api Remove upstream on-by-default feature gates (CloudDualStackNodeIPs, DisableKubeletCloudCredentialProviders, ValidatingAdmissionPolicy)

The most recent of these to be promoted was ValidatingAdmissionPolicy, which happened in https://github.com/JoelSpeed/api/commit/d26b94030d0c1f098f089e3c028380e3a7db805a last May. The others 2 have been enabled since before March 2024.

Upstream:

ValidatingAdmissionPolicy is on by default since 1.30 upstream.
CloudDualStackNodeIPs has been removed from 1.30 to 1.31, see https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates-removed/
DisableKubeletCloudCredentialProviders is on by default since 1.31 upstream.

We can therefore safely remove these now that we are running 1.32 everywhere.

CC @deads2k @benluddy @mkowalski

Mar 26 '25 14:03 JoelSpeed

Hello @JoelSpeed! Some important instructions when contributing to openshift/api: API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

Mar 26 '25 14:03 openshift-ci[bot]

/approve cancel

Just for now until I've cleared this with CI and the architects

Mar 26 '25 14:03 JoelSpeed

E2E failing because KASO is panicking, due to https://github.com/openshift/cluster-kube-apiserver-operator/blob/e41854880dcb1a9df3322c1494c93e9a9ac0babe/pkg/operator/configobservation/apienablement/observe_runtime_config.go#L19

@benluddy Do you know what would happen if we remove this particular line?

Mar 26 '25 17:03 JoelSpeed

@benluddy Do you know what would happen if we remove this particular line?

We'll stop serving that GV... which we never wanted to serve to begin with outside of tech preview.

I remember there was some pain during the rebase because both the feature and its related APIs went directly from beta/off to GA/on. The intention must have been to follow up the rebase by removing the --runtime-config behavior from KASO. I don't know why https://github.com/openshift/cluster-kube-apiserver-operator/pull/1687 was closed.

Mar 26 '25 17:03 benluddy

@benluddy I assume we don't want to forever gate this serving on the presence of the feature gate being passed, so, there are 2 paths forward I guess

We stop serving the GV - err, breaking change?
We keep serving the GV but don't gate on it anymore?

I assume 2 is the actual only real path, is that a lot of maintenance burden do you think? Or is there a viable "we think we can reason why 1 is ok" path?

Mar 27 '25 08:03 JoelSpeed

/approve

May 02 '25 13:05 JoelSpeed

Having dropped ValidatingAdmissionPolicy from this PR, this is now ready to go

CC @elmiko as sig-cloud representative

May 02 '25 13:05 JoelSpeed

/label acknowledge-critical-fixes-only

The CCMs dropped these last release, so these aren't leveraged anymore

May 02 '25 14:05 JoelSpeed

/retest-required

Remaining retests: 0 against base HEAD 7152b1b11175dfb0c132626b9f82967405d55959 and 2 for PR HEAD dec0a2e0be65a0937bed642bdb4679fd558054dc in total

May 02 '25 16:05 openshift-ci-robot

/retest-required

Remaining retests: 0 against base HEAD 7152b1b11175dfb0c132626b9f82967405d55959 and 2 for PR HEAD dec0a2e0be65a0937bed642bdb4679fd558054dc in total

May 05 '25 18:05 openshift-ci-robot

/retest-required

Remaining retests: 0 against base HEAD 7152b1b11175dfb0c132626b9f82967405d55959 and 2 for PR HEAD dec0a2e0be65a0937bed642bdb4679fd558054dc in total

May 06 '25 09:05 openshift-ci-robot

/retest-required

Remaining retests: 0 against base HEAD ec925abe6296c4a6d318e944d748a8463b74d809 and 2 for PR HEAD dec0a2e0be65a0937bed642bdb4679fd558054dc in total

