Remove feature gates AntreaProxy and NodePortLocal from chart / standard manifests (#7505)

Signed-off-by: Hongliang Liu <[email protected]>

Author: hongliangl

build/charts/antrea-windows/conf/antrea-agent.conf

@@ -1,14 +1,5 @@
 # FeatureGates is a map of feature names to bools that enable or disable experimental features.
 featureGates:
-# Enable antrea proxy which provides ServiceLB for in-cluster services in antrea agent.
-# It should be enabled on Windows, otherwise NetworkPolicy will not take effect on
-# Service traffic. Note that this feature gate is deprecated since this feature was
-# promoted to GA in v1.14.
-#  AntreaProxy: true
-
-# Enable NodePortLocal feature to make the Pods reachable externally through NodePort
-#  NodePortLocal: true
-
 # Enable flowexporter which exports polled conntrack connections as IPFIX flow records from each agent to a configured collector.
 #  FlowExporter: false
 

build/charts/antrea/conf/antrea-agent.conf

@@ -6,12 +6,6 @@ featureGates:
 # AllBeta is a global toggle for beta features. Per-feature key values override the default set by AllBeta.
 {{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "AllBeta" "default" false) }}
 
-# Enable AntreaProxy which provides ServiceLB for in-cluster Services in antrea-agent.
-# It should be enabled on Windows, otherwise NetworkPolicy will not take effect on
-# Service traffic. Note that this feature gate is deprecated since this feature was
-# promoted to GA in v1.14.
-{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "AntreaProxy" "default" true) }}
-
 # Enable support for cleaning up stale UDP Service conntrack connections in AntreaProxy. This requires AntreaProxy to
 # be enabled, otherwise this flag will not take effect.
 {{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "CleanupStaleUDPSvcConntrack" "default" true) }}
@@ -22,9 +16,6 @@ featureGates:
 # Enable PacketCapture feature which supports capturing packets to diagnose network issues.
 {{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "PacketCapture" "default" false) }}
 
-# Enable NodePortLocal feature to make the Pods reachable externally through NodePort
-{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "NodePortLocal" "default" true) }}
-
 # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins
 # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy
 # feature that supports priorities, rule actions and externalEntities in the future.

build/yamls/antrea-aks.yml

@@ -4031,12 +4031,6 @@ data:
     # AllBeta is a global toggle for beta features. Per-feature key values override the default set by AllBeta.
     #  AllBeta: false
 
-    # Enable AntreaProxy which provides ServiceLB for in-cluster Services in antrea-agent.
-    # It should be enabled on Windows, otherwise NetworkPolicy will not take effect on
-    # Service traffic. Note that this feature gate is deprecated since this feature was
-    # promoted to GA in v1.14.
-    #  AntreaProxy: true
-
     # Enable support for cleaning up stale UDP Service conntrack connections in AntreaProxy. This requires AntreaProxy to
     # be enabled, otherwise this flag will not take effect.
     #  CleanupStaleUDPSvcConntrack: true
@@ -4047,9 +4041,6 @@ data:
     # Enable PacketCapture feature which supports capturing packets to diagnose network issues.
     #  PacketCapture: false
 
-    # Enable NodePortLocal feature to make the Pods reachable externally through NodePort
-    #  NodePortLocal: true
-
     # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins
     # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy
     # feature that supports priorities, rule actions and externalEntities in the future.
@@ -5511,7 +5502,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 50238db8d64976fc383c4ed12d77846aa16d8b0cbd56f8ec70bba097942641d4
+        checksum/config: 90cbf17ac4db8d4a742e5855a60eed3f1999f820b6f9645b81e2f16c555b9f43
       labels:
         app: antrea
         component: antrea-agent
@@ -5759,7 +5750,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 50238db8d64976fc383c4ed12d77846aa16d8b0cbd56f8ec70bba097942641d4
+        checksum/config: 90cbf17ac4db8d4a742e5855a60eed3f1999f820b6f9645b81e2f16c555b9f43
       labels:
         app: antrea
         component: antrea-controller

build/yamls/antrea-eks.yml

@@ -4027,12 +4027,6 @@ data:
     # AllBeta is a global toggle for beta features. Per-feature key values override the default set by AllBeta.
     #  AllBeta: false
 
-    # Enable AntreaProxy which provides ServiceLB for in-cluster Services in antrea-agent.
-    # It should be enabled on Windows, otherwise NetworkPolicy will not take effect on
-    # Service traffic. Note that this feature gate is deprecated since this feature was
-    # promoted to GA in v1.14.
-    #  AntreaProxy: true
-
     # Enable support for cleaning up stale UDP Service conntrack connections in AntreaProxy. This requires AntreaProxy to
     # be enabled, otherwise this flag will not take effect.
     #  CleanupStaleUDPSvcConntrack: true
@@ -4043,9 +4037,6 @@ data:
     # Enable PacketCapture feature which supports capturing packets to diagnose network issues.
     #  PacketCapture: false
 
-    # Enable NodePortLocal feature to make the Pods reachable externally through NodePort
-    #  NodePortLocal: true
-
     # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins
     # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy
     # feature that supports priorities, rule actions and externalEntities in the future.
@@ -5507,7 +5498,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 50238db8d64976fc383c4ed12d77846aa16d8b0cbd56f8ec70bba097942641d4
+        checksum/config: 90cbf17ac4db8d4a742e5855a60eed3f1999f820b6f9645b81e2f16c555b9f43
       labels:
         app: antrea
         component: antrea-agent
@@ -5756,7 +5747,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 50238db8d64976fc383c4ed12d77846aa16d8b0cbd56f8ec70bba097942641d4
+        checksum/config: 90cbf17ac4db8d4a742e5855a60eed3f1999f820b6f9645b81e2f16c555b9f43
       labels:
         app: antrea
         component: antrea-controller

build/yamls/antrea-gke.yml

@@ -4027,12 +4027,6 @@ data:
     # AllBeta is a global toggle for beta features. Per-feature key values override the default set by AllBeta.
     #  AllBeta: false
 
-    # Enable AntreaProxy which provides ServiceLB for in-cluster Services in antrea-agent.
-    # It should be enabled on Windows, otherwise NetworkPolicy will not take effect on
-    # Service traffic. Note that this feature gate is deprecated since this feature was
-    # promoted to GA in v1.14.
-    #  AntreaProxy: true
-
     # Enable support for cleaning up stale UDP Service conntrack connections in AntreaProxy. This requires AntreaProxy to
     # be enabled, otherwise this flag will not take effect.
     #  CleanupStaleUDPSvcConntrack: true
@@ -4043,9 +4037,6 @@ data:
     # Enable PacketCapture feature which supports capturing packets to diagnose network issues.
     #  PacketCapture: false
 
-    # Enable NodePortLocal feature to make the Pods reachable externally through NodePort
-    #  NodePortLocal: true
-
     # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins
     # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy
     # feature that supports priorities, rule actions and externalEntities in the future.
@@ -5498,7 +5489,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: baf8ba7d5877b2dc0c9e0c6215026c8364d9ecdca686fc1aa8fd3a32982b7fb0
+        checksum/config: 0fc81a765939ed017c8de4544840a42979866447edb87d126498653f4dc5d8af
       labels:
         app: antrea
         component: antrea-agent
@@ -5744,7 +5735,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: baf8ba7d5877b2dc0c9e0c6215026c8364d9ecdca686fc1aa8fd3a32982b7fb0
+        checksum/config: 0fc81a765939ed017c8de4544840a42979866447edb87d126498653f4dc5d8af
       labels:
         app: antrea
         component: antrea-controller

build/yamls/antrea-ipsec.yml

@@ -4040,12 +4040,6 @@ data:
     # AllBeta is a global toggle for beta features. Per-feature key values override the default set by AllBeta.
     #  AllBeta: false
 
-    # Enable AntreaProxy which provides ServiceLB for in-cluster Services in antrea-agent.
-    # It should be enabled on Windows, otherwise NetworkPolicy will not take effect on
-    # Service traffic. Note that this feature gate is deprecated since this feature was
-    # promoted to GA in v1.14.
-    #  AntreaProxy: true
-
     # Enable support for cleaning up stale UDP Service conntrack connections in AntreaProxy. This requires AntreaProxy to
     # be enabled, otherwise this flag will not take effect.
     #  CleanupStaleUDPSvcConntrack: true
@@ -4056,9 +4050,6 @@ data:
     # Enable PacketCapture feature which supports capturing packets to diagnose network issues.
     #  PacketCapture: false
 
-    # Enable NodePortLocal feature to make the Pods reachable externally through NodePort
-    #  NodePortLocal: true
-
     # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins
     # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy
     # feature that supports priorities, rule actions and externalEntities in the future.
@@ -5511,7 +5502,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 2a32d839f33b5904610fe474c008497237db33594a1672de7657ce6306e11d6e
+        checksum/config: 40949a7f8417c0a9d329bd0a0b5dc369a7bfb4cadd949098c4fab489e6bc7618
         checksum/ipsec-secret: d0eb9c52d0cd4311b6d252a951126bf9bea27ec05590bed8a394f0f792dcb2a4
       labels:
         app: antrea
@@ -5803,7 +5794,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 2a32d839f33b5904610fe474c008497237db33594a1672de7657ce6306e11d6e
+        checksum/config: 40949a7f8417c0a9d329bd0a0b5dc369a7bfb4cadd949098c4fab489e6bc7618
       labels:
         app: antrea
         component: antrea-controller

build/yamls/antrea-windows-with-ovs.yml

@@ -131,15 +131,6 @@ data:
   antrea-agent.conf: |
     # FeatureGates is a map of feature names to bools that enable or disable experimental features.
     featureGates:
-    # Enable antrea proxy which provides ServiceLB for in-cluster services in antrea agent.
-    # It should be enabled on Windows, otherwise NetworkPolicy will not take effect on
-    # Service traffic. Note that this feature gate is deprecated since this feature was
-    # promoted to GA in v1.14.
-    #  AntreaProxy: true
-
-    # Enable NodePortLocal feature to make the Pods reachable externally through NodePort
-    #  NodePortLocal: true
-
     # Enable flowexporter which exports polled conntrack connections as IPFIX flow records from each agent to a configured collector.
     #  FlowExporter: false
 
@@ -275,7 +266,7 @@ spec:
     metadata:
       annotations:
         checksum/agent-windows: 4a8b62e6d8076e1792f4a0a880a806016eb6991994c7cc63ac71bcf5bb2f9432
-        checksum/windows-config: 985f1ad21792b310a890e71b57dc258d8a1f5241260989b814c3b93910607afd
+        checksum/windows-config: 8de6c7d02c73254e5a28d09aa0e3708cb7800b390222db422cac63a562146999
         microsoft.com/hostprocess-inherit-user: "true"
       labels:
         app: antrea

build/yamls/antrea-windows.yml

@@ -55,15 +55,6 @@ data:
   antrea-agent.conf: |
     # FeatureGates is a map of feature names to bools that enable or disable experimental features.
     featureGates:
-    # Enable antrea proxy which provides ServiceLB for in-cluster services in antrea agent.
-    # It should be enabled on Windows, otherwise NetworkPolicy will not take effect on
-    # Service traffic. Note that this feature gate is deprecated since this feature was
-    # promoted to GA in v1.14.
-    #  AntreaProxy: true
-
-    # Enable NodePortLocal feature to make the Pods reachable externally through NodePort
-    #  NodePortLocal: true
-
     # Enable flowexporter which exports polled conntrack connections as IPFIX flow records from each agent to a configured collector.
     #  FlowExporter: false
 
@@ -199,7 +190,7 @@ spec:
     metadata:
       annotations:
         checksum/agent-windows: 63f16e1fadb6b1354efda21c73702b4290400181136d4d47d4b1cd6a5f82d037
-        checksum/windows-config: 985f1ad21792b310a890e71b57dc258d8a1f5241260989b814c3b93910607afd
+        checksum/windows-config: 8de6c7d02c73254e5a28d09aa0e3708cb7800b390222db422cac63a562146999
         microsoft.com/hostprocess-inherit-user: "true"
       labels:
         app: antrea

build/yamls/antrea.yml

@@ -4027,12 +4027,6 @@ data:
     # AllBeta is a global toggle for beta features. Per-feature key values override the default set by AllBeta.
     #  AllBeta: false
 
-    # Enable AntreaProxy which provides ServiceLB for in-cluster Services in antrea-agent.
-    # It should be enabled on Windows, otherwise NetworkPolicy will not take effect on
-    # Service traffic. Note that this feature gate is deprecated since this feature was
-    # promoted to GA in v1.14.
-    #  AntreaProxy: true
-
     # Enable support for cleaning up stale UDP Service conntrack connections in AntreaProxy. This requires AntreaProxy to
     # be enabled, otherwise this flag will not take effect.
     #  CleanupStaleUDPSvcConntrack: true
@@ -4043,9 +4037,6 @@ data:
     # Enable PacketCapture feature which supports capturing packets to diagnose network issues.
     #  PacketCapture: false
 
-    # Enable NodePortLocal feature to make the Pods reachable externally through NodePort
-    #  NodePortLocal: true
-
     # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins
     # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy
     # feature that supports priorities, rule actions and externalEntities in the future.
@@ -5498,7 +5489,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 98ff130e6c9bba0de4a4c66211626612c01a1068201b6d8cbb6375d4fb35121c
+        checksum/config: eb620a4a201c48a6d049e95571c591466d3c88c714704e57fdcbf3a327e6d672
       labels:
         app: antrea
         component: antrea-agent
@@ -5744,7 +5735,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 98ff130e6c9bba0de4a4c66211626612c01a1068201b6d8cbb6375d4fb35121c
+        checksum/config: eb620a4a201c48a6d049e95571c591466d3c88c714704e57fdcbf3a327e6d672
       labels:
         app: antrea
         component: antrea-controller

docs/node-port-local.md

@@ -28,15 +28,13 @@ directly to backend Pods.
 ## Prerequisites
 
 NodePortLocal was introduced in v0.13 as an alpha feature, and was graduated to
-beta in v1.4, at which time it was enabled by default. Prior to v1.4, a feature
-gate, `NodePortLocal`, must be enabled on the antrea-agent for the feature to
-work. Starting from Antrea v1.7, NPL is supported on the Windows antrea-agent.
-From Antrea v1.14, NPL is GA.
+beta in v1.4, at which time it was enabled by default. Starting from Antrea v1.7,
+NPL is supported on the Windows antrea-agent. From Antrea v1.14, NPL is GA.
 
 ## Usage
 
-In addition to enabling the NodePortLocal feature gate (if needed), you need to
-ensure that the `nodePortLocal.enable` flag is set to true in the Antrea Agent
+To enable the NodePortLocal, you need to ensure that the `nodePortLocal.enable`
+flag is set to true in the Antrea Agent
 configuration. The `nodePortLocal.portRange` parameter can also be set to change
 the range from which Node ports will be allocated. Otherwise, the range
 of `61000-62000` will be used by default on Linux, and the range `40000-41000` will
@@ -51,9 +49,6 @@ metadata:
   namespace: kube-system
 data:
   antrea-agent.conf: |
-    featureGates:
-      # True by default starting with Antrea v1.4
-      # NodePortLocal: true
     nodePortLocal:
       enable: true
       # Uncomment if you need to change the port range.
@@ -104,7 +99,7 @@ spec:
         image: nginx
 ```
 
-If the NodePortLocal feature gate is enabled, then all the Pods in the
+If the `nodePortLocal.enable` flag is set to true, then all the Pods in the
 Deployment will be annotated with the `nodeportlocal.antrea.io` annotation. The
 value of this annotation is a serialized JSON array. In our example, a given Pod
 in the `nginx` Deployment may look like this: