ServiceTrafficDistribution feature-gate is GA'd and enabled by default since
1.33. Since it is also locked-to-default, we can remove flag-usages in
kube-proxy.
NOTE that as per
https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/feature-gates.md#disablement-tests:
_"Disablement tests are only required to be preserved for components and
libraries that support compatibility version. Tests for node and kubelet are
unaffected by compatibility version."_
For the most part, JSON is a subset of YAML. This might lead one to
think that we should ALWAYS use YAML processing. Unfortunately a JSON
"stream" (as defined by Go's encoding/json and many other places, though
not the JSON spec) is a series of JSON objects. E.g. This:
```
{}{}{}
```
...is a valid JSON stream.
YAML does NOT accept that, insisting on `---` on a new line between YAML
documents.
Before this commit, YAMLOrJSONDecoder tries to detect if the input is
JSON by looking at the first few characters for "{". Unfortunately,
some perfectly valid YAML also tastes like that.
After this commit, YAMLOrJSONDecoder will detect a failure to parse as
JSON and instead flip to YAML parsing. This should handle the ambiguous
YAML.
Once we flip to YAML we never flip back, and once we detect a JSON
stream (as defined above) we lose the ability to flip to YAML. A
multi-document is either all JSON or all YAML, even if we use the JSON
parser to decode the first object (because JSON is YAML for a single
object).
Basically all callers want dual-stack-if-possible, so simplify that.
Also, tweak the startup-time checking in kubelet to treat "no iptables
support" as interesting but not an error.
If `iptables --version` failed, utiliptables.New() would log a warning
and assume that the problem was that you had an implausibly ancient
version of iptables installed. Change it to instead assume that the
problem is that you don't have iptables installed at all (and don't
log anything; the caller will discover this later).
It was there so you could mock the results via a FakeExec, but these
days any unit tests outside of pkg/util/iptables that want to mock
iptables results use a FakeIPTables instead of a real
utiliptables.Interface with a FakeExec.
Remove unnecessary duplicate checks for pod.spec.podIPs /
pod.spec.hostIPs / node.spec.podCIDRs. (A list that is known to
contain exactly 2 values, where one is IPv4 and the other is IPv6,
cannot possibly contain duplicates.)
Fix a bad CIDR in the NetworkPolicy validation tests.
Fix some comment typos.
Remove a bunch of comments that are either inaccurate ("the proxier
can only be tested by e2e tests") or weirdly overspecific about
obvious details ("the proxier will not exit if an iptables call
fails").
Historically it took an exec argument so you could pass a FakeExec to
mock its behavior in unit tests, but it has a fake implementation now
that is much more useful for unit tests than trying to use the real
implementation with a fake exec. (The unit tests still use fake execs,
but they don't need to use a public constructor.) So remove the exec
args from the public constructors.
Remove the utilexec.Interface args from the iptables/ipvs constructors
(which have been unused since the conntrack cleanup code was ported to
netlink).
Remove the EventRecorder fields from the iptables/ipvs Proxiers, which
have been unused since we removed the port-opener code in 2022.
Remove the strictARP field from the ipvs Proxier, which has apparently
always been unused (strictARP is only looked at at construct time).
