Extract variant branches into a generic extension mechanism#4871
Draft
caseydavenport wants to merge 16 commits into
Draft
Extract variant branches into a generic extension mechanism#4871caseydavenport wants to merge 16 commits into
caseydavenport wants to merge 16 commits into
Conversation
Add WithContext/ComponentHandlerOption to NewComponentHandler (variadic, backward-compatible) and call operator.ApplyPatches in CreateOrUpdateOrDelete for components implementing render.Named.
Pulls the enterprise RBAC extra-rules and MULTI_INTERFACE_MODE env branches out of pkg/render/typha.go into a new pkg/enterprise package. The enterprise package registers a patch via operator.Patch on startup; pkg/render/typha.go now has zero IsEnterprise branches.
Calls enterprise.Register() at startup so the typha modifier is wired in. Builds an operator.Context in the installation reconciler and passes it to the component handler so registered modifiers receive reconcile-derived state.
Extracts the image override registry into a leaf pkg/imageoverride package (no render/operator transitive deps) to avoid the render→operator import cycle. operator.OverrideImage/ResolveImage now delegate there. Registers the enterprise node image override in pkg/enterprise. Removes the IsEnterprise image switch from render/node.go; FIPS handling is preserved via a post-resolve check.
…sion The OSS installation controller no longer directly creates the node-prometheus keypair or fetches the prometheus/esgw certs. Those are now handled by a registered InstallationExtension in pkg/enterprise. Port value derivation and the kube-controller TLS block remain in the OSS controller unchanged.
Moves the calico-node-metrics Service out of OSS node render and into the enterprise node modifier, where it derives ports from ctx.FelixConfiguration. Also exports NodeBGPReporterPort so the modifier can reference it.
# Conflicts: # pkg/controller/installation/core_controller_test.go # pkg/controller/utils/component.go # pkg/render/node.go
caseydavenport
commented
Jun 3, 2026
The registry package is renamed to extensions. The installation controller builds the render context through a registered factory, and the componentHandler applies registered modifiers to component output. The node and typha variant branches now live in enterprise modifiers, and the calico log directory is mounted for both variants.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is phase 1 of prepping the operator for the monorepo merge. The goal is to get the variant branches (the
IsEnterprise()checks) out of the core operator render code and into a generic extension mechanism, so enterprise can self-register its modifications instead of core code having to know about them.Description
Adds the extension primitives in
pkg/extensions:pkg/imageoverrideleaf package to avoid an import cycle;pkg/extensionsdelegates to it.RenderContexthanded to modifiers through a registered factory, which also does the per-controller side-effecting work (cert creation, bundle assembly, validation). The core operator default does nothing variant-specific.Enterprise wiring lives in
pkg/enterprise, which self-registers all of this throughenterprise.Register().De-varianting progress
The metric is zero
IsEnterprise()branches left in the core render/controller code for each component - they all move intopkg/enterprise:typha and node are done. Image selection routes through the override registry, and all of node's variant branches (RBAC for node and the CNI plugin, volumes, CNI env, Felix env, readiness probe, the metrics service, and the prometheus cert/bundle setup) now live in enterprise modifiers. The calico log directory is mounted for both variants so the modifier doesn't have to special-case it.
Still deferred
Behavior is preserved. The test gate is the union of the existing core tests plus the relocated enterprise assertions, all passing.