docs: Document CustomNoUpgrade featureSet in the feature gates user guide

modules/nodes-cluster-enabling-features-about.adoc

@@ -11,14 +11,21 @@ You can use the `FeatureGate` custom resource (CR) to enable specific feature se
 
 A feature set is a collection of {product-title} features that are not enabled by default.
 
-You can activate the following feature set by using the `FeatureGate` CR:
+You can activate the following feature sets by using the `FeatureGate` CR:
 
 * `TechPreviewNoUpgrade`. This feature set is a subset of the current Technology Preview features. This feature set allows you to enable these Technology Preview features on test clusters, where you can fully test them, while leaving the features disabled on production clusters.
 +
 [WARNING]
 ====
 Enabling the `TechPreviewNoUpgrade` feature set on your cluster cannot be undone and prevents minor version updates. You should not enable this feature set on production clusters.
 ====
+
+* `CustomNoUpgrade`. This feature set allows you to enable or disable individual feature gates without activating the entire Technology Preview suite. Use this feature set when you need granular control over specific feature gates.
++
+[WARNING]
+====
+Enabling the `CustomNoUpgrade` feature set on your cluster cannot be undone and prevents minor version updates. This feature set is not supported, cannot be validated, and should not be enabled on production clusters. If you apply incorrect feature gate names or invalid combinations, your cluster may fail in an unrecoverable way.
+====
 +
 The following Technology Preview features are enabled by this feature set:
 +
@@ -128,20 +135,12 @@ The following Technology Preview features are enabled by this feature set:
 
 See the _Additional resources_ sections for information on some of these features.
 
-////
-Do not document per Derek Carr: https://github.com/openshift/api/pull/370#issuecomment-510632939
-|`CustomNoUpgrade` ^[2]^
-|Allows the enabling or disabling of any feature. Turning on this feature set on is not supported, cannot be undone, and prevents upgrades.
-
-[.small]
---
-1.
-2. If you use the `CustomNoUpgrade` feature set to disable a feature that appears in the web console, you might see that feature, but
-no objects are listed. For example, if you disable builds, you can see the *Builds* tab in the web console, but there are no builds present. If you attempt to use commands associated with a disabled feature, such as `oc start-build`, {product-title} displays an error.
-
-[NOTE]
-====
-If you disable a feature that any application in the cluster relies on, the application might not
-function properly, depending upon the feature disabled and how the application uses that feature.
-====
-////
+// Historical note: CustomNoUpgrade was previously excluded from documentation per
+// https://github.com/openshift/api/pull/370#issuecomment-510632939 (July 2019).
+// Since then, CustomNoUpgrade has become widely used across the ecosystem:
+// - OCP 4.16 release notes reference it for Cluster API on GCP
+// - Red Hat KCS articles 7065352 and 7074157 address customer usage
+// - OCPSTRAT-2485 (4.22) relies on it for CVO manifest gating
+// - Multiple OpenShift component teams use it in their documentation
+// The decision to document it was made to address documented customer confusion
+// and to align with current usage patterns.

modules/nodes-cluster-enabling-features-cli-custom.adoc

@@ -0,0 +1,106 @@
+// Module included in the following assemblies:
+//
+// * nodes/cluster/nodes-cluster-enabling-features.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="nodes-cluster-enabling-features-cli-custom_{context}"]
+= Enabling individual feature gates using the CustomNoUpgrade feature set
+
+[role="_abstract"]
+You can use the {oc-first} to enable or disable individual feature gates on your cluster by setting the `CustomNoUpgrade` feature set on the `FeatureGate` custom resource (CR). Unlike `TechPreviewNoUpgrade`, which enables all Technology Preview features, `CustomNoUpgrade` gives you granular control over individual feature gates.
+
+[WARNING]
+====
+Enabling the `CustomNoUpgrade` feature set on your cluster cannot be undone and prevents minor version updates. Once applied, you cannot revert the `featureSet` field back to its default value. You can continue to modify the individual gates within `customNoUpgrade.enabled` and `customNoUpgrade.disabled`, but the `CustomNoUpgrade` feature set itself is permanent.
+
+This feature set is not supported for production clusters. Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations, your cluster may fail in an unrecoverable way.
+====
+
+.Prerequisites
+
+* You have installed the {oc-first}.
+* You have cluster administrator privileges.
+
+.Procedure
+
+. Enable a specific feature gate by patching the `FeatureGate` CR:
++
+[source,terminal]
+----
+$ oc patch featuregate cluster --type=merge -p \
+  '{"spec":{"featureSet":"CustomNoUpgrade","customNoUpgrade":{"enabled":["<feature_gate_name>"]}}}'
+----
++
+where `<feature_gate_name>` is the name of the feature gate you want to enable, for example `ClusterAPIMachineManagement`. The `spec.customNoUpgrade.enabled` field accepts a string array. Each element is a feature gate name as a plain string. Do not use the object format `{"name": "FeatureGateName"}`, which appears in `status.featureGates` but is not valid for the spec.
+
+. To enable multiple feature gates at once:
++
+[source,terminal]
+----
+$ oc patch featuregate cluster --type=merge -p \
+  '{"spec":{"featureSet":"CustomNoUpgrade","customNoUpgrade":{"enabled":["<feature_gate_1>","<feature_gate_2>"]}}}'
+----
+
+. To remove a previously enabled feature gate from the enabled list:
++
+[source,terminal]
+----
+$ oc patch featuregate cluster --type=merge -p \
+  '{"spec":{"customNoUpgrade":{"enabled":[]}}}'
+----
++
+[NOTE]
+====
+This removes all individually enabled gates but does not revert the `CustomNoUpgrade` feature set. The cluster remains on `CustomNoUpgrade` and minor version upgrades remain blocked.
+====
+
+. Alternatively, you can enable the feature set by editing the `FeatureGate` CR directly:
++
+[source,terminal]
+----
+$ oc edit featuregate cluster
+----
++
+.Sample FeatureGate custom resource with CustomNoUpgrade
+[source,yaml]
+----
+apiVersion: config.openshift.io/v1
+kind: FeatureGate
+metadata:
+  name: cluster
+spec:
+  featureSet: CustomNoUpgrade
+  customNoUpgrade:
+    enabled:
+      - <feature_gate_name>
+    disabled:
+      - <feature_gate_name>
+----
+where:
++
+--
+`spec.featureSet`:: Must be set to `CustomNoUpgrade` to use the `customNoUpgrade` field.
+`spec.customNoUpgrade.enabled`:: A list of feature gate names to enable, specified as plain strings.
+`spec.customNoUpgrade.disabled`:: Optional. A list of feature gate names to explicitly disable.
+--
++
+After you save the changes, new machine configs are created, the machine config pools are updated, and scheduling on each node is disabled while the change is being applied.
+
+[NOTE]
+====
+The syntax for enabling feature gates differs between the `install-config.yaml` file and the `FeatureGate` CR:
+
+* In `install-config.yaml`, use `featureGates: ["<feature_gate_name>=true"]`
+* In the `FeatureGate` CR at runtime, use `customNoUpgrade.enabled: ["<feature_gate_name>"]`
+====
+
+.Verification
+
+include::snippets/nodes-cluster-enabling-features-verification.adoc[]
+
+You can also verify the enabled feature gates by checking the `FeatureGate` CR status:
+
+[source,terminal]
+----
+$ oc get featuregate cluster -o jsonpath='{.status.featureGates[0].enabled[*].name}' | tr ' ' '\n'
+----

modules/nodes-cluster-enabling-features-cli.adoc

@@ -45,6 +45,7 @@ where:
 
 `spec.featureSet`:: Specifies the feature set that you want to enable:
 * `TechPreviewNoUpgrade` enables specific Technology Preview features.
+* `CustomNoUpgrade` enables granular control over individual feature gates.
 --
 +
 After you save the changes, new machine configs are created, the machine config pools are updated, and scheduling on each node is disabled while the change is being applied.

modules/nodes-cluster-enabling-features-console.adoc

@@ -45,6 +45,7 @@ where:
 
 `spec.featureSet`:: Specifies the feature set that you want to enable:
 * `TechPreviewNoUpgrade` enables specific Technology Preview features.
+* `CustomNoUpgrade` enables granular control over individual feature gates.
 --
 +
 After you save the changes, new machine configs are created, the machine config pools are updated, and scheduling on each node is disabled while the change is being applied.

nodes/clusters/nodes-cluster-enabling-features.adoc

@@ -17,6 +17,8 @@ include::modules/nodes-cluster-enabling-features-console.adoc[leveloffset=+1]
 
 include::modules/nodes-cluster-enabling-features-cli.adoc[leveloffset=+1]
 
+include::modules/nodes-cluster-enabling-features-cli-custom.adoc[leveloffset=+1]
+
 [role="_additional-resources"]
 [id="additional-resources_nodes-cluster-enabling"]
 == Additional resources
@@ -36,3 +38,5 @@ include::modules/nodes-cluster-enabling-features-cli.adoc[leveloffset=+1]
 * xref:../../storage/container_storage_interface/persistent-storage-csi-sc-manage.adoc#persistent-storage-csi-sc-manage[Managing the default storage class]
 
 * xref:../../authentication/understanding-and-managing-pod-security-admission.adoc#understanding-and-managing-pod-security-admission[Pod security admission enforcement]
+
+* xref:../../nodes/clusters/nodes-cluster-enabling-features.adoc#nodes-cluster-enabling-features-cli-custom_nodes-cluster-enabling[Enabling individual feature gates using the CustomNoUpgrade feature set]