The Kubernetes API is a resource-based (RESTful) programmatic interface provided via HTTP. It supports retrieving, creating, updating, and deleting primary resources via the standard HTTP verbs (POST, PUT, PATCH, DELETE, GET). For some resources, the API includes additional subresources that allow fine-grained authorization (such as separate views for Pod details and log retrievals), and can accept and serve those resources in different representations for convenience or efficiency. Kubernetes supports efficient change notifications on resources via watches: in the Kubernetes API, watch is a verb that is used to track changes to an object in Kubernetes as a stream.

Synopsis Create a NodePort service with the specified name. kubectl create service nodeport NAME [--tcp=port:targetPort] [--dry-run=server|client|none] Examples # Create a new NodePort service named my-ns kubectl create service nodeport my-ns --tcp=5678:8080 Options --allow-missing-template-keys     Default: true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. --dry-run string[="unchanged"]     Default: "none" Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it.

Synopsis Experimental: Check who you are and your attributes (groups, extra). This command is helpful to get yourself aware of the current user attributes, especially when dynamic authentication, e.g., token webhook, auth proxy, or OIDC provider, is enabled in the Kubernetes cluster. kubectl auth whoami Examples # Get your subject attributes kubectl auth whoami # Get your subject attributes in JSON format kubectl auth whoami -o json Options --allow-missing-template-keys     Default: true If true, ignore any errors in templates when a field or map key is missing in the template.

Synopsis Create a job with the specified name. kubectl create job NAME --image=image [--from=cronjob/name] -- [COMMAND] [args...] Examples # Create a job kubectl create job my-job --image=busybox # Create a job with a command kubectl create job my-job --image=busybox -- date # Create a job from a cron job named "a-cronjob" kubectl create job test-job --from=cronjob/a-cronjob Options --allow-missing-template-keys     Default: true If true, ignore any errors in templates when a field or map key is missing in the template.

kubectl is the Kubernetes cli version of a swiss army knife, and can do many things. While this Book is focused on using kubectl to declaratively manage applications in Kubernetes, it also covers other kubectl functions. Command Families Most kubectl commands typically fall into one of a few categories: Type Used For Description Declarative Resource Management Deployment and operations (e.g. GitOps) Declaratively manage Kubernetes workloads using resource configuration Imperative Resource Management Development Only Run commands to manage Kubernetes workloads using Command Line arguments and flags Printing Workload State Debugging Print information about workloads Interacting with Containers Debugging Exec, attach, cp, logs Cluster Management Cluster operations Drain and cordon Nodes Declarative Application Management The preferred approach for managing resources is through declarative files called resource configuration used with the kubectl Apply command.

Synopsis Manage user preferences (kuberc) file. The kuberc file allows you to customize your kubectl experience. kubectl alpha kuberc SUBCOMMAND Examples # View the current kuberc configuration kubectl alpha kuberc view # Set a default value for a command flag kubectl alpha kuberc set --section defaults --command get --option output=wide # Create an alias for a command kubectl alpha kuberc set --section aliases --name getn --command get --prependarg nodes --option output=wide Options -h, --help help for kuberc

This page demonstrates how can you run Pods on only some Nodes as part of a DaemonSet Before you begin You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. It is recommended to run this tutorial on a cluster with at least two nodes that are not acting as control plane hosts. If you do not already have a cluster, you can create one by using minikube or you can use one of these Kubernetes playgrounds:

Production-Grade Container Orchestration

FEATURE STATE: Kubernetes v1.31 [stable](enabled by default) This page shows you how to load AppArmor profiles on your nodes and enforce those profiles in Pods. To learn more about how Kubernetes can confine Pods using AppArmor, see Linux kernel security constraints for Pods and containers. Objectives See an example of how to load a profile on a Node Learn how to enforce the profile on a Pod Learn how to check that the profile is loaded See what happens when a profile is violated See what happens when a profile cannot be loaded Before you begin AppArmor is an optional kernel module and Kubernetes feature, so verify it is supported on your Nodes before proceeding:

Production-Grade Container Orchestration