本页详述了管理员可以在不同的 Kubernetes 组件上指定的各种功能开关。
功能开关是一组描述 alpha 或实验功能的键值对。
管理员可以在每个组件上使用 --feature-gates 命令行参数来打开或关闭功能。每个组件都支持该组件唯一的一组功能开关。
使用 -h 参数来查看所有组件的完整功能开关。
要为诸如 kubelet 之类的组件设置功能开关,请使用分配给功能键值对列表的 --feature-gates 参数:
--feature-gates="...,DynamicKubeletConfig=true"下表总结了可以在不同的 Kubernetes 组件上设置的功能开关。
| 功能 | 默认值 | 状态 | 开始(Since) | 结束(Until) | 
|---|---|---|---|---|
| APIListChunking | false | Alpha | 1.8 | 1.8 | 
| APIListChunking | true | Beta | 1.9 | |
| APIResponseCompression | false | Alpha | 1.7 | |
| AppArmor | true | Beta | 1.4 | |
| AttachVolumeLimit | true | Alpha | 1.11 | 1.11 | 
| AttachVolumeLimit | true | Beta | 1.12 | |
| BalanceAttachedNodeVolumes | false | Alpha | 1.11 | |
| BlockVolume | false | Alpha | 1.9 | 1.12 | 
| BlockVolume | true | Beta | 1.13 | - | 
| BoundServiceAccountTokenVolume | false | Alpha | 1.13 | |
| CPUManager | false | Alpha | 1.8 | 1.9 | 
| CPUManager | true | Beta | 1.10 | |
| CRIContainerLogRotation | false | Alpha | 1.10 | 1.10 | 
| CRIContainerLogRotation | true | Beta | 1.11 | |
| CSIBlockVolume | false | Alpha | 1.11 | 1.13 | 
| CSIBlockVolume | true | Beta | 1.14 | |
| CSIDriverRegistry | false | Alpha | 1.12 | 1.13 | 
| CSIDriverRegistry | true | Beta | 1.14 | |
| CSIInlineVolume | false | Alpha | 1.15 | 1.15 | 
| CSIInlineVolume | true | Beta | 1.16 | - | 
| CSIMigration | false | Alpha | 1.14 | |
| CSIMigrationAWS | false | Alpha | 1.14 | |
| CSIMigrationAzureDisk | false | Alpha | 1.15 | |
| CSIMigrationAzureFile | false | Alpha | 1.15 | |
| CSIMigrationGCE | false | Alpha | 1.14 | |
| CSIMigrationOpenStack | false | Alpha | 1.14 | |
| CSINodeInfo | false | Alpha | 1.12 | 1.13 | 
| CSINodeInfo | true | Beta | 1.14 | |
| CustomCPUCFSQuotaPeriod | false | Alpha | 1.12 | |
| CustomResourceDefaulting | false | Alpha | 1.15 | 1.15 | 
| CustomResourceDefaulting | true | Beta | 1.16 | |
| DevicePlugins | false | Alpha | 1.8 | 1.9 | 
| DevicePlugins | true | Beta | 1.10 | |
| DryRun | false | Alpha | 1.12 | 1.12 | 
| DryRun | true | Beta | 1.13 | |
| DynamicAuditing | false | Alpha | 1.13 | |
| DynamicKubeletConfig | false | Alpha | 1.4 | 1.10 | 
| DynamicKubeletConfig | true | Beta | 1.11 | |
| EndpointSlice | false | Alpha | 1.16 | |
| EphemeralContainers | false | Alpha | 1.16 | |
| ExpandCSIVolumes | false | Alpha | 1.14 | 1.15 | 
| ExpandCSIVolumes | true | Beta | 1.16 | |
| ExpandInUsePersistentVolumes | false | Alpha | 1.11 | 1.14 | 
| ExpandInUsePersistentVolumes | true | Beta | 1.15 | |
| ExpandPersistentVolumes | false | Alpha | 1.8 | 1.10 | 
| ExpandPersistentVolumes | true | Beta | 1.11 | |
| ExperimentalHostUserNamespaceDefaulting | false | Beta | 1.5 | |
| EvenPodsSpread | false | Alpha | 1.16 | |
| HPAScaleToZero | false | Alpha | 1.16 | |
| HyperVContainer | false | Alpha | 1.10 | |
| KubeletPodResources | false | Alpha | 1.13 | 1.14 | 
| KubeletPodResources | true | Beta | 1.15 | |
| LegacyNodeRoleBehavior | true | Alpha | 1.16 | |
| LocalStorageCapacityIsolation | false | Alpha | 1.7 | 1.9 | 
| LocalStorageCapacityIsolation | true | Beta | 1.10 | |
| LocalStorageCapacityIsolationFSQuotaMonitoring | false | Alpha | 1.15 | |
| MountContainers | false | Alpha | 1.9 | |
| NodeDisruptionExclusion | false | Alpha | 1.16 | |
| NodeLease | false | Alpha | 1.12 | 1.13 | 
| NodeLease | true | Beta | 1.14 | |
| NonPreemptingPriority | false | Alpha | 1.15 | |
| PodOverhead | false | Alpha | 1.16 | - | 
| PodShareProcessNamespace | false | Alpha | 1.10 | 1.11 | 
| PodShareProcessNamespace | true | Beta | 1.12 | |
| ProcMountType | false | Alpha | 1.12 | |
| QOSReserved | false | Alpha | 1.11 | |
| RemainingItemCount | false | Alpha | 1.15 | |
| RequestManagement | false | Alpha | 1.15 | |
| ResourceLimitsPriorityFunction | false | Alpha | 1.9 | |
| ResourceQuotaScopeSelectors | false | Alpha | 1.11 | 1.11 | 
| ResourceQuotaScopeSelectors | true | Beta | 1.12 | |
| RotateKubeletClientCertificate | true | Beta | 1.8 | |
| RotateKubeletServerCertificate | false | Alpha | 1.7 | 1.11 | 
| RotateKubeletServerCertificate | true | Beta | 1.12 | |
| RunAsGroup | true | Beta | 1.14 | |
| RuntimeClass | false | Alpha | 1.12 | 1.13 | 
| RuntimeClass | true | Beta | 1.14 | |
| ScheduleDaemonSetPods | false | Alpha | 1.11 | 1.11 | 
| ScheduleDaemonSetPods | true | Beta | 1.12 | |
| SCTPSupport | false | Alpha | 1.12 | |
| ServerSideApply | false | Alpha | 1.14 | 1.15 | 
| ServerSideApply | true | Beta | 1.16 | |
| ServiceLoadBalancerFinalizer | false | Alpha | 1.15 | |
| ServiceNodeExclusion | false | Alpha | 1.8 | |
| StartupProbe | false | Alpha | 1.16 | |
| StorageVersionHash | false | Alpha | 1.14 | 1.14 | 
| StorageVersionHash | true | Beta | 1.15 | |
| StreamingProxyRedirects | false | Beta | 1.5 | 1.5 | 
| StreamingProxyRedirects | true | Beta | 1.6 | |
| SupportNodePidsLimit | false | Alpha | 1.14 | 1.14 | 
| SupportNodePidsLimit | true | Beta | 1.15 | |
| SupportPodPidsLimit | false | Alpha | 1.10 | 1.13 | 
| SupportPodPidsLimit | true | Beta | 1.14 | |
| Sysctls | true | Beta | 1.11 | |
| TaintBasedEvictions | false | Alpha | 1.6 | 1.12 | 
| TaintBasedEvictions | true | Beta | 1.13 | |
| TaintNodesByCondition | false | Alpha | 1.8 | 1.11 | 
| TaintNodesByCondition | true | Beta | 1.12 | |
| TokenRequest | false | Alpha | 1.10 | 1.11 | 
| TokenRequest | true | Beta | 1.12 | |
| TokenRequestProjection | false | Alpha | 1.11 | 1.11 | 
| TokenRequestProjection | true | Beta | 1.12 | |
| TTLAfterFinished | false | Alpha | 1.12 | |
| TopologyManager | false | Alpha | 1.16 | |
| ValidateProxyRedirects | false | Alpha | 1.10 | 1.13 | 
| ValidateProxyRedirects | true | Beta | 1.14 | |
| VolumePVCDataSource | false | Alpha | 1.15 | 1.15 | 
| VolumePVCDataSource | true | Beta | 1.16 | |
| VolumeSubpathEnvExpansion | false | Alpha | 1.14 | 1.14 | 
| VolumeSubpathEnvExpansion | true | Beta | 1.15 | |
| VolumeSnapshotDataSource | false | Alpha | 1.12 | - | 
| WatchBookmark | false | Alpha | 1.15 | 1.15 | 
| WatchBookmark | true | Beta | 1.16 | |
| WindowsGMSA | false | Alpha | 1.14 | |
| WindowsGMSA | true | Beta | 1.16 | |
| WinDSR | false | Alpha | 1.14 | |
| WinOverlay | false | Alpha | 1.14 | 
| 功能 | 默认值 | 状态 | 开始(Since) | 结束(Until) | 
|---|---|---|---|---|
| Accelerators | false | Alpha | 1.6 | 1.10 | 
| Accelerators | - | Deprecated | 1.11 | - | 
| AdvancedAuditing | false | Alpha | 1.7 | 1.7 | 
| AdvancedAuditing | true | Beta | 1.8 | 1.11 | 
| AdvancedAuditing | true | GA | 1.12 | - | 
| AffinityInAnnotations | false | Alpha | 1.6 | 1.7 | 
| AffinityInAnnotations | - | Deprecated | 1.8 | - | 
| AllowExtTrafficLocalEndpoints | false | Beta | 1.4 | 1.6 | 
| AllowExtTrafficLocalEndpoints | true | GA | 1.7 | - | 
| CSIPersistentVolume | false | Alpha | 1.9 | 1.9 | 
| CSIPersistentVolume | true | Beta | 1.10 | 1.12 | 
| CSIPersistentVolume | true | GA | 1.13 | - | 
| CustomPodDNS | false | Alpha | 1.9 | 1.9 | 
| CustomPodDNS | true | Beta | 1.10 | 1.13 | 
| CustomPodDNS | true | GA | 1.14 | - | 
| CustomResourcePublishOpenAPI | false | Alpha | 1.14 | 1.14 | 
| CustomResourcePublishOpenAPI | true | Beta | 1.15 | 1.15 | 
| CustomResourcePublishOpenAPI | true | GA | 1.16 | - | 
| CustomResourceSubresources | false | Alpha | 1.10 | 1.10 | 
| CustomResourceSubresources | true | Beta | 1.11 | 1.15 | 
| CustomResourceSubresources | true | GA | 1.16 | - | 
| CustomResourceValidation | false | Alpha | 1.8 | 1.8 | 
| CustomResourceValidation | true | Beta | 1.9 | 1.15 | 
| CustomResourceValidation | true | GA | 1.16 | - | 
| CustomResourceWebhookConversion | false | Alpha | 1.13 | 1.14 | 
| CustomResourceWebhookConversion | true | Beta | 1.15 | 1.15 | 
| CustomResourceWebhookConversion | true | GA | 1.16 | - | 
| DynamicProvisioningScheduling | false | Alpha | 1.11 | 1.11 | 
| DynamicProvisioningScheduling | - | Deprecated | 1.12 | - | 
| DynamicVolumeProvisioning | true | Alpha | 1.3 | 1.7 | 
| DynamicVolumeProvisioning | true | GA | 1.8 | - | 
| EnableEquivalenceClassCache | false | Alpha | 1.8 | 1.14 | 
| EnableEquivalenceClassCache | - | Deprecated | 1.15 | - | 
| ExperimentalCriticalPodAnnotation | false | Alpha | 1.5 | 1.12 | 
| ExperimentalCriticalPodAnnotation | false | Deprecated | 1.13 | - | 
| GCERegionalPersistentDisk | true | Beta | 1.10 | 1.12 | 
| GCERegionalPersistentDisk | true | GA | 1.13 | - | 
| HugePages | false | Alpha | 1.8 | 1.9 | 
| HugePages | true | Beta | 1.10 | 1.13 | 
| HugePages | true | GA | 1.14 | - | 
| Initializers | false | Alpha | 1.7 | 1.13 | 
| Initializers | - | Deprecated | 1.14 | - | 
| KubeletConfigFile | false | Alpha | 1.8 | 1.9 | 
| KubeletConfigFile | - | Deprecated | 1.10 | - | 
| KubeletPluginsWatcher | false | Alpha | 1.11 | 1.11 | 
| KubeletPluginsWatcher | true | Beta | 1.12 | 1.12 | 
| KubeletPluginsWatcher | true | GA | 1.13 | - | 
| MountPropagation | false | Alpha | 1.8 | 1.9 | 
| MountPropagation | true | Beta | 1.10 | 1.11 | 
| MountPropagation | true | GA | 1.12 | - | 
| PersistentLocalVolumes | false | Alpha | 1.7 | 1.9 | 
| PersistentLocalVolumes | true | Beta | 1.10 | 1.13 | 
| PersistentLocalVolumes | true | GA | 1.14 | - | 
| PodPriority | false | Alpha | 1.8 | 1.10 | 
| PodPriority | true | Beta | 1.11 | 1.13 | 
| PodPriority | true | GA | 1.14 | - | 
| PodReadinessGates | false | Alpha | 1.11 | 1.11 | 
| PodReadinessGates | true | Beta | 1.12 | 1.13 | 
| PodReadinessGates | true | GA | 1.14 | - | 
| PVCProtection | false | Alpha | 1.9 | 1.9 | 
| PVCProtection | - | Deprecated | 1.10 | - | 
| StorageObjectInUseProtection | true | Beta | 1.10 | 1.10 | 
| StorageObjectInUseProtection | true | GA | 1.11 | - | 
| SupportIPVSProxyMode | false | Alpha | 1.8 | 1.8 | 
| SupportIPVSProxyMode | false | Beta | 1.9 | 1.9 | 
| SupportIPVSProxyMode | true | Beta | 1.10 | 1.10 | 
| SupportIPVSProxyMode | true | GA | 1.11 | - | 
| VolumeScheduling | false | Alpha | 1.9 | 1.9 | 
| VolumeScheduling | true | Beta | 1.10 | 1.12 | 
| VolumeScheduling | true | GA | 1.13 | - | 
| VolumeSubpath | true | GA | 1.13 | - | 
处于 *Alpha*、*Beta*、GA 阶段的功能 Alpha 功能代表:
Beta 功能代表:
注意:请尝试使用 Beta 功能并提供有关它们的反馈! 功能退出 Beta 后,对我们进行更多更改可能不切实际。
GA 功能也称为 稳定 功能,GA 功能代表着:
每个功能开关均设计用于启用或禁用特定功能:
Accelerators:使用 Docker 时启用 Nvidia GPU 支持。AdvancedAuditing:启用高级审查功能。AffinityInAnnotations(*已弃用*):启用 Pod 亲和力或反亲和力。AllowExtTrafficLocalEndpoints:启用服务用于将外部请求路由到节点本地终端。APIListChunking:启用 API 客户端以块的形式从 API 服务器检索(“LIST” 或 “GET”)资源。APIResponseCompression:压缩 “LIST” 或 “GET” 请求的 API 响应。AppArmor:使用 Docker 时,在 Linux 节点上启用基于 AppArmor 机制的强制访问控制。有关更多详细信息,请参见 AppArmor 教程。
<!–AttachVolumeLimit: Enable volume plugins to report limits on number of volumes
that can be attached to a node.
See dynamic volume limits for more details.BalanceAttachedNodeVolumes: Include volume count on node to be considered for balanced resource allocation
while scheduling. A node which has closer CPU, memory utilization, and volume count is favored by the scheduler
while making decisions.BlockVolume: Enable the definition and consumption of raw block devices in Pods.
See Raw Block Volume Support
for more details.BoundServiceAccountTokenVolume: Migrate ServiceAccount volumes to use a projected volume consisting of a
ServiceAccountTokenVolumeProjection.
Check Service Account Token Volumes
for more details.CPUManager: Enable container level CPU affinity support, see CPU Management Policies.
–>AttachVolumeLimit:启用卷插件用于报告可连接到节点的卷数限制。有关更多详细信息,请参见动态卷限制。BalanceAttachedNodeVolumes:包括要在调度时进行平衡资源分配的节点上的卷数。scheduler 在决策时会优先考虑 CPU、内存利用率和卷数更近的节点。BlockVolume:在 Pod 中启用原始块设备的定义和使用。有关更多详细信息,请参见原始块卷支持。BoundServiceAccountTokenVolume:迁移 ServiceAccount 卷以使用由 ServiceAccountTokenVolumeProjection 组成的预计卷。有关更多详细信息,请参见 Service Account Token 卷。CPUManager:启用容器级别的 CPU 亲和力支持,有关更多详细信息,请参见 CPU 管理策略。
<!–CRIContainerLogRotation: Enable container log rotation for cri container runtime.CSIBlockVolume: Enable external CSI volume drivers to support block storage. See the csi raw block volume support documentation for more details.CSIDriverRegistry: Enable all logic related to the CSIDriver API object in csi.storage.k8s.io.CSIInlineVolume: Enable CSI Inline volumes support for pods.CSIMigration: Enables shims and translation logic to route volume operations from in-tree plugins to corresponding pre-installed CSI pluginsCSIMigrationAWS: Enables shims and translation logic to route volume operations from the AWS-EBS in-tree plugin to EBS CSI pluginCSIMigrationAzureDisk: Enables shims and translation logic to route volume operations from the Azure-Disk in-tree plugin to Azure Disk CSI pluginCSIMigrationAzureFile: Enables shims and translation logic to route volume operations from the Azure-File in-tree plugin to Azure File CSI plugin
–>CRIContainerLogRotation:为 cri 容器运行时启用容器日志轮换。CSIBlockVolume:启用外部 CSI 卷驱动程序用于支持块存储。有关更多详细信息,请参见 csi 原始块卷支持。CSIDriverRegistry:在 csi.storage.k8s.io 中启用与 CSIDriver API 对象有关的所有逻辑。CSIInlineVolume:为 Pod 启用 CSI 内联卷支持。CSIMigration:确保填充和转换逻辑能够将卷操作从内嵌插件路由到相应的预安装 CSI 插件。CSIMigrationAWS:确保填充和转换逻辑能够将卷操作从 AWS-EBS 内嵌插件路由到 EBS CSI 插件。CSIMigrationAzureDisk:确保填充和转换逻辑能够将卷操作从 Azure 磁盘内嵌插件路由到 Azure 磁盘 CSI 插件。CSIMigrationAzureFile:确保填充和转换逻辑能够将卷操作从 Azure 文件内嵌插件路由到 Azure 文件 CSI 插件。
<!–CSIMigrationGCE: Enables shims and translation logic to route volume operations from the GCE-PD in-tree plugin to PD CSI pluginCSIMigrationOpenStack: Enables shims and translation logic to route volume operations from the Cinder in-tree plugin to Cinder CSI pluginCSINodeInfo: Enable all logic related to the CSINodeInfo API object in csi.storage.k8s.io.CSIPersistentVolume: Enable discovering and mounting volumes provisioned through a
CSI (Container Storage Interface)
compatible volume plugin.
Check the csi volume type documentation for more details.
