diff --git a/features.md b/features.md
index fd8d9fa77df..025ed84f94f 100644
--- a/features.md
+++ b/features.md
@@ -40,6 +40,7 @@
| DNSNameResolver| | | Enabled | Enabled | | | Enabled | Enabled |
| DualReplica| | | Enabled | Enabled | | | Enabled | Enabled |
| DyanmicServiceEndpointIBMCloud| | | Enabled | Enabled | | | Enabled | Enabled |
+| EVPN| | | Enabled | Enabled | | | Enabled | Enabled |
| EtcdBackendQuota| | | Enabled | Enabled | | | Enabled | Enabled |
| EventTTL| | | Enabled | Enabled | | | Enabled | Enabled |
| Example| | | Enabled | Enabled | | | Enabled | Enabled |
diff --git a/features/features.go b/features/features.go
index 9159b43d346..289cf106bdc 100644
--- a/features/features.go
+++ b/features/features.go
@@ -211,6 +211,14 @@ var (
enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade).
mustRegister()
+ FeatureGateEVPN = newFeatureGate("EVPN").
+ reportProblemsToJiraComponent("Networking/ovn-kubernetes").
+ contactPerson("jcaamano").
+ productScope(ocpSpecific).
+ enhancementPR("https://github.com/openshift/enhancements/pull/1862").
+ enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade).
+ mustRegister()
+
FeatureGateNetworkLiveMigration = newFeatureGate("NetworkLiveMigration").
reportProblemsToJiraComponent("Networking/ovn-kubernetes").
contactPerson("pliu").
diff --git a/openapi/openapi.json b/openapi/openapi.json
index 97afd57f431..b605ecd869b 100644
--- a/openapi/openapi.json
+++ b/openapi/openapi.json
@@ -4572,6 +4572,19 @@
}
}
},
+ "com.github.openshift.api.config.v1.AcceptRisk": {
+ "description": "AcceptRisk represents a risk that is considered acceptable.",
+ "type": "object",
+ "required": [
+ "name"
+ ],
+ "properties": {
+ "name": {
+ "description": "name is the name of the acceptable risk. It must be a non-empty string and must not exceed 256 characters.",
+ "type": "string"
+ }
+ }
+ },
"com.github.openshift.api.config.v1.AdmissionConfig": {
"type": "object",
"properties": {
@@ -5859,6 +5872,18 @@
"default": {},
"$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterVersionCapabilitiesStatus"
},
+ "conditionalUpdateRisks": {
+ "description": "conditionalUpdateRisks contains the list of risks associated with conditionalUpdates. When performing a conditional update, all its associated risks will be compared with the set of accepted risks in the spec.desiredUpdate.acceptRisks field. If all risks for a conditional update are included in the spec.desiredUpdate.acceptRisks set, the conditional update can proceed, otherwise it is blocked. The risk names in the list must be unique. conditionalUpdateRisks must not contain more than 500 entries.",
+ "type": "array",
+ "items": {
+ "default": {},
+ "$ref": "#/definitions/com.github.openshift.api.config.v1.ConditionalUpdateRisk"
+ },
+ "x-kubernetes-list-map-keys": [
+ "name"
+ ],
+ "x-kubernetes-list-type": "map"
+ },
"conditionalUpdates": {
"description": "conditionalUpdates contains the list of updates that may be recommended for this cluster if it meets specific required conditions. Consumers interested in the set of updates that are actually recommended for this cluster should use availableUpdates. This list may be empty if no updates are recommended, if the update service is unavailable, or if an empty or invalid channel has been specified.",
"type": "array",
@@ -6066,6 +6091,15 @@
"default": {},
"$ref": "#/definitions/com.github.openshift.api.config.v1.Release"
},
+ "riskNames": {
+ "description": "riskNames represents the set of the names of conditionalUpdateRisks that are relevant to this update for some clusters. The Applies condition of each conditionalUpdateRisks entry declares if that risk applies to this cluster. A conditional update is accepted only if each of its risks either does not apply to the cluster or is considered acceptable by the cluster administrator. The latter means that the risk names are included in value of the spec.desiredUpdate.acceptRisks field. Entries must be unique and must not exceed 256 characters. riskNames must not contain more than 500 entries.",
+ "type": "array",
+ "items": {
+ "type": "string",
+ "default": ""
+ },
+ "x-kubernetes-list-type": "set"
+ },
"risks": {
"description": "risks represents the range of issues associated with updating to the target release. The cluster-version operator will evaluate all entries, and only recommend the update if there is at least one entry and all entries recommend the update.",
"type": "array",
@@ -6092,6 +6126,18 @@
"matchingRules"
],
"properties": {
+ "conditions": {
+ "description": "conditions represents the observations of the conditional update risk's current status. Known types are: * Applies, for whether the risk applies to the current cluster. The condition's types in the list must be unique. conditions must not contain more than one entry.",
+ "type": "array",
+ "items": {
+ "default": {},
+ "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition"
+ },
+ "x-kubernetes-list-map-keys": [
+ "type"
+ ],
+ "x-kubernetes-list-type": "map"
+ },
"matchingRules": {
"description": "matchingRules is a slice of conditions for deciding which clusters match the risk and which do not. The slice is ordered by decreasing precedence. The cluster-version operator will walk the slice in order, and stop after the first it can successfully evaluate. If no condition can be successfully evaluated, the update will not be recommended.",
"type": "array",
@@ -6302,7 +6348,7 @@
"x-kubernetes-list-type": "atomic"
},
"minTLSVersion": {
- "description": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12",
+ "description": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11",
"type": "string",
"default": ""
}
@@ -8488,7 +8534,7 @@
}
},
"com.github.openshift.api.config.v1.IntermediateTLSProfile": {
- "description": "IntermediateTLSProfile is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29",
+ "description": "IntermediateTLSProfile is a TLS security profile based on the \"intermediate\" configuration of the Mozilla Server Side TLS configuration guidelines.",
"type": "object"
},
"com.github.openshift.api.config.v1.KMSConfig": {
@@ -8766,7 +8812,7 @@
}
},
"com.github.openshift.api.config.v1.ModernTLSProfile": {
- "description": "ModernTLSProfile is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility",
+ "description": "ModernTLSProfile is a TLS security profile based on the \"modern\" configuration of the Mozilla Server Side TLS configuration guidelines.",
"type": "object"
},
"com.github.openshift.api.config.v1.NamedCertificate": {
@@ -9696,7 +9742,7 @@
}
},
"com.github.openshift.api.config.v1.OldTLSProfile": {
- "description": "OldTLSProfile is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility",
+ "description": "OldTLSProfile is a TLS security profile based on the \"old\" configuration of the Mozilla Server Side TLS configuration guidelines.",
"type": "object"
},
"com.github.openshift.api.config.v1.OpenIDClaims": {
@@ -11274,7 +11320,7 @@
"x-kubernetes-list-type": "atomic"
},
"minTLSVersion": {
- "description": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12",
+ "description": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11",
"type": "string",
"default": ""
}
@@ -11285,23 +11331,23 @@
"type": "object",
"properties": {
"custom": {
- "description": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this:\n\n ciphers:\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n minTLSVersion: VersionTLS11",
+ "description": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this:\n\n minTLSVersion: VersionTLS11\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256",
"$ref": "#/definitions/com.github.openshift.api.config.v1.CustomTLSProfile"
},
"intermediate": {
- "description": "intermediate is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n minTLSVersion: VersionTLS12",
+ "description": "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThe cipher list includes TLS 1.3 ciphers for forward compatibility, followed by the \"intermediate\" profile ciphers.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384",
"$ref": "#/definitions/com.github.openshift.api.config.v1.IntermediateTLSProfile"
},
"modern": {
- "description": "modern is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n minTLSVersion: VersionTLS13",
+ "description": "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256",
"$ref": "#/definitions/com.github.openshift.api.config.v1.ModernTLSProfile"
},
"old": {
- "description": "old is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n - DHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-ECDSA-AES128-SHA256\n\n - ECDHE-RSA-AES128-SHA256\n\n - ECDHE-ECDSA-AES128-SHA\n\n - ECDHE-RSA-AES128-SHA\n\n - ECDHE-ECDSA-AES256-SHA384\n\n - ECDHE-RSA-AES256-SHA384\n\n - ECDHE-ECDSA-AES256-SHA\n\n - ECDHE-RSA-AES256-SHA\n\n - DHE-RSA-AES128-SHA256\n\n - DHE-RSA-AES256-SHA256\n\n - AES128-GCM-SHA256\n\n - AES256-GCM-SHA384\n\n - AES128-SHA256\n\n - AES256-SHA256\n\n - AES128-SHA\n\n - AES256-SHA\n\n - DES-CBC3-SHA\n\n minTLSVersion: VersionTLS10",
+ "description": "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThe cipher list includes TLS 1.3 ciphers for forward compatibility, followed by the \"old\" profile ciphers.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n - DHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA384\n - ECDHE-RSA-AES256-SHA384\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - DHE-RSA-AES128-SHA256\n - DHE-RSA-AES256-SHA256\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES256-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA",
"$ref": "#/definitions/com.github.openshift.api.config.v1.OldTLSProfile"
},
"type": {
- "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.\n\nNote that the Modern profile is currently not supported because it is not yet well adopted by common software libraries.",
+ "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe profiles are currently based on version 5.0 of the Mozilla Server Side TLS configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.",
"type": "string",
"default": ""
}
@@ -11590,6 +11636,18 @@
"description": "Update represents an administrator update request.",
"type": "object",
"properties": {
+ "acceptRisks": {
+ "description": "acceptRisks is an optional set of names of conditional update risks that are considered acceptable. A conditional update is performed only if all of its risks are acceptable. This list may contain entries that apply to current, previous or future updates. The entries therefore may not map directly to a risk in .status.conditionalUpdateRisks. acceptRisks must not contain more than 1000 entries. Entries in this list must be unique.",
+ "type": "array",
+ "items": {
+ "default": {},
+ "$ref": "#/definitions/com.github.openshift.api.config.v1.AcceptRisk"
+ },
+ "x-kubernetes-list-map-keys": [
+ "name"
+ ],
+ "x-kubernetes-list-type": "map"
+ },
"architecture": {
"description": "architecture is an optional field that indicates the desired value of the cluster architecture. In this context cluster architecture means either a single architecture or a multi architecture. architecture can only be set to Multi thereby only allowing updates from single to multi architecture. If architecture is set, image cannot be set and version must be set. Valid values are 'Multi' and empty.",
"type": "string",
@@ -11624,7 +11682,7 @@
],
"properties": {
"acceptedRisks": {
- "description": "acceptedRisks records risks which were accepted to initiate the update. For example, it may menition an Upgradeable=False or missing signature that was overridden via desiredUpdate.force, or an update that was initiated despite not being in the availableUpdates set of recommended update targets.",
+ "description": "acceptedRisks records risks which were accepted to initiate the update. For example, it may mention an Upgradeable=False or missing signature that was overridden via desiredUpdate.force, or an update that was initiated despite not being in the availableUpdates set of recommended update targets.",
"type": "string"
},
"completionTime": {
@@ -28898,7 +28956,7 @@
],
"properties": {
"name": {
- "description": "name is the unique name of a capability. Available capabilities are LightspeedButton and GettingStartedBanner.",
+ "description": "name is the unique name of a capability. Available capabilities are LightspeedButton, GettingStartedBanner, and GuidedTour.",
"type": "string",
"default": ""
},
@@ -29547,7 +29605,7 @@
"type": "string"
},
"capabilities": {
- "description": "capabilities defines an array of capabilities that can be interacted with in the console UI. Each capability defines a visual state that can be interacted with the console to render in the UI. Available capabilities are LightspeedButton and GettingStartedBanner. Each of the available capabilities may appear only once in the list.",
+ "description": "capabilities defines an array of capabilities that can be interacted with in the console UI. Each capability defines a visual state that can be interacted with the console to render in the UI. Available capabilities are LightspeedButton, GettingStartedBanner, and GuidedTour. Each of the available capabilities may appear only once in the list.",
"type": "array",
"items": {
"default": {},
diff --git a/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml b/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml
index 7c831f39b99..7d4848e4b7e 100644
--- a/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml
+++ b/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml
@@ -93,6 +93,9 @@
{
"name": "DyanmicServiceEndpointIBMCloud"
},
+ {
+ "name": "EVPN"
+ },
{
"name": "EtcdBackendQuota"
},
diff --git a/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml
index 0180ee2e4fd..50c72c63428 100644
--- a/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml
+++ b/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml
@@ -151,6 +151,9 @@
{
"name": "DyanmicServiceEndpointIBMCloud"
},
+ {
+ "name": "EVPN"
+ },
{
"name": "EtcdBackendQuota"
},
diff --git a/payload-manifests/featuregates/featureGate-Hypershift-OKD.yaml b/payload-manifests/featuregates/featureGate-Hypershift-OKD.yaml
index 80f9000a062..9c3614fb3e7 100644
--- a/payload-manifests/featuregates/featureGate-Hypershift-OKD.yaml
+++ b/payload-manifests/featuregates/featureGate-Hypershift-OKD.yaml
@@ -95,6 +95,9 @@
{
"name": "DyanmicServiceEndpointIBMCloud"
},
+ {
+ "name": "EVPN"
+ },
{
"name": "EtcdBackendQuota"
},
diff --git a/payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml
index de223c5b24e..5f5307e948b 100644
--- a/payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml
+++ b/payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml
@@ -166,6 +166,9 @@
{
"name": "DyanmicServiceEndpointIBMCloud"
},
+ {
+ "name": "EVPN"
+ },
{
"name": "EtcdBackendQuota"
},
diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml
index 5e48eb924cb..997e2a65fe4 100644
--- a/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml
+++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml
@@ -93,6 +93,9 @@
{
"name": "DyanmicServiceEndpointIBMCloud"
},
+ {
+ "name": "EVPN"
+ },
{
"name": "EtcdBackendQuota"
},
diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml
index fa5a1c17eda..53a9fe42a7f 100644
--- a/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml
+++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml
@@ -136,6 +136,9 @@
{
"name": "DyanmicServiceEndpointIBMCloud"
},
+ {
+ "name": "EVPN"
+ },
{
"name": "EtcdBackendQuota"
},
diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-OKD.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-OKD.yaml
index 9b06e231e84..db9ddd9562a 100644
--- a/payload-manifests/featuregates/featureGate-SelfManagedHA-OKD.yaml
+++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-OKD.yaml
@@ -95,6 +95,9 @@
{
"name": "DyanmicServiceEndpointIBMCloud"
},
+ {
+ "name": "EVPN"
+ },
{
"name": "EtcdBackendQuota"
},
diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml
index 04916b1fdae..3fd201be1d8 100644
--- a/payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml
+++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml
@@ -151,6 +151,9 @@
{
"name": "DyanmicServiceEndpointIBMCloud"
},
+ {
+ "name": "EVPN"
+ },
{
"name": "EtcdBackendQuota"
},