Analyzing a campaign where a threat actor leveraged Docker Swam and Kubernetes to mine cryptocurrency| securitylabs.datadoghq.com
Note: Dockershim has been removed from the Kubernetes project as of release 1.24. Read the Dockershim Removal FAQ for further details. FEATURE STATE: Kubernetes v1.11 [stable] The lifecycle of the kubeadm CLI tool is decoupled from the kubelet, which is a daemon that runs on each node within the Kubernetes cluster. The kubeadm CLI tool is executed by the user when Kubernetes is initialized or upgraded, whereas the kubelet is always running in the background.| Kubernetes
This page covers how to customize the components that kubeadm deploys. For control plane components you can use flags in the ClusterConfiguration structure or patches per-node. For the kubelet and kube-proxy you can use KubeletConfiguration and KubeProxyConfiguration, accordingly. All of these options are possible via the kubeadm configuration API. For more details on each field in the configuration you can navigate to our API reference pages. Note:Customizing the CoreDNS deployment of kubead...| Kubernetes
This tutorial will show you how to set up Windows containers for Kubernetes and how to ship their metrics from Azure's AKS service| Logz.io
Different ways to change the behavior of your Kubernetes cluster.| Kubernetes
Learn how Kubernetes liveness probes work, different types, configurations, and best practices to keep your containers healthy and running.| Spacelift
The architectural concepts behind Kubernetes.| Kubernetes
Tools such as Prometheus and OpenTelemetry help us monitor the health, performance, and availability of our complex distributed systems. Both are open source projects under the Cloud Native Computing Foundation (CNCF) umbrella – but what role does each play in observability? OpenTelemetry (OTel for short), is a vendor-neutral open standard for instrumenting, generating, collecting, and exporting telemetry data. Prometheus is a fixture of the observability landscape, widely relied upon for m...| OpenTelemetry
A container image represents binary data that encapsulates an application and all its software dependencies. Container images are executable software bundles that can run standalone and that make very well-defined assumptions about their runtime environment. You typically create a container image of your application and push it to a registry before referring to it in a Pod. This page provides an outline of the container image concept. Note:If you are looking for the container images for a Kub...| Kubernetes
Node authorization is a special-purpose authorization mode that specifically authorizes API requests made by kubelets. Overview The Node authorizer allows a kubelet to perform API operations. This includes: Read operations: services endpoints nodes pods secrets, configmaps, persistent volume claims and persistent volumes related to pods bound to the kubelet's node FEATURE STATE: Kubernetes v1.32 [beta] (enabled by default: true) When the AuthorizeNodeWithSelectors feature is enabled (along wi...| Kubernetes
Configure AWS-specific settings with EC2NodeClasses| karpenter.sh
For Kubernetes v1.29, you need to use additional components to integrate your Kubernetes cluster with a cloud infrastructure provider. By default, Kubernetes v1.29 components abort if you try to specify integration with any cloud provider using one of the legacy compiled-in cloud provider integrations. If you want to use a legacy integration, you have to opt back in - and a future release will remove even that option. In 2018, the Kubernetes community agreed to form the Cloud Provider Special...| Kubernetes
Production-Grade Container Orchestration| Kubernetes
The Kubernetes community has been signing their container image-based artifacts since release v1.24. While the graduation of the corresponding enhancement from alpha to beta in v1.26 introduced signatures for the binary artifacts, other projects followed the approach by providing image signatures for their releases, too. This means that they either create the signatures within their own CI/CD pipelines, for example by using GitHub actions, or rely on the Kubernetes image promotion process to ...| Kubernetes
This page shows how to configure liveness, readiness and startup probes for containers. For more information about probes, see Liveness, Readiness and Startup Probes The kubelet uses liveness probes to know when to restart a container. For example, liveness probes could catch a deadlock, where an application is running, but unable to make progress. Restarting a container in such a state can help to make the application more available despite bugs.| Kubernetes