Resource Types ExecCredential ExecCredential ExecCredential is used by exec-based plugins to communicate credentials to HTTP transports. FieldDescription apiVersionstringclient.authentication.k8s.io/v1beta1 kindstringExecCredential spec [Required] ExecCredentialSpec Spec holds information passed to the plugin by the transport. status ExecCredentialStatus Status is filled in by the plugin and holds the credentials that the transport should use to contact the API. Cluster Appears in: ExecCredentialSpec Cluster contains information to allow an exec plugin to communicate with the kubernetes cluster being authenticated to.

Package v1alpha1 is the v1alpha1 version of the API. Resource Types AdmissionConfiguration AuthenticationConfiguration AuthorizationConfiguration EgressSelectorConfiguration TracingConfiguration TracingConfiguration Appears in: KubeletConfiguration TracingConfiguration TracingConfiguration provides versioned configuration for OpenTelemetry tracing clients. FieldDescription endpoint string Endpoint of the collector this component will report traces to. The connection is insecure, and does not currently support TLS. Recommended is unset, and endpoint is the otlp grpc default, localhost:4317. samplingRatePerMillion int32 SamplingRatePerMillion is the number of samples to collect per million spans.

This page shows how to enable and configure certificate rotation for the kubelet. FEATURE STATE: Kubernetes v1.19 [stable] Before you begin Kubernetes version 1.8.0 or later is required Overview The kubelet uses certificates for authenticating to the Kubernetes API. By default, these certificates are issued with one year expiration so that they do not need to be renewed too frequently. Kubernetes contains kubelet certificate rotation, that will automatically generate a new key and request a new certificate from the Kubernetes API as the current certificate approaches expiration.

This page shows how to securely inject sensitive data, such as passwords and encryption keys, into Pods. Before you begin You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. It is recommended to run this tutorial on a cluster with at least two nodes that are not acting as control plane hosts. If you do not already have a cluster, you can create one by using minikube or you can use one of these Kubernetes playgrounds:

This page shows how to manually rotate the certificate authority (CA) certificates. Before you begin You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. It is recommended to run this tutorial on a cluster with at least two nodes that are not acting as control plane hosts. If you do not already have a cluster, you can create one by using minikube or you can use one of these Kubernetes playgrounds:

FEATURE STATE: Kubernetes v1.33 [stable] (enabled by default: true) This document shares how to reconfigure the default Service IP range(s) assigned to a cluster. Before you begin You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. It is recommended to run this tutorial on a cluster with at least two nodes that are not acting as control plane hosts.

This page shows how to define environment variables for a container in a Kubernetes Pod. Before you begin You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. It is recommended to run this tutorial on a cluster with at least two nodes that are not acting as control plane hosts. If you do not already have a cluster, you can create one by using minikube or you can use one of these Kubernetes playgrounds:

Attribute-based access control (ABAC) defines an access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together. Policy File Format To enable ABAC mode, specify --authorization-policy-file=SOME_FILENAME and --authorization-mode=ABAC on startup. The file format is one JSON object per line. There should be no enclosing list or map, only one map per line. Each line is a "policy object", where each such object is a map with the following properties:

Kubernetes namespaces help different projects, teams, or customers to share a Kubernetes cluster. It does this by providing the following: A scope for Names. A mechanism to attach authorization and policy to a subsection of the cluster. Use of multiple namespaces is optional. This example demonstrates how to use Kubernetes namespaces to subdivide your cluster. Before you begin You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster.

Production-Grade Container Orchestration