Promote ServiceExternalIP to Beta (#6903)

Fixe #6743

Signed-off-by: Xu Liu <[email protected]>

Author: xliuxu

build/charts/antrea/conf/antrea-agent.conf

@@ -66,7 +66,7 @@ featureGates:
 {{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "SecondaryNetwork" "default" false) }}
 
 # Enable managing external IPs of Services of LoadBalancer type.
-{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "ServiceExternalIP" "default" false) }}
+{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "ServiceExternalIP" "default" true) }}
 
 # Enable mirroring or redirecting the traffic Pods send or receive.
 {{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "TrafficControl" "default" false) }}

build/charts/antrea/conf/antrea-controller.conf

@@ -32,7 +32,7 @@ featureGates:
 {{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "AntreaIPAM" "default" false) }}
 
 # Enable managing external IPs of Services of LoadBalancer type.
-{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "ServiceExternalIP" "default" false) }}
+{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "ServiceExternalIP" "default" true) }}
 
 # Enable certificate-based authentication for IPSec tunnel.
 {{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "IPsecCertAuth" "default" false) }}

build/yamls/antrea-aks.yml

@@ -4047,7 +4047,7 @@ data:
     #  SecondaryNetwork: false
 
     # Enable managing external IPs of Services of LoadBalancer type.
-    #  ServiceExternalIP: false
+    #  ServiceExternalIP: true
 
     # Enable mirroring or redirecting the traffic Pods send or receive.
     #  TrafficControl: false
@@ -4480,7 +4480,7 @@ data:
     #  AntreaIPAM: false
 
     # Enable managing external IPs of Services of LoadBalancer type.
-    #  ServiceExternalIP: false
+    #  ServiceExternalIP: true
 
     # Enable certificate-based authentication for IPSec tunnel.
     #  IPsecCertAuth: false
@@ -5443,7 +5443,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: e9ed628a60f731498979612c9d28080dc89b4f54b1dcbb5e86fce29df7c482f1
+        checksum/config: 370890f19fdae1e870e0cf1d5e4c5227fb343efb9538535a0c65f7b7f6a054f5
       labels:
         app: antrea
         component: antrea-agent
@@ -5687,7 +5687,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: e9ed628a60f731498979612c9d28080dc89b4f54b1dcbb5e86fce29df7c482f1
+        checksum/config: 370890f19fdae1e870e0cf1d5e4c5227fb343efb9538535a0c65f7b7f6a054f5
       labels:
         app: antrea
         component: antrea-controller

build/yamls/antrea-eks.yml

@@ -4047,7 +4047,7 @@ data:
     #  SecondaryNetwork: false
 
     # Enable managing external IPs of Services of LoadBalancer type.
-    #  ServiceExternalIP: false
+    #  ServiceExternalIP: true
 
     # Enable mirroring or redirecting the traffic Pods send or receive.
     #  TrafficControl: false
@@ -4480,7 +4480,7 @@ data:
     #  AntreaIPAM: false
 
     # Enable managing external IPs of Services of LoadBalancer type.
-    #  ServiceExternalIP: false
+    #  ServiceExternalIP: true
 
     # Enable certificate-based authentication for IPSec tunnel.
     #  IPsecCertAuth: false
@@ -5443,7 +5443,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: e9ed628a60f731498979612c9d28080dc89b4f54b1dcbb5e86fce29df7c482f1
+        checksum/config: 370890f19fdae1e870e0cf1d5e4c5227fb343efb9538535a0c65f7b7f6a054f5
       labels:
         app: antrea
         component: antrea-agent
@@ -5688,7 +5688,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: e9ed628a60f731498979612c9d28080dc89b4f54b1dcbb5e86fce29df7c482f1
+        checksum/config: 370890f19fdae1e870e0cf1d5e4c5227fb343efb9538535a0c65f7b7f6a054f5
       labels:
         app: antrea
         component: antrea-controller

build/yamls/antrea-gke.yml

@@ -4047,7 +4047,7 @@ data:
     #  SecondaryNetwork: false
 
     # Enable managing external IPs of Services of LoadBalancer type.
-    #  ServiceExternalIP: false
+    #  ServiceExternalIP: true
 
     # Enable mirroring or redirecting the traffic Pods send or receive.
     #  TrafficControl: false
@@ -4480,7 +4480,7 @@ data:
     #  AntreaIPAM: false
 
     # Enable managing external IPs of Services of LoadBalancer type.
-    #  ServiceExternalIP: false
+    #  ServiceExternalIP: true
 
     # Enable certificate-based authentication for IPSec tunnel.
     #  IPsecCertAuth: false
@@ -5443,7 +5443,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: adf1e0f238974d7f83bd321a403f1613ae7e695f06b5366cee645a39141872db
+        checksum/config: 107cf72235dd1aabce91dd716bc3bd62a4b6500ef9d7ed309071a78e68b1ede1
       labels:
         app: antrea
         component: antrea-agent
@@ -5685,7 +5685,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: adf1e0f238974d7f83bd321a403f1613ae7e695f06b5366cee645a39141872db
+        checksum/config: 107cf72235dd1aabce91dd716bc3bd62a4b6500ef9d7ed309071a78e68b1ede1
       labels:
         app: antrea
         component: antrea-controller

build/yamls/antrea-ipsec.yml

@@ -4060,7 +4060,7 @@ data:
     #  SecondaryNetwork: false
 
     # Enable managing external IPs of Services of LoadBalancer type.
-    #  ServiceExternalIP: false
+    #  ServiceExternalIP: true
 
     # Enable mirroring or redirecting the traffic Pods send or receive.
     #  TrafficControl: false
@@ -4493,7 +4493,7 @@ data:
     #  AntreaIPAM: false
 
     # Enable managing external IPs of Services of LoadBalancer type.
-    #  ServiceExternalIP: false
+    #  ServiceExternalIP: true
 
     # Enable certificate-based authentication for IPSec tunnel.
     #  IPsecCertAuth: false
@@ -5456,7 +5456,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 9b14e08a59181e975a2326f4ef4a7c55a1640027bda93ad0ee09fe2ef18b7491
+        checksum/config: e40f0f3f4e412b4463e40c1062c1e10e6c66f471d31748e253262499103cb39f
         checksum/ipsec-secret: d0eb9c52d0cd4311b6d252a951126bf9bea27ec05590bed8a394f0f792dcb2a4
       labels:
         app: antrea
@@ -5744,7 +5744,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 9b14e08a59181e975a2326f4ef4a7c55a1640027bda93ad0ee09fe2ef18b7491
+        checksum/config: e40f0f3f4e412b4463e40c1062c1e10e6c66f471d31748e253262499103cb39f
       labels:
         app: antrea
         component: antrea-controller

build/yamls/antrea.yml

@@ -4047,7 +4047,7 @@ data:
     #  SecondaryNetwork: false
 
     # Enable managing external IPs of Services of LoadBalancer type.
-    #  ServiceExternalIP: false
+    #  ServiceExternalIP: true
 
     # Enable mirroring or redirecting the traffic Pods send or receive.
     #  TrafficControl: false
@@ -4480,7 +4480,7 @@ data:
     #  AntreaIPAM: false
 
     # Enable managing external IPs of Services of LoadBalancer type.
-    #  ServiceExternalIP: false
+    #  ServiceExternalIP: true
 
     # Enable certificate-based authentication for IPSec tunnel.
     #  IPsecCertAuth: false
@@ -5443,7 +5443,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: afc566f7a719f6dd3ff30e3b495df2e4f5991e5a8d0696f891dc9c77ce795e2f
+        checksum/config: 3e4001d4c859dc8db92b7889b13c97a682dd8771ef7cfdf3d04ab70f2cf18879
       labels:
         app: antrea
         component: antrea-agent
@@ -5685,7 +5685,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: afc566f7a719f6dd3ff30e3b495df2e4f5991e5a8d0696f891dc9c77ce795e2f
+        checksum/config: 3e4001d4c859dc8db92b7889b13c97a682dd8771ef7cfdf3d04ab70f2cf18879
       labels:
         app: antrea
         component: antrea-controller

docs/feature-gates.md

@@ -48,7 +48,7 @@ edit the Agent configuration in the
 | `AntreaIPAM`                  | Agent + Controller | `false` | Alpha | v1.4          | N/A          | N/A        | Yes                |                                               |
 | `Multicast`                   | Agent + Controller | `true`  | Beta  | v1.5          | v1.12        | N/A        | Yes                |                                               |
 | `SecondaryNetwork`            | Agent              | `false` | Alpha | v1.5          | N/A          | N/A        | Yes                |                                               |
-| `ServiceExternalIP`           | Agent + Controller | `false` | Alpha | v1.5          | N/A          | N/A        | Yes                |                                               |
+| `ServiceExternalIP`           | Agent + Controller | `false` | Beta  | v1.5          | v2.3         | N/A        | Yes                |                                               |
 | `TrafficControl`              | Agent              | `false` | Alpha | v1.7          | N/A          | N/A        | No                 |                                               |
 | `Multicluster`                | Agent + Controller | `false` | Alpha | v1.7          | N/A          | N/A        | Yes                | Controller side feature gate added in v1.10.0 |
 | `IPsecCertAuth`               | Agent + Controller | `false` | Alpha | v1.7          | N/A          | N/A        | No                 |                                               |

docs/service-loadbalancer.md

@@ -63,9 +63,9 @@ no extra configuration change is needed.
 
 #### Enable Service external IP management feature
 
-At this moment, external IP management for Services is an alpha feature of
-Antrea. The `ServiceExternalIP` feature gate of `antrea-agent` and
-`antrea-controller` must be enabled for the feature to work. You can enable
+The `ServiceExternalIP` feature is enabled by default since Antrea 2.3. If you are
+using an earlier version, the `ServiceExternalIP` feature gate of `antrea-agent`
+and `antrea-controller` must be enabled for the feature to work. You can enable
 the `ServiceExternalIP` feature gate in the `antrea-config` ConfigMap in
 the Antrea deployment YAML:
 
@@ -292,6 +292,9 @@ LoadBalancer, and it sets the allocated IP to the `loadBalancer.ingress` field
 in the Service resource `status`. MetalLB also supports user specified `loadBalancerIP`
 in the Service spec. For more information, please refer to the [MetalLB usage](https://metallb.universe.tf/usage).
 
+To avoid conflicts, make sure not to use the `service.antrea.io/external-ip-pool`
+annotation (Antrea ServiceExternalIP feature) when using MetallLB to allocate LoadBalancer IPs.
+
 To learn more about MetalLB concepts and functionalities, you can read the
 [MetalLB concepts](https://metallb.universe.tf/concepts).
 
@@ -306,14 +309,8 @@ kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.11/conf
 The commands will deploy MetalLB version 0.13.11 into Namespace
 `metallb-system`. You can also refer to this [MetalLB installation
 guide](https://metallb.universe.tf/installation) for other ways of installing
-MetalLB.
-
-As MetalLB will allocate external IPs for all Services of type LoadBalancer,
-once it is running, the Service external IP management feature of Antrea should
-not be enabled to avoid conflicts with MetalLB. You can deploy Antrea with the
-default configuration (in which the `ServiceExternalIP` feature gate of
-`antrea-agent` is set to `false`). MetalLB can work with both Antrea Proxy and
-`kube-proxy` configurations of `antrea-agent`.
+MetalLB. MetalLB can work with both Antrea Proxy and `kube-proxy`
+configurations of `antrea-agent`.
 
