diff --git a/build/charts/antrea/conf/antrea-agent.conf b/build/charts/antrea/conf/antrea-agent.conf index 2682155cbe2..2972f83b97a 100644 --- a/build/charts/antrea/conf/antrea-agent.conf +++ b/build/charts/antrea/conf/antrea-agent.conf @@ -66,7 +66,7 @@ featureGates: {{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "SecondaryNetwork" "default" false) }} # Enable managing external IPs of Services of LoadBalancer type. -{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "ServiceExternalIP" "default" false) }} +{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "ServiceExternalIP" "default" true) }} # Enable mirroring or redirecting the traffic Pods send or receive. {{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "TrafficControl" "default" false) }} diff --git a/build/charts/antrea/conf/antrea-controller.conf b/build/charts/antrea/conf/antrea-controller.conf index 7a66e0afcb9..50b1d512f6d 100644 --- a/build/charts/antrea/conf/antrea-controller.conf +++ b/build/charts/antrea/conf/antrea-controller.conf @@ -32,7 +32,7 @@ featureGates: {{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "AntreaIPAM" "default" false) }} # Enable managing external IPs of Services of LoadBalancer type. -{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "ServiceExternalIP" "default" false) }} +{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "ServiceExternalIP" "default" true) }} # Enable certificate-based authentication for IPSec tunnel. {{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "IPsecCertAuth" "default" false) }} diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml index c7c7798c1dc..252c8cb41aa 100644 --- a/build/yamls/antrea-aks.yml +++ b/build/yamls/antrea-aks.yml @@ -4015,7 +4015,7 @@ data: # SecondaryNetwork: false # Enable managing external IPs of Services of LoadBalancer type. - # ServiceExternalIP: false + # ServiceExternalIP: true # Enable mirroring or redirecting the traffic Pods send or receive. # TrafficControl: false @@ -4443,7 +4443,7 @@ data: # AntreaIPAM: false # Enable managing external IPs of Services of LoadBalancer type. - # ServiceExternalIP: false + # ServiceExternalIP: true # Enable certificate-based authentication for IPSec tunnel. # IPsecCertAuth: false @@ -5406,7 +5406,7 @@ spec: kubectl.kubernetes.io/default-container: antrea-agent # Automatically restart Pods with a RollingUpdate if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: f7ac1903ae9edfd45361cb67b991cb23f708f15cb5cb862bffd70e95dcd776fb + checksum/config: f16c024c6738bc918d9380162ed9d3c157bc24a46abcfb8e3bf1352efc4da874 labels: app: antrea component: antrea-agent @@ -5644,7 +5644,7 @@ spec: annotations: # Automatically restart Pod if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: f7ac1903ae9edfd45361cb67b991cb23f708f15cb5cb862bffd70e95dcd776fb + checksum/config: f16c024c6738bc918d9380162ed9d3c157bc24a46abcfb8e3bf1352efc4da874 labels: app: antrea component: antrea-controller diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml index c2428bf8d85..bea5c552d5e 100644 --- a/build/yamls/antrea-eks.yml +++ b/build/yamls/antrea-eks.yml @@ -4015,7 +4015,7 @@ data: # SecondaryNetwork: false # Enable managing external IPs of Services of LoadBalancer type. - # ServiceExternalIP: false + # ServiceExternalIP: true # Enable mirroring or redirecting the traffic Pods send or receive. # TrafficControl: false @@ -4443,7 +4443,7 @@ data: # AntreaIPAM: false # Enable managing external IPs of Services of LoadBalancer type. - # ServiceExternalIP: false + # ServiceExternalIP: true # Enable certificate-based authentication for IPSec tunnel. # IPsecCertAuth: false @@ -5406,7 +5406,7 @@ spec: kubectl.kubernetes.io/default-container: antrea-agent # Automatically restart Pods with a RollingUpdate if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: f7ac1903ae9edfd45361cb67b991cb23f708f15cb5cb862bffd70e95dcd776fb + checksum/config: f16c024c6738bc918d9380162ed9d3c157bc24a46abcfb8e3bf1352efc4da874 labels: app: antrea component: antrea-agent @@ -5645,7 +5645,7 @@ spec: annotations: # Automatically restart Pod if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: f7ac1903ae9edfd45361cb67b991cb23f708f15cb5cb862bffd70e95dcd776fb + checksum/config: f16c024c6738bc918d9380162ed9d3c157bc24a46abcfb8e3bf1352efc4da874 labels: app: antrea component: antrea-controller diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml index e1f07fc564c..bafc58b0fcd 100644 --- a/build/yamls/antrea-gke.yml +++ b/build/yamls/antrea-gke.yml @@ -4015,7 +4015,7 @@ data: # SecondaryNetwork: false # Enable managing external IPs of Services of LoadBalancer type. - # ServiceExternalIP: false + # ServiceExternalIP: true # Enable mirroring or redirecting the traffic Pods send or receive. # TrafficControl: false @@ -4443,7 +4443,7 @@ data: # AntreaIPAM: false # Enable managing external IPs of Services of LoadBalancer type. - # ServiceExternalIP: false + # ServiceExternalIP: true # Enable certificate-based authentication for IPSec tunnel. # IPsecCertAuth: false @@ -5406,7 +5406,7 @@ spec: kubectl.kubernetes.io/default-container: antrea-agent # Automatically restart Pods with a RollingUpdate if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: 00ba3a60f132691721ba2e84c5c8f0a9eddc32593b38798de8f59d52fff54169 + checksum/config: 27a80abe8607c376342dcaaf8eff6763d6532cbd778653cd9efdbc1f756893fc labels: app: antrea component: antrea-agent @@ -5642,7 +5642,7 @@ spec: annotations: # Automatically restart Pod if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: 00ba3a60f132691721ba2e84c5c8f0a9eddc32593b38798de8f59d52fff54169 + checksum/config: 27a80abe8607c376342dcaaf8eff6763d6532cbd778653cd9efdbc1f756893fc labels: app: antrea component: antrea-controller diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml index dbb2119becb..ea55fe53ad1 100644 --- a/build/yamls/antrea-ipsec.yml +++ b/build/yamls/antrea-ipsec.yml @@ -4028,7 +4028,7 @@ data: # SecondaryNetwork: false # Enable managing external IPs of Services of LoadBalancer type. - # ServiceExternalIP: false + # ServiceExternalIP: true # Enable mirroring or redirecting the traffic Pods send or receive. # TrafficControl: false @@ -4456,7 +4456,7 @@ data: # AntreaIPAM: false # Enable managing external IPs of Services of LoadBalancer type. - # ServiceExternalIP: false + # ServiceExternalIP: true # Enable certificate-based authentication for IPSec tunnel. # IPsecCertAuth: false @@ -5419,7 +5419,7 @@ spec: kubectl.kubernetes.io/default-container: antrea-agent # Automatically restart Pods with a RollingUpdate if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: 4b9bbfbbda1ab405ade14e797ea88fbd6f3795bb6aae9df0496409d542799145 + checksum/config: 23393366d3c95e779b7d3009fa7fa686ae6c3fc5458fa2f9844d1437d9e7489f checksum/ipsec-secret: d0eb9c52d0cd4311b6d252a951126bf9bea27ec05590bed8a394f0f792dcb2a4 labels: app: antrea @@ -5701,7 +5701,7 @@ spec: annotations: # Automatically restart Pod if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: 4b9bbfbbda1ab405ade14e797ea88fbd6f3795bb6aae9df0496409d542799145 + checksum/config: 23393366d3c95e779b7d3009fa7fa686ae6c3fc5458fa2f9844d1437d9e7489f labels: app: antrea component: antrea-controller diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml index 0580bbfb76b..13ab8e5b6dc 100644 --- a/build/yamls/antrea.yml +++ b/build/yamls/antrea.yml @@ -4015,7 +4015,7 @@ data: # SecondaryNetwork: false # Enable managing external IPs of Services of LoadBalancer type. - # ServiceExternalIP: false + # ServiceExternalIP: true # Enable mirroring or redirecting the traffic Pods send or receive. # TrafficControl: false @@ -4443,7 +4443,7 @@ data: # AntreaIPAM: false # Enable managing external IPs of Services of LoadBalancer type. - # ServiceExternalIP: false + # ServiceExternalIP: true # Enable certificate-based authentication for IPSec tunnel. # IPsecCertAuth: false @@ -5406,7 +5406,7 @@ spec: kubectl.kubernetes.io/default-container: antrea-agent # Automatically restart Pods with a RollingUpdate if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: e4e94ba89524d8fdc7eb3ad6e0f6948767f3d92ef767f17c47da348f08b5c2e0 + checksum/config: fa14018895e56003a3e9192d0fa164cc40e204091f630edc7e9e74de5b450da7 labels: app: antrea component: antrea-agent @@ -5642,7 +5642,7 @@ spec: annotations: # Automatically restart Pod if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: e4e94ba89524d8fdc7eb3ad6e0f6948767f3d92ef767f17c47da348f08b5c2e0 + checksum/config: fa14018895e56003a3e9192d0fa164cc40e204091f630edc7e9e74de5b450da7 labels: app: antrea component: antrea-controller diff --git a/docs/feature-gates.md b/docs/feature-gates.md index 74305509d8e..892f0f1aee1 100644 --- a/docs/feature-gates.md +++ b/docs/feature-gates.md @@ -48,7 +48,7 @@ edit the Agent configuration in the | `AntreaIPAM` | Agent + Controller | `false` | Alpha | v1.4 | N/A | N/A | Yes | | | `Multicast` | Agent + Controller | `true` | Beta | v1.5 | v1.12 | N/A | Yes | | | `SecondaryNetwork` | Agent | `false` | Alpha | v1.5 | N/A | N/A | Yes | | -| `ServiceExternalIP` | Agent + Controller | `false` | Alpha | v1.5 | N/A | N/A | Yes | | +| `ServiceExternalIP` | Agent + Controller | `false` | Beta | v1.5 | v2.3 | N/A | Yes | | | `TrafficControl` | Agent | `false` | Alpha | v1.7 | N/A | N/A | No | | | `Multicluster` | Agent + Controller | `false` | Alpha | v1.7 | N/A | N/A | Yes | Controller side feature gate added in v1.10.0 | | `IPsecCertAuth` | Agent + Controller | `false` | Alpha | v1.7 | N/A | N/A | No | | diff --git a/docs/service-loadbalancer.md b/docs/service-loadbalancer.md index 3210ab5134e..295255b7856 100644 --- a/docs/service-loadbalancer.md +++ b/docs/service-loadbalancer.md @@ -63,9 +63,9 @@ no extra configuration change is needed. #### Enable Service external IP management feature -At this moment, external IP management for Services is an alpha feature of -Antrea. The `ServiceExternalIP` feature gate of `antrea-agent` and -`antrea-controller` must be enabled for the feature to work. You can enable +The `ServiceExternalIP` feature is enabled by default since Antrea 2.3. If you are +using previous versions, the `ServiceExternalIP` feature gate of `antrea-agent` +and `antrea-controller` must be enabled for the feature to work. You can enable the `ServiceExternalIP` feature gate in the `antrea-config` ConfigMap in the Antrea deployment YAML: @@ -311,7 +311,7 @@ MetalLB. As MetalLB will allocate external IPs for all Services of type LoadBalancer, once it is running, the Service external IP management feature of Antrea should not be enabled to avoid conflicts with MetalLB. You can deploy Antrea with the -default configuration (in which the `ServiceExternalIP` feature gate of +ServiceExternalIP feature disabled (in which the `ServiceExternalIP` feature gate of `antrea-agent` is set to `false`). MetalLB can work with both Antrea Proxy and `kube-proxy` configurations of `antrea-agent`. diff --git a/pkg/apiserver/handlers/featuregates/handler_test.go b/pkg/apiserver/handlers/featuregates/handler_test.go index 54ec43c13a4..e14ca8d1049 100644 --- a/pkg/apiserver/handlers/featuregates/handler_test.go +++ b/pkg/apiserver/handlers/featuregates/handler_test.go @@ -36,6 +36,7 @@ var ( egressStatus string multicastStatus string cleanupStaleUDPSvcConntrackStatus string + serviceExternalIPStatus string ) func Test_getGatesResponse(t *testing.T) { @@ -75,7 +76,7 @@ func Test_getGatesResponse(t *testing.T) { {Component: "agent", Name: "NodePortLocal", Status: "Enabled", Version: "GA"}, {Component: "agent", Name: "PacketCapture", Status: "Disabled", Version: "ALPHA"}, {Component: "agent", Name: "SecondaryNetwork", Status: "Disabled", Version: "ALPHA"}, - {Component: "agent", Name: "ServiceExternalIP", Status: "Disabled", Version: "ALPHA"}, + {Component: "agent", Name: "ServiceExternalIP", Status: serviceExternalIPStatus, Version: "BETA"}, {Component: "agent", Name: "ServiceTrafficDistribution", Status: "Enabled", Version: "BETA"}, {Component: "agent", Name: "SupportBundleCollection", Status: "Disabled", Version: "ALPHA"}, {Component: "agent", Name: "TopologyAwareHints", Status: "Enabled", Version: "BETA"}, @@ -207,7 +208,7 @@ func Test_getControllerGatesResponse(t *testing.T) { {Component: "controller", Name: "Multicluster", Status: "Disabled", Version: "ALPHA"}, {Component: "controller", Name: "NetworkPolicyStats", Status: "Enabled", Version: "BETA"}, {Component: "controller", Name: "NodeIPAM", Status: "Enabled", Version: "BETA"}, - {Component: "controller", Name: "ServiceExternalIP", Status: "Disabled", Version: "ALPHA"}, + {Component: "controller", Name: "ServiceExternalIP", Status: "Enabled", Version: "BETA"}, {Component: "controller", Name: "SupportBundleCollection", Status: "Disabled", Version: "ALPHA"}, {Component: "controller", Name: "Traceflow", Status: "Enabled", Version: "BETA"}, }, @@ -225,9 +226,11 @@ func init() { egressStatus = "Enabled" multicastStatus = "Enabled" cleanupStaleUDPSvcConntrackStatus = "Enabled" + serviceExternalIPStatus = "Enabled" if runtime.IsWindowsPlatform() { egressStatus = "Disabled" multicastStatus = "Disabled" cleanupStaleUDPSvcConntrackStatus = "Disabled" + serviceExternalIPStatus = "Disabled" } } diff --git a/pkg/features/antrea_features.go b/pkg/features/antrea_features.go index 0c8086f4c8b..9ced47f6849 100644 --- a/pkg/features/antrea_features.go +++ b/pkg/features/antrea_features.go @@ -120,6 +120,7 @@ const ( SecondaryNetwork featuregate.Feature = "SecondaryNetwork" // alpha: v1.5 + // beta: v2.3 // Enable controlling Services with ExternalIP. ServiceExternalIP featuregate.Feature = "ServiceExternalIP" @@ -209,7 +210,7 @@ var ( Multicast: {Default: true, PreRelease: featuregate.Beta}, Multicluster: {Default: false, PreRelease: featuregate.Alpha}, SecondaryNetwork: {Default: false, PreRelease: featuregate.Alpha}, - ServiceExternalIP: {Default: false, PreRelease: featuregate.Alpha}, + ServiceExternalIP: {Default: true, PreRelease: featuregate.Beta}, TrafficControl: {Default: false, PreRelease: featuregate.Alpha}, IPsecCertAuth: {Default: false, PreRelease: featuregate.Alpha}, ExternalNode: {Default: false, PreRelease: featuregate.Alpha},