–>CSIMigrationGCE:确保填充和转换逻辑能够将卷操作从 GCE-PD 内嵌插件路由到 PD CSI 插件CSIMigrationOpenStack:确保填充和转换逻辑能够将卷操作从 Cinder 内嵌插件路由到 Cinder CSI 插件。CSINodeInfo:在 csi.storage.k8s.io 中启用与 CSINodeInfo API 对象有关的所有逻辑。CSIPersistentVolume:启用发现并挂载通过 CSI(容器存储接口)兼容卷插件配置的卷。有关更多详细信息,请参见 csi 卷类型。
<!–CustomCPUCFSQuotaPeriod: Enable nodes to change CPUCFSQuotaPeriod.CustomPodDNS: Enable customizing the DNS settings for a Pod using its dnsConfig property.
Check Pod’s DNS Config
for more details.CustomResourceDefaulting: Enable CRD support for default values in OpenAPI v3 validation schemas.CustomResourcePublishOpenAPI: Enables publishing of CRD OpenAPI specs.CustomResourceSubresources: Enable /status and /scale subresources
on resources created from CustomResourceDefinition.CustomResourceValidation: Enable schema based validation on resources created from
CustomResourceDefinition.CustomResourceWebhookConversion: Enable webhook-based conversion
on resources created from CustomResourceDefinition.
troubleshoot a running Pod.
–>CustomCPUCFSQuotaPeriod:使节点能够更改 CPUCFSQuotaPeriod。CustomPodDNS:使用其 dnsConfig 属性启用 Pod 的自定义 DNS 设置。有关更多详细信息,请参见 Pod 的 DNS 配置。CustomResourceDefaulting:为 OpenAPI v3 验证架构中的默认值启用 CRD 支持。CustomResourcePublishOpenAPI:启用 CRD OpenAPI 规范的发布。CustomResourceSubresources:对于从 CustomResourceDefinition 中创建的资源启用 /status 和 /scale 子资源。CustomResourceValidation:对于从 CustomResourceDefinition 中创建的资源启用基于架构的验证。CustomResourceWebhookConversion:对于从 CustomResourceDefinition 中创建的资源启用基于 Webhook 的转换。
对正在运行的 Pod 进行故障排除。
<!–DevicePlugins: Enable the device-plugins
based resource provisioning on nodes.DryRun: Enable server-side dry run requests
so that validation, merging, and mutation can be tested without committing.DynamicAuditing: Enable dynamic auditingDynamicKubeletConfig: Enable the dynamic configuration of kubelet. See Reconfigure kubelet.DynamicProvisioningScheduling: Extend the default scheduler to be aware of volume topology and handle PV provisioning.
This feature is superceded by the VolumeScheduling feature completely in v1.12.DynamicVolumeProvisioning(deprecated): Enable the dynamic provisioning of persistent volumes to Pods.
–>DevicePlugins:在节点上启用基于 device-plugins 的资源供应。DryRun:启用服务器端 dry run 请求,以便无需提交即可测试验证、合并和差异化。DynamicAuditing:确保动态审查。DynamicKubeletConfig:启用 kubelet 的动态配置。请参阅重新配置 kubelet。DynamicProvisioningScheduling:扩展默认 scheduler 以了解卷拓扑并处理 PV 配置。此功能已在 v1.12 中完全由 VolumeScheduling 功能取代。DynamicVolumeProvisioning(*已弃用*):启用持久化卷到 Pod 的动态预配置。
<!–EnableAggregatedDiscoveryTimeout (deprecated): Enable the five second timeout on aggregated discovery calls.EnableEquivalenceClassCache: Enable the scheduler to cache equivalence of nodes when scheduling Pods.EphemeralContainers: Enable the ability to add ephemeral containers您可以在 Pod 中临时运行的一种容器类型
 to running pods.EvenPodsSpread: Enable pods to be scheduled evenly across topology domains. See Even Pods Spread.ExpandInUsePersistentVolumes: Enable expanding in-use PVCs. See Resizing an in-use PersistentVolumeClaim.ExpandPersistentVolumes: Enable the expanding of persistent volumes. See Expanding Persistent Volumes Claims.ExperimentalCriticalPodAnnotation: Enable annotating specific pods as critical so that their scheduling is guaranteed.
This feature is deprecated by Pod Priority and Preemption as of v1.13.
