Merge pull request #1439 from stlaz/deads2k_featuresets_412

openshift-merge-robot · web-flow · commit e840002d36b0 · 2023-02-28T14:48:43.000+01:00
[4.12] OCPBUGS-6789: make the bootstrap kube-apiserver honor cluster-wide featuregates
diff --git a/bindata/bootkube/config/bootstrap-config-overrides.yaml b/bindata/bootkube/config/bootstrap-config-overrides.yaml
@@ -49,15 +49,8 @@ apiServerArguments:
     - /etc/kubernetes/secrets/etcd-client.key
   etcd-servers: {{range .EtcdServerURLs}}
     - {{.}}{{end}}
-  feature-gates:
-    - "APIPriorityAndFairness=true"
-    - "RotateKubeletServerCertificate=true"
-    - "DownwardAPIHugePages=true"
-    - "CSIMigrationAzureFile=false"
-    - "CSIMigrationvSphere=false"
-{{- if .ServiceCIDR | len | eq 2}}
-    - "IPv6DualStack=true"
-{{- end}}
+  feature-gates: {{range .FeatureGates}}
+    - {{.}}{{end}}
   kubelet-certificate-authority:
     - /etc/kubernetes/secrets/kubelet-client-ca-bundle.crt # this is wired to the KCM CSR, which signs serving and client certs for kubelet
   kubelet-client-certificate:
diff --git a/pkg/cmd/render/render.go b/pkg/cmd/render/render.go
@@ -145,6 +145,9 @@ type TemplateData struct {
 	// ClusterCIDR is the IP range for pod IPs.
 	ClusterCIDR []string
 
+	// FeatureGates is list of featuregates to apply
+	FeatureGates []string
+
 	// ServiceClusterIPRange is the IP range for service IPs.
 	ServiceCIDR []string
 
@@ -174,6 +177,9 @@ func (r *renderOpts) Run() error {
 		TerminationGracePeriodSeconds: 135, // bit more than 70s (minimal termination period) + 60s (apiserver graceful termination)
 		ShutdownDelayDuration:         "",  // do not override
 	}
+	if err := setFeatureGates(&renderConfig, r); err != nil {
+		return err
+	}
 	if len(r.clusterConfigFile) > 0 {
 		clusterConfigFileData, err := ioutil.ReadFile(r.clusterConfigFile)
 		if err != nil {
@@ -461,6 +467,22 @@ func discoverCIDRsFromClusterAPI(clusterConfigFileData []byte, renderConfig *Tem
 	return nil
 }
 
+func setFeatureGates(renderConfig *TemplateData, opts *renderOpts) error {
+	featureSet, ok := configv1.FeatureSets[configv1.FeatureSet(opts.generic.FeatureSet)]
+	if !ok {
+		return fmt.Errorf("featureSet %q not found", featureSet)
+	}
+	allGates := []string{}
+	for _, enabled := range featureSet.Enabled {
+		allGates = append(allGates, fmt.Sprintf("%v=true", enabled))
+	}
+	for _, disabled := range featureSet.Disabled {
+		allGates = append(allGates, fmt.Sprintf("%v=false", disabled))
+	}
+	renderConfig.FeatureGates = allGates
+	return nil
+}
+
 func validateBoundSATokensSigningKeys(assetsDir string) error {
 	boundSAPublicPath := filepath.Join(assetsDir, "bound-service-account-signing-key.pub")
 	boundSAPrivatePath := filepath.Join(assetsDir, "bound-service-account-signing-key.key")
