A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in a container image. Using a Secret means that you don't need to include confidential data in your application code. Because Secrets can be created independently of the Pods that use them, there is less risk of the Secret (and its data) being exposed during the workflow of creating, viewing, and editing Pods.

When several users or teams share a cluster with a fixed number of nodes, there is a concern that one team could use more than its fair share of resources. Resource quotas are a tool for administrators to address this concern. A resource quota, defined by a ResourceQuota object, provides constraints that limit aggregate resource consumption per namespace. A ResourceQuota can also limit the quantity of objects that can be created in a namespace by API kind, as well as the total amount of infrastructure resources that may be consumed by API objects found in that namespace.

Node affinity is a property of Pods that attracts them to a set of nodes (either as a preference or a hard requirement). Taints are the opposite -- they allow a node to repel a set of pods. Tolerations are applied to pods. Tolerations allow the scheduler to schedule pods with matching taints. Tolerations allow scheduling but don't guarantee scheduling: the scheduler also evaluates other parameters as part of its function.

Production-Grade Container Orchestration

kubeadm upgrade apply phase Using the phases of kubeadm upgrade apply, you can choose to execute the separate steps of the initial upgrade of a control plane node. phase preflight control-plane upload-config kubelet-config bootstrap-token addon post-upgrade Synopsis Use this command to invoke single phase of the "apply" workflow kubeadm upgrade apply phase [flags] Options -h, --help help for phase Options inherited from parent commands --rootfs string The path to the 'real' host root filesystem.

Production-Grade Container Orchestration

This page contains a list of commonly used kubectl commands and flags. Note:These instructions are for Kubernetes v1.34. To check the version, use the kubectl version command. Kubectl autocomplete BASH source <(kubectl completion bash) # set up autocomplete in bash into the current shell, bash-completion package should be installed first. echo "source <(kubectl completion bash)" >> ~/.bashrc # add autocomplete permanently to your bash shell. You can also use a shorthand alias for kubectl that also works with completion:

Synopsis Unset an individual value in a kubeconfig file. PROPERTY_NAME is a dot delimited name where each token represents either an attribute name or a map key. Map keys may not contain dots. kubectl config unset PROPERTY_NAME Examples # Unset the current-context kubectl config unset current-context # Unset namespace in foo context kubectl config unset contexts.foo.namespace Options -h, --help help for unset Parent Options Inherited --as string Username to impersonate for the operation.

Synopsis Dump cluster information out suitable for debugging and diagnosing cluster problems. By default, dumps everything to stdout. You can optionally specify a directory with --output-directory. If you specify a directory, Kubernetes will build a set of files in that directory. By default, only dumps things in the current namespace and 'kube-system' namespace, but you can switch to a different namespace with the --namespaces flag, or specify --all-namespaces to dump all namespaces.

Synopsis Reconciles rules for RBAC role, role binding, cluster role, and cluster role binding objects. Missing objects are created, and the containing namespace is created for namespaced objects, if required. Existing roles are updated to include the permissions in the input objects, and remove extra permissions if --remove-extra-permissions is specified. Existing bindings are updated to include the subjects in the input objects, and remove extra subjects if --remove-extra-subjects is specified.