const (
	// owner: @ilackams
	//
	// Enables compression of REST responses (GET and LIST only)
	APIResponseCompression featuregate.Feature = "APIResponseCompression"

	// owner: @roycaihw
	//
	// Assigns each kube-apiserver an ID in a cluster.
	APIServerIdentity featuregate.Feature = "APIServerIdentity"

	// owner: @dashpole
	//
	// Add support for distributed tracing in the API Server
	APIServerTracing featuregate.Feature = "APIServerTracing"

	// owner: @linxiulei
	//
	// Enables serving watch requests in separate goroutines.
	APIServingWithRoutine featuregate.Feature = "APIServingWithRoutine"

	// owner: @jefftree
	//
	// Remove the v2beta1 apidiscovery.k8s.io/v2beta1 group version. Aggregated
	// discovery implements its own handlers and follows a different lifecycle than
	// traditional k8s resources.
	AggregatedDiscoveryRemoveBetaType featuregate.Feature = "AggregatedDiscoveryRemoveBetaType"

	// owner: @modulitos
	//
	// Allow user.DefaultInfo.UID to be set from x509 cert during cert auth.
	AllowParsingUserUIDFromCertAuth featuregate.Feature = "AllowParsingUserUIDFromCertAuth"

	// owner: @stlaz @tkashem @dgrisonnet
	// kep: https://kep.k8s.io/3926
	//
	// Enables the cluster admin to identify resources that fail to
	// decrypt or fail to be decoded into an object, and introduces
	// a new delete option to allow deletion of such corrupt
	// resources using the Kubernetes API only.
	AllowUnsafeMalformedObjectDeletion featuregate.Feature = "AllowUnsafeMalformedObjectDeletion"

	// owner: @vinayakankugoyal
	// kep: https://kep.k8s.io/4633
	//
	// Allows us to enable anonymous auth for only certain apiserver endpoints.
	AnonymousAuthConfigurableEndpoints featuregate.Feature = "AnonymousAuthConfigurableEndpoints"

	// owner: @deads2k
	// kep: https://kep.k8s.io/4601
	//
	// Allows authorization to use field and label selectors.
	AuthorizeWithSelectors featuregate.Feature = "AuthorizeWithSelectors"

	// owner: @serathius
	//
	// Replaces watch cache hashmap implementation with a btree based one, bringing performance improvements.
	BtreeWatchCache featuregate.Feature = "BtreeWatchCache"

	// owner: @benluddy
	// kep: https://kep.k8s.io/4222
	//
	// Enables CBOR as a supported encoding for requests and responses, and as the
	// preferred storage encoding for custom resources.
	CBORServingAndStorage featuregate.Feature = "CBORServingAndStorage"

	// owner: @serathius
	// Enables concurrent watch object decoding to avoid starving watch cache when conversion webhook is installed.
	ConcurrentWatchObjectDecode featuregate.Feature = "ConcurrentWatchObjectDecode"

	// owner: @serathius
	// kep: http://kep.k8s.io/2340
	//
	// Allow the API server to serve consistent lists from cache
	ConsistentListFromCache featuregate.Feature = "ConsistentListFromCache"

	// owner: @enj @qiujian16
	// kep: https://kep.k8s.io/5284
	//
	// Enables impersonation that is constrained to specific requests instead of being all or nothing.
	ConstrainedImpersonation featuregate.Feature = "ConstrainedImpersonation"

	// owner: @jefftree
	// kep: https://kep.k8s.io/4355
	//
	// Enables coordinated leader election in the API server
	CoordinatedLeaderElection featuregate.Feature = "CoordinatedLeaderElection"

	// owner: @jpbetz @aaron-prindle @yongruilin
	// kep: http://kep.k8s.io/5073
	// beta: v1.33
	//
	// Enables running declarative validation of APIs, where declared. When enabled, APIs with
	// declarative validation rules will validate objects using the generated
	// declarative validation code and compare the results to the regular imperative validation.
	// See DeclarativeValidationBeta for more.
	DeclarativeValidation featuregate.Feature = "DeclarativeValidation"

	// owner: @jpbetz @aaron-prindle @yongruilin
	// kep: http://kep.k8s.io/5073
	// beta: v1.36
	//
	// This feature gate acts as the Global Safety Switch for Beta-stage validation rules (+k8s:beta).
	// It allows cluster admins to disable enforcement for validations in the Beta stage if
	// regressions are found, forcing them back to Shadow mode.
	// In Shadow mode, declarative validation is executed and mismatches against handwritten
	// validation are logged as metrics, but failures do not reject requests.
	// Handwritten validation remains authoritative and enforced.
	// Enforcement logic for resources using WithDeclarativeEnforcement():
	// - Standard tags (no prefix): Always Enforced (Bypasses this gate).
	// - Beta tags (+k8s:beta): Enforced when this gate is enabled (default), otherwise Shadowed.
	// - Alpha tags (+k8s:alpha): Always Shadowed.
	// This gate has no effect if the master DeclarativeValidation feature gate is disabled.
	DeclarativeValidationBeta featuregate.Feature = "DeclarativeValidationBeta"

	// owner: @jpbetz @aaron-prindle @yongruilin
	// kep: http://kep.k8s.io/5073
	// beta: v1.33
	//
	// Deprecated: in favor of DeclarativeValidationBeta.
	//
	// When enabled, declarative validation errors are returned directly to the caller,
	// replacing hand-written validation errors for rules that have declarative implementations.
	// When disabled, hand-written validation errors are always returned, effectively putting
	// declarative validation in a "shadow mode" that monitors but does not affect API responses.
	// Note: Although declarative validation aims for functional equivalence with hand-written validation,
	// the exact number, format, and content of error messages may differ between the two approaches.
	DeclarativeValidationTakeover featuregate.Feature = "DeclarativeValidationTakeover"

	// owner: @serathius
	// kep: https://kep.k8s.io/4988
	//
	// Enabled cache inconsistency detection.
	DetectCacheInconsistency featuregate.Feature = "DetectCacheInconsistency"

	// owner: @aramase
	// kep: https://kep.k8s.io/3299
	// deprecated: v1.28
	//
	// Enables KMS v1 API for encryption at rest.
	KMSv1 featuregate.Feature = "KMSv1"

	// owner: @serathius
	// kep: https://kep.k8s.io/4988
	//
	// Enables generating snapshots of watch cache store and using them to serve LIST requests.
	ListFromCacheSnapshot featuregate.Feature = "ListFromCacheSnapshot"

	// owner: @aramase @BenTheElder
	// kep: https://kep.k8s.io/5793
	//
	// Enables manifest-based admission control configuration for webhooks and policies.
	// When enabled, admission webhooks and policies can be loaded from
	// manifest files on disk at API server startup, providing bootstrap-time enforcement
	// and protection against API-based modification.
	ManifestBasedAdmissionControlConfig featuregate.Feature = "ManifestBasedAdmissionControlConfig"

	// owner: @alexzielenski, @cici37, @jiahuif, @jpbetz
	// kep: https://kep.k8s.io/3962
	//
	// Enables the MutatingAdmissionPolicy in Admission Chain
	MutatingAdmissionPolicy featuregate.Feature = "MutatingAdmissionPolicy"

	// owner: @jiahuif
	// kep: https://kep.k8s.io/2887
	//
	// Enables populating "enum" field of OpenAPI schemas
	// in the spec returned from kube-apiserver.
	OpenAPIEnums featuregate.Feature = "OpenAPIEnums"

	// owner: @stlaz
	//
	// Enable kube-apiserver to accept UIDs via request header authentication.
	// This will also make the kube-apiserver's API aggregator add UIDs via standard
	// headers when forwarding requests to the servers serving the aggregated API.
	RemoteRequestHeaderUID featuregate.Feature = "RemoteRequestHeaderUID"

	// owner: @wojtek-t
	//
	// Enables resilient watchcache initialization to avoid controlplane
	// overload.
	ResilientWatchCacheInitialization featuregate.Feature = "ResilientWatchCacheInitialization"

	// owner: @jpbetz
	// Resource create requests using generateName are retried automatically by the apiserver
	// if the generated name conflicts with an existing resource name, up to a maximum number of 7 retries.
	RetryGenerateName featuregate.Feature = "RetryGenerateName"

	// owner: @cici37
	//
	// Allow watch cache to create a watch on a dedicated RPC.
	// This prevents watch cache from being starved by other watches.
	SeparateCacheWatchRPC featuregate.Feature = "SeparateCacheWatchRPC"

	// owner: @jefftree
	// kep: https://kep.k8s.io/5866
	//
	// Enables the shard selector parameter on List/Watch requests,
	// allowing clients to receive a filtered subset of objects based
	// on hash ranges of metadata fields (e.g. UID).
	ShardedListAndWatch featuregate.Feature = "ShardedListAndWatch"

	// owner: @serathius
	//
	// Enables APF to use size of objects for estimating request cost.
	SizeBasedListCostEstimate featuregate.Feature = "SizeBasedListCostEstimate"

	// owner: @caesarxuchao @roycaihw
	//
	// Enable the storage version API.
	StorageVersionAPI featuregate.Feature = "StorageVersionAPI"

	// owner: @caesarxuchao
	//
	// Allow apiservers to expose the storage version hash in the discovery
	// document.
	StorageVersionHash featuregate.Feature = "StorageVersionHash"

	// owner: @serathius
	// Allow API server JSON encoder to encode collections item by item, instead of all at once.
	StreamingCollectionEncodingToJSON featuregate.Feature = "StreamingCollectionEncodingToJSON"

	// owner: @serathius
	// Allow API server Protobuf encoder to encode collections item by item, instead of all at once.
	StreamingCollectionEncodingToProtobuf featuregate.Feature = "StreamingCollectionEncodingToProtobuf"

	// owner: @aramase, @enj, @nabokihms
	// kep: https://kep.k8s.io/3331
	//
	// Enables Structured Authentication Configuration
	StructuredAuthenticationConfiguration featuregate.Feature = "StructuredAuthenticationConfiguration"

	// owner: @aramase, @enj, @nabokihms
	// kep: https://kep.k8s.io/3331
	//
	// Enables Egress Selector in Structured Authentication Configuration
	StructuredAuthenticationConfigurationEgressSelector featuregate.Feature = "StructuredAuthenticationConfigurationEgressSelector"

	// owner: @aramase, @enj, @nabokihms
	// kep: https://kep.k8s.io/3331
	//
	// Enables JWKs metrics for Structured Authentication Configuration
	StructuredAuthenticationConfigurationJWKSMetrics featuregate.Feature = "StructuredAuthenticationConfigurationJWKSMetrics"

	// owner: @aramase
	//
	// Enables validation of service account UID in TokenRequest API.
	//
	// This feature gate is used to ensure that the UID provided in the TokenRequest
	// matches the UID of the service account for which the token is being requested.
	// It helps prevent misuse of the TokenRequest API by ensuring that tokens are only
	// issued for the correct service account.
	TokenRequestServiceAccountUIDValidation featuregate.Feature = "TokenRequestServiceAccountUIDValidation"

	// owner: @enj
	//
	// Enables http2 DOS mitigations for unauthenticated clients.
	//
	// Some known reasons to disable these mitigations:
	//
	// An API server that is fronted by an L7 load balancer that is set up
	// to mitigate http2 attacks may opt to disable this protection to prevent
	// unauthenticated clients from disabling connection reuse between the load
	// balancer and the API server (many incoming connections could share the
	// same backend connection).
	//
	// An API server that is on a private network may opt to disable this
	// protection to prevent performance regressions for unauthenticated
	// clients.
	UnauthenticatedHTTP2DOSMitigation featuregate.Feature = "UnauthenticatedHTTP2DOSMitigation"

	// owner: @richabanker
	//
	// Proxies client to an apiserver capable of serving the request in the event of version skew.
	UnknownVersionInteroperabilityProxy featuregate.Feature = "UnknownVersionInteroperabilityProxy"

	// owner: @wojtek-t
	//
	// Enables post-start-hook for storage readiness
	WatchCacheInitializationPostStartHook featuregate.Feature = "WatchCacheInitializationPostStartHook"

	// owner: @p0lyn0mial
	//
	// Allow the API server to stream individual items instead of chunking
	WatchList featuregate.Feature = "WatchList"
)