Package v1beta1 is the v1beta1 version of the external metrics API. Resource Types ExternalMetricValue ExternalMetricValueList ExternalMetricValue Appears in: ExternalMetricValueList ExternalMetricValue is a metric value for external metric A single metric value is identified by metric name and a set of string labels. For one metric there can be multiple values with different sets of labels. FieldDescription apiVersionstringexternal.metrics.k8s.io/v1beta1 kindstringExternalMetricValue metricName [Required] string the name of the metric metricLabels [Required] map[string]string a set of labels that identify a single time series for the metric

Production-Grade Container Orchestration

This page assumes that you understand how to contribute to new content and review others' work, and are ready to learn about more ways to contribute. You need to use the Git command line client and other tools for some of these tasks. Propose improvements SIG Docs members can propose improvements. After you've been contributing to the Kubernetes documentation for a while, you may have ideas for improving the Style Guide , the Content Guide, the toolchain used to build the documentation, the website style, the processes for reviewing and merging pull requests, or other aspects of the documentation.

{"_kubernetes_io":{"feed_refresh_job":"https://testgrid.k8s.io/sig-security-cve-feed#auto-refreshing-official-cve-feed","updated_at":"2025-12-26T00:15:22Z"},"authors":[{"name":"Kubernetes Community...

This page shows you how to run a single-instance stateful application in Kubernetes using a PersistentVolume and a Deployment. The application is MySQL. Objectives Create a PersistentVolume referencing a disk in your environment. Create a MySQL Deployment. Expose MySQL to other pods in the cluster at a known DNS name. Before you begin You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster.

A security context defines privilege and access control settings for a Pod or Container. Security context settings include, but are not limited to: Discretionary Access Control: Permission to access an object, like a file, is based on user ID (UID) and group ID (GID). Security Enhanced Linux (SELinux): Objects are assigned security labels. Running as privileged or unprivileged. Linux Capabilities: Give a process some privileges, but not all the privileges of the root user.

Use kubectl patch to update Kubernetes API objects in place. Do a strategic merge patch or a JSON merge patch.

FEATURE STATE: Kubernetes v1.26 [stable] Windows HostProcess containers enable you to run containerized workloads on a Windows host. These containers operate as normal processes but have access to the host network namespace, storage, and devices when given the appropriate user privileges. HostProcess containers can be used to deploy network plugins, storage configurations, device plugins, kube-proxy, and other components to Windows nodes without the need for dedicated proxies or the direct installation of host services.

This page provides an overview of authentication in Kubernetes, with a focus on authentication to the Kubernetes API. Users in Kubernetes All Kubernetes clusters have two categories of users: service accounts managed by Kubernetes, and normal users. It is assumed that a cluster-independent service manages normal users in the following ways: an administrator distributing private keys a user store like Keystone or Google Accounts a file with a list of usernames and passwords In this regard, Kubernetes does not have objects which represent normal user accounts.

Overview A kubelet's HTTPS endpoint exposes APIs which give access to data of varying sensitivity, and allow you to perform operations with varying levels of power on the node and within containers. This document describes how to authenticate and authorize access to the kubelet's HTTPS endpoint. Kubelet authentication By default, requests to the kubelet's HTTPS endpoint that are not rejected by other configured authentication methods are treated as anonymous requests, and given a username of system:anonymous and a group of system:unauthenticated.