748 lines
45 KiB
Markdown
748 lines
45 KiB
Markdown
---
|
|
title: Feature Gates
|
|
weight: 10
|
|
content_type: concept
|
|
card:
|
|
name: reference
|
|
weight: 60
|
|
---
|
|
|
|
<!-- overview -->
|
|
This page contains an overview of the various feature gates an administrator
|
|
can specify on different Kubernetes components.
|
|
|
|
See [feature stages](#feature-stages) for an explanation of the stages for a feature.
|
|
|
|
|
|
<!-- body -->
|
|
## Overview
|
|
|
|
Feature gates are a set of key=value pairs that describe Kubernetes features.
|
|
You can turn these features on or off using the `--feature-gates` command line flag
|
|
on each Kubernetes component.
|
|
|
|
Each Kubernetes component lets you enable or disable a set of feature gates that
|
|
are relevant to that component.
|
|
Use `-h` flag to see a full set of feature gates for all components.
|
|
To set feature gates for a component, such as kubelet, use the `--feature-gates`
|
|
flag assigned to a list of feature pairs:
|
|
|
|
```shell
|
|
--feature-gates=...,GracefulNodeShutdown=true
|
|
```
|
|
|
|
The following tables are a summary of the feature gates that you can set on
|
|
different Kubernetes components.
|
|
|
|
- The "Since" column contains the Kubernetes release when a feature is introduced
|
|
or its release stage is changed.
|
|
- The "Until" column, if not empty, contains the last Kubernetes release in which
|
|
you can still use a feature gate.
|
|
- If a feature is in the Alpha or Beta state, you can find the feature listed
|
|
in the [Alpha/Beta feature gate table](#feature-gates-for-alpha-or-beta-features).
|
|
- If a feature is stable you can find all stages for that feature listed in the
|
|
[Graduated/Deprecated feature gate table](#feature-gates-for-graduated-or-deprecated-features).
|
|
- The [Graduated/Deprecated feature gate table](#feature-gates-for-graduated-or-deprecated-features)
|
|
also lists deprecated and withdrawn features.
|
|
|
|
{{< note >}}
|
|
For a reference to old feature gates that are removed, please refer to
|
|
[feature gates removed](/docs/reference/command-line-tools-reference/feature-gates-removed/).
|
|
{{< /note >}}
|
|
|
|
### Feature gates for Alpha or Beta features
|
|
|
|
{{< table caption="Feature gates for features in Alpha or Beta states" >}}
|
|
|
|
| Feature | Default | Stage | Since | Until |
|
|
|---------|---------|-------|-------|-------|
|
|
| `APIListChunking` | `false` | Alpha | 1.8 | 1.8 |
|
|
| `APIListChunking` | `true` | Beta | 1.9 | |
|
|
| `APIPriorityAndFairness` | `false` | Alpha | 1.18 | 1.19 |
|
|
| `APIPriorityAndFairness` | `true` | Beta | 1.20 | |
|
|
| `APIResponseCompression` | `false` | Alpha | 1.7 | 1.15 |
|
|
| `APIResponseCompression` | `true` | Beta | 1.16 | |
|
|
| `APIServerIdentity` | `false` | Alpha | 1.20 | |
|
|
| `APIServerTracing` | `false` | Alpha | 1.22 | |
|
|
| `AllowInsecureBackendProxy` | `true` | Beta | 1.17 | |
|
|
| `AnyVolumeDataSource` | `false` | Alpha | 1.18 | 1.23 |
|
|
| `AnyVolumeDataSource` | `true` | Beta | 1.24 | |
|
|
| `AppArmor` | `true` | Beta | 1.4 | |
|
|
| `CPUManager` | `false` | Alpha | 1.8 | 1.9 |
|
|
| `CPUManager` | `true` | Beta | 1.10 | |
|
|
| `CPUManagerPolicyAlphaOptions` | `false` | Alpha | 1.23 | |
|
|
| `CPUManagerPolicyBetaOptions` | `true` | Beta | 1.23 | |
|
|
| `CPUManagerPolicyOptions` | `false` | Alpha | 1.22 | 1.22 |
|
|
| `CPUManagerPolicyOptions` | `true` | Beta | 1.23 | |
|
|
| `CSIMigrationAzureFile` | `false` | Alpha | 1.15 | 1.20 |
|
|
| `CSIMigrationAzureFile` | `false` | Beta | 1.21 | 1.23 |
|
|
| `CSIMigrationAzureFile` | `true` | Beta | 1.24 | |
|
|
| `CSIMigrationPortworx` | `false` | Alpha | 1.23 | 1.24 |
|
|
| `CSIMigrationPortworx` | `false` | Beta | 1.25 | |
|
|
| `CSIMigrationRBD` | `false` | Alpha | 1.23 | |
|
|
| `CSIMigrationvSphere` | `false` | Alpha | 1.18 | 1.18 |
|
|
| `CSIMigrationvSphere` | `false` | Beta | 1.19 | 1.24 |
|
|
| `CSIMigrationvSphere` | `true` | Beta | 1.25 | |
|
|
| `CSINodeExpandSecret` | `false` | Alpha | 1.25 | |
|
|
| `CSIVolumeHealth` | `false` | Alpha | 1.21 | |
|
|
| `ContainerCheckpoint` | `false` | Alpha | 1.25 | |
|
|
| `ContextualLogging` | `false` | Alpha | 1.24 | |
|
|
| `CustomCPUCFSQuotaPeriod` | `false` | Alpha | 1.12 | |
|
|
| `CustomResourceValidationExpressions` | `false` | Alpha | 1.23 | 1.24 |
|
|
| `CustomResourceValidationExpressions` | `true` | Beta | 1.25 | |
|
|
| `DelegateFSGroupToCSIDriver` | `false` | Alpha | 1.22 | 1.22 |
|
|
| `DelegateFSGroupToCSIDriver` | `true` | Beta | 1.23 | |
|
|
| `DevicePlugins` | `false` | Alpha | 1.8 | 1.9 |
|
|
| `DevicePlugins` | `true` | Beta | 1.10 | |
|
|
| `DisableCloudProviders` | `false` | Alpha | 1.22 | |
|
|
| `DisableKubeletCloudCredentialProviders` | `false` | Alpha | 1.23 | |
|
|
| `DownwardAPIHugePages` | `false` | Alpha | 1.20 | 1.20 |
|
|
| `DownwardAPIHugePages` | `false` | Beta | 1.21 | 1.21 |
|
|
| `DownwardAPIHugePages` | `true` | Beta | 1.22 | |
|
|
| `EndpointSliceTerminatingCondition` | `false` | Alpha | 1.20 | 1.21 |
|
|
| `EndpointSliceTerminatingCondition` | `true` | Beta | 1.22 | |
|
|
| `ExpandedDNSConfig` | `false` | Alpha | 1.22 | |
|
|
| `ExperimentalHostUserNamespaceDefaulting` | `false` | Beta | 1.5 | |
