Promote AdditionalCertificateOutputFormats feature gate to Beta and enable by default

Signed-off-by: Erik Godding Boye <egboye@gmail.com>
2024-04-28 17:29:35 +02:00 · 2024-04-28 17:29:35 +02:00 · 003c1b12e8
commit 003c1b12e8
parent 964fa50091
9 changed files with 10 additions and 27 deletions
--- a/deploy/crds/crd-certificates.yaml
+++ b/deploy/crds/crd-certificates.yaml
@ -90,8 +90,8 @@ spec:
                    to be written to this Certificate's target Secret.


-                    This is an Alpha Feature and is only enabled with the
-                    `--feature-gates=AdditionalCertificateOutputFormats=true` option set on both
+                    This is a Beta Feature enabled by default. It can be disabled with the
+                    `--feature-gates=AdditionalCertificateOutputFormats=false` option set on both
                    the controller and webhook components.
                  type: array
                  items:
--- a/internal/apis/certmanager/types_certificate.go
+++ b/internal/apis/certmanager/types_certificate.go
@ -240,8 +240,8 @@ type CertificateSpec struct {
 	// Defines extra output formats of the private key and signed certificate chain
 	// to be written to this Certificate's target Secret.
 	//
-	// This is an Alpha Feature and is only enabled with the
-	// `--feature-gates=AdditionalCertificateOutputFormats=true` option set on both
+	// This is a Beta Feature enabled by default. It can be disabled with the
+	// `--feature-gates=AdditionalCertificateOutputFormats=false` option set on both
 	// the controller and webhook components.
 	AdditionalOutputFormats []CertificateAdditionalOutputFormat

--- a/internal/controller/feature/features.go
+++ b/internal/controller/feature/features.go
@ -64,6 +64,7 @@ const (

 	// Owner: @joshvanl
 	// Alpha: v1.7
+	// Beta: v1.15
 	//
 	// AdditionalCertificateOutputFormats enable output additional format
 	AdditionalCertificateOutputFormats featuregate.Feature = "AdditionalCertificateOutputFormats"
@ -153,7 +154,7 @@ var defaultCertManagerFeatureGates = map[featuregate.Feature]featuregate.Feature
 	ValidateCAA: {Default: false, PreRelease: featuregate.Alpha},
 	ExperimentalCertificateSigningRequestControllers: {Default: false, PreRelease: featuregate.Alpha},
 	ExperimentalGatewayAPISupport:                    {Default: true, PreRelease: featuregate.Beta},
-	AdditionalCertificateOutputFormats:               {Default: false, PreRelease: featuregate.Alpha},
+	AdditionalCertificateOutputFormats:               {Default: true, PreRelease: featuregate.Beta},
 	ServerSideApply:                                  {Default: false, PreRelease: featuregate.Alpha},
 	LiteralCertificateSubject:                        {Default: false, PreRelease: featuregate.Alpha},
 	UseCertificateRequestBasicConstraints:            {Default: false, PreRelease: featuregate.Alpha},
--- a/internal/webhook/feature/features.go
+++ b/internal/webhook/feature/features.go
@ -42,6 +42,7 @@ const (

 	// Owner: @joshvanl
 	// Alpha: v1.7.1
+	// Beta: v1.15
 	//
 	// AdditionalCertificateOutputFormats enable output additional format
 	AdditionalCertificateOutputFormats featuregate.Feature = "AdditionalCertificateOutputFormats"
@ -94,7 +95,7 @@ func init() {
 var webhookFeatureGates = map[featuregate.Feature]featuregate.FeatureSpec{
 	DisallowInsecureCSRUsageDefinition: {Default: true, PreRelease: featuregate.GA},

-	AdditionalCertificateOutputFormats: {Default: false, PreRelease: featuregate.Alpha},
+	AdditionalCertificateOutputFormats: {Default: true, PreRelease: featuregate.Beta},
 	LiteralCertificateSubject:          {Default: false, PreRelease: featuregate.Alpha},
 	NameConstraints:                    {Default: false, PreRelease: featuregate.Alpha},
 	OtherNames:                         {Default: false, PreRelease: featuregate.Alpha},
--- a/pkg/apis/certmanager/v1/types_certificate.go
+++ b/pkg/apis/certmanager/v1/types_certificate.go
@ -265,8 +265,8 @@ type CertificateSpec struct {
 	// Defines extra output formats of the private key and signed certificate chain
 	// to be written to this Certificate's target Secret.
 	//
-	// This is an Alpha Feature and is only enabled with the
-	// `--feature-gates=AdditionalCertificateOutputFormats=true` option set on both
+	// This is a Beta Feature enabled by default. It can be disabled with the
+	// `--feature-gates=AdditionalCertificateOutputFormats=false` option set on both
 	// the controller and webhook components.
 	// +optional
 	AdditionalOutputFormats []CertificateAdditionalOutputFormat `json:"additionalOutputFormats,omitempty"`
--- a/pkg/controller/certificates/issuing/internal/secret_test.go
+++ b/pkg/controller/certificates/issuing/internal/secret_test.go
@ -24,9 +24,7 @@ import (
 	"testing"
 	"time"