May 06 '25 17:05 openshift-ci-robot

/retest-required

Remaining retests: 0 against base HEAD ec925abe6296c4a6d318e944d748a8463b74d809 and 2 for PR HEAD dec0a2e0be65a0937bed642bdb4679fd558054dc in total

May 06 '25 18:05 openshift-ci-robot

/retest-required

Remaining retests: 0 against base HEAD ec925abe6296c4a6d318e944d748a8463b74d809 and 2 for PR HEAD dec0a2e0be65a0937bed642bdb4679fd558054dc in total

May 06 '25 22:05 openshift-ci-robot

/retest-required

Remaining retests: 0 against base HEAD ec925abe6296c4a6d318e944d748a8463b74d809 and 2 for PR HEAD dec0a2e0be65a0937bed642bdb4679fd558054dc in total

May 07 '25 04:05 openshift-ci-robot

/lgtm

May 07 '25 12:05 elmiko

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: elmiko, JoelSpeed

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~OWNERS~~ [JoelSpeed]

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

May 07 '25 12:05 openshift-ci[bot]

/retest-required

Remaining retests: 0 against base HEAD f1581277fdec3c4837513070da4ccc15ffafdbeb and 2 for PR HEAD 46fd2283298c9c8e72d6468a3958e14268de6060 in total

May 07 '25 13:05 openshift-ci-robot

/retest-required

Remaining retests: 0 against base HEAD 7318813e48da641a8b2e068018a3723a5cc34d5e and 2 for PR HEAD 46fd2283298c9c8e72d6468a3958e14268de6060 in total

May 07 '25 15:05 openshift-ci-robot

/retest-required

Remaining retests: 0 against base HEAD 7318813e48da641a8b2e068018a3723a5cc34d5e and 2 for PR HEAD 46fd2283298c9c8e72d6468a3958e14268de6060 in total

May 07 '25 23:05 openshift-ci-robot

/override ci/prow/e2e-aws-serial

Suite succeeded, but timed out on deprovision

May 08 '25 10:05 JoelSpeed

@JoelSpeed: Overrode contexts on behalf of JoelSpeed: ci/prow/e2e-aws-serial

In response to this:

/override ci/prow/e2e-aws-serial

Suite succeeded, but timed out on deprovision

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

May 08 '25 10:05 openshift-ci[bot]

/retest-required

Remaining retests: 0 against base HEAD 7318813e48da641a8b2e068018a3723a5cc34d5e and 2 for PR HEAD 46fd2283298c9c8e72d6468a3958e14268de6060 in total

May 08 '25 15:05 openshift-ci-robot

/retest-required

Remaining retests: 0 against base HEAD 7318813e48da641a8b2e068018a3723a5cc34d5e and 2 for PR HEAD 46fd2283298c9c8e72d6468a3958e14268de6060 in total

May 08 '25 20:05 openshift-ci-robot

/retest-required

May 09 '25 06:05 JoelSpeed

@JoelSpeed: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/okd-scos-images	54ba57c9e62068b1e24082802bf0f1c47de6689b	link	true	`/test okd-scos-images`
ci/prow/e2e-azure	46fd2283298c9c8e72d6468a3958e14268de6060	link	false	`/test e2e-azure`
ci/prow/okd-scos-e2e-aws-ovn	46fd2283298c9c8e72d6468a3958e14268de6060	link	false	`/test okd-scos-e2e-aws-ovn`

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

May 09 '25 11:05 openshift-ci[bot]

/retest-required

Remaining retests: 0 against base HEAD f14ed7c0a39529d00d64b6874b0a817b19aef98e and 2 for PR HEAD 46fd2283298c9c8e72d6468a3958e14268de6060 in total

May 09 '25 11:05 openshift-ci-robot

[ART PR BUILD NOTIFIER]

Distgit: ose-cluster-config-api This PR has been included in build ose-cluster-config-api-container-v4.20.0-202505092247.p0.gb7d0ca2.assembly.stream.el9. All builds following this will include this PR.

May 09 '25 23:05 openshift-bot