k8s.io/apiserver@v0.31.1/pkg/features/kube_features.go (about) 1 /* 2 Copyright 2017 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package features 18 19 import ( 20 "k8s.io/apimachinery/pkg/util/runtime" 21 utilfeature "k8s.io/apiserver/pkg/util/feature" 22 "k8s.io/component-base/featuregate" 23 ) 24 25 const ( 26 // Every feature gate should add method here following this template: 27 // 28 // // owner: @username 29 // // alpha: v1.4 30 // MyFeature featuregate.Feature = "MyFeature" 31 // 32 // Feature gates should be listed in alphabetical, case-sensitive 33 // (upper before any lower case character) order. This reduces the risk 34 // of code conflicts because changes are more likely to be scattered 35 // across the file. 36 37 // owner: @ivelichkovich, @tallclair 38 // alpha: v1.27 39 // beta: v1.28 40 // stable: v1.30 41 // kep: https://kep.k8s.io/3716 42 // 43 // Enables usage of MatchConditions fields to use CEL expressions for matching on admission webhooks 44 AdmissionWebhookMatchConditions featuregate.Feature = "AdmissionWebhookMatchConditions" 45 46 // owner: @jefftree @alexzielenski 47 // alpha: v1.26 48 // beta: v1.27 49 // stable: v1.30 50 // 51 // Enables an single HTTP endpoint /discovery/<version> which supports native HTTP 52 // caching with ETags containing all APIResources known to the apiserver. 53 AggregatedDiscoveryEndpoint featuregate.Feature = "AggregatedDiscoveryEndpoint" 54 55 // owner: @vinayakankugoyal 56 // kep: https://kep.k8s.io/4633 57 // alpha: v1.31 58 // 59 // Allows us to enable anonymous auth for only certain apiserver endpoints. 60 AnonymousAuthConfigurableEndpoints featuregate.Feature = "AnonymousAuthConfigurableEndpoints" 61 62 // owner: @smarterclayton 63 // alpha: v1.8 64 // beta: v1.9 65 // stable: 1.29 66 // 67 // Allow API clients to retrieve resource lists in chunks rather than 68 // all at once. 69 APIListChunking featuregate.Feature = "APIListChunking" 70 71 // owner: @ilackams 72 // alpha: v1.7 73 // beta: v1.16 74 // 75 // Enables compression of REST responses (GET and LIST only) 76 APIResponseCompression featuregate.Feature = "APIResponseCompression" 77 78 // owner: @roycaihw 79 // alpha: v1.20 80 // 81 // Assigns each kube-apiserver an ID in a cluster. 82 APIServerIdentity featuregate.Feature = "APIServerIdentity" 83 84 // owner: @dashpole 85 // alpha: v1.22 86 // beta: v1.27 87 // 88 // Add support for distributed tracing in the API Server 89 APIServerTracing featuregate.Feature = "APIServerTracing" 90 91 // owner: @linxiulei 92 // beta: v1.30 93 // 94 // Enables serving watch requests in separate goroutines. 95 APIServingWithRoutine featuregate.Feature = "APIServingWithRoutine" 96 97 // owner: @deads2k 98 // kep: https://kep.k8s.io/4601 99 // alpha: v1.31 100 // 101 // Allows authorization to use field and label selectors. 102 AuthorizeWithSelectors featuregate.Feature = "AuthorizeWithSelectors" 103 104 // owner: @serathius 105 // beta: v1.31 106 // Enables concurrent watch object decoding to avoid starving watch cache when conversion webhook is installed. 107 ConcurrentWatchObjectDecode featuregate.Feature = "ConcurrentWatchObjectDecode" 108 109 // owner: @cici37 @jpbetz 110 // kep: http://kep.k8s.io/3488 111 // alpha: v1.26 112 // beta: v1.28 113 // stable: v1.30 114 // 115 // Note: the feature gate can be removed in 1.32 116 // Enables expression validation in Admission Control 117 ValidatingAdmissionPolicy featuregate.Feature = "ValidatingAdmissionPolicy" 118 119 // owner: @jefftree 120 // kep: https://kep.k8s.io/4355 121 // alpha: v1.31 122 // 123 // Enables coordinated leader election in the API server 124 CoordinatedLeaderElection featuregate.Feature = "CoordinatedLeaderElection" 125 126 // alpha: v1.20 127 // beta: v1.21 128 // GA: v1.24 129 // 130 // Allows for updating watchcache resource version with progress notify events. 131 EfficientWatchResumption featuregate.Feature = "EfficientWatchResumption" 132 133 // owner: @aramase 134 // kep: https://kep.k8s.io/3299 135 // deprecated: v1.28 136 // 137 // Enables KMS v1 API for encryption at rest. 138 KMSv1 featuregate.Feature = "KMSv1" 139 140 // owner: @aramase 141 // kep: https://kep.k8s.io/3299 142 // alpha: v1.25 143 // beta: v1.27 144 // stable: v1.29 145 // 146 // Enables KMS v2 API for encryption at rest. 147 KMSv2 featuregate.Feature = "KMSv2" 148 149 // owner: @enj 150 // kep: https://kep.k8s.io/3299 151 // beta: v1.28 152 // stable: v1.29 153 // 154 // Enables the use of derived encryption keys with KMS v2. 155 KMSv2KDF featuregate.Feature = "KMSv2KDF" 156 157 // owner: @alexzielenski, @cici37, @jiahuif 158 // kep: https://kep.k8s.io/3962 159 // alpha: v1.30 160 // 161 // Enables the MutatingAdmissionPolicy in Admission Chain 162 MutatingAdmissionPolicy featuregate.Feature = "MutatingAdmissionPolicy" 163 164 // owner: @jiahuif 165 // kep: https://kep.k8s.io/2887 166 // alpha: v1.23 167 // beta: v1.24 168 // 169 // Enables populating "enum" field of OpenAPI schemas 170 // in the spec returned from kube-apiserver. 171 OpenAPIEnums featuregate.Feature = "OpenAPIEnums" 172 173 // owner: @caesarxuchao 174 // alpha: v1.15 175 // beta: v1.16 176 // stable: 1.29 177 // 178 // Allow apiservers to show a count of remaining items in the response 179 // to a chunking list request. 180 RemainingItemCount featuregate.Feature = "RemainingItemCount" 181 182 // owner: @wojtek-t 183 // beta: v1.31 184 // 185 // Enables resilient watchcache initialization to avoid controlplane 186 // overload. 187 ResilientWatchCacheInitialization featuregate.Feature = "ResilientWatchCacheInitialization" 188 189 // owner: @serathius 190 // beta: v1.30 191 // 192 // Allow watch cache to create a watch on a dedicated RPC. 193 // This prevents watch cache from being starved by other watches. 194 SeparateCacheWatchRPC featuregate.Feature = "SeparateCacheWatchRPC" 195 196 // owner: @apelisse, @lavalamp 197 // alpha: v1.14 198 // beta: v1.16 199 // stable: v1.22 200 // 201 // Server-side apply. Merging happens on the server. 202 ServerSideApply featuregate.Feature = "ServerSideApply" 203 204 // owner: @kevindelgado 205 // kep: https://kep.k8s.io/2885 206 // alpha: v1.23 207 // beta: v1.24 208 // 209 // Enables server-side field validation. 210 ServerSideFieldValidation featuregate.Feature = "ServerSideFieldValidation" 211 212 // owner: @enj 213 // beta: v1.29 214 // 215 // Enables http2 DOS mitigations for unauthenticated clients. 216 // 217 // Some known reasons to disable these mitigations: 218 // 219 // An API server that is fronted by an L7 load balancer that is set up 220 // to mitigate http2 attacks may opt to disable this protection to prevent 221 // unauthenticated clients from disabling connection reuse between the load 222 // balancer and the API server (many incoming connections could share the 223 // same backend connection). 224 // 225 // An API server that is on a private network may opt to disable this 226 // protection to prevent performance regressions for unauthenticated 227 // clients. 228 UnauthenticatedHTTP2DOSMitigation featuregate.Feature = "UnauthenticatedHTTP2DOSMitigation" 229 230 // owner: @jpbetz 231 // alpha: v1.30 232 // Resource create requests using generateName are retried automatically by the apiserver 233 // if the generated name conflicts with an existing resource name, up to a maximum number of 7 retries. 234 RetryGenerateName featuregate.Feature = "RetryGenerateName" 235 236 // owner: @cici37 237 // alpha: v1.30 238 // 239 // StrictCostEnforcementForVAP is used to apply strict CEL cost validation for ValidatingAdmissionPolicy. 240 // It will be set to off by default for certain time of period to prevent the impact on the existing users. 