From kubernetes.io
Application Security Checklist
0 1
Baseline guidelines around ensuring application security on Kubernetes, aimed at application developers
on Mon, 1AM
From kubernetes.io
0 2
As we get closer to the release date for Kubernetes v1.32, the project develops and matures. Features may be deprecated, removed, or replaced with better ones for the project's overall health. This blog outlines some of the planned changes for the Kubernetes v1.32 release, that the release team...
on Fri, 7PM
From kubernetes.io
Spotlight on Kubernetes Upstream Training in Japan
0 0
About our team We are organizers of Kubernetes Upstream Training in Japan. Our team is composed of members who actively contribute to Kubernetes, including individuals who hold roles such as member, reviewer, approver, and chair. Our goal is to increase the number of Kubernetes contributors and...
on Oct 28
From kubernetes.io
0 0
Device plugins let you configure your cluster with support for devices or resources that require vendor-specific setup, such as GPUs, NICs, FPGAs, or non-volatile main memory.
on Oct 24
From kubernetes.io
0 0
Hello Kubernetes Community, A security issue was discovered in Kubernetes where an unauthorized user may be able to ssh to a node VM which uses a VM image built with the Kubernetes Image Builder project (https://github.com/kubernetes-sigs/image-builder). For images built with the Proxmox...
on Oct 18
From kubernetes.io
0 0
Seccomp stands for secure computing mode and has been a feature of the Linux kernel since version 2.6.12. It can be used to sandbox the privileges of a process, restricting the calls it is able to make from userspace into the kernel. Kubernetes lets you automatically apply seccomp profiles...
on Oct 10
From kubernetes.io
0 0
Application logs can help you understand what is happening inside your application. The logs are particularly useful for debugging problems and monitoring cluster activity. Most modern applications have some kind of logging mechanism. Likewise, container engines are designed to support logging....
on Oct 9
From kubernetes.io
Announcing the 2024 Steering Committee Election Results
0 0
The 2024 Steering Committee Election is now complete. The Kubernetes Steering Committee consists of 7 seats, 3 of which were up for election in 2024. Incoming committee members serve a term of 2 years, and all members are elected by the Kubernetes Community. This community body is significant...
on Oct 5
From kubernetes.io
Spotlight on CNCF Deaf and Hard-of-hearing Working Group (DHHWG)
0 0
In recognition of Deaf Awareness Month and the importance of inclusivity in the tech community, we are spotlighting Catherine Paganini, facilitator and one of the founding members of CNCF Deaf and Hard-of-Hearing Working Group (DHHWG). In this interview, Sandeep Kanabar, a deaf member of the...
on Oct 1
From kubernetes.io
Kubernetes 1.31: Autoconfiguration For Node Cgroup Driver (beta)
0 0
Historically, configuring the correct cgroup driver has been a pain point for users running new Kubernetes clusters. On Linux systems, there are two different cgroup drivers: cgroupfs and systemd. In the past, both the kubelet and CRI implementation (like CRI-O or containerd) needed to be...
on Sep 27
From kubernetes.io
Kubernetes 1.31: Streaming Transitions from SPDY to WebSockets
0 0
In Kubernetes 1.31, by default kubectl now uses the WebSocket protocol instead of SPDY for streaming. This post describes what these changes mean for you and why these streaming APIs matter. Streaming APIs in Kubernetes In Kubernetes, specific endpoints that are exposed as an HTTP or RESTful...
on Sep 26
From kubernetes.io
Kubernetes 1.31: Pod Failure Policy for Jobs Goes GA
0 1
This post describes Pod failure policy, which graduates to stable in Kubernetes 1.31, and how to use it in your Jobs. About Pod failure policy When you run workloads on Kubernetes, Pods might fail for a variety of reasons. Ideally, workloads like Jobs should be able to ignore transient,...
on Sep 25
From kubernetes.io
0 0
In this SIG Scheduling spotlight we talked with Kensei Nakada, an approver in SIG Scheduling. Introductions Arvind: Hello, thank you for the opportunity to learn more about SIG Scheduling! Would you like to introduce yourself and tell us a bit about your role, and how you got involved with...
on Sep 25
From kubernetes.io
0 0
In the scheduling-plugin NodeResourcesFit of kube-scheduler, there are two scoring strategies that support the bin packing of resources: MostAllocated and RequestedToCapacityRatio. Enabling bin packing using MostAllocated strategy The MostAllocated strategy scores the nodes based on the...
on Sep 23
From kubernetes.io
Installer et configurer kubectl
0 0
Installation et configuration de kubectl
on Sep 15
From kubernetes.io
0 1
Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within your organization. RBAC authorization uses the rbac.authorization.k8s.io API group to drive authorization decisions, allowing you to dynamically...
on Sep 3
From kubernetes.io
0 0
Kubernetes provides a command line tool for communicating with a Kubernetes cluster's control plane, using the Kubernetes API. This tool is named kubectl. For configuration, kubectl looks for a file named config in the $HOME/.kube directory. You can specify other kubeconfig files by setting the...
on Aug 24
From kubernetes.io
Kubernetes v1.31: kubeadm v1beta4
0 1
As part of the Kubernetes v1.31 release, kubeadm is adopting a new (v1beta4) version of its configuration file format. Configuration in the previous v1beta3 format is now formally deprecated, which means it's supported but you should migrate to v1beta4 and stop using the deprecated format....
on Aug 23
From kubernetes.io
Kubernetes v1.31: New Kubernetes CPUManager Static Policy: Distribute CPUs Across Cores
0 0
In Kubernetes v1.31, we are excited to introduce a significant enhancement to CPU management capabilities: the distribute-cpus-across-cores option for the CPUManager static policy. This feature is currently in alpha and hidden by default, marking a strategic shift aimed at optimizing CPU...
on Aug 23
From kubernetes.io
Resource Management for Pods and Containers
0 0
When you specify a Pod, you can optionally specify how much of each resource a container needs. The most common resources to specify are CPU and memory (RAM); there are others. When you specify the resource request for containers in a Pod, the kube-scheduler uses this information to decide which...
on Aug 23
From kubernetes.io
Kubernetes 1.31: Custom Profiling in Kubectl Debug Graduates to Beta
0 0
There are many ways of troubleshooting the pods and nodes in the cluster. However, kubectl debug is one of the easiest, highly used and most prominent ones. It provides a set of static profiles and each profile serves for a different kind of role. For instance, from the network administrator's...
on Aug 23
From kubernetes.io
Kubernetes 1.31: Fine-grained SupplementalGroups control
0 1
This blog discusses a new feature in Kubernetes 1.31 to improve the handling of supplementary groups in containers within Pods. Motivation: Implicit group memberships defined in /etc/group in the container image Although this behavior may not be popular with many Kubernetes cluster users/admins,...
on Aug 23
From kubernetes.io
Kubernetes 1.31: MatchLabelKeys in PodAffinity graduates to beta
0 0
Kubernetes 1.29 introduced new fields MatchLabelKeys and MismatchLabelKeys in PodAffinity and PodAntiAffinity. In Kubernetes 1.31, this feature moves to beta and the corresponding feature gate (MatchLabelKeysInPodAffinity) gets enabled by default. MatchLabelKeys - Enhanced scheduling for...
on Aug 23
From kubernetes.io
Kubernetes 1.31: VolumeAttributesClass for Volume Modification Beta
0 0
Volumes in Kubernetes have been described by two attributes: their storage class, and their capacity. The storage class is an immutable property of the volume, while the capacity can be changed dynamically with volume resize. This complicates vertical scaling of workloads with volumes. While...
on Aug 23
From kubernetes.io
Kubernetes 1.31: Read Only Volumes Based On OCI Artifacts (alpha)
0 0
The Kubernetes community is moving towards fulfilling more Artificial Intelligence (AI) and Machine Learning (ML) use cases in the future. While the project has been designed to fulfill microservice architectures in the past, it’s now time to listen to the end users and introduce features which...
on Aug 16
From kubernetes.io
Kubernetes v1.31: Accelerating Cluster Performance with Consistent Reads from Cache
0 1
Kubernetes is renowned for its robust orchestration of containerized applications, but as clusters grow, the demands on the control plane can become a bottleneck. A key challenge has been ensuring strongly consistent reads from the etcd datastore, requiring resource-intensive quorum...
on Aug 16
From kubernetes.io
Kubernetes v1.31: PersistentVolume Last Phase Transition Time Moves to GA
0 1
Announcing the graduation to General Availability (GA) of the PersistentVolume lastTransitionTime status field, in Kubernetes v1.31! The Kubernetes SIG Storage team is excited to announce that the "PersistentVolumeLastPhaseTransitionTime" feature, introduced as an alpha in Kubernetes v1.28, has...
on Aug 15
From kubernetes.io
Kubernetes 1.31: Moving cgroup v1 Support into Maintenance Mode
0 0
As Kubernetes continues to evolve and adapt to the changing landscape of container orchestration, the community has decided to move cgroup v1 support into maintenance mode in v1.31. This shift aligns with the broader industry's move towards cgroup v2, offering improved functionalities: including...
on Aug 14
From kubernetes.io
0 0
Editors: Matteo Bianchi, Yigit Demirbas, Abigail McCarthy, Edith Puclla, Rashan Smith Announcing the release of Kubernetes v1.31: Elli! Similar to previous releases, the release of Kubernetes v1.31 introduces new stable, beta, and alpha features. The consistent delivery of high-quality releases...
on Aug 13
From kubernetes.io
Introducing Feature Gates to Client-Go: Enhancing Flexibility and Control
0 1
Kubernetes components use on-off switches called feature gates to manage the risk of adding a new feature. The feature gate mechanism is what enables incremental graduation of a feature through the stages Alpha, Beta, and GA. Kubernetes components, such as kube-controller-manager and...
on Aug 12
From kubernetes.io
Spotlight on SIG API Machinery
0 0
We recently talked with Federico Bongiovanni (Google) and David Eads (Red Hat), Chairs of SIG API Machinery, to know a bit more about this Kubernetes Special Interest Group. Introductions Frederico (FSM): Hello, and thank your for your time. To start with, could you tell us about yourselves and...
on Aug 8
From kubernetes.io
0 0
In Kubernetes, namespaces provide a mechanism for isolating groups of resources within a single cluster. Names of resources need to be unique within a namespace, but not across namespaces. Namespace-based scoping is applicable only for namespaced objects (e.g. Deployments, Services, etc.) and...
on Aug 5
From kubernetes.io
Using Finalizers to Control Deletion
0 0
Deleting objects in Kubernetes can be challenging. You may think you’ve deleted something, only to find it still persists. While issuing a kubectl delete command and hoping for the best might work for day-to-day operations, understanding how Kubernetes delete commands operate will help you...
on Aug 4
From kubernetes.io
Guaranteed Scheduling For Critical Add-On Pods
0 0
Kubernetes core components such as the API server, scheduler, and controller-manager run on a control plane node. However, add-ons must run on a regular cluster node. Some of these add-ons are critical to a fully functional cluster, such as metrics-server, DNS, and UI. A cluster may stop working...
on Jul 21
From kubernetes.io
Kubernetes Removals and Major Changes In v1.31
0 1
As Kubernetes develops and matures, features may be deprecated, removed, or replaced with better ones for the project's overall health. This article outlines some planned changes for the Kubernetes v1.31 release that the release team feels you should be aware of for the continued maintenance of...
on Jul 20
From kubernetes.io
0 0
A container image represents binary data that encapsulates an application and all its software dependencies. Container images are executable software bundles that can run standalone and that make very well defined assumptions about their runtime environment. You typically create a container...
on Jun 29
From kubernetes.io
0 1
In the world of container orchestration, Kubernetes reigns supreme, powering some of the most complex and dynamic applications across the globe. Behind the scenes, a network of Special Interest Groups (SIGs) drives Kubernetes' innovation and stability. Today, I have the privilege of speaking...
on Jun 26
From kubernetes.io
0 0
Kubernetes is a portable, extensible, open source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available.
on Jun 26
From kubernetes.io
0 0
Ten (10) years ago, on June 6th, 2014, the first commit of Kubernetes was pushed to GitHub. That first commit with 250 files and 47,501 lines of go, bash and markdown kicked off the project we have today. Who could have predicted that 10 years later, Kubernetes would grow to become one of the...
on Jun 8
From kubernetes.io
Writing a Controller for Pod Labels
0 0
Operators are proving to be an excellent solution to running stateful distributed applications in Kubernetes. Open source tools like the Operator SDK provide ways to build reliable and maintainable operators, making it easier to extend Kubernetes and implement custom scheduling. Kubernetes...
on Jun 1
From kubernetes.io
Completing the largest migration in Kubernetes history
0 0
Since as early as Kubernetes v1.7, the Kubernetes project has pursued the ambitious goal of removing built-in cloud provider integrations (KEP-2395). While these integrations were instrumental in Kubernetes' early development and growth, their removal was driven by two key factors: the growing...
on May 20
From kubernetes.io
From Code to Quill: Embark on a Legendary Kubernetes Quest with SIG Docs
0 0
You've likely heard the adage, "Contributing isn't just about writing code", whispered in forums or seen etched into the digital walls of open source communities. But what depth of truth lies within this ancient wisdom, especially in the vast, evolving world of Kubernetes? Today, contributing to...
on May 16
From kubernetes.io
Gateway API v1.1: Service mesh, GRPCRoute, and a whole lot more
0 0
Following the GA release of Gateway API last October, Kubernetes SIG Network is pleased to announce the v1.1 release of Gateway API. In this release, several features are graduating to Standard Channel (GA), notably including support for service mesh and GRPCRoute. We're also introducing some...
on May 10
From kubernetes.io
Container Runtime Interface streaming explained
0 0
The Kubernetes Container Runtime Interface (CRI) acts as the main connection between the kubelet and the Container Runtime. Those runtimes have to provide a gRPC server which has to fulfill a Kubernetes defined Protocol Buffer interface. This API definition evolves over time, for example when...
on May 1
From kubernetes.io
Kubernetes 1.30: Preventing unauthorized volume mode conversion moves to GA
0 0
With the release of Kubernetes 1.30, the feature to prevent the modification of the volume mode of a PersistentVolumeClaim that was created from an existing VolumeSnapshot in a Kubernetes cluster, has moved to GA! The problem The Volume Mode of a PersistentVolumeClaim refers to whether the...
on Apr 30
From kubernetes.io
Kubernetes 1.30: Multi-Webhook and Modular Authorization Made Much Easier
0 0
With Kubernetes 1.30, we (SIG Auth) are moving Structured Authorization Configuration to beta. Today's article is about authorization: deciding what someone can and cannot access. Check a previous article from yesterday to find about what's new in Kubernetes v1.30 around authentication (finding...
on Apr 26
From kubernetes.io
Kubernetes 1.30: Structured Authentication Configuration Moves to Beta
0 0
With Kubernetes 1.30, we (SIG Auth) are moving Structured Authentication Configuration to beta. Today's article is about authentication: finding out who's performing a task, and checking that they are who they say they are. Check back in tomorrow to find about what's new in Kubernetes v1.30...
on Apr 25