Render Calico OSS from individual images and fix VAP tests for v3.32#4946
Open
caseydavenport wants to merge 3 commits into
Open
Render Calico OSS from individual images and fix VAP tests for v3.32#4946caseydavenport wants to merge 3 commits into
caseydavenport wants to merge 3 commits into
Conversation
The combined calico/calico image is only published for Enterprise on this branch, so render the standalone per-component images for the Calico OSS variant and keep the combined image for Enterprise.
caseydavenport
added
kind/bug
marvin-tigera
added
docs-pr-required
release-note-required
and removed
kind/bug
Calico OSS does not ship a ValidatingAdmissionPolicy on this release, so expect none for the Calico variant and exercise VAP creation via Enterprise. Also drops the redundant comments added with the image change.
caseydavenport
changed the title
Calico OSS deploys the individual per-component images, and the combined calico/calico image is not published for v3.32, so pulling it failed FV setup.
pasanw
reviewed
Jun 19, 2026
|
|
||
| IMAGE_TARS := calico-calico.tar \ | ||
| calico-node.tar \ | ||
| IMAGE_TARS := calico-node.tar \ |
Contributor
There was a problem hiding this comment.
Since OSS is back to rendering the per-component images, we probably need to restore the per-component tars here (apiserver, cni, pod2daemon-flexvol, kube-controllers, typha, csi, node-driver-registrar, goldmane, whisker-backend) the way they were before the combined image, otherwise FV won't have them preloaded.
| variant: calicoVariant, | ||
| } | ||
|
|
||
| // CalicoImages omits ComponentCalico: Calico OSS ships the individual |
Contributor
There was a problem hiding this comment.
Might be safer to remove ComponentCalico and have CombinedCalicoImage panic if it's ever called on OSS.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Bug fix.
release-v1.43ships Calico Enterprise v3.24 EP1, which builds the combined image, but pins Calico OSS to v3.32, which was cut before the combined image existed for OSS. The branch was cut from master after the operator had already moved every component onto the combined image, so the Calico OSS variant references an image tag that was never published. This shows up as persistent FV failures looking for the v3.32 combined image.This makes image selection variant-aware. The Calico OSS variant now renders the standalone per-component images using their own entrypoints and health probes, and Calico Enterprise keeps the combined image. Components touched: calico-node (plus the CNI and flexvol installers), Typha, kube-controllers, apiserver, CSI (driver and node-driver-registrar), Goldmane, the Whisker backend, the webhooks controller, Guardian, Windows, and the certificate-management CSR init container.
Same root cause on the admission side: v3.32 ships no Calico ValidatingAdmissionPolicy (the branch-prep commit dropped it along with the v3.32 CRDs), but the VAP tests still expected one. They now expect none for the Calico variant and exercise VAP creation through Enterprise, which still ships it.
FIPS images are intentionally not restored - FIPS support was removed on this branch and no render path references it.
Tested with the operator unit tests.
Release Note
For PR author
make gen-filesmake gen-versionsFor PR reviewers
A note for code reviewers - all pull requests must have the following:
kind/bugif this is a bugfix.kind/enhancementif this is a a new feature.enterpriseif this PR applies to Calico Enterprise only.