Hugok8s-ops.net2025-12-07T22:07:27+00:00https://k8s-ops.net/NGINX Gateway Fabric 2.2: Modern Kubernetes Application Deliveryhttps://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/2025-12-01T00:00:00+00:002025-12-07T16:51:08-05:00
<p>NGINX has released Gateway Fabric 2.2, representing a significant milestone in Kubernetes application delivery and modern workload support. This release focuses on advancing Kubernetes-native networking, with particular emphasis on supporting modern application patterns including Large Language Model (LLM) inference workloads. NGINX Gateway Fabric combines the power of the proven NGINX data plane with the flexibility and standardization of the Kubernetes Gateway API.</p>
<div class="gblog-post__anchorwrap">
<h2 id="nginx-gateway-fabric-overview">
NGINX Gateway Fabric Overview
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#nginx-gateway-fabric-overview" class="gblog-post__anchor clip flex align-center" aria-label="Anchor NGINX Gateway Fabric Overview" href="#nginx-gateway-fabric-overview">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>NGINX Gateway Fabric is NGINX’s official implementation of the Kubernetes Gateway API, providing a production-ready, high-performance solution for managing ingress traffic in Kubernetes clusters. Built on NGINX’s battle-tested data plane, it offers the reliability and performance that organizations expect from NGINX while embracing the modern Gateway API standard.</p>
<div class="gblog-post__anchorwrap">
<h3 id="key-characteristics">
Key Characteristics
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#key-characteristics" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Key Characteristics" href="#key-characteristics">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li><strong>Gateway API Compliant</strong>: Full implementation of Gateway API specifications</li>
<li><strong>NGINX Data Plane</strong>: Leverages proven NGINX technology</li>
<li><strong>Production Ready</strong>: Battle-tested in production environments</li>
<li><strong>High Performance</strong>: NGINX’s renowned performance and efficiency</li>
<li><strong>Feature Rich</strong>: Advanced traffic management capabilities</li>
<li><strong>Kubernetes Native</strong>: Designed from the ground up for Kubernetes</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="whats-new-in-gateway-fabric-22">
What’s New in Gateway Fabric 2.2
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#whats-new-in-gateway-fabric-22" class="gblog-post__anchor clip flex align-center" aria-label="Anchor What’s New in Gateway Fabric 2.2" href="#whats-new-in-gateway-fabric-22">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-gateway-api-inference-extension">
1. Gateway API Inference Extension
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#1-gateway-api-inference-extension" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Gateway API Inference Extension" href="#1-gateway-api-inference-extension">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>One of the most significant additions in 2.2 is the Gateway API Inference Extension, designed specifically for LLM inference workloads and modern AI/ML applications.</p>
<div class="gblog-post__anchorwrap">
<h4 id="inference-aware-routing">
Inference-Aware Routing
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#inference-aware-routing" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Inference-Aware Routing" href="#inference-aware-routing">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>The Inference Extension enables intelligent routing for inference workloads:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">llm-inference-route</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">hostnames</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">api.example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">matches</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">path</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">PathPrefix</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l">/inference</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">filters</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">ExtensionRef</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">extensionRef</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">group</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.nginx.org</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">InferencePolicy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">llm-inference-policy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">llm-inference-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nn">---</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.nginx.org/v1alpha1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">InferencePolicy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">llm-inference-policy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">timeout</span><span class="p">:</span><span class="w"> </span><span class="l">300s</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">maxConcurrentRequests</span><span class="p">:</span><span class="w"> </span><span class="m">10</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">retryPolicy</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">maxRetries</span><span class="p">:</span><span class="w"> </span><span class="m">3</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">retryOn</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">timeout</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">5xx</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">loadBalancing</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">strategy</span><span class="p">:</span><span class="w"> </span><span class="l">least_connections</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">stickySession</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h4 id="features-for-llm-workloads">
Features for LLM Workloads
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#features-for-llm-workloads" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Features for LLM Workloads" href="#features-for-llm-workloads">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Extended Timeouts</strong>: Support for long-running inference requests</li>
<li><strong>Concurrent Request Limits</strong>: Manage resource-intensive workloads</li>
<li><strong>Intelligent Retry Logic</strong>: Handle transient failures gracefully</li>
<li><strong>Connection Pooling</strong>: Efficient connection management</li>
<li><strong>Streaming Support</strong>: Real-time response streaming for LLM outputs</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="2-enhanced-openshift-integration">
2. Enhanced OpenShift Integration
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#2-enhanced-openshift-integration" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Enhanced OpenShift Integration" href="#2-enhanced-openshift-integration">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Gateway Fabric 2.2 includes improved integration with Red Hat OpenShift:</p>
<div class="gblog-post__anchorwrap">
<h4 id="openshift-specific-features">
OpenShift-Specific Features
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#openshift-specific-features" class="gblog-post__anchor clip flex align-center" aria-label="Anchor OpenShift-Specific Features" href="#openshift-specific-features">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">openshift-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">openshift-ingress</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">gatewayClassName</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">listeners</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">http</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l">HTTP</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">allowedRoutes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespaces</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">from</span><span class="p">:</span><span class="w"> </span><span class="l">Selector</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">network.openshift.io/policy-group</span><span class="p">:</span><span class="w"> </span><span class="l">ingress</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h4 id="openshift-router-compatibility">
OpenShift Router Compatibility
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#openshift-router-compatibility" class="gblog-post__anchor clip flex align-center" aria-label="Anchor OpenShift Router Compatibility" href="#openshift-router-compatibility">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Seamless Migration</strong>: Easier migration from OpenShift Router</li>
<li><strong>Route Compatibility</strong>: Support for OpenShift Route resources</li>
<li><strong>Security Context</strong>: Better integration with OpenShift security policies</li>
<li><strong>Multi-tenancy</strong>: Enhanced support for OpenShift projects</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="3-advanced-traffic-management">
3. Advanced Traffic Management
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#3-advanced-traffic-management" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Advanced Traffic Management" href="#3-advanced-traffic-management">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Gateway Fabric 2.2 introduces enhanced traffic management capabilities:</p>
<div class="gblog-post__anchorwrap">
<h4 id="weighted-traffic-splitting">
Weighted Traffic Splitting
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#weighted-traffic-splitting" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Weighted Traffic Splitting" href="#weighted-traffic-splitting">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">canary-deployment</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">matches</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">path</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">PathPrefix</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l">/</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">stable-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">weight</span><span class="p">:</span><span class="w"> </span><span class="m">90</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">canary-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">weight</span><span class="p">:</span><span class="w"> </span><span class="m">10</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">filters</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">ExtensionRef</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">extensionRef</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">group</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.nginx.org</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">TrafficSplitPolicy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">canary-policy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nn">---</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.nginx.org/v1alpha1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">TrafficSplitPolicy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">canary-policy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">healthChecks</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">interval</span><span class="p">:</span><span class="w"> </span><span class="l">10s</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">timeout</span><span class="p">:</span><span class="w"> </span><span class="l">5s</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">failover</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">threshold</span><span class="p">:</span><span class="w"> </span><span class="m">5</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h4 id="request-mirroring">
Request Mirroring
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#request-mirroring" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Request Mirroring" href="#request-mirroring">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">mirroring-route</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">matches</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">path</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">PathPrefix</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l">/</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">filters</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">RequestMirror</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">requestMirror</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">backendRef</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">shadow-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h4 id="advanced-rate-limiting">
Advanced Rate Limiting
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#advanced-rate-limiting" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Advanced Rate Limiting" href="#advanced-rate-limiting">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">rate-limited-route</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">matches</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">path</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">PathPrefix</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l">/api</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">filters</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">ExtensionRef</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">extensionRef</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">group</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.nginx.org</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">RateLimitPolicy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">api-rate-limit</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nn">---</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.nginx.org/v1alpha1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">RateLimitPolicy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">api-rate-limit</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rate</span><span class="p">:</span><span class="w"> </span><span class="m">100</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">period</span><span class="p">:</span><span class="w"> </span><span class="l">1s</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">burst</span><span class="p">:</span><span class="w"> </span><span class="m">50</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="s2">"${remote_addr}"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">zones</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">api_zone</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">size</span><span class="p">:</span><span class="w"> </span><span class="l">10m</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rate</span><span class="p">:</span><span class="w"> </span><span class="l">100r/s</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="4-enhanced-security-features">
4. Enhanced Security Features
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#4-enhanced-security-features" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 4. Enhanced Security Features" href="#4-enhanced-security-features">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="gblog-post__anchorwrap">
<h4 id="mtls-support">
mTLS Support
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#mtls-support" class="gblog-post__anchor clip flex align-center" aria-label="Anchor mTLS Support" href="#mtls-support">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">secure-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">gatewayClassName</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">listeners</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">https-mtls</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPS</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">443</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">tls</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mode</span><span class="p">:</span><span class="w"> </span><span class="l">Terminate</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">certificateRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">server-cert</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">clientCertificateRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">client-ca-cert</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">allowedRoutes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespaces</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">from</span><span class="p">:</span><span class="w"> </span><span class="l">All</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h4 id="web-application-firewall-waf-integration">
Web Application Firewall (WAF) Integration
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#web-application-firewall-waf-integration" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Web Application Firewall (WAF) Integration" href="#web-application-firewall-waf-integration">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">waf-protected-route</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">matches</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">path</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">PathPrefix</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l">/</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">filters</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">ExtensionRef</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">extensionRef</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">group</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.nginx.org</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">WAFPolicy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">waf-policy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">web-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nn">---</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.nginx.org/v1alpha1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">WAFPolicy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">waf-policy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mode</span><span class="p">:</span><span class="w"> </span><span class="l">blocking</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">id</span><span class="p">:</span><span class="w"> </span><span class="m">1001</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">id</span><span class="p">:</span><span class="w"> </span><span class="m">1002</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">customRules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">rule</span><span class="p">:</span><span class="w"> </span><span class="s1">'SecRule REQUEST_URI "@contains /admin" "id:9001,deny,status:403"'</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="5-improved-observability">
5. Improved Observability
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#5-improved-observability" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 5. Improved Observability" href="#5-improved-observability">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="gblog-post__anchorwrap">
<h4 id="enhanced-metrics">
Enhanced Metrics
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#enhanced-metrics" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Enhanced Metrics" href="#enhanced-metrics">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Gateway Fabric 2.2 provides comprehensive metrics:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ServiceMonitor</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway-metrics</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway-fabric</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">endpoints</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="l">metrics</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">interval</span><span class="p">:</span><span class="w"> </span><span class="l">30s</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l">/metrics</span><span class="w">
</span></span></span></code></pre></div><p>Metrics include:</p>
<ul>
<li><strong>Request Rates</strong>: Requests per second by route, hostname, status code</li>
<li><strong>Latency</strong>: P50, P95, P99 latency percentiles</li>
<li><strong>Error Rates</strong>: 4xx and 5xx error rates</li>
<li><strong>Connection Metrics</strong>: Active connections, connection rates</li>
<li><strong>Backend Metrics</strong>: Backend health, response times</li>
<li><strong>SSL/TLS Metrics</strong>: Certificate expiration, handshake failures</li>
</ul>
<div class="gblog-post__anchorwrap">
<h4 id="distributed-tracing">
Distributed Tracing
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#distributed-tracing" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Distributed Tracing" href="#distributed-tracing">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">traced-route</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">matches</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">path</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">PathPrefix</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l">/</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">filters</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">ExtensionRef</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">extensionRef</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">group</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.nginx.org</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">TracingPolicy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">tracing-config</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nn">---</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.nginx.org/v1alpha1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">TracingPolicy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">tracing-config</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">samplingRate</span><span class="p">:</span><span class="w"> </span><span class="m">0.1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">traceIdHeader</span><span class="p">:</span><span class="w"> </span><span class="s2">"x-trace-id"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">spanIdHeader</span><span class="p">:</span><span class="w"> </span><span class="s2">"x-span-id"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">exporter</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">jaeger</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">endpoint</span><span class="p">:</span><span class="w"> </span><span class="l">http://jaeger-collector:14268/api/traces</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h2 id="installation-and-configuration">
Installation and Configuration
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#installation-and-configuration" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Installation and Configuration" href="#installation-and-configuration">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="quick-start-installation">
Quick Start Installation
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#quick-start-installation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Quick Start Installation" href="#quick-start-installation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Add Helm repository</span>
</span></span><span class="line"><span class="cl">helm repo add nginx-gateway-fabric https://nginxinc.github.io/nginx-gateway-fabric-helm-charts
</span></span><span class="line"><span class="cl">helm repo update
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Install NGINX Gateway Fabric</span>
</span></span><span class="line"><span class="cl">helm install nginx-gateway-fabric nginx-gateway-fabric/nginx-gateway-fabric <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --namespace nginx-gateway <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --create-namespace <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --version 2.2.0
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Verify installation</span>
</span></span><span class="line"><span class="cl">kubectl get pods -n nginx-gateway
</span></span><span class="line"><span class="cl">kubectl get gatewayclass
</span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="advanced-configuration">
Advanced Configuration
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#advanced-configuration" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Advanced Configuration" href="#advanced-configuration">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="gblog-post__anchorwrap">
<h4 id="custom-nginx-configuration">
Custom NGINX Configuration
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#custom-nginx-configuration" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Custom NGINX Configuration" href="#custom-nginx-configuration">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ConfigMap</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway-config</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">data</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">nginx.conf</span><span class="p">:</span><span class="w"> </span><span class="p">|</span><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> worker_processes auto;
</span></span></span><span class="line"><span class="cl"><span class="sd"> worker_connections 1024;
</span></span></span><span class="line"><span class="cl"><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> events {
</span></span></span><span class="line"><span class="cl"><span class="sd"> use epoll;
</span></span></span><span class="line"><span class="cl"><span class="sd"> multi_accept on;
</span></span></span><span class="line"><span class="cl"><span class="sd"> }
</span></span></span><span class="line"><span class="cl"><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> http {
</span></span></span><span class="line"><span class="cl"><span class="sd"> keepalive_timeout 65;
</span></span></span><span class="line"><span class="cl"><span class="sd"> keepalive_requests 100;
</span></span></span><span class="line"><span class="cl"><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> # Logging
</span></span></span><span class="line"><span class="cl"><span class="sd"> log_format main '$remote_addr - $remote_user [$time_local] '
</span></span></span><span class="line"><span class="cl"><span class="sd"> '"$request" $status $body_bytes_sent '
</span></span></span><span class="line"><span class="cl"><span class="sd"> '"$http_referer" "$http_user_agent"';
</span></span></span><span class="line"><span class="cl"><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> access_log /var/log/nginx/access.log main;
</span></span></span><span class="line"><span class="cl"><span class="sd"> error_log /var/log/nginx/error.log warn;
</span></span></span><span class="line"><span class="cl"><span class="sd"> }</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h4 id="resource-limits">
Resource Limits
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#resource-limits" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Resource Limits" href="#resource-limits">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">apps/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Deployment</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway-fabric</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">template</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway-fabric</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">resources</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">requests</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="l">500m</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="l">512Mi</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">limits</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="l">2000m</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="l">2Gi</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h2 id="use-cases">
Use Cases
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#use-cases" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Use Cases" href="#use-cases">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-llm-inference-routing">
1. LLM Inference Routing
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#1-llm-inference-routing" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. LLM Inference Routing" href="#1-llm-inference-routing">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Gateway Fabric 2.2 excels at routing traffic to LLM inference services:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">llm-api-route</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">hostnames</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">llm-api.example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">matches</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">path</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">PathPrefix</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l">/v1/chat</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">filters</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">ExtensionRef</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">extensionRef</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">group</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.nginx.org</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">InferencePolicy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">chat-inference</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">chat-llm-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">weight</span><span class="p">:</span><span class="w"> </span><span class="m">70</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">chat-llm-service-gpu</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">weight</span><span class="p">:</span><span class="w"> </span><span class="m">30</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">matches</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">path</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">PathPrefix</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l">/v1/completions</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">filters</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">ExtensionRef</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">extensionRef</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">group</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.nginx.org</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">InferencePolicy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">completion-inference</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">completion-llm-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="2-multi-tenant-api-gateway">
2. Multi-Tenant API Gateway
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#2-multi-tenant-api-gateway" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Multi-Tenant API Gateway" href="#2-multi-tenant-api-gateway">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># Gateway for tenant isolation</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">tenant-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">gateway-system</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">gatewayClassName</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">listeners</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">tenant-http</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l">HTTP</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">allowedRoutes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespaces</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">from</span><span class="p">:</span><span class="w"> </span><span class="l">Selector</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">tenant</span><span class="p">:</span><span class="w"> </span><span class="l">enabled</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># Tenant-specific route</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">tenant-a-route</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">tenant-a</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">labels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">tenant</span><span class="p">:</span><span class="w"> </span><span class="l">enabled</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">tenant-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">gateway-system</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">hostnames</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">tenant-a.example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">tenant-a-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="3-ab-testing-and-canary-deployments">
3. A/B Testing and Canary Deployments
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#3-ab-testing-and-canary-deployments" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. A/B Testing and Canary Deployments" href="#3-ab-testing-and-canary-deployments">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">ab-test-route</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># A/B test based on header</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">matches</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">headers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">x-test-variant</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s2">"A"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">variant-a-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">matches</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">headers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">x-test-variant</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s2">"B"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">variant-b-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># Default: weighted canary</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">matches</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">path</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">PathPrefix</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l">/</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">stable-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">weight</span><span class="p">:</span><span class="w"> </span><span class="m">90</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">canary-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">weight</span><span class="p">:</span><span class="w"> </span><span class="m">10</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="4-api-versioning">
4. API Versioning
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#4-api-versioning" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 4. API Versioning" href="#4-api-versioning">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">api-versioning</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">hostnames</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">api.example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># v2 API - latest</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">matches</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">path</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">PathPrefix</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l">/v2</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">api-v2-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># v1 API - legacy support</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">matches</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">path</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">PathPrefix</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l">/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">api-v1-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># Default routing</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">matches</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">path</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">PathPrefix</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l">/</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">filters</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">RequestRedirect</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">requestRedirect</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">scheme</span><span class="p">:</span><span class="w"> </span><span class="l">https</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">hostname</span><span class="p">:</span><span class="w"> </span><span class="l">docs.example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">ReplaceFullPath</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">replaceFullPath</span><span class="p">:</span><span class="w"> </span><span class="l">/api/v2</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">statusCode</span><span class="p">:</span><span class="w"> </span><span class="m">301</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h2 id="performance-and-scalability">
Performance and Scalability
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#performance-and-scalability" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Performance and Scalability" href="#performance-and-scalability">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="performance-characteristics">
Performance Characteristics
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#performance-characteristics" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Performance Characteristics" href="#performance-characteristics">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Gateway Fabric 2.2 delivers exceptional performance:</p>
<ul>
<li><strong>High Throughput</strong>: Handles millions of requests per second</li>
<li><strong>Low Latency</strong>: Sub-millisecond request processing</li>
<li><strong>Efficient Resource Usage</strong>: Minimal CPU and memory footprint</li>
<li><strong>Connection Handling</strong>: Supports hundreds of thousands of concurrent connections</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="horizontal-scaling">
Horizontal Scaling
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#horizontal-scaling" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Horizontal Scaling" href="#horizontal-scaling">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">apps/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Deployment</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway-fabric</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">replicas</span><span class="p">:</span><span class="w"> </span><span class="m">3</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">strategy</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">RollingUpdate</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rollingUpdate</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">maxSurge</span><span class="p">:</span><span class="w"> </span><span class="m">1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">maxUnavailable</span><span class="p">:</span><span class="w"> </span><span class="m">0</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">template</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway-fabric</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">resources</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">requests</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="l">500m</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="l">512Mi</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">limits</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="l">2000m</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="l">2Gi</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="load-balancing-strategies">
Load Balancing Strategies
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#load-balancing-strategies" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Load Balancing Strategies" href="#load-balancing-strategies">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.nginx.org/v1alpha1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">LoadBalancingPolicy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">lb-policy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">strategy</span><span class="p">:</span><span class="w"> </span><span class="l">least_connections</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">healthChecks</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">interval</span><span class="p">:</span><span class="w"> </span><span class="l">10s</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">timeout</span><span class="p">:</span><span class="w"> </span><span class="l">5s</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">unhealthyThreshold</span><span class="p">:</span><span class="w"> </span><span class="m">3</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">healthyThreshold</span><span class="p">:</span><span class="w"> </span><span class="m">2</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h2 id="integration-with-kubernetes-ecosystem">
Integration with Kubernetes Ecosystem
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#integration-with-kubernetes-ecosystem" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Integration with Kubernetes Ecosystem" href="#integration-with-kubernetes-ecosystem">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="cert-manager-integration">
cert-manager Integration
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#cert-manager-integration" class="gblog-post__anchor clip flex align-center" aria-label="Anchor cert-manager Integration" href="#cert-manager-integration">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">cert-manager.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Certificate</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">example-cert</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">cert-manager</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">secretName</span><span class="p">:</span><span class="w"> </span><span class="l">example-tls</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">issuerRef</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">letsencrypt-prod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ClusterIssuer</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">dnsNames</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nn">---</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">listeners</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">https</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPS</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">443</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">tls</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mode</span><span class="p">:</span><span class="w"> </span><span class="l">Terminate</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">certificateRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">example-cert</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">cert-manager</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="prometheus-and-grafana">
Prometheus and Grafana
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#prometheus-and-grafana" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Prometheus and Grafana" href="#prometheus-and-grafana">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">monitoring.coreos.com/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ServiceMonitor</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway-fabric</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">endpoints</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="l">metrics</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">interval</span><span class="p">:</span><span class="w"> </span><span class="l">30s</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l">/metrics</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h2 id="best-practices">
Best Practices
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#best-practices" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Best Practices" href="#best-practices">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-gateway-organization">
1. Gateway Organization
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#1-gateway-organization" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Gateway Organization" href="#1-gateway-organization">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Organize Gateways by purpose and environment:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># Production Gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">prod-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">gateway-system</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">labels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">environment</span><span class="p">:</span><span class="w"> </span><span class="l">production</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">gatewayClassName</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># Staging Gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">staging-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">gateway-system</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">labels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">environment</span><span class="p">:</span><span class="w"> </span><span class="l">staging</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">gatewayClassName</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="2-resource-naming">
2. Resource Naming
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#2-resource-naming" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Resource Naming" href="#2-resource-naming">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Use consistent naming conventions:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># Pattern: <app>-<environment>-route</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">webapp-prod-route</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">production</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">prod-gateway</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="3-security-hardening">
3. Security Hardening
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#3-security-hardening" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Security Hardening" href="#3-security-hardening">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">secure-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">gatewayClassName</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">listeners</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">https</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPS</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">443</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">tls</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mode</span><span class="p">:</span><span class="w"> </span><span class="l">Terminate</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">options</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">gateway.nginx.org/ssl-ciphers</span><span class="p">:</span><span class="w"> </span><span class="s2">"HIGH:!aNULL:!MD5"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">gateway.nginx.org/ssl-protocols</span><span class="p">:</span><span class="w"> </span><span class="s2">"TLSv1.2 TLSv1.3"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">certificateRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">tls-cert</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h2 id="migration-from-nginx-ingress-controller">
Migration from NGINX Ingress Controller
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#migration-from-nginx-ingress-controller" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Migration from NGINX Ingress Controller" href="#migration-from-nginx-ingress-controller">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>For organizations migrating from NGINX Ingress Controller:</p>
<ol>
<li><strong>Install Gateway Fabric</strong>: Deploy alongside existing Ingress Controller</li>
<li><strong>Create Gateway Resources</strong>: Set up Gateway instances</li>
<li><strong>Convert Ingress to HTTPRoute</strong>: Migrate routes gradually</li>
<li><strong>Test Thoroughly</strong>: Validate functionality</li>
<li><strong>Switch Traffic</strong>: Gradually shift traffic</li>
<li><strong>Remove Ingress Controller</strong>: Once migration is complete</li>
</ol>
<div class="gblog-post__anchorwrap">
<h2 id="conclusion">
Conclusion
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-gateway-fabric-modern-kubernetes-networking/#conclusion" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Conclusion" href="#conclusion">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>NGINX Gateway Fabric 2.2 represents a significant advancement in Kubernetes application delivery, particularly with its support for modern workloads like LLM inference. The combination of NGINX’s proven data plane with Gateway API standards provides organizations with a powerful, flexible, and future-proof solution for managing ingress traffic.</p>
<p>Key highlights of Gateway Fabric 2.2:</p>
<ul>
<li><strong>LLM Inference Support</strong>: Gateway API Inference Extension for AI/ML workloads</li>
<li><strong>OpenShift Integration</strong>: Enhanced support for Red Hat OpenShift</li>
<li><strong>Advanced Traffic Management</strong>: Sophisticated routing and load balancing</li>
<li><strong>Security Enhancements</strong>: mTLS, WAF, and comprehensive security features</li>
<li><strong>Observability</strong>: Rich metrics and distributed tracing support</li>
<li><strong>Production Ready</strong>: Battle-tested and optimized for scale</li>
</ul>
<p>As organizations continue to adopt modern application patterns and migrate from traditional Ingress controllers, NGINX Gateway Fabric 2.2 provides a compelling solution that combines the best of both worlds: NGINX’s performance and reliability with Gateway API’s flexibility and standardization.</p>
<hr>
<p><em>For more information about NGINX Gateway Fabric 2.2, visit the <a
class="gblog-markdown__link"
href="https://github.com/nginxinc/nginx-gateway-fabric"
>NGINX Gateway Fabric documentation</a> and <a
class="gblog-markdown__link"
href="https://www.nginx.com/blog/"
>NGINX blog</a>.</em></p>NGINX Ingress Controller Deprecation: Complete Migration Guide to Gateway APIhttps://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/2025-11-20T00:00:00+00:002025-12-07T16:51:08-05:00
<p>The Cloud Native Computing Foundation (CNCF) has announced the deprecation of the NGINX Ingress Controller project, with official support ending in March 2026. This significant announcement marks a turning point in Kubernetes networking, as the community transitions from the traditional Ingress API to the more modern and powerful Gateway API. Organizations using NGINX Ingress Controller need to understand the implications and plan their migration to Gateway API implementations.</p>
<div class="gblog-post__anchorwrap">
<h2 id="understanding-the-deprecation">
Understanding the Deprecation
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#understanding-the-deprecation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Understanding the Deprecation" href="#understanding-the-deprecation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="why-the-deprecation">
Why the Deprecation?
