1794376 – Remove feature gate IPv6DualStack from default since doesn't work

Bug 1794376 - Remove feature gate IPv6DualStack from default since doesn't work

Summary: Remove feature gate IPv6DualStack from default since doesn't work

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	kube-apiserver
Sub Component:
Version:	4.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	high
Target Milestone:	---
Target Release:	4.4.0
Assignee:	Clayton Coleman
QA Contact:	Ke Wang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-01-23 12:41 UTC by David Eads
Modified:	2020-05-04 11:27 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-05-04 11:26:35 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	openshift api pull 585	None	closed	Bug 1794376: config: disable IPv6DualStack feature flag	2020-12-24 08:50:41 UTC
Github	openshift cluster-kube-apiserver-operator pull 758	None	closed	Bug 1794376: Remove IPv6 dualstack feature gate	2020-12-24 08:50:41 UTC
Red Hat Product Errata	RHBA-2020:0581	None	None	None	2020-05-04 11:27:08 UTC

Description David Eads 2020-01-23 12:41:32 UTC

After enabling the IPv6DualStack feature gate on the the kube-apiserver, services cannot be created as normal. This blocks the Monitoring operator in particular.

We added the ability to strip feature gates to avoid reverting the api change.

Comment 2 Michal Fojtik 2020-02-10 10:45:32 UTC

This is POST until we merge the KAS-O bump;

Comment 4 Xingxing Xia 2020-02-24 01:58:38 UTC

Ke Wang, this is easy to verify, just check: under KAS pod's kube-apiserver process's configuration file, the field apiServerArguments.feature-gates does not include the one in bug title, and / or check KAS pod logs about feature gates exclude the one in bug title.
More knowledge about feature gates for you: from the PR's file config/v1/types_feature.go, feature gate sets include Default, CustomNoUpgrade, TechPreviewNoUpgrade and LatencySensitive. Each one defines what feature gates is Enabled and Disabled. "Default" is used when `oc get FeatureGate cluster -o yaml` spec.featureSet is empty. CustomNoUpgrade or TechPreviewNoUpgrade is used like bug 1731228#c17. For the one in bug title, per PR comment, it would not be supported currently
Thx

Comment 5 Ke Wang 2020-02-24 08:24:53 UTC

Verified with OCP build as below,

$ oc version
Client Version: v4.4.0
Server Version: 4.4.0-0.nightly-2020-02-24-020331
Kubernetes Version: v1.17.1

- Steps, 
Selected on KAS pod and check the configuration file, check the  default apiServerArguments of feature-gates, 

$ kubeapiserver_pod=$(oc get pod -n openshift-kube-apiserver | grep kube-apiserver | head -1 | awk '{print $1}')

$ oc rsh -n openshift-kube-apiserver  $kubeapiserver_pod

sh-4.2# cat /etc/kubernetes/static-pod-resources/configmaps/config/config.yaml| python -m json.tool
...
"feature-gates": [
            "RotateKubeletServerCertificate=true",
            "SupportPodPidsLimit=true",
            "NodeDisruptionExclusion=true",
            "ServiceNodeExclusion=true",
            "SCTPSupport=true",
            "LegacyNodeRoleBehavior=false"
        ],
...

We can see the IPv6DualStack feature gate was removed.

Comment 7 errata-xmlrpc 2020-05-04 11:26:35 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0581

Note You need to log in before you can comment on or make changes to this bug.