–>EnableAggregatedDiscoveryTimeout (*已弃用*):对聚集的发现调用启用五秒钟超时设置。EnableEquivalenceClassCache:调度 Pod 时,使 scheduler 缓存节点的等效项。EphemeralContainers:启用添加 临时容器您可以在 Pod 中临时运行的一种容器类型
 到正在运行的 Pod 的功能。EvenPodsSpread:使 Pod 能够在拓扑域之间平衡调度。请参阅 Even Pods Spread。ExpandInUsePersistentVolumes:启用扩展使用中的 PVC。请查阅 调整使用中的 PersistentVolumeClaim 的大小。ExpandPersistentVolumes:启用持久卷的扩展。请查阅扩展永久卷声明。ExperimentalCriticalPodAnnotation:启用将特定 Pod 注解为 critical 的方式,用于确保其调度。从 v1.13 开始,Pod 优先级和抢占功能已弃用此功能。
<!–ExperimentalHostUserNamespaceDefaultingGate: Enabling the defaulting user
namespace to host. This is for containers that are using other host namespaces,
host mounts, or containers that are privileged or using specific non-namespaced
capabilities (e.g. MKNODE, SYS_MODULE etc.). This should only be enabled
if user namespace remapping is enabled in the Docker daemon.EndpointSlice: Enables Endpoint Slices for more scalable and extensible
network endpoints. Requires corresponding API and Controller to be enabled.
See Enabling Endpoint Slices.GCERegionalPersistentDisk: Enable the regional PD feature on GCE.HugePages: Enable the allocation and consumption of pre-allocated huge pages.
–>ExperimentalHostUserNamespaceDefaultingGate:启用默认的用户命名空间进行托管。这适用于使用其他主机命名空间、主机安装的容器,或具有特权或使用特定的非命名空间功能(例如MKNODE、SYS_MODULE等)的容器。如果在 Docker 守护程序中启用了用户命名空间重新映射,则启用此选项。EndpointSlice:启用端点切片以实现更多可扩展的网络端点。需要启用相应的 API 和控制器,请参阅启用端点切片。GCERegionalPersistentDisk:在 GCE 上启用区域 PD 功能。HugePages: 启用分配和使用预分配的 huge pages。
<!–HyperVContainer: Enable Hyper-V isolation for Windows containers.HPAScaleToZero: Enables setting minReplicas to 0 for HorizontalPodAutoscaler resources when using custom or external metrics.KubeletConfigFile: Enable loading kubelet configuration from a file specified using a config file.
See setting kubelet parameters via a config file for more details.KubeletPluginsWatcher: Enable probe-based plugin watcher utility to enable kubelet
to discover plugins such as CSI volume drivers.KubeletPodResources: Enable the kubelet’s pod resources grpc endpoint.
See Support Device Monitoring for more details.LegacyNodeRoleBehavior: When disabled, legacy behavior in service load balancers and node disruption will ignore the node-role.kubernetes.io/master label in favor of the feature-specific labels.
–>HyperVContainer:为 Windows 容器启用Hyper-V 隔离。HPAScaleToZero:使用自定义指标或外部指标时,可将 HorizontalPodAutoscaler 资源的 minReplicas 设置为 0。KubeletConfigFile:启用从使用配置文件指定的文件中加载 kubelet 配置。有关更多详细信息,请参见通过配置文件设置 kubelet 参数。KubeletPluginsWatcher:启用基于探针的插件监视应用程序,使 kubelet 能够发现插件,例如 CSI 卷驱动程序。KubeletPodResources:启用 kubelet 的 pod 资源 grpc 端点。有关更多详细信息,请参见支持设备监控。LegacyNodeRoleBehavior:禁用此选项后,服务负载均衡器中的旧版操作和节点中断将忽略 node-role.kubernetes.io/master 标签,而使用特定于功能的标签。
<!–LocalStorageCapacityIsolation: Enable the consumption of local ephemeral storage and also the sizeLimit property of an emptyDir volume.LocalStorageCapacityIsolationFSQuotaMonitoring: When LocalStorageCapacityIsolation is enabled for local ephemeral storage and the backing filesystem for emptyDir volumes supports project quotas and they are enabled, use project quotas to monitor emptyDir volume storage consumption rather than filesystem walk for better performance and accuracy.MountContainers: Enable using utility containers on host as the volume mounter.MountPropagation: Enable sharing volume mounted by one container to other containers or pods.
For more details, please see mount propagation.NodeDisruptionExclusion: Enable use of the node label node.kubernetes.io/exclude-disruption which prevents nodes from being evacuated during zone failures.
–>LocalStorageCapacityIsolation:启用本地临时存储的消耗,以及 emptyDir 卷 的 sizeLimit 属性。LocalStorageCapacityIsolationFSQuotaMonitoring:如果为本地临时存储启用了 LocalStorageCapacityIsolation,并且 emptyDir 卷 的后备文件系统支持项目配额,并且启用了这些配额,请使用项目配额来监视 emptyDir 卷的存储消耗而不是遍历文件系统,以此获得更好的性能和准确性。MountContainers:在主机上启用将应用程序容器用作卷安装程序。MountPropagation:启用将一个容器安装的共享卷共享到其他容器或 Pod。有关更多详细信息,请参见 mount propagation。NodeDisruptionExclusion:启用节点标签 node.kubernetes.io/exclude-disruption,以防止在区域故障期间驱逐节点。
<!–NodeLease: Enable the new Lease API to report node heartbeats, which could be used as a node health signal.NonPreemptingPriority: Enable NonPreempting option for PriorityClass and Pod.PersistentLocalVolumes: Enable the usage of local volume type in Pods.
Pod affinity has to be specified if requesting a local volume.PodOverhead: Enable the PodOverhead feature to account for pod overheads.PodPriority: Enable the descheduling and preemption of Pods based on their priorities.PodReadinessGates: Enable the setting of PodReadinessGate field for extending
Pod readiness evaluation.  See Pod readiness gate
for more details.
–>NodeLease:启用新的租赁 API 以报告节点心跳,可用作节点运行状况信号。NonPreemptingPriority:为 PriorityClass 和 Pod 启用 NonPreempting 选项。PersistentLocalVolumes:在 Pod 中启用 “本地” 卷类型的使用。如果请求 “本地” 卷,则必须指定 Pod 亲和力。PodOverhead:启用 PodOverhead 功能以解决 Pod 开销。PodPriority:根据优先级启用 Pod 的调度和抢占。PodReadinessGates:启用 PodReadinessGate 字段的设置以扩展 Pod 准备状态评估。有关更多详细信息,请参见 Pod readiness 功能开关。
<!–PodShareProcessNamespace: Enable the setting of shareProcessNamespace in a Pod for sharing
a single process namespace between containers running in a pod.  More details can be found in
Share Process Namespace between Containers in a Pod.ProcMountType: Enables control over ProcMountType for containers.PVCProtection: Enable the prevention of a PersistentVolumeClaim (PVC) from
being deleted when it is still used by any Pod.
More details can be found here.QOSReserved: Allows resource reservations at the QoS level preventing pods at lower QoS levels from
bursting into resources requested at higher QoS levels (memory only for now).ResourceLimitsPriorityFunction: Enable a scheduler priority function that
assigns a lowest possible score of 1 to a node that satisfies at least one of
the input Pod’s cpu and memory limits. The intent is to break ties between
nodes with same scores.
–>PodShareProcessNamespace:在 Pod 中启用 shareProcessNamespace 的设置,以便在 Pod 中运行的容器之间共享单个进程命名空间。更多详细信息,请参见在 Pod 中的容器之间共享进程命名空间。ProcMountType:启用对容器的 ProcMountType 的控制。PVCProtection:启用防止任何 Pod 仍使用 PersistentVolumeClaim(PVC) 删除的功能。可以在此处中找到更多详细信息。QOSReserved:允许在 QoS 级别进行资源预留,以防止处于较低 QoS 级别的 Pod 突发进入处于较高 QoS 级别的请求资源(仅适用于内存)。ResourceLimitsPriorityFunction:启用 scheduler 优先级功能,该功能将最低可能得 1 分配给至少满足输入 Pod 的 cpu 和内存限制之一的节点,目的是打破得分相同的节点之间的联系。
<!–RequestManagement: Enable managing request concurrency with prioritization and fairness at each server.ResourceQuotaScopeSelectors: Enable resource quota scope selectors.RotateKubeletClientCertificate: Enable the rotation of the client TLS certificate on the kubelet.
See kubelet configuration for more details.RotateKubeletServerCertificate: Enable the rotation of the server TLS certificate on the kubelet.
See kubelet configuration for more details.RunAsGroup: Enable control over the primary group ID set on the init processes of containers.RuntimeClass: Enable the RuntimeClass feature for selecting container runtime configurations.ScheduleDaemonSetPods: Enable DaemonSet Pods to be scheduled by the default scheduler instead of the DaemonSet controller.
–>RequestManagement:在每个服务器上启用具有优先级和公平性的管理请求并发性。ResourceQuotaScopeSelectors:启用资源配额范围选择器。RotateKubeletClientCertificate:在 kubelet 上启用客户端 TLS 证书的轮换。有关更多详细信息,请参见 kubelet 配置。RotateKubeletServerCertificate:在 kubelet 上启用服务器 TLS 证书的轮换。有关更多详细信息,请参见 kubelet 配置。RunAsGroup:启用对容器初始化过程中设置的主要组 ID 的控制。RuntimeClass:启用RuntimeClass 功能用于选择容器运行时配置。ScheduleDaemonSetPods:启用 DaemonSet Pods 由默认调度程序而不是 DaemonSet 控制器进行调度。
<!–SCTPSupport: Enables the usage of SCTP as protocol value in Service, Endpoint, NetworkPolicy and Pod definitionsServerSideApply: Enables the Sever Side Apply (SSA) path at the API Server.ServiceLoadBalancerFinalizer: Enable finalizer protection for Service load balancers.ServiceNodeExclusion: Enable the exclusion of nodes from load balancers created by a cloud provider.
A node is eligible for exclusion if labelled with “alpha.service-controller.kubernetes.io/exclude-balancer” key (when LegacyNodeRoleBehavior is on) or node.kubernetes.io/exclude-from-external-load-balancers.StartupProbe: Enable the startup probe in the kubelet.StorageObjectInUseProtection: Postpone the deletion of PersistentVolume or
PersistentVolumeClaim objects if they are still being used.
