diff --git a/build/root/Makefile b/build/root/Makefile
index f463cd96f99cc..73f586903cd36 100644
--- a/build/root/Makefile
+++ b/build/root/Makefile
@@ -39,6 +39,8 @@ PRINT_HELP ?=
 WHAT ?=
 TESTS ?=
 BRANCH ?=
+TAGS ?=
+GO_BUILD_FLAGS := $(if ${TAGS},-tags=${TAGS},)
 
 # We don't need make's built-in rules.
 MAKEFLAGS += --no-builtin-rules
@@ -61,6 +63,11 @@ $(error Both KUBE_GOFLAGS and GOFLAGS are set. Please use just GOFLAGS)
 endif
 endif
 
+# Add build tags to GOFLAGS
+ifneq ($(TAGS),)
+GOFLAGS := $(GOFLAGS) $(GO_BUILD_FLAGS)
+endif
+
 # This controls the verbosity of the build.  Higher numbers mean more output.
 KUBE_VERBOSE ?= 1
 
diff --git a/openshift-hack/images/hyperkube/Dockerfile.rhel b/openshift-hack/images/hyperkube/Dockerfile.rhel
index 331cc88d99b81..9381d78caccec 100644
--- a/openshift-hack/images/hyperkube/Dockerfile.rhel
+++ b/openshift-hack/images/hyperkube/Dockerfile.rhel
@@ -1,7 +1,8 @@
 FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.24-openshift-4.20 AS builder
+ARG TAGS=""
 WORKDIR /go/src/k8s.io/kubernetes
 COPY . .
-RUN make WHAT='cmd/kube-apiserver cmd/kube-controller-manager cmd/kube-scheduler cmd/kubelet cmd/watch-termination openshift-hack/cmd/k8s-tests-ext' && \
+RUN make TAGS="${TAGS}" WHAT='cmd/kube-apiserver cmd/kube-controller-manager cmd/kube-scheduler cmd/kubelet cmd/watch-termination openshift-hack/cmd/k8s-tests-ext' && \
     mkdir -p /tmp/build && \
     cp openshift-hack/images/hyperkube/hyperkube openshift-hack/images/hyperkube/kubensenter /tmp/build && \
     cp /go/src/k8s.io/kubernetes/_output/local/bin/linux/$(go env GOARCH)/{kube-apiserver,kube-controller-manager,kube-scheduler,kubelet,watch-termination,k8s-tests-ext} \
@@ -14,4 +15,4 @@ COPY --from=builder /tmp/build/* /usr/bin/
 LABEL io.k8s.display-name="OpenShift Kubernetes Server Commands" \
       io.k8s.description="OpenShift is a platform for developing, building, and deploying containerized applications." \
       io.openshift.tags="openshift,hyperkube" \
-      io.openshift.build.versions="kubernetes=1.33.3"
\ No newline at end of file
+      io.openshift.build.versions="kubernetes=1.33.3"
diff --git a/openshift-kube-apiserver/admission/customresourcevalidation/features/validate_features.go b/openshift-kube-apiserver/admission/customresourcevalidation/features/validate_features.go
index fb3c07f3ff6e3..bb3b705b35015 100644
--- a/openshift-kube-apiserver/admission/customresourcevalidation/features/validate_features.go
+++ b/openshift-kube-apiserver/admission/customresourcevalidation/features/validate_features.go
@@ -13,6 +13,7 @@ import (
 
 	configv1 "github.com/openshift/api/config/v1"
 	"k8s.io/kubernetes/openshift-kube-apiserver/admission/customresourcevalidation"
+	"k8s.io/kubernetes/openshift-kube-apiserver/version"
 )
 
 const PluginName = "config.openshift.io/ValidateFeatureGate"
@@ -50,6 +51,15 @@ func toFeatureGateV1(uncastObj runtime.Object) (*configv1.FeatureGate, field.Err
 type featureGateV1 struct {
 }
 
+func validateOKDFeatureSet(spec configv1.FeatureGateSpec) field.ErrorList {
+	allErrs := field.ErrorList{}
+	if spec.FeatureSet == configv1.OKD && !version.IsSCOS() {
+		allErrs = append(allErrs, field.Forbidden(field.NewPath("spec.featureSet"), "OKD featureset is not supported on OpenShift clusters"))
+	}
+
+	return allErrs
+}
+
 func (featureGateV1) ValidateCreate(_ context.Context, uncastObj runtime.Object) field.ErrorList {
 	obj, allErrs := toFeatureGateV1(uncastObj)
 	if len(allErrs) > 0 {
@@ -57,7 +67,7 @@ func (featureGateV1) ValidateCreate(_ context.Context, uncastObj runtime.Object)
 	}
 
 	allErrs = append(allErrs, validation.ValidateObjectMeta(&obj.ObjectMeta, false, customresourcevalidation.RequireNameCluster, field.NewPath("metadata"))...)
-
+	allErrs = append(allErrs, validateOKDFeatureSet(obj.Spec)...)
 	return allErrs
 }
 
@@ -72,6 +82,7 @@ func (featureGateV1) ValidateUpdate(_ context.Context, uncastObj runtime.Object,
 	}
 
 	allErrs = append(allErrs, validation.ValidateObjectMetaUpdate(&obj.ObjectMeta, &oldObj.ObjectMeta, field.NewPath("metadata"))...)
+	allErrs = append(allErrs, validateOKDFeatureSet(obj.Spec)...)
 
 	return allErrs
 }
diff --git a/openshift-kube-apiserver/version/scos.go b/openshift-kube-apiserver/version/scos.go
new file mode 100644
index 0000000000000..0bdba634cd42e
--- /dev/null
+++ b/openshift-kube-apiserver/version/scos.go
@@ -0,0 +1,7 @@
+//go:build scos
+
+package version
+
+func init() {
+	SCOS = true
+}
\ No newline at end of file
diff --git a/openshift-kube-apiserver/version/version.go b/openshift-kube-apiserver/version/version.go
new file mode 100644
index 0000000000000..b09dd5665b8ef
--- /dev/null
+++ b/openshift-kube-apiserver/version/version.go
@@ -0,0 +1,11 @@
+package version
+
+var (
+	// SCOS is a setting to enable CentOS Stream CoreOS-only modifications
+	SCOS = false
+)
+
+// IsSCOS returns true if CentOS Stream CoreOS-only modifications are enabled
+func IsSCOS() bool {
+	return SCOS
+}
\ No newline at end of file
diff --git a/vendor/github.com/openshift/api/config/v1/types_feature.go b/vendor/github.com/openshift/api/config/v1/types_feature.go
index 169e29c5c5bff..552631e203437 100644
--- a/vendor/github.com/openshift/api/config/v1/types_feature.go
+++ b/vendor/github.com/openshift/api/config/v1/types_feature.go
@@ -53,8 +53,12 @@ var (
 	// your cluster may fail in an unrecoverable way.
 	CustomNoUpgrade FeatureSet = "CustomNoUpgrade"
 
+	// OKD turns on features for OKD. Turning this feature set ON is supported for OKD clusters, but NOT for OpenShift clusters
+	// this feature set on CANNOT BE UNDONE for OKD clusters and when enabled on OpenShift clusters it PREVENTS UPGRADES.
+	OKD FeatureSet = "OKD"
+
 	// AllFixedFeatureSets are the featuresets that have known featuregates.  Custom doesn't for instance.  LatencySensitive is dead
-	AllFixedFeatureSets = []FeatureSet{Default, TechPreviewNoUpgrade, DevPreviewNoUpgrade}
+	AllFixedFeatureSets = []FeatureSet{Default, TechPreviewNoUpgrade, DevPreviewNoUpgrade, OKD}
 )
 
 type FeatureGateSpec struct {
@@ -67,10 +71,11 @@ type FeatureGateSelection struct {
 	// Turning on or off features may cause irreversible changes in your cluster which cannot be undone.
 	// +unionDiscriminator
 	// +optional
-	// +kubebuilder:validation:Enum=CustomNoUpgrade;DevPreviewNoUpgrade;TechPreviewNoUpgrade;""
+	// +kubebuilder:validation:Enum=CustomNoUpgrade;DevPreviewNoUpgrade;TechPreviewNoUpgrade;OKD;""
 	// +kubebuilder:validation:XValidation:rule="oldSelf == 'CustomNoUpgrade' ? self == 'CustomNoUpgrade' : true",message="CustomNoUpgrade may not be changed"
 	// +kubebuilder:validation:XValidation:rule="oldSelf == 'TechPreviewNoUpgrade' ? self == 'TechPreviewNoUpgrade' : true",message="TechPreviewNoUpgrade may not be changed"
 	// +kubebuilder:validation:XValidation:rule="oldSelf == 'DevPreviewNoUpgrade' ? self == 'DevPreviewNoUpgrade' : true",message="DevPreviewNoUpgrade may not be changed"
+	// +kubebuilder:validation:XValidation:rule="oldSelf == 'OKD' ? self == 'OKD' : true",message="OKD may not be changed"
 	FeatureSet FeatureSet `json:"featureSet,omitempty"`
 
 	// customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES.