remove apiserver limitations

Change-Id: I97b35d912ba5d86857cf82d3eddd65b648030005
2025-07-19 18:02:01 +00:00 · 2023-01-24 15:03:21 +00:00 · 2023-01-24 15:03:21 +00:00 · 811c2f50a1
commit 811c2f50a1
parent b2c8190ee7
2 changed files with 29 additions and 1 deletions
--- a/cmd/kube-apiserver/app/options/validation.go
+++ b/cmd/kube-apiserver/app/options/validation.go
@ -27,6 +27,7 @@ import (
 	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	aggregatorscheme "k8s.io/kube-aggregator/pkg/apiserver/scheme"
 	"k8s.io/kubernetes/pkg/api/legacyscheme"
+	"k8s.io/kubernetes/pkg/features"
 	netutils "k8s.io/utils/net"
 )

@ -35,7 +36,10 @@ import (
 func validateClusterIPFlags(options *ServerRunOptions) []error {
 	var errs []error
 	// maxCIDRBits is used to define the maximum CIDR size for the cluster ip(s)
-	const maxCIDRBits = 20
+	maxCIDRBits := 20
+	if utilfeature.DefaultFeatureGate.Enabled(features.MultiCIDRServiceAllocator) {
+		maxCIDRBits = 64
+	}

 	// validate that primary has been processed by user provided values or it has been defaulted
 	if options.PrimaryServiceClusterIPRange.IP == nil {
--- a/cmd/kube-apiserver/app/options/validation_test.go
+++ b/cmd/kube-apiserver/app/options/validation_test.go
@ -24,7 +24,10 @@ import (
 	utilnet "k8s.io/apimachinery/pkg/util/net"
 	kubeapiserveradmission "k8s.io/apiserver/pkg/admission"
 	genericoptions "k8s.io/apiserver/pkg/server/options"
+	utilfeature "k8s.io/apiserver/pkg/util/feature"
+	featuregatetesting "k8s.io/component-base/featuregate/testing"
 	basemetrics "k8s.io/component-base/metrics"
+	"k8s.io/kubernetes/pkg/features"
 	kubeoptions "k8s.io/kubernetes/pkg/kubeapiserver/options"
 	netutils "k8s.io/utils/net"
 )
@ -61,6 +64,7 @@ func TestClusterServiceIPRange(t *testing.T) {
 		name         string
 		options      *ServerRunOptions
 		expectErrors bool
+		gate         bool
 	}{
 		{
 			name:         "no service cidr",
@ -87,6 +91,24 @@ func TestClusterServiceIPRange(t *testing.T) {
 			expectErrors: true,
 			options:      makeOptionsWithCIDRs("10.0.0.0/8", ""),
 		},
+		{
+			name:         "service cidr IPv4 is too big but gate enbled",
+			expectErrors: false,
+			options:      makeOptionsWithCIDRs("10.0.0.0/8", ""),
+			gate:         true,
+		},
+		{
+			name:         "service cidr IPv6 is too big but gate enbled",
+			expectErrors: false,
+			options:      makeOptionsWithCIDRs("2001:db8::/64", ""),
+			gate:         true,
+		},
+		{
+			name:         "service cidr IPv6 is too big despuite gate enbled",
+			expectErrors: true,
+			options:      makeOptionsWithCIDRs("2001:db8::/12", ""),
+			gate:         true,
+		},
 		{
 			name:         "dual-stack secondary cidr too big",
 			expectErrors: true,
@ -122,6 +144,8 @@ func TestClusterServiceIPRange(t *testing.T) {

 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
+			defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.MultiCIDRServiceAllocator, tc.gate)()
+
 			errs := validateClusterIPFlags(tc.options)
 			if len(errs) > 0 && !tc.expectErrors {
 				t.Errorf("expected no errors, errors found %+v", errs)