|
|
| `GRPCContainerProbe` | `false` | Alpha | 1.23 | 1.23 |
|
|
| `GRPCContainerProbe` | `true` | Beta | 1.24 | |
|
|
| `GracefulNodeShutdown` | `false` | Alpha | 1.20 | 1.20 |
|
|
| `GracefulNodeShutdown` | `true` | Beta | 1.21 | |
|
|
| `GracefulNodeShutdownBasedOnPodPriority` | `false` | Alpha | 1.23 | 1.23 |
|
|
| `GracefulNodeShutdownBasedOnPodPriority` | `true` | Beta | 1.24 | |
|
|
| `HPAContainerMetrics` | `false` | Alpha | 1.20 | |
|
|
| `HPAScaleToZero` | `false` | Alpha | 1.16 | |
|
|
| `HonorPVReclaimPolicy` | `false` | Alpha | 1.23 | |
|
|
| `InTreePluginAWSUnregister` | `false` | Alpha | 1.21 | |
|
|
| `InTreePluginAzureDiskUnregister` | `false` | Alpha | 1.21 | |
|
|
| `InTreePluginAzureFileUnregister` | `false` | Alpha | 1.21 | |
|
|
| `InTreePluginGCEUnregister` | `false` | Alpha | 1.21 | |
|
|
| `InTreePluginOpenStackUnregister` | `false` | Alpha | 1.21 | |
|
|
| `InTreePluginPortworxUnregister` | `false` | Alpha | 1.23 | |
|
|
| `InTreePluginRBDUnregister` | `false` | Alpha | 1.23 | |
|
|
| `InTreePluginvSphereUnregister` | `false` | Alpha | 1.21 | |
|
|
| `IPTablesOwnershipCleanup` | `false` | Alpha | 1.25 | |
|
|
| `JobMutableNodeSchedulingDirectives` | `true` | Beta | 1.23 | |
|
|
| `JobPodFailurePolicy` | `false` | Alpha | 1.25 | - |
|
|
| `JobReadyPods` | `false` | Alpha | 1.23 | 1.23 |
|
|
| `JobReadyPods` | `true` | Beta | 1.24 | |
|
|
| `JobTrackingWithFinalizers` | `false` | Alpha | 1.22 | 1.22 |
|
|
| `JobTrackingWithFinalizers` | `true` | Beta | 1.23 | |
|
|
| `KubeletCredentialProviders` | `false` | Alpha | 1.20 | 1.23 |
|
|
| `KubeletCredentialProviders` | `true` | Beta | 1.24 | |
|
|
| `KubeletInUserNamespace` | `false` | Alpha | 1.22 | |
|
|
| `KubeletPodResources` | `false` | Alpha | 1.13 | 1.14 |
|
|
| `KubeletPodResources` | `true` | Beta | 1.15 | |
|
|
| `KubeletPodResourcesGetAllocatable` | `false` | Alpha | 1.21 | 1.22 |
|
|
| `KubeletPodResourcesGetAllocatable` | `true` | Beta | 1.23 | |
|
|
| `KubeletTracing` | `false` | Alpha | 1.25 | |
|
|
| `LegacyServiceAccountTokenNoAutoGeneration` | `true` | Beta | 1.24 | |
|
|
| `LocalStorageCapacityIsolationFSQuotaMonitoring` | `false` | Alpha | 1.15 | 1.24 |
|
|
| `LocalStorageCapacityIsolationFSQuotaMonitoring` | `true` | Beta | 1.25 | |
|
|
| `LogarithmicScaleDown` | `false` | Alpha | 1.21 | 1.21 |
|
|
| `LogarithmicScaleDown` | `true` | Beta | 1.22 | |
|
|
| `MatchLabelKeysInPodTopologySpread` | `false` | Alpha | 1.25 | |
|
|
| `MaxUnavailableStatefulSet` | `false` | Alpha | 1.24 | |
|
|
| `MemoryManager` | `false` | Alpha | 1.21 | 1.21 |
|
|
| `MemoryManager` | `true` | Beta | 1.22 | |
|
|
| `MemoryQoS` | `false` | Alpha | 1.22 | |
|
|
| `MinDomainsInPodTopologySpread` | `false` | Alpha | 1.24 | 1.24 |
|
|
| `MinDomainsInPodTopologySpread` | `false` | Beta | 1.25 | |
|
|
| `MixedProtocolLBService` | `false` | Alpha | 1.20 | 1.23 |
|
|
| `MixedProtocolLBService` | `true` | Beta | 1.24 | |
|
|
| `MultiCIDRRangeAllocator` | `false` | Alpha | 1.25 | |
|
|
| `NetworkPolicyStatus` | `false` | Alpha | 1.24 | |
|
|
| `NodeInclusionPolicyInPodTopologySpread` | `false` | Alpha | 1.25 | |
|
|
| `NodeOutOfServiceVolumeDetach` | `false` | Alpha | 1.24 | |
|
|
| `NodeSwap` | `false` | Alpha | 1.22 | |
|
|
| `OpenAPIEnums` | `false` | Alpha | 1.23 | 1.23 |
|
|
| `OpenAPIEnums` | `true` | Beta | 1.24 | |
|
|
| `OpenAPIV3` | `false` | Alpha | 1.23 | 1.23 |
|
|
| `OpenAPIV3` | `true` | Beta | 1.24 | |
|
|
| `PodAndContainerStatsFromCRI` | `false` | Alpha | 1.23 | |
|
|
| `PodDeletionCost` | `false` | Alpha | 1.21 | 1.21 |
|
|
| `PodDeletionCost` | `true` | Beta | 1.22 | |
|
|
| `PodDisruptionConditions` | `false` | Alpha | 1.25 | - |
|
|
| `PodHasNetworkCondition` | `false` | Alpha | 1.25 | |
|
|
| `ProbeTerminationGracePeriod` | `false` | Alpha | 1.21 | 1.21 |
|
|
| `ProbeTerminationGracePeriod` | `false` | Beta | 1.22 | 1.24 |
|
|
| `ProbeTerminationGracePeriod` | `true` | Beta | 1.25 | |
|
|
| `ProcMountType` | `false` | Alpha | 1.12 | |
|
|
| `ProxyTerminatingEndpoints` | `false` | Alpha | 1.22 | |
|
|
| `QOSReserved` | `false` | Alpha | 1.11 | |
|
|
| `ReadWriteOncePod` | `false` | Alpha | 1.22 | |
|
|
| `RecoverVolumeExpansionFailure` | `false` | Alpha | 1.23 | |
|
|
| `RemainingItemCount` | `false` | Alpha | 1.15 | 1.15 |
|
|
| `RemainingItemCount` | `true` | Beta | 1.16 | |
|
|
| `RetroactiveDefaultStorageClass` | `false` | Alpha | 1.25 | |
|
|
| `RotateKubeletServerCertificate` | `false` | Alpha | 1.7 | 1.11 |
|
|
| `RotateKubeletServerCertificate` | `true` | Beta | 1.12 | |
|
|
| `SELinuxMountReadWriteOncePod` | `false` | Alpha | 1.25 | |
|
|
| `SeccompDefault` | `false` | Alpha | 1.22 | 1.24 |
|
|
| `SeccompDefault` | `true` | Beta | 1.25 | |
|
|
| `ServerSideFieldValidation` | `false` | Alpha | 1.23 | 1.24 |
|
|
| `ServerSideFieldValidation` | `true` | Beta | 1.25 | |
|
|
| `ServiceIPStaticSubrange` | `false` | Alpha | 1.24 | 1.24 |
|
|
| `ServiceIPStaticSubrange` | `true` | Beta | 1.25 | |
|
|
| `ServiceInternalTrafficPolicy` | `false` | Alpha | 1.21 | 1.21 |
|
|
| `ServiceInternalTrafficPolicy` | `true` | Beta | 1.22 | |
|
|
| `SizeMemoryBackedVolumes` | `false` | Alpha | 1.20 | 1.21 |
|
|
| `SizeMemoryBackedVolumes` | `true` | Beta | 1.22 | |
|
|
| `StatefulSetAutoDeletePVC` | `false` | Alpha | 1.22 | |
|
|
| `StorageVersionAPI` | `false` | Alpha | 1.20 | |
|
|
| `StorageVersionHash` | `false` | Alpha | 1.14 | 1.14 |
|
|
| `StorageVersionHash` | `true` | Beta | 1.15 | |
|
|
| `TopologyAwareHints` | `false` | Alpha | 1.21 | 1.22 |
|
|
| `TopologyAwareHints` | `false` | Beta | 1.23 | 1.23 |
|
|
| `TopologyAwareHints` | `true` | Beta | 1.24 | |
|
|
| `TopologyManager` | `false` | Alpha | 1.16 | 1.17 |
|
|
| `TopologyManager` | `true` | Beta | 1.18 | |
|
|
| `UserNamespacesStatelessPodsSupport` | `false` | Alpha | 1.25 | |
|
|
| `VolumeCapacityPriority` | `false` | Alpha | 1.21 | - |
|
|
| `WinDSR` | `false` | Alpha | 1.14 | |
|
|
| `WinOverlay` | `false` | Alpha | 1.14 | 1.19 |
|
|
| `WinOverlay` | `true` | Beta | 1.20 | |
|
|
| `WindowsHostProcessContainers` | `false` | Alpha | 1.22 | 1.22 |
|
|
| `WindowsHostProcessContainers` | `true` | Beta | 1.23 | |
|
|
{{< /table >}}
|
|
|
|
### Feature gates for graduated or deprecated features
|
|
|
|
{{< table caption="Feature Gates for Graduated or Deprecated Features" >}}
|
|
|
|
| Feature | Default | Stage | Since | Until |
|
|
|---------|---------|-------|-------|-------|
|
|
| `AdvancedAuditing` | `false` | Alpha | 1.7 | 1.7 |
|
|
| `AdvancedAuditing` | `true` | Beta | 1.8 | 1.11 |
|
|
| `AdvancedAuditing` | `true` | GA | 1.12 | - |
|
|
| `CSIInlineVolume` | `false` | Alpha | 1.15 | 1.15 |
|
|
| `CSIInlineVolume` | `true` | Beta | 1.16 | 1.24 |
|
|
| `CSIInlineVolume` | `true` | GA | 1.25 | - |
|
|
| `CSIMigration` | `false` | Alpha | 1.14 | 1.16 |
|
|
| `CSIMigration` | `true` | Beta | 1.17 | 1.24 |
|
|
| `CSIMigration` | `true` | GA | 1.25 | - |
|
|
| `CSIMigrationAWS` | `false` | Alpha | 1.14 | 1.16 |
|
|
| `CSIMigrationAWS` | `false` | Beta | 1.17 | 1.22 |
|
|
| `CSIMigrationAWS` | `true` | Beta | 1.23 | 1.24 |
|
|
| `CSIMigrationAWS` | `true` | GA | 1.25 | - |
|
|
| `CSIMigrationAzureDisk` | `false` | Alpha | 1.15 | 1.18 |
|
|
| `CSIMigrationAzureDisk` | `false` | Beta | 1.19 | 1.22 |
|
|
| `CSIMigrationAzureDisk` | `true` | Beta | 1.23 | 1.23 |
|
|
| `CSIMigrationAzureDisk` | `true` | GA | 1.24 | |
|
|
| `CSIMigrationGCE` | `false` | Alpha | 1.14 | 1.16 |
|
|
| `CSIMigrationGCE` | `false` | Beta | 1.17 | 1.22 |
|
|
| `CSIMigrationGCE` | `true` | Beta | 1.23 | 1.24 |
|
|
| `CSIMigrationGCE` | `true` | GA | 1.25 | - |
|
|
| `CSIMigrationOpenStack` | `false` | Alpha | 1.14 | 1.17 |
|
|
| `CSIMigrationOpenStack` | `true` | Beta | 1.18 | 1.23 |
|
|
| `CSIMigrationOpenStack` | `true` | GA | 1.24 | |
|
|
| `CSIStorageCapacity` | `false` | Alpha | 1.19 | 1.20 |
|
|
| `CSIStorageCapacity` | `true` | Beta | 1.21 | 1.23 |
|
|
| `CSIStorageCapacity` | `true` | GA | 1.24 | - |
|
|
| `CSRDuration` | `true` | Beta | 1.22 | 1.23 |
|
|
| `CSRDuration` | `true` | GA | 1.24 | - |
|
|
| `ControllerManagerLeaderMigration` | `false` | Alpha | 1.21 | 1.21 |
|
|
| `ControllerManagerLeaderMigration` | `true` | Beta | 1.22 | 1.23 |
|
|
| `ControllerManagerLeaderMigration` | `true` | GA | 1.24 | - |
|
|
| `CronJobTimeZone` | `false` | Alpha | 1.24 | 1.24 |
|
|
| `CronJobTimeZone` | `true` | Beta | 1.25 | |
|
|
| `DaemonSetUpdateSurge` | `false` | Alpha | 1.21 | 1.21 |
|
|
| `DaemonSetUpdateSurge` | `true` | Beta | 1.22 | 1.24 |
|
|
| `DaemonSetUpdateSurge` | `true` | GA | 1.25 | - |
|
|
| `DefaultPodTopologySpread` | `false` | Alpha | 1.19 | 1.19 |
|
|
| `DefaultPodTopologySpread` | `true` | Beta | 1.20 | 1.23 |
|
|
| `DefaultPodTopologySpread` | `true` | GA | 1.24 | - |
|
|
| `DisableAcceleratorUsageMetrics` | `false` | Alpha | 1.19 | 1.19 |
|
|
| `DisableAcceleratorUsageMetrics` | `true` | Beta | 1.20 | 1.24 |
|
|
| `DisableAcceleratorUsageMetrics` | `true` | GA | 1.25 |- |
|
|
| `DryRun` | `false` | Alpha | 1.12 | 1.12 |
|
|
| `DryRun` | `true` | Beta | 1.13 | 1.18 |
|
|
| `DryRun` | `true` | GA | 1.19 | - |
|
|
| `DynamicKubeletConfig` | `false` | Alpha | 1.4 | 1.10 |
|
|
| `DynamicKubeletConfig` | `true` | Beta | 1.11 | 1.21 |
|
|
| `DynamicKubeletConfig` | `false` | Deprecated | 1.22 | - |
|
|
| `EfficientWatchResumption` | `false` | Alpha | 1.20 | 1.20 |
|
|
| `EfficientWatchResumption` | `true` | Beta | 1.21 | 1.23 |
|
|
| `EfficientWatchResumption` | `true` | GA | 1.24 | - |
|
|
| `EphemeralContainers` | `false` | Alpha | 1.16 | 1.22 |
|
|
| `EphemeralContainers` | `true` | Beta | 1.23 | 1.24 |
|
|
| `EphemeralContainers` | `true` | GA | 1.25 | - |
|
|
| `ExecProbeTimeout` | `true` | GA | 1.20 | - |
|
|
| `ExpandCSIVolumes` | `false` | Alpha | 1.14 | 1.15 |
|
|
| `ExpandCSIVolumes` | `true` | Beta | 1.16 | 1.23 |
|
|
| `ExpandCSIVolumes` | `true` | GA | 1.24 | - |
|
|
| `ExpandInUsePersistentVolumes` | `false` | Alpha | 1.11 | 1.14 |
|
|
| `ExpandInUsePersistentVolumes` | `true` | Beta | 1.15 | 1.23 |
|
|
| `ExpandInUsePersistentVolumes` | `true` | GA | 1.24 | - |
|
|
| `ExpandPersistentVolumes` | `false` | Alpha | 1.8 | 1.10 |
|
|
| `ExpandPersistentVolumes` | `true` | Beta | 1.11 | 1.23 |
|
|
| `ExpandPersistentVolumes` | `true` | GA | 1.24 |- |
|
|
| `IdentifyPodOS` | `false` | Alpha | 1.23 | 1.23 |
|
|
| `IdentifyPodOS` | `true` | Beta | 1.24 | 1.24 |
|
|
| `IdentifyPodOS` | `true` | GA | 1.25 | - |
|
|
| `IndexedJob` | `false` | Alpha | 1.21 | 1.21 |
|
|
| `IndexedJob` | `true` | Beta | 1.22 | 1.23 |
|
|
| `IndexedJob` | `true` | GA | 1.24 | - |
|
|
| `LocalStorageCapacityIsolation` | `false` | Alpha | 1.7 | 1.9 |
|
|
| `LocalStorageCapacityIsolation` | `true` | Beta | 1.10 | 1.24 |
|
|
| `LocalStorageCapacityIsolation` | `true` | GA | 1.25 | - |
|
|
| `NetworkPolicyEndPort` | `false` | Alpha | 1.21 | 1.21 |
|
|
| `NetworkPolicyEndPort` | `true` | Beta | 1.22 | 1.24 |
|
|
| `NetworkPolicyEndPort` | `true` | GA | 1.25 | - |
|
|
| `NonPreemptingPriority` | `false` | Alpha | 1.15 | 1.18 |
|
|
| `NonPreemptingPriority` | `true` | Beta | 1.19 | 1.23 |
|
|
| `NonPreemptingPriority` | `true` | GA | 1.24 | - |
|
|
| `PodAffinityNamespaceSelector` | `false` | Alpha | 1.21 | 1.21 |
|
|
| `PodAffinityNamespaceSelector` | `true` | Beta | 1.22 | 1.23 |
|
|
| `PodAffinityNamespaceSelector` | `true` | GA | 1.24 | - |
|
|
| `PodOverhead` | `false` | Alpha | 1.16 | 1.17 |
|
|
| `PodOverhead` | `true` | Beta | 1.18 | 1.23 |
|
|
| `PodOverhead` | `true` | GA | 1.24 | - |
|
|
| `PodSecurity` | `false` | Alpha | 1.22 | 1.22 |
|
|
| `PodSecurity` | `true` | Beta | 1.23 | 1.24 |
|
|
| `PodSecurity` | `true` | GA | 1.25 | |
|
|
| `PreferNominatedNode` | `false` | Alpha | 1.21 | 1.21 |
|
|
| `PreferNominatedNode` | `true` | Beta | 1.22 | 1.23 |
|
|
| `PreferNominatedNode` | `true` | GA | 1.24 | - |
|
|
| `RemoveSelfLink` | `false` | Alpha | 1.16 | 1.19 |
|
|
| `RemoveSelfLink` | `true` | Beta | 1.20 | 1.23 |
|
|
| `RemoveSelfLink` | `true` | GA | 1.24 | - |
|
|
| `ServerSideApply` | `false` | Alpha | 1.14 | 1.15 |
|
|
| `ServerSideApply` | `true` | Beta | 1.16 | 1.21 |
|
|
| `ServerSideApply` | `true` | GA | 1.22 | - |
|
|
| `ServiceLBNodePortControl` | `false` | Alpha | 1.20 | 1.21 |
|
|
| `ServiceLBNodePortControl` | `true` | Beta | 1.22 | 1.23 |
|
|
| `ServiceLBNodePortControl` | `true` | GA | 1.24 | - |
|
|
| `ServiceLoadBalancerClass` | `false` | Alpha | 1.21 | 1.21 |
|
|
| `ServiceLoadBalancerClass` | `true` | Beta | 1.22 | 1.23 |
|
|
| `ServiceLoadBalancerClass` | `true` | GA | 1.24 | - |
|
|
| `StatefulSetMinReadySeconds` | `false` | Alpha | 1.22 | 1.22 |
|
|
| `StatefulSetMinReadySeconds` | `true` | Beta | 1.23 | 1.24 |
|
|
| `StatefulSetMinReadySeconds` | `true` | GA | 1.25 | - |
|
|
| `SuspendJob` | `false` | Alpha | 1.21 | 1.21 |
|
|
| `SuspendJob` | `true` | Beta | 1.22 | 1.23 |
|
|
| `SuspendJob` | `true` | GA | 1.24 | - |
|
|
| `WatchBookmark` | `false` | Alpha | 1.15 | 1.15 |
|
|
| `WatchBookmark` | `true` | Beta | 1.16 | 1.16 |
|
|
| `WatchBookmark` | `true` | GA | 1.17 | - |
|
|
{{< /table >}}
|
|
|
|
## Using a feature
|
|
|
|
### Feature stages
|
|
|
|
A feature can be in *Alpha*, *Beta* or *GA* stage.
|
|
An *Alpha* feature means:
|
|
|
|
* Disabled by default.
|
|
* Might be buggy. Enabling the feature may expose bugs.
|
|
* Support for feature may be dropped at any time without notice.
|
|
* The API may change in incompatible ways in a later software release without notice.
|
|
* Recommended for use only in short-lived testing clusters, due to increased
|
|
risk of bugs and lack of long-term support.
|
|
|
|
A *Beta* feature means:
|
|
|
|
* Enabled by default.
|
|
* The feature is well tested. Enabling the feature is considered safe.
|
|
* Support for the overall feature will not be dropped, though details may change.
|
|
* The schema and/or semantics of objects may change in incompatible ways in a
|
|
subsequent beta or stable release. When this happens, we will provide instructions
|
|
for migrating to the next version. This may require deleting, editing, and
|
|
re-creating API objects. The editing process may require some thought.
|
|
This may require downtime for applications that rely on the feature.
|
|
* Recommended for only non-business-critical uses because of potential for
|
|
incompatible changes in subsequent releases. If you have multiple clusters
|
|
that can be upgraded independently, you may be able to relax this restriction.
|
|
|
|
{{< note >}}
|
|
Please do try *Beta* features and give feedback on them!
|
|
After they exit beta, it may not be practical for us to make more changes.
|
|
{{< /note >}}
|
|
|
|
A *General Availability* (GA) feature is also referred to as a *stable* feature. It means:
|
|
|
|
* The feature is always enabled; you cannot disable it.
|
|
* The corresponding feature gate is no longer needed.
|
|
* Stable versions of features will appear in released software for many subsequent versions.
|
|
|
|
## List of feature gates {#feature-gates}
|
|
|
|
Each feature gate is designed for enabling/disabling a specific feature:
|
|
|
|
- `APIListChunking`: Enable the API clients to retrieve (`LIST` or `GET`)
|
|
resources from API server in chunks.
|
|
- `APIPriorityAndFairness`: Enable managing request concurrency with
|
|
prioritization and fairness at each server. (Renamed from `RequestManagement`)
|
|
- `APIResponseCompression`: Compress the API responses for `LIST` or `GET` requests.
|
|
- `APIServerIdentity`: Assign each API server an ID in a cluster.
|
|
- `APIServerTracing`: Add support for distributed tracing in the API server.
|
|
See [Traces for Kubernetes System Components](/docs/concepts/cluster-administration/system-traces) for more details.
|
|
- `AdvancedAuditing`: Enable [advanced auditing](/docs/tasks/debug/debug-cluster/audit/#advanced-audit)
|
|
- `AllowInsecureBackendProxy`: Enable the users to skip TLS verification of
|
|
kubelets on Pod log requests.
|
|
- `AnyVolumeDataSource`: Enable use of any custom resource as the `DataSource` of a
|
|
{{< glossary_tooltip text="PVC" term_id="persistent-volume-claim" >}}.
|
|
- `AppArmor`: Enable use of AppArmor mandatory access control for Pods running on Linux nodes.
|
|
See [AppArmor Tutorial](/docs/tutorials/security/apparmor/) for more details.
|
|
- `ContainerCheckpoint`: Enables the kubelet `checkpoint` API.
|
|
See [Kubelet Checkpoint API](/docs/reference/node/kubelet-checkpoint-api/) for more details.
|
|
- `ControllerManagerLeaderMigration`: Enables Leader Migration for
|
|
[kube-controller-manager](/docs/tasks/administer-cluster/controller-manager-leader-migration/#initial-leader-migration-configuration) and
|
|
[cloud-controller-manager](/docs/tasks/administer-cluster/controller-manager-leader-migration/#deploy-cloud-controller-manager)
|
|
which allows a cluster operator to live migrate
|
|
controllers from the kube-controller-manager into an external controller-manager
|
|
(e.g. the cloud-controller-manager) in an HA cluster without downtime.
|
|
- `CPUManager`: Enable container level CPU affinity support, see
|
|
[CPU Management Policies](/docs/tasks/administer-cluster/cpu-management-policies/).
|
|
- `CPUManagerPolicyAlphaOptions`: This allows fine-tuning of CPUManager policies,
|
|
experimental, Alpha-quality options
|
|
This feature gate guards *a group* of CPUManager options whose quality level is alpha.
|
|
This feature gate will never graduate to beta or stable.
|
|
- `CPUManagerPolicyBetaOptions`: This allows fine-tuning of CPUManager policies,
|
|
experimental, Beta-quality options
|
|
This feature gate guards *a group* of CPUManager options whose quality level is beta.
|
|
This feature gate will never graduate to stable.
|
|
- `CPUManagerPolicyOptions`: Allow fine-tuning of CPUManager policies.
|
|
- `CSIInlineVolume`: Enable CSI Inline volumes support for pods.
|
|
- `CSIMigration`: Enables shims and translation logic to route volume
|
|
operations from in-tree plugins to corresponding pre-installed CSI plugins
|
|
- `CSIMigrationAWS`: Enables shims and translation logic to route volume
|
|
operations from the AWS-EBS in-tree plugin to EBS CSI plugin. Supports
|
|
falling back to in-tree EBS plugin for mount operations to nodes that have
|
|
the feature disabled or that do not have EBS CSI plugin installed and
|
|
configured. Does not support falling back for provision operations, for those
|
|
the CSI plugin must be installed and configured.
|
|
- `CSIMigrationAzureDisk`: Enables shims and translation logic to route volume
|
|
operations from the Azure-Disk in-tree plugin to AzureDisk CSI plugin.
|
|
Supports falling back to in-tree AzureDisk plugin for mount operations to
|
|
nodes that have the feature disabled or that do not have AzureDisk CSI plugin
|
|
installed and configured. Does not support falling back for provision
|
|
operations, for those the CSI plugin must be installed and configured.
|
|
Requires CSIMigration feature flag enabled.
|
|
- `CSIMigrationAzureFile`: Enables shims and translation logic to route volume
|
|
operations from the Azure-File in-tree plugin to AzureFile CSI plugin.
|
|
Supports falling back to in-tree AzureFile plugin for mount operations to
|
|
nodes that have the feature disabled or that do not have AzureFile CSI plugin
|
|
installed and configured. Does not support falling back for provision
|
|
operations, for those the CSI plugin must be installed and configured.
|
|
Requires CSIMigration feature flag enabled.
|
|
- `CSIMigrationGCE`: Enables shims and translation logic to route volume
|
|
operations from the GCE-PD in-tree plugin to PD CSI plugin. Supports falling
|
|
back to in-tree GCE plugin for mount operations to nodes that have the
|
|
feature disabled or that do not have PD CSI plugin installed and configured.
|
|
Does not support falling back for provision operations, for those the CSI
|
|
plugin must be installed and configured. Requires CSIMigration feature flag
|
|
enabled.
|
|
- `CSIMigrationOpenStack`: Enables shims and translation logic to route volume
|
|
operations from the Cinder in-tree plugin to Cinder CSI plugin. Supports
|
|
falling back to in-tree Cinder plugin for mount operations to nodes that have
|
|
the feature disabled or that do not have Cinder CSI plugin installed and
|
|
configured. Does not support falling back for provision operations, for those
|
|
the CSI plugin must be installed and configured. Requires CSIMigration
|
|
feature flag enabled.
|
|
- `csiMigrationRBD`: Enables shims and translation logic to route volume
|
|
operations from the RBD in-tree plugin to Ceph RBD CSI plugin. Requires
|
|
CSIMigration and csiMigrationRBD feature flags enabled and Ceph CSI plugin
|
|
installed and configured in the cluster. This flag has been deprecated in
|
|
favor of the `InTreePluginRBDUnregister` feature flag which prevents the registration of
|
|
in-tree RBD plugin.
|
|
- `CSIMigrationvSphere`: Enables shims and translation logic to route volume operations
|
|
from the vSphere in-tree plugin to vSphere CSI plugin. Supports falling back
|
|
to in-tree vSphere plugin for mount operations to nodes that have the feature
|
|
disabled or that do not have vSphere CSI plugin installed and configured.
|
|
Does not support falling back for provision operations, for those the CSI
|
|
plugin must be installed and configured. Requires CSIMigration feature flag
|
|
enabled.
|
|
- `CSIMigrationPortworx`: Enables shims and translation logic to route volume operations
|
|
from the Portworx in-tree plugin to Portworx CSI plugin.
|
|
Requires Portworx CSI driver to be installed and configured in the cluster.
|
|
- `CSINodeExpandSecret`: Enable passing secret authentication data to a CSI driver for use
|
|
during a `NodeExpandVolume` CSI operation.
|
|
- `CSIStorageCapacity`: Enables CSI drivers to publish storage capacity information
|
|
and the Kubernetes scheduler to use that information when scheduling pods. See
|
|
[Storage Capacity](/docs/concepts/storage/storage-capacity/).
|
|
Check the [`csi` volume type](/docs/concepts/storage/volumes/#csi) documentation for more details.
|
|
- `CSIVolumeHealth`: Enable support for CSI volume health monitoring on node.
|
|
- `CSRDuration`: Allows clients to request a duration for certificates issued
|
|
via the Kubernetes CSR API.
|
|
- `ContextualLogging`: When you enable this feature gate, Kubernetes components that support
|
|
contextual logging add extra detail to log output.
|
|
- `ControllerManagerLeaderMigration`: Enables leader migration for
|
|
`kube-controller-manager` and `cloud-controller-manager`.
|
|
- `CronJobTimeZone`: Allow the use of the `timeZone` optional field in [CronJobs](/docs/concepts/workloads/controllers/cron-jobs/)
|
|
- `CustomCPUCFSQuotaPeriod`: Enable nodes to change `cpuCFSQuotaPeriod` in
|
|
[kubelet config](/docs/tasks/administer-cluster/kubelet-config-file/).
|
|
- `CustomResourceValidationExpressions`: Enable expression language validation in CRD
|
|
which will validate customer resource based on validation rules written in
|
|
the `x-kubernetes-validations` extension.
|
|
- `DaemonSetUpdateSurge`: Enables the DaemonSet workloads to maintain
|
|
availability during update per node.
|
|
See [Perform a Rolling Update on a DaemonSet](/docs/tasks/manage-daemon/update-daemon-set/).
|
|
- `DefaultPodTopologySpread`: Enables the use of `PodTopologySpread` scheduling plugin to do
|
|
[default spreading](/docs/concepts/scheduling-eviction/topology-spread-constraints/#internal-default-constraints).
|
|
- `DelegateFSGroupToCSIDriver`: If supported by the CSI driver, delegates the
|
|
role of applying `fsGroup` from a Pod's `securityContext` to the driver by
|
|
passing `fsGroup` through the NodeStageVolume and NodePublishVolume CSI calls.
|
|
- `DevicePlugins`: Enable the [device-plugins](/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/)
|
|
based resource provisioning on nodes.
|
|
- `DisableAcceleratorUsageMetrics`:
|
|
[Disable accelerator metrics collected by the kubelet](/docs/concepts/cluster-administration/system-metrics/#disable-accelerator-metrics).
|
|
- `DisableCloudProviders`: Disables any functionality in `kube-apiserver`,
|
|
`kube-controller-manager` and `kubelet` related to the `--cloud-provider`
|
|
component flag.
|
|
- `DisableKubeletCloudCredentialProviders`: Disable the in-tree functionality in kubelet
|
|
to authenticate to a cloud provider container registry for image pull credentials.
|
|
- `DownwardAPIHugePages`: Enables usage of hugepages in
|
|
[downward API](/docs/tasks/inject-data-application/downward-api-volume-expose-pod-information).
|
|
- `DryRun`: Enable server-side [dry run](/docs/reference/using-api/api-concepts/#dry-run) requests
|
|
so that validation, merging, and mutation can be tested without committing.
|
|
- `DynamicKubeletConfig`: Enable the dynamic configuration of kubelet. The
|
|
feature is no longer supported outside of supported skew policy. The feature
|
|
gate was removed from kubelet in 1.24. See [Reconfigure kubelet](/docs/tasks/administer-cluster/reconfigure-kubelet/).
|
|
- `EndpointSliceTerminatingCondition`: Enables EndpointSlice `terminating` and `serving`
|
|
condition fields.
|
|
- `EfficientWatchResumption`: Allows for storage-originated bookmark (progress
|
|
notify) events to be delivered to the users. This is only applied to watch operations.
|
|
- `EphemeralContainers`: Enable the ability to add
|
|
{{< glossary_tooltip text="ephemeral containers" term_id="ephemeral-container" >}}
|
|
to running pods.
|
|
- `ExecProbeTimeout`: Ensure kubelet respects exec probe timeouts.
|
|
This feature gate exists in case any of your existing workloads depend on a
|
|
now-corrected fault where Kubernetes ignored exec probe timeouts. See
|
|
[readiness probes](/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes).
|
|
- `ExpandCSIVolumes`: Enable the expanding of CSI volumes.
|
|
- `ExpandedDNSConfig`: Enable kubelet and kube-apiserver to allow more DNS
|
|
search paths and longer list of DNS search paths. This feature requires container
|
|
runtime support(Containerd: v1.5.6 or higher, CRI-O: v1.22 or higher). See
|
|
[Expanded DNS Configuration](/docs/concepts/services-networking/dns-pod-service/#expanded-dns-configuration).
|
|
- `ExpandInUsePersistentVolumes`: Enable expanding in-use PVCs. See
|
|
[Resizing an in-use PersistentVolumeClaim](/docs/concepts/storage/persistent-volumes/#resizing-an-in-use-persistentvolumeclaim).
|
|
- `ExpandPersistentVolumes`: Enable the expanding of persistent volumes. See
|
|
[Expanding Persistent Volumes Claims](/docs/concepts/storage/persistent-volumes/#expanding-persistent-volumes-claims).
|
|
- `ExperimentalHostUserNamespaceDefaulting`: Enabling the defaulting user
|
|
namespace to host. This is for containers that are using other host namespaces,
|
|
host mounts, or containers that are privileged or using specific non-namespaced
|
|
capabilities (e.g. `MKNODE`, `SYS_MODULE` etc.). This should only be enabled
|
|
if user namespace remapping is enabled in the Docker daemon.
|
|
- `GracefulNodeShutdown`: Enables support for graceful shutdown in kubelet.
|
|
During a system shutdown, kubelet will attempt to detect the shutdown event
|
|
and gracefully terminate pods running on the node. See
|
|
[Graceful Node Shutdown](/docs/concepts/architecture/nodes/#graceful-node-shutdown)
|
|
for more details.
|
|
- `GracefulNodeShutdownBasedOnPodPriority`: Enables the kubelet to check Pod priorities
|
|
when shutting down a node gracefully.
|
|
- `GRPCContainerProbe`: Enables the gRPC probe method for {Liveness,Readiness,Startup}Probe.
|
|
See [Configure Liveness, Readiness and Startup Probes](/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-a-grpc-liveness-probe).
|
|
- `HonorPVReclaimPolicy`: Honor persistent volume reclaim policy when it is `Delete` irrespective of PV-PVC deletion ordering.
|
|
For more details, check the
|
|
[PersistentVolume deletion protection finalizer](/docs/concepts/storage/persistent-volumes/#persistentvolume-deletion-protection-finalizer)
|
|
documentation.
|
|
- `HPAContainerMetrics`: Enable the `HorizontalPodAutoscaler` to scale based on
|
|
metrics from individual containers in target pods.
|
|
- `HPAScaleToZero`: Enables setting `minReplicas` to 0 for `HorizontalPodAutoscaler`
|
|
resources when using custom or external metrics.
|
|
- `IPTablesOwnershipCleanup`: This causes kubelet to no longer create legacy IPTables rules.
|
|
- `IdentifyPodOS`: Allows the Pod OS field to be specified. This helps in identifying
|
|
the OS of the pod authoritatively during the API server admission time.
|
|
In Kubernetes {{< skew currentVersion >}}, the allowed values for the `pod.spec.os.name`
|
|
are `windows` and `linux`.
|
|
- `IndexedJob`: Allows the [Job](/docs/concepts/workloads/controllers/job/)
|
|
controller to manage Pod completions per completion index.
|
|
- `InTreePluginAWSUnregister`: Stops registering the aws-ebs in-tree plugin in kubelet
|
|
and volume controllers.
|
|
- `InTreePluginAzureDiskUnregister`: Stops registering the azuredisk in-tree plugin in kubelet
|
|
and volume controllers.
|
|
- `InTreePluginAzureFileUnregister`: Stops registering the azurefile in-tree plugin in kubelet
|
|
and volume controllers.
|
|
- `InTreePluginGCEUnregister`: Stops registering the gce-pd in-tree plugin in kubelet
|
|
and volume controllers.
|
|
- `InTreePluginOpenStackUnregister`: Stops registering the OpenStack cinder in-tree plugin in kubelet
|
|
and volume controllers.
|
|
- `InTreePluginPortworxUnregister`: Stops registering the Portworx in-tree plugin in kubelet
|
|
and volume controllers.