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#why-the-deprecation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Why the Deprecation?" href="#why-the-deprecation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The NGINX Ingress Controller deprecation stems from several factors:</p>
<ul>
<li><strong>Maintenance Burden</strong>: Keeping up with Kubernetes changes and security patches</li>
<li><strong>Limited Capabilities</strong>: The Ingress API’s limitations restrict advanced networking features</li>
<li><strong>Security Concerns</strong>: Ongoing security maintenance challenges</li>
<li><strong>Ecosystem Evolution</strong>: The industry’s shift toward Gateway API standards</li>
<li><strong>Resource Allocation</strong>: Community resources better focused on Gateway API implementations</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="timeline-and-support">
Timeline and Support
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#timeline-and-support" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Timeline and Support" href="#timeline-and-support">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li><strong>Deprecation Announced</strong>: September 2025</li>
<li><strong>Final Release</strong>: December 2025</li>
<li><strong>End of Life</strong>: March 2026</li>
<li><strong>Security Updates</strong>: Critical security patches through March 2026</li>
<li><strong>No New Features</strong>: No new feature development after deprecation announcement</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="gateway-api-the-path-forward">
Gateway API: The Path Forward
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#gateway-api-the-path-forward" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Gateway API: The Path Forward" href="#gateway-api-the-path-forward">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>The Gateway API represents the evolution of Kubernetes ingress, designed to address Ingress API limitations:</p>
<div class="gblog-post__anchorwrap">
<h3 id="key-advantages">
Key Advantages
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#key-advantages" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Key Advantages" href="#key-advantages">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li><strong>Role-Oriented Design</strong>: Better separation of concerns across infrastructure, operators, and developers</li>
<li><strong>Advanced Routing</strong>: Header-based, query parameter, and method-based routing</li>
<li><strong>Cross-Namespace Support</strong>: Native support for routing across namespaces</li>
<li><strong>Type Safety</strong>: Better validation and error handling</li>
<li><strong>Extensibility</strong>: Standard extension points for vendor-specific features</li>
<li><strong>Portability</strong>: Works across different implementations and cloud providers</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="nginx-gateway-fabric">
NGINX Gateway Fabric
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#nginx-gateway-fabric" class="gblog-post__anchor clip flex align-center" aria-label="Anchor NGINX Gateway Fabric" href="#nginx-gateway-fabric">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>NGINX’s official Gateway API implementation, NGINX Gateway Fabric, provides a seamless path for NGINX Ingress users:</p>
<ul>
<li><strong>NGINX Data Plane</strong>: Leverages proven NGINX technology</li>
<li><strong>Gateway API Compliant</strong>: Full implementation of Gateway API specifications</li>
<li><strong>Production Ready</strong>: Battle-tested in production environments</li>
<li><strong>Feature Parity</strong>: Many features from NGINX Ingress plus Gateway API enhancements</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="migration-strategy">
Migration Strategy
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#migration-strategy" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Migration Strategy" href="#migration-strategy">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="phase-1-assessment-and-planning">
Phase 1: Assessment and Planning
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#phase-1-assessment-and-planning" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Phase 1: Assessment and Planning" href="#phase-1-assessment-and-planning">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="gblog-post__anchorwrap">
<h4 id="1-inventory-current-ingress-resources">
1. Inventory Current Ingress Resources
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#1-inventory-current-ingress-resources" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Inventory Current Ingress Resources" href="#1-inventory-current-ingress-resources">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Document all current Ingress resources:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># List all Ingress resources across all namespaces</span>
</span></span><span class="line"><span class="cl">kubectl get ingress --all-namespaces -o wide
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Export configurations</span>
</span></span><span class="line"><span class="cl">kubectl get ingress --all-namespaces -o yaml > ingress-backup.yaml
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Identify annotations and custom configurations</span>
</span></span><span class="line"><span class="cl">kubectl get ingress --all-namespaces -o <span class="nv">jsonpath</span><span class="o">=</span><span class="s1">'{range .items[*]}{.metadata.name}{"\t"}{.metadata.namespace}{"\t"}{.metadata.annotations}{"\n"}{end}'</span>
</span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h4 id="2-analyze-dependencies">
2. Analyze Dependencies
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#2-analyze-dependencies" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Analyze Dependencies" href="#2-analyze-dependencies">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Identify dependencies and integrations:</p>
<ul>
<li><strong>Monitoring</strong>: Prometheus, Grafana integrations</li>
<li><strong>Certificate Management</strong>: cert-manager, Let’s Encrypt</li>
<li><strong>Service Mesh</strong>: Istio, Linkerd integrations</li>
<li><strong>Custom Configurations</strong>: NGINX-specific annotations</li>
<li><strong>Load Balancing</strong>: Session affinity, health checks</li>
</ul>
<div class="gblog-post__anchorwrap">
<h4 id="3-choose-gateway-api-implementation">
3. Choose Gateway API Implementation
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#3-choose-gateway-api-implementation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Choose Gateway API Implementation" href="#3-choose-gateway-api-implementation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Select a Gateway API implementation:</p>
<p><strong>NGINX Gateway Fabric</strong> (Recommended for NGINX users):</p>
<ul>
<li>Direct migration path from NGINX Ingress</li>
<li>Familiar NGINX features and behaviors</li>
<li>Proven NGINX data plane</li>
</ul>
<p><strong>Istio Gateway</strong>:</p>
<ul>
<li>Full service mesh integration</li>
<li>Advanced traffic management</li>
<li>Multi-cluster support</li>
</ul>
<p><strong>Kong Gateway</strong>:</p>
<ul>
<li>Rich plugin ecosystem</li>
<li>Advanced API management features</li>
<li>Enterprise features</li>
</ul>
<p><strong>Envoy Gateway</strong>:</p>
<ul>
<li>Vendor-neutral implementation</li>
<li>High performance</li>
<li>CNCF project</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="phase-2-gateway-api-setup">
Phase 2: Gateway API Setup
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#phase-2-gateway-api-setup" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Phase 2: Gateway API Setup" href="#phase-2-gateway-api-setup">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="gblog-post__anchorwrap">
<h4 id="install-nginx-gateway-fabric">
Install NGINX Gateway Fabric
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#install-nginx-gateway-fabric" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Install NGINX Gateway Fabric" href="#install-nginx-gateway-fabric">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Add NGINX Gateway Fabric Helm repository</span>
</span></span><span class="line"><span class="cl">helm repo add nginx-gateway-fabric https://nginxinc.github.io/nginx-gateway-fabric-helm-charts
</span></span><span class="line"><span class="cl">helm repo update
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Install NGINX Gateway Fabric</span>
</span></span><span class="line"><span class="cl">helm install nginx-gateway-fabric nginx-gateway-fabric/nginx-gateway-fabric <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --namespace nginx-gateway <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --create-namespace <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --set deployment.image.repository<span class="o">=</span>nginx/nginx-gateway-fabric <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --set deployment.image.tag<span class="o">=</span>latest
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Verify installation</span>
</span></span><span class="line"><span class="cl">kubectl get pods -n nginx-gateway
</span></span><span class="line"><span class="cl">kubectl get gatewayclass
</span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h4 id="create-gatewayclass">
Create GatewayClass
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#create-gatewayclass" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Create GatewayClass" href="#create-gatewayclass">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">GatewayClass</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">controllerName</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.nginx.org/gateway-controller</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">description</span><span class="p">:</span><span class="w"> </span><span class="l">NGINX Gateway Fabric for production use</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h4 id="create-gateway-instance">
Create Gateway Instance
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#create-gateway-instance" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Create Gateway Instance" href="#create-gateway-instance">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">gatewayClassName</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">listeners</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">http</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l">HTTP</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">allowedRoutes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespaces</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">from</span><span class="p">:</span><span class="w"> </span><span class="l">All</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">https</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPS</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">443</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">allowedRoutes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespaces</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">from</span><span class="p">:</span><span class="w"> </span><span class="l">All</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">tls</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mode</span><span class="p">:</span><span class="w"> </span><span class="l">Terminate</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">certificateRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-tls-cert</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">cert-manager</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="phase-3-migration-execution">
Phase 3: Migration Execution
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#phase-3-migration-execution" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Phase 3: Migration Execution" href="#phase-3-migration-execution">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="gblog-post__anchorwrap">
<h4 id="convert-simple-ingress-to-httproute">
Convert Simple Ingress to HTTPRoute
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#convert-simple-ingress-to-httproute" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Convert Simple Ingress to HTTPRoute" href="#convert-simple-ingress-to-httproute">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p><strong>Original Ingress:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Ingress</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">web-ingress</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">production</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">annotations</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kubernetes.io/ingress.class</span><span class="p">:</span><span class="w"> </span><span class="l">nginx</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cert-manager.io/cluster-issuer</span><span class="p">:</span><span class="w"> </span><span class="l">letsencrypt-prod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">tls</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">hosts</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">www.example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">secretName</span><span class="p">:</span><span class="w"> </span><span class="l">example-tls</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">host</span><span class="p">:</span><span class="w"> </span><span class="l">example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">http</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">paths</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l">/</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">pathType</span><span class="p">:</span><span class="w"> </span><span class="l">Prefix</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">backend</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">service</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">web-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">number</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">host</span><span class="p">:</span><span class="w"> </span><span class="l">www.example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">http</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">paths</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l">/</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">pathType</span><span class="p">:</span><span class="w"> </span><span class="l">Prefix</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">backend</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">service</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">web-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">number</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span></code></pre></div><p><strong>Converted HTTPRoute:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">web-route</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">production</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">hostnames</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">www.example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">matches</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">path</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">PathPrefix</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l">/</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">web-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h4 id="handle-nginx-specific-annotations">
Handle NGINX-Specific Annotations
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#handle-nginx-specific-annotations" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Handle NGINX-Specific Annotations" href="#handle-nginx-specific-annotations">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Many NGINX Ingress annotations have Gateway API equivalents:</p>
<p><strong>Rate Limiting:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># NGINX Ingress Annotation</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">annotations</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">nginx.ingress.kubernetes.io/limit-rps</span><span class="p">:</span><span class="w"> </span><span class="s2">"100"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># Gateway API Equivalent (using NGINX Gateway Fabric extension)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">rate-limited-route</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">matches</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">path</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">PathPrefix</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l">/</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">filters</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">ExtensionRef</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">extensionRef</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">group</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.nginx.org</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">RateLimitPolicy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">rate-limit-policy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nn">---</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.nginx.org/v1alpha1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">RateLimitPolicy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">rate-limit-policy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rate</span><span class="p">:</span><span class="w"> </span><span class="m">100</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">period</span><span class="p">:</span><span class="w"> </span><span class="l">1s</span><span class="w">
</span></span></span></code></pre></div><p><strong>SSL Redirect:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># NGINX Ingress Annotation</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">annotations</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">nginx.ingress.kubernetes.io/ssl-redirect</span><span class="p">:</span><span class="w"> </span><span class="s2">"true"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># Gateway API - Use HTTPS listener with redirect filter</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">redirect-route</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">filters</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">RequestRedirect</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">requestRedirect</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">scheme</span><span class="p">:</span><span class="w"> </span><span class="l">https</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">statusCode</span><span class="p">:</span><span class="w"> </span><span class="m">301</span><span class="w">
</span></span></span></code></pre></div><p><strong>Path Rewriting:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># NGINX Ingress Annotation</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">annotations</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">nginx.ingress.kubernetes.io/rewrite-target</span><span class="p">:</span><span class="w"> </span><span class="l">/$1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># Gateway API Equivalent</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">rewrite-route</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">matches</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">path</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">PathPrefix</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l">/api/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">filters</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">URLRewrite</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">urlRewrite</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">ReplacePrefixMatch</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">replacePrefixMatch</span><span class="p">:</span><span class="w"> </span><span class="l">/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">api-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span></code></pre></div><p><strong>CORS Configuration:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># NGINX Ingress Annotations</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">annotations</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">nginx.ingress.kubernetes.io/enable-cors</span><span class="p">:</span><span class="w"> </span><span class="s2">"true"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">nginx.ingress.kubernetes.io/cors-allow-origin</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># Gateway API Extension (NGINX Gateway Fabric)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">cors-route</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">matches</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">path</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">PathPrefix</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l">/</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">filters</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">ExtensionRef</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">extensionRef</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">group</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.nginx.org</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">CORSPolicy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">cors-policy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nn">---</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.nginx.org/v1alpha1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">CORSPolicy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">cors-policy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">allowOrigins</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s2">"*"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">allowMethods</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">GET</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">POST</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">PUT</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">DELETE</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">allowHeaders</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s2">"*"</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="phase-4-advanced-migrations">
Phase 4: Advanced Migrations
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#phase-4-advanced-migrations" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Phase 4: Advanced Migrations" href="#phase-4-advanced-migrations">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="gblog-post__anchorwrap">
<h4 id="session-affinity">
Session Affinity
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#session-affinity" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Session Affinity" href="#session-affinity">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># NGINX Ingress Annotation</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">annotations</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">nginx.ingress.kubernetes.io/affinity</span><span class="p">:</span><span class="w"> </span><span class="s2">"cookie"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">nginx.ingress.kubernetes.io/session-cookie-name</span><span class="p">:</span><span class="w"> </span><span class="s2">"route"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">nginx.ingress.kubernetes.io/session-cookie-expires</span><span class="p">:</span><span class="w"> </span><span class="s2">"172800"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">nginx.ingress.kubernetes.io/session-cookie-max-age</span><span class="p">:</span><span class="w"> </span><span class="s2">"172800"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># Gateway API - Use Service with sessionAffinity</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">web-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">sessionAffinity</span><span class="p">:</span><span class="w"> </span><span class="l">ClientIP</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">sessionAffinityConfig</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">clientIP</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">timeoutSeconds</span><span class="p">:</span><span class="w"> </span><span class="m">10800</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">targetPort</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h4 id="canary-deployments">
Canary Deployments
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#canary-deployments" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Canary Deployments" href="#canary-deployments">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># NGINX Ingress Canary Annotations</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">annotations</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">nginx.ingress.kubernetes.io/canary</span><span class="p">:</span><span class="w"> </span><span class="s2">"true"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">nginx.ingress.kubernetes.io/canary-weight</span><span class="p">:</span><span class="w"> </span><span class="s2">"10"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># Gateway API - Native Traffic Splitting</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">canary-route</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">hostnames</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">matches</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">path</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">PathPrefix</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l">/</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">stable-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">weight</span><span class="p">:</span><span class="w"> </span><span class="m">90</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">canary-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">weight</span><span class="p">:</span><span class="w"> </span><span class="m">10</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h4 id="header-based-routing">
Header-Based Routing
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#header-based-routing" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Header-Based Routing" href="#header-based-routing">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># Gateway API provides native header matching</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">header-routing</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">matches</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">headers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">x-api-version</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l">v2</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">api-v2-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">matches</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">headers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">x-api-version</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">api-v1-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="phase-5-testing-and-validation">
Phase 5: Testing and Validation
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#phase-5-testing-and-validation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Phase 5: Testing and Validation" href="#phase-5-testing-and-validation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="gblog-post__anchorwrap">
<h4 id="testing-strategy">
Testing Strategy
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#testing-strategy" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Testing Strategy" href="#testing-strategy">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ol>
<li><strong>Parallel Deployment</strong>: Run both Ingress and Gateway API in parallel</li>
<li><strong>Traffic Splitting</strong>: Gradually shift traffic to Gateway API</li>
<li><strong>Monitoring</strong>: Compare metrics and performance</li>
<li><strong>Validation</strong>: Verify all functionality works correctly</li>
</ol>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># Gradual traffic migration</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">migration-route</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># Keep old Ingress service initially</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">ingress-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">weight</span><span class="p">:</span><span class="w"> </span><span class="m">50</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># Route to new Gateway API</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">gateway-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">weight</span><span class="p">:</span><span class="w"> </span><span class="m">50</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h4 id="validation-checklist">
Validation Checklist
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#validation-checklist" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Validation Checklist" href="#validation-checklist">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><input disabled="" type="checkbox"> All routes working correctly</li>
<li><input disabled="" type="checkbox"> TLS/SSL certificates functioning</li>
<li><input disabled="" type="checkbox"> Load balancing working as expected</li>
<li><input disabled="" type="checkbox"> Session affinity maintained (if used)</li>
<li><input disabled="" type="checkbox"> Rate limiting applied correctly</li>
<li><input disabled="" type="checkbox"> Monitoring and metrics collected</li>
<li><input disabled="" type="checkbox"> Performance meets or exceeds previous setup</li>
<li><input disabled="" type="checkbox"> Security policies enforced</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="certificate-management-migration">
Certificate Management Migration
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#certificate-management-migration" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Certificate Management Migration" href="#certificate-management-migration">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="cert-manager-integration">
cert-manager Integration
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#cert-manager-integration" class="gblog-post__anchor clip flex align-center" aria-label="Anchor cert-manager Integration" href="#cert-manager-integration">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>cert-manager works seamlessly with Gateway API:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># Certificate resource (same as before)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">cert-manager.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Certificate</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">example-tls</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">cert-manager</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">secretName</span><span class="p">:</span><span class="w"> </span><span class="l">example-tls</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">issuerRef</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">letsencrypt-prod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ClusterIssuer</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">dnsNames</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">www.example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># Reference in Gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">listeners</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">https</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPS</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">443</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">tls</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mode</span><span class="p">:</span><span class="w"> </span><span class="l">Terminate</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">certificateRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">example-tls</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">cert-manager</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h2 id="monitoring-and-observability">
Monitoring and Observability
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#monitoring-and-observability" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Monitoring and Observability" href="#monitoring-and-observability">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="metrics-collection">
Metrics Collection
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#metrics-collection" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Metrics Collection" href="#metrics-collection">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>NGINX Gateway Fabric exposes Prometheus metrics:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway-metrics</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">labels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway-fabric</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">metrics</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">9113</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">targetPort</span><span class="p">:</span><span class="w"> </span><span class="m">9113</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway-fabric</span><span class="w">
</span></span></span></code></pre></div><p>Prometheus scraping configuration:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ServiceMonitor</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway-metrics</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway-fabric</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">endpoints</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="l">metrics</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">interval</span><span class="p">:</span><span class="w"> </span><span class="l">30s</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="logging">
Logging
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#logging" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Logging" href="#logging">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Gateway API implementations provide structured logging compatible with existing log aggregation systems.</p>
<div class="gblog-post__anchorwrap">
<h2 id="rollback-plan">
Rollback Plan
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#rollback-plan" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Rollback Plan" href="#rollback-plan">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="if-issues-arise">
If Issues Arise
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#if-issues-arise" class="gblog-post__anchor clip flex align-center" aria-label="Anchor If Issues Arise" href="#if-issues-arise">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ol>
<li><strong>Keep Ingress Resources</strong>: Don’t delete old Ingress resources immediately</li>
<li><strong>Traffic Redirection</strong>: Switch traffic back to Ingress controller</li>
<li><strong>Investigate Issues</strong>: Debug Gateway API configuration</li>
<li><strong>Fix and Retry</strong>: Correct issues and migrate again</li>
</ol>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Switch traffic back to Ingress</span>
</span></span><span class="line"><span class="cl">kubectl scale deployment nginx-gateway-fabric --replicas<span class="o">=</span><span class="m">0</span> -n nginx-gateway
</span></span><span class="line"><span class="cl">kubectl scale deployment ingress-nginx-controller --replicas<span class="o">=</span><span class="m">3</span> -n ingress-nginx
</span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h2 id="best-practices">
Best Practices
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#best-practices" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Best Practices" href="#best-practices">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-namespace-organization">
1. Namespace Organization
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#1-namespace-organization" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Namespace Organization" href="#1-namespace-organization">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Organize Gateway resources logically:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># Infrastructure namespace for Gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">shared-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">infrastructure</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># Application namespace for HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">app-route</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">applications</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">shared-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">infrastructure</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="2-reference-grants-for-cross-namespace">
2. Reference Grants for Cross-Namespace
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#2-reference-grants-for-cross-namespace" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Reference Grants for Cross-Namespace" href="#2-reference-grants-for-cross-namespace">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Enable secure cross-namespace references:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ReferenceGrant</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">allow-apps-to-infra</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">infrastructure</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">from</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">group</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">applications</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">to</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">group</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Gateway</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="3-gradual-migration">
3. Gradual Migration
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#3-gradual-migration" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Gradual Migration" href="#3-gradual-migration">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Migrate namespace by namespace:</p>
<ol>
<li>Start with non-critical applications</li>
<li>Validate thoroughly</li>
<li>Gradually migrate production workloads</li>
<li>Monitor performance and stability</li>
</ol>
<div class="gblog-post__anchorwrap">
<h2 id="common-challenges-and-solutions">
Common Challenges and Solutions
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#common-challenges-and-solutions" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Common Challenges and Solutions" href="#common-challenges-and-solutions">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="challenge-1-complex-annotations">
Challenge 1: Complex Annotations
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#challenge-1-complex-annotations" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Challenge 1: Complex Annotations" href="#challenge-1-complex-annotations">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Problem</strong>: Extensive use of NGINX-specific annotations</p>
<p><strong>Solution</strong>: Map annotations to Gateway API features or use implementation-specific extensions</p>
<div class="gblog-post__anchorwrap">
<h3 id="challenge-2-custom-configurations">
Challenge 2: Custom Configurations
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#challenge-2-custom-configurations" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Challenge 2: Custom Configurations" href="#challenge-2-custom-configurations">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Problem</strong>: Custom NGINX configurations not directly supported</p>
<p><strong>Solution</strong>: Use Gateway API extension mechanisms or implementation-specific features</p>
<div class="gblog-post__anchorwrap">
<h3 id="challenge-3-third-party-integrations">
Challenge 3: Third-Party Integrations
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#challenge-3-third-party-integrations" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Challenge 3: Third-Party Integrations" href="#challenge-3-third-party-integrations">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Problem</strong>: Tools expecting NGINX Ingress format</p>
<p><strong>Solution</strong>: Update tools to support Gateway API or use translation layers</p>
<div class="gblog-post__anchorwrap">
<h2 id="resources-and-support">
Resources and Support
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#resources-and-support" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Resources and Support" href="#resources-and-support">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="documentation">
Documentation
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#documentation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Documentation" href="#documentation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li><a
class="gblog-markdown__link"
href="https://gateway-api.sigs.k8s.io/"
>Gateway API Documentation</a></li>
<li><a
class="gblog-markdown__link"
href="https://github.com/nginxinc/nginx-gateway-fabric"
>NGINX Gateway Fabric Documentation</a></li>
<li><a
class="gblog-markdown__link"
href="https://gateway-api.sigs.k8s.io/guides/migration/"
>Migration Guides</a></li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="community-support">
Community Support
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#community-support" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Community Support" href="#community-support">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li><a
class="gblog-markdown__link"
href="https://kubernetes.slack.com/messages/gateway-api"
>Kubernetes Gateway API Slack</a></li>
<li><a
class="gblog-markdown__link"
href="https://github.com/kubernetes-sigs/gateway-api/discussions"
>GitHub Discussions</a></li>
<li><a
class="gblog-markdown__link"
href="https://github.com/cncf/tag-network/issues"
>CNCF Forums</a></li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="conclusion">
Conclusion
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-ingress-deprecation-gateway-api-migration-guide/#conclusion" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Conclusion" href="#conclusion">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>The deprecation of NGINX Ingress Controller marks an important transition in Kubernetes networking. While this change requires migration effort, it presents an opportunity to adopt more powerful, standardized, and future-proof networking solutions.</p>
<p>Key takeaways:</p>
<ul>
<li><strong>Plan Early</strong>: Start migration planning well before March 2026</li>
<li><strong>Choose Implementation</strong>: Select a Gateway API implementation that fits your needs</li>
<li><strong>Gradual Migration</strong>: Migrate gradually with proper testing</li>
<li><strong>Leverage Advantages</strong>: Take advantage of Gateway API’s enhanced capabilities</li>
<li><strong>Stay Informed</strong>: Follow Gateway API development and best practices</li>
</ul>
<p>The Gateway API ecosystem is mature, well-supported, and ready for production use. Organizations that migrate successfully will benefit from better security, more advanced features, and a more maintainable networking infrastructure.</p>
<p>The transition from NGINX Ingress Controller to Gateway API represents progress in Kubernetes networking, and with proper planning and execution, organizations can make this transition smoothly while gaining significant advantages in the process.</p>
<hr>
<p><em>For more information about Gateway API migration, visit the <a
class="gblog-markdown__link"
href="https://gateway-api.sigs.k8s.io/"
>official Gateway API documentation</a> and <a
class="gblog-markdown__link"
href="https://github.com/nginxinc/nginx-gateway-fabric"
