projectcalico
diff --git a/‎api/pkg/apis/projectcalico/v3/ippool.go
+2 b/‎api/pkg/apis/projectcalico/v3/ippool.go
+2
diff --git a/‎libcalico-go/config/crd/crd.projectcalico.org_ippools.yaml
+8 b/‎libcalico-go/config/crd/crd.projectcalico.org_ippools.yaml
+8
diff --git a/‎manifests/calico-bpf.yaml
+8 b/‎manifests/calico-bpf.yaml
+8
diff --git a/‎manifests/calico-policy-only.yaml
+8 b/‎manifests/calico-policy-only.yaml
+8
diff --git a/‎manifests/calico-typha.yaml
+8 b/‎manifests/calico-typha.yaml
+8
diff --git a/‎manifests/calico-vxlan.yaml
+8 b/‎manifests/calico-vxlan.yaml
+8
diff --git a/‎manifests/calico.yaml
+8 b/‎manifests/calico.yaml
+8
diff --git a/‎manifests/canal.yaml
+8 b/‎manifests/canal.yaml
+8
diff --git a/‎manifests/crds.yaml
+8 b/‎manifests/crds.yaml
+8
diff --git a/‎manifests/flannel-migration/calico.yaml
+8 b/‎manifests/flannel-migration/calico.yaml
+8
diff --git a/‎manifests/operator-crds.yaml
+8 b/‎manifests/operator-crds.yaml
+8
@@ -48,6 +48,7 @@ type IPPool struct {
 // IPPoolSpec contains the specification for an IPPool resource.
 type IPPoolSpec struct {
 	// The pool CIDR.
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="CIDR cannot be changed; follow IP pool migration guide to avoid corruption."
 	CIDR string `json:"cidr" validate:"net"`
 
 	// Contains configuration for VXLAN tunneling for this pool. If not specified,
@@ -69,6 +70,7 @@ type IPPoolSpec struct {
 	DisableBGPExport bool `json:"disableBGPExport,omitempty" validate:"omitempty"`
 
 	// The block size to use for IP address assignments from this pool. Defaults to 26 for IPv4 and 122 for IPv6.
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Block size cannot be changed; follow IP pool migration guide to avoid corruption."
 	BlockSize int `json:"blockSize,omitempty"`
 
 	// Allows IPPool to allocate for a specific node by label selector.