Merge pull request #119374 from danwinship/kep-3178-ga

move KEP-3178 IPTablesOwnershipCleanup to GA

Kubernetes-commit: ff90c1cc73e5dcebec574e341ee32f11851d050a

config/v1beta1/types.go

@@ -548,22 +548,20 @@ type KubeletConfiguration struct {
 	// Default: false
 	// +optional
 	ProtectKernelDefaults bool `json:"protectKernelDefaults,omitempty"`
-	// makeIPTablesUtilChains, if true, causes the Kubelet ensures a set of iptables rules
-	// are present on host.
-	// These rules will serve as utility rules for various components, e.g. kube-proxy.
-	// The rules will be created based on iptablesMasqueradeBit and iptablesDropBit.
+	// makeIPTablesUtilChains, if true, causes the Kubelet to create the
+	// KUBE-IPTABLES-HINT chain in iptables as a hint to other components about the
+	// configuration of iptables on the system.
 	// Default: true
 	// +optional
 	MakeIPTablesUtilChains *bool `json:"makeIPTablesUtilChains,omitempty"`
-	// iptablesMasqueradeBit is the bit of the iptables fwmark space to mark for SNAT.
-	// Values must be within the range [0, 31]. Must be different from other mark bits.
-	// Warning: Please match the value of the corresponding parameter in kube-proxy.
-	// TODO: clean up IPTablesMasqueradeBit in kube-proxy.
+	// iptablesMasqueradeBit formerly controlled the creation of the KUBE-MARK-MASQ
+	// chain.
+	// Deprecated: no longer has any effect.
 	// Default: 14
 	// +optional
 	IPTablesMasqueradeBit *int32 `json:"iptablesMasqueradeBit,omitempty"`
-	// iptablesDropBit is the bit of the iptables fwmark space to mark for dropping packets.
-	// Values must be within the range [0, 31]. Must be different from other mark bits.
+	// iptablesDropBit formerly controlled the creation of the KUBE-MARK-DROP chain.
+	// Deprecated: no longer has any effect.
 	// Default: 15
 	// +optional
 	IPTablesDropBit *int32 `json:"iptablesDropBit,omitempty"`

go.mod

@@ -11,7 +11,7 @@ require (
 	google.golang.org/grpc v1.54.0
 	k8s.io/api v0.0.0-20230718014949-277ce0d086e7
 	k8s.io/apimachinery v0.0.0-20230718014249-03c97687112f
-	k8s.io/apiserver v0.0.0-20230718022008-90b43d678411
+	k8s.io/apiserver v0.0.0-20230718022010-bb61e752573f
 	k8s.io/client-go v0.0.0-20230718015924-efe741a289f1
 	k8s.io/component-base v0.0.0-20230718021152-590f17cba088
 	k8s.io/cri-api v0.0.0-20230718023847-0950fc7cea27
@@ -61,7 +61,7 @@ require (
 replace (
 	k8s.io/api => k8s.io/api v0.0.0-20230718014949-277ce0d086e7
 	k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20230718014249-03c97687112f
-	k8s.io/apiserver => k8s.io/apiserver v0.0.0-20230718022008-90b43d678411
+	k8s.io/apiserver => k8s.io/apiserver v0.0.0-20230718022010-bb61e752573f
 	k8s.io/client-go => k8s.io/client-go v0.0.0-20230718015924-efe741a289f1
 	k8s.io/component-base => k8s.io/component-base v0.0.0-20230718021152-590f17cba088
 	k8s.io/cri-api => k8s.io/cri-api v0.0.0-20230718023847-0950fc7cea27

go.sum

@@ -147,8 +147,8 @@ k8s.io/api v0.0.0-20230718014949-277ce0d086e7 h1:OWynHOnTzwj08ZEICnHlEbLI8xSs7Tm
 k8s.io/api v0.0.0-20230718014949-277ce0d086e7/go.mod h1:zxLOnGEFihnzaAvaWmy+DW4UbCIWFMfI3tRG5S9XEjE=
 k8s.io/apimachinery v0.0.0-20230718014249-03c97687112f h1:asn3+fc9pfDX01Yfu83LeWkfdxFvwSQlHBVrsHnw6r4=
 k8s.io/apimachinery v0.0.0-20230718014249-03c97687112f/go.mod h1:qGEW5CgfSiVy8AuAsSu5e5Se+9ZsnXBlbrIjeCn1/Dw=
-k8s.io/apiserver v0.0.0-20230718022008-90b43d678411 h1:F4djzHsMzBeL0lQzJVpnT5fYgk0Tu7P/7ONmqdaUBAI=
-k8s.io/apiserver v0.0.0-20230718022008-90b43d678411/go.mod h1:h801cappsPyM38bFytdrvJhfRde7END551AODhd5v58=
+k8s.io/apiserver v0.0.0-20230718022010-bb61e752573f h1:FM9/H63WvbbiyEELqqdYGKocVysLchvgQQgwnFmEpBY=
+k8s.io/apiserver v0.0.0-20230718022010-bb61e752573f/go.mod h1:h801cappsPyM38bFytdrvJhfRde7END551AODhd5v58=
 k8s.io/client-go v0.0.0-20230718015924-efe741a289f1 h1:B3ah2Vuyt8ym0sso6up7voNMlOe9IT6cU9h7BIS8rsY=
 k8s.io/client-go v0.0.0-20230718015924-efe741a289f1/go.mod h1:Gaq2IIlHLhO9wlYVCPAGW/G1DzwffXQiyEoLZmjDGXQ=
 k8s.io/component-base v0.0.0-20230718021152-590f17cba088 h1:ExsQpTlZQ2xD1uGqgYQKlxBa7sEvSthTpY5XFbsAvj0=