Feature Gates — How to enable Kubernetes Alpha features
Recently I wanted to experiment with the new Pod Security Admission controller which is an alpha feature in Kubernetes 1.22. The documentation says you need to enable the feature gate. However, at first, it was not evident to me how to enable those feature gates and didn’t find any detailed tutorial. So I decided to share what I found out.
The way, or possibility, to enable a feature gate will vary based on the type of Kubernetes distribution you use, so I will try to cover instructions for different scenarios.
Using a cloud provider
If you use a Kubernetes offer from one of the large public cloud provider such as GKE, AKS or EKS you may be out of luck as most of them don’t offer any way to enable alpha features. This makes some sense as in this case the control plan is completely managed by the cloud provider and it will be hard for them to offer support and SLA when alpha features are used.
Based on my research only Google offer it through the creation of an Alpha cluster where all alpha features are enabled.
Azure doesn’t offer it but it seems to be on their roadmap to have sandbox clusters which would be similar to Google’s alpha clusters.
And from AWS FAQ we can find that alpha features are not supported.
Amazon EKS supports all general availability features of the Kubernetes API, as well as beta features which are enabled by default. Alpha features aren’t supported.
If anyone know of another way to enable feature gates on a cloud managed Kubernetes, please let me know in the comments.
Using a local cluster
If you have your own cluster, then you should be able to enable the feature gates. And by the way, your‘ local cluster’ can be hosted on cloud VMs, you just need to deploy and manage it yourself.
Minikube
Minikube offers a straightforward way to enable a feature gate with a command-line argument when starting the cluster.
minikube start --feature-gates=PodSecurity=trueReference: https://minikube.sigs.k8s.io/docs/handbook/config/#enabling-feature-gates
kind
Kind also has an easy way to do this through an option in the configuration file.
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
featureGates:
"PodSecurity": trueReference: https://kind.sigs.k8s.io/docs/user/configuration/#feature-gates
kubeadm
If you deployed your cluster with kubeadm then you may have more work to do. You basically need to add the — feature-gate argument to every component of Kubernetes with the list of features you wish to enable. Namely kubelet, kube-apiserver, kube-controller-manager and kube-scheduler.
The location of the different configuration files may vary if you customized the installation, but the ones listed here are from a default kubeadm install on Ubuntu.
kubelet: kubelet is started through systemd, you will need to edit the config file stored at /etc/systemd/system/kubelet.service.d/10-kubeadm.conf and add the arguments to one of the variables
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --feature-gates=PodSecurity=true"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"You will then need to reload the config and restart the kubelet service.
sudo systemctl daemon-reload
sudo systemctl restart kubeletkube-apiserver, kube-controller-manager and kube-scheduler: These components are started as static pods, you can find their manifests in the /etc/kubernetes/manifests/ folder. You need to add the argument in each of the file. Example for kube-scheduler.
Note: if your cluster has multiple nodes you will need to make the changes on every node where the components are deployed.
Conclusion
I hope these instructions can save you some time if you want to try a Kubernetes Alpha feature. If you know of any other ways to enable those or have instructions for other Kubernetes distributions please post a comment below and I will update the article.
Join FAUN: Website 💻|Podcast 🎙️|Twitter 🐦|Facebook 👥|Instagram 📷|Facebook Group 🗣️|Linkedin Group 💬| Slack 📱|Cloud Native News 📰|More.
If this post was helpful, please click the clap 👏 button below a few times to show your support for the author 👇