 ### Configure MetalLB with layer 2 mode
 

pkg/apiserver/handlers/featuregates/handler_test.go

@@ -36,6 +36,7 @@ var (
 	egressStatus                      string
 	multicastStatus                   string
 	cleanupStaleUDPSvcConntrackStatus string
+	serviceExternalIPStatus           string
 )
 
 func Test_getGatesResponse(t *testing.T) {
@@ -75,7 +76,7 @@ func Test_getGatesResponse(t *testing.T) {
 				{Component: "agent", Name: "NodePortLocal", Status: "Enabled", Version: "GA"},
 				{Component: "agent", Name: "PacketCapture", Status: "Disabled", Version: "ALPHA"},
 				{Component: "agent", Name: "SecondaryNetwork", Status: "Disabled", Version: "ALPHA"},
-				{Component: "agent", Name: "ServiceExternalIP", Status: "Disabled", Version: "ALPHA"},
+				{Component: "agent", Name: "ServiceExternalIP", Status: serviceExternalIPStatus, Version: "BETA"},
 				{Component: "agent", Name: "ServiceTrafficDistribution", Status: "Enabled", Version: "BETA"},
 				{Component: "agent", Name: "SupportBundleCollection", Status: "Disabled", Version: "ALPHA"},
 				{Component: "agent", Name: "TopologyAwareHints", Status: "Enabled", Version: "BETA"},
@@ -207,7 +208,7 @@ func Test_getControllerGatesResponse(t *testing.T) {
 				{Component: "controller", Name: "Multicluster", Status: "Disabled", Version: "ALPHA"},
 				{Component: "controller", Name: "NetworkPolicyStats", Status: "Enabled", Version: "BETA"},
 				{Component: "controller", Name: "NodeIPAM", Status: "Enabled", Version: "BETA"},
-				{Component: "controller", Name: "ServiceExternalIP", Status: "Disabled", Version: "ALPHA"},
+				{Component: "controller", Name: "ServiceExternalIP", Status: serviceExternalIPStatus, Version: "BETA"},
 				{Component: "controller", Name: "SupportBundleCollection", Status: "Disabled", Version: "ALPHA"},
 				{Component: "controller", Name: "Traceflow", Status: "Enabled", Version: "BETA"},
 			},
@@ -225,9 +226,11 @@ func init() {
 	egressStatus = "Enabled"
 	multicastStatus = "Enabled"
 	cleanupStaleUDPSvcConntrackStatus = "Enabled"
+	serviceExternalIPStatus = "Enabled"
 	if runtime.IsWindowsPlatform() {
 		egressStatus = "Disabled"
 		multicastStatus = "Disabled"
 		cleanupStaleUDPSvcConntrackStatus = "Disabled"
+		serviceExternalIPStatus = "Disabled"
 	}
 }

pkg/features/antrea_features.go

@@ -120,6 +120,7 @@ const (
 	SecondaryNetwork featuregate.Feature = "SecondaryNetwork"
 
 	// alpha: v1.5
+	// beta: v2.3
 	// Enable controlling Services with ExternalIP.
 	ServiceExternalIP featuregate.Feature = "ServiceExternalIP"
 
@@ -209,7 +210,7 @@ var (
 		Multicast:                   {Default: true, PreRelease: featuregate.Beta},
 		Multicluster:                {Default: false, PreRelease: featuregate.Alpha},
 		SecondaryNetwork:            {Default: false, PreRelease: featuregate.Alpha},
-		ServiceExternalIP:           {Default: false, PreRelease: featuregate.Alpha},
+		ServiceExternalIP:           {Default: true, PreRelease: featuregate.Beta},
 		TrafficControl:              {Default: false, PreRelease: featuregate.Alpha},
 		IPsecCertAuth:               {Default: false, PreRelease: featuregate.Alpha},
 		ExternalNode:                {Default: false, PreRelease: featuregate.Alpha},