Promote feature gate AntreaProxy to GA #5401
Conversation
hongliangl
force-pushed
the
20230816-upgrade-proxy-2
branch
from
6749715
to
8ccee5f
Compare
|
You also need to update the doc |
hongliangl
force-pushed
the
20230816-upgrade-proxy-2
branch
2 times, most recently
from
f85650a
to
e49e22b
Compare
| @@ -52,7 +52,7 @@ func Test_getGatesResponse(t *testing.T) { | |||
| }, | |||
| want: []Response{ | |||
| {Component: "agent", Name: "AntreaPolicy", Status: "Disabled", Version: "BETA"}, | |||
| {Component: "agent", Name: "AntreaProxy", Status: "Enabled", Version: "BETA"}, | |||
| {Component: "agent", Name: "AntreaProxy", Status: "Enabled"}, | |||
There was a problem hiding this comment.
why aren't we using Version: "GA" here?
There was a problem hiding this comment.
In "k8s.io/component-base/featuregate", we can see that GA is empty string:
const (
// Values for PreRelease.
Alpha = prerelease("ALPHA")
Beta = prerelease("BETA")
GA = prerelease("")
// Deprecated
Deprecated = prerelease("DEPRECATED")
)I have added an if condition to handle this. If we get an empty string, we use "GA" to replace it.
hongliangl
force-pushed
the
20230816-upgrade-proxy-2
branch
6 times, most recently
from
cb6e959
to
dcef48e
Compare
hongliangl
added
the
action/release-note
|
@hongliangl please resolve the code conflicts. Thanks. |
hongliangl
force-pushed
the
20230816-upgrade-proxy-2
branch
from
dcef48e
to
b2dc9aa
Compare
Done |
hongliangl
force-pushed
the
20230816-upgrade-proxy-2
branch
from
b2dc9aa
to
00c7f01
Compare
docs/feature-gates.md
Outdated
| @@ -372,7 +367,7 @@ Refer to this [document](external-node.md) for more information. | |||
| #### Requirements for this Feature | |||
|
|
|||
| Since Antrea Agent is running on an unmanaged VM/BM when this feature is enabled, features designed for K8s Pods are | |||
| disabled. As of now, this feature requires that `AntreaProxy` and `NetworkPolicyStats` are also enabled. | |||
| disabled. As of now, this feature requires that AntreaProxy and feature `NetworkPolicyStats` are also enabled. | |||
There was a problem hiding this comment.
Why would ExternalNode require AntreaProxy, I think this was a typo, which meant to say AntreaPolicy? @wenyingd
hongliangl
force-pushed
the
20230816-upgrade-proxy-2
branch
3 times, most recently
from
cc91eb2
to
574c22f
Compare
docs/feature-gates.md
Outdated
| @@ -89,8 +87,7 @@ for more information about EndpointSlice. If this feature is enabled but the End | |||
|
|
|||
| #### Requirements for this Feature | |||
|
|
|||
| - EndpointSlice v1 API is available (Kubernetes version >=1.21). | |||
| - `AntreaProxy` is enabled. | |||
| EndpointSlice v1 API is available (Kubernetes version >=1.21). | |||
There was a problem hiding this comment.
I suppose if use set the option antreaProxy.enable to false, this feature still won't work? If so, we should add another line like "antreaProxy.enable is true"?
@tnqn any suggestion here?
There was a problem hiding this comment.
I think we can keep a mention to AntreaProxy being enabled.
docs/feature-gates.md
Outdated
| @@ -100,8 +97,7 @@ for more information about TopologyAwareHints. | |||
|
|
|||
| #### Requirements for this Feature | |||
|
|
|||
| - `AntreaProxy` is enabled. | |||
| - `EndpointSlice` is enabled. | |||
| Feature `EndpointSlice` is enabled. | |||
There was a problem hiding this comment.
Any context for this ditto?
There was a problem hiding this comment.
I mean the removed line "- AntreaProxy is enabled" , if it still requires antreaProxy.enable to true, we may need to highlight this.
