From ac731a7af79b2040c6f530bc4d89ba1ed272bc75 Mon Sep 17 00:00:00 2001
From: David Eads <deads@redhat.com>
Date: Tue, 2 Mar 2021 16:07:06 -0500
Subject: [PATCH 1/2] promote AllowInsecureBackendProxy to stable

---
 pkg/features/kube_features.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkg/features/kube_features.go b/pkg/features/kube_features.go
index f5bb0f2f4c7..860b25df303 100644
--- a/pkg/features/kube_features.go
+++ b/pkg/features/kube_features.go
@@ -487,6 +487,7 @@ const (
 
 	// owner: @deads2k
 	// beta: v1.17
+	// GA: v1.21
 	//
 	// Enables the users to skip TLS verification of kubelets on pod logs requests
 	AllowInsecureBackendProxy featuregate.Feature = "AllowInsecureBackendProxy"
@@ -743,7 +744,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS
 	EndpointSliceNodeName:                          {Default: false, PreRelease: featuregate.Alpha},
 	WindowsEndpointSliceProxying:                   {Default: false, PreRelease: featuregate.Alpha},
 	StartupProbe:                                   {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.23
-	AllowInsecureBackendProxy:                      {Default: true, PreRelease: featuregate.Beta},
+	AllowInsecureBackendProxy:                      {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.23
 	PodDisruptionBudget:                            {Default: true, PreRelease: featuregate.Beta},
 	CronJobControllerV2:                            {Default: true, PreRelease: featuregate.Beta},
 	DaemonSetUpdateSurge:                           {Default: false, PreRelease: featuregate.Alpha},

From cd08de9eb0429f01eb8655f9b9356bcb8d4c8352 Mon Sep 17 00:00:00 2001
From: David Eads <deads@redhat.com>
Date: Wed, 3 Mar 2021 10:52:14 -0500
Subject: [PATCH 2/2] stop using AllowInsecureBackendProxy featuregate since it
 is always true

---
 pkg/registry/core/pod/rest/log.go | 12 +-----------
 pkg/registry/core/pod/strategy.go |  3 +--
 2 files changed, 2 insertions(+), 13 deletions(-)

diff --git a/pkg/registry/core/pod/rest/log.go b/pkg/registry/core/pod/rest/log.go
index 8a98e5ae987..9d5f320978e 100644
--- a/pkg/registry/core/pod/rest/log.go
+++ b/pkg/registry/core/pod/rest/log.go
@@ -27,10 +27,8 @@ import (
 	genericregistry "k8s.io/apiserver/pkg/registry/generic/registry"
 	genericrest "k8s.io/apiserver/pkg/registry/generic/rest"
 	"k8s.io/apiserver/pkg/registry/rest"
-	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	api "k8s.io/kubernetes/pkg/apis/core"
 	"k8s.io/kubernetes/pkg/apis/core/validation"
-	"k8s.io/kubernetes/pkg/features"
 	"k8s.io/kubernetes/pkg/kubelet/client"
 	"k8s.io/kubernetes/pkg/registry/core/pod"
 
@@ -80,11 +78,7 @@ func (r *LogREST) Get(ctx context.Context, name string, opts runtime.Object) (ru
 		return nil, fmt.Errorf("invalid options object: %#v", opts)
 	}
 
-	// we must do this before forcing the insecure flag if the feature is disabled
 	countSkipTLSMetric(logOpts.InsecureSkipTLSVerifyBackend)
-	if !utilfeature.DefaultFeatureGate.Enabled(features.AllowInsecureBackendProxy) {
-		logOpts.InsecureSkipTLSVerifyBackend = false
-	}
 
 	if errs := validation.ValidatePodLogOptions(logOpts); len(errs) > 0 {
 		return nil, errors.NewInvalid(api.Kind("PodLogOptions"), name, errs)
@@ -107,11 +101,7 @@ func (r *LogREST) Get(ctx context.Context, name string, opts runtime.Object) (ru
 func countSkipTLSMetric(insecureSkipTLSVerifyBackend bool) {
 	usageType := usageEnforce
 	if insecureSkipTLSVerifyBackend {
-		if utilfeature.DefaultFeatureGate.Enabled(features.AllowInsecureBackendProxy) {
-			usageType = usageSkipAllowed
-		} else {
-			usageType = usageSkipDenied
-		}
+		usageType = usageSkipAllowed
 	}
 
 	counter, err := podLogsUsage.GetMetricWithLabelValues(usageType)
diff --git a/pkg/registry/core/pod/strategy.go b/pkg/registry/core/pod/strategy.go
index 566a4af5231..836a4240555 100644
--- a/pkg/registry/core/pod/strategy.go
+++ b/pkg/registry/core/pod/strategy.go
@@ -46,7 +46,6 @@ import (
 	api "k8s.io/kubernetes/pkg/apis/core"
 	"k8s.io/kubernetes/pkg/apis/core/helper/qos"
 	"k8s.io/kubernetes/pkg/apis/core/validation"
-	"k8s.io/kubernetes/pkg/features"
 	"k8s.io/kubernetes/pkg/kubelet/client"
 	proxyutil "k8s.io/kubernetes/pkg/proxy/util"
 )
@@ -386,7 +385,7 @@ func LogLocation(
 		RawQuery: params.Encode(),
 	}
 
-	if opts.InsecureSkipTLSVerifyBackend && utilfeature.DefaultFeatureGate.Enabled(features.AllowInsecureBackendProxy) {
+	if opts.InsecureSkipTLSVerifyBackend {
 		return loc, nodeInfo.InsecureSkipTLSVerifyTransport, nil
 	}
 	return loc, nodeInfo.Transport, nil