FEATURE STATE: Kubernetes v1.33 [stable] (enabled by default: true) This document shares how to reconfigure the default Service IP range(s) assigned to a cluster. Before you begin You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. It is recommended to run this tutorial on a cluster with at least two nodes that are not acting as control plane hosts.

Attribute-based access control (ABAC) defines an access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together. Policy File Format To enable ABAC mode, specify --authorization-policy-file=SOME_FILENAME and --authorization-mode=ABAC on startup. The file format is one JSON object per line. There should be no enclosing list or map, only one map per line. Each line is a "policy object", where each such object is a map with the following properties:

This page shows how to securely inject sensitive data, such as passwords and encryption keys, into Pods. Before you begin You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. It is recommended to run this tutorial on a cluster with at least two nodes that are not acting as control plane hosts. If you do not already have a cluster, you can create one by using minikube or you can use one of these Kubernetes playgrounds:

This page shows how to define environment variables for a container in a Kubernetes Pod. Before you begin You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. It is recommended to run this tutorial on a cluster with at least two nodes that are not acting as control plane hosts. If you do not already have a cluster, you can create one by using minikube or you can use one of these Kubernetes playgrounds:

Collection of Pod & Container metrics via the CRI.

Synopsis kubectl controls the Kubernetes cluster manager. Find more information at: https://kubernetes.io/docs/reference/kubectl/ kubectl [flags] Options --as string Username to impersonate for the operation. User could be a regular user or a service account in a namespace. --as-group strings Group to impersonate for the operation, this flag can be repeated to specify multiple groups. --as-uid string UID to impersonate for the operation. --cache-dir string     Default: "$HOME/.kube/cache" Default cache directory --certificate-authority string Path to a cert file for the certificate authority

Concepts for keeping your cloud-native workload secure.

An overview of the Pod Security Admission Controller, which can enforce the Pod Security Standards.

This page provides an storage overview specific to the Windows operating system. Persistent storage Windows has a layered filesystem driver to mount container layers and create a copy filesystem based on NTFS. All file paths in the container are resolved only within the context of that container. With Docker, volume mounts can only target a directory in the container, and not an individual file. This limitation does not apply to containerd.

Technology for packaging an application along with its runtime dependencies.