>NGINX Gateway Fabric repository</a>.</em></p>Kubernetes v1.35 Release Cycle Kicks Off: What to Expecthttps://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/2025-11-01T00:00:00+00:002025-12-07T16:51:08-05:00
<p>The Kubernetes community has officially kicked off the v1.35 release cycle, scheduled for release in December 2025. This release cycle marks another milestone in Kubernetes’ evolution, with the development phase beginning in September 2025 and key milestones already approaching. The v1.35 release is expected to bring significant enhancements across performance, security, and developer experience.</p>
<div class="gblog-post__anchorwrap">
<h2 id="release-timeline">
Release Timeline
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#release-timeline" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Release Timeline" href="#release-timeline">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="key-milestones">
Key Milestones
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#key-milestones" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Key Milestones" href="#key-milestones">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The v1.35 release follows the established Kubernetes release cadence:</p>
<ul>
<li><strong>Enhancement Proposals Due</strong>: September 15, 2025</li>
<li><strong>Enhancements Freeze</strong>: October 17, 2025</li>
<li><strong>Code Freeze</strong>: November 7, 2025</li>
<li><strong>Release Candidates</strong>: Late November - Early December 2025</li>
<li><strong>General Availability</strong>: December 17, 2025 (tentative)</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="release-team">
Release Team
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#release-team" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Release Team" href="#release-team">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The v1.35 release team is led by experienced community members from across the Kubernetes ecosystem, coordinating efforts across multiple Special Interest Groups (SIGs) and organizations.</p>
<div class="gblog-post__anchorwrap">
<h2 id="expected-major-features">
Expected Major Features
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#expected-major-features" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Expected Major Features" href="#expected-major-features">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-enhanced-scheduling-capabilities">
1. Enhanced Scheduling Capabilities
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#1-enhanced-scheduling-capabilities" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Enhanced Scheduling Capabilities" href="#1-enhanced-scheduling-capabilities">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The Kubernetes scheduler continues to receive significant improvements:</p>
<div class="gblog-post__anchorwrap">
<h4 id="advanced-scheduling-algorithms">
Advanced Scheduling Algorithms
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#advanced-scheduling-algorithms" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Advanced Scheduling Algorithms" href="#advanced-scheduling-algorithms">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Multi-dimensional Resource Scheduling</strong>: Better consideration of CPU, memory, storage, and network resources</li>
<li><strong>Cost-aware Scheduling</strong>: Consideration of resource costs in scheduling decisions</li>
<li><strong>Energy-efficient Placement</strong>: Optimization for reduced power consumption</li>
<li><strong>Network-aware Scheduling</strong>: Better consideration of network topology and latency</li>
</ul>
<div class="gblog-post__anchorwrap">
<h4 id="dynamic-scheduling-enhancements">
Dynamic Scheduling Enhancements
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#dynamic-scheduling-enhancements" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Dynamic Scheduling Enhancements" href="#dynamic-scheduling-enhancements">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Pod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">scheduled-pod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">schedulerName</span><span class="p">:</span><span class="w"> </span><span class="l">default-scheduler</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">affinity</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">nodeAffinity</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">preferredDuringSchedulingIgnoredDuringExecution</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">weight</span><span class="p">:</span><span class="w"> </span><span class="m">100</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">preference</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchExpressions</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l">node-cost</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">operator</span><span class="p">:</span><span class="w"> </span><span class="l">In</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">values</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">low-cost</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">weight</span><span class="p">:</span><span class="w"> </span><span class="m">50</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">preference</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchExpressions</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l">network-region</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">operator</span><span class="p">:</span><span class="w"> </span><span class="l">In</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">values</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">same-region</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">nginx:latest</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="2-security-enhancements">
2. Security Enhancements
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#2-security-enhancements" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Security Enhancements" href="#2-security-enhancements">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Security continues to be a top priority with several enhancements planned:</p>
<div class="gblog-post__anchorwrap">
<h4 id="enhanced-pod-security">
Enhanced Pod Security
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#enhanced-pod-security" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Enhanced Pod Security" href="#enhanced-pod-security">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Improved Pod Security Standards</strong>: More granular security policies</li>
<li><strong>Context-aware Security</strong>: Security decisions based on workload context</li>
<li><strong>Enhanced Security Context</strong>: Better integration with security frameworks</li>
<li><strong>Runtime Security</strong>: Improved container runtime security features</li>
</ul>
<div class="gblog-post__anchorwrap">
<h4 id="network-security-improvements">
Network Security Improvements
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#network-security-improvements" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Network Security Improvements" href="#network-security-improvements">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Advanced Network Policies</strong>: Enhanced network policy capabilities</li>
<li><strong>Micro-segmentation</strong>: Granular network security policies</li>
<li><strong>Zero Trust Integration</strong>: Better support for zero trust architectures</li>
<li><strong>Encrypted Communication</strong>: Enhanced encryption for inter-component communication</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="3-observability-improvements">
3. Observability Improvements
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#3-observability-improvements" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Observability Improvements" href="#3-observability-improvements">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Observability features are expected to receive major updates:</p>
<div class="gblog-post__anchorwrap">
<h4 id="structured-logging-enhancements">
Structured Logging Enhancements
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#structured-logging-enhancements" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Structured Logging Enhancements" href="#structured-logging-enhancements">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Building on the structured logging introduced in v1.30:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json"><span class="line"><span class="cl"><span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="nt">"level"</span><span class="p">:</span> <span class="s2">"info"</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nt">"timestamp"</span><span class="p">:</span> <span class="s2">"2025-11-01T10:30:00Z"</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nt">"component"</span><span class="p">:</span> <span class="s2">"kube-scheduler"</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nt">"message"</span><span class="p">:</span> <span class="s2">"Pod scheduled successfully"</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nt">"pod"</span><span class="p">:</span> <span class="s2">"nginx-deployment-abc123"</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nt">"node"</span><span class="p">:</span> <span class="s2">"worker-node-1"</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nt">"namespace"</span><span class="p">:</span> <span class="s2">"default"</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nt">"scheduling_duration_ms"</span><span class="p">:</span> <span class="mf">15.2</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nt">"resource_requirements"</span><span class="p">:</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="nt">"cpu"</span><span class="p">:</span> <span class="s2">"100m"</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nt">"memory"</span><span class="p">:</span> <span class="s2">"128Mi"</span>
</span></span><span class="line"><span class="cl"> <span class="p">},</span>
</span></span><span class="line"><span class="cl"> <span class="nt">"affinity_decisions"</span><span class="p">:</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="nt">"preferred"</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nt">"required"</span><span class="p">:</span> <span class="mi">0</span>
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
</span></span><span class="line"><span class="cl"><span class="p">}</span>
</span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h4 id="enhanced-metrics">
Enhanced Metrics
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#enhanced-metrics" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Enhanced Metrics" href="#enhanced-metrics">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Custom Metrics API</strong>: Better support for custom metrics</li>
<li><strong>Performance Metrics</strong>: More detailed performance metrics</li>
<li><strong>Resource Utilization</strong>: Enhanced resource utilization tracking</li>
<li><strong>Cost Metrics</strong>: Cost-related metrics for resource optimization</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="4-storage-improvements">
4. Storage Improvements
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#4-storage-improvements" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 4. Storage Improvements" href="#4-storage-improvements">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Storage capabilities are expected to receive enhancements:</p>
<div class="gblog-post__anchorwrap">
<h4 id="advanced-volume-management">
Advanced Volume Management
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#advanced-volume-management" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Advanced Volume Management" href="#advanced-volume-management">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Volume Snapshots</strong>: Enhanced snapshot capabilities</li>
<li><strong>Dynamic Provisioning</strong>: Improved dynamic storage provisioning</li>
<li><strong>Storage Capacity Tracking</strong>: More accurate storage capacity management</li>
<li><strong>Multi-attach Volumes</strong>: Better support for shared storage</li>
</ul>
<div class="gblog-post__anchorwrap">
<h4 id="csi-driver-enhancements">
CSI Driver Enhancements
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#csi-driver-enhancements" class="gblog-post__anchor clip flex align-center" aria-label="Anchor CSI Driver Enhancements" href="#csi-driver-enhancements">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">storage.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">StorageClass</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">fast-ssd</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">provisioner</span><span class="p">:</span><span class="w"> </span><span class="l">csi-driver.example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">parameters</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">ssd</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">iops</span><span class="p">:</span><span class="w"> </span><span class="s2">"3000"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">replication</span><span class="p">:</span><span class="w"> </span><span class="s2">"3"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">allowVolumeExpansion</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">volumeBindingMode</span><span class="p">:</span><span class="w"> </span><span class="l">WaitForFirstConsumer</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="5-api-enhancements">
5. API Enhancements
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#5-api-enhancements" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 5. API Enhancements" href="#5-api-enhancements">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The Kubernetes API continues to evolve:</p>
<div class="gblog-post__anchorwrap">
<h4 id="api-improvements">
API Improvements
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#api-improvements" class="gblog-post__anchor clip flex align-center" aria-label="Anchor API Improvements" href="#api-improvements">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Enhanced Validation</strong>: Better API validation and error messages</li>
<li><strong>API Performance</strong>: Improved API server performance</li>
<li><strong>Backward Compatibility</strong>: Continued focus on backward compatibility</li>
<li><strong>API Versioning</strong>: Better API version management</li>
</ul>
<div class="gblog-post__anchorwrap">
<h4 id="custom-resource-definitions">
Custom Resource Definitions
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#custom-resource-definitions" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Custom Resource Definitions" href="#custom-resource-definitions">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Enhanced CRD capabilities:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">apiextensions.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">CustomResourceDefinition</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">applications.example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">group</span><span class="p">:</span><span class="w"> </span><span class="l">example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">versions</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">served</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">storage</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">schema</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">openAPIV3Schema</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">object</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">properties</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">object</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">x-kubernetes-validations</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">rule</span><span class="p">:</span><span class="w"> </span><span class="s2">"self.replicas > 0"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">message</span><span class="p">:</span><span class="w"> </span><span class="s2">"replicas must be greater than 0"</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h2 id="beta-features-moving-forward">
Beta Features Moving Forward
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#beta-features-moving-forward" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Beta Features Moving Forward" href="#beta-features-moving-forward">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-gateway-api-integration">
1. Gateway API Integration
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#1-gateway-api-integration" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Gateway API Integration" href="#1-gateway-api-integration">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Gateway API support continues to mature:</p>
<ul>
<li><strong>Stable HTTPRoute</strong>: Enhanced HTTPRoute capabilities</li>
<li><strong>TLSRoute Improvements</strong>: Better TLS routing support</li>
<li><strong>Cross-namespace Routing</strong>: Enhanced cross-namespace capabilities</li>
<li><strong>Traffic Management</strong>: Advanced traffic splitting and mirroring</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="2-enhanced-rbac">
2. Enhanced RBAC
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#2-enhanced-rbac" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Enhanced RBAC" href="#2-enhanced-rbac">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Role-Based Access Control improvements:</p>
<ul>
<li><strong>Conditional RBAC</strong>: Context-aware authorization</li>
<li><strong>Fine-grained Permissions</strong>: More granular access control</li>
<li><strong>Dynamic Policy Evaluation</strong>: Real-time policy enforcement</li>
<li><strong>Audit Enhancements</strong>: Comprehensive security event tracking</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="3-resource-management">
3. Resource Management
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#3-resource-management" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Resource Management" href="#3-resource-management">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Resource management enhancements:</p>
<ul>
<li><strong>Dynamic Resource Allocation</strong>: Better resource sharing</li>
<li><strong>GPU Management</strong>: Enhanced GPU resource allocation</li>
<li><strong>Memory Optimization</strong>: Improved memory management</li>
<li><strong>Network Resource Management</strong>: Advanced network resource allocation</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="alpha-features-to-watch">
Alpha Features to Watch
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#alpha-features-to-watch" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Alpha Features to Watch" href="#alpha-features-to-watch">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-webassembly-support">
1. WebAssembly Support
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#1-webassembly-support" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. WebAssembly Support" href="#1-webassembly-support">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>WebAssembly support continues to evolve:</p>
<ul>
<li><strong>Performance Improvements</strong>: Better Wasm runtime performance</li>
<li><strong>Security Enhancements</strong>: Enhanced Wasm sandboxing</li>
<li><strong>Developer Tools</strong>: Better debugging and monitoring</li>
<li><strong>Ecosystem Integration</strong>: Improved toolchain integration</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="2-edge-computing">
2. Edge Computing
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#2-edge-computing" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Edge Computing" href="#2-edge-computing">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Edge computing features:</p>
<ul>
<li><strong>Lightweight Components</strong>: Optimized for edge devices</li>
<li><strong>Offline Operation</strong>: Better support for intermittent connectivity</li>
<li><strong>Local Processing</strong>: Reduced dependency on centralized resources</li>
<li><strong>Multi-cluster Management</strong>: Coordinated edge deployments</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="3-aiml-workload-support">
3. AI/ML Workload Support
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#3-aiml-workload-support" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. AI/ML Workload Support" href="#3-aiml-workload-support">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Enhanced AI/ML capabilities:</p>
<ul>
<li><strong>Model Serving</strong>: Better ML model deployment</li>
<li><strong>Training Optimization</strong>: Enhanced training workload management</li>
<li><strong>Resource Scheduling</strong>: AI/ML-aware resource allocation</li>
<li><strong>Monitoring</strong>: Specialized monitoring for ML workloads</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="performance-improvements">
Performance Improvements
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#performance-improvements" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Performance Improvements" href="#performance-improvements">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="scheduler-performance">
Scheduler Performance
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#scheduler-performance" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Scheduler Performance" href="#scheduler-performance">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The scheduler is expected to receive performance improvements:</p>
<ul>
<li><strong>Faster Algorithms</strong>: Improved scheduling algorithms</li>
<li><strong>Parallel Processing</strong>: Better utilization of multiple cores</li>
<li><strong>Memory Efficiency</strong>: Reduced memory footprint</li>
<li><strong>Scalability</strong>: Better performance at scale</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="api-server-optimizations">
API Server Optimizations
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#api-server-optimizations" class="gblog-post__anchor clip flex align-center" aria-label="Anchor API Server Optimizations" href="#api-server-optimizations">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>API server performance enhancements:</p>
<ul>
<li><strong>Reduced Latency</strong>: Faster request processing</li>
<li><strong>Better Caching</strong>: Enhanced caching mechanisms</li>
<li><strong>Connection Optimization</strong>: Improved connection pooling</li>
<li><strong>Resource Efficiency</strong>: Lower resource consumption</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="etcd-optimizations">
etcd Optimizations
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#etcd-optimizations" class="gblog-post__anchor clip flex align-center" aria-label="Anchor etcd Optimizations" href="#etcd-optimizations">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>etcd, the backing store, receives optimizations:</p>
<ul>
<li><strong>Storage Efficiency</strong>: More efficient data storage</li>
<li><strong>Faster Operations</strong>: Improved read and write performance</li>
<li><strong>Better Compression</strong>: Enhanced data compression</li>
<li><strong>Improved Reliability</strong>: Better fault tolerance</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="deprecations-and-removals">
Deprecations and Removals
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#deprecations-and-removals" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Deprecations and Removals" href="#deprecations-and-removals">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="expected-deprecations">
Expected Deprecations
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#expected-deprecations" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Expected Deprecations" href="#expected-deprecations">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Several features are expected to be deprecated in v1.35:</p>
<ul>
<li><strong>Legacy API Versions</strong>: Older API versions being phased out</li>
<li><strong>Deprecated Flags</strong>: Command-line flags no longer recommended</li>
<li><strong>Obsolete Configurations</strong>: Configuration options with better alternatives</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="planned-removals">
Planned Removals
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#planned-removals" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Planned Removals" href="#planned-removals">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Features that may be removed:</p>
<ul>
<li><strong>Unused Components</strong>: Components no longer maintained</li>
<li><strong>Deprecated APIs</strong>: APIs deprecated for multiple releases</li>
<li><strong>Legacy Tools</strong>: Tools replaced by newer alternatives</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="development-and-testing">
Development and Testing
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#development-and-testing" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Development and Testing" href="#development-and-testing">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="community-involvement">
Community Involvement
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#community-involvement" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Community Involvement" href="#community-involvement">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The v1.35 release cycle involves:</p>
<ul>
<li><strong>Contributors</strong>: Developers from around the world</li>
<li><strong>Organizations</strong>: Companies of all sizes contributing</li>
<li><strong>SIGs</strong>: Special Interest Groups coordinating development</li>
<li><strong>Testing</strong>: Comprehensive testing across environments</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="testing-priorities">
Testing Priorities
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#testing-priorities" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Testing Priorities" href="#testing-priorities">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Key testing focus areas:</p>
<ul>
<li><strong>Stability</strong>: Ensuring stable releases</li>
<li><strong>Performance</strong>: Validating performance improvements</li>
<li><strong>Security</strong>: Security testing and validation</li>
<li><strong>Compatibility</strong>: Backward compatibility testing</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="upgrade-considerations">
Upgrade Considerations
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#upgrade-considerations" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Upgrade Considerations" href="#upgrade-considerations">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="pre-upgrade-preparation">
Pre-upgrade Preparation
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#pre-upgrade-preparation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Pre-upgrade Preparation" href="#pre-upgrade-preparation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Organizations should prepare for v1.35 by:</p>
<ul>
<li><strong>Reviewing Deprecations</strong>: Understanding what features will be deprecated</li>
<li><strong>Testing Applications</strong>: Ensuring applications work with new features</li>
<li><strong>Updating Tools</strong>: Updating kubectl and other client tools</li>
<li><strong>Planning Migration</strong>: Creating migration plans for deprecated features</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="upgrade-strategy">
Upgrade Strategy
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#upgrade-strategy" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Upgrade Strategy" href="#upgrade-strategy">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Recommended upgrade approach:</p>
<ol>
<li><strong>Review Release Notes</strong>: Understand all changes and deprecations</li>
<li><strong>Staging Environment</strong>: Test upgrades in staging first</li>
<li><strong>Gradual Rollout</strong>: Use rolling upgrades for production</li>
<li><strong>Monitoring</strong>: Closely monitor during and after upgrades</li>
<li><strong>Rollback Plan</strong>: Have rollback procedures ready</li>
</ol>
<div class="gblog-post__anchorwrap">
<h2 id="looking-ahead">
Looking Ahead
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#looking-ahead" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Looking Ahead" href="#looking-ahead">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="release-themes">
Release Themes
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#release-themes" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Release Themes" href="#release-themes">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The v1.35 release focuses on:</p>
<ul>
<li><strong>Performance</strong>: Continued performance improvements</li>
<li><strong>Security</strong>: Enhanced security features</li>
<li><strong>Developer Experience</strong>: Better tooling and debugging</li>
<li><strong>Observability</strong>: Improved monitoring and observability</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="future-releases">
Future Releases
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#future-releases" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Future Releases" href="#future-releases">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The community is already planning beyond v1.35:</p>
<ul>
<li><strong>v1.36</strong>: Scheduled for release in 2026</li>
<li><strong>Long-term Roadmap</strong>: Simplification, edge computing, AI/ML support</li>
<li><strong>Community Evolution</strong>: Continued growth and diversity</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="how-to-participate">
How to Participate
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#how-to-participate" class="gblog-post__anchor clip flex align-center" aria-label="Anchor How to Participate" href="#how-to-participate">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="contributing">
Contributing
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#contributing" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Contributing" href="#contributing">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Ways to contribute to v1.35:</p>
<ul>
<li><strong>Enhancement Proposals</strong>: Submit enhancement proposals (before freeze date)</li>
<li><strong>Code Contributions</strong>: Contribute code to features you’re interested in</li>
<li><strong>Testing</strong>: Help test release candidates</li>
<li><strong>Documentation</strong>: Improve documentation and examples</li>
<li><strong>Bug Reports</strong>: Report bugs and issues</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="staying-informed">
Staying Informed
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#staying-informed" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Staying Informed" href="#staying-informed">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Stay up to date with v1.35 development:</p>
<ul>
<li><strong>Release Team</strong>: Follow release team communications</li>
<li><strong>SIG Meetings</strong>: Attend relevant SIG meetings</li>
<li><strong>GitHub</strong>: Monitor enhancement tracking issues</li>
<li><strong>Community Forums</strong>: Participate in community discussions</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="conclusion">
Conclusion
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-35-release-cycle-kicks-off/#conclusion" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Conclusion" href="#conclusion">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>The v1.35 release cycle represents another exciting phase in Kubernetes’ evolution. With a focus on performance, security, observability, and developer experience, this release promises to bring significant improvements to the platform.</p>
<p>Key highlights of the v1.35 release cycle:</p>
<ul>
<li><strong>Enhanced Scheduling</strong>: Advanced scheduling capabilities and algorithms</li>
<li><strong>Security Improvements</strong>: Enhanced security features and policies</li>
<li><strong>Observability</strong>: Better monitoring and observability capabilities</li>
<li><strong>Performance</strong>: Continued performance optimizations</li>
<li><strong>Community</strong>: Global collaboration and contribution</li>
</ul>
<p>As the release cycle progresses through enhancement freeze, code freeze, and release candidates, the community continues to work together to deliver another stable, feature-rich Kubernetes release. Organizations should monitor the development progress and begin planning for upgrades to v1.35.</p>
<p>The v1.35 release cycle demonstrates the Kubernetes community’s commitment to continuous improvement, innovation, and stability, ensuring that Kubernetes remains the foundation of modern cloud-native computing.</p>
<hr>
<p><em>For the latest information on v1.35 development, follow the <a
class="gblog-markdown__link"
href="https://github.com/kubernetes/sig-release"
>Kubernetes SIG-Release discussions</a> and <a
class="gblog-markdown__link"
href="https://kubernetes.io/community/"
>community meetings</a>.</em></p>Gateway API Reaches Stable: Production-Ready for Modern Kubernetes Networkinghttps://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/2025-10-15T00:00:00+00:002025-12-07T16:51:08-05:00
<p>The Kubernetes Gateway API has reached a significant milestone, with multiple resource types now stable and production-ready for modern Kubernetes deployments. After years of development and community feedback, the Gateway API provides a more expressive, extensible, and role-oriented approach to service networking compared to the traditional Ingress API.</p>
<div class="gblog-post__anchorwrap">
<h2 id="gateway-api-overview">
Gateway API Overview
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#gateway-api-overview" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Gateway API Overview" href="#gateway-api-overview">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>The Gateway API is the evolution of Kubernetes ingress, designed to address the limitations of the original Ingress resource. It provides a more powerful, flexible, and standardized way to configure networking in Kubernetes clusters.</p>
<div class="gblog-post__anchorwrap">
<h3 id="core-principles">
Core Principles
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#core-principles" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Core Principles" href="#core-principles">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The Gateway API is built on several key principles:</p>
<ul>
<li><strong>Role-Oriented</strong>: Resources map to different personas in an organization</li>
<li><strong>Expressive</strong>: Rich routing capabilities beyond basic path and host matching</li>
<li><strong>Extensible</strong>: Standard extension points for vendor-specific features</li>
<li><strong>Portable</strong>: Works across different implementations and cloud providers</li>
<li><strong>Type-Safe</strong>: Better validation and error handling than the original Ingress</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="stable-resource-types">
Stable Resource Types
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#stable-resource-types" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Stable Resource Types" href="#stable-resource-types">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>Several Gateway API resource types have reached stable (v1) status, making them production-ready:</p>
<div class="gblog-post__anchorwrap">
<h3 id="1-gatewayclass">
1. GatewayClass
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#1-gatewayclass" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. GatewayClass" href="#1-gatewayclass">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>GatewayClass defines a class of Gateways that can be instantiated, similar to StorageClass for storage.</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">GatewayClass</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">controllerName</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.nginx.org/gateway-controller</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">description</span><span class="p">:</span><span class="w"> </span><span class="l">NGINX Gateway Controller</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="2-gateway">
2. Gateway
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#2-gateway" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Gateway" href="#2-gateway">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Gateway describes how traffic can be translated to Services within the cluster.</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">gateway-system</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">gatewayClassName</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">listeners</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">http</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l">HTTP</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">allowedRoutes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespaces</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">from</span><span class="p">:</span><span class="w"> </span><span class="l">All</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">https</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPS</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">443</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">allowedRoutes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespaces</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">from</span><span class="p">:</span><span class="w"> </span><span class="l">All</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">tls</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mode</span><span class="p">:</span><span class="w"> </span><span class="l">Terminate</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">certificateRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-cert</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="3-httproute">
3. HTTPRoute
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#3-httproute" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. HTTPRoute" href="#3-httproute">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>HTTPRoute defines routing rules for HTTP/HTTPS traffic, replacing and extending Ingress functionality.</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">webapp-route</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">production</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">gateway-system</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">hostnames</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">www.example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">matches</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">path</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">PathPrefix</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l">/api</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">api-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">weight</span><span class="p">:</span><span class="w"> </span><span class="m">100</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">matches</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">path</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">PathPrefix</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l">/</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">web-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">weight</span><span class="p">:</span><span class="w"> </span><span class="m">100</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h2 id="key-advantages-over-ingress">
Key Advantages Over Ingress
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#key-advantages-over-ingress" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Key Advantages Over Ingress" href="#key-advantages-over-ingress">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-role-based-configuration">
1. Role-Based Configuration
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#1-role-based-configuration" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Role-Based Configuration" href="#1-role-based-configuration">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The Gateway API separates concerns across different roles:</p>
<ul>
<li><strong>Infrastructure Providers</strong>: Create and manage GatewayClass resources</li>
<li><strong>Cluster Operators</strong>: Provision and configure Gateway instances</li>
<li><strong>Application Developers</strong>: Create HTTPRoute, TCPRoute, or UDPRoute resources</li>
</ul>
<p>This separation enables better multi-tenancy and security boundaries.</p>
<div class="gblog-post__anchorwrap">
<h3 id="2-advanced-routing-capabilities">
2. Advanced Routing Capabilities
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#2-advanced-routing-capabilities" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Advanced Routing Capabilities" href="#2-advanced-routing-capabilities">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>HTTPRoute provides significantly more routing options than Ingress:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">advanced-routing</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">hostnames</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">api.example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># Header-based routing</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">matches</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">headers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">x-api-version</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l">v2</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">api-v2-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># Query parameter routing</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">matches</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">queryParams</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">beta</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">Exact</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l">enabled</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">beta-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># Method-based routing</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">matches</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">method</span><span class="p">:</span><span class="w"> </span><span class="l">POST</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">PathPrefix</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l">/upload</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">upload-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># Request mirroring</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">matches</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">path</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">PathPrefix</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l">/</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">filters</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">RequestMirror</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">requestMirror</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">backendRef</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">logging-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">main-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="3-traffic-splitting-and-canary-deployments">
3. Traffic Splitting and Canary Deployments
