diff --git a/api/v1/imageset_types.go b/api/v1/imageset_types.go index 8067df427f..13e186d800 100644 --- a/api/v1/imageset_types.go +++ b/api/v1/imageset_types.go @@ -1,4 +1,4 @@ -// Copyright (c) 2022-2024 Tigera, Inc. All rights reserved. +// Copyright (c) 2022-2026 Tigera, Inc. All rights reserved. /* Licensed under the Apache License, Version 2.0 (the "License"); @@ -49,7 +49,7 @@ type Image struct { // ImageSet is used to specify image digests for the images that the operator deploys. // The name of the ImageSet is expected to be in the format `-`. // The `variant` used is `enterprise` if the InstallationSpec Variant is -// `TigeraSecureEnterprise` otherwise it is `calico`. +// `CalicoEnterprise` or `TigeraSecureEnterprise`, otherwise it is `calico`. // The `release` must match the version of the variant that the operator is built to deploy, // this version can be obtained by passing the `--version` flag to the operator binary. type ImageSet struct { diff --git a/api/v1/installation_types.go b/api/v1/installation_types.go index 69139054e9..f8a7ccf561 100644 --- a/api/v1/installation_types.go +++ b/api/v1/installation_types.go @@ -47,10 +47,11 @@ type Installation struct { // InstallationSpec defines configuration for a Calico or Calico Enterprise installation. type InstallationSpec struct { - // Variant is the product to install - one of Calico or TigeraSecureEnterprise + // Variant is the product to install - one of Calico or CalicoEnterprise. + // TigeraSecureEnterprise is also accepted as a deprecated alias for CalicoEnterprise. // Default: Calico // +optional - // +kubebuilder:validation:Enum=Calico;TigeraSecureEnterprise + // +kubebuilder:validation:Enum=Calico;CalicoEnterprise;TigeraSecureEnterprise Variant ProductVariant `json:"variant,omitempty"` // Registry is the default Docker registry used for component Docker images. @@ -460,14 +461,23 @@ func (p Provider) IsKind() bool { // ProductVariant represents the variant of the product. // -// One of: Calico, TigeraSecureEnterprise +// One of: Calico, CalicoEnterprise. +// TigeraSecureEnterprise is a deprecated alias for CalicoEnterprise. type ProductVariant string var ( - Calico ProductVariant = "Calico" + Calico ProductVariant = "Calico" + CalicoEnterprise ProductVariant = "CalicoEnterprise" + + // Deprecated: Use CalicoEnterprise instead. TigeraSecureEnterprise ProductVariant = "TigeraSecureEnterprise" ) +// IsEnterprise returns true if the variant is an enterprise variant (either CalicoEnterprise or TigeraSecureEnterprise). +func (v ProductVariant) IsEnterprise() bool { + return v == CalicoEnterprise || v == TigeraSecureEnterprise +} + // NonPrivilegedType specifies whether Calico runs as permissioned or not // // One of: Enabled, Disabled @@ -979,8 +989,9 @@ type CNISpec struct { // InstallationStatus defines the observed state of the Calico or Calico Enterprise installation. type InstallationStatus struct { - // Variant is the most recently observed installed variant - one of Calico or TigeraSecureEnterprise - // +kubebuilder:validation:Enum=Calico;TigeraSecureEnterprise + // Variant is the most recently observed installed variant - one of Calico or CalicoEnterprise. + // TigeraSecureEnterprise is a deprecated alias for CalicoEnterprise. + // +kubebuilder:validation:Enum=Calico;CalicoEnterprise;TigeraSecureEnterprise Variant ProductVariant `json:"variant,omitempty"` // MTU is the most recently observed value for pod network MTU. This may be an explicitly diff --git a/cmd/main.go b/cmd/main.go index 3e297bb88e..46a6d177a6 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -178,7 +178,7 @@ If a value other than 'all' is specified, the first CRD with a prefix of the spe } if printEnterpriseCRDs != "" { - if err := showCRDs(operatortigeraiov1.TigeraSecureEnterprise, printEnterpriseCRDs); err != nil { + if err := showCRDs(operatortigeraiov1.CalicoEnterprise, printEnterpriseCRDs); err != nil { fmt.Println(err) os.Exit(1) } diff --git a/docs/common_tasks.md b/docs/common_tasks.md index d529bed288..2d3080c36b 100644 --- a/docs/common_tasks.md +++ b/docs/common_tasks.md @@ -113,7 +113,7 @@ Then, modify the installation CR (e.g., with `kubectl edit installations`) to in ``` spec: - variant: TigeraSecureEnterprise + variant: CalicoEnterprise imagePullSecrets: - name: tigera-pull-secret ``` diff --git a/docs/controller-dependency-graph.svg b/docs/controller-dependency-graph.svg index fa871526db..10f182cb53 100644 --- a/docs/controller-dependency-graph.svg +++ b/docs/controller-dependency-graph.svg @@ -30,7 +30,7 @@ apiserver->clusterconnection -TSEE +Enterprise diff --git a/docs/generate-controller-dependency-graph.py b/docs/generate-controller-dependency-graph.py index 17374e8254..3535aa0c8f 100755 --- a/docs/generate-controller-dependency-graph.py +++ b/docs/generate-controller-dependency-graph.py @@ -27,7 +27,7 @@ def main(): # This is still a manual process at the moment. # [APIServer] --> [ClusterConnection] # [APIServer] -> [Installation] - graph.add_edge(Edge('apiserver', 'clusterconnection', label='TSEE', style='dashed')) + graph.add_edge(Edge('apiserver', 'clusterconnection', label='Enterprise', style='dashed')) graph.add_edge(Edge('apiserver', 'installation')) # [ApplicationLayer] -> [Installation] graph.add_edge(Edge('applicationlayer', 'installation')) diff --git a/pkg/controller/apiserver/apiserver_controller.go b/pkg/controller/apiserver/apiserver_controller.go index 6177e6ed55..21c41353a7 100644 --- a/pkg/controller/apiserver/apiserver_controller.go +++ b/pkg/controller/apiserver/apiserver_controller.go @@ -104,7 +104,7 @@ func Add(mgr manager.Manager, opts options.ControllerOptions) error { if opts.EnterpriseCRDExists { // Watch for changes to ApplicationLayer - err = c.WatchObject(&operatorv1.ApplicationLayer{ObjectMeta: metav1.ObjectMeta{Name: utils.DefaultTSEEInstanceKey.Name}}, &handler.EnqueueRequestForObject{}) + err = c.WatchObject(&operatorv1.ApplicationLayer{ObjectMeta: metav1.ObjectMeta{Name: utils.DefaultEnterpriseInstanceKey.Name}}, &handler.EnqueueRequestForObject{}) if err != nil { return fmt.Errorf("apiserver-controller failed to watch ApplicationLayer resource: %v", err) } @@ -337,7 +337,7 @@ func (r *ReconcileAPIServer) Reconcile(ctx context.Context, request reconcile.Re var keyValidatorConfig authentication.KeyValidatorConfig includeV3NetworkPolicy := false - if installationSpec.Variant == operatorv1.TigeraSecureEnterprise { + if installationSpec.Variant.IsEnterprise() { trustedBundle, err = certificateManager.CreateNamedTrustedBundleFromSecrets(render.APIServerResourceName, r.client, common.OperatorNamespace(), false) if err != nil { diff --git a/pkg/controller/apiserver/apiserver_controller_test.go b/pkg/controller/apiserver/apiserver_controller_test.go index 4dedfef3e7..515186b6d7 100644 --- a/pkg/controller/apiserver/apiserver_controller_test.go +++ b/pkg/controller/apiserver/apiserver_controller_test.go @@ -93,12 +93,12 @@ var _ = Describe("apiserver controller tests", func() { Generation: 2, }, Status: operatorv1.InstallationStatus{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Computed: &operatorv1.InstallationSpec{}, }, Spec: operatorv1.InstallationSpec{ ControlPlaneReplicas: &replicas, - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Registry: "some.registry.org/", }, } @@ -468,7 +468,7 @@ var _ = Describe("apiserver controller tests", func() { It("should create the cert secrets in the correct namespace when migrating from calico to enterprise", func() { Expect(netv1.SchemeBuilder.AddToScheme(scheme)).ShouldNot(HaveOccurred()) - installation.Spec.Variant = operatorv1.TigeraSecureEnterprise + installation.Spec.Variant = operatorv1.CalicoEnterprise installation.Status.Variant = operatorv1.Calico Expect(cli.Create(ctx, installation)).To(BeNil()) Expect(cli.Delete(ctx, &v3.Tier{ObjectMeta: metav1.ObjectMeta{Name: "calico-system"}})).NotTo(HaveOccurred()) diff --git a/pkg/controller/applicationlayer/applicationlayer_controller.go b/pkg/controller/applicationlayer/applicationlayer_controller.go index 11971423b1..50367139c0 100644 --- a/pkg/controller/applicationlayer/applicationlayer_controller.go +++ b/pkg/controller/applicationlayer/applicationlayer_controller.go @@ -229,8 +229,8 @@ func (r *ReconcileApplicationLayer) Reconcile(ctx context.Context, request recon return reconcile.Result{}, err } - if variant != operatorv1.TigeraSecureEnterprise { - r.status.SetDegraded(operatorv1.ResourceNotReady, fmt.Sprintf("Waiting for network to be %s", operatorv1.TigeraSecureEnterprise), nil, reqLogger) + if !variant.IsEnterprise() { + r.status.SetDegraded(operatorv1.ResourceNotReady, "Waiting for network to be an enterprise variant", nil, reqLogger) return reconcile.Result{}, nil } @@ -447,7 +447,7 @@ func (r *ReconcileApplicationLayer) getWAFRulesetConfig(ctx context.Context) (*c // getApplicationLayer returns the default ApplicationLayer instance. func getApplicationLayer(ctx context.Context, cli client.Client) (*operatorv1.ApplicationLayer, error) { instance := &operatorv1.ApplicationLayer{} - err := cli.Get(ctx, utils.DefaultTSEEInstanceKey, instance) + err := cli.Get(ctx, utils.DefaultEnterpriseInstanceKey, instance) if err != nil { return nil, err } diff --git a/pkg/controller/applicationlayer/applicationlayer_controller_test.go b/pkg/controller/applicationlayer/applicationlayer_controller_test.go index a31c09692e..36d7ca5d90 100644 --- a/pkg/controller/applicationlayer/applicationlayer_controller_test.go +++ b/pkg/controller/applicationlayer/applicationlayer_controller_test.go @@ -69,11 +69,11 @@ var _ = Describe("Application layer controller tests", func() { installation = &operatorv1.Installation{ ObjectMeta: metav1.ObjectMeta{Name: "default"}, Spec: operatorv1.InstallationSpec{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Registry: "some.registry.org/", }, Status: operatorv1.InstallationStatus{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Computed: &operatorv1.InstallationSpec{ Registry: "my-reg", // The test is provider agnostic. diff --git a/pkg/controller/authentication/authentication_controller.go b/pkg/controller/authentication/authentication_controller.go index 670191cd73..ff5ad346ab 100644 --- a/pkg/controller/authentication/authentication_controller.go +++ b/pkg/controller/authentication/authentication_controller.go @@ -239,8 +239,8 @@ func (r *ReconcileAuthentication) Reconcile(ctx context.Context, request reconci r.status.SetDegraded(oprv1.ResourceReadError, "Error querying installation", err, reqLogger) return reconcile.Result{}, err } - if variant != oprv1.TigeraSecureEnterprise { - r.status.SetDegraded(oprv1.ResourceNotReady, fmt.Sprintf("Waiting for network to be %s", oprv1.TigeraSecureEnterprise), nil, reqLogger) + if !variant.IsEnterprise() { + r.status.SetDegraded(oprv1.ResourceNotReady, "Waiting for network to be an enterprise variant", nil, reqLogger) return reconcile.Result{}, nil } diff --git a/pkg/controller/authentication/authentication_controller_test.go b/pkg/controller/authentication/authentication_controller_test.go index 63352a4881..77bd826cb0 100644 --- a/pkg/controller/authentication/authentication_controller_test.go +++ b/pkg/controller/authentication/authentication_controller_test.go @@ -103,12 +103,12 @@ var _ = Describe("authentication controller tests", func() { Name: "default", }, Status: operatorv1.InstallationStatus{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Computed: &operatorv1.InstallationSpec{}, }, Spec: operatorv1.InstallationSpec{ ControlPlaneReplicas: &replicas, - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Registry: "some.registry.org/", }, } diff --git a/pkg/controller/certificatemanager/certificatemanager.go b/pkg/controller/certificatemanager/certificatemanager.go index 6ee2fa7056..eee33ee667 100644 --- a/pkg/controller/certificatemanager/certificatemanager.go +++ b/pkg/controller/certificatemanager/certificatemanager.go @@ -181,7 +181,7 @@ func Create(cli client.Client, installation *operatorv1.InstallationSpec, cluste return nil, err } // We instantiate csrImage regardless of whether certificate management is enabled; it may still be used. - if installation.Variant == operatorv1.TigeraSecureEnterprise { + if installation.Variant.IsEnterprise() { csrImage, err = components.GetReference( components.ComponentTigeraCSRInitContainer, installation.Registry, diff --git a/pkg/controller/clusterconnection/clusterconnection_controller.go b/pkg/controller/clusterconnection/clusterconnection_controller.go index caedb2cf99..2ab56aa7ad 100644 --- a/pkg/controller/clusterconnection/clusterconnection_controller.go +++ b/pkg/controller/clusterconnection/clusterconnection_controller.go @@ -245,7 +245,7 @@ func (r *ReconcileConnection) Reconcile(ctx context.Context, request reconcile.R } // Verify the cluster doesn't also have the ManagementCluster CRD installed. - if variant == operatorv1.TigeraSecureEnterprise { + if variant.IsEnterprise() { managementCluster, err := utils.GetManagementCluster(ctx, r.cli) if err != nil { r.status.SetDegraded(operatorv1.ResourceReadError, "Error reading ManagementCluster", err, reqLogger) @@ -306,7 +306,7 @@ func (r *ReconcileConnection) Reconcile(ctx context.Context, request reconcile.R } var guardianKeyPair certificatemanagement.KeyPairInterface - if variant != operatorv1.TigeraSecureEnterprise { + if !variant.IsEnterprise() { guardianCertificateNames := dns.GetServiceDNSNames("guardian", render.GuardianNamespace, r.clusterDomain) guardianCertificateNames = append(guardianCertificateNames, "localhost", "127.0.0.1") guardianKeyPair, err = certificateManager.GetOrCreateKeyPair(r.cli, render.GuardianKeyPairSecret, whisker.WhiskerNamespace, guardianCertificateNames) @@ -409,7 +409,7 @@ func (r *ReconcileConnection) Reconcile(ctx context.Context, request reconcile.R r.status.SetDegraded(operatorv1.ResourceReadError, "Error querying clusterInformation", err, reqLogger) return reconcile.Result{}, err } - if variant == operatorv1.TigeraSecureEnterprise { + if variant.IsEnterprise() { managedClusterVersion = clusterInformation.Spec.CNXVersion } else { managedClusterVersion = clusterInformation.Spec.CalicoVersion @@ -422,7 +422,7 @@ func (r *ReconcileConnection) Reconcile(ctx context.Context, request reconcile.R } var includeEgressNetworkPolicy bool - if variant == operatorv1.TigeraSecureEnterprise { + if variant.IsEnterprise() { // Ensure the license can support enterprise policy, before rendering any network policies within it. if license, err := utils.FetchLicenseKey(ctx, r.cli); err == nil { if utils.IsFeatureActive(license, common.EgressAccessControlFeature) { @@ -522,7 +522,7 @@ func fillDefaults(cr *operatorv1.ManagementClusterConnection, variant operatorv1 if cr.Spec.TLS.CA == "" { cr.Spec.TLS.CA = operatorv1.CATypeTigera } - if variant == operatorv1.TigeraSecureEnterprise && cr.Spec.Impersonation == nil { + if variant.IsEnterprise() && cr.Spec.Impersonation == nil { cr.Spec.Impersonation = &operatorv1.Impersonation{ Users: []string{}, Groups: []string{}, diff --git a/pkg/controller/clusterconnection/clusterconnection_controller_test.go b/pkg/controller/clusterconnection/clusterconnection_controller_test.go index 98d3b3b875..da01bfc5cb 100644 --- a/pkg/controller/clusterconnection/clusterconnection_controller_test.go +++ b/pkg/controller/clusterconnection/clusterconnection_controller_test.go @@ -151,12 +151,12 @@ var _ = Describe("ManagementClusterConnection controller tests", func() { installation = &operatorv1.Installation{ Spec: operatorv1.InstallationSpec{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Registry: "some.registry.org/", }, ObjectMeta: metav1.ObjectMeta{Name: "default"}, Status: operatorv1.InstallationStatus{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Computed: &operatorv1.InstallationSpec{ Registry: "my-reg", KubernetesProvider: operatorv1.ProviderNone, diff --git a/pkg/controller/compliance/compliance_controller_test.go b/pkg/controller/compliance/compliance_controller_test.go index 090e6bdd9f..6f1f89d3d2 100644 --- a/pkg/controller/compliance/compliance_controller_test.go +++ b/pkg/controller/compliance/compliance_controller_test.go @@ -109,14 +109,14 @@ var _ = Describe("Compliance controller tests", func() { installation = &operatorv1.Installation{ ObjectMeta: metav1.ObjectMeta{Name: "default"}, Spec: operatorv1.InstallationSpec{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Registry: "some.registry.org/", ImagePullSecrets: []corev1.LocalObjectReference{{ Name: "tigera-pull-secret", }}, }, Status: operatorv1.InstallationStatus{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Computed: &operatorv1.InstallationSpec{ Registry: "my-reg", // The test is provider agnostic. @@ -320,7 +320,7 @@ var _ = Describe("Compliance controller tests", func() { Expect(c.Create( ctx, &operatorv1.ManagementClusterConnection{ - ObjectMeta: metav1.ObjectMeta{Name: utils.DefaultTSEEInstanceKey.Name}, + ObjectMeta: metav1.ObjectMeta{Name: utils.DefaultEnterpriseInstanceKey.Name}, })).NotTo(HaveOccurred()) By("reconciling after the cluster type changes") diff --git a/pkg/controller/csr/csr_controller.go b/pkg/controller/csr/csr_controller.go index 210fdf3ec7..32618b5139 100644 --- a/pkg/controller/csr/csr_controller.go +++ b/pkg/controller/csr/csr_controller.go @@ -196,7 +196,7 @@ func (r *reconcileCSR) Reconcile(ctx context.Context, request reconcile.Request) needsCSRRole := instance.Spec.CertificateManagement != nil if !needsCSRRole && r.enterpriseCRDExists { monitorCR := &operatorv1.Monitor{} - if err := r.client.Get(ctx, utils.DefaultTSEEInstanceKey, monitorCR); err != nil { + if err := r.client.Get(ctx, utils.DefaultEnterpriseInstanceKey, monitorCR); err != nil { if apierrors.IsNotFound(err) { return reconcile.Result{}, nil } diff --git a/pkg/controller/csr/csr_controller_test.go b/pkg/controller/csr/csr_controller_test.go index ea4b842cd5..900131d353 100644 --- a/pkg/controller/csr/csr_controller_test.go +++ b/pkg/controller/csr/csr_controller_test.go @@ -83,7 +83,7 @@ var _ = Describe("CSR controller tests", func() { installation = &operatorv1.Installation{ ObjectMeta: metav1.ObjectMeta{Name: "default"}, Spec: operatorv1.InstallationSpec{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Registry: "some.registry.org/", }, } diff --git a/pkg/controller/egressgateway/egressgateway_controller.go b/pkg/controller/egressgateway/egressgateway_controller.go index 2195c086c6..1b88ba2e89 100644 --- a/pkg/controller/egressgateway/egressgateway_controller.go +++ b/pkg/controller/egressgateway/egressgateway_controller.go @@ -260,8 +260,8 @@ func (r *ReconcileEgressGateway) Reconcile(ctx context.Context, request reconcil return reconcile.Result{}, err } - if variant != operatorv1.TigeraSecureEnterprise { - degradedMsg := fmt.Sprintf("Waiting for network to be %s", operatorv1.TigeraSecureEnterprise) + if !variant.IsEnterprise() { + degradedMsg := "Waiting for network to be an enterprise variant" reqLogger.Error(err, degradedMsg) r.status.SetDegraded(operatorv1.ResourceNotReady, degradedMsg, nil, reqLogger) for _, egw := range egwsToReconcile { diff --git a/pkg/controller/egressgateway/egressgateway_controller_test.go b/pkg/controller/egressgateway/egressgateway_controller_test.go index 90b910ab2f..cd153e8e27 100644 --- a/pkg/controller/egressgateway/egressgateway_controller_test.go +++ b/pkg/controller/egressgateway/egressgateway_controller_test.go @@ -74,12 +74,12 @@ var _ = Describe("Egress Gateway controller tests", func() { installation = &operatorv1.Installation{ ObjectMeta: metav1.ObjectMeta{Name: "default"}, Spec: operatorv1.InstallationSpec{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, KubernetesProvider: operatorv1.ProviderNone, Registry: "some.registry.org/", }, Status: operatorv1.InstallationStatus{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Computed: &operatorv1.InstallationSpec{ Registry: "my-reg", }, diff --git a/pkg/controller/gatewayapi/gatewayapi_controller.go b/pkg/controller/gatewayapi/gatewayapi_controller.go index 7c5e7d0d65..d820b22765 100644 --- a/pkg/controller/gatewayapi/gatewayapi_controller.go +++ b/pkg/controller/gatewayapi/gatewayapi_controller.go @@ -440,13 +440,13 @@ func GetGatewayAPI(ctx context.Context, client client.Client) (*operatorv1.Gatew } // Default resource doesn't exist. Check for the legacy (enterprise only) CR. - err = client.Get(ctx, utils.DefaultTSEEInstanceKey, resource) + err = client.Get(ctx, utils.DefaultEnterpriseInstanceKey, resource) if err != nil { return nil, "failed to get GatewayAPI 'tigera-secure'", err } } else { // Assert there is no legacy "tigera-secure" resource present. - err = client.Get(ctx, utils.DefaultTSEEInstanceKey, resource) + err = client.Get(ctx, utils.DefaultEnterpriseInstanceKey, resource) if err == nil { return nil, "Duplicate configuration detected", diff --git a/pkg/controller/gatewayapi/gatewayapi_controller_test.go b/pkg/controller/gatewayapi/gatewayapi_controller_test.go index 91f79e0ad4..f7a70a0fbe 100644 --- a/pkg/controller/gatewayapi/gatewayapi_controller_test.go +++ b/pkg/controller/gatewayapi/gatewayapi_controller_test.go @@ -70,11 +70,11 @@ var _ = Describe("Gateway API controller tests", func() { installation = &operatorv1.Installation{ ObjectMeta: metav1.ObjectMeta{Name: "default"}, Spec: operatorv1.InstallationSpec{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Registry: "some.registry.org/", }, Status: operatorv1.InstallationStatus{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Computed: &operatorv1.InstallationSpec{ Registry: "my-reg", // The test is provider agnostic. @@ -155,7 +155,7 @@ var _ = Describe("Gateway API controller tests", func() { if gwapi.Spec.CRDManagement == nil { By("checking that CRDManagement field has been updated to PreferExisting") - Expect(c.Get(ctx, utils.DefaultTSEEInstanceKey, gwapi)).NotTo(HaveOccurred()) + Expect(c.Get(ctx, utils.DefaultEnterpriseInstanceKey, gwapi)).NotTo(HaveOccurred()) Expect(gwapi.Spec.CRDManagement).NotTo(BeNil()) Expect(*gwapi.Spec.CRDManagement).To(Equal(operatorv1.CRDManagementPreferExisting)) } @@ -611,7 +611,7 @@ var _ = Describe("Gateway API controller tests", func() { Expect(err).NotTo(HaveOccurred()) By("re-reading the GatewayAPI") - err = c.Get(ctx, utils.DefaultTSEEInstanceKey, gwapi) + err = c.Get(ctx, utils.DefaultEnterpriseInstanceKey, gwapi) Expect(err).NotTo(HaveOccurred()) By("checking default GatewayClasses") diff --git a/pkg/controller/goldmane/controller.go b/pkg/controller/goldmane/controller.go index d3f3cb54a4..8d3e15366c 100644 --- a/pkg/controller/goldmane/controller.go +++ b/pkg/controller/goldmane/controller.go @@ -175,7 +175,7 @@ func (r *Reconciler) Reconcile(ctx context.Context, request reconcile.Request) ( return reconcile.Result{}, nil } - mgmtClusterConnectionCR, err := utils.GetIfExists[operatorv1.ManagementClusterConnection](ctx, utils.DefaultTSEEInstanceKey, r.cli) + mgmtClusterConnectionCR, err := utils.GetIfExists[operatorv1.ManagementClusterConnection](ctx, utils.DefaultEnterpriseInstanceKey, r.cli) if err != nil { r.status.SetDegraded(operatorv1.ResourceReadError, "Error querying ManagementClusterConnection CR", err, reqLogger) return reconcile.Result{}, err diff --git a/pkg/controller/installation/core_controller.go b/pkg/controller/installation/core_controller.go index 1b4be57d5d..f2b45c8db2 100644 --- a/pkg/controller/installation/core_controller.go +++ b/pkg/controller/installation/core_controller.go @@ -255,7 +255,7 @@ func Add(mgr manager.Manager, opts options.ControllerOptions) error { } if opts.ManageCRDs { - if err = addCRDWatches(c, operatorv1.TigeraSecureEnterprise, opts.UseV3CRDs); err != nil { + if err = addCRDWatches(c, operatorv1.CalicoEnterprise, opts.UseV3CRDs); err != nil { return fmt.Errorf("tigera-installation-controller failed to watch CRD resource: %v", err) } } @@ -996,10 +996,10 @@ func (r *ReconcileInstallation) Reconcile(ctx context.Context, request reconcile } } - // The operator supports running in a "Calico only" mode so that it doesn't need to run TSEE specific controllers. - // If we are switching from this mode to one that enables TSEE, we need to restart the operator to enable the other controllers. - if !r.enterpriseCRDsExist && instance.Spec.Variant == operatorv1.TigeraSecureEnterprise { - // Perform an API discovery to determine if the necessary APIs exist. If they do, we can reboot into TSEE mode. + // The operator supports running in a "Calico only" mode so that it doesn't need to run enterprise-specific controllers. + // If we are switching from this mode to one that enables enterprise, we need to restart the operator to enable the other controllers. + if !r.enterpriseCRDsExist && instance.Spec.Variant.IsEnterprise() { + // Perform an API discovery to determine if the necessary APIs exist. If they do, we can reboot into enterprise mode. // if they do not, we need to notify the user that the requested configuration is invalid. b, err := utils.RequiresTigeraSecure(r.clientset) if b { @@ -1086,7 +1086,7 @@ func (r *ReconcileInstallation) Reconcile(ctx context.Context, request reconcile return reconcile.Result{}, err } - if instance.Spec.Variant == operatorv1.TigeraSecureEnterprise { + if instance.Spec.Variant.IsEnterprise() { managerInternalTLSSecret, err := certificateManager.GetCertificate(r.client, render.ManagerInternalTLSSecretName, common.OperatorNamespace()) if err != nil { r.status.SetDegraded(operatorv1.ResourceReadError, fmt.Sprintf("Error fetching TLS secret %s in namespace %s", render.ManagerInternalTLSSecretName, common.OperatorNamespace()), err, reqLogger) @@ -1208,7 +1208,7 @@ func (r *ReconcileInstallation) Reconcile(ctx context.Context, request reconcile felixPrometheusMetricsPort := defaultFelixMetricsDefaultPort - if instance.Spec.Variant == operatorv1.TigeraSecureEnterprise { + if instance.Spec.Variant.IsEnterprise() { // Determine the port to use for nodeReporter metrics. if felixConfiguration.Spec.PrometheusReporterPort != nil { @@ -1265,7 +1265,7 @@ func (r *ReconcileInstallation) Reconcile(ctx context.Context, request reconcile // Secure calico kube controller metrics. var kubeControllerTLS certificatemanagement.KeyPairInterface - if instance.Spec.Variant == operatorv1.TigeraSecureEnterprise { + if instance.Spec.Variant.IsEnterprise() { // Create or Get TLS certificates for kube controller. kubeControllerTLS, err = certificateManager.GetOrCreateKeyPair( r.client, @@ -1367,7 +1367,7 @@ func (r *ReconcileInstallation) Reconcile(ctx context.Context, request reconcile // Check if non-cluster host feature is enabled. var nonclusterhost *operatorv1.NonClusterHost - if instance.Spec.Variant == operatorv1.TigeraSecureEnterprise { + if instance.Spec.Variant.IsEnterprise() { nonclusterhost, err = utils.GetNonClusterHost(ctx, r.client) if err != nil { r.status.SetDegraded(operatorv1.ResourceReadError, "Failed to query NonClusterHost resource", err, reqLogger) @@ -1987,7 +1987,7 @@ func (r *ReconcileInstallation) setDefaultsOnFelixConfiguration(ctx context.Cont } } - if install.Spec.Variant == operatorv1.TigeraSecureEnterprise { + if install.Spec.Variant.IsEnterprise() { // Some platforms need a different default setting for dnsTrustedServers, because their DNS service is not named "kube-dns". dnsService := "" switch install.Spec.KubernetesProvider { diff --git a/pkg/controller/installation/core_controller_test.go b/pkg/controller/installation/core_controller_test.go index 9d77762fc4..c1725ec8de 100644 --- a/pkg/controller/installation/core_controller_test.go +++ b/pkg/controller/installation/core_controller_test.go @@ -217,12 +217,12 @@ var _ = Describe("Testing core-controller installation", func() { &operator.Installation{ ObjectMeta: metav1.ObjectMeta{Name: "default"}, Spec: operator.InstallationSpec{ - Variant: operator.TigeraSecureEnterprise, + Variant: operator.CalicoEnterprise, Registry: "some.registry.org/", CertificateManagement: &operator.CertificateManagement{CACert: prometheusTLS.GetCertificatePEM()}, }, Status: operator.InstallationStatus{ - Variant: operator.TigeraSecureEnterprise, + Variant: operator.CalicoEnterprise, Computed: &operator.InstallationSpec{ Registry: "my-reg", // The test is provider agnostic. @@ -825,11 +825,11 @@ var _ = Describe("Testing core-controller installation", func() { cr = &operator.Installation{ ObjectMeta: metav1.ObjectMeta{Name: "default"}, Spec: operator.InstallationSpec{ - Variant: operator.TigeraSecureEnterprise, + Variant: operator.CalicoEnterprise, Registry: "some.registry.org/", }, Status: operator.InstallationStatus{ - Variant: operator.TigeraSecureEnterprise, + Variant: operator.CalicoEnterprise, Computed: &operator.InstallationSpec{ Registry: "my-reg", // The test is provider agnostic. @@ -855,7 +855,7 @@ var _ = Describe("Testing core-controller installation", func() { Expect(c.Create(ctx, &pool)).NotTo(HaveOccurred()) // Configure ourselves as a management cluster. - Expect(c.Create(ctx, &operator.ManagementCluster{ObjectMeta: metav1.ObjectMeta{Name: utils.DefaultTSEEInstanceKey.Name}})).NotTo(HaveOccurred()) + Expect(c.Create(ctx, &operator.ManagementCluster{ObjectMeta: metav1.ObjectMeta{Name: utils.DefaultEnterpriseInstanceKey.Name}})).NotTo(HaveOccurred()) expectedDNSNames = dns.GetServiceDNSNames(render.ManagerServiceName, render.ManagerNamespace, dns.DefaultClusterDomain) expectedDNSNames = append(expectedDNSNames, "localhost") @@ -1065,7 +1065,7 @@ var _ = Describe("Testing core-controller installation", func() { cr = &operator.Installation{ ObjectMeta: metav1.ObjectMeta{Name: "default"}, Spec: operator.InstallationSpec{ - Variant: operator.TigeraSecureEnterprise, + Variant: operator.CalicoEnterprise, Registry: "some.registry.org/", CertificateManagement: &operator.CertificateManagement{CACert: cert}, ImagePullSecrets: []corev1.LocalObjectReference{{ @@ -2271,7 +2271,7 @@ var _ = Describe("Testing core-controller installation", func() { cr = &operator.Installation{ ObjectMeta: metav1.ObjectMeta{Name: "default"}, Spec: operator.InstallationSpec{ - Variant: operator.TigeraSecureEnterprise, + Variant: operator.CalicoEnterprise, Registry: "some.registry.org/", KubernetesProvider: operator.ProviderEKS, CNI: &operator.CNISpec{ @@ -2282,7 +2282,7 @@ var _ = Describe("Testing core-controller installation", func() { }, }, Status: operator.InstallationStatus{ - Variant: operator.TigeraSecureEnterprise, + Variant: operator.CalicoEnterprise, Computed: &operator.InstallationSpec{ Registry: "my-reg", // The test is provider agnostic. @@ -2422,12 +2422,12 @@ var _ = Describe("Testing core-controller installation", func() { &operator.Installation{ ObjectMeta: metav1.ObjectMeta{Name: "default"}, Spec: operator.InstallationSpec{ - Variant: operator.TigeraSecureEnterprise, + Variant: operator.CalicoEnterprise, Registry: "some.registry.org/", CertificateManagement: &operator.CertificateManagement{CACert: prometheusTLS.GetCertificatePEM()}, }, Status: operator.InstallationStatus{ - Variant: operator.TigeraSecureEnterprise, + Variant: operator.CalicoEnterprise, Computed: &operator.InstallationSpec{ Registry: "my-reg", // The test is provider agnostic. @@ -2757,7 +2757,7 @@ var _ = Describe("updateMutatingAdmissionPolicies", func() { }, } - installation.Spec.Variant = operator.TigeraSecureEnterprise + installation.Spec.Variant = operator.CalicoEnterprise err := r.updateMutatingAdmissionPolicies(ctx, installation, log) Expect(err).NotTo(HaveOccurred()) diff --git a/pkg/controller/installation/defaults_test.go b/pkg/controller/installation/defaults_test.go index 17f5a5e99a..24b9c6a373 100644 --- a/pkg/controller/installation/defaults_test.go +++ b/pkg/controller/installation/defaults_test.go @@ -69,7 +69,7 @@ var _ = Describe("Defaulting logic tests", func() { Expect(*instance.Spec.Logging.CNI.LogFileMaxSize).To(Equal(resource.MustParse("100Mi"))) }) - It("should properly fill defaults on an empty TigeraSecureEnterprise instance", func() { + It("should properly fill defaults on an empty CalicoEnterprise instance", func() { // IP pools are defaulted by the IP pool controller, and passed in as input to the defaulting // performed in the Installation controller. For the purposes of this test, // define them here. @@ -82,12 +82,12 @@ var _ = Describe("Defaulting logic tests", func() { } instance := &operator.Installation{} - instance.Spec.Variant = operator.TigeraSecureEnterprise + instance.Spec.Variant = operator.CalicoEnterprise err := fillDefaults(instance, ¤tPools) Expect(err).NotTo(HaveOccurred()) Expect(validateCustomResource(instance)).NotTo(HaveOccurred()) - Expect(instance.Spec.Variant).To(Equal(operator.TigeraSecureEnterprise)) + Expect(instance.Spec.Variant).To(Equal(operator.CalicoEnterprise)) Expect(instance.Spec.Registry).To(BeEmpty()) Expect(instance.Spec.CalicoNetwork).NotTo(BeNil()) Expect(instance.Spec.CalicoNetwork.LinuxDataplane).ToNot(BeNil()) @@ -218,7 +218,7 @@ var _ = Describe("Defaulting logic tests", func() { hpEnabled := operator.HostPortsEnabled instance := &operator.Installation{ Spec: operator.InstallationSpec{ - Variant: operator.TigeraSecureEnterprise, + Variant: operator.CalicoEnterprise, Registry: "test-reg/", ImagePullSecrets: []v1.LocalObjectReference{ { diff --git a/pkg/controller/installation/validation.go b/pkg/controller/installation/validation.go index f934a94eab..0cc57ec91b 100644 --- a/pkg/controller/installation/validation.go +++ b/pkg/controller/installation/validation.go @@ -408,7 +408,7 @@ func validateCustomResource(instance *operatorv1.Installation) error { } } - if operatorv1.IsFIPSModeEnabled(instance.Spec.FIPSMode) && instance.Spec.Variant == operatorv1.TigeraSecureEnterprise { + if operatorv1.IsFIPSModeEnabled(instance.Spec.FIPSMode) && instance.Spec.Variant.IsEnterprise() { return fmt.Errorf("installation spec.FIPSMode=%v combined with spec.Variant=%s is not supported", *instance.Spec.FIPSMode, instance.Spec.Variant) } diff --git a/pkg/controller/installation/validation_test.go b/pkg/controller/installation/validation_test.go index d6bda1e6c0..741652eb50 100644 --- a/pkg/controller/installation/validation_test.go +++ b/pkg/controller/installation/validation_test.go @@ -184,7 +184,7 @@ var _ = Describe("Installation validation tests", func() { instance.Spec.CNI.Type = operator.PluginCalico err := validateCustomResource(instance) Expect(err).NotTo(HaveOccurred()) - instance.Spec.Variant = operator.TigeraSecureEnterprise + instance.Spec.Variant = operator.CalicoEnterprise err = validateCustomResource(instance) Expect(err).To(HaveOccurred()) }) @@ -344,7 +344,7 @@ var _ = Describe("Installation validation tests", func() { It("should not error if CalicoNetwork is provided on EKS", func() { instance := &operator.Installation{} instance.Spec.CNI = &operator.CNISpec{Type: operator.PluginCalico} - instance.Spec.Variant = operator.TigeraSecureEnterprise + instance.Spec.Variant = operator.CalicoEnterprise instance.Spec.CalicoNetwork = &operator.CalicoNetworkSpec{} instance.Spec.KubernetesProvider = operator.ProviderEKS @@ -1271,8 +1271,8 @@ var _ = Describe("Installation validation tests", func() { Entry("Product: Calico FipsMode: Disabled", operator.Calico, operator.FIPSModeDisabled, false), Entry("Product: Calico FipsMode: Enabled", operator.Calico, operator.FIPSModeEnabled, false), - Entry("Product: TigeraSecureEnterprise FipsMode: Disabled", operator.TigeraSecureEnterprise, operator.FIPSModeDisabled, false), - Entry("Product: TigeraSecureEnterprise FipsMode: Enabled", operator.TigeraSecureEnterprise, operator.FIPSModeEnabled, true), + Entry("Product: CalicoEnterprise FipsMode: Disabled", operator.CalicoEnterprise, operator.FIPSModeDisabled, false), + Entry("Product: CalicoEnterprise FipsMode: Enabled", operator.CalicoEnterprise, operator.FIPSModeEnabled, true), ) }) }) diff --git a/pkg/controller/installation/windows_controller.go b/pkg/controller/installation/windows_controller.go index e673c64f3d..e23bf55db7 100644 --- a/pkg/controller/installation/windows_controller.go +++ b/pkg/controller/installation/windows_controller.go @@ -334,7 +334,7 @@ func (r *ReconcileWindows) Reconcile(ctx context.Context, request reconcile.Requ // a non-default port, and use that value if they are. nodeReporterMetricsPort := defaultNodeReporterPort var nodePrometheusTLS certificatemanagement.KeyPairInterface - if instance.Spec.Variant == operatorv1.TigeraSecureEnterprise { + if instance.Spec.Variant.IsEnterprise() { // Determine the port to use for nodeReporter metrics. if felixConfiguration.Spec.PrometheusReporterPort != nil { diff --git a/pkg/controller/intrusiondetection/intrusiondetection_controller_test.go b/pkg/controller/intrusiondetection/intrusiondetection_controller_test.go index 1da34907cd..4ca5e1cac1 100644 --- a/pkg/controller/intrusiondetection/intrusiondetection_controller_test.go +++ b/pkg/controller/intrusiondetection/intrusiondetection_controller_test.go @@ -120,14 +120,14 @@ var _ = Describe("IntrusionDetection controller tests", func() { &operatorv1.Installation{ ObjectMeta: metav1.ObjectMeta{Name: "default"}, Spec: operatorv1.InstallationSpec{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Registry: "some.registry.org/", ImagePullSecrets: []corev1.LocalObjectReference{{ Name: "tigera-pull-secret", }}, }, Status: operatorv1.InstallationStatus{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Computed: &operatorv1.InstallationSpec{ Registry: "my-reg", // The test is provider agnostic. @@ -530,7 +530,7 @@ var _ = Describe("IntrusionDetection controller tests", func() { }}) Expect(err).ShouldNot(HaveOccurred()) instance := &operatorv1.IntrusionDetection{} - err = r.client.Get(ctx, utils.DefaultTSEEInstanceKey, instance) + err = r.client.Get(ctx, utils.DefaultEnterpriseInstanceKey, instance) Expect(err).ShouldNot(HaveOccurred()) Expect(instance.Status.Conditions).To(HaveLen(1)) @@ -556,7 +556,7 @@ var _ = Describe("IntrusionDetection controller tests", func() { }}) Expect(err).ShouldNot(HaveOccurred()) instance := &operatorv1.IntrusionDetection{} - err = r.client.Get(ctx, utils.DefaultTSEEInstanceKey, instance) + err = r.client.Get(ctx, utils.DefaultEnterpriseInstanceKey, instance) Expect(err).ShouldNot(HaveOccurred()) Expect(instance.Status.Conditions).To(HaveLen(0)) @@ -601,7 +601,7 @@ var _ = Describe("IntrusionDetection controller tests", func() { }}) Expect(err).ShouldNot(HaveOccurred()) instance := &operatorv1.IntrusionDetection{} - err = r.client.Get(ctx, utils.DefaultTSEEInstanceKey, instance) + err = r.client.Get(ctx, utils.DefaultEnterpriseInstanceKey, instance) Expect(err).ShouldNot(HaveOccurred()) Expect(instance.Status.Conditions).To(HaveLen(3)) @@ -663,7 +663,7 @@ var _ = Describe("IntrusionDetection controller tests", func() { }}) Expect(err).ShouldNot(HaveOccurred()) instance := &operatorv1.IntrusionDetection{} - err = r.client.Get(ctx, utils.DefaultTSEEInstanceKey, instance) + err = r.client.Get(ctx, utils.DefaultEnterpriseInstanceKey, instance) Expect(err).ShouldNot(HaveOccurred()) Expect(instance.Status.Conditions).To(HaveLen(3)) diff --git a/pkg/controller/istio/istio_controller_test.go b/pkg/controller/istio/istio_controller_test.go index 4257903806..087aab8eae 100644 --- a/pkg/controller/istio/istio_controller_test.go +++ b/pkg/controller/istio/istio_controller_test.go @@ -742,8 +742,8 @@ var _ = Describe("Istio controller tests", func() { }) It("should create expected Istio resources for Enterprise variant", func() { - installation.Spec.Variant = operatorv1.TigeraSecureEnterprise - installation.Status.Variant = operatorv1.TigeraSecureEnterprise + installation.Spec.Variant = operatorv1.CalicoEnterprise + installation.Status.Variant = operatorv1.CalicoEnterprise Expect(cli.Update(ctx, installation)).NotTo(HaveOccurred()) r := &ReconcileIstio{ @@ -773,8 +773,8 @@ var _ = Describe("Istio controller tests", func() { }) It("should handle ImageSet application for Enterprise variant", func() { - installation.Spec.Variant = operatorv1.TigeraSecureEnterprise - installation.Status.Variant = operatorv1.TigeraSecureEnterprise + installation.Spec.Variant = operatorv1.CalicoEnterprise + installation.Status.Variant = operatorv1.CalicoEnterprise Expect(cli.Update(ctx, installation)).NotTo(HaveOccurred()) // Create ImageSet with all required Istio images for Enterprise diff --git a/pkg/controller/logcollector/logcollector_controller.go b/pkg/controller/logcollector/logcollector_controller.go index 9faca8b37f..da651eea94 100644 --- a/pkg/controller/logcollector/logcollector_controller.go +++ b/pkg/controller/logcollector/logcollector_controller.go @@ -178,7 +178,7 @@ type ReconcileLogCollector struct { func GetLogCollector(ctx context.Context, cli client.Client) (*operatorv1.LogCollector, error) { // Fetch the instance. We only support a single instance named "tigera-secure". instance := &operatorv1.LogCollector{} - err := cli.Get(ctx, utils.DefaultTSEEInstanceKey, instance) + err := cli.Get(ctx, utils.DefaultEnterpriseInstanceKey, instance) if err != nil { return nil, err } diff --git a/pkg/controller/logcollector/logcollector_controller_test.go b/pkg/controller/logcollector/logcollector_controller_test.go index a82c20da43..83911c23d6 100644 --- a/pkg/controller/logcollector/logcollector_controller_test.go +++ b/pkg/controller/logcollector/logcollector_controller_test.go @@ -106,14 +106,14 @@ var _ = Describe("LogCollector controller tests", func() { &operatorv1.Installation{ ObjectMeta: metav1.ObjectMeta{Name: "default"}, Spec: operatorv1.InstallationSpec{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Registry: "some.registry.org/", ImagePullSecrets: []corev1.LocalObjectReference{{ Name: "tigera-pull-secret", }}, }, Status: operatorv1.InstallationStatus{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Computed: &operatorv1.InstallationSpec{ Registry: "my-reg", // The test is provider agnostic. diff --git a/pkg/controller/logstorage/dashboards/dashboards_controller.go b/pkg/controller/logstorage/dashboards/dashboards_controller.go index 84448e4401..3fbbebabbf 100644 --- a/pkg/controller/logstorage/dashboards/dashboards_controller.go +++ b/pkg/controller/logstorage/dashboards/dashboards_controller.go @@ -240,7 +240,7 @@ func (d DashboardsSubController) Reconcile(ctx context.Context, request reconcil // Get LogStorage resource. logStorage := &operatorv1.LogStorage{} - key := utils.DefaultTSEEInstanceKey + key := utils.DefaultEnterpriseInstanceKey err = d.client.Get(ctx, key, logStorage) if err != nil { if errors.IsNotFound(err) { diff --git a/pkg/controller/logstorage/dashboards/dashboards_controller_test.go b/pkg/controller/logstorage/dashboards/dashboards_controller_test.go index 8513655f33..88840fccd7 100644 --- a/pkg/controller/logstorage/dashboards/dashboards_controller_test.go +++ b/pkg/controller/logstorage/dashboards/dashboards_controller_test.go @@ -118,12 +118,12 @@ var _ = Describe("LogStorage Dashboards controller", func() { Name: "default", }, Status: operatorv1.InstallationStatus{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Computed: &operatorv1.InstallationSpec{}, }, Spec: operatorv1.InstallationSpec{ ControlPlaneReplicas: &replicas, - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Registry: "some.registry.org/", }, } diff --git a/pkg/controller/logstorage/elastic/elastic_controller.go b/pkg/controller/logstorage/elastic/elastic_controller.go index 11f6ec4b6a..c272530a20 100644 --- a/pkg/controller/logstorage/elastic/elastic_controller.go +++ b/pkg/controller/logstorage/elastic/elastic_controller.go @@ -252,7 +252,7 @@ func (r *ElasticSubController) Reconcile(ctx context.Context, request reconcile. // Get LogStorage resource. ls := &operatorv1.LogStorage{} - key := utils.DefaultTSEEInstanceKey + key := utils.DefaultEnterpriseInstanceKey err := r.client.Get(ctx, key, ls) if err != nil { if !errors.IsNotFound(err) { @@ -290,8 +290,8 @@ func (r *ElasticSubController) Reconcile(ctx context.Context, request reconcile. r.status.SetDegraded(operatorv1.ResourceReadError, "An error occurred while querying Installation", err, reqLogger) return reconcile.Result{}, err } - if variant != operatorv1.TigeraSecureEnterprise { - r.status.SetDegraded(operatorv1.ResourceNotReady, fmt.Sprintf("Waiting for network to be %s", operatorv1.TigeraSecureEnterprise), nil, reqLogger) + if !variant.IsEnterprise() { + r.status.SetDegraded(operatorv1.ResourceNotReady, "Waiting for network to be an enterprise variant", nil, reqLogger) return reconcile.Result{}, nil } diff --git a/pkg/controller/logstorage/elastic/elastic_controller_test.go b/pkg/controller/logstorage/elastic/elastic_controller_test.go index f900447a19..9432110345 100644 --- a/pkg/controller/logstorage/elastic/elastic_controller_test.go +++ b/pkg/controller/logstorage/elastic/elastic_controller_test.go @@ -172,12 +172,12 @@ var _ = Describe("LogStorage controller", func() { Name: "default", }, Status: operatorv1.InstallationStatus{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Computed: &operatorv1.InstallationSpec{}, }, Spec: operatorv1.InstallationSpec{ ControlPlaneReplicas: &replicas, - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, }, } Expect(cli.Create(ctx, install)).ShouldNot(HaveOccurred()) @@ -194,7 +194,7 @@ var _ = Describe("LogStorage controller", func() { Expect(cli.Create( ctx, &operatorv1.ManagementClusterConnection{ - ObjectMeta: metav1.ObjectMeta{Name: utils.DefaultTSEEInstanceKey.Name}, + ObjectMeta: metav1.ObjectMeta{Name: utils.DefaultEnterpriseInstanceKey.Name}, })).NotTo(HaveOccurred()) mockStatus = &status.MockStatus{} @@ -241,7 +241,7 @@ var _ = Describe("LogStorage controller", func() { Expect(err).ShouldNot(HaveOccurred()) ls := &operatorv1.LogStorage{} - Expect(cli.Get(ctx, utils.DefaultTSEEInstanceKey, ls)).ShouldNot(HaveOccurred()) + Expect(cli.Get(ctx, utils.DefaultEnterpriseInstanceKey, ls)).ShouldNot(HaveOccurred()) now := metav1.Now() ls.DeletionTimestamp = &now @@ -261,7 +261,7 @@ var _ = Describe("LogStorage controller", func() { // The LogStorage CR should still contain the finalizer, as we wait for ES and KB to finish deleting By("waiting for the Elasticsearch and Kibana resources to be deleted") ls = &operatorv1.LogStorage{} - Expect(cli.Get(ctx, utils.DefaultTSEEInstanceKey, ls)).ShouldNot(HaveOccurred()) + Expect(cli.Get(ctx, utils.DefaultEnterpriseInstanceKey, ls)).ShouldNot(HaveOccurred()) Expect(ls.Finalizers).Should(ContainElement("tigera.io/eck-cleanup")) result, err = r.Reconcile(ctx, reconcile.Request{}) @@ -270,7 +270,7 @@ var _ = Describe("LogStorage controller", func() { By("expecting logstorage to have been deleted after the finalizer was removed") ls = &operatorv1.LogStorage{} - Expect(cli.Get(ctx, utils.DefaultTSEEInstanceKey, ls)).Should(HaveOccurred()) + Expect(cli.Get(ctx, utils.DefaultEnterpriseInstanceKey, ls)).Should(HaveOccurred()) mockStatus.AssertExpectations(GinkgoT()) }) @@ -290,12 +290,12 @@ var _ = Describe("LogStorage controller", func() { Name: "default", }, Status: operatorv1.InstallationStatus{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Computed: &operatorv1.InstallationSpec{}, }, Spec: operatorv1.InstallationSpec{ ControlPlaneReplicas: &replicas, - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Registry: "some.registry.org/", }, } @@ -313,7 +313,7 @@ var _ = Describe("LogStorage controller", func() { Expect(cli.Create( ctx, &operatorv1.ManagementCluster{ - ObjectMeta: metav1.ObjectMeta{Name: utils.DefaultTSEEInstanceKey.Name}, + ObjectMeta: metav1.ObjectMeta{Name: utils.DefaultEnterpriseInstanceKey.Name}, })).NotTo(HaveOccurred()) mockStatus = &status.MockStatus{} @@ -1183,12 +1183,12 @@ var _ = Describe("LogStorage controller", func() { Name: "default", }, Status: operatorv1.InstallationStatus{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Computed: &operatorv1.InstallationSpec{}, }, Spec: operatorv1.InstallationSpec{ ControlPlaneReplicas: &replicas, - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, }, })).ShouldNot(HaveOccurred()) @@ -1204,7 +1204,7 @@ var _ = Describe("LogStorage controller", func() { Expect(cli.Create( ctx, &operatorv1.ManagementCluster{ - ObjectMeta: metav1.ObjectMeta{Name: utils.DefaultTSEEInstanceKey.Name}, + ObjectMeta: metav1.ObjectMeta{Name: utils.DefaultEnterpriseInstanceKey.Name}, })).NotTo(HaveOccurred()) setUpLogStorageComponents(cli, ctx, "", certificateManager) @@ -1257,14 +1257,14 @@ var _ = Describe("LogStorage controller", func() { By("setting the DeletionTimestamp on the LogStorage CR") ls := &operatorv1.LogStorage{} - Expect(cli.Get(ctx, utils.DefaultTSEEInstanceKey, ls)).ShouldNot(HaveOccurred()) + Expect(cli.Get(ctx, utils.DefaultEnterpriseInstanceKey, ls)).ShouldNot(HaveOccurred()) Expect(cli.Delete(ctx, ls)).ShouldNot(HaveOccurred()) // We don't expect LogStorage to be removed since it has the finalizer (and it seems like the fake client // actually respects the finalizers). ls = &operatorv1.LogStorage{} - Expect(cli.Get(ctx, utils.DefaultTSEEInstanceKey, ls)).ShouldNot(HaveOccurred()) + Expect(cli.Get(ctx, utils.DefaultEnterpriseInstanceKey, ls)).ShouldNot(HaveOccurred()) Expect(ls.Spec.StorageClassName).To(Equal(initializer.DefaultElasticsearchStorageClass)) @@ -1281,7 +1281,7 @@ var _ = Describe("LogStorage controller", func() { // The LogStorage CR should still contain the finalizer, as we wait for ES and KB to finish deleting By("checking LogStorage finalizer") ls = &operatorv1.LogStorage{} - Expect(cli.Get(ctx, utils.DefaultTSEEInstanceKey, ls)).ShouldNot(HaveOccurred()) + Expect(cli.Get(ctx, utils.DefaultEnterpriseInstanceKey, ls)).ShouldNot(HaveOccurred()) Expect(ls.Finalizers).Should(ContainElement("tigera.io/eck-cleanup")) // One more reconcile should remove the finalizer and thus trigger deletion of the CR. @@ -1292,7 +1292,7 @@ var _ = Describe("LogStorage controller", func() { By("expecting the LogStorage CR to have been cleaned up") ls = &operatorv1.LogStorage{} - Expect(cli.Get(ctx, utils.DefaultTSEEInstanceKey, ls)).Should(HaveOccurred()) + Expect(cli.Get(ctx, utils.DefaultEnterpriseInstanceKey, ls)).Should(HaveOccurred()) mockStatus.AssertExpectations(GinkgoT()) }) diff --git a/pkg/controller/logstorage/elastic/external_elastic_controller.go b/pkg/controller/logstorage/elastic/external_elastic_controller.go index b721b5875b..fda153db10 100644 --- a/pkg/controller/logstorage/elastic/external_elastic_controller.go +++ b/pkg/controller/logstorage/elastic/external_elastic_controller.go @@ -109,7 +109,7 @@ func (r *ExternalESController) Reconcile(ctx context.Context, request reconcile. reqLogger.Info("Reconciling LogStorage") ls := &operatorv1.LogStorage{} - err := r.client.Get(ctx, utils.DefaultTSEEInstanceKey, ls) + err := r.client.Get(ctx, utils.DefaultEnterpriseInstanceKey, ls) if err != nil { if !errors.IsNotFound(err) { return reconcile.Result{}, err diff --git a/pkg/controller/logstorage/elastic/external_elastic_controller_test.go b/pkg/controller/logstorage/elastic/external_elastic_controller_test.go index d12ff4e87d..0283004863 100644 --- a/pkg/controller/logstorage/elastic/external_elastic_controller_test.go +++ b/pkg/controller/logstorage/elastic/external_elastic_controller_test.go @@ -111,11 +111,11 @@ var _ = Describe("External ES Controller", func() { Name: "default", }, Status: operatorv1.InstallationStatus{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Computed: &operatorv1.InstallationSpec{}, }, Spec: operatorv1.InstallationSpec{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Registry: "some.registry.org/", ImagePullSecrets: []corev1.LocalObjectReference{{ Name: "tigera-pull-secret", @@ -174,7 +174,7 @@ var _ = Describe("External ES Controller", func() { Expect(cli.Create( ctx, &operatorv1.ManagementCluster{ - ObjectMeta: metav1.ObjectMeta{Name: utils.DefaultTSEEInstanceKey.Name}, + ObjectMeta: metav1.ObjectMeta{Name: utils.DefaultEnterpriseInstanceKey.Name}, })).NotTo(HaveOccurred()) Expect(cli.Create(ctx, diff --git a/pkg/controller/logstorage/esmetrics/esmetrics_controller.go b/pkg/controller/logstorage/esmetrics/esmetrics_controller.go index f2b713ac10..a66ded969c 100644 --- a/pkg/controller/logstorage/esmetrics/esmetrics_controller.go +++ b/pkg/controller/logstorage/esmetrics/esmetrics_controller.go @@ -134,7 +134,7 @@ func (r *ESMetricsSubController) Reconcile(ctx context.Context, request reconcil } logStorage := &operatorv1.LogStorage{} - key := utils.DefaultTSEEInstanceKey + key := utils.DefaultEnterpriseInstanceKey err = r.client.Get(ctx, key, logStorage) if err != nil { if errors.IsNotFound(err) { diff --git a/pkg/controller/logstorage/esmetrics/esmetrics_controller_test.go b/pkg/controller/logstorage/esmetrics/esmetrics_controller_test.go index a90291784c..070eacdfe7 100644 --- a/pkg/controller/logstorage/esmetrics/esmetrics_controller_test.go +++ b/pkg/controller/logstorage/esmetrics/esmetrics_controller_test.go @@ -130,11 +130,11 @@ var _ = Describe("LogStorage Linseed controller", func() { Name: "default", }, Status: operatorv1.InstallationStatus{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Computed: &operatorv1.InstallationSpec{}, }, Spec: operatorv1.InstallationSpec{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, }, } Expect(cli.Create(ctx, install)).ShouldNot(HaveOccurred()) @@ -162,7 +162,7 @@ var _ = Describe("LogStorage Linseed controller", func() { It("should terminate early on managed cluster", func() { mgmtClusterConnection := &operatorv1.ManagementClusterConnection{ ObjectMeta: metav1.ObjectMeta{ - Name: utils.DefaultTSEEInstanceKey.Name, + Name: utils.DefaultEnterpriseInstanceKey.Name, }, } diff --git a/pkg/controller/logstorage/initializer/conditions_controller.go b/pkg/controller/logstorage/initializer/conditions_controller.go index e90374ebb2..a546f22eec 100644 --- a/pkg/controller/logstorage/initializer/conditions_controller.go +++ b/pkg/controller/logstorage/initializer/conditions_controller.go @@ -69,7 +69,7 @@ func (r *LogStorageConditions) Reconcile(ctx context.Context, request reconcile. reqLogger.Info("Reconciling LogStorage - Conditions") ls := &operatorv1.LogStorage{} - key := utils.DefaultTSEEInstanceKey + key := utils.DefaultEnterpriseInstanceKey if err := r.client.Get(ctx, key, ls); err != nil { if errors.IsNotFound(err) { return reconcile.Result{}, nil diff --git a/pkg/controller/logstorage/initializer/initializing_controller.go b/pkg/controller/logstorage/initializer/initializing_controller.go index 2c6181f80e..f3cb54ce30 100644 --- a/pkg/controller/logstorage/initializer/initializing_controller.go +++ b/pkg/controller/logstorage/initializer/initializing_controller.go @@ -211,7 +211,7 @@ func (r *LogStorageInitializer) Reconcile(ctx context.Context, request reconcile reqLogger.Info("Reconciling LogStorage") ls := &operatorv1.LogStorage{} - key := utils.DefaultTSEEInstanceKey + key := utils.DefaultEnterpriseInstanceKey err := r.client.Get(ctx, key, ls) if errors.IsNotFound(err) { r.status.OnCRNotFound() @@ -237,7 +237,7 @@ func (r *LogStorageInitializer) Reconcile(ctx context.Context, request reconcile } // Check if there is a management cluster connection. ManagementClusterConnection is a managed cluster only resource. - if err = r.client.Get(ctx, utils.DefaultTSEEInstanceKey, &operatorv1.ManagementClusterConnection{}); err == nil { + if err = r.client.Get(ctx, utils.DefaultEnterpriseInstanceKey, &operatorv1.ManagementClusterConnection{}); err == nil { // LogStorage isn't valid for managed clusters. r.setConditionDegraded(ctx, ls, reqLogger) r.status.SetDegraded(operatorv1.InvalidConfigurationError, "LogStorage is not valid for a managed cluster", nil, reqLogger) diff --git a/pkg/controller/logstorage/initializer/initializing_controller_test.go b/pkg/controller/logstorage/initializer/initializing_controller_test.go index e32ef6caaf..4f60ec70ba 100644 --- a/pkg/controller/logstorage/initializer/initializing_controller_test.go +++ b/pkg/controller/logstorage/initializer/initializing_controller_test.go @@ -106,12 +106,12 @@ var _ = Describe("LogStorage Initializing controller", func() { Name: "default", }, Status: operatorv1.InstallationStatus{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Computed: &operatorv1.InstallationSpec{}, }, Spec: operatorv1.InstallationSpec{ ControlPlaneReplicas: &replicas, - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, ImagePullSecrets: []corev1.LocalObjectReference{{ Name: "tigera-pull-secret", }}, diff --git a/pkg/controller/logstorage/kubecontrollers/es_kube_controllers.go b/pkg/controller/logstorage/kubecontrollers/es_kube_controllers.go index 0a53f1f494..8f027ac52e 100644 --- a/pkg/controller/logstorage/kubecontrollers/es_kube_controllers.go +++ b/pkg/controller/logstorage/kubecontrollers/es_kube_controllers.go @@ -181,7 +181,7 @@ func (r *ESKubeControllersController) Reconcile(ctx context.Context, request rec // Get LogStorage resource. logStorage := &operatorv1.LogStorage{} - key := utils.DefaultTSEEInstanceKey + key := utils.DefaultEnterpriseInstanceKey err := r.client.Get(ctx, key, logStorage) if err != nil { if errors.IsNotFound(err) { diff --git a/pkg/controller/logstorage/kubecontrollers/es_kube_controllers_test.go b/pkg/controller/logstorage/kubecontrollers/es_kube_controllers_test.go index cee7e0980d..0488929149 100644 --- a/pkg/controller/logstorage/kubecontrollers/es_kube_controllers_test.go +++ b/pkg/controller/logstorage/kubecontrollers/es_kube_controllers_test.go @@ -120,12 +120,12 @@ var _ = Describe("LogStorage ES kube-controllers controller", func() { Name: "default", }, Status: operatorv1.InstallationStatus{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Computed: &operatorv1.InstallationSpec{}, }, Spec: operatorv1.InstallationSpec{ ControlPlaneReplicas: &replicas, - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Registry: "some.registry.org/", ImagePullSecrets: []corev1.LocalObjectReference{{ Name: "tigera-pull-secret", diff --git a/pkg/controller/logstorage/linseed/linseed_controller.go