Bug 1906844: Disable EndpointSlice and EndpointSliceProxying feature gates and update to k8s 1.19.4.

go.mod

@@ -6,7 +6,7 @@ require (
 	github.com/Masterminds/goutils v1.1.0 // indirect
 	github.com/Masterminds/semver v1.5.0
 	github.com/Masterminds/sprig v2.22.0+incompatible
-	github.com/containernetworking/cni v0.7.1
+	github.com/containernetworking/cni v0.8.0
 	github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32
 	github.com/go-bindata/go-bindata v3.1.2+incompatible
 	github.com/go-logr/logr v0.3.0 // indirect
@@ -26,19 +26,48 @@ require (
 	github.com/spf13/cobra v1.0.0
 	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.4.0
-	github.com/vishvananda/netlink v1.0.0
+	github.com/vishvananda/netlink v1.1.0
 	golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb // indirect
 	golang.org/x/text v0.3.4 // indirect
 	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/api v0.19.4
-	k8s.io/apiextensions-apiserver v0.19.2
+	k8s.io/apiextensions-apiserver v0.19.4
 	k8s.io/apimachinery v0.19.4
-	k8s.io/client-go v0.19.2
-	k8s.io/code-generator v0.19.2
-	k8s.io/component-base v0.19.2
+	k8s.io/client-go v0.19.4
+	k8s.io/code-generator v0.19.4
+	k8s.io/component-base v0.19.4
 	k8s.io/klog/v2 v2.4.0
-	k8s.io/kube-proxy v0.19.2
+	k8s.io/kube-proxy v0.19.4
+	k8s.io/kubernetes v1.19.4 // indirect
 	k8s.io/utils v0.0.0-20200729134348-d5654de09c73
 	sigs.k8s.io/controller-runtime v0.6.3
 	sigs.k8s.io/structured-merge-diff/v4 v4.0.2 // indirect
 )
+
+replace (
+	github.com/onsi/ginkgo => github.com/onsi/ginkgo v1.11.0
+	k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20201105175657-1bb012236ace
+	k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20201105175657-1bb012236ace
+	k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20201105175657-1bb012236ace
+	k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20201105175657-1bb012236ace
+	k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20201105175657-1bb012236ace
+	k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20201105175657-1bb012236ace
+	k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20201105175657-1bb012236ace
+	k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20201105175657-1bb012236ace
+	k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20201105175657-1bb012236ace
+	k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20201105175657-1bb012236ace
+	k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20201105175657-1bb012236ace
+	k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20201105175657-1bb012236ace
+	k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20201105175657-1bb012236ace
+	k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20201105175657-1bb012236ace
+	k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20201105175657-1bb012236ace
+	k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20201105175657-1bb012236ace
+	k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20201105175657-1bb012236ace
+	k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20201105175657-1bb012236ace
+	k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20201105175657-1bb012236ace
+	k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20201105175657-1bb012236ace
+	k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20201105175657-1bb012236ace
+	k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20201105175657-1bb012236ace
+	k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20201105175657-1bb012236ace
+	k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20201105175657-1bb012236ace
+)

pkg/network/kube_proxy.go

@@ -110,6 +110,9 @@ func validateKubeProxy(conf *operv1.NetworkSpec) []error {
 				out = append(out, errors.Errorf("kube-proxy --healthz-port cannot be overridden"))
 			}
 		}
+		if _, ok := p.ProxyArguments["feature-gates"]; ok {
+			out = append(out, errors.Errorf("kube-proxy --feature-gates cannot be overridden"))
+		}
 	}
 
 	return out

pkg/network/kube_proxy_test.go

@@ -252,7 +252,8 @@ func TestValidateKubeProxy(t *testing.T) {
 	c.KubeProxyConfig.IptablesSyncPeriod = "asdf"
 	c.KubeProxyConfig.ProxyArguments["healthz-port"] = []string{"9102"}
 	c.KubeProxyConfig.ProxyArguments["metrics-port"] = []string{"10255"}
-	g.Expect(validateKubeProxy(c)).To(HaveLen(4))
+	c.KubeProxyConfig.ProxyArguments["feature-gates"] = []string{"FGFoo=bar,FGBaz=bah"}
+	g.Expect(validateKubeProxy(c)).To(HaveLen(5))
 }
 
 func TestFillKubeProxyDefaults(t *testing.T) {

pkg/network/openshift_sdn.go

@@ -58,7 +58,8 @@ func renderOpenShiftSDN(conf *operv1.NetworkSpec, manifestDir string) ([]*uns.Un
 	// the insecure metrics port exposed by kube-proxy itself. So just override
 	// the value from conf (which we know is either "9101" or unspecified).
 	kpcOverrides := map[string]operv1.ProxyArgumentList{
-		"metrics-port": {"29101"},
+		"metrics-port":  {"29101"},
+		"feature-gates": {"EndpointSlice=false,EndpointSliceProxying=false"},
 	}
 	if *c.EnableUnidling {
 		// We already validated that proxy-mode was either unset or iptables.

pkg/network/openshift_sdn_test.go

@@ -293,6 +293,12 @@ func TestProxyArgs(t *testing.T) {
 	}
 	errs = validateKubeProxy(config)
 	g.Expect(errs).To(HaveLen(0))
+	// Validate that we don't allow the feature-gates to be set via user config
+	config.KubeProxyConfig.ProxyArguments = map[string]operv1.ProxyArgumentList{
+		"feature-gates": {"FGBar=baz"},
+	}
+	errs = validateKubeProxy(config)
+	g.Expect(errs).To(HaveLen(1))
 
 	objs, err = renderOpenShiftSDN(config, manifestDir)
 	g.Expect(err).NotTo(HaveOccurred())
@@ -434,6 +440,9 @@ conntrack:
   tcpEstablishedTimeout: null
 detectLocalMode: ""
 enableProfiling: false
+featureGates:
+  EndpointSlice: false
+  EndpointSliceProxying: false
 healthzBindAddress: 0.0.0.0:10256
 hostnameOverride: ""
 iptables:
@@ -488,6 +497,9 @@ conntrack:
   tcpEstablishedTimeout: null
 detectLocalMode: ""
 enableProfiling: false
+featureGates:
+  EndpointSlice: false
+  EndpointSliceProxying: false
 healthzBindAddress: 0.0.0.0:10256
 hostnameOverride: ""
 iptables:

pkg/util/k8s/kubeproxy.go

@@ -9,10 +9,10 @@ import (
 
 	"github.com/ghodss/yaml"
 	operv1 "github.com/openshift/api/operator/v1"
-
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	utilerrors "k8s.io/apimachinery/pkg/util/errors"
 	utilnet "k8s.io/apimachinery/pkg/util/net"
+	cliflag "k8s.io/component-base/cli/flag"
 	kubeproxyconfig "k8s.io/kube-proxy/config/v1alpha1"
 )
 
@@ -80,6 +80,7 @@ func GenerateKubeProxyConfiguration(args map[string]operv1.ProxyArgumentList) (s
 	kpc.ConfigSyncPeriod.Duration = ka.getDuration("config-sync-period")
 
 	kpc.NodePortAddresses = ka.getCIDRList("node-port-addresses")
+	kpc.FeatureGates = ka.getFeatureGates("feature-gates")
 
 	if err := ka.getError(); err != nil {
 		return "", err
@@ -255,3 +256,26 @@ func (ka *kpcArgs) getPortRange(key string) string {
 	}
 	return value
 }
+
+// getFeatureGates parses feature-gates and returns a map[string]bool
+func (ka *kpcArgs) getFeatureGates(key string) map[string]bool {
+	val := ka.args[key]
+	if len(val) == 0 {
+		return nil
+	}
+	delete(ka.args, key)
+	fgMap := make(map[string]bool)
+	featureGates := cliflag.NewMapStringBool(&fgMap)
+	for _, v := range val {
+		err := featureGates.Set(v)
+		if err != nil {
+			ka.errs = append(ka.errs, fmt.Errorf("invalid %q (%v)", v, err))
+			continue
+		}
+	}
+	if len(fgMap) == 0 {
+		return nil
+	}
+	return fgMap
+
+}

pkg/util/k8s/kubeproxy_test.go

@@ -366,6 +366,20 @@ winkernel:
 			},
 			err: "unused arguments: conntrack-max",
 		},
+		{
+			description: "bad feature-gates syntax",
+			overrides: map[string]operv1.ProxyArgumentList{
+				"feature-gates": {"FG1=true,FG2=false,FG3=false=false"},
+			},
+			err: `invalid "FG1=true,FG2=false,FG3=false=false" (invalid value of FG3: false=false, err: strconv.ParseBool: parsing "false=false": invalid syntax)`,
+		},
+		{
+			description: "bad feature-gates value",
+			overrides: map[string]operv1.ProxyArgumentList{
+				"feature-gates": {"FG1=foo,FG2=true"},
+			},
+			err: `invalid "FG1=foo,FG2=true" (invalid value of FG1: foo, err: strconv.ParseBool: parsing "foo": invalid syntax)`,
+		},
 	}
 
 	for _, test := range tests {
@@ -380,7 +394,7 @@ winkernel:
 			}
 		} else {
 			if err == nil {
-				t.Fatalf("unexpected non-error in %q", test.description)
+				t.Fatalf("unexpected non-error in %q: config: %v, args: %v", test.description, config, args)
 			} else if !strings.Contains(err.Error(), test.err) {
 				t.Fatalf("bad error in %q: expected %q, got: %v", test.description, test.err, err)
 			}