/version-3.18/reference/clis/calicoctl/get.mdx
index 18b6406b61..d0213695a7 100644
--- a/calico-enterprise_versioned_docs/version-3.18/reference/clis/calicoctl/get.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18/reference/clis/calicoctl/get.mdx
@@ -81,7 +81,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to get resources that do not exist will simply return no results.
diff --git a/calico-enterprise_versioned_docs/version-3.18/reference/clis/calicoctl/label.mdx b/calico-enterprise_versioned_docs/version-3.18/reference/clis/calicoctl/label.mdx
index 48c684f65c..29f892c06e 100644
--- a/calico-enterprise_versioned_docs/version-3.18/reference/clis/calicoctl/label.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18/reference/clis/calicoctl/label.mdx
@@ -52,10 +52,10 @@ Options:
--overwrite If true, overwrite the value when the key is already
present in labels. Otherwise reports error when the
labeled resource already have the key in its labels.
- Can not be used with --remove.
+ Cannot be used with --remove.
--remove If true, remove the specified key in labels of the
resource. Reports error when specified key does not
- exist. Can not be used with --overwrite.
+ exist. Cannot be used with --overwrite.
--context= The name of the kubeconfig context to use.
Description:
@@ -75,7 +75,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to label resources that do not exist will get an error.
@@ -133,10 +133,10 @@ Description:
--overwrite If true, overwrite the value when the key is already
present in labels. Otherwise reports error when the
labeled resource already have the key in its labels.
- Can not be used with --remove.
+ Cannot be used with --remove.
--remove If true, remove the specified key in labels of the
resource. Reports error when specified key does not
- exist. Can not be used with --overwrite.
+ exist. Cannot be used with --overwrite.
```
### General options
diff --git a/calico-enterprise_versioned_docs/version-3.18/reference/clis/calicoctl/node/run.mdx b/calico-enterprise_versioned_docs/version-3.18/reference/clis/calicoctl/node/run.mdx
index 0368cc597c..6f1bff857c 100644
--- a/calico-enterprise_versioned_docs/version-3.18/reference/clis/calicoctl/node/run.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18/reference/clis/calicoctl/node/run.mdx
@@ -100,7 +100,7 @@ Options:
system.
--no-default-ippools Do not create default pools upon startup.
Default IP pools will be created if this is not set
- and there are no pre-existing Calico IP pools.
+ and there are no preexisting Calico IP pools.
--disable-docker-networking
Disable Docker networking.
--docker-networking-ifprefix=
@@ -342,7 +342,7 @@ terminating `,` character does not need to be specified for those cases.
system.
--no-default-ippools Do not create default pools upon startup.
Default IP pools will be created if this is not set
- and there are no pre-existing Calico IP pools.
+ and there are no preexisting Calico IP pools.
--disable-docker-networking
Disable Docker networking.
--docker-networking-ifprefix=
diff --git a/calico-enterprise_versioned_docs/version-3.18/reference/clis/calicoctl/overview.mdx b/calico-enterprise_versioned_docs/version-3.18/reference/clis/calicoctl/overview.mdx
index 8a2528b64f..30ff8fee91 100644
--- a/calico-enterprise_versioned_docs/version-3.18/reference/clis/calicoctl/overview.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18/reference/clis/calicoctl/overview.mdx
@@ -37,7 +37,7 @@ Usage:
replace Replace a resource by file, directory or stdin.
apply Apply a resource by file, directory or stdin. This creates a resource
if it does not exist, and replaces a resource if it does exists.
- patch Patch a pre-existing resource in place.
+ patch Patch a preexisting resource in place.
delete Delete a resource identified by file, directory, stdin or resource type and
name.
get Get a resource identified by file, directory, stdin or resource type and
@@ -115,7 +115,7 @@ See [Configuring Felix](../../component-resources/node/felix/configuration.mdx)
## Supported resource definition aliases
The following table lists supported aliases for {{prodname}} resources when using `calicoctl`. Note that all aliases
-are **case insensitive**.
+are **case-insensitive**.
| Resource definition | Supported calicoctl aliases |
| :----------------------------------- | :----------------------------------------------------------- |
diff --git a/calico-enterprise_versioned_docs/version-3.18/reference/clis/calicoctl/patch.mdx b/calico-enterprise_versioned_docs/version-3.18/reference/clis/calicoctl/patch.mdx
index 2cf6c404fb..db187d25bc 100644
--- a/calico-enterprise_versioned_docs/version-3.18/reference/clis/calicoctl/patch.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18/reference/clis/calicoctl/patch.mdx
@@ -59,7 +59,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to patch a resource that does not exists is treated as a
terminating error unless the --skip-not-exists flag is set. If this flag is
set, resources that do not exist are skipped.
diff --git a/calico-enterprise_versioned_docs/version-3.18/reference/component-resources/node/felix/configuration.mdx b/calico-enterprise_versioned_docs/version-3.18/reference/component-resources/node/felix/configuration.mdx
index bbf08f5901..88c155839b 100644
--- a/calico-enterprise_versioned_docs/version-3.18/reference/component-resources/node/felix/configuration.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18/reference/component-resources/node/felix/configuration.mdx
@@ -62,7 +62,7 @@ The full list of parameters which can be set is as follows.
| `HealthEnabled` | `FELIX_HEALTHENABLED` | When enabled, exposes felix health information via an http endpoint. | boolean |
| `HealthHost` | `FELIX_HEALTHHOST` | The address on which Felix will respond to health requests. [Default: `localhost`] | string |
| `HealthPort` | `FELIX_HEALTHPORT` | The port on which Felix will respond to health requests. [Default: `9099`] | int |
-| `HealthTimeoutOverrides` | `FELIX_HEALTHTIMEOUTOVERRIDES` | Allows the internal watchdog timeouts of individual subcomponents to be overriden; example: "InternalDataplaneMainLoop=30s,CalculationGraph=2m". This is useful for working around "false positive" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs. [Default: ``] | Comma-delimited list of key/value pairs where the values are durations: `1s`, `10s`, `5m`, etc. |
+| `HealthTimeoutOverrides` | `FELIX_HEALTHTIMEOUTOVERRIDES` | Allows the internal watchdog timeouts of individual subcomponents to be overridden; example: "InternalDataplaneMainLoop=30s,CalculationGraph=2m". This is useful for working around "false positive" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs. [Default: ``] | Comma-delimited list of key/value pairs where the values are durations: `1s`, `10s`, `5m`, etc. |
| `IpInIpEnabled` | `FELIX_IPINIPENABLED` | Optional, you shouldn't need to change this setting as Felix calculates if IPIP should be enabled based on the existing IP Pools. When set, this overrides whether Felix should configure an IPinIP interface on the host. When explicitly disabled in FelixConfiguration, Felix will not clean up addresses from the `tunl0` interface (use this if you need to add addresses to that interface and don't want to have them removed). [Default: unset] | optional boolean |
| `IpInIpMtu` | `FELIX_IPINIPMTU` | The MTU to set on the IPIP tunnel device. Zero value means auto-detect. See [Configuring MTU](../../../../networking/configuring/mtu.mdx) [Default: `0`] | int |
| `IPv4VXLANTunnelAddr` | | IP address of the IPv4 VXLAN tunnel. This is system configured and should not be updated manually. | string |
@@ -104,7 +104,7 @@ The full list of parameters which can be set is as follows.
#### Feature Gates
-* `BPFConnectTimeLoadBalancingWorkaround` - Use when connect-time loadblalancer (CTLB) is turned off or if you want to turn it off for UDP only. When CTLB is turned off, host networked processes cannot always reach services. This workaround makes sure that they can. When CTLB is turned on, UDP clients may get stuck sending traffic to endpoint that does not exist anymore. So CTLB needs to be turned off sometimes.
+* `BPFConnectTimeLoadBalancingWorkaround` - Use when connect-time loadbalancer (CTLB) is turned off or if you want to turn it off for UDP only. When CTLB is turned off, host networked processes cannot always reach services. This workaround makes sure that they can. When CTLB is turned on, UDP clients may get stuck sending traffic to endpoint that does not exist anymore. So CTLB needs to be turned off sometimes.
* `enabled` - when CTLB is turned off make sure that services are always accessible.
* `udp` - turns off CTLB for UDP only and makes sure that services are always accessible. Preferred setting to make sure that DNS works.
@@ -281,7 +281,7 @@ for 1022 endpoints on the host.
| `L7LogsFileMaxFileSizeMB` | `FELIX_L7LOGSFILEMAXFILESIZEMB` | `100` | The max size in MB of L7 log files before rotation. This parameter only takes effect when `L7LogsFileEnabled` is `true`. |
| `L7LogsFlushInterval` | `FELIX_L7LOGSFLUSHINTERVAL` | `300` | The period, in seconds, at which Felix exports L7 logs. |
| `L7LogsFileAggregationHTTPHeaderInfo` | `FELIX_L7LOGSFILEAGGREGATIONHTTPHEADERINFO` | `ExcludeL7HTTPHeaderInfo` | How to handle HTTP header information for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7HTTPHeaderInfo` and `IncludeL7HTTPHeaderInfo`. |
-| `L7LogsFileAggregationHTTPMethod` | `FELIX_L7LOGSFILEAGGREGATIONHTTPMETHOD` | `IncludeL7HTTPMethod` | How to handle HTTP method data for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7HTTPMethod` and `IncludeL7HTTPMethod`. |
+| `L7LogsFileAggregationHTTPMethod` | `FELIX_L7LOGSFILEAGGREGATIONHTTPMETHOD` | `IncludeL7HTTPMethod` | How to handle HTTP method data for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7HTTPMethod` and `IncludeL7HTTPMethod`. |
| `L7LogsFileAggregationServiceInfo` | `FELIX_L7LOGSFILEAGGREGATIONSERVICEINFO` | `IncludeL7ServiceInfo` | How to handle service information for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7ServiceInfo` and `IncludeL7ServiceInfo`. |
| `L7LogsFileAggregationDestinationInfo` | `FELIX_L7LOGSFILEAGGREGATIONDESTINATIONINFO` | `IncludeL7DestinationInfo` | How to handle destination metadata for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7DestinationInfo` and `IncludeL7DestinationInfo`. |
| `L7LogsFileAggregationSourceInfo` | `FELIX_L7LOGSFILEAGGREGATIONSOURCEINFO` | `IncludeL7SourceInfoNoPort` | How to handle source metadata for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7SourceInfo`, `IncludeL7SourceInfoNoPort`, and `IncludeL7SourceInfo`. |
diff --git a/calico-enterprise_versioned_docs/version-3.18/reference/component-resources/node/felix/prometheus.mdx b/calico-enterprise_versioned_docs/version-3.18/reference/component-resources/node/felix/prometheus.mdx
index e234fc63ff..76a92eee6a 100644
--- a/calico-enterprise_versioned_docs/version-3.18/reference/component-resources/node/felix/prometheus.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18/reference/component-resources/node/felix/prometheus.mdx
@@ -23,13 +23,13 @@ existing metrics.
| `felix_active_local_selectors` | Number of active selectors on this host. |
| `felix_active_local_tags` | Number of active tags on this host. |
| `felix_bpf_conntrack_cleaned` | Number of entries cleaned during a conntrack table sweep. |
-| `felix_bpf_conntrack_cleaned_total` | Total number of entries cleaned during conntrack table sweeps, incremented for each clean individually. |
+| `felix_bpf_conntrack_cleaned_total` | Total number of entries cleaned during conntrack table sweeps, incremented for each clean individually. |
| `felix_bpf_conntrack_expired` | Number of entries cleaned during a conntrack table sweep due to expiration. |
| `felix_bpf_conntrack_expired_total` | Total number of entries cleaned during conntrack table sweep due to expiration - by reason. |
| `felix_bpf_conntrack_inforeader_blocks` | Conntrack InfoReader would-blocks. |
| `felix_bpf_conntrack_stale_nat` | Number of entries cleaned during a conntrack table sweep due to stale NAT. |
| `felix_bpf_conntrack_stale_nat_total` | Total number of entries cleaned during conntrack table sweeps due to stale NAT. |
-| `felix_bpf_conntrack_sweeps` | Number of contrack table sweeps made so far. |
+| `felix_bpf_conntrack_sweeps` | Number of conntrack table sweeps made so far. |
| `felix_bpf_conntrack_used` | Number of used entries visited during a conntrack table sweep. |
| `felix_bpf_conntrack_sweep_duration` | Conntrack sweep execution time (ns). |
| `felix_bpf_num_ip_sets` | Number of BPF IP sets managed in the dataplane. |
diff --git a/calico-enterprise_versioned_docs/version-3.18/reference/component-resources/typha/configuration.mdx b/calico-enterprise_versioned_docs/version-3.18/reference/component-resources/typha/configuration.mdx
index 0ac2403157..f34a22d77d 100644
--- a/calico-enterprise_versioned_docs/version-3.18/reference/component-resources/typha/configuration.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18/reference/component-resources/typha/configuration.mdx
@@ -10,7 +10,7 @@ import TabItem from '@theme/TabItem';
-Typha configuration can not be modified when Calico Enterprise is installed via the operator.
+Typha configuration cannot be modified when Calico Enterprise is installed via the operator.
diff --git a/calico-enterprise_versioned_docs/version-3.18/reference/installation/_api.mdx b/calico-enterprise_versioned_docs/version-3.18/reference/installation/_api.mdx
index aec96ca68a..0fa4088c3a 100644
--- a/calico-enterprise_versioned_docs/version-3.18/reference/installation/_api.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18/reference/installation/_api.mdx
@@ -486,7 +486,7 @@ WAFStatusType
WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster.
-When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
+When enabled, Services may opt-in to having ingress traffic examined by ModSecurity.
@@ -4098,7 +4098,7 @@ WAFStatusType
WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster.
-When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
+When enabled, Services may opt-in to having ingress traffic examined by ModSecurity.
@@ -8426,7 +8426,7 @@ int32
(Optional)
-BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from
+BlockSize specifies the CIDR prefix length to use when allocating per-node IP blocks from
the main IP pool CIDR.
Default: 26 (IPv4), 122 (IPv6)
@@ -9231,7 +9231,7 @@ int32
MTU is the most recently observed value for pod network MTU. This may be an explicitly
-configured value, or based on Calico’s native auto-detetion.
+configured value, or based on Calico’s native auto-detection.
diff --git a/calico-enterprise_versioned_docs/version-3.18/reference/public-cloud/azure.mdx b/calico-enterprise_versioned_docs/version-3.18/reference/public-cloud/azure.mdx
index 91b716ea0a..4d32410b92 100644
--- a/calico-enterprise_versioned_docs/version-3.18/reference/public-cloud/azure.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18/reference/public-cloud/azure.mdx
@@ -23,7 +23,7 @@ You can use {{prodname}} policy with one of the following networking options.
To configure Azure user-defined routes (UDR):
- Create an [Azure route table][azureudrcreate] and
- associatе it with the VMs subnet.
+ associate it with the VMs subnet.
- Enable [IP forwarding enabled][azureipforward] in your
VM network interfaces.
diff --git a/calico-enterprise_versioned_docs/version-3.18/reference/resources/deeppacketinspection.mdx b/calico-enterprise_versioned_docs/version-3.18/reference/resources/deeppacketinspection.mdx
index c421a71876..2486673144 100644
--- a/calico-enterprise_versioned_docs/version-3.18/reference/resources/deeppacketinspection.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18/reference/resources/deeppacketinspection.mdx
@@ -64,10 +64,10 @@ spec:
### Error Conditions
-| Field | Description |
-| ----------- | ------------------------------------------------------------------ |
+| Field | Description |
+| ----------- | ------------------------------------------------------------------- |
| message | Errors preventing deep packet inspection from running successfully. |
-| lastUpdated | Time when the [error](#error-conditions) was updated. |
+| lastUpdated | Time when the [error](#error-conditions) was updated. |
### Selector
diff --git a/calico-enterprise_versioned_docs/version-3.18/reference/resources/managedcluster.mdx b/calico-enterprise_versioned_docs/version-3.18/reference/resources/managedcluster.mdx
index 27923a8509..13cfb42bc4 100644
--- a/calico-enterprise_versioned_docs/version-3.18/reference/resources/managedcluster.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18/reference/resources/managedcluster.mdx
@@ -64,9 +64,9 @@ plane and managed plane will be reported as following:
- `True` when both planes have an established connection
- `False` when neither planes have an established connection
-| Field | Description | Accepted Values | Schema | Default |
-| ------ | ------------------------------------------------------------------------- | ------------------------- | ------ | ------------------------- |
-| type | Type of status that is being reported | - | string | `ManagedClusterConnected` |
+| Field | Description | Accepted Values | Schema | Default |
+| ------ | ------------------------------------------------------------------------- | -------------------------- | ------ | ------------------------- |
+| type | Type of status that is being reported | - | string | `ManagedClusterConnected` |
| status | Status of the connection between a Managed cluster and management cluster | `Unknown`, `True`, `False` | string | `Unknown` |
[Multi-cluster management](../../multicluster/set-up-multi-cluster-management/standard-install/create-a-management-cluster.mdx)
diff --git a/calico-enterprise_versioned_docs/version-3.18/visibility/elastic/flow/aggregation.mdx b/calico-enterprise_versioned_docs/version-3.18/visibility/elastic/flow/aggregation.mdx
index af65bd2fc1..69ade36b7b 100644
--- a/calico-enterprise_versioned_docs/version-3.18/visibility/elastic/flow/aggregation.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18/visibility/elastic/flow/aggregation.mdx
@@ -97,9 +97,9 @@ When viewing traffic flows, note that **null values** for `source_ip` and `dest_
The following table summarizes the aggregation levels by flow log traffic.
| Flow log aggregation by... | Available for... | Aggregates all flows that share... |
-| --------------------------- | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| Pod prefix | Allowed and denied traffic (default is allowed) | `FlowLogsFileAggregationKindForAllowed` **0**, No aggregation **1**, A source port on each node. **2, (default)** Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
-| Source port | Allowed and denied traffic | `FlowLogsFileAggregationKindForAllowed` `FlowLogsFileAggregationKindForDenied` **0**, No aggregation **1, (default)** Source port on each node. **2**, Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
+| -------------------------- | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Pod prefix | Allowed and denied traffic (default is allowed) | `FlowLogsFileAggregationKindForAllowed` **0**, No aggregation **1**, A source port on each node. **2, (default)** Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
+| Source port | Allowed and denied traffic | `FlowLogsFileAggregationKindForAllowed` `FlowLogsFileAggregationKindForDenied` **0**, No aggregation **1, (default)** Source port on each node. **2**, Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
## How to
diff --git a/calico-enterprise_versioned_docs/version-3.18/visibility/elastic/flow/datatypes.mdx b/calico-enterprise_versioned_docs/version-3.18/visibility/elastic/flow/datatypes.mdx
index 9f57229655..87663de94a 100644
--- a/calico-enterprise_versioned_docs/version-3.18/visibility/elastic/flow/datatypes.mdx
+++ b/calico-enterprise_versioned_docs/version-3.18/visibility/elastic/flow/datatypes.mdx
@@ -61,7 +61,7 @@ The following table details the key/value pairs in the JSON blob, including thei
| `tcp_max_min_rtt` | long | Maximum MinRTT in micro seconds. This field is only available if flowLogsEnableTcpStats is enabled |
| `tcp_mean_mss` | long | Mean TCP MSS. This field is only available if flowLogsEnableTcpStats is enabled |
| `tcp_min_mss` | long | Minimum TCP MSS. This field is only available if flowLogsEnableTcpStats is enabled |
-| `tcp_total_retransmissions` | long | Total retransmitted packets. This field is only available if flowLogsEnableTcpStats is enabled |
+| `tcp_total_retransmissions` | long | Total retransmitted packets. This field is only available if flowLogsEnableTcpStats is enabled |
| `tcp_lost_packets` | long | Total lost packets. This field is only available if flowLogsEnableTcpStats is enabled |
| `tcp_unrecovered_to` | long | Total unrecovered timeouts. This field is only available if flowLogsEnableTcpStats is enabled |
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/_includes/components-temp/InstallEKS-temp.js b/calico-enterprise_versioned_docs/version-3.19-1/_includes/components-temp/InstallEKS-temp.js
index c0dd9ab9d4..06e7b8e470 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/_includes/components-temp/InstallEKS-temp.js
+++ b/calico-enterprise_versioned_docs/version-3.19-1/_includes/components-temp/InstallEKS-temp.js
@@ -138,7 +138,7 @@ spec:
plane nodes will not be able to initiate network connections to {prodname} pods. (This is a general limitation
of EKS's custom networking support, not specific to {prodname}.) As a workaround, trusted pods that require
control plane nodes to connect to them, such as those implementing admission controller webhooks, can include{' '}
- hostNetwork:true in their pod spec. See the Kuberentes API{' '}
+ hostNetwork:true in their pod spec. See the Kubernetes API{' '}
pod spec
{' '}
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/_includes/components/InstallEKS.js b/calico-enterprise_versioned_docs/version-3.19-1/_includes/components/InstallEKS.js
index 6f7ec74e0a..fd7ba4ecb6 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/_includes/components/InstallEKS.js
+++ b/calico-enterprise_versioned_docs/version-3.19-1/_includes/components/InstallEKS.js
@@ -138,7 +138,7 @@ spec:
plane nodes will not be able to initiate network connections to {prodname} pods. (This is a general limitation
of EKS's custom networking support, not specific to {prodname}.) As a workaround, trusted pods that require
control plane nodes to connect to them, such as those implementing admission controller webhooks, can include{' '}
- hostNetwork:true in their pod spec. See the Kuberentes API{' '}
+ hostNetwork:true in their pod spec. See the Kubernetes API{' '}
pod spec
{' '}
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/getting-started/install-on-clusters/aws.mdx b/calico-enterprise_versioned_docs/version-3.19-1/getting-started/install-on-clusters/aws.mdx
index 15d5633700..09f4d051ac 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/getting-started/install-on-clusters/aws.mdx
+++ b/calico-enterprise_versioned_docs/version-3.19-1/getting-started/install-on-clusters/aws.mdx
@@ -86,7 +86,7 @@ To use kOps to create a cluster with {{prodname}} networking and network policy:
:::
-1. The provisioned kOps cluster will assign it's own set of pod network CIDR in the kube-proxy instance different than the one {{prodname}} expects. To set the cluster cidr for the kube-proxy to match the one expected by {{prodname}} edit the cluster config `kops edit cluster ` and add the `kubeProxy` config with the `clusterCIDR` expected by the default {{prodname}} installation.
+1. The provisioned kOps cluster will assign its own set of pod network CIDR in the kube-proxy instance different than the one {{prodname}} expects. To set the cluster cidr for the kube-proxy to match the one expected by {{prodname}} edit the cluster config `kops edit cluster ` and add the `kubeProxy` config with the `clusterCIDR` expected by the default {{prodname}} installation.
```yaml noValidation
spec:
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/getting-started/install-on-clusters/requirements.mdx b/calico-enterprise_versioned_docs/version-3.19-1/getting-started/install-on-clusters/requirements.mdx
index f5664735f1..414786c466 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/getting-started/install-on-clusters/requirements.mdx
+++ b/calico-enterprise_versioned_docs/version-3.19-1/getting-started/install-on-clusters/requirements.mdx
@@ -14,11 +14,11 @@ This installation must use the Kubernetes default CNI configuration directory (`
## Other network providers
-Generally, you can not use {{prodname}} together with another network provider.
+Generally, you cannot use {{prodname}} together with another network provider.
Notable exceptions include certain platform-specific CNIs, such as the [AWS VPC CNI](https://github.com/aws/amazon-vpc-cni-k8s/blob/master/README.md) and [Azure VNET CNI](https://github.com/Azure/azure-container-networking/blob/master/docs/cni.md) plugins.
-If you're working with a cluster that already uses another CNI, you can not migrate to {{prodname}}.
+If you're working with a cluster that already uses another CNI, you cannot migrate to {{prodname}}.
## Supported kube-proxy modes
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/network-policy/beginners/calico-network-policy.mdx b/calico-enterprise_versioned_docs/version-3.19-1/network-policy/beginners/calico-network-policy.mdx
index 6dbb5bae8f..bfe24c3c87 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/network-policy/beginners/calico-network-policy.mdx
+++ b/calico-enterprise_versioned_docs/version-3.19-1/network-policy/beginners/calico-network-policy.mdx
@@ -49,7 +49,7 @@ metadata:
name: allow-tcp-port-6379
```
-Because global network policies use **kind: GlobalNetworkPolicy**, they are grouped seperately from **kind: NetworkPolicy**. For example, global network policies will not be returned from `kubectl get networkpolicy.p`, and are rather returned from `kubectl get globalnetworkpolicy`.
+Because global network policies use **kind: GlobalNetworkPolicy**, they are grouped separately from **kind: NetworkPolicy**. For example, global network policies will not be returned from `kubectl get networkpolicy.p`, and are rather returned from `kubectl get globalnetworkpolicy`.
### Ingress and egress
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/network-policy/get-started/kubernetes-demo.mdx b/calico-enterprise_versioned_docs/version-3.19-1/network-policy/get-started/kubernetes-demo.mdx
index 61dfb32b0c..6bd390dbf3 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/network-policy/get-started/kubernetes-demo.mdx
+++ b/calico-enterprise_versioned_docs/version-3.19-1/network-policy/get-started/kubernetes-demo.mdx
@@ -67,7 +67,7 @@ kubectl create -f {{tutorialFilesURL}}/allow-ui.yaml
kubectl create -f {{tutorialFilesURL}}/allow-ui-client.yaml
```
-After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other any more.
+After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other anymore.
### 4) Create the backend-policy.yaml file to allow traffic from the frontend to the backend
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/network-policy/hosts/host-forwarded-traffic.mdx b/calico-enterprise_versioned_docs/version-3.19-1/network-policy/hosts/host-forwarded-traffic.mdx
index ae65428f74..edef086c7f 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/network-policy/hosts/host-forwarded-traffic.mdx
+++ b/calico-enterprise_versioned_docs/version-3.19-1/network-policy/hosts/host-forwarded-traffic.mdx
@@ -110,7 +110,7 @@ spec:
- 22
```
-Save this as allow-ssh-maintenace.yaml.
+Save this as allow-ssh-maintenance.yaml.
Apply the policy to the cluster:
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/network-policy/hosts/protect-hosts.mdx b/calico-enterprise_versioned_docs/version-3.19-1/network-policy/hosts/protect-hosts.mdx
index 8aab3e501f..c4d4031a54 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/network-policy/hosts/protect-hosts.mdx
+++ b/calico-enterprise_versioned_docs/version-3.19-1/network-policy/hosts/protect-hosts.mdx
@@ -24,7 +24,7 @@ Each host has one or more network interfaces that it uses to communicate externa
### Failsafe rules
-It is easy to inadvertently cut all host connectivity because of non-existent or misconfigured network policy. To avoid this, {{prodname}} provides failsafe rules with default/configurable ports that are open on all host endpoints.