b/pkg/controller/logstorage/linseed/linseed_controller.go index 75d1883092..f891006434 100644 --- a/pkg/controller/logstorage/linseed/linseed_controller.go +++ b/pkg/controller/logstorage/linseed/linseed_controller.go @@ -216,7 +216,7 @@ func (r *LinseedSubController) Reconcile(ctx context.Context, request reconcile. // Get LogStorage resource. logStorage := &operatorv1.LogStorage{} - key := utils.DefaultTSEEInstanceKey + key := utils.DefaultEnterpriseInstanceKey err = r.client.Get(ctx, key, logStorage) if err != nil { if errors.IsNotFound(err) { diff --git a/pkg/controller/logstorage/linseed/linseed_controller_test.go b/pkg/controller/logstorage/linseed/linseed_controller_test.go index d5fb8d03d2..537661b2f0 100644 --- a/pkg/controller/logstorage/linseed/linseed_controller_test.go +++ b/pkg/controller/logstorage/linseed/linseed_controller_test.go @@ -119,12 +119,12 @@ var _ = Describe("LogStorage Linseed controller", func() { Name: "default", }, Status: operatorv1.InstallationStatus{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Computed: &operatorv1.InstallationSpec{}, }, Spec: operatorv1.InstallationSpec{ ControlPlaneReplicas: &replicas, - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Registry: "some.registry.org/", ImagePullSecrets: []corev1.LocalObjectReference{{ Name: "tigera-pull-secret", diff --git a/pkg/controller/logstorage/managedcluster/managed_cluster_controller.go b/pkg/controller/logstorage/managedcluster/managed_cluster_controller.go index 9c742e42d2..8dc66accf6 100644 --- a/pkg/controller/logstorage/managedcluster/managed_cluster_controller.go +++ b/pkg/controller/logstorage/managedcluster/managed_cluster_controller.go @@ -111,7 +111,7 @@ func (r *LogStorageManagedClusterController) Reconcile(ctx context.Context, requ } return reconcile.Result{}, err } - if variant != operatorv1.TigeraSecureEnterprise { + if !variant.IsEnterprise() { return reconcile.Result{}, nil } diff --git a/pkg/controller/logstorage/managedcluster/managed_cluster_controller_test.go b/pkg/controller/logstorage/managedcluster/managed_cluster_controller_test.go index de01af592f..34a44d8de8 100644 --- a/pkg/controller/logstorage/managedcluster/managed_cluster_controller_test.go +++ b/pkg/controller/logstorage/managedcluster/managed_cluster_controller_test.go @@ -84,12 +84,12 @@ var _ = Describe("LogStorageManagedCluster controller", func() { Name: "default", }, Status: operatorv1.InstallationStatus{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Computed: &operatorv1.InstallationSpec{}, }, Spec: operatorv1.InstallationSpec{ ControlPlaneReplicas: &replicas, - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, }, } Expect(cli.Create(ctx, install)).ShouldNot(HaveOccurred()) @@ -98,7 +98,7 @@ var _ = Describe("LogStorageManagedCluster controller", func() { Context("Managed Cluster", func() { Context("LogStorage is nil", func() { BeforeEach(func() { - Expect(cli.Create(ctx, &operatorv1.ManagementClusterConnection{ObjectMeta: metav1.ObjectMeta{Name: utils.DefaultTSEEInstanceKey.Name}})).NotTo(HaveOccurred()) + Expect(cli.Create(ctx, &operatorv1.ManagementClusterConnection{ObjectMeta: metav1.ObjectMeta{Name: utils.DefaultEnterpriseInstanceKey.Name}})).NotTo(HaveOccurred()) }) Context("LogStorage exists", func() { diff --git a/pkg/controller/logstorage/secrets/secret_controller.go b/pkg/controller/logstorage/secrets/secret_controller.go index 1720f3a940..dd81172c26 100644 --- a/pkg/controller/logstorage/secrets/secret_controller.go +++ b/pkg/controller/logstorage/secrets/secret_controller.go @@ -178,7 +178,7 @@ func (r *SecretSubController) Reconcile(ctx context.Context, request reconcile.R // Get LogStorage resource. ls := &operatorv1.LogStorage{} - key := utils.DefaultTSEEInstanceKey + key := utils.DefaultEnterpriseInstanceKey err := r.client.Get(ctx, key, ls) if err != nil { if errors.IsNotFound(err) { @@ -544,7 +544,7 @@ func (r *SecretSubController) collectUpstreamCerts(log logr.Logger, helper utils func (r *SecretSubController) isEKSLogForwardingEnabled(install *operatorv1.InstallationSpec) bool { if install.KubernetesProvider.IsEKS() { instance := &operatorv1.LogCollector{} - err := r.client.Get(context.Background(), utils.DefaultTSEEInstanceKey, instance) + err := r.client.Get(context.Background(), utils.DefaultEnterpriseInstanceKey, instance) if err != nil { log.Error(err, "Error loading logcollector, Unable to check whether EKS Log Forwarding is enabled") return false diff --git a/pkg/controller/logstorage/secrets/secret_controller_test.go b/pkg/controller/logstorage/secrets/secret_controller_test.go index 28c519835e..b86aec2de8 100644 --- a/pkg/controller/logstorage/secrets/secret_controller_test.go +++ b/pkg/controller/logstorage/secrets/secret_controller_test.go @@ -159,12 +159,12 @@ var _ = Describe("LogStorage Secrets controller", func() { Name: "default", }, Status: operatorv1.InstallationStatus{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Computed: &operatorv1.InstallationSpec{}, }, Spec: operatorv1.InstallationSpec{ ControlPlaneReplicas: &replicas, - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Registry: "some.registry.org/", }, } diff --git a/pkg/controller/logstorage/users/users_controller.go b/pkg/controller/logstorage/users/users_controller.go index 5bdb696f1f..f7a173837d 100644 --- a/pkg/controller/logstorage/users/users_controller.go +++ b/pkg/controller/logstorage/users/users_controller.go @@ -181,7 +181,7 @@ func (r *UserController) Reconcile(ctx context.Context, request reconcile.Reques // Get LogStorage resource. logStorage := &operatorv1.LogStorage{} - err = r.client.Get(ctx, utils.DefaultTSEEInstanceKey, logStorage) + err = r.client.Get(ctx, utils.DefaultEnterpriseInstanceKey, logStorage) if err != nil { // Not finding the LogStorage CR is not an error, as a Managed cluster will not have this CR available but // there are still "LogStorage" related items that need to be set up diff --git a/pkg/controller/manager/manager_controller.go b/pkg/controller/manager/manager_controller.go index c866b569a1..f16a8050a0 100644 --- a/pkg/controller/manager/manager_controller.go +++ b/pkg/controller/manager/manager_controller.go @@ -434,7 +434,7 @@ func (r *ReconcileManager) Reconcile(ctx context.Context, request reconcile.Requ // If external prometheus is enabled, the secret will be signed by the Calico CA and no secret will be created. We can skip // adding it to the bundle, as trusting the CA will suffice. monitorCR := &operatorv1.Monitor{} - if err := r.client.Get(ctx, utils.DefaultTSEEInstanceKey, monitorCR); err != nil { + if err := r.client.Get(ctx, utils.DefaultEnterpriseInstanceKey, monitorCR); err != nil { r.status.SetDegraded(operatorv1.ResourceReadError, "Error querying required Monitor resource: ", err, logc) return reconcile.Result{}, err } diff --git a/pkg/controller/manager/manager_controller_test.go b/pkg/controller/manager/manager_controller_test.go index 1a0b2487e4..a72b9c1690 100644 --- a/pkg/controller/manager/manager_controller_test.go +++ b/pkg/controller/manager/manager_controller_test.go @@ -186,11 +186,11 @@ var _ = Describe("Manager controller tests", func() { ObjectMeta: metav1.ObjectMeta{Name: "default"}, Spec: operatorv1.InstallationSpec{ ControlPlaneReplicas: &replicas, - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Registry: "some.registry.org/", }, Status: operatorv1.InstallationStatus{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Computed: &operatorv1.InstallationSpec{ Registry: "some.registry.org/", // The test is provider agnostic. @@ -482,14 +482,14 @@ var _ = Describe("Manager controller tests", func() { ObjectMeta: metav1.ObjectMeta{Name: "default"}, Spec: operatorv1.InstallationSpec{ ControlPlaneReplicas: &replicas, - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Registry: "some.registry.org/", ImagePullSecrets: []corev1.LocalObjectReference{{ Name: "tigera-pull-secret", }}, }, Status: operatorv1.InstallationStatus{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Computed: &operatorv1.InstallationSpec{ Registry: "some.registry.org/", // The test is provider agnostic. diff --git a/pkg/controller/monitor/monitor_controller.go b/pkg/controller/monitor/monitor_controller.go index 8f3038464b..8d57b0f6cd 100644 --- a/pkg/controller/monitor/monitor_controller.go +++ b/pkg/controller/monitor/monitor_controller.go @@ -196,7 +196,7 @@ type ReconcileMonitor struct { func (r *ReconcileMonitor) getMonitor(ctx context.Context) (*operatorv1.Monitor, error) { instance := &operatorv1.Monitor{} - err := r.client.Get(ctx, utils.DefaultTSEEInstanceKey, instance) + err := r.client.Get(ctx, utils.DefaultEnterpriseInstanceKey, instance) if err != nil { return nil, err } diff --git a/pkg/controller/monitor/monitor_controller_test.go b/pkg/controller/monitor/monitor_controller_test.go index 1265840e67..eadc00c788 100644 --- a/pkg/controller/monitor/monitor_controller_test.go +++ b/pkg/controller/monitor/monitor_controller_test.go @@ -109,11 +109,11 @@ var _ = Describe("Monitor controller tests", func() { Generation: 2, }, Status: operatorv1.InstallationStatus{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Computed: &operatorv1.InstallationSpec{}, }, Spec: operatorv1.InstallationSpec{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Registry: "some.registry.org/", }, } diff --git a/pkg/controller/packetcapture/packetcapture_controller.go b/pkg/controller/packetcapture/packetcapture_controller.go index bf73b426f2..42eaafe4e3 100644 --- a/pkg/controller/packetcapture/packetcapture_controller.go +++ b/pkg/controller/packetcapture/packetcapture_controller.go @@ -169,8 +169,8 @@ func (r *ReconcilePacketCapture) Reconcile(ctx context.Context, request reconcil return reconcile.Result{}, err } - if variant != operatorv1.TigeraSecureEnterprise { - r.status.SetDegraded(operatorv1.ResourceNotReady, fmt.Sprintf("Waiting for Installation variant to be %s", operatorv1.TigeraSecureEnterprise), nil, reqLogger) + if !variant.IsEnterprise() { + r.status.SetDegraded(operatorv1.ResourceNotReady, "Waiting for Installation variant to be an enterprise variant", nil, reqLogger) return reconcile.Result{}, err } diff --git a/pkg/controller/packetcapture/packetcapture_controller_test.go b/pkg/controller/packetcapture/packetcapture_controller_test.go index 246553f190..efd76bb17a 100644 --- a/pkg/controller/packetcapture/packetcapture_controller_test.go +++ b/pkg/controller/packetcapture/packetcapture_controller_test.go @@ -89,12 +89,12 @@ var _ = Describe("packet capture controller tests", func() { Generation: 2, }, Status: operatorv1.InstallationStatus{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Computed: &operatorv1.InstallationSpec{}, }, Spec: operatorv1.InstallationSpec{ ControlPlaneReplicas: &replicas, - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Registry: "some.registry.org/", }, } diff --git a/pkg/controller/policyrecommendation/policyrecommendation_controller_test.go b/pkg/controller/policyrecommendation/policyrecommendation_controller_test.go index 4189337bb6..fc1c4553f1 100644 --- a/pkg/controller/policyrecommendation/policyrecommendation_controller_test.go +++ b/pkg/controller/policyrecommendation/policyrecommendation_controller_test.go @@ -115,14 +115,14 @@ var _ = Describe("PolicyRecommendation controller tests", func() { &operatorv1.Installation{ ObjectMeta: metav1.ObjectMeta{Name: "default"}, Spec: operatorv1.InstallationSpec{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Registry: "some.registry.org/", ImagePullSecrets: []corev1.LocalObjectReference{{ Name: "tigera-pull-secret", }}, }, Status: operatorv1.InstallationStatus{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Computed: &operatorv1.InstallationSpec{ Registry: "my-reg", // The test is provider agnostic. diff --git a/pkg/controller/secrets/cluster_ca_controller_test.go b/pkg/controller/secrets/cluster_ca_controller_test.go index 100891bc5a..bda61783d9 100644 --- a/pkg/controller/secrets/cluster_ca_controller_test.go +++ b/pkg/controller/secrets/cluster_ca_controller_test.go @@ -145,7 +145,7 @@ var _ = Describe("ClusterCA controller", func() { Name: "overlay", }, Spec: operatorv1.InstallationSpec{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, }, } Expect(cli.Create(ctx, &install)).ShouldNot(HaveOccurred()) diff --git a/pkg/controller/secrets/tenant_controller_test.go b/pkg/controller/secrets/tenant_controller_test.go index c14fbd0402..05b9fb3aca 100644 --- a/pkg/controller/secrets/tenant_controller_test.go +++ b/pkg/controller/secrets/tenant_controller_test.go @@ -99,12 +99,12 @@ var _ = Describe("Tenant controller", func() { Name: "default", }, Status: operatorv1.InstallationStatus{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Computed: &operatorv1.InstallationSpec{}, }, Spec: operatorv1.InstallationSpec{ ControlPlaneReplicas: &replicas, - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Registry: "some.registry.org/", }, } diff --git a/pkg/controller/tiers/tiers_controller_test.go b/pkg/controller/tiers/tiers_controller_test.go index 449ced2b21..6b97440ca7 100644 --- a/pkg/controller/tiers/tiers_controller_test.go +++ b/pkg/controller/tiers/tiers_controller_test.go @@ -82,11 +82,11 @@ var _ = Describe("tier controller tests", func() { &operatorv1.Installation{ ObjectMeta: metav1.ObjectMeta{Name: "default"}, Spec: operatorv1.InstallationSpec{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Registry: "some.registry.org/", }, Status: operatorv1.InstallationStatus{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, Computed: &operatorv1.InstallationSpec{ Registry: "my-reg", // The test is provider agnostic. diff --git a/pkg/controller/utils/imageset/imageset.go b/pkg/controller/utils/imageset/imageset.go index 3ba3e5680d..15e468a334 100644 --- a/pkg/controller/utils/imageset/imageset.go +++ b/pkg/controller/utils/imageset/imageset.go @@ -53,7 +53,7 @@ func AddImageSetWatch(c ctrlruntime.Controller) error { } func variantPrefix(v operator.ProductVariant) string { - if v == operator.TigeraSecureEnterprise { + if v.IsEnterprise() { return enterprisePrefix } return calicoPrefix @@ -61,7 +61,7 @@ func variantPrefix(v operator.ProductVariant) string { func getSetName(v operator.ProductVariant) string { variantVersion := components.CalicoRelease - if v == operator.TigeraSecureEnterprise { + if v.IsEnterprise() { variantVersion = components.EnterpriseRelease } return fmt.Sprintf("%s-%s", variantPrefix(v), variantVersion) diff --git a/pkg/controller/utils/imageset/imageset_test.go b/pkg/controller/utils/imageset/imageset_test.go index 6f661ad561..98be880da8 100644 --- a/pkg/controller/utils/imageset/imageset_test.go +++ b/pkg/controller/utils/imageset/imageset_test.go @@ -47,7 +47,7 @@ var _ = Describe("imageset tests", func() { Expect(e).To(BeNil()) }) It("should not error for Enterprise", func() { - e := ApplyImageSet(context.Background(), c, operator.TigeraSecureEnterprise) + e := ApplyImageSet(context.Background(), c, operator.CalicoEnterprise) Expect(e).To(BeNil()) }) }) @@ -55,7 +55,7 @@ var _ = Describe("imageset tests", func() { Context("Test imageset validation", func() { DescribeTable("", func(v operator.ProductVariant) { nm := fmt.Sprintf("calico-%s", components.CalicoRelease) - if v == operator.TigeraSecureEnterprise { + if v.IsEnterprise() { nm = fmt.Sprintf("enterprise-%s", components.EnterpriseRelease) } c := fake.NewClientBuilder().WithScheme(kscheme.Scheme).WithObjects( @@ -108,7 +108,7 @@ var _ = Describe("imageset tests", func() { Expect(err.Error()).To(ContainSubstring("bad digest images")) }, Entry("Calico variant", operator.Calico), - Entry("Enterprise variant", operator.TigeraSecureEnterprise), + Entry("Enterprise variant", operator.CalicoEnterprise), ) }) @@ -117,7 +117,7 @@ var _ = Describe("imageset tests", func() { isName := fmt.Sprintf("calico-%s", components.CalicoRelease) nonVariantISName := fmt.Sprintf("enterprise-%s", components.EnterpriseRelease) isNameWrongVer := "calico-wrong" - if v == operator.TigeraSecureEnterprise { + if v.IsEnterprise() { isName = fmt.Sprintf("enterprise-%s", components.EnterpriseRelease) nonVariantISName = fmt.Sprintf("calico-%s", components.CalicoRelease) isNameWrongVer = "enterprise-wrong" @@ -205,7 +205,7 @@ var _ = Describe("imageset tests", func() { Expect(ApplyImageSet(context.Background(), c, v)).To(BeNil()) }, Entry("Calico variant", operator.Calico), - Entry("Enterprise variant", operator.TigeraSecureEnterprise), + Entry("Enterprise variant", operator.CalicoEnterprise), ) }) }) diff --git a/pkg/controller/utils/license.go b/pkg/controller/utils/license.go index 6ee9fcec9d..87f00253f4 100644 --- a/pkg/controller/utils/license.go +++ b/pkg/controller/utils/license.go @@ -51,7 +51,7 @@ func WaitToAddLicenseKeyWatch(controller ctrlruntime.Controller, c kubernetes.In } // FetchLicenseKey returns the license if it has been installed. It's useful -// to prevent rollout of TSEE components that might require it. +// to prevent rollout of enterprise components that might require it. // It will return an error if the license is not installed/cannot be read func FetchLicenseKey(ctx context.Context, cli client.Client) (v3.LicenseKey, error) { instance := &v3.LicenseKey{} diff --git a/pkg/controller/utils/merge_test.go b/pkg/controller/utils/merge_test.go index d9f4189bc1..8aefe13fb6 100644 --- a/pkg/controller/utils/merge_test.go +++ b/pkg/controller/utils/merge_test.go @@ -55,7 +55,7 @@ var _ = Describe("Installation merge tests", func() { Entry("Main only set", &opv1.Calico, nil, &opv1.Calico), Entry("Second only set", nil, &opv1.Calico, &opv1.Calico), Entry("Both set equal", &opv1.Calico, &opv1.Calico, &opv1.Calico), - Entry("Both set not matching", &opv1.Calico, &opv1.TigeraSecureEnterprise, &opv1.TigeraSecureEnterprise), + Entry("Both set not matching", &opv1.Calico, &opv1.CalicoEnterprise, &opv1.CalicoEnterprise), ) DescribeTable("merge Registry", func(main, second, expect string) { @@ -428,7 +428,7 @@ var _ = Describe("Installation merge tests", func() { Entry("Both set equal", map[string]string{"a": "1"}, map[string]string{"a": "1"}, map[string]string{"a": "1"}), Entry("Both set not matching", map[string]string{"a": "1"}, map[string]string{"b": "2"}, map[string]string{"b": "2"}), ) - //TODO: Have some test that have different fields set and they merge. + // TODO: Have some test that have different fields set and they merge. DescribeTable("merge multiple CalicoNetwork fields", func(main, second, expect *opv1.CalicoNetworkSpec) { m := opv1.InstallationSpec{} @@ -482,7 +482,8 @@ var _ = Describe("Installation merge tests", func() { { Key: "net.ipv4.tcp_keepalive_intvl", Value: "15", - }, { + }, + { Key: "net.ipv4.tcp_keepalive_probes", Value: "6", }, @@ -514,7 +515,6 @@ var _ = Describe("Installation merge tests", func() { Entry("Both set equal", _sysctlTuningA, _sysctlTuningA, _sysctlTuningA), Entry("Both set not matching", _sysctlTuningA, _sysctlTuningB, _sysctlTuningB), ) - }) DescribeTable("merge NodeMetricsPort", func(main, second, expect *int32) { @@ -640,7 +640,7 @@ var _ = Describe("Installation merge tests", func() { []opv1.ComponentResource{_typhaComp}), ) - var metadataTests = []TableEntry{ + metadataTests := []TableEntry{ Entry("Both unset", nil, nil, nil), Entry("Main only set (labels only)", &opv1.Metadata{Labels: map[string]string{"a": "1"}}, nil, &opv1.Metadata{Labels: map[string]string{"a": "1"}}), Entry("Main only set (annots only)", &opv1.Metadata{Annotations: map[string]string{"a": "1"}}, nil, &opv1.Metadata{Annotations: map[string]string{"a": "1"}}), @@ -691,7 +691,6 @@ var _ = Describe("Installation merge tests", func() { }, }, } - }) DescribeTable("merge metadata", func(main, second, expect *opv1.Metadata) { @@ -985,7 +984,6 @@ var _ = Describe("Installation merge tests", func() { }, }, } - }) DescribeTable("merge metadata", func(main, second, expect *opv1.Metadata) { @@ -1279,7 +1277,6 @@ var _ = Describe("Installation merge tests", func() { }, }, } - }) DescribeTable("merge metadata", func(main, second, expect *opv1.Metadata) { diff --git a/pkg/controller/utils/utils.go b/pkg/controller/utils/utils.go index a5cf560bb5..c399828a5a 100644 --- a/pkg/controller/utils/utils.go +++ b/pkg/controller/utils/utils.go @@ -69,10 +69,10 @@ const ( ) var ( - DefaultInstanceKey = client.ObjectKey{Name: "default"} - DefaultTSEEInstanceKey = client.ObjectKey{Name: "tigera-secure"} - OverlayInstanceKey = client.ObjectKey{Name: "overlay"} - KubeProxyInstanceKey = client.ObjectKey{Name: "kube-proxy", Namespace: "kube-system"} + DefaultInstanceKey = client.ObjectKey{Name: "default"} + DefaultEnterpriseInstanceKey = client.ObjectKey{Name: "tigera-secure"} + OverlayInstanceKey = client.ObjectKey{Name: "overlay"} + KubeProxyInstanceKey = client.ObjectKey{Name: "kube-proxy", Namespace: "kube-system"} PeriodicReconcileTime = 5 * time.Minute @@ -331,7 +331,7 @@ func IsProjectCalicoV3Available(client client.Client, opts options.ControllerOpt func LogStorageExists(ctx context.Context, cli client.Client) (bool, error) { instance := &operatorv1.LogStorage{} - err := cli.Get(ctx, DefaultTSEEInstanceKey, instance) + err := cli.Get(ctx, DefaultEnterpriseInstanceKey, instance) if err != nil { if errors.IsNotFound(err) { return false, nil @@ -344,7 +344,7 @@ func LogStorageExists(ctx context.Context, cli client.Client) (bool, error) { func GetLogCollector(ctx context.Context, cli client.Client) (*operatorv1.LogCollector, error) { logCollector := &operatorv1.LogCollector{} - err := cli.Get(ctx, DefaultTSEEInstanceKey, logCollector) + err := cli.Get(ctx, DefaultEnterpriseInstanceKey, logCollector) if err != nil { if errors.IsNotFound(err) { return nil, nil @@ -452,7 +452,7 @@ func GetNetworkingPullSecrets(i *operatorv1.InstallationSpec, c client.Client) ( func GetApplicationLayer(ctx context.Context, c client.Client) (*operatorv1.ApplicationLayer, error) { applicationLayer := &operatorv1.ApplicationLayer{} - err := c.Get(ctx, DefaultTSEEInstanceKey, applicationLayer) + err := c.Get(ctx, DefaultEnterpriseInstanceKey, applicationLayer) if err != nil { if errors.IsNotFound(err) { return nil, nil @@ -467,7 +467,7 @@ func GetApplicationLayer(ctx context.Context, c client.Client) (*operatorv1.Appl func GetManagementCluster(ctx context.Context, c client.Client) (*operatorv1.ManagementCluster, error) { managementCluster := &operatorv1.ManagementCluster{} - err := c.Get(ctx, DefaultTSEEInstanceKey, managementCluster) + err := c.Get(ctx, DefaultEnterpriseInstanceKey, managementCluster) if err != nil { if errors.IsNotFound(err) { return nil, nil @@ -482,7 +482,7 @@ func GetManagementCluster(ctx context.Context, c client.Client) (*operatorv1.Man func GetManagementClusterConnection(ctx context.Context, c client.Client) (*operatorv1.ManagementClusterConnection, error) { managementClusterConnection := &operatorv1.ManagementClusterConnection{} - err := c.Get(ctx, DefaultTSEEInstanceKey, managementClusterConnection) + err := c.Get(ctx, DefaultEnterpriseInstanceKey, managementClusterConnection) if err != nil { if errors.IsNotFound(err) { return nil, nil @@ -516,7 +516,7 @@ func GetIfExists[E any, ClientObj ClientObjType[E]](ctx context.Context, key cli func GetNonClusterHost(ctx context.Context, cli client.Client) (*operatorv1.NonClusterHost, error) { nonclusterhost := &operatorv1.NonClusterHost{} - err := cli.Get(ctx, DefaultTSEEInstanceKey, nonclusterhost) + err := cli.Get(ctx, DefaultEnterpriseInstanceKey, nonclusterhost) if err != nil { if errors.IsNotFound(err) { return nil, nil @@ -530,7 +530,7 @@ func GetNonClusterHost(ctx context.Context, cli client.Client) (*operatorv1.NonC // GetAuthentication finds the authentication CR in your cluster. func GetAuthentication(ctx context.Context, cli client.Client) (*operatorv1.Authentication, error) { authentication := &operatorv1.Authentication{} - err := cli.Get(ctx, DefaultTSEEInstanceKey, authentication) + err := cli.Get(ctx, DefaultEnterpriseInstanceKey, authentication) if err != nil { return nil, err } @@ -624,13 +624,13 @@ func GetAPIServer(ctx context.Context, client client.Client) (*operatorv1.APISer } // Default instance doesn't exist. Check for the legacy (enterprise only) CR. - err = client.Get(ctx, DefaultTSEEInstanceKey, instance) + err = client.Get(ctx, DefaultEnterpriseInstanceKey, instance) if err != nil { return nil, "failed to get apiserver 'tigera-secure'", err } } else { // Assert there is no legacy "tigera-secure" instance present. - err = client.Get(ctx, DefaultTSEEInstanceKey, instance) + err = client.Get(ctx, DefaultEnterpriseInstanceKey, instance) if err == nil { return nil, "Duplicate configuration detected", @@ -643,7 +643,7 @@ func GetAPIServer(ctx context.Context, client client.Client) (*operatorv1.APISer // GetPacketCapture finds the PacketCapture CR in your cluster. func GetPacketCaptureAPI(ctx context.Context, cli client.Client) (*operatorv1.PacketCaptureAPI, error) { pc := &operatorv1.PacketCaptureAPI{} - err := cli.Get(ctx, DefaultTSEEInstanceKey, pc) + err := cli.Get(ctx, DefaultEnterpriseInstanceKey, pc) if err != nil { return nil, err } diff --git a/pkg/imports/admission/admission_test.go b/pkg/imports/admission/admission_test.go index aa46df3744..31cc893de7 100644 --- a/pkg/imports/admission/admission_test.go +++ b/pkg/imports/admission/admission_test.go @@ -45,7 +45,7 @@ var _ = Describe("MutatingAdmissionPolicies", func() { }) It("returns Enterprise MAPs when v3=true", func() { - objs := GetMutatingAdmissionPolicies(opv1.TigeraSecureEnterprise, true) + objs := GetMutatingAdmissionPolicies(opv1.CalicoEnterprise, true) Expect(objs).To(HaveLen(4), "Expected 4 admission objects, got %d", len(objs)) var mapCount, mapbCount int @@ -64,7 +64,7 @@ var _ = Describe("MutatingAdmissionPolicies", func() { It("returns empty when v3=false", func() { Expect(GetMutatingAdmissionPolicies(opv1.Calico, false)).To(BeEmpty(), "Expected no admission objects when v3=false") - Expect(GetMutatingAdmissionPolicies(opv1.TigeraSecureEnterprise, false)).To(BeEmpty(), "Expected no admission objects when v3=false") + Expect(GetMutatingAdmissionPolicies(opv1.CalicoEnterprise, false)).To(BeEmpty(), "Expected no admission objects when v3=false") }) It("parses MAP names correctly", func() { diff --git a/pkg/imports/admission/calico/tierlabel.mutatingadmissionpolicy.yaml b/pkg/imports/admission/calico/tierlabel.mutatingadmissionpolicy.yaml index 38bedc7460..88304cfdb5 100644 --- a/pkg/imports/admission/calico/tierlabel.mutatingadmissionpolicy.yaml +++ b/pkg/imports/admission/calico/tierlabel.mutatingadmissionpolicy.yaml @@ -1,5 +1,5 @@ -# This MutatingAdmissionPolicy sets the projectcalico.org/tier label on policy resources -# to match the spec.tier field, defaulting to "default" if not specified. +# This MutatingAdmissionPolicy defaults the spec.tier field to "default" if not specified, +# and sets the projectcalico.org/tier label to match. apiVersion: admissionregistration.k8s.io/v1beta1 kind: MutatingAdmissionPolicy metadata: @@ -22,6 +22,13 @@ spec: expression: | has(object.spec.tier) && object.spec.tier != "" ? object.spec.tier : "default" mutations: + # Default spec.tier to "default" if empty or unset. + - patchType: "JSONPatch" + jsonPatch: + expression: | + !has(object.spec.tier) || object.spec.tier == "" ? + [JSONPatch{op: "add", path: "/spec/tier", value: variables.tierValue}] : + [] # Set the projectcalico.org/tier label to match spec.tier. # Uses ~1 encoding for the / in the label key per RFC 6901 (JSON Pointer). - patchType: "JSONPatch" diff --git a/pkg/imports/admission/enterprise/tierlabel.mutatingadmissionpolicy.yaml b/pkg/imports/admission/enterprise/tierlabel.mutatingadmissionpolicy.yaml index 38bedc7460..88304cfdb5 100644 --- a/pkg/imports/admission/enterprise/tierlabel.mutatingadmissionpolicy.yaml +++ b/pkg/imports/admission/enterprise/tierlabel.mutatingadmissionpolicy.yaml @@ -1,5 +1,5 @@ -# This MutatingAdmissionPolicy sets the projectcalico.org/tier label on policy resources -# to match the spec.tier field, defaulting to "default" if not specified. +# This MutatingAdmissionPolicy defaults the spec.tier field to "default" if not specified, +# and sets the projectcalico.org/tier label to match. apiVersion: admissionregistration.k8s.io/v1beta1 kind: MutatingAdmissionPolicy metadata: @@ -22,6 +22,13 @@ spec: expression: | has(object.spec.tier) && object.spec.tier != "" ? object.spec.tier : "default" mutations: + # Default spec.tier to "default" if empty or unset. + - patchType: "JSONPatch" + jsonPatch: + expression: | + !has(object.spec.tier) || object.spec.tier == "" ? + [JSONPatch{op: "add", path: "/spec/tier", value: variables.tierValue}] : + [] # Set the projectcalico.org/tier label to match spec.tier. # Uses ~1 encoding for the / in the label key per RFC 6901 (JSON Pointer). - patchType: "JSONPatch" diff --git a/pkg/imports/crds/crds_test.go b/pkg/imports/crds/crds_test.go index ef1fed3908..a5fe740ae0 100644 --- a/pkg/imports/crds/crds_test.go +++ b/pkg/imports/crds/crds_test.go @@ -36,7 +36,7 @@ var _ = Describe("test crds pkg", func() { }) It("can get all CRDS used with Enterprise", func() { - Expect(func() { Expect(GetCRDs(opv1.TigeraSecureEnterprise, v3)).ToNot(BeEmpty()) }).ToNot(Panic()) + Expect(func() { Expect(GetCRDs(opv1.CalicoEnterprise, v3)).ToNot(BeEmpty()) }).ToNot(Panic()) }) It("can parse Enterprise CRDs", func() { @@ -49,7 +49,7 @@ var _ = Describe("test crds pkg", func() { }) It("can parse Operator CRDs used with Enterprise", func() { - Expect(func() { Expect(getOperatorCRDSource(opv1.TigeraSecureEnterprise)).ToNot(BeEmpty()) }).ToNot(Panic()) + Expect(func() { Expect(getOperatorCRDSource(opv1.CalicoEnterprise)).ToNot(BeEmpty()) }).ToNot(Panic()) }) It("installs GatewayAPI CRD with Calico OSS", func() { diff --git a/pkg/imports/crds/enterprise/v1.crd.projectcalico.org/crd.projectcalico.org_ipamblocks.yaml b/pkg/imports/crds/enterprise/v1.crd.projectcalico.org/crd.projectcalico.org_ipamblocks.yaml index 27b1a8e9cd..33210937b9 100644 --- a/pkg/imports/crds/enterprise/v1.crd.projectcalico.org/crd.projectcalico.org_ipamblocks.yaml +++ b/pkg/imports/crds/enterprise/v1.crd.projectcalico.org/crd.projectcalico.org_ipamblocks.yaml @@ -41,7 +41,7 @@ spec: attributes: items: properties: - alternate: + alternateOwnerAttrs: additionalProperties: type: string type: object diff --git a/pkg/imports/crds/enterprise/v3.projectcalico.org/projectcalico.org_ipamblocks.yaml b/pkg/imports/crds/enterprise/v3.projectcalico.org/projectcalico.org_ipamblocks.yaml index 55321d0155..414b24ce03 100644 --- a/pkg/imports/crds/enterprise/v3.projectcalico.org/projectcalico.org_ipamblocks.yaml +++ b/pkg/imports/crds/enterprise/v3.projectcalico.org/projectcalico.org_ipamblocks.yaml @@ -56,7 +56,7 @@ spec: attributes: items: properties: - alternate: + alternateOwnerAttrs: additionalProperties: type: string type: object diff --git a/pkg/imports/crds/operator/operator.tigera.io_imagesets.yaml b/pkg/imports/crds/operator/operator.tigera.io_imagesets.yaml index 552c7ab87a..0f35f07211 100644 --- a/pkg/imports/crds/operator/operator.tigera.io_imagesets.yaml +++ b/pkg/imports/crds/operator/operator.tigera.io_imagesets.yaml @@ -20,7 +20,7 @@ spec: ImageSet is used to specify image digests for the images that the operator deploys. The name of the ImageSet is expected to be in the format `-`. The `variant` used is `enterprise` if the InstallationSpec Variant is - `TigeraSecureEnterprise` otherwise it is `calico`. + `CalicoEnterprise` or `TigeraSecureEnterprise`, otherwise it is `calico`. The `release` must match the version of the variant that the operator is built to deploy, this version can be obtained by passing the `--version` flag to the operator binary. properties: diff --git a/pkg/imports/crds/operator/operator.tigera.io_installations.yaml b/pkg/imports/crds/operator/operator.tigera.io_installations.yaml index 0ab5ce8142..d2b11fb0b1 100644 --- a/pkg/imports/crds/operator/operator.tigera.io_installations.yaml +++ b/pkg/imports/crds/operator/operator.tigera.io_installations.yaml @@ -8782,10 +8782,12 @@ spec: type: integer variant: description: |- - Variant is the product to install - one of Calico or TigeraSecureEnterprise + Variant is the product to install - one of Calico or CalicoEnterprise. + TigeraSecureEnterprise is also accepted as a deprecated alias for CalicoEnterprise. Default: Calico enum: - Calico + - CalicoEnterprise - TigeraSecureEnterprise type: string windowsNodes: @@ -17735,10 +17737,12 @@ spec: type: integer variant: description: |- - Variant is the product to install - one of Calico or TigeraSecureEnterprise + Variant is the product to install - one of Calico or CalicoEnterprise. + TigeraSecureEnterprise is also accepted as a deprecated alias for CalicoEnterprise. Default: Calico enum: - Calico + - CalicoEnterprise - TigeraSecureEnterprise type: string windowsNodes: @@ -17850,11 +17854,12 @@ spec: format: int32 type: integer variant: - description: - Variant is the most recently observed installed variant - - one of Calico or TigeraSecureEnterprise + description: |- + Variant is the most recently observed installed variant - one of Calico or CalicoEnterprise. + TigeraSecureEnterprise is a deprecated alias for CalicoEnterprise. enum: - Calico + - CalicoEnterprise - TigeraSecureEnterprise type: string type: object diff --git a/pkg/render/apiserver.go b/pkg/render/apiserver.go index d22d50050e..d6f4ffc189 100644 --- a/pkg/render/apiserver.go +++ b/pkg/render/apiserver.go @@ -166,7 +166,7 @@ func (c *apiServerComponent) ResolveImages(is *operatorv1.ImageSet) error { var err error errMsgs := []string{} - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { c.apiServerImage, err = components.GetReference(components.ComponentAPIServer, reg, path, prefix, is) if err != nil { errMsgs = append(errMsgs, err.Error()) @@ -238,7 +238,7 @@ func (c *apiServerComponent) Objects() ([]client.Object, []client.Object) { // The deployment and its supporting objects are needed when running the aggregation API server // or when running Enterprise (which always needs the queryserver). - if c.cfg.RequiresAggregationServer || c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.RequiresAggregationServer || c.cfg.Installation.Variant.IsEnterprise() { namespacedObjects = append(namespacedObjects, c.apiServerServiceAccount(), c.apiServerDeployment(), @@ -264,7 +264,7 @@ func (c *apiServerComponent) Objects() ([]client.Object, []client.Object) { c.authReaderRoleBinding(), } - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { aggregationAPIServerObjects = append(aggregationAPIServerObjects, c.uiSettingsGroupGetterClusterRole(), c.kubeControllerManagerUISettingsGroupGetterClusterRoleBinding(), @@ -330,7 +330,7 @@ func (c *apiServerComponent) Objects() ([]client.Object, []client.Object) { } // Compile the final arrays based on the variant. - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { // Create any enterprise specific objects. globalObjects = append(globalObjects, globalEnterpriseObjects...) namespacedObjects = append(namespacedObjects, namespacedEnterpriseObjects...) @@ -929,7 +929,7 @@ func (c *apiServerComponent) apiServerService() *corev1.Service { }, } - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { // Add port for queryserver if enterprise. s.Spec.Ports = append(s.Spec.Ports, corev1.ServicePort{ @@ -992,7 +992,7 @@ func (c *apiServerComponent) apiServerDeployment() *appsv1.Deployment { if c.cfg.IsSidecarInjectionEnabled() { containers = append(containers, c.l7AdmissionControllerContainer()) } - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { containers = append(containers, c.queryServerContainer()) } @@ -1039,7 +1039,7 @@ func (c *apiServerComponent) apiServerDeployment() *appsv1.Deployment { d.Spec.Template.Spec.Affinity = podaffinity.NewPodAntiAffinity(APIServerName, []string{APIServerNamespace, "tigera-system", "calico-apiserver"}) } - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { if c.cfg.TrustedBundle != nil { trustedBundleHashAnnotations := c.cfg.TrustedBundle.HashAnnotations() for k, v := range trustedBundleHashAnnotations { @@ -1138,7 +1138,7 @@ func (c *apiServerComponent) apiServerContainer() corev1.Container { volumeMounts := []corev1.VolumeMount{ c.cfg.TLSKeyPair.VolumeMount(c.SupportedOSType()), } - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { volumeMounts = append(volumeMounts, corev1.VolumeMount{Name: auditLogsVolumeName, MountPath: "/var/log/calico/audit"}, corev1.VolumeMount{Name: auditPolicyVolumeName, MountPath: "/etc/tigera/audit"}, @@ -1197,7 +1197,7 @@ func (c *apiServerComponent) apiServerContainer() corev1.Container { } // In case of OpenShift, apiserver needs privileged access to write audit logs to host path volume. // Audit logs are owned by root on hosts so we need to be root user and group. Audit logs are supported only in Enterprise version. - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { apiServer.SecurityContext = securitycontext.NewRootContext(c.cfg.OpenShift) } else { apiServer.SecurityContext = securitycontext.NewNonRootContext() @@ -1215,7 +1215,7 @@ func (c *apiServerComponent) startUpArgs() []string { fmt.Sprintf("--tls-cert-file=%s", c.cfg.TLSKeyPair.VolumeMountCertificateFilePath()), } - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { args = append(args, "--audit-policy-file=/etc/tigera/audit/policy.conf", "--audit-log-path=/var/log/calico/audit/tsee-audit.log", @@ -1335,7 +1335,7 @@ func (c *apiServerComponent) apiServerVolumes() []corev1.Volume { volumes = append(volumes, c.cfg.QueryServerTLSKeyPairCertificateManagementOnly.Volume()) } - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise && c.cfg.RequiresAggregationServer { + if c.cfg.Installation.Variant.IsEnterprise() && c.cfg.RequiresAggregationServer { // Only include these volumes if we're running the aggregation API server, since audit logging is done through the // main API server otherwise. volumes = append(volumes, @@ -1365,7 +1365,7 @@ func (c *apiServerComponent) apiServerVolumes() []corev1.Volume { ) } - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise && c.cfg.TrustedBundle != nil { + if c.cfg.Installation.Variant.IsEnterprise() && c.cfg.TrustedBundle != nil { volumes = append(volumes, c.cfg.TrustedBundle.Volume()) } @@ -1997,7 +1997,7 @@ func (c *apiServerComponent) calicoPolicyPassthruClusterRole() *rbacv1.ClusterRo resources := []string{"networkpolicies", "globalnetworkpolicies"} // Append additional resources for enterprise Variant. - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { resources = append(resources, "stagednetworkpolicies", "stagedglobalnetworkpolicies") } @@ -2187,7 +2187,7 @@ func (c *apiServerComponent) getDeprecatedResources() []client.Object { }) // The following resources were not present in Calico OSS, so there is no need to clean up in OSS. - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { // Renamed ClusterRoleBinging tigera-tier-getter to calico-tier-getter since Tier is available in OSS renamedRscList = append(renamedRscList, &rbacv1.ClusterRoleBinding{ TypeMeta: metav1.TypeMeta{Kind: "ClusterRoleBinding", APIVersion: "rbac.authorization.k8s.io/v1"}, diff --git a/pkg/render/apiserver_test.go b/pkg/render/apiserver_test.go index bc61d958ac..e6f279ba8c 100644 --- a/pkg/render/apiserver_test.go +++ b/pkg/render/apiserver_test.go @@ -79,7 +79,7 @@ var _ = Describe("API server rendering tests (Calico Enterprise)", func() { instance = &operatorv1.InstallationSpec{ ControlPlaneReplicas: ptr.To[int32](2), Registry: "testregistry.com/", - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, } apiserver = &operatorv1.APIServerSpec{} dnsNames = dns.GetServiceDNSNames(render.APIServerServiceName, render.APIServerNamespace, clusterDomain) @@ -489,7 +489,7 @@ var _ = Describe("API server rendering tests (Calico Enterprise)", func() { It("should render SecurityContextConstrains properly when provider is OpenShift", func() { cfg.Installation.KubernetesProvider = operatorv1.ProviderOpenShift - cfg.Installation.Variant = operatorv1.TigeraSecureEnterprise + cfg.Installation.Variant = operatorv1.CalicoEnterprise component, err := render.APIServer(cfg) Expect(err).NotTo(HaveOccurred()) Expect(component.ResolveImages(nil)).To(BeNil()) @@ -2402,7 +2402,7 @@ var _ = Describe("API server rendering tests (Calico)", func() { cfg.Installation = &operatorv1.InstallationSpec{ ControlPlaneReplicas: ptr.To[int32](2), Registry: "testregistry.com/", - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, } }) diff --git a/pkg/render/csi.go b/pkg/render/csi.go index 1d01086437..ac2d7b2262 100644 --- a/pkg/render/csi.go +++ b/pkg/render/csi.go @@ -1,4 +1,4 @@ -// Copyright (c) 2022-2024 Tigera, Inc. All rights reserved. +// Copyright (c) 2022-2026 Tigera, Inc. All rights reserved. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -378,7 +378,7 @@ func (c *csiComponent) ResolveImages(is *operatorv1.ImageSet) error { prefix := c.cfg.Installation.ImagePrefix var err error - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { c.csiImage, err = components.GetReference(components.ComponentTigeraCSI, reg, path, prefix, is) if err != nil { return err diff --git a/pkg/render/csi_test.go b/pkg/render/csi_test.go index 7a44140d71..8ea641e4d6 100644 --- a/pkg/render/csi_test.go +++ b/pkg/render/csi_test.go @@ -295,7 +295,7 @@ var _ = Describe("CSI rendering tests", func() { }) It("should use private images when Variant = enterprise", func() { - cfg.Installation.Variant = operatorv1.TigeraSecureEnterprise + cfg.Installation.Variant = operatorv1.CalicoEnterprise comp := render.CSI(&cfg) Expect(comp.ResolveImages(nil)).To(BeNil()) createObjs, _ := comp.Objects() diff --git a/pkg/render/gatewayapi/gateway_api.go b/pkg/render/gatewayapi/gateway_api.go index d97378b423..ba41803a60 100644 --- a/pkg/render/gatewayapi/gateway_api.go +++ b/pkg/render/gatewayapi/gateway_api.go @@ -430,7 +430,7 @@ func (pr *gatewayAPIImplementationComponent) ResolveImages(is *operatorv1.ImageS prefix := pr.cfg.Installation.ImagePrefix var err error - if pr.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if pr.cfg.Installation.Variant.IsEnterprise() { pr.envoyGatewayImage, err = components.GetReference(components.ComponentGatewayAPIEnvoyGateway, reg, path, prefix, is) if err != nil { return err @@ -529,7 +529,7 @@ func (pr *gatewayAPIImplementationComponent) Objects() ([]client.Object, []clien } // Add WAF HTTP Filter RBAC resources for Enterprise variant - if pr.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if pr.cfg.Installation.Variant.IsEnterprise() { objs = append(objs, pr.wafHttpFilterServiceAccount(), pr.wafHttpFilterClusterRole(), @@ -761,7 +761,7 @@ func (pr *gatewayAPIImplementationComponent) envoyProxyConfig(className string, applyEnvoyProxyServiceOverrides(envoyProxy, classSpec.GatewayService) // Setup WAF HTTP Filter and l7 Log collector on Enterprise. - if pr.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if pr.cfg.Installation.Variant.IsEnterprise() { // The WAF HTTP filter is not supported when the envoy proxy is deployed as a DaemonSet // as there is no support for init containers in a DaemonSet. if envoyProxy.Spec.Provider.Kubernetes.EnvoyDeployment != nil { diff --git a/pkg/render/gatewayapi/gateway_api_test.go b/pkg/render/gatewayapi/gateway_api_test.go index 792b40e498..4a83da4f98 100644 --- a/pkg/render/gatewayapi/gateway_api_test.go +++ b/pkg/render/gatewayapi/gateway_api_test.go @@ -411,7 +411,7 @@ var _ = Describe("Gateway API rendering tests", func() { installation := &operatorv1.InstallationSpec{ Registry: "myregistry.io/", ImagePullSecrets: pullSecretRefs, - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, } gatewayAPI := &operatorv1.GatewayAPI{ Spec: operatorv1.GatewayAPISpec{ @@ -495,7 +495,7 @@ var _ = Describe("Gateway API rendering tests", func() { It("honours gateway controller customizations", func() { installation := &operatorv1.InstallationSpec{ Registry: "myregistry.io/", - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, } threeReplicas := int32(3) topologySpreadConstraints := []corev1.TopologySpreadConstraint{{ @@ -570,7 +570,7 @@ var _ = Describe("Gateway API rendering tests", func() { It("honours GatewayClass and EnvoyProxy customizations", func() { installation := &operatorv1.InstallationSpec{ Registry: "myregistry.io/", - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, } twoReplicas := int32(2) topologySpreadConstraints := []corev1.TopologySpreadConstraint{{ @@ -829,7 +829,7 @@ var _ = Describe("Gateway API rendering tests", func() { It("should deploy waf-http-filter for Enterprise", func() { installation := &operatorv1.InstallationSpec{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, } gatewayAPI := &operatorv1.GatewayAPI{ Spec: operatorv1.GatewayAPISpec{ @@ -902,7 +902,7 @@ var _ = Describe("Gateway API rendering tests", func() { It("should deploy waf-http-filter for Enterprise when using a custom proxy", func() { installation := &operatorv1.InstallationSpec{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, } gatewayAPI := &operatorv1.GatewayAPI{ Spec: operatorv1.GatewayAPISpec{ @@ -1047,7 +1047,7 @@ var _ = Describe("Gateway API rendering tests", func() { It("should set owning gateway environment variables in l7-log-collector for Enterprise", func() { installation := &operatorv1.InstallationSpec{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, } gatewayAPI := &operatorv1.GatewayAPI{ Spec: operatorv1.GatewayAPISpec{ @@ -1104,7 +1104,7 @@ var _ = Describe("Gateway API rendering tests", func() { It("should set owning gateway environment variables in l7-log-collector when using custom proxy", func() { installation := &operatorv1.InstallationSpec{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, } gatewayAPI := &operatorv1.GatewayAPI{ Spec: operatorv1.GatewayAPISpec{ @@ -1210,7 +1210,7 @@ var _ = Describe("Gateway API rendering tests", func() { It("should not set owning gateway env vars in l7-log-collector for DaemonSet deployments", func() { installation := &operatorv1.InstallationSpec{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, } daemonSet := operatorv1.GatewayKindDaemonSet gatewayAPI := &operatorv1.GatewayAPI{ @@ -1239,7 +1239,7 @@ var _ = Describe("Gateway API rendering tests", func() { It("should create correct RBAC for L7 log collector enrichment", func() { installation := &operatorv1.InstallationSpec{ - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, } gatewayAPI := &operatorv1.GatewayAPI{ Spec: operatorv1.GatewayAPISpec{ diff --git a/pkg/render/goldmane/component_test.go b/pkg/render/goldmane/component_test.go index fecd02d01b..15f4cbfe1d 100644 --- a/pkg/render/goldmane/component_test.go +++ b/pkg/render/goldmane/component_test.go @@ -80,7 +80,7 @@ var _ = Describe("ComponentRendering", func() { &goldmane.Configuration{ Installation: &operatorv1.InstallationSpec{ KubernetesProvider: operatorv1.ProviderGKE, - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, }, TrustedCertBundle: certificatemanagement.CreateTrustedBundle(nil), GoldmaneServerKeyPair: defaultTLSKeyPair, diff --git a/pkg/render/guardian.go b/pkg/render/guardian.go index 1ee7ed1b2c..31e8e48359 100644 --- a/pkg/render/guardian.go +++ b/pkg/render/guardian.go @@ -143,7 +143,7 @@ func (c *GuardianComponent) ResolveImages(is *operatorv1.ImageSet) error { path := c.cfg.Installation.ImagePath prefix := c.cfg.Installation.ImagePrefix var err error - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { c.image, err = components.GetReference(components.ComponentGuardian, reg, path, prefix, is) } else { c.image, err = components.GetReference(components.ComponentCalicoGuardian, reg, path, prefix, is) @@ -163,7 +163,7 @@ func (c *GuardianComponent) Objects() ([]client.Object, []client.Object) { c.clusterRoleBinding(), } - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { // Enterprise-specific RBAC and settings objs = append(objs, c.secretsRole(), @@ -202,7 +202,7 @@ func (c *GuardianComponent) service() *corev1.Service { }, } - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { ports = append(ports, corev1.ServicePort{ Name: "elasticsearch", @@ -247,7 +247,7 @@ func (c *GuardianComponent) serviceAccount() *corev1.ServiceAccount { func (c *GuardianComponent) clusterRole() *rbacv1.ClusterRole { var policyRules []rbacv1.PolicyRule - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { impersonation := c.cfg.ManagementClusterConnection.Spec.Impersonation if impersonation != nil { if impersonation.Users != nil { @@ -473,7 +473,7 @@ func (c *GuardianComponent) container() []corev1.Container { } envVars = append(envVars, c.cfg.Installation.Proxy.EnvVars()...) - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { envVars = append(envVars, corev1.EnvVar{Name: "GUARDIAN_PACKET_CAPTURE_CA_BUNDLE_PATH", Value: c.cfg.TrustedCertBundle.MountPath()}, corev1.EnvVar{Name: "GUARDIAN_PROMETHEUS_CA_BUNDLE_PATH", Value: c.cfg.TrustedCertBundle.MountPath()}, @@ -582,7 +582,7 @@ func ossNetworkPolicy() *v3.NetworkPolicy { } func guardianCalicoSystemPolicy(cfg *GuardianConfiguration) (*v3.NetworkPolicy, error) { - if cfg.Installation.Variant != operatorv1.TigeraSecureEnterprise { + if !cfg.Installation.Variant.IsEnterprise() { return ossNetworkPolicy(), nil } @@ -702,7 +702,7 @@ func guardianCalicoSystemPolicy(cfg *GuardianConfiguration) (*v3.NetworkPolicy, guardianIngressDestinationEntityRule := v3.EntityRule{Ports: networkpolicy.Ports(GuardianTargetPort)} networkpolicyHelper := networkpolicy.DefaultHelper() var ingressRules []v3.Rule - if cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if cfg.Installation.Variant.IsEnterprise() { ingressRules = append(ingressRules, []v3.Rule{ { Action: v3.Allow, diff --git a/pkg/render/guardian_test.go b/pkg/render/guardian_test.go index 64d9decced..20ace35f29 100644 --- a/pkg/render/guardian_test.go +++ b/pkg/render/guardian_test.go @@ -50,7 +50,7 @@ var _ = Describe("Rendering tests", func() { var deleteResources []client.Object createGuardianConfig := func(i operatorv1.InstallationSpec, addr string, openshift bool) *render.GuardianConfiguration { - i.Variant = operatorv1.TigeraSecureEnterprise + i.Variant = operatorv1.CalicoEnterprise secret := &corev1.Secret{ TypeMeta: metav1.TypeMeta{Kind: "Secret", APIVersion: "v1"}, ObjectMeta: metav1.ObjectMeta{ @@ -346,7 +346,7 @@ var _ = Describe("Rendering tests", func() { It("should not render Enterprise network policy when IncludeEgressNetworkPolicy is false", func() { // Enterprise variant with IncludeEgressNetworkPolicy=false should not render any policy - renderGuardianPolicy("127.0.0.1:1234", false, operatorv1.TigeraSecureEnterprise, false) + renderGuardianPolicy("127.0.0.1:1234", false, operatorv1.CalicoEnterprise, false) policyName := types.NamespacedName{Name: "calico-system.guardian-access", Namespace: "calico-system"} policy := testutils.GetCalicoSystemPolicyFromResources(policyName, resources) @@ -355,7 +355,7 @@ var _ = Describe("Rendering tests", func() { It("should render Enterprise network policy when IncludeEgressNetworkPolicy is true", func() { // Enterprise variant with IncludeEgressNetworkPolicy=true should render the full policy - renderGuardianPolicy("127.0.0.1:1234", false, operatorv1.TigeraSecureEnterprise, true) + renderGuardianPolicy("127.0.0.1:1234", false, operatorv1.CalicoEnterprise, true) policyName := types.NamespacedName{Name: "calico-system.guardian-access", Namespace: "calico-system"} policy := testutils.GetCalicoSystemPolicyFromResources(policyName, resources) @@ -380,7 +380,7 @@ var _ = Describe("Rendering tests", func() { DescribeTable("should render calico-system policy", func(scenario testutils.CalicoSystemScenario) { - renderGuardianPolicy("127.0.0.1:1234", scenario.OpenShift, operatorv1.TigeraSecureEnterprise, true) + renderGuardianPolicy("127.0.0.1:1234", scenario.OpenShift, operatorv1.CalicoEnterprise, true) policy := testutils.GetCalicoSystemPolicyFromResources(policyName, resources) expectedPolicy := getExpectedPolicy(policyName, scenario) Expect(policy).To(Equal(expectedPolicy)) @@ -392,7 +392,7 @@ var _ = Describe("Rendering tests", func() { // The test matrix above validates against an IP-based management cluster address. // Validate policy adaptation for domain-based management cluster address here. It("should adapt Guardian policy if ManagementClusterAddr is domain-based", func() { - renderGuardianPolicy("mydomain.io:8080", false, operatorv1.TigeraSecureEnterprise, true) + renderGuardianPolicy("mydomain.io:8080", false, operatorv1.CalicoEnterprise, true) policy := testutils.GetCalicoSystemPolicyFromResources(policyName, resources) managementClusterEgressRule := policy.Spec.Egress[5] Expect(managementClusterEgressRule.Destination.Domains).To(Equal([]string{"mydomain.io"})) diff --git a/pkg/render/istio/istio.go b/pkg/render/istio/istio.go index f26748e7b1..cd75d60643 100644 --- a/pkg/render/istio/istio.go +++ b/pkg/render/istio/istio.go @@ -185,7 +185,7 @@ func (c *IstioComponent) ResolveImages(is *operatorv1.ImageSet) error { path := c.cfg.Installation.ImagePath prefix := c.cfg.Installation.ImagePrefix - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { c.IstioPilotImage, err = components.GetReference(components.ComponentIstioPilot, reg, path, prefix, is) if err != nil { return err diff --git a/pkg/render/istio/istio_test.go b/pkg/render/istio/istio_test.go index 512f52009f..335c07939c 100644 --- a/pkg/render/istio/istio_test.go +++ b/pkg/render/istio/istio_test.go @@ -721,7 +721,7 @@ var _ = Describe("Istio Component Rendering", func() { }) It("should patch all required images for Enterprise variant", func() { - cfg.Installation.Variant = operatorv1.TigeraSecureEnterprise + cfg.Installation.Variant = operatorv1.CalicoEnterprise _, component, err := istio.Istio(cfg) Expect(err).ShouldNot(HaveOccurred()) @@ -778,7 +778,7 @@ var _ = Describe("Istio Component Rendering", func() { }) It("should patch ConfigMap with proxyv2 image for Enterprise variant", func() { - cfg.Installation.Variant = operatorv1.TigeraSecureEnterprise + cfg.Installation.Variant = operatorv1.CalicoEnterprise _, component, err := istio.Istio(cfg) Expect(err).ShouldNot(HaveOccurred()) diff --git a/pkg/render/kubecontrollers/kube-controllers.go b/pkg/render/kubecontrollers/kube-controllers.go index 2bd28b4edf..d7029d4d15 100644 --- a/pkg/render/kubecontrollers/kube-controllers.go +++ b/pkg/render/kubecontrollers/kube-controllers.go @@ -125,7 +125,7 @@ func NewCalicoKubeControllersPolicy(cfg *KubeControllersConfiguration, defaultDe func NewCalicoKubeControllers(cfg *KubeControllersConfiguration) *kubeControllersComponent { kubeControllerRolePolicyRules := kubeControllersRoleCommonRules(cfg) enabledControllers := []string{"node", "loadbalancer"} - if cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if cfg.Installation.Variant.IsEnterprise() { kubeControllerRolePolicyRules = append(kubeControllerRolePolicyRules, kubeControllersRoleEnterpriseCommonRules(cfg)...) kubeControllerRolePolicyRules = append(kubeControllerRolePolicyRules, rbacv1.PolicyRule{ @@ -169,7 +169,7 @@ func NewElasticsearchKubeControllers(cfg *KubeControllersConfiguration) *kubeCon var kubeControllerCalicoSystemPolicy *v3.NetworkPolicy kubeControllerRolePolicyRules := kubeControllersRoleCommonRules(cfg) - if cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if cfg.Installation.Variant.IsEnterprise() { kubeControllerRolePolicyRules = append(kubeControllerRolePolicyRules, kubeControllersRoleEnterpriseCommonRules(cfg)...) kubeControllerRolePolicyRules = append(kubeControllerRolePolicyRules, rbacv1.PolicyRule{ @@ -236,7 +236,7 @@ func (c *kubeControllersComponent) ResolveImages(is *operatorv1.ImageSet) error path := c.cfg.Installation.ImagePath prefix := c.cfg.Installation.ImagePrefix var err error - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { c.image, err = components.GetReference(components.ComponentTigeraKubeControllers, reg, path, prefix, is) } else { if operatorv1.IsFIPSModeEnabled(c.cfg.Installation.FIPSMode) { @@ -544,7 +544,7 @@ func (c *kubeControllersComponent) controllersDeployment() *appsv1.Deployment { env = append(env, c.cfg.K8sServiceEpPodNetwork.EnvVars()...) - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { if c.cfg.Tenant != nil { env = append(env, corev1.EnvVar{Name: "TENANT_ID", Value: c.cfg.Tenant.Spec.ID}) } diff --git a/pkg/render/kubecontrollers/kube-controllers_test.go b/pkg/render/kubecontrollers/kube-controllers_test.go index 72aba80380..03faed0e4c 100644 --- a/pkg/render/kubecontrollers/kube-controllers_test.go +++ b/pkg/render/kubecontrollers/kube-controllers_test.go @@ -223,7 +223,7 @@ var _ = Describe("kube-controllers rendering tests", func() { Expect(ds.Spec.Template.Spec.Tolerations).To(ConsistOf(rmeta.TolerateCriticalAddonsAndControlPlane)) }) - It("should render all calico kube-controllers resources for a default configuration (standalone) using TigeraSecureEnterprise", func() { + It("should render all calico kube-controllers resources for a default configuration (standalone) using CalicoEnterprise", func() { expectedResources := []struct { name string ns string @@ -238,7 +238,7 @@ var _ = Describe("kube-controllers rendering tests", func() { {name: kubecontrollers.KubeControllerMetrics, ns: common.CalicoNamespace, group: "", version: "v1", kind: "Service"}, } - instance.Variant = operatorv1.TigeraSecureEnterprise + instance.Variant = operatorv1.CalicoEnterprise cfg.MetricsPort = 9094 component := kubecontrollers.NewCalicoKubeControllers(&cfg) @@ -272,7 +272,7 @@ var _ = Describe("kube-controllers rendering tests", func() { Expect(ms.Spec.ClusterIP).To(Equal("None"), "metrics service should be headless") }) - It("should render all calico kube-controllers resources using TigeraSecureEnterprise on Openshift", func() { + It("should render all calico kube-controllers resources using CalicoEnterprise on Openshift", func() { expectedResources := []struct { name string ns string @@ -288,7 +288,7 @@ var _ = Describe("kube-controllers rendering tests", func() { {name: "calico-kube-controllers-endpoint-controller", ns: "", group: "rbac.authorization.k8s.io", version: "v1", kind: "ClusterRoleBinding"}, {name: kubecontrollers.KubeControllerMetrics, ns: common.CalicoNamespace, group: "", version: "v1", kind: "Service"}, } - instance.Variant = operatorv1.TigeraSecureEnterprise + instance.Variant = operatorv1.CalicoEnterprise instance.KubernetesProvider = operatorv1.ProviderOpenShift component := kubecontrollers.NewCalicoKubeControllers(&cfg) Expect(component.ResolveImages(nil)).To(BeNil()) @@ -300,7 +300,7 @@ var _ = Describe("kube-controllers rendering tests", func() { } }) - It("should render all es-calico-kube-controllers resources for a default configuration (standalone) using TigeraSecureEnterprise when logstorage and secrets exist", func() { + It("should render all es-calico-kube-controllers resources for a default configuration (standalone) using CalicoEnterprise when logstorage and secrets exist", func() { expectedResources := []struct { name string ns string @@ -317,7 +317,7 @@ var _ = Describe("kube-controllers rendering tests", func() { {name: kubecontrollers.EsKubeControllerMetrics, ns: common.CalicoNamespace, group: "", version: "v1", kind: "Service"}, } - instance.Variant = operatorv1.TigeraSecureEnterprise + instance.Variant = operatorv1.CalicoEnterprise cfg.LogStorageExists = true cfg.KubeControllersGatewaySecret = &testutils.KubeControllersUserSecret cfg.MetricsPort = 9094 @@ -368,7 +368,7 @@ var _ = Describe("kube-controllers rendering tests", func() { })) }) - It("should render all calico-kube-controllers resources for a default configuration using TigeraSecureEnterprise and ClusterType is Management", func() { + It("should render all calico-kube-controllers resources for a default configuration using CalicoEnterprise and ClusterType is Management", func() { expectedResources := []struct { name string ns string @@ -385,7 +385,7 @@ var _ = Describe("kube-controllers rendering tests", func() { } // Override configuration to match expected Enterprise config. - instance.Variant = operatorv1.TigeraSecureEnterprise + instance.Variant = operatorv1.CalicoEnterprise cfg.ManagementCluster = &operatorv1.ManagementCluster{} cfg.MetricsPort = 9094 @@ -415,7 +415,7 @@ var _ = Describe("kube-controllers rendering tests", func() { Expect(len(dp.Spec.Template.Spec.Volumes)).To(Equal(1)) Expect(dp.Spec.Template.Spec.Containers[0].Image).To(Equal("test-reg/tigera/kube-controllers:" + components.ComponentTigeraKubeControllers.Version)) }) - It("should render all calico-kube-controllers resources for a default configuration using TigeraSecureEnterprise", func() { + It("should render all calico-kube-controllers resources for a default configuration using CalicoEnterprise", func() { var defaultMode int32 = 420 var kubeControllerTLS certificatemanagement.KeyPairInterface expectedResources := []struct { @@ -476,7 +476,7 @@ var _ = Describe("kube-controllers rendering tests", func() { Expect(err).NotTo(HaveOccurred()) // Override configuration to match expected Enterprise config. - instance.Variant = operatorv1.TigeraSecureEnterprise + instance.Variant = operatorv1.CalicoEnterprise cfg.MetricsPort = 9094 cfg.MetricsServerTLS = kubeControllerTLS @@ -507,7 +507,7 @@ var _ = Describe("kube-controllers rendering tests", func() { Expect(dp.Spec.Template.Spec.Containers[0].Image).To(Equal("test-reg/tigera/kube-controllers:" + components.ComponentTigeraKubeControllers.Version)) }) - It("should render all es-calico-kube-controllers resources for a default configuration using TigeraSecureEnterprise and ClusterType is Management", func() { + It("should render all es-calico-kube-controllers resources for a default configuration using CalicoEnterprise and ClusterType is Management", func() { expectedResources := []struct { name string ns string @@ -526,7 +526,7 @@ var _ = Describe("kube-controllers rendering tests", func() { } // Override configuration to match expected Enterprise config. - instance.Variant = operatorv1.TigeraSecureEnterprise + instance.Variant = operatorv1.CalicoEnterprise cfg.LogStorageExists = true cfg.ManagementCluster = &operatorv1.ManagementCluster{} cfg.KubeControllersGatewaySecret = &testutils.KubeControllersUserSecret @@ -606,7 +606,7 @@ var _ = Describe("kube-controllers rendering tests", func() { instance.ControlPlaneNodeSelector = map[string]string{"nodeName": "control01"} // Simulate enterprise config. - instance.Variant = operatorv1.TigeraSecureEnterprise + instance.Variant = operatorv1.CalicoEnterprise cfg.MetricsPort = 0 component := kubecontrollers.NewCalicoKubeControllers(&cfg) @@ -695,7 +695,7 @@ var _ = Describe("kube-controllers rendering tests", func() { }) It("should add the OIDC prefix env variables", func() { - instance.Variant = operatorv1.TigeraSecureEnterprise + instance.Variant = operatorv1.CalicoEnterprise cfg.LogStorageExists = true cfg.ManagementCluster = &operatorv1.ManagementCluster{} cfg.KubeControllersGatewaySecret = &testutils.KubeControllersUserSecret @@ -962,7 +962,7 @@ var _ = Describe("kube-controllers rendering tests", func() { When("enableESOIDCWorkaround is true", func() { It("should set the ENABLE_ELASTICSEARCH_OIDC_WORKAROUND env variable to true", func() { - instance.Variant = operatorv1.TigeraSecureEnterprise + instance.Variant = operatorv1.CalicoEnterprise cfg.LogStorageExists = true cfg.ManagementCluster = &operatorv1.ManagementCluster{} cfg.KubeControllersGatewaySecret = &testutils.KubeControllersUserSecret @@ -1019,7 +1019,7 @@ var _ = Describe("kube-controllers rendering tests", func() { }) It("should add prometheus annotations to metrics service", func() { - for _, variant := range []operatorv1.ProductVariant{operatorv1.Calico, operatorv1.TigeraSecureEnterprise} { + for _, variant := range []operatorv1.ProductVariant{operatorv1.Calico, operatorv1.CalicoEnterprise} { cfg.Installation.Variant = variant component := kubecontrollers.NewCalicoKubeControllers(&cfg) Expect(component.ResolveImages(nil)).To(BeNil()) @@ -1047,7 +1047,7 @@ var _ = Describe("kube-controllers rendering tests", func() { } else { cfg.ManagementClusterConnection = nil } - instance.Variant = operatorv1.TigeraSecureEnterprise + instance.Variant = operatorv1.CalicoEnterprise defaultDenyPolicy := &v3.NetworkPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "default-deny", @@ -1119,7 +1119,7 @@ var _ = Describe("kube-controllers rendering tests", func() { } else { cfg.ManagementClusterConnection = nil } - instance.Variant = operatorv1.TigeraSecureEnterprise + instance.Variant = operatorv1.CalicoEnterprise cfg.LogStorageExists = true cfg.KubeControllersGatewaySecret = &testutils.KubeControllersUserSecret @@ -1138,7 +1138,7 @@ var _ = Describe("kube-controllers rendering tests", func() { }) It("should render init containers when certificate management is enabled", func() { - instance.Variant = operatorv1.TigeraSecureEnterprise + instance.Variant = operatorv1.CalicoEnterprise cfg.MetricsPort = 9094 ca, _ := tls.MakeCA(rmeta.DefaultOperatorCASignerName()) cert, _, _ := ca.Config.GetPEMBytes() // create a valid pem block diff --git a/pkg/render/logstorage/linseed/linseed_test.go b/pkg/render/logstorage/linseed/linseed_test.go index 38da1f14db..dc71c606c6 100644 --- a/pkg/render/logstorage/linseed/linseed_test.go +++ b/pkg/render/logstorage/linseed/linseed_test.go @@ -608,10 +608,10 @@ var _ = Describe("Linseed rendering tests", func() { }) It("should set LINSEED_PRODUCT_VARIANT to enterprise", func() { cfg.ManagementCluster = true - cfg.Tenant.Spec.ManagedClusterVariant = &operatorv1.TigeraSecureEnterprise + cfg.Tenant.Spec.ManagedClusterVariant = &operatorv1.CalicoEnterprise resources, _ := Linseed(cfg).Objects() d := rtest.GetResource(resources, DeploymentName, cfg.Namespace, appsv1.GroupName, "v1", "Deployment").(*appsv1.Deployment) - Expect(d.Spec.Template.Spec.Containers[0].Env).To(ContainElement(corev1.EnvVar{Name: "LINSEED_PRODUCT_VARIANT", Value: string(operatorv1.TigeraSecureEnterprise)})) + Expect(d.Spec.Template.Spec.Containers[0].Env).To(ContainElement(corev1.EnvVar{Name: "LINSEED_PRODUCT_VARIANT", Value: string(operatorv1.CalicoEnterprise)})) }) It("should not panic if ManagedClusterVariant is not set", func() { cfg.ManagementCluster = true diff --git a/pkg/render/node.go b/pkg/render/node.go index 366d223b06..70df8b6b11 100644 --- a/pkg/render/node.go +++ b/pkg/render/node.go @@ -184,7 +184,7 @@ func (c *nodeComponent) ResolveImages(is *operatorv1.ImageSet) error { return imageName } - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { c.cniImage = appendIfErr(components.GetReference(components.ComponentTigeraCNI, reg, path, prefix, is)) c.nodeImage = appendIfErr(components.GetReference(components.ComponentTigeraNode, reg, path, prefix, is)) c.flexvolImage = appendIfErr(components.GetReference(components.ComponentTigeraFlexVolume, reg, path, prefix, is)) @@ -234,7 +234,7 @@ func (c *nodeComponent) Objects() ([]client.Object, []client.Object) { var objsToDelete []client.Object - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { // Include Service for exposing node metrics. objs = append(objs, c.nodeMetricsService()) } @@ -558,7 +558,7 @@ func (c *nodeComponent) nodeRole() *rbacv1.ClusterRole { }, }, } - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { extraRules := []rbacv1.PolicyRule{ { // Calico Enterprise needs to be able to read additional resources. @@ -1104,7 +1104,7 @@ func (c *nodeComponent) nodeVolumes() []corev1.Volume { } // Override with Tigera-specific config. - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { // Add volume for calico logs. calicoLogVol := corev1.Volume{ Name: "var-log-calico", @@ -1318,7 +1318,7 @@ func (c *nodeComponent) cniEnvvars() []corev1.EnvVar { envVars = append(envVars, c.cfg.K8sServiceEp.EnvVars()...) - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { if c.cfg.Installation.CalicoNetwork != nil && c.cfg.Installation.CalicoNetwork.MultiInterfaceMode != nil { envVars = append(envVars, corev1.EnvVar{Name: "MULTI_INTERFACE_MODE", Value: c.cfg.Installation.CalicoNetwork.MultiInterfaceMode.Value()}) } @@ -1368,7 +1368,7 @@ func (c *nodeComponent) nodeVolumeMounts() []corev1.VolumeMount { if c.vppDataplaneEnabled() { nodeVolumeMounts = append(nodeVolumeMounts, corev1.VolumeMount{MountPath: "/usr/local/bin/felix-plugins", Name: "felix-plugins", ReadOnly: true}) } - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { extraNodeMounts := []corev1.VolumeMount{ {MountPath: "/var/log/calico", Name: "var-log-calico"}, } @@ -1622,7 +1622,7 @@ func (c *nodeComponent) nodeEnvVars() []corev1.EnvVar { nodeEnv = append(nodeEnv, corev1.EnvVar{Name: "FELIX_IPV6SUPPORT", Value: "false"}) } - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { // Add in Calico Enterprise specific configuration. extraNodeEnv := []corev1.EnvVar{ {Name: "FELIX_PROMETHEUSREPORTERENABLED", Value: "true"}, @@ -1729,7 +1729,7 @@ func (c *nodeComponent) nodeLivenessReadinessProbes() (*corev1.Probe, *corev1.Pr readinessCmd := []string{"/bin/calico-node", "-bird-ready", "-felix-ready"} // Want to check for BGP metrics server if this is enterprise - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { readinessCmd = []string{"/bin/calico-node", "-bird-ready", "-felix-ready", "-bgp-metrics-ready"} } diff --git a/pkg/render/node_test.go b/pkg/render/node_test.go index 0413d94490..62d170dddb 100644 --- a/pkg/render/node_test.go +++ b/pkg/render/node_test.go @@ -637,7 +637,7 @@ var _ = Describe("Node rendering tests", func() { } }) - It("should render all resources for a default configuration using TigeraSecureEnterprise", func() { + It("should render all resources for a default configuration using CalicoEnterprise", func() { expectedResources := []struct { name string ns string @@ -655,7 +655,7 @@ var _ = Describe("Node rendering tests", func() { {name: "cni-config", ns: common.CalicoNamespace, group: "", version: "v1", kind: "ConfigMap"}, {name: common.NodeDaemonSetName, ns: common.CalicoNamespace, group: "apps", version: "v1", kind: "DaemonSet"}, } - defaultInstance.Variant = operatorv1.TigeraSecureEnterprise + defaultInstance.Variant = operatorv1.CalicoEnterprise cfg.NodeReporterMetricsPort = 9081 component := render.Node(&cfg) @@ -740,7 +740,7 @@ var _ = Describe("Node rendering tests", func() { }) It("should render felix service metric with FelixPrometheusMetricPort when FelixPrometheusMetricsEnabled is true", func() { - defaultInstance.Variant = operatorv1.TigeraSecureEnterprise + defaultInstance.Variant = operatorv1.CalicoEnterprise cfg.NodeReporterMetricsPort = 9081 cfg.FelixPrometheusMetricsEnabled = true @@ -1625,7 +1625,7 @@ var _ = Describe("Node rendering tests", func() { verifyProbesAndLifecycle(ds, true, false) }) - It("should render all resources when variant is TigeraSecureEnterprise and running on openshift", func() { + It("should render all resources when variant is CalicoEnterprise and running on openshift", func() { expectedResources := []struct { name string ns string @@ -1644,7 +1644,7 @@ var _ = Describe("Node rendering tests", func() { {name: common.NodeDaemonSetName, ns: common.CalicoNamespace, group: "apps", version: "v1", kind: "DaemonSet"}, } - defaultInstance.Variant = operatorv1.TigeraSecureEnterprise + defaultInstance.Variant = operatorv1.CalicoEnterprise defaultInstance.KubernetesProvider = operatorv1.ProviderOpenShift defaultCNIConfDir, defaultCNIBinDir := render.DefaultCNIDirectories(defaultInstance.KubernetesProvider) defaultInstance.CNI.ConfDir, defaultInstance.CNI.BinDir = &defaultCNIConfDir, &defaultCNIBinDir @@ -1730,7 +1730,7 @@ var _ = Describe("Node rendering tests", func() { verifyProbesAndLifecycle(ds, true, true) }) - It("should render all resources when variant is TigeraSecureEnterprise and running on RKE2", func() { + It("should render all resources when variant is CalicoEnterprise and running on RKE2", func() { expectedResources := []struct { name string ns string @@ -1749,7 +1749,7 @@ var _ = Describe("Node rendering tests", func() { {name: common.NodeDaemonSetName, ns: common.CalicoNamespace, group: "apps", version: "v1", kind: "DaemonSet"}, } - defaultInstance.Variant = operatorv1.TigeraSecureEnterprise + defaultInstance.Variant = operatorv1.CalicoEnterprise defaultInstance.KubernetesProvider = operatorv1.ProviderRKE2 defaultCNIConfDir, defaultCNIBinDir := render.DefaultCNIDirectories(defaultInstance.KubernetesProvider) defaultInstance.CNI.ConfDir, defaultInstance.CNI.BinDir = &defaultCNIConfDir, &defaultCNIBinDir @@ -2087,7 +2087,7 @@ var _ = Describe("Node rendering tests", func() { }) It("should not enable prometheus metrics if NodeMetricsPort is nil", func() { - defaultInstance.Variant = operatorv1.TigeraSecureEnterprise + defaultInstance.Variant = operatorv1.CalicoEnterprise defaultInstance.NodeMetricsPort = nil cfg.NodeReporterMetricsPort = 9081 @@ -2110,7 +2110,7 @@ var _ = Describe("Node rendering tests", func() { It("should set FELIX_PROMETHEUSMETRICSPORT with a custom value if NodeMetricsPort is set", func() { var nodeMetricsPort int32 = 1234 - defaultInstance.Variant = operatorv1.TigeraSecureEnterprise + defaultInstance.Variant = operatorv1.CalicoEnterprise defaultInstance.NodeMetricsPort = &nodeMetricsPort component := render.Node(&cfg) Expect(component.ResolveImages(nil)).To(BeNil()) @@ -2865,7 +2865,7 @@ var _ = Describe("Node rendering tests", func() { } if isEnterprise { - defaultInstance.Variant = operatorv1.TigeraSecureEnterprise + defaultInstance.Variant = operatorv1.CalicoEnterprise } defaultInstance.CalicoNetwork.BGP = &bgpOption @@ -3340,7 +3340,7 @@ func verifyInitContainers(ds *appsv1.DaemonSet, instance *operatorv1.Installatio // Calico CNI image should have -fips suffix when FIPS mode is enabled. cniImage = fmt.Sprintf("quay.io/%s%s:%s-fips", components.CalicoImagePath, components.ComponentCalicoCNI.Image, components.ComponentCalicoCNI.Version) } - if instance.Variant == operatorv1.TigeraSecureEnterprise { + if instance.Variant.IsEnterprise() { cniImage = components.TigeraRegistry + "tigera/cni:" + components.ComponentTigeraCNI.Version } Expect(cniContainer.Image).To(Equal(cniImage)) @@ -3374,7 +3374,7 @@ func verifyInitContainers(ds *appsv1.DaemonSet, instance *operatorv1.Installatio }, }, } - if instance.Variant == operatorv1.TigeraSecureEnterprise { + if instance.Variant.IsEnterprise() { if instance.CalicoNetwork != nil && instance.CalicoNetwork.MultiInterfaceMode != nil { expectedCNIEnv = append(expectedCNIEnv, corev1.EnvVar{Name: "MULTI_INTERFACE_MODE", Value: instance.CalicoNetwork.MultiInterfaceMode.Value()}) } @@ -3397,7 +3397,7 @@ func verifyInitContainers(ds *appsv1.DaemonSet, instance *operatorv1.Installatio // Calico Node image should have -fips suffix when FIPS mode is enabled. ebpfImage = fmt.Sprintf("quay.io/%s%s:%s-fips", components.CalicoImagePath, components.ComponentCalicoNode.Image, components.ComponentCalicoNode.Version) } - if instance.Variant == operatorv1.TigeraSecureEnterprise { + if instance.Variant.IsEnterprise() { ebpfImage = components.TigeraRegistry + "tigera/node:" + components.ComponentTigeraNode.Version } Expect(ebpfBootstrap.Image).To(Equal(ebpfImage)) @@ -3427,7 +3427,7 @@ func verifyInitContainers(ds *appsv1.DaemonSet, instance *operatorv1.Installatio flexvolContainer := rtest.GetContainer(ds.Spec.Template.Spec.InitContainers, "flexvol-driver") if instance.FlexVolumePath != "None" { Expect(flexvolContainer).NotTo(BeNil()) - if instance.Variant == operatorv1.TigeraSecureEnterprise { + if instance.Variant.IsEnterprise() { Expect(flexvolContainer.Image).To(Equal(fmt.Sprintf("%s%s%s:%s", components.TigeraRegistry, components.TigeraImagePath, components.ComponentTigeraFlexVolume.Image, components.ComponentTigeraFlexVolume.Version))) } else { Expect(flexvolContainer.Image).To(Equal(fmt.Sprintf("quay.io/%s%s:%s", components.CalicoImagePath, components.ComponentCalicoFlexVolume.Image, components.ComponentCalicoFlexVolume.Version))) diff --git a/pkg/render/policyrecommendation_test.go b/pkg/render/policyrecommendation_test.go index ebc2331c31..459d80a90e 100644 --- a/pkg/render/policyrecommendation_test.go +++ b/pkg/render/policyrecommendation_test.go @@ -408,7 +408,7 @@ var _ = Describe("Policy recommendation rendering tests", func() { cfg.ManagementCluster = true cfg.Tenant = &operatorv1.Tenant{ Spec: operatorv1.TenantSpec{ - ManagedClusterVariant: ptr.ToPtr(operatorv1.TigeraSecureEnterprise), + ManagedClusterVariant: ptr.ToPtr(operatorv1.CalicoEnterprise), }, } component := render.PolicyRecommendation(cfg) diff --git a/pkg/render/render_test.go b/pkg/render/render_test.go index dcb0c3aca2..28f320109a 100644 --- a/pkg/render/render_test.go +++ b/pkg/render/render_test.go @@ -236,7 +236,7 @@ var _ = Describe("Rendering tests", func() { // - 1 Service to expose calico/node metrics. // - 1 Service to expose Windows calico/node metrics. var nodeMetricsPort int32 = 9081 - instance.Variant = operatorv1.TigeraSecureEnterprise + instance.Variant = operatorv1.CalicoEnterprise instance.NodeMetricsPort = &nodeMetricsPort c, err := allCalicoComponents(k8sServiceEp, instance, nil, nil, nil, typhaNodeTLS, nil, nil, false, "", dns.DefaultClusterDomain, 9094, 0, nil, nil) Expect(err).To(BeNil(), "Expected Calico to create successfully %s", err) @@ -248,7 +248,7 @@ var _ = Describe("Rendering tests", func() { // - X Same as default config for EE // - pass in InternalManagerTLSSecret var nodeMetricsPort int32 = 9081 - instance.Variant = operatorv1.TigeraSecureEnterprise + instance.Variant = operatorv1.CalicoEnterprise instance.NodeMetricsPort = &nodeMetricsPort c, err := allCalicoComponents(k8sServiceEp, instance, &operatorv1.ManagementCluster{}, nil, nil, typhaNodeTLS, internalManagerKeyPair, nil, false, "", dns.DefaultClusterDomain, 9094, 0, nil, nil) diff --git a/pkg/render/typha.go b/pkg/render/typha.go index 00c736e75c..56d1c4d80c 100644 --- a/pkg/render/typha.go +++ b/pkg/render/typha.go @@ -99,7 +99,7 @@ func (c *typhaComponent) ResolveImages(is *operatorv1.ImageSet) error { path := c.cfg.Installation.ImagePath prefix := c.cfg.Installation.ImagePrefix var err error - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { c.typhaImage, err = components.GetReference(components.ComponentTigeraTypha, reg, path, prefix, is) } else { if operatorv1.IsFIPSModeEnabled(c.cfg.Installation.FIPSMode) { @@ -356,7 +356,7 @@ func (c *typhaComponent) typhaRole() *rbacv1.ClusterRole { }, }, } - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { extraRules := []rbacv1.PolicyRule{ { // Tigera Secure needs to be able to read licenses, and config. @@ -629,7 +629,7 @@ func (c *typhaComponent) typhaEnvVars(typhaSecret certificatemanagement.KeyPairI typhaEnv = append(typhaEnv, corev1.EnvVar{Name: "FELIX_INTERFACEPREFIX", Value: "azv"}) } - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { if c.cfg.Installation.CalicoNetwork != nil && c.cfg.Installation.CalicoNetwork.MultiInterfaceMode != nil { typhaEnv = append(typhaEnv, corev1.EnvVar{ Name: "MULTI_INTERFACE_MODE", diff --git a/pkg/render/typha_test.go b/pkg/render/typha_test.go index 8a3a76b39d..9f513bc6ff 100644 --- a/pkg/render/typha_test.go +++ b/pkg/render/typha_test.go @@ -484,7 +484,7 @@ var _ = Describe("Typha rendering tests", func() { }) It("should not enable prometheus metrics if TyphaMetricsPort is nil", func() { - installation.Variant = operatorv1.TigeraSecureEnterprise + installation.Variant = operatorv1.CalicoEnterprise installation.TyphaMetricsPort = nil component := render.Typha(&cfg) Expect(component.ResolveImages(nil)).To(BeNil()) @@ -500,7 +500,7 @@ var _ = Describe("Typha rendering tests", func() { It("should set TYPHA_PROMETHEUSMETRICSPORT with a custom value if TyphaMetricsPort is set", func() { var typhaMetricsPort int32 = 1234 - installation.Variant = operatorv1.TigeraSecureEnterprise + installation.Variant = operatorv1.CalicoEnterprise installation.TyphaMetricsPort = &typhaMetricsPort component := render.Typha(&cfg) Expect(component.ResolveImages(nil)).To(BeNil()) diff --git a/pkg/render/webhooks/render.go b/pkg/render/webhooks/render.go index 4ce74f7269..0536666226 100644 --- a/pkg/render/webhooks/render.go +++ b/pkg/render/webhooks/render.go @@ -79,7 +79,7 @@ func (c *component) ResolveImages(is *operatorv1.ImageSet) error { prefix := c.cfg.Installation.ImagePrefix var err error - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { c.webhooksImage, err = components.GetReference(components.ComponentTigeraWebhooks, reg, path, prefix, is) } else { c.webhooksImage, err = components.GetReference(components.ComponentCalicoWebhooks, reg, path, prefix, is) @@ -104,7 +104,7 @@ func (c *component) Objects() ([]client.Object, []client.Object) { // Create the correct security context for the webhook container. By default, it should run as non-root, but in Enterprise // we need to run as root to be able to write audit logs to the host filesystem. securtyContext := securitycontext.NewNonRootContext() - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { securtyContext = securitycontext.NewRootContext(c.cfg.Installation.KubernetesProvider.IsOpenShift()) } @@ -437,7 +437,7 @@ func (c *component) Objects() ([]client.Object, []client.Object) { }, } - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { rules = append(rules, rbacv1.PolicyRule{ // The ManagedCluster cleanup controller watches ManagedCluster objects and clears their @@ -488,7 +488,7 @@ func (c *component) Objects() ([]client.Object, []client.Object) { objs = append(objs, np) } objs = append(objs, dep, svc, vwc) - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { objs = append(objs, mwc) } objs = append(objs, cr, crb) diff --git a/pkg/render/webhooks/render_test.go b/pkg/render/webhooks/render_test.go index ae65da4c64..f5ad9b49ee 100644 --- a/pkg/render/webhooks/render_test.go +++ b/pkg/render/webhooks/render_test.go @@ -115,7 +115,7 @@ var _ = Describe("Webhooks rendering tests", func() { }) It("should render all resources for Enterprise with the correct image", func() { - installation.Variant = operatorv1.TigeraSecureEnterprise + installation.Variant = operatorv1.CalicoEnterprise component := webhooks.Component(cfg) Expect(component.ResolveImages(nil)).NotTo(HaveOccurred()) resources, _ := component.Objects() diff --git a/pkg/render/whisker/component_test.go b/pkg/render/whisker/component_test.go index 28aaed763c..261873f93a 100644 --- a/pkg/render/whisker/component_test.go +++ b/pkg/render/whisker/component_test.go @@ -65,7 +65,7 @@ var _ = Describe("ComponentRendering", func() { &whisker.Configuration{ Installation: &operatorv1.InstallationSpec{ KubernetesProvider: operatorv1.ProviderGKE, - Variant: operatorv1.TigeraSecureEnterprise, + Variant: operatorv1.CalicoEnterprise, }, TrustedCertBundle: defaultTrustedCertBundle, WhiskerBackendKeyPair: defaultTLSKeyPair, diff --git a/pkg/render/windows.go b/pkg/render/windows.go index 1305ee8b8a..0ffcd04bbe 100644 --- a/pkg/render/windows.go +++ b/pkg/render/windows.go @@ -77,7 +77,7 @@ func (c *windowsComponent) ResolveImages(is *operatorv1.ImageSet) error { return imageName } - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { c.cniImage = appendIfErr(components.GetReference(components.ComponentTigeraCNIWindows, reg, path, prefix, is)) c.nodeImage = appendIfErr(components.GetReference(components.ComponentTigeraNodeWindows, reg, path, prefix, is)) } else { @@ -116,7 +116,7 @@ func (c *windowsComponent) Objects() ([]client.Object, []client.Object) { objs := []client.Object{} - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { // Include Service for exposing node metrics. objs = append(objs, c.nodeMetricsService()) } @@ -393,7 +393,7 @@ func (c *windowsComponent) windowsVolumes() []corev1.Volume { } // Override with Tigera-specific config. - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { // Add volume for calico logs. calicoLogVol := corev1.Volume{ Name: "var-log-calico", @@ -659,7 +659,7 @@ func (c *windowsComponent) windowsEnvVars() []corev1.EnvVar { windowsEnv = append(windowsEnv, corev1.EnvVar{Name: "FELIX_IPV6SUPPORT", Value: "false"}) } - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { // Add in Calico Enterprise specific configuration. extraNodeEnv := []corev1.EnvVar{ {Name: "FELIX_PROMETHEUSREPORTERENABLED", Value: "true"}, @@ -697,13 +697,13 @@ func (c *windowsComponent) windowsEnvVars() []corev1.EnvVar { // Configure provider specific environment variables here. switch c.cfg.Installation.KubernetesProvider { case operatorv1.ProviderOpenShift: - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { // We need to configure a non-default trusted DNS server, since there's no kube-dns. windowsEnv = append(windowsEnv, corev1.EnvVar{Name: "FELIX_DNSTRUSTEDSERVERS", Value: "k8s-service:openshift-dns/dns-default"}) } case operatorv1.ProviderRKE2: // For RKE2, configure a non-default trusted DNS server, as the DNS service is not named "kube-dns". - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { windowsEnv = append(windowsEnv, corev1.EnvVar{Name: "FELIX_DNSTRUSTEDSERVERS", Value: "k8s-service:kube-system/rke2-coredns-rke2-coredns"}) } } @@ -726,7 +726,7 @@ func (c *windowsComponent) windowsVolumeMounts() []corev1.VolumeMount { corev1.VolumeMount{MountPath: "/var/run/calico", Name: "var-run-calico"}, corev1.VolumeMount{MountPath: "/var/lib/calico", Name: "var-lib-calico"}) - if c.cfg.Installation.Variant == operatorv1.TigeraSecureEnterprise { + if c.cfg.Installation.Variant.IsEnterprise() { extraNodeMounts := []corev1.VolumeMount{ {MountPath: "/var/log/calico", Name: "var-log-calico"}, } diff --git a/pkg/render/windows_test.go b/pkg/render/windows_test.go index 922c512490..1522a3795d 100644 --- a/pkg/render/windows_test.go +++ b/pkg/render/windows_test.go @@ -662,7 +662,7 @@ var _ = Describe("Windows rendering tests", func() { } }) - It("should render all resources for a default configuration using TigeraSecureEnterprise", func() { + It("should render all resources for a default configuration using CalicoEnterprise", func() { type testConf struct { EnableBGP bool EnableVXLAN bool @@ -698,7 +698,7 @@ var _ = Describe("Windows rendering tests", func() { {name: "cni-config-windows", ns: common.CalicoNamespace, group: "", version: "v1", kind: "ConfigMap"}, {name: common.WindowsDaemonSetName, ns: common.CalicoNamespace, group: "apps", version: "v1", kind: "DaemonSet"}, } - defaultInstance.Variant = operatorv1.TigeraSecureEnterprise + defaultInstance.Variant = operatorv1.CalicoEnterprise cfg.NodeReporterMetricsPort = 9081 component := render.Windows(&cfg) @@ -1678,7 +1678,7 @@ var _ = Describe("Windows rendering tests", func() { verifyWindowsProbesAndLifecycle(ds) }) - It("should render all resources when variant is TigeraSecureEnterprise and running on openshift", func() { + It("should render all resources when variant is CalicoEnterprise and running on openshift", func() { expectedResources := []struct { name string ns string @@ -1691,7 +1691,7 @@ var _ = Describe("Windows rendering tests", func() { {name: common.WindowsDaemonSetName, ns: common.CalicoNamespace, group: "apps", version: "v1", kind: "DaemonSet"}, } - defaultInstance.Variant = operatorv1.TigeraSecureEnterprise + defaultInstance.Variant = operatorv1.CalicoEnterprise defaultInstance.KubernetesProvider = operatorv1.ProviderOpenShift cfg.NodeReporterMetricsPort = 9081 @@ -1834,7 +1834,7 @@ var _ = Describe("Windows rendering tests", func() { verifyWindowsProbesAndLifecycle(ds) }) - It("should render all resources when variant is TigeraSecureEnterprise and running on RKE2", func() { + It("should render all resources when variant is CalicoEnterprise and running on RKE2", func() { expectedResources := []struct { name string ns string @@ -1847,7 +1847,7 @@ var _ = Describe("Windows rendering tests", func() { {name: common.WindowsDaemonSetName, ns: common.CalicoNamespace, group: "apps", version: "v1", kind: "DaemonSet"}, } - defaultInstance.Variant = operatorv1.TigeraSecureEnterprise + defaultInstance.Variant = operatorv1.CalicoEnterprise defaultInstance.KubernetesProvider = operatorv1.ProviderRKE2 cfg.NodeReporterMetricsPort = 9081 @@ -2134,7 +2134,7 @@ var _ = Describe("Windows rendering tests", func() { }) It("should not enable prometheus metrics if NodeMetricsPort is nil", func() { - defaultInstance.Variant = operatorv1.TigeraSecureEnterprise + defaultInstance.Variant = operatorv1.CalicoEnterprise defaultInstance.NodeMetricsPort = nil cfg.NodeReporterMetricsPort = 9081 @@ -2157,7 +2157,7 @@ var _ = Describe("Windows rendering tests", func() { It("should set FELIX_PROMETHEUSMETRICSPORT with a custom value if NodeMetricsPort is set", func() { var nodeMetricsPort int32 = 1234 - defaultInstance.Variant = operatorv1.TigeraSecureEnterprise + defaultInstance.Variant = operatorv1.CalicoEnterprise defaultInstance.NodeMetricsPort = &nodeMetricsPort component := render.Windows(&cfg) Expect(component.ResolveImages(nil)).To(BeNil()) diff --git a/pkg/tls/certificatemanagement/csr.go b/pkg/tls/certificatemanagement/csr.go index 627d33668f..5b7de017e9 100644 --- a/pkg/tls/certificatemanagement/csr.go +++ b/pkg/tls/certificatemanagement/csr.go @@ -92,7 +92,7 @@ func CreateCSRInitContainer( // ResolveCsrInitImage resolves the image needed for the CSR init image taking into account the specified ImageSet func ResolveCSRInitImage(inst *operatorv1.InstallationSpec, is *operatorv1.ImageSet) (string, error) { - if inst.Variant == operatorv1.TigeraSecureEnterprise { + if inst.Variant.IsEnterprise() { return components.GetReference( components.ComponentTigeraCSRInitContainer, inst.Registry, diff --git a/test/crd_management_test.go b/test/crd_management_test.go index 8003e04805..063e458c8c 100644 --- a/test/crd_management_test.go +++ b/test/crd_management_test.go @@ -57,7 +57,7 @@ var _ = Describe("CRD management tests", func() { Scheme: scheme, }) Expect(err).NotTo(HaveOccurred()) - verifyCRDsExist(c, operator.TigeraSecureEnterprise) + verifyCRDsExist(c, operator.CalicoEnterprise) // Save the networkpolicies CRD so we can restore it when finished npCRD = &apiextenv1.CustomResourceDefinition{ @@ -186,7 +186,7 @@ var _ = Describe("CRD management tests", func() { }) It("Should add tier to networkpolicy CRD", func() { c, shutdownContext, cancel, mgr = setupManager(ManageCRDsEnable, SingleTenant, EnterpriseCRDsExist) - operatorDone = createInstallation(c, mgr, shutdownContext, &operator.InstallationSpec{Variant: operator.TigeraSecureEnterprise}) + operatorDone = createInstallation(c, mgr, shutdownContext, &operator.InstallationSpec{Variant: operator.CalicoEnterprise}) By("Checking that the networkpolicies CRD is updated with tier") Eventually(func() error { diff --git a/test/gatewayapi_test.go b/test/gatewayapi_test.go index 413827f548..7ac007e315 100644 --- a/test/gatewayapi_test.go +++ b/test/gatewayapi_test.go @@ -75,7 +75,7 @@ var _ = Describe("GatewayAPI tests", func() { cleanupResources(c) By("Verifying CRDs are installed") - verifyCRDsExist(c, operator.TigeraSecureEnterprise) + verifyCRDsExist(c, operator.CalicoEnterprise) By("Creating the tigera-operator namespace, if it doesn't exist") ns := &corev1.Namespace{ @@ -150,7 +150,7 @@ var _ = Describe("GatewayAPI tests", func() { ObjectMeta: metav1.ObjectMeta{Name: "default"}, Spec: operator.InstallationSpec{ Registry: "myregistry.io/", - Variant: operator.TigeraSecureEnterprise, + Variant: operator.CalicoEnterprise, }, } err := c.Create(shutdownContext, instance) @@ -161,7 +161,7 @@ var _ = Describe("GatewayAPI tests", func() { Expect(err).NotTo(HaveOccurred()) // Update the status to set variant to Enterprise. - instance.Status.Variant = operator.TigeraSecureEnterprise + instance.Status.Variant = operator.CalicoEnterprise err = c.Status().Update(shutdownContext, instance) Expect(err).NotTo(HaveOccurred()) @@ -190,7 +190,7 @@ var _ = Describe("GatewayAPI tests", func() { Eventually(getGatewayClassNames, "10s").Should(ConsistOf("tigera-gateway-class:tigera-gateway-class")) By("Now configuring two custom classes") - err = c.Get(shutdownContext, utils.DefaultTSEEInstanceKey, gatewayAPI) + err = c.Get(shutdownContext, utils.DefaultEnterpriseInstanceKey, gatewayAPI) Expect(err).NotTo(HaveOccurred()) gatewayAPI.Spec.GatewayClasses = []operator.GatewayClassSpec{{ Name: "custom-class-1", @@ -204,7 +204,7 @@ var _ = Describe("GatewayAPI tests", func() { Eventually(getGatewayClassNames, "10s").Should(ConsistOf("custom-class-1:custom-class-1", "custom-class-2:custom-class-2")) By("Deconfiguring one of the custom classes") - err = c.Get(shutdownContext, utils.DefaultTSEEInstanceKey, gatewayAPI) + err = c.Get(shutdownContext, utils.DefaultEnterpriseInstanceKey, gatewayAPI) Expect(err).NotTo(HaveOccurred()) gatewayAPI.Spec.GatewayClasses = []operator.GatewayClassSpec{{ Name: "custom-class-1", @@ -216,7 +216,7 @@ var _ = Describe("GatewayAPI tests", func() { Eventually(getGatewayClassNames, "10s").Should(ConsistOf("custom-class-1:custom-class-1")) By("Reverting to the default GatewayAPI") - err = c.Get(shutdownContext, utils.DefaultTSEEInstanceKey, gatewayAPI) + err = c.Get(shutdownContext, utils.DefaultEnterpriseInstanceKey, gatewayAPI) Expect(err).NotTo(HaveOccurred()) gatewayAPI.Spec.GatewayClasses = nil err = c.Update(shutdownContext, gatewayAPI) @@ -233,7 +233,7 @@ var _ = Describe("GatewayAPI tests", func() { ObjectMeta: metav1.ObjectMeta{Name: "default"}, Spec: operator.InstallationSpec{ Registry: "myregistry.io/", - Variant: operator.TigeraSecureEnterprise, + Variant: operator.CalicoEnterprise, }, } err := c.Create(shutdownContext, instance) @@ -244,7 +244,7 @@ var _ = Describe("GatewayAPI tests", func() { Expect(err).NotTo(HaveOccurred()) // Update the status to set variant to Enterprise. - instance.Status.Variant = operator.TigeraSecureEnterprise + instance.Status.Variant = operator.CalicoEnterprise err = c.Status().Update(shutdownContext, instance) Expect(err).NotTo(HaveOccurred()) @@ -278,7 +278,7 @@ var _ = Describe("GatewayAPI tests", func() { }, "10s").ShouldNot(HaveOccurred()) By("Updating GatewayAPI with that custom EnvoyProxy") - err = c.Get(shutdownContext, utils.DefaultTSEEInstanceKey, gatewayAPI) + err = c.Get(shutdownContext, utils.DefaultEnterpriseInstanceKey, gatewayAPI) Expect(err).NotTo(HaveOccurred()) gatewayAPI.Spec.GatewayClasses = []operator.GatewayClassSpec{{ Name: "custom-gc", @@ -321,7 +321,7 @@ var _ = Describe("GatewayAPI tests", func() { ObjectMeta: metav1.ObjectMeta{Name: "default"}, Spec: operator.InstallationSpec{ Registry: "myregistry.io/", - Variant: operator.TigeraSecureEnterprise, + Variant: operator.CalicoEnterprise, }, } err := c.Create(shutdownContext, instance) @@ -332,7 +332,7 @@ var _ = Describe("GatewayAPI tests", func() { Expect(err).NotTo(HaveOccurred()) // Update the status to set variant to Enterprise. - instance.Status.Variant = operator.TigeraSecureEnterprise + instance.Status.Variant = operator.CalicoEnterprise err = c.Status().Update(shutdownContext, instance) Expect(err).NotTo(HaveOccurred()) @@ -416,7 +416,7 @@ var _ = Describe("GatewayAPI tests", func() { ObjectMeta: metav1.ObjectMeta{Name: "default"}, Spec: operator.InstallationSpec{ Registry: "myregistry.io/", - Variant: operator.TigeraSecureEnterprise, + Variant: operator.CalicoEnterprise, }, } err := c.Create(shutdownContext, instance) @@ -427,7 +427,7 @@ var _ = Describe("GatewayAPI tests", func() { Expect(err).NotTo(HaveOccurred()) // Update the status to set variant to Enterprise. - instance.Status.Variant = operator.TigeraSecureEnterprise + instance.Status.Variant = operator.CalicoEnterprise err = c.Status().Update(shutdownContext, instance) Expect(err).NotTo(HaveOccurred()) diff --git a/test/mainline_test.go b/test/mainline_test.go index 711d1ebd07..17cf87c51f 100644 --- a/test/mainline_test.go +++ b/test/mainline_test.go @@ -79,7 +79,7 @@ var _ = Describe("Mainline component function tests", func() { cleanupResources(c) By("Verifying CRDs are installed") - verifyCRDsExist(c, operator.TigeraSecureEnterprise) + verifyCRDsExist(c, operator.CalicoEnterprise) By("Creating the tigera-operator namespace, if it doesn't exist") ns := &corev1.Namespace{ diff --git a/test/pool_test.go b/test/pool_test.go index 4a1d6310b5..c7cc2b00fd 100644 --- a/test/pool_test.go +++ b/test/pool_test.go @@ -61,7 +61,7 @@ var _ = Describe("IPPool FV tests", func() { cleanupResources(c) By("Verifying CRDs are installed") - verifyCRDsExist(c, operator.TigeraSecureEnterprise) + verifyCRDsExist(c, operator.CalicoEnterprise) By("Creating the tigera-operator namespace, if it doesn't exist") ns := &corev1.Namespace{