There was a problem hiding this comment.
For TopologyAwareHints, it still requires requires antreaProxy.enable to be true. I have added related text.
docs/feature-gates.md
Outdated
| @@ -115,7 +111,7 @@ antrea-proxy.md#configuring-load-balancer-mode-for-external-traffic) for more in | |||
|
|
|||
| #### Requirements for this Feature | |||
|
|
|||
| - `AntreaProxy` with `proxyAll` is enabled. | |||
| - `proxyAll` in AntreaProxy is enabled. | |||
| @@ -680,9 +680,6 @@ func (v *antreaPolicyValidator) validatePeers(ingress, egress []crdv1beta1.Rule) | |||
| } | |||
| for _, rule := range egress { | |||
| if rule.ToServices != nil { | |||
| if !features.DefaultFeatureGate.Enabled(features.AntreaProxy) { | |||
There was a problem hiding this comment.
No need to check antreaProxy.enable's value here?
There was a problem hiding this comment.
It will be checked on agent.
There was a problem hiding this comment.
There seems no check added in agent. I think we should fail the realization of a rule if it contains toServices but does't have AntreaProxy enabled. Otherwise there would be no issue when creating the rule but it would just not work without any error in API and log.
There was a problem hiding this comment.
#5401 (comment) I'll make another PR about this after merging this PR.
There was a problem hiding this comment.
Please create an issue in case it's forgotten.
hongliangl
force-pushed
the
20230816-upgrade-proxy-2
branch
from
574c22f
to
f7d1013
Compare
cmd/antrea-agent/options.go
Outdated
| @@ -218,7 +216,11 @@ func (o *Options) validateTLSOptions() error { | |||
|
|
|||
| func (o *Options) validateAntreaProxyConfig(encapMode config.TrafficEncapModeType) error { | |||
| if !features.DefaultFeatureGate.Enabled(features.AntreaProxy) { | |||
| // Validate service CIDR configuration if AntreaProxy is not enabled. | |||
| o.config.AntreaProxy.Enable = pointer.Bool(false) | |||
There was a problem hiding this comment.
I feel we should do the latter. Mutating the config data directly may cause confusion when it's later logged or when the whole config is dumpped. At least we haven’t mutated config data (except defaulting) so far AFAIK.
| @@ -680,9 +680,6 @@ func (v *antreaPolicyValidator) validatePeers(ingress, egress []crdv1beta1.Rule) | |||
| } | |||
| for _, rule := range egress { | |||
| if rule.ToServices != nil { | |||
| if !features.DefaultFeatureGate.Enabled(features.AntreaProxy) { | |||
There was a problem hiding this comment.
Please create an issue in case it's forgotten.
hongliangl
force-pushed
the
20230816-upgrade-proxy-2
branch
from
07da21b
to
5f5335b
Compare
hongliangl
force-pushed
the
20230816-upgrade-proxy-2
branch
from
5f5335b
to
b7e0d9e
Compare
hongliangl
force-pushed
the
20230816-upgrade-proxy-2
branch
3 times, most recently
from
d033c73
to
4bab10f
Compare
cmd/antrea-agent/options.go
Outdated
| if !features.DefaultFeatureGate.Enabled(features.AntreaProxy) { | ||
| o.enableAntreProxy = false | ||
| klog.InfoS("Feature gate `AntreaProxy` is deprecated, please use option `antreaProxy.enable` to disable AntreaProxy") | ||
| } else { | ||
| o.enableAntreProxy = true | ||
| } |
There was a problem hiding this comment.
I think things are getting more complicated with these code.
We should:
- Let defaulting func only do defaulting
if o.config.AntreaProxy.Enable == nil {
o.config.AntreaProxy.Enable = pointer.Bool(true)
}
if o.config.AntreaProxy.ProxyLoadBalancerIPs == nil {
o.config.AntreaProxy.ProxyLoadBalancerIPs = pointer.Bool(true)
}
if o.config.AntreaProxy.DefaultLoadBalancerMode == "" {
o.config.AntreaProxy.DefaultLoadBalancerMode = config.LoadBalancerModeNAT.String()
}
- Let validating func do validating, calculate
o.enableAntreProxy
if !features.DefaultFeatureGate.Enabled(features.AntreaProxy) {
klog.InfoS("Feature gate `AntreaProxy` is deprecated, please use option `antreaProxy.enable` to disable AntreaProxy")
}
o.enableAntreaProxy = *o.config.AntreaProxy.Enable && !features.DefaultFeatureGate.Enabled(features.AntreaProxy)
if o.enableAntreaProxy {
...
} else {
...
}
- Let run func consume only
o.enableAntreProxy, do not calculate whether it's enabled again.
hongliangl
force-pushed
the
20230816-upgrade-proxy-2
branch
7 times, most recently
from
c53d9fa
to
d79e7b6
Compare
| if o.config.AntreaProxy.Enable == nil { | ||
| o.config.AntreaProxy.Enable = pointer.Bool(true) | ||
| } |
There was a problem hiding this comment.
Do we need these 3 lines in setExternalNodeDefaultOptions as well?
It may be needed to avoid a crash if someone uses an old version of the config. I think we did the same in the past with enablePrometheusMetrics.
There was a problem hiding this comment.
It was because EnablePrometheusMetrics was accessed directly in run. In AntreaProxy case, we have enableAntreaProxy and use it in run, so it should be fine to leave it nil in ExternalNode case.
There was a problem hiding this comment.
And we don't need to default it to true?
There's probably no AnteraProxy for ExternalNode :)
There was a problem hiding this comment.
It won't be read in ExternalNode case as validateK8sNodeOptions won't even be executed in that case. This implies a question: whether defaulting should be done in a modeless way or on demand. I think currently it's the latter. However, I also wondered if the former is better as it could ensure every config gets a value, either from user config or the default one.
cmd/antrea-agent/options.go
Outdated
| if o.config.AntreaProxy.ProxyLoadBalancerIPs == nil { | ||
| o.config.AntreaProxy.ProxyLoadBalancerIPs = pointer.Bool(true) | ||
| } | ||
| if o.config.ServiceCIDR == "" { // It's okay to set the default value of this field when AntreaProxy is enabled. |
There was a problem hiding this comment.
| if o.config.ServiceCIDR == "" { // It's okay to set the default value of this field when AntreaProxy is enabled. | |
| if o.config.ServiceCIDR == "" { // It's okay to set the default value of this field even when AntreaProxy is enabled and the field is not used. |
cmd/antrea-agent/agent.go
Outdated
| @@ -142,6 +142,7 @@ func run(o *Options) error { | |||
| enableMulticlusterGW := features.DefaultFeatureGate.Enabled(features.Multicluster) && o.config.Multicluster.EnableGateway | |||
| enableMulticlusterNP := features.DefaultFeatureGate.Enabled(features.Multicluster) && o.config.Multicluster.EnableStretchedNetworkPolicy | |||
| enableFlowExporter := features.DefaultFeatureGate.Enabled(features.FlowExporter) && o.config.FlowExporter.Enable | |||
| enableAntreaProxy := o.enableAntreaProxy | |||
There was a problem hiding this comment.
this is a bit verbose, the code could use o.enableAntreaProxy directly.
| if o.config.AntreaProxy.Enable == nil { | ||
| o.config.AntreaProxy.Enable = pointer.Bool(true) | ||
| } |
There was a problem hiding this comment.
It was because EnablePrometheusMetrics was accessed directly in run. In AntreaProxy case, we have enableAntreaProxy and use it in run, so it should be fine to leave it nil in ExternalNode case.
hongliangl
force-pushed
the
20230816-upgrade-proxy-2
branch
from
d79e7b6
to
88618b8
Compare
Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
hongliangl
force-pushed
the
20230816-upgrade-proxy-2
branch
from
88618b8
to
1aa4b49
Compare
|
/test-all |
|
/test-conformance |
No description provided.