forked from gardener/gardener
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathfeaturegates.go
More file actions
329 lines (313 loc) · 34 KB
/
featuregates.go
File metadata and controls
329 lines (313 loc) · 34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors
//
// SPDX-License-Identifier: Apache-2.0
package features
import (
"fmt"
"k8s.io/apimachinery/pkg/util/validation/field"
versionutils "github.com/gardener/gardener/pkg/utils/version"
)
// featureGateVersionRanges contains the version ranges for all Kubernetes feature gates.
// Extracted from https://raw.githubusercontent.com/kubernetes/kubernetes/release-${version}/test/compatibility_lifecycle/reference/versioned_feature_list.yaml.
// To maintain this list for each new Kubernetes version:
// - Run `hack/compare-k8s-feature-gates.sh <old-version> <new-version>` (e.g. `hack/compare-k8s-feature-gates.sh v1.33 v1.34`).
// It will present 3 lists of feature gates: those added and those removed in `<new-version>` compared to `<old-version>` and
// feature gates that got locked to default in `<new-version>`.
// - Add all added feature gates to the map with `<new-version>` as `AddedInVersion` and no `RemovedInVersion`.
// - For any removed feature gates, add `<new-version>` as `RemovedInVersion` to the already existing feature gate in the map.
// - For feature gates locked to default, add `<new-version>` as `LockedToDefaultInVersion` and the corresponding `LockedValue` to the already existing feature gate in the map.
var featureGateVersionRanges = map[string]*FeatureGateVersionRange{
// These are special feature gates to toggle all alpha or beta feature gates on and off.
// They were introduced in version 1.17 (although they are absent from the corresponding kube_features.go file).
"AllAlpha": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.17"}},
"AllBeta": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.17"}},
"AdmissionWebhookMatchConditions": {LockedValue: true, LockedToDefaultInVersion: "1.30", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.33"}},
"AggregatedDiscoveryRemoveBetaType": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.33"}},
"AllowDNSOnlyNodeCSR": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.31"}},
"AllowInsecureKubeletCertificateSigningRequests": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.31"}},
"AllowOverwriteTerminationGracePeriodSeconds": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.32"}},
"AllowServiceLBStatusOnNonLB": {LockedValue: false, LockedToDefaultInVersion: "1.32", VersionRange: versionutils.VersionRange{AddedInVersion: "1.29"}},
"AllowUnsafeMalformedObjectDeletion": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.32"}},
"AllowParsingUserUIDFromCertAuth": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.33"}},
"APIListChunking": {LockedValue: true, LockedToDefaultInVersion: "1.29", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.33"}},
"APIPriorityAndFairness": {LockedValue: true, LockedToDefaultInVersion: "1.29", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.31"}},
"APIResponseCompression": {},
"APISelfSubjectReview": {LockedValue: true, LockedToDefaultInVersion: "1.28", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.30"}},
"APIServerIdentity": {},
"APIServerTracing": {},
"APIServingWithRoutine": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.30"}},
"AggregatedDiscoveryEndpoint": {LockedValue: true, LockedToDefaultInVersion: "1.30", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.33"}},
"AnonymousAuthConfigurableEndpoints": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.31"}},
"AnyVolumeDataSource": {LockedValue: true, LockedToDefaultInVersion: "1.33"},
"AppArmor": {LockedValue: true, LockedToDefaultInVersion: "1.31", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.33"}},
"AppArmorFields": {LockedValue: true, LockedToDefaultInVersion: "1.31", VersionRange: versionutils.VersionRange{AddedInVersion: "1.30", RemovedInVersion: "1.33"}},
"AuthorizeNodeWithSelectors": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.31"}},
"AuthorizeWithSelectors": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.31"}},
"BtreeWatchCache": {LockedValue: true, LockedToDefaultInVersion: "1.33", VersionRange: versionutils.VersionRange{AddedInVersion: "1.32"}},
"CBORServingAndStorage": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.32"}},
"CloudControllerManagerWebhook": {},
"CloudDualStackNodeIPs": {LockedValue: true, LockedToDefaultInVersion: "1.30", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.32"}},
"ClusterTrustBundle": {},
"ClusterTrustBundleProjection": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.29"}},
"ComponentFlagz": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.32"}},
"ComponentSLIs": {},
"ComponentStatusz": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.32"}},
"ConcurrentWatchObjectDecode": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.31"}},
"ContainerCheckpoint": {},
"ContainerStopSignals": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.33"}},
"ContextualLogging": {LockedValue: true, LockedToDefaultInVersion: "1.30"},
"ConsistentHTTPGetHandlers": {LockedValue: true, LockedToDefaultInVersion: "1.30", VersionRange: versionutils.VersionRange{AddedInVersion: "1.26", RemovedInVersion: "1.31"}},
"ConsistentListFromCache": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.28"}},
"CoordinatedLeaderElection": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.31"}},
"CPUManager": {LockedValue: true, LockedToDefaultInVersion: "1.26", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.33"}},
"CPUManagerPolicyAlphaOptions": {},
"CPUManagerPolicyBetaOptions": {},
"CPUManagerPolicyOptions": {LockedValue: true, LockedToDefaultInVersion: "1.33"},
"CRDValidationRatcheting": {LockedValue: true, LockedToDefaultInVersion: "1.33", VersionRange: versionutils.VersionRange{AddedInVersion: "1.28"}},
"CronJobsScheduledAnnotation": {LockedValue: true, LockedToDefaultInVersion: "1.32", VersionRange: versionutils.VersionRange{AddedInVersion: "1.28"}},
"CrossNamespaceVolumeDataSource": {},
"CSIMigrationAzureFile": {LockedValue: true, LockedToDefaultInVersion: "1.27", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.30"}},
"CSIMigrationPortworx": {LockedValue: true, LockedToDefaultInVersion: "1.33"},
"CSIMigrationRBD": {VersionRange: versionutils.VersionRange{RemovedInVersion: "1.31"}},
"CSINodeExpandSecret": {LockedValue: true, LockedToDefaultInVersion: "1.29", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.31"}},
"CSIVolumeHealth": {},
"CustomCPUCFSQuotaPeriod": {},
"CustomResourceFieldSelectors": {LockedValue: true, LockedToDefaultInVersion: "1.32", VersionRange: versionutils.VersionRange{AddedInVersion: "1.30"}},
"CustomResourceValidationExpressions": {LockedValue: true, LockedToDefaultInVersion: "1.29", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.31"}},
"DeclarativeValidation": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.33"}},
"DeclarativeValidationTakeover": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.33"}},
"DefaultHostNetworkHostPortsInPodTemplates": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.28", RemovedInVersion: "1.31"}},
"DeploymentReplicaSetTerminatingReplicas": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.33"}},
"DevicePluginCDIDevices": {LockedValue: true, LockedToDefaultInVersion: "1.31", VersionRange: versionutils.VersionRange{AddedInVersion: "1.28"}},
"DisableAllocatorDualWrite": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.31"}},
"DisableCloudProviders": {LockedValue: true, LockedToDefaultInVersion: "1.31", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.33"}},
"DisableCPUQuotaWithExclusiveCPUs": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.33"}},
"DisableKubeletCloudCredentialProviders": {LockedValue: true, LockedToDefaultInVersion: "1.31", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.33"}},
"DisableNodeKubeProxyVersion": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.29"}},
"DRAAdminAccess": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.32"}},
"DRAControlPlaneController": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.26", RemovedInVersion: "1.32"}},
"DRADeviceTaints": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.33"}},
"DRAPartitionableDevices": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.33"}},
"DRAPrioritizedList": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.33"}},
"DRAResourceClaimDeviceStatus": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.32"}},
"DynamicResourceAllocation": {},
"EfficientWatchResumption": {LockedValue: true, LockedToDefaultInVersion: "1.24", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.33"}},
"ElasticIndexedJob": {LockedValue: true, LockedToDefaultInVersion: "1.31"},
"EventedPLEG": {},
"ExecProbeTimeout": {},
"ExpandedDNSConfig": {LockedValue: true, LockedToDefaultInVersion: "1.28", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.30"}},
"ExperimentalHostUserNamespaceDefaulting": {LockedValue: false, LockedToDefaultInVersion: "1.28", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.30"}},
"ExternalServiceAccountTokenSigner": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.32"}},
"GitRepoVolumeDriver": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.33"}},
"GracefulNodeShutdown": {},
"GracefulNodeShutdownBasedOnPodPriority": {},
"HonorPVReclaimPolicy": {LockedValue: true, LockedToDefaultInVersion: "1.33"},
"HPAConfigurableTolerance": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.33"}},
"HPAContainerMetrics": {LockedValue: true, LockedToDefaultInVersion: "1.30", VersionRange: versionutils.VersionRange{AddedInVersion: "1.20", RemovedInVersion: "1.32"}},
"HPAScaleToZero": {},
"IPTablesOwnershipCleanup": {LockedValue: true, LockedToDefaultInVersion: "1.28", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.30"}},
"ImageMaximumGCAge": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.29"}},
"ImageVolume": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.31"}},
"InPlacePodVerticalScaling": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.27"}},
"InPlacePodVerticalScalingAllocatedStatus": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.32"}},
"InPlacePodVerticalScalingExclusiveCPUs": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.32"}},
"InTreePluginAWSUnregister": {VersionRange: versionutils.VersionRange{RemovedInVersion: "1.31"}},
"InTreePluginAzureDiskUnregister": {VersionRange: versionutils.VersionRange{RemovedInVersion: "1.31"}},
"InTreePluginAzureFileUnregister": {VersionRange: versionutils.VersionRange{RemovedInVersion: "1.31"}},
"InTreePluginGCEUnregister": {VersionRange: versionutils.VersionRange{RemovedInVersion: "1.31"}},
"InTreePluginOpenStackUnregister": {VersionRange: versionutils.VersionRange{RemovedInVersion: "1.31"}},
"InTreePluginPortworxUnregister": {},
"InTreePluginRBDUnregister": {VersionRange: versionutils.VersionRange{RemovedInVersion: "1.31"}},
"InTreePluginvSphereUnregister": {VersionRange: versionutils.VersionRange{RemovedInVersion: "1.31"}},
"InformerResourceVersion": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.30"}},
"JobBackoffLimitPerIndex": {LockedValue: true, LockedToDefaultInVersion: "1.33", VersionRange: versionutils.VersionRange{AddedInVersion: "1.28"}},
"JobManagedBy": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.30"}},
"JobPodFailurePolicy": {LockedValue: true, LockedToDefaultInVersion: "1.31", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.33"}},
"JobPodReplacementPolicy": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.28"}},
"JobReadyPods": {LockedValue: true, LockedToDefaultInVersion: "1.29", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.31"}},
"JobSuccessPolicy": {LockedValue: true, LockedToDefaultInVersion: "1.33", VersionRange: versionutils.VersionRange{AddedInVersion: "1.30"}},
"KMSv1": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.28"}},
"KMSv2": {LockedValue: true, LockedToDefaultInVersion: "1.29", VersionRange: versionutils.VersionRange{AddedInVersion: "1.25", RemovedInVersion: "1.32"}},
"KMSv2KDF": {LockedValue: true, LockedToDefaultInVersion: "1.29", VersionRange: versionutils.VersionRange{AddedInVersion: "1.28", RemovedInVersion: "1.32"}},
"KubeletEnsureSecretPulledImages": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.33"}},
"KubeletCgroupDriverFromCRI": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.28"}},
"KubeletCrashLoopBackOffMax": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.32"}},
"KubeletFineGrainedAuthz": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.32"}},
"KubeletInUserNamespace": {},
"KubeletPodResources": {LockedValue: true, LockedToDefaultInVersion: "1.28", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.30"}},
"KubeletPodResourcesDynamicResources": {},
"KubeletPodResourcesGet": {},
"KubeletPodResourcesGetAllocatable": {LockedValue: true, LockedToDefaultInVersion: "1.28", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.30"}},
"KubeletPSI": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.33"}},
"KubeletRegistrationGetOnExistsOnly": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.32"}},
"KubeletSeparateDiskGC": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.29"}},
"KubeletServiceAccountTokenForCredentialProviders": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.33"}},
"KubeletTracing": {},
"KubeProxyDrainingTerminatingNodes": {LockedValue: true, LockedToDefaultInVersion: "1.31", VersionRange: versionutils.VersionRange{AddedInVersion: "1.28", RemovedInVersion: "1.33"}},
"LegacyServiceAccountTokenCleanUp": {LockedValue: true, LockedToDefaultInVersion: "1.30", VersionRange: versionutils.VersionRange{AddedInVersion: "1.28", RemovedInVersion: "1.32"}},
"LegacyServiceAccountTokenTracking": {LockedValue: true, LockedToDefaultInVersion: "1.28", VersionRange: versionutils.VersionRange{AddedInVersion: "1.26", RemovedInVersion: "1.30"}},
"LegacySidecarContainers": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.33"}},
"LoadBalancerIPMode": {LockedValue: true, LockedToDefaultInVersion: "1.32", VersionRange: versionutils.VersionRange{AddedInVersion: "1.29"}},
"ListFromCacheSnapshot": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.33"}},
"LocalStorageCapacityIsolationFSQuotaMonitoring": {},
"LogarithmicScaleDown": {LockedValue: true, LockedToDefaultInVersion: "1.31"},
"MatchLabelKeysInPodAffinity": {LockedValue: true, LockedToDefaultInVersion: "1.33", VersionRange: versionutils.VersionRange{AddedInVersion: "1.29"}},
"MatchLabelKeysInPodTopologySpread": {},
"MaxUnavailableStatefulSet": {},
"MemoryManager": {LockedValue: true, LockedToDefaultInVersion: "1.32", VersionRange: versionutils.VersionRange{AddedInVersion: "1.21"}},
"MemoryQoS": {},
"MinDomainsInPodTopologySpread": {LockedValue: true, LockedToDefaultInVersion: "1.30", VersionRange: versionutils.VersionRange{AddedInVersion: "1.24", RemovedInVersion: "1.32"}},
"MinimizeIPTablesRestore": {LockedValue: true, LockedToDefaultInVersion: "1.28", VersionRange: versionutils.VersionRange{AddedInVersion: "1.26", RemovedInVersion: "1.30"}},
"MultiCIDRServiceAllocator": {},
"MutableCSINodeAllocatableCount": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.33"}},
"MutatingAdmissionPolicy": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.30"}},
"NewVolumeManagerReconstruction": {LockedValue: true, LockedToDefaultInVersion: "1.30", VersionRange: versionutils.VersionRange{AddedInVersion: "1.25", RemovedInVersion: "1.32"}},
"NFTablesProxyMode": {LockedValue: true, LockedToDefaultInVersion: "1.33", VersionRange: versionutils.VersionRange{AddedInVersion: "1.29"}},
"NodeInclusionPolicyInPodTopologySpread": {LockedValue: true, LockedToDefaultInVersion: "1.33"},
"NodeLogQuery": {},
"NodeOutOfServiceVolumeDetach": {LockedValue: true, LockedToDefaultInVersion: "1.28", VersionRange: versionutils.VersionRange{AddedInVersion: "1.24", RemovedInVersion: "1.32"}},
"NodeSwap": {},
"OpenAPIEnums": {},
"OrderedNamespaceDeletion": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.33"}},
"PDBUnhealthyPodEvictionPolicy": {LockedValue: true, LockedToDefaultInVersion: "1.31", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.33"}},
"PersistentVolumeLastPhaseTransitionTime": {LockedValue: true, LockedToDefaultInVersion: "1.31", VersionRange: versionutils.VersionRange{AddedInVersion: "1.28", RemovedInVersion: "1.33"}},
"PodAndContainerStatsFromCRI": {},
"PodDeletionCost": {},
"PodDisruptionConditions": {LockedValue: true, LockedToDefaultInVersion: "1.31"},
"PodHostIPs": {LockedValue: true, LockedToDefaultInVersion: "1.30", VersionRange: versionutils.VersionRange{AddedInVersion: "1.28", RemovedInVersion: "1.32"}},
"PodIndexLabel": {LockedValue: true, LockedToDefaultInVersion: "1.32", VersionRange: versionutils.VersionRange{AddedInVersion: "1.28"}},
"PodLevelResources": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.32"}},
"PodLifecycleSleepAction": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.29"}},
"PodLifecycleSleepActionAllowZero": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.32"}},
"PodLogsQuerySplitStreams": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.32"}},
"PodObservedGenerationTracking": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.33"}},
"PodReadyToStartContainersCondition": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.28"}},
"PodSchedulingReadiness": {LockedValue: true, LockedToDefaultInVersion: "1.30"},
"PodTopologyLabelsAdmission": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.33"}},
"PortForwardWebsockets": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.30"}},
"PreferAlignCpusByUncoreCache": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.32"}},
"PreferSameTrafficDistribution": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.33"}},
"ProcMountType": {},
"ProxyTerminatingEndpoints": {LockedValue: true, LockedToDefaultInVersion: "1.28", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.30"}},
"QOSReserved": {},
"ReadWriteOncePod": {LockedValue: true, LockedToDefaultInVersion: "1.29", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.31"}},
"RecoverVolumeExpansionFailure": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.28"}},
"RecursiveReadOnlyMounts": {LockedValue: true, LockedToDefaultInVersion: "1.33", VersionRange: versionutils.VersionRange{AddedInVersion: "1.30"}},
"ReduceDefaultCrashLoopBackOffDecay": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.33"}},
"RelaxedDNSSearchValidation": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.32"}},
"RelaxedEnvironmentVariableValidation": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.30"}},
"ReloadKubeletServerCertificateFile": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.31"}},
"RemainingItemCount": {LockedValue: true, LockedToDefaultInVersion: "1.29", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.33"}},
"RemoteRequestHeaderUID": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.32"}},
"RemoveSelfLink": {LockedValue: true, LockedToDefaultInVersion: "1.24", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.30"}},
"ResilientWatchCacheInitialization": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.31"}},
"ResourceHealthStatus": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.31"}},
"RetryGenerateName": {LockedValue: true, LockedToDefaultInVersion: "1.32", VersionRange: versionutils.VersionRange{AddedInVersion: "1.30"}},
"RotateKubeletServerCertificate": {},
"RuntimeClassInImageCriApi": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.29"}},
"SchedulerAsyncPreemption": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.32"}},
"SchedulerPopFromBackoffQ": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.33"}},
"SchedulerQueueingHints": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.28"}},
"SecurityContextDeny": {VersionRange: versionutils.VersionRange{RemovedInVersion: "1.30"}},
"SELinuxChangePolicy": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.32"}},
"SELinuxMount": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.30"}},
"SELinuxMountReadWriteOncePod": {LockedValue: true, LockedToDefaultInVersion: "1.29"},
"SeparateCacheWatchRPC": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.28"}},
"SeparateTaintEvictionController": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.29"}},
"ServerSideApply": {LockedValue: true, LockedToDefaultInVersion: "1.22", VersionRange: versionutils.VersionRange{AddedInVersion: "1.14", RemovedInVersion: "1.32"}},
"ServerSideFieldValidation": {LockedValue: true, LockedToDefaultInVersion: "1.27", VersionRange: versionutils.VersionRange{AddedInVersion: "1.23", RemovedInVersion: "1.32"}},
"ServiceAccountNodeAudienceRestriction": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.32"}},
"ServiceAccountTokenJTI": {LockedValue: true, LockedToDefaultInVersion: "1.32", VersionRange: versionutils.VersionRange{AddedInVersion: "1.29"}},
"ServiceAccountTokenNodeBinding": {LockedValue: true, LockedToDefaultInVersion: "1.33", VersionRange: versionutils.VersionRange{AddedInVersion: "1.29"}},
"ServiceAccountTokenNodeBindingValidation": {LockedValue: true, LockedToDefaultInVersion: "1.32", VersionRange: versionutils.VersionRange{AddedInVersion: "1.29"}},
"ServiceAccountTokenPodNodeInfo": {LockedValue: true, LockedToDefaultInVersion: "1.32", VersionRange: versionutils.VersionRange{AddedInVersion: "1.29"}},
"ServiceNodePortStaticSubrange": {LockedValue: true, LockedToDefaultInVersion: "1.29", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.31"}},
"ServiceTrafficDistribution": {LockedValue: true, LockedToDefaultInVersion: "1.33", VersionRange: versionutils.VersionRange{AddedInVersion: "1.30"}},
"SidecarContainers": {LockedValue: true, LockedToDefaultInVersion: "1.33", VersionRange: versionutils.VersionRange{AddedInVersion: "1.28"}},
"SizeMemoryBackedVolumes": {LockedValue: true, LockedToDefaultInVersion: "1.32", VersionRange: versionutils.VersionRange{AddedInVersion: "1.20"}},
"SkipReadOnlyValidationGCE": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.28", RemovedInVersion: "1.31"}},
"StableLoadBalancerNodeSet": {LockedValue: true, LockedToDefaultInVersion: "1.30", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.32"}},
"StatefulSetAutoDeletePVC": {LockedValue: true, LockedToDefaultInVersion: "1.32", VersionRange: versionutils.VersionRange{AddedInVersion: "1.23"}},
"StatefulSetStartOrdinal": {LockedValue: true, LockedToDefaultInVersion: "1.31"},
"StorageCapacityScoring": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.33"}},
"StorageNamespaceIndex": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.30"}},
"StorageVersionAPI": {},
"StorageVersionHash": {},
"StorageVersionMigrator": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.30"}},
"StreamingCollectionEncodingToJSON": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.33"}},
"StreamingCollectionEncodingToProtobuf": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.33"}},
"StrictCostEnforcementForVAP": {LockedValue: true, LockedToDefaultInVersion: "1.32", VersionRange: versionutils.VersionRange{AddedInVersion: "1.30"}},
"StrictCostEnforcementForWebhooks": {LockedValue: true, LockedToDefaultInVersion: "1.32", VersionRange: versionutils.VersionRange{AddedInVersion: "1.30"}},
"StrictIPCIDRValidation": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.33"}},
"StructuredAuthenticationConfiguration": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.29"}},
"StructuredAuthorizationConfiguration": {LockedValue: true, LockedToDefaultInVersion: "1.32", VersionRange: versionutils.VersionRange{AddedInVersion: "1.29"}},
"SupplementalGroupsPolicy": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.31"}},
"SystemdWatchdog": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.32"}},
"TopologyAwareHints": {LockedValue: true, LockedToDefaultInVersion: "1.33"},
"TopologyManagerPolicyAlphaOptions": {},
"TopologyManagerPolicyBetaOptions": {},
"TopologyManagerPolicyOptions": {LockedValue: true, LockedToDefaultInVersion: "1.32"},
"TranslateStreamCloseWebsocketRequests": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.29"}},
"UnauthenticatedHTTP2DOSMitigation": {},
"UnknownVersionInteroperabilityProxy": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.28"}},
"UserNamespacesPodSecurityStandards": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.29"}},
"UserNamespacesSupport": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.28"}},
"ValidatingAdmissionPolicy": {LockedValue: true, LockedToDefaultInVersion: "1.30", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.32"}},
"VolumeAttributesClass": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.29"}},
"VolumeCapacityPriority": {VersionRange: versionutils.VersionRange{RemovedInVersion: "1.33"}},
"WatchBookmark": {LockedValue: true, LockedToDefaultInVersion: "1.17", VersionRange: versionutils.VersionRange{RemovedInVersion: "1.33"}},
"WatchCacheInitializationPostStartHook": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.31"}},
"WatchFromStorageWithoutResourceVersion": {LockedValue: false, LockedToDefaultInVersion: "1.33"},
"WatchList": {},
"WatchListClient": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.30"}},
"WinDSR": {},
"WinOverlay": {},
"WindowsCPUAndMemoryAffinity": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.32"}},
"WindowsGracefulNodeShutdown": {VersionRange: versionutils.VersionRange{AddedInVersion: "1.32"}},
"WindowsHostNetwork": {},
"ZeroLimitedNominalConcurrencyShares": {LockedValue: true, LockedToDefaultInVersion: "1.30", VersionRange: versionutils.VersionRange{AddedInVersion: "1.29", RemovedInVersion: "1.32"}},
}
// IsFeatureGateSupported returns true if the given feature gate is supported for the given Kubernetes version.
// A feature gate is only supported if it's a known feature gate and its version range contains the given Kubernetes version.
func IsFeatureGateSupported(featureGate, version string) (bool, error) {
vr := featureGateVersionRanges[featureGate]
if vr == nil {
return false, fmt.Errorf("unknown feature gate %s", featureGate)
}
return vr.Contains(version)
}
// FeatureGateVersionRange represents a version range of type [AddedInVersion, RemovedInVersion).
type FeatureGateVersionRange struct {
versionutils.VersionRange
LockedValue bool
LockedToDefaultInVersion string
}
func isFeatureLockedToDefault(featureGate, version string) (bool, error) {
var constraint string
vr := featureGateVersionRanges[featureGate]
if vr.LockedToDefaultInVersion != "" {
constraint = ">= " + vr.LockedToDefaultInVersion
return versionutils.CheckVersionMeetsConstraint(version, constraint)
}
return false, nil
}
// ValidateFeatureGates validates the given Kubernetes feature gates against the given Kubernetes version.
func ValidateFeatureGates(featureGates map[string]bool, version string, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{}
for featureGate := range featureGates {
supported, err := IsFeatureGateSupported(featureGate, version)
if err != nil {
allErrs = append(allErrs, field.Invalid(fldPath.Child(featureGate), featureGate, err.Error()))
} else if !supported {
allErrs = append(allErrs, field.Forbidden(fldPath.Child(featureGate), "not supported in Kubernetes version "+version))
} else {
isLockedToDefault, err := isFeatureLockedToDefault(featureGate, version)
if err != nil {
allErrs = append(allErrs, field.Invalid(fldPath.Child(featureGate), featureGate, err.Error()))
} else if isLockedToDefault && featureGates[featureGate] != featureGateVersionRanges[featureGate].LockedValue {
allErrs = append(allErrs, field.Forbidden(fldPath.Child(featureGate), fmt.Sprintf("cannot set feature gate to %v, feature is locked to %v", featureGates[featureGate], featureGateVersionRanges[featureGate].LockedValue)))
}
}
}
return allErrs
}