Create a new feature gate to control the PKI configuration feature rollout.

Feature Gate Location

openshift/api/config/v1/feature_gates.go

Feature Gate Definition Must Include

1. Name: ConfigurablePKI
2. Jira Component: kube-apiserver (or Security - to be determined)
3. Contact: @jubittajohn, @sanchezl, @dinhxuanvu (enhancement authors)
4. Product Scope: Enables configuration of cryptographic parameters (algorithm, key size, elliptic curve) for certificates generated internally by OpenShift
5. Enablement Level: TechPreviewNoUpgrade (FeatureGateLevel 4) → TechPreview → Default → GA
6. Cluster Profile Restrictions: None
7. Documentation links: Enhancement PR and tracking issue

When Disabled

• PKI resource CRD still exists
• Operators ignore PKI resource
• All certificates use hardcoded platform defaults (RSA 2048)

When Enabled

• Operators watch and consume PKI resource
• Certificates generated with configured parameters
• Validation webhook active

Acceptance Criteria

• Feature gate registered in openshift/api/config/v1/feature_gates.go
• All required metadata fields populated
• Can be toggled via FeatureGate resource
• Operators can query feature gate state
• Documented in enhancement and godoc