From 413f82a706c326cb7c358681d70e05b78c961a24 Mon Sep 17 00:00:00 2001 From: Joao Morais Date: Mon, 9 Feb 2026 16:38:48 -0300 Subject: [PATCH] remove RouteExternalCertificate feature gate RouteExternalCertificate is now enabled by default. This update is removing references to this feature gate, hardcoding its value to true. This update is also a pre-requisite to remove it from openshift/cluster-ingress-operator. --- pkg/cmd/openshift-apiserver/cmd.go | 2 +- pkg/cmd/openshift-apiserver/openshiftapiserver/config.go | 3 --- .../openshiftapiserver/openshift_apiserver.go | 5 ++--- 3 files changed, 3 insertions(+), 7 deletions(-) diff --git a/pkg/cmd/openshift-apiserver/cmd.go b/pkg/cmd/openshift-apiserver/cmd.go index 3b8fc22c68..16a0ed30ea 100644 --- a/pkg/cmd/openshift-apiserver/cmd.go +++ b/pkg/cmd/openshift-apiserver/cmd.go @@ -104,7 +104,7 @@ func (o *OpenShiftAPIServer) Validate() error { // RunAPIServer takes the options, starts the API server and waits until stopCh is closed or initial listening fails. func (o *OpenShiftAPIServer) RunAPIServer(stopCh <-chan struct{}) error { - if err := features.InitializeFeatureGates(feature.DefaultMutableFeatureGate, openshiftfeatures.SelfManaged, openshiftfeatures.FeatureGateRouteExternalCertificate); err != nil { + if err := features.InitializeFeatureGates(feature.DefaultMutableFeatureGate, openshiftfeatures.SelfManaged); err != nil { return err } diff --git a/pkg/cmd/openshift-apiserver/openshiftapiserver/config.go b/pkg/cmd/openshift-apiserver/openshiftapiserver/config.go index 22f2419e26..8e395e0d9c 100644 --- a/pkg/cmd/openshift-apiserver/openshiftapiserver/config.go +++ b/pkg/cmd/openshift-apiserver/openshiftapiserver/config.go @@ -6,7 +6,6 @@ import ( "net/http" "time" - openshiftfeatures "github.com/openshift/api/features" openshiftcontrolplanev1 "github.com/openshift/api/openshiftcontrolplane/v1" "github.com/openshift/apiserver-library-go/pkg/configflags" "github.com/openshift/library-go/pkg/apiserver/admission/admissiontimeout" @@ -35,7 +34,6 @@ import ( "k8s.io/client-go/kubernetes" "k8s.io/client-go/restmapper" "k8s.io/component-base/compatibility" - "k8s.io/component-base/featuregate" "k8s.io/klog/v2" "k8s.io/kubernetes/pkg/api/legacyscheme" ) @@ -266,7 +264,6 @@ func NewOpenshiftAPIConfig(config *openshiftcontrolplanev1.OpenShiftAPIServerCon AdditionalTrustedCA: caData, ImageStreamImportMode: apisimage.ImportModeType(config.ImagePolicyConfig.ImageStreamImportMode), RouteAllocator: routeAllocator, - AllowRouteExternalCertificates: feature.DefaultFeatureGate.Enabled(featuregate.Feature(openshiftfeatures.FeatureGateRouteExternalCertificate)), ProjectAuthorizationCache: projectAuthorizationCache, ProjectCache: projectCache, ProjectRequestTemplate: config.ProjectConfig.ProjectRequestTemplate, diff --git a/pkg/cmd/openshift-apiserver/openshiftapiserver/openshift_apiserver.go b/pkg/cmd/openshift-apiserver/openshiftapiserver/openshift_apiserver.go index 58f1421924..cfb67c0aeb 100644 --- a/pkg/cmd/openshift-apiserver/openshiftapiserver/openshift_apiserver.go +++ b/pkg/cmd/openshift-apiserver/openshiftapiserver/openshift_apiserver.go @@ -90,8 +90,7 @@ type OpenshiftAPIExtraConfig struct { AdditionalTrustedCA []byte ImageStreamImportMode apisimage.ImportModeType - RouteAllocator *routehostassignment.SimpleAllocationPlugin - AllowRouteExternalCertificates bool + RouteAllocator *routehostassignment.SimpleAllocationPlugin ProjectAuthorizationCache *projectauth.AuthorizationCache ProjectCache *projectcache.ProjectCache @@ -328,7 +327,7 @@ func (c *completedConfig) withRouteAPIServer(delegateAPIServer genericapiserver. ExtraConfig: routeapiserver.ExtraConfig{ KubeAPIServerClientConfig: c.ExtraConfig.KubeAPIServerClientConfig, RouteAllocator: c.ExtraConfig.RouteAllocator, - AllowExternalCertificates: c.ExtraConfig.AllowRouteExternalCertificates, + AllowExternalCertificates: true, Codecs: legacyscheme.Codecs, Scheme: legacyscheme.Scheme, },