The Kubernetes API is a resource-based (RESTful) programmatic interface provided via HTTP. It supports retrieving, creating, updating, and deleting primary resources via the standard HTTP verbs (POST, PUT, PATCH, DELETE, GET). For some resources, the API includes additional subresources that allow fine-grained authorization (such as separate views for Pod details and log retrievals), and can accept and serve those resources in different representations for convenience or efficiency. Kubernetes supports efficient change notifications on resources via watches: in the Kubernetes API, watch is a verb that is used to track changes to an object in Kubernetes as a stream.

Node authorization is a special-purpose authorization mode that specifically authorizes API requests made by kubelets. Overview The Node authorizer allows a kubelet to perform API operations. This includes: Read operations: services endpoints nodes pods secrets, configmaps, persistent volume claims and persistent volumes related to pods bound to the kubelet's node FEATURE STATE: Kubernetes v1.32 [beta] (enabled by default: true) When the AuthorizeNodeWithSelectors feature is enabled (along with the pre-requisite AuthorizeWithSelectors feature), kubelets are only allowed to read their own Node objects, and are only allowed to read pods bound to their node.

Synopsis Experimental: Check who you are and your attributes (groups, extra). This command is helpful to get yourself aware of the current user attributes, especially when dynamic authentication, e.g., token webhook, auth proxy, or OIDC provider, is enabled in the Kubernetes cluster. kubectl auth whoami Examples # Get your subject attributes kubectl auth whoami # Get your subject attributes in JSON format kubectl auth whoami -o json Options --allow-missing-template-keys     Default: true If true, ignore any errors in templates when a field or map key is missing in the template.

Production-Grade Container Orchestration

Synopsis Resume a paused resource. Paused resources will not be reconciled by a controller. By resuming a resource, we allow it to be reconciled again. Currently only deployments support being resumed. kubectl rollout resume RESOURCE Examples # Resume an already paused deployment kubectl rollout resume deployment/nginx Options --allow-missing-template-keys     Default: true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

Production-Grade Container Orchestration

Synopsis Create a secret based on a file, directory, or specified literal value. A single secret may package one or more key/value pairs. When creating a secret based on a file, the key will default to the basename of the file, and the value will default to the file content. If the basename is an invalid key or you wish to chose your own, you may specify an alternate key.

Production-Grade Container Orchestration

Synopsis Create a NodePort service with the specified name. kubectl create service nodeport NAME [--tcp=port:targetPort] [--dry-run=server|client|none] Examples # Create a new NodePort service named my-ns kubectl create service nodeport my-ns --tcp=5678:8080 Options --allow-missing-template-keys     Default: true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. --dry-run string[="unchanged"]     Default: "none" Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it.

Synopsis Create a job with the specified name. kubectl create job NAME --image=image [--from=cronjob/name] -- [COMMAND] [args...] Examples # Create a job kubectl create job my-job --image=busybox # Create a job with a command kubectl create job my-job --image=busybox -- date # Create a job from a cron job named "a-cronjob" kubectl create job test-job --from=cronjob/a-cronjob Options --allow-missing-template-keys     Default: true If true, ignore any errors in templates when a field or map key is missing in the template.