Address comments

Signed-off-by: Lan Luo <luola@vmware.com>

multicluster/apis/multicluster/v1alpha1/multiclusterconfig_types.go

@@ -57,9 +57,6 @@ type MultiClusterConfig struct {
 	// ClusterSet and allow Antrea-native policies to select peers from other clusters
 	// in a ClusterSet.
 	EnableStretchedNetworkPolicy bool `json:"enableStretchedNetworkPolicy,omitempty"`
-	// Enable EndpointSlice to watch EndpointSlice changes only for exported Service, this is required
-	// when EndpointIPType is PodIP and CNI's EndpointSlice feature is enabled.
-	EnableEndpointSlice bool `json:"enableEndpointSlice,omitempty"`
 }
 
 func init() {

multicluster/build/yamls/antrea-multicluster-leader-namespaced.yml

@@ -327,7 +327,6 @@ data:
     gatewayIPPrecedence: "private"
     endpointIPType: "ClusterIP"
     enableStretchedNetworkPolicy: false
-    enableEndpointSlice: false
 kind: ConfigMap
 metadata:
   labels:
@@ -367,7 +366,7 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/config: bcadbc5c432be6653173ef54e7512b86aa52b5a4f911de3f9793843f3e0e26e7
+        checksum/config: 7eb0f1e65f7eb3e35b0739d6064b92b7621af0f4e41813c35bfdee71ceaefbe2
       labels:
         app: antrea
         component: antrea-mc-controller

multicluster/build/yamls/antrea-multicluster-member.yml

@@ -1062,7 +1062,6 @@ data:
     gatewayIPPrecedence: "private"
     endpointIPType: "ClusterIP"
     enableStretchedNetworkPolicy: false
-    enableEndpointSlice: false
 kind: ConfigMap
 metadata:
   labels:
@@ -1102,7 +1101,7 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/config: bcadbc5c432be6653173ef54e7512b86aa52b5a4f911de3f9793843f3e0e26e7
+        checksum/config: 7eb0f1e65f7eb3e35b0739d6064b92b7621af0f4e41813c35bfdee71ceaefbe2
       labels:
         app: antrea
         component: antrea-mc-controller

multicluster/cmd/multicluster-controller/controller.go

@@ -41,6 +41,7 @@ import (
 	antreacrd "antrea.io/antrea/pkg/apis/crd/v1alpha1"
 	"antrea.io/antrea/pkg/apiserver/certificate"
 	"antrea.io/antrea/pkg/util/env"
+	k8sutil "antrea.io/antrea/pkg/util/k8s"
 	// +kubebuilder:scaffold:imports
 )
 
@@ -143,6 +144,19 @@ func setupManagerAndCertController(o *Options) (manager.Manager, error) {
 		o.options.CertDir = certDir
 	}
 
+	// EndpointSlice is enabled in AntreaProxy by default since v1.11, so Antrea MC
+	// will use EndpointSlice API by default to keep consistent with AntreaProxy.
+	endpointSliceAPIAvailable, err := k8sutil.EndpointSliceAPIAvailable(client)
+	if err != nil {
+		return nil, fmt.Errorf("error checking if EndpointSlice v1 API is available")
+	}
+	if !endpointSliceAPIAvailable {
+		klog.InfoS("The EndpointSlice v1 API is not available, falling back to the Endpoints API")
+		o.EnableEndpointSlice = false
+	} else {
+		o.EnableEndpointSlice = true
+	}
+
 	mgr, err := ctrl.NewManager(k8sConfig, o.options)
 	if err != nil {
 		return nil, fmt.Errorf("error starting manager: %v", err)

multicluster/cmd/multicluster-controller/options.go

@@ -94,7 +94,6 @@ func (o *Options) complete(args []string) error {
 			o.EndpointIPType = ctrlConfig.EndpointIPType
 		}
 		o.EnableStretchedNetworkPolicy = ctrlConfig.EnableStretchedNetworkPolicy
-		o.EnableEndpointSlice = ctrlConfig.EnableEndpointSlice
 		klog.InfoS("Using config from file", "config", o.options)
 	} else {
 		klog.InfoS("Using default config", "config", o.options)

multicluster/config/default/configmap/controller_manager_config.yaml

@@ -14,4 +14,3 @@ podCIDRs:
 gatewayIPPrecedence: "private"
 endpointIPType: "ClusterIP"
 enableStretchedNetworkPolicy: false
-enableEndpointSlice: false

pkg/agent/proxy/proxier.go

@@ -27,7 +27,6 @@ import (
 	"antrea.io/ofnet/ofctrl"
 	corev1 "k8s.io/api/core/v1"
 	discovery "k8s.io/api/discovery/v1"
-	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
 	apimachinerytypes "k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/sets"
@@ -45,6 +44,7 @@ import (
 	"antrea.io/antrea/pkg/agent/route"
 	"antrea.io/antrea/pkg/features"
 	binding "antrea.io/antrea/pkg/ovs/openflow"
+	k8sutil "antrea.io/antrea/pkg/util/k8s"
 	k8sproxy "antrea.io/antrea/third_party/proxy"
 	"antrea.io/antrea/third_party/proxy/config"
 	"antrea.io/antrea/third_party/proxy/healthcheck"
@@ -1054,7 +1054,7 @@ func NewProxier(
 
 	endpointSliceEnabled := features.DefaultFeatureGate.Enabled(features.EndpointSlice)
 	if endpointSliceEnabled {
-		apiAvailable, err := endpointSliceAPIAvailable(k8sClient)
+		apiAvailable, err := k8sutil.EndpointSliceAPIAvailable(k8sClient)
 		if err != nil {
 			return nil, fmt.Errorf("error checking if EndpointSlice v1 API is available")
 		}
@@ -1121,23 +1121,6 @@ func NewProxier(
 	return p, nil
 }
 
-func endpointSliceAPIAvailable(k8sClient clientset.Interface) (bool, error) {
-	resources, err := k8sClient.Discovery().ServerResourcesForGroupVersion(discovery.SchemeGroupVersion.String())
-	if err != nil {
-		// The group version doesn't exist.
-		if errors.IsNotFound(err) {
-			return false, nil
-		}
-		return false, fmt.Errorf("error getting server resources for GroupVersion %s: %v", discovery.SchemeGroupVersion.String(), err)
-	}
-	for _, resource := range resources.APIResources {
-		if resource.Kind == "EndpointSlice" {
-			return true, nil
-		}
-	}
-	return false, nil
-}
-
 // metaProxierWrapper wraps metaProxier, and implements the extra methods added
 // in interface Proxier.
 type metaProxierWrapper struct {

pkg/agent/proxy/proxier_test.go

@@ -24,7 +24,6 @@ import (
 
 	"github.com/golang/mock/gomock"
 	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 	corev1 "k8s.io/api/core/v1"
 	discovery "k8s.io/api/discovery/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -2688,44 +2687,3 @@ func TestGetServiceFlowKeys(t *testing.T) {
 		})
 	}
 }
-
-func TestEndpointSliceAPIAvailable(t *testing.T) {
-	testCases := []struct {
-		name              string
-		resources         []*metav1.APIResourceList
-		expectedAvailable bool
-	}{
-		{
-			name:              "empty",
-			expectedAvailable: false,
-		},
-		{
-			name: "GroupVersion exists",
-			resources: []*metav1.APIResourceList{
-				{
-					GroupVersion: discovery.SchemeGroupVersion.String(),
-				},
-			},
-			expectedAvailable: false,
-		},
-		{
-			name: "API exists",
-			resources: []*metav1.APIResourceList{
-				{
-					GroupVersion: discovery.SchemeGroupVersion.String(),
-					APIResources: []metav1.APIResource{{Kind: "EndpointSlice"}},
-				},
-			},
-			expectedAvailable: true,
-		},
-	}
-	for _, tt := range testCases {
-		t.Run(tt.name, func(t *testing.T) {
-			k8sClient := fake.NewSimpleClientset()
-			k8sClient.Resources = tt.resources
-			available, err := endpointSliceAPIAvailable(k8sClient)
-			require.NoError(t, err)
-			assert.Equal(t, tt.expectedAvailable, available)
-		})
-	}
-}

pkg/util/k8s/client.go

@@ -15,8 +15,12 @@
 package k8s
 
 import (
+	"fmt"
+
 	netdefclient "github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/client/clientset/versioned/typed/k8s.cni.cncf.io/v1"
+	discovery "k8s.io/api/discovery/v1"
 	apiextensionclientset "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
+	"k8s.io/apimachinery/pkg/api/errors"
 	clientset "k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
@@ -108,3 +112,20 @@ func createRestConfig(config componentbaseconfig.ClientConnectionConfiguration,
 	return kubeConfig, nil
 
 }
+
+func EndpointSliceAPIAvailable(k8sClient clientset.Interface) (bool, error) {
+	resources, err := k8sClient.Discovery().ServerResourcesForGroupVersion(discovery.SchemeGroupVersion.String())
+	if err != nil {
+		// The group version doesn't exist.
+		if errors.IsNotFound(err) {
+			return false, nil
+		}
+		return false, fmt.Errorf("error getting server resources for GroupVersion %s: %v", discovery.SchemeGroupVersion.String(), err)
+	}
+	for _, resource := range resources.APIResources {
+		if resource.Kind == "EndpointSlice" {
+			return true, nil
+		}
+	}
+	return false, nil
+}

pkg/util/k8s/client_test.go

@@ -0,0 +1,66 @@
+// Copyright 2023 Antrea Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package k8s
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	discovery "k8s.io/api/discovery/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes/fake"
+)
+
+func TestEndpointSliceAPIAvailable(t *testing.T) {
+	testCases := []struct {
+		name              string
+		resources         []*metav1.APIResourceList
+		expectedAvailable bool
+	}{
+		{
+			name:              "empty",
+			expectedAvailable: false,
+		},
+		{
+			name: "GroupVersion exists",
+			resources: []*metav1.APIResourceList{
+				{
+					GroupVersion: discovery.SchemeGroupVersion.String(),
+				},
+			},
+			expectedAvailable: false,
+		},
+		{
+			name: "API exists",
+			resources: []*metav1.APIResourceList{
+				{
+					GroupVersion: discovery.SchemeGroupVersion.String(),
+					APIResources: []metav1.APIResource{{Kind: "EndpointSlice"}},
+				},
+			},
+			expectedAvailable: true,
+		},
+	}
+	for _, tt := range testCases {
+		t.Run(tt.name, func(t *testing.T) {
+			k8sClient := fake.NewSimpleClientset()
+			k8sClient.Resources = tt.resources
+			available, err := EndpointSliceAPIAvailable(k8sClient)
+			require.NoError(t, err)
+			assert.Equal(t, tt.expectedAvailable, available)
+		})
+	}
+}