Promote ServiceExternalIP to beta

Fixes: #6743 Signed-off-by: Xu Liu <[email protected]>
antrea-io · Jan 10, 2025 · 0043100 · 0043100
1 parent 503239f
commit 0043100
Show file tree

Hide file tree

Showing 11 changed files with 34 additions and 30 deletions.
diff --git a/build/charts/antrea/conf/antrea-agent.conf b/build/charts/antrea/conf/antrea-agent.conf
@@ -66,7 +66,7 @@ featureGates:
 {{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "SecondaryNetwork" "default" false) }}
 
 # Enable managing external IPs of Services of LoadBalancer type.
-{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "ServiceExternalIP" "default" false) }}
+{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "ServiceExternalIP" "default" true) }}
 
 # Enable mirroring or redirecting the traffic Pods send or receive.
 {{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "TrafficControl" "default" false) }}

diff --git a/build/charts/antrea/conf/antrea-controller.conf b/build/charts/antrea/conf/antrea-controller.conf
@@ -32,7 +32,7 @@ featureGates:
 {{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "AntreaIPAM" "default" false) }}
 
 # Enable managing external IPs of Services of LoadBalancer type.
-{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "ServiceExternalIP" "default" false) }}
+{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "ServiceExternalIP" "default" true) }}
 
 # Enable certificate-based authentication for IPSec tunnel.
 {{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "IPsecCertAuth" "default" false) }}

diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml
@@ -4015,7 +4015,7 @@ data:
     #  SecondaryNetwork: false
 
     # Enable managing external IPs of Services of LoadBalancer type.
-    #  ServiceExternalIP: false
+    #  ServiceExternalIP: true
 
     # Enable mirroring or redirecting the traffic Pods send or receive.
     #  TrafficControl: false
@@ -4443,7 +4443,7 @@ data:
     #  AntreaIPAM: false
 
     # Enable managing external IPs of Services of LoadBalancer type.
-    #  ServiceExternalIP: false
+    #  ServiceExternalIP: true
 
     # Enable certificate-based authentication for IPSec tunnel.
     #  IPsecCertAuth: false
@@ -5406,7 +5406,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: f7ac1903ae9edfd45361cb67b991cb23f708f15cb5cb862bffd70e95dcd776fb
+        checksum/config: f16c024c6738bc918d9380162ed9d3c157bc24a46abcfb8e3bf1352efc4da874
       labels:
         app: antrea
         component: antrea-agent
@@ -5644,7 +5644,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: f7ac1903ae9edfd45361cb67b991cb23f708f15cb5cb862bffd70e95dcd776fb
+        checksum/config: f16c024c6738bc918d9380162ed9d3c157bc24a46abcfb8e3bf1352efc4da874
       labels:
         app: antrea
         component: antrea-controller

diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml
@@ -4015,7 +4015,7 @@ data:
     #  SecondaryNetwork: false
 
     # Enable managing external IPs of Services of LoadBalancer type.
-    #  ServiceExternalIP: false
+    #  ServiceExternalIP: true
 
     # Enable mirroring or redirecting the traffic Pods send or receive.
     #  TrafficControl: false
@@ -4443,7 +4443,7 @@ data:
     #  AntreaIPAM: false
 
     # Enable managing external IPs of Services of LoadBalancer type.
-    #  ServiceExternalIP: false
+    #  ServiceExternalIP: true
 
     # Enable certificate-based authentication for IPSec tunnel.
     #  IPsecCertAuth: false
@@ -5406,7 +5406,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: f7ac1903ae9edfd45361cb67b991cb23f708f15cb5cb862bffd70e95dcd776fb
+        checksum/config: f16c024c6738bc918d9380162ed9d3c157bc24a46abcfb8e3bf1352efc4da874
       labels:
         app: antrea
         component: antrea-agent
@@ -5645,7 +5645,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: f7ac1903ae9edfd45361cb67b991cb23f708f15cb5cb862bffd70e95dcd776fb
+        checksum/config: f16c024c6738bc918d9380162ed9d3c157bc24a46abcfb8e3bf1352efc4da874
       labels:
         app: antrea
         component: antrea-controller

diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml
@@ -4015,7 +4015,7 @@ data:
     #  SecondaryNetwork: false
 
     # Enable managing external IPs of Services of LoadBalancer type.
-    #  ServiceExternalIP: false
+    #  ServiceExternalIP: true
 
     # Enable mirroring or redirecting the traffic Pods send or receive.
     #  TrafficControl: false
@@ -4443,7 +4443,7 @@ data:
     #  AntreaIPAM: false
 
     # Enable managing external IPs of Services of LoadBalancer type.
-    #  ServiceExternalIP: false
+    #  ServiceExternalIP: true
 
     # Enable certificate-based authentication for IPSec tunnel.
     #  IPsecCertAuth: false
@@ -5406,7 +5406,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 00ba3a60f132691721ba2e84c5c8f0a9eddc32593b38798de8f59d52fff54169
+        checksum/config: 27a80abe8607c376342dcaaf8eff6763d6532cbd778653cd9efdbc1f756893fc
       labels:
         app: antrea
         component: antrea-agent
@@ -5642,7 +5642,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 00ba3a60f132691721ba2e84c5c8f0a9eddc32593b38798de8f59d52fff54169
+        checksum/config: 27a80abe8607c376342dcaaf8eff6763d6532cbd778653cd9efdbc1f756893fc
       labels:
         app: antrea
         component: antrea-controller

diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml
@@ -4028,7 +4028,7 @@ data:
     #  SecondaryNetwork: false
 
     # Enable managing external IPs of Services of LoadBalancer type.
-    #  ServiceExternalIP: false
+    #  ServiceExternalIP: true
 
     # Enable mirroring or redirecting the traffic Pods send or receive.
     #  TrafficControl: false
@@ -4456,7 +4456,7 @@ data:
     #  AntreaIPAM: false
 
     # Enable managing external IPs of Services of LoadBalancer type.
-    #  ServiceExternalIP: false
+    #  ServiceExternalIP: true
 
     # Enable certificate-based authentication for IPSec tunnel.
     #  IPsecCertAuth: false
@@ -5419,7 +5419,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 4b9bbfbbda1ab405ade14e797ea88fbd6f3795bb6aae9df0496409d542799145
+        checksum/config: 23393366d3c95e779b7d3009fa7fa686ae6c3fc5458fa2f9844d1437d9e7489f
         checksum/ipsec-secret: d0eb9c52d0cd4311b6d252a951126bf9bea27ec05590bed8a394f0f792dcb2a4
       labels:
         app: antrea
@@ -5701,7 +5701,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 4b9bbfbbda1ab405ade14e797ea88fbd6f3795bb6aae9df0496409d542799145
+        checksum/config: 23393366d3c95e779b7d3009fa7fa686ae6c3fc5458fa2f9844d1437d9e7489f
       labels:
         app: antrea
         component: antrea-controller

diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml
@@ -4015,7 +4015,7 @@ data:
     #  SecondaryNetwork: false
 
     # Enable managing external IPs of Services of LoadBalancer type.
-    #  ServiceExternalIP: false
+    #  ServiceExternalIP: true
 
     # Enable mirroring or redirecting the traffic Pods send or receive.
     #  TrafficControl: false
@@ -4443,7 +4443,7 @@ data:
     #  AntreaIPAM: false
 
     # Enable managing external IPs of Services of LoadBalancer type.
-    #  ServiceExternalIP: false
+    #  ServiceExternalIP: true
 
     # Enable certificate-based authentication for IPSec tunnel.
     #  IPsecCertAuth: false
@@ -5406,7 +5406,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: e4e94ba89524d8fdc7eb3ad6e0f6948767f3d92ef767f17c47da348f08b5c2e0
+        checksum/config: fa14018895e56003a3e9192d0fa164cc40e204091f630edc7e9e74de5b450da7
       labels:
         app: antrea
         component: antrea-agent
@@ -5642,7 +5642,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: e4e94ba89524d8fdc7eb3ad6e0f6948767f3d92ef767f17c47da348f08b5c2e0
+        checksum/config: fa14018895e56003a3e9192d0fa164cc40e204091f630edc7e9e74de5b450da7
       labels:
         app: antrea
         component: antrea-controller

diff --git a/docs/feature-gates.md b/docs/feature-gates.md
@@ -48,7 +48,7 @@ edit the Agent configuration in the
 | `AntreaIPAM`                  | Agent + Controller | `false` | Alpha | v1.4          | N/A          | N/A        | Yes                |                                               |
 | `Multicast`                   | Agent + Controller | `true`  | Beta  | v1.5          | v1.12        | N/A        | Yes                |                                               |
 | `SecondaryNetwork`            | Agent              | `false` | Alpha | v1.5          | N/A          | N/A        | Yes                |                                               |
-| `ServiceExternalIP`           | Agent + Controller | `false` | Alpha | v1.5          | N/A          | N/A        | Yes                |                                               |
+| `ServiceExternalIP`           | Agent + Controller | `false` | Beta  | v1.5          | v2.3         | N/A        | Yes                |                                               |
 | `TrafficControl`              | Agent              | `false` | Alpha | v1.7          | N/A          | N/A        | No                 |                                               |
 | `Multicluster`                | Agent + Controller | `false` | Alpha | v1.7          | N/A          | N/A        | Yes                | Controller side feature gate added in v1.10.0 |
 | `IPsecCertAuth`               | Agent + Controller | `false` | Alpha | v1.7          | N/A          | N/A        | No                 |                                               |

diff --git a/docs/service-loadbalancer.md b/docs/service-loadbalancer.md
@@ -63,9 +63,9 @@ no extra configuration change is needed.
 