-	"github.com/cert-manager/cert-manager/internal/controller/feature"
 	testpkg "github.com/cert-manager/cert-manager/pkg/controller/test"
-	utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature"
 	"github.com/stretchr/testify/assert"
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@ -34,7 +32,6 @@ import (
 	apitypes "k8s.io/apimachinery/pkg/types"
 	applycorev1 "k8s.io/client-go/applyconfigurations/core/v1"
 	applymetav1 "k8s.io/client-go/applyconfigurations/meta/v1"
-	featuregatetesting "k8s.io/component-base/featuregate/testing"
 	fakeclock "k8s.io/utils/clock/testing"
 	"k8s.io/utils/ptr"

@ -58,9 +55,6 @@ var (
 // SecretsManager.
 // See: https://github.com/kubernetes/client-go/issues/970
 func Test_SecretsManager(t *testing.T) {
-	// Enable feature gate additional private key for this test
-	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultMutableFeatureGate, feature.AdditionalCertificateOutputFormats, true)()
-
 	baseCert := gen.Certificate("test",
 		gen.SetCertificateIssuer(cmmeta.ObjectReference{Name: "ca-issuer", Kind: "Issuer", Group: "foo.io"}),
 		gen.SetCertificateSecretName("output"),
--- a/test/e2e/suite/certificates/additionaloutputformats.go
+++ b/test/e2e/suite/certificates/additionaloutputformats.go
@ -50,8 +50,6 @@ var _ = framework.CertManagerDescribe("Certificate AdditionalCertificateOutputFo
 	)

 	createCertificate := func(f *framework.Framework, aof []cmapi.CertificateAdditionalOutputFormat) (string, *cmapi.Certificate) {
-		framework.RequireFeatureGate(f, utilfeature.DefaultFeatureGate, feature.AdditionalCertificateOutputFormats)
-
 		crt := &cmapi.Certificate{
 			ObjectMeta: metav1.ObjectMeta{
 				GenerateName: "test-additional-output-formats-",
--- a/test/e2e/suite/issuers/ca/certificate.go
+++ b/test/e2e/suite/issuers/ca/certificate.go
@ -26,10 +26,8 @@ import (

 	"github.com/cert-manager/cert-manager/e2e-tests/framework"
 	"github.com/cert-manager/cert-manager/e2e-tests/util"
-	"github.com/cert-manager/cert-manager/internal/controller/feature"
 	v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
 	cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"
-	utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature"
 	"github.com/cert-manager/cert-manager/test/unit/gen"
 )

@ -153,10 +151,6 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() {
 		})

 		It("should be able to create a certificate with additional output formats", func() {
-			// Output formats is only enabled via this feature gate being enabled.
-			// Don't run test if the gate isn't enabled.
-			framework.RequireFeatureGate(f, utilfeature.DefaultFeatureGate, feature.AdditionalCertificateOutputFormats)
-
 			certClient := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name)

 			By("Creating a Certificate")
--- a/test/integration/certificates/issuing_controller_test.go
+++ b/test/integration/certificates/issuing_controller_test.go
@ -37,7 +37,6 @@ import (
 	"k8s.io/utils/ptr"

 	"github.com/cert-manager/cert-manager/integration-tests/framework"
-	"github.com/cert-manager/cert-manager/internal/webhook/feature"
 	apiutil "github.com/cert-manager/cert-manager/pkg/api/util"
 	cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
 	cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"
@ -45,11 +44,9 @@ import (
 	"github.com/cert-manager/cert-manager/pkg/controller/certificates/issuing"
 	logf "github.com/cert-manager/cert-manager/pkg/logs"
 	"github.com/cert-manager/cert-manager/pkg/metrics"
-	utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature"
 	utilpki "github.com/cert-manager/cert-manager/pkg/util/pki"
 	testcrypto "github.com/cert-manager/cert-manager/test/unit/crypto"
 	"github.com/cert-manager/cert-manager/test/unit/gen"
-	featuregatetesting "k8s.io/component-base/featuregate/testing"
 )

 // TestIssuingController performs a basic test to ensure that the issuing
@ -748,8 +745,6 @@ func Test_IssuingController_SecretTemplate(t *testing.T) {
 // ensure that values in a Certificate's AddiationOutputFormats will be copied
 // to the target Secret- when they are both added and deleted.
 func Test_IssuingController_AdditionalOutputFormats(t *testing.T) {
-	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, feature.AdditionalCertificateOutputFormats, true)()
-
 	ctx, cancel := context.WithTimeout(context.Background(), time.Second*40)
 	defer cancel()