Promote feature gate NodePortLocal to GA

Signed-off-by: hujiajing <[email protected]>
antrea-io · Oct 24, 2023 · e3296cd · e3296cd
1 parent 600b202
commit e3296cd
Show file tree

Hide file tree

Showing 12 changed files with 52 additions and 41 deletions.
diff --git a/build/charts/antrea/conf/antrea-agent.conf b/build/charts/antrea/conf/antrea-agent.conf
@@ -246,8 +246,7 @@ flowExporter:
 nodePortLocal:
 {{- with .Values.nodePortLocal }}
 # Enable NodePortLocal, a feature used to make Pods reachable using port forwarding on the host. To
-# enable this feature, you need to set "enable" to true, and ensure that the NodePortLocal feature
-# gate is also enabled (which is the default).
+# enable this feature, you need to set "enable" to true.
   enable: {{ .enable }}
 # Provide the port range used by NodePortLocal. When the NodePortLocal feature is enabled, a port
 # from that range will be assigned whenever a Pod's container defines a specific port to be exposed

diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml
@@ -5691,8 +5691,7 @@ data:
 
     nodePortLocal:
     # Enable NodePortLocal, a feature used to make Pods reachable using port forwarding on the host. To
-    # enable this feature, you need to set "enable" to true, and ensure that the NodePortLocal feature
-    # gate is also enabled (which is the default).
+    # enable this feature, you need to set "enable" to true.
       enable: false
     # Provide the port range used by NodePortLocal. When the NodePortLocal feature is enabled, a port
     # from that range will be assigned whenever a Pod's container defines a specific port to be exposed
@@ -6821,7 +6820,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: d6e7f13a7366490d3b4fe8b7aa6183eef4477d1c7bef7337b24af502a50ca2da
+        checksum/config: 54080b43214c7ab130f2b44a5dce5b220583327c12d6002ba9e958c20a0d3225
       labels:
         app: antrea
         component: antrea-agent
@@ -7062,7 +7061,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: d6e7f13a7366490d3b4fe8b7aa6183eef4477d1c7bef7337b24af502a50ca2da
+        checksum/config: 54080b43214c7ab130f2b44a5dce5b220583327c12d6002ba9e958c20a0d3225
       labels:
         app: antrea
         component: antrea-controller

diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml
@@ -5691,8 +5691,7 @@ data:
 
     nodePortLocal:
     # Enable NodePortLocal, a feature used to make Pods reachable using port forwarding on the host. To
-    # enable this feature, you need to set "enable" to true, and ensure that the NodePortLocal feature
-    # gate is also enabled (which is the default).
+    # enable this feature, you need to set "enable" to true.
       enable: false
     # Provide the port range used by NodePortLocal. When the NodePortLocal feature is enabled, a port
     # from that range will be assigned whenever a Pod's container defines a specific port to be exposed
@@ -6821,7 +6820,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: d6e7f13a7366490d3b4fe8b7aa6183eef4477d1c7bef7337b24af502a50ca2da
+        checksum/config: 54080b43214c7ab130f2b44a5dce5b220583327c12d6002ba9e958c20a0d3225
       labels:
         app: antrea
         component: antrea-agent
@@ -7063,7 +7062,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: d6e7f13a7366490d3b4fe8b7aa6183eef4477d1c7bef7337b24af502a50ca2da
+        checksum/config: 54080b43214c7ab130f2b44a5dce5b220583327c12d6002ba9e958c20a0d3225
       labels:
         app: antrea
         component: antrea-controller

diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml
@@ -5691,8 +5691,7 @@ data:
 
     nodePortLocal:
     # Enable NodePortLocal, a feature used to make Pods reachable using port forwarding on the host. To
-    # enable this feature, you need to set "enable" to true, and ensure that the NodePortLocal feature
-    # gate is also enabled (which is the default).
+    # enable this feature, you need to set "enable" to true.
       enable: false
     # Provide the port range used by NodePortLocal. When the NodePortLocal feature is enabled, a port
     # from that range will be assigned whenever a Pod's container defines a specific port to be exposed
@@ -6821,7 +6820,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 4b6f93df4bcfc9e934772e87a653ce2b119700bf09a13792dda394470443f5aa
+        checksum/config: e3cd4a1d5bef9e9a962bd289eff2e19d88767bd2f6636de4928a33faf7a7f201
       labels:
         app: antrea
         component: antrea-agent
@@ -7060,7 +7059,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 4b6f93df4bcfc9e934772e87a653ce2b119700bf09a13792dda394470443f5aa
+        checksum/config: e3cd4a1d5bef9e9a962bd289eff2e19d88767bd2f6636de4928a33faf7a7f201
       labels:
         app: antrea
         component: antrea-controller

diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml
@@ -5704,8 +5704,7 @@ data:
 
     nodePortLocal:
     # Enable NodePortLocal, a feature used to make Pods reachable using port forwarding on the host. To
-    # enable this feature, you need to set "enable" to true, and ensure that the NodePortLocal feature
-    # gate is also enabled (which is the default).
+    # enable this feature, you need to set "enable" to true.
       enable: false
     # Provide the port range used by NodePortLocal. When the NodePortLocal feature is enabled, a port
     # from that range will be assigned whenever a Pod's container defines a specific port to be exposed
@@ -6834,7 +6833,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: e62ec96721f017ce67609370b6d18c96425135721347e0d3af6c7712df0bf7ca
+        checksum/config: 51123737b21b55aa10f344685909d673fe7f87bbeeab533392f18c19e89af237
         checksum/ipsec-secret: d0eb9c52d0cd4311b6d252a951126bf9bea27ec05590bed8a394f0f792dcb2a4
       labels:
         app: antrea
@@ -7119,7 +7118,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: e62ec96721f017ce67609370b6d18c96425135721347e0d3af6c7712df0bf7ca
+        checksum/config: 51123737b21b55aa10f344685909d673fe7f87bbeeab533392f18c19e89af237
       labels:
         app: antrea
         component: antrea-controller

diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml
@@ -5691,8 +5691,7 @@ data:
 
     nodePortLocal:
     # Enable NodePortLocal, a feature used to make Pods reachable using port forwarding on the host. To
-    # enable this feature, you need to set "enable" to true, and ensure that the NodePortLocal feature
-    # gate is also enabled (which is the default).
+    # enable this feature, you need to set "enable" to true.
       enable: false
     # Provide the port range used by NodePortLocal. When the NodePortLocal feature is enabled, a port
     # from that range will be assigned whenever a Pod's container defines a specific port to be exposed
@@ -6821,7 +6820,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 9c01298a6bca328841f5a2dbfda10dd531b76a0e1cda22588307e4cf97124a13
+        checksum/config: 9396edc6d134fc4871874d5c3182c2af638ba6e3f7a1f2e117c851f6f314b937
       labels:
         app: antrea
         component: antrea-agent
@@ -7060,7 +7059,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 9c01298a6bca328841f5a2dbfda10dd531b76a0e1cda22588307e4cf97124a13
+        checksum/config: 9396edc6d134fc4871874d5c3182c2af638ba6e3f7a1f2e117c851f6f314b937
       labels:
         app: antrea
         component: antrea-controller

diff --git a/cmd/antrea-agent/agent.go b/cmd/antrea-agent/agent.go
@@ -137,7 +137,7 @@ func run(o *Options) error {
 
 	enableAntreaIPAM := features.DefaultFeatureGate.Enabled(features.AntreaIPAM)
 	enableBridgingMode := enableAntreaIPAM && o.config.EnableBridgingMode
-	enableNodePortLocal := features.DefaultFeatureGate.Enabled(features.NodePortLocal) && o.config.NodePortLocal.Enable
+	enableNodePortLocal := o.config.NodePortLocal.Enable
 	l7NetworkPolicyEnabled := features.DefaultFeatureGate.Enabled(features.L7NetworkPolicy)
 	enableMulticlusterGW := features.DefaultFeatureGate.Enabled(features.Multicluster) && o.config.Multicluster.EnableGateway
 	enableMulticlusterNP := features.DefaultFeatureGate.Enabled(features.Multicluster) && o.config.Multicluster.EnableStretchedNetworkPolicy

diff --git a/cmd/antrea-agent/options.go b/cmd/antrea-agent/options.go
@@ -453,7 +453,7 @@ func (o *Options) setK8sNodeDefaultOptions() {
 		}
 	}
 
-	if features.DefaultFeatureGate.Enabled(features.NodePortLocal) {
+	if o.config.NodePortLocal.Enable {
 		switch {
 		case o.config.NodePortLocal.PortRange != "":
 		case o.config.NPLPortRange != "":
@@ -582,16 +582,8 @@ func (o *Options) validateK8sNodeOptions() error {
 	if err := o.validateMulticlusterConfig(encapMode, encryptionMode); err != nil {
 		return err
 	}
-
-	if features.DefaultFeatureGate.Enabled(features.NodePortLocal) {
-		startPort, endPort, err := parsePortRange(o.config.NodePortLocal.PortRange)
-		if err != nil {
-			return fmt.Errorf("NodePortLocal portRange is not valid: %v", err)
-		}
-		o.nplStartPort = startPort
-		o.nplEndPort = endPort
-	} else if o.config.NodePortLocal.Enable {
-		klog.InfoS("The nodePortLocal.enable config option is set to true, but it will be ignored because the NodePortLocal feature gate is disabled")
+	if err := o.valdateNodePortLocalConfig(); err != nil {
+		return fmt.Errorf("failed to validate nodePortLocal config: %v", err)
 	}
 	if err := o.validateAntreaIPAMConfig(); err != nil {
 		return fmt.Errorf("failed to validate AntreaIPAM config: %v", err)
@@ -738,3 +730,19 @@ func (o *Options) validateSecondaryNetworkConfig() error {
 
 	return nil
 }
+
+func (o *Options) valdateNodePortLocalConfig() error {
+	if !features.DefaultFeatureGate.Enabled(features.NodePortLocal) {
+		o.config.NodePortLocal.Enable = false
+		klog.InfoS("Feature gate `NodePortLocal` is deprecated, please use option `nodePortLocal.enable` to disable NodePortLocal")
+	}
+	if o.config.NodePortLocal.Enable {
+		startPort, endPort, err := parsePortRange(o.config.NodePortLocal.PortRange)
+		if err != nil {
+			return fmt.Errorf("NodePortLocal portRange is not valid: %v", err)
+		}
+		o.nplStartPort = startPort
+		o.nplEndPort = endPort
+	}
+	return nil
+}
diff --git a/docs/feature-gates.md b/docs/feature-gates.md
@@ -33,7 +33,7 @@ edit the Agent configuration in the
 ## List of Available Features
 
 | Feature Name                  | Component          | Default | Stage | Alpha Release | Beta Release | GA Release | Extra Requirements | Notes                                         |
-|-------------------------------|--------------------|---------|-------|---------------|--------------|------------|--------------------|-----------------------------------------------|
+| ----------------------------- | ------------------ | ------- | ----- | ------------- | ------------ | ---------- | ------------------ | --------------------------------------------- |
 | `AntreaProxy`                 | Agent              | `true`  | Beta  | v0.8          | v0.11        | N/A        | Yes                | Must be enabled for Windows.                  |
 | `EndpointSlice`               | Agent              | `true`  | GA    | v0.13.0       | v1.11        | v1.14      | Yes                |                                               |
 | `TopologyAwareHints`          | Agent              | `true`  | Beta  | v1.8          | v1.12        | N/A        | Yes                |                                               |
@@ -43,7 +43,7 @@ edit the Agent configuration in the
 | `Traceflow`                   | Agent + Controller | `true`  | Beta  | v0.8          | v0.11        | N/A        | Yes                |                                               |
 | `FlowExporter`                | Agent              | `false` | Alpha | v0.9          | N/A          | N/A        | Yes                |                                               |
 | `NetworkPolicyStats`          | Agent + Controller | `true`  | Beta  | v0.10         | v1.2         | N/A        | No                 |                                               |
-| `NodePortLocal`               | Agent              | `true`  | Beta  | v0.13         | v1.4         | N/A        | Yes                | Important user-facing change in v1.2.0        |
+| `NodePortLocal`               | Agent              | `true`  | GA    | v0.13         | v1.4         | v1.14      | Yes                | Important user-facing change in v1.2.0        |
 | `Egress`                      | Agent + Controller | `true`  | Beta  | v1.0          | v1.6         | N/A        | Yes                |                                               |
 | `NodeIPAM`                    | Controller         | `true`  | Beta  | v1.4          | v1.12        | N/A        | Yes                |                                               |
 | `AntreaIPAM`                  | Agent + Controller | `false` | Alpha | v1.4          | N/A          | N/A        | Yes                |                                               |

diff --git a/docs/node-port-local.md b/docs/node-port-local.md
@@ -31,6 +31,8 @@ NodePortLocal was introduced in v0.13 as an alpha feature, and was graduated to
 beta in v1.4, at which time it was enabled by default. Prior to v1.4, a feature
 gate, `NodePortLocal`, must be enabled on the antrea-agent for the feature to
 work. Starting from Antrea v1.7, NPL is supported on the Windows antrea-agent.
+From Antrea v1.14, NPL is GA. To enable this feature, you need to ensure that the
+`nodePortLocal.enable` flag is set to true in Antrea Agent configuration.
 
 ## Usage
 

diff --git a/pkg/features/antrea_features.go b/pkg/features/antrea_features.go
@@ -77,6 +77,7 @@ const (
 
 	// alpha: v0.13
 	// beta: v1.4
+	// GA: v1.14
 	// Expose Pod ports through NodePort
 	NodePortLocal featuregate.Feature = "NodePortLocal"
 
@@ -164,7 +165,7 @@ var (
 		AntreaIPAM:                  {Default: false, PreRelease: featuregate.Alpha},
 		FlowExporter:                {Default: false, PreRelease: featuregate.Alpha},
 		NetworkPolicyStats:          {Default: true, PreRelease: featuregate.Beta},
-		NodePortLocal:               {Default: true, PreRelease: featuregate.Beta},
+		NodePortLocal:               {Default: true, PreRelease: featuregate.GA},
 		NodeIPAM:                    {Default: true, PreRelease: featuregate.Beta},
 		Multicast:                   {Default: true, PreRelease: featuregate.Beta},
 		Multicluster:                {Default: false, PreRelease: featuregate.Alpha},

diff --git a/test/e2e/nodeportlocal_test.go b/test/e2e/nodeportlocal_test.go
@@ -32,7 +32,6 @@ import (
 	npltesting "antrea.io/antrea/pkg/agent/nodeportlocal/testing"
 	"antrea.io/antrea/pkg/agent/nodeportlocal/types"
 	agentconfig "antrea.io/antrea/pkg/config/agent"
-	"antrea.io/antrea/pkg/features"
 )
 
 const (
@@ -55,8 +54,14 @@ func newExpectedNPLAnnotations(nplStartPort, nplEndPort int) *npltesting.Expecte
 	return npltesting.NewExpectedNPLAnnotations(nil, nplStartPort, nplEndPort)
 }
 
-func skipIfNodePortLocalDisabled(tb testing.TB) {
-	skipIfFeatureDisabled(tb, features.NodePortLocal, true, false)
+func skipIfNodePortLocalDisabled(tb testing.TB, data *TestData) {
+	agentConf, err := data.GetAntreaAgentConf()
+	if err != nil {
+		tb.Fatalf("Error getting Antrea Agent configuration: %v:", err)
+	}
+	if !agentConf.NodePortLocal.Enable {
+		tb.Skipf("Skipping test because NodePortLocal is not enabled")
+	}
 }
 
 func configureNPLForAgent(t *testing.T, data *TestData, startPort, endPort int) {
@@ -74,14 +79,15 @@ func configureNPLForAgent(t *testing.T, data *TestData, startPort, endPort int)
 // NodePortLocal related test cases so they can share setup, teardown.
 func TestNodePortLocal(t *testing.T) {
 	skipIfNotIPv4Cluster(t)
-	skipIfNodePortLocalDisabled(t)
 
 	data, err := setupTest(t)
 	if err != nil {
 		t.Fatalf("Error when setting up test: %v", err)
 	}
 	defer teardownTest(t, data)
 
+	skipIfNodePortLocalDisabled(t, data)
+
 	configureNPLForAgent(t, data, defaultStartPort, defaultEndPort)
 	t.Run("testNPLAddPod", func(t *testing.T) { testNPLAddPod(t, data) })
 	t.Run("testNPLMultiplePodsAgentRestart", func(t *testing.T) { testNPLMultiplePodsAgentRestart(t, data) })