+It is easy to inadvertently cut all host connectivity because of nonexistent or misconfigured network policy. To avoid this, {{prodname}} provides failsafe rules with default/configurable ports that are open on all host endpoints.
### Default behavior of workload to host traffic
@@ -58,7 +58,7 @@ If you are already running {{prodname}} for Kubernetes, you are good to go. If y
### Avoid accidentally cutting all host connectivity
-To avoid inadvertently cutting all host connectivity because of non-existent or misconfigured network policy, {{prodname}} uses failsafe rules that open specific ports and CIDRs on all host endpoints.
+To avoid inadvertently cutting all host connectivity because of nonexistent or misconfigured network policy, {{prodname}} uses failsafe rules that open specific ports and CIDRs on all host endpoints.
Review the following table to determine if the defaults work for your implementation. If not, change the default ports using the parameters, **FailsafeInboundHostPorts** and **FailsafeOutboundHostPorts** in [Configuring Felix](../../reference/component-resources/node/felix/configuration.mdx#environment-variables).
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/operations/clis/calicoctl/install.mdx b/calico-enterprise_versioned_docs/version-3.19-1/operations/clis/calicoctl/install.mdx
index 930659c53d..4205e39185 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/operations/clis/calicoctl/install.mdx
+++ b/calico-enterprise_versioned_docs/version-3.19-1/operations/clis/calicoctl/install.mdx
@@ -123,8 +123,8 @@ to a location that's in your `PATH`. For example, `C:\Windows`.
{'{{version}}' === 'master'
- ? `Invoke-WebRequest -Uri "{{filesUrl}}/download/binaries/${version}/calicoctl-windows-amd64.exe" -OutFile "calicocttl.exe"`
- : `Invoke-WebRequest -Uri "{{downloadsurl}}/ee/binaries/${version}/calicoctl-windows-amd64.exe" -OutFile "calicocttl.exe"`}
+ ? `Invoke-WebRequest -Uri "{{filesUrl}}/download/binaries/${version}/calicoctl-windows-amd64.exe" -OutFile "calicoctl.exe"`
+ : `Invoke-WebRequest -Uri "{{downloadsurl}}/ee/binaries/${version}/calicoctl-windows-amd64.exe" -OutFile "calicoctl.exe"`}
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/operations/ebpf/enabling-ebpf.mdx b/calico-enterprise_versioned_docs/version-3.19-1/operations/ebpf/enabling-ebpf.mdx
index 6e2450416a..68a70c622d 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/operations/ebpf/enabling-ebpf.mdx
+++ b/calico-enterprise_versioned_docs/version-3.19-1/operations/ebpf/enabling-ebpf.mdx
@@ -186,7 +186,7 @@ resource to `"BPF"`.
kubectl patch installation.operator.tigera.io default --type merge -p '{"spec":{"calicoNetwork":{"linuxDataplane":"BPF"}}}'
```
-When enabling eBPF mode, pre-existing connections continue to use the non-BPF datapath; such connections should
+When enabling eBPF mode, preexisting connections continue to use the non-BPF datapath; such connections should
not be disrupted, but they do not benefit from eBPF mode’s advantages.
:::note
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/operations/monitor/metrics/elasticsearch-and-fluentd-metrics.mdx b/calico-enterprise_versioned_docs/version-3.19-1/operations/monitor/metrics/elasticsearch-and-fluentd-metrics.mdx
index dc845982b1..e1255928ce 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/operations/monitor/metrics/elasticsearch-and-fluentd-metrics.mdx
+++ b/calico-enterprise_versioned_docs/version-3.19-1/operations/monitor/metrics/elasticsearch-and-fluentd-metrics.mdx
@@ -82,7 +82,7 @@ investigation."
severity: Critical
annotations:
summary: "Elasticsearch pod {{$labels.name}}'s disk space is critically low."
- description: "Elasticsearch pod {{$labels.name}} in Elasticsearch cluster {{$labels.name}} has less then 10% of
+ description: "Elasticsearch pod {{$labels.name}} in Elasticsearch cluster {{$labels.name}} has less than 10% of
free disk space left. To avoid service disruption review the LogStorage resource limits and curation settings."
- alert: ElasticsearchPodLowDiskSpace
expr: elasticsearch_filesystem_data_available_bytes / elasticsearch_filesystem_data_size_bytes < 0.25
@@ -90,7 +90,7 @@ free disk space left. To avoid service disruption review the LogStorage resource
severity: Warning
annotations:
summary: "Elasticsearch pod {{$labels.name}}'s disk space is getting low."
- description: "Elasticsearch pod {{$labels.name}} in Elasticsearch cluster {{$labels.name}} has less then 25% of
+ description: "Elasticsearch pod {{$labels.name}} in Elasticsearch cluster {{$labels.name}} has less than 25% of
free disk space left. To avoid service disruption review the LogStorage resource limits and curation settings."
- alert: ElasticsearchConsistentlyHighCPUUsage
expr: avg_over_time(elasticsearch_os_cpu_percent[10m]) > 90
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/operations/monitor/metrics/recommended-metrics.mdx b/calico-enterprise_versioned_docs/version-3.19-1/operations/monitor/metrics/recommended-metrics.mdx
index 64a2713820..ebf664b106 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/operations/monitor/metrics/recommended-metrics.mdx
+++ b/calico-enterprise_versioned_docs/version-3.19-1/operations/monitor/metrics/recommended-metrics.mdx
@@ -61,7 +61,7 @@ This section provides metrics recommendations for maintaining optimal cluster op
| Metric | Note: Syncer (type) is Typha's internal name for a client (type). Individual syncer values: (typha_cache_size\{syncer="bgp"\}) (typha_cache_size\{syncer="dpi"\}) typha_cache_size\{syncer="felix"\}) (typha_cache_size\{syncer="node-status"\}) (typha_cache_size\{syncer="tunnel-ip-allocation"\})
Sum of all syncers: The sum of all cache sizes (each syncer type has a cache). sum by (instance)(typha_cache_size)
Largest syncer: max by (instance)(typha_cache_size) |
| Example value | Example of: max by (instance)(typha_cache_size\{syncer="felix"\})
\{instance="10.0.1.20:9093"\} 661 \{instance="10.0.1.31:9093"\} 661 |
| Explanation | The total number of key/value pairs in Typha's in-memory cache.This metric represents the scale of the {{prodname}} datastore as it tracks how many WEPs (pods and services), HEPs (hostendpoints), networksets, globalnetworksets, {{prodname}} Network Policies etc that Typha is aware of across the entire Calico Federation.You can use this metric to monitor individual syncers to Typha (like Felix, BGP etc), or to get a sum of all syncers. We recommend that you monitor the largest syncer but it is completely up to you. This is a good metric to understand how much data is in Typha. Note: If all Typhas are in sync then they should have the same value for this metric. |
-| Threshold value recommendation | The value of this metric will depend on the scale of the Calico Federation and will always increase as WEPs, {{prodname}} network policie,s and clusters are added. Achieve a baseline first, then monitor for any unexpected increases from the baseline. |
+| Threshold value recommendation | The value of this metric will depend on the scale of the Calico Federation and will always increase as WEPs, {{prodname}} network policies and clusters are added. Achieve a baseline first, then monitor for any unexpected increases from the baseline. |
| Threshold breach symptoms | Unexpected increases may indicate memory leaks and performance issues with Typha. |
| Threshold breach recommendations | Check CPU usage on Typha pods and Kubernetes nodes. Increase resources if needed, rollout and restart Typha(s) if needed. |
| Priority level | Optional. |
@@ -261,7 +261,7 @@ The following metrics are applicable only if you have implemented [Cluster mesh]
| Example value | \{instance="10.0.1.20:9093"\} NaN |
| Explanation | The median time to stream the initial datastore snapshot to each client. It is useful to know the time it takes for a client to receive the data when it connects; it does not include time to process the data. |
| Threshold value recommendation | Investigate if this value is moving towards 10s of seconds. |
-| Threshold breach symptoms | High values of this metric could indicate that newly-started clients are taking a long time to get the latest snapshot of the datastore, increasing the window of time where networking/policy updates are not being applied to the dataplane during a restart/upgrade. Typha has a write timeout for writing the snapshot; if a client cannot receive the snapshot within that timeout, it isdisconnected. Clients falling behind on information and updates contained in the datastore (for example, {{prodname}} network policy object may not be current). |
+| Threshold breach symptoms | High values of this metric could indicate that newly-started clients are taking a long time to get the latest snapshot of the datastore, increasing the window of time where networking/policy updates are not being applied to the dataplane during a restart/upgrade. Typha has a write timeout for writing the snapshot; if a client cannot receive the snapshot within that timeout, it is disconnected. Clients falling behind on information and updates contained in the datastore (for example, {{prodname}} network policy object may not be current). |
| Threshold breach recommendations | Check Typha and calico-node logs and resource usage. Check for network congestion. Investigate why a particular calico-node is slow; it is likely on an overloaded node with insufficient CPU). |
| Priority level | Optional. |
@@ -352,7 +352,7 @@ The following policy metrics are a separate endpoint exposed by Felix that are u
| Metric | rate(process_cpu_seconds_total\{30s\}) \* 100 |
| Example value | \{endpoint="metrics-port", instance="10.0.1.20:9091", job="felix-metrics-svc", namespace="calico-system", pod="calico-node-qzpkt", service="felix-metrics-svc"\}3.1197504199664072 |
| Explanation | CPU in use by calico-node represented as a percentage of a core. |
-| Threshold value recommendation | A spike at startup is normal. It is recommended to first achieve a baseline and then monitor for any unexpected increases from this baseline. Investigage if maintained CPU usage goes above 90%. |
+| Threshold value recommendation | A spike at startup is normal. It is recommended to first achieve a baseline and then monitor for any unexpected increases from this baseline. Investigate if maintained CPU usage goes above 90%. |
| Threshold breach symptoms | Unexpected maintained CPU usage could cause Felix to fall behind and could cause delays to policy updates. |
| Threshold breach recommendations | Check CPU usage on Kubernetes nodes. Increase resources if needed, rollout restart calico-node(s) if needed. |
| Priority level | Recommended. |
@@ -459,7 +459,7 @@ The following policy metrics are a separate endpoint exposed by Felix that are u
| Metric | felix_logs_dropped |
| Example value | felix_logs_dropped\{endpoint="metrics-port", instance="10.0.1.20:9091", job="felix-metrics-svc", namespace="calico-system", pod="calico-node-qzpkt", service="felix-metrics-svc"\} 0 |
| Explanation | The number of logs Felix has dropped. Note that this metric does not count flow-logs; it counts logs to stdout. |
-| Threshold value recommendation | Occasional drops are normal. Investigate if frop counters rapidily rise. |
+| Threshold value recommendation | Occasional drops are normal. Investigate if drop counters rapidly rise. |
| Threshold breach symptoms | Felix will drop logs if it cannot keep up with writing them out. These are ordinary code logs, not flow logs. Calico-node may be under resource constraints. |
| Threshold breach recommendations | Check CPU usage on calico-nodes and Kubernetes nodes. Increase resources if needed, and rollout restart calico-node(s) if needed. |
| Priority level | Optional. |
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/reference/architecture/design/l2-interconnect-fabric.mdx b/calico-enterprise_versioned_docs/version-3.19-1/reference/architecture/design/l2-interconnect-fabric.mdx
index 9d91a6386b..a0c6c5388a 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/reference/architecture/design/l2-interconnect-fabric.mdx
+++ b/calico-enterprise_versioned_docs/version-3.19-1/reference/architecture/design/l2-interconnect-fabric.mdx
@@ -50,7 +50,7 @@ context.
In a classical Ethernet data center fabric, there is a _churn_ event each time an endpoint is created,
destroyed, or moved. In a large data center, with hundreds of thousands of endpoints, this _churn_ could run into tens of events per second, every second of the day, with peaks easily in the hundreds or thousands of events per second. In a {{prodname}} network, however, the _churn_ is very low. The only event that would lead to _churn_
- orders of magnitude more than what is normally experienced), there would only be two thousand events per **day**. Any switch that can not handle that volume of change in the network should not be used
+ orders of magnitude more than what is normally experienced), there would only be two thousand events per **day**. Any switch that cannot handle that volume of change in the network should not be used
for any application.
- High volume of broadcast traffic
@@ -87,7 +87,7 @@ In this diagram, each ToR is segmented into four logical switches (possibly by u
Each plane would constitute an IP network, so the blue plane would be 2001:db8:1000::/36, the green would be 2001:db8:2000::/36, and the orange and red planes would be 2001:db8:3000::/36 and 2001:db8:4000::/36 respectively ([note 3](#note-3)).
-Each IP network (plane) requires it's own BGP route reflectors. Those route reflectors need to be peered with each other within the plane, but the route reflectors in each plane do not need to be peered with one another. Therefore, a fabric of four planes would have four route reflector meshes. Each compute server, border router, _etc._ would need
+Each IP network (plane) requires its own BGP route reflectors. Those route reflectors need to be peered with each other within the plane, but the route reflectors in each plane do not need to be peered with one another. Therefore, a fabric of four planes would have four route reflector meshes. Each compute server, border router, _etc._ would need
to be a route reflector client of at least one route reflector in each plane, and very preferably two or more in each plane.
The following diagram visualizes the route reflector environment.
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/reference/clis/calicoctl/delete.mdx b/calico-enterprise_versioned_docs/version-3.19-1/reference/clis/calicoctl/delete.mdx
index 4bb2230e38..90fef1663a 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/reference/clis/calicoctl/delete.mdx
+++ b/calico-enterprise_versioned_docs/version-3.19-1/reference/clis/calicoctl/delete.mdx
@@ -78,7 +78,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to delete a resource that does not exists is treated as a
terminating error unless the --skip-not-exists flag is set. If this flag is
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/reference/clis/calicoctl/get.mdx b/calico-enterprise_versioned_docs/version-3.19-1/reference/clis/calicoctl/get.mdx
index 18b6406b61..d0213695a7 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/reference/clis/calicoctl/get.mdx
+++ b/calico-enterprise_versioned_docs/version-3.19-1/reference/clis/calicoctl/get.mdx
@@ -81,7 +81,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to get resources that do not exist will simply return no results.
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/reference/clis/calicoctl/label.mdx b/calico-enterprise_versioned_docs/version-3.19-1/reference/clis/calicoctl/label.mdx
index 48c684f65c..29f892c06e 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/reference/clis/calicoctl/label.mdx
+++ b/calico-enterprise_versioned_docs/version-3.19-1/reference/clis/calicoctl/label.mdx
@@ -52,10 +52,10 @@ Options:
--overwrite If true, overwrite the value when the key is already
present in labels. Otherwise reports error when the
labeled resource already have the key in its labels.
- Can not be used with --remove.
+ Cannot be used with --remove.
--remove If true, remove the specified key in labels of the
resource. Reports error when specified key does not
- exist. Can not be used with --overwrite.
+ exist. Cannot be used with --overwrite.
--context= The name of the kubeconfig context to use.
Description:
@@ -75,7 +75,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to label resources that do not exist will get an error.
@@ -133,10 +133,10 @@ Description:
--overwrite If true, overwrite the value when the key is already
present in labels. Otherwise reports error when the
labeled resource already have the key in its labels.
- Can not be used with --remove.
+ Cannot be used with --remove.
--remove If true, remove the specified key in labels of the
resource. Reports error when specified key does not
- exist. Can not be used with --overwrite.
+ exist. Cannot be used with --overwrite.
```
### General options
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/reference/clis/calicoctl/node/run.mdx b/calico-enterprise_versioned_docs/version-3.19-1/reference/clis/calicoctl/node/run.mdx
index 0368cc597c..6f1bff857c 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/reference/clis/calicoctl/node/run.mdx
+++ b/calico-enterprise_versioned_docs/version-3.19-1/reference/clis/calicoctl/node/run.mdx
@@ -100,7 +100,7 @@ Options:
system.
--no-default-ippools Do not create default pools upon startup.
Default IP pools will be created if this is not set
- and there are no pre-existing Calico IP pools.
+ and there are no preexisting Calico IP pools.
--disable-docker-networking
Disable Docker networking.
--docker-networking-ifprefix=
@@ -342,7 +342,7 @@ terminating `,` character does not need to be specified for those cases.
system.
--no-default-ippools Do not create default pools upon startup.
Default IP pools will be created if this is not set
- and there are no pre-existing Calico IP pools.
+ and there are no preexisting Calico IP pools.
--disable-docker-networking
Disable Docker networking.
--docker-networking-ifprefix=
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/reference/clis/calicoctl/overview.mdx b/calico-enterprise_versioned_docs/version-3.19-1/reference/clis/calicoctl/overview.mdx
index 8a2528b64f..30ff8fee91 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/reference/clis/calicoctl/overview.mdx
+++ b/calico-enterprise_versioned_docs/version-3.19-1/reference/clis/calicoctl/overview.mdx
@@ -37,7 +37,7 @@ Usage:
replace Replace a resource by file, directory or stdin.
apply Apply a resource by file, directory or stdin. This creates a resource
if it does not exist, and replaces a resource if it does exists.
- patch Patch a pre-existing resource in place.
+ patch Patch a preexisting resource in place.
delete Delete a resource identified by file, directory, stdin or resource type and
name.
get Get a resource identified by file, directory, stdin or resource type and
@@ -115,7 +115,7 @@ See [Configuring Felix](../../component-resources/node/felix/configuration.mdx)
## Supported resource definition aliases
The following table lists supported aliases for {{prodname}} resources when using `calicoctl`. Note that all aliases
-are **case insensitive**.
+are **case-insensitive**.
| Resource definition | Supported calicoctl aliases |
| :----------------------------------- | :----------------------------------------------------------- |
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/reference/clis/calicoctl/patch.mdx b/calico-enterprise_versioned_docs/version-3.19-1/reference/clis/calicoctl/patch.mdx
index 2cf6c404fb..db187d25bc 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/reference/clis/calicoctl/patch.mdx
+++ b/calico-enterprise_versioned_docs/version-3.19-1/reference/clis/calicoctl/patch.mdx
@@ -59,7 +59,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to patch a resource that does not exists is treated as a
terminating error unless the --skip-not-exists flag is set. If this flag is
set, resources that do not exist are skipped.
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/reference/component-resources/node/felix/configuration.mdx b/calico-enterprise_versioned_docs/version-3.19-1/reference/component-resources/node/felix/configuration.mdx
index bbf08f5901..88c155839b 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/reference/component-resources/node/felix/configuration.mdx
+++ b/calico-enterprise_versioned_docs/version-3.19-1/reference/component-resources/node/felix/configuration.mdx
@@ -62,7 +62,7 @@ The full list of parameters which can be set is as follows.
| `HealthEnabled` | `FELIX_HEALTHENABLED` | When enabled, exposes felix health information via an http endpoint. | boolean |
| `HealthHost` | `FELIX_HEALTHHOST` | The address on which Felix will respond to health requests. [Default: `localhost`] | string |
| `HealthPort` | `FELIX_HEALTHPORT` | The port on which Felix will respond to health requests. [Default: `9099`] | int |
-| `HealthTimeoutOverrides` | `FELIX_HEALTHTIMEOUTOVERRIDES` | Allows the internal watchdog timeouts of individual subcomponents to be overriden; example: "InternalDataplaneMainLoop=30s,CalculationGraph=2m". This is useful for working around "false positive" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs. [Default: ``] | Comma-delimited list of key/value pairs where the values are durations: `1s`, `10s`, `5m`, etc. |
+| `HealthTimeoutOverrides` | `FELIX_HEALTHTIMEOUTOVERRIDES` | Allows the internal watchdog timeouts of individual subcomponents to be overridden; example: "InternalDataplaneMainLoop=30s,CalculationGraph=2m". This is useful for working around "false positive" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs. [Default: ``] | Comma-delimited list of key/value pairs where the values are durations: `1s`, `10s`, `5m`, etc. |
| `IpInIpEnabled` | `FELIX_IPINIPENABLED` | Optional, you shouldn't need to change this setting as Felix calculates if IPIP should be enabled based on the existing IP Pools. When set, this overrides whether Felix should configure an IPinIP interface on the host. When explicitly disabled in FelixConfiguration, Felix will not clean up addresses from the `tunl0` interface (use this if you need to add addresses to that interface and don't want to have them removed). [Default: unset] | optional boolean |
| `IpInIpMtu` | `FELIX_IPINIPMTU` | The MTU to set on the IPIP tunnel device. Zero value means auto-detect. See [Configuring MTU](../../../../networking/configuring/mtu.mdx) [Default: `0`] | int |
| `IPv4VXLANTunnelAddr` | | IP address of the IPv4 VXLAN tunnel. This is system configured and should not be updated manually. | string |
@@ -104,7 +104,7 @@ The full list of parameters which can be set is as follows.
#### Feature Gates
-* `BPFConnectTimeLoadBalancingWorkaround` - Use when connect-time loadblalancer (CTLB) is turned off or if you want to turn it off for UDP only. When CTLB is turned off, host networked processes cannot always reach services. This workaround makes sure that they can. When CTLB is turned on, UDP clients may get stuck sending traffic to endpoint that does not exist anymore. So CTLB needs to be turned off sometimes.
+* `BPFConnectTimeLoadBalancingWorkaround` - Use when connect-time loadbalancer (CTLB) is turned off or if you want to turn it off for UDP only. When CTLB is turned off, host networked processes cannot always reach services. This workaround makes sure that they can. When CTLB is turned on, UDP clients may get stuck sending traffic to endpoint that does not exist anymore. So CTLB needs to be turned off sometimes.
* `enabled` - when CTLB is turned off make sure that services are always accessible.
* `udp` - turns off CTLB for UDP only and makes sure that services are always accessible. Preferred setting to make sure that DNS works.
@@ -281,7 +281,7 @@ for 1022 endpoints on the host.
| `L7LogsFileMaxFileSizeMB` | `FELIX_L7LOGSFILEMAXFILESIZEMB` | `100` | The max size in MB of L7 log files before rotation. This parameter only takes effect when `L7LogsFileEnabled` is `true`. |
| `L7LogsFlushInterval` | `FELIX_L7LOGSFLUSHINTERVAL` | `300` | The period, in seconds, at which Felix exports L7 logs. |
| `L7LogsFileAggregationHTTPHeaderInfo` | `FELIX_L7LOGSFILEAGGREGATIONHTTPHEADERINFO` | `ExcludeL7HTTPHeaderInfo` | How to handle HTTP header information for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7HTTPHeaderInfo` and `IncludeL7HTTPHeaderInfo`. |
-| `L7LogsFileAggregationHTTPMethod` | `FELIX_L7LOGSFILEAGGREGATIONHTTPMETHOD` | `IncludeL7HTTPMethod` | How to handle HTTP method data for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7HTTPMethod` and `IncludeL7HTTPMethod`. |
+| `L7LogsFileAggregationHTTPMethod` | `FELIX_L7LOGSFILEAGGREGATIONHTTPMETHOD` | `IncludeL7HTTPMethod` | How to handle HTTP method data for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7HTTPMethod` and `IncludeL7HTTPMethod`. |
| `L7LogsFileAggregationServiceInfo` | `FELIX_L7LOGSFILEAGGREGATIONSERVICEINFO` | `IncludeL7ServiceInfo` | How to handle service information for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7ServiceInfo` and `IncludeL7ServiceInfo`. |
| `L7LogsFileAggregationDestinationInfo` | `FELIX_L7LOGSFILEAGGREGATIONDESTINATIONINFO` | `IncludeL7DestinationInfo` | How to handle destination metadata for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7DestinationInfo` and `IncludeL7DestinationInfo`. |
| `L7LogsFileAggregationSourceInfo` | `FELIX_L7LOGSFILEAGGREGATIONSOURCEINFO` | `IncludeL7SourceInfoNoPort` | How to handle source metadata for aggregating L7 logs. Bear in mind that changing this value may have a dramatic impact on the volume of L7 logs sent to Elasticsearch. Possible values include `ExcludeL7SourceInfo`, `IncludeL7SourceInfoNoPort`, and `IncludeL7SourceInfo`. |
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/reference/component-resources/node/felix/prometheus.mdx b/calico-enterprise_versioned_docs/version-3.19-1/reference/component-resources/node/felix/prometheus.mdx
index f2260e7131..2391699f9a 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/reference/component-resources/node/felix/prometheus.mdx
+++ b/calico-enterprise_versioned_docs/version-3.19-1/reference/component-resources/node/felix/prometheus.mdx
@@ -23,13 +23,13 @@ existing metrics.
| `felix_active_local_selectors` | Number of active selectors on this host. |
| `felix_active_local_tags` | Number of active tags on this host. |
| `felix_bpf_conntrack_cleaned` | Number of entries cleaned during a conntrack table sweep. |
-| `felix_bpf_conntrack_cleaned_total` | Total number of entries cleaned during conntrack table sweeps, incremented for each clean individually. |
+| `felix_bpf_conntrack_cleaned_total` | Total number of entries cleaned during conntrack table sweeps, incremented for each clean individually. |
| `felix_bpf_conntrack_expired` | Number of entries cleaned during a conntrack table sweep due to expiration. |
| `felix_bpf_conntrack_expired_total` | Total number of entries cleaned during conntrack table sweep due to expiration - by reason. |
| `felix_bpf_conntrack_inforeader_blocks` | Conntrack InfoReader would-blocks. |
| `felix_bpf_conntrack_stale_nat` | Number of entries cleaned during a conntrack table sweep due to stale NAT. |
| `felix_bpf_conntrack_stale_nat_total` | Total number of entries cleaned during conntrack table sweeps due to stale NAT. |
-| `felix_bpf_conntrack_sweeps` | Number of contrack table sweeps made so far. |
+| `felix_bpf_conntrack_sweeps` | Number of conntrack table sweeps made so far. |
| `felix_bpf_conntrack_used` | Number of used entries visited during a conntrack table sweep. |
| `felix_bpf_conntrack_sweep_duration` | Conntrack sweep execution time (ns). |
| `felix_bpf_num_ip_sets` | Number of BPF IP sets managed in the dataplane. |
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/reference/component-resources/typha/configuration.mdx b/calico-enterprise_versioned_docs/version-3.19-1/reference/component-resources/typha/configuration.mdx
index 0ac2403157..f34a22d77d 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/reference/component-resources/typha/configuration.mdx
+++ b/calico-enterprise_versioned_docs/version-3.19-1/reference/component-resources/typha/configuration.mdx
@@ -10,7 +10,7 @@ import TabItem from '@theme/TabItem';
-Typha configuration can not be modified when Calico Enterprise is installed via the operator.
+Typha configuration cannot be modified when Calico Enterprise is installed via the operator.
