Documentation
Kubernetes Blog
Training
Partners
Community
Case Studies
Versions
Release Information
v1.25
v1.24
v1.23
v1.22
v1.21
English
中文 (Chinese)
한국어 (Korean)
日本語 (Japanese)
Français (French)
Italiano (Italian)
Deutsch (German)
Español (Spanish)
Português (Portuguese)
Bahasa Indonesia
Tiếng Việt (Vietnamese)
Русский (Russian)
Home
Available Documentation Versions
Getting started
Learning environment
Production environment
Container Runtimes
Installing Kubernetes with deployment tools
Bootstrapping clusters with kubeadm
Installing kubeadm
Troubleshooting kubeadm
Creating a cluster with kubeadm
Customizing components with the kubeadm API
Options for Highly Available Topology
Creating Highly Available Clusters with kubeadm
Set up a High Availability etcd Cluster with kubeadm
Configuring each kubelet in your cluster using kubeadm
Dual-stack support with kubeadm
Installing Kubernetes with kOps
Installing Kubernetes with Kubespray
Turnkey Cloud Solutions
Best practices
Considerations for large clusters
Running in multiple zones
Validate node setup
Enforcing Pod Security Standards
PKI certificates and requirements
Concepts
Overview
Kubernetes Components
The Kubernetes API
Working with Kubernetes Objects
Understanding Kubernetes Objects
Kubernetes Object Management
Object Names and IDs
Labels and Selectors
Namespaces
Annotations
Field Selectors
Finalizers
Owners and Dependents
Recommended Labels
Cluster Architecture
Nodes
Communication between Nodes and the Control Plane
Controllers
Cloud Controller Manager
About cgroup v2
Container Runtime Interface (CRI)
Garbage Collection
Containers
Images
Container Environment
Runtime Class
Container Lifecycle Hooks
Windows in Kubernetes
Windows containers in Kubernetes
Guide for scheduling Windows containers in Kubernetes
Workloads
Pods
Pod Lifecycle
Init Containers
Disruptions
Ephemeral Containers
User Namespaces
Downward API
Workload Resources
Deployments
ReplicaSet
StatefulSets
DaemonSet
Jobs
Automatic Clean-up for Finished Jobs
CronJob
ReplicationController
Services, Load Balancing, and Networking
Service
Ingress
Ingress Controllers
EndpointSlices
Network Policies
DNS for Services and Pods
IPv4/IPv6 dual-stack
Topology Aware Hints
Networking on Windows
Service Internal Traffic Policy
Topology-aware traffic routing with topology keys
Storage
Volumes
Persistent Volumes
Projected Volumes
Ephemeral Volumes
Storage Classes
Dynamic Volume Provisioning
Volume Snapshots
Volume Snapshot Classes
CSI Volume Cloning
Storage Capacity
Node-specific Volume Limits
Volume Health Monitoring
Windows Storage
Configuration
Configuration Best Practices
ConfigMaps
Secrets
Resource Management for Pods and Containers
Organizing Cluster Access Using kubeconfig Files
Resource Management for Windows nodes
Security
Overview of Cloud Native Security
Pod Security Standards
Pod Security Admission
Pod Security Policies
Security For Windows Nodes
Controlling Access to the Kubernetes API
Role Based Access Control Good Practices
Good practices for Kubernetes Secrets
Multi-tenancy
Kubernetes API Server Bypass Risks
Security Checklist
Policies
Limit Ranges
Resource Quotas
Process ID Limits And Reservations
Node Resource Managers
Scheduling, Preemption and Eviction
Kubernetes Scheduler
Assigning Pods to Nodes
Pod Overhead
Pod Topology Spread Constraints
Taints and Tolerations
Scheduling Framework
Scheduler Performance Tuning
Resource Bin Packing
Pod Priority and Preemption
Node-pressure Eviction
API-initiated Eviction
Cluster Administration
Certificates
Managing Resources
Cluster Networking
Logging Architecture
Metrics For Kubernetes System Components
System Logs
Traces For Kubernetes System Components
Proxies in Kubernetes
API Priority and Fairness
Installing Addons
Extending Kubernetes
Compute, Storage, and Networking Extensions
Network Plugins
Device Plugins
Extending the Kubernetes API
Custom Resources
Kubernetes API Aggregation Layer
Operator pattern
Tasks
Install Tools
Install and Set Up kubectl on Linux
Install and Set Up kubectl on macOS
Install and Set Up kubectl on Windows
Administer a Cluster
Administration with kubeadm
Certificate Management with kubeadm
Configuring a cgroup driver
Reconfiguring a kubeadm cluster
Upgrading kubeadm clusters
Upgrading Windows nodes
Migrating from dockershim
