move IPv6DualStack feature to stable. (#104691)

* kube-proxy * endpoints controller * app: kube-controller-manager * app: cloud-controller-manager * kubelet * app: api-server * node utils + registry/strategy * api: validation (comment removal) * api:pod strategy (util pkg) * api: docs * core: integration testing * kubeadm: change feature gate to GA * service registry and rest stack * move feature to GA * generated
2025-09-20 17:38:50 +00:00 · 2021-09-24 16:30:22 -07:00
parent c74d799677
commit a53e2eaeab
42 changed files with 455 additions and 1373 deletions
--- a/pkg/controller/endpoint/endpoints_controller.go
+++ b/pkg/controller/endpoint/endpoints_controller.go
@@ -30,7 +30,6 @@ import (
 	"k8s.io/apimachinery/pkg/labels"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/util/wait"
-	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	coreinformers "k8s.io/client-go/informers/core/v1"
 	clientset "k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/kubernetes/scheme"
@@ -48,7 +47,6 @@ import (
 	helper "k8s.io/kubernetes/pkg/apis/core/v1/helper"
 	"k8s.io/kubernetes/pkg/controller"
 	endpointutil "k8s.io/kubernetes/pkg/controller/util/endpoint"
-	"k8s.io/kubernetes/pkg/features"
 	utillabels "k8s.io/kubernetes/pkg/util/labels"
 	utilnet "k8s.io/utils/net"
 )
@@ -229,42 +227,38 @@ func podToEndpointAddressForService(svc *v1.Service, pod *v1.Pod) (*v1.EndpointA
 	var endpointIP string
 	ipFamily := v1.IPv4Protocol

-	if !utilfeature.DefaultFeatureGate.Enabled(features.IPv6DualStack) {
-		// In a legacy cluster, the pod IP is guaranteed to be usable
-		endpointIP = pod.Status.PodIP
+	if len(svc.Spec.IPFamilies) > 0 {
+		// controller is connected to an api-server that correctly sets IPFamilies
+		ipFamily = svc.Spec.IPFamilies[0] // this works for headful and headless
 	} else {
-		//feature flag enabled and pods may have multiple IPs
-		if len(svc.Spec.IPFamilies) > 0 {
-			// controller is connected to an api-server that correctly sets IPFamilies
-			ipFamily = svc.Spec.IPFamilies[0] // this works for headful and headless
+		// controller is connected to an api server that does not correctly
+		// set IPFamilies (e.g. old api-server during an upgrade)
+		// TODO (khenidak): remove by when the possibility of upgrading
+		// from a cluster that does not support dual stack is nil
+		if len(svc.Spec.ClusterIP) > 0 && svc.Spec.ClusterIP != v1.ClusterIPNone {
+			// headful service. detect via service clusterIP
+			if utilnet.IsIPv6String(svc.Spec.ClusterIP) {
+				ipFamily = v1.IPv6Protocol
+			}
 		} else {
-			// controller is connected to an api server that does not correctly
-			// set IPFamilies (e.g. old api-server during an upgrade)
-			if len(svc.Spec.ClusterIP) > 0 && svc.Spec.ClusterIP != v1.ClusterIPNone {
-				// headful service. detect via service clusterIP
-				if utilnet.IsIPv6String(svc.Spec.ClusterIP) {
-					ipFamily = v1.IPv6Protocol
-				}
-			} else {
-				// Since this is a headless service we use podIP to identify the family.
-				// This assumes that status.PodIP is assigned correctly (follows pod cidr and
-				// pod cidr list order is same as service cidr list order). The expectation is
-				// this is *most probably* the case.
+			// Since this is a headless service we use podIP to identify the family.
+			// This assumes that status.PodIP is assigned correctly (follows pod cidr and
+			// pod cidr list order is same as service cidr list order). The expectation is
+			// this is *most probably* the case.

-				// if the family was incorrectly identified then this will be corrected once the
-				// the upgrade is completed (controller connects to api-server that correctly defaults services)
-				if utilnet.IsIPv6String(pod.Status.PodIP) {
-					ipFamily = v1.IPv6Protocol
-				}
+			// if the family was incorrectly identified then this will be corrected once the
+			// the upgrade is completed (controller connects to api-server that correctly defaults services)
+			if utilnet.IsIPv6String(pod.Status.PodIP) {
+				ipFamily = v1.IPv6Protocol
 			}
 		}
+	}

