Remove KMSv2 and KMSv2KDF feature gates

These have been GA since v1.29 and can be safely removed. Signed-off-by: Monis Khan <mok@microsoft.com> Kubernetes-commit: 6398b8a19fe0e113cf250c13b0639dea258a174f
2024-08-14 15:59:01 -04:00 · 2024-08-14 15:59:01 -04:00 · 272e9eba82
parent b157511c42
commit 272e9eba82
3 changed files with 1 additions and 30 deletions
--- a/pkg/features/kube_features.go
+++ b/pkg/features/kube_features.go
@ -137,23 +137,6 @@ const (
 	// Enables KMS v1 API for encryption at rest.
 	KMSv1 featuregate.Feature = "KMSv1"

-	// owner: @aramase
-	// kep: https://kep.k8s.io/3299
-	// alpha: v1.25
-	// beta: v1.27
-	// stable: v1.29
-	//
-	// Enables KMS v2 API for encryption at rest.
-	KMSv2 featuregate.Feature = "KMSv2"
-
-	// owner: @enj
-	// kep: https://kep.k8s.io/3299
-	// beta: v1.28
-	// stable: v1.29
-	//
-	// Enables the use of derived encryption keys with KMS v2.
-	KMSv2KDF featuregate.Feature = "KMSv2KDF"
-
 	// owner: @alexzielenski, @cici37, @jiahuif
 	// kep: https://kep.k8s.io/3962
 	// alpha: v1.30
@ -380,10 +363,6 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS

 	KMSv1: {Default: false, PreRelease: featuregate.Deprecated},

-	KMSv2: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.31
-
-	KMSv2KDF: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.31
-
 	OpenAPIEnums: {Default: true, PreRelease: featuregate.Beta},

 	RemainingItemCount: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.32
--- a/pkg/server/options/encryptionconfig/config.go
+++ b/pkg/server/options/encryptionconfig/config.go
@ -760,10 +760,6 @@ func kmsPrefixTransformer(ctx context.Context, config *apiserver.KMSConfiguratio
 		}, nil

 	case kmsAPIVersionV2:
-		if !utilfeature.DefaultFeatureGate.Enabled(features.KMSv2) {
-			return storagevalue.PrefixTransformer{}, nil, nil, fmt.Errorf("could not configure KMSv2 plugin %q, KMSv2 feature is not enabled", kmsName)
-		}
-
 		envelopeService, err := EnvelopeKMSv2ServiceFactory(ctx, config.Endpoint, config.Name, config.Timeout.Duration)
 		if err != nil {
 			return storagevalue.PrefixTransformer{}, nil, nil, fmt.Errorf("could not configure KMSv2-Plugin's probe %q, error: %w", kmsName, err)
--- a/pkg/server/options/encryptionconfig/config_test.go
+++ b/pkg/server/options/encryptionconfig/config_test.go
@ -391,15 +391,13 @@ func TestKMSvsEnablement(t *testing.T) {
 	}
 	tts := []struct {
 		name            string
-		kmsv2Enabled    bool
 		expectedErr     string
 		expectedTimeout time.Duration
 		config          apiserver.EncryptionConfiguration
 		wantV2Used      bool
 	}{
 		{
-			name:         "with kmsv1 and kmsv2, KMSv2=true",
-			kmsv2Enabled: true,
+			name: "with kmsv1 and kmsv2, KMSv2=true",
 			config: apiserver.EncryptionConfiguration{
 				Resources: []apiserver.ResourceConfiguration{
 					{
@ -441,8 +439,6 @@ func TestKMSvsEnablement(t *testing.T) {
 			// Just testing KMSv2 feature flag
 			featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.KMSv1, true)

-			featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.KMSv2, tt.kmsv2Enabled)
-
 			ctx, cancel := context.WithCancel(context.Background())
 			cancel() // cancel this upfront so the kms v2 checks do not block