Changing the Container Runtime on a Node from Docker Engine to containerd
Migrate Docker Engine nodes from dockershim to cri-dockerd
Find Out What Container Runtime is Used on a Node
Troubleshooting CNI plugin-related errors
Check whether dockershim removal affects you
Migrating telemetry and security agents from dockershim
Generate Certificates Manually
Manage Memory, CPU, and API Resources
Configure Default Memory Requests and Limits for a Namespace
Configure Default CPU Requests and Limits for a Namespace
Configure Minimum and Maximum Memory Constraints for a Namespace
Configure Minimum and Maximum CPU Constraints for a Namespace
Configure Memory and CPU Quotas for a Namespace
Configure a Pod Quota for a Namespace
Install a Network Policy Provider
Use Antrea for NetworkPolicy
Use Calico for NetworkPolicy
Use Cilium for NetworkPolicy
Use Kube-router for NetworkPolicy
Romana for NetworkPolicy
Weave Net for NetworkPolicy
Access Clusters Using the Kubernetes API
Advertise Extended Resources for a Node
Autoscale the DNS Service in a Cluster
Change the default StorageClass
Change the Reclaim Policy of a PersistentVolume
Cloud Controller Manager Administration
Configure Quotas for API Objects
Control CPU Management Policies on the Node
Control Topology Management Policies on a node
Customizing DNS Service
Debugging DNS Resolution
Declare Network Policy
Developing Cloud Controller Manager
Enable Or Disable A Kubernetes API
Encrypting Secret Data at Rest
Guaranteed Scheduling For Critical Add-On Pods
IP Masquerade Agent User Guide
Limit Storage Consumption
Migrate Replicated Control Plane To Use Cloud Controller Manager
Namespaces Walkthrough
Operating etcd clusters for Kubernetes
Reconfigure a Node's Kubelet in a Live Cluster
Reserve Compute Resources for System Daemons
Running Kubernetes Node Components as a Non-root User
Safely Drain a Node
Securing a Cluster
Set Kubelet parameters via a config file
Share a Cluster with Namespaces
Upgrade A Cluster
Use Cascading Deletion in a Cluster
Using a KMS provider for data encryption
Using CoreDNS for Service Discovery
Using NodeLocal DNSCache in Kubernetes Clusters
Using sysctls in a Kubernetes Cluster
Utilizing the NUMA-aware Memory Manager
Verify Signed Container Images
Configure Pods and Containers
Assign Memory Resources to Containers and Pods
Assign CPU Resources to Containers and Pods
Configure GMSA for Windows Pods and containers
Configure RunAsUserName for Windows pods and containers
Create a Windows HostProcess Pod
Configure Quality of Service for Pods
Assign Extended Resources to a Container
Configure a Pod to Use a Volume for Storage
Configure a Pod to Use a PersistentVolume for Storage
Configure a Pod to Use a Projected Volume for Storage
Configure a Security Context for a Pod or Container
Configure Service Accounts for Pods
Pull an Image from a Private Registry
Configure Liveness, Readiness and Startup Probes
Assign Pods to Nodes
Assign Pods to Nodes using Node Affinity
Configure Pod Initialization
Attach Handlers to Container Lifecycle Events
Configure a Pod to Use a ConfigMap
Share Process Namespace between Containers in a Pod
Use a User Namespace With a Pod
Create static Pods
Translate a Docker Compose File to Kubernetes Resources
Enforce Pod Security Standards by Configuring the Built-in Admission Controller
Enforce Pod Security Standards with Namespace Labels
Migrate from PodSecurityPolicy to the Built-In PodSecurity Admission Controller
Monitoring, Logging, and Debugging
Troubleshooting Applications
Debug Pods
Debug Services
Debug a StatefulSet
Determine the Reason for Pod Failure
Debug Init Containers
Debug Running Pods
Get a Shell to a Running Container
Troubleshooting Clusters
Resource metrics pipeline
Tools for Monitoring Resources
Monitor Node Health
Debugging Kubernetes nodes with crictl
Auditing
Developing and debugging services locally using telepresence
Windows debugging tips
Manage Kubernetes Objects
Declarative Management of Kubernetes Objects Using Configuration Files
Declarative Management of Kubernetes Objects Using Kustomize
Managing Kubernetes Objects Using Imperative Commands
Imperative Management of Kubernetes Objects Using Configuration Files
Update API Objects in Place Using kubectl patch
Managing Secrets
Managing Secrets using kubectl
Managing Secrets using Configuration File