-		// find an ip that matches the family
-		for _, podIP := range pod.Status.PodIPs {
-			if (ipFamily == v1.IPv6Protocol) == utilnet.IsIPv6String(podIP.IP) {
-				endpointIP = podIP.IP
-				break
-			}
+	// find an ip that matches the family
+	for _, podIP := range pod.Status.PodIPs {
+		if (ipFamily == v1.IPv6Protocol) == utilnet.IsIPv6String(podIP.IP) {
+			endpointIP = podIP.IP
+			break
 		}
 	}

--- a/pkg/controller/endpoint/endpoints_controller_test.go
+++ b/pkg/controller/endpoint/endpoints_controller_test.go
@@ -33,7 +33,6 @@ import (
 	"k8s.io/apimachinery/pkg/util/diff"
 	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/apimachinery/pkg/util/wait"
-	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	"k8s.io/client-go/informers"
 	clientset "k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/kubernetes/fake"
@@ -41,11 +40,9 @@ import (
 	restclient "k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/cache"
 	utiltesting "k8s.io/client-go/util/testing"
-	featuregatetesting "k8s.io/component-base/featuregate/testing"
 	endptspkg "k8s.io/kubernetes/pkg/api/v1/endpoints"
 	api "k8s.io/kubernetes/pkg/apis/core"
 	controllerpkg "k8s.io/kubernetes/pkg/controller"
-	"k8s.io/kubernetes/pkg/features"
 	utilnet "k8s.io/utils/net"
 	utilpointer "k8s.io/utils/pointer"
 )
@@ -1207,209 +1204,154 @@ func TestPodToEndpointAddressForService(t *testing.T) {
 	ipv6 := v1.IPv6Protocol

