16 KiB
16 KiB
| title | weight | notitle |
|---|---|---|
| Feature Gates | 10 | true |
Feature Gates
This page contains an overview of the various feature gates an administrator can specify on different Kubernetes components.
Overview
Feature gates are a set of key=value pairs that describe alpha or experimental
features.
An administrator can use the --feature-gates command line flag on each component
to turn a feature on or off.
The following table is a summary of the feature gates that you can set on
different Kubernetes components.
- The "Since" column contains the Kubernetes release when a feature is introduced or its release stage is changed.
- The "Until" column, if not empty, contains the last Kubernetes release in which you can still use a feature gate.
| Feature | Default | Stage | Since | Until |
|---|---|---|---|---|
Accelerators |
false |
Alpha | 1.6 | 1.10 |
AdvancedAuditing |
false |
Alpha | 1.7 | 1.7 |
AdvancedAuditing |
true |
Beta | 1.8 | |
AffinityInAnnotations |
false |
Alpha | 1.6 | 1.7 |
AllowExtTrafficLocalEndpoints |
false |
Beta | 1.4 | 1.6 |
AllowExtTrafficLocalEndpoints |
true |
GA | 1.7 | |
APIListChunking |
false |
Alpha | 1.8 | 1.8 |
APIListChunking |
true |
Beta | 1.9 | |
APIResponseCompression |
false |
Alpha | 1.7 | |
AppArmor |
true |
Beta | 1.4 | |
AttachVolumeLimit |
false |
Alpha | 1.11 | |
BlockVolume |
false |
Alpha | 1.9 | |
CPUManager |
false |
Alpha | 1.8 | 1.9 |
CPUManager |
true |
Beta | 1.10 | |
CRIContainerLogRotation |
false |
Alpha | 1.10 | 1.10 |
CRIContainerLogRotation |
true |
Beta | 1.11 | |
CSIBlockVolume |
false |
Alpha | 1.11 | 1.11 |
CSIPersistentVolume |
false |
Alpha | 1.9 | 1.9 |
CSIPersistentVolume |
true |
Beta | 1.10 | |
CustomPodDNS |
false |
Alpha | 1.9 | 1.9 |
CustomPodDNS |
true |
Beta | 1.10 | |
CustomResourceSubresources |
false |
Alpha | 1.10 | |
CustomResourceValidation |
false |
Alpha | 1.8 | 1.8 |
CustomResourceValidation |
true |
Beta | 1.9 | |
DebugContainers |
false |
Alpha | 1.10 | |
DevicePlugins |
false |
Alpha | 1.8 | 1.9 |
DevicePlugins |
true |
Beta | 1.10 | |
DynamicKubeletConfig |
false |
Alpha | 1.4 | 1.10 |
DynamicKubeletConfig |
true |
Beta | 1.11 | |
DynamicVolumeProvisioning |
true |
Alpha | 1.3 | 1.7 |
DynamicVolumeProvisioning |
true |
GA | 1.8 | |
EnableEquivalenceClassCache |
false |
Alpha | 1.8 | |
ExpandPersistentVolumes |
false |
Alpha | 1.8 | 1.10 |
ExpandPersistentVolumes |
true |
Beta | 1.11 | |
ExperimentalCriticalPodAnnotation |
false |
Alpha | 1.5 | |
ExperimentalHostUserNamespaceDefaulting |
false |
Beta | 1.5 | |
GCERegionalPersistentDisk |
true |
Beta | 1.10 | |
HugePages |
false |
Alpha | 1.8 | 1.9 |
HugePages |
true |
Beta | 1.10 | |
HyperVContainer |
false |
Alpha | 1.10 | |
Initializers |
false |
Alpha | 1.7 | |
KubeletConfigFile |
false |
Alpha | 1.8 | 1.9 |
KubeletPluginsWatcher |
false |
Alpha | 1.11 | |
LocalStorageCapacityIsolation |
false |
Alpha | 1.7 | 1.9 |
LocalStorageCapacityIsolation |
true |
Beta | 1.10 | |
MountContainers |
false |
Alpha | 1.9 | |
MountPropagation |
false |
Alpha | 1.8 | 1.9 |
MountPropagation |
true |
Beta | 1.10 | |
PersistentLocalVolumes |
false |
Alpha | 1.7 | 1.9 |
PersistentLocalVolumes |
true |
Beta | 1.10 | |
PodPriority |
false |
Alpha | 1.8 | |
PodReadinessGates |
false |
Alpha | 1.11 | |
PodShareProcessNamespace |
false |
Alpha | 1.10 | |
PVCProtection |
false |
Alpha | 1.9 | 1.9 |
ReadOnlyAPIDataVolumes |
true |
Deprecated | 1.10 | |
ResourceLimitsPriorityFunction |
false |
Alpha | 1.9 | |
RotateKubeletClientCertificate |
true |
Beta | 1.7 | |
RotateKubeletServerCertificate |
false |
Alpha | 1.7 | |
RunAsGroup |
false |
Alpha | 1.10 | |
ServiceNodeExclusion |
false |
Alpha | 1.8 | |
StorageObjectInUseProtection |
true |
Beta | 1.10 | 1.10 |
StorageObjectInUseProtection |
true |
GA | 1.11 | |
StreamingProxyRedirects |
true |
Beta | 1.5 | |
SupportIPVSProxyMode |
false |
Alpha | 1.8 | 1.8 |
SupportIPVSProxyMode |
false |
Beta | 1.9 | 1.9 |
SupportIPVSProxyMode |
true |
Beta | 1.10 | 1.10 |
SupportIPVSProxyMode |
true |
GA | 1.11 | |
SupportPodPidsLimit |
false |
Alpha | 1.10 | |
Sysctls |
true |
Beta | 1.11 | |
TaintBasedEvictions |
false |
Alpha | 1.6 | |
TaintNodesByCondition |
false |
Alpha | 1.8 | |
TokenRequest |
false |
Alpha | 1.10 | |
TokenRequestProjection |
false |
Alpha | 1.11 | |
VolumeScheduling |
false |