Managing Secrets using Kustomize
Inject Data Into Applications
Define a Command and Arguments for a Container
Define Dependent Environment Variables
Define Environment Variables for a Container
Expose Pod Information to Containers Through Environment Variables
Expose Pod Information to Containers Through Files
Distribute Credentials Securely Using Secrets
Run Applications
Run a Stateless Application Using a Deployment
Run a Single-Instance Stateful Application
Run a Replicated Stateful Application
Scale a StatefulSet
Delete a StatefulSet
Force Delete StatefulSet Pods
Horizontal Pod Autoscaling
HorizontalPodAutoscaler Walkthrough
Specifying a Disruption Budget for your Application
Accessing the Kubernetes API from a Pod
Run Jobs
Running Automated Tasks with a CronJob
Coarse Parallel Processing Using a Work Queue
Fine Parallel Processing Using a Work Queue
Indexed Job for Parallel Processing with Static Work Assignment
Parallel Processing using Expansions
Handling retriable and non-retriable pod failures with Pod failure policy
Access Applications in a Cluster
Deploy and Access the Kubernetes Dashboard
Accessing Clusters
Configure Access to Multiple Clusters
Use Port Forwarding to Access Applications in a Cluster
Use a Service to Access an Application in a Cluster
Connect a Frontend to a Backend Using Services
Create an External Load Balancer
List All Container Images Running in a Cluster
Set up Ingress on Minikube with the NGINX Ingress Controller
Communicate Between Containers in the Same Pod Using a Shared Volume
Configure DNS for a Cluster
Access Services Running on Clusters
Extend Kubernetes
Configure the Aggregation Layer
Use Custom Resources
Extend the Kubernetes API with CustomResourceDefinitions
Versions in CustomResourceDefinitions
Set up an Extension API Server
Configure Multiple Schedulers
Use an HTTP Proxy to Access the Kubernetes API
Use a SOCKS5 Proxy to Access the Kubernetes API
Set up Konnectivity service
TLS
Configure Certificate Rotation for the Kubelet
Manage TLS Certificates in a Cluster
Manual Rotation of CA Certificates
Manage Cluster Daemons
Perform a Rolling Update on a DaemonSet
Perform a Rollback on a DaemonSet
Networking
Adding entries to Pod /etc/hosts with HostAliases
Validate IPv4/IPv6 dual-stack
Configure a kubelet image credential provider
Extend kubectl with plugins
Manage HugePages
Schedule GPUs
Tutorials
Hello Minikube
Learn Kubernetes Basics
Create a Cluster
Using Minikube to Create a Cluster
Interactive Tutorial - Creating a Cluster
Deploy an App
Using kubectl to Create a Deployment
Interactive Tutorial - Deploying an App
Explore Your App
Viewing Pods and Nodes
Interactive Tutorial - Exploring Your App
Expose Your App Publicly
Using a Service to Expose Your App
Interactive Tutorial - Exposing Your App
Scale Your App
Running Multiple Instances of Your App
Interactive Tutorial - Scaling Your App
Update Your App
Performing a Rolling Update
Interactive Tutorial - Updating Your App
Configuration
Example: Configuring a Java Microservice
Externalizing config using MicroProfile, ConfigMaps and Secrets
Interactive Tutorial - Configuring a Java Microservice
Configuring Redis using a ConfigMap
Security
Apply Pod Security Standards at the Cluster Level
Apply Pod Security Standards at the Namespace Level
Restrict a Container's Access to Resources with AppArmor
Restrict a Container's Syscalls with seccomp
Stateless Applications
Exposing an External IP Address to Access an Application in a Cluster
Example: Deploying PHP Guestbook application with Redis
Stateful Applications
StatefulSet Basics
Example: Deploying WordPress and MySQL with Persistent Volumes
Example: Deploying Cassandra with a StatefulSet
Running ZooKeeper, A Distributed System Coordinator
Services
Connecting Applications with Services
Using Source IP
Reference
Glossary
API Overview
Kubernetes API Concepts
Server-Side Apply
Client Libraries
Kubernetes Deprecation Policy
Deprecated API Migration Guide
Kubernetes API health endpoints
API Access Control
Authenticating
Authenticating with Bootstrap Tokens
Certificate Signing Requests
Admission Controllers
Dynamic Admission Control
Managing Service Accounts
Authorization Overview
Using RBAC Authorization
Using ABAC Authorization
Using Node Authorization
Mapping PodSecurityPolicies to Pod Security Standards
Webhook Mode
