From 2c708c34ea2a27bf96a44be1d6ffff2dbb0b319a Mon Sep 17 00:00:00 2001 From: Antonin Bas Date: Thu, 25 Mar 2021 16:20:05 -0700 Subject: [PATCH] Graduate AntreaPolicy Feature to Beta We graduate this Feature to Beta for the Antrea v1.0 release. See #1725 --- .github/workflows/kind.yml | 27 ++++++++++-------- build/yamls/antrea-aks.yml | 10 +++---- build/yamls/antrea-eks.yml | 10 +++---- build/yamls/antrea-gke.yml | 10 +++---- build/yamls/antrea-ipsec.yml | 10 +++---- build/yamls/antrea.yml | 10 +++---- build/yamls/base/conf/antrea-agent.conf | 2 +- build/yamls/base/conf/antrea-controller.conf | 2 +- ci/kind/test-e2e-kind.sh | 12 ++++---- docs/antrea-network-policy.md | 30 +++----------------- docs/feature-gates.md | 4 +-- hack/generate-manifest.sh | 16 +++++------ pkg/features/antrea_features.go | 5 ++-- 13 files changed, 66 insertions(+), 82 deletions(-) diff --git a/.github/workflows/kind.yml b/.github/workflows/kind.yml index c0794cdd8bb..4d35ab42490 100755 --- a/.github/workflows/kind.yml +++ b/.github/workflows/kind.yml @@ -317,8 +317,11 @@ jobs: path: log.tar.gz retention-days: 30 - test-e2e-encap-np: - name: E2e tests on a Kind cluster on Linux with Antrea NetworkPolicies enabled + # TODO: remove when https://github.com/vmware-tanzu/antrea/issues/897 is fixed. + # In the mean time, we keep this test around to ensure that at least one Kind + # test uses a Geneve overlay. + test-e2e-encap-no-np: + name: E2e tests on a Kind cluster on Linux with Antrea-native policies disabled needs: [build-antrea-coverage-image, build-flow-aggregator-coverage-image] runs-on: [ubuntu-latest] steps: @@ -351,15 +354,15 @@ jobs: - name: Run e2e tests run: | mkdir log - mkdir test-e2e-encap-np-coverage - ANTREA_LOG_DIR=$PWD/log ANTREA_COV_DIR=$PWD/test-e2e-encap-np-coverage ./ci/kind/test-e2e-kind.sh --encap-mode encap --np --coverage + mkdir test-e2e-encap-no-np-coverage + ANTREA_LOG_DIR=$PWD/log ANTREA_COV_DIR=$PWD/test-e2e-encap-no-np-coverage ./ci/kind/test-e2e-kind.sh --encap-mode encap --no-np --coverage - name: Tar coverage files - run: tar -czf test-e2e-encap-np-coverage.tar.gz test-e2e-encap-np-coverage - - name: Upload coverage for test-e2e-encap-np-coverage + run: tar -czf test-e2e-encap-no-np-coverage.tar.gz test-e2e-encap-no-np-coverage + - name: Upload coverage for test-e2e-encap-no-np-coverage uses: actions/upload-artifact@v2 with: - name: test-e2e-encap-np-coverage - path: test-e2e-encap-np-coverage.tar.gz + name: test-e2e-encap-no-np-coverage + path: test-e2e-encap-no-np-coverage.tar.gz retention-days: 30 - name: Codecov uses: codecov/codecov-action@v1 @@ -367,8 +370,8 @@ jobs: token: ${{ secrets.CODECOV_TOKEN }} file: '*.cov.out*' flags: kind-e2e-tests - name: codecov-test-e2e-np-encap - directory: test-e2e-encap-np-coverage + name: codecov-test-e2e-no-np-encap + directory: test-e2e-encap-no-np-coverage - name: Tar log files if: ${{ failure() }} run: tar -czf log.tar.gz log @@ -376,7 +379,7 @@ jobs: uses: actions/upload-artifact@v2 if: ${{ failure() }} with: - name: e2e-kind-encap-np.tar.gz + name: e2e-kind-encap-no-np.tar.gz path: log.tar.gz retention-days: 30 @@ -466,7 +469,7 @@ jobs: # yet. artifact-cleanup: name: Delete uploaded images - needs: [build-antrea-coverage-image, build-flow-aggregator-coverage-image, build-antrea-image, test-e2e-encap, test-e2e-encap-no-proxy, test-e2e-noencap, test-e2e-hybrid, test-e2e-encap-np, test-netpol-tmp, validate-prometheus-metrics-doc] + needs: [build-antrea-coverage-image, build-flow-aggregator-coverage-image, build-antrea-image, test-e2e-encap, test-e2e-encap-no-proxy, test-e2e-noencap, test-e2e-hybrid, test-e2e-encap-no-np, test-netpol-tmp, validate-prometheus-metrics-doc] if: ${{ always() }} runs-on: [ubuntu-latest] steps: diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml index a8954b99528..9529d5e37da 100644 --- a/build/yamls/antrea-aks.yml +++ b/build/yamls/antrea-aks.yml @@ -2433,7 +2433,7 @@ data: # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy # feature that supports priorities, rule actions and externalEntities in the future. - # AntreaPolicy: false + # AntreaPolicy: true # Enable flowexporter which exports polled conntrack connections as IPFIX flow records from each # agent to a configured collector. @@ -2588,7 +2588,7 @@ data: # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy # feature that supports priorities, rule actions and externalEntities in the future. - # AntreaPolicy: false + # AntreaPolicy: true # Enable collecting and exposing NetworkPolicy statistics. # NetworkPolicyStats: false @@ -2640,7 +2640,7 @@ metadata: annotations: {} labels: app: antrea - name: antrea-config-bm46tm9f88 + name: antrea-config-gg4m728h98 namespace: kube-system --- apiVersion: v1 @@ -2760,7 +2760,7 @@ spec: key: node-role.kubernetes.io/master volumes: - configMap: - name: antrea-config-bm46tm9f88 + name: antrea-config-gg4m728h98 name: antrea-config - name: antrea-controller-tls secret: @@ -3069,7 +3069,7 @@ spec: operator: Exists volumes: - configMap: - name: antrea-config-bm46tm9f88 + name: antrea-config-gg4m728h98 name: antrea-config - hostPath: path: /etc/cni/net.d diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml index 3657ebf4a8c..c64ef2b20d9 100644 --- a/build/yamls/antrea-eks.yml +++ b/build/yamls/antrea-eks.yml @@ -2433,7 +2433,7 @@ data: # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy # feature that supports priorities, rule actions and externalEntities in the future. - # AntreaPolicy: false + # AntreaPolicy: true # Enable flowexporter which exports polled conntrack connections as IPFIX flow records from each # agent to a configured collector. @@ -2588,7 +2588,7 @@ data: # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy # feature that supports priorities, rule actions and externalEntities in the future. - # AntreaPolicy: false + # AntreaPolicy: true # Enable collecting and exposing NetworkPolicy statistics. # NetworkPolicyStats: false @@ -2640,7 +2640,7 @@ metadata: annotations: {} labels: app: antrea - name: antrea-config-bm46tm9f88 + name: antrea-config-gg4m728h98 namespace: kube-system --- apiVersion: v1 @@ -2760,7 +2760,7 @@ spec: key: node-role.kubernetes.io/master volumes: - configMap: - name: antrea-config-bm46tm9f88 + name: antrea-config-gg4m728h98 name: antrea-config - name: antrea-controller-tls secret: @@ -3071,7 +3071,7 @@ spec: operator: Exists volumes: - configMap: - name: antrea-config-bm46tm9f88 + name: antrea-config-gg4m728h98 name: antrea-config - hostPath: path: /etc/cni/net.d diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml index 0102703592c..742cb6bc980 100644 --- a/build/yamls/antrea-gke.yml +++ b/build/yamls/antrea-gke.yml @@ -2433,7 +2433,7 @@ data: # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy # feature that