From 5886bca38b7a987e196f6e6a70d5601c030c6731 Mon Sep 17 00:00:00 2001 From: Lan Luo Date: Sat, 8 Feb 2025 17:39:43 +0800 Subject: [PATCH] Promote EgressSeparateSubnet feature to Beta Signed-off-by: Lan Luo --- build/charts/antrea/conf/antrea-agent.conf | 2 +- build/yamls/antrea-aks.yml | 6 +++--- build/yamls/antrea-eks.yml | 6 +++--- build/yamls/antrea-gke.yml | 6 +++--- build/yamls/antrea-ipsec.yml | 6 +++--- build/yamls/antrea.yml | 6 +++--- docs/egress.md | 12 ++++++------ docs/feature-gates.md | 2 +- pkg/apiserver/handlers/featuregates/handler_test.go | 5 ++++- pkg/features/antrea_features.go | 3 ++- 10 files changed, 29 insertions(+), 25 deletions(-) diff --git a/build/charts/antrea/conf/antrea-agent.conf b/build/charts/antrea/conf/antrea-agent.conf index 862a8027678..40278aebb2a 100644 --- a/build/charts/antrea/conf/antrea-agent.conf +++ b/build/charts/antrea/conf/antrea-agent.conf @@ -88,7 +88,7 @@ featureGates: {{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "EgressTrafficShaping" "default" false) }} # Allow users to allocate Egress IPs from a different subnet from the default Node subnet. -{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "EgressSeparateSubnet" "default" false) }} +{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "EgressSeparateSubnet" "default" true) }} # Allow users to apply ClusterNetworkPolicy to Kubernetes Nodes. {{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "NodeNetworkPolicy" "default" false) }} diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml index 0615134a6f1..b42e0574983 100644 --- a/build/yamls/antrea-aks.yml +++ b/build/yamls/antrea-aks.yml @@ -4069,7 +4069,7 @@ data: # EgressTrafficShaping: false # Allow users to allocate Egress IPs from a different subnet from the default Node subnet. - # EgressSeparateSubnet: false + # EgressSeparateSubnet: true # Allow users to apply ClusterNetworkPolicy to Kubernetes Nodes. # NodeNetworkPolicy: false @@ -5446,7 +5446,7 @@ spec: kubectl.kubernetes.io/default-container: antrea-agent # Automatically restart Pods with a RollingUpdate if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: 9c5fd81219c99e3ac42cdbafe79a80f2462119a30249c4dffc6d8eb969251f4e + checksum/config: bc29a09c052fff53288bde6360d49e835dbc5caf6a2bf928861236566fa9d1ce labels: app: antrea component: antrea-agent @@ -5690,7 +5690,7 @@ spec: annotations: # Automatically restart Pod if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: 9c5fd81219c99e3ac42cdbafe79a80f2462119a30249c4dffc6d8eb969251f4e + checksum/config: bc29a09c052fff53288bde6360d49e835dbc5caf6a2bf928861236566fa9d1ce labels: app: antrea component: antrea-controller diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml index 7921e0dcb86..57074e9eeda 100644 --- a/build/yamls/antrea-eks.yml +++ b/build/yamls/antrea-eks.yml @@ -4069,7 +4069,7 @@ data: # EgressTrafficShaping: false # Allow users to allocate Egress IPs from a different subnet from the default Node subnet. - # EgressSeparateSubnet: false + # EgressSeparateSubnet: true # Allow users to apply ClusterNetworkPolicy to Kubernetes Nodes. # NodeNetworkPolicy: false @@ -5446,7 +5446,7 @@ spec: kubectl.kubernetes.io/default-container: antrea-agent # Automatically restart Pods with a RollingUpdate if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: 9c5fd81219c99e3ac42cdbafe79a80f2462119a30249c4dffc6d8eb969251f4e + checksum/config: bc29a09c052fff53288bde6360d49e835dbc5caf6a2bf928861236566fa9d1ce labels: app: antrea component: antrea-agent @@ -5691,7 +5691,7 @@ spec: annotations: # Automatically restart Pod if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: 9c5fd81219c99e3ac42cdbafe79a80f2462119a30249c4dffc6d8eb969251f4e + checksum/config: bc29a09c052fff53288bde6360d49e835dbc5caf6a2bf928861236566fa9d1ce labels: app: antrea component: antrea-controller diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml index 7da159beac6..f8fa64ad881 100644 --- a/build/yamls/antrea-gke.yml +++ b/build/yamls/antrea-gke.yml @@ -4069,7 +4069,7 @@ data: # EgressTrafficShaping: false # Allow