From 9795352deb5f1b7e5510d50653975abb6a91a4d6 Mon Sep 17 00:00:00 2001 From: Troy Connor Date: Fri, 1 Dec 2023 10:35:22 -0500 Subject: [PATCH] UnauthenticatedHTTP2DOSMitigation default in 1.29 is set to true Signed-off-by: Troy Connor --- .../reference/command-line-tools-reference/feature-gates.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates.md b/content/en/docs/reference/command-line-tools-reference/feature-gates.md index b316b6085f8e4..6b891d9709012 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates.md @@ -212,6 +212,8 @@ For a reference to old feature gates that are removed, please refer to | `TopologyManagerPolicyOptions` | `false` | Alpha | 1.26 | 1.27 | | `TopologyManagerPolicyOptions` | `true` | Beta | 1.28 | | | `TranslateStreamCloseWebsocketRequests` | `false` | Alpha | 1.29 | | +| `UnauthenticatedHTTP2DOSMitigation` | `false` | Beta | 1.28 | | +| `UnauthenticatedHTTP2DOSMitigation` | `true` | Beta | 1.29 | | | `UnknownVersionInteroperabilityProxy` | `false` | Alpha | 1.28 | | | `UserNamespacesPodSecurityStandards` | `false` | Alpha | 1.29 | | | `UserNamespacesSupport` | `false` | Alpha | 1.28 | | @@ -805,6 +807,9 @@ Each feature gate is designed for enabling/disabling a specific feature: - `TranslateStreamCloseWebsocketRequests`: Allow WebSocket streaming of the remote command sub-protocol (`exec`, `cp`, `attach`) from clients requesting version 5 (v5) of the sub-protocol. +- `UnauthenticatedHTTP2DOSMitigation`: Enables HTTP/2 Denial of Service (DoS) + mitigations for unauthenticated clients. + Kubernetes v1.28.0 through v1.28.2 do not include this feature gate. - `UnknownVersionInteroperabilityProxy`: Proxy resource requests to the correct peer kube-apiserver when multiple kube-apiservers exist at varied versions. See [Mixed version proxy](/docs/concepts/architecture/mixed-version-proxy/) for more information.