 	testCases := []struct {
-		name string
-
-		enableDualStack bool
-		ipFamilies      []v1.IPFamily
-
-		service v1.Service
-
+		name                   string
+		ipFamilies             []v1.IPFamily
+		service                v1.Service
 		expectedEndpointFamily v1.IPFamily
 		expectError            bool
 	}{
 		{
-			name: "v4 service, in a single stack cluster",
-
-			enableDualStack: false,
-			ipFamilies:      ipv4only,
-
+			name:       "v4 service, in a single stack cluster",
+			ipFamilies: ipv4only,
 			service: v1.Service{
 				Spec: v1.ServiceSpec{
 					ClusterIP: "10.0.0.1",
 				},
 			},
-
 			expectedEndpointFamily: ipv4,
 		},
 		{
-			name: "v4 service, in a dual stack cluster",
-
-			enableDualStack: true,
-			ipFamilies:      ipv4ipv6,
-
+			name:       "v4 service, in a dual stack cluster",
+			ipFamilies: ipv4ipv6,
 			service: v1.Service{
 				Spec: v1.ServiceSpec{
 					ClusterIP: "10.0.0.1",
 				},
 			},
-
 			expectedEndpointFamily: ipv4,
 		},
 		{
-			name: "v4 service, in a dual stack ipv6-primary cluster",
-
-			enableDualStack: true,
-			ipFamilies:      ipv6ipv4,
-
+			name:       "v4 service, in a dual stack ipv6-primary cluster",
+			ipFamilies: ipv6ipv4,
 			service: v1.Service{
 				Spec: v1.ServiceSpec{
 					ClusterIP: "10.0.0.1",
 				},
 			},
-
 			expectedEndpointFamily: ipv4,
 		},
 		{
-			name: "v4 headless service, in a single stack cluster",
-
-			enableDualStack: false,
-			ipFamilies:      ipv4only,
-
+			name:       "v4 headless service, in a single stack cluster",
+			ipFamilies: ipv4only,
 			service: v1.Service{
 				Spec: v1.ServiceSpec{
 					ClusterIP: v1.ClusterIPNone,
 				},
 			},
-
 			expectedEndpointFamily: ipv4,
 		},
 		{
-			name: "v4 headless service, in a dual stack cluster",
-
-			enableDualStack: false,
-			ipFamilies:      ipv4ipv6,
-
+			name:       "v4 headless service, in a dual stack cluster",
+			ipFamilies: ipv4ipv6,
 			service: v1.Service{
 				Spec: v1.ServiceSpec{
 					ClusterIP:  v1.ClusterIPNone,
 					IPFamilies: []v1.IPFamily{v1.IPv4Protocol},
 				},
 			},
-
 			expectedEndpointFamily: ipv4,
 		},
 		{
-			name: "v4 legacy headless service, in a dual stack cluster",
-
-			enableDualStack: false,
-			ipFamilies:      ipv4ipv6,
-
+			name:       "v4 legacy headless service, in a dual stack cluster",
+			ipFamilies: ipv4ipv6,
 			service: v1.Service{
 				Spec: v1.ServiceSpec{
 					ClusterIP: v1.ClusterIPNone,
 				},
 			},
-
 			expectedEndpointFamily: ipv4,
 		},
 		{
-			name: "v4 legacy headless service, in a dual stack ipv6-primary cluster",
-
-			enableDualStack: true,
-			ipFamilies:      ipv6ipv4,
-
+			name:       "v4 legacy headless service, in a dual stack ipv6-primary cluster",
+			ipFamilies: ipv6ipv4,
 			service: v1.Service{
 				Spec: v1.ServiceSpec{
 					ClusterIP: v1.ClusterIPNone,
 				},
 			},
-
 			expectedEndpointFamily: ipv6,
 		},
 		{
-			name: "v6 service, in a dual stack cluster",
-
-			enableDualStack: true,
-			ipFamilies:      ipv4ipv6,
-
+			name:       "v6 service, in a dual stack cluster",
+			ipFamilies: ipv4ipv6,
 			service: v1.Service{
 				Spec: v1.ServiceSpec{
 					ClusterIP: "3000::1",
 				},
 			},
-
 			expectedEndpointFamily: ipv6,
 		},
 		{
-			name: "v6 headless service, in a single stack cluster",
-
-			enableDualStack: false,
-			ipFamilies:      ipv6only,
-
+			name:       "v6 headless service, in a single stack cluster",
+			ipFamilies: ipv6only,
 			service: v1.Service{
 				Spec: v1.ServiceSpec{
 					ClusterIP: v1.ClusterIPNone,
 				},
 			},
-
 			expectedEndpointFamily: ipv6,
 		},
 		{
-			name: "v6 headless service, in a dual stack cluster (connected to a new api-server)",
-
-			enableDualStack: true,
-			ipFamilies:      ipv4ipv6,
-
+			name:       "v6 headless service, in a dual stack cluster (connected to a new api-server)",
+			ipFamilies: ipv4ipv6,
 			service: v1.Service{
 				Spec: v1.ServiceSpec{
 					ClusterIP:  v1.ClusterIPNone,
 					IPFamilies: []v1.IPFamily{v1.IPv6Protocol}, // <- set by a api-server defaulting logic
 				},
 			},
-
 			expectedEndpointFamily: ipv6,
 		},
 		{
-			name: "v6 legacy headless service, in a dual stack cluster  (connected to a old api-server)",
-
-			enableDualStack: false,
-			ipFamilies:      ipv4ipv6,
-
+			name:       "v6 legacy headless service, in a dual stack cluster  (connected to a old api-server)",
+			ipFamilies: ipv4ipv6,
 			service: v1.Service{
 				Spec: v1.ServiceSpec{
 					ClusterIP: v1.ClusterIPNone, // <- families are not set by api-server
 				},
 			},
-
 			expectedEndpointFamily: ipv4,
 		},
-
 		// in reality this is a misconfigured cluster
 		// i.e user is not using dual stack and have PodIP == v4 and ServiceIP==v6
-		// we are testing that we will keep producing the expected behavior
+		// previously controller could assign wrong ip to endpoint address
+		// with gate removed. this is no longer the case. this is *not* behavior change
+		// because previously things would have failed in kube-proxy anyway (due to editing wrong iptables).
 		{
-			name: "v6 service, in a v4 only cluster. dual stack disabled",
-
-			enableDualStack: false,
-			ipFamilies:      ipv4only,
-
+			name:       "v6 service, in a v4 only cluster.",
+			ipFamilies: ipv4only,
 			service: v1.Service{
 				Spec: v1.ServiceSpec{
 					ClusterIP: "3000::1",
 				},
 			},
-
+			expectError:            true,
 			expectedEndpointFamily: ipv4,
 		},
 		// but this will actually give an error
 		{
-			name: "v6 service, in a v4 only cluster - dual stack enabled",
-
-			enableDualStack: true,
-			ipFamilies:      ipv4only,
-
+			name:       "v6 service, in a v4 only cluster",
+			ipFamilies: ipv4only,
 			service: v1.Service{
 				Spec: v1.ServiceSpec{
 					ClusterIP: "3000::1",
 				},
 			},
-
 			expectError: true,
 		},
 	}
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.IPv6DualStack, tc.enableDualStack)()
 			podStore := cache.NewStore(cache.DeletionHandlingMetaNamespaceKeyFunc)
 			ns := "test"
 			addPods(podStore, ns, 1, 1, 0, tc.ipFamilies)