This page explains proxies used with Kubernetes. Proxies There are several different proxies you may encounter when using Kubernetes: The kubectl proxy: runs on a user's desktop or in a pod proxies from a localhost address to the Kubernetes apiserver client to proxy uses HTTP proxy to apiserver uses HTTPS locates apiserver adds authentication headers The apiserver proxy: is a bastion built into the apiserver connects a user outside of the cluster to cluster IPs which otherwise might not be reachable runs in the apiserver processes client to proxy uses HTTPS (or http if apiserver so configured) proxy to target may use HTTP or HTTPS as chosen by proxy using available information can be used to reach a Node, Pod, or Service does load balancing when used to reach a Service The kube proxy:

FEATURE STATE: Kubernetes v1.33 [beta](disabled by default) Kubernetes 1.35 includes a beta feature that allows control plane components to deterministically select a leader via coordinated leader election. This is useful to satisfy Kubernetes version skew constraints during cluster upgrades. Currently, the only builtin selection strategy is OldestEmulationVersion, preferring the leader with the lowest emulation version, followed by binary version, followed by creation timestamp. Enabling coordinated leader election Ensure that CoordinatedLeaderElection feature gate is enabled when you start the API Server: and that the coordination.

System component logs record events happening in cluster, which can be very useful for debugging. You can configure log verbosity to see more or less detail. Logs can be as coarse-grained as showing errors within a component, or as fine-grained as showing step-by-step traces of events (like HTTP access logs, pod state changes, controller actions, or scheduler decisions). Warning:In contrast to the command line flags described here, the log output itself does not fall under the Kubernetes API stability guarantees: individual log entries and their formatting may change from one release to the next!

Understand how to gain end-to-end visibility of a Kubernetes cluster through the collection of metrics, logs, and traces.

API-initiated eviction is the process by which you use the Eviction API to create an Eviction object that triggers graceful pod termination. You can request eviction by calling the Eviction API directly, or programmatically using a client of the API server, like the kubectl drain command. This creates an Eviction object, which causes the API server to terminate the Pod. API-initiated evictions respect your configured PodDisruptionBudgets and terminationGracePeriodSeconds. Using the API to create an Eviction object for a Pod is like performing a policy-controlled DELETE operation on the Pod.

Before you begin You must use a kubectl version that is within one minor version difference of your cluster. For example, a v1.35 client can communicate with v1.34, v1.35, and v1.36 control planes. Using the latest compatible version of kubectl helps avoid unforeseen issues. Install kubectl on Linux The following methods exist for installing kubectl on Linux: Install kubectl binary with curl on Linux Install using native package management Install using other package management Install kubectl binary with curl on Linux Download the latest release with the command:

Different ways to change the behavior of your Kubernetes cluster.

Distributed systems often have a need for leases, which provide a mechanism to lock shared resources and coordinate activity between members of a set. In Kubernetes, the lease concept is represented by Lease objects in the coordination.k8s.io API Group, which are used for system-critical capabilities such as node heartbeats and component-level leader election. Node heartbeats Kubernetes uses the Lease API to communicate kubelet node heartbeats to the Kubernetes API server.

There are two ways to expose Pod and container fields to a running container: environment variables, and as files that are populated by a special volume type. Together, these two ways of exposing Pod and container fields are called the downward API.

A StatefulSet runs a group of Pods, and maintains a sticky identity for each of those Pods. This is useful for managing applications that need persistent storage or a stable, unique network identity.