A container image represents binary data that encapsulates an application and all its software dependencies. Container images are executable software bundles that can run standalone and that make very well-defined assumptions about their runtime environment. You typically create a container image of your application and push it to a registry before referring to it in a Pod. This page provides an outline of the container image concept. Note:If you are looking for the container images for a Kubernetes release (such as v1.

This page describes the lifecycle of a Pod. Pods follow a defined lifecycle, starting in the Pending phase, moving through Running if at least one of its primary containers starts OK, and then through either the Succeeded or Failed phases depending on whether any container in the Pod terminated in failure. Like individual application containers, Pods are considered to be relatively ephemeral (rather than durable) entities. Pods are created, assigned a unique ID (UID), and scheduled to run on nodes where they remain until termination (according to restart policy) or deletion.

Kubernetes namespaces help different projects, teams, or customers to share a Kubernetes cluster. It does this by providing the following: A scope for Names. A mechanism to attach authorization and policy to a subsection of the cluster. Use of multiple namespaces is optional. This example demonstrates how to use Kubernetes namespaces to subdivide your cluster. Before you begin You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster.

This page shows how to run a replicated stateful application using a StatefulSet. This application is a replicated MySQL database. The example topology has a single primary server and multiple replicas, using asynchronous row-based replication. Note:This is not a production configuration. MySQL settings remain on insecure defaults to keep the focus on general patterns for running stateful applications in Kubernetes. Before you begin You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster.

FEATURE STATE: Kubernetes v1.19 [stable] Seccomp stands for secure computing mode and has been a feature of the Linux kernel since version 2.6.12. It can be used to sandbox the privileges of a process, restricting the calls it is able to make from userspace into the kernel. Kubernetes lets you automatically apply seccomp profiles loaded onto a node to your Pods and containers. Identifying the privileges required for your workloads can be difficult.

Package v1beta1 is the v1beta1 version of the API. Resource Types AuthenticationConfiguration AuthorizationConfiguration EgressSelectorConfiguration TracingConfiguration TracingConfiguration Appears in: KubeletConfiguration TracingConfiguration TracingConfiguration TracingConfiguration provides versioned configuration for OpenTelemetry tracing clients. FieldDescription endpoint string Endpoint of the collector this component will report traces to. The connection is insecure, and does not currently support TLS. Recommended is unset, and endpoint is the otlp grpc default, localhost:4317. samplingRatePerMillion int32 SamplingRatePerMillion is the number of samples to collect per million spans.

This document shares how to validate IPv4/IPv6 dual-stack enabled Kubernetes clusters. Before you begin Provider support for dual-stack networking (Cloud provider or otherwise must be able to provide Kubernetes nodes with routable IPv4/IPv6 network interfaces) A network plugin that supports dual-stack networking. Dual-stack enabled cluster Your Kubernetes server must be at or later than version v1.23. To check the version, enter kubectl version. Note:While you can validate with an earlier version, the feature is only GA and officially supported since v1.

This page explains how to add versioning information to CustomResourceDefinitions, to indicate the stability level of your CustomResourceDefinitions or advance your API to a new version with conversion between API representations. It also describes how to upgrade an object from one version to another. Before you begin You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. It is recommended to run this tutorial on a cluster with at least two nodes that are not acting as control plane hosts.

This page shows how to perform a rolling update on a DaemonSet. Before you begin You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. It is recommended to run this tutorial on a cluster with at least two nodes that are not acting as control plane hosts. If you do not already have a cluster, you can create one by using minikube or you can use one of these Kubernetes playgrounds:

FEATURE STATE: Kubernetes v1.18 [stable] This page shows how to configure Group Managed Service Accounts (GMSA) for Pods and containers that will run on Windows nodes. Group Managed Service Accounts are a specific type of Active Directory account that provides automatic password management, simplified service principal name (SPN) management, and the ability to delegate the management to other administrators across multiple servers. In Kubernetes, GMSA credential specs are configured at a Kubernetes cluster-wide scope as Custom Resources.