 #### Enable Service external IP management feature
 
-At this moment, external IP management for Services is an alpha feature of
-Antrea. The `ServiceExternalIP` feature gate of `antrea-agent` and
-`antrea-controller` must be enabled for the feature to work. You can enable
+The `ServiceExternalIP` feature is enabled by default since Antrea 2.3. If you are
+using previous versions, the `ServiceExternalIP` feature gate of `antrea-agent`
+and `antrea-controller` must be enabled for the feature to work. You can enable
 the `ServiceExternalIP` feature gate in the `antrea-config` ConfigMap in
 the Antrea deployment YAML:
 
@@ -311,7 +311,7 @@ MetalLB.
 As MetalLB will allocate external IPs for all Services of type LoadBalancer,
 once it is running, the Service external IP management feature of Antrea should
 not be enabled to avoid conflicts with MetalLB. You can deploy Antrea with the
-default configuration (in which the `ServiceExternalIP` feature gate of
+ServiceExternalIP feature disabled (in which the `ServiceExternalIP` feature gate of
 `antrea-agent` is set to `false`). MetalLB can work with both Antrea Proxy and
 `kube-proxy` configurations of `antrea-agent`.
 

diff --git a/pkg/apiserver/handlers/featuregates/handler_test.go b/pkg/apiserver/handlers/featuregates/handler_test.go
@@ -36,6 +36,7 @@ var (
 	egressStatus                      string
 	multicastStatus                   string
 	cleanupStaleUDPSvcConntrackStatus string
+	serviceExternalIPStatus           string
 )
 
 func Test_getGatesResponse(t *testing.T) {
@@ -75,7 +76,7 @@ func Test_getGatesResponse(t *testing.T) {
 				{Component: "agent", Name: "NodePortLocal", Status: "Enabled", Version: "GA"},
 				{Component: "agent", Name: "PacketCapture", Status: "Disabled", Version: "ALPHA"},
 				{Component: "agent", Name: "SecondaryNetwork", Status: "Disabled", Version: "ALPHA"},
-				{Component: "agent", Name: "ServiceExternalIP", Status: "Disabled", Version: "ALPHA"},
+				{Component: "agent", Name: "ServiceExternalIP", Status: serviceExternalIPStatus, Version: "BETA"},
 				{Component: "agent", Name: "ServiceTrafficDistribution", Status: "Enabled", Version: "BETA"},
 				{Component: "agent", Name: "SupportBundleCollection", Status: "Disabled", Version: "ALPHA"},
 				{Component: "agent", Name: "TopologyAwareHints", Status: "Enabled", Version: "BETA"},
@@ -207,7 +208,7 @@ func Test_getControllerGatesResponse(t *testing.T) {
 				{Component: "controller", Name: "Multicluster", Status: "Disabled", Version: "ALPHA"},
 				{Component: "controller", Name: "NetworkPolicyStats", Status: "Enabled", Version: "BETA"},
 				{Component: "controller", Name: "NodeIPAM", Status: "Enabled", Version: "BETA"},
-				{Component: "controller", Name: "ServiceExternalIP", Status: "Disabled", Version: "ALPHA"},
+				{Component: "controller", Name: "ServiceExternalIP", Status: "Enabled", Version: "BETA"},
 				{Component: "controller", Name: "SupportBundleCollection", Status: "Disabled", Version: "ALPHA"},
 				{Component: "controller", Name: "Traceflow", Status: "Enabled", Version: "BETA"},
 			},
@@ -225,9 +226,11 @@ func init() {
 	egressStatus = "Enabled"
 	multicastStatus = "Enabled"
 	cleanupStaleUDPSvcConntrackStatus = "Enabled"
+	serviceExternalIPStatus = "Enabled"
 	if runtime.IsWindowsPlatform() {
 		egressStatus = "Disabled"
 		multicastStatus = "Disabled"
 		cleanupStaleUDPSvcConntrackStatus = "Disabled"
+		serviceExternalIPStatus = "Disabled"
 	}
 }
diff --git a/pkg/features/antrea_features.go b/pkg/features/antrea_features.go
@@ -120,6 +120,7 @@ const (
 	SecondaryNetwork featuregate.Feature = "SecondaryNetwork"
 
 	// alpha: v1.5
+	// beta: v2.3
 	// Enable controlling Services with ExternalIP.
 	ServiceExternalIP featuregate.Feature = "ServiceExternalIP"
 
@@ -209,7 +210,7 @@ var (
 		Multicast:                   {Default: true, PreRelease: featuregate.Beta},
 		Multicluster:                {Default: false, PreRelease: featuregate.Alpha},
 		SecondaryNetwork:            {Default: false, PreRelease: featuregate.Alpha},
-		ServiceExternalIP:           {Default: false, PreRelease: featuregate.Alpha},
+		ServiceExternalIP:           {Default: true, PreRelease: featuregate.Beta},
 		TrafficControl:              {Default: false, PreRelease: featuregate.Alpha},
 		IPsecCertAuth:               {Default: false, PreRelease: featuregate.Alpha},
 		ExternalNode:                {Default: false, PreRelease: featuregate.Alpha},