users to allocate Egress IPs from a different subnet from the default Node subnet. - # EgressSeparateSubnet: false + # EgressSeparateSubnet: true # Allow users to apply ClusterNetworkPolicy to Kubernetes Nodes. # NodeNetworkPolicy: false @@ -5446,7 +5446,7 @@ spec: kubectl.kubernetes.io/default-container: antrea-agent # Automatically restart Pods with a RollingUpdate if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: 115af3aa2408672d2f38c5dfd9aae3a4754703158adc807f695b74a8689f1ada + checksum/config: 877979e9392bb2a2b65fa28f362c90d85509102133ad8de6c3410c56e04f0234 labels: app: antrea component: antrea-agent @@ -5688,7 +5688,7 @@ spec: annotations: # Automatically restart Pod if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: 115af3aa2408672d2f38c5dfd9aae3a4754703158adc807f695b74a8689f1ada + checksum/config: 877979e9392bb2a2b65fa28f362c90d85509102133ad8de6c3410c56e04f0234 labels: app: antrea component: antrea-controller diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml index 168e01d338f..6e70431db1d 100644 --- a/build/yamls/antrea-ipsec.yml +++ b/build/yamls/antrea-ipsec.yml @@ -4082,7 +4082,7 @@ data: # EgressTrafficShaping: false # Allow users to allocate Egress IPs from a different subnet from the default Node subnet. - # EgressSeparateSubnet: false + # EgressSeparateSubnet: true # Allow users to apply ClusterNetworkPolicy to Kubernetes Nodes. # NodeNetworkPolicy: false @@ -5459,7 +5459,7 @@ spec: kubectl.kubernetes.io/default-container: antrea-agent # Automatically restart Pods with a RollingUpdate if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: d7a27b42825a5fb89da24f0e2ba23b6672d3c62ac9bba4507722d6a57bfffaca + checksum/config: 00850eea62819cbe3c83a8a8915dba2f0d91d380c1b8566c80b691c3a909b258 checksum/ipsec-secret: d0eb9c52d0cd4311b6d252a951126bf9bea27ec05590bed8a394f0f792dcb2a4 labels: app: antrea @@ -5747,7 +5747,7 @@ spec: annotations: # Automatically restart Pod if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: d7a27b42825a5fb89da24f0e2ba23b6672d3c62ac9bba4507722d6a57bfffaca + checksum/config: 00850eea62819cbe3c83a8a8915dba2f0d91d380c1b8566c80b691c3a909b258 labels: app: antrea component: antrea-controller diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml index 197c4d94c0f..d11446e0749 100644 --- a/build/yamls/antrea.yml +++ b/build/yamls/antrea.yml @@ -4069,7 +4069,7 @@ data: # EgressTrafficShaping: false # Allow users to allocate Egress IPs from a different subnet from the default Node subnet. - # EgressSeparateSubnet: false + # EgressSeparateSubnet: true # Allow users to apply ClusterNetworkPolicy to Kubernetes Nodes. # NodeNetworkPolicy: false @@ -5446,7 +5446,7 @@ spec: kubectl.kubernetes.io/default-container: antrea-agent # Automatically restart Pods with a RollingUpdate if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: b5a31ae863dbec89793167ebf4204eed1b5649180295c89064769b8e9526a1d6 + checksum/config: 6b0b82d61a89692c8092a44ac0a7bb02647254384f5246282bbb6be56415d08b labels: app: antrea component: antrea-agent @@ -5688,7 +5688,7 @@ spec: annotations: # Automatically restart Pod if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: b5a31ae863dbec89793167ebf4204eed1b5649180295c89064769b8e9526a1d6 + checksum/config: 6b0b82d61a89692c8092a44ac0a7bb02647254384f5246282bbb6be56415d08b labels: app: antrea component: antrea-controller diff --git a/docs/egress.md b/docs/egress.md index 274e4ac7aa8..c3f0b854e0c 100644 --- a/docs/egress.md +++ b/docs/egress.md @@ -251,12 +251,12 @@ spec: network-role: egress-gateway ``` -**Note**: Specifying different subnets is currently in alpha version. To use -this feature, users should enable the `EgressSeparateSubnet` feature gate. -Currently, the maximum number of different subnets that can be supported in a -cluster is 20, which should be sufficient for most cases. If you need to have -more subnets, please raise an issue with your use case, and we will consider -revising the limit based on that. +**Note**: Specifying different subnets is enabled by default since Antrea v2.3. +To use this