chore(transparent-proxy): remove v1

v1 has been deprecated for a while. It's time to remove it

Fix #4759

Signed-off-by: Charly Molter <[email protected]>

.golangci.yml

@@ -34,7 +34,6 @@ run:
   modules-download-mode: readonly
   skip-dirs-use-default: false # The default skip omits "builtin" directories, which we have.
   skip-dirs:
-    - pkg/transparentproxy/istio/tools
     - (^|/)vendored($|/)
   timeout: 30m
 

UPGRADE.md

@@ -8,6 +8,16 @@ does not have any particular instructions.
 
 ## Upgrade to `2.5.x`
 
+### Transparent-proxy and CNI v1 removal
+
+v2 has been default since 2.2.x. We are therefore removing v1.
+
+### Deprecated argument to transparent-proxy
+
+Parameters `--exclude-outbound-tcp-ports-for-uids` and `--exclude-outbound-udp-ports-for-uids` are now merged into `--exclude-outbound-ports-for-uids` for `kumactl install transparent-proxy`.
+We've also added the matching Kubernetes annotation: `traffic.kuma.io/exclude-outbound-ports-for-uids`.
+The previous versions will still work but will be removed in the future.
+
 ### More strict validation rules for resource names
 
 In order to be compatible with Kubernetes naming policy we updated the validation rules. Old rule:
@@ -40,12 +50,6 @@ While you can use the old API they will be removed in a future version
 The configuration: `Metrics.Mesh.MinResyncTimeout` and `Metrics.Mesh.MaxResyncTimeout` are replaced by `Metrics.Mesh.MinResyncInterval` and `Metrics.Mesh.FullResyncInterval`.
 You can still use the current configs but it will be removed in the future.
 
-### Deprecated argument
-
-Parameters `--exclude-outbound-tcp-ports-for-uids` and `--exclude-outbound-udp-ports-for-uids` are now merged into `--exclude-outbound-ports-for-uids` for `kumactl install transparent-proxy`.
-We've also added the matching Kubernetes annotation: `traffic.kuma.io/exclude-outbound-ports-for-uids`.
-The previous versions will still work but will be removed in the future.
-
 ### **Breaking changes**
 
 #### Removal of service field in Dataplane outbound

app/kumactl/cmd/completion/testdata/bash.golden

@@ -5420,8 +5420,6 @@ _kumactl_install_transparent-proxy()
     local_nonpersistent_flags+=("--sleep-between-retries=")
     flags+=("--store-firewalld")
     local_nonpersistent_flags+=("--store-firewalld")
-    flags+=("--use-transparent-proxy-engine-v1")
-    local_nonpersistent_flags+=("--use-transparent-proxy-engine-v1")
     flags+=("--verbose")
     local_nonpersistent_flags+=("--verbose")
     flags+=("--vnet=")

app/kumactl/cmd/install/install_control_plane_test.go

@@ -220,16 +220,7 @@ var _ = Describe("kumactl install control-plane", func() {
 			},
 			goldenFile: "install-control-plane.cni-enabled.golden.yaml",
 		}),
-		Entry("should generate Kubernetes resources with CNI plugin v1", testCase{
-			extraArgs: []string{
-				"--cni-enabled",
-				"--set",
-				"legacy.cni.enabled=true",
-			},
-			goldenFile: "install-control-plane.cni-legacy-enabled.golden.yaml",
-		}),
-		Entry("should generate Kubernetes resources with transparent v2 "+
-			"using ebpf (experimental)", testCase{
+		Entry("should generate Kubernetes resources using ebpf (experimental)", testCase{
 			extraArgs: []string{
 				"--set", "experimental.ebpf.enabled=true",
 			},

app/kumactl/cmd/install/install_transparent_proxy.go

@@ -5,7 +5,6 @@ package install
 
 import (
 	"fmt"
-	"net"
 	os_user "os/user"
 	"runtime"
 	"time"
@@ -38,7 +37,6 @@ type transparentProxyArgs struct {
 	DNSUpstreamTargetChain         string
 	StoreFirewalld                 bool
 	SkipDNSConntrackZoneSplit      bool
-	UseTransparentProxyEngineV1    bool
 	EbpfEnabled                    bool
 	EbpfProgramsSourcePath         string
 	EbpfInstanceIP                 string
@@ -72,7 +70,6 @@ func newInstallTransparentProxy() *cobra.Command {
 		DNSUpstreamTargetChain:         "RETURN",
 		StoreFirewalld:                 false,
 		SkipDNSConntrackZoneSplit:      false,
-		UseTransparentProxyEngineV1:    false,
 		EbpfEnabled:                    false,
 		EbpfProgramsSourcePath:         "/kuma/ebpf",
 		EbpfBPFFSPath:                  "/sys/fs/bpf",
@@ -157,10 +154,6 @@ runuser -u kuma-dp -- \
 					return errors.Errorf("--ebpf-instance-ip flag has to be specified --ebpf-enabled is provided")
 				}
 