supports priorities, rule actions and externalEntities in the future. - # AntreaPolicy: false + # AntreaPolicy: true # Enable flowexporter which exports polled conntrack connections as IPFIX flow records from each # agent to a configured collector. @@ -2588,7 +2588,7 @@ data: # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy # feature that supports priorities, rule actions and externalEntities in the future. - # AntreaPolicy: false + # AntreaPolicy: true # Enable collecting and exposing NetworkPolicy statistics. # NetworkPolicyStats: false @@ -2640,7 +2640,7 @@ metadata: annotations: {} labels: app: antrea - name: antrea-config-5c954cd56b + name: antrea-config-6bb22hc7fg namespace: kube-system --- apiVersion: v1 @@ -2760,7 +2760,7 @@ spec: key: node-role.kubernetes.io/master volumes: - configMap: - name: antrea-config-5c954cd56b + name: antrea-config-6bb22hc7fg name: antrea-config - name: antrea-controller-tls secret: @@ -3072,7 +3072,7 @@ spec: path: /home/kubernetes/bin name: host-cni-bin - configMap: - name: antrea-config-5c954cd56b + name: antrea-config-6bb22hc7fg name: antrea-config - hostPath: path: /etc/cni/net.d diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml index 82f573d490b..a02c981caa3 100644 --- a/build/yamls/antrea-ipsec.yml +++ b/build/yamls/antrea-ipsec.yml @@ -2433,7 +2433,7 @@ data: # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy # feature that supports priorities, rule actions and externalEntities in the future. - # AntreaPolicy: false + # AntreaPolicy: true # Enable flowexporter which exports polled conntrack connections as IPFIX flow records from each # agent to a configured collector. @@ -2593,7 +2593,7 @@ data: # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy # feature that supports priorities, rule actions and externalEntities in the future. - # AntreaPolicy: false + # AntreaPolicy: true # Enable collecting and exposing NetworkPolicy statistics. # NetworkPolicyStats: false @@ -2645,7 +2645,7 @@ metadata: annotations: {} labels: app: antrea - name: antrea-config-29788ckmb7 + name: antrea-config-f57t688chc namespace: kube-system --- apiVersion: v1 @@ -2774,7 +2774,7 @@ spec: key: node-role.kubernetes.io/master volumes: - configMap: - name: antrea-config-29788ckmb7 + name: antrea-config-f57t688chc name: antrea-config - name: antrea-controller-tls secret: @@ -3118,7 +3118,7 @@ spec: operator: Exists volumes: - configMap: - name: antrea-config-29788ckmb7 + name: antrea-config-f57t688chc name: antrea-config - hostPath: path: /etc/cni/net.d diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml index 746e2e5ce68..1b133ec623e 100644 --- a/build/yamls/antrea.yml +++ b/build/yamls/antrea.yml @@ -2433,7 +2433,7 @@ data: # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy # feature that supports priorities, rule actions and externalEntities in the future. - # AntreaPolicy: false + # AntreaPolicy: true # Enable flowexporter which exports polled conntrack connections as IPFIX flow records from each # agent to a configured collector. @@ -2593,7 +2593,7 @@ data: # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy # feature that supports priorities, rule actions and externalEntities in the future. - # AntreaPolicy: false + # AntreaPolicy: true # Enable collecting and exposing NetworkPolicy statistics. # NetworkPolicyStats: false @@ -2645,7 +2645,7 @@ metadata: annotations: {} labels: app: antrea - name: antrea-config-f27tdcgm22 + name: antrea-config-5ct9ktdt77 namespace: kube-system --- apiVersion: v1 @@ -2765,7 +2765,7 @@ spec: key: node-role.kubernetes.io/master volumes: - configMap: - name: antrea-config-f27tdcgm22 + name: antrea-config-5ct9ktdt77 name: antrea-config - name: antrea-controller-tls secret: @@ -3074,7 +3074,7 @@ spec: operator: Exists volumes: - configMap: - name: antrea-config-f27tdcgm22 + name: antrea-config-5ct9ktdt77 name: antrea-config - hostPath: path: /etc/cni/net.d diff --git a/build/yamls/base/conf/antrea-agent.conf b/build/yamls/base/conf/antrea-agent.conf index b9e8641c25f..201a82e58d5 100644 --- a/build/yamls/base/conf/antrea-agent.conf +++ b/build/yamls/base/conf/antrea-agent.conf @@ -19,7 +19,7 @@ featureGates: # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy # feature that supports priorities, rule actions and externalEntities in the future. -# AntreaPolicy: false +# AntreaPolicy: true # Enable flowexporter which exports polled conntrack connections as IPFIX flow records from each # agent to a configured collector. diff --git a/build/yamls/base/conf/antrea-controller.conf b/build/yamls/base/conf/antrea-controller.conf index dc34c1747dc..f67763102c5 100644 --- a/build/yamls/base/conf/antrea-controller.conf +++ b/build/yamls/base/conf/antrea-controller.conf @@ -6,7 +6,7 @@ featureGates: # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy # feature that supports priorities, rule actions and externalEntities in the future. -# AntreaPolicy: false +# AntreaPolicy: true # Enable collecting and exposing NetworkPolicy statistics. # NetworkPolicyStats: false diff --git a/ci/kind/test-e2e-kind.sh b/ci/kind/test-e2e-kind.sh index 242781e1840..f97e812ba3f 100755 --- a/ci/kind/test-e2e-kind.sh +++ b/ci/kind/test-e2e-kind.sh @@ -26,7 +26,7 @@ _usage="Usage: $0 [--encap-mode ] [--no-proxy] [--np] [--coverage] [--help --encap-mode Traffic encapsulation mode. (default is 'encap'). --no-proxy Disables Antrea proxy. --endpointslice Enables Antrea proxy and EndpointSlice support. - --np Enables Namespaced Antrea NetworkPolicy CRDs and ClusterNetworkPolicy related CRDs. + --no-np Disables Antrea-native policies. --coverage Enables measure Antrea code coverage when run e2e tests on kind. --help, -h Print this message and exit. " @@ -51,7 +51,7 @@ trap "quit" INT EXIT mode="" proxy=true endpointslice=false -np=false +np=true coverage=false while [[ $# -gt 0 ]] do @@ -66,8 +66,8 @@ case $key in endpointslice=true shift ;; - --np) - np=true + --no-np) + np=false shift ;; --encap-mode) @@ -98,7 +98,9 @@ if $endpointslice; then fi if $np; then # See https://github.com/vmware-tanzu/antrea/issues/897 - manifest_args="$manifest_args --np --tun vxlan" + manifest_args="$manifest_args --tun vxlan" +else + manifest_args="$manifest_args --no-np" fi COMMON_IMAGES_LIST=("gcr.io/kubernetes-e2e-test-images/agnhost:2.8" "projects.registry.vmware.com/library/busybox" "projects.registry.vmware.com/antrea/nginx" "projects.registry.vmware.com/antrea/perftool" "projects.registry.vmware.com/antrea/ipfix-collector:v0.4.7") diff --git a/docs/antrea-network-policy.md b/docs/antrea-network-policy.md index 1c908415ba1..b0bc3fda202 100644 --- a/docs/antrea-network-policy.md +++ b/docs/antrea-network-policy.md @@ -39,6 +39,10 @@ few new CRDs supported by Antrea to provide the administrator with more control