Skip to content

Rename allow-tigera Tier to calico-system#4438

Open
radixo wants to merge 2 commits intotigera:masterfrom
radixo:rename-allow-tigera
Open

Rename allow-tigera Tier to calico-system#4438
radixo wants to merge 2 commits intotigera:masterfrom
radixo:rename-allow-tigera

Conversation

@radixo
Copy link
Contributor

@radixo radixo commented Feb 13, 2026

Description

This PR renames allow-tigera Tier to calico-system with the purpose to enable this Tier on Calico OSS.
All the files were changed only applying regex replaces on a few allow-tigera patterns.
Specially for the tigera-operator a cleanup routine was appended to tier's controller and render.

Release Note

The Tier allow-tigera has been renamed to calico-system.

If your Calico installation does not use the Tigera Operator, or if you have created custom Network Policies within this Tier, you must manually update your resources to reference the new Tier name.

Please review and adjust any affected policies to ensure continued correct behavior.

For PR author

  • Tests for change.
  • If changing pkg/apis/, run make gen-files
  • If changing versions, run make gen-versions

For PR reviewers

A note for code reviewers - all pull requests must have the following:

  • Milestone set according to targeted release.
  • Appropriate labels:
    • kind/bug if this is a bugfix.
    • kind/enhancement if this is a a new feature.
    • enterprise if this PR applies to Calico Enterprise only.

@radixo
Rename allow-tigera Tier to calico-system
bec7b13 
The change was made by only replacing the following patterns in all
files:
- s/\ballow-tigera\b/calico-system/g
- s/allowTigera/calicoSystem/g
- s/AllowTigera/CalicoSystem/g
@radixo
allow-tigera Tier cleanup
ad08a62 
tiers_controller implementation to send to tiers render the objects
needed to clean up the allow-tigera deprecated tier.
@radixo radixo requested a review from a team as a code owner February 13, 2026 12:40
@marvin-tigera marvin-tigera added this to the v1.42.0 milestone Feb 13, 2026
caseydavenport
caseydavenport reviewed Feb 18, 2026
View reviewed changes
Copy link
Member

@caseydavenport caseydavenport left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A couple of small comments but overall looking like what I expected!

pkg/controller/tiers/tiers_controller.go
return &tiersConfig, nil
}

func (r *ReconcileTiers) fetchDeprecatedObjs(ctx context.Context, tiersConfig *tiers.Config) (err error) {
Copy link
Member

@caseydavenport caseydavenport Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally easier to read if the code doesn't use side-effects like this and just returns the objects instead of modifying the input.

That said, we should know exactly which objects we need to delete without querying the cluster, right?

What happens if a user has created their own policy within the allow-tigera tier? What will our code do? What should our code do?

I think it probably needs to spot that and abort, warning the user? WDYT?

pkg/render/tiers/tiers.go
}

// Deprecate allow-tigera Tier
allowTigeraClusterDNSPolicy := t.calicoSystemClusterDNSPolicy()
Copy link
Member

@caseydavenport caseydavenport Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need this explicitly here? Shouldn't it already be part of DeprecatedObjs?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@caseydavenport caseydavenport caseydavenport left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

docs-pr-required release-note-required

Projects

None yet

Milestone

v1.42.0

Development

Successfully merging this pull request may close these issues.

3 participants

@radixo @caseydavenport @marvin-tigera

Comments