This page covers advanced Pod configuration topics including PriorityClasses, RuntimeClasses, security context within Pods, and introduces aspects of scheduling. PriorityClasses PriorityClasses allow you to set the importance of Pods relative to other Pods. If you assign a priority class to a Pod, Kubernetes sets the .spec.priority field for that Pod based on the PriorityClass you specified (you cannot set .spec.priority directly). If or when a Pod cannot be scheduled, and the problem is due to a lack of resources, the kube-scheduler tries to preempt lower priority Pods, in order to make scheduling of the higher priority Pod possible.

This page shows how to use Romana for NetworkPolicy. Before you begin Complete steps 1, 2, and 3 of the kubeadm getting started guide. Installing Romana with kubeadm Follow the containerized installation guide for kubeadm. Applying network policies To apply network policies use one of the following: Romana network policies. Example of Romana network policy. The NetworkPolicy API. What's next Once you have installed Romana, you can follow the Declare Network Policy to try out Kubernetes NetworkPolicy.

Note: This section links to third party projects that provide functionality required by Kubernetes. The Kubernetes project authors aren't responsible for these projects, which are listed alphabetically. To add a project to this list, read the content guide before submitting a change. More information. Add-ons extend the functionality of Kubernetes. This page lists some of the available add-ons and links to their respective installation instructions. The list does not try to be exhaustive.

Operators are software extensions to Kubernetes that make use of custom resources to manage applications and their components. Operators follow Kubernetes principles, notably the control loop. Motivation The operator pattern aims to capture the key aim of a human operator who is managing a service or set of services. Human operators who look after specific applications and services have deep knowledge of how the system ought to behave, how to deploy it, and how to react if there are problems.

FEATURE STATE: Kubernetes v1.30 [stable] Pods were considered ready for scheduling once created. Kubernetes scheduler does its due diligence to find nodes to place all pending Pods. However, in a real-world case, some Pods may stay in a "miss-essential-resources" state for a long period. These Pods actually churn the scheduler (and downstream integrators like Cluster AutoScaler) in an unnecessary manner. By specifying/removing a Pod's .spec.schedulingGates, you can control when a Pod is ready to be considered for scheduling.

The aggregation layer allows Kubernetes to be extended with additional APIs, beyond what is offered by the core Kubernetes APIs. The additional APIs can either be ready-made solutions such as a metrics server, or APIs that you develop yourself. The aggregation layer is different from Custom Resource Definitions, which are a way to make the kube-apiserver recognise new kinds of object. Aggregation layer The aggregation layer runs in-process with the kube-apiserver.

This page shows a couple of quick ways to create a Calico cluster on Kubernetes. Before you begin Decide whether you want to deploy a cloud or local cluster. Creating a Calico cluster with Google Kubernetes Engine (GKE) Prerequisite: gcloud. To launch a GKE cluster with Calico, include the --enable-network-policy flag. Syntax gcloud container clusters create [CLUSTER_NAME] --enable-network-policy Example gcloud container clusters create my-calico-cluster --enable-network-policy To verify the deployment, use the following command.

FEATURE STATE: Kubernetes v1.26 [stable] Kubernetes keeps many aspects of how pods execute on nodes abstracted from the user. This is by design. However, some workloads require stronger guarantees in terms of latency and/or performance in order to operate acceptably. The kubelet provides methods to enable more complex workload placement policies while keeping the abstraction free from explicit placement directives. For detailed information on resource management, please refer to the Resource Management for Pods and Containers documentation.

FEATURE STATE: Kubernetes v1.32 [stable](enabled by default) The Kubernetes Memory Manager enables the feature of guaranteed memory (and hugepages) allocation for pods in the Guaranteed QoS class. The Memory Manager employs a hint generation protocol to yield the most suitable NUMA affinity for a pod. The Memory Manager feeds the central manager (Topology Manager) with these affinity hints. Based on both the hints and Topology Manager policy, the pod is rejected or admitted to the node.

Lower-level detail relevant to creating or administering a Kubernetes cluster.