over security within the cluster, and which are meant to co-exist with and complement the K8s NetworkPolicy. +Starting with Antrea v1.0, Antrea-native policies are enabled by default, which +means that no additional configuration is required in order to use the +Antrea-native Policy CRDs. + ## Tier Antrea supports grouping Antrea-native Policy CRDs together in a tiered fashion @@ -170,28 +174,6 @@ their apps and affects Pods within the Namespace in which the K8s NetworkPolicy is created. Rules belonging to ClusterNetworkPolicies are enforced before any rule belonging to a K8s NetworkPolicy. -**Note**: ClusterNetworkPolicy is currently in "Alpha" stage. In order to -enable them, edit the Controller and Agent configuration in the `antrea` -ConfigMap as follows: - -```yaml - antrea-controller.conf: | - featureGates: - # Enable AntreaPolicy feature to complement K8s NetworkPolicy - # for cluster admins to define security policies which apply to the - # entire cluster. - AntreaPolicy: true -``` - -```yaml - antrea-agent.conf: | - featureGates: - # Enable AntreaPolicy feature to complement K8s NetworkPolicy - # for cluster admins to define security policies which apply to the - # entire cluster. - AntreaPolicy: true -``` - ### The Antrea ClusterNetworkPolicy resource Example ClusterNetworkPolicies might look like this: @@ -447,10 +429,6 @@ advanced NetworkPolicy features and apply them within a Namespace to complement the K8s NetworkPolicies. Similar to the ClusterNetworkPolicy resource, Antrea NetworkPolicy can also be associated with Tiers. -**Note**: Antrea NetworkPolicy is currently in "Alpha" stage and is enabled -along with Tiers and ClusterNetworkPolicy as part of the `AntreaPolicy` -feature gate. - ### The Antrea NetworkPolicy resource An example Antrea NetworkPolicy might look like this: diff --git a/docs/feature-gates.md b/docs/feature-gates.md index 264c3c957a3..ffd1819347b 100644 --- a/docs/feature-gates.md +++ b/docs/feature-gates.md @@ -35,9 +35,9 @@ example, to enable `AntreaProxy` on Linux, edit the Agent configuration in the | Feature Name | Component | Default | Stage | Alpha Release | Beta Release | GA Release | Extra Requirements | Notes | | ----------------------- | ------------------ | ------- | ----- | ------------- | ------------ | ---------- | ------------------ | ----- | -| `AntreaProxy` | Agent | `false` | Alpha | v0.8 | v0.11 | N/A | Yes | Must be enabled for Windows. | +| `AntreaProxy` | Agent | `true` | Alpha | v0.8 | v0.11 | N/A | Yes | Must be enabled for Windows. | | `EndpointSlice` | Agent | `false` | Alpha | v0.13.0 | N/A | N/A | Yes | | -| `AntreaPolicy` | Agent + Controller | `false` | Alpha | v0.8 | N/A | N/A | No | Agent side config required from v0.9.0+. | +| `AntreaPolicy` | Agent + Controller | `true` | Alpha | v0.8 | v1.0 | N/A | No | Agent side config required from v0.9.0+. | | `Traceflow` | Agent + Controller | `false` | Alpha | v0.8 | v0.11 | N/A | Yes | | | `FlowExporter` | Agent | `false` | Alpha | v0.9 | N/A | N/A | Yes | | | `NetworkPolicyStats` | Agent + Controller | `false` | Alpha | v0.10 | N/A | N/A | No | | diff --git a/hack/generate-manifest.sh b/hack/generate-manifest.sh index 9d53da18b5b..6318d05fbf7 100755 --- a/hack/generate-manifest.sh +++ b/hack/generate-manifest.sh @@ -20,7 +20,7 @@ function echoerr { >&2 echo "$@" } -_usage="Usage: $0 [--mode (dev|release)] [--encap-mode] [--kind] [--ipsec] [--no-proxy] [--np] [--k8s-1.15] [--keep] [--tun (geneve|vxlan|gre|stt)] [--verbose-log] [--help|-h] +_usage="Usage: $0 [--mode (dev|release)] [--encap-mode] [--kind] [--ipsec] [--no-proxy] [--no-np] [--k8s-1.15] [--keep] [--tun (geneve|vxlan|gre|stt)] [--verbose-log] [--help|-h] Generate a YAML manifest for Antrea using Kustomize and print it to stdout. --mode (dev|release) Choose the configuration variant that you need (default is 'dev') --encap-mode Traffic encapsulation mode. (default is 'encap') @@ -31,7 +31,7 @@ Generate a YAML manifest for Antrea using Kustomize and print it to stdout. --no-proxy Generate a manifest with Antrea proxy disabled --no-legacy-crd Generate a manifest without legacy CRD mirroring support enabled --endpointslice Generate a manifest with EndpointSlice support enabled - --np Generate a manifest with ClusterNetworkPolicy and Antrea NetworkPolicy features enabled + --no-np Generate a manifest with Antrea-native policies disabled --k8s-1.15 Generates a manifest which supports Kubernetes 1.15. --keep Debug flag which will preserve the generated kustomization.yml --tun (geneve|vxlan|gre|stt) Choose encap tunnel type from geneve, gre, stt and vxlan (default is geneve) @@ -67,7 +67,7 @@ ALLFEATURES=false PROXY=true LEGACY_CRD=true ENDPOINTSLICE=false -NP=false +NP=true KEEP=false ENCAP_MODE="" CLOUD="" @@ -121,8 +121,8 @@ case $key in ENDPOINTSLICE=true shift ;; - --np) - NP=true + --no-np) + NP=false shift ;; --k8s-1.15) @@ -270,9 +270,9 @@ if $ENDPOINTSLICE; then sed -i.bak -E "s/^[[:space:]]*#[[:space:]]*EndpointSlice[[:space:]]*:[[:space:]]*[a-z]+[[:space:]]*$/ EndpointSlice: true/" antrea-agent.conf fi -if $NP; then - sed -i.bak -E "s/^[[:space:]]*#[[:space:]]*AntreaPolicy[[:space:]]*:[[:space:]]*[a-z]+[[:space:]]*$/ AntreaPolicy: true/" antrea-controller.conf - sed -i.bak -E "s/^[[:space:]]*#[[:space:]]*AntreaPolicy[[:space:]]*:[[:space:]]*[a-z]+[[:space:]]*$/ AntreaPolicy: true/" antrea-agent.conf +if ! $NP; then + sed -i.bak -E "s/^[[:space:]]*#[[:space:]]*AntreaPolicy[[:space:]]*:[[:space:]]*[a-z]+[[:space:]]*$/ AntreaPolicy: false/" antrea-controller.conf + sed -i.bak -E "s/^[[:space:]]*#[[:space:]]*AntreaPolicy[[:space:]]*:[[:space:]]*[a-z]+[[:space:]]*$/ AntreaPolicy: false/" antrea-agent.conf fi if [[ $ENCAP_MODE != "" ]]; then diff --git a/pkg/features/antrea_features.go b/pkg/features/antrea_features.go index 4ace26fb413..f6445a345bf 100644 --- a/pkg/features/antrea_features.go +++ b/pkg/features/antrea_features.go @@ -30,7 +30,8 @@ const ( // MyFeature featuregate.Feature = "MyFeature" // alpha: v0.8 - // Allows to apply ClusterNetworkPolicy and AntreaNetworkPolicy CRDs. + // beta: v1.0 + // Enables support for ClusterNetworkPolicy and AntreaNetworkPolicy CRDs. AntreaPolicy featuregate.Feature = "AntreaPolicy" // alpha: v0.13 @@ -79,7 +80,7 @@ var ( // To add a new feature, define a key for it above and add it here. The features will be // available throughout Antrea binaries. defaultAntreaFeatureGates = map[featuregate.Feature]featuregate.FeatureSpec{ - AntreaPolicy: {Default: false, PreRelease: featuregate.Alpha}, + AntreaPolicy: {Default: true, PreRelease: featuregate.Beta}, AntreaProxy: {Default: true, PreRelease: featuregate.Beta}, Egress: {Default: false, PreRelease: featuregate.Alpha}, EndpointSlice: {Default: false, PreRelease: featuregate.Alpha},