github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-24 20:24:09 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #94581 from knabben/remote-external-policy-gate

Browse Source 
LockToDefault the ExternalPolicyForExternalIP feature gate
This commit is contained in:
Kubernetes Prow Robot 2020-09-16 12:35:20 -07:00 committed by GitHub
commit b1b6464ea4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 4 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/features/kube_features.go
View File

@ -727,7 +727,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS
ServiceAppProtocol: {Default: true, PreRelease: featuregate.Beta}, ServiceAppProtocol: {Default: true, PreRelease: featuregate.Beta},
ImmutableEphemeralVolumes: {Default: true, PreRelease: featuregate.Beta}, ImmutableEphemeralVolumes: {Default: true, PreRelease: featuregate.Beta},
HugePageStorageMediumSize: {Default: true, PreRelease: featuregate.Beta}, HugePageStorageMediumSize: {Default: true, PreRelease: featuregate.Beta},
ExternalPolicyForExternalIP: {Default: true, PreRelease: featuregate.GA}, // remove in 1.20 ExternalPolicyForExternalIP: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.22
AnyVolumeDataSource: {Default: false, PreRelease: featuregate.Alpha}, AnyVolumeDataSource: {Default: false, PreRelease: featuregate.Alpha},
DefaultPodTopologySpread: {Default: false, PreRelease: featuregate.Alpha}, DefaultPodTopologySpread: {Default: false, PreRelease: featuregate.Alpha},
SetHostnameAsFQDN: {Default: false, PreRelease: featuregate.Alpha}, SetHostnameAsFQDN: {Default: false, PreRelease: featuregate.Alpha},

3
pkg/proxy/iptables/BUILD
View File

@ -39,7 +39,6 @@ go_test(
srcs = ["proxier_test.go"], srcs = ["proxier_test.go"],
embed = [":go_default_library"], embed = [":go_default_library"],
deps = [ deps = [
"//pkg/features:go_default_library",
"//pkg/proxy:go_default_library", "//pkg/proxy:go_default_library",
"//pkg/proxy/healthcheck:go_default_library", "//pkg/proxy/healthcheck:go_default_library",
"//pkg/proxy/util:go_default_library", "//pkg/proxy/util:go_default_library",
@ -54,8 +53,6 @@ go_test(
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/types:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/intstr:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/intstr:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library",
"//staging/src/k8s.io/component-base/featuregate/testing:go_default_library",
"//vendor/github.com/stretchr/testify/assert:go_default_library", "//vendor/github.com/stretchr/testify/assert:go_default_library",
"//vendor/k8s.io/klog/v2:go_default_library", "//vendor/k8s.io/klog/v2:go_default_library",
"//vendor/k8s.io/utils/exec:go_default_library", "//vendor/k8s.io/utils/exec:go_default_library",

2
pkg/proxy/iptables/proxier.go
View File

@ -1105,7 +1105,7 @@ func (proxier *Proxier) syncProxyRules() {
destChain := svcXlbChain destChain := svcXlbChain
// We have to SNAT packets to external IPs if externalTrafficPolicy is cluster. // We have to SNAT packets to external IPs if externalTrafficPolicy is cluster.
if !(utilfeature.DefaultFeatureGate.Enabled(features.ExternalPolicyForExternalIP) && svcInfo.OnlyNodeLocalEndpoints()) { if !svcInfo.OnlyNodeLocalEndpoints() {
destChain = svcChain destChain = svcChain
writeLine(proxier.natRules, append(args, "-j", string(KubeMarkMasqChain))...) writeLine(proxier.natRules, append(args, "-j", string(KubeMarkMasqChain))...)
} }

6
pkg/proxy/iptables/proxier_test.go
View File

@ -34,9 +34,6 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/intstr" "k8s.io/apimachinery/pkg/util/intstr"
utilfeature "k8s.io/apiserver/pkg/util/feature"
featuregatetesting "k8s.io/component-base/featuregate/testing"
"k8s.io/kubernetes/pkg/features"
"k8s.io/kubernetes/pkg/proxy" "k8s.io/kubernetes/pkg/proxy"
"k8s.io/kubernetes/pkg/proxy/healthcheck" "k8s.io/kubernetes/pkg/proxy/healthcheck"
utilproxy "k8s.io/kubernetes/pkg/proxy/util" utilproxy "k8s.io/kubernetes/pkg/proxy/util"
@ -841,9 +838,6 @@ func TestExternalIPsReject(t *testing.T) {
} }
func TestOnlyLocalExternalIPs(t *testing.T) { func TestOnlyLocalExternalIPs(t *testing.T) {
// TODO(freehan): remove this in k8s 1.19
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.ExternalPolicyForExternalIP, true)()
ipt := iptablestest.NewFake() ipt := iptablestest.NewFake()
fp := NewFakeProxier(ipt, false) fp := NewFakeProxier(ipt, false)
svcIP := "10.20.30.41" svcIP := "10.20.30.41"

3
pkg/proxy/ipvs/BUILD
View File

@ -15,7 +15,6 @@ go_test(
], ],
embed = [":go_default_library"], embed = [":go_default_library"],
deps = [ deps = [
"//pkg/features:go_default_library",
"//pkg/proxy:go_default_library", "//pkg/proxy:go_default_library",
"//pkg/proxy/healthcheck:go_default_library", "//pkg/proxy/healthcheck:go_default_library",
"//pkg/proxy/ipvs/testing:go_default_library", "//pkg/proxy/ipvs/testing:go_default_library",
@ -35,8 +34,6 @@ go_test(
"//staging/src/k8s.io/apimachinery/pkg/types:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/intstr:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/intstr:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library",
"//staging/src/k8s.io/component-base/featuregate/testing:go_default_library",
"//vendor/github.com/stretchr/testify/assert:go_default_library", "//vendor/github.com/stretchr/testify/assert:go_default_library",
"//vendor/k8s.io/utils/exec:go_default_library", "//vendor/k8s.io/utils/exec:go_default_library",
"//vendor/k8s.io/utils/exec/testing:go_default_library", "//vendor/k8s.io/utils/exec/testing:go_default_library",

7
pkg/proxy/ipvs/proxier.go
View File

@ -1263,7 +1263,7 @@ func (proxier *Proxier) syncProxyRules() {
SetType: utilipset.HashIPPort, SetType: utilipset.HashIPPort,
} }
if utilfeature.DefaultFeatureGate.Enabled(features.ExternalPolicyForExternalIP) && svcInfo.OnlyNodeLocalEndpoints() { if svcInfo.OnlyNodeLocalEndpoints() {
if valid := proxier.ipsetList[kubeExternalIPLocalSet].validateEntry(entry); !valid { if valid := proxier.ipsetList[kubeExternalIPLocalSet].validateEntry(entry); !valid {
klog.Errorf("%s", fmt.Sprintf(EntryInvalidErr, entry, proxier.ipsetList[kubeExternalIPLocalSet].Name)) klog.Errorf("%s", fmt.Sprintf(EntryInvalidErr, entry, proxier.ipsetList[kubeExternalIPLocalSet].Name))
continue continue
@ -1293,10 +1293,7 @@ func (proxier *Proxier) syncProxyRules() {
activeIPVSServices[serv.String()] = true activeIPVSServices[serv.String()] = true
activeBindAddrs[serv.Address.String()] = true activeBindAddrs[serv.Address.String()] = true
onlyNodeLocalEndpoints := false onlyNodeLocalEndpoints := svcInfo.OnlyNodeLocalEndpoints()
if utilfeature.DefaultFeatureGate.Enabled(features.ExternalPolicyForExternalIP) {
onlyNodeLocalEndpoints = svcInfo.OnlyNodeLocalEndpoints()
}
if err := proxier.syncEndpoint(svcName, onlyNodeLocalEndpoints, serv); err != nil { if err := proxier.syncEndpoint(svcName, onlyNodeLocalEndpoints, serv); err != nil {
klog.Errorf("Failed to sync endpoint for service: %v, err: %v", serv, err) klog.Errorf("Failed to sync endpoint for service: %v, err: %v", serv, err)
} }

6
pkg/proxy/ipvs/proxier_test.go
View File

@ -33,9 +33,6 @@ import (
"k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/intstr" "k8s.io/apimachinery/pkg/util/intstr"
"k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/sets"
utilfeature "k8s.io/apiserver/pkg/util/feature"
featuregatetesting "k8s.io/component-base/featuregate/testing"
"k8s.io/kubernetes/pkg/features"
"k8s.io/kubernetes/pkg/proxy" "k8s.io/kubernetes/pkg/proxy"
"k8s.io/kubernetes/pkg/proxy/healthcheck" "k8s.io/kubernetes/pkg/proxy/healthcheck"
netlinktest "k8s.io/kubernetes/pkg/proxy/ipvs/testing" netlinktest "k8s.io/kubernetes/pkg/proxy/ipvs/testing"
@ -1265,9 +1262,6 @@ func TestExternalIPs(t *testing.T) {
} }
func TestOnlyLocalExternalIPs(t *testing.T) { func TestOnlyLocalExternalIPs(t *testing.T) {
// TODO(freehan): remove this in k8s 1.19
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.ExternalPolicyForExternalIP, true)()
ipt := iptablestest.NewFake() ipt := iptablestest.NewFake()
ipvs := ipvstest.NewFake() ipvs := ipvstest.NewFake()
ipset := ipsettest.NewFake(testIPSetVersion) ipset := ipsettest.NewFake(testIPSetVersion)