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#3-traffic-splitting-and-canary-deployments" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Traffic Splitting and Canary Deployments" href="#3-traffic-splitting-and-canary-deployments">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Built-in support for traffic splitting enables sophisticated deployment strategies:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">canary-deployment</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">hostnames</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">app.example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">stable-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">weight</span><span class="p">:</span><span class="w"> </span><span class="m">90</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">canary-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">weight</span><span class="p">:</span><span class="w"> </span><span class="m">10</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="4-cross-namespace-routing">
4. Cross-Namespace Routing
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#4-cross-namespace-routing" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 4. Cross-Namespace Routing" href="#4-cross-namespace-routing">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Gateway API supports routing across namespaces, enabling better organization and isolation:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">cross-namespace-route</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">frontend</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">shared-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">infrastructure</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">hostnames</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">app.example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">backend-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">backend</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h2 id="additional-resource-types">
Additional Resource Types
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#additional-resource-types" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Additional Resource Types" href="#additional-resource-types">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>Beyond HTTPRoute, the Gateway API defines other route types:</p>
<div class="gblog-post__anchorwrap">
<h3 id="tcproute">
TCPRoute
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#tcproute" class="gblog-post__anchor clip flex align-center" aria-label="Anchor TCPRoute" href="#tcproute">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>For TCP traffic routing:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">TCPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">database-route</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">postgres-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">5432</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="udproute">
UDPRoute
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#udproute" class="gblog-post__anchor clip flex align-center" aria-label="Anchor UDPRoute" href="#udproute">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>For UDP traffic routing:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">UDPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">dns-route</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">dns-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">53</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="tlsroute">
TLSRoute
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#tlsroute" class="gblog-post__anchor clip flex align-center" aria-label="Anchor TLSRoute" href="#tlsroute">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>For TLS passthrough:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">TLSRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">tls-passthrough</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">hostnames</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">secure.example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">secure-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">443</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h2 id="implementation-ecosystem">
Implementation Ecosystem
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#implementation-ecosystem" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Implementation Ecosystem" href="#implementation-ecosystem">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>Multiple Gateway API implementations are available and production-ready:</p>
<div class="gblog-post__anchorwrap">
<h3 id="nginx-gateway-fabric">
NGINX Gateway Fabric
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#nginx-gateway-fabric" class="gblog-post__anchor clip flex align-center" aria-label="Anchor NGINX Gateway Fabric" href="#nginx-gateway-fabric">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>NGINX’s implementation of the Gateway API:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Install NGINX Gateway Fabric</span>
</span></span><span class="line"><span class="cl">kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/main/deploy/manifests/install.yaml
</span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="istio">
Istio
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#istio" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Istio" href="#istio">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Istio provides Gateway API support alongside its service mesh:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">istio-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">gatewayClassName</span><span class="p">:</span><span class="w"> </span><span class="l">istio</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">listeners</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">http</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l">HTTP</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="kong-gateway">
Kong Gateway
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#kong-gateway" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Kong Gateway" href="#kong-gateway">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Kong provides a full-featured Gateway API implementation:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">GatewayClass</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">kong</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">controllerName</span><span class="p">:</span><span class="w"> </span><span class="l">konghq.com/kic-gateway-controller</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="envoy-gateway">
Envoy Gateway
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#envoy-gateway" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Envoy Gateway" href="#envoy-gateway">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>A vendor-neutral Gateway API implementation using Envoy:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">GatewayClass</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">envoy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">controllerName</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.envoyproxy.io/gatewayclass-controller</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="aws-load-balancer-controller">
AWS Load Balancer Controller
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#aws-load-balancer-controller" class="gblog-post__anchor clip flex align-center" aria-label="Anchor AWS Load Balancer Controller" href="#aws-load-balancer-controller">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>AWS provides Gateway API support through their Load Balancer Controller:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">GatewayClass</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">aws-lb</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">controllerName</span><span class="p">:</span><span class="w"> </span><span class="l">elbv2.k8s.aws/gateway-controller</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h2 id="migration-from-ingress">
Migration from Ingress
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#migration-from-ingress" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Migration from Ingress" href="#migration-from-ingress">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="key-differences">
Key Differences
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#key-differences" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Key Differences" href="#key-differences">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>When migrating from Ingress to Gateway API, understand these key differences:</p>
<table>
<thead>
<tr>
<th>Ingress</th>
<th>Gateway API</th>
</tr>
</thead>
<tbody>
<tr>
<td>Single resource type</td>
<td>Multiple resource types (Gateway, HTTPRoute, etc.)</td>
</tr>
<tr>
<td>Namespace-scoped only</td>
<td>Supports cross-namespace routing</td>
</tr>
<tr>
<td>Limited routing features</td>
<td>Advanced routing with headers, query params, etc.</td>
</tr>
<tr>
<td>Basic traffic splitting</td>
<td>Native weight-based splitting</td>
</tr>
<tr>
<td>Limited TLS support</td>
<td>Enhanced TLS configuration</td>
</tr>
<tr>
<td>Vendor-specific annotations</td>
<td>Standard extension points</td>
</tr>
</tbody>
</table>
<div class="gblog-post__anchorwrap">
<h3 id="migration-steps">
Migration Steps
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#migration-steps" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Migration Steps" href="#migration-steps">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ol>
<li><strong>Assess Current Ingress Usage</strong></li>
</ol>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># List all Ingress resources</span>
</span></span><span class="line"><span class="cl">kubectl get ingress --all-namespaces
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Export Ingress configurations</span>
</span></span><span class="line"><span class="cl">kubectl get ingress -n production -o yaml > ingress-configs.yaml
</span></span></code></pre></div><ol start="2">
<li><strong>Install a Gateway API Implementation</strong></li>
</ol>
<p>Choose and install a Gateway API implementation that meets your needs.</p>
<ol start="3">
<li><strong>Create Gateway Resources</strong></li>
</ol>
<p>Set up Gateway instances to replace Ingress controllers:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">migration-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">gateway-system</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">gatewayClassName</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">listeners</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">http</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l">HTTP</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">https</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPS</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">443</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">tls</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mode</span><span class="p">:</span><span class="w"> </span><span class="l">Terminate</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">certificateRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">tls-cert</span><span class="w">
</span></span></span></code></pre></div><ol start="4">
<li><strong>Convert Ingress to HTTPRoute</strong></li>
</ol>
<p>Translate Ingress rules to HTTPRoute resources:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># Original Ingress</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Ingress</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">web-ingress</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">host</span><span class="p">:</span><span class="w"> </span><span class="l">example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">http</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">paths</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l">/</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">pathType</span><span class="p">:</span><span class="w"> </span><span class="l">Prefix</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">backend</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">service</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">web-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">number</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># Equivalent HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">web-route</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">migration-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">hostnames</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">matches</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">path</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">PathPrefix</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l">/</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">web-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span></code></pre></div><ol start="5">
<li><strong>Test and Validate</strong></li>
</ol>
<p>Gradually migrate services and validate functionality:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Apply HTTPRoute</span>
</span></span><span class="line"><span class="cl">kubectl apply -f web-route.yaml
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Test routing</span>
</span></span><span class="line"><span class="cl">curl -H <span class="s2">"Host: example.com"</span> http://gateway-ip/
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Monitor Gateway status</span>
</span></span><span class="line"><span class="cl">kubectl get gateway -n gateway-system
</span></span><span class="line"><span class="cl">kubectl describe gateway migration-gateway -n gateway-system
</span></span></code></pre></div><ol start="6">
<li><strong>Gradual Rollout</strong></li>
</ol>
<p>Use traffic splitting to gradually migrate:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">gradual-migration</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parentRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">migration-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">backendRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># Keep Ingress controller running initially</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">ingress-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">weight</span><span class="p">:</span><span class="w"> </span><span class="m">10</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># Route most traffic to Gateway API</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">gateway-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">weight</span><span class="p">:</span><span class="w"> </span><span class="m">90</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h2 id="best-practices">
Best Practices
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#best-practices" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Best Practices" href="#best-practices">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-use-gatewayclasses-for-multi-tenancy">
1. Use GatewayClasses for Multi-tenancy
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#1-use-gatewayclasses-for-multi-tenancy" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Use GatewayClasses for Multi-tenancy" href="#1-use-gatewayclasses-for-multi-tenancy">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Define GatewayClasses for different teams or environments:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">GatewayClass</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">team-a-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">controllerName</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.nginx.org/gateway-controller</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parametersRef</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">group</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.nginx.org</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">GatewayClassConfig</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">team-a-config</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="2-implement-namespace-policies">
2. Implement Namespace Policies
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#2-implement-namespace-policies" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Implement Namespace Policies" href="#2-implement-namespace-policies">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Control which namespaces can use which Gateways:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">shared-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">gatewayClassName</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">listeners</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">http</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l">HTTP</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">allowedRoutes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespaces</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">from</span><span class="p">:</span><span class="w"> </span><span class="l">Selector</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">gateway-access</span><span class="p">:</span><span class="w"> </span><span class="l">allowed</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="3-use-reference-grants-for-cross-namespace">
3. Use Reference Grants for Cross-Namespace
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#3-use-reference-grants-for-cross-namespace" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Use Reference Grants for Cross-Namespace" href="#3-use-reference-grants-for-cross-namespace">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Enable secure cross-namespace references:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ReferenceGrant</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">allow-frontend-to-backend</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">backend</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">from</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">group</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPRoute</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">frontend</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">to</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">group</span><span class="p">:</span><span class="w"> </span><span class="s2">""</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Service</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="4-implement-proper-tls-management">
4. Implement Proper TLS Management
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#4-implement-proper-tls-management" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 4. Implement Proper TLS Management" href="#4-implement-proper-tls-management">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Use proper certificate management:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">gateway.networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">secure-gateway</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">listeners</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">https</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l">HTTPS</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">443</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">tls</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mode</span><span class="p">:</span><span class="w"> </span><span class="l">Terminate</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">certificateRefs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">tls-cert</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">cert-manager</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h2 id="performance-and-scalability">
Performance and Scalability
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#performance-and-scalability" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Performance and Scalability" href="#performance-and-scalability">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>Gateway API implementations typically offer:</p>
<ul>
<li><strong>Better Performance</strong>: More efficient routing decisions</li>
<li><strong>Horizontal Scalability</strong>: Better support for scaling Gateway instances</li>
<li><strong>Resource Efficiency</strong>: Lower resource overhead than traditional Ingress controllers</li>
<li><strong>Connection Pooling</strong>: Better connection management</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="future-developments">
Future Developments
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#future-developments" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Future Developments" href="#future-developments">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>The Gateway API continues to evolve with new features:</p>
<ul>
<li><strong>GRPCRoute</strong>: Native support for gRPC routing</li>
<li><strong>TCPRoute Enhancements</strong>: Advanced TCP routing features</li>
<li><strong>Service Mesh Integration</strong>: Better integration with service mesh technologies</li>
<li><strong>Enhanced Observability</strong>: Built-in metrics and tracing support</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="conclusion">
Conclusion
<a data-clipboard-text="https://k8s-ops.net/posts/gateway-api-reaches-stable-production-ready/#conclusion" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Conclusion" href="#conclusion">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>The Gateway API reaching stable status represents a significant milestone in Kubernetes networking. With its role-oriented design, advanced routing capabilities, and broad ecosystem support, it provides a compelling path forward for modern Kubernetes deployments.</p>
<p>Key takeaways:</p>
<ul>
<li><strong>Production Ready</strong>: Multiple stable resource types available</li>
<li><strong>Enhanced Capabilities</strong>: Significantly more powerful than traditional Ingress</li>
<li><strong>Ecosystem Support</strong>: Multiple implementations available</li>
<li><strong>Migration Path</strong>: Clear migration strategies from Ingress</li>
<li><strong>Future-Proof</strong>: Active development and community support</li>
</ul>
<p>Organizations should evaluate Gateway API implementations and plan migrations from Ingress, especially as the ecosystem continues to mature and traditional Ingress controllers face deprecation timelines.</p>
<p>The Gateway API is not just an evolution of Ingress—it’s a fundamental improvement that enables better security, scalability, and operational practices for Kubernetes networking.</p>
<hr>
<p><em>For more information about Gateway API, visit the <a
class="gblog-markdown__link"
href="https://gateway-api.sigs.k8s.io/"
>official Gateway API documentation</a> and the <a
class="gblog-markdown__link"
href="https://github.com/kubernetes-sigs/gateway-api"
>Kubernetes Gateway API repository</a>.</em></p>Top 10 Kubernetes Security Toolshttps://k8s-ops.net/posts/top-10-kubernetes-security-tools/2025-09-20T00:00:00+00:002025-07-04T14:46:07-04:00
<p>Security is paramount in Kubernetes environments, where the attack surface spans containers, pods, services, and the cluster itself. The cloud-native security ecosystem has evolved to address these challenges with specialized tools for runtime protection, vulnerability scanning, policy enforcement, and compliance monitoring. Here are the top 10 Kubernetes security tools that every security-conscious organization should implement.</p>
<div class="gblog-post__anchorwrap">
<h2 id="1-falco---runtime-security-engine">
1. Falco - Runtime Security Engine
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-security-tools/#1-falco---runtime-security-engine" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Falco - Runtime Security Engine" href="#1-falco---runtime-security-engine">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Runtime security engine detecting abnormal container behavior.</strong></p>
<p>Falco is the de facto standard for runtime security in Kubernetes, providing real-time threat detection and alerting based on system calls and container behavior. It’s designed to detect security threats and compliance violations in real-time.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Real-time system call monitoring</li>
<li>Customizable rules engine</li>
<li>Container-aware security policies</li>
<li>Integration with SIEM systems</li>
<li>Compliance monitoring</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Using Helm</span>
</span></span><span class="line"><span class="cl">helm repo add falcosecurity https://falcosecurity.github.io/charts
</span></span><span class="line"><span class="cl">helm install falco falcosecurity/falco
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Using kubectl</span>
</span></span><span class="line"><span class="cl">kubectl apply -f https://raw.githubusercontent.com/falcosecurity/falco/master/deploy/kubernetes/falco.yaml
</span></span></code></pre></div><p><strong>Configuration Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ConfigMap</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">falco-config</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">data</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">falco.yaml</span><span class="p">:</span><span class="w"> </span><span class="p">|</span><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> rules_file:
</span></span></span><span class="line"><span class="cl"><span class="sd"> - /etc/falco/falco_rules.yaml
</span></span></span><span class="line"><span class="cl"><span class="sd"> - /etc/falco/k8s_audit_rules.yaml
</span></span></span><span class="line"><span class="cl"><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> # Output configuration
</span></span></span><span class="line"><span class="cl"><span class="sd"> program_output:
</span></span></span><span class="line"><span class="cl"><span class="sd"> enabled: true
</span></span></span><span class="line"><span class="cl"><span class="sd"> program: "curl -d @- -X POST http://falco-webhook:8080"
</span></span></span><span class="line"><span class="cl"><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> # Webhook output
</span></span></span><span class="line"><span class="cl"><span class="sd"> webserver:
</span></span></span><span class="line"><span class="cl"><span class="sd"> enabled: true
</span></span></span><span class="line"><span class="cl"><span class="sd"> listen_port: 9376
</span></span></span><span class="line"><span class="cl"><span class="sd"> k8s_healthz_endpoint: /healthz
</span></span></span><span class="line"><span class="cl"><span class="sd"> ssl_enabled: false</span><span class="w">
</span></span></span></code></pre></div><p><strong>Sample Rules:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl">- <span class="nt">rule</span><span class="p">:</span><span class="w"> </span><span class="l">Unauthorized Process</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">desc</span><span class="p">:</span><span class="w"> </span><span class="l">Detect unauthorized processes running in containers</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">condition</span><span class="p">:</span><span class="w"> </span><span class="l">spawned_process and container and not proc.name in (authorized_processes)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">output</span><span class="p">:</span><span class="w"> </span><span class="l">Unauthorized process started (user=%user.name command=%proc.cmdline container=%container.name)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">priority</span><span class="p">:</span><span class="w"> </span><span class="l">WARNING</span><span class="w">
</span></span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://falco.org/"
>Learn more about Falco</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="2-kube-bench---cis-benchmark-scanner">
2. Kube-Bench - CIS Benchmark Scanner
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-security-tools/#2-kube-bench---cis-benchmark-scanner" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Kube-Bench - CIS Benchmark Scanner" href="#2-kube-bench---cis-benchmark-scanner">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>CIS Benchmark scanner for Kubernetes nodes.</strong></p>
<p>Kube-Bench automates the Center for Internet Security (CIS) Kubernetes Benchmark tests, helping organizations ensure their clusters meet security best practices and compliance requirements.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>CIS Benchmark compliance</li>
<li>Automated security testing</li>
<li>Detailed reporting</li>
<li>Multiple Kubernetes versions support</li>
<li>Remediation guidance</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Using kubectl</span>
</span></span><span class="line"><span class="cl">kubectl apply -f https://raw.githubusercontent.com/aquasecurity/kube-bench/main/job.yaml
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Using Docker</span>
</span></span><span class="line"><span class="cl">docker run --rm -v <span class="k">$(</span><span class="nb">pwd</span><span class="k">)</span>:/host aquasec/kube-bench:latest install
</span></span></code></pre></div><p><strong>Configuration Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">batch/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Job</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">kube-bench</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">template</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">hostPID</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">kube-bench</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">aquasec/kube-bench:latest</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">command</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"kube-bench"</span><span class="p">,</span><span class="w"> </span><span class="s2">"--benchmark"</span><span class="p">,</span><span class="w"> </span><span class="s2">"cis-1.6"</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumeMounts</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">var-lib-kubelet</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mountPath</span><span class="p">:</span><span class="w"> </span><span class="l">/var/lib/kubelet</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">readOnly</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">etc-systemd</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mountPath</span><span class="p">:</span><span class="w"> </span><span class="l">/etc/systemd</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">readOnly</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">etc-kubernetes</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mountPath</span><span class="p">:</span><span class="w"> </span><span class="l">/etc/kubernetes</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">readOnly</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">var-lib-kubelet</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">hostPath</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l">/var/lib/kubelet</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">etc-systemd</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">hostPath</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l">/etc/systemd</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">etc-kubernetes</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">hostPath</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l">/etc/kubernetes</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">restartPolicy</span><span class="p">:</span><span class="w"> </span><span class="l">Never</span><span class="w">
</span></span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://github.com/aquasecurity/kube-bench"
>Get Kube-Bench on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="3-kube-hunter---security-vulnerability-scanner">
3. Kube-Hunter - Security Vulnerability Scanner
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-security-tools/#3-kube-hunter---security-vulnerability-scanner" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Kube-Hunter - Security Vulnerability Scanner" href="#3-kube-hunter---security-vulnerability-scanner">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Actively hunts for security issues in your clusters.</strong></p>
<p>Kube-Hunter is an active security scanner that hunts for security weaknesses in Kubernetes clusters. It can run from outside or inside the cluster to identify potential attack vectors.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Active vulnerability scanning</li>
<li>Multiple scanning modes</li>
<li>Detailed attack vector reporting</li>
<li>Remediation recommendations</li>
<li>Non-intrusive testing</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Using kubectl</span>
</span></span><span class="line"><span class="cl">kubectl apply -f https://raw.githubusercontent.com/aquasecurity/kube-hunter/main/job.yaml
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Using Docker</span>
</span></span><span class="line"><span class="cl">docker run -it --rm --network host aquasec/kube-hunter
</span></span></code></pre></div><p><strong>Configuration Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">batch/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Job</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">kube-hunter</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">template</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">kube-hunter</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">aquasec/kube-hunter:latest</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">command</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"python"</span><span class="p">,</span><span class="w"> </span><span class="s2">"kube-hunter.py"</span><span class="p">,</span><span class="w"> </span><span class="s2">"--remote"</span><span class="p">,</span><span class="w"> </span><span class="s2">"your-cluster-ip"</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">env</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">KUBERNETES_SERVICE_HOST</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s2">"your-cluster-ip"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">KUBERNETES_SERVICE_PORT</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s2">"6443"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">restartPolicy</span><span class="p">:</span><span class="w"> </span><span class="l">Never</span><span class="w">
</span></span></span></code></pre></div><p><strong>Scanning Modes:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Passive scanning</span>
</span></span><span class="line"><span class="cl">kube-hunter --passive
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Active scanning</span>
</span></span><span class="line"><span class="cl">kube-hunter --active
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Network scanning</span>
</span></span><span class="line"><span class="cl">kube-hunter --remote 192.168.1.0/24
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Custom reporting</span>
</span></span><span class="line"><span class="cl">kube-hunter --report json
</span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://github.com/aquasecurity/kube-hunter"
>Get Kube-Hunter on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="4-trivy---comprehensive-vulnerability-scanner">
4. Trivy - Comprehensive Vulnerability Scanner
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-security-tools/#4-trivy---comprehensive-vulnerability-scanner" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 4. Trivy - Comprehensive Vulnerability Scanner" href="#4-trivy---comprehensive-vulnerability-scanner">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>All-in-one scanner for containers, SBOMs, IaC, and more.</strong></p>
<p>Trivy is a comprehensive security scanner that covers containers, infrastructure as code, software bill of materials (SBOM), and Kubernetes manifests. It’s fast, accurate, and easy to integrate into CI/CD pipelines.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Container image scanning</li>
<li>Infrastructure as Code scanning</li>
<li>SBOM generation and analysis</li>
<li>Kubernetes manifest scanning</li>
<li>CI/CD integration</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Using kubectl</span>
</span></span><span class="line"><span class="cl">kubectl apply -f https://raw.githubusercontent.com/aquasecurity/trivy/main/deploy/kubernetes/trivy.yaml
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Using Helm</span>
</span></span><span class="line"><span class="cl">helm repo add aqua https://aquasecurity.github.io/helm-charts/
</span></span><span class="line"><span class="cl">helm install trivy aqua/trivy
</span></span></code></pre></div><p><strong>Configuration Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">batch/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">CronJob</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">trivy-scan</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">schedule</span><span class="p">:</span><span class="w"> </span><span class="s2">"0 2 * * *"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">jobTemplate</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">template</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">trivy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">aquasec/trivy:latest</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">command</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">/bin/sh</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- -<span class="l">c</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="p">|</span><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> trivy image --format json --output /reports/scan.json nginx:latest
</span></span></span><span class="line"><span class="cl"><span class="sd"> trivy config --format json --output /reports/config.json /manifests</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumeMounts</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">reports</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mountPath</span><span class="p">:</span><span class="w"> </span><span class="l">/reports</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">manifests</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mountPath</span><span class="p">:</span><span class="w"> </span><span class="l">/manifests</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">reports</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">emptyDir</span><span class="p">:</span><span class="w"> </span>{}<span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">manifests</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">configMap</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">k8s-manifests</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">restartPolicy</span><span class="p">:</span><span class="w"> </span><span class="l">OnFailure</span><span class="w">
</span></span></span></code></pre></div><p><strong>Scanning Examples:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Scan container image</span>
</span></span><span class="line"><span class="cl">trivy image nginx:latest
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Scan Kubernetes manifests</span>
</span></span><span class="line"><span class="cl">trivy config k8s/
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Generate SBOM</span>
</span></span><span class="line"><span class="cl">trivy image --format cyclonedx nginx:latest
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Scan for secrets</span>
</span></span><span class="line"><span class="cl">trivy secret ./
</span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://github.com/aquasecurity/trivy"
>Get Trivy on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="5-opagatekeeper---policy-enforcement">
5. OPA/Gatekeeper - Policy Enforcement
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-security-tools/#5-opagatekeeper---policy-enforcement" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 5. OPA/Gatekeeper - Policy Enforcement" href="#5-opagatekeeper---policy-enforcement">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Policy enforcement via Rego rules for Kubernetes objects.</strong></p>
<p>Open Policy Agent (OPA) with Gatekeeper provides powerful policy enforcement for Kubernetes clusters using the Rego policy language. It enables organizations to enforce security, compliance, and operational policies consistently.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Declarative policy language (Rego)</li>
<li>Kubernetes-native integration</li>
<li>Real-time policy enforcement</li>
<li>Audit and dry-run modes</li>
<li>Custom resource validation</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Using kubectl</span>
</span></span><span class="line"><span class="cl">kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper/master/deploy/gatekeeper.yaml
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Using Helm</span>
</span></span><span class="line"><span class="cl">helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts
</span></span><span class="line"><span class="cl">helm install gatekeeper gatekeeper/gatekeeper
</span></span></code></pre></div><p><strong>Policy Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-rego" data-lang="rego"><span class="line"><span class="cl"><span class="kd">package</span><span class="w"> </span><span class="nx">kubernetes</span><span class="o">.</span><span class="nx">admission</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="n">deny</span><span class="p">[</span><span class="nx">msg</span><span class="p">]</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">input</span><span class="o">.</span><span class="nx">request</span><span class="o">.</span><span class="nx">kind</span><span class="o">.</span><span class="nx">kind</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="s2">"Pod"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kd">not</span><span class="w"> </span><span class="nx">input</span><span class="o">.</span><span class="nx">request</span><span class="o">.</span><span class="nx">object</span><span class="o">.</span><span class="nx">spec</span><span class="o">.</span><span class="nx">securityContext</span><span class="o">.</span><span class="nx">runAsNonRoot</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">msg</span><span class="w"> </span><span class="o">:=</span><span class="w"> </span><span class="s2">"Pods must not run as root"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="n">deny</span><span class="p">[</span><span class="nx">msg</span><span class="p">]</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">input</span><span class="o">.</span><span class="nx">request</span><span class="o">.</span><span class="nx">kind</span><span class="o">.</span><span class="nx">kind</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="s2">"Pod"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">container</span><span class="w"> </span><span class="o">:=</span><span class="w"> </span><span class="nx">input</span><span class="o">.</span><span class="nx">request</span><span class="o">.</span><span class="nx">object</span><span class="o">.</span><span class="nx">spec</span><span class="o">.</span><span class="nx">containers</span><span class="p">[</span><span class="nx">_</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kd">not</span><span class="w"> </span><span class="nx">container</span><span class="o">.</span><span class="nx">securityContext</span><span class="o">.</span><span class="nx">readOnlyRootFilesystem</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">msg</span><span class="w"> </span><span class="o">:=</span><span class="w"> </span><span class="nf">sprintf</span><span class="p">(</span><span class="s2">"Container %v must have a read-only root filesystem"</span><span class="o">,</span><span class="w"> </span><span class="p">[</span><span class="nx">container</span><span class="o">.</span><span class="nx">name</span><span class="p">])</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="n">deny</span><span class="p">[</span><span class="nx">msg</span><span class="p">]</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">input</span><span class="o">.</span><span class="nx">request</span><span class="o">.</span><span class="nx">kind</span><span class="o">.</span><span class="nx">kind</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="s2">"Service"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">input</span><span class="o">.</span><span class="nx">request</span><span class="o">.</span><span class="nx">object</span><span class="o">.</span><span class="nx">spec</span><span class="o">.</span><span class="nx">type</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="s2">"LoadBalancer"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kd">not</span><span class="w"> </span><span class="nx">input</span><span class="o">.</span><span class="nx">request</span><span class="o">.</span><span class="nx">object</span><span class="o">.</span><span class="nx">metadata</span><span class="o">.</span><span class="nx">annotations</span><span class="p">[</span><span class="s2">"service.beta.kubernetes.io/aws-load-balancer-internal"</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">msg</span><span class="w"> </span><span class="o">:=</span><span class="w"> </span><span class="s2">"LoadBalancer services must be internal"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w">
