Note: Dockershim has been removed from the Kubernetes project as of release 1.24. Read the Dockershim Removal FAQ for further details. You need to install a container runtime into each node in the cluster so that Pods can run there. This page outlines what is involved and describes related tasks for setting up nodes. Kubernetes 1.32 requires that you use a runtime that conforms with the Container Runtime Interface (CRI).

A DaemonSet defines Pods that provide node-local facilities. These might be fundamental to the operation of your cluster, such as a networking helper tool, or be part of an add-on.

A time-to-live mechanism to clean up old Jobs that have finished execution.

In Kubernetes, scheduling refers to making sure that Pods are matched to Nodes so that Kubelet can run them. Scheduling overview A scheduler watches for newly created Pods that have no Node assigned. For every Pod that the scheduler discovers, the scheduler becomes responsible for finding the best Node for that Pod to run on. The scheduler reaches this placement decision taking into account the scheduling principles described below.

This page provides an overview of available configuration options and best practices for cluster multi-tenancy. Sharing clusters saves costs and simplifies administration. However, sharing clusters also presents challenges such as security, fairness, and managing noisy neighbors. Clusters can be shared in many ways. In some cases, different applications may run in the same cluster. In other cases, multiple instances of the same application may run in the same cluster, one for each end user.

Learn about ServiceAccount objects in Kubernetes.

An overview of the Pod Security Admission Controller, which can enforce the Pod Security Standards.

Technology for packaging an application along with its runtime dependencies.

This page introduces Quality of Service (QoS) classes in Kubernetes, and explains how Kubernetes assigns a QoS class to each Pod as a consequence of the resource constraints that you specify for the containers in that Pod. Kubernetes relies on this classification to make decisions about which Pods to evict when there are not enough available resources on a Node. Quality of Service classes Kubernetes classifies the Pods that you run and allocates each Pod into a specific quality of service (QoS) class.

FEATURE STATE: Kubernetes v1.30 [beta] This page explains how user namespaces are used in Kubernetes pods. A user namespace isolates the user running inside the container from the one in the host. A process running as root in a container can run as a different (non-root) user in the host; in other words, the process has full privileges for operations inside the user namespace, but is unprivileged for operations outside the namespace.