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/reference/installation/_api.mdx b/calico-enterprise_versioned_docs/version-3.19-1/reference/installation/_api.mdx
index 172efe8ec7..8bd1ae3e8f 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/reference/installation/_api.mdx
+++ b/calico-enterprise_versioned_docs/version-3.19-1/reference/installation/_api.mdx
@@ -488,7 +488,7 @@ WAFStatusType
WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster.
-When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
+When enabled, Services may opt-in to having ingress traffic examined by ModSecurity.
@@ -4371,7 +4371,7 @@ WAFStatusType
WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster.
-When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
+When enabled, Services may opt-in to having ingress traffic examined by ModSecurity.
@@ -9421,7 +9421,7 @@ int32
(Optional)
-BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from
+BlockSize specifies the CIDR prefix length to use when allocating per-node IP blocks from
the main IP pool CIDR.
Default: 26 (IPv4), 122 (IPv6)
@@ -10342,7 +10342,7 @@ int32
MTU is the most recently observed value for pod network MTU. This may be an explicitly
-configured value, or based on Calico’s native auto-detetion.
+configured value, or based on Calico’s native auto-detection.
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/reference/public-cloud/azure.mdx b/calico-enterprise_versioned_docs/version-3.19-1/reference/public-cloud/azure.mdx
index 91b716ea0a..4d32410b92 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/reference/public-cloud/azure.mdx
+++ b/calico-enterprise_versioned_docs/version-3.19-1/reference/public-cloud/azure.mdx
@@ -23,7 +23,7 @@ You can use {{prodname}} policy with one of the following networking options.
To configure Azure user-defined routes (UDR):
- Create an [Azure route table][azureudrcreate] and
- associatе it with the VMs subnet.
+ associate it with the VMs subnet.
- Enable [IP forwarding enabled][azureipforward] in your
VM network interfaces.
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/reference/resources/deeppacketinspection.mdx b/calico-enterprise_versioned_docs/version-3.19-1/reference/resources/deeppacketinspection.mdx
index a062c7c13c..16ed80fa09 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/reference/resources/deeppacketinspection.mdx
+++ b/calico-enterprise_versioned_docs/version-3.19-1/reference/resources/deeppacketinspection.mdx
@@ -64,10 +64,10 @@ spec:
### Error Conditions
-| Field | Description |
-| ----------- | ------------------------------------------------------------------ |
+| Field | Description |
+| ----------- | ------------------------------------------------------------------- |
| message | Errors preventing deep packet inspection from running successfully. |
-| lastUpdated | Time when the [error](#error-conditions) was updated. |
+| lastUpdated | Time when the [error](#error-conditions) was updated. |
### Selector
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/reference/resources/managedcluster.mdx b/calico-enterprise_versioned_docs/version-3.19-1/reference/resources/managedcluster.mdx
index 27923a8509..13cfb42bc4 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/reference/resources/managedcluster.mdx
+++ b/calico-enterprise_versioned_docs/version-3.19-1/reference/resources/managedcluster.mdx
@@ -64,9 +64,9 @@ plane and managed plane will be reported as following:
- `True` when both planes have an established connection
- `False` when neither planes have an established connection
-| Field | Description | Accepted Values | Schema | Default |
-| ------ | ------------------------------------------------------------------------- | ------------------------- | ------ | ------------------------- |
-| type | Type of status that is being reported | - | string | `ManagedClusterConnected` |
+| Field | Description | Accepted Values | Schema | Default |
+| ------ | ------------------------------------------------------------------------- | -------------------------- | ------ | ------------------------- |
+| type | Type of status that is being reported | - | string | `ManagedClusterConnected` |
| status | Status of the connection between a Managed cluster and management cluster | `Unknown`, `True`, `False` | string | `Unknown` |
[Multi-cluster management](../../multicluster/set-up-multi-cluster-management/standard-install/create-a-management-cluster.mdx)
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/reference/resources/securityeventwebhook.mdx b/calico-enterprise_versioned_docs/version-3.19-1/reference/resources/securityeventwebhook.mdx
index bd28ce1d9f..b9c2857153 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/reference/resources/securityeventwebhook.mdx
+++ b/calico-enterprise_versioned_docs/version-3.19-1/reference/resources/securityeventwebhook.mdx
@@ -75,15 +75,15 @@ The value must conform to the following rules:
| Field | Description | Schema | Required |
| ------------ | -------------------------------------------------------------------------- | --------------------------------------------------------------------------- | ----------------------------------- |
| name | Configuration variable name. | string | yes |
-| value | Direct value for the variable. | string | yes if `valueFrom` is not specifed |
-| valueFrom | Value defined either in a Kubernetes ConfigMap or in a Kubernetesa Secret. | [SecurityEventWebhookConfigVarSource](#securityeventwebhookconfigvarsource) | yes if `value` is not specified |
+| value | Direct value for the variable. | string | yes if `valueFrom` is not specified |
+| valueFrom | Value defined either in a Kubernetes ConfigMap or in a Kubernetes Secret. | [SecurityEventWebhookConfigVarSource](#securityeventwebhookconfigvarsource) | yes if `value` is not specified |
### SecurityEventWebhookConfigVarSource
| Field | Description | Schema | Required |
| ---------------- | --------------------------------- | ------------------------------------------------------------------------------------------------------------ | ----------------------------------------- |
| configMapKeyRef | Kubernetes ConfigMap reference. | `ConfigMapKeySelector` (referenced ConfigMap key should exist in the `tigera-intrusion-detection` namespace) | yes if `secretKeyRef` is not specified |
-| secretKeyRef | Kubernetes Secret reference. | `SecretKeySelector` (referenced Secret key should exist in the `tigera-intrusion-detection` namespace) | yes if `configMapKeyRef` is not specifed |
+| secretKeyRef | Kubernetes Secret reference. | `SecretKeySelector` (referenced Secret key should exist in the `tigera-intrusion-detection` namespace) | yes if `configMapKeyRef` is not specified |
### Status
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/threat/configuring-webhooks.mdx b/calico-enterprise_versioned_docs/version-3.19-1/threat/configuring-webhooks.mdx
index 19a9a135d6..f64e177b00 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/threat/configuring-webhooks.mdx
+++ b/calico-enterprise_versioned_docs/version-3.19-1/threat/configuring-webhooks.mdx
@@ -26,7 +26,7 @@ See [Sending messages using Incoming Webhooks](https://api.slack.com/messaging/w
See [Manage API tokens for your Atlassian account](https://support.atlassian.com/atlassian-account/docs/manage-api-tokens-for-your-atlassian-account/) for details on how to obtain an API token.
You also need:
* Your Atlassian site URL. If you access Jira at the URL `https://.atlassian.net/jira`, then your site URL is `.atlassian.net`.
- * A Jira project key. This is the Jira project where your {{prodname}} webhook creates new issues. Ths user associated with your API token must have write permissions to this project.
+ * A Jira project key. This is the Jira project where your {{prodname}} webhook creates new issues. This user associated with your API token must have write permissions to this project.
* **Generic JSON**. You must have a webhook URL for any other application you want the {{prodname}} webhook to send alerts to.
## Create a webhook for security event alerts
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/visibility/elastic/flow/aggregation.mdx b/calico-enterprise_versioned_docs/version-3.19-1/visibility/elastic/flow/aggregation.mdx
index af65bd2fc1..69ade36b7b 100644
--- a/calico-enterprise_versioned_docs/version-3.19-1/visibility/elastic/flow/aggregation.mdx
+++ b/calico-enterprise_versioned_docs/version-3.19-1/visibility/elastic/flow/aggregation.mdx
@@ -97,9 +97,9 @@ When viewing traffic flows, note that **null values** for `source_ip` and `dest_
The following table summarizes the aggregation levels by flow log traffic.
| Flow log aggregation by... | Available for... | Aggregates all flows that share... |
-| --------------------------- | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| Pod prefix | Allowed and denied traffic (default is allowed) | `FlowLogsFileAggregationKindForAllowed` **0**, No aggregation **1**, A source port on each node. **2, (default)** Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
-| Source port | Allowed and denied traffic | `FlowLogsFileAggregationKindForAllowed` `FlowLogsFileAggregationKindForDenied` **0**, No aggregation **1, (default)** Source port on each node. **2**, Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
+| -------------------------- | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Pod prefix | Allowed and denied traffic (default is allowed) | `FlowLogsFileAggregationKindForAllowed` **0**, No aggregation **1**, A source port on each node. **2, (default)** Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
+| Source port | Allowed and denied traffic | `FlowLogsFileAggregationKindForAllowed` `FlowLogsFileAggregationKindForDenied` **0**, No aggregation **1, (default)** Source port on each node. **2**, Source ports, or are from the same ReplicaSet. **3**, Destination and source ports, and are from the same ReplicateSet. |
## How to
diff --git a/calico-enterprise_versioned_docs/version-3.19-1/visibility/elastic/flow/datatypes.mdx b/calico-enterprise_versioned_docs/version-3.19-1/visibility/elastic/flow/datatypes.mdx
deleted file mode 100644
index 012e075cd1..0000000000
--- a/calico-enterprise_versioned_docs/version-3.19-1/visibility/elastic/flow/datatypes.mdx
+++ /dev/null
@@ -1,103 +0,0 @@
----
-description: Data that Calico Enterprise sends to Elasticsearch.
----
-
-# Flow log data types
-
-## Big picture
-
-{{prodname}} sends the following data to Elasticsearch.
-
-The following table details the key/value pairs in the JSON blob, including their [Elasticsearch datatype](https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-types.html).
-
-| Name | Datatype | Description |
-| --------------------------------- | ----------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `host` | keyword | Name of the node that collected the flow log entry. |
-| `start_time` | date | Start time of log collection in UNIX timestamp format. |
-| `end_time` | date | End time of log collection in UNIX timestamp format. |
-| `action` | keyword | - `allow`: {{prodname}} accepted the flow. - `deny`: {{prodname}} denied the flow. |
-| `bytes_in` | long | Number of incoming bytes since the last export. |
-| `bytes_out` | long | Number of outgoing bytes since the last export. |
-| `dest_ip` | ip | IP address of the destination pod. A null value indicates aggregation. |
-| `dest_name` | keyword | Contains one of the following values: - Name of the destination pod. - Name of the pod that was aggregated or the endpoint is not a pod. Check dest_name_aggr for more information, such as the name of the pod if it was aggregated. |
-| `dest_name_aggr` | keyword | Contains one of the following values: - Aggregated name of the destination pod. - `pvt`: endpoint is not a pod. Its IP address belongs to a private subnet. - `pub`: endpoint is not a pod. Its IP address does not belong to a private subnet. It is probably an endpoint on the public internet. |
-| `dest_namespace` | keyword | Namespace of the destination endpoint. A `-` means the endpoint is not namespaced. |
-| `dest_port` | long | Destination port. Not applicable for ICMP packets. |
-| `dest_service_name` | keyword | Name of the destination service. A `-` means the original destination did not correspond to a known Kubernetes service (e.g. a services ClusterIP). |
-| `dest_service_namespace` | keyword | Namespace of the destination service. A `-` means the original destination did not correspond to a known Kubernetes service (e.g. a services ClusterIP). |
-| `dest_service_port` | keyword | Port name of the destination service. A `-` means : - the original destination did not correspond to a known Kubernetes service (e.g. a services ClusterIP), or - the destination port is aggregated. A `*` means there are multiple service port names matching the destination port number. |
-| `dest_type` | keyword | Destination endpoint type. Possible values: - `wep`: A workload endpoint, a pod in Kubernetes. - `ns`: A Networkset. If multiple Networksets match, then the one with the longest prefix match is chosen. - `net`: A Network. The IP address did not fall into a known endpoint type. |
-| `dest_labels` | array of keywords | Labels applied to the destination pod. A hyphen indicates aggregation. |
-| `dest_domains` | array of keywords | Find all the destination domain names for use in a DNS policy by examining `dest_domains`. The field displays information on the top-level domains linked to the destination IP. Applies to flows reported from the source to destinations outside the cluster. If `flowLogsDestDomainsByClient` is disabled, having `dest_domains`: ["A"] doesn't guarantee that the flow corresponds to a connection with domain name A. The destination IP may also be linked to other domain names not yet captured by Calico. |
-| `reporter` | keyword | - `src`: flow came from the pod that initiated the connection. - `dst`: flow came from the pod that received the initial connection. |
-| `num_flows` | long | Number of flows aggregated into this entry during this export interval. |
-| `num_flows_completed` | long | Number of flows that were completed during the export interval. |
-| `num_flows_started` | long | Number of flows that were started during the export interval. |
-| `num_process_names` | long | Number of unique process names aggregated into this entry during this export interval. |
-| `num_process_ids` | long | Number of unique process ids aggregated into this entry during this export interval. |
-| `num_process_args` | long | Number of unique process args aggregated into this entry during this export interval. |
-| `nat_outgoing_ports` | array of ints | List of [NAT](https://en.wikipedia.org/wiki/Network_address_translation) outgoing ports for the packets that were Source NAT'd in the flow |
-| `packets_in` | long | Number of incoming packets since the last export. |
-| `packets_out` | long | Number of outgoing packets since the last export. |
-| `proto` | keyword | Protocol. |
-| `policies` | array of keywords | List of policies that interacted with this flow. See [Format of the policies field](#format-of-the-policies-field). |
-| `process_name` | keyword | The name of the process that initiated or received the connection or connection request. This field will have the executable path if flowLogsCollectProcessPath is enabled. A "-" indicates that the process name is not logged. A "\*" indicates that the per flow process limit has exceeded and the process names are now aggregated. |
-| `process_id` | keyword | The process ID of the corresponding process (indicated by the `process_name` field) that initiated or received the connection or connection request. A "-" indicates that the process ID is not logged. A "\*" indicates that there are more than one unique process IDs for the corresponding process name. |
-| `process_args` | array of strings | The arguments with which the executable was invoked. The size of the list depends on the per flow process args limit. |
-| `source_ip` | ip | IP address of the source pod. A null value indicates aggregation. |
-| `source_name` | keyword | Contains one of the following values: - Name of the source pod. - Name of the pod that was aggregated or the endpoint is not a pod. Check source_name_aggr for more information, such as the name of the pod if it was aggregated. |
-| `source_name_aggr` | keyword | Contains one of the following values: - Aggregated name of the source pod. - `pvt`: Endpoint is not a pod. Its IP address belongs to a private subnet. - `pub`: the endpoint is not a pod. Its IP address does not belong to a private subnet. It is probably an endpoint on the public internet. |
-| `source_namespace` | keyword | Namespace of the source endpoint. A `-` means the endpoint is not namespaced. |
-| `source_port` | long | Source port. A null value indicates aggregation. |
-| `source_type` | keyword | The type of source endpoint. Possible values: - `wep`: A workload endpoint, a pod in Kubernetes. - `ns`: A Networkset. If multiple Networksets match, then the one with the longest prefix match is chosen. - `net`: A Network. The IP address did not fall into a known endpoint type. |
-| `source_labels` | array of keywords | Labels applied to the source pod. A hyphen indicates aggregation. |
-| `original_source_ips` | array of ips | List of external IP addresses collected from requests made to the cluster through an ingress resource. This field is only available if capturing external IP addresses is configured. |
-| `num_original_source_ips` | long | Number of unique external IP addresses collected from requests made to the cluster through an ingress resource. This count includes the IP addresses included in the `original_source_ips` field. This field is only available if capturing external IP addresses is configured. |
-| `tcp_mean_send_congestion_window` | long | Mean tcp send congestion window size. This field is only available if flowLogsEnableTcpStats is enabled |
-| `tcp_min_send_congestion_window` | long | Minimum tcp send congestion window size. This field is only available if flowLogsEnableTcpStats is enabled |
-| `tcp_mean_smooth_rtt` | long | Mean smooth RTT in micro seconds. This field is only available if flowLogsEnableTcpStats is enabled |
-| `tcp_max_smooth_rtt` | long | Maximum smooth RTT in micro seconds. This field is only available if flowLogsEnableTcpStats is enabled |
-| `tcp_mean_min_rtt` | long | Mean MinRTT in micro seconds. This field is only available if flowLogsEnableTcpStats is enabled |
-| `tcp_max_min_rtt` | long | Maximum MinRTT in micro seconds. This field is only available if flowLogsEnableTcpStats is enabled |
-| `tcp_mean_mss` | long | Mean TCP MSS. This field is only available if flowLogsEnableTcpStats is enabled |
-| `tcp_min_mss` | long | Minimum TCP MSS. This field is only available if flowLogsEnableTcpStats is enabled |
-| `tcp_total_retransmissions` | long | Total retransmitted packets. This field is only available if flowLogsEnableTcpStats is enabled |
-| `tcp_lost_packets` | long | Total lost packets. This field is only available if flowLogsEnableTcpStats is enabled |
-| `tcp_unrecovered_to` | long | Total unrecovered timeouts. This field is only available if flowLogsEnableTcpStats is enabled |
-
-### Format of the policies field
-
-The `policies` field contains a comma-delimited list of policy rules that matched the flow. Each entry in the
-list has the following format:
-
-```
-||||
-```
-
-Where,
-
-* `` numbers the order in which the rules were hit, starting with `0`.
- :::tip
- Sort the entries of the list by the `` to see the order that rules were hit. The entries are displayed in
- random order due to the way they are stored in the datastore.
- :::
-
-* `` is the name of the policy tier containing the policy, or `__PROFILE__` for a rule derived from a
- `Profile` resource (this is the internal datatype used to represent a Kubernetes namespace and its associated
- "default allow" rule).
-* `` is the name of the policy/profile; its format depends on the type of policy:
-
- * `.` for {{prodname}} `GlobalNetworkPolicy`.
- * `/knp.default.` for Kubernetes `NetworkPolicy`.
- * `/.` for {{prodname}} `NetworkPolicy`.
-
- Staged policy names are prefixed with "staged:".
-
-* `` is the action performed by the rule; one of `allow`, `deny`, `pass`.
-* `` if non-negative, is the index of the rule that was matched within the policy, starting with 0.
- Otherwise, a special value:
-
- * `-1` means the reporting endpoint was selected by the policy but no rule matched. The traffic hit the default
- action for the tier. In this case, the `` is selected arbitrarily from the set of policies within
- the tier that apply to the endpoint.
- * `-2` means "unknown". The rule index was not recorded.
diff --git a/calico/about/kubernetes-training/kubernetes-demo.mdx b/calico/about/kubernetes-training/kubernetes-demo.mdx
index 72c68fbd7c..10251cda33 100644
--- a/calico/about/kubernetes-training/kubernetes-demo.mdx
+++ b/calico/about/kubernetes-training/kubernetes-demo.mdx
@@ -67,7 +67,7 @@ kubectl create -f {{tutorialFilesURL}}/allow-ui.yaml
kubectl create -f {{tutorialFilesURL}}/allow-ui-client.yaml
```
-After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other any more.
+After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other anymore.
### 4) Create the backend-policy.yaml file to allow traffic from the frontend to the backend
diff --git a/calico/about/training-resources.mdx b/calico/about/training-resources.mdx
index 031eddfe53..8b5e3c11e9 100644
--- a/calico/about/training-resources.mdx
+++ b/calico/about/training-resources.mdx
@@ -12,5 +12,5 @@ description: Links to Calico resources for onboarding and training.
| Workshops | [Workshops and events](https://www.tigera.io/events/) |
| Videos, datasheets | [Videos, case studies, datasheets, etc.](https://www.tigera.io/resources/) |
| Blog | [Technical blog](https://www.tigera.io/blog/?_sft_post_tag=project-calico) |
-| Stay connected | • [Github](https://github.com/projectcalico/calico) • [{{prodname}} slack channel](https://calicousers.slack.com/) • [{{prodname}} YouTube channel](https://www.youtube.com/channel/UCFpTnXDNcBoXI4gqCDmegFA) • [Security bulletin of vulnerabilities](https://www.tigera.io/security-bulletins/) • [Twitter](https://twitter.com/projectcalico) • [Mailing list](https://www.tigera.io/project-calico/) |
-| Report a bug | • [Report an issue](https://github.com/projectcalico/calico/blob/master/CONTRIBUTING.md) • [Report a docs bug](https://github.com/tigera/docs/issues) |
\ No newline at end of file
+| Stay connected | • [GitHub](https://github.com/projectcalico/calico) • [{{prodname}} slack channel](https://calicousers.slack.com/) • [{{prodname}} YouTube channel](https://www.youtube.com/channel/UCFpTnXDNcBoXI4gqCDmegFA) • [Security bulletin of vulnerabilities](https://www.tigera.io/security-bulletins/) • [Twitter](https://twitter.com/projectcalico) • [Mailing list](https://www.tigera.io/project-calico/) |
+| Report a bug | • [Report an issue](https://github.com/projectcalico/calico/blob/master/CONTRIBUTING.md) • [Report a docs bug](https://github.com/tigera/docs/issues) |
diff --git a/calico/getting-started/kubernetes/kind.mdx b/calico/getting-started/kubernetes/kind.mdx
index 93e4dec6ac..76526d95d0 100644
--- a/calico/getting-started/kubernetes/kind.mdx
+++ b/calico/getting-started/kubernetes/kind.mdx
@@ -58,7 +58,7 @@ EOF
kind create cluster --config values.yaml --name dev
```
-3. Confirm that you now have three nodes in your cluster by runnibng the following command:
+3. Confirm that you now have three nodes in your cluster by running the following command:
```bash
kubectl get nodes -o wide
diff --git a/calico/getting-started/kubernetes/requirements.mdx b/calico/getting-started/kubernetes/requirements.mdx
index df169c5a4c..fb54786cdd 100644
--- a/calico/getting-started/kubernetes/requirements.mdx
+++ b/calico/getting-started/kubernetes/requirements.mdx
@@ -29,14 +29,14 @@ This installation must use the Kubernetes default CNI configuration directory (`
#### Other network providers
-Generally, you can not use {{prodname}} together with another network provider.
+Generally, you cannot use {{prodname}} together with another network provider.
Notable exceptions include the following:
* [flannel](flannel/index.mdx)
* Platform-specific CNIs, such as the [AWS VPC CNI](https://github.com/aws/amazon-vpc-cni-k8s/blob/master/README.md) and [Azure VNET CNI](https://github.com/Azure/azure-container-networking/blob/master/docs/cni.md) plugins.
-If you're working with a cluster that already uses another CNI, you can not migrate to {{prodname}}.
+If you're working with a cluster that already uses another CNI, you cannot migrate to {{prodname}}.
#### Supported kube-proxy modes
diff --git a/calico/getting-started/kubernetes/vpp/getting-started.mdx b/calico/getting-started/kubernetes/vpp/getting-started.mdx
index b3e13a135a..14957add6c 100644
--- a/calico/getting-started/kubernetes/vpp/getting-started.mdx
+++ b/calico/getting-started/kubernetes/vpp/getting-started.mdx
@@ -29,7 +29,7 @@ In addition, the VPP dataplane offers some specific features for network-intensi
:::note
The VPP dataplane has some minor behavioural differences wrt the other {{prodname}} dataplanes and some of the features are not supported. For details please refer to [Known issues & unsupported features](./specifics.mdx).
-Please report bugs on the [Calico Users slack](https://calicousers.slack.com/archives/C017220EXU1) or [Github](https://github.com/projectcalico/vpp-dataplane/issues)).
+Please report bugs on the [Calico Users slack](https://calicousers.slack.com/archives/C017220EXU1) or [GitHub](https://github.com/projectcalico/vpp-dataplane/issues)).
:::
diff --git a/calico/getting-started/kubernetes/vpp/openshift.mdx b/calico/getting-started/kubernetes/vpp/openshift.mdx
index f23bf01434..a2fb15ebdb 100644
--- a/calico/getting-started/kubernetes/vpp/openshift.mdx
+++ b/calico/getting-started/kubernetes/vpp/openshift.mdx
@@ -188,7 +188,7 @@ spec:
EOF
```
-3. Log in to the OpenShift console, navigate to the Installed Operators section and approve the pnstall plan for the operator.
+3. Log in to the OpenShift console, navigate to the Installed Operators section and approve the install plan for the operator.
:::note
diff --git a/calico/getting-started/openstack/installation/redhat.mdx b/calico/getting-started/openstack/installation/redhat.mdx
index b73a7e1171..5c0b8add7c 100644
--- a/calico/getting-started/openstack/installation/redhat.mdx
+++ b/calico/getting-started/openstack/installation/redhat.mdx
@@ -4,7 +4,7 @@ description: Install Calico on OpenStack, Red Hat Enterprise Linux nodes.
# Red Hat Enterprise Linux
-import OpenstackEtcdAuth from '@site/calico/_includes/content/_openstack-etcd-auth.mdx';
+import OpenStackEtcdAuth from '@site/calico/_includes/content/_openstack-etcd-auth.mdx';
These instructions will take you through a first-time install of
{{prodname}}. If you are upgrading an existing system, please see
@@ -283,4 +283,4 @@ On each compute node, perform the following steps:
service calico-felix restart
```
-
+
diff --git a/calico/getting-started/openstack/installation/ubuntu.mdx b/calico/getting-started/openstack/installation/ubuntu.mdx
index c99d8016ff..86ebadad96 100644
--- a/calico/getting-started/openstack/installation/ubuntu.mdx
+++ b/calico/getting-started/openstack/installation/ubuntu.mdx
@@ -4,7 +4,7 @@ description: Install Calico on OpenStack, Ubuntu nodes.
# Ubuntu
-import OpenstackEtcdAuth from '@site/calico/_includes/content/_openstack-etcd-auth.mdx';
+import OpenStackEtcdAuth from '@site/calico/_includes/content/_openstack-etcd-auth.mdx';
These instructions will take you through a first-time install of
{{prodname}}. If you are upgrading an existing system, please see
@@ -266,4 +266,4 @@ On each compute node, perform the following steps:
service calico-felix restart
```
-
+
diff --git a/calico/network-policy/get-started/kubernetes-policy/kubernetes-demo.mdx b/calico/network-policy/get-started/kubernetes-policy/kubernetes-demo.mdx
index 6d7be5d5a9..f3d32f518c 100644
--- a/calico/network-policy/get-started/kubernetes-policy/kubernetes-demo.mdx
+++ b/calico/network-policy/get-started/kubernetes-policy/kubernetes-demo.mdx
@@ -67,7 +67,7 @@ kubectl create -f {{tutorialFilesURL}}/allow-ui.yaml
kubectl create -f {{tutorialFilesURL}}/allow-ui-client.yaml
```
-After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other any more.
+After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other anymore.
