compute: Deprecate DockerSELinuxMCSWorkaround

Warn that DockerSELinuxMCSWorkaround FG is going to be removed. Signed-off-by: bmordeha <[email protected]>
DiMalovanyy · Oct 6, 2024 · 9bb85b5 · 9bb85b5
1 parent f7a7c2f
commit 9bb85b5
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 5 deletions.
diff --git a/pkg/virt-api/webhooks/fuzz/fuzz_test.go b/pkg/virt-api/webhooks/fuzz/fuzz_test.go
@@ -186,7 +186,7 @@ func fuzzKubeVirtConfig(seed int64) *virtconfig.ClusterConfig {
 				virtconfig.Root,
 				virtconfig.ClusterProfiler,
 				virtconfig.WorkloadEncryptionSEV,
-				virtconfig.DockerSELinuxMCSWorkaround,
+				deprecation.DockerSELinuxMCSWorkaround,
 				deprecation.PSA,
 				virtconfig.VSOCKGate,
 			}

diff --git a/pkg/virt-config/deprecation/feature-gates.go b/pkg/virt-config/deprecation/feature-gates.go
@@ -54,6 +54,8 @@ const (
 
 	PasstGate   = "Passt"   // Deprecated
 	MacvtapGate = "Macvtap" // Deprecated
+	// DockerSELinuxMCSWorkaround sets the SELinux level of all the non-compute virt-launcher containers to "s0".
+	DockerSELinuxMCSWorkaround = "DockerSELinuxMCSWorkaround" // Deprecated
 )
 
 type FeatureGate struct {
@@ -76,6 +78,7 @@ func init() {
 
 	RegisterFeatureGate(FeatureGate{Name: PasstGate, State: Discontinued, Message: PasstDiscontinueMessage, VmiSpecUsed: passtApiUsed})
 	RegisterFeatureGate(FeatureGate{Name: MacvtapGate, State: Discontinued, Message: MacvtapDiscontinueMessage, VmiSpecUsed: macvtapApiUsed})
+	RegisterFeatureGate(FeatureGate{Name: DockerSELinuxMCSWorkaround, State: Deprecated, Message: fmt.Sprintf("DockerSELinuxMCSWorkaround has been discontinued since v1.4.")})
 }
 
 // RegisterFeatureGate adds a given feature-gate to the FG list

diff --git a/pkg/virt-config/feature-gates.go b/pkg/virt-config/feature-gates.go
@@ -43,8 +43,6 @@ const (
 	Root                       = "Root"
 	ClusterProfiler            = "ClusterProfiler"
 	WorkloadEncryptionSEV      = "WorkloadEncryptionSEV"
-	// DockerSELinuxMCSWorkaround sets the SELinux level of all the non-compute virt-launcher containers to "s0".
-	DockerSELinuxMCSWorkaround = "DockerSELinuxMCSWorkaround"
 	VSOCKGate                  = "VSOCK"
 	// DisableCustomSELinuxPolicy disables the installation of the custom SELinux policy for virt-launcher
 	DisableCustomSELinuxPolicy = "DisableCustomSELinuxPolicy"
@@ -191,7 +189,7 @@ func (config *ClusterConfig) WorkloadEncryptionSEVEnabled() bool {
 }
 
 func (config *ClusterConfig) DockerSELinuxMCSWorkaroundEnabled() bool {
-	return config.isFeatureGateEnabled(DockerSELinuxMCSWorkaround)
+	return config.isFeatureGateEnabled(deprecation.DockerSELinuxMCSWorkaround)
 }
 
 func (config *ClusterConfig) VSOCKEnabled() bool {

diff --git a/pkg/virt-controller/services/BUILD.bazel b/pkg/virt-controller/services/BUILD.bazel
@@ -76,6 +76,7 @@ go_test(
         "//pkg/testutils:go_default_library",
         "//pkg/util:go_default_library",
         "//pkg/virt-config:go_default_library",
+        "//pkg/virt-config/deprecation:go_default_library",
         "//pkg/virt-controller/watch/topology:go_default_library",
         "//staging/src/kubevirt.io/api/core/v1:go_default_library",
         "//staging/src/kubevirt.io/client-go/api:go_default_library",

diff --git a/pkg/virt-controller/services/template_test.go b/pkg/virt-controller/services/template_test.go
@@ -57,6 +57,7 @@ import (
 	"kubevirt.io/kubevirt/pkg/testutils"
 	"kubevirt.io/kubevirt/pkg/util"
 	virtconfig "kubevirt.io/kubevirt/pkg/virt-config"
+	"kubevirt.io/kubevirt/pkg/virt-config/deprecation"
 	"kubevirt.io/kubevirt/pkg/virt-controller/watch/topology"
 	"kubevirt.io/kubevirt/tools/vms-generator/utils"
 )
@@ -525,7 +526,7 @@ var _ = Describe("Template", func() {
 				if enableWorkaround {
 					kvConfig.Spec.Configuration.DeveloperConfiguration.FeatureGates =
 						append(kvConfig.Spec.Configuration.DeveloperConfiguration.FeatureGates,
-							virtconfig.DockerSELinuxMCSWorkaround)
+							deprecation.DockerSELinuxMCSWorkaround)
 				}
 				testutils.UpdateFakeKubeVirtClusterConfig(kvStore, kvConfig)