Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Promote ServiceExternalIP to beta #6903

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
+34 −30
Open

Promote ServiceExternalIP to beta #6903

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion build/charts/antrea/conf/antrea-agent.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ featureGates:
{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "SecondaryNetwork" "default" false) }}

# Enable managing external IPs of Services of LoadBalancer type.
{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "ServiceExternalIP" "default" false) }}
{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "ServiceExternalIP" "default" true) }}

# Enable mirroring or redirecting the traffic Pods send or receive.
{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "TrafficControl" "default" false) }}
Expand Down
2 changes: 1 addition & 1 deletion build/charts/antrea/conf/antrea-controller.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ featureGates:
{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "AntreaIPAM" "default" false) }}

# Enable managing external IPs of Services of LoadBalancer type.
{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "ServiceExternalIP" "default" false) }}
{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "ServiceExternalIP" "default" true) }}

# Enable certificate-based authentication for IPSec tunnel.
{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "IPsecCertAuth" "default" false) }}
Expand Down
8 changes: 4 additions & 4 deletions build/yamls/antrea-aks.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4015,7 +4015,7 @@ data:
# SecondaryNetwork: false
# Enable managing external IPs of Services of LoadBalancer type.
# ServiceExternalIP: false
# ServiceExternalIP: true
# Enable mirroring or redirecting the traffic Pods send or receive.
# TrafficControl: false
Expand Down Expand Up @@ -4443,7 +4443,7 @@ data:
# AntreaIPAM: false
# Enable managing external IPs of Services of LoadBalancer type.
# ServiceExternalIP: false
# ServiceExternalIP: true
# Enable certificate-based authentication for IPSec tunnel.
# IPsecCertAuth: false
Expand Down Expand Up @@ -5406,7 +5406,7 @@ spec:
kubectl.kubernetes.io/default-container: antrea-agent
# Automatically restart Pods with a RollingUpdate if the ConfigMap changes
# See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
checksum/config: f7ac1903ae9edfd45361cb67b991cb23f708f15cb5cb862bffd70e95dcd776fb
checksum/config: f16c024c6738bc918d9380162ed9d3c157bc24a46abcfb8e3bf1352efc4da874
labels:
app: antrea
component: antrea-agent
Expand Down Expand Up @@ -5644,7 +5644,7 @@ spec:
annotations:
# Automatically restart Pod if the ConfigMap changes
# See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
checksum/config: f7ac1903ae9edfd45361cb67b991cb23f708f15cb5cb862bffd70e95dcd776fb
checksum/config: f16c024c6738bc918d9380162ed9d3c157bc24a46abcfb8e3bf1352efc4da874
labels:
app: antrea
component: antrea-controller
Expand Down
8 changes: 4 additions & 4 deletions build/yamls/antrea-eks.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4015,7 +4015,7 @@ data:
# SecondaryNetwork: false
# Enable managing external IPs of Services of LoadBalancer type.
# ServiceExternalIP: false
# ServiceExternalIP: true
# Enable mirroring or redirecting the traffic Pods send or receive.
# TrafficControl: false
Expand Down Expand Up @@ -4443,7 +4443,7 @@ data:
# AntreaIPAM: false
# Enable managing external IPs of Services of LoadBalancer type.
# ServiceExternalIP: false
# ServiceExternalIP: true
# Enable certificate-based authentication for IPSec tunnel.
# IPsecCertAuth: false
Expand Down Expand Up @@ -5406,7 +5406,7 @@ spec:
kubectl.kubernetes.io/default-container: antrea-agent
# Automatically restart Pods with a RollingUpdate if the ConfigMap changes
# See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
checksum/config: f7ac1903ae9edfd45361cb67b991cb23f708f15cb5cb862bffd70e95dcd776fb
checksum/config: f16c024c6738bc918d9380162ed9d3c157bc24a46abcfb8e3bf1352efc4da874
labels:
app: antrea
component: antrea-agent
Expand Down Expand Up @@ -5645,7 +5645,7 @@ spec:
annotations:
# Automatically restart Pod if the ConfigMap changes
# See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
checksum/config: f7ac1903ae9edfd45361cb67b991cb23f708f15cb5cb862bffd70e95dcd776fb
checksum/config: f16c024c6738bc918d9380162ed9d3c157bc24a46abcfb8e3bf1352efc4da874
labels:
app: antrea
component: antrea-controller
Expand Down
8 changes: 4 additions & 4 deletions build/yamls/antrea-gke.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4015,7 +4015,7 @@ data:
# SecondaryNetwork: false
# Enable managing external IPs of Services of LoadBalancer type.
# ServiceExternalIP: false
# ServiceExternalIP: true
# Enable mirroring or redirecting the traffic Pods send or receive.
# TrafficControl: false
Expand Down Expand Up @@ -4443,7 +4443,7 @@ data:
# AntreaIPAM: false
# Enable managing external IPs of Services of LoadBalancer type.
# ServiceExternalIP: false
# ServiceExternalIP: true
# Enable certificate-based authentication for IPSec tunnel.
# IPsecCertAuth: false
Expand Down Expand Up @@ -5406,7 +5406,7 @@ spec:
kubectl.kubernetes.io/default-container: antrea-agent
# Automatically restart Pods with a RollingUpdate if the ConfigMap changes
# See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
checksum/config: 00ba3a60f132691721ba2e84c5c8f0a9eddc32593b38798de8f59d52fff54169
checksum/config: 27a80abe8607c376342dcaaf8eff6763d6532cbd778653cd9efdbc1f756893fc
labels:
app: antrea
component: antrea-agent
Expand Down Expand Up @@ -5642,7 +5642,7 @@ spec:
annotations:
# Automatically restart Pod if the ConfigMap changes
# See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
checksum/config: 00ba3a60f132691721ba2e84c5c8f0a9eddc32593b38798de8f59d52fff54169
checksum/config: 27a80abe8607c376342dcaaf8eff6763d6532cbd778653cd9efdbc1f756893fc
labels:
app: antrea
component: antrea-controller
Expand Down
8 changes: 4 additions & 4 deletions build/yamls/antrea-ipsec.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4028,7 +4028,7 @@ data:
# SecondaryNetwork: false
# Enable managing external IPs of Services of LoadBalancer type.
# ServiceExternalIP: false
# ServiceExternalIP: true
# Enable mirroring or redirecting the traffic Pods send or receive.
# TrafficControl: false
Expand Down Expand Up @@ -4456,7 +4456,7 @@ data:
# AntreaIPAM: false
# Enable managing external IPs of Services of LoadBalancer type.
# ServiceExternalIP: false
# ServiceExternalIP: true
# Enable certificate-based authentication for IPSec tunnel.
# IPsecCertAuth: false
Expand Down Expand Up @@ -5419,7 +5419,7 @@ spec:
kubectl.kubernetes.io/default-container: antrea-agent
# Automatically restart Pods with a RollingUpdate if the ConfigMap changes
# See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
checksum/config: 4b9bbfbbda1ab405ade14e797ea88fbd6f3795bb6aae9df0496409d542799145
checksum/config: 23393366d3c95e779b7d3009fa7fa686ae6c3fc5458fa2f9844d1437d9e7489f
checksum/ipsec-secret: d0eb9c52d0cd4311b6d252a951126bf9bea27ec05590bed8a394f0f792dcb2a4
labels:
app: antrea
Expand Down Expand Up @@ -5701,7 +5701,7 @@ spec:
annotations:
# Automatically restart Pod if the ConfigMap changes
# See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
checksum/config: 4b9bbfbbda1ab405ade14e797ea88fbd6f3795bb6aae9df0496409d542799145
checksum/config: 23393366d3c95e779b7d3009fa7fa686ae6c3fc5458fa2f9844d1437d9e7489f
labels:
app: antrea
component: antrea-controller
Expand Down
8 changes: 4 additions & 4 deletions build/yamls/antrea.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4015,7 +4015,7 @@ data:
# SecondaryNetwork: false
# Enable managing external IPs of Services of LoadBalancer type.
# ServiceExternalIP: false
# ServiceExternalIP: true
# Enable mirroring or redirecting the traffic Pods send or receive.
# TrafficControl: false
Expand Down Expand Up @@ -4443,7 +4443,7 @@ data:
# AntreaIPAM: false
# Enable managing external IPs of Services of LoadBalancer type.
# ServiceExternalIP: false
# ServiceExternalIP: true
# Enable certificate-based authentication for IPSec tunnel.
# IPsecCertAuth: false
Expand Down Expand Up @@ -5406,7 +5406,7 @@ spec:
kubectl.kubernetes.io/default-container: antrea-agent
# Automatically restart Pods with a RollingUpdate if the ConfigMap changes
# See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
checksum/config: e4e94ba89524d8fdc7eb3ad6e0f6948767f3d92ef767f17c47da348f08b5c2e0
checksum/config: fa14018895e56003a3e9192d0fa164cc40e204091f630edc7e9e74de5b450da7
labels:
app: antrea
component: antrea-agent
Expand Down Expand Up @@ -5642,7 +5642,7 @@ spec:
annotations:
# Automatically restart Pod if the ConfigMap changes
# See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
checksum/config: e4e94ba89524d8fdc7eb3ad6e0f6948767f3d92ef767f17c47da348f08b5c2e0
checksum/config: fa14018895e56003a3e9192d0fa164cc40e204091f630edc7e9e74de5b450da7
labels:
app: antrea
component: antrea-controller
Expand Down
2 changes: 1 addition & 1 deletion docs/feature-gates.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ edit the Agent configuration in the
| `AntreaIPAM` | Agent + Controller | `false` | Alpha | v1.4 | N/A | N/A | Yes | |
| `Multicast` | Agent + Controller | `true` | Beta | v1.5 | v1.12 | N/A | Yes | |
| `SecondaryNetwork` | Agent | `false` | Alpha | v1.5 | N/A | N/A | Yes | |
| `ServiceExternalIP` | Agent + Controller | `false` | Alpha | v1.5 | N/A | N/A | Yes | |
| `ServiceExternalIP` | Agent + Controller | `false` | Beta | v1.5 | v2.3 | N/A | Yes | |
| `TrafficControl` | Agent | `false` | Alpha | v1.7 | N/A | N/A | No | |
| `Multicluster` | Agent + Controller | `false` | Alpha | v1.7 | N/A | N/A | Yes | Controller side feature gate added in v1.10.0 |
| `IPsecCertAuth` | Agent + Controller | `false` | Alpha | v1.7 | N/A | N/A | No | |
Expand Down
8 changes: 4 additions & 4 deletions docs/service-loadbalancer.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,9 +63,9 @@ no extra configuration change is needed.

#### Enable Service external IP management feature

At this moment, external IP management for Services is an alpha feature of
Antrea. The `ServiceExternalIP` feature gate of `antrea-agent` and
`antrea-controller` must be enabled for the feature to work. You can enable
The `ServiceExternalIP` feature is enabled by default since Antrea 2.3. If you are
using previous versions, the `ServiceExternalIP` feature gate of `antrea-agent`
and `antrea-controller` must be enabled for the feature to work. You can enable
the `ServiceExternalIP` feature gate in the `antrea-config` ConfigMap in
the Antrea deployment YAML:

Expand Down Expand Up @@ -311,7 +311,7 @@ MetalLB.
As MetalLB will allocate external IPs for all Services of type LoadBalancer,
once it is running, the Service external IP management feature of Antrea should
not be enabled to avoid conflicts with MetalLB. You can deploy Antrea with the
default configuration (in which the `ServiceExternalIP` feature gate of
ServiceExternalIP feature disabled (in which the `ServiceExternalIP` feature gate of
Comment on lines 311 to +314
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The phrasing is a bit strange. I would expect users to be able to keep using MetalLB with Antrea without having to make any specific configuration change, even after we graduate the feature to Beta.

My understanding is that despite the above warning about "conflicts with MetalLB", as long as the Services are not annotated with service.antrea.io/external-ip-pool, Antrea will not try to allocate LB IPs for the Services and there will be no conflict. However, the "check" kind of happens late IMO, which means we are doing work for nothing and some logs may create confusion for users:

antrea/pkg/controller/serviceexternalip/controller.go

Lines 501 to 502 in afb9dfc

if currentIPPool == "" {
klog.V(2).InfoS("Ignored Service as required annotation is not found", "service", key)

I'd like to hear @tnqn's opinion on this. Do we feel like the annotation is enough to "gate" that feature once the FeatureGate itself is promoted to Beta (keep in mind that the long term goal after promoting a feature to Beta should to go to GA, at which point the FeatureGate stops being available altogether in theory). Or do we need a boolean configuration parameter, as a way to explicitly enable / disable the feature (as we have done in other places). Typically we do not need the boolean when the feature is API-driven, but this case is slightly different.

`antrea-agent` is set to `false`). MetalLB can work with both Antrea Proxy and
`kube-proxy` configurations of `antrea-agent`.

Expand Down
7 changes: 5 additions & 2 deletions pkg/apiserver/handlers/featuregates/handler_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ var (
egressStatus string
multicastStatus string
cleanupStaleUDPSvcConntrackStatus string
serviceExternalIPStatus string
)

func Test_getGatesResponse(t *testing.T) {
Expand Down Expand Up @@ -75,7 +76,7 @@ func Test_getGatesResponse(t *testing.T) {
{Component: "agent", Name: "NodePortLocal", Status: "Enabled", Version: "GA"},
{Component: "agent", Name: "PacketCapture", Status: "Disabled", Version: "ALPHA"},
{Component: "agent", Name: "SecondaryNetwork", Status: "Disabled", Version: "ALPHA"},
{Component: "agent", Name: "ServiceExternalIP", Status: "Disabled", Version: "ALPHA"},
{Component: "agent", Name: "ServiceExternalIP", Status: serviceExternalIPStatus, Version: "BETA"},
{Component: "agent", Name: "ServiceTrafficDistribution", Status: "Enabled", Version: "BETA"},
{Component: "agent", Name: "SupportBundleCollection", Status: "Disabled", Version: "ALPHA"},
{Component: "agent", Name: "TopologyAwareHints", Status: "Enabled", Version: "BETA"},
Expand Down Expand Up @@ -207,7 +208,7 @@ func Test_getControllerGatesResponse(t *testing.T) {
{Component: "controller", Name: "Multicluster", Status: "Disabled", Version: "ALPHA"},
{Component: "controller", Name: "NetworkPolicyStats", Status: "Enabled", Version: "BETA"},
{Component: "controller", Name: "NodeIPAM", Status: "Enabled", Version: "BETA"},
{Component: "controller", Name: "ServiceExternalIP", Status: "Disabled", Version: "ALPHA"},
{Component: "controller", Name: "ServiceExternalIP", Status: "Enabled", Version: "BETA"},
{Component: "controller", Name: "SupportBundleCollection", Status: "Disabled", Version: "ALPHA"},
{Component: "controller", Name: "Traceflow", Status: "Enabled", Version: "BETA"},
},
Expand All @@ -225,9 +226,11 @@ func init() {
egressStatus = "Enabled"
multicastStatus = "Enabled"
cleanupStaleUDPSvcConntrackStatus = "Enabled"
serviceExternalIPStatus = "Enabled"
if runtime.IsWindowsPlatform() {
egressStatus = "Disabled"
multicastStatus = "Disabled"
cleanupStaleUDPSvcConntrackStatus = "Disabled"
serviceExternalIPStatus = "Disabled"
}
}
3 changes: 2 additions & 1 deletion pkg/features/antrea_features.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,7 @@ const (
SecondaryNetwork featuregate.Feature = "SecondaryNetwork"

// alpha: v1.5
// beta: v2.3
// Enable controlling Services with ExternalIP.
ServiceExternalIP featuregate.Feature = "ServiceExternalIP"

Expand Down Expand Up @@ -209,7 +210,7 @@ var (
Multicast: {Default: true, PreRelease: featuregate.Beta},
Multicluster: {Default: false, PreRelease: featuregate.Alpha},
SecondaryNetwork: {Default: false, PreRelease: featuregate.Alpha},
ServiceExternalIP: {Default: false, PreRelease: featuregate.Alpha},
ServiceExternalIP: {Default: true, PreRelease: featuregate.Beta},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need to update the value of ServiceExternalIP feature in the antrea-agent.conf and antrea-controller.conf, and regenerate manitests

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unit test is failed.

TrafficControl: {Default: false, PreRelease: featuregate.Alpha},
IPsecCertAuth: {Default: false, PreRelease: featuregate.Alpha},
ExternalNode: {Default: false, PreRelease: featuregate.Alpha},
Expand Down
Loading