Production-Grade Container Orchestration

This page shows how to create a new topic for the Kubernetes docs. Before you begin Create a fork of the Kubernetes documentation repository as described in Open a PR. Choosing a page type As you prepare to write a new topic, think about the page type that would fit your content the best: Guidelines for choosing a page type Type Description Concept A concept page explains some aspect of Kubernetes.

Attribute-based access control (ABAC) defines an access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together. Policy File Format To enable ABAC mode, specify --authorization-policy-file=SOME_FILENAME and --authorization-mode=ABAC on startup. The file format is one JSON object per line. There should be no enclosing list or map, only one map per line. Each line is a "policy object", where each such object is a map with the following properties:

Production-Grade Container Orchestration

Every node in a Kubernetes cluster runs a kube-proxy (unless you have deployed your own alternative component in place of kube-proxy). The kube-proxy component is responsible for implementing a virtual IP mechanism for Services of type other than ExternalName. Each instance of kube-proxy watches the Kubernetes control plane for the addition and removal of Service and EndpointSlice objects. For each Service, kube-proxy calls appropriate APIs (depending on the kube-proxy mode) to configure the node to capture traffic to the Service's clusterIP and port, and redirect that traffic to one of the Service's endpoints (usually a Pod, but possibly an arbitrary user-provided IP address).

Synopsis Display one or many contexts from the kubeconfig file. kubectl config get-contexts [(-o|--output=)name)] Examples # List all the contexts in your kubeconfig file kubectl config get-contexts # Describe one context in your kubeconfig file kubectl config get-contexts my-context Options -h, --help help for get-contexts --no-headers When using the default or custom-column output format, don't print headers (default print headers). -o, --output string Output format. One of: (name). Parent Options Inherited --as string Username to impersonate for the operation.

Synopsis Edit the latest last-applied-configuration annotations of resources from the default editor. The edit-last-applied command allows you to directly edit any API resource you can retrieve via the command-line tools. It will open the editor defined by your KUBE_EDITOR, or EDITOR environment variables, or fall back to 'vi' for Linux or 'notepad' for Windows. You can edit multiple objects, although changes are applied one at a time. The command accepts file names as well as command-line arguments, although the files you point to must be previously saved versions of resources.

Production-Grade Container Orchestration

Production-Grade Container Orchestration

Synopsis Create a priority class with the specified name, value, globalDefault and description. kubectl create priorityclass NAME --value=VALUE --global-default=BOOL [--dry-run=server|client|none] Examples # Create a priority class named high-priority kubectl create priorityclass high-priority --value=1000 --description="high priority" # Create a priority class named default-priority that is considered as the global default priority kubectl create priorityclass default-priority --value=1000 --global-default=true --description="default priority" # Create a priority class named high-priority that cannot preempt pods with lower priority kubectl create priorityclass high-priority --value=1000 --description="high priority" --preemption-policy="Never" Options --allow-missing-template-keys     Default: true If true, ignore any errors in templates when a field or map key is missing in the template.