-				if args.UseTransparentProxyEngineV1 {
-					return errors.Errorf("--use-transparent-proxy-engine-v1 flag cannot be specified when --ebpf-enabled is provided")
-				}
-
 				if args.StoreFirewalld {
 					_, _ = cmd.ErrOrStderr().Write([]byte("# [WARNING] --store-firewalld will be ignored when --ebpf-enabled is being used\n"))
 				}
@@ -205,18 +198,11 @@ runuser -u kuma-dp -- \
 	cmd.Flags().StringVar(&args.User, "kuma-dp-user", args.UID, "the user that will run kuma-dp")
 	cmd.Flags().StringVar(&args.UID, "kuma-dp-uid", args.UID, "the uid of the user that will run kuma-dp")
 	cmd.Flags().BoolVar(&args.RedirectDNS, "redirect-dns", args.RedirectDNS, "redirect only DNS requests targeted to the servers listed in /etc/resolv.conf to a specified port")
-	// Deprecation issue: https://github.com/kumahq/kuma/issues/4759
 	cmd.Flags().BoolVar(&args.RedirectAllDNSTraffic, "redirect-all-dns-traffic", args.RedirectAllDNSTraffic, "redirect all DNS traffic to a specified port, unlike --redirect-dns this will not be limited to the dns servers identified in /etc/resolve.conf")
 	cmd.Flags().StringVar(&args.AgentDNSListenerPort, "redirect-dns-port", args.AgentDNSListenerPort, "the port where the DNS agent is listening")
 	cmd.Flags().StringVar(&args.DNSUpstreamTargetChain, "redirect-dns-upstream-target-chain", args.DNSUpstreamTargetChain, "(optional) the iptables chain where the upstream DNS requests should be directed to. It is only applied for IP V4. Use with care.")
-	// Deprecation issue: https://github.com/kumahq/kuma/issues/4759
-	_ = cmd.Flags().Bool("skip-resolv-conf", false, "[Deprecated]")
-	_ = cmd.Flags().MarkDeprecated("skip-resolv-conf", "we never change resolveConf so this flag has no effect, you can stop using it")
 	cmd.Flags().BoolVar(&args.StoreFirewalld, "store-firewalld", args.StoreFirewalld, "store the iptables changes with firewalld")
-	_ = cmd.Flags().IP("kuma-cp-ip", net.IPv4(0, 0, 0, 0), "[Deprecated]")
-	_ = cmd.Flags().MarkDeprecated("kuma-cp-ip", "Running a DNS inside the CP is not possible anymore")
 	cmd.Flags().BoolVar(&args.SkipDNSConntrackZoneSplit, "skip-dns-conntrack-zone-split", args.SkipDNSConntrackZoneSplit, "skip applying conntrack zone splitting iptables rules")
-	cmd.Flags().BoolVar(&args.UseTransparentProxyEngineV1, "use-transparent-proxy-engine-v1", args.UseTransparentProxyEngineV1, "use legacy transparent proxy engine v1")
 
 	// ebpf
 	cmd.Flags().BoolVar(&args.EbpfEnabled, "ebpf-enabled", args.EbpfEnabled, "use ebpf instead of iptables to install transparent proxy")
@@ -297,18 +283,7 @@ func configureTransparentProxy(cmd *cobra.Command, args *transparentProxyArgs) e
 		MaxRetries:                args.MaxRetries,
 		SleepBetweenRetries:       args.SleepBetweenRetries,
 	}
-
-	if args.UseTransparentProxyEngineV1 {
-		tp = transparentproxy.V1()
-
-		// best effort cleanup before we apply the rules (again?)
-		_, err := tp.Cleanup(cfg)
-		if err != nil {
-			return errors.Wrapf(err, "unable to invoke cleanup")
-		}
-	} else {
-		tp = transparentproxy.V2()
-	}
+	tp = transparentproxy.V2()
 
 	output, err := tp.Setup(cfg)
 	if err != nil {

app/kumactl/cmd/install/testdata/install-control-plane.cni-enabled.golden.yaml

@@ -482,8 +482,8 @@ spec:
         {}
       containers:
         - name: install-cni
-          image: "docker.io/kumahq/kuma-cni:0.0.1"
           imagePullPolicy: IfNotPresent
+          image: "docker.io/kumahq/kuma-cni:0.0.1"
           readinessProbe:
             initialDelaySeconds: 0
             exec: