FEATURE STATE: Kubernetes v1.19 [stable] Seccomp stands for secure computing mode and has been a feature of the Linux kernel since version 2.6.12. It can be used to sandbox the privileges of a process, restricting the calls it is able to make from userspace into the kernel. Kubernetes lets you automatically apply seccomp profiles loaded onto a node to your Pods and containers. Identifying the privileges required for your workloads can be difficult.

This document shares how to validate IPv4/IPv6 dual-stack enabled Kubernetes clusters. Before you begin Provider support for dual-stack networking (Cloud provider or otherwise must be able to provide Kubernetes nodes with routable IPv4/IPv6 network interfaces) A network plugin that supports dual-stack networking. Dual-stack enabled cluster Your Kubernetes server must be at or later than version v1.23. To check the version, enter kubectl version. Note:While you can validate with an earlier version, the feature is only GA and officially supported since v1.

Package v1beta1 is the v1beta1 version of the API. Resource Types AuthenticationConfiguration AuthorizationConfiguration EgressSelectorConfiguration TracingConfiguration TracingConfiguration Appears in: KubeletConfiguration TracingConfiguration TracingConfiguration TracingConfiguration provides versioned configuration for OpenTelemetry tracing clients. FieldDescription endpoint string Endpoint of the collector this component will report traces to. The connection is insecure, and does not currently support TLS. Recommended is unset, and endpoint is the otlp grpc default, localhost:4317. samplingRatePerMillion int32 SamplingRatePerMillion is the number of samples to collect per million spans.

Kubernetes namespaces help different projects, teams, or customers to share a Kubernetes cluster. It does this by providing the following: A scope for Names. A mechanism to attach authorization and policy to a subsection of the cluster. Use of multiple namespaces is optional. This example demonstrates how to use Kubernetes namespaces to subdivide your cluster. Before you begin You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster.

Jobs represent one-off tasks that run to completion and then stop.

A Deployment manages a set of Pods to run an application workload, usually one that doesn't maintain state.

Application logs can help you understand what is happening inside your application. The logs are particularly useful for debugging problems and monitoring cluster activity. Most modern applications have some kind of logging mechanism. Likewise, container engines are designed to support logging. The easiest and most adopted logging method for containerized applications is writing to standard output and standard error streams. However, the native functionality provided by a container engine or runtime is usually not enough for a complete logging solution.

Node-pressure eviction is the process by which the kubelet proactively terminates pods to reclaim resource on nodes. The kubelet monitors resources like memory, disk space, and filesystem inodes on your cluster's nodes. When one or more of these resources reach specific consumption levels, the kubelet can proactively fail one or more pods on the node to reclaim resources and prevent starvation. During a node-pressure eviction, the kubelet sets the phase for the selected pods to Failed, and terminates the Pod.

Recommendations for designing and deploying admission webhooks in Kubernetes.

Make your HTTP (or HTTPS) network service available using a protocol-aware configuration mechanism, that understands web concepts like URIs, hostnames, paths, and more. The Ingress concept lets you map traffic to different backends based on rules you define via the Kubernetes API.