Production-Grade Container Orchestration

Kubernetes certificate and trust bundle APIs enable automation of X.509 credential provisioning by providing a programmatic interface for clients of the Kubernetes API to request and obtain X.509 certificates from a Certificate Authority (CA). There is also experimental (alpha) support for distributing trust bundles. Certificate signing requests FEATURE STATE: Kubernetes v1.19 [stable] A CertificateSigningRequest (CSR) resource is used to request that a certificate be signed by a denoted signer, after which the request may be approved or denied before finally being signed.

This command initializes a new Kubernetes node and joins it to the existing cluster. Run this on any machine you wish to join an existing cluster Synopsis When joining a kubeadm initialized cluster, we need to establish bidirectional trust. This is split into discovery (having the Node trust the Kubernetes Control Plane) and TLS bootstrap (having the Kubernetes Control Plane trust the Node). There are 2 main schemes for discovery.

This tutorial shows you how to run a standalone kubelet instance. You may have different motivations for running a standalone kubelet. This tutorial is aimed at introducing you to Kubernetes, even if you don't have much experience with it. You can follow this tutorial and learn about node setup, basic (static) Pods, and how Kubernetes manages containers. Once you have followed this tutorial, you could try using a cluster that has a control plane to manage pods and nodes, and other types of objects.

This tutorial shows you how to run Apache Cassandra on Kubernetes. Cassandra, a database, needs persistent storage to provide data durability (application state). In this example, a custom Cassandra seed provider lets the database discover new Cassandra instances as they join the Cassandra cluster. StatefulSets make it easier to deploy stateful applications into your Kubernetes cluster. For more information on the features used in this tutorial, see StatefulSet. Note:Cassandra and Kubernetes both use the term node to mean a member of a cluster.

Production-Grade Container Orchestration

Synopsis Deny a certificate signing request. kubectl certificate deny allows a cluster admin to deny a certificate signing request (CSR). This action tells a certificate signing controller to not to issue a certificate to the requester. kubectl certificate deny (-f FILENAME | NAME) Examples # Deny CSR 'csr-sqgzp' kubectl certificate deny csr-sqgzp Options --allow-missing-template-keys     Default: true If true, ignore any errors in templates when a field or map key is missing in the template.

Synopsis Create a role with single rule. kubectl create role NAME --verb=verb --resource=resource.group/subresource [--resource-name=resourcename] [--dry-run=server|client|none] Examples # Create a role named "pod-reader" that allows user to perform "get", "watch" and "list" on pods kubectl create role pod-reader --verb=get --verb=list --verb=watch --resource=pods # Create a role named "pod-reader" with ResourceName specified kubectl create role pod-reader --verb=get --resource=pods --resource-name=readablepod --resource-name=anotherpod # Create a role named "foo" with API Group specified kubectl create role foo --verb=get,list,watch --resource=rs.

Synopsis Set a cluster entry in kubeconfig. Specifying a name that already exists will merge new fields on top of existing values for those fields. kubectl config set-cluster NAME [--server=server] [--certificate-authority=path/to/certificate/authority] [--insecure-skip-tls-verify=true] [--tls-server-name=example.com] Examples # Set only the server field on the e2e cluster entry without touching other values kubectl config set-cluster e2e --server=https://1.2.3.4 # Embed certificate authority data for the e2e cluster entry kubectl config set-cluster e2e --embed-certs --certificate-authority=~/.

Synopsis List all available plugin files on a user's PATH. To see plugins binary names without the full path use --name-only flag. Available plugin files are those that are: - executable - anywhere on the user's PATH - begin with "kubectl-" kubectl plugin list [flags] Examples # List all available plugins kubectl plugin list # List only binary names of available plugins without paths kubectl plugin list --name-only Options -h, --help help for list