–>SCTPSupport:在 “服务”、“端点”、“NetworkPolicy” 和 “Pod” 定义中,将 SCTP 用作 “协议” 值。ServerSideApply:在 API 服务器上启用服务器端应用(SSA) 路径。ServiceLoadBalancerFinalizer:为服务负载均衡器启用终结器保护。ServiceNodeExclusion:启用从云提供商创建的负载均衡器中排除节点。如果节点标记有 alpha.service-controller.kubernetes.io/exclude-balancer 键(启用 LegacyNodeRoleBehavior 时)或 node.kubernetes.io/exclude-from-external-load-balancers,则可以排除节点。StartupProbe:在 kubelet 中启用 startup 探针。StorageObjectInUseProtection:如果仍在使用 PersistentVolume 或 PersistentVolumeClaim 对象,则将其推迟。
<!–StorageVersionHash: Allow apiservers to expose the storage version hash in the discovery.StreamingProxyRedirects: Instructs the API server to intercept (and follow)
redirects from the backend (kubelet) for streaming requests.
Examples of streaming requests include the exec, attach and port-forward requests.SupportIPVSProxyMode: Enable providing in-cluster service load balancing using IPVS.
See service proxies for more details.SupportPodPidsLimit: Enable the support to limiting PIDs in Pods.Sysctls: Enable support for namespaced kernel parameters (sysctls) that can be set for each pod.
See sysctls for more details.
–>StorageVersionHash:允许 apiserver 在发现中公开存储版本的哈希值。StreamingProxyRedirects:指示 API 服务器拦截(并遵循)从后端(kubelet)进行重定向以处理流请求。流请求的例子包括 exec、attach 和 port-forward 请求。SupportIPVSProxyMode:启用使用 IPVS 提供集群内服务负载平衡。有关更多详细信息,请参见服务代理。SupportPodPidsLimit:启用支持限制 Pod 中的进程 PID。Sysctls:启用对可以为每个 Pod 设置的命名空间内核参数(sysctls)的支持。有关更多详细信息,请参见 sysctls。
<!–TaintBasedEvictions: Enable evicting pods from nodes based on taints on nodes and tolerations on Pods.
See taints and tolerations for more details.TaintNodesByCondition: Enable automatic tainting nodes based on node conditions.TokenRequest: Enable the TokenRequest endpoint on service account resources.TokenRequestProjection: Enable the injection of service account tokens into
a Pod through the projected volume.TTLAfterFinished: Allow a TTL controller to clean up resources after they finish execution.
–>TaintBasedEvictions:根据节点上的污点和 Pod 上的容忍度启用从节点驱逐 Pod 的功能。有关更多详细信息,请参见污点和容忍度。TaintNodesByCondition:根据节点条件启用自动在节点标记污点。TokenRequest:在服务帐户资源上启用 TokenRequest 端点。TokenRequestProjection:启用通过 projected 卷 将服务帐户令牌注入到 Pod 中的功能。TTLAfterFinished:完成执行后,允许 TTL 控制器清理资源。
<!–VolumePVCDataSource: Enable support for specifying an existing PVC as a DataSource.VolumeScheduling: Enable volume topology aware scheduling and make the
PersistentVolumeClaim (PVC) binding aware of scheduling decisions. It also
enables the usage of local volume
type when used together with the PersistentLocalVolumes feature gate.VolumeSnapshotDataSource: Enable volume snapshot data source support.
–>VolumePVCDataSource:启用对将现有 PVC 指定数据源的支持。VolumeScheduling:启用卷拓扑感知调度,并使 PersistentVolumeClaim(PVC)绑定调度决策;当与 PersistentLocalVolumes 功能开关一起使用时,还可以使用 PersistentLocalVolumes 卷类型。VolumeSnapshotDataSource:启用卷快照数据源支持。
<!–VolumeSubpathEnvExpansion: Enable subPathExpr field for expanding environment variables into a subPath.WatchBookmark: Enable support for watch bookmark events.WindowsGMSA: Enables passing of GMSA credential specs from pods to container runtimes.WinDSR: Allows kube-proxy to create DSR loadbalancers for Windows.WinOverlay: Allows kube-proxy to run in overlay mode for Windows.
–>VolumeSubpathEnvExpansion:启用 subPathExpr 字段用于将环境变量扩展为 subPath。WatchBookmark:启用对监测 bookmark 事件的支持。WindowsGMSA:允许将 GMSA 凭据规范从 Pod 传递到容器运行时。WinDSR:允许 kube-proxy 为 Windows 创建 DSR 负载均衡器。WinOverlay:允许 kube-proxy 在 Windows 的 overlay 模式下运行。title: 功能开关 weight: 10 title: 功能开关
此页是否对您有帮助?
感谢反馈。如果您有一个关于如何使用 Kubernetes 的特定的、需要答案的问题,可以访问 Stack Overflow. 在 GitHub 仓库上登记新的问题 报告问题 或者 提出改进建议.