Feature Gates
Feature gates enables contributors to add and manage new (and potentially experimental) functionality to the KIC in a controlled manner. The features will be “hidden” until generally available (GA) and the progress and maturity of features on their path to GA will be documented. Feature gates also create a clear path for deprecating features.
Upstream Kubernetes includes feature gates, which enable or disable features with flags and track the maturity of a feature using feature stages.
The same definitions of feature gates
and feature stages
from upstream Kubernetes are used to define KIC’s list of features.
Available feature gates
Feature | Default | Stage | Since | Until |
---|---|---|---|---|
GatewayAlpha | false |
Alpha | 2.6.0 | TBD |
FillIDs | true |
Beta | 3.0.0 | TBD |
RewriteURIs | false |
Alpha | 2.12.0 | TBD |
KongServiceFacade | false |
Alpha | 3.1.0 | TBD |
SanitizeKonnectConfigDumps | true |
Beta | 3.1.0 | TBD |
FallbackConfiguration | false |
Alpha | 3.2.0 | TBD |
KongCustomEntity | false |
Alpha | 3.2.0 | 3.3.0 |
KongCustomEntity | true |
Beta | 3.3.0 | TBD |
Using feature gates
To enable feature gates, provide the --feature-gates
flag when launching KIC, or set the CONTROLLER_FEATURE_GATES
environment variable.
Feature gates consist of a comma-delimited set of key=value
pairs. For example, if you wanted to enable FillIDs
and RewriteURIs
, you’d set CONTROLLER_FEATURE_GATES=FillIDs=true,RewriteURIs=true
.
To enable features via Helm, set the following in your values.yaml
:
ingressController:
env:
feature_gates: FillIDs=true,RewriteURIs=true
To test a feature gate in an existing deployment, use kubectl set env
.
kubectl set env -n kong deployment/kong-controller CONTROLLER_FEATURE_GATES="FillIDs=true,RewriteURIs=true" -c ingress-controller
Feature gate availability
- The since and until rows in the table above refer to KIC Releases.
- Most features will be planned using Kubernetes Enhancement Proposals (KEP). If you’re interested in developing features, familiarize yourself with KIC’s KEPs.
- Features that are currently in alpha or beta states may become deprecated at any time. Deprecated features are removed during the next minor release.
- Until a feature becomes GA, there are no guarantees that will continue being available. For more information, see the changelog.
Important: To avoid disruption to your services consider not using features until they have reached GA status.
Feature gate details
SanitizeKonnectConfigDumps
The SanitizeKonnectConfigDumps
feature enables the sanitization of configuration dumps that are sent to Konnect.
This means Kong Ingress Controller will obfuscate all sensitive information that your Kong config contains, such as
private keys in Certificate
entities and Consumer
entities’ credentials.
Warning:
KongPlugin
’s andKongClusterPlugin
’sconfig
field is not sanitized. If you have sensitive information in yourKongPlugin
’sconfig
field, it will be sent to Konnect as is. To avoid that, please consider using KongVault.