|
|
- `InTreePluginRBDUnregister`: Stops registering the RBD in-tree plugin in kubelet
|
|
and volume controllers.
|
|
- `InTreePluginvSphereUnregister`: Stops registering the vSphere in-tree plugin in kubelet
|
|
and volume controllers.
|
|
- `JobMutableNodeSchedulingDirectives`: Allows updating node scheduling directives in
|
|
the pod template of [Job](/docs/concepts/workloads/controllers/job).
|
|
- `JobPodFailurePolicy`: Allow users to specify handling of pod failures based on container
|
|
exit codes and pod conditions.
|
|
- `JobReadyPods`: Enables tracking the number of Pods that have a `Ready`
|
|
[condition](/docs/concepts/workloads/pods/pod-lifecycle/#pod-conditions).
|
|
The count of `Ready` pods is recorded in the
|
|
[status](/docs/reference/kubernetes-api/workload-resources/job-v1/#JobStatus)
|
|
of a [Job](/docs/concepts/workloads/controllers/job) status.
|
|
- `JobTrackingWithFinalizers`: Enables tracking [Job](/docs/concepts/workloads/controllers/job)
|
|
completions without relying on Pods remaining in the cluster indefinitely.
|
|
The Job controller uses Pod finalizers and a field in the Job status to keep
|
|
track of the finished Pods to count towards completion.
|
|
- `KubeletCredentialProviders`: Enable kubelet exec credential providers for
|
|
image pull credentials.
|
|
- `KubeletInUserNamespace`: Enables support for running kubelet in a
|
|
{{<glossary_tooltip text="user namespace" term_id="userns">}}.
|
|
See [Running Kubernetes Node Components as a Non-root User](/docs/tasks/administer-cluster/kubelet-in-userns/).
|
|
- `KubeletPodResources`: Enable the kubelet's pod resources gRPC endpoint. See
|
|
[Support Device Monitoring](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/606-compute-device-assignment/README.md)
|
|
for more details.
|
|
- `KubeletPodResourcesGetAllocatable`: Enable the kubelet's pod resources
|
|
`GetAllocatableResources` functionality. This API augments the
|
|
[resource allocation reporting](/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/#monitoring-device-plugin-resources)
|
|
with informations about the allocatable resources, enabling clients to properly
|
|
track the free compute resources on a node.
|
|
- `KubeletTracing`: Add support for distributed tracing in the kubelet.
|
|
When enabled, kubelet CRI interface and authenticated http servers are instrumented to generate
|
|
OpenTelemetry trace spans.
|
|
See [Traces for Kubernetes System Components](/docs/concepts/cluster-administration/system-traces) for more details.
|
|
- `LegacyServiceAccountTokenNoAutoGeneration`: Stop auto-generation of Secret-based
|
|
[service account tokens](/docs/reference/access-authn-authz/authentication/#service-account-tokens).
|
|
- `LocalStorageCapacityIsolation`: Enable the consumption of
|
|
[local ephemeral storage](/docs/concepts/configuration/manage-resources-containers/)
|
|
and also the `sizeLimit` property of an
|
|
[emptyDir volume](/docs/concepts/storage/volumes/#emptydir).
|
|
- `LocalStorageCapacityIsolationFSQuotaMonitoring`: When `LocalStorageCapacityIsolation`
|
|
is enabled for
|
|
[local ephemeral storage](/docs/concepts/configuration/manage-resources-containers/)
|
|
and the backing filesystem for [emptyDir volumes](/docs/concepts/storage/volumes/#emptydir)
|
|
supports project quotas and they are enabled, use project quotas to monitor
|
|
[emptyDir volume](/docs/concepts/storage/volumes/#emptydir) storage consumption rather than
|
|
filesystem walk for better performance and accuracy.
|
|
- `LogarithmicScaleDown`: Enable semi-random selection of pods to evict on controller scaledown
|
|
based on logarithmic bucketing of pod timestamps.
|
|
- `MatchLabelKeysInPodTopologySpread`: Enable the `matchLabelKeys` field for
|
|
[Pod topology spread constraints](/docs/concepts/scheduling-eviction/topology-spread-constraints/).
|
|
- `MaxUnavailableStatefulSet`: Enables setting the `maxUnavailable` field for the
|
|
[rolling update strategy](/docs/concepts/workloads/controllers/statefulset/#rolling-updates)
|
|
of a StatefulSet. The field specifies the maximum number of Pods
|
|
that can be unavailable during the update.
|
|
- `MemoryManager`: Allows setting memory affinity for a container based on
|
|
NUMA topology.
|
|
- `MemoryQoS`: Enable memory protection and usage throttle on pod / container using
|
|
cgroup v2 memory controller.
|
|
- `MinDomainsInPodTopologySpread`: Enable `minDomains` in
|
|
[Pod topology spread constraints](/docs/concepts/scheduling-eviction/topology-spread-constraints/).
|
|
- `MixedProtocolLBService`: Enable using different protocols in the same `LoadBalancer` type
|
|
Service instance.
|
|
- `MultiCIDRRangeAllocator`: Enables the MultiCIDR range allocator.
|
|
- `NetworkPolicyEndPort`: Enable use of the field `endPort` in NetworkPolicy objects,
|
|
allowing the selection of a port range instead of a single port.
|
|
- `NetworkPolicyStatus`: Enable the `status` subresource for NetworkPolicy objects.
|
|
- `NodeInclusionPolicyInPodTopologySpread`: Enable using `nodeAffinityPolicy` and `nodeTaintsPolicy` in
|
|
[Pod topology spread constraints](/docs/concepts/scheduling-eviction/topology-spread-constraints/)
|
|
when calculating pod topology spread skew.
|
|
- `NodeOutOfServiceVolumeDetach`: When a Node is marked out-of-service using the
|
|
`node.kubernetes.io/out-of-service` taint, Pods on the node will be forcefully deleted
|
|
if they can not tolerate this taint, and the volume detach operations for Pods terminating
|
|
on the node will happen immediately. The deleted Pods can recover quickly on different nodes.
|
|
- `NodeSwap`: Enable the kubelet to allocate swap memory for Kubernetes workloads on a node.
|
|
Must be used with `KubeletConfiguration.failSwapOn` set to false.
|
|
For more details, please see [swap memory](/docs/concepts/architecture/nodes/#swap-memory)
|
|
- `NonPreemptingPriority`: Enable `preemptionPolicy` field for PriorityClass and Pod.
|
|
- `OpenAPIEnums`: Enables populating "enum" fields of OpenAPI schemas in the
|
|
spec returned from the API server.
|
|
- `OpenAPIV3`: Enables the API server to publish OpenAPI v3.
|
|
- `PodDeletionCost`: Enable the [Pod Deletion Cost](/docs/concepts/workloads/controllers/replicaset/#pod-deletion-cost)
|
|
feature which allows users to influence ReplicaSet downscaling order.
|
|
- `PodAffinityNamespaceSelector`: Enable the
|
|
[Pod Affinity Namespace Selector](/docs/concepts/scheduling-eviction/assign-pod-node/#namespace-selector)
|
|
and [CrossNamespacePodAffinity](/docs/concepts/policy/resource-quotas/#cross-namespace-pod-affinity-quota)
|
|
quota scope features.
|
|
- `PodAndContainerStatsFromCRI`: Configure the kubelet to gather container and
|
|
pod stats from the CRI container runtime rather than gathering them from cAdvisor.
|
|
- `PodDisruptionConditions`: Enables support for appending a dedicated pod condition indicating that the pod is being deleted due to a disruption.
|
|
- `PodHasNetworkCondition`: Enable the kubelet to mark the [PodHasNetwork](/docs/concepts/workloads/pods/pod-lifecycle/#pod-has-network) condition on pods.
|
|
- `PodOverhead`: Enable the [PodOverhead](/docs/concepts/scheduling-eviction/pod-overhead/)
|
|
feature to account for pod overheads.
|
|
- `PodSecurity`: Enables the `PodSecurity` admission plugin.
|
|
- `PreferNominatedNode`: This flag tells the scheduler whether the nominated
|
|
nodes will be checked first before looping through all the other nodes in
|
|
the cluster.
|
|
- `ProbeTerminationGracePeriod`: Enable [setting probe-level
|
|
`terminationGracePeriodSeconds`](/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#probe-level-terminationgraceperiodseconds)
|
|
on pods. See the [enhancement proposal](https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/2238-liveness-probe-grace-period)
|
|
for more details.
|
|
- `ProcMountType`: Enables control over the type proc mounts for containers
|
|
by setting the `procMount` field of a SecurityContext.
|
|
- `ProxyTerminatingEndpoints`: Enable the kube-proxy to handle terminating
|
|
endpoints when `ExternalTrafficPolicy=Local`.
|
|
- `QOSReserved`: Allows resource reservations at the QoS level preventing pods
|
|
at lower QoS levels from bursting into resources requested at higher QoS levels
|
|
(memory only for now).
|
|
- `ReadWriteOncePod`: Enables the usage of `ReadWriteOncePod` PersistentVolume
|
|
access mode.
|
|
- `RecoverVolumeExpansionFailure`: Enables users to edit their PVCs to smaller
|
|
sizes so as they can recover from previously issued volume expansion failures.
|
|
See [Recovering from Failure when Expanding Volumes](/docs/concepts/storage/persistent-volumes/#recovering-from-failure-when-expanding-volumes)
|
|
for more details.
|
|
- `RemainingItemCount`: Allow the API servers to show a count of remaining
|
|
items in the response to a
|
|
[chunking list request](/docs/reference/using-api/api-concepts/#retrieving-large-results-sets-in-chunks).
|
|
- `RemoveSelfLink`: Sets the `.metadata.selfLink` field to blank (empty string) for all
|
|
objects and collections. This field has been deprecated since the Kubernetes v1.16
|
|
release. When this feature is enabled, the `.metadata.selfLink` field remains part of
|
|
the Kubernetes API, but is always unset.
|
|
- `RetroactiveDefaultStorageClass`: Allow assigning StorageClass to unbound PVCs retroactively.
|
|
- `RotateKubeletServerCertificate`: Enable the rotation of the server TLS certificate on the kubelet.
|
|
See [kubelet configuration](/docs/reference/access-authn-authz/kubelet-tls-bootstrapping/#kubelet-configuration)
|
|
for more details.
|
|
- `SELinuxMountReadWriteOncePod`: Speed up container startup by mounting volumes with the correct
|
|
SELinux label instead of changing each file on the volumes recursively. The initial implementation
|
|
focused on ReadWriteOncePod volumes.
|
|
- `SeccompDefault`: Enables the use of `RuntimeDefault` as the default seccomp profile
|
|
for all workloads.
|
|
The seccomp profile is specified in the `securityContext` of a Pod and/or a Container.
|
|
- `SELinuxMountReadWriteOncePod`: Allows kubelet to mount volumes for a Pod directly with the
|
|
right SELinux label instead of applying the SELinux label recursively on every file on the
|
|
volume.
|
|
- `ServerSideApply`: Enables the [Sever Side Apply (SSA)](/docs/reference/using-api/server-side-apply/)
|
|
feature on the API Server.
|
|
- `ServerSideFieldValidation`: Enables server-side field validation. This means the validation
|
|
of resource schema is performed at the API server side rather than the client side
|
|
(for example, the `kubectl create` or `kubectl apply` command line).
|
|
- `ServiceInternalTrafficPolicy`: Enables the `internalTrafficPolicy` field on Services
|
|
- `ServiceLBNodePortControl`: Enables the `allocateLoadBalancerNodePorts` field on Services.
|
|
- `ServiceLoadBalancerClass`: Enables the `loadBalancerClass` field on Services. See
|
|
[Specifying class of load balancer implementation](/docs/concepts/services-networking/service/#load-balancer-class)
|
|
for more details.
|
|
- `ServiceIPStaticSubrange`: Enables a strategy for Services ClusterIP allocations, whereby the
|
|
ClusterIP range is subdivided. Dynamic allocated ClusterIP addresses will be allocated preferently
|
|
from the upper range allowing users to assign static ClusterIPs from the lower range with a low
|
|
risk of collision. See
|
|
[Avoiding collisions](/docs/concepts/services-networking/service/#avoiding-collisions)
|
|
for more details.
|
|
- `SizeMemoryBackedVolumes`: Enable kubelets to determine the size limit for
|
|
memory-backed volumes (mainly `emptyDir` volumes).
|
|
- `StatefulSetMinReadySeconds`: Allows `minReadySeconds` to be respected by
|
|
the StatefulSet controller.
|
|
- `StorageVersionAPI`: Enable the
|
|
[storage version API](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#storageversion-v1alpha1-internal-apiserver-k8s-io).
|
|
- `StorageVersionHash`: Allow API servers to expose the storage version hash in the
|
|
discovery.
|
|
- `SuspendJob`: Enable support to suspend and resume Jobs. For more details, see
|
|
[the Jobs docs](/docs/concepts/workloads/controllers/job/).
|
|
- `TopologyAwareHints`: Enables topology aware routing based on topology hints
|
|
in EndpointSlices. See [Topology Aware
|
|
Hints](/docs/concepts/services-networking/topology-aware-hints/) for more
|
|
details.
|
|
- `TopologyManager`: Enable a mechanism to coordinate fine-grained hardware resource
|
|
assignments for different components in Kubernetes. See
|
|
[Control Topology Management Policies on a node](/docs/tasks/administer-cluster/topology-manager/).
|
|
- `UserNamespacesStatelessPodsSupport`: Enable user namespace support for stateless Pods.
|
|
- `VolumeCapacityPriority`: Enable support for prioritizing nodes in different
|
|
topologies based on available PV capacity.
|
|
- `WatchBookmark`: Enable support for watch bookmark events.
|
|
- `WinDSR`: Allows kube-proxy to create DSR loadbalancers for Windows.
|
|
- `WinOverlay`: Allows kube-proxy to run in overlay mode for Windows.
|
|
- `WindowsHostProcessContainers`: Enables support for Windows HostProcess containers.
|
|
|
|
|
|
## {{% heading "whatsnext" %}}
|
|
|
|
* The [deprecation policy](/docs/reference/using-api/deprecation-policy/) for Kubernetes explains
|
|
the project's approach to removing features and components.
|
|
* Since Kubernetes 1.24, new beta APIs are not enabled by default. When enabling a beta
|
|
feature, you will also need to enable any associated API resources.
|
|
For example, to enable a particular resource like
|
|
`storage.k8s.io/v1beta1/csistoragecapacities`, set `--runtime-config=storage.k8s.io/v1beta1/csistoragecapacities`.
|
|
See [API Versioning](/docs/reference/using-api/#api-versioning) for more details on the command line flags.
|