config-features created 2021-08-30 18:59:53, version 6568 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
apiVersion: v1
data:
  _example: '################################

    #                              #

    #    EXAMPLE CONFIGURATION     #

    #                              #

    ################################


    # This block is not actually functional configuration,

    # but serves to illustrate the available configuration

    # options and document them in a way that is accessible

    # to users that `kubectl edit` this config map.

    #

    # These sample configuration options may be copied out of

    # this example block and unindented to be in the data block

    # to actually change the configuration.


    # Indicates whether multi container support is enabled

    #

    # WARNING: Cannot safely be disabled once enabled.

    # See: https://knative.dev/docs/serving/feature-flags/#multi-containers

    multi-container: "enabled"


    # Indicates whether Kubernetes affinity support is enabled

    #

    # WARNING: Cannot safely be disabled once enabled.

    # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-affinity

    kubernetes.podspec-affinity: "disabled"


    # Indicates whether Kubernetes hostAliases support is enabled

    #

    # WARNING: Cannot safely be disabled once enabled.

    # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-host-aliases

    kubernetes.podspec-hostaliases: "disabled"


    # Indicates whether Kubernetes nodeSelector support is enabled

    #

    # WARNING: Cannot safely be disabled once enabled.

    # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-selector

    kubernetes.podspec-nodeselector: "disabled"


    # Indicates whether Kubernetes tolerations support is enabled

    #

    # WARNING: Cannot safely be disabled once enabled

    # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-toleration

    kubernetes.podspec-tolerations: "disabled"


    # Indicates whether Kubernetes FieldRef support is enabled

    #

    # WARNING: Cannot safely be disabled once enabled.

    # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-fieldref

    kubernetes.podspec-fieldref: "disabled"


    # Indicates whether Kubernetes RuntimeClassName support is enabled

    #

    # WARNING: Cannot safely be disabled once enabled.

    # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-runtime-class

    kubernetes.podspec-runtimeclassname: "disabled"


    # This feature allows end-users to set a subset of fields on the Pod''s SecurityContext

    # in addition to expanding the allowable fields within a Container''s SecurityContext.

    #

    # When set to "enabled" or "allowed" it allows the following

    # PodSecurityContext properties:

    # - FSGroup

    # - RunAsGroup

    # - RunAsNonRoot

    # - SupplementalGroups

    # - RunAsUser

    #

    # When set to "enabled" or "allowed" it allows the following

    # Container SecurityContext properties:

    # - RunAsNonRoot

    # - RunAsGroup

    # - RunAsUser (already allowed without this flag)

    #

    # This feature flag should be used with caution as the PodSecurityContext

    # properties may have a side-effect on non-user sidecar containers that come

    # from Knative or your service mesh

    #

    # WARNING: Cannot safely be disabled once enabled.

    # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-security-context

    kubernetes.podspec-securitycontext: "disabled"


    # This feature flag allows end-users to add a subset of capabilities on the Pod''s
    SecurityContext.

    #

    # When set to "enabled" or "allowed" it allows capabilities to be added to the
    container.

    # For a list of possible capabilities, see https://man7.org/linux/man-pages/man7/capabilities.7.html

    kubernetes.containerspec-addcapabilities: "disabled"


    # This feature validates PodSpecs from the validating webhook

    # against the K8s API Server.

    #

    # When "enabled", the server will always run the extra validation.

    # When "allowed", the server will not run the dry-run validation by default.

    #   However, clients may enable the behavior on an individual Service by

    #   attaching the following metadata annotation: "features.knative.dev/podspec-dryrun":"enabled".

    # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dry-run

    kubernetes.podspec-dryrun: "allowed"


    # Controls whether tag header based routing feature are enabled or not.

    # 1. Enabled: enabling tag header based routing

    # 2. Disabled: disabling tag header based routing

    # See: https://knative.dev/docs/serving/feature-flags/#tag-header-based-routing

    tag-header-based-routing: "disabled"


    # Controls whether http2 auto-detection should be enabled or not.

    # 1. Enabled: http2 connection will be attempted via upgrade.

    # 2. Disabled: http2 connection will only be attempted when port name is set to
    "h2c".

    autodetect-http2: "disabled"'
kind: ConfigMap
metadata:
  annotations:
    knative.dev/example-checksum: 8c1f8302
    kubectl.kubernetes.io/last-applied-configuration: '{"apiVersion":"v1","data":{"_example":"################################\n#                              #\n#    EXAMPLE
      CONFIGURATION     #\n#                              #\n################################\n\n#
      This block is not actually functional configuration,\n# but serves to illustrate
      the available configuration\n# options and document them in a way that is accessible\n#
      to users that `kubectl edit` this config map.\n#\n# These sample configuration
      options may be copied out of\n# this example block and unindented to be in the
      data block\n# to actually change the configuration.\n\n# Indicates whether multi
      container support is enabled\n#\n# WARNING: Cannot safely be disabled once enabled.\n#
      See: https://knative.dev/docs/serving/feature-flags/#multi-containers\nmulti-container:
      \"enabled\"\n\n# Indicates whether Kubernetes affinity support is enabled\n#\n#
      WARNING: Cannot safely be disabled once enabled.\n# See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-affinity\nkubernetes.podspec-affinity:
      \"disabled\"\n\n# Indicates whether Kubernetes hostAliases support is enabled\n#\n#
      WARNING: Cannot safely be disabled once enabled.\n# See: https://knative.dev/docs/serving/feature-flags/#kubernetes-host-aliases\nkubernetes.podspec-hostaliases:
      \"disabled\"\n\n# Indicates whether Kubernetes nodeSelector support is enabled\n#\n#
      WARNING: Cannot safely be disabled once enabled.\n# See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-selector\nkubernetes.podspec-nodeselector:
      \"disabled\"\n\n# Indicates whether Kubernetes tolerations support is enabled\n#\n#
      WARNING: Cannot safely be disabled once enabled\n# See: https://knative.dev/docs/serving/feature-flags/#kubernetes-toleration\nkubernetes.podspec-tolerations:
      \"disabled\"\n\n# Indicates whether Kubernetes FieldRef support is enabled\n#\n#
      WARNING: Cannot safely be disabled once enabled.\n# See: https://knative.dev/docs/serving/feature-flags/#kubernetes-fieldref\nkubernetes.podspec-fieldref:
      \"disabled\"\n\n# Indicates whether Kubernetes RuntimeClassName support is enabled\n#\n#
      WARNING: Cannot safely be disabled once enabled.\n# See: https://knative.dev/docs/serving/feature-flags/#kubernetes-runtime-class\nkubernetes.podspec-runtimeclassname:
      \"disabled\"\n\n# This feature allows end-users to set a subset of fields on
      the Pod''s SecurityContext\n# in addition to expanding the allowable fields
      within a Container''s SecurityContext.\n#\n# When set to \"enabled\" or \"allowed\"
      it allows the following\n# PodSecurityContext properties:\n# - FSGroup\n# -
      RunAsGroup\n# - RunAsNonRoot\n# - SupplementalGroups\n# - RunAsUser\n#\n# When
      set to \"enabled\" or \"allowed\" it allows the following\n# Container SecurityContext
      properties:\n# - RunAsNonRoot\n# - RunAsGroup\n# - RunAsUser (already allowed
      without this flag)\n#\n# This feature flag should be used with caution as the
      PodSecurityContext\n# properties may have a side-effect on non-user sidecar
      containers that come\n# from Knative or your service mesh\n#\n# WARNING: Cannot
      safely be disabled once enabled.\n# See: https://knative.dev/docs/serving/feature-flags/#kubernetes-security-context\nkubernetes.podspec-securitycontext:
      \"disabled\"\n\n# This feature flag allows end-users to add a subset of capabilities
      on the Pod''s SecurityContext.\n#\n# When set to \"enabled\" or \"allowed\"
      it allows capabilities to be added to the container.\n# For a list of possible
      capabilities, see https://man7.org/linux/man-pages/man7/capabilities.7.html\nkubernetes.containerspec-addcapabilities:
      \"disabled\"\n\n# This feature validates PodSpecs from the validating webhook\n#
      against the K8s API Server.\n#\n# When \"enabled\", the server will always run
      the extra validation.\n# When \"allowed\", the server will not run the dry-run
      validation by default.\n#   However, clients may enable the behavior on an individual
      Service by\n#   attaching the following metadata annotation: \"features.knative.dev/podspec-dryrun\":\"enabled\".\n#
      See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dry-run\nkubernetes.podspec-dryrun:
      \"allowed\"\n\n# Controls whether tag header based routing feature are enabled
      or not.\n# 1. Enabled: enabling tag header based routing\n# 2. Disabled: disabling
      tag header based routing\n# See: https://knative.dev/docs/serving/feature-flags/#tag-header-based-routing\ntag-header-based-routing:
      \"disabled\"\n\n# Controls whether http2 auto-detection should be enabled or
      not.\n# 1. Enabled: http2 connection will be attempted via upgrade.\n# 2. Disabled:
      http2 connection will only be attempted when port name is set to \"h2c\".\nautodetect-http2:
      \"disabled\""},"kind":"ConfigMap","metadata":{"annotations":{"knative.dev/example-checksum":"8c1f8302"},"labels":{"serving.knative.dev/release":"v0.24.0"},"name":"config-features","namespace":"knative-serving","ownerReferences":[{"apiVersion":"operator.knative.dev/v1alpha1","blockOwnerDeletion":true,"controller":true,"kind":"KnativeServing","name":"knative-serving","uid":"5162f181-a47b-4465-a388-ee8a99ad290e"}]}}

      '
  creationTimestamp: '2021-08-30T18:59:53Z'
  labels:
    serving.knative.dev/release: v0.24.0
  managedFields:
  - apiVersion: v1
    fieldsType: FieldsV1
    fieldsV1:
      f:data:
        .: {}
        f:_example: {}
      f:metadata:
        f:annotations:
          .: {}
          f:knative.dev/example-checksum: {}
          f:kubectl.kubernetes.io/last-applied-configuration: {}
        f:labels:
          .: {}
          f:serving.knative.dev/release: {}
        f:ownerReferences:
          .: {}
          k:{"uid":"5162f181-a47b-4465-a388-ee8a99ad290e"}:
            .: {}
            f:apiVersion: {}
            f:blockOwnerDeletion: {}
            f:controller: {}
            f:kind: {}
            f:name: {}
            f:uid: {}
    manager: manifestival
    operation: Update
    time: '2021-08-30T19:00:06Z'
  name: config-features
  namespace: knative-serving
  ownerReferences:
  - apiVersion: operator.knative.dev/v1alpha1
    blockOwnerDeletion: true
    controller: true
    kind: KnativeServing
    name: knative-serving
    uid: 5162f181-a47b-4465-a388-ee8a99ad290e
  resourceVersion: '6568'
  uid: 2bb3be8e-e8b9-45f2-aa67-122f4d3dc0bb