feature with an earlier release, users should enable the `EgressSeparateSubnet` +feature gate. Currently, the maximum number of different subnets that can be +supported in a cluster is 20, which should be sufficient for most cases. If you +need to have more subnets, please raise an issue with your use case, and we will +consider revising the limit based on that. ### NodeSelector diff --git a/docs/feature-gates.md b/docs/feature-gates.md index 892f0f1aee1..a31116bdb08 100644 --- a/docs/feature-gates.md +++ b/docs/feature-gates.md @@ -57,7 +57,7 @@ edit the Agent configuration in the | `L7NetworkPolicy` | Agent + Controller | `false` | Alpha | v1.10 | N/A | N/A | Yes | | | `AdminNetworkPolicy` | Controller | `false` | Alpha | v1.13 | N/A | N/A | Yes | | | `EgressTrafficShaping` | Agent | `false` | Alpha | v1.14 | N/A | N/A | Yes | OVS meters should be supported | -| `EgressSeparateSubnet` | Agent | `false` | Alpha | v1.15 | N/A | N/A | No | | +| `EgressSeparateSubnet` | Agent | `true` | Beta | v1.15 | v2.3 | N/A | No | | | `NodeNetworkPolicy` | Agent | `false` | Alpha | v1.15 | N/A | N/A | Yes | | | `L7FlowExporter` | Agent | `false` | Alpha | v1.15 | N/A | N/A | Yes | | | `BGPPolicy` | Agent | `false` | Alpha | v2.1 | N/A | N/A | No | | diff --git a/pkg/apiserver/handlers/featuregates/handler_test.go b/pkg/apiserver/handlers/featuregates/handler_test.go index 506589cfc2c..610086175bb 100644 --- a/pkg/apiserver/handlers/featuregates/handler_test.go +++ b/pkg/apiserver/handlers/featuregates/handler_test.go @@ -37,6 +37,7 @@ var ( multicastStatus string cleanupStaleUDPSvcConntrackStatus string serviceExternalIPStatus string + egressSeparateSubnetStatus string ) func Test_getGatesResponse(t *testing.T) { @@ -59,7 +60,7 @@ func Test_getGatesResponse(t *testing.T) { {Component: "agent", Name: "BGPPolicy", Status: "Disabled", Version: "ALPHA"}, {Component: "agent", Name: "CleanupStaleUDPSvcConntrack", Status: cleanupStaleUDPSvcConntrackStatus, Version: "BETA"}, {Component: "agent", Name: "Egress", Status: egressStatus, Version: "BETA"}, - {Component: "agent", Name: "EgressSeparateSubnet", Status: "Disabled", Version: "ALPHA"}, + {Component: "agent", Name: "EgressSeparateSubnet", Status: egressSeparateSubnetStatus, Version: "BETA"}, {Component: "agent", Name: "EgressTrafficShaping", Status: "Disabled", Version: "ALPHA"}, {Component: "agent", Name: "EndpointSlice", Status: "Enabled", Version: "GA"}, {Component: "agent", Name: "ExternalNode", Status: "Disabled", Version: "ALPHA"}, @@ -224,11 +225,13 @@ func Test_getControllerGatesResponse(t *testing.T) { func init() { egressStatus = "Enabled" + egressSeparateSubnetStatus = "Enabled" multicastStatus = "Enabled" cleanupStaleUDPSvcConntrackStatus = "Enabled" serviceExternalIPStatus = "Enabled" if runtime.IsWindowsPlatform() { egressStatus = "Disabled" + egressSeparateSubnetStatus = "Disabled" multicastStatus = "Disabled" cleanupStaleUDPSvcConntrackStatus = "Disabled" serviceExternalIPStatus = "Disabled" diff --git a/pkg/features/antrea_features.go b/pkg/features/antrea_features.go index 9ced47f6849..7d504ccbcc6 100644 --- a/pkg/features/antrea_features.go +++ b/pkg/features/antrea_features.go @@ -159,6 +159,7 @@ const ( EgressTrafficShaping featuregate.Feature = "EgressTrafficShaping" // alpha: v1.15 + // beta: v2.3 // Allow users to allocate Egress IPs from a different subnet from the default Node subnet. EgressSeparateSubnet featuregate.Feature = "EgressSeparateSubnet" @@ -219,7 +220,7 @@ var ( LoadBalancerModeDSR: {Default: false, PreRelease: featuregate.Alpha}, AdminNetworkPolicy: {Default: false, PreRelease: featuregate.Alpha}, EgressTrafficShaping: {Default: false, PreRelease: featuregate.Alpha}, - EgressSeparateSubnet: {Default: false, PreRelease: featuregate.Alpha}, + EgressSeparateSubnet: {Default: true, PreRelease: featuregate.Beta}, NodeNetworkPolicy: {Default: false, PreRelease: featuregate.Alpha}, L7FlowExporter: {Default: false, PreRelease: featuregate.Alpha}, NodeLatencyMonitor: {Default: false, PreRelease: featuregate.Alpha},