Kubelet authentication/authorization
TLS bootstrapping
Well-Known Labels, Annotations and Taints
Audit Annotations
Kubernetes API
Workload Resources
Pod
PodTemplate
ReplicationController
ReplicaSet
Deployment
StatefulSet
ControllerRevision
DaemonSet
Job
CronJob
HorizontalPodAutoscaler
HorizontalPodAutoscaler
HorizontalPodAutoscaler v2beta2
PriorityClass
Service Resources
Service
Endpoints
EndpointSlice
Ingress
IngressClass
Config and Storage Resources
ConfigMap
Secret
Volume
PersistentVolumeClaim
PersistentVolume
StorageClass
VolumeAttachment
CSIDriver
CSINode
CSIStorageCapacity
Authentication Resources
ServiceAccount
TokenRequest
TokenReview
CertificateSigningRequest
Authorization Resources
LocalSubjectAccessReview
SelfSubjectAccessReview
SelfSubjectRulesReview
SubjectAccessReview
ClusterRole
ClusterRoleBinding
Role
RoleBinding
Policy Resources
LimitRange
ResourceQuota
NetworkPolicy
PodDisruptionBudget
Extend Resources
CustomResourceDefinition
MutatingWebhookConfiguration
ValidatingWebhookConfiguration
Cluster Resources
Node
Namespace
Event
APIService
Lease
RuntimeClass
FlowSchema v1beta2
PriorityLevelConfiguration v1beta2
Binding
ComponentStatus
ClusterCIDR v1alpha1
Common Definitions
DeleteOptions
LabelSelector
ListMeta
LocalObjectReference
NodeSelectorRequirement
ObjectFieldSelector
ObjectMeta
ObjectReference
Patch
Quantity
ResourceFieldSelector
Status
TypedLocalObjectReference
Common Parameters
Instrumentation
Kubernetes Metrics Reference
Kubernetes Issues and Security
Kubernetes Issue Tracker
Kubernetes Security and Disclosure Information
Official CVE Feed
Node Reference Information
Kubelet Checkpoint API
Articles on dockershim Removal and on Using CRI-compatible Runtimes
Ports and Protocols
Setup tools
Kubeadm
kubeadm init
kubeadm join
kubeadm upgrade
kubeadm config
kubeadm reset
kubeadm token
kubeadm version
kubeadm alpha
kubeadm certs
kubeadm init phase
kubeadm join phase
kubeadm kubeconfig
kubeadm reset phase
kubeadm upgrade phase
Implementation details
Command line tool (kubectl)
kubectl Cheat Sheet
kubectl Commands
kubectl
JSONPath Support
kubectl for Docker Users
kubectl Usage Conventions
Component tools
Feature Gates
Feature Gates (removed)
kubelet
kube-apiserver
kube-controller-manager
kube-proxy
kube-scheduler
Configuration APIs
Client Authentication (v1)
Client Authentication (v1beta1)
Event Rate Limit Configuration (v1alpha1)
Image Policy API (v1alpha1)
kube-apiserver Audit Configuration (v1)
kube-apiserver Configuration (v1)
kube-apiserver Configuration (v1alpha1)
kube-apiserver Encryption Configuration (v1)
kube-proxy Configuration (v1alpha1)
kube-scheduler Configuration (v1)
kube-scheduler Configuration (v1beta2)
kube-scheduler Configuration (v1beta3)
kubeadm Configuration (v1beta2)
kubeadm Configuration (v1beta3)
Kubelet Configuration (v1alpha1)
Kubelet Configuration (v1beta1)
Kubelet CredentialProvider (v1alpha1)
Kubelet CredentialProvider (v1beta1)
WebhookAdmission Configuration (v1)
Scheduling
Scheduler Configuration
Scheduling Policies
Other Tools
Mapping from dockercli to crictl
Contribute
Suggesting content improvements
Contributing new content
Opening a pull request
Documenting for a release
Blogs and case studies
Reviewing changes
Reviewing pull requests
For approvers and reviewers
Localizing Kubernetes documentation
Participating in SIG Docs
Roles and responsibilities
PR wranglers
Documentation style overview
Content guide
Style guide
Diagram guide
Writing a new topic
Page content types
Content organization
Custom Hugo Shortcodes
Updating Reference Documentation
Quickstart
Contributing to the Upstream Kubernetes Code
Generating Reference Documentation for the Kubernetes API
Generating Reference Documentation for kubectl Commands
Generating Reference Pages for Kubernetes Components and Tools
Advanced contributing
Viewing Site Analytics
Docs smoke test page
Kubernetes Documentation
Concepts
Cluster Architecture
Cluster Architecture
The architectural concepts behind Kubernetes.
Nodes
Communication between Nodes and the Control Plane
Controllers
Cloud Controller Manager
About cgroup v2
Container Runtime Interface (CRI)
Garbage Collection
Last modified June 16, 2021 at 5:57 PM PST:
Remove exec permission on markdown files (e9703497a1)
Edit this page
Create child page
Create an issue
Print entire section