[v1.28] CLI Removal for v1.28.0 (#8203)

* Remove deprecated flannel ipsec

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Remove multipart backend

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Fix secrets-encryption integration test flakiness

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>

pkg/agent/flannel/setup.go

@@ -68,12 +68,6 @@ const (
 	"Type": "host-gw"
 }`
 
-	ipsecBackend = `{
-	"Type": "ipsec",
-	"UDPEncap": true,
-	"PSK": "%psk%"
-}`
-
 	tailscaledBackend = `{
 	"Type": "extension",
 	"PostStartupCommand": "tailscale set --accept-routes --advertise-routes=%Routes%",
@@ -208,20 +202,13 @@ func createFlannelConf(nodeConfig *config.Node) error {
 	}
 
 	var backendConf string
-	parts := strings.SplitN(nodeConfig.FlannelBackend, "=", 2)
-	backend := parts[0]
 	backendOptions := make(map[string]string)
-	if len(parts) > 1 {
-		logrus.Fatalf("The additional options through flannel-backend are deprecated and were removed in k3s v1.27, use flannel-conf instead")
-	}
 
-	switch backend {
+	switch nodeConfig.FlannelBackend {
 	case config.FlannelBackendVXLAN:
 		backendConf = vxlanBackend
 	case config.FlannelBackendHostGW:
 		backendConf = hostGWBackend
-	case config.FlannelBackendIPSEC:
-		logrus.Fatal("The ipsec backend is deprecated and was removed in k3s v1.27; please switch to wireguard-native. Check our docs for information on how to migrate.")
 	case config.FlannelBackendTailscale:
 		var routes string
 		switch netMode {

pkg/agent/run.go

@@ -97,7 +97,7 @@ func run(ctx context.Context, cfg cmds.Agent, proxy proxy.Proxy) error {
 	if !nodeConfig.NoFlannel {
 		if (nodeConfig.FlannelExternalIP) && (len(nodeConfig.AgentConfig.NodeExternalIPs) == 0) {
 			logrus.Warnf("Server has flannel-external-ip flag set but this node does not set node-external-ip. Flannel will use internal address when connecting to this node.")
-		} else if (nodeConfig.FlannelExternalIP) && (nodeConfig.FlannelBackend != daemonconfig.FlannelBackendWireguardNative) && (nodeConfig.FlannelBackend != daemonconfig.FlannelBackendIPSEC) {
+		} else if (nodeConfig.FlannelExternalIP) && (nodeConfig.FlannelBackend != daemonconfig.FlannelBackendWireguardNative) {
 			logrus.Warnf("Flannel is using external addresses with an insecure backend: %v. Please consider using an encrypting flannel backend.", nodeConfig.FlannelBackend)
 		}
 		if err := flannel.Prepare(ctx, nodeConfig); err != nil {

pkg/cli/cmds/server.go

@@ -210,7 +210,7 @@ var ServerFlags = []cli.Flag{
 	ClusterDomain,
 	&cli.StringFlag{
 		Name:        "flannel-backend",
-		Usage:       "(networking) Backend (valid values: 'none', 'vxlan', 'ipsec' (deprecated), 'host-gw', 'wireguard-native'",
+		Usage:       "(networking) Backend (valid values: 'none', 'vxlan', 'host-gw', 'wireguard-native'",
 		Destination: &ServerConfig.FlannelBackend,
 		Value:       "vxlan",
 	},

pkg/daemons/config/types.go

@@ -24,7 +24,6 @@ const (
 	FlannelBackendNone            = "none"
 	FlannelBackendVXLAN           = "vxlan"
 	FlannelBackendHostGW          = "host-gw"
-	FlannelBackendIPSEC           = "ipsec"
 	FlannelBackendWireguardNative = "wireguard-native"
 	FlannelBackendTailscale       = "tailscale"
 	EgressSelectorModeAgent       = "agent"

tests/integration/secretsencryption/secretsencryption_int_test.go

@@ -93,7 +93,10 @@ var _ = Describe("secrets encryption rotation", Ordered, func() {
 			Eventually(func() error {
 				return testutil.K3sDefaultDeployments()
 			}, "180s", "5s").Should(Succeed())
-			time.Sleep(10 * time.Second)
+
+			Eventually(func() (string, error) {
+				return testutil.K3sCmd("secrets-encrypt status -d", secretsEncryptionDataDir)
+			}, "120s", "5s").Should(ContainSubstring("Current Rotation Stage: rotate"))
 		})
 		It("reencrypts the keys", func() {
 			Expect(testutil.K3sCmd("secrets-encrypt reencrypt -d", secretsEncryptionDataDir)).