Details of the metric data that Kubernetes components export.

Production-Grade Container Orchestration

Extend kubectl by creating and installing kubectl plugins.

This page shows how a Pod can use environment variables to expose information about itself to containers running in the Pod, using the downward API. You can use environment variables to expose Pod fields, container fields, or both. In Kubernetes, there are two ways to expose Pod and container fields to a running container: Environment variables, as explained in this task Volume files Together, these two ways of exposing Pod and container fields are called the downward API.

FEATURE STATE: Kubernetes v1.32 [alpha] This page provides an overview of MutatingAdmissionPolicies. What are MutatingAdmissionPolicies? Mutating admission policies offer a declarative, in-process alternative to mutating admission webhooks. Mutating admission policies use the Common Expression Language (CEL) to declare mutations to resources. Mutations can be defined either with an apply configuration that is merged using the server side apply merge strategy, or a JSON patch. Mutating admission policies are highly configurable, enabling policy authors to define policies that can be parameterized and scoped to resources as needed by cluster administrators.

This page provides an overview of authentication. Users in Kubernetes All Kubernetes clusters have two categories of users: service accounts managed by Kubernetes, and normal users. It is assumed that a cluster-independent service manages normal users in the following ways: an administrator distributing private keys a user store like Keystone or Google Accounts a file with a list of usernames and passwords In this regard, Kubernetes does not have objects which represent normal user accounts.

This document details the deprecation policy for various facets of the system. Kubernetes is a large system with many components and many contributors. As with any such software, the feature set naturally evolves over time, and sometimes a feature may need to be removed. This could include an API, a flag, or even an entire feature. To avoid breaking existing users, Kubernetes follows a deprecation policy for aspects of the system that are slated to be removed.

This tutorial provides an introduction to managing applications with StatefulSets. It demonstrates how to create, delete, scale, and update the Pods of StatefulSets. Before you begin Before you begin this tutorial, you should familiarize yourself with the following Kubernetes concepts: Pods Cluster DNS Headless Services PersistentVolumes PersistentVolume Provisioning The kubectl command line tool You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster.

Overview A kubelet's HTTPS endpoint exposes APIs which give access to data of varying sensitivity, and allow you to perform operations with varying levels of power on the node and within containers. This document describes how to authenticate and authorize access to the kubelet's HTTPS endpoint. Kubelet authentication By default, requests to the kubelet's HTTPS endpoint that are not rejected by other configured authentication methods are treated as anonymous requests, and given a username of system:anonymous and a group of system:unauthenticated.

Once you connected your Application with Service following steps like those outlined in Connecting Applications with Services, you have a continuously running, replicated application, that is exposed on a network. This tutorial helps you look at the termination flow for Pods and to explore ways to implement graceful connection draining. Termination process for Pods and their endpoints There are often cases when you need to terminate a Pod - be it to upgrade or scale down.