Promote feature gate NodePortLocal to GA #5491
Conversation
luolanzone
added
the
action/release-note
|
@luolanzone was there consensus to promote this FeatureGate to GA? I can't find a reference to it in the meeting minutes: https://github.com/antrea-io/antrea/wiki/Community-Meetings#august-14-2023 |
|
@antoninbas it's not tracked by the community meeting. I found this feature might be able to promoted to GA after the community meeting ,so I started a slack thread to discuss it, and the team discussed this in a weekly sync meeting. You probably missed the sync meeting? |
|
@hjiajing please help to resolve the code conflicts. |
|
@luolanzone Thanks for the reminder, rebased. |
|
@hjiajing please check the unit test failure, not sure if it's related with a fix here https://github.com/antrea-io/antrea/pull/5401/files#diff-81ab3cbfb811ae739c26bb47a543eace8d915f2d518aa9d711d89ae47f54f30eR162-R167. |
hjiajing
force-pushed
the
npl
branch
2 times, most recently
from
fa1a8ea to
e2c9bc4
Compare
|
/test-e2e |
There was a problem hiding this comment.
This PR should be updated to match #5401
#5401 has gone through several rounds of reviews, and while it is not finalized yet (see #5401 (comment)), we seem to have reach consensus on the approach. In particular, FeatureGate validation and deprecation warning should probably go into cmd/antrea-agent/options.go, for consistency.
cmd/antrea-agent/agent.go
Outdated
| enableNodePortLocal := o.config.NodePortLocal.Enable | ||
| if !features.DefaultFeatureGate.Enabled(features.NodePortLocal) { | ||
| enableNodePortLocal = false | ||
| klog.InfoS("Feature gate `enableNodePortLocal` is deprecated, please use option `nodePortLocal.enable` to disable NodePortLocal") |
There was a problem hiding this comment.
The name of the FeatureGate is NodePortLocal, not enableNodePortLocal
There was a problem hiding this comment.
Move the feature check block to cmd/antrea-agent/options.go now. A new function validateNodePortLocalConfg is added to check the NodePortLocal configuration.
hjiajing
force-pushed
the
npl
branch
2 times, most recently
from
147e45a to
e3296cd
Compare
|
/test-e2e |
| @@ -738,3 +730,19 @@ func (o *Options) validateSecondaryNetworkConfig() error { | |||
|
|
|||
| return nil | |||
| } | |||
|
|
|||
| func (o *Options) valdateNodePortLocalConfig() error { | |||
| if !features.DefaultFeatureGate.Enabled(features.NodePortLocal) { | |||
There was a problem hiding this comment.
I think you should define o.enableNodePortLocal = *o.config.NodePortLocal.Enable && features.DefaultFeatureGate.Enabled(features.NodePortLocal), instead of mutating o.config.NodePortLocal.Enable. See #5401
There was a problem hiding this comment.
Done, Add a new variable o.enableNodePortLocal
| @@ -5691,8 +5691,7 @@ data: | |||
|
|
|||
| nodePortLocal: | |||
| # Enable NodePortLocal, a feature used to make Pods reachable using port forwarding on the host. To | |||
| # enable this feature, you need to set "enable" to true, and ensure that the NodePortLocal feature | |||
| # gate is also enabled (which is the default). | |||
| # enable this feature, you need to set "enable" to true. | |||
There was a problem hiding this comment.
Since it's GA now, I think the default should be true? @tnqn @antoninbas
There was a problem hiding this comment.
Change the default value to true now.
There was a problem hiding this comment.
Not really, we introduced the toggle intentionally to avoid unnecessary overhead added by the module as NPL would only be useful when users are using particular external LoadBalancers, which doesn't seem the majority case. Otherwise the feature gate alone can achieve what we need.
I took a look at the current code, even though the allocation of the node port is only triggered by the existence of the annotation, the code still needs to do some jobs to figure out the expectation first, which indicates some costs. And there could be some confusing logs generated as far as I can tell, for example, the following will be logged unconditionally as long as a Pod is added/updated even though there is no Service selecting it.
klog.V(2).Infof("Pod %s is selected by a Service for which NodePortLocal is enabled", key)
At the moment, I still prefer to keep it disabled by default and let users enable it on demand. If one day the feature becomes more common or its execution cost (when user doesn't annoate any Service) is proved to be trival, it will make sense to me to enable it by default.
There was a problem hiding this comment.
Thanks for @tnqn 's comments. I set the default value to false now.
hjiajing
force-pushed
the
npl
branch
2 times, most recently
from
b5d1326 to
9420f6e
Compare
cmd/antrea-agent/options.go
Outdated
| @@ -93,6 +93,10 @@ type Options struct { | |||
| // enableEgress represents whether Egress should run or not, calculated from its feature gate configuration and | |||
| // whether the traffic mode supports it. | |||
| enableEgress bool | |||
| // enableNodePortLocal indicates whether NodePortLocal should be enabled or not, based on feature gate NodePortLocal | |||
| // and options NodePortLocal.Enable. This used to maintain compatibility with the NodePortLocal feature gate, which | |||
There was a problem hiding this comment.
| // and options NodePortLocal.Enable. This used to maintain compatibility with the NodePortLocal feature gate, which | |
| // and options NodePortLocal.Enable. This is used to maintain compatibility with the NodePortLocal feature gate, which |
There was a problem hiding this comment.
Added "is" after "This".
docs/node-port-local.md
Outdated
| @@ -31,6 +31,8 @@ NodePortLocal was introduced in v0.13 as an alpha feature, and was graduated to | |||
| beta in v1.4, at which time it was enabled by default. Prior to v1.4, a feature | |||
| gate, `NodePortLocal`, must be enabled on the antrea-agent for the feature to | |||
| work. Starting from Antrea v1.7, NPL is supported on the Windows antrea-agent. | |||
| From Antrea v1.14, NPL is GA. To enable this feature, you need to ensure that the | |||
| `nodePortLocal.enable` flag is set to true in Antrea Agent configuration. | |||
There was a problem hiding this comment.
It seems duplicate with the following section. It has mentioned nodePortLocal.enable, perhaps just say it's GA here?
There was a problem hiding this comment.
Agree, removed the "To enable this" sentence.
Reminder, the PR is not mergable even it's approved. |
hjiajing
force-pushed
the
npl
branch
2 times, most recently
from
9d001ec to
c161e1c
Compare
Thanks for the reminder, conflicts resolved. |
|
/test-all |
|
@hjiajing the change is causing unit test failures, PTAL |
Signed-off-by: hujiajing <hjiajing@vmware.com>
@antoninbas Thanks for the reminder, resovled. |
|
/test-all |
No description provided.