Remove graduated SDN feature gates

[JoelSpeed]

User description

This removes the NetworkLiveMigration, NetworkDiagnosticsConfig, NetworkSegmentation, AdminNetworkPolicy and AdditionalRoutingCapabilites feature gates. These were all promoted to GA prior to 4.20 so have been redundant for some time.

---

PR Type

Enhancement

---

Description

• Remove five pre-4.20 networking feature gates now GA

• Promote NetworkDiagnosticsConfig and NetworkLiveMigration to ungated

• Update validation rules from feature-gate-aware to standard kubebuilder

• Promote AdditionalRoutingCapabilities to ungated in operator specs

• Fix indentation formatting in FeatureGateKMSEncryption definition

---

Diagram Walkthrough

flowchart LR
  A["5 Legacy Feature Gates<br/>AdminNetworkPolicy<br/>NetworkSegmentation<br/>AdditionalRoutingCapabilities<br/>NetworkLiveMigration<br/>NetworkDiagnosticsConfig"] -->|Remove from features.go| B["Feature Gate Definitions"]
  A -->|Promote to Ungated| C["CRD Manifests"]
  D["Feature-Gate-Aware Validations"] -->|Replace with Standard| E["Kubebuilder Validations"]
  C -->|Add x-kubernetes-validations| F["Ungated CRD Specs"]

Loading

File Walkthrough

	Relevant files
Enhancement	7 files features.go Remove five legacy networking feature gate definitions      +6/-46    types_network.go Replace feature-gate-aware validation with standard validation +1/-3      types_network.go Remove feature gate annotations from routing capabilities +1/-2      AAA_ungated.yaml Add networkDiagnostics and conditions to ungated spec        +214/-0  AAA_ungated.yaml Add additionalRoutingCapabilities to ungated spec                +38/-0    RouteAdvertisements.yaml Add additionalRoutingCapabilities to RouteAdvertisements spec +38/-0    zz_generated.featuregated-crd-manifests.yaml Clear NetworkDiagnosticsConfig from feature gates list      +1/-2
Additional files	19 files NetworkDiagnosticsConfig.yaml +0/-2      NetworkLiveMigration.yaml +0/-2      NetworkDiagnosticsConfig.yaml +0/-446  features.md +0/-5      legacyfeaturegates.go +0/-10    AdditionalRoutingCapabilities.yaml +0/-2      NetworkLiveMigration.yaml +0/-2      zz_generated.featuregated-crd-manifests.yaml +0/-2      AdditionalRoutingCapabilities.yaml +0/-1017 NetworkLiveMigration.yaml +0/-989  legacyfeaturegates.go +0/-10    featureGate-Hypershift-Default.yaml +0/-15    featureGate-Hypershift-DevPreviewNoUpgrade.yaml +0/-15    featureGate-Hypershift-OKD.yaml +0/-15    featureGate-Hypershift-TechPreviewNoUpgrade.yaml +0/-15    featureGate-SelfManagedHA-Default.yaml +0/-15    featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml +0/-15    featureGate-SelfManagedHA-OKD.yaml +0/-15    featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml +0/-15

---

[openshift-ci-robot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[openshift-ci]

Hello @JoelSpeed! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR removes multiple network-related feature gates (AdditionalRoutingCapabilities, AdminNetworkPolicy, NetworkDiagnosticsConfig, NetworkLiveMigration, NetworkSegmentation, PreconfiguredUDNAddresses, RouteAdvertisements) from feature registries, legacy sets, enabled lists, and payload manifests. It deletes featureGates entries from several CRD test YAMLs and updates generated CRD manifests to omit those gates. It also replaces OpenShift-specific feature-gate XValidation annotations with kubebuilder XValidation annotations in Network types. No public type signatures or control-flow logic were modified.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Remove graduated SDN feature gates' clearly and specifically summarizes the main change: removing five legacy networking feature gates that were promoted to GA.
Description check	✅ Passed	The description comprehensively explains the removal of five pre-4.20 networking feature gates (NetworkLiveMigration, NetworkDiagnosticsConfig, NetworkSegmentation, AdminNetworkPolicy, AdditionalRoutingCapabilities), promotion to ungated specs, and replacement of feature-gate-aware validations with standard kubebuilder validations.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.5.0)

Error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented
The command is terminated due to an error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[JoelSpeed]

/test e2e-aws-ovn

Let's see how spectacularly this fails

[qodo-code-review]

PR-Agent: could not fine a component named e2e-aws-ovn in a supported language in this PR.

