Wire feature gates in oauth-apiserver

Author: bertinatto

pkg/operator/starter.go

@@ -410,13 +410,19 @@ func prepareOauthAPIServerOperator(
 	}
 	migrator := migrators.NewKubeStorageVersionMigrator(authOperatorInput.migrationClient, informerFactories.migrationInformer.Migration().V1alpha1(), authOperatorInput.kubeClient.Discovery())
 
+	featureGates, err := authOperatorInput.featureGateAccessor(ctx, authOperatorInput, informerFactories)
+	if err != nil {
+		return nil, nil, err
+	}
+
 	authAPIServerWorkload := workload.NewOAuthAPIServerWorkload(
 		authOperatorInput.authenticationOperatorClient,
 		workloadcontroller.CountNodesFuncWrapper(informerFactories.kubeInformersForNamespaces.InformersFor("").Core().V1().Nodes().Lister()),
 		workloadcontroller.EnsureAtMostOnePodPerNode,
 		"openshift-oauth-apiserver",
 		os.Getenv("IMAGE_OAUTH_APISERVER"),
 		os.Getenv("OPERATOR_IMAGE"),
+		featureGates,
 		authOperatorInput.kubeClient,
 		versionRecorder)
 

pkg/operator/workload/sync_openshift_oauth_apiserver.go

@@ -5,19 +5,25 @@ import (
 	"encoding/json"
 	"fmt"
 	"regexp"
+	"sort"
 	"strconv"
 	"strings"
 
 	"github.com/openshift/library-go/pkg/operator/v1helpers"
 
 	appsv1 "k8s.io/api/apps/v1"
 	"k8s.io/apimachinery/pkg/util/sets"
+	_ "k8s.io/apiserver/pkg/features"
+	"k8s.io/apiserver/pkg/util/feature"
 	"k8s.io/client-go/kubernetes"
+	"k8s.io/component-base/featuregate"
 	"k8s.io/klog/v2"
 
+	configv1 "github.com/openshift/api/config/v1"
 	operatorv1 "github.com/openshift/api/operator/v1"
 	"github.com/openshift/library-go/pkg/controller/factory"
 	libgoetcd "github.com/openshift/library-go/pkg/operator/configobserver/etcd"
+	"github.com/openshift/library-go/pkg/operator/configobserver/featuregates"
 	"github.com/openshift/library-go/pkg/operator/events"
 	"github.com/openshift/library-go/pkg/operator/resource/resourceapply"
 	"github.com/openshift/library-go/pkg/operator/resource/resourcehash"
@@ -51,6 +57,8 @@ type OAuthAPIServerWorkload struct {
 	operatorImagePullSpec     string
 	kubeClient                kubernetes.Interface
 	versionRecorder           status.VersionGetter
+
+	featureGates featuregates.FeatureGate
 }
 
 // NewOAuthAPIServerWorkload creates new OAuthAPIServerWorkload struct
@@ -61,6 +69,7 @@ func NewOAuthAPIServerWorkload(
 	targetNamespace string,
 	targetImagePullSpec string,
 	operatorImagePullSpec string,
+	featureGates featuregates.FeatureGate,
 	kubeClient kubernetes.Interface,
 	versionRecorder status.VersionGetter,
 ) *OAuthAPIServerWorkload {
@@ -71,6 +80,7 @@ func NewOAuthAPIServerWorkload(
 		targetNamespace:           targetNamespace,
 		targetImagePullSpec:       targetImagePullSpec,
 		operatorImagePullSpec:     operatorImagePullSpec,
+		featureGates:              featureGates,
 		kubeClient:                kubeClient,
 		versionRecorder:           versionRecorder,
 	}
@@ -157,6 +167,15 @@ func (c *OAuthAPIServerWorkload) syncDeployment(ctx context.Context, operatorSpe
 	// log level verbosity is taken from the spec always
 	args["v"] = []string{loglevelToKlog(operatorSpec.LogLevel)}
 
+	// Set feature gates
+	features, err := getFeatureGates(c.featureGates)
+	if err != nil {
+		return nil, err
+	}
+	if len(features) > 0 {
+		args["feature-gates"] = []string{strings.Join(features, ",")}
+	}
+
 	// use string replacer for simple things
 	r := strings.NewReplacer(
 		"${IMAGE}", c.targetImagePullSpec,
@@ -287,3 +306,36 @@ func GetAPIServerArgumentsRaw(authOperatorSpec operatorv1.OperatorSpec) (map[str
 
 	return cfgUnstructured.APIServerArguments, nil
 }
+
+func getFeatureGates(featureGates featuregates.FeatureGate) ([]string, error) {
+	if featureGates == nil {
+		return nil, fmt.Errorf("featureGates cannot be nil")
+	}
+
+	// Get a list of known Kubernetes feature gates
+	known := feature.DefaultMutableFeatureGate.GetAll()
+
+	// Filter out OCP-specific feature gates
+	filteredFeatures := []string{}
+	for _, feature := range featureGates.KnownFeatures() {
+		_, ok := known[featuregate.Feature(feature)]
+		if !ok {
+			continue
+		}
+		filteredFeatures = append(filteredFeatures, string(feature))
+	}
+	sort.Strings(filteredFeatures)
+
+	// Format feature gates statuses
+	formattedFeatures := []string{}
+	for _, featureGate := range filteredFeatures {
+		fgName := configv1.FeatureGateName(featureGate)
+		if featureGates.Enabled(fgName) {
+			formattedFeatures = append(formattedFeatures, fmt.Sprintf("%s=true", featureGate))
+		} else {
+			formattedFeatures = append(formattedFeatures, fmt.Sprintf("%s=false", featureGate))
+		}
+	}
+
+	return formattedFeatures, nil
+}

pkg/operator/workload/sync_openshift_oauth_apiserver_test.go

@@ -11,6 +11,7 @@ import (
 	"github.com/google/go-cmp/cmp"
 
 	operatorv1 "github.com/openshift/api/operator/v1"
+	"github.com/openshift/library-go/pkg/operator/configobserver/featuregates"
 	"github.com/openshift/library-go/pkg/operator/events"
 
 	appsv1 "k8s.io/api/apps/v1"
@@ -145,6 +146,7 @@ func TestSyncOAuthAPIServerDeployment(t *testing.T) {
 				countNodes:                func(nodeSelector map[string]string) (*int32, error) { var i int32; i = 1; return &i, nil },
 				ensureAtMostOnePodPerNode: func(spec *appsv1.DeploymentSpec, componentName string) error { return nil },
 				kubeClient:                fakeKubeClient,
+				featureGates:              featuregates.NewFeatureGate(nil, nil),
 			}
 
 			actualDeployment, err := target.syncDeployment(context.TODO(), &scenario.operator.Spec.OperatorSpec, &scenario.operator.Status.OperatorStatus, eventRecorder)