241 // It is strongly recommended to enable this feature gate as early as possible. 242 // The strict cost is specific for the extended libraries whose cost defined under k8s/apiserver/pkg/cel/library. 243 StrictCostEnforcementForVAP featuregate.Feature = "StrictCostEnforcementForVAP" 244 245 // owner: @cici37 246 // alpha: v1.30 247 // 248 // StrictCostEnforcementForWebhooks is used to apply strict CEL cost validation for matchConditions in Webhooks. 249 // It will be set to off by default for certain time of period to prevent the impact on the existing users. 250 // It is strongly recommended to enable this feature gate as early as possible. 251 // The strict cost is specific for the extended libraries whose cost defined under k8s/apiserver/pkg/cel/library. 252 StrictCostEnforcementForWebhooks featuregate.Feature = "StrictCostEnforcementForWebhooks" 253 254 // owner: @caesarxuchao @roycaihw 255 // alpha: v1.20 256 // 257 // Enable the storage version API. 258 StorageVersionAPI featuregate.Feature = "StorageVersionAPI" 259 260 // owner: @caesarxuchao 261 // alpha: v1.14 262 // beta: v1.15 263 // 264 // Allow apiservers to expose the storage version hash in the discovery 265 // document. 266 StorageVersionHash featuregate.Feature = "StorageVersionHash" 267 268 // owner: @aramase, @enj, @nabokihms 269 // kep: https://kep.k8s.io/3331 270 // alpha: v1.29 271 // beta: v1.30 272 // 273 // Enables Structured Authentication Configuration 274 StructuredAuthenticationConfiguration featuregate.Feature = "StructuredAuthenticationConfiguration" 275 276 // owner: @palnabarun 277 // kep: https://kep.k8s.io/3221 278 // alpha: v1.29 279 // beta: v1.30 280 // 281 // Enables Structured Authorization Configuration 282 StructuredAuthorizationConfiguration featuregate.Feature = "StructuredAuthorizationConfiguration" 283 284 // owner: @wojtek-t 285 // alpha: v1.15 286 // beta: v1.16 287 // GA: v1.17 288 // 289 // Enables support for watch bookmark events. 290 WatchBookmark featuregate.Feature = "WatchBookmark" 291 292 // owner: @wojtek-t 293 // beta: v1.31 294 // 295 // Enables post-start-hook for storage readiness 296 WatchCacheInitializationPostStartHook featuregate.Feature = "WatchCacheInitializationPostStartHook" 297 298 // owner: @serathius 299 // beta: 1.30 300 // Enables watches without resourceVersion to be served from storage. 301 // Used to prevent https://github.com/kubernetes/kubernetes/issues/123072 until etcd fixes the issue. 302 WatchFromStorageWithoutResourceVersion featuregate.Feature = "WatchFromStorageWithoutResourceVersion" 303 304 // owner: @vinaykul 305 // kep: http://kep.k8s.io/1287 306 // alpha: v1.27 307 // 308 // Enables In-Place Pod Vertical Scaling 309 InPlacePodVerticalScaling featuregate.Feature = "InPlacePodVerticalScaling" 310 311 // owner: @p0lyn0mial 312 // alpha: v1.27 313 // 314 // Allow the API server to stream individual items instead of chunking 315 WatchList featuregate.Feature = "WatchList" 316 317 // owner: @serathius 318 // kep: http://kep.k8s.io/2340 319 // alpha: v1.28 320 // beta: v1.31 321 // 322 // Allow the API server to serve consistent lists from cache 323 ConsistentListFromCache featuregate.Feature = "ConsistentListFromCache" 324 325 // owner: @tkashem 326 // beta: v1.29 327 // GA: v1.30 328 // 329 // Allow Priority & Fairness in the API server to use a zero value for 330 // the 'nominalConcurrencyShares' field of the 'limited' section of a 331 // priority level. 332 ZeroLimitedNominalConcurrencyShares featuregate.Feature = "ZeroLimitedNominalConcurrencyShares" 333 ) 334 335 func init() { 336 runtime.Must(utilfeature.DefaultMutableFeatureGate.Add(defaultKubernetesFeatureGates)) 337 runtime.Must(utilfeature.DefaultMutableFeatureGate.AddVersioned(defaultVersionedKubernetesFeatureGates)) 338 } 339 340 // defaultVersionedKubernetesFeatureGates consists of all known Kubernetes-specific feature keys with VersionedSpecs. 341 // To add a new feature, define a key for it above and add it here. The features will be 342 // available throughout Kubernetes binaries. 343 var defaultVersionedKubernetesFeatureGates = map[featuregate.Feature]featuregate.VersionedSpecs{ 344 // Example: 345 // EmulationVersion: { 346 // {Version: version.MustParse("1.30"), Default: false, PreRelease: featuregate.Alpha}, 347 // }, 348 } 349 350 // defaultKubernetesFeatureGates consists of all known Kubernetes-specific feature keys. 351 // To add a new feature, define a key for it above and add it here. The features will be 352 // available throughout Kubernetes binaries. 353 var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureSpec{ 354 355 AnonymousAuthConfigurableEndpoints: {Default: false, PreRelease: featuregate.Alpha}, 356 357 AggregatedDiscoveryEndpoint: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.33 358 359 AdmissionWebhookMatchConditions: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.33 360 361 APIListChunking: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.32 362 363 APIResponseCompression: {Default: true, PreRelease: featuregate.Beta}, 364 365 APIServerIdentity: {Default: true, PreRelease: featuregate.Beta}, 366 367 APIServerTracing: {Default: true, PreRelease: featuregate.Beta}, 368 369 APIServingWithRoutine: {Default: false, PreRelease: featuregate.Alpha}, 370 371 AuthorizeWithSelectors: {Default: false, PreRelease: featuregate.Alpha}, 372 373 ConcurrentWatchObjectDecode: {Default: false, PreRelease: featuregate.Beta}, 374 375 ValidatingAdmissionPolicy: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.32 376 377 CoordinatedLeaderElection: {Default: false, PreRelease: featuregate.Alpha}, 378 379 EfficientWatchResumption: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, 380 381 KMSv1: {Default: false, PreRelease: featuregate.Deprecated}, 382 383 KMSv2: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.31 384 385 KMSv2KDF: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.31 386 387 OpenAPIEnums: {Default: true, PreRelease: featuregate.Beta}, 388 389 RemainingItemCount: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.32 390 391 ResilientWatchCacheInitialization: {Default: true, PreRelease: featuregate.Beta}, 392 393 RetryGenerateName: {Default: true, PreRelease: featuregate.Beta}, 394 395 SeparateCacheWatchRPC: {Default: true, PreRelease: featuregate.Beta}, 396 397 ServerSideApply: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.29 398 399 ServerSideFieldValidation: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.29 400 401 StorageVersionAPI: {Default: false, PreRelease: featuregate.Alpha}, 402 403 StorageVersionHash: {Default: true, PreRelease: featuregate.Beta}, 404 405 StrictCostEnforcementForVAP: {Default: false, PreRelease: featuregate.Beta}, 406 407 StrictCostEnforcementForWebhooks: {Default: false, PreRelease: featuregate.Beta}, 408 409 StructuredAuthenticationConfiguration: {Default: true, PreRelease: featuregate.Beta}, 410 411 StructuredAuthorizationConfiguration: {Default: true, PreRelease: featuregate.Beta}, 412 413 UnauthenticatedHTTP2DOSMitigation: {Default: true, PreRelease: featuregate.Beta}, 414 415 WatchBookmark: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, 416 417 WatchCacheInitializationPostStartHook: {Default: false, PreRelease: featuregate.Beta}, 418 419 WatchFromStorageWithoutResourceVersion: {Default: false, PreRelease: featuregate.Beta}, 420 421 InPlacePodVerticalScaling: {Default: false, PreRelease: featuregate.Alpha}, 422 423 WatchList: {Default: false, PreRelease: featuregate.Alpha}, 424 425 ConsistentListFromCache: {Default: true, PreRelease: featuregate.Beta}, 426 427 ZeroLimitedNominalConcurrencyShares: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.32 428 }