Synopsis Deny a certificate signing request. kubectl certificate deny allows a cluster admin to deny a certificate signing request (CSR). This action tells a certificate signing controller to not to issue a certificate to the requester. kubectl certificate deny (-f FILENAME | NAME) Examples # Deny CSR 'csr-sqgzp' kubectl certificate deny csr-sqgzp Options --allow-missing-template-keys     Default: true If true, ignore any errors in templates when a field or map key is missing in the template.

Production-Grade Container Orchestration

This page contains an overview of the various feature gates an administrator can specify on different Kubernetes components. See feature stages for an explanation of the stages for a feature. Overview Feature gates are a set of key=value pairs that describe Kubernetes features. You can turn these features on or off using the --feature-gates command line flag on each Kubernetes component. Each Kubernetes component lets you enable or disable a set of feature gates that are relevant to that component.

This page shows you how to localize the docs for a different language. Contribute to an existing localization You can help add or improve the content of an existing localization. In Kubernetes Slack, you can find a channel for each localization. There is also a general SIG Docs Localizations Slack channel where you can say hello. Note:For extra details on how to contribute to a specific localization, look for a localized version of this page.

SIG Docs approvers take week-long shifts managing pull requests for the repository. This section covers the duties of a PR wrangler. For more information on giving good reviews, see Reviewing changes. Duties Each day in a week-long shift as PR Wrangler: Review open pull requests for quality and adherence to the Style and Content guides. Start with the smallest PRs (size/XS) first, and end with the largest (size/XXL). Review as many PRs as you can.

Production-Grade Container Orchestration

FEATURE STATE: Kubernetes v1.33 [beta] (enabled by default: true) This page explains how to change the CPU and memory resource requests and limits assigned to a container without recreating the Pod. Traditionally, changing a Pod's resource requirements necessitated deleting the existing Pod and creating a replacement, often managed by a workload controller. In-place Pod Resize allows changing the CPU/memory allocation of container(s) within a running Pod while potentially avoiding application disruption.

This page shows how to create an external load balancer. When creating a Service, you have the option of automatically creating a cloud load balancer. This provides an externally-accessible IP address that sends traffic to the correct port on your cluster nodes, provided your cluster runs in a supported environment and is configured with the correct cloud load balancer provider package. You can also use an Ingress in place of Service.

Kubernetes lets you use a public key infrastructure (PKI) to authenticate to your cluster as a client. A few steps are required in order to get a normal user to be able to authenticate and invoke an API. First, this user must have an X.509 certificate issued by an authority that your Kubernetes cluster trusts. The client must then present that certificate to the Kubernetes API. You use a CertificateSigningRequest as part of this process, and either you or some other principal must approve the request.

This tutorial shows you how to run a sample app on Kubernetes using minikube. The tutorial provides a container image that uses NGINX to echo back all the requests. Objectives Deploy a sample application to minikube. Run the app. View application logs. Before you begin This tutorial assumes that you have already set up minikube. See Step 1 in minikube start for installation instructions. Note:Only execute the instructions in Step 1, Installation.