A time-to-live mechanism to clean up old Jobs that have finished execution.

Field selectors let you select Kubernetes objects based on the value of one or more resource fields. Here are some examples of field selector queries: metadata.name=my-service metadata.namespace!=default status.phase=Pending This kubectl command selects all Pods for which the value of the status.phase field is Running: kubectl get pods --field-selector status.phase=Running Note:Field selectors are essentially resource filters. By default, no selectors/filters are applied, meaning that all resources of the specified type are selected.

This page provides an overview of best practices when it comes to enforcing Pod Security Standards. Using the built-in Pod Security Admission Controller FEATURE STATE: Kubernetes v1.25 [stable] The Pod Security Admission Controller intends to replace the deprecated PodSecurityPolicies. Configure all cluster namespaces Namespaces that lack any configuration at all should be considered significant gaps in your cluster security model. We recommend taking the time to analyze the types of workloads occurring in each namespace, and by referencing the Pod Security Standards, decide on an appropriate level for each of them.

A Deployment manages a set of Pods to run an application workload, usually one that doesn't maintain state.

Each object in your cluster has a Name that is unique for that type of resource. Every Kubernetes object also has a UID that is unique across your whole cluster. For example, you can only have one Pod named myapp-1234 within the same namespace, but you can have one Pod and one Deployment that are each named myapp-1234. For non-unique user-provided attributes, Kubernetes provides labels and annotations. Names A client-provided string that refers to an object in a resource URL, such as /api/v1/pods/some-name.

FEATURE STATE: Kubernetes v1.27 [beta] System component traces record the latency of and relationships between operations in the cluster. Kubernetes components emit traces using the OpenTelemetry Protocol with the gRPC exporter and can be collected and routed to tracing backends using an OpenTelemetry Collector. Trace Collection Kubernetes components have built-in gRPC exporters for OTLP to export traces, either with an OpenTelemetry Collector, or without an OpenTelemetry Collector. For a complete guide to collecting traces and using the collector, see Getting Started with the OpenTelemetry Collector.

Before you begin You must use a kubectl version that is within one minor version difference of your cluster. For example, a v1.34 client can communicate with v1.33, v1.34, and v1.35 control planes. Using the latest compatible version of kubectl helps avoid unforeseen issues. Install kubectl on Windows The following methods exist for installing kubectl on Windows: Install kubectl binary on Windows (via direct download or curl) Install on Windows using Chocolatey, Scoop, or winget Install kubectl binary on Windows (via direct download or curl) You have two options for installing kubectl on your Windows device

Kubernetes can be configured to use swap memory on a node, allowing the kernel to free up physical memory by swapping out pages to backing storage. This is useful for multiple use-cases. For example, nodes running workloads that can benefit from using swap, such as those that have large memory footprints but only access a portion of that memory at any given time. It also helps prevent Pods from being terminated during memory pressure spikes, shields nodes from system-level memory spikes that might compromise its stability, allows for more flexible memory management on the node, and much more.

Kubernetes objects are persistent entities in the Kubernetes system. Kubernetes uses these entities to represent the state of your cluster. Learn about the Kubernetes object model and how to work with these objects.

This document describes the concept of cloning existing CSI Volumes in Kubernetes. Familiarity with Volumes is suggested. Introduction The CSI Volume Cloning feature adds support for specifying existing PVCs in the dataSource field to indicate a user would like to clone a Volume. A Clone is defined as a duplicate of an existing Kubernetes Volume that can be consumed as any standard Volume would be. The only difference is that upon provisioning, rather than creating a "new" empty Volume, the back end device creates an exact duplicate of the specified Volume.