Feature gates are a simple method to enable or disable a feature within a component or product.

With CNV's ever increasing footprint and attack-surface, having the ability to restrict a feature with greater granularity would allow an admin to respond to newly identified threats quickly and without a major disruption of service.

Expected limitations:

• Feature gates are a simple on/off switch, with cluster-wide impact.
• A feature cannot be disabled if any VM is utilizing the feature.

Scenario:
Feature A is enabled cluster-wide and not limited by any means. A security issue is discovered with feature A, but the admin requires this feature on a select group of VMs. Unable to restrict with granularity, the admin must disable the feature, however since there are many VMs utilizing the feature (some expected, some not), VM creation must be blocked and those VMs removed before the feature gate can be disabled. This causes service downtime that will affect the admin and all VM users.

Recommendation:
All new features should provide granular access control (namespace/role) allowing the admin to restrict features as desired with minimal impact to service. In the above scenario, the admin would be able to limit the feature to the VMs required and remove all other VMs that are in violation of this policy, all while new VMs not utilizing this feature may continue to be created.

Exceptions:
There should be minimal exceptions to this granular access control