### 4) Create the backend-policy.yaml file to allow traffic from the frontend to the backend
diff --git a/calico/network-policy/hosts/host-forwarded-traffic.mdx b/calico/network-policy/hosts/host-forwarded-traffic.mdx
index 75e9b7399f..c3ae605d3e 100644
--- a/calico/network-policy/hosts/host-forwarded-traffic.mdx
+++ b/calico/network-policy/hosts/host-forwarded-traffic.mdx
@@ -110,7 +110,7 @@ spec:
- 22
```
-Save this as allow-ssh-maintenace.yaml.
+Save this as allow-ssh-maintenance.yaml.
Apply the policy to the cluster:
diff --git a/calico/network-policy/hosts/protect-hosts.mdx b/calico/network-policy/hosts/protect-hosts.mdx
index efd0ab3b6b..b4673b68fe 100644
--- a/calico/network-policy/hosts/protect-hosts.mdx
+++ b/calico/network-policy/hosts/protect-hosts.mdx
@@ -24,7 +24,7 @@ Each host has one or more network interfaces that it uses to communicate externa
### Failsafe rules
-It is easy to inadvertently cut all host connectivity because of non-existent or misconfigured network policy. To avoid this, {{prodname}} provides failsafe rules with default/configurable ports that are open on all host endpoints.
+It is easy to inadvertently cut all host connectivity because of nonexistent or misconfigured network policy. To avoid this, {{prodname}} provides failsafe rules with default/configurable ports that are open on all host endpoints.
### Default behavior of workload to host traffic
@@ -58,7 +58,7 @@ If you are already running {{prodname}} for Kubernetes, you are good to go. If y
### Avoid accidentally cutting all host connectivity
-To avoid inadvertently cutting all host connectivity because of non-existent or misconfigured network policy, {{prodname}} uses failsafe rules that open specific ports and CIDRs on all host endpoints.
+To avoid inadvertently cutting all host connectivity because of nonexistent or misconfigured network policy, {{prodname}} uses failsafe rules that open specific ports and CIDRs on all host endpoints.
Review the following table to determine if the defaults work for your implementation. If not, change the default ports using the parameters, **FailsafeInboundHostPorts** and **FailsafeOutboundHostPorts** in [Configuring Felix](../../reference/felix/configuration.mdx#environment-variables).
diff --git a/calico/networking/openstack/configuration.mdx b/calico/networking/openstack/configuration.mdx
index 6fb5906a17..2ede08d76f 100644
--- a/calico/networking/openstack/configuration.mdx
+++ b/calico/networking/openstack/configuration.mdx
@@ -72,7 +72,7 @@ node belongs to.
When specified, the value of `openstack_region` must be a string of lower case alphanumeric
characters or '-', starting and ending with an alphanumeric character, and must match the value of
-[`OpenstackRegion`](../../reference/felix/configuration.mdx#openstack-specific-configuration)
+[`OpenStackRegion`](../../reference/felix/configuration.mdx#openstack-specific-configuration)
configured for the Felixes in the same region.
## ML2 (.../ml2_conf.ini)
diff --git a/calico/networking/openstack/multiple-regions.mdx b/calico/networking/openstack/multiple-regions.mdx
index c8347cd5f9..17d15fa927 100644
--- a/calico/networking/openstack/multiple-regions.mdx
+++ b/calico/networking/openstack/multiple-regions.mdx
@@ -53,7 +53,7 @@ except for these points:
```conf
[global]
- OpenstackRegion =
+ OpenStackRegion =
```
where `` is the name of the region that that compute host belongs to.
@@ -69,7 +69,7 @@ except for these points:
:::note
-the value specified for `OpenstackRegion` and `openstack_region`
+the value specified for `OpenStackRegion` and `openstack_region`
must be a string of lower case alphanumeric characters or '-', starting and
ending with an alphanumeric character.
@@ -83,9 +83,9 @@ for the region will think that there are no working compute nodes.
:::
-### Configuring Openstack
+### Configuring OpenStack
-You should now create networks in your Openstack regions as normal. e.g.
+You should now create networks in your OpenStack regions as normal. e.g.
```bash
neutron net-create --shared calico
diff --git a/calico/operations/datastore-migration.mdx b/calico/operations/datastore-migration.mdx
index 4b8cd321c9..d540f14fab 100644
--- a/calico/operations/datastore-migration.mdx
+++ b/calico/operations/datastore-migration.mdx
@@ -50,7 +50,7 @@ documentation.
:::note
- After running the above command, you can not make changes to the configuration of your cluster until the
+ After running the above command, you cannot make changes to the configuration of your cluster until the
migration is complete. New pods will not be started until after the migration.
:::
diff --git a/calico/operations/ebpf/enabling-ebpf.mdx b/calico/operations/ebpf/enabling-ebpf.mdx
index 728b608bc2..c7815928e1 100644
--- a/calico/operations/ebpf/enabling-ebpf.mdx
+++ b/calico/operations/ebpf/enabling-ebpf.mdx
@@ -59,7 +59,7 @@ Limitations:
- Dual stack is not supported. However, ipv4 traffic is allowed into hosts (not workloads) because many managed Kubernetes environments have ipv4-based control plane.
- `doNotTrack` policies (xdp) are not supported
- - IPIP is not supported ({{prodname}} iptables does not supporte it either). VXLAN is the recommended overlay for eBPF mode.
+ - IPIP is not supported ({{prodname}} iptables does not support it either). VXLAN is the recommended overlay for eBPF mode.
To enable IPv6 in eBPF mode, see [Configure dual stack or IPv6 only](../../networking/ipam/ipv6.mdx). You may be able to run with non-Calico IPAM. eks-cni is known to work.
@@ -343,7 +343,7 @@ calicoctl patch felixconfiguration default --patch='{"spec": {"bpfEnabled": true
-When enabling eBPF mode, pre-existing connections continue to use the non-BPF datapath; such connections should
+When enabling eBPF mode, preexisting connections continue to use the non-BPF datapath; such connections should
not be disrupted, but they do not benefit from eBPF mode’s advantages.
### Try out DSR mode
diff --git a/calico/operations/ebpf/install.mdx b/calico/operations/ebpf/install.mdx
index 29979a36b0..dc16a6c29b 100644
--- a/calico/operations/ebpf/install.mdx
+++ b/calico/operations/ebpf/install.mdx
@@ -59,7 +59,7 @@ Limitations:
- Dual stack is not supported. However, ipv4 traffic is allowed into hosts (not workloads) because many managed Kubernetes environments have ipv4-based control plane.
- `doNotTrack` policies (xdp) are not supported
- - IPIP is not supported ({{prodname}} iptables does not supporte it either). VXLAN is the recommended overlay for eBPF mode.
+ - IPIP is not supported ({{prodname}} iptables does not support it either). VXLAN is the recommended overlay for eBPF mode.
To enable IPv6 in eBPF mode, see [Configure dual stack or IPv6 only](../../networking/ipam/ipv6.mdx). You may be able to run with non-Calico IPAM. eks-cni is known to work.
diff --git a/calico/operations/troubleshoot/vpp.mdx b/calico/operations/troubleshoot/vpp.mdx
index 9eadf980e7..c0a03a250c 100644
--- a/calico/operations/troubleshoot/vpp.mdx
+++ b/calico/operations/troubleshoot/vpp.mdx
@@ -8,7 +8,7 @@ description: Specific troubleshooting steps for the VPP dataplane.
This page describes the troubleshooting steps for the [VPP dataplane](../../getting-started/kubernetes/vpp/getting-started.mdx). If you did not configure the VPP dataplane, this page is not for you!
-If you're encountering issues with the VPP dataplane, feel free to reach out to us either on the [#vpp channel](https://calicousers.slack.com/archives/C017220EXU1) on the {{prodname}} slack, or by opening a new issue in [Github](https://github.com/projectcalico/vpp-dataplane/issues)).
+If you're encountering issues with the VPP dataplane, feel free to reach out to us either on the [#vpp channel](https://calicousers.slack.com/archives/C017220EXU1) on the {{prodname}} slack, or by opening a new issue in [GitHub](https://github.com/projectcalico/vpp-dataplane/issues)).
## Installing calivppctl
diff --git a/calico/reference/architecture/design/l2-interconnect-fabric.mdx b/calico/reference/architecture/design/l2-interconnect-fabric.mdx
index 55fdb2ba9a..422372357d 100644
--- a/calico/reference/architecture/design/l2-interconnect-fabric.mdx
+++ b/calico/reference/architecture/design/l2-interconnect-fabric.mdx
@@ -50,7 +50,7 @@ context.
In a classical Ethernet data center fabric, there is a _churn_ event each time an endpoint is created,
destroyed, or moved. In a large data center, with hundreds of thousands of endpoints, this _churn_ could run into tens of events per second, every second of the day, with peaks easily in the hundreds or thousands of events per second. In a {{prodname}} network, however, the _churn_ is very low. The only event that would lead to _churn_
- orders of magnitude more than what is normally experienced), there would only be two thousand events per **day**. Any switch that can not handle that volume of change in the network should not be used
+ orders of magnitude more than what is normally experienced), there would only be two thousand events per **day**. Any switch that cannot handle that volume of change in the network should not be used
for any application.
- High volume of broadcast traffic
@@ -87,7 +87,7 @@ In this diagram, each ToR is segmented into four logical switches (possibly by u
Each plane would constitute an IP network, so the blue plane would be 2001:db8:1000::/36, the green would be 2001:db8:2000::/36, and the orange and red planes would be 2001:db8:3000::/36 and 2001:db8:4000::/36 respectively ([note 3](#note-3)).
-Each IP network (plane) requires it's own BGP route reflectors. Those route reflectors need to be peered with each other within the plane, but the route reflectors in each plane do not need to be peered with one another. Therefore, a fabric of four planes would have four route reflector meshes. Each compute server, border router, _etc._ would need
+Each IP network (plane) requires its own BGP route reflectors. Those route reflectors need to be peered with each other within the plane, but the route reflectors in each plane do not need to be peered with one another. Therefore, a fabric of four planes would have four route reflector meshes. Each compute server, border router, _etc._ would need
to be a route reflector client of at least one route reflector in each plane, and very preferably two or more in each plane.
The following diagram visualizes the route reflector environment.
diff --git a/calico/reference/calicoctl/delete.mdx b/calico/reference/calicoctl/delete.mdx
index b6cab4d2e1..829a324591 100644
--- a/calico/reference/calicoctl/delete.mdx
+++ b/calico/reference/calicoctl/delete.mdx
@@ -77,7 +77,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to delete a resource that does not exists is treated as a
terminating error unless the --skip-not-exists flag is set. If this flag is
diff --git a/calico/reference/calicoctl/get.mdx b/calico/reference/calicoctl/get.mdx
index 3391bb520b..48147f79a7 100644
--- a/calico/reference/calicoctl/get.mdx
+++ b/calico/reference/calicoctl/get.mdx
@@ -81,7 +81,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to get resources that do not exist will simply return no results.
diff --git a/calico/reference/calicoctl/label.mdx b/calico/reference/calicoctl/label.mdx
index 2681f29a49..e6f5c8fd75 100644
--- a/calico/reference/calicoctl/label.mdx
+++ b/calico/reference/calicoctl/label.mdx
@@ -52,10 +52,10 @@ Options:
--overwrite If true, overwrite the value when the key is already
present in labels. Otherwise reports error when the
labeled resource already have the key in its labels.
- Can not be used with --remove.
+ Cannot be used with --remove.
--remove If true, remove the specified key in labels of the
resource. Reports error when specified key does not
- exist. Can not be used with --overwrite.
+ exist. Cannot be used with --overwrite.
--context= The name of the kubeconfig context to use.
Description:
@@ -75,7 +75,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to label resources that do not exist will get an error.
@@ -133,10 +133,10 @@ Description:
--overwrite If true, overwrite the value when the key is already
present in labels. Otherwise reports error when the
labeled resource already have the key in its labels.
- Can not be used with --remove.
+ Cannot be used with --remove.
--remove If true, remove the specified key in labels of the
resource. Reports error when specified key does not
- exist. Can not be used with --overwrite.
+ exist. Cannot be used with --overwrite.
```
### General options
diff --git a/calico/reference/calicoctl/node/run.mdx b/calico/reference/calicoctl/node/run.mdx
index 3d2f9a60a6..f094a2ba2e 100644
--- a/calico/reference/calicoctl/node/run.mdx
+++ b/calico/reference/calicoctl/node/run.mdx
@@ -100,7 +100,7 @@ Options:
system.
--no-default-ippools Do not create default pools upon startup.
Default IP pools will be created if this is not set
- and there are no pre-existing Calico IP pools.
+ and there are no preexisting Calico IP pools.
--disable-docker-networking
Disable Docker networking.
--docker-networking-ifprefix=
@@ -342,7 +342,7 @@ terminating `,` character does not need to be specified for those cases.
system.
--no-default-ippools Do not create default pools upon startup.
Default IP pools will be created if this is not set
- and there are no pre-existing Calico IP pools.
+ and there are no preexisting Calico IP pools.
--disable-docker-networking
Disable Docker networking.
--docker-networking-ifprefix=
diff --git a/calico/reference/calicoctl/overview.mdx b/calico/reference/calicoctl/overview.mdx
index a0dae779f0..67258a2255 100644
--- a/calico/reference/calicoctl/overview.mdx
+++ b/calico/reference/calicoctl/overview.mdx
@@ -37,7 +37,7 @@ Usage:
replace Replace a resource by file, directory or stdin.
apply Apply a resource by file, directory or stdin. This creates a resource
if it does not exist, and replaces a resource if it does exists.
- patch Patch a pre-existing resource in place.
+ patch Patch a preexisting resource in place.
delete Delete a resource identified by file, directory, stdin or resource type and
name.
get Get a resource identified by file, directory, stdin or resource type and
@@ -105,7 +105,7 @@ See [Configuring Felix](../felix/configuration.mdx) for more details.
## Supported resource definition aliases
The following table lists supported aliases for {{prodname}} resources when using `calicoctl`. Note that all aliases
-are **case insensitive**.
+are **case-insensitive**.
| Resource definition | Supported calicoctl aliases |
| :----------------------------------- | :---------------------------------------------------------------------------- |
diff --git a/calico/reference/calicoctl/patch.mdx b/calico/reference/calicoctl/patch.mdx
index 826845fce6..e7bf8dbf1c 100644
--- a/calico/reference/calicoctl/patch.mdx
+++ b/calico/reference/calicoctl/patch.mdx
@@ -59,7 +59,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to patch a resource that does not exists is treated as a
terminating error unless the --skip-not-exists flag is set. If this flag is
set, resources that do not exist are skipped.
diff --git a/calico/reference/felix/configuration.mdx b/calico/reference/felix/configuration.mdx
index 7c96d3c5d4..f132cc356e 100644
--- a/calico/reference/felix/configuration.mdx
+++ b/calico/reference/felix/configuration.mdx
@@ -60,7 +60,7 @@ The full list of parameters which can be set is as follows.
| `HealthEnabled` | `FELIX_HEALTHENABLED` | When enabled, exposes felix health information via an http endpoint. | boolean |
| `HealthHost` | `FELIX_HEALTHHOST` | The address on which Felix will respond to health requests. [Default: `localhost`] | string |
| `HealthPort` | `FELIX_HEALTHPORT` | The port on which Felix will respond to health requests. [Default: `9099`] | int |
-| `HealthTimeoutOverrides` | `FELIX_HEALTHTIMEOUTOVERRIDES` | Allows the internal watchdog timeouts of individual subcomponents to be overriden; example: "InternalDataplaneMainLoop=30s,CalculationGraph=2m". This is useful for working around "false positive" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs. [Default: ``] | Comma-delimited list of key/value pairs where the values are durations: `1s`, `10s`, `5m`, etc. |
+| `HealthTimeoutOverrides` | `FELIX_HEALTHTIMEOUTOVERRIDES` | Allows the internal watchdog timeouts of individual subcomponents to be overridden; example: "InternalDataplaneMainLoop=30s,CalculationGraph=2m". This is useful for working around "false positive" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs. [Default: ``] | Comma-delimited list of key/value pairs where the values are durations: `1s`, `10s`, `5m`, etc. |
| `IpInIpEnabled` | `FELIX_IPINIPENABLED` | Optional, you shouldn't need to change this setting as Felix calculates if IPIP should be enabled based on the existing IP Pools. When set, this overrides whether Felix should configure an IPinIP interface on the host. When explicitly disabled in FelixConfiguration, Felix will not clean up addresses from the `tunl0` interface (use this if you need to add addresses to that interface and don't want to have them removed). [Default: unset] | optional boolean |
| `IpInIpMtu` | `FELIX_IPINIPMTU` | The MTU to set on the IPIP tunnel device. Zero value means auto-detect. See [Configuring MTU](../../networking/configuring/mtu.mdx) [Default: `0`] | int |
| `IPv4VXLANTunnelAddr` | | IP address of the IPv4 VXLAN tunnel. This is system configured and should not be updated manually. | string |
@@ -104,7 +104,7 @@ The full list of parameters which can be set is as follows.
#### Feature Gates
-* `BPFConnectTimeLoadBalancingWorkaround` - Use when connect-time loadblalancer (CTLB) is turned off or if you want to turn it off for UDP only. When CTLB is turned off, host networked processes cannot always reach services. This workaround makes sure that they can. When CTLB is turned on, UDP clients may get stuck sending traffic to endpoint that does not exist anymore. So CTLB needs to be turned off sometimes.
+* `BPFConnectTimeLoadBalancingWorkaround` - Use when connect-time loadbalancer (CTLB) is turned off or if you want to turn it off for UDP only. When CTLB is turned off, host networked processes cannot always reach services. This workaround makes sure that they can. When CTLB is turned on, UDP clients may get stuck sending traffic to endpoint that does not exist anymore. So CTLB needs to be turned off sometimes.
* `enabled` - when CTLB is turned off make sure that services are always accessible.
* `udp` - turns off CTLB for UDP only and makes sure that services are always accessible. Preferred setting to make sure that DNS works.
@@ -208,11 +208,11 @@ for 1022 endpoints on the host.
| Configuration parameter | Environment variable | Description | Schema |
| ----------------------- | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------- |
-| `MetadataAddr` | `FELIX_METADATAADDR` | The IP address or domain name of the server that can answer VM queries for cloud-init metadata. In OpenStack, this corresponds to the machine running nova-api (or in Ubuntu, nova-api-metadata). A value of `none` (case insensitive) means that Felix should not set up any NAT rule for the metadata path. [Default: `127.0.0.1`] | ``, ``, `none` |
+| `MetadataAddr` | `FELIX_METADATAADDR` | The IP address or domain name of the server that can answer VM queries for cloud-init metadata. In OpenStack, this corresponds to the machine running nova-api (or in Ubuntu, nova-api-metadata). A value of `none` (case-insensitive) means that Felix should not set up any NAT rule for the metadata path. [Default: `127.0.0.1`] | ``, ``, `none` |
| `MetadataPort` | `FELIX_METADATAPORT` | The port of the metadata server. This, combined with global.MetadataAddr (if not 'None'), is used to set up a NAT rule, from 169.254.169.254:80 to MetadataAddr:MetadataPort. In most cases this should not need to be changed [Default: `8775`]. | int |
-| `OpenstackRegion` | `FELIX_OPENSTACKREGION` | In a [multi-region deployment](../../networking/openstack/multiple-regions.mdx), the name of the region that this Felix is in. [Default: none]. | string\* |
+| `OpenStackRegion` | `FELIX_OPENSTACKREGION` | In a [multi-region deployment](../../networking/openstack/multiple-regions.mdx), the name of the region that this Felix is in. [Default: none]. | string\* |
-\* If non-empty, the value specified for `OpenstackRegion` must be a
+\* If non-empty, the value specified for `OpenStackRegion` must be a
string of lower case alphanumeric characters or '-', starting and
ending with an alphanumeric character.
diff --git a/calico/reference/installation/_api.mdx b/calico/reference/installation/_api.mdx
index 5930c66358..69418ce786 100644
--- a/calico/reference/installation/_api.mdx
+++ b/calico/reference/installation/_api.mdx
@@ -234,7 +234,7 @@ WAFStatusType
WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster.
-When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
+When enabled, Services may opt-in to having ingress traffic examined by ModSecurity.
@@ -2485,7 +2485,7 @@ WAFStatusType
WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster.
-When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
+When enabled, Services may opt-in to having ingress traffic examined by ModSecurity.
@@ -6398,7 +6398,7 @@ int32
(Optional)
-BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from
+BlockSize specifies the CIDR prefix length to use when allocating per-node IP blocks from
the main IP pool CIDR.
Default: 26 (IPv4), 122 (IPv6)
@@ -7281,7 +7281,7 @@ int32
MTU is the most recently observed value for pod network MTU. This may be an explicitly
-configured value, or based on Calico’s native auto-detetion.
+configured value, or based on Calico’s native auto-detection.
diff --git a/calico/reference/public-cloud/azure.mdx b/calico/reference/public-cloud/azure.mdx
index 11e253f9a7..0135b8995c 100644
--- a/calico/reference/public-cloud/azure.mdx
+++ b/calico/reference/public-cloud/azure.mdx
@@ -27,7 +27,7 @@ You can use {{prodname}} policy with one of the following networking options.
To configure Azure user-defined routes (UDR):
- Create an [Azure route table][azureudrcreate] and
- associatе it with the VMs subnet.
+ associate it with the VMs subnet.
- Enable [IP forwarding enabled][azureipforward] in your
VM network interfaces.
diff --git a/calico/reference/resources/felixconfig.mdx b/calico/reference/resources/felixconfig.mdx
index 6dd7c0edde..0139df1bfd 100644
--- a/calico/reference/resources/felixconfig.mdx
+++ b/calico/reference/resources/felixconfig.mdx
@@ -74,7 +74,7 @@ spec:
| logSeveritySys | The log severity above which logs are sent to the syslog. Set to `none` for no logging to syslog. | Debug, Info, Warning, Error, Fatal | string | `Info` |
| logDebugFilenameRegex | controls which source code files have their Debug log output included in the logs. Only logs from files with names that match the given regular expression are included. The filter only applies to Debug level logs. | regex | string | `""` |
| maxIpsetSize | Maximum size for the ipsets used by Felix. Should be set to a number that is greater than the maximum number of IP addresses that are ever expected in a selector. | int | int | `1048576` |
-| metadataAddr | The IP address or domain name of the server that can answer VM queries for cloud-init metadata. In OpenStack, this corresponds to the machine running nova-api (or in Ubuntu, nova-api-metadata). A value of `none` (case insensitive) means that Felix should not set up any NAT rule for the metadata path. | IPv4, hostname, none | string | `127.0.0.1` |
+| metadataAddr | The IP address or domain name of the server that can answer VM queries for cloud-init metadata. In OpenStack, this corresponds to the machine running nova-api (or in Ubuntu, nova-api-metadata). A value of `none` (case-insensitive) means that Felix should not set up any NAT rule for the metadata path. | IPv4, hostname, none | string | `127.0.0.1` |
| metadataPort | The port of the metadata server. This, combined with global.MetadataAddr (if not 'None'), is used to set up a NAT rule, from 169.254.169.254:80 to MetadataAddr:MetadataPort. In most cases this should not need to be changed. | int | int | `8775` |
| natOutgoingAddress | The source address to use for outgoing NAT. By default an iptables MASQUERADE rule determines the source address which will use the address on the host interface the traffic leaves on. | IPV4 | string | `""` |
| openstackRegion | The name of the region that a particular Felix belongs to. In a [multi-region Calico/OpenStack deployment](../../networking/openstack/multiple-regions.mdx), this must be configured somehow for each Felix (here in the datamodel, or in felix.cfg or the environment on each compute node), and must match the [calico] openstack_region value configured in neutron.conf on each node. | string of lower case alphanumeric characters or '-', starting and ending with an alphanumeric character | string | `""` |
diff --git a/calico/reference/resources/kubecontrollersconfig.mdx b/calico/reference/resources/kubecontrollersconfig.mdx
index 431d87b532..ed63db5d31 100644
--- a/calico/reference/resources/kubecontrollersconfig.mdx
+++ b/calico/reference/resources/kubecontrollersconfig.mdx
@@ -62,7 +62,7 @@ spec:
| node | Enable and configure the node controller | omit to disable, or [NodeController](#nodecontroller) |
| policy | Enable and configure the network policy controller | omit to disable, or [PolicyController](#policycontroller) |
| workloadEndpoint | Enable and configure the workload endpoint controller | omit to disable, or [WorkloadEndpointController](#workloadendpointcontroller) |
-| serviceAccount | Enable and configure the service account controller | omit to disable, or [ServiceAccountController](#serviceaccountcontroller) |
+| serviceAccount | Enable and configure the service account controller | omit to disable, or [ServiceAccountController](#serviceaccountcontroller) |
| namespace | Enable and configure the namespace controller | omit to disable, or [NamespaceController](#namespacecontroller) |
### NodeController
diff --git a/calico/reference/resources/networkset.mdx b/calico/reference/resources/networkset.mdx
index 208c6ae1df..ec7b8ded83 100644
--- a/calico/reference/resources/networkset.mdx
+++ b/calico/reference/resources/networkset.mdx
@@ -26,7 +26,7 @@ networks listed in a network set. For example, in Kubernetes, incoming traffic v
typically SNATed by the kube-proxy before reaching the destination host so {{prodname}}'s workload
policy will see the kube-proxy's host's IP as the source instead of the real source.
For `calicoctl` commands that specify a resource type on the CLI, the following
-aliases are supported (all case insensitive): `networkset`, `networksets`, `netsets`.
+aliases are supported (all case-insensitive): `networkset`, `networksets`, `netsets`.
:::
diff --git a/calico/reference/typha/configuration.mdx b/calico/reference/typha/configuration.mdx
index bd595c1de4..ce7dbf8290 100644
--- a/calico/reference/typha/configuration.mdx
+++ b/calico/reference/typha/configuration.mdx
@@ -10,7 +10,7 @@ import TabItem from '@theme/TabItem';
-Typha configuration can not be modified when Calico is installed via the operator.
+Typha configuration cannot be modified when Calico is installed via the operator.
diff --git a/calico/training/index.mdx b/calico/training/index.mdx
index 234375f7ee..899c659d64 100644
--- a/calico/training/index.mdx
+++ b/calico/training/index.mdx
@@ -12,5 +12,5 @@ description: Links to Calico resources for onboarding and training.
| Workshops and events | - [Workshops and events](https://www.tigera.io/events/) - [Tradeshows](https://www.tigera.io/lp/tradeshows/) |
| Videos, datasheets | [Videos, case studies, datasheets, etc.](https://www.tigera.io/resources/) |
| Blog | [Technical blog](https://www.tigera.io/blog/) |
-| Stay connected | - [Github](https://github.com/projectcalico/calico) - [Calico YouTube channel](https://www.youtube.com/channel/UCFpTnXDNcBoXI4gqCDmegFA) - [Security bulletin of vulnerabilities](https://www.tigera.io/security-bulletins/) - [Twitter](https://twitter.com/projectcalico) |
+| Stay connected | - [GitHub](https://github.com/projectcalico/calico) - [Calico YouTube channel](https://www.youtube.com/channel/UCFpTnXDNcBoXI4gqCDmegFA) - [Security bulletin of vulnerabilities](https://www.tigera.io/security-bulletins/) - [Twitter](https://twitter.com/projectcalico) |
| Report a bug | [Create a new issue](https://github.com/projectcalico/calico/issues) |
diff --git a/calico_versioned_docs/version-3.25/getting-started/kubernetes/requirements.mdx b/calico_versioned_docs/version-3.25/getting-started/kubernetes/requirements.mdx
index 9ccec56df3..690cda00ec 100644
--- a/calico_versioned_docs/version-3.25/getting-started/kubernetes/requirements.mdx
+++ b/calico_versioned_docs/version-3.25/getting-started/kubernetes/requirements.mdx
@@ -35,14 +35,14 @@ For Kubernetes 1.23 or earlier, the kubelet must be configured to use CNI networ
#### Other network providers
-Generally, you can not use {{prodname}} together with another network provider.
+Generally, you cannot use {{prodname}} together with another network provider.
Notable exceptions include the following:
* [flannel](flannel/index.mdx)
* Platform-specific CNIs, such as the [AWS VPC CNI](https://github.com/aws/amazon-vpc-cni-k8s/blob/master/README.md) and [Azure VNET CNI](https://github.com/Azure/azure-container-networking/blob/master/docs/cni.md) plugins.
-If you're working with a cluster that already uses another CNI, you can not migrate to {{prodname}}.
+If you're working with a cluster that already uses another CNI, you cannot migrate to {{prodname}}.
#### Supported kube-proxy modes
diff --git a/calico_versioned_docs/version-3.25/getting-started/kubernetes/vpp/getting-started.mdx b/calico_versioned_docs/version-3.25/getting-started/kubernetes/vpp/getting-started.mdx
index 4ec30ec7bb..d88fb13815 100644
--- a/calico_versioned_docs/version-3.25/getting-started/kubernetes/vpp/getting-started.mdx
+++ b/calico_versioned_docs/version-3.25/getting-started/kubernetes/vpp/getting-started.mdx
@@ -13,7 +13,7 @@ Install {{prodname}} and enable the beta release of the VPP dataplane.
:::caution
-The VPP dataplane is in beta and should not be used in production clusters. It has had lots of testing and is pretty stable. However, chances are that some bugs are still lurking around (please report these on the [Calico Users slack](https://calicousers.slack.com/archives/C017220EXU1) or [Github](https://github.com/projectcalico/vpp-dataplane/issues)). In addition, it still does not support all the features of {{prodname}}.
+The VPP dataplane is in beta and should not be used in production clusters. It has had lots of testing and is pretty stable. However, chances are that some bugs are still lurking around (please report these on the [Calico Users slack](https://calicousers.slack.com/archives/C017220EXU1) or [GitHub](https://github.com/projectcalico/vpp-dataplane/issues)). In addition, it still does not support all the features of {{prodname}}.
:::
diff --git a/calico_versioned_docs/version-3.25/getting-started/openstack/installation/redhat.mdx b/calico_versioned_docs/version-3.25/getting-started/openstack/installation/redhat.mdx
index e3888121fc..da2e8ba686 100644
--- a/calico_versioned_docs/version-3.25/getting-started/openstack/installation/redhat.mdx
+++ b/calico_versioned_docs/version-3.25/getting-started/openstack/installation/redhat.mdx
@@ -4,7 +4,7 @@ description: Install Calico on OpenStack, Red Hat Enterprise Linux nodes.
# Red Hat Enterprise Linux
-import OpenstackEtcdAuth from '@site/calico_versioned_docs/version-3.25/_includes/content/_openstack-etcd-auth.mdx';
+import OpenStackEtcdAuth from '@site/calico_versioned_docs/version-3.25/_includes/content/_openstack-etcd-auth.mdx';
These instructions will take you through a first-time install of
{{prodname}}. If you are upgrading an existing system, please see
@@ -284,4 +284,4 @@ On each compute node, perform the following steps:
service calico-felix restart
```
-
+
diff --git a/calico_versioned_docs/version-3.25/getting-started/openstack/installation/ubuntu.mdx b/calico_versioned_docs/version-3.25/getting-started/openstack/installation/ubuntu.mdx
index 2d8f592718..8f01666583 100644
--- a/calico_versioned_docs/version-3.25/getting-started/openstack/installation/ubuntu.mdx
+++ b/calico_versioned_docs/version-3.25/getting-started/openstack/installation/ubuntu.mdx
@@ -4,7 +4,7 @@ description: Install Calico on OpenStack, Ubuntu nodes.
# Ubuntu
-import OpenstackEtcdAuth from '@site/calico_versioned_docs/version-3.25/_includes/content/_openstack-etcd-auth.mdx';
+import OpenStackEtcdAuth from '@site/calico_versioned_docs/version-3.25/_includes/content/_openstack-etcd-auth.mdx';
These instructions will take you through a first-time install of
{{prodname}}. If you are upgrading an existing system, please see
@@ -267,4 +267,4 @@ On each compute node, perform the following steps:
service calico-felix restart
```
-
+
diff --git a/calico_versioned_docs/version-3.25/network-policy/get-started/kubernetes-policy/kubernetes-demo.mdx b/calico_versioned_docs/version-3.25/network-policy/get-started/kubernetes-policy/kubernetes-demo.mdx
index 6d7be5d5a9..f3d32f518c 100644
--- a/calico_versioned_docs/version-3.25/network-policy/get-started/kubernetes-policy/kubernetes-demo.mdx
+++ b/calico_versioned_docs/version-3.25/network-policy/get-started/kubernetes-policy/kubernetes-demo.mdx
@@ -67,7 +67,7 @@ kubectl create -f {{tutorialFilesURL}}/allow-ui.yaml
kubectl create -f {{tutorialFilesURL}}/allow-ui-client.yaml
```
-After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other any more.
+After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other anymore.
### 4) Create the backend-policy.yaml file to allow traffic from the frontend to the backend
diff --git a/calico_versioned_docs/version-3.25/network-policy/hosts/host-forwarded-traffic.mdx b/calico_versioned_docs/version-3.25/network-policy/hosts/host-forwarded-traffic.mdx
index 6d3721402a..6fffb89a07 100644
--- a/calico_versioned_docs/version-3.25/network-policy/hosts/host-forwarded-traffic.mdx
+++ b/calico_versioned_docs/version-3.25/network-policy/hosts/host-forwarded-traffic.mdx
@@ -110,7 +110,7 @@ spec:
- 22
```
-Save this as allow-ssh-maintenace.yaml.
+Save this as allow-ssh-maintenance.yaml.
Apply the policy to the cluster:
diff --git a/calico_versioned_docs/version-3.25/network-policy/hosts/protect-hosts.mdx b/calico_versioned_docs/version-3.25/network-policy/hosts/protect-hosts.mdx
index efd0ab3b6b..b4673b68fe 100644
--- a/calico_versioned_docs/version-3.25/network-policy/hosts/protect-hosts.mdx
+++ b/calico_versioned_docs/version-3.25/network-policy/hosts/protect-hosts.mdx
@@ -24,7 +24,7 @@ Each host has one or more network interfaces that it uses to communicate externa
### Failsafe rules
-It is easy to inadvertently cut all host connectivity because of non-existent or misconfigured network policy. To avoid this, {{prodname}} provides failsafe rules with default/configurable ports that are open on all host endpoints.
+It is easy to inadvertently cut all host connectivity because of nonexistent or misconfigured network policy. To avoid this, {{prodname}} provides failsafe rules with default/configurable ports that are open on all host endpoints.
### Default behavior of workload to host traffic
@@ -58,7 +58,7 @@ If you are already running {{prodname}} for Kubernetes, you are good to go. If y
### Avoid accidentally cutting all host connectivity
-To avoid inadvertently cutting all host connectivity because of non-existent or misconfigured network policy, {{prodname}} uses failsafe rules that open specific ports and CIDRs on all host endpoints.
+To avoid inadvertently cutting all host connectivity because of nonexistent or misconfigured network policy, {{prodname}} uses failsafe rules that open specific ports and CIDRs on all host endpoints.
Review the following table to determine if the defaults work for your implementation. If not, change the default ports using the parameters, **FailsafeInboundHostPorts** and **FailsafeOutboundHostPorts** in [Configuring Felix](../../reference/felix/configuration.mdx#environment-variables).
diff --git a/calico_versioned_docs/version-3.25/networking/openstack/configuration.mdx b/calico_versioned_docs/version-3.25/networking/openstack/configuration.mdx
index 6fb5906a17..2ede08d76f 100644
--- a/calico_versioned_docs/version-3.25/networking/openstack/configuration.mdx
+++ b/calico_versioned_docs/version-3.25/networking/openstack/configuration.mdx
@@ -72,7 +72,7 @@ node belongs to.
When specified, the value of `openstack_region` must be a string of lower case alphanumeric
characters or '-', starting and ending with an alphanumeric character, and must match the value of
-[`OpenstackRegion`](../../reference/felix/configuration.mdx#openstack-specific-configuration)
+[`OpenStackRegion`](../../reference/felix/configuration.mdx#openstack-specific-configuration)
configured for the Felixes in the same region.
## ML2 (.../ml2_conf.ini)
diff --git a/calico_versioned_docs/version-3.25/networking/openstack/multiple-regions.mdx b/calico_versioned_docs/version-3.25/networking/openstack/multiple-regions.mdx
index c8347cd5f9..17d15fa927 100644
--- a/calico_versioned_docs/version-3.25/networking/openstack/multiple-regions.mdx
+++ b/calico_versioned_docs/version-3.25/networking/openstack/multiple-regions.mdx
@@ -53,7 +53,7 @@ except for these points:
```conf
[global]
- OpenstackRegion =
+ OpenStackRegion =
```
where `` is the name of the region that that compute host belongs to.
@@ -69,7 +69,7 @@ except for these points:
:::note
-the value specified for `OpenstackRegion` and `openstack_region`
+the value specified for `OpenStackRegion` and `openstack_region`
must be a string of lower case alphanumeric characters or '-', starting and
ending with an alphanumeric character.
@@ -83,9 +83,9 @@ for the region will think that there are no working compute nodes.
:::
-### Configuring Openstack
+### Configuring OpenStack
-You should now create networks in your Openstack regions as normal. e.g.
+You should now create networks in your OpenStack regions as normal. e.g.
```bash
neutron net-create --shared calico
diff --git a/calico_versioned_docs/version-3.25/operations/datastore-migration.mdx b/calico_versioned_docs/version-3.25/operations/datastore-migration.mdx
index e6bdf644d6..ca16821038 100644
--- a/calico_versioned_docs/version-3.25/operations/datastore-migration.mdx
+++ b/calico_versioned_docs/version-3.25/operations/datastore-migration.mdx
@@ -50,7 +50,7 @@ documentation.
:::note
- After running the above command, you can not make changes to the configuration of your cluster until the
+ After running the above command, you cannot make changes to the configuration of your cluster until the
migration is complete. New pods will not be started until after the migration.
:::
diff --git a/calico_versioned_docs/version-3.25/operations/ebpf/enabling-ebpf.mdx b/calico_versioned_docs/version-3.25/operations/ebpf/enabling-ebpf.mdx
index 6069c17963..506ae73d6d 100644
--- a/calico_versioned_docs/version-3.25/operations/ebpf/enabling-ebpf.mdx
+++ b/calico_versioned_docs/version-3.25/operations/ebpf/enabling-ebpf.mdx
@@ -328,7 +328,7 @@ calicoctl patch felixconfiguration default --patch='{"spec": {"bpfEnabled": true
-When enabling eBPF mode, pre-existing connections continue to use the non-BPF datapath; such connections should
+When enabling eBPF mode, preexisting connections continue to use the non-BPF datapath; such connections should
not be disrupted, but they do not benefit from eBPF mode’s advantages.
### Try out DSR mode
diff --git a/calico_versioned_docs/version-3.25/operations/troubleshoot/vpp.mdx b/calico_versioned_docs/version-3.25/operations/troubleshoot/vpp.mdx
index 410f31d819..cd643816fe 100644
--- a/calico_versioned_docs/version-3.25/operations/troubleshoot/vpp.mdx
+++ b/calico_versioned_docs/version-3.25/operations/troubleshoot/vpp.mdx
@@ -8,7 +8,7 @@ description: Specific troubleshooting steps for the VPP dataplane.
This page describes the troubleshooting steps for the [VPP dataplane](../../getting-started/kubernetes/vpp/getting-started.mdx). If you did not configure the VPP dataplane, this page is not for you!
-If you're encountering issues with the VPP dataplane, feel free to reach out to us either on the [#vpp channel](https://calicousers.slack.com/archives/C017220EXU1) on the {{prodname}} slack, or by opening a new issue in [Github](https://github.com/projectcalico/vpp-dataplane/issues)).
+If you're encountering issues with the VPP dataplane, feel free to reach out to us either on the [#vpp channel](https://calicousers.slack.com/archives/C017220EXU1) on the {{prodname}} slack, or by opening a new issue in [GitHub](https://github.com/projectcalico/vpp-dataplane/issues)).
## Installing calivppctl
diff --git a/calico_versioned_docs/version-3.25/reference/architecture/design/l2-interconnect-fabric.mdx b/calico_versioned_docs/version-3.25/reference/architecture/design/l2-interconnect-fabric.mdx
index 55fdb2ba9a..422372357d 100644
--- a/calico_versioned_docs/version-3.25/reference/architecture/design/l2-interconnect-fabric.mdx
+++ b/calico_versioned_docs/version-3.25/reference/architecture/design/l2-interconnect-fabric.mdx
@@ -50,7 +50,7 @@ context.
In a classical Ethernet data center fabric, there is a _churn_ event each time an endpoint is created,
destroyed, or moved. In a large data center, with hundreds of thousands of endpoints, this _churn_ could run into tens of events per second, every second of the day, with peaks easily in the hundreds or thousands of events per second. In a {{prodname}} network, however, the _churn_ is very low. The only event that would lead to _churn_
- orders of magnitude more than what is normally experienced), there would only be two thousand events per **day**. Any switch that can not handle that volume of change in the network should not be used
+ orders of magnitude more than what is normally experienced), there would only be two thousand events per **day**. Any switch that cannot handle that volume of change in the network should not be used
for any application.
- High volume of broadcast traffic
@@ -87,7 +87,7 @@ In this diagram, each ToR is segmented into four logical switches (possibly by u
Each plane would constitute an IP network, so the blue plane would be 2001:db8:1000::/36, the green would be 2001:db8:2000::/36, and the orange and red planes would be 2001:db8:3000::/36 and 2001:db8:4000::/36 respectively ([note 3](#note-3)).
-Each IP network (plane) requires it's own BGP route reflectors. Those route reflectors need to be peered with each other within the plane, but the route reflectors in each plane do not need to be peered with one another. Therefore, a fabric of four planes would have four route reflector meshes. Each compute server, border router, _etc._ would need
+Each IP network (plane) requires its own BGP route reflectors. Those route reflectors need to be peered with each other within the plane, but the route reflectors in each plane do not need to be peered with one another. Therefore, a fabric of four planes would have four route reflector meshes. Each compute server, border router, _etc._ would need
to be a route reflector client of at least one route reflector in each plane, and very preferably two or more in each plane.
The following diagram visualizes the route reflector environment.
diff --git a/calico_versioned_docs/version-3.25/reference/calicoctl/delete.mdx b/calico_versioned_docs/version-3.25/reference/calicoctl/delete.mdx
index b6cab4d2e1..829a324591 100644
--- a/calico_versioned_docs/version-3.25/reference/calicoctl/delete.mdx
+++ b/calico_versioned_docs/version-3.25/reference/calicoctl/delete.mdx
@@ -77,7 +77,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to delete a resource that does not exists is treated as a
terminating error unless the --skip-not-exists flag is set. If this flag is
diff --git a/calico_versioned_docs/version-3.25/reference/calicoctl/get.mdx b/calico_versioned_docs/version-3.25/reference/calicoctl/get.mdx
index 3391bb520b..48147f79a7 100644
--- a/calico_versioned_docs/version-3.25/reference/calicoctl/get.mdx
+++ b/calico_versioned_docs/version-3.25/reference/calicoctl/get.mdx
@@ -81,7 +81,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to get resources that do not exist will simply return no results.
diff --git a/calico_versioned_docs/version-3.25/reference/calicoctl/label.mdx b/calico_versioned_docs/version-3.25/reference/calicoctl/label.mdx
index 2681f29a49..e6f5c8fd75 100644
--- a/calico_versioned_docs/version-3.25/reference/calicoctl/label.mdx
+++ b/calico_versioned_docs/version-3.25/reference/calicoctl/label.mdx
@@ -52,10 +52,10 @@ Options:
--overwrite If true, overwrite the value when the key is already
present in labels. Otherwise reports error when the
labeled resource already have the key in its labels.
- Can not be used with --remove.
+ Cannot be used with --remove.
--remove If true, remove the specified key in labels of the
resource. Reports error when specified key does not
- exist. Can not be used with --overwrite.
+ exist. Cannot be used with --overwrite.
--context= The name of the kubeconfig context to use.
Description:
@@ -75,7 +75,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to label resources that do not exist will get an error.
@@ -133,10 +133,10 @@ Description:
--overwrite If true, overwrite the value when the key is already
present in labels. Otherwise reports error when the
labeled resource already have the key in its labels.
- Can not be used with --remove.
+ Cannot be used with --remove.
--remove If true, remove the specified key in labels of the
resource. Reports error when specified key does not
- exist. Can not be used with --overwrite.
+ exist. Cannot be used with --overwrite.
```
### General options
diff --git a/calico_versioned_docs/version-3.25/reference/calicoctl/node/run.mdx b/calico_versioned_docs/version-3.25/reference/calicoctl/node/run.mdx
index 3d2f9a60a6..f094a2ba2e 100644
--- a/calico_versioned_docs/version-3.25/reference/calicoctl/node/run.mdx
+++ b/calico_versioned_docs/version-3.25/reference/calicoctl/node/run.mdx
@@ -100,7 +100,7 @@ Options:
system.
--no-default-ippools Do not create default pools upon startup.
Default IP pools will be created if this is not set
- and there are no pre-existing Calico IP pools.
+ and there are no preexisting Calico IP pools.
--disable-docker-networking
Disable Docker networking.
--docker-networking-ifprefix=
@@ -342,7 +342,7 @@ terminating `,` character does not need to be specified for those cases.
system.
--no-default-ippools Do not create default pools upon startup.
Default IP pools will be created if this is not set
- and there are no pre-existing Calico IP pools.
+ and there are no preexisting Calico IP pools.
--disable-docker-networking
Disable Docker networking.
--docker-networking-ifprefix=
diff --git a/calico_versioned_docs/version-3.25/reference/calicoctl/overview.mdx b/calico_versioned_docs/version-3.25/reference/calicoctl/overview.mdx
index a0dae779f0..67258a2255 100644
--- a/calico_versioned_docs/version-3.25/reference/calicoctl/overview.mdx
+++ b/calico_versioned_docs/version-3.25/reference/calicoctl/overview.mdx
@@ -37,7 +37,7 @@ Usage:
replace Replace a resource by file, directory or stdin.
apply Apply a resource by file, directory or stdin. This creates a resource
if it does not exist, and replaces a resource if it does exists.
- patch Patch a pre-existing resource in place.
+ patch Patch a preexisting resource in place.
delete Delete a resource identified by file, directory, stdin or resource type and
name.
get Get a resource identified by file, directory, stdin or resource type and
@@ -105,7 +105,7 @@ See [Configuring Felix](../felix/configuration.mdx) for more details.
## Supported resource definition aliases
The following table lists supported aliases for {{prodname}} resources when using `calicoctl`. Note that all aliases
-are **case insensitive**.
+are **case-insensitive**.
| Resource definition | Supported calicoctl aliases |
| :----------------------------------- | :---------------------------------------------------------------------------- |
diff --git a/calico_versioned_docs/version-3.25/reference/calicoctl/patch.mdx b/calico_versioned_docs/version-3.25/reference/calicoctl/patch.mdx
index 826845fce6..e7bf8dbf1c 100644
--- a/calico_versioned_docs/version-3.25/reference/calicoctl/patch.mdx
+++ b/calico_versioned_docs/version-3.25/reference/calicoctl/patch.mdx
@@ -59,7 +59,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to patch a resource that does not exists is treated as a
terminating error unless the --skip-not-exists flag is set. If this flag is
set, resources that do not exist are skipped.
diff --git a/calico_versioned_docs/version-3.25/reference/felix/configuration.mdx b/calico_versioned_docs/version-3.25/reference/felix/configuration.mdx
index 7c088e3705..269d4cda35 100644
--- a/calico_versioned_docs/version-3.25/reference/felix/configuration.mdx
+++ b/calico_versioned_docs/version-3.25/reference/felix/configuration.mdx
@@ -59,7 +59,7 @@ The full list of parameters which can be set is as follows.
| `HealthEnabled` | `FELIX_HEALTHENABLED` | When enabled, exposes felix health information via an http endpoint. | boolean |
| `HealthHost` | `FELIX_HEALTHHOST` | The address on which Felix will respond to health requests. [Default: `localhost`] | string |
| `HealthPort` | `FELIX_HEALTHPORT` | The port on which Felix will respond to health requests. [Default: `9099`] | int |
-| `HealthTimeoutOverrides` | `FELIX_HEALTHTIMEOUTOVERRIDES` | Allows the internal watchdog timeouts of individual subcomponents to be overriden; example: "InternalDataplaneMainLoop=30s,CalculationGraph=2m". This is useful for working around "false positive" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs. [Default: ``] | Comma-delimited list of key/value pairs where the values are durations: `1s`, `10s`, `5m`, etc. |
+| `HealthTimeoutOverrides` | `FELIX_HEALTHTIMEOUTOVERRIDES` | Allows the internal watchdog timeouts of individual subcomponents to be overridden; example: "InternalDataplaneMainLoop=30s,CalculationGraph=2m". This is useful for working around "false positive" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs. [Default: ``] | Comma-delimited list of key/value pairs where the values are durations: `1s`, `10s`, `5m`, etc. |
| `IpInIpEnabled` | `FELIX_IPINIPENABLED` | Optional, you shouldn't need to change this setting as Felix calculates if IPIP should be enabled based on the existing IP Pools. When set, this overrides whether Felix should configure an IPinIP interface on the host. When explicitly disabled in FelixConfiguration, Felix will not clean up addresses from the `tunl0` interface (use this if you need to add addresses to that interface and don't want to have them removed). [Default: unset] | optional boolean |
| `IpInIpMtu` | `FELIX_IPINIPMTU` | The MTU to set on the IPIP tunnel device. Zero value means auto-detect. See [Configuring MTU](../../networking/configuring/mtu.mdx) [Default: `0`] | int |
| `IPv4VXLANTunnelAddr` | | IP address of the IPv4 VXLAN tunnel. This is system configured and should not be updated manually. | string |
@@ -197,11 +197,11 @@ for 1022 endpoints on the host.
| Configuration parameter | Environment variable | Description | Schema |
| ----------------------- | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------- |
-| `MetadataAddr` | `FELIX_METADATAADDR` | The IP address or domain name of the server that can answer VM queries for cloud-init metadata. In OpenStack, this corresponds to the machine running nova-api (or in Ubuntu, nova-api-metadata). A value of `none` (case insensitive) means that Felix should not set up any NAT rule for the metadata path. [Default: `127.0.0.1`] | ``, ``, `none` |
+| `MetadataAddr` | `FELIX_METADATAADDR` | The IP address or domain name of the server that can answer VM queries for cloud-init metadata. In OpenStack, this corresponds to the machine running nova-api (or in Ubuntu, nova-api-metadata). A value of `none` (case-insensitive) means that Felix should not set up any NAT rule for the metadata path. [Default: `127.0.0.1`] | ``, ``, `none` |
| `MetadataPort` | `FELIX_METADATAPORT` | The port of the metadata server. This, combined with global.MetadataAddr (if not 'None'), is used to set up a NAT rule, from 169.254.169.254:80 to MetadataAddr:MetadataPort. In most cases this should not need to be changed [Default: `8775`]. | int |
-| `OpenstackRegion` | `FELIX_OPENSTACKREGION` | In a [multi-region deployment](../../networking/openstack/multiple-regions.mdx), the name of the region that this Felix is in. [Default: none]. | string\* |
+| `OpenStackRegion` | `FELIX_OPENSTACKREGION` | In a [multi-region deployment](../../networking/openstack/multiple-regions.mdx), the name of the region that this Felix is in. [Default: none]. | string\* |
-\* If non-empty, the value specified for `OpenstackRegion` must be a
+\* If non-empty, the value specified for `OpenStackRegion` must be a
string of lower case alphanumeric characters or '-', starting and
ending with an alphanumeric character.
diff --git a/calico_versioned_docs/version-3.25/reference/installation/_api.mdx b/calico_versioned_docs/version-3.25/reference/installation/_api.mdx
index c1f4d2fc75..ce155aa27e 100644
--- a/calico_versioned_docs/version-3.25/reference/installation/_api.mdx
+++ b/calico_versioned_docs/version-3.25/reference/installation/_api.mdx
@@ -230,7 +230,7 @@ WAFStatusType
WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster.
-When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
+When enabled, Services may opt-in to having ingress traffic examined by ModSecurity.
@@ -2150,7 +2150,7 @@ WAFStatusType
WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster.
-When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
+When enabled, Services may opt-in to having ingress traffic examined by ModSecurity.
@@ -5060,7 +5060,7 @@ int32
(Optional)
-BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from
+BlockSize specifies the CIDR prefix length to use when allocating per-node IP blocks from
the main IP pool CIDR.
Default: 26 (IPv4), 122 (IPv6)
@@ -5788,7 +5788,7 @@ int32
MTU is the most recently observed value for pod network MTU. This may be an explicitly
-configured value, or based on Calico’s native auto-detetion.
+configured value, or based on Calico’s native auto-detection.
diff --git a/calico_versioned_docs/version-3.25/reference/public-cloud/azure.mdx b/calico_versioned_docs/version-3.25/reference/public-cloud/azure.mdx
index 11e253f9a7..0135b8995c 100644
--- a/calico_versioned_docs/version-3.25/reference/public-cloud/azure.mdx
+++ b/calico_versioned_docs/version-3.25/reference/public-cloud/azure.mdx
@@ -27,7 +27,7 @@ You can use {{prodname}} policy with one of the following networking options.
To configure Azure user-defined routes (UDR):
- Create an [Azure route table][azureudrcreate] and
- associatе it with the VMs subnet.
+ associate it with the VMs subnet.
- Enable [IP forwarding enabled][azureipforward] in your
VM network interfaces.
diff --git a/calico_versioned_docs/version-3.25/reference/resources/kubecontrollersconfig.mdx b/calico_versioned_docs/version-3.25/reference/resources/kubecontrollersconfig.mdx
index 431d87b532..ed63db5d31 100644
--- a/calico_versioned_docs/version-3.25/reference/resources/kubecontrollersconfig.mdx
+++ b/calico_versioned_docs/version-3.25/reference/resources/kubecontrollersconfig.mdx
@@ -62,7 +62,7 @@ spec:
| node | Enable and configure the node controller | omit to disable, or [NodeController](#nodecontroller) |
| policy | Enable and configure the network policy controller | omit to disable, or [PolicyController](#policycontroller) |
| workloadEndpoint | Enable and configure the workload endpoint controller | omit to disable, or [WorkloadEndpointController](#workloadendpointcontroller) |
-| serviceAccount | Enable and configure the service account controller | omit to disable, or [ServiceAccountController](#serviceaccountcontroller) |
+| serviceAccount | Enable and configure the service account controller | omit to disable, or [ServiceAccountController](#serviceaccountcontroller) |
| namespace | Enable and configure the namespace controller | omit to disable, or [NamespaceController](#namespacecontroller) |
### NodeController
diff --git a/calico_versioned_docs/version-3.25/reference/resources/networkset.mdx b/calico_versioned_docs/version-3.25/reference/resources/networkset.mdx
index 208c6ae1df..ec7b8ded83 100644
--- a/calico_versioned_docs/version-3.25/reference/resources/networkset.mdx
+++ b/calico_versioned_docs/version-3.25/reference/resources/networkset.mdx
@@ -26,7 +26,7 @@ networks listed in a network set. For example, in Kubernetes, incoming traffic v
typically SNATed by the kube-proxy before reaching the destination host so {{prodname}}'s workload
policy will see the kube-proxy's host's IP as the source instead of the real source.
For `calicoctl` commands that specify a resource type on the CLI, the following
-aliases are supported (all case insensitive): `networkset`, `networksets`, `netsets`.
+aliases are supported (all case-insensitive): `networkset`, `networksets`, `netsets`.
:::
diff --git a/calico_versioned_docs/version-3.25/reference/typha/configuration.mdx b/calico_versioned_docs/version-3.25/reference/typha/configuration.mdx
index 9c086f0642..518df36c6f 100644
--- a/calico_versioned_docs/version-3.25/reference/typha/configuration.mdx
+++ b/calico_versioned_docs/version-3.25/reference/typha/configuration.mdx
@@ -10,7 +10,7 @@ import TabItem from '@theme/TabItem';
-Typha configuration can not be modified when Calico is installed via the operator.
+Typha configuration cannot be modified when Calico is installed via the operator.
diff --git a/calico_versioned_docs/version-3.25/training/index.mdx b/calico_versioned_docs/version-3.25/training/index.mdx
index 234375f7ee..899c659d64 100644
--- a/calico_versioned_docs/version-3.25/training/index.mdx
+++ b/calico_versioned_docs/version-3.25/training/index.mdx
@@ -12,5 +12,5 @@ description: Links to Calico resources for onboarding and training.
| Workshops and events | - [Workshops and events](https://www.tigera.io/events/) - [Tradeshows](https://www.tigera.io/lp/tradeshows/) |
| Videos, datasheets | [Videos, case studies, datasheets, etc.](https://www.tigera.io/resources/) |
| Blog | [Technical blog](https://www.tigera.io/blog/) |
-| Stay connected | - [Github](https://github.com/projectcalico/calico) - [Calico YouTube channel](https://www.youtube.com/channel/UCFpTnXDNcBoXI4gqCDmegFA) - [Security bulletin of vulnerabilities](https://www.tigera.io/security-bulletins/) - [Twitter](https://twitter.com/projectcalico) |
+| Stay connected | - [GitHub](https://github.com/projectcalico/calico) - [Calico YouTube channel](https://www.youtube.com/channel/UCFpTnXDNcBoXI4gqCDmegFA) - [Security bulletin of vulnerabilities](https://www.tigera.io/security-bulletins/) - [Twitter](https://twitter.com/projectcalico) |
| Report a bug | [Create a new issue](https://github.com/projectcalico/calico/issues) |
diff --git a/calico_versioned_docs/version-3.26/about/kubernetes-training/kubernetes-demo.mdx b/calico_versioned_docs/version-3.26/about/kubernetes-training/kubernetes-demo.mdx
index 72c68fbd7c..10251cda33 100644
--- a/calico_versioned_docs/version-3.26/about/kubernetes-training/kubernetes-demo.mdx
+++ b/calico_versioned_docs/version-3.26/about/kubernetes-training/kubernetes-demo.mdx
@@ -67,7 +67,7 @@ kubectl create -f {{tutorialFilesURL}}/allow-ui.yaml
kubectl create -f {{tutorialFilesURL}}/allow-ui-client.yaml
```
-After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other any more.
+After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other anymore.
### 4) Create the backend-policy.yaml file to allow traffic from the frontend to the backend
diff --git a/calico_versioned_docs/version-3.26/about/training-resources.mdx b/calico_versioned_docs/version-3.26/about/training-resources.mdx
index 05562607d8..53b591fe74 100644
--- a/calico_versioned_docs/version-3.26/about/training-resources.mdx
+++ b/calico_versioned_docs/version-3.26/about/training-resources.mdx
@@ -12,5 +12,5 @@ description: Links to Calico resources for onboarding and training.
| Workshops | [Workshops and events](https://www.tigera.io/events/) |
| Videos, datasheets | [Videos, case studies, datasheets, etc.](https://www.tigera.io/resources/) |
| Blog | [Technical blog](https://www.tigera.io/blog/?_sft_post_tag=project-calico) |
-| Stay connected | • [Github](https://github.com/projectcalico/calico) • [{{prodname}} slack channel](https://calicousers.slack.com/) • [{{prodname}} YouTube channel](https://www.youtube.com/channel/UCFpTnXDNcBoXI4gqCDmegFA) • [Security bulletin of vulnerabilities](https://www.tigera.io/security-bulletins/) • [Twitter](https://twitter.com/projectcalico) • [Mailing list](https://www.tigera.io/project-calico/) |
-| Report a bug | • [Report an issue](https://github.com/projectcalico/calico/blob/master/CONTRIBUTING.md) • [Report a docs bug](https://github.com/tigera/docs/issues) |
\ No newline at end of file
+| Stay connected | • [GitHub](https://github.com/projectcalico/calico) • [{{prodname}} slack channel](https://calicousers.slack.com/) • [{{prodname}} YouTube channel](https://www.youtube.com/channel/UCFpTnXDNcBoXI4gqCDmegFA) • [Security bulletin of vulnerabilities](https://www.tigera.io/security-bulletins/) • [Twitter](https://twitter.com/projectcalico) • [Mailing list](https://www.tigera.io/project-calico/) |
+| Report a bug | • [Report an issue](https://github.com/projectcalico/calico/blob/master/CONTRIBUTING.md) • [Report a docs bug](https://github.com/tigera/docs/issues) |
diff --git a/calico_versioned_docs/version-3.26/getting-started/kubernetes/requirements.mdx b/calico_versioned_docs/version-3.26/getting-started/kubernetes/requirements.mdx
index fadb568e50..ba8765ea83 100644
--- a/calico_versioned_docs/version-3.26/getting-started/kubernetes/requirements.mdx
+++ b/calico_versioned_docs/version-3.26/getting-started/kubernetes/requirements.mdx
@@ -31,14 +31,14 @@ This installation must use the Kubernetes default CNI configuration directory (`
#### Other network providers
-Generally, you can not use {{prodname}} together with another network provider.
+Generally, you cannot use {{prodname}} together with another network provider.
Notable exceptions include the following:
* [flannel](flannel/index.mdx)
* Platform-specific CNIs, such as the [AWS VPC CNI](https://github.com/aws/amazon-vpc-cni-k8s/blob/master/README.md) and [Azure VNET CNI](https://github.com/Azure/azure-container-networking/blob/master/docs/cni.md) plugins.
-If you're working with a cluster that already uses another CNI, you can not migrate to {{prodname}}.
+If you're working with a cluster that already uses another CNI, you cannot migrate to {{prodname}}.
#### Supported kube-proxy modes
diff --git a/calico_versioned_docs/version-3.26/getting-started/kubernetes/vpp/getting-started.mdx b/calico_versioned_docs/version-3.26/getting-started/kubernetes/vpp/getting-started.mdx
index 4ec30ec7bb..d88fb13815 100644
--- a/calico_versioned_docs/version-3.26/getting-started/kubernetes/vpp/getting-started.mdx
+++ b/calico_versioned_docs/version-3.26/getting-started/kubernetes/vpp/getting-started.mdx
@@ -13,7 +13,7 @@ Install {{prodname}} and enable the beta release of the VPP dataplane.
:::caution
-The VPP dataplane is in beta and should not be used in production clusters. It has had lots of testing and is pretty stable. However, chances are that some bugs are still lurking around (please report these on the [Calico Users slack](https://calicousers.slack.com/archives/C017220EXU1) or [Github](https://github.com/projectcalico/vpp-dataplane/issues)). In addition, it still does not support all the features of {{prodname}}.
+The VPP dataplane is in beta and should not be used in production clusters. It has had lots of testing and is pretty stable. However, chances are that some bugs are still lurking around (please report these on the [Calico Users slack](https://calicousers.slack.com/archives/C017220EXU1) or [GitHub](https://github.com/projectcalico/vpp-dataplane/issues)). In addition, it still does not support all the features of {{prodname}}.
:::
diff --git a/calico_versioned_docs/version-3.26/getting-started/openstack/installation/redhat.mdx b/calico_versioned_docs/version-3.26/getting-started/openstack/installation/redhat.mdx
index f82db6cc1f..1c78cb4d03 100644
--- a/calico_versioned_docs/version-3.26/getting-started/openstack/installation/redhat.mdx
+++ b/calico_versioned_docs/version-3.26/getting-started/openstack/installation/redhat.mdx
@@ -4,7 +4,7 @@ description: Install Calico on OpenStack, Red Hat Enterprise Linux nodes.
# Red Hat Enterprise Linux
-import OpenstackEtcdAuth from '@site/calico_versioned_docs/version-3.26/_includes/content/_openstack-etcd-auth.mdx';
+import OpenStackEtcdAuth from '@site/calico_versioned_docs/version-3.26/_includes/content/_openstack-etcd-auth.mdx';
These instructions will take you through a first-time install of
{{prodname}}. If you are upgrading an existing system, please see
@@ -283,4 +283,4 @@ On each compute node, perform the following steps:
service calico-felix restart
```
-
+
diff --git a/calico_versioned_docs/version-3.26/getting-started/openstack/installation/ubuntu.mdx b/calico_versioned_docs/version-3.26/getting-started/openstack/installation/ubuntu.mdx
index 293923df4d..3a930da5cd 100644
--- a/calico_versioned_docs/version-3.26/getting-started/openstack/installation/ubuntu.mdx
+++ b/calico_versioned_docs/version-3.26/getting-started/openstack/installation/ubuntu.mdx
@@ -4,7 +4,7 @@ description: Install Calico on OpenStack, Ubuntu nodes.
# Ubuntu
-import OpenstackEtcdAuth from '@site/calico_versioned_docs/version-3.26/_includes/content/_openstack-etcd-auth.mdx';
+import OpenStackEtcdAuth from '@site/calico_versioned_docs/version-3.26/_includes/content/_openstack-etcd-auth.mdx';
These instructions will take you through a first-time install of
{{prodname}}. If you are upgrading an existing system, please see
@@ -266,4 +266,4 @@ On each compute node, perform the following steps:
service calico-felix restart
```
-
+
diff --git a/calico_versioned_docs/version-3.26/network-policy/get-started/kubernetes-policy/kubernetes-demo.mdx b/calico_versioned_docs/version-3.26/network-policy/get-started/kubernetes-policy/kubernetes-demo.mdx
index 6d7be5d5a9..f3d32f518c 100644
--- a/calico_versioned_docs/version-3.26/network-policy/get-started/kubernetes-policy/kubernetes-demo.mdx
+++ b/calico_versioned_docs/version-3.26/network-policy/get-started/kubernetes-policy/kubernetes-demo.mdx
@@ -67,7 +67,7 @@ kubectl create -f {{tutorialFilesURL}}/allow-ui.yaml
kubectl create -f {{tutorialFilesURL}}/allow-ui-client.yaml
```
-After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other any more.
+After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other anymore.
### 4) Create the backend-policy.yaml file to allow traffic from the frontend to the backend
diff --git a/calico_versioned_docs/version-3.26/network-policy/hosts/host-forwarded-traffic.mdx b/calico_versioned_docs/version-3.26/network-policy/hosts/host-forwarded-traffic.mdx
index 75e9b7399f..c3ae605d3e 100644
--- a/calico_versioned_docs/version-3.26/network-policy/hosts/host-forwarded-traffic.mdx
+++ b/calico_versioned_docs/version-3.26/network-policy/hosts/host-forwarded-traffic.mdx
@@ -110,7 +110,7 @@ spec:
- 22
```
-Save this as allow-ssh-maintenace.yaml.
+Save this as allow-ssh-maintenance.yaml.
Apply the policy to the cluster:
diff --git a/calico_versioned_docs/version-3.26/network-policy/hosts/protect-hosts.mdx b/calico_versioned_docs/version-3.26/network-policy/hosts/protect-hosts.mdx
index efd0ab3b6b..b4673b68fe 100644
--- a/calico_versioned_docs/version-3.26/network-policy/hosts/protect-hosts.mdx
+++ b/calico_versioned_docs/version-3.26/network-policy/hosts/protect-hosts.mdx
@@ -24,7 +24,7 @@ Each host has one or more network interfaces that it uses to communicate externa
### Failsafe rules
-It is easy to inadvertently cut all host connectivity because of non-existent or misconfigured network policy. To avoid this, {{prodname}} provides failsafe rules with default/configurable ports that are open on all host endpoints.
+It is easy to inadvertently cut all host connectivity because of nonexistent or misconfigured network policy. To avoid this, {{prodname}} provides failsafe rules with default/configurable ports that are open on all host endpoints.
### Default behavior of workload to host traffic
@@ -58,7 +58,7 @@ If you are already running {{prodname}} for Kubernetes, you are good to go. If y
### Avoid accidentally cutting all host connectivity
-To avoid inadvertently cutting all host connectivity because of non-existent or misconfigured network policy, {{prodname}} uses failsafe rules that open specific ports and CIDRs on all host endpoints.
+To avoid inadvertently cutting all host connectivity because of nonexistent or misconfigured network policy, {{prodname}} uses failsafe rules that open specific ports and CIDRs on all host endpoints.
Review the following table to determine if the defaults work for your implementation. If not, change the default ports using the parameters, **FailsafeInboundHostPorts** and **FailsafeOutboundHostPorts** in [Configuring Felix](../../reference/felix/configuration.mdx#environment-variables).
diff --git a/calico_versioned_docs/version-3.26/networking/openstack/configuration.mdx b/calico_versioned_docs/version-3.26/networking/openstack/configuration.mdx
index 6fb5906a17..2ede08d76f 100644
--- a/calico_versioned_docs/version-3.26/networking/openstack/configuration.mdx
+++ b/calico_versioned_docs/version-3.26/networking/openstack/configuration.mdx
@@ -72,7 +72,7 @@ node belongs to.
When specified, the value of `openstack_region` must be a string of lower case alphanumeric
characters or '-', starting and ending with an alphanumeric character, and must match the value of
-[`OpenstackRegion`](../../reference/felix/configuration.mdx#openstack-specific-configuration)
+[`OpenStackRegion`](../../reference/felix/configuration.mdx#openstack-specific-configuration)
configured for the Felixes in the same region.
## ML2 (.../ml2_conf.ini)
diff --git a/calico_versioned_docs/version-3.26/networking/openstack/multiple-regions.mdx b/calico_versioned_docs/version-3.26/networking/openstack/multiple-regions.mdx
index c8347cd5f9..17d15fa927 100644
--- a/calico_versioned_docs/version-3.26/networking/openstack/multiple-regions.mdx
+++ b/calico_versioned_docs/version-3.26/networking/openstack/multiple-regions.mdx
@@ -53,7 +53,7 @@ except for these points:
```conf
[global]
- OpenstackRegion =
+ OpenStackRegion =
```
where `` is the name of the region that that compute host belongs to.
@@ -69,7 +69,7 @@ except for these points:
:::note
-the value specified for `OpenstackRegion` and `openstack_region`
+the value specified for `OpenStackRegion` and `openstack_region`
must be a string of lower case alphanumeric characters or '-', starting and
ending with an alphanumeric character.
@@ -83,9 +83,9 @@ for the region will think that there are no working compute nodes.
:::
-### Configuring Openstack
+### Configuring OpenStack
-You should now create networks in your Openstack regions as normal. e.g.
+You should now create networks in your OpenStack regions as normal. e.g.
```bash
neutron net-create --shared calico
diff --git a/calico_versioned_docs/version-3.26/operations/datastore-migration.mdx b/calico_versioned_docs/version-3.26/operations/datastore-migration.mdx
index 4b8cd321c9..d540f14fab 100644
--- a/calico_versioned_docs/version-3.26/operations/datastore-migration.mdx
+++ b/calico_versioned_docs/version-3.26/operations/datastore-migration.mdx
@@ -50,7 +50,7 @@ documentation.
:::note
- After running the above command, you can not make changes to the configuration of your cluster until the
+ After running the above command, you cannot make changes to the configuration of your cluster until the
migration is complete. New pods will not be started until after the migration.
:::
diff --git a/calico_versioned_docs/version-3.26/operations/ebpf/enabling-ebpf.mdx b/calico_versioned_docs/version-3.26/operations/ebpf/enabling-ebpf.mdx
index 353e18a841..cec583e668 100644
--- a/calico_versioned_docs/version-3.26/operations/ebpf/enabling-ebpf.mdx
+++ b/calico_versioned_docs/version-3.26/operations/ebpf/enabling-ebpf.mdx
@@ -328,7 +328,7 @@ calicoctl patch felixconfiguration default --patch='{"spec": {"bpfEnabled": true
-When enabling eBPF mode, pre-existing connections continue to use the non-BPF datapath; such connections should
+When enabling eBPF mode, preexisting connections continue to use the non-BPF datapath; such connections should
not be disrupted, but they do not benefit from eBPF mode’s advantages.
### Try out DSR mode
diff --git a/calico_versioned_docs/version-3.26/operations/troubleshoot/vpp.mdx b/calico_versioned_docs/version-3.26/operations/troubleshoot/vpp.mdx
index 410f31d819..cd643816fe 100644
--- a/calico_versioned_docs/version-3.26/operations/troubleshoot/vpp.mdx
+++ b/calico_versioned_docs/version-3.26/operations/troubleshoot/vpp.mdx
@@ -8,7 +8,7 @@ description: Specific troubleshooting steps for the VPP dataplane.
This page describes the troubleshooting steps for the [VPP dataplane](../../getting-started/kubernetes/vpp/getting-started.mdx). If you did not configure the VPP dataplane, this page is not for you!
-If you're encountering issues with the VPP dataplane, feel free to reach out to us either on the [#vpp channel](https://calicousers.slack.com/archives/C017220EXU1) on the {{prodname}} slack, or by opening a new issue in [Github](https://github.com/projectcalico/vpp-dataplane/issues)).
+If you're encountering issues with the VPP dataplane, feel free to reach out to us either on the [#vpp channel](https://calicousers.slack.com/archives/C017220EXU1) on the {{prodname}} slack, or by opening a new issue in [GitHub](https://github.com/projectcalico/vpp-dataplane/issues)).
## Installing calivppctl
diff --git a/calico_versioned_docs/version-3.26/reference/architecture/design/l2-interconnect-fabric.mdx b/calico_versioned_docs/version-3.26/reference/architecture/design/l2-interconnect-fabric.mdx
index 55fdb2ba9a..422372357d 100644
--- a/calico_versioned_docs/version-3.26/reference/architecture/design/l2-interconnect-fabric.mdx
+++ b/calico_versioned_docs/version-3.26/reference/architecture/design/l2-interconnect-fabric.mdx
@@ -50,7 +50,7 @@ context.
In a classical Ethernet data center fabric, there is a _churn_ event each time an endpoint is created,
destroyed, or moved. In a large data center, with hundreds of thousands of endpoints, this _churn_ could run into tens of events per second, every second of the day, with peaks easily in the hundreds or thousands of events per second. In a {{prodname}} network, however, the _churn_ is very low. The only event that would lead to _churn_
- orders of magnitude more than what is normally experienced), there would only be two thousand events per **day**. Any switch that can not handle that volume of change in the network should not be used
+ orders of magnitude more than what is normally experienced), there would only be two thousand events per **day**. Any switch that cannot handle that volume of change in the network should not be used
for any application.
- High volume of broadcast traffic
@@ -87,7 +87,7 @@ In this diagram, each ToR is segmented into four logical switches (possibly by u
Each plane would constitute an IP network, so the blue plane would be 2001:db8:1000::/36, the green would be 2001:db8:2000::/36, and the orange and red planes would be 2001:db8:3000::/36 and 2001:db8:4000::/36 respectively ([note 3](#note-3)).
-Each IP network (plane) requires it's own BGP route reflectors. Those route reflectors need to be peered with each other within the plane, but the route reflectors in each plane do not need to be peered with one another. Therefore, a fabric of four planes would have four route reflector meshes. Each compute server, border router, _etc._ would need
+Each IP network (plane) requires its own BGP route reflectors. Those route reflectors need to be peered with each other within the plane, but the route reflectors in each plane do not need to be peered with one another. Therefore, a fabric of four planes would have four route reflector meshes. Each compute server, border router, _etc._ would need
to be a route reflector client of at least one route reflector in each plane, and very preferably two or more in each plane.
The following diagram visualizes the route reflector environment.
diff --git a/calico_versioned_docs/version-3.26/reference/calicoctl/delete.mdx b/calico_versioned_docs/version-3.26/reference/calicoctl/delete.mdx
index b6cab4d2e1..829a324591 100644
--- a/calico_versioned_docs/version-3.26/reference/calicoctl/delete.mdx
+++ b/calico_versioned_docs/version-3.26/reference/calicoctl/delete.mdx
@@ -77,7 +77,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to delete a resource that does not exists is treated as a
terminating error unless the --skip-not-exists flag is set. If this flag is
diff --git a/calico_versioned_docs/version-3.26/reference/calicoctl/get.mdx b/calico_versioned_docs/version-3.26/reference/calicoctl/get.mdx
index 3391bb520b..48147f79a7 100644
--- a/calico_versioned_docs/version-3.26/reference/calicoctl/get.mdx
+++ b/calico_versioned_docs/version-3.26/reference/calicoctl/get.mdx
@@ -81,7 +81,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to get resources that do not exist will simply return no results.
diff --git a/calico_versioned_docs/version-3.26/reference/calicoctl/label.mdx b/calico_versioned_docs/version-3.26/reference/calicoctl/label.mdx
index 2681f29a49..e6f5c8fd75 100644
--- a/calico_versioned_docs/version-3.26/reference/calicoctl/label.mdx
+++ b/calico_versioned_docs/version-3.26/reference/calicoctl/label.mdx
@@ -52,10 +52,10 @@ Options:
--overwrite If true, overwrite the value when the key is already
present in labels. Otherwise reports error when the
labeled resource already have the key in its labels.
- Can not be used with --remove.
+ Cannot be used with --remove.
--remove If true, remove the specified key in labels of the
resource. Reports error when specified key does not
- exist. Can not be used with --overwrite.
+ exist. Cannot be used with --overwrite.
--context= The name of the kubeconfig context to use.
Description:
@@ -75,7 +75,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to label resources that do not exist will get an error.
@@ -133,10 +133,10 @@ Description:
--overwrite If true, overwrite the value when the key is already
present in labels. Otherwise reports error when the
labeled resource already have the key in its labels.
- Can not be used with --remove.
+ Cannot be used with --remove.
--remove If true, remove the specified key in labels of the
resource. Reports error when specified key does not
- exist. Can not be used with --overwrite.
+ exist. Cannot be used with --overwrite.
```
### General options
diff --git a/calico_versioned_docs/version-3.26/reference/calicoctl/node/run.mdx b/calico_versioned_docs/version-3.26/reference/calicoctl/node/run.mdx
index 3d2f9a60a6..f094a2ba2e 100644
--- a/calico_versioned_docs/version-3.26/reference/calicoctl/node/run.mdx
+++ b/calico_versioned_docs/version-3.26/reference/calicoctl/node/run.mdx
@@ -100,7 +100,7 @@ Options:
system.
--no-default-ippools Do not create default pools upon startup.
Default IP pools will be created if this is not set
- and there are no pre-existing Calico IP pools.
+ and there are no preexisting Calico IP pools.
--disable-docker-networking
Disable Docker networking.
--docker-networking-ifprefix=
@@ -342,7 +342,7 @@ terminating `,` character does not need to be specified for those cases.
system.
--no-default-ippools Do not create default pools upon startup.
Default IP pools will be created if this is not set
- and there are no pre-existing Calico IP pools.
+ and there are no preexisting Calico IP pools.
--disable-docker-networking
Disable Docker networking.
--docker-networking-ifprefix=
diff --git a/calico_versioned_docs/version-3.26/reference/calicoctl/overview.mdx b/calico_versioned_docs/version-3.26/reference/calicoctl/overview.mdx
index a0dae779f0..67258a2255 100644
--- a/calico_versioned_docs/version-3.26/reference/calicoctl/overview.mdx
+++ b/calico_versioned_docs/version-3.26/reference/calicoctl/overview.mdx
@@ -37,7 +37,7 @@ Usage:
replace Replace a resource by file, directory or stdin.
apply Apply a resource by file, directory or stdin. This creates a resource
if it does not exist, and replaces a resource if it does exists.
- patch Patch a pre-existing resource in place.
+ patch Patch a preexisting resource in place.
delete Delete a resource identified by file, directory, stdin or resource type and
name.
get Get a resource identified by file, directory, stdin or resource type and
@@ -105,7 +105,7 @@ See [Configuring Felix](../felix/configuration.mdx) for more details.
## Supported resource definition aliases
The following table lists supported aliases for {{prodname}} resources when using `calicoctl`. Note that all aliases
-are **case insensitive**.