Alpha | 1.9 | 1.9 |
VolumeScheduling |
true |
Beta | 1.10 | |
VolumeSubpathEnvExpansion |
false |
Alpha | 1.11 | |
ScheduleDaemonSetPods |
false |
Alpha | 1.11 |
Using a Feature
Feature Stages
A feature can be in Alpha, Beta or GA stage. An Alpha feature means:
- Disabled by default.
- Might be buggy. Enabling the feature may expose bugs.
- Support for feature may be dropped at any time without notice.
- The API may change in incompatible ways in a later software release without notice.
- Recommended for use only in short-lived testing clusters, due to increased risk of bugs and lack of long-term support.
A Beta feature means:
- Enabled by default.
- The feature is well tested. Enabling the feature is considered safe.
- Support for the overall feature will not be dropped, though details may change.
- The schema and/or semantics of objects may change in incompatible ways in a subsequent beta or stable release. When this happens, we will provide instructions for migrating to the next version. This may require deleting, editing, and re-creating API objects. The editing process may require some thought. This may require downtime for applications that rely on the feature.
- Recommended for only non-business-critical uses because of potential for incompatible changes in subsequent releases. If you have multiple clusters that can be upgraded independently, you may be able to relax this restriction.
{{< note >}} Note: Please do try Beta features and give feedback on them! After they exit beta, it may not be practical for us to make more changes. {{< /note >}}
A GA feature is also referred to as a stable feature. It means:
- The corresponding feature gate is no longer needed.
- Stable versions of features will appear in released software for many subsequent versions.
Feature Gates
Each feature gate is designed for enabling/disabling a specific feature:
Accelerators: Enable Nvidia GPU support when using DockerAdvancedAuditing: Enable advanced auditingAffinityInAnnotations(deprecated): Enable setting Pod affinity or anti-affinitys.AllowExtTrafficLocalEndpoints: Enable a service to route external requests to node local endpoints.APIListChunking: Enable the API clients to retrieve (LISTorGET) resources from API server in chunks.APIResponseCompression: Compress the API responses forLISTorGETrequests.AppArmor: Enable AppArmor based mandatory access control on Linux nodes when using Docker. See AppArmor Tutorial for more details.AttachVolumeLimit: Enable volume plugins to report limits on number of volumes that can be attached to a node. See dynamic volume limits for more details.BlockVolume: Enable the definition and consumption of raw block devices in Pods. See Raw Block Volume Support for more details.CPUManager: Enable container level CPU affinity support, see CPU Management Policies.CRIContainerLogRotation: Enable container log rotation for cri container runtime.CSIBlockVolume: Enable external CSI volume drivers to support block storage. See thecsiraw block volume support documentation for more details.CSIPersistentVolume: Enable discovering and mounting volumes provisioned through a CSI (Container Storage Interface) compatible volume plugin. Check thecsivolume type documentation for more details.CustomPodDNS: Enable customizing the DNS settings for a Pod using itsdnsConfigproperty. Check Pod's DNS Config for more details.CustomResourceSubresources: Enable/statusand/scalesubresources on resources created from CustomResourceDefinition.CustomResourceValidation: Enable schema based validation on resources created from CustomResourceDefinition.DebugContainers: Enable running a "debugging" container in a Pod's namespace to troubleshoot a running Pod.DevicePlugins: Enable the device-plugins based resource provisioning on nodes.DynamicKubeletConfig: Enable the dynamic configuration of kubelet. See Reconfigure kubelet.DynamicVolumeProvisioning(deprecated): Enable the dynamic provisioning of persistent volumes to Pods.EnableEquivalenceClassCache: Enable the scheduler to cache equivalence of nodes when scheduling Pods.ExpandPersistentVolumes: Enable the expanding of persistent volumes. See Expanding Persistent Volumes Claims.ExperimentalCriticalPodAnnotation: Enable annotating specific pods as critical so that their scheduling is guaranteed.ExperimentalHostUserNamespaceDefaultingGate: Enabling the defaulting user namespace to host. This is for containers that are using other host namespaces, host mounts, or containers that are privileged or using specific non-namespaced capabilities (e.g.MKNODE,SYS_MODULEetc.). This should only be enabled if user namespace remapping is enabled in the Docker daemon.GCERegionalPersistentDisk: Enable the regional PD feature on GCE.HugePages: Enable the allocation and consumption of pre-allocated huge pages.HyperVContainer: Enable Hyper-V isolation for Windows containers.Intializers: Enable the dynamic admission control as an extension to the built-in admission controllers. When theInitializersadmission controller is enabled, this feature is automatically enabled.KubeletConfigFile: Enable loading kubelet configuration from a file specified using a config file. See setting kubelet parameters via a config file for more details.KubletPluginsWatcher: Enable probe-based plugin watcher utility to enable kubelet to discover plugins such as CSI volume drivers.LocalStorageCapacityIsolation: Enable the consumption of local ephemeral storage and also thesizeLimitproperty of an emptyDir volume.MountContainers: Enable using utility containers on host as the volume mounter.MountPropagation: Enable sharing volume mounted by one container to other containers or pods. For more details, please see mount propagation.PersistentLocalVolumes: Enable the usage oflocalvolume type in Pods. Pod affinity has to be specified if requesting alocalvolume.PodPriority: Enable the descheduling and preemption of Pods based on their priorities.PodReadinessGates: Enable the setting ofPodReadinessGatefield for extending Pod readiness evaluation. For more details, please see Pod readiness gate.PVCProtection: Enable the prevention of a PersistentVolumeClaim (PVC) from being deleted when it is still used by any Pod. More details can be found here.ReadOnlyAPIDataVolumes: Set Secret, ConfigMap, DownwardAPI and projected volumes to be mounted in read-only mode. This gate exists only for backward compatibility. It will be removed in 1.11 release.ResourceLimitsPriorityFunction: Enable a scheduler priority function that assigns a lowest possible score of 1 to a node that satisfies at least one of the input Pod's cpu and memory limits. The intent is to break ties between nodes with same scores.RotateKubeletClientCertificate: Enable the rotation of the client TLS certificate on the kubelet. See kubelet configuration for more details.RotateKubeletServerCertificate: Enable the rotation of the server TLS certificate on the kubelet. See kubelet configuration for more details.RunAsGroup: Enable control over the primary group ID set on the init processes of containers.ScheduleDaemonSetPods: Enable DaemonSet Pods to be scheduled by the default scheduler instead of the DaemonSet controller.ServiceNodeExclusion: Enable the exclusion of nodes from load balancers created by a cloud provider. A node is eligible for exclusion if annotated with "alpha.service-controller.kubernetes.io/exclude-balancer" key.StorageObjectInUseProtection: Postpone the deletion of PersistentVolume or PersistentVolumeClaim objects if they are still being used.StreamingProxyRedirects: Instructs the API server to intercept (and follow) redirects from the backend (kubelet) for streaming requests. Examples of streaming requests include theexec,attachandport-forwardrequests.SupportIPVSProxyMode: Enable providing in-cluster service load balancing using IPVS. See service proxies for more details.SupportPodPidsLimit: Enable the support to limiting PIDs in Pods.Sysctls: Enable support for namespaced kernel parameters (sysctls) that can be set for each pod. See sysctls for more details.TaintBasedEvictions: Enable evicting pods from nodes based on taints on nodes and tolerations on Pods. See taints and tolerations for more details.TaintNodesByCondition: Enable automatic tainting nodes based on node conditions.TokenRequest: Enable theTokenRequestendpoint on service account resources.TokenRequestProjection: Enable the injection of service account tokens into a Pod through theprojectedvolume.VolumeScheduling: Enable volume topology aware scheduling and make the PersistentVolumeClaim (PVC) binding aware of scheduling decisions. It also enables the usage oflocalvolume type when used together with thePersistentLocalVolumesfeature gate.