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Fix diagnostic validation quoting Fix an invalid CEL validation rule in the CRD by correcting the quoting for the string 'Disabled' and adding parentheses for logical grouping. config/v1/zz_generated.featuregated-crd-manifests/networks.config.openshift.io/AAA_ungated.yaml [291-296] x-kubernetes-validations: -- message: cannot set networkDiagnostics.sourcePlacement and networkDiagnostics.targetPlacement - when networkDiagnostics.mode is Disabled - rule: '!has(self.networkDiagnostics) || !has(self.networkDiagnostics.mode) - || self.networkDiagnostics.mode!=''Disabled'' || !has(self.networkDiagnostics.sourcePlacement) - && !has(self.networkDiagnostics.targetPlacement)' +- message: cannot set networkDiagnostics.sourcePlacement and networkDiagnostics.targetPlacement when networkDiagnostics.mode is Disabled + rule: >- + !has(self.networkDiagnostics) || !has(self.networkDiagnostics.mode) || + self.networkDiagnostics.mode!='Disabled' || + (!has(self.networkDiagnostics.sourcePlacement) && !has(self.networkDiagnostics.targetPlacement)) Apply / Chat Suggestion importance[1-10]: 9 __ Why: The suggestion correctly identifies and fixes an invalid CEL validation rule by correcting the quoting and improving readability, which is critical for the CRD to function correctly.	High
	Fix migration validation quoting Fix an invalid CEL validation rule in the CRD by correcting the quoting for the string 'Live' and adding parentheses for logical grouping. operator/v1/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/AAA_ungated.yaml [843-847] x-kubernetes-validations: -- message: networkType migration in mode other than 'Live' may not - be configured at the same time as mtu migration - rule: '!has(self.mtu) || !has(self.networkType) || self.networkType - == "" || has(self.mode) && self.mode == ''Live''' +- message: networkType migration in mode other than 'Live' may not be configured at the same time as mtu migration + rule: >- + !has(self.mtu) || !has(self.networkType) || self.networkType == "" || + (has(self.mode) && self.mode == "Live") Apply / Chat Suggestion importance[1-10]: 9 __ Why: The suggestion correctly identifies and fixes an invalid CEL validation rule by correcting the quoting and adding parentheses for clarity, which is critical for the CRD to function correctly.	High
Update

[JoelSpeed]

/test e2e-aws-ovn

[qodo-code-review]

PR-Agent: could not fine a component named e2e-aws-ovn in a supported language in this PR.

[JoelSpeed]

/testwith openshift/api/master/e2e-aws-ovn openshift/cluster-network-operator#2891

[openshift-ci]

@JoelSpeed: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-ovn	9d52d28	link	true	/test e2e-aws-ovn
ci/prow/minor-e2e-upgrade-minor	b792c56	link	true	/test minor-e2e-upgrade-minor

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[JoelSpeed]

/pipeline required

[openshift-ci-robot]

Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters:
/test e2e-aws-ovn
/test e2e-aws-ovn-hypershift
/test e2e-aws-ovn-hypershift-conformance
/test e2e-aws-ovn-techpreview
/test e2e-aws-serial-1of2
/test e2e-aws-serial-2of2
/test e2e-aws-serial-techpreview-1of2
/test e2e-aws-serial-techpreview-2of2
/test e2e-azure
/test e2e-gcp
/test e2e-upgrade
/test e2e-upgrade-out-of-change

[JoelSpeed]

/verified by CI

Once the CI passes, we won't need any further verification

[openshift-ci-robot]

@JoelSpeed: This PR has been marked as verified by CI.

Details

In response to this:

/verified by CI

Once the CI passes, we won't need any further verification

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[everettraven]

/lgtm

[openshift-ci-robot]

Tests from second stage were triggered manually. Pipeline can be controlled only manually, until HEAD changes. Use command to trigger second stage.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: everettraven

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [everettraven]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 6186972 and 2 for PR HEAD b792c56 in total