Merge pull request #130250 from marosset/withdraw-windows-hostnetwork

Withdraw alpha support for HostNetwork containers on Windows

pkg/features/versioned_kube_features.go

@@ -856,7 +856,8 @@ var defaultVersionedKubernetesFeatureGates = map[featuregate.Feature]featuregate
 	},
 
 	WindowsHostNetwork: {
-		{Version: version.MustParse("1.26"), Default: true, PreRelease: featuregate.Alpha},
+		{Version: version.MustParse("1.26"), Default: false, PreRelease: featuregate.Alpha},
+		{Version: version.MustParse("1.33"), Default: false, PreRelease: featuregate.Deprecated},
 	},
 
 	zpagesfeatures.ComponentFlagz: {

pkg/kubelet/kuberuntime/kuberuntime_sandbox.go

@@ -25,11 +25,9 @@ import (
 
 	v1 "k8s.io/api/core/v1"
 	kubetypes "k8s.io/apimachinery/pkg/types"
-	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	runtimeapi "k8s.io/cri-api/pkg/apis/runtime/v1"
 	"k8s.io/klog/v2"
 	"k8s.io/kubelet/pkg/types"
-	"k8s.io/kubernetes/pkg/features"
 	kubecontainer "k8s.io/kubernetes/pkg/kubelet/container"
 	runtimeutil "k8s.io/kubernetes/pkg/kubelet/kuberuntime/util"
 	"k8s.io/kubernetes/pkg/kubelet/util"
@@ -239,15 +237,6 @@ func (m *kubeGenericRuntimeManager) generatePodSandboxWindowsConfig(pod *v1.Pod)
 		SecurityContext: &runtimeapi.WindowsSandboxSecurityContext{},
 	}
 
-	if utilfeature.DefaultFeatureGate.Enabled(features.WindowsHostNetwork) {
-		wc.SecurityContext.NamespaceOptions = &runtimeapi.WindowsNamespaceOption{}
-		if kubecontainer.IsHostNetworkPod(pod) {
-			wc.SecurityContext.NamespaceOptions.Network = runtimeapi.NamespaceMode_NODE
-		} else {
-			wc.SecurityContext.NamespaceOptions.Network = runtimeapi.NamespaceMode_POD
-		}
-	}
-
 	// If all of the containers in a pod are HostProcess containers, set the pod's HostProcess field
 	// explicitly because the container runtime requires this information at sandbox creation time.
 	if kubecontainer.HasWindowsHostProcessContainer(pod) {

pkg/kubelet/kuberuntime/kuberuntime_sandbox_test.go

@@ -392,82 +392,3 @@ func TestGeneratePodSandboxWindowsConfig_HostProcess(t *testing.T) {
 		})
 	}
 }
-
-func TestGeneratePodSandboxWindowsConfig_HostNetwork(t *testing.T) {
-	_, _, m, err := createTestRuntimeManager()
-	require.NoError(t, err)
-
-	const containerName = "container"
-
-	testCases := []struct {
-		name                      string
-		hostNetworkFeatureEnabled bool
-		podSpec                   *v1.PodSpec
-		expectedWindowsConfig     *runtimeapi.WindowsPodSandboxConfig
-	}{
-		{
-			name:                      "feature disabled, hostNetwork=false",
-			hostNetworkFeatureEnabled: false,
-			podSpec: &v1.PodSpec{
-				HostNetwork: false,
-				Containers:  []v1.Container{{Name: containerName}},
-			},
-			expectedWindowsConfig: &runtimeapi.WindowsPodSandboxConfig{
-				SecurityContext: &runtimeapi.WindowsSandboxSecurityContext{},
-			},
-		},
-		{
-			name:                      "feature disabled, hostNetwork=true",
-			hostNetworkFeatureEnabled: false,
-			podSpec: &v1.PodSpec{
-				HostNetwork: true,
-				Containers:  []v1.Container{{Name: containerName}},
-			},
-			expectedWindowsConfig: &runtimeapi.WindowsPodSandboxConfig{
-				SecurityContext: &runtimeapi.WindowsSandboxSecurityContext{},
-			}},
-		{
-			name:                      "feature enabled, hostNetwork=false",
-			hostNetworkFeatureEnabled: true,
-			podSpec: &v1.PodSpec{
-				HostNetwork: false,
-				Containers:  []v1.Container{{Name: containerName}},
-			},
-			expectedWindowsConfig: &runtimeapi.WindowsPodSandboxConfig{
-				SecurityContext: &runtimeapi.WindowsSandboxSecurityContext{
-					NamespaceOptions: &runtimeapi.WindowsNamespaceOption{
-						Network: runtimeapi.NamespaceMode_POD,
-					},
-				},
-			},
-		},
-		{
-			name:                      "feature enabled, hostNetwork=true",
-			hostNetworkFeatureEnabled: true,
-			podSpec: &v1.PodSpec{
-				HostNetwork: true,
-				Containers:  []v1.Container{{Name: containerName}},
-			},
-			expectedWindowsConfig: &runtimeapi.WindowsPodSandboxConfig{
-				SecurityContext: &runtimeapi.WindowsSandboxSecurityContext{
-					NamespaceOptions: &runtimeapi.WindowsNamespaceOption{
-						Network: runtimeapi.NamespaceMode_NODE,
-					},
-				},
-			},
-		},
-	}
-
-	for _, testCase := range testCases {
-		t.Run(testCase.name, func(t *testing.T) {
-			featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.WindowsHostNetwork, testCase.hostNetworkFeatureEnabled)
-			pod := &v1.Pod{}
-			pod.Spec = *testCase.podSpec
-
-			wc, err := m.generatePodSandboxWindowsConfig(pod)
-
-			assert.Equal(t, testCase.expectedWindowsConfig, wc)
-			assert.NoError(t, err)
-		})
-	}
-}

staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.pb.go

@@ -4398,7 +4398,7 @@ func (m *LinuxContainerUser) GetSupplementalGroups() []int64 {
 // WindowsNamespaceOption provides options for Windows namespaces.
 type WindowsNamespaceOption struct {
 	// Network namespace for this container/sandbox.
-	// Namespaces currently set by the kubelet: POD, NODE
+	// This is currently never set by the kubelet
 	Network              NamespaceMode `protobuf:"varint,1,opt,name=network,proto3,enum=runtime.v1.NamespaceMode" json:"network,omitempty"`
 	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
 	XXX_sizecache        int32         `json:"-"`

staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto

@@ -1011,7 +1011,7 @@ message LinuxContainerUser {
 // WindowsNamespaceOption provides options for Windows namespaces.
 message WindowsNamespaceOption {
     // Network namespace for this container/sandbox.
-    // Namespaces currently set by the kubelet: POD, NODE
+    // This is currently never set by the kubelet
     NamespaceMode network = 1;
 }
 

test/compatibility_lifecycle/reference/versioned_feature_list.yaml

@@ -1623,10 +1623,14 @@
     version: "1.32"
 - name: WindowsHostNetwork
   versionedSpecs:
-  - default: true
+  - default: false
     lockToDefault: false
     preRelease: Alpha
     version: "1.26"
+  - default: false
+    lockToDefault: false
+    preRelease: Deprecated
+    version: "1.33"
 - name: WinDSR
   versionedSpecs:
   - default: false