+are **case-insensitive**.
| Resource definition | Supported calicoctl aliases |
| :----------------------------------- | :---------------------------------------------------------------------------- |
diff --git a/calico_versioned_docs/version-3.26/reference/calicoctl/patch.mdx b/calico_versioned_docs/version-3.26/reference/calicoctl/patch.mdx
index 826845fce6..e7bf8dbf1c 100644
--- a/calico_versioned_docs/version-3.26/reference/calicoctl/patch.mdx
+++ b/calico_versioned_docs/version-3.26/reference/calicoctl/patch.mdx
@@ -59,7 +59,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to patch a resource that does not exists is treated as a
terminating error unless the --skip-not-exists flag is set. If this flag is
set, resources that do not exist are skipped.
diff --git a/calico_versioned_docs/version-3.26/reference/felix/configuration.mdx b/calico_versioned_docs/version-3.26/reference/felix/configuration.mdx
index f322df008e..915bf77ef2 100644
--- a/calico_versioned_docs/version-3.26/reference/felix/configuration.mdx
+++ b/calico_versioned_docs/version-3.26/reference/felix/configuration.mdx
@@ -59,7 +59,7 @@ The full list of parameters which can be set is as follows.
| `HealthEnabled` | `FELIX_HEALTHENABLED` | When enabled, exposes felix health information via an http endpoint. | boolean |
| `HealthHost` | `FELIX_HEALTHHOST` | The address on which Felix will respond to health requests. [Default: `localhost`] | string |
| `HealthPort` | `FELIX_HEALTHPORT` | The port on which Felix will respond to health requests. [Default: `9099`] | int |
-| `HealthTimeoutOverrides` | `FELIX_HEALTHTIMEOUTOVERRIDES` | Allows the internal watchdog timeouts of individual subcomponents to be overriden; example: "InternalDataplaneMainLoop=30s,CalculationGraph=2m". This is useful for working around "false positive" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs. [Default: ``] | Comma-delimited list of key/value pairs where the values are durations: `1s`, `10s`, `5m`, etc. |
+| `HealthTimeoutOverrides` | `FELIX_HEALTHTIMEOUTOVERRIDES` | Allows the internal watchdog timeouts of individual subcomponents to be overridden; example: "InternalDataplaneMainLoop=30s,CalculationGraph=2m". This is useful for working around "false positive" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs. [Default: ``] | Comma-delimited list of key/value pairs where the values are durations: `1s`, `10s`, `5m`, etc. |
| `IpInIpEnabled` | `FELIX_IPINIPENABLED` | Optional, you shouldn't need to change this setting as Felix calculates if IPIP should be enabled based on the existing IP Pools. When set, this overrides whether Felix should configure an IPinIP interface on the host. When explicitly disabled in FelixConfiguration, Felix will not clean up addresses from the `tunl0` interface (use this if you need to add addresses to that interface and don't want to have them removed). [Default: unset] | optional boolean |
| `IpInIpMtu` | `FELIX_IPINIPMTU` | The MTU to set on the IPIP tunnel device. Zero value means auto-detect. See [Configuring MTU](../../networking/configuring/mtu.mdx) [Default: `0`] | int |
| `IPv4VXLANTunnelAddr` | | IP address of the IPv4 VXLAN tunnel. This is system configured and should not be updated manually. | string |
@@ -103,7 +103,7 @@ The full list of parameters which can be set is as follows.
#### Feature Gates
-* `BPFConnectTimeLoadBalancingWorkaround` - Use when connect-time loadblalancer (CTLB) is turned off or if you want to turn it off for UDP only. When CTLB is turned off, host networked processes cannot always reach services. This workaround makes sure that they can. When CTLB is turned on, UDP clients may get stuck sending traffic to endpoint that does not exist anymore. So CTLB needs to be turned off sometimes.
+* `BPFConnectTimeLoadBalancingWorkaround` - Use when connect-time loadbalancer (CTLB) is turned off or if you want to turn it off for UDP only. When CTLB is turned off, host networked processes cannot always reach services. This workaround makes sure that they can. When CTLB is turned on, UDP clients may get stuck sending traffic to endpoint that does not exist anymore. So CTLB needs to be turned off sometimes.
* `enabled` - when CTLB is turned off make sure that services are always accessible.
* `udp` - turns off CTLB for UDP only and makes sure that services are always accessible. Preferred setting to make sure that DNS works.
@@ -205,11 +205,11 @@ for 1022 endpoints on the host.
| Configuration parameter | Environment variable | Description | Schema |
| ----------------------- | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------- |
-| `MetadataAddr` | `FELIX_METADATAADDR` | The IP address or domain name of the server that can answer VM queries for cloud-init metadata. In OpenStack, this corresponds to the machine running nova-api (or in Ubuntu, nova-api-metadata). A value of `none` (case insensitive) means that Felix should not set up any NAT rule for the metadata path. [Default: `127.0.0.1`] | ``, ``, `none` |
+| `MetadataAddr` | `FELIX_METADATAADDR` | The IP address or domain name of the server that can answer VM queries for cloud-init metadata. In OpenStack, this corresponds to the machine running nova-api (or in Ubuntu, nova-api-metadata). A value of `none` (case-insensitive) means that Felix should not set up any NAT rule for the metadata path. [Default: `127.0.0.1`] | ``, ``, `none` |
| `MetadataPort` | `FELIX_METADATAPORT` | The port of the metadata server. This, combined with global.MetadataAddr (if not 'None'), is used to set up a NAT rule, from 169.254.169.254:80 to MetadataAddr:MetadataPort. In most cases this should not need to be changed [Default: `8775`]. | int |
-| `OpenstackRegion` | `FELIX_OPENSTACKREGION` | In a [multi-region deployment](../../networking/openstack/multiple-regions.mdx), the name of the region that this Felix is in. [Default: none]. | string\* |
+| `OpenStackRegion` | `FELIX_OPENSTACKREGION` | In a [multi-region deployment](../../networking/openstack/multiple-regions.mdx), the name of the region that this Felix is in. [Default: none]. | string\* |
-\* If non-empty, the value specified for `OpenstackRegion` must be a
+\* If non-empty, the value specified for `OpenStackRegion` must be a
string of lower case alphanumeric characters or '-', starting and
ending with an alphanumeric character.
diff --git a/calico_versioned_docs/version-3.26/reference/installation/_api.mdx b/calico_versioned_docs/version-3.26/reference/installation/_api.mdx
index 5754835c6e..5850f58e39 100644
--- a/calico_versioned_docs/version-3.26/reference/installation/_api.mdx
+++ b/calico_versioned_docs/version-3.26/reference/installation/_api.mdx
@@ -232,7 +232,7 @@ WAFStatusType
WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster.
-When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
+When enabled, Services may opt-in to having ingress traffic examined by ModSecurity.
@@ -2304,7 +2304,7 @@ WAFStatusType
WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster.
-When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
+When enabled, Services may opt-in to having ingress traffic examined by ModSecurity.
@@ -5740,7 +5740,7 @@ int32
(Optional)
-BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from
+BlockSize specifies the CIDR prefix length to use when allocating per-node IP blocks from
the main IP pool CIDR.
Default: 26 (IPv4), 122 (IPv6)
@@ -6507,7 +6507,7 @@ int32
MTU is the most recently observed value for pod network MTU. This may be an explicitly
-configured value, or based on Calico’s native auto-detetion.
+configured value, or based on Calico’s native auto-detection.
diff --git a/calico_versioned_docs/version-3.26/reference/public-cloud/azure.mdx b/calico_versioned_docs/version-3.26/reference/public-cloud/azure.mdx
index 11e253f9a7..0135b8995c 100644
--- a/calico_versioned_docs/version-3.26/reference/public-cloud/azure.mdx
+++ b/calico_versioned_docs/version-3.26/reference/public-cloud/azure.mdx
@@ -27,7 +27,7 @@ You can use {{prodname}} policy with one of the following networking options.
To configure Azure user-defined routes (UDR):
- Create an [Azure route table][azureudrcreate] and
- associatе it with the VMs subnet.
+ associate it with the VMs subnet.
- Enable [IP forwarding enabled][azureipforward] in your
VM network interfaces.
diff --git a/calico_versioned_docs/version-3.26/reference/resources/kubecontrollersconfig.mdx b/calico_versioned_docs/version-3.26/reference/resources/kubecontrollersconfig.mdx
index 431d87b532..ed63db5d31 100644
--- a/calico_versioned_docs/version-3.26/reference/resources/kubecontrollersconfig.mdx
+++ b/calico_versioned_docs/version-3.26/reference/resources/kubecontrollersconfig.mdx
@@ -62,7 +62,7 @@ spec:
| node | Enable and configure the node controller | omit to disable, or [NodeController](#nodecontroller) |
| policy | Enable and configure the network policy controller | omit to disable, or [PolicyController](#policycontroller) |
| workloadEndpoint | Enable and configure the workload endpoint controller | omit to disable, or [WorkloadEndpointController](#workloadendpointcontroller) |
-| serviceAccount | Enable and configure the service account controller | omit to disable, or [ServiceAccountController](#serviceaccountcontroller) |
+| serviceAccount | Enable and configure the service account controller | omit to disable, or [ServiceAccountController](#serviceaccountcontroller) |
| namespace | Enable and configure the namespace controller | omit to disable, or [NamespaceController](#namespacecontroller) |
### NodeController
diff --git a/calico_versioned_docs/version-3.26/reference/resources/networkset.mdx b/calico_versioned_docs/version-3.26/reference/resources/networkset.mdx
index 208c6ae1df..ec7b8ded83 100644
--- a/calico_versioned_docs/version-3.26/reference/resources/networkset.mdx
+++ b/calico_versioned_docs/version-3.26/reference/resources/networkset.mdx
@@ -26,7 +26,7 @@ networks listed in a network set. For example, in Kubernetes, incoming traffic v
typically SNATed by the kube-proxy before reaching the destination host so {{prodname}}'s workload
policy will see the kube-proxy's host's IP as the source instead of the real source.
For `calicoctl` commands that specify a resource type on the CLI, the following
-aliases are supported (all case insensitive): `networkset`, `networksets`, `netsets`.
+aliases are supported (all case-insensitive): `networkset`, `networksets`, `netsets`.
:::
diff --git a/calico_versioned_docs/version-3.26/reference/typha/configuration.mdx b/calico_versioned_docs/version-3.26/reference/typha/configuration.mdx
index 9c086f0642..518df36c6f 100644
--- a/calico_versioned_docs/version-3.26/reference/typha/configuration.mdx
+++ b/calico_versioned_docs/version-3.26/reference/typha/configuration.mdx
@@ -10,7 +10,7 @@ import TabItem from '@theme/TabItem';
-Typha configuration can not be modified when Calico is installed via the operator.
+Typha configuration cannot be modified when Calico is installed via the operator.
diff --git a/calico_versioned_docs/version-3.26/training/index.mdx b/calico_versioned_docs/version-3.26/training/index.mdx
index 234375f7ee..899c659d64 100644
--- a/calico_versioned_docs/version-3.26/training/index.mdx
+++ b/calico_versioned_docs/version-3.26/training/index.mdx
@@ -12,5 +12,5 @@ description: Links to Calico resources for onboarding and training.
| Workshops and events | - [Workshops and events](https://www.tigera.io/events/) - [Tradeshows](https://www.tigera.io/lp/tradeshows/) |
| Videos, datasheets | [Videos, case studies, datasheets, etc.](https://www.tigera.io/resources/) |
| Blog | [Technical blog](https://www.tigera.io/blog/) |
-| Stay connected | - [Github](https://github.com/projectcalico/calico) - [Calico YouTube channel](https://www.youtube.com/channel/UCFpTnXDNcBoXI4gqCDmegFA) - [Security bulletin of vulnerabilities](https://www.tigera.io/security-bulletins/) - [Twitter](https://twitter.com/projectcalico) |
+| Stay connected | - [GitHub](https://github.com/projectcalico/calico) - [Calico YouTube channel](https://www.youtube.com/channel/UCFpTnXDNcBoXI4gqCDmegFA) - [Security bulletin of vulnerabilities](https://www.tigera.io/security-bulletins/) - [Twitter](https://twitter.com/projectcalico) |
| Report a bug | [Create a new issue](https://github.com/projectcalico/calico/issues) |
diff --git a/calico_versioned_docs/version-3.27/about/kubernetes-training/kubernetes-demo.mdx b/calico_versioned_docs/version-3.27/about/kubernetes-training/kubernetes-demo.mdx
index 72c68fbd7c..10251cda33 100644
--- a/calico_versioned_docs/version-3.27/about/kubernetes-training/kubernetes-demo.mdx
+++ b/calico_versioned_docs/version-3.27/about/kubernetes-training/kubernetes-demo.mdx
@@ -67,7 +67,7 @@ kubectl create -f {{tutorialFilesURL}}/allow-ui.yaml
kubectl create -f {{tutorialFilesURL}}/allow-ui-client.yaml
```
-After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other any more.
+After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other anymore.
### 4) Create the backend-policy.yaml file to allow traffic from the frontend to the backend
diff --git a/calico_versioned_docs/version-3.27/about/training-resources.mdx b/calico_versioned_docs/version-3.27/about/training-resources.mdx
index 031eddfe53..1d98b09d42 100644
--- a/calico_versioned_docs/version-3.27/about/training-resources.mdx
+++ b/calico_versioned_docs/version-3.27/about/training-resources.mdx
@@ -12,5 +12,5 @@ description: Links to Calico resources for onboarding and training.
| Workshops | [Workshops and events](https://www.tigera.io/events/) |
| Videos, datasheets | [Videos, case studies, datasheets, etc.](https://www.tigera.io/resources/) |
| Blog | [Technical blog](https://www.tigera.io/blog/?_sft_post_tag=project-calico) |
-| Stay connected | • [Github](https://github.com/projectcalico/calico) • [{{prodname}} slack channel](https://calicousers.slack.com/) • [{{prodname}} YouTube channel](https://www.youtube.com/channel/UCFpTnXDNcBoXI4gqCDmegFA) • [Security bulletin of vulnerabilities](https://www.tigera.io/security-bulletins/) • [Twitter](https://twitter.com/projectcalico) • [Mailing list](https://www.tigera.io/project-calico/) |
+| Stay connected | • [GitHub](https://github.com/projectcalico/calico) • [{{prodname}} slack channel](https://calicousers.slack.com/) • [{{prodname}} YouTube channel](https://www.youtube.com/channel/UCFpTnXDNcBoXI4gqCDmegFA) • [Security bulletin of vulnerabilities](https://www.tigera.io/security-bulletins/) • [Twitter](https://twitter.com/projectcalico) • [Mailing list](https://www.tigera.io/project-calico/) |
| Report a bug | • [Report an issue](https://github.com/projectcalico/calico/blob/master/CONTRIBUTING.md) • [Report a docs bug](https://github.com/tigera/docs/issues) |
\ No newline at end of file
diff --git a/calico_versioned_docs/version-3.27/getting-started/kubernetes/kind.mdx b/calico_versioned_docs/version-3.27/getting-started/kubernetes/kind.mdx
index 93e4dec6ac..76526d95d0 100644
--- a/calico_versioned_docs/version-3.27/getting-started/kubernetes/kind.mdx
+++ b/calico_versioned_docs/version-3.27/getting-started/kubernetes/kind.mdx
@@ -58,7 +58,7 @@ EOF
kind create cluster --config values.yaml --name dev
```
-3. Confirm that you now have three nodes in your cluster by runnibng the following command:
+3. Confirm that you now have three nodes in your cluster by running the following command:
```bash
kubectl get nodes -o wide
diff --git a/calico_versioned_docs/version-3.27/getting-started/kubernetes/requirements.mdx b/calico_versioned_docs/version-3.27/getting-started/kubernetes/requirements.mdx
index df169c5a4c..fb54786cdd 100644
--- a/calico_versioned_docs/version-3.27/getting-started/kubernetes/requirements.mdx
+++ b/calico_versioned_docs/version-3.27/getting-started/kubernetes/requirements.mdx
@@ -29,14 +29,14 @@ This installation must use the Kubernetes default CNI configuration directory (`
#### Other network providers
-Generally, you can not use {{prodname}} together with another network provider.
+Generally, you cannot use {{prodname}} together with another network provider.
Notable exceptions include the following:
* [flannel](flannel/index.mdx)
* Platform-specific CNIs, such as the [AWS VPC CNI](https://github.com/aws/amazon-vpc-cni-k8s/blob/master/README.md) and [Azure VNET CNI](https://github.com/Azure/azure-container-networking/blob/master/docs/cni.md) plugins.
-If you're working with a cluster that already uses another CNI, you can not migrate to {{prodname}}.
+If you're working with a cluster that already uses another CNI, you cannot migrate to {{prodname}}.
#### Supported kube-proxy modes
diff --git a/calico_versioned_docs/version-3.27/getting-started/kubernetes/vpp/getting-started.mdx b/calico_versioned_docs/version-3.27/getting-started/kubernetes/vpp/getting-started.mdx
index b3e13a135a..14957add6c 100644
--- a/calico_versioned_docs/version-3.27/getting-started/kubernetes/vpp/getting-started.mdx
+++ b/calico_versioned_docs/version-3.27/getting-started/kubernetes/vpp/getting-started.mdx
@@ -29,7 +29,7 @@ In addition, the VPP dataplane offers some specific features for network-intensi
:::note
The VPP dataplane has some minor behavioural differences wrt the other {{prodname}} dataplanes and some of the features are not supported. For details please refer to [Known issues & unsupported features](./specifics.mdx).
-Please report bugs on the [Calico Users slack](https://calicousers.slack.com/archives/C017220EXU1) or [Github](https://github.com/projectcalico/vpp-dataplane/issues)).
+Please report bugs on the [Calico Users slack](https://calicousers.slack.com/archives/C017220EXU1) or [GitHub](https://github.com/projectcalico/vpp-dataplane/issues)).
:::
diff --git a/calico_versioned_docs/version-3.27/getting-started/kubernetes/vpp/openshift.mdx b/calico_versioned_docs/version-3.27/getting-started/kubernetes/vpp/openshift.mdx
index f23bf01434..a2fb15ebdb 100644
--- a/calico_versioned_docs/version-3.27/getting-started/kubernetes/vpp/openshift.mdx
+++ b/calico_versioned_docs/version-3.27/getting-started/kubernetes/vpp/openshift.mdx
@@ -188,7 +188,7 @@ spec:
EOF
```
-3. Log in to the OpenShift console, navigate to the Installed Operators section and approve the pnstall plan for the operator.
+3. Log in to the OpenShift console, navigate to the Installed Operators section and approve the install plan for the operator.
:::note
diff --git a/calico_versioned_docs/version-3.27/getting-started/openstack/installation/redhat.mdx b/calico_versioned_docs/version-3.27/getting-started/openstack/installation/redhat.mdx
index 2511905a64..f4d69f4f75 100644
--- a/calico_versioned_docs/version-3.27/getting-started/openstack/installation/redhat.mdx
+++ b/calico_versioned_docs/version-3.27/getting-started/openstack/installation/redhat.mdx
@@ -4,7 +4,7 @@ description: Install Calico on OpenStack, Red Hat Enterprise Linux nodes.
# Red Hat Enterprise Linux
-import OpenstackEtcdAuth from '@site/calico_versioned_docs/version-3.27/_includes/content/_openstack-etcd-auth.mdx';
+import OpenStackEtcdAuth from '@site/calico_versioned_docs/version-3.27/_includes/content/_openstack-etcd-auth.mdx';
These instructions will take you through a first-time install of
{{prodname}}. If you are upgrading an existing system, please see
@@ -283,4 +283,4 @@ On each compute node, perform the following steps:
service calico-felix restart
```
-
+
diff --git a/calico_versioned_docs/version-3.27/getting-started/openstack/installation/ubuntu.mdx b/calico_versioned_docs/version-3.27/getting-started/openstack/installation/ubuntu.mdx
index c107e1c0f4..440fbca2cd 100644
--- a/calico_versioned_docs/version-3.27/getting-started/openstack/installation/ubuntu.mdx
+++ b/calico_versioned_docs/version-3.27/getting-started/openstack/installation/ubuntu.mdx
@@ -4,7 +4,7 @@ description: Install Calico on OpenStack, Ubuntu nodes.
# Ubuntu
-import OpenstackEtcdAuth from '@site/calico_versioned_docs/version-3.27/_includes/content/_openstack-etcd-auth.mdx';
+import OpenStackEtcdAuth from '@site/calico_versioned_docs/version-3.27/_includes/content/_openstack-etcd-auth.mdx';
These instructions will take you through a first-time install of
{{prodname}}. If you are upgrading an existing system, please see
@@ -266,4 +266,4 @@ On each compute node, perform the following steps:
service calico-felix restart
```
-
+
diff --git a/calico_versioned_docs/version-3.27/network-policy/get-started/kubernetes-policy/kubernetes-demo.mdx b/calico_versioned_docs/version-3.27/network-policy/get-started/kubernetes-policy/kubernetes-demo.mdx
index 6d7be5d5a9..f3d32f518c 100644
--- a/calico_versioned_docs/version-3.27/network-policy/get-started/kubernetes-policy/kubernetes-demo.mdx
+++ b/calico_versioned_docs/version-3.27/network-policy/get-started/kubernetes-policy/kubernetes-demo.mdx
@@ -67,7 +67,7 @@ kubectl create -f {{tutorialFilesURL}}/allow-ui.yaml
kubectl create -f {{tutorialFilesURL}}/allow-ui-client.yaml
```
-After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other any more.
+After a few seconds, refresh the UI - it should now show the Services, but they should not be able to access each other anymore.
### 4) Create the backend-policy.yaml file to allow traffic from the frontend to the backend
diff --git a/calico_versioned_docs/version-3.27/network-policy/hosts/host-forwarded-traffic.mdx b/calico_versioned_docs/version-3.27/network-policy/hosts/host-forwarded-traffic.mdx
index 75e9b7399f..c3ae605d3e 100644
--- a/calico_versioned_docs/version-3.27/network-policy/hosts/host-forwarded-traffic.mdx
+++ b/calico_versioned_docs/version-3.27/network-policy/hosts/host-forwarded-traffic.mdx
@@ -110,7 +110,7 @@ spec:
- 22
```
-Save this as allow-ssh-maintenace.yaml.
+Save this as allow-ssh-maintenance.yaml.
Apply the policy to the cluster:
diff --git a/calico_versioned_docs/version-3.27/network-policy/hosts/protect-hosts.mdx b/calico_versioned_docs/version-3.27/network-policy/hosts/protect-hosts.mdx
index efd0ab3b6b..b4673b68fe 100644
--- a/calico_versioned_docs/version-3.27/network-policy/hosts/protect-hosts.mdx
+++ b/calico_versioned_docs/version-3.27/network-policy/hosts/protect-hosts.mdx
@@ -24,7 +24,7 @@ Each host has one or more network interfaces that it uses to communicate externa
### Failsafe rules
-It is easy to inadvertently cut all host connectivity because of non-existent or misconfigured network policy. To avoid this, {{prodname}} provides failsafe rules with default/configurable ports that are open on all host endpoints.
+It is easy to inadvertently cut all host connectivity because of nonexistent or misconfigured network policy. To avoid this, {{prodname}} provides failsafe rules with default/configurable ports that are open on all host endpoints.
### Default behavior of workload to host traffic
@@ -58,7 +58,7 @@ If you are already running {{prodname}} for Kubernetes, you are good to go. If y
### Avoid accidentally cutting all host connectivity
-To avoid inadvertently cutting all host connectivity because of non-existent or misconfigured network policy, {{prodname}} uses failsafe rules that open specific ports and CIDRs on all host endpoints.
+To avoid inadvertently cutting all host connectivity because of nonexistent or misconfigured network policy, {{prodname}} uses failsafe rules that open specific ports and CIDRs on all host endpoints.
Review the following table to determine if the defaults work for your implementation. If not, change the default ports using the parameters, **FailsafeInboundHostPorts** and **FailsafeOutboundHostPorts** in [Configuring Felix](../../reference/felix/configuration.mdx#environment-variables).
diff --git a/calico_versioned_docs/version-3.27/networking/openstack/configuration.mdx b/calico_versioned_docs/version-3.27/networking/openstack/configuration.mdx
index 6fb5906a17..2ede08d76f 100644
--- a/calico_versioned_docs/version-3.27/networking/openstack/configuration.mdx
+++ b/calico_versioned_docs/version-3.27/networking/openstack/configuration.mdx
@@ -72,7 +72,7 @@ node belongs to.
When specified, the value of `openstack_region` must be a string of lower case alphanumeric
characters or '-', starting and ending with an alphanumeric character, and must match the value of
-[`OpenstackRegion`](../../reference/felix/configuration.mdx#openstack-specific-configuration)
+[`OpenStackRegion`](../../reference/felix/configuration.mdx#openstack-specific-configuration)
configured for the Felixes in the same region.
## ML2 (.../ml2_conf.ini)
diff --git a/calico_versioned_docs/version-3.27/networking/openstack/multiple-regions.mdx b/calico_versioned_docs/version-3.27/networking/openstack/multiple-regions.mdx
index c8347cd5f9..17d15fa927 100644
--- a/calico_versioned_docs/version-3.27/networking/openstack/multiple-regions.mdx
+++ b/calico_versioned_docs/version-3.27/networking/openstack/multiple-regions.mdx
@@ -53,7 +53,7 @@ except for these points:
```conf
[global]
- OpenstackRegion =
+ OpenStackRegion =
```
where `` is the name of the region that that compute host belongs to.
@@ -69,7 +69,7 @@ except for these points:
:::note
-the value specified for `OpenstackRegion` and `openstack_region`
+the value specified for `OpenStackRegion` and `openstack_region`
must be a string of lower case alphanumeric characters or '-', starting and
ending with an alphanumeric character.
@@ -83,9 +83,9 @@ for the region will think that there are no working compute nodes.
:::
-### Configuring Openstack
+### Configuring OpenStack
-You should now create networks in your Openstack regions as normal. e.g.
+You should now create networks in your OpenStack regions as normal. e.g.
```bash
neutron net-create --shared calico
diff --git a/calico_versioned_docs/version-3.27/operations/datastore-migration.mdx b/calico_versioned_docs/version-3.27/operations/datastore-migration.mdx
index 4b8cd321c9..d540f14fab 100644
--- a/calico_versioned_docs/version-3.27/operations/datastore-migration.mdx
+++ b/calico_versioned_docs/version-3.27/operations/datastore-migration.mdx
@@ -50,7 +50,7 @@ documentation.
:::note
- After running the above command, you can not make changes to the configuration of your cluster until the
+ After running the above command, you cannot make changes to the configuration of your cluster until the
migration is complete. New pods will not be started until after the migration.
:::
diff --git a/calico_versioned_docs/version-3.27/operations/ebpf/enabling-ebpf.mdx b/calico_versioned_docs/version-3.27/operations/ebpf/enabling-ebpf.mdx
index b2925cd130..47b08c10c2 100644
--- a/calico_versioned_docs/version-3.27/operations/ebpf/enabling-ebpf.mdx
+++ b/calico_versioned_docs/version-3.27/operations/ebpf/enabling-ebpf.mdx
@@ -59,7 +59,7 @@ Limitations:
- Dual stack is not supported. However, ipv4 traffic is allowed into hosts (not workloads) because many managed Kubernetes environments have ipv4-based control plane.
- `doNotTrack` policies (xdp) are not supported
- - IPIP is not supported ({{prodname}} iptables does not supporte it either). VXLAN is the recommended overlay for eBPF mode.
+ - IPIP is not supported ({{prodname}} iptables does not support it either). VXLAN is the recommended overlay for eBPF mode.
To enable IPv6 in eBPF mode, see [Configure dual stack or IPv6 only](../../networking/ipam/ipv6.mdx). You may be able to run with non-Calico IPAM. eks-cni is known to work.
@@ -343,7 +343,7 @@ calicoctl patch felixconfiguration default --patch='{"spec": {"bpfEnabled": true
-When enabling eBPF mode, pre-existing connections continue to use the non-BPF datapath; such connections should
+When enabling eBPF mode, preexisting connections continue to use the non-BPF datapath; such connections should
not be disrupted, but they do not benefit from eBPF mode’s advantages.
### Try out DSR mode
diff --git a/calico_versioned_docs/version-3.27/operations/ebpf/install.mdx b/calico_versioned_docs/version-3.27/operations/ebpf/install.mdx
index b5e6f4b0fe..6d257e17e6 100644
--- a/calico_versioned_docs/version-3.27/operations/ebpf/install.mdx
+++ b/calico_versioned_docs/version-3.27/operations/ebpf/install.mdx
@@ -59,7 +59,7 @@ Limitations:
- Dual stack is not supported. However, ipv4 traffic is allowed into hosts (not workloads) because many managed Kubernetes environments have ipv4-based control plane.
- `doNotTrack` policies (xdp) are not supported
- - IPIP is not supported ({{prodname}} iptables does not supporte it either). VXLAN is the recommended overlay for eBPF mode.
+ - IPIP is not supported ({{prodname}} iptables does not support it either). VXLAN is the recommended overlay for eBPF mode.
To enable IPv6 in eBPF mode, see [Configure dual stack or IPv6 only](../../networking/ipam/ipv6.mdx). You may be able to run with non-Calico IPAM. eks-cni is known to work.
diff --git a/calico_versioned_docs/version-3.27/operations/troubleshoot/vpp.mdx b/calico_versioned_docs/version-3.27/operations/troubleshoot/vpp.mdx
index 9eadf980e7..c0a03a250c 100644
--- a/calico_versioned_docs/version-3.27/operations/troubleshoot/vpp.mdx
+++ b/calico_versioned_docs/version-3.27/operations/troubleshoot/vpp.mdx
@@ -8,7 +8,7 @@ description: Specific troubleshooting steps for the VPP dataplane.
This page describes the troubleshooting steps for the [VPP dataplane](../../getting-started/kubernetes/vpp/getting-started.mdx). If you did not configure the VPP dataplane, this page is not for you!
-If you're encountering issues with the VPP dataplane, feel free to reach out to us either on the [#vpp channel](https://calicousers.slack.com/archives/C017220EXU1) on the {{prodname}} slack, or by opening a new issue in [Github](https://github.com/projectcalico/vpp-dataplane/issues)).
+If you're encountering issues with the VPP dataplane, feel free to reach out to us either on the [#vpp channel](https://calicousers.slack.com/archives/C017220EXU1) on the {{prodname}} slack, or by opening a new issue in [GitHub](https://github.com/projectcalico/vpp-dataplane/issues)).
## Installing calivppctl
diff --git a/calico_versioned_docs/version-3.27/reference/architecture/design/l2-interconnect-fabric.mdx b/calico_versioned_docs/version-3.27/reference/architecture/design/l2-interconnect-fabric.mdx
index 55fdb2ba9a..422372357d 100644
--- a/calico_versioned_docs/version-3.27/reference/architecture/design/l2-interconnect-fabric.mdx
+++ b/calico_versioned_docs/version-3.27/reference/architecture/design/l2-interconnect-fabric.mdx
@@ -50,7 +50,7 @@ context.
In a classical Ethernet data center fabric, there is a _churn_ event each time an endpoint is created,
destroyed, or moved. In a large data center, with hundreds of thousands of endpoints, this _churn_ could run into tens of events per second, every second of the day, with peaks easily in the hundreds or thousands of events per second. In a {{prodname}} network, however, the _churn_ is very low. The only event that would lead to _churn_
- orders of magnitude more than what is normally experienced), there would only be two thousand events per **day**. Any switch that can not handle that volume of change in the network should not be used
+ orders of magnitude more than what is normally experienced), there would only be two thousand events per **day**. Any switch that cannot handle that volume of change in the network should not be used
for any application.
- High volume of broadcast traffic
@@ -87,7 +87,7 @@ In this diagram, each ToR is segmented into four logical switches (possibly by u
Each plane would constitute an IP network, so the blue plane would be 2001:db8:1000::/36, the green would be 2001:db8:2000::/36, and the orange and red planes would be 2001:db8:3000::/36 and 2001:db8:4000::/36 respectively ([note 3](#note-3)).
-Each IP network (plane) requires it's own BGP route reflectors. Those route reflectors need to be peered with each other within the plane, but the route reflectors in each plane do not need to be peered with one another. Therefore, a fabric of four planes would have four route reflector meshes. Each compute server, border router, _etc._ would need
+Each IP network (plane) requires its own BGP route reflectors. Those route reflectors need to be peered with each other within the plane, but the route reflectors in each plane do not need to be peered with one another. Therefore, a fabric of four planes would have four route reflector meshes. Each compute server, border router, _etc._ would need
to be a route reflector client of at least one route reflector in each plane, and very preferably two or more in each plane.
The following diagram visualizes the route reflector environment.
diff --git a/calico_versioned_docs/version-3.27/reference/calicoctl/delete.mdx b/calico_versioned_docs/version-3.27/reference/calicoctl/delete.mdx
index b6cab4d2e1..829a324591 100644
--- a/calico_versioned_docs/version-3.27/reference/calicoctl/delete.mdx
+++ b/calico_versioned_docs/version-3.27/reference/calicoctl/delete.mdx
@@ -77,7 +77,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to delete a resource that does not exists is treated as a
terminating error unless the --skip-not-exists flag is set. If this flag is
diff --git a/calico_versioned_docs/version-3.27/reference/calicoctl/get.mdx b/calico_versioned_docs/version-3.27/reference/calicoctl/get.mdx
index 3391bb520b..48147f79a7 100644
--- a/calico_versioned_docs/version-3.27/reference/calicoctl/get.mdx
+++ b/calico_versioned_docs/version-3.27/reference/calicoctl/get.mdx
@@ -81,7 +81,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to get resources that do not exist will simply return no results.
diff --git a/calico_versioned_docs/version-3.27/reference/calicoctl/label.mdx b/calico_versioned_docs/version-3.27/reference/calicoctl/label.mdx
index 2681f29a49..e6f5c8fd75 100644
--- a/calico_versioned_docs/version-3.27/reference/calicoctl/label.mdx
+++ b/calico_versioned_docs/version-3.27/reference/calicoctl/label.mdx
@@ -52,10 +52,10 @@ Options:
--overwrite If true, overwrite the value when the key is already
present in labels. Otherwise reports error when the
labeled resource already have the key in its labels.
- Can not be used with --remove.
+ Cannot be used with --remove.
--remove If true, remove the specified key in labels of the
resource. Reports error when specified key does not
- exist. Can not be used with --overwrite.
+ exist. Cannot be used with --overwrite.
--context= The name of the kubeconfig context to use.
Description:
@@ -75,7 +75,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to label resources that do not exist will get an error.
@@ -133,10 +133,10 @@ Description:
--overwrite If true, overwrite the value when the key is already
present in labels. Otherwise reports error when the
labeled resource already have the key in its labels.
- Can not be used with --remove.
+ Cannot be used with --remove.
--remove If true, remove the specified key in labels of the
resource. Reports error when specified key does not
- exist. Can not be used with --overwrite.
+ exist. Cannot be used with --overwrite.
```
### General options
diff --git a/calico_versioned_docs/version-3.27/reference/calicoctl/node/run.mdx b/calico_versioned_docs/version-3.27/reference/calicoctl/node/run.mdx
index 3d2f9a60a6..f094a2ba2e 100644
--- a/calico_versioned_docs/version-3.27/reference/calicoctl/node/run.mdx
+++ b/calico_versioned_docs/version-3.27/reference/calicoctl/node/run.mdx
@@ -100,7 +100,7 @@ Options:
system.
--no-default-ippools Do not create default pools upon startup.
Default IP pools will be created if this is not set
- and there are no pre-existing Calico IP pools.
+ and there are no preexisting Calico IP pools.
--disable-docker-networking
Disable Docker networking.
--docker-networking-ifprefix=
@@ -342,7 +342,7 @@ terminating `,` character does not need to be specified for those cases.
system.
--no-default-ippools Do not create default pools upon startup.
Default IP pools will be created if this is not set
- and there are no pre-existing Calico IP pools.
+ and there are no preexisting Calico IP pools.
--disable-docker-networking
Disable Docker networking.
--docker-networking-ifprefix=
diff --git a/calico_versioned_docs/version-3.27/reference/calicoctl/overview.mdx b/calico_versioned_docs/version-3.27/reference/calicoctl/overview.mdx
index a0dae779f0..67258a2255 100644
--- a/calico_versioned_docs/version-3.27/reference/calicoctl/overview.mdx
+++ b/calico_versioned_docs/version-3.27/reference/calicoctl/overview.mdx
@@ -37,7 +37,7 @@ Usage:
replace Replace a resource by file, directory or stdin.
apply Apply a resource by file, directory or stdin. This creates a resource
if it does not exist, and replaces a resource if it does exists.
- patch Patch a pre-existing resource in place.
+ patch Patch a preexisting resource in place.
delete Delete a resource identified by file, directory, stdin or resource type and
name.
get Get a resource identified by file, directory, stdin or resource type and
@@ -105,7 +105,7 @@ See [Configuring Felix](../felix/configuration.mdx) for more details.
## Supported resource definition aliases
The following table lists supported aliases for {{prodname}} resources when using `calicoctl`. Note that all aliases
-are **case insensitive**.
+are **case-insensitive**.
| Resource definition | Supported calicoctl aliases |
| :----------------------------------- | :---------------------------------------------------------------------------- |
diff --git a/calico_versioned_docs/version-3.27/reference/calicoctl/patch.mdx b/calico_versioned_docs/version-3.27/reference/calicoctl/patch.mdx
index 826845fce6..e7bf8dbf1c 100644
--- a/calico_versioned_docs/version-3.27/reference/calicoctl/patch.mdx
+++ b/calico_versioned_docs/version-3.27/reference/calicoctl/patch.mdx
@@ -59,7 +59,7 @@ Description:
* profile
* workloadEndpoint
- The resource type is case insensitive and may be pluralized.
+ The resource type is case-insensitive and may be pluralized.
Attempting to patch a resource that does not exists is treated as a
terminating error unless the --skip-not-exists flag is set. If this flag is
set, resources that do not exist are skipped.
diff --git a/calico_versioned_docs/version-3.27/reference/felix/configuration.mdx b/calico_versioned_docs/version-3.27/reference/felix/configuration.mdx
index a62e3b6714..93118dd77d 100644
--- a/calico_versioned_docs/version-3.27/reference/felix/configuration.mdx
+++ b/calico_versioned_docs/version-3.27/reference/felix/configuration.mdx
@@ -59,7 +59,7 @@ The full list of parameters which can be set is as follows.
| `HealthEnabled` | `FELIX_HEALTHENABLED` | When enabled, exposes felix health information via an http endpoint. | boolean |
| `HealthHost` | `FELIX_HEALTHHOST` | The address on which Felix will respond to health requests. [Default: `localhost`] | string |
| `HealthPort` | `FELIX_HEALTHPORT` | The port on which Felix will respond to health requests. [Default: `9099`] | int |
-| `HealthTimeoutOverrides` | `FELIX_HEALTHTIMEOUTOVERRIDES` | Allows the internal watchdog timeouts of individual subcomponents to be overriden; example: "InternalDataplaneMainLoop=30s,CalculationGraph=2m". This is useful for working around "false positive" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs. [Default: ``] | Comma-delimited list of key/value pairs where the values are durations: `1s`, `10s`, `5m`, etc. |
+| `HealthTimeoutOverrides` | `FELIX_HEALTHTIMEOUTOVERRIDES` | Allows the internal watchdog timeouts of individual subcomponents to be overridden; example: "InternalDataplaneMainLoop=30s,CalculationGraph=2m". This is useful for working around "false positive" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs. [Default: ``] | Comma-delimited list of key/value pairs where the values are durations: `1s`, `10s`, `5m`, etc. |
| `IpInIpEnabled` | `FELIX_IPINIPENABLED` | Optional, you shouldn't need to change this setting as Felix calculates if IPIP should be enabled based on the existing IP Pools. When set, this overrides whether Felix should configure an IPinIP interface on the host. When explicitly disabled in FelixConfiguration, Felix will not clean up addresses from the `tunl0` interface (use this if you need to add addresses to that interface and don't want to have them removed). [Default: unset] | optional boolean |
| `IpInIpMtu` | `FELIX_IPINIPMTU` | The MTU to set on the IPIP tunnel device. Zero value means auto-detect. See [Configuring MTU](../../networking/configuring/mtu.mdx) [Default: `0`] | int |
| `IPv4VXLANTunnelAddr` | | IP address of the IPv4 VXLAN tunnel. This is system configured and should not be updated manually. | string |
@@ -201,11 +201,11 @@ for 1022 endpoints on the host.
| Configuration parameter | Environment variable | Description | Schema |
| ----------------------- | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------- |
-| `MetadataAddr` | `FELIX_METADATAADDR` | The IP address or domain name of the server that can answer VM queries for cloud-init metadata. In OpenStack, this corresponds to the machine running nova-api (or in Ubuntu, nova-api-metadata). A value of `none` (case insensitive) means that Felix should not set up any NAT rule for the metadata path. [Default: `127.0.0.1`] | ``, ``, `none` |
+| `MetadataAddr` | `FELIX_METADATAADDR` | The IP address or domain name of the server that can answer VM queries for cloud-init metadata. In OpenStack, this corresponds to the machine running nova-api (or in Ubuntu, nova-api-metadata). A value of `none` (case-insensitive) means that Felix should not set up any NAT rule for the metadata path. [Default: `127.0.0.1`] | ``, ``, `none` |
| `MetadataPort` | `FELIX_METADATAPORT` | The port of the metadata server. This, combined with global.MetadataAddr (if not 'None'), is used to set up a NAT rule, from 169.254.169.254:80 to MetadataAddr:MetadataPort. In most cases this should not need to be changed [Default: `8775`]. | int |
-| `OpenstackRegion` | `FELIX_OPENSTACKREGION` | In a [multi-region deployment](../../networking/openstack/multiple-regions.mdx), the name of the region that this Felix is in. [Default: none]. | string\* |
+| `OpenStackRegion` | `FELIX_OPENSTACKREGION` | In a [multi-region deployment](../../networking/openstack/multiple-regions.mdx), the name of the region that this Felix is in. [Default: none]. | string\* |
-\* If non-empty, the value specified for `OpenstackRegion` must be a
+\* If non-empty, the value specified for `OpenStackRegion` must be a
string of lower case alphanumeric characters or '-', starting and
ending with an alphanumeric character.
diff --git a/calico_versioned_docs/version-3.27/reference/installation/_api.mdx b/calico_versioned_docs/version-3.27/reference/installation/_api.mdx
index 5930c66358..69418ce786 100644
--- a/calico_versioned_docs/version-3.27/reference/installation/_api.mdx
+++ b/calico_versioned_docs/version-3.27/reference/installation/_api.mdx
@@ -234,7 +234,7 @@ WAFStatusType
WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster.
-When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
+When enabled, Services may opt-in to having ingress traffic examined by ModSecurity.
@@ -2485,7 +2485,7 @@ WAFStatusType
WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster.
-When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
+When enabled, Services may opt-in to having ingress traffic examined by ModSecurity.
@@ -6398,7 +6398,7 @@ int32
(Optional)
-BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from
+BlockSize specifies the CIDR prefix length to use when allocating per-node IP blocks from
the main IP pool CIDR.
Default: 26 (IPv4), 122 (IPv6)
@@ -7281,7 +7281,7 @@ int32
MTU is the most recently observed value for pod network MTU. This may be an explicitly
-configured value, or based on Calico’s native auto-detetion.
+configured value, or based on Calico’s native auto-detection.
diff --git a/calico_versioned_docs/version-3.27/reference/public-cloud/azure.mdx b/calico_versioned_docs/version-3.27/reference/public-cloud/azure.mdx
index 11e253f9a7..0135b8995c 100644
--- a/calico_versioned_docs/version-3.27/reference/public-cloud/azure.mdx
+++ b/calico_versioned_docs/version-3.27/reference/public-cloud/azure.mdx
@@ -27,7 +27,7 @@ You can use {{prodname}} policy with one of the following networking options.
To configure Azure user-defined routes (UDR):
- Create an [Azure route table][azureudrcreate] and
- associatе it with the VMs subnet.
+ associate it with the VMs subnet.
- Enable [IP forwarding enabled][azureipforward] in your
VM network interfaces.
diff --git a/calico_versioned_docs/version-3.27/reference/resources/felixconfig.mdx b/calico_versioned_docs/version-3.27/reference/resources/felixconfig.mdx
index 0c9840c7ad..78a02bd1b4 100644
--- a/calico_versioned_docs/version-3.27/reference/resources/felixconfig.mdx
+++ b/calico_versioned_docs/version-3.27/reference/resources/felixconfig.mdx
@@ -73,7 +73,7 @@ spec:
| logSeveritySys | The log severity above which logs are sent to the syslog. Set to `none` for no logging to syslog. | Debug, Info, Warning, Error, Fatal | string | `Info` |
| logDebugFilenameRegex | controls which source code files have their Debug log output included in the logs. Only logs from files with names that match the given regular expression are included. The filter only applies to Debug level logs. | regex | string | `""` |
| maxIpsetSize | Maximum size for the ipsets used by Felix. Should be set to a number that is greater than the maximum number of IP addresses that are ever expected in a selector. | int | int | `1048576` |
-| metadataAddr | The IP address or domain name of the server that can answer VM queries for cloud-init metadata. In OpenStack, this corresponds to the machine running nova-api (or in Ubuntu, nova-api-metadata). A value of `none` (case insensitive) means that Felix should not set up any NAT rule for the metadata path. | IPv4, hostname, none | string | `127.0.0.1` |
+| metadataAddr | The IP address or domain name of the server that can answer VM queries for cloud-init metadata. In OpenStack, this corresponds to the machine running nova-api (or in Ubuntu, nova-api-metadata). A value of `none` (case-insensitive) means that Felix should not set up any NAT rule for the metadata path. | IPv4, hostname, none | string | `127.0.0.1` |
| metadataPort | The port of the metadata server. This, combined with global.MetadataAddr (if not 'None'), is used to set up a NAT rule, from 169.254.169.254:80 to MetadataAddr:MetadataPort. In most cases this should not need to be changed. | int | int | `8775` |
| natOutgoingAddress | The source address to use for outgoing NAT. By default an iptables MASQUERADE rule determines the source address which will use the address on the host interface the traffic leaves on. | IPV4 | string | `""` |
| openstackRegion | The name of the region that a particular Felix belongs to. In a [multi-region Calico/OpenStack deployment](../../networking/openstack/multiple-regions.mdx), this must be configured somehow for each Felix (here in the datamodel, or in felix.cfg or the environment on each compute node), and must match the [calico] openstack_region value configured in neutron.conf on each node. | string of lower case alphanumeric characters or '-', starting and ending with an alphanumeric character | string | `""` |
diff --git a/calico_versioned_docs/version-3.27/reference/resources/kubecontrollersconfig.mdx b/calico_versioned_docs/version-3.27/reference/resources/kubecontrollersconfig.mdx
index 431d87b532..ed63db5d31 100644
--- a/calico_versioned_docs/version-3.27/reference/resources/kubecontrollersconfig.mdx
+++ b/calico_versioned_docs/version-3.27/reference/resources/kubecontrollersconfig.mdx
@@ -62,7 +62,7 @@ spec:
| node | Enable and configure the node controller | omit to disable, or [NodeController](#nodecontroller) |
| policy | Enable and configure the network policy controller | omit to disable, or [PolicyController](#policycontroller) |
| workloadEndpoint | Enable and configure the workload endpoint controller | omit to disable, or [WorkloadEndpointController](#workloadendpointcontroller) |
-| serviceAccount | Enable and configure the service account controller | omit to disable, or [ServiceAccountController](#serviceaccountcontroller) |
+| serviceAccount | Enable and configure the service account controller | omit to disable, or [ServiceAccountController](#serviceaccountcontroller) |
| namespace | Enable and configure the namespace controller | omit to disable, or [NamespaceController](#namespacecontroller) |
### NodeController
diff --git a/calico_versioned_docs/version-3.27/reference/resources/networkset.mdx b/calico_versioned_docs/version-3.27/reference/resources/networkset.mdx
index 208c6ae1df..ec7b8ded83 100644
--- a/calico_versioned_docs/version-3.27/reference/resources/networkset.mdx
+++ b/calico_versioned_docs/version-3.27/reference/resources/networkset.mdx
@@ -26,7 +26,7 @@ networks listed in a network set. For example, in Kubernetes, incoming traffic v
typically SNATed by the kube-proxy before reaching the destination host so {{prodname}}'s workload
policy will see the kube-proxy's host's IP as the source instead of the real source.
For `calicoctl` commands that specify a resource type on the CLI, the following
-aliases are supported (all case insensitive): `networkset`, `networksets`, `netsets`.
+aliases are supported (all case-insensitive): `networkset`, `networksets`, `netsets`.
:::
diff --git a/calico_versioned_docs/version-3.27/reference/typha/configuration.mdx b/calico_versioned_docs/version-3.27/reference/typha/configuration.mdx
index bd595c1de4..ce7dbf8290 100644
--- a/calico_versioned_docs/version-3.27/reference/typha/configuration.mdx
+++ b/calico_versioned_docs/version-3.27/reference/typha/configuration.mdx
@@ -10,7 +10,7 @@ import TabItem from '@theme/TabItem';
-Typha configuration can not be modified when Calico is installed via the operator.
+Typha configuration cannot be modified when Calico is installed via the operator.
diff --git a/calico_versioned_docs/version-3.27/release-notes/index.mdx b/calico_versioned_docs/version-3.27/release-notes/index.mdx
index 5570e71f87..cb01b11411 100644
--- a/calico_versioned_docs/version-3.27/release-notes/index.mdx
+++ b/calico_versioned_docs/version-3.27/release-notes/index.mdx
@@ -128,7 +128,7 @@ February 17, 2024
#### Enhancements
- - ebpf: alternative cgroup2 mount path can be specified by setting CALICO_CGROUP_PATH evn var for node. [calico #8512](https://github.com/projectcalico/calico/pull/8512) (@tomastigera)
+ - ebpf: alternative cgroup2 mount path can be specified by setting CALICO_CGROUP_PATH env var for node. [calico #8512](https://github.com/projectcalico/calico/pull/8512) (@tomastigera)
- Host MTU auto-detection now ignores interfaces that are down. [calico #8499](https://github.com/projectcalico/calico/pull/8499) (@fasaxc)
- Bump iptables version of calico-node to 1.8.8 [calico #8485](https://github.com/projectcalico/calico/pull/8485) (@coutinhop)
- Fix crypto UT after upgrading to golang v1.21.6 [calico #8478](https://github.com/projectcalico/calico/pull/8478) (@hjiawei)
diff --git a/calico_versioned_docs/version-3.27/training/index.mdx b/calico_versioned_docs/version-3.27/training/index.mdx
index 234375f7ee..899c659d64 100644
--- a/calico_versioned_docs/version-3.27/training/index.mdx
+++ b/calico_versioned_docs/version-3.27/training/index.mdx
@@ -12,5 +12,5 @@ description: Links to Calico resources for onboarding and training.
| Workshops and events | - [Workshops and events](https://www.tigera.io/events/) - [Tradeshows](https://www.tigera.io/lp/tradeshows/) |
| Videos, datasheets | [Videos, case studies, datasheets, etc.](https://www.tigera.io/resources/) |
| Blog | [Technical blog](https://www.tigera.io/blog/) |
-| Stay connected | - [Github](https://github.com/projectcalico/calico) - [Calico YouTube channel](https://www.youtube.com/channel/UCFpTnXDNcBoXI4gqCDmegFA) - [Security bulletin of vulnerabilities](https://www.tigera.io/security-bulletins/) - [Twitter](https://twitter.com/projectcalico) |
+| Stay connected | - [GitHub](https://github.com/projectcalico/calico) - [Calico YouTube channel](https://www.youtube.com/channel/UCFpTnXDNcBoXI4gqCDmegFA) - [Security bulletin of vulnerabilities](https://www.tigera.io/security-bulletins/) - [Twitter](https://twitter.com/projectcalico) |
| Report a bug | [Create a new issue](https://github.com/projectcalico/calico/issues) |
diff --git a/scripts/cc-next-preview-config.sh b/scripts/cc-next-preview-config.sh
index 0da3b6411e..6ba8678b5f 100644
--- a/scripts/cc-next-preview-config.sh
+++ b/scripts/cc-next-preview-config.sh
@@ -1,7 +1,7 @@
#!/bin/bash
-# This script makes changes to docusuarus.config.js.
-# These changes make Docusuarus publish only version Next for each product doc set.
+# This script makes changes to docusaurus.config.js.
+# These changes make Docusaurus publish only version Next for each product doc set.
sed -i "s/onBrokenLinks: 'throw'/onBrokenLinks: 'warn'/" docusaurus.config.js
sed -i "s/onBrokenMarkdownLinks: 'throw'/onBrokenMarkdownLinks: 'warn'/" docusaurus.config.js
diff --git a/src/___new___/components/Explore/index.tsx b/src/___new___/components/Explore/index.tsx
index 0ff9d15685..4cfd2b6108 100644
--- a/src/___new___/components/Explore/index.tsx
+++ b/src/___new___/components/Explore/index.tsx
@@ -6,7 +6,7 @@ import { heading2Styles } from '../styles';
import howItWorksInfo from '../../data/exploreInfo';
import {
- howItWorksSyle,
+ howItWorksStyle,
innerTextStyle,
rectangleStyle,
stackStyle,
@@ -22,7 +22,7 @@ interface HowItWorksProps {
const HowItWorks: React.FC = ({ isDarkMode,...rest }) => (
= ({ isDarkMode, ...re