</span></span></span></code></pre></div><p><strong>Constraint Template:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">templates.gatekeeper.sh/v1beta1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ConstraintTemplate</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">k8srequiredlabels</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">crd</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">names</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">K8sRequiredLabels</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">targets</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">target</span><span class="p">:</span><span class="w"> </span><span class="l">admission.k8s.gatekeeper.sh</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rego</span><span class="p">:</span><span class="w"> </span><span class="p">|</span><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> package k8srequiredlabels
</span></span></span><span class="line"><span class="cl"><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> violation[{"msg": msg, "details": {"missing_labels": missing}}] {
</span></span></span><span class="line"><span class="cl"><span class="sd"> provided := {label | input.review.object.metadata.labels[label]}
</span></span></span><span class="line"><span class="cl"><span class="sd"> required := {label | label := input.parameters.labels[_]}
</span></span></span><span class="line"><span class="cl"><span class="sd"> missing := required - provided
</span></span></span><span class="line"><span class="cl"><span class="sd"> count(missing) > 0
</span></span></span><span class="line"><span class="cl"><span class="sd"> msg := sprintf("you must provide labels: %v", [missing])
</span></span></span><span class="line"><span class="cl"><span class="sd"> }</span><span class="w">
</span></span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://www.openpolicyagent.org/"
>Learn about OPA</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="6-kyverno---kubernetes-native-policy-engine">
6. Kyverno - Kubernetes-Native Policy Engine
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-security-tools/#6-kyverno---kubernetes-native-policy-engine" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 6. Kyverno - Kubernetes-Native Policy Engine" href="#6-kyverno---kubernetes-native-policy-engine">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Kubernetes-native policy engine using YAML syntax.</strong></p>
<p>Kyverno provides policy enforcement using familiar Kubernetes YAML syntax, making it easier for teams to write and maintain policies without learning a new language.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>YAML-based policies</li>
<li>Kubernetes-native design</li>
<li>Mutation and validation</li>
<li>Resource generation</li>
<li>Background scanning</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Using Helm</span>
</span></span><span class="line"><span class="cl">helm repo add kyverno https://kyverno.github.io/kyverno/
</span></span><span class="line"><span class="cl">helm install kyverno kyverno/kyverno --namespace kyverno --create-namespace
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Using kubectl</span>
</span></span><span class="line"><span class="cl">kubectl apply -f https://github.com/kyverno/kyverno/releases/latest/download/install.yaml
</span></span></code></pre></div><p><strong>Policy Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">kyverno.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ClusterPolicy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">require-labels</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">validationFailureAction</span><span class="p">:</span><span class="w"> </span><span class="l">enforce</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">check-for-labels</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">match</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">resources</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kinds</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">Pod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">validate</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">message</span><span class="p">:</span><span class="w"> </span><span class="s2">"label 'app.kubernetes.io/name' is required"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">pattern</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">labels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app.kubernetes.io/name</span><span class="p">:</span><span class="w"> </span><span class="s2">"?*"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nn">---</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">kyverno.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ClusterPolicy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">disallow-privileged</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">validationFailureAction</span><span class="p">:</span><span class="w"> </span><span class="l">enforce</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">check-privileged</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">match</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">resources</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kinds</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">Pod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">validate</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">message</span><span class="p">:</span><span class="w"> </span><span class="s2">"Privileged containers are not allowed"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">pattern</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">securityContext</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">privileged</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w">
</span></span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://kyverno.io/"
>Explore Kyverno</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="7-k-rail---lightweight-security-rules">
7. K-Rail - Lightweight Security Rules
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-security-tools/#7-k-rail---lightweight-security-rules" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 7. K-Rail - Lightweight Security Rules" href="#7-k-rail---lightweight-security-rules">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Lightweight rule engine to enforce security best practices.</strong></p>
<p>K-Rail is a lightweight admission controller that enforces security best practices in Kubernetes clusters. It focuses on practical security rules that are easy to understand and implement.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Lightweight design</li>
<li>Security-focused rules</li>
<li>Easy configuration</li>
<li>Admission control integration</li>
<li>Practical best practices</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Using kubectl</span>
</span></span><span class="line"><span class="cl">kubectl apply -f https://raw.githubusercontent.com/cruise-automation/k-rail/master/deploy/k-rail.yaml
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Using Helm</span>
</span></span><span class="line"><span class="cl">helm repo add k-rail https://cruise-automation.github.io/k-rail/
</span></span><span class="line"><span class="cl">helm install k-rail k-rail/k-rail
</span></span></code></pre></div><p><strong>Configuration Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ConfigMap</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">k-rail-config</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">data</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">config.yaml</span><span class="p">:</span><span class="w"> </span><span class="p">|</span><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> policies:
</span></span></span><span class="line"><span class="cl"><span class="sd"> - name: "no-privileged-containers"
</span></span></span><span class="line"><span class="cl"><span class="sd"> enabled: true
</span></span></span><span class="line"><span class="cl"><span class="sd"> rules:
</span></span></span><span class="line"><span class="cl"><span class="sd"> - name: "no-privileged-containers"
</span></span></span><span class="line"><span class="cl"><span class="sd"> enabled: true
</span></span></span><span class="line"><span class="cl"><span class="sd"> message: "Privileged containers are not allowed"
</span></span></span><span class="line"><span class="cl"><span class="sd"> resource_types:
</span></span></span><span class="line"><span class="cl"><span class="sd"> - "pods"
</span></span></span><span class="line"><span class="cl"><span class="sd"> validate:
</span></span></span><span class="line"><span class="cl"><span class="sd"> - rule: "no-privileged-containers"
</span></span></span><span class="line"><span class="cl"><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> - name: "no-host-path"
</span></span></span><span class="line"><span class="cl"><span class="sd"> enabled: true
</span></span></span><span class="line"><span class="cl"><span class="sd"> rules:
</span></span></span><span class="line"><span class="cl"><span class="sd"> - name: "no-host-path"
</span></span></span><span class="line"><span class="cl"><span class="sd"> enabled: true
</span></span></span><span class="line"><span class="cl"><span class="sd"> message: "Host path volumes are not allowed"
</span></span></span><span class="line"><span class="cl"><span class="sd"> resource_types:
</span></span></span><span class="line"><span class="cl"><span class="sd"> - "pods"
</span></span></span><span class="line"><span class="cl"><span class="sd"> validate:
</span></span></span><span class="line"><span class="cl"><span class="sd"> - rule: "no-host-path"</span><span class="w">
</span></span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://github.com/cruise-automation/k-rail"
>Get K-Rail on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="8-tufin-rego-policy-tester---policy-validation">
8. Tufin Rego Policy Tester - Policy Validation
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-security-tools/#8-tufin-rego-policy-tester---policy-validation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 8. Tufin Rego Policy Tester - Policy Validation" href="#8-tufin-rego-policy-tester---policy-validation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Validates policies offline before applying.</strong></p>
<p>Tufin Rego Policy Tester provides a way to test and validate OPA policies offline before deploying them to production clusters, reducing the risk of policy-related issues.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Offline policy testing</li>
<li>Rego syntax validation</li>
<li>Test case management</li>
<li>CI/CD integration</li>
<li>Policy debugging</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Using Go</span>
</span></span><span class="line"><span class="cl">go install github.com/Tufin/kube-open-policy-agent@latest
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Using Docker</span>
</span></span><span class="line"><span class="cl">docker pull tufin/kube-open-policy-agent:latest
</span></span></code></pre></div><p><strong>Usage Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Test a policy file</span>
</span></span><span class="line"><span class="cl">opa <span class="nb">test</span> policy.rego
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Test with data</span>
</span></span><span class="line"><span class="cl">opa <span class="nb">test</span> policy.rego data.json
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Run specific tests</span>
</span></span><span class="line"><span class="cl">opa <span class="nb">test</span> policy.rego --run test_name
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Coverage report</span>
</span></span><span class="line"><span class="cl">opa <span class="nb">test</span> policy.rego --coverage
</span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://github.com/Tufin/kube-open-policy-agent"
>Get Tufin Rego Policy Tester on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="9-slimtoolkit-dockerslim---container-optimization">
9. SlimToolkit (DockerSlim) - Container Optimization
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-security-tools/#9-slimtoolkit-dockerslim---container-optimization" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 9. SlimToolkit (DockerSlim) - Container Optimization" href="#9-slimtoolkit-dockerslim---container-optimization">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Minimize container attack surface by stripping unused binaries.</strong></p>
<p>SlimToolkit reduces container attack surface by removing unnecessary files, binaries, and dependencies from container images, making them more secure and efficient.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Container image optimization</li>
<li>Attack surface reduction</li>
<li>Size reduction</li>
<li>Security hardening</li>
<li>Multi-stage optimization</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Using Docker</span>
</span></span><span class="line"><span class="cl">docker pull dslim/slim
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Using kubectl</span>
</span></span><span class="line"><span class="cl">kubectl apply -f https://raw.githubusercontent.com/slimtoolkit/slim/master/deploy/kubernetes/slim.yaml
</span></span></code></pre></div><p><strong>Usage Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Optimize an image</span>
</span></span><span class="line"><span class="cl">slim build nginx:latest
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Interactive optimization</span>
</span></span><span class="line"><span class="cl">slim build --interactive nginx:latest
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Custom optimization</span>
</span></span><span class="line"><span class="cl">slim build --target nginx:latest --include-path /etc/nginx --include-path /usr/sbin/nginx
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Security analysis</span>
</span></span><span class="line"><span class="cl">slim analyze nginx:latest
</span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://github.com/slimtoolkit/slim"
>Get SlimToolkit on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="10-cilium-tetragon---ebpf-runtime-security">
10. Cilium Tetragon - eBPF Runtime Security
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-security-tools/#10-cilium-tetragon---ebpf-runtime-security" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 10. Cilium Tetragon - eBPF Runtime Security" href="#10-cilium-tetragon---ebpf-runtime-security">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>eBPF-based runtime enforcement and observability.</strong></p>
<p>Cilium Tetragon provides deep runtime security and observability using eBPF technology, offering real-time visibility into system calls, network activity, and process behavior.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>eBPF-based monitoring</li>
<li>Real-time process tracking</li>
<li>Network security</li>
<li>Custom policies</li>
<li>Performance monitoring</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Using Helm</span>
</span></span><span class="line"><span class="cl">helm repo add cilium https://helm.cilium.io/
</span></span><span class="line"><span class="cl">helm install tetragon cilium/tetragon -n kube-system
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Using kubectl</span>
</span></span><span class="line"><span class="cl">kubectl apply -f https://raw.githubusercontent.com/cilium/tetragon/main/install/kubernetes/install.yaml
</span></span></code></pre></div><p><strong>Configuration Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ConfigMap</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">tetragon-config</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">data</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">config.yaml</span><span class="p">:</span><span class="w"> </span><span class="p">|</span><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> tracing:
</span></span></span><span class="line"><span class="cl"><span class="sd"> policy:
</span></span></span><span class="line"><span class="cl"><span class="sd"> - name: "process-monitoring"
</span></span></span><span class="line"><span class="cl"><span class="sd"> rules:
</span></span></span><span class="line"><span class="cl"><span class="sd"> - name: "suspicious-processes"
</span></span></span><span class="line"><span class="cl"><span class="sd"> process:
</span></span></span><span class="line"><span class="cl"><span class="sd"> binary: ".*"
</span></span></span><span class="line"><span class="cl"><span class="sd"> args: ".*"
</span></span></span><span class="line"><span class="cl"><span class="sd"> return: ".*"
</span></span></span><span class="line"><span class="cl"><span class="sd"> action: "post"
</span></span></span><span class="line"><span class="cl"><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> monitoring:
</span></span></span><span class="line"><span class="cl"><span class="sd"> events:
</span></span></span><span class="line"><span class="cl"><span class="sd"> - process_exec
</span></span></span><span class="line"><span class="cl"><span class="sd"> - process_exit
</span></span></span><span class="line"><span class="cl"><span class="sd"> - process_kprobe
</span></span></span><span class="line"><span class="cl"><span class="sd"> - process_tracepoint</span><span class="w">
</span></span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://tetragon.io/"
>Learn about Tetragon</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="building-a-comprehensive-security-strategy">
Building a Comprehensive Security Strategy
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-security-tools/#building-a-comprehensive-security-strategy" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Building a Comprehensive Security Strategy" href="#building-a-comprehensive-security-strategy">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="security-layers">
Security Layers
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-security-tools/#security-layers" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Security Layers" href="#security-layers">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ol>
<li><strong>Infrastructure Security</strong>: Kube-Bench, Kube-Hunter</li>
<li><strong>Image Security</strong>: Trivy, SlimToolkit</li>
<li><strong>Runtime Security</strong>: Falco, Cilium Tetragon</li>
<li><strong>Policy Enforcement</strong>: OPA/Gatekeeper, Kyverno</li>
<li><strong>Compliance</strong>: K-Rail, custom policies</li>
</ol>
<div class="gblog-post__anchorwrap">
<h3 id="implementation-roadmap">
Implementation Roadmap
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-security-tools/#implementation-roadmap" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Implementation Roadmap" href="#implementation-roadmap">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ol>
<li>
<p><strong>Phase 1: Foundation</strong></p>
<ul>
<li>Deploy Kube-Bench for baseline security</li>
<li>Implement Trivy for image scanning</li>
<li>Set up basic policy enforcement</li>
</ul>
</li>
<li>
<p><strong>Phase 2: Runtime Protection</strong></p>
<ul>
<li>Deploy Falco for runtime monitoring</li>
<li>Implement Kyverno policies</li>
<li>Configure alerting and notifications</li>
</ul>
</li>
<li>
<p><strong>Phase 3: Advanced Security</strong></p>
<ul>
<li>Deploy Cilium Tetragon</li>
<li>Implement custom OPA policies</li>
<li>Set up comprehensive monitoring</li>
</ul>
</li>
</ol>
<div class="gblog-post__anchorwrap">
<h3 id="best-practices">
Best Practices
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-security-tools/#best-practices" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Best Practices" href="#best-practices">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ol>
<li><strong>Defense in Depth</strong>: Implement multiple security layers</li>
<li><strong>Least Privilege</strong>: Use RBAC and security contexts</li>
<li><strong>Regular Scanning</strong>: Automate vulnerability scanning</li>
<li><strong>Policy as Code</strong>: Version control all security policies</li>
<li><strong>Monitoring and Alerting</strong>: Set up comprehensive monitoring</li>
<li><strong>Incident Response</strong>: Prepare for security incidents</li>
<li><strong>Training</strong>: Educate teams on security best practices</li>
</ol>
<div class="gblog-post__anchorwrap">
<h2 id="conclusion">
Conclusion
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-security-tools/#conclusion" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Conclusion" href="#conclusion">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>Kubernetes security requires a multi-layered approach that addresses infrastructure, application, and runtime security concerns. The tools outlined above provide comprehensive coverage for securing Kubernetes environments.</p>
<p>Start with the foundational tools (Kube-Bench, Trivy) and gradually implement more advanced solutions based on your security requirements and risk profile. Remember that security is an ongoing process that requires regular assessment, updates, and monitoring.</p>
<p>For organizations with compliance requirements, ensure that your security tools and policies align with relevant standards (CIS, NIST, SOC 2, etc.) and maintain proper documentation for audits and assessments.</p>
<p>For more information about Kubernetes security, visit the <a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/security/"
>official Kubernetes security documentation</a> and the <a
class="gblog-markdown__link"
href="https://landscape.cncf.io/card-mode?category=security&grouping=category"
>CNCF security landscape</a>.</p>Getting Started with Kubernetes on DigitalOcean: A Beginner's Guidehttps://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/2025-08-15T00:00:00+00:002025-07-04T14:53:10-04:00
<p>Kubernetes can seem overwhelming for beginners, but DigitalOcean’s managed Kubernetes service (DOKS) provides an excellent entry point into the world of container orchestration. With its simplified setup, competitive pricing, and excellent documentation, DigitalOcean makes it easy to get started with Kubernetes without the complexity of managing your own cluster infrastructure.</p>
<div class="gblog-post__anchorwrap">
<h2 id="why-choose-digitalocean-for-kubernetes">
Why Choose DigitalOcean for Kubernetes?
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#why-choose-digitalocean-for-kubernetes" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Why Choose DigitalOcean for Kubernetes?" href="#why-choose-digitalocean-for-kubernetes">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="managed-service-benefits">
Managed Service Benefits
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#managed-service-benefits" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Managed Service Benefits" href="#managed-service-benefits">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>DigitalOcean Kubernetes (DOKS) eliminates the operational overhead of managing cluster infrastructure while providing a production-ready Kubernetes environment.</p>
<p><strong>Key Advantages:</strong></p>
<ul>
<li><strong>Zero Infrastructure Management</strong>: DigitalOcean handles control plane updates, security patches, and infrastructure scaling</li>
<li><strong>Simple Setup</strong>: Create a cluster in minutes through the web interface or CLI</li>
<li><strong>Cost-Effective</strong>: Transparent pricing with no hidden fees or complex billing</li>
<li><strong>Global Presence</strong>: Multiple data centers for low-latency deployments</li>
<li><strong>Excellent Documentation</strong>: Comprehensive guides and tutorials for all skill levels</li>
</ul>
<p><strong>Pricing Transparency:</strong></p>
<ul>
<li><strong>Control Plane</strong>: Free (managed by DigitalOcean)</li>
<li><strong>Worker Nodes</strong>: Pay only for the compute resources you use</li>
<li><strong>Load Balancers</strong>: $12/month per load balancer</li>
<li><strong>Block Storage</strong>: $0.10/GB/month</li>
<li><strong>No Data Transfer Fees</strong>: Between DOKS and other DigitalOcean services</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="perfect-for-learning-and-development">
Perfect for Learning and Development
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#perfect-for-learning-and-development" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Perfect for Learning and Development" href="#perfect-for-learning-and-development">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>DOKS is particularly well-suited for:</p>
<ul>
<li><strong>Learning Kubernetes</strong>: Focus on concepts without infrastructure complexity</li>
<li><strong>Development Environments</strong>: Quick setup and teardown for testing</li>
<li><strong>Small to Medium Applications</strong>: Production workloads with reasonable scale</li>
<li><strong>Proof of Concepts</strong>: Rapid prototyping and experimentation</li>
</ul>
<p><a
class="gblog-markdown__link"
href="https://docs.digitalocean.com/products/kubernetes/"
>Learn more about DigitalOcean Kubernetes</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="setting-up-your-first-cluster">
Setting Up Your First Cluster
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#setting-up-your-first-cluster" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Setting Up Your First Cluster" href="#setting-up-your-first-cluster">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="prerequisites">
Prerequisites
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#prerequisites" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Prerequisites" href="#prerequisites">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Before creating your cluster, ensure you have:</p>
<ul>
<li>A DigitalOcean account (sign up with our <a
class="gblog-markdown__link"
href="https://m.do.co/c/kubernetes-starter"
>referral link</a> for $200 in credits)</li>
<li>Basic understanding of containers and Docker</li>
<li>Familiarity with command-line tools</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="step-1-create-your-cluster">
Step 1: Create Your Cluster
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#step-1-create-your-cluster" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Step 1: Create Your Cluster" href="#step-1-create-your-cluster">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Via Web Interface:</strong></p>
<ol>
<li>Log into your DigitalOcean account</li>
<li>Navigate to Kubernetes in the left sidebar</li>
<li>Click “Create Cluster”</li>
<li>Choose your cluster configuration:
<ul>
<li><strong>Region</strong>: Select the closest to your users</li>
<li><strong>Kubernetes Version</strong>: Latest stable version (recommended)</li>
<li><strong>Node Pool</strong>: Start with 2-3 nodes for learning</li>
<li><strong>Node Size</strong>: 2GB RAM, 1 vCPU for development workloads</li>
</ul>
</li>
</ol>
<p><strong>Via doctl CLI:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Install doctl (DigitalOcean CLI)</span>
</span></span><span class="line"><span class="cl"><span class="c1"># macOS</span>
</span></span><span class="line"><span class="cl">brew install doctl
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Linux</span>
</span></span><span class="line"><span class="cl">snap install doctl
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Authenticate with your DigitalOcean account</span>
</span></span><span class="line"><span class="cl">doctl auth init
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Create a cluster</span>
</span></span><span class="line"><span class="cl">doctl kubernetes cluster create my-first-cluster <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --region nyc1 <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --size s-2vcpu-4gb <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --count <span class="m">2</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --version 1.28
</span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="step-2-configure-kubectl">
Step 2: Configure kubectl
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#step-2-configure-kubectl" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Step 2: Configure kubectl" href="#step-2-configure-kubectl">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Download kubeconfig:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Get your cluster's kubeconfig</span>
</span></span><span class="line"><span class="cl">doctl kubernetes cluster kubeconfig save my-first-cluster
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Verify connection</span>
</span></span><span class="line"><span class="cl">kubectl cluster-info
</span></span><span class="line"><span class="cl">kubectl get nodes
</span></span></code></pre></div><p><strong>Expected Output:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">$ kubectl get nodes
</span></span><span class="line"><span class="cl">NAME STATUS ROLES AGE VERSION
</span></span><span class="line"><span class="cl">pool-abc123-def456-1 Ready <none> 5m v1.28.0
</span></span><span class="line"><span class="cl">pool-abc123-def456-2 Ready <none> 5m v1.28.0
</span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://docs.digitalocean.com/products/kubernetes/how-to/create-clusters/"
>Learn more about cluster setup</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="deploying-your-first-application">
Deploying Your First Application
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#deploying-your-first-application" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Deploying Your First Application" href="#deploying-your-first-application">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="step-1-create-a-simple-application">
Step 1: Create a Simple Application
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#step-1-create-a-simple-application" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Step 1: Create a Simple Application" href="#step-1-create-a-simple-application">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Create a namespace for your application:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">kubectl create namespace my-app
</span></span><span class="line"><span class="cl">kubectl config set-context --current --namespace<span class="o">=</span>my-app
</span></span></code></pre></div><p><strong>Deploy a sample application:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># app-deployment.yaml</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">apps/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Deployment</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">hello-world</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">my-app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">replicas</span><span class="p">:</span><span class="w"> </span><span class="m">3</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">hello-world</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">template</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">labels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">hello-world</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">hello-world</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">nginx:latest</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">containerPort</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">resources</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">requests</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="s2">"64Mi"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="s2">"250m"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">limits</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="s2">"128Mi"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="s2">"500m"</span><span class="w">
</span></span></span></code></pre></div><p><strong>Apply the deployment:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">kubectl apply -f app-deployment.yaml
</span></span><span class="line"><span class="cl">kubectl get pods
</span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="step-2-expose-your-application">
Step 2: Expose Your Application
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#step-2-expose-your-application" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Step 2: Expose Your Application" href="#step-2-expose-your-application">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Create a service:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># app-service.yaml</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">hello-world-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">my-app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">hello-world</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l">TCP</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">targetPort</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">ClusterIP</span><span class="w">
</span></span></span></code></pre></div><p><strong>Create a load balancer:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># app-ingress.yaml</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">hello-world-lb</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">my-app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">hello-world</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l">TCP</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">targetPort</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">LoadBalancer</span><span class="w">
</span></span></span></code></pre></div><p><strong>Apply the services:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">kubectl apply -f app-service.yaml
</span></span><span class="line"><span class="cl">kubectl apply -f app-ingress.yaml
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Check the load balancer IP</span>
</span></span><span class="line"><span class="cl">kubectl get service hello-world-lb
</span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://docs.digitalocean.com/products/kubernetes/how-to/deploy-applications/"
>Learn more about deploying applications</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="essential-kubernetes-concepts-to-master">
Essential Kubernetes Concepts to Master
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#essential-kubernetes-concepts-to-master" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Essential Kubernetes Concepts to Master" href="#essential-kubernetes-concepts-to-master">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-pods-and-deployments">
1. Pods and Deployments
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#1-pods-and-deployments" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Pods and Deployments" href="#1-pods-and-deployments">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Pods</strong> are the smallest deployable units in Kubernetes. A Pod can contain one or more containers that share the same network namespace and storage.</p>
<p><strong>Deployments</strong> manage the lifecycle of Pods, providing features like:</p>
<ul>
<li>Rolling updates and rollbacks</li>
<li>Scaling up and down</li>
<li>Self-healing (replacing failed Pods)</li>
</ul>
<p><strong>Example Deployment:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">apps/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Deployment</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">web-app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">replicas</span><span class="p">:</span><span class="w"> </span><span class="m">3</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">web-app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">template</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">labels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">web-app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">web-app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">my-app:latest</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">containerPort</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">livenessProbe</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">httpGet</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l">/health</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">initialDelaySeconds</span><span class="p">:</span><span class="w"> </span><span class="m">30</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">periodSeconds</span><span class="p">:</span><span class="w"> </span><span class="m">10</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">readinessProbe</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">httpGet</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l">/ready</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">initialDelaySeconds</span><span class="p">:</span><span class="w"> </span><span class="m">5</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">periodSeconds</span><span class="p">:</span><span class="w"> </span><span class="m">5</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="2-services-and-networking">
2. Services and Networking
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#2-services-and-networking" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Services and Networking" href="#2-services-and-networking">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Services</strong> provide stable network endpoints for your Pods, enabling:</p>
<ul>
<li>Load balancing across multiple Pods</li>
<li>Service discovery within the cluster</li>
<li>External access to your applications</li>
</ul>
<p><strong>Service Types:</strong></p>
<ul>
<li><strong>ClusterIP</strong>: Internal access only (default)</li>
<li><strong>NodePort</strong>: External access via node IP and port</li>
<li><strong>LoadBalancer</strong>: External access via cloud load balancer</li>
</ul>
<p><strong>Example Service:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">web-app-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">web-app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l">TCP</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">targetPort</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">LoadBalancer</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="3-configmaps-and-secrets">
3. ConfigMaps and Secrets
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#3-configmaps-and-secrets" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. ConfigMaps and Secrets" href="#3-configmaps-and-secrets">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>ConfigMaps</strong> store non-sensitive configuration data:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ConfigMap</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">app-config</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">data</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">database_url</span><span class="p">:</span><span class="w"> </span><span class="s2">"postgresql://db.example.com:5432/mydb"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">log_level</span><span class="p">:</span><span class="w"> </span><span class="s2">"INFO"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">feature_flags</span><span class="p">:</span><span class="w"> </span><span class="p">|</span><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> enable_cache=true
</span></span></span><span class="line"><span class="cl"><span class="sd"> debug_mode=false</span><span class="w">
</span></span></span></code></pre></div><p><strong>Secrets</strong> store sensitive data like passwords and API keys:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Secret</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">app-secrets</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">Opaque</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">data</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">db_password</span><span class="p">:</span><span class="w"> </span><span class="l">cGFzc3dvcmQxMjM= </span><span class="w"> </span><span class="c"># base64 encoded</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">api_key</span><span class="p">:</span><span class="w"> </span><span class="l">YXBpLWtleS1oZXJl</span><span class="w">
</span></span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/"
>Learn more about Kubernetes concepts</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="monitoring-and-observability">
Monitoring and Observability
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#monitoring-and-observability" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Monitoring and Observability" href="#monitoring-and-observability">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="built-in-monitoring">
Built-in Monitoring
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#built-in-monitoring" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Built-in Monitoring" href="#built-in-monitoring">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>DigitalOcean provides:</strong></p>
<ul>
<li><strong>Cluster Metrics</strong>: CPU, memory, and disk usage</li>
<li><strong>Node Health</strong>: Status and performance monitoring</li>
<li><strong>Application Metrics</strong>: Pod-level resource consumption</li>
<li><strong>Logs</strong>: Centralized logging for troubleshooting</li>
</ul>
<p><strong>Access monitoring data:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># View cluster metrics</span>
</span></span><span class="line"><span class="cl">kubectl top nodes
</span></span><span class="line"><span class="cl">kubectl top pods
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Check resource usage</span>
</span></span><span class="line"><span class="cl">kubectl describe nodes
</span></span><span class="line"><span class="cl">kubectl describe pods
</span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="setting-up-prometheus-and-grafana">
Setting Up Prometheus and Grafana
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#setting-up-prometheus-and-grafana" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Setting Up Prometheus and Grafana" href="#setting-up-prometheus-and-grafana">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Install monitoring stack:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Add Prometheus Helm repository</span>
</span></span><span class="line"><span class="cl">helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
</span></span><span class="line"><span class="cl">helm repo update
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Install Prometheus and Grafana</span>
</span></span><span class="line"><span class="cl">helm install monitoring prometheus-community/kube-prometheus-stack <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --namespace monitoring <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --create-namespace
</span></span></code></pre></div><p><strong>Access Grafana:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Port forward to access Grafana</span>
</span></span><span class="line"><span class="cl">kubectl port-forward -n monitoring svc/monitoring-grafana 3000:80
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Default credentials: admin / prom-operator</span>
</span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://docs.digitalocean.com/products/kubernetes/how-to/monitor-clusters/"
>Learn more about monitoring</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="security-best-practices">
Security Best Practices
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#security-best-practices" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Security Best Practices" href="#security-best-practices">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-network-policies">
1. Network Policies
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#1-network-policies" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Network Policies" href="#1-network-policies">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Implement network segmentation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">NetworkPolicy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">default-deny</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">my-app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">podSelector</span><span class="p">:</span><span class="w"> </span>{}<span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">policyTypes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">Ingress</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">Egress</span><span class="w">
</span></span></span></code></pre></div><p><strong>Allow specific traffic:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">NetworkPolicy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">allow-frontend-to-api</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">my-app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">podSelector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">api-server</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">policyTypes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">Ingress</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ingress</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">from</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">podSelector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">frontend</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l">TCP</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="2-pod-security-standards">
2. Pod Security Standards
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#2-pod-security-standards" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Pod Security Standards" href="#2-pod-security-standards">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Apply restricted security context:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Pod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">secure-pod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">labels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">pod-security.kubernetes.io/enforce</span><span class="p">:</span><span class="w"> </span><span class="l">restricted</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">securityContext</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">runAsNonRoot</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">runAsUser</span><span class="p">:</span><span class="w"> </span><span class="m">1000</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">my-app:latest</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">securityContext</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">allowPrivilegeEscalation</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">readOnlyRootFilesystem</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">capabilities</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">drop</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">ALL</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="3-rbac-role-based-access-control">
3. RBAC (Role-Based Access Control)
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#3-rbac-role-based-access-control" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. RBAC (Role-Based Access Control)" href="#3-rbac-role-based-access-control">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Create service accounts with minimal permissions:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ServiceAccount</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">app-service-account</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">my-app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nn">---</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">rbac.authorization.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Role</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">app-role</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">my-app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span>- <span class="nt">apiGroups</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">""</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">resources</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"pods"</span><span class="p">,</span><span class="w"> </span><span class="s2">"services"</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">verbs</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"get"</span><span class="p">,</span><span class="w"> </span><span class="s2">"list"</span><span class="p">,</span><span class="w"> </span><span class="s2">"watch"</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nn">---</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">rbac.authorization.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">RoleBinding</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">app-role-binding</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">my-app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">subjects</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span>- <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ServiceAccount</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">app-service-account</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">my-app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">roleRef</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Role</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">app-role</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">apiGroup</span><span class="p">:</span><span class="w"> </span><span class="l">rbac.authorization.k8s.io</span><span class="w">
</span></span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/security/"
>Learn more about Kubernetes security</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="cost-optimization-strategies">
Cost Optimization Strategies
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#cost-optimization-strategies" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Cost Optimization Strategies" href="#cost-optimization-strategies">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-right-sizing-resources">
1. Right-sizing Resources
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#1-right-sizing-resources" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Right-sizing Resources" href="#1-right-sizing-resources">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Monitor resource usage:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Check current resource usage</span>
</span></span><span class="line"><span class="cl">kubectl top pods
</span></span><span class="line"><span class="cl">kubectl top nodes
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Analyze resource requests vs. actual usage</span>
</span></span><span class="line"><span class="cl">kubectl describe pods
</span></span></code></pre></div><p><strong>Optimize resource requests:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">resources</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">requests</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="s2">"256Mi"</span><span class="w"> </span><span class="c"># Based on actual usage</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="s2">"250m"</span><span class="w"> </span><span class="c"># Based on actual usage</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">limits</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="s2">"512Mi"</span><span class="w"> </span><span class="c"># 2x requests for safety</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="s2">"500m"</span><span class="w"> </span><span class="c"># 2x requests for safety</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="2-autoscaling">
2. Autoscaling
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#2-autoscaling" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Autoscaling" href="#2-autoscaling">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Implement Horizontal Pod Autoscaler:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">autoscaling/v2</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HorizontalPodAutoscaler</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">web-app-hpa</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">scaleTargetRef</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">apps/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Deployment</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">web-app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">minReplicas</span><span class="p">:</span><span class="w"> </span><span class="m">2</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">maxReplicas</span><span class="p">:</span><span class="w"> </span><span class="m">10</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">metrics</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">Resource</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">resource</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">cpu</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">target</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">Utilization</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">averageUtilization</span><span class="p">:</span><span class="w"> </span><span class="m">70</span><span class="w">
</span></span></span></code></pre></div><p><strong>Cluster Autoscaler:</strong>
DigitalOcean automatically scales your cluster based on demand, but you can optimize by:</p>
<ul>
<li>Setting appropriate minimum and maximum node counts</li>
<li>Using node pools with different instance types</li>
<li>Implementing proper resource requests and limits</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="3-storage-optimization">
3. Storage Optimization
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#3-storage-optimization" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Storage Optimization" href="#3-storage-optimization">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Use appropriate storage classes:</strong></p>
<ul>
<li><strong>SSD Block Storage</strong>: For high-performance workloads</li>
<li><strong>Standard Block Storage</strong>: For cost-sensitive applications</li>
<li><strong>Object Storage</strong>: For large, infrequently accessed data</li>
</ul>
<p><strong>Implement storage policies:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">PersistentVolumeClaim</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">app-storage</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">accessModes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">ReadWriteOnce</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">storageClassName</span><span class="p">:</span><span class="w"> </span><span class="l">do-block-storage</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">resources</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">requests</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">storage</span><span class="p">:</span><span class="w"> </span><span class="l">10Gi</span><span class="w">
</span></span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://docs.digitalocean.com/products/kubernetes/how-to/optimize-clusters/"
>Learn more about cost optimization</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="learning-path-and-next-steps">
Learning Path and Next Steps
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#learning-path-and-next-steps" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Learning Path and Next Steps" href="#learning-path-and-next-steps">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="beginner-level-0-3-months">
Beginner Level (0-3 months)
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#beginner-level-0-3-months" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Beginner Level (0-3 months)" href="#beginner-level-0-3-months">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ol>
<li>
<p><strong>Kubernetes Fundamentals</strong></p>
<ul>
<li>Complete the <a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/tutorials/"
>official Kubernetes tutorials</a></li>
<li>Practice with kubectl commands</li>
<li>Deploy simple applications</li>
</ul>
</li>
<li>
<p><strong>DigitalOcean Specific</strong></p>
<ul>
<li>Explore DOKS features and limitations</li>
<li>Learn about DigitalOcean’s networking and storage</li>
<li>Practice with load balancers and block storage</li>
</ul>
</li>
<li>
<p><strong>Basic Operations</strong></p>
<ul>
<li>Monitor application health</li>
<li>Scale applications up and down</li>
<li>Perform rolling updates</li>
</ul>
</li>
</ol>
<div class="gblog-post__anchorwrap">
<h3 id="intermediate-level-3-6-months">
Intermediate Level (3-6 months)
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#intermediate-level-3-6-months" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Intermediate Level (3-6 months)" href="#intermediate-level-3-6-months">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ol>
<li>
<p><strong>Advanced Concepts</strong></p>
<ul>
<li>StatefulSets and persistent storage</li>
<li>ConfigMaps and Secrets management</li>
<li>Network policies and security</li>
</ul>
</li>
<li>
<p><strong>Observability</strong></p>
<ul>
<li>Set up monitoring with Prometheus/Grafana</li>
<li>Implement centralized logging</li>
<li>Create dashboards and alerts</li>
</ul>
</li>
<li>
<p><strong>CI/CD Integration</strong></p>
<ul>
<li>Integrate with GitHub Actions or GitLab CI</li>
<li>Implement GitOps workflows</li>
<li>Automate deployments</li>
</ul>
</li>
</ol>
<div class="gblog-post__anchorwrap">
<h3 id="advanced-level-6-months">
Advanced Level (6+ months)
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#advanced-level-6-months" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Advanced Level (6+ months)" href="#advanced-level-6-months">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ol>
<li>
<p><strong>Multi-cluster Management</strong></p>
<ul>
<li>Federation and multi-cluster deployments</li>
<li>Disaster recovery strategies</li>
<li>Cross-cluster service mesh</li>
</ul>
</li>
<li>
<p><strong>Performance Optimization</strong></p>
<ul>
<li>Resource optimization and tuning</li>
<li>Performance monitoring and analysis</li>
<li>Capacity planning</li>
</ul>
</li>
<li>
<p><strong>Security Hardening</strong></p>
<ul>
<li>Advanced RBAC configurations</li>
<li>Pod security policies</li>
<li>Compliance and auditing</li>
</ul>
</li>
</ol>
<div class="gblog-post__anchorwrap">
<h2 id="real-world-project-ideas">
Real-world Project Ideas
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#real-world-project-ideas" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Real-world Project Ideas" href="#real-world-project-ideas">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-web-application-stack">
1. Web Application Stack
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#1-web-application-stack" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Web Application Stack" href="#1-web-application-stack">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Deploy a complete web application with:</p>
<ul>
<li>Frontend (React/Vue.js)</li>
<li>Backend API (Node.js/Python)</li>
<li>Database (PostgreSQL/MySQL)</li>
<li>Redis for caching</li>
<li>Load balancer and ingress</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="2-microservices-architecture">
2. Microservices Architecture
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#2-microservices-architecture" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Microservices Architecture" href="#2-microservices-architecture">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Build a microservices application with:</p>
<ul>
<li>Service discovery and communication</li>
<li>API gateway</li>
<li>Distributed tracing</li>
<li>Centralized logging</li>
<li>Monitoring and alerting</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="3-data-pipeline">
3. Data Pipeline
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#3-data-pipeline" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Data Pipeline" href="#3-data-pipeline">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Create a data processing pipeline with:</p>
<ul>
<li>Message queues (RabbitMQ/Kafka)</li>
<li>Stream processing</li>
<li>Data storage and analytics</li>
<li>Visualization dashboards</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="4-machine-learning-platform">
4. Machine Learning Platform
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#4-machine-learning-platform" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 4. Machine Learning Platform" href="#4-machine-learning-platform">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Deploy ML workloads with:</p>
<ul>
<li>Jupyter notebooks</li>
<li>Model training and serving</li>
<li>GPU acceleration</li>
<li>Model versioning and deployment</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="troubleshooting-common-issues">
Troubleshooting Common Issues
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#troubleshooting-common-issues" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Troubleshooting Common Issues" href="#troubleshooting-common-issues">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-pod-stuck-in-pending-state">
1. Pod Stuck in Pending State
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#1-pod-stuck-in-pending-state" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Pod Stuck in Pending State" href="#1-pod-stuck-in-pending-state">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Check node resources</span>
</span></span><span class="line"><span class="cl">kubectl describe nodes
</span></span><span class="line"><span class="cl">kubectl top nodes
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Check Pod events</span>
</span></span><span class="line"><span class="cl">kubectl describe pod <pod-name>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Check resource requests</span>
</span></span><span class="line"><span class="cl">kubectl get pods -o wide
</span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="2-service-not-accessible">
2. Service Not Accessible
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#2-service-not-accessible" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Service Not Accessible" href="#2-service-not-accessible">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Check service endpoints</span>
</span></span><span class="line"><span class="cl">kubectl get endpoints <service-name>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Check Pod labels</span>
</span></span><span class="line"><span class="cl">kubectl get pods --show-labels
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Test service connectivity</span>
</span></span><span class="line"><span class="cl">kubectl run test-pod --image<span class="o">=</span>busybox --rm -it --restart<span class="o">=</span>Never -- nslookup <service-name>
</span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="3-high-resource-usage">
3. High Resource Usage
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#3-high-resource-usage" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. High Resource Usage" href="#3-high-resource-usage">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Check resource usage</span>
</span></span><span class="line"><span class="cl">kubectl top pods
</span></span><span class="line"><span class="cl">kubectl top nodes
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Analyze resource requests vs. limits</span>
</span></span><span class="line"><span class="cl">kubectl describe pods
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Check for resource leaks</span>
</span></span><span class="line"><span class="cl">kubectl logs <pod-name>
</span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="4-network-connectivity-issues">
4. Network Connectivity Issues
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#4-network-connectivity-issues" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 4. Network Connectivity Issues" href="#4-network-connectivity-issues">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Check network policies</span>
</span></span><span class="line"><span class="cl">kubectl get networkpolicies
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Test Pod-to-Pod connectivity</span>
</span></span><span class="line"><span class="cl">kubectl run test-pod --image<span class="o">=</span>busybox --rm -it --restart<span class="o">=</span>Never -- wget -O- <service-name>:<port>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Check DNS resolution</span>
</span></span><span class="line"><span class="cl">kubectl run test-pod --image<span class="o">=</span>busybox --rm -it --restart<span class="o">=</span>Never -- nslookup kubernetes.default
</span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h2 id="conclusion">
Conclusion
<a data-clipboard-text="https://k8s-ops.net/posts/getting-started-with-kubernetes-digitalocean/#conclusion" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Conclusion" href="#conclusion">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>DigitalOcean Kubernetes provides an excellent platform for learning and deploying Kubernetes applications. With its managed service approach, competitive pricing, and comprehensive documentation, DOKS eliminates much of the complexity associated with running Kubernetes while providing a production-ready environment.</p>
<p>Key takeaways for beginners:</p>
<ul>
<li><strong>Start Simple</strong>: Begin with basic deployments and gradually add complexity</li>
<li><strong>Use Managed Services</strong>: Let DigitalOcean handle infrastructure management</li>
<li><strong>Practice Regularly</strong>: Deploy and experiment with different applications</li>
<li><strong>Monitor Everything</strong>: Set up observability from the beginning</li>
<li><strong>Follow Security Best Practices</strong>: Implement security measures early</li>
<li><strong>Optimize Costs</strong>: Monitor resource usage and implement autoscaling</li>
</ul>
<p>Remember that Kubernetes is a journey, not a destination. Start with the basics, build confidence with simple applications, and gradually explore more advanced features. DigitalOcean’s platform makes this learning process much more accessible and cost-effective.</p>
<p>For continued learning, explore the <a
class="gblog-markdown__link"
href="https://docs.digitalocean.com/products/kubernetes/"
>DigitalOcean Kubernetes documentation</a>, <a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/tutorials/"
>official Kubernetes tutorials</a>, and the vibrant Kubernetes community.</p>
<p>Ready to get started? <a
class="gblog-markdown__link"
href="https://m.do.co/c/kubernetes-starter"
>Sign up for DigitalOcean</a> and receive $200 in credits to begin your Kubernetes journey today!</p>Advanced Kubernetes Interview Questions (2025 Edition)https://k8s-ops.net/posts/advanced-kubernetes-interview-questions-2025/2025-07-01T00:00:00+00:002025-07-04T14:53:10-04:00
<p>For senior Kubernetes roles, interviewers expect deep technical knowledge, architectural understanding, and the ability to solve complex problems. This guide covers advanced concepts that demonstrate expertise in Kubernetes internals, troubleshooting, and system design.</p>
<div class="gblog-post__anchorwrap">
<h2 id="how-does-kubernetes-handle-pod-scheduling-and-what-factors-influence-it">
How does Kubernetes handle Pod scheduling and what factors influence it?
<a data-clipboard-text="https://k8s-ops.net/posts/advanced-kubernetes-interview-questions-2025/#how-does-kubernetes-handle-pod-scheduling-and-what-factors-influence-it" class="gblog-post__anchor clip flex align-center" aria-label="Anchor How does Kubernetes handle Pod scheduling and what factors influence it?" href="#how-does-kubernetes-handle-pod-scheduling-and-what-factors-influence-it">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Expected Answer:</strong>
Pod scheduling involves multiple components working together to place Pods on appropriate nodes based on various constraints and requirements.</p>
<p><strong>Scheduling Process:</strong></p>
<ol>
<li><strong>Predicates</strong>: Hard requirements that must be met (resource availability, node selectors)</li>
<li><strong>Priorities</strong>: Soft requirements that influence node selection (resource distribution, affinity)</li>
<li><strong>Binding</strong>: Final placement decision and Pod-to-node binding</li>
</ol>
<p><strong>Key Factors:</strong></p>
<ul>
<li><strong>Resource Requests/Limits</strong>: CPU and memory requirements</li>
<li><strong>Node Selectors</strong>: Hard node affinity rules</li>
<li><strong>Node Affinity</strong>: Soft node preference rules</li>
<li><strong>Pod Affinity/Anti-affinity</strong>: Pod placement relative to other Pods</li>
<li><strong>Taints and Tolerations</strong>: Node isolation and Pod acceptance</li>
<li><strong>Resource Distribution</strong>: Spread Pods across nodes for better resource utilization</li>
</ul>
<p><strong>Example Configuration:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Pod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">my-pod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">nodeSelector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">disk</span><span class="p">:</span><span class="w"> </span><span class="l">ssd</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">affinity</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">nodeAffinity</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">preferredDuringSchedulingIgnoredDuringExecution</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">weight</span><span class="p">:</span><span class="w"> </span><span class="m">1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">preference</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchExpressions</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l">zone</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">operator</span><span class="p">:</span><span class="w"> </span><span class="l">In</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">values</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">us-west-2a</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">podAffinity</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">requiredDuringSchedulingIgnoredDuringExecution</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">labelSelector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchExpressions</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l">app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">operator</span><span class="p">:</span><span class="w"> </span><span class="l">In</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">values</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">database</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">topologyKey</span><span class="p">:</span><span class="w"> </span><span class="l">kubernetes.io/hostname</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">tolerations</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="s2">"dedicated"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">operator</span><span class="p">:</span><span class="w"> </span><span class="s2">"Equal"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s2">"database"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">effect</span><span class="p">:</span><span class="w"> </span><span class="s2">"NoSchedule"</span><span class="w">
</span></span></span></code></pre></div><p><strong>Example Response:</strong>
“The scheduler uses a two-phase approach: predicates and priorities. Predicates are hard requirements like resource availability and node selectors. Priorities are soft requirements that score nodes based on factors like resource distribution and affinity rules. The scheduler also considers taints and tolerations for node isolation, and can use custom schedulers for specialized workloads. For example, you might want database Pods to avoid being scheduled on the same node for high availability.”</p>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/scheduling-eviction/kube-scheduler/"
>Learn more about Scheduling</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="explain-the-difference-between-init-containers-and-sidecar-containers">
Explain the difference between Init Containers and Sidecar Containers.
<a data-clipboard-text="https://k8s-ops.net/posts/advanced-kubernetes-interview-questions-2025/#explain-the-difference-between-init-containers-and-sidecar-containers" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Explain the difference between Init Containers and Sidecar Containers." href="#explain-the-difference-between-init-containers-and-sidecar-containers">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Expected Answer:</strong>
Both patterns extend Pod functionality, but they serve different purposes and have different execution models.</p>
<p><strong>Init Containers:</strong></p>
<ul>
<li><strong>Purpose</strong>: Setup and initialization tasks that must complete before the main container starts</li>
<li><strong>Execution</strong>: Run sequentially, all must succeed before main container starts</li>
<li><strong>Lifecycle</strong>: Run once during Pod startup, then terminate</li>
<li><strong>Use Cases</strong>: Database migrations, configuration downloads, dependency checks</li>
<li><strong>Restart Policy</strong>: Always restart on failure</li>
</ul>
<p><strong>Sidecar Containers:</strong></p>
<ul>
<li><strong>Purpose</strong>: Support and enhance the main application container</li>
<li><strong>Execution</strong>: Run alongside the main container throughout its lifecycle</li>
<li><strong>Lifecycle</strong>: Start with main container and run until Pod termination</li>
<li><strong>Use Cases</strong>: Logging, monitoring, caching, security proxies</li>
<li><strong>Restart Policy</strong>: Follows main container restart policy</li>
</ul>
<p><strong>Init Container Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Pod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">my-app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">initContainers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">init-db</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">postgres:13</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">command</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s1">'sh'</span><span class="p">,</span><span class="w"> </span><span class="s1">'-c'</span><span class="p">,</span><span class="w"> </span><span class="s1">'until pg_isready -h db-service; do echo waiting for database; sleep 2; done;'</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">init-config</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">busybox</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">command</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s1">'sh'</span><span class="p">,</span><span class="w"> </span><span class="s1">'-c'</span><span class="p">,</span><span class="w"> </span><span class="s1">'wget -O /config/app.conf https://config-server/app.conf'</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumeMounts</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">config-volume</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mountPath</span><span class="p">:</span><span class="w"> </span><span class="l">/config</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">my-app:latest</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumeMounts</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">config-volume</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mountPath</span><span class="p">:</span><span class="w"> </span><span class="l">/app/config</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">config-volume</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">emptyDir</span><span class="p">:</span><span class="w"> </span>{}<span class="w">
</span></span></span></code></pre></div><p><strong>Sidecar Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Pod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">my-app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">my-app:latest</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">containerPort</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">sidecar</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">fluentd:latest</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">command</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s1">'fluentd'</span><span class="p">,</span><span class="w"> </span><span class="s1">'-c'</span><span class="p">,</span><span class="w"> </span><span class="s1">'/fluentd/etc/fluent.conf'</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumeMounts</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">log-volume</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mountPath</span><span class="p">:</span><span class="w"> </span><span class="l">/var/log</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">log-volume</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">emptyDir</span><span class="p">:</span><span class="w"> </span>{}<span class="w">
</span></span></span></code></pre></div><p><strong>Example Response:</strong>
“Init containers run before your main application starts and are perfect for setup tasks like database migrations or downloading configuration. They run sequentially and all must succeed. Sidecar containers run alongside your main application throughout its lifecycle, handling cross-cutting concerns like logging, monitoring, or caching. For example, you might use an init container to wait for a database to be ready, then use a sidecar container for log aggregation that runs for the entire Pod lifecycle.”</p>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/workloads/pods/init-containers/"
>Learn more about Init Containers</a>
<a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/workloads/pods/#workload-resources-for-managing-pods"
>Learn more about Sidecar Pattern</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="how-does-kubernetes-handle-network-policies-and-what-are-the-implications">
How does Kubernetes handle network policies and what are the implications?
<a data-clipboard-text="https://k8s-ops.net/posts/advanced-kubernetes-interview-questions-2025/#how-does-kubernetes-handle-network-policies-and-what-are-the-implications" class="gblog-post__anchor clip flex align-center" aria-label="Anchor How does Kubernetes handle network policies and what are the implications?" href="#how-does-kubernetes-handle-network-policies-and-what-are-the-implications">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Expected Answer:</strong>
Network policies control Pod-to-Pod communication within the cluster, providing fine-grained network security controls.</p>
<p><strong>Network Policy Components:</strong></p>
<ul>
<li><strong>Pod Selectors</strong>: Define which Pods the policy applies to</li>
<li><strong>Ingress Rules</strong>: Control incoming traffic to Pods</li>
<li><strong>Egress Rules</strong>: Control outgoing traffic from Pods</li>
<li><strong>Policy Types</strong>: Ingress, Egress, or both</li>
<li><strong>Default Policies</strong>: Allow or deny all traffic by default</li>
</ul>
<p><strong>Implementation Requirements:</strong></p>
<ul>
<li><strong>CNI Plugin</strong>: Must support NetworkPolicy (e.g., Calico, Cilium, Weave Net)</li>
<li><strong>Policy Controller</strong>: Enforces the policies at the network level</li>
<li><strong>Namespace Isolation</strong>: Can be applied per namespace</li>
</ul>
<p><strong>Example Network Policy:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">NetworkPolicy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">api-network-policy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">production</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">podSelector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">api-server</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">policyTypes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">Ingress</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">Egress</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ingress</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">from</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">podSelector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">frontend</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">namespaceSelector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">monitoring</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l">TCP</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">egress</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">to</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">podSelector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">database</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l">TCP</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">5432</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">to</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">namespaceSelector</span><span class="p">:</span><span class="w"> </span>{}<span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l">UDP</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">53</span><span class="w">
</span></span></span></code></pre></div><p><strong>Default Deny Policy:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">NetworkPolicy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">default-deny</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">production</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">podSelector</span><span class="p">:</span><span class="w"> </span>{}<span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">policyTypes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">Ingress</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">Egress</span><span class="w">
</span></span></span></code></pre></div><p><strong>Example Response:</strong>
“Network policies provide microsegmentation at the Pod level. You can control which Pods can communicate with each other based on labels and namespaces. For example, you might allow only frontend Pods to talk to API Pods, and only API Pods to talk to database Pods. The key is that you need a CNI plugin that supports NetworkPolicy, and you should start with a default-deny policy and explicitly allow required traffic. This follows the principle of least privilege.”</p>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/services-networking/network-policies/"
>Learn more about Network Policies</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="explain-the-concept-of-pod-disruption-budgets-and-their-importance">
Explain the concept of Pod Disruption Budgets and their importance.
<a data-clipboard-text="https://k8s-ops.net/posts/advanced-kubernetes-interview-questions-2025/#explain-the-concept-of-pod-disruption-budgets-and-their-importance" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Explain the concept of Pod Disruption Budgets and their importance." href="#explain-the-concept-of-pod-disruption-budgets-and-their-importance">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Expected Answer:</strong>
Pod Disruption Budgets (PDBs) ensure application availability during voluntary disruptions like node maintenance, cluster upgrades, or scaling operations.</p>
<p><strong>PDB Concepts:</strong></p>
<ul>
<li><strong>Voluntary Disruptions</strong>: Planned operations that can cause Pod termination</li>
<li><strong>Involuntary Disruptions</strong>: Unplanned events like node failures</li>
<li><strong>Min Available</strong>: Minimum number of Pods that must be available</li>
<li><strong>Max Unavailable</strong>: Maximum number of Pods that can be unavailable</li>
<li><strong>Budget Enforcement</strong>: Prevents operations that would violate the budget</li>
</ul>
<p><strong>PDB Configuration:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">policy/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">PodDisruptionBudget</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">my-app-pdb</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">minAvailable</span><span class="p">:</span><span class="w"> </span><span class="m">2</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">my-app</span><span class="w">
</span></span></span></code></pre></div><p><strong>Alternative Configuration:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">policy/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">PodDisruptionBudget</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">my-app-pdb</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">maxUnavailable</span><span class="p">:</span><span class="w"> </span><span class="m">1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">my-app</span><span class="w">
</span></span></span></code></pre></div><p><strong>Use Cases:</strong></p>
<ul>
<li><strong>High Availability</strong>: Ensure minimum number of replicas during maintenance</li>
<li><strong>Rolling Updates</strong>: Prevent too many Pods from being unavailable</li>
<li><strong>Node Draining</strong>: Control Pod eviction during node maintenance</li>
<li><strong>Cluster Scaling</strong>: Manage Pod termination during scale-down operations</li>
</ul>
<p><strong>Example Response:</strong>
“PDBs protect your applications during planned operations like node maintenance or cluster upgrades. For example, if you have 5 replicas of your application, you might set a PDB to ensure at least 3 are always available. This prevents operations that would leave you with fewer than 3 replicas. PDBs work with the eviction API, so when you drain a node or perform rolling updates, Kubernetes respects the budget and won’t terminate Pods if it would violate the PDB.”</p>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/workloads/pods/disruptions/"
>Learn more about Pod Disruption Budgets</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="how-does-kubernetes-handle-storage-and-what-are-the-different-volume-types">
How does Kubernetes handle storage and what are the different volume types?
<a data-clipboard-text="https://k8s-ops.net/posts/advanced-kubernetes-interview-questions-2025/#how-does-kubernetes-handle-storage-and-what-are-the-different-volume-types" class="gblog-post__anchor clip flex align-center" aria-label="Anchor How does Kubernetes handle storage and what are the different volume types?" href="#how-does-kubernetes-handle-storage-and-what-are-the-different-volume-types">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Expected Answer:</strong>
Kubernetes provides a flexible storage abstraction that supports various storage backends and access patterns.</p>
<p><strong>Storage Architecture:</strong></p>
<ul>
<li><strong>PersistentVolume (PV)</strong>: Cluster-wide storage resource</li>
<li><strong>PersistentVolumeClaim (PVC)</strong>: User’s request for storage</li>
<li><strong>StorageClass</strong>: Dynamic provisioning configuration</li>
<li><strong>Volume Plugin</strong>: Interface to storage backend</li>
</ul>
<p><strong>Volume Types:</strong></p>
<p><strong>1. Persistent Volumes:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">PersistentVolume</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">my-pv</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">capacity</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">storage</span><span class="p">:</span><span class="w"> </span><span class="l">10Gi</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">accessModes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">ReadWriteOnce</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">persistentVolumeReclaimPolicy</span><span class="p">:</span><span class="w"> </span><span class="l">Retain</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">storageClassName</span><span class="p">:</span><span class="w"> </span><span class="l">fast-ssd</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">hostPath</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l">/mnt/data</span><span class="w">
</span></span></span></code></pre></div><p><strong>2. Storage Classes:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">storage.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">StorageClass</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">fast-ssd</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">provisioner</span><span class="p">:</span><span class="w"> </span><span class="l">kubernetes.io/aws-ebs</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">parameters</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">gp3</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">iops</span><span class="p">:</span><span class="w"> </span><span class="s2">"3000"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">throughput</span><span class="p">:</span><span class="w"> </span><span class="s2">"125"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">reclaimPolicy</span><span class="p">:</span><span class="w"> </span><span class="l">Delete</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">volumeBindingMode</span><span class="p">:</span><span class="w"> </span><span class="l">WaitForFirstConsumer</span><span class="w">
</span></span></span></code></pre></div><p><strong>3. PVC Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">PersistentVolumeClaim</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">my-pvc</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">accessModes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">ReadWriteOnce</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">storageClassName</span><span class="p">:</span><span class="w"> </span><span class="l">fast-ssd</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">resources</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">requests</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">storage</span><span class="p">:</span><span class="w"> </span><span class="l">10Gi</span><span class="w">
</span></span></span></code></pre></div><p><strong>Volume Access Modes:</strong></p>
<ul>
<li><strong>ReadWriteOnce (RWO)</strong>: Single node read/write</li>
<li><strong>ReadOnlyMany (ROX)</strong>: Multiple nodes read-only</li>
<li><strong>ReadWriteMany (RWM)</strong>: Multiple nodes read/write</li>
</ul>
<p><strong>Example Response:</strong>
“Kubernetes abstracts storage through PVs and PVCs. PVs represent actual storage resources in the cluster, while PVCs are requests for storage by users. StorageClasses enable dynamic provisioning - when you create a PVC, Kubernetes automatically creates a PV that matches your requirements. Access modes determine how the volume can be mounted: RWO for single-node databases, RWM for shared file systems. The key is choosing the right storage class and access mode for your workload.”</p>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/storage/"
>Learn more about Storage</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="explain-the-concept-of-custom-resource-definitions-crds-and-their-use-cases">
Explain the concept of Custom Resource Definitions (CRDs) and their use cases.
<a data-clipboard-text="https://k8s-ops.net/posts/advanced-kubernetes-interview-questions-2025/#explain-the-concept-of-custom-resource-definitions-crds-and-their-use-cases" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Explain the concept of Custom Resource Definitions (CRDs) and their use cases." href="#explain-the-concept-of-custom-resource-definitions-crds-and-their-use-cases">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Expected Answer:</strong>
CRDs extend the Kubernetes API to support custom resources, enabling domain-specific abstractions and operators.</p>
<p><strong>CRD Components:</strong></p>
<ul>
<li><strong>Custom Resource</strong>: The new resource type you’re defining</li>
<li><strong>Custom Controller</strong>: Logic that manages the custom resource</li>
<li><strong>API Server</strong>: Handles CRUD operations for custom resources</li>
<li><strong>Validation</strong>: Schema validation for custom resources</li>
</ul>
<p><strong>CRD Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">apiextensions.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">CustomResourceDefinition</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">databases.example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">group</span><span class="p">:</span><span class="w"> </span><span class="l">example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">versions</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">served</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">storage</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">schema</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">openAPIV3Schema</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">object</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">properties</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">object</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">properties</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">databaseName</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">string</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">replicas</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">integer</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">minimum</span><span class="p">:</span><span class="w"> </span><span class="m">1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">maximum</span><span class="p">:</span><span class="w"> </span><span class="m">5</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">storage</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">object</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">properties</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">size</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">string</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">pattern</span><span class="p">:</span><span class="w"> </span><span class="s1">'^[0-9]+Gi$'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">scope</span><span class="p">:</span><span class="w"> </span><span class="l">Namespaced</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">names</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">plural</span><span class="p">:</span><span class="w"> </span><span class="l">databases</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">singular</span><span class="p">:</span><span class="w"> </span><span class="l">database</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Database</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">shortNames</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">db</span><span class="w">
</span></span></span></code></pre></div><p><strong>Custom Resource Instance:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">example.com/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Database</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">my-database</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">databaseName</span><span class="p">:</span><span class="w"> </span><span class="l">myapp</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">replicas</span><span class="p">:</span><span class="w"> </span><span class="m">3</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">storage</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">size</span><span class="p">:</span><span class="w"> </span><span class="l">100Gi</span><span class="w">
</span></span></span></code></pre></div><p><strong>Use Cases:</strong></p>
<ul>
<li><strong>Operators</strong>: Automate complex application lifecycle management</li>
<li><strong>Domain-Specific Abstractions</strong>: Create resources that match your business domain</li>
<li><strong>Integration</strong>: Bridge Kubernetes with external systems</li>
<li><strong>Automation</strong>: Encode operational knowledge in custom controllers</li>
</ul>
<p><strong>Example Response:</strong>
“CRDs let you extend Kubernetes with your own resource types. For example, instead of managing database deployments manually, you could create a Database CRD that represents a database instance. A custom controller would watch for Database resources and automatically create the necessary StatefulSets, Services, and PersistentVolumeClaims. This encapsulates operational knowledge and provides a higher-level abstraction that’s specific to your domain.”</p>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/"
>Learn more about CRDs</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="how-does-kubernetes-handle-security-contexts-and-what-are-the-implications">
How does Kubernetes handle security contexts and what are the implications?
<a data-clipboard-text="https://k8s-ops.net/posts/advanced-kubernetes-interview-questions-2025/#how-does-kubernetes-handle-security-contexts-and-what-are-the-implications" class="gblog-post__anchor clip flex align-center" aria-label="Anchor How does Kubernetes handle security contexts and what are the implications?" href="#how-does-kubernetes-handle-security-contexts-and-what-are-the-implications">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Expected Answer:</strong>
Security contexts control the security settings for Pods and containers, including user/group IDs, capabilities, and privilege levels.</p>
<p><strong>Security Context Levels:</strong></p>
<ul>
<li><strong>Pod Security Context</strong>: Applies to all containers in the Pod</li>
<li><strong>Container Security Context</strong>: Applies to specific containers</li>
<li><strong>Pod Security Standards</strong>: Cluster-wide security policies</li>
</ul>
<p><strong>Security Context Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Pod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">secure-pod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">securityContext</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">runAsNonRoot</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">runAsUser</span><span class="p">:</span><span class="w"> </span><span class="m">1000</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">runAsGroup</span><span class="p">:</span><span class="w"> </span><span class="m">3000</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">fsGroup</span><span class="p">:</span><span class="w"> </span><span class="m">2000</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">supplementalGroups</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="m">1000</span><span class="p">,</span><span class="w"> </span><span class="m">2000</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">my-app:latest</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">securityContext</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">allowPrivilegeEscalation</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">readOnlyRootFilesystem</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">capabilities</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">drop</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">ALL</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">seccompProfile</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">RuntimeDefault</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumeMounts</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">tmp</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mountPath</span><span class="p">:</span><span class="w"> </span><span class="l">/tmp</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">tmp</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">emptyDir</span><span class="p">:</span><span class="w"> </span>{}<span class="w">
</span></span></span></code></pre></div><p><strong>Pod Security Standards:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Pod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">restricted-pod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">labels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">pod-security.kubernetes.io/enforce</span><span class="p">:</span><span class="w"> </span><span class="l">restricted</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">pod-security.kubernetes.io/audit</span><span class="p">:</span><span class="w"> </span><span class="l">restricted</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">pod-security.kubernetes.io/warn</span><span class="p">:</span><span class="w"> </span><span class="l">restricted</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">securityContext</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">runAsNonRoot</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">runAsUser</span><span class="p">:</span><span class="w"> </span><span class="m">1000</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">my-app:latest</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">securityContext</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">allowPrivilegeEscalation</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">readOnlyRootFilesystem</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">capabilities</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">drop</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">ALL</span><span class="w">
</span></span></span></code></pre></div><p><strong>Security Implications:</strong></p>
<ul>
<li><strong>Privilege Escalation</strong>: Controls whether containers can gain additional privileges</li>
<li><strong>Root Access</strong>: Running as non-root reduces attack surface</li>
<li><strong>Capabilities</strong>: Fine-grained permission control</li>
<li><strong>Read-only Filesystem</strong>: Prevents runtime modifications</li>
<li><strong>Seccomp Profiles</strong>: System call filtering</li>
</ul>
<p><strong>Example Response:</strong>
“Security contexts control how containers run in terms of user identity, capabilities, and privilege levels. Running as non-root and with read-only filesystems significantly reduces the attack surface. Pod Security Standards provide cluster-wide policies that enforce security best practices. For example, the restricted policy requires non-root execution, drops all capabilities, and uses read-only filesystems. This follows the principle of least privilege.”</p>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
>Learn more about Security Contexts</a>
<a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/security/pod-security-standards/"
>Learn more about Pod Security Standards</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="how-does-kubernetes-handle-resource-quotas-and-limit-ranges">
How does Kubernetes handle resource quotas and limit ranges?
<a data-clipboard-text="https://k8s-ops.net/posts/advanced-kubernetes-interview-questions-2025/#how-does-kubernetes-handle-resource-quotas-and-limit-ranges" class="gblog-post__anchor clip flex align-center" aria-label="Anchor How does Kubernetes handle resource quotas and limit ranges?" href="#how-does-kubernetes-handle-resource-quotas-and-limit-ranges">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Expected Answer:</strong>
Resource quotas and limit ranges provide cluster and namespace-level resource management to prevent resource exhaustion and ensure fair resource distribution.</p>
<p><strong>Resource Quotas:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ResourceQuota</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">compute-quota</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">production</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">hard</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">requests.cpu</span><span class="p">:</span><span class="w"> </span><span class="s2">"4"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">requests.memory</span><span class="p">:</span><span class="w"> </span><span class="l">8Gi</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">limits.cpu</span><span class="p">:</span><span class="w"> </span><span class="s2">"8"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">limits.memory</span><span class="p">:</span><span class="w"> </span><span class="l">16Gi</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">pods</span><span class="p">:</span><span class="w"> </span><span class="s2">"10"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">services</span><span class="p">:</span><span class="w"> </span><span class="s2">"5"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">persistentvolumeclaims</span><span class="p">:</span><span class="w"> </span><span class="s2">"10"</span><span class="w">
</span></span></span></code></pre></div><p><strong>Limit Ranges:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">LimitRange</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">resource-limits</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">production</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">limits</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">default</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="l">512Mi</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="l">500m</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">defaultRequest</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="l">256Mi</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="l">250m</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">Container</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">max</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="l">1Gi</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="l">1000m</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">min</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="l">128Mi</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="l">100m</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">Container</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">max</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="l">2Gi</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="l">2000m</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">Pod</span><span class="w">
</span></span></span></code></pre></div><p><strong>Quota Types:</strong></p>
<ul>
<li><strong>Compute Resources</strong>: CPU and memory requests/limits</li>
<li><strong>Storage Resources</strong>: Persistent volume claims</li>
<li><strong>Object Counts</strong>: Number of resources (Pods, Services, etc.)</li>
<li><strong>Extended Resources</strong>: Custom resources like GPUs</li>
</ul>
<p><strong>Example Response:</strong>
“Resource quotas set hard limits on resource consumption within a namespace, preventing any single namespace from consuming all cluster resources. Limit ranges provide defaults and constraints for resource requests and limits, ensuring Pods have reasonable resource specifications. For example, you might set a quota limiting a namespace to 4 CPU cores and 8GB memory, with limit ranges ensuring each container requests at least 100m CPU and 128Mi memory.”</p>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/policy/resource-quotas/"
>Learn more about Resource Quotas</a>
<a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/policy/limit-range/"
>Learn more about Limit Ranges</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="explain-the-concept-of-admission-controllers-and-their-role-in-kubernetes">
Explain the concept of admission controllers and their role in Kubernetes.
<a data-clipboard-text="https://k8s-ops.net/posts/advanced-kubernetes-interview-questions-2025/#explain-the-concept-of-admission-controllers-and-their-role-in-kubernetes" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Explain the concept of admission controllers and their role in Kubernetes." href="#explain-the-concept-of-admission-controllers-and-their-role-in-kubernetes">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Expected Answer:</strong>
Admission controllers intercept requests to the Kubernetes API server and can modify or reject requests based on policies and rules.</p>
<p><strong>Admission Controller Types:</strong></p>
<ul>
<li><strong>Validating</strong>: Check requests and can reject them</li>
<li><strong>Mutating</strong>: Modify requests before persistence</li>
<li><strong>Webhook</strong>: External HTTP callbacks for custom logic</li>
</ul>
<p><strong>Common Admission Controllers:</strong></p>
<ul>
<li><strong>NodeRestriction</strong>: Limits node modifications</li>
<li><strong>ResourceQuota</strong>: Enforces resource quotas</li>
<li><strong>LimitRanger</strong>: Applies limit ranges</li>
<li><strong>PodSecurityPolicy</strong>: Enforces security policies (deprecated)</li>
<li><strong>ValidatingAdmissionWebhook</strong>: Custom validation logic</li>
</ul>
<p><strong>Webhook Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">admissionregistration.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ValidatingWebhookConfiguration</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">pod-policy.example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">webhooks</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">pod-policy.example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">apiGroups</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">""</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">apiVersions</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"v1"</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">operations</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"CREATE"</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">resources</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"pods"</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">scope</span><span class="p">:</span><span class="w"> </span><span class="s2">"Namespaced"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">clientConfig</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">service</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">default</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">pod-policy-webhook</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="s2">"/validate"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">admissionReviewVersions</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"v1"</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">sideEffects</span><span class="p">:</span><span class="w"> </span><span class="l">None</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">timeoutSeconds</span><span class="p">:</span><span class="w"> </span><span class="m">5</span><span class="w">
</span></span></span></code></pre></div><p><strong>Use Cases:</strong></p>
<ul>
<li><strong>Security Enforcement</strong>: Validate security policies</li>
<li><strong>Resource Management</strong>: Enforce resource limits and quotas</li>
<li><strong>Compliance</strong>: Ensure regulatory compliance</li>
<li><strong>Custom Business Logic</strong>: Implement domain-specific rules</li>
</ul>
<p><strong>Example Response:</strong>
“Admission controllers act as gatekeepers for the Kubernetes API. They can validate requests before they’re persisted, mutate requests to add defaults or labels, or reject requests that violate policies. For example, a validating webhook might check that all Pods have security contexts set, or a mutating webhook might automatically add labels based on namespace. This provides a powerful way to enforce policies and implement custom business logic.”</p>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/"
>Learn more about Admission Controllers</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="how-does-kubernetes-handle-multi-tenancy-and-namespace-isolation">
How does Kubernetes handle multi-tenancy and namespace isolation?
<a data-clipboard-text="https://k8s-ops.net/posts/advanced-kubernetes-interview-questions-2025/#how-does-kubernetes-handle-multi-tenancy-and-namespace-isolation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor How does Kubernetes handle multi-tenancy and namespace isolation?" href="#how-does-kubernetes-handle-multi-tenancy-and-namespace-isolation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Expected Answer:</strong>
Kubernetes provides multiple layers of isolation for multi-tenant environments, from namespace separation to cluster-level isolation.</p>
<p><strong>Namespace Isolation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Namespace</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">tenant-a</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">labels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">tenant</span><span class="p">:</span><span class="w"> </span><span class="l">tenant-a</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">environment</span><span class="p">:</span><span class="w"> </span><span class="l">production</span><span class="w">
</span></span></span></code></pre></div><p><strong>Resource Quotas per Tenant:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ResourceQuota</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">tenant-a-quota</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">tenant-a</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">hard</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">requests.cpu</span><span class="p">:</span><span class="w"> </span><span class="s2">"2"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">requests.memory</span><span class="p">:</span><span class="w"> </span><span class="l">4Gi</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">limits.cpu</span><span class="p">:</span><span class="w"> </span><span class="s2">"4"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">limits.memory</span><span class="p">:</span><span class="w"> </span><span class="l">8Gi</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">pods</span><span class="p">:</span><span class="w"> </span><span class="s2">"20"</span><span class="w">
</span></span></span></code></pre></div><p><strong>Network Policies for Isolation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">networking.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">NetworkPolicy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">deny-all</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">tenant-a</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">podSelector</span><span class="p">:</span><span class="w"> </span>{}<span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">policyTypes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">Ingress</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">Egress</span><span class="w">
</span></span></span></code></pre></div><p><strong>RBAC for Tenant Isolation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">rbac.authorization.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Role</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">tenant-a</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">tenant-admin</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span>- <span class="nt">apiGroups</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">""</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">resources</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"pods"</span><span class="p">,</span><span class="w"> </span><span class="s2">"services"</span><span class="p">,</span><span class="w"> </span><span class="s2">"configmaps"</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">verbs</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"get"</span><span class="p">,</span><span class="w"> </span><span class="s2">"list"</span><span class="p">,</span><span class="w"> </span><span class="s2">"create"</span><span class="p">,</span><span class="w"> </span><span class="s2">"update"</span><span class="p">,</span><span class="w"> </span><span class="s2">"delete"</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nn">---</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">rbac.authorization.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">RoleBinding</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">tenant-admin-binding</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">tenant-a</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">subjects</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span>- <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">User</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">tenant-a-admin</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">apiGroup</span><span class="p">:</span><span class="w"> </span><span class="l">rbac.authorization.k8s.io</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">roleRef</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Role</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">tenant-admin</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">apiGroup</span><span class="p">:</span><span class="w"> </span><span class="l">rbac.authorization.k8s.io</span><span class="w">
</span></span></span></code></pre></div><p><strong>Multi-tenancy Models:</strong></p>
<ul>
<li><strong>Namespace-based</strong>: Single cluster, multiple namespaces</li>
<li><strong>Cluster-based</strong>: Separate clusters per tenant</li>
<li><strong>Virtual Clusters</strong>: Kubernetes-in-Kubernetes approach</li>
</ul>
<p><strong>Example Response:</strong>
“Multi-tenancy in Kubernetes typically uses namespaces as the primary isolation boundary. Each tenant gets their own namespace with resource quotas, network policies, and RBAC controls. Network policies prevent cross-tenant communication, while resource quotas ensure fair resource distribution. For stronger isolation, you might use separate clusters or virtual clusters. The key is balancing isolation requirements with operational efficiency.”</p>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/security/pod-security-standards/"
>Learn more about Multi-tenancy</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="additional-tips-for-advanced-interviews">
Additional Tips for Advanced Interviews
<a data-clipboard-text="https://k8s-ops.net/posts/advanced-kubernetes-interview-questions-2025/#additional-tips-for-advanced-interviews" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Additional Tips for Advanced Interviews" href="#additional-tips-for-advanced-interviews">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="deep-technical-knowledge">
Deep Technical Knowledge
<a data-clipboard-text="https://k8s-ops.net/posts/advanced-kubernetes-interview-questions-2025/#deep-technical-knowledge" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Deep Technical Knowledge" href="#deep-technical-knowledge">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Be prepared to discuss:</p>
<ul>
<li>Kubernetes internals and architecture</li>
<li>Performance optimization and troubleshooting</li>
<li>Security best practices and compliance</li>
<li>Scalability and high availability patterns</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="real-world-scenarios">
Real-world Scenarios
<a data-clipboard-text="https://k8s-ops.net/posts/advanced-kubernetes-interview-questions-2025/#real-world-scenarios" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Real-world Scenarios" href="#real-world-scenarios">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Expect questions about:</p>
<ul>
<li>Complex troubleshooting scenarios</li>
<li>Performance bottlenecks and solutions</li>
<li>Security incidents and responses</li>
<li>Large-scale cluster management</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="architecture-and-design">
Architecture and Design
<a data-clipboard-text="https://k8s-ops.net/posts/advanced-kubernetes-interview-questions-2025/#architecture-and-design" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Architecture and Design" href="#architecture-and-design">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Demonstrate understanding of:</p>
<ul>
<li>System design principles</li>
<li>Trade-offs between different approaches</li>
<li>Scalability considerations</li>
<li>Operational complexity management</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="leadership-and-mentoring">
Leadership and Mentoring
<a data-clipboard-text="https://k8s-ops.net/posts/advanced-kubernetes-interview-questions-2025/#leadership-and-mentoring" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Leadership and Mentoring" href="#leadership-and-mentoring">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Senior roles often require:</p>
<ul>
<li>Team leadership experience</li>
<li>Mentoring junior engineers</li>
<li>Process improvement</li>
<li>Strategic thinking</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="conclusion">
Conclusion
<a data-clipboard-text="https://k8s-ops.net/posts/advanced-kubernetes-interview-questions-2025/#conclusion" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Conclusion" href="#conclusion">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>Advanced Kubernetes interviews test not just technical knowledge, but also architectural thinking, problem-solving abilities, and operational experience. Success requires deep understanding of Kubernetes internals, practical experience with complex scenarios, and the ability to design and implement robust solutions.</p>
<p>For candidates: Focus on demonstrating practical experience, architectural thinking, and the ability to solve complex problems. Be prepared to discuss real-world scenarios and trade-offs.</p>
<p>For interviewers: Look for candidates who can think architecturally, discuss trade-offs, and demonstrate deep technical understanding rather than just memorized knowledge.</p>
<p>Remember, advanced Kubernetes expertise comes from experience with complex, production environments. Focus on demonstrating practical problem-solving skills and the ability to design robust, scalable solutions.</p>
<p>For more information about advanced Kubernetes concepts and best practices, visit the <a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/"
>official Kubernetes documentation</a> and the <a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/tutorials/"
>Kubernetes.io advanced tutorials</a>.</p>Top 10 Krew Plugins for kubectlhttps://k8s-ops.net/posts/top-10-krew-plugins/2025-06-25T00:00:00+00:002025-07-04T14:53:10-04:00
<p>Krew is the package manager for kubectl plugins, making it easy to extend kubectl’s functionality with community-contributed tools. With hundreds of plugins available, Krew transforms kubectl from a basic CLI tool into a powerful, extensible platform for Kubernetes management. Here are the top 10 Krew plugins that every Kubernetes practitioner should have in their toolkit.</p>
<div class="gblog-post__anchorwrap">
<h2 id="1-ctx---fast-context-switching">
1. ctx - Fast Context Switching
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-krew-plugins/#1-ctx---fast-context-switching" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. ctx - Fast Context Switching" href="#1-ctx---fast-context-switching">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Fast context switching between Kubernetes clusters.</strong></p>
<p>The ctx plugin provides lightning-fast context switching, allowing you to move between different Kubernetes clusters with minimal keystrokes. It’s an essential tool for anyone managing multiple clusters.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Instant context switching</li>
<li>Interactive selection mode</li>
<li>Tab completion support</li>
<li>Fuzzy matching</li>
<li>Context aliases</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">kubectl krew install ctx
</span></span></code></pre></div><p><strong>Usage:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># List all contexts</span>
</span></span><span class="line"><span class="cl">kubectl ctx
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Switch to specific context</span>
</span></span><span class="line"><span class="cl">kubectl ctx production-cluster
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Interactive selection</span>
</span></span><span class="line"><span class="cl">kubectl ctx
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Switch to previous context</span>
</span></span><span class="line"><span class="cl">kubectl ctx -
</span></span></code></pre></div><p><strong>Configuration:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Add to your shell profile for better UX</span>
</span></span><span class="line"><span class="cl"><span class="nb">export</span> <span class="nv">PATH</span><span class="o">=</span><span class="s2">"</span><span class="si">${</span><span class="nv">KREW_ROOT</span><span class="k">:-</span><span class="nv">$HOME</span><span class="p">/.krew</span><span class="si">}</span><span class="s2">/bin:</span><span class="nv">$PATH</span><span class="s2">"</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Enable tab completion</span>
</span></span><span class="line"><span class="cl"><span class="nb">source</span> <<span class="o">(</span>kubectl completion bash<span class="o">)</span>
</span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://github.com/ahmetb/kubectx"
>Get ctx on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="2-ns---namespace-switcher">
2. ns - Namespace Switcher
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-krew-plugins/#2-ns---namespace-switcher" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. ns - Namespace Switcher" href="#2-ns---namespace-switcher">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Quick namespace switching within the current context.</strong></p>
<p>The ns plugin complements ctx by providing fast namespace switching within your current cluster context. It’s perfect for developers and operators who work across multiple namespaces.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Quick namespace switching</li>
<li>Interactive selection</li>
<li>Tab completion</li>
<li>Namespace aliases</li>
<li>Current namespace display</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">kubectl krew install ns
</span></span></code></pre></div><p><strong>Usage:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># List all namespaces</span>
</span></span><span class="line"><span class="cl">kubectl ns
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Switch to specific namespace</span>
</span></span><span class="line"><span class="cl">kubectl ns production
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Interactive selection</span>
</span></span><span class="line"><span class="cl">kubectl ns
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Switch to previous namespace</span>
</span></span><span class="line"><span class="cl">kubectl ns -
</span></span></code></pre></div><p><strong>Integration with kube-ps1:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Add to your shell prompt to show current namespace</span>
</span></span><span class="line"><span class="cl"><span class="nb">export</span> <span class="nv">PS1</span><span class="o">=</span><span class="s1">'[\u@\h \W $(kubectl_ps1)]\$ '</span>
</span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://github.com/ahmetb/kubectx"
>Get ns on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="3-neat---clean-kubectl-output">
3. neat - Clean kubectl Output
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-krew-plugins/#3-neat---clean-kubectl-output" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. neat - Clean kubectl Output" href="#3-neat---clean-kubectl-output">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Cleans up verbose kubectl output for human-readable inspection.</strong></p>
<p>The neat plugin removes unnecessary fields and metadata from kubectl output, making it much more readable and easier to work with during debugging and troubleshooting.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Removes default fields and metadata</li>
<li>Preserves important information</li>
<li>YAML and JSON output support</li>
<li>Customizable field filtering</li>
<li>Maintains resource structure</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">kubectl krew install neat
</span></span></code></pre></div><p><strong>Usage:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Clean up pod output</span>
</span></span><span class="line"><span class="cl">kubectl get pod my-pod -o yaml <span class="p">|</span> kubectl neat
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Clean up deployment output</span>
</span></span><span class="line"><span class="cl">kubectl get deployment my-deployment -o yaml <span class="p">|</span> kubectl neat
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Clean up service output</span>
</span></span><span class="line"><span class="cl">kubectl get service my-service -o yaml <span class="p">|</span> kubectl neat
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Clean up configmap output</span>
</span></span><span class="line"><span class="cl">kubectl get configmap my-config -o yaml <span class="p">|</span> kubectl neat
</span></span></code></pre></div><p><strong>Custom Configuration:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># Create custom neat configuration</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ConfigMap</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">neat-config</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">data</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">config.yaml</span><span class="p">:</span><span class="w"> </span><span class="p">|</span><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> remove:
</span></span></span><span class="line"><span class="cl"><span class="sd"> - metadata.creationTimestamp
</span></span></span><span class="line"><span class="cl"><span class="sd"> - metadata.generation
</span></span></span><span class="line"><span class="cl"><span class="sd"> - metadata.resourceVersion
</span></span></span><span class="line"><span class="cl"><span class="sd"> - metadata.uid
</span></span></span><span class="line"><span class="cl"><span class="sd"> - status</span><span class="w">
</span></span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://github.com/itaysk/kubectl-neat"
>Get neat on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="4-tree---resource-hierarchy-visualization">
4. tree - Resource Hierarchy Visualization
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-krew-plugins/#4-tree---resource-hierarchy-visualization" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 4. tree - Resource Hierarchy Visualization" href="#4-tree---resource-hierarchy-visualization">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>View hierarchical ownership relationships between Kubernetes resources.</strong></p>
<p>The tree plugin visualizes the ownership relationships between Kubernetes resources, making it easier to understand dependencies and troubleshoot issues in complex deployments.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Hierarchical resource display</li>
<li>Owner reference tracking</li>
<li>Custom resource support</li>
<li>Multiple output formats</li>
<li>Dependency visualization</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">kubectl krew install tree
</span></span></code></pre></div><p><strong>Usage:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Show pod ownership tree</span>
</span></span><span class="line"><span class="cl">kubectl tree pod my-pod
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Show deployment tree</span>
</span></span><span class="line"><span class="cl">kubectl tree deployment my-deployment
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Show all resources in namespace</span>
</span></span><span class="line"><span class="cl">kubectl tree all -n production
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Show specific resource type</span>
</span></span><span class="line"><span class="cl">kubectl tree service my-service
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Show with custom format</span>
</span></span><span class="line"><span class="cl">kubectl tree pod my-pod --graphviz
</span></span></code></pre></div><p><strong>Advanced Usage:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Show tree with specific fields</span>
</span></span><span class="line"><span class="cl">kubectl tree pod my-pod --show-labels
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Show tree with status information</span>
</span></span><span class="line"><span class="cl">kubectl tree deployment my-deployment --show-status
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Filter by labels</span>
</span></span><span class="line"><span class="cl">kubectl tree all -l <span class="nv">app</span><span class="o">=</span>frontend
</span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://github.com/ahmetb/kubectl-tree"
>Get tree on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="5-score---static-analysis-for-manifests">
5. score - Static Analysis for Manifests
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-krew-plugins/#5-score---static-analysis-for-manifests" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 5. score - Static Analysis for Manifests" href="#5-score---static-analysis-for-manifests">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Performs static analysis of your Kubernetes manifests.</strong></p>
<p>The score plugin analyzes Kubernetes manifests for best practices, security issues, and potential problems before deployment. It’s an essential tool for maintaining high-quality configurations.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Static analysis of manifests</li>
<li>Best practice checking</li>
<li>Security validation</li>
<li>Performance recommendations</li>
<li>Custom scoring rules</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">kubectl krew install score
</span></span></code></pre></div><p><strong>Usage:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Analyze a single file</span>
</span></span><span class="line"><span class="cl">kubectl score deployment.yaml
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Analyze multiple files</span>
</span></span><span class="line"><span class="cl">kubectl score *.yaml
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Analyze with specific output format</span>
</span></span><span class="line"><span class="cl">kubectl score deployment.yaml --output-format json
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Analyze with custom rules</span>
</span></span><span class="line"><span class="cl">kubectl score deployment.yaml --policy-file custom-policy.yaml
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Analyze with verbose output</span>
</span></span><span class="line"><span class="cl">kubectl score deployment.yaml --verbose
</span></span></code></pre></div><p><strong>Sample Output:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">$ kubectl score deployment.yaml
</span></span><span class="line"><span class="cl"><span class="o">[</span>CRITICAL<span class="o">]</span> Container has no resource limits
</span></span><span class="line"><span class="cl"><span class="o">[</span>WARNING<span class="o">]</span> Container is not using a non-root user
</span></span><span class="line"><span class="cl"><span class="o">[</span>INFO<span class="o">]</span> Consider adding liveness probe
</span></span><span class="line"><span class="cl"><span class="o">[</span>PASS<span class="o">]</span> Container has security context
</span></span></code></pre></div><p><strong>Custom Policy Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">score.dev/v1alpha3</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Policy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">production-policy</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="s2">"require-resource-limits"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">description</span><span class="p">:</span><span class="w"> </span><span class="s2">"All containers must have resource limits"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">target</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">apps/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Deployment</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">checks</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="s2">"container-resource-limits"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">condition</span><span class="p">:</span><span class="w"> </span><span class="s2">"spec.template.spec.containers[*].resources.limits"</span><span class="w">
</span></span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://github.com/zegl/kube-score"
>Get score on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="6-who-can---permission-analysis">
6. who-can - Permission Analysis
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-krew-plugins/#6-who-can---permission-analysis" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 6. who-can - Permission Analysis" href="#6-who-can---permission-analysis">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Shows which subjects can perform an action on a resource.</strong></p>
<p>The who-can plugin helps you understand RBAC permissions by showing which users, groups, or service accounts can perform specific actions on Kubernetes resources. It’s invaluable for security audits and troubleshooting permission issues.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>RBAC permission analysis</li>
<li>Subject identification</li>
<li>Action-specific queries</li>
<li>Verbose permission details</li>
<li>Security auditing support</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">kubectl krew install who-can
</span></span></code></pre></div><p><strong>Usage:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Check who can create pods</span>
</span></span><span class="line"><span class="cl">kubectl who-can create pods
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Check who can delete deployments</span>
</span></span><span class="line"><span class="cl">kubectl who-can delete deployments
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Check who can access secrets</span>
</span></span><span class="line"><span class="cl">kubectl who-can get secrets
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Check specific resource</span>
</span></span><span class="line"><span class="cl">kubectl who-can get secret my-secret
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Check with namespace</span>
</span></span><span class="line"><span class="cl">kubectl who-can create pods -n production
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Check with specific user</span>
</span></span><span class="line"><span class="cl">kubectl who-can create pods --as<span class="o">=</span>user@example.com
</span></span></code></pre></div><p><strong>Advanced Queries:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Check multiple actions</span>
</span></span><span class="line"><span class="cl">kubectl who-can create,update,delete pods
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Check with specific API group</span>
</span></span><span class="line"><span class="cl">kubectl who-can create deployments.apps
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Check with custom resource</span>
</span></span><span class="line"><span class="cl">kubectl who-can create customresources.example.com
</span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://github.com/aquasecurity/kubectl-who-can"
>Get who-can on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="7-tail---multi-pod-log-streaming">
7. tail - Multi-pod Log Streaming
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-krew-plugins/#7-tail---multi-pod-log-streaming" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 7. tail - Multi-pod Log Streaming" href="#7-tail---multi-pod-log-streaming">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Stream logs across multiple pods with intelligent filtering.</strong></p>
<p>The tail plugin provides advanced log streaming capabilities, allowing you to follow logs from multiple pods simultaneously with intelligent filtering and formatting.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Multi-pod log streaming</li>
<li>Intelligent pod selection</li>
<li>Real-time filtering</li>
<li>Color-coded output</li>
<li>Custom formatting</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">kubectl krew install tail
</span></span></code></pre></div><p><strong>Usage:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Follow logs from all pods with specific label</span>
</span></span><span class="line"><span class="cl">kubectl tail -l <span class="nv">app</span><span class="o">=</span>frontend
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Follow logs from specific namespace</span>
</span></span><span class="line"><span class="cl">kubectl tail -n production
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Follow logs with custom selector</span>
</span></span><span class="line"><span class="cl">kubectl tail --selector <span class="nv">app</span><span class="o">=</span>api,version<span class="o">=</span>v2
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Follow logs with timestamps</span>
</span></span><span class="line"><span class="cl">kubectl tail --timestamps
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Follow logs with custom format</span>
</span></span><span class="line"><span class="cl">kubectl tail --format json
</span></span></code></pre></div><p><strong>Advanced Filtering:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Follow logs with regex filter</span>
</span></span><span class="line"><span class="cl">kubectl tail --regex <span class="s2">"error|exception"</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Follow logs from specific containers</span>
</span></span><span class="line"><span class="cl">kubectl tail --container main
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Follow logs with custom since time</span>
</span></span><span class="line"><span class="cl">kubectl tail --since<span class="o">=</span>1h
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Follow logs with line limits</span>
</span></span><span class="line"><span class="cl">kubectl tail --tail<span class="o">=</span><span class="m">100</span>
</span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://github.com/boz/kail"
>Get tail on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="8-topology---network-topology-visualization">
8. topology - Network Topology Visualization
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-krew-plugins/#8-topology---network-topology-visualization" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 8. topology - Network Topology Visualization" href="#8-topology---network-topology-visualization">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Shows pod-to-service-to-node relationships.</strong></p>
<p>The topology plugin visualizes the network topology of your Kubernetes cluster, showing how pods, services, and nodes are connected. It’s perfect for understanding network architecture and troubleshooting connectivity issues.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Network topology visualization</li>
<li>Pod-to-service mapping</li>
<li>Node relationship display</li>
<li>Custom output formats</li>
<li>Interactive exploration</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">kubectl krew install topology
</span></span></code></pre></div><p><strong>Usage:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Show topology for specific namespace</span>
</span></span><span class="line"><span class="cl">kubectl topology -n production
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Show topology for specific service</span>
</span></span><span class="line"><span class="cl">kubectl topology service my-service
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Show topology with custom format</span>
</span></span><span class="line"><span class="cl">kubectl topology --format json
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Show topology with specific labels</span>
</span></span><span class="line"><span class="cl">kubectl topology -l <span class="nv">app</span><span class="o">=</span>frontend
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Show topology with verbose output</span>
</span></span><span class="line"><span class="cl">kubectl topology --verbose
</span></span></code></pre></div><p><strong>Output Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">$ kubectl topology -n production
</span></span><span class="line"><span class="cl">Namespace: production
</span></span><span class="line"><span class="cl">├── Service: frontend-service
</span></span><span class="line"><span class="cl">│ ├── Pod: frontend-pod-1 <span class="o">(</span>Node: worker-1<span class="o">)</span>
</span></span><span class="line"><span class="cl">│ └── Pod: frontend-pod-2 <span class="o">(</span>Node: worker-2<span class="o">)</span>
</span></span><span class="line"><span class="cl">├── Service: backend-service
</span></span><span class="line"><span class="cl">│ ├── Pod: backend-pod-1 <span class="o">(</span>Node: worker-1<span class="o">)</span>
</span></span><span class="line"><span class="cl">│ └── Pod: backend-pod-2 <span class="o">(</span>Node: worker-3<span class="o">)</span>
</span></span><span class="line"><span class="cl">└── Service: database-service
</span></span><span class="line"><span class="cl"> └── Pod: database-pod-1 <span class="o">(</span>Node: worker-3<span class="o">)</span>
</span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://github.com/jthomperoo/kubectl-topology"
>Get topology on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="9-view-secret---secret-decoding">
9. view-secret - Secret Decoding
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-krew-plugins/#9-view-secret---secret-decoding" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 9. view-secret - Secret Decoding" href="#9-view-secret---secret-decoding">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Decodes and shows Kubernetes Secrets in a readable format.</strong></p>
<p>The view-secret plugin makes it easy to view and decode Kubernetes Secrets without manually base64 decoding each value. It’s essential for debugging and verifying secret configurations.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Automatic base64 decoding</li>
<li>Readable secret display</li>
<li>Multiple output formats</li>
<li>Secure handling</li>
<li>Custom formatting</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">kubectl krew install view-secret
</span></span></code></pre></div><p><strong>Usage:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># View secret in readable format</span>
</span></span><span class="line"><span class="cl">kubectl view-secret my-secret
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># View secret with specific key</span>
</span></span><span class="line"><span class="cl">kubectl view-secret my-secret username
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># View secret in JSON format</span>
</span></span><span class="line"><span class="cl">kubectl view-secret my-secret --format json
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># View secret with custom output</span>
</span></span><span class="line"><span class="cl">kubectl view-secret my-secret --output yaml
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># View secret from different namespace</span>
</span></span><span class="line"><span class="cl">kubectl view-secret my-secret -n production
</span></span></code></pre></div><p><strong>Security Considerations:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># View secret without logging to history</span>
</span></span><span class="line"><span class="cl">kubectl view-secret my-secret --no-log
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># View secret with minimal output</span>
</span></span><span class="line"><span class="cl">kubectl view-secret my-secret --quiet
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># View secret with specific keys only</span>
</span></span><span class="line"><span class="cl">kubectl view-secret my-secret --keys username,password
</span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://github.com/eladb/kubectl-view-secret"
>Get view-secret on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="10-get-all---comprehensive-resource-listing">
10. get-all - Comprehensive Resource Listing
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-krew-plugins/#10-get-all---comprehensive-resource-listing" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 10. get-all - Comprehensive Resource Listing" href="#10-get-all---comprehensive-resource-listing">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Lists all namespaced resources in a cluster.</strong></p>
<p>The get-all plugin provides a comprehensive view of all resources in your cluster or namespace, making it easier to audit and understand your Kubernetes environment.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Comprehensive resource listing</li>
<li>Namespace-specific views</li>
<li>Custom filtering options</li>
<li>Multiple output formats</li>
<li>Resource categorization</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">kubectl krew install get-all
</span></span></code></pre></div><p><strong>Usage:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># List all resources in current namespace</span>
</span></span><span class="line"><span class="cl">kubectl get-all
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># List all resources in specific namespace</span>
</span></span><span class="line"><span class="cl">kubectl get-all -n production
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># List all resources with custom format</span>
</span></span><span class="line"><span class="cl">kubectl get-all --output wide
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># List all resources with specific labels</span>
</span></span><span class="line"><span class="cl">kubectl get-all -l <span class="nv">app</span><span class="o">=</span>frontend
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># List all resources with custom columns</span>
</span></span><span class="line"><span class="cl">kubectl get-all --custom-columns<span class="o">=</span>NAME:.metadata.name,KIND:.kind,AGE:.metadata.creationTimestamp
</span></span></code></pre></div><p><strong>Advanced Usage:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># List all resources with status</span>
</span></span><span class="line"><span class="cl">kubectl get-all --show-status
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># List all resources with events</span>
</span></span><span class="line"><span class="cl">kubectl get-all --show-events
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># List all resources with custom sorting</span>
</span></span><span class="line"><span class="cl">kubectl get-all --sort-by<span class="o">=</span>.metadata.creationTimestamp
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># List all resources with specific API versions</span>
</span></span><span class="line"><span class="cl">kubectl get-all --api-version<span class="o">=</span>v1
</span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://github.com/corneliusweig/ketall"
>Get get-all on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="installing-and-managing-krew">
Installing and Managing Krew
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-krew-plugins/#installing-and-managing-krew" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Installing and Managing Krew" href="#installing-and-managing-krew">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="initial-setup">
Initial Setup
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-krew-plugins/#initial-setup" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Initial Setup" href="#initial-setup">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Install Krew</span>
</span></span><span class="line"><span class="cl"><span class="o">(</span>
</span></span><span class="line"><span class="cl"> <span class="nb">set</span> -x<span class="p">;</span> <span class="nb">cd</span> <span class="s2">"</span><span class="k">$(</span>mktemp -d<span class="k">)</span><span class="s2">"</span> <span class="o">&&</span>
</span></span><span class="line"><span class="cl"> <span class="nv">OS</span><span class="o">=</span><span class="s2">"</span><span class="k">$(</span>uname <span class="p">|</span> tr <span class="s1">'[:upper:]'</span> <span class="s1">'[:lower:]'</span><span class="k">)</span><span class="s2">"</span> <span class="o">&&</span>
</span></span><span class="line"><span class="cl"> <span class="nv">ARCH</span><span class="o">=</span><span class="s2">"</span><span class="k">$(</span>uname -m <span class="p">|</span> sed -e <span class="s1">'s/x86_64/amd64/'</span> -e <span class="s1">'s/\(arm\)\(64\)\?.*/\1\2/'</span> -e <span class="s1">'s/aarch64$/arm64/'</span><span class="k">)</span><span class="s2">"</span> <span class="o">&&</span>
</span></span><span class="line"><span class="cl"> <span class="nv">KREW</span><span class="o">=</span><span class="s2">"krew-</span><span class="si">${</span><span class="nv">OS</span><span class="si">}</span><span class="s2">_</span><span class="si">${</span><span class="nv">ARCH</span><span class="si">}</span><span class="s2">"</span> <span class="o">&&</span>
</span></span><span class="line"><span class="cl"> curl -fsSLO <span class="s2">"https://github.com/kubernetes-sigs/krew/releases/latest/download/</span><span class="si">${</span><span class="nv">KREW</span><span class="si">}</span><span class="s2">.tar.gz"</span> <span class="o">&&</span>
</span></span><span class="line"><span class="cl"> tar zxvf <span class="s2">"</span><span class="si">${</span><span class="nv">KREW</span><span class="si">}</span><span class="s2">.tar.gz"</span> <span class="o">&&</span>
</span></span><span class="line"><span class="cl"> ./<span class="s2">"</span><span class="si">${</span><span class="nv">KREW</span><span class="si">}</span><span class="s2">"</span> install krew
</span></span><span class="line"><span class="cl"><span class="o">)</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Add Krew to PATH</span>
</span></span><span class="line"><span class="cl"><span class="nb">export</span> <span class="nv">PATH</span><span class="o">=</span><span class="s2">"</span><span class="si">${</span><span class="nv">KREW_ROOT</span><span class="k">:-</span><span class="nv">$HOME</span><span class="p">/.krew</span><span class="si">}</span><span class="s2">/bin:</span><span class="nv">$PATH</span><span class="s2">"</span>
</span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="plugin-management">
Plugin Management
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-krew-plugins/#plugin-management" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Plugin Management" href="#plugin-management">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># List installed plugins</span>
</span></span><span class="line"><span class="cl">kubectl krew list
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Search for plugins</span>
</span></span><span class="line"><span class="cl">kubectl krew search <plugin-name>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Install a plugin</span>
</span></span><span class="line"><span class="cl">kubectl krew install <plugin-name>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Update plugins</span>
</span></span><span class="line"><span class="cl">kubectl krew upgrade
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Remove a plugin</span>
</span></span><span class="line"><span class="cl">kubectl krew uninstall <plugin-name>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Show plugin information</span>
</span></span><span class="line"><span class="cl">kubectl krew info <plugin-name>
</span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="shell-integration">
Shell Integration
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-krew-plugins/#shell-integration" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Shell Integration" href="#shell-integration">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Add to your shell profile (.bashrc, .zshrc, etc.)</span>
</span></span><span class="line"><span class="cl"><span class="nb">export</span> <span class="nv">PATH</span><span class="o">=</span><span class="s2">"</span><span class="si">${</span><span class="nv">KREW_ROOT</span><span class="k">:-</span><span class="nv">$HOME</span><span class="p">/.krew</span><span class="si">}</span><span class="s2">/bin:</span><span class="nv">$PATH</span><span class="s2">"</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Enable kubectl completion</span>
</span></span><span class="line"><span class="cl"><span class="nb">source</span> <<span class="o">(</span>kubectl completion bash<span class="o">)</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Add custom aliases</span>
</span></span><span class="line"><span class="cl"><span class="nb">alias</span> <span class="nv">k</span><span class="o">=</span><span class="s1">'kubectl'</span>
</span></span><span class="line"><span class="cl"><span class="nb">alias</span> <span class="nv">kctx</span><span class="o">=</span><span class="s1">'kubectl ctx'</span>
</span></span><span class="line"><span class="cl"><span class="nb">alias</span> <span class="nv">kns</span><span class="o">=</span><span class="s1">'kubectl ns'</span>
</span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://krew.sigs.k8s.io/"
>Learn more about krew</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="best-practices-for-krew-plugin-usage">
Best Practices for Krew Plugin Usage
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-krew-plugins/#best-practices-for-krew-plugin-usage" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Best Practices for Krew Plugin Usage" href="#best-practices-for-krew-plugin-usage">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-plugin-selection">
1. Plugin Selection
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-krew-plugins/#1-plugin-selection" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Plugin Selection" href="#1-plugin-selection">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li>Choose plugins that solve specific problems</li>
<li>Verify plugin maintenance and community support</li>
<li>Test plugins in non-production environments first</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="2-security-considerations">
2. Security Considerations
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-krew-plugins/#2-security-considerations" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Security Considerations" href="#2-security-considerations">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li>Review plugin source code before installation</li>
<li>Use plugins from trusted sources</li>
<li>Be cautious with plugins that require elevated permissions</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="3-performance-optimization">
3. Performance Optimization
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-krew-plugins/#3-performance-optimization" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Performance Optimization" href="#3-performance-optimization">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li>Limit the number of installed plugins</li>
<li>Use plugins efficiently to avoid performance impact</li>
<li>Monitor plugin resource usage</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="4-team-standardization">
4. Team Standardization
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-krew-plugins/#4-team-standardization" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 4. Team Standardization" href="#4-team-standardization">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li>Establish team standards for plugin usage</li>
<li>Document preferred plugins and configurations</li>
<li>Share plugin configurations across team members</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="5-maintenance">
5. Maintenance
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-krew-plugins/#5-maintenance" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 5. Maintenance" href="#5-maintenance">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li>Regularly update plugins for security and features</li>
<li>Remove unused plugins to reduce clutter</li>
<li>Monitor plugin compatibility with kubectl updates</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="conclusion">
Conclusion
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-krew-plugins/#conclusion" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Conclusion" href="#conclusion">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>Krew plugins significantly enhance kubectl’s functionality, transforming it from a basic CLI tool into a powerful, extensible platform for Kubernetes management. The plugins outlined above provide essential capabilities for context management, resource analysis, security auditing, and productivity enhancement.</p>
<p>Start with the core plugins (ctx, ns, neat) and gradually expand your toolkit based on your specific needs and workflows. Remember that the best tool is the one that fits your workflow and helps you solve real problems efficiently.</p>
<p>For teams managing multiple clusters or complex environments, consider creating standardized plugin configurations and documentation to ensure consistency across your organization. The Krew ecosystem continues to grow, so stay updated with new plugins that might benefit your workflow.</p>
<p>For more information about Kubernetes CLI tools and best practices, visit the <a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/tasks/tools/"
>official Kubernetes documentation</a> and the <a
class="gblog-markdown__link"
href="https://krew.sigs.k8s.io/plugins/"
>Krew plugin index</a>.</p>How to Hire Kubernetes Experts in 2025https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/2025-06-23T00:00:00+00:002025-07-04T14:53:10-04:00
<p>As Kubernetes continues to dominate the container orchestration landscape, finding and hiring qualified Kubernetes experts has become increasingly challenging. With the platform’s complexity and rapid evolution, organizations need a strategic approach to identify, evaluate, and attract top talent. This comprehensive guide provides practical strategies for hiring Kubernetes experts in 2025.</p>
<div class="gblog-post__anchorwrap">
<h2 id="understanding-the-kubernetes-talent-landscape">
Understanding the Kubernetes Talent Landscape
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#understanding-the-kubernetes-talent-landscape" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Understanding the Kubernetes Talent Landscape" href="#understanding-the-kubernetes-talent-landscape">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="current-market-conditions">
Current Market Conditions
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#current-market-conditions" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Current Market Conditions" href="#current-market-conditions">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The Kubernetes talent market remains highly competitive, with demand significantly outstripping supply. According to recent industry surveys, Kubernetes skills are among the most sought-after in the DevOps and cloud-native space.</p>
<p><strong>Key Market Trends:</strong></p>
<ul>
<li><strong>High Demand</strong>: Kubernetes expertise commands premium salaries</li>
<li><strong>Skill Gap</strong>: Limited supply of experienced practitioners</li>
<li><strong>Rapid Evolution</strong>: Continuous learning requirements</li>
<li><strong>Specialization</strong>: Growing need for domain-specