These guidelines cover the main Kubernetes blog and the Kubernetes contributor blog. All blog content must also adhere to the overall policy in the content guide. Before you begin Make sure you are familiar with the introduction sections of contributing to Kubernetes blogs, not just to learn about the two official blogs and the differences between them, but also to get an overview of the process. Original content The Kubernetes project accepts original content only, in English.

Synopsis Update the user, group, or service account in a role binding or cluster role binding. kubectl set subject (-f FILENAME | TYPE NAME) [--user=username] [--group=groupname] [--serviceaccount=namespace:serviceaccountname] [--dry-run=server|client|none] Examples # Update a cluster role binding for serviceaccount1 kubectl set subject clusterrolebinding admin --serviceaccount=namespace:serviceaccount1 # Update a role binding for user1, user2, and group1 kubectl set subject rolebinding admin --user=user1 --user=user2 --group=group1 # Print the result (in YAML format) of updating rolebinding subjects from a local, without hitting the server kubectl create rolebinding admin --role=admin --user=admin -o yaml --dry-run=client | kubectl set subject --local -f - --user=foo -o yaml Options --all Select all resources, in the namespace of the specified resource types

Synopsis The Kubernetes API server validates and configures data for the api objects which include pods, services, replicationcontrollers, and others. The API Server services REST operations and provides the frontend to the cluster's shared state through which all other components interact. kube-apiserver [flags] Options --admission-control-config-file string File with admission control configuration. --advertise-address string The IP address on which to advertise the apiserver to members of the cluster. This address must be reachable by the rest of the cluster.

FEATURE STATE: Kubernetes 1.34 [beta] A Kubernetes kuberc configuration file allows you to define preferences for kubectl, such as default options and command aliases. Unlike the kubeconfig file, a kuberc configuration file does not contain cluster details, usernames or passwords. The default location of this configuration file is $HOME/.kube/kuberc. To provide kubectl with a path to a custom kuberc file, use the --kuberc command line option, or set the KUBERC environment variable.

Details of the metric data that Kubernetes components export.

To report a security issue, please follow the Kubernetes security disclosure process. Work on Kubernetes code and public issues are tracked using GitHub Issues. Official list of known CVEs (security vulnerabilities) that have been announced by the Security Response Committee CVE-related GitHub issues Security-related announcements are sent to the kubernetes-security-announce@googlegroups.com mailing list.

Production-Grade Container Orchestration

Extend kubectl by creating and installing kubectl plugins.

Configure and schedule GPUs for use as a resource by nodes in a cluster.

FEATURE STATE: Kubernetes v1.34 [beta] This page provides an overview of MutatingAdmissionPolicies. MutatingAdmissionPolicies allow you change what happens when someone writes a change to the Kubernetes API. If you want to use declarative policies just to prevent a particular kind of change to resources (for example: protecting platform namespaces from deletion), ValidatingAdmissionPolicy is a simpler and more effective alternative. To use the feature, enable the MutatingAdmissionPolicy feature gate (which is off by default) and set --runtime-config=admissionregistration.