// Module included in the following assemblies: // // * nodes/nodes-cluster-disabling-features.adoc [id="nodes-cluster-disabling-features-list_{context}"] = List of feature gates Use the following list to determine the name of the feature you want to disable: [options="header"] |=== | Feature gate| Description | Default | *AdvancedAuditing* | Enables a more general API auditing pipeline, which includes support for pluggable output backends and an audit policy specifying how different requests should be audited. | True | *APIListChunking* | Enables the API clients to retrieve LIST or GET resources from API server in chunks. | True | *APIResponseCompression* | Enables the compression of API responses for LIST or GET requests. | False | *AppArmor* | Enables AppArmor-based mandatory access control on Linux nodes when using Docker. For more information, see the link:https://kubernetes.io/docs/tutorials/clusters/apparmor/[Kubernetes AppArmor documentation]. | True | *AttachVolumeLimit* | Adds support for volume plugins to report node specific volume limits. | True | *BalanceAttachedNodeVolumes* | Includes volume count on node to be considered for balanced resource allocation while scheduling. A node which has closer CPU, memory utilization, and volume count is favored by scheduler while making decisions. | False | *BlockVolume* | Enables the definition and consumption of raw block devices in pods. For more information, see the link:https://kubernetes.io/docs/concepts/storage/persistent-volumes/#raw-block-volume-support[Kubernetes Raw Block Volume Support]. | False | *CPUManager* | Enables Container-level CPU affinity support. For more information, see Using CPU Manager. | True | *CPUCFSQuotaPeriod* | Enables nodes to change CPUCFSQuotaPeriod. | False | *CRIcontainerLogRotation* | Enables Container log rotation for the CRI Container runtime. | True | *CSIBlockVolume* | Enables CSI to use raw block storage volumes. | False | *CSIDriverRegistry* | Enables all logic related to the CSIDriver API object in csi.storage.k8s.io. | False | *CSINodeInfo* | Enables all logic related to the CSINodeInfo API object in csi.storage.k8s.io. | False | *CSIPersistentVolume* | Enables discovering and mounting volumes provisioned through a CSI (Container Storage Interface) compatible volume plugin. For more information, see the link:https://github.com/kubernetes/community/blob/master/contributors/design-proposals/storage/container-storage-interface.md[CSI Volume Plugins in Kubernetes Design Documentation]. | True | *CustomPodDNS* | Enables customizing the DNS settings for a pod using the *dnsConfig* property. | True | *Debugcontainers* | Enables running a debugging Container in a pod namespace to troubleshoot a running Pod. | False | *DevicePlugins* | Enables device plug-in-based resource provisioning on nodes. | True | *DryRun* | Allows requests to be processed but not stored, so that validation, merging, mutation can be tested without committing. | False | *DynamicKubeletConfig* | Enables the dynamic configuration in a cluster. | True | *EnableEquivalenceClassCache* | Enables the scheduler to cache equivalence of nodes when scheduling Pods. | False | *ExpandPersistentVolumes* | Enables the ability to Expand persistent volumes. | True | *ExpandInUsePersistentVolumes* | Enables the ability to expand persistent volumes' file system without unmounting volumes. | False | *ExperimentalHostUserNamespaceDefaultingGate* | Enables the disabling of user namespaces. This is for Containers that are using other host projects, host mounts, or Containers that are privileged or using specific non-project capabilities, such as MKNODE, SYS_MODULE, and so forth. This should only be enabled if user project remapping is enabled in the Docker daemon. | False | *GCERegionalPersistentDisk* | Enables the GCE Persistent Disk feature. | True | *HugePages* | Enables the allocation and consumption of pre-allocated huge pages. | True | *HyperVcontainer* | Enables Hyper-V isolation for Windows Containers. | False | *Intializers* | Enables the dynamic admission control as an extension to the built-in admission controllers. | False | *KubeletPluginsWatcher* | Enables probe based plugin watcher utility for discovering Kubelet plugins. | True | *LocalStorageCapacityIsolation* | Enables the consumption of local ephemeral storage and the `sizeLimit` property of an *emptyDir* volume. | False | *Mountcontainers* | Enables using utility Containers on the host as the volume mount. | False | *MountPropagation* | Enables sharing a volume mounted by one Container to other Containers or pods. | True | *NodeLease* | Kubelet uses the new Lease API to report node heartbeats, (Kube) Node Lifecycle Controller uses these heartbeats as a node health signal. | False | *PersistentLocalVolumes* | Enables the usage of local volume pods. Pod affinity has to be specified if requesting a local volume. | True | *PodPriority* | Enables the descheduling and preemption of pods based on their priorities. | True | *PodReadinessGates* | Supports Pod Readiness. | True | *PodShareProcessNamespace* | Allows all containers in a pod to share a process namespace. | True | *ProcMountType* | Enables control over ProcMountType for containers. | False | *QOSReserved* | Allows resource reservations at the QoS level preventing pods at lower QoS levels from bursting into resources requested at higher QoS levels (memory only for now). | False | *ResourceLimitsPriorityFunction* | Enables a scheduler priority function that assigns a lowest possible score of `1` to a node that satisfies at least one of the input pod CPU and memory limits. The intent is to break ties between nodes with same scores. | False | *ResourceQuotaScopeSelectors* | Enables resource quota scope selectors. | True | *RotateKubeletClientCertificate* | Enables the rotation of the client TLS certificate on the cluster. | True | *RotateKubeletServerCertificate* | Enables the rotation of the server TLS certificate on the cluster. | True | *RunAsGroup* | Enables control over the primary group ID set on the init processes of Containers. | False | *RuntimeClass* | Enables RuntimeClass, for selecting between multiple runtimes to run a pod. | False | *ScheduleDaemonSetPods* | Enables DaemonSet pods to be scheduled by the default scheduler instead of the DaemonSet controller. | True | *SCTPSupport* | Enables SCTP as new protocol for Service ports, NetworkPolicy, and ContainerPort in Pod/Containers definition. | False | *ServiceNodeExclusion* | Enables the exclusion of nodes from load balancers created by a cloud provider. | False | *StorageObjectInUseProtection* | Enables postponing the deletion of persistent volume or persistent volume claim objects if they are still being used. | True | *StreamingProxyRedirects* | Instructs the API server to intercept and follow redirects from the backend kubelet for streaming requests. | True | *SupportIPVSProxyMode* | Enables providing in-cluster service load balancing using IP virtual servers. | True | *SupportPodPidsLimit* | Enables support for limiting the number of processes (PIDs) running in a pod. | True | *Sysctls* | Enables pods to set sysctls on a pod. | True | *TaintBasedEvictions* | Enables evicting pods from nodes based on taints on nodes and tolerations on pods. | False | *TaintNodesByCondition* | Enables automatic tainting nodes based on node conditions. | True | *TokenRequest* | Enables the TokenRequest endpoint on service account resources. | True | *TokenRequestProjection* | Enables ServiceAccountTokenVolumeProjection support in ProjectedVolumes. | True | *TTLAfterFinished* | Allows TTL controller to clean up Pods and Jobs after they finish. | False | *ValidateProxyRedirects* | Controls whether the apiserver should validate that redirects are only followed to the same host. Only used if StreamingProxyRedirects is enabled. | False | *VolumeScheduling* | Enables volume-topology-aware scheduling and make the persistent volume claim (PVC) binding aware of scheduling decisions. It also enables the usage of local volumes types when used together with the *PersistentLocalVolumes* feature gate. | True | *VolumeSnapshotDataSource* | Enables volume snapshot data source support. | False | *VolumeSubpath* | Allows mounting a subpath of a volume in a container. Do not remove this feature gate even though it's GA. | True | *VolumeSubpathEnvExpansion* | Allows subpath environment variable substitution. Only applicable if the VolumeSubpath feature is also enabled. | False |===