-
Notifications
You must be signed in to change notification settings - Fork 493
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Forbid setting AllAlpha FeatureGate with Kubernetes 1.31 #10356
Comments
@dimityrmirchev Do you still plan to follow up on this topic? |
In an internal discussion colleagues presented arguments against disallowing the I am fine with closing the issue, but will leave it open so others can also share their opinion if they want to do so. For the sake of completeness I am adding my additional findings regarding how some of the big cloud providers handle this topic:
It seems that Gardener offers more flexibility in comparison to the mentioned Kubernetes offerings. |
From security point of view |
I don't think this has much value unless we disallow alpha features in general. Hence, I vote for doing nothing and closing the issue. |
OK, let's close this for now. /close |
@dimityrmirchev: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
How to categorize this issue?
/area security
/kind enhancement
What would you like to be added:
I propose that we forbid setting the feature gate
AllAlpha
with Kubernetes version >= 1.31. Users will still be able to explicitly enable alpha feature gates if they want to. See https://github.com/kubernetes/kubernetes/blob/b8dcc2c983ab93440c4ad598f51ce2ab5bcf3cce/staging/src/k8s.io/component-base/featuregate/feature_gate.go#L49Why is this needed:
Setting
AllAlpha
totrue
is not recommended and should be avoided especially in production environments. This change is in sync with rule 242400 of DISA Kubernetes STIG.The text was updated successfully, but these errors were encountered: