Move Calico API server from calico-apiserver namespace to calico-system for OSS#3989
Conversation
vara2504
force-pushed
the
oss_apiserver_ns
branch
2 times, most recently
from
cb6feab to
307061b
Compare
vara2504
force-pushed
the
oss_apiserver_ns
branch
from
582fdae to
4783149
Compare
pkg/render/apiserver.go
Outdated
| } else { | ||
| // Create any Calico-only objects | ||
| globalObjects = append(globalObjects, globalCalicoObjects...) | ||
| objsToDelete = append(objsToDelete, c.cleanupDeployment()) |
There was a problem hiding this comment.
cleanupDeployment ensures cleanup of the calico-apiserver deployment during OSS to EE upgrades, where the API server is replaced by the tigera-apiserver deployment.
| oldNamespace = "tigera-system" | ||
| deploymentName = "tigera-apiserver" | ||
| ) | ||
| func (r *ReconcileAPIServer) canCleanupLegacyNamespace(ctx context.Context, variant operatorv1.ProductVariant, logger logr.Logger) bool { |
There was a problem hiding this comment.
Will this clean up calico-apiserver if you upgrade from oss(operator v1.n-1)->ee?
Should this method iterate over both namespaces instead to ensure the removal of both?
There was a problem hiding this comment.
It should handle cleaning up the calico-apiserver deployment, as both the calico-apiserver deployment and the tigera-system namespace are removed once canCleanupLegacyNamespace is true here in getDeprecatedResources.
https://github.com/tigera/operator/pull/3989/files#diff-88957f5c859486b2cbf260254b87b36b75fadbc99bfd38c01ea29dc0ac22a260R2340
If we're switching from OSS to the enterprise variant, the OSS namespace will need to be cleaned up anyway, and I believe EE doesn't have a dependency on the OSS apiserver component to come up. This means we can directly clean up the calico-apiserver namespace. (correct me if i am missing something).
We only need to iterate over the namespaces when migrating the APIServer between namespaces within the same variant. This is because, in order to run the apiserver inside the calico-system namespace, we need to create some allow-tigera policy rules in calico-system, which requires the apiserver deployment to be up and running in tigera-system.
|
Vara, should we also make it so that we no longer have a different name for the deployment based on the Variant? I.e. remove |
4 participants
Description
Release Note
For PR author
make gen-filesmake gen-versionsFor PR reviewers
A note for code reviewers - all pull requests must have the following:
kind/bugif this is a bugfix.kind/enhancementif this is a a new feature.enterpriseif this PR applies to Calico Enterprise only.