FEATURE STATE: Kubernetes v1.27 [beta] System component traces record the latency of and relationships between operations in the cluster. Kubernetes components emit traces using the OpenTelemetry Protocol with the gRPC exporter and can be collected and routed to tracing backends using an OpenTelemetry Collector. Trace Collection Kubernetes components have built-in gRPC exporters for OTLP to export traces, either with an OpenTelemetry Collector, or without an OpenTelemetry Collector. For a complete guide to collecting traces and using the collector, see Getting Started with the OpenTelemetry Collector.

Set up Kubernetes tools on your computer.

This page explains how to enable a package repository for the desired Kubernetes minor release upon upgrading a cluster. This is only needed for users of the community-owned package repositories hosted at pkgs.k8s.io. Unlike the legacy package repositories, the community-owned package repositories are structured in a way that there's a dedicated package repository for each Kubernetes minor version. Note:This guide only covers a part of the Kubernetes upgrade process. Please see the upgrade guide for more information about upgrading Kubernetes clusters.

Before you begin Some steps in this page use the jq tool. If you don't have jq, you can install it via your operating system's software sources, or fetch it from https://jqlang.github.io/jq/. Some steps also involve installing curl, which can be installed via your operating system's software sources. A subset of the kubelet's configuration parameters may be set via an on-disk config file, as a substitute for command-line flags. Providing parameters via a config file is the recommended approach because it simplifies node deployment and configuration management.

FEATURE STATE: Kubernetes v1.18 [stable] This page shows how to configure Group Managed Service Accounts (GMSA) for Pods and containers that will run on Windows nodes. Group Managed Service Accounts are a specific type of Active Directory account that provides automatic password management, simplified service principal name (SPN) management, and the ability to delegate the management to other administrators across multiple servers. In Kubernetes, GMSA credential specs are configured at a Kubernetes cluster-wide scope as Custom Resources.

Kubernetes offers two distinct ways for clients that run within your cluster, or that otherwise have a relationship to your cluster's control plane to authenticate to the API server. A service account provides an identity for processes that run in a Pod, and maps to a ServiceAccount object. When you authenticate to the API server, you identify yourself as a particular user. Kubernetes recognises the concept of a user, however, Kubernetes itself does not have a User API.

This page describes the CoreDNS upgrade process and how to install CoreDNS instead of kube-dns. Before you begin You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. It is recommended to run this tutorial on a cluster with at least two nodes that are not acting as control plane hosts. If you do not already have a cluster, you can create one by using minikube or you can use one of these Kubernetes playgrounds:

This page provides an overview of available configuration options and best practices for cluster multi-tenancy. Sharing clusters saves costs and simplifies administration. However, sharing clusters also presents challenges such as security, fairness, and managing noisy neighbors. Clusters can be shared in many ways. In some cases, different applications may run in the same cluster. In other cases, multiple instances of the same application may run in the same cluster, one for each end user.

An overview of the Pod Security Admission Controller, which can enforce the Pod Security Standards.

Learn about ServiceAccount objects in Kubernetes.