This page contains an overview of the various feature gates an administrator can specify on different Kubernetes components.
See feature stages for an explanation of the stages for a feature.
Feature gates are a set of key=value pairs that describe Kubernetes features. You can turn these features on or off using the --feature-gates
command line flag on each Kubernetes component.
Each Kubernetes component lets you enable or disable a set of feature gates that are relevant to that component. Use -h
flag to see a full set of feature gates for all components. To set feature gates for a component, such as kubelet, use the --feature-gates
flag assigned to a list of feature pairs:
--feature-gates="...,GracefulNodeShutdown=true"
The following tables are a summary of the feature gates that you can set on different Kubernetes components.
Feature | Default | Stage | Since | Until |
---|---|---|---|---|
APIListChunking | false | Alpha | 1.8 | 1.8 |
APIListChunking | true | Beta | 1.9 | |
APIPriorityAndFairness | false | Alpha | 1.18 | 1.19 |
APIPriorityAndFairness | true | Beta | 1.20 | |
APIResponseCompression | false | Alpha | 1.7 | 1.15 |
APIResponseCompression | true | Beta | 1.16 | |
APIServerIdentity | false | Alpha | 1.20 | |
APIServerTracing | false | Alpha | 1.22 | |
AllowInsecureBackendProxy | true | Beta | 1.17 | |
AnyVolumeDataSource | false | Alpha | 1.18 | |
AppArmor | true | Beta | 1.4 | |
ControllerManagerLeaderMigration | false | Alpha | 1.21 | |
CPUManager | false | Alpha | 1.8 | 1.9 |
CPUManager | true | Beta | 1.10 | |
CPUManagerPolicyAlphaOptions | false | Alpha | 1.23 | |
CPUManagerPolicyBetaOptions | true | Beta | 1.23 | |
CPUManagerPolicyOptions | false | Alpha | 1.22 | 1.22 |
CPUManagerPolicyOptions | true | Beta | 1.23 | |
CSIInlineVolume | false | Alpha | 1.15 | 1.15 |
CSIInlineVolume | true | Beta | 1.16 | - |
CSIMigration | false | Alpha | 1.14 | 1.16 |
CSIMigration | true | Beta | 1.17 | |
CSIMigrationAWS | false | Alpha | 1.14 | |
CSIMigrationAWS | false | Beta | 1.17 | 1.22 |
CSIMigrationAWS | true | Beta | 1.23 | |
CSIMigrationAzureDisk | false | Alpha | 1.15 | 1.18 |
CSIMigrationAzureDisk | false | Beta | 1.19 | 1.22 |
CSIMigrationAzureDisk | true | Beta | 1.23 | |
CSIMigrationAzureFile | false | Alpha | 1.15 | 1.19 |
CSIMigrationAzureFile | false | Beta | 1.21 | |
CSIMigrationGCE | false | Alpha | 1.14 | 1.16 |
CSIMigrationGCE | false | Beta | 1.17 | 1.22 |
CSIMigrationGCE | true | Beta | 1.23 | |
CSIMigrationOpenStack | false | Alpha | 1.14 | 1.17 |
CSIMigrationOpenStack | true | Beta | 1.18 | |
CSIMigrationvSphere | false | Beta | 1.19 | |
CSIMigrationPortworx | false | Alpha | 1.23 | |
CSIMigrationRBD | false | Alpha | 1.23 | |
CSIStorageCapacity | false | Alpha | 1.19 | 1.20 |
CSIStorageCapacity | true | Beta | 1.21 | |
CSIVolumeHealth | false | Alpha | 1.21 | |
CSRDuration | true | Beta | 1.22 | |
ControllerManagerLeaderMigration | false | Alpha | 1.21 | 1.21 |
ControllerManagerLeaderMigration | true | Beta | 1.22 | |
CustomCPUCFSQuotaPeriod | false | Alpha | 1.12 | |
CustomResourceValidationExpressions | false | Alpha | 1.23 | |
DaemonSetUpdateSurge | false | Alpha | 1.21 | 1.21 |
DaemonSetUpdateSurge | true | Beta | 1.22 | |
DefaultPodTopologySpread | false | Alpha | 1.19 | 1.19 |
DefaultPodTopologySpread | true | Beta | 1.20 | |
DelegateFSGroupToCSIDriver | false | Alpha | 1.22 | 1.22 |
DelegateFSGroupToCSIDriver | true | Beta | 1.23 | |
DevicePlugins | false | Alpha | 1.8 | 1.9 |
DevicePlugins | true | Beta | 1.10 | |
DisableAcceleratorUsageMetrics | false | Alpha | 1.19 | 1.19 |
DisableAcceleratorUsageMetrics | true | Beta | 1.20 | |
DisableCloudProviders | false | Alpha | 1.22 | |
DisableKubeletCloudCredentialProviders | false | Alpha | 1.23 | |
DownwardAPIHugePages | false | Alpha | 1.20 | 1.20 |
DownwardAPIHugePages | false | Beta | 1.21 | |
EfficientWatchResumption | false | Alpha | 1.20 | 1.20 |
EfficientWatchResumption | true | Beta | 1.21 | |
EndpointSliceTerminatingCondition | false | Alpha | 1.20 | 1.21 |
EndpointSliceTerminatingCondition | true | Beta | 1.22 | |
EphemeralContainers | false | Alpha | 1.16 | 1.22 |
EphemeralContainers | true | Beta | 1.23 | |
ExpandCSIVolumes | false | Alpha | 1.14 | 1.15 |
ExpandCSIVolumes | true | Beta | 1.16 | |
ExpandedDNSConfig | false | Alpha | 1.22 | |
ExpandInUsePersistentVolumes | false | Alpha | 1.11 | 1.14 |
ExpandInUsePersistentVolumes | true | Beta | 1.15 | |
ExpandPersistentVolumes | false | Alpha | 1.8 | 1.10 |
ExpandPersistentVolumes | true | Beta | 1.11 | |
ExperimentalHostUserNamespaceDefaulting | false | Beta | 1.5 | |
GracefulNodeShutdown | false | Alpha | 1.20 | 1.20 |
GracefulNodeShutdown | true | Beta | 1.21 | |
GracefulNodeShutdownBasedOnPodPriority | false | Alpha | 1.23 | |
GRPCContainerProbe | false | Alpha | 1.23 | |
HonorPVReclaimPolicy | false | Alpha | 1.23 | |
HPAContainerMetrics | false | Alpha | 1.20 | |
HPAScaleToZero | false | Alpha | 1.16 | |
IdentifyPodOS | false | Alpha | 1.23 | |
IndexedJob | false | Alpha | 1.21 | 1.21 |
IndexedJob | true | Beta | 1.22 | |
InTreePluginAWSUnregister | false | Alpha | 1.21 | |
InTreePluginAzureDiskUnregister | false | Alpha | 1.21 | |
InTreePluginAzureFileUnregister | false | Alpha | 1.21 | |
InTreePluginGCEUnregister | false | Alpha | 1.21 | |
InTreePluginOpenStackUnregister | false | Alpha | 1.21 | |
InTreePluginPortworxUnregister | false | Alpha | 1.23 | |
InTreePluginRBDUnregister | false | Alpha | 1.23 | |
InTreePluginvSphereUnregister | false | Alpha | 1.21 | |
JobMutableNodeSchedulingDirectives | true | Beta | 1.23 | |
JobReadyPods | false | Alpha | 1.23 | |
JobTrackingWithFinalizers | false | Alpha | 1.22 | 1.22 |
JobTrackingWithFinalizers | true | Beta | 1.23 | |
KubeletCredentialProviders | false | Alpha | 1.20 | |
KubeletInUserNamespace | false | Alpha | 1.22 | |
KubeletPodResources | false | Alpha | 1.13 | 1.14 |
KubeletPodResources | true | Beta | 1.15 | |
KubeletPodResourcesGetAllocatable | false | Alpha | 1.21 | 1.22 |
KubeletPodResourcesGetAllocatable | false | Beta | 1.23 | |
LocalStorageCapacityIsolation | false | Alpha | 1.7 | 1.9 |
LocalStorageCapacityIsolation | true | Beta | 1.10 | |
LocalStorageCapacityIsolationFSQuotaMonitoring | false | Alpha | 1.15 | |
LogarithmicScaleDown | false | Alpha | 1.21 | 1.21 |
LogarithmicScaleDown | true | Beta | 1.22 | |
MemoryManager | false | Alpha | 1.21 | 1.21 |
MemoryManager | true | Beta | 1.22 | |
MemoryQoS | false | Alpha | 1.22 | |
MixedProtocolLBService | false | Alpha | 1.20 | |
NetworkPolicyEndPort | false | Alpha | 1.21 | 1.21 |
NetworkPolicyEndPort | true | Beta | 1.22 | |
NodeSwap | false | Alpha | 1.22 | |
NonPreemptingPriority | false | Alpha | 1.15 | 1.18 |
NonPreemptingPriority | true | Beta | 1.19 | |
OpenAPIEnums | false | Alpha | 1.23 | |
OpenAPIV3 | false | Alpha | 1.23 | |
PodAndContainerStatsFromCRI | false | Alpha | 1.23 | |
PodAffinityNamespaceSelector | false | Alpha | 1.21 | 1.21 |
PodAffinityNamespaceSelector | true | Beta | 1.22 | |
PodDeletionCost | false | Alpha | 1.21 | 1.21 |
PodDeletionCost | true | Beta | 1.22 | |
PodOverhead | false | Alpha | 1.16 | 1.17 |
PodOverhead | true | Beta | 1.18 | |
PodSecurity | false | Alpha | 1.22 | 1.22 |
PodSecurity | true | Beta | 1.23 | |
PreferNominatedNode | false | Alpha | 1.21 | 1.21 |
PreferNominatedNode | true | Beta | 1.22 | |
ProbeTerminationGracePeriod | false | Alpha | 1.21 | 1.21 |
ProbeTerminationGracePeriod | false | Beta | 1.22 | |
ProcMountType | false | Alpha | 1.12 | |
ProxyTerminatingEndpoints | false | Alpha | 1.22 | |
QOSReserved | false | Alpha | 1.11 | |
ReadWriteOncePod | false | Alpha | 1.22 | |
RecoverVolumeExpansionFailure | false | Alpha | 1.23 | |
RemainingItemCount | false | Alpha | 1.15 | 1.15 |
RemainingItemCount | true | Beta | 1.16 | |
RemoveSelfLink | false | Alpha | 1.16 | 1.19 |
RemoveSelfLink | true | Beta | 1.20 | |
RotateKubeletServerCertificate | false | Alpha | 1.7 | 1.11 |
RotateKubeletServerCertificate | true | Beta | 1.12 | |
SeccompDefault | false | Alpha | 1.22 | |
ServiceInternalTrafficPolicy | false | Alpha | 1.21 | 1.21 |
ServiceInternalTrafficPolicy | true | Beta | 1.22 | |
ServiceLBNodePortControl | false | Alpha | 1.20 | 1.21 |
ServiceLBNodePortControl | true | Beta | 1.22 | |
ServiceLoadBalancerClass | false | Alpha | 1.21 | 1.21 |
ServiceLoadBalancerClass | true | Beta | 1.22 | |
SizeMemoryBackedVolumes | false | Alpha | 1.20 | 1.21 |
SizeMemoryBackedVolumes | true | Beta | 1.22 | |
StatefulSetAutoDeletePVC | false | Alpha | 1.22 | |
StatefulSetMinReadySeconds | false | Alpha | 1.22 | 1.22 |
StatefulSetMinReadySeconds | true | Beta | 1.23 | |
StorageVersionAPI | false | Alpha | 1.20 | |
StorageVersionHash | false | Alpha | 1.14 | 1.14 |
StorageVersionHash | true | Beta | 1.15 | |
SuspendJob | false | Alpha | 1.21 | 1.21 |
SuspendJob | true | Beta | 1.22 | |
TopologyAwareHints | false | Alpha | 1.21 | 1.22 |
TopologyAwareHints | false | Beta | 1.23 | |
TopologyManager | false | Alpha | 1.16 | 1.17 |
TopologyManager | true | Beta | 1.18 | |
VolumeCapacityPriority | false | Alpha | 1.21 | - |
WinDSR | false | Alpha | 1.14 | |
WinOverlay | false | Alpha | 1.14 | 1.19 |
WinOverlay | true | Beta | 1.20 | |
WindowsHostProcessContainers | false | Alpha | 1.22 | 1.22 |
WindowsHostProcessContainers | false | Beta | 1.23 |
Feature | Default | Stage | Since | Until |
---|---|---|---|---|
Accelerators | false | Alpha | 1.6 | 1.10 |
Accelerators | - | Deprecated | 1.11 | - |
AdvancedAuditing | false | Alpha | 1.7 | 1.7 |
AdvancedAuditing | true | Beta | 1.8 | 1.11 |
AdvancedAuditing | true | GA | 1.12 | - |
AffinityInAnnotations | false | Alpha | 1.6 | 1.7 |
AffinityInAnnotations | - | Deprecated | 1.8 | - |
AllowExtTrafficLocalEndpoints | false | Beta | 1.4 | 1.6 |
AllowExtTrafficLocalEndpoints | true | GA | 1.7 | - |
AttachVolumeLimit | false | Alpha | 1.11 | 1.11 |
AttachVolumeLimit | true | Beta | 1.12 | 1.16 |
AttachVolumeLimit | true | GA | 1.17 | - |
BalanceAttachedNodeVolumes | false | Alpha | 1.11 | 1.21 |
BalanceAttachedNodeVolumes | false | Deprecated | 1.22 | |
BlockVolume | false | Alpha | 1.9 | 1.12 |
BlockVolume | true | Beta | 1.13 | 1.17 |
BlockVolume | true | GA | 1.18 | - |
BoundServiceAccountTokenVolume | false | Alpha | 1.13 | 1.20 |
BoundServiceAccountTokenVolume | true | Beta | 1.21 | 1.21 |
BoundServiceAccountTokenVolume | true | GA | 1.22 | - |
ConfigurableFSGroupPolicy | false | Alpha | 1.18 | 1.19 |
ConfigurableFSGroupPolicy | true | Beta | 1.20 | 1.22 |
ConfigurableFSGroupPolicy | true | GA | 1.23 | |
CRIContainerLogRotation | false | Alpha | 1.10 | 1.10 |
CRIContainerLogRotation | true | Beta | 1.11 | 1.20 |
CRIContainerLogRotation | true | GA | 1.21 | - |
CSIBlockVolume | false | Alpha | 1.11 | 1.13 |
CSIBlockVolume | true | Beta | 1.14 | 1.17 |
CSIBlockVolume | true | GA | 1.18 | - |
CSIDriverRegistry | false | Alpha | 1.12 | 1.13 |
CSIDriverRegistry | true | Beta | 1.14 | 1.17 |
CSIDriverRegistry | true | GA | 1.18 | |
CSIMigrationAWSComplete | false | Alpha | 1.17 | 1.20 |
CSIMigrationAWSComplete | - | Deprecated | 1.21 | - |
CSIMigrationAzureDiskComplete | false | Alpha | 1.17 | 1.20 |
CSIMigrationAzureDiskComplete | - | Deprecated | 1.21 | - |
CSIMigrationAzureFileComplete | false | Alpha | 1.17 | 1.20 |
CSIMigrationAzureFileComplete | - | Deprecated | 1.21 | - |
CSIMigrationGCEComplete | false | Alpha | 1.17 | 1.20 |
CSIMigrationGCEComplete | - | Deprecated | 1.21 | - |
CSIMigrationOpenStackComplete | false | Alpha | 1.17 | 1.20 |
CSIMigrationOpenStackComplete | - | Deprecated | 1.21 | - |
CSIMigrationvSphereComplete | false | Beta | 1.19 | 1.21 |
CSIMigrationvSphereComplete | - | Deprecated | 1.22 | - |
CSINodeInfo | false | Alpha | 1.12 | 1.13 |
CSINodeInfo | true | Beta | 1.14 | 1.16 |
CSINodeInfo | true | GA | 1.17 | |
CSIPersistentVolume | false | Alpha | 1.9 | 1.9 |
CSIPersistentVolume | true | Beta | 1.10 | 1.12 |
CSIPersistentVolume | true | GA | 1.13 | - |
CSIServiceAccountToken | false | Alpha | 1.20 | 1.20 |
CSIServiceAccountToken | true | Beta | 1.21 | 1.21 |
CSIServiceAccountToken | true | GA | 1.22 | |
CSIVolumeFSGroupPolicy | false | Alpha | 1.19 | 1.19 |
CSIVolumeFSGroupPolicy | true | Beta | 1.20 | 1.22 |
CSIVolumeFSGroupPolicy | true | GA | 1.23 | |
CronJobControllerV2 | false | Alpha | 1.20 | 1.20 |
CronJobControllerV2 | true | Beta | 1.21 | 1.21 |
CronJobControllerV2 | true | GA | 1.22 | - |
CustomPodDNS | false | Alpha | 1.9 | 1.9 |
CustomPodDNS | true | Beta | 1.10 | 1.13 |
CustomPodDNS | true | GA | 1.14 | - |
CustomResourceDefaulting | false | Alpha | 1.15 | 1.15 |
CustomResourceDefaulting | true | Beta | 1.16 | 1.16 |
CustomResourceDefaulting | true | GA | 1.17 | - |
CustomResourcePublishOpenAPI | false | Alpha | 1.14 | 1.14 |
CustomResourcePublishOpenAPI | true | Beta | 1.15 | 1.15 |
CustomResourcePublishOpenAPI | true | GA | 1.16 | - |
CustomResourceSubresources | false | Alpha | 1.10 | 1.10 |
CustomResourceSubresources | true | Beta | 1.11 | 1.15 |
CustomResourceSubresources | true | GA | 1.16 | - |
CustomResourceValidation | false | Alpha | 1.8 | 1.8 |
CustomResourceValidation | true | Beta | 1.9 | 1.15 |
CustomResourceValidation | true | GA | 1.16 | - |
CustomResourceWebhookConversion | false | Alpha | 1.13 | 1.14 |
CustomResourceWebhookConversion | true | Beta | 1.15 | 1.15 |
CustomResourceWebhookConversion | true | GA | 1.16 | - |
DryRun | false | Alpha | 1.12 | 1.12 |
DryRun | true | Beta | 1.13 | 1.18 |
DryRun | true | GA | 1.19 | - |
DynamicAuditing | false | Alpha | 1.13 | 1.18 |
DynamicAuditing | - | Deprecated | 1.19 | - |
DynamicKubeletConfig | false | Alpha | 1.4 | 1.10 |
DynamicKubeletConfig | true | Beta | 1.11 | 1.21 |
DynamicKubeletConfig | false | Deprecated | 1.22 | - |
DynamicProvisioningScheduling | false | Alpha | 1.11 | 1.11 |
DynamicProvisioningScheduling | - | Deprecated | 1.12 | - |
DynamicVolumeProvisioning | true | Alpha | 1.3 | 1.7 |
DynamicVolumeProvisioning | true | GA | 1.8 | - |
EnableAggregatedDiscoveryTimeout | true | Deprecated | 1.16 | - |
EnableEquivalenceClassCache | false | Alpha | 1.8 | 1.14 |
EnableEquivalenceClassCache | - | Deprecated | 1.15 | - |
EndpointSlice | false | Alpha | 1.16 | 1.16 |
EndpointSlice | false | Beta | 1.17 | 1.17 |
EndpointSlice | true | Beta | 1.18 | 1.20 |
EndpointSlice | true | GA | 1.21 | - |
EndpointSliceNodeName | false | Alpha | 1.20 | 1.20 |
EndpointSliceNodeName | true | GA | 1.21 | - |
EndpointSliceProxying | false | Alpha | 1.18 | 1.18 |
EndpointSliceProxying | true | Beta | 1.19 | 1.21 |
EndpointSliceProxying | true | GA | 1.22 | - |
EvenPodsSpread | false | Alpha | 1.16 | 1.17 |
EvenPodsSpread | true | Beta | 1.18 | 1.18 |
EvenPodsSpread | true | GA | 1.19 | - |
ExecProbeTimeout | true | GA | 1.20 | - |
ExperimentalCriticalPodAnnotation | false | Alpha | 1.5 | 1.12 |
ExperimentalCriticalPodAnnotation | false | Deprecated | 1.13 | - |
ExternalPolicyForExternalIP | true | GA | 1.18 | - |
GCERegionalPersistentDisk | true | Beta | 1.10 | 1.12 |
GCERegionalPersistentDisk | true | GA | 1.13 | - |
GenericEphemeralVolume | false | Alpha | 1.19 | 1.20 |
GenericEphemeralVolume | true | Beta | 1.21 | 1.22 |
GenericEphemeralVolume | true | GA | 1.23 | - |
HugePageStorageMediumSize | false | Alpha | 1.18 | 1.18 |
HugePageStorageMediumSize | true | Beta | 1.19 | 1.21 |
HugePageStorageMediumSize | true | GA | 1.22 | - |
HugePages | false | Alpha | 1.8 | 1.9 |
HugePages | true | Beta | 1.10 | 1.13 |
HugePages | true | GA | 1.14 | - |
HyperVContainer | false | Alpha | 1.10 | 1.19 |
HyperVContainer | false | Deprecated | 1.20 | - |
ImmutableEphemeralVolumes | false | Alpha | 1.18 | 1.18 |
ImmutableEphemeralVolumes | true | Beta | 1.19 | 1.20 |
ImmutableEphemeralVolumes | true | GA | 1.21 | |
IngressClassNamespacedParams | false | Alpha | 1.21 | 1.21 |
IngressClassNamespacedParams | true | Beta | 1.22 | 1.22 |
IngressClassNamespacedParams | true | GA | 1.23 | - |
Initializers | false | Alpha | 1.7 | 1.13 |
Initializers | - | Deprecated | 1.14 | - |
IPv6DualStack | false | Alpha | 1.15 | 1.20 |
IPv6DualStack | true | Beta | 1.21 | 1.22 |
IPv6DualStack | true | GA | 1.23 | - |
KubeletConfigFile | false | Alpha | 1.8 | 1.9 |
KubeletConfigFile | - | Deprecated | 1.10 | - |
KubeletPluginsWatcher | false | Alpha | 1.11 | 1.11 |
KubeletPluginsWatcher | true | Beta | 1.12 | 1.12 |
KubeletPluginsWatcher | true | GA | 1.13 | - |
LegacyNodeRoleBehavior | false | Alpha | 1.16 | 1.18 |
LegacyNodeRoleBehavior | true | Beta | 1.19 | 1.20 |
LegacyNodeRoleBehavior | false | GA | 1.21 | - |
MountContainers | false | Alpha | 1.9 | 1.16 |
MountContainers | false | Deprecated | 1.17 | - |
MountPropagation | false | Alpha | 1.8 | 1.9 |
MountPropagation | true | Beta | 1.10 | 1.11 |
MountPropagation | true | GA | 1.12 | - |
NodeDisruptionExclusion | false | Alpha | 1.16 | 1.18 |
NodeDisruptionExclusion | true | Beta | 1.19 | 1.20 |
NodeDisruptionExclusion | true | GA | 1.21 | - |
NodeLease | false | Alpha | 1.12 | 1.13 |
NodeLease | true | Beta | 1.14 | 1.16 |
NodeLease | true | GA | 1.17 | - |
NamespaceDefaultLabelName | true | Beta | 1.21 | 1.21 |
NamespaceDefaultLabelName | true | GA | 1.22 | - |
PVCProtection | false | Alpha | 1.9 | 1.9 |
PVCProtection | - | Deprecated | 1.10 | - |
PersistentLocalVolumes | false | Alpha | 1.7 | 1.9 |
PersistentLocalVolumes | true | Beta | 1.10 | 1.13 |
PersistentLocalVolumes | true | GA | 1.14 | - |
PodDisruptionBudget | false | Alpha | 1.3 | 1.4 |
PodDisruptionBudget | true | Beta | 1.5 | 1.20 |
PodDisruptionBudget | true | GA | 1.21 | - |
PodPriority | false | Alpha | 1.8 | 1.10 |
PodPriority | true | Beta | 1.11 | 1.13 |
PodPriority | true | GA | 1.14 | - |
PodReadinessGates | false | Alpha | 1.11 | 1.11 |
PodReadinessGates | true | Beta | 1.12 | 1.13 |
PodReadinessGates | true | GA | 1.14 | - |
PodShareProcessNamespace | false | Alpha | 1.10 | 1.11 |
PodShareProcessNamespace | true | Beta | 1.12 | 1.16 |
PodShareProcessNamespace | true | GA | 1.17 | - |
RequestManagement | false | Alpha | 1.15 | 1.16 |
RequestManagement | - | Derecated | 1.17 | - |
ResourceLimitsPriorityFunction | false | Alpha | 1.9 | 1.18 |
ResourceLimitsPriorityFunction | - | Deprecated | 1.19 | - |
ResourceQuotaScopeSelectors | false | Alpha | 1.11 | 1.11 |
ResourceQuotaScopeSelectors | true | Beta | 1.12 | 1.16 |
ResourceQuotaScopeSelectors | true | GA | 1.17 | - |
RootCAConfigMap | false | Alpha | 1.13 | 1.19 |
RootCAConfigMap | true | Beta | 1.20 | 1.20 |
RootCAConfigMap | true | GA | 1.21 | - |
RotateKubeletClientCertificate | true | Beta | 1.8 | 1.18 |
RotateKubeletClientCertificate | true | GA | 1.19 | - |
RunAsGroup | true | Beta | 1.14 | 1.20 |
RunAsGroup | true | GA | 1.21 | - |
RuntimeClass | false | Alpha | 1.12 | 1.13 |
RuntimeClass | true | Beta | 1.14 | 1.19 |
RuntimeClass | true | GA | 1.20 | - |
SCTPSupport | false | Alpha | 1.12 | 1.18 |
SCTPSupport | true | Beta | 1.19 | 1.19 |
SCTPSupport | true | GA | 1.20 | - |
ScheduleDaemonSetPods | false | Alpha | 1.11 | 1.11 |
ScheduleDaemonSetPods | true | Beta | 1.12 | 1.16 |
ScheduleDaemonSetPods | true | GA | 1.17 | - |
SelectorIndex | false | Alpha | 1.18 | 1.18 |
SelectorIndex | true | Beta | 1.19 | 1.19 |
SelectorIndex | true | GA | 1.20 | - |
ServerSideApply | false | Alpha | 1.14 | 1.15 |
ServerSideApply | true | Beta | 1.16 | 1.21 |
ServerSideApply | true | GA | 1.22 | - |
ServiceAccountIssuerDiscovery | false | Alpha | 1.18 | 1.19 |
ServiceAccountIssuerDiscovery | true | Beta | 1.20 | 1.20 |
ServiceAccountIssuerDiscovery | true | GA | 1.21 | - |
ServiceAppProtocol | false | Alpha | 1.18 | 1.18 |
ServiceAppProtocol | true | Beta | 1.19 | 1.19 |
ServiceAppProtocol | true | GA | 1.20 | - |
ServiceLoadBalancerFinalizer | false | Alpha | 1.15 | 1.15 |
ServiceLoadBalancerFinalizer | true | Beta | 1.16 | 1.16 |
ServiceLoadBalancerFinalizer | true | GA | 1.17 | - |
ServiceNodeExclusion | false | Alpha | 1.8 | 1.18 |
ServiceNodeExclusion | true | Beta | 1.19 | 1.20 |
ServiceNodeExclusion | true | GA | 1.21 | - |
ServiceTopology | false | Alpha | 1.17 | 1.19 |
ServiceTopology | false | Deprecated | 1.20 | - |
SetHostnameAsFQDN | false | Alpha | 1.19 | 1.19 |
SetHostnameAsFQDN | true | Beta | 1.20 | 1.21 |
SetHostnameAsFQDN | true | GA | 1.22 | - |
StartupProbe | false | Alpha | 1.16 | 1.17 |
StartupProbe | true | Beta | 1.18 | 1.19 |
StartupProbe | true | GA | 1.20 | - |
StorageObjectInUseProtection | true | Beta | 1.10 | 1.10 |
StorageObjectInUseProtection | true | GA | 1.11 | - |
StreamingProxyRedirects | false | Beta | 1.5 | 1.5 |
StreamingProxyRedirects | true | Beta | 1.6 | 1.17 |
StreamingProxyRedirects | true | Deprecated | 1.18 | 1.21 |
StreamingProxyRedirects | false | Deprecated | 1.22 | - |
SupportIPVSProxyMode | false | Alpha | 1.8 | 1.8 |
SupportIPVSProxyMode | false | Beta | 1.9 | 1.9 |
SupportIPVSProxyMode | true | Beta | 1.10 | 1.10 |
SupportIPVSProxyMode | true | GA | 1.11 | - |
SupportNodePidsLimit | false | Alpha | 1.14 | 1.14 |
SupportNodePidsLimit | true | Beta | 1.15 | 1.19 |
SupportNodePidsLimit | true | GA | 1.20 | - |
SupportPodPidsLimit | false | Alpha | 1.10 | 1.13 |
SupportPodPidsLimit | true | Beta | 1.14 | 1.19 |
SupportPodPidsLimit | true | GA | 1.20 | - |
Sysctls | true | Beta | 1.11 | 1.20 |
Sysctls | true | GA | 1.21 | |
TTLAfterFinished | false | Alpha | 1.12 | 1.20 |
TTLAfterFinished | true | Beta | 1.21 | 1.22 |
TTLAfterFinished | true | GA | 1.23 | - |
TaintBasedEvictions | false | Alpha | 1.6 | 1.12 |
TaintBasedEvictions | true | Beta | 1.13 | 1.17 |
TaintBasedEvictions | true | GA | 1.18 | - |
TaintNodesByCondition | false | Alpha | 1.8 | 1.11 |
TaintNodesByCondition | true | Beta | 1.12 | 1.16 |
TaintNodesByCondition | true | GA | 1.17 | - |
TokenRequest | false | Alpha | 1.10 | 1.11 |
TokenRequest | true | Beta | 1.12 | 1.19 |
TokenRequest | true | GA | 1.20 | - |
TokenRequestProjection | false | Alpha | 1.11 | 1.11 |
TokenRequestProjection | true | Beta | 1.12 | 1.19 |
TokenRequestProjection | true | GA | 1.20 | - |
ValidateProxyRedirects | false | Alpha | 1.12 | 1.13 |
ValidateProxyRedirects | true | Beta | 1.14 | 1.21 |
ValidateProxyRedirects | true | Deprecated | 1.22 | - |
VolumePVCDataSource | false | Alpha | 1.15 | 1.15 |
VolumePVCDataSource | true | Beta | 1.16 | 1.17 |
VolumePVCDataSource | true | GA | 1.18 | - |
VolumeScheduling | false | Alpha | 1.9 | 1.9 |
VolumeScheduling | true | Beta | 1.10 | 1.12 |
VolumeScheduling | true | GA | 1.13 | - |
VolumeSnapshotDataSource | false | Alpha | 1.12 | 1.16 |
VolumeSnapshotDataSource | true | Beta | 1.17 | 1.19 |
VolumeSnapshotDataSource | true | GA | 1.20 | - |
VolumeSubpath | true | GA | 1.10 | - |
VolumeSubpathEnvExpansion | false | Alpha | 1.14 | 1.14 |
VolumeSubpathEnvExpansion | true | Beta | 1.15 | 1.16 |
VolumeSubpathEnvExpansion | true | GA | 1.17 | - |
WarningHeaders | true | Beta | 1.19 | 1.21 |
WarningHeaders | true | GA | 1.22 | - |
WatchBookmark | false | Alpha | 1.15 | 1.15 |
WatchBookmark | true | Beta | 1.16 | 1.16 |
WatchBookmark | true | GA | 1.17 | - |
WindowsEndpointSliceProxying | false | Alpha | 1.19 | 1.20 |
WindowsEndpointSliceProxying | true | Beta | 1.21 | 1.21 |
WindowsEndpointSliceProxying | true | GA | 1.22 | - |
WindowsGMSA | false | Alpha | 1.14 | 1.15 |
WindowsGMSA | true | Beta | 1.16 | 1.17 |
WindowsGMSA | true | GA | 1.18 | - |
WindowsRunAsUserName | false | Alpha | 1.16 | 1.16 |
WindowsRunAsUserName | true | Beta | 1.17 | 1.17 |
WindowsRunAsUserName | true | GA | 1.18 | - |
A feature can be in Alpha, Beta or GA stage. An Alpha feature means:
A Beta feature means:
A General Availability (GA) feature is also referred to as a stable feature. It means:
Each feature gate is designed for enabling/disabling a specific feature:
APIListChunking
: Enable the API clients to retrieve (LIST
or GET
) resources from API server in chunks.APIPriorityAndFairness
: Enable managing request concurrency with prioritization and fairness at each server. (Renamed from RequestManagement
)APIResponseCompression
: Compress the API responses for LIST
or GET
requests.APIServerIdentity
: Assign each API server an ID in a cluster.APIServerTracing
: Add support for distributed tracing in the API server.Accelerators
: Enable Nvidia GPU support when using DockerAdvancedAuditing
: Enable advanced auditing
AffinityInAnnotations
: Enable setting Pod affinity or anti-affinity.AllowExtTrafficLocalEndpoints
: Enable a service to route external requests to node local endpoints.AllowInsecureBackendProxy
: Enable the users to skip TLS verification of kubelets on Pod log requests.AnyVolumeDataSource
: Enable use of any custom resource as the DataSource
of a PVC.AppArmor
: Enable AppArmor based mandatory access control on Linux nodes when using Docker. See AppArmor Tutorial for more details.AttachVolumeLimit
: Enable volume plugins to report limits on number of volumes that can be attached to a node. See dynamic volume limits for more details.BalanceAttachedNodeVolumes
: Include volume count on node to be considered for balanced resource allocation while scheduling. A node which has closer CPU, memory utilization, and volume count is favored by the scheduler while making decisions.BlockVolume
: Enable the definition and consumption of raw block devices in Pods. See Raw Block Volume Support for more details.BoundServiceAccountTokenVolume
: Migrate ServiceAccount volumes to use a projected volume consisting of a ServiceAccountTokenVolumeProjection. Cluster admins can use metric serviceaccount_stale_tokens_total
to monitor workloads that are depending on the extended tokens. If there are no such workloads, turn off extended tokens by starting kube-apiserver
with flag --service-account-extend-token-expiration=false
. Check Bound Service Account Tokens for more details.ControllerManagerLeaderMigration
: Enables Leader Migration for kube-controller-manager and cloud-controller-manager which allows a cluster operator to live migrate controllers from the kube-controller-manager into an external controller-manager (e.g. the cloud-controller-manager) in an HA cluster without downtime.CPUManager
: Enable container level CPU affinity support, see CPU Management Policies.CPUManagerPolicyAlphaOptions
: This allows fine-tuning of CPUManager policies, experimental, Alpha-quality options This feature gate guards a group of CPUManager options whose quality level is alpha. This feature gate will never graduate to beta or stable.CPUManagerPolicyBetaOptions
: This allows fine-tuning of CPUManager policies, experimental, Beta-quality options This feature gate guards a group of CPUManager options whose quality level is beta. This feature gate will never graduate to stable.CPUManagerPolicyOptions
: Allow fine-tuning of CPUManager policies.CRIContainerLogRotation
: Enable container log rotation for CRI container runtime. The default max size of a log file is 10MB and the default max number of log files allowed for a container is 5. These values can be configured in the kubelet config. See the logging at node level documentation for more details.CSIBlockVolume
: Enable external CSI volume drivers to support block storage. See the csi
raw block volume support documentation for more details.CSIDriverRegistry
: Enable all logic related to the CSIDriver API object in csi.storage.k8s.io.CSIInlineVolume
: Enable CSI Inline volumes support for pods.CSIMigration
: Enables shims and translation logic to route volume operations from in-tree plugins to corresponding pre-installed CSI pluginsCSIMigrationAWS
: Enables shims and translation logic to route volume operations from the AWS-EBS in-tree plugin to EBS CSI plugin. Supports falling back to in-tree EBS plugin if a node does not have EBS CSI plugin installed and configured. Requires CSIMigration feature flag enabled.CSIMigrationAWSComplete
: Stops registering the EBS in-tree plugin in kubelet and volume controllers and enables shims and translation logic to route volume operations from the AWS-EBS in-tree plugin to EBS CSI plugin. Requires CSIMigration and CSIMigrationAWS feature flags enabled and EBS CSI plugin installed and configured on all nodes in the cluster. This flag has been deprecated in favor of the InTreePluginAWSUnregister
feature flag which prevents the registration of in-tree EBS plugin.CSIMigrationAzureDisk
: Enables shims and translation logic to route volume operations from the Azure-Disk in-tree plugin to AzureDisk CSI plugin. Supports falling back to in-tree AzureDisk plugin if a node does not have AzureDisk CSI plugin installed and configured. Requires CSIMigration feature flag enabled.CSIMigrationAzureDiskComplete
: Stops registering the Azure-Disk in-tree plugin in kubelet and volume controllers and enables shims and translation logic to route volume operations from the Azure-Disk in-tree plugin to AzureDisk CSI plugin. Requires CSIMigration and CSIMigrationAzureDisk feature flags enabled and AzureDisk CSI plugin installed and configured on all nodes in the cluster. This flag has been deprecated in favor of the InTreePluginAzureDiskUnregister
feature flag which prevents the registration of in-tree AzureDisk plugin.CSIMigrationAzureFile
: Enables shims and translation logic to route volume operations from the Azure-File in-tree plugin to AzureFile CSI plugin. Supports falling back to in-tree AzureFile plugin if a node does not have AzureFile CSI plugin installed and configured. Requires CSIMigration feature flag enabled.CSIMigrationAzureFileComplete
: Stops registering the Azure-File in-tree plugin in kubelet and volume controllers and enables shims and translation logic to route volume operations from the Azure-File in-tree plugin to AzureFile CSI plugin. Requires CSIMigration and CSIMigrationAzureFile feature flags enabled and AzureFile CSI plugin installed and configured on all nodes in the cluster. This flag has been deprecated in favor of the InTreePluginAzureFileUnregister
feature flag which prevents the registration of in-tree AzureFile plugin.CSIMigrationGCE
: Enables shims and translation logic to route volume operations from the GCE-PD in-tree plugin to PD CSI plugin. Supports falling back to in-tree GCE plugin if a node does not have PD CSI plugin installed and configured. Requires CSIMigration feature flag enabled.CSIMigrationRBD
: Enables shims and translation logic to route volume operations from the RBD in-tree plugin to Ceph RBD CSI plugin. Requires CSIMigration and CSIMigrationRBD feature flags enabled and Ceph CSI plugin installed and configured in the cluster. This flag has been deprecated in favor of the InTreePluginRBDUnregister
feature flag which prevents the registration of in-tree RBD plugin.CSIMigrationGCEComplete
: Stops registering the GCE-PD in-tree plugin in kubelet and volume controllers and enables shims and translation logic to route volume operations from the GCE-PD in-tree plugin to PD CSI plugin. Requires CSIMigration and CSIMigrationGCE feature flags enabled and PD CSI plugin installed and configured on all nodes in the cluster. This flag has been deprecated in favor of the InTreePluginGCEUnregister
feature flag which prevents the registration of in-tree GCE PD plugin.CSIMigrationOpenStack
: Enables shims and translation logic to route volume operations from the Cinder in-tree plugin to Cinder CSI plugin. Supports falling back to in-tree Cinder plugin if a node does not have Cinder CSI plugin installed and configured. Requires CSIMigration feature flag enabled.CSIMigrationOpenStackComplete
: Stops registering the Cinder in-tree plugin in kubelet and volume controllers and enables shims and translation logic to route volume operations from the Cinder in-tree plugin to Cinder CSI plugin. Requires CSIMigration and CSIMigrationOpenStack feature flags enabled and Cinder CSI plugin installed and configured on all nodes in the cluster. This flag has been deprecated in favor of the InTreePluginOpenStackUnregister
feature flag which prevents the registration of in-tree openstack cinder plugin.CSIMigrationvSphere
: Enables shims and translation logic to route volume operations from the vSphere in-tree plugin to vSphere CSI plugin. Supports falling back to in-tree vSphere plugin if a node does not have vSphere CSI plugin installed and configured. Requires CSIMigration feature flag enabled.CSIMigrationvSphereComplete
: Stops registering the vSphere in-tree plugin in kubelet and volume controllers and enables shims and translation logic to route volume operations from the vSphere in-tree plugin to vSphere CSI plugin. Requires CSIMigration and CSIMigrationvSphere feature flags enabled and vSphere CSI plugin installed and configured on all nodes in the cluster. This flag has been deprecated in favor of the InTreePluginvSphereUnregister
feature flag which prevents the registration of in-tree vsphere plugin.CSIMigrationPortworx
: Enables shims and translation logic to route volume operations from the Portworx in-tree plugin to Portworx CSI plugin. Requires Portworx CSI driver to be installed and configured in the cluster, and feature gate set CSIMigrationPortworx=true
in kube-controller-manager and kubelet configs.CSINodeInfo
: Enable all logic related to the CSINodeInfo API object in csi.storage.k8s.io.CSIPersistentVolume
: Enable discovering and mounting volumes provisioned through a CSI (Container Storage Interface) compatible volume plugin.CSIServiceAccountToken
: Enable CSI drivers to receive the pods' service account token that they mount volumes for. See Token Requests.CSIStorageCapacity
: Enables CSI drivers to publish storage capacity information and the Kubernetes scheduler to use that information when scheduling pods. See Storage Capacity. Check the csi
volume type documentation for more details.CSIVolumeFSGroupPolicy
: Allows CSIDrivers to use the fsGroupPolicy
field. This field controls whether volumes created by a CSIDriver support volume ownership and permission modifications when these volumes are mounted.CSIVolumeHealth
: Enable support for CSI volume health monitoring on node.CSRDuration
: Allows clients to request a duration for certificates issued via the Kubernetes CSR API.ConfigurableFSGroupPolicy
: Allows user to configure volume permission change policy for fsGroups when mounting a volume in a Pod. See Configure volume permission and ownership change policy for Pods for more details.ControllerManagerLeaderMigration
: Enables leader migration for kube-controller-manager
and cloud-controller-manager
.CronJobControllerV2
: Use an alternative implementation of the CronJob controller. Otherwise, version 1 of the same controller is selected.CustomCPUCFSQuotaPeriod
: Enable nodes to change cpuCFSQuotaPeriod
in kubelet config.CustomResourceValidationExpressions
: Enable expression language validation in CRD which will validate customer resource based on validation rules written in x-kubernetes-validations
extension.CustomPodDNS
: Enable customizing the DNS settings for a Pod using its dnsConfig
property. Check Pod's DNS Config for more details.CustomResourceDefaulting
: Enable CRD support for default values in OpenAPI v3 validation schemas.CustomResourcePublishOpenAPI
: Enables publishing of CRD OpenAPI specs.CustomResourceSubresources
: Enable /status
and /scale
subresources on resources created from CustomResourceDefinition.CustomResourceValidation
: Enable schema based validation on resources created from CustomResourceDefinition.CustomResourceWebhookConversion
: Enable webhook-based conversion on resources created from CustomResourceDefinition.DaemonSetUpdateSurge
: Enables the DaemonSet workloads to maintain availability during update per node.DefaultPodTopologySpread
: Enables the use of PodTopologySpread
scheduling plugin to do default spreading.DelegateFSGroupToCSIDriver
: If supported by the CSI driver, delegates the role of applying fsGroup
from a Pod's securityContext
to the driver by passing fsGroup
through the NodeStageVolume and NodePublishVolume CSI calls.DevicePlugins
: Enable the device-plugins based resource provisioning on nodes.DisableAcceleratorUsageMetrics
: Disable accelerator metrics collected by the kubelet.DisableCloudProviders
: Disables any functionality in kube-apiserver
, kube-controller-manager
and kubelet
related to the --cloud-provider
component flag.DisableKubeletCloudCredentialProviders
: Disable the in-tree functionality in kubelet to authenticate to a cloud provider container registry for image pull credentials.DownwardAPIHugePages
: Enables usage of hugepages in downward API.DryRun
: Enable server-side dry run requests so that validation, merging, and mutation can be tested without committing.DynamicAuditing
: Used to enable dynamic auditing before v1.19.DynamicKubeletConfig
: Enable the dynamic configuration of kubelet. See Reconfigure kubelet.DynamicProvisioningScheduling
: Extend the default scheduler to be aware of volume topology and handle PV provisioning. This feature is superseded by the VolumeScheduling
feature completely in v1.12.DynamicVolumeProvisioning
: Enable the dynamic provisioning of persistent volumes to Pods.EfficientWatchResumption
: Allows for storage-originated bookmark (progress notify) events to be delivered to the users. This is only applied to watch operations.EnableAggregatedDiscoveryTimeout
: Enable the five second timeout on aggregated discovery calls.EnableEquivalenceClassCache
: Enable the scheduler to cache equivalence of nodes when scheduling Pods.EndpointSlice
: Enables EndpointSlices for more scalable and extensible network endpoints. See Enabling EndpointSlices.EndpointSliceNodeName
: Enables EndpointSlice nodeName
field.EndpointSliceProxying
: When enabled, kube-proxy running on Linux will use EndpointSlices as the primary data source instead of Endpoints, enabling scalability and performance improvements. See Enabling Endpoint Slices.EndpointSliceTerminatingCondition
: Enables EndpointSlice terminating
and serving
condition fields.EphemeralContainers
: Enable the ability to add ephemeral containers to running pods.EvenPodsSpread
: Enable pods to be scheduled evenly across topology domains. See Pod Topology Spread Constraints.ExecProbeTimeout
: Ensure kubelet respects exec probe timeouts. This feature gate exists in case any of your existing workloads depend on a now-corrected fault where Kubernetes ignored exec probe timeouts. See readiness probes.ExpandCSIVolumes
: Enable the expanding of CSI volumes.ExpandedDNSConfig
: Enable kubelet and kube-apiserver to allow more DNS search paths and longer list of DNS search paths. This feature requires container runtime support(Containerd: v1.5.6 or higher, CRI-O: v1.22 or higher). See Expanded DNS Configuration.ExpandInUsePersistentVolumes
: Enable expanding in-use PVCs. See Resizing an in-use PersistentVolumeClaim.ExpandPersistentVolumes
: Enable the expanding of persistent volumes. See Expanding Persistent Volumes Claims.ExperimentalCriticalPodAnnotation
: Enable annotating specific pods as critical so that their scheduling is guaranteed. This feature is deprecated by Pod Priority and Preemption as of v1.13.ExperimentalHostUserNamespaceDefaulting
: Enabling the defaulting user namespace to host. This is for containers that are using other host namespaces, host mounts, or containers that are privileged or using specific non-namespaced capabilities (e.g. MKNODE
, SYS_MODULE
etc.). This should only be enabled if user namespace remapping is enabled in the Docker daemon.ExternalPolicyForExternalIP
: Fix a bug where ExternalTrafficPolicy is not applied to Service ExternalIPs.GCERegionalPersistentDisk
: Enable the regional PD feature on GCE.GenericEphemeralVolume
: Enables ephemeral, inline volumes that support all features of normal volumes (can be provided by third-party storage vendors, storage capacity tracking, restore from snapshot, etc.). See Ephemeral Volumes.GracefulNodeShutdown
: Enables support for graceful shutdown in kubelet. During a system shutdown, kubelet will attempt to detect the shutdown event and gracefully terminate pods running on the node. See Graceful Node Shutdown for more details. = GracefulNodeShutdownBasedOnPodPriority
: Enables the kubelet to check Pod priorities when shutting down a node gracefully.GRPCContainerProbe
: Enables the gRPC probe method for {Liveness,Readiness,Startup}Probe. See Configure Liveness, Readiness and Startup Probes.HonorPVReclaimPolicy
: Honor persistent volume reclaim policy when it is Delete
irrespective of PV-PVC deletion ordering.HPAContainerMetrics
: Enable the HorizontalPodAutoscaler
to scale based on metrics from individual containers in target pods.HPAScaleToZero
: Enables setting minReplicas
to 0 for HorizontalPodAutoscaler
resources when using custom or external metrics.HugePages
: Enable the allocation and consumption of pre-allocated huge pages.HugePageStorageMediumSize
: Enable support for multiple sizes pre-allocated huge pages.HyperVContainer
: Enable Hyper-V isolation for Windows containers.IdentifyPodOS
: Allows the Pod OS field to be specified. This helps in identifying the OS of the pod authoritatively during the API server admission time. In Kubernetes 1.23, the allowed values for the pod.spec.os.name
are windows
and linux
.ImmutableEphemeralVolumes
: Allows for marking individual Secrets and ConfigMaps as immutable for better safety and performance.InTreePluginAWSUnregister
: Stops registering the aws-ebs in-tree plugin in kubelet and volume controllers.InTreePluginAzureDiskUnregister
: Stops registering the azuredisk in-tree plugin in kubelet and volume controllers.InTreePluginAzureFileUnregister
: Stops registering the azurefile in-tree plugin in kubelet and volume controllers.InTreePluginGCEUnregister
: Stops registering the gce-pd in-tree plugin in kubelet and volume controllers.InTreePluginOpenStackUnregister
: Stops registering the OpenStack cinder in-tree plugin in kubelet and volume controllers.InTreePluginPortworxUnregister
: Stops registering the Portworx in-tree plugin in kubelet and volume controllers.InTreePluginRBDUnregister
: Stops registering the RBD in-tree plugin in kubelet and volume controllers.InTreePluginvSphereUnregister
: Stops registering the vSphere in-tree plugin in kubelet and volume controllers.IndexedJob
: Allows the Job controller to manage Pod completions per completion index.IngressClassNamespacedParams
: Allow namespace-scoped parameters reference in IngressClass
resource. This feature adds two fields - Scope
and Namespace
to IngressClass.spec.parameters
.Initializers
: Allow asynchronous coordination of object creation using the Initializers admission plugin.IPv6DualStack
: Enable dual stack support for IPv6.JobMutableNodeSchedulingDirectives
: Allows updating node scheduling directives in the pod template of Job.JobReadyPods
: Enables tracking the number of Pods that have a Ready
condition. The count of Ready
pods is recorded in the status of a Job status.JobTrackingWithFinalizers
: Enables tracking Job completions without relying on Pods remaining in the cluster indefinitely. The Job controller uses Pod finalizers and a field in the Job status to keep track of the finished Pods to count towards completion.KubeletConfigFile
: Enable loading kubelet configuration from a file specified using a config file. See setting kubelet parameters via a config file for more details.KubeletCredentialProviders
: Enable kubelet exec credential providers for image pull credentials.KubeletInUserNamespace
: Enables support for running kubelet in a user namespace. See Running Kubernetes Node Components as a Non-root User.KubeletPluginsWatcher
: Enable probe-based plugin watcher utility to enable kubelet to discover plugins such as CSI volume drivers.KubeletPodResources
: Enable the kubelet's pod resources gRPC endpoint. See Support Device Monitoring for more details.KubeletPodResourcesGetAllocatable
: Enable the kubelet's pod resources GetAllocatableResources
functionality. This API augments the resource allocation reporting with informations about the allocatable resources, enabling clients to properly track the free compute resources on a node.LegacyNodeRoleBehavior
: When disabled, legacy behavior in service load balancers and node disruption will ignore the node-role.kubernetes.io/master
label in favor of the feature-specific labels provided by NodeDisruptionExclusion
and ServiceNodeExclusion
.LocalStorageCapacityIsolation
: Enable the consumption of local ephemeral storage and also the sizeLimit
property of an emptyDir volume.LocalStorageCapacityIsolationFSQuotaMonitoring
: When LocalStorageCapacityIsolation
is enabled for local ephemeral storage and the backing filesystem for emptyDir volumes supports project quotas and they are enabled, use project quotas to monitor emptyDir volume storage consumption rather than filesystem walk for better performance and accuracy.LogarithmicScaleDown
: Enable semi-random selection of pods to evict on controller scaledown based on logarithmic bucketing of pod timestamps.MemoryManager
: Allows setting memory affinity for a container based on NUMA topology.MemoryQoS
: Enable memory protection and usage throttle on pod / container using cgroup v2 memory controller.MixedProtocolLBService
: Enable using different protocols in the same LoadBalancer
type Service instance.MountContainers
: Enable using utility containers on host as the volume mounter.MountPropagation
: Enable sharing volume mounted by one container to other containers or pods. For more details, please see mount propagation.NamespaceDefaultLabelName
: Configure the API Server to set an immutable label kubernetes.io/metadata.name
on all namespaces, containing the namespace name.NetworkPolicyEndPort
: Enable use of the field endPort
in NetworkPolicy objects, allowing the selection of a port range instead of a single port.NodeDisruptionExclusion
: Enable use of the Node label node.kubernetes.io/exclude-disruption
which prevents nodes from being evacuated during zone failures.NodeLease
: Enable the new Lease API to report node heartbeats, which could be used as a node health signal.NodeSwap
: Enable the kubelet to allocate swap memory for Kubernetes workloads on a node. Must be used with KubeletConfiguration.failSwapOn
set to false. For more details, please see swap memory
NonPreemptingPriority
: Enable preemptionPolicy
field for PriorityClass and Pod.OpenAPIEnums
: Enables populating "enum" fields of OpenAPI schemas in the spec returned from the API server.OpenAPIV3
: Enables the API server to publish OpenAPI v3.PVCProtection
: Enable the prevention of a PersistentVolumeClaim (PVC) from being deleted when it is still used by any Pod.PodDeletionCost
: Enable the Pod Deletion Cost feature which allows users to influence ReplicaSet downscaling order.PersistentLocalVolumes
: Enable the usage of local
volume type in Pods. Pod affinity has to be specified if requesting a local
volume.PodAndContainerStatsFromCRI
: Configure the kubelet to gather container and pod stats from the CRI container runtime rather than gathering them from cAdvisor.PodDisruptionBudget
: Enable the PodDisruptionBudget feature.PodAffinityNamespaceSelector
: Enable the Pod Affinity Namespace Selector and CrossNamespacePodAffinity quota scope features.PodOverhead
: Enable the PodOverhead feature to account for pod overheads.PodPriority
: Enable the descheduling and preemption of Pods based on their priorities.PodReadinessGates
: Enable the setting of PodReadinessGate
field for extending Pod readiness evaluation. See Pod readiness gate for more details.PodSecurity
: Enables the PodSecurity
admission plugin.PodShareProcessNamespace
: Enable the setting of shareProcessNamespace
in a Pod for sharing a single process namespace between containers running in a pod. More details can be found in Share Process Namespace between Containers in a Pod.PreferNominatedNode
: This flag tells the scheduler whether the nominated nodes will be checked first before looping through all the other nodes in the cluster.ProbeTerminationGracePeriod
: Enable setting probe-level terminationGracePeriodSeconds
on pods. See the enhancement proposal for more details.ProcMountType
: Enables control over the type proc mounts for containers by setting the procMount
field of a SecurityContext.ProxyTerminatingEndpoints
: Enable the kube-proxy to handle terminating endpoints when ExternalTrafficPolicy=Local
.QOSReserved
: Allows resource reservations at the QoS level preventing pods at lower QoS levels from bursting into resources requested at higher QoS levels (memory only for now).ReadWriteOncePod
: Enables the usage of ReadWriteOncePod
PersistentVolume access mode.RecoverVolumeExpansionFailure
: Enables users to edit their PVCs to smaller sizes so as they can recover from previously issued volume expansion failures. See Recovering from Failure when Expanding Volumes for more details.RemainingItemCount
: Allow the API servers to show a count of remaining items in the response to a chunking list request.RemoveSelfLink
: Deprecates and removes selfLink
from ObjectMeta and ListMeta.RequestManagement
: Enables managing request concurrency with prioritization and fairness at each API server. Deprecated by APIPriorityAndFairness
since 1.17.ResourceLimitsPriorityFunction
: Enable a scheduler priority function that assigns a lowest possible score of 1 to a node that satisfies at least one of the input Pod's cpu and memory limits. The intent is to break ties between nodes with same scores.ResourceQuotaScopeSelectors
: Enable resource quota scope selectors.RootCAConfigMap
: Configure the kube-controller-manager
to publish a ConfigMap named kube-root-ca.crt
to every namespace. This ConfigMap contains a CA bundle used for verifying connections to the kube-apiserver. See Bound Service Account Tokens for more details.RotateKubeletClientCertificate
: Enable the rotation of the client TLS certificate on the kubelet. See kubelet configuration for more details.RotateKubeletServerCertificate
: Enable the rotation of the server TLS certificate on the kubelet. See kubelet configuration for more details.RunAsGroup
: Enable control over the primary group ID set on the init processes of containers.RuntimeClass
: Enable the RuntimeClass feature for selecting container runtime configurations.ScheduleDaemonSetPods
: Enable DaemonSet Pods to be scheduled by the default scheduler instead of the DaemonSet controller.SCTPSupport
: Enables the SCTP protocol
value in Pod, Service, Endpoints, EndpointSlice, and NetworkPolicy definitions.SeccompDefault
: Enables the use of RuntimeDefault
as the default seccomp profile for all workloads. The seccomp profile is specified in the securityContext
of a Pod and/or a Container.SelectorIndex
: Allows label and field based indexes in API server watch cache to accelerate list operations.ServerSideApply
: Enables the Sever Side Apply (SSA) feature on the API Server.ServiceAccountIssuerDiscovery
: Enable OIDC discovery endpoints (issuer and JWKS URLs) for the service account issuer in the API server. See Configure Service Accounts for Pods for more details.ServiceAppProtocol
: Enables the appProtocol
field on Services and Endpoints.ServiceInternalTrafficPolicy
: Enables the internalTrafficPolicy
field on ServicesServiceLBNodePortControl
: Enables the allocateLoadBalancerNodePorts
field on Services.ServiceLoadBalancerClass
: Enables the loadBalancerClass
field on Services. See Specifying class of load balancer implementation for more details.ServiceLoadBalancerFinalizer
: Enable finalizer protection for Service load balancers.ServiceNodeExclusion
: Enable the exclusion of nodes from load balancers created by a cloud provider. A node is eligible for exclusion if labelled with "node.kubernetes.io/exclude-from-external-load-balancers
".ServiceTopology
: Enable service to route traffic based upon the Node topology of the cluster. See ServiceTopology for more details.SetHostnameAsFQDN
: Enable the ability of setting Fully Qualified Domain Name(FQDN) as the hostname of a pod. See Pod's setHostnameAsFQDN
field.SizeMemoryBackedVolumes
: Enable kubelets to determine the size limit for memory-backed volumes (mainly emptyDir
volumes).StartupProbe
: Enable the startup probe in the kubelet.StatefulSetMinReadySeconds
: Allows minReadySeconds
to be respected by the StatefulSet controller.StorageObjectInUseProtection
: Postpone the deletion of PersistentVolume or PersistentVolumeClaim objects if they are still being used.StorageVersionAPI
: Enable the storage version API.StorageVersionHash
: Allow API servers to expose the storage version hash in the discovery.StreamingProxyRedirects
: Instructs the API server to intercept (and follow) redirects from the backend (kubelet) for streaming requests. Examples of streaming requests include the exec
, attach
and port-forward
requests.SupportIPVSProxyMode
: Enable providing in-cluster service load balancing using IPVS. See service proxies for more details.SupportNodePidsLimit
: Enable the support to limiting PIDs on the Node. The parameter pid=<number>
in the --system-reserved
and --kube-reserved
options can be specified to ensure that the specified number of process IDs will be reserved for the system as a whole and for Kubernetes system daemons respectively.SupportPodPidsLimit
: Enable the support to limiting PIDs in Pods.SuspendJob
: Enable support to suspend and resume Jobs. See the Jobs docs for more details.Sysctls
: Enable support for namespaced kernel parameters (sysctls) that can be set for each pod. See sysctls for more details.TTLAfterFinished
: Allow a TTL controller to clean up resources after they finish execution.TaintBasedEvictions
: Enable evicting pods from nodes based on taints on Nodes and tolerations on Pods. See taints and tolerations for more details.TaintNodesByCondition
: Enable automatic tainting nodes based on node conditions.TokenRequest
: Enable the TokenRequest
endpoint on service account resources.TokenRequestProjection
: Enable the injection of service account tokens into a Pod through a projected
volume.TopologyAwareHints
: Enables topology aware routing based on topology hints in EndpointSlices. See Topology Aware Hints for more details.TopologyManager
: Enable a mechanism to coordinate fine-grained hardware resource assignments for different components in Kubernetes. See Control Topology Management Policies on a node.ValidateProxyRedirects
: This flag controls whether the API server should validate that redirects are only followed to the same host. Only used if the StreamingProxyRedirects
flag is enabled.VolumeCapacityPriority
: Enable support for prioritizing nodes in different topologies based on available PV capacity.VolumePVCDataSource
: Enable support for specifying an existing PVC as a DataSource.VolumeScheduling
: Enable volume topology aware scheduling and make the PersistentVolumeClaim (PVC) binding aware of scheduling decisions. It also enables the usage of local
volume type when used together with the PersistentLocalVolumes
feature gate.VolumeSnapshotDataSource
: Enable volume snapshot data source support.VolumeSubpath
: Allow mounting a subpath of a volume in a container.VolumeSubpathEnvExpansion
: Enable subPathExpr
field for expanding environment variables into a subPath
.WarningHeaders
: Allow sending warning headers in API responses.WatchBookmark
: Enable support for watch bookmark events.WinDSR
: Allows kube-proxy to create DSR loadbalancers for Windows.WinOverlay
: Allows kube-proxy to run in overlay mode for Windows.WindowsEndpointSliceProxying
: When enabled, kube-proxy running on Windows will use EndpointSlices as the primary data source instead of Endpoints, enabling scalability and performance improvements. See Enabling Endpoint Slices.WindowsGMSA
: Enables passing of GMSA credential specs from pods to container runtimes.WindowsHostProcessContainers
: Enables support for Windows HostProcess containers.WindowsRunAsUserName
: Enable support for running applications in Windows containers with as a non-default user. See Configuring RunAsUserName for more details.
© 2022 The Kubernetes Authors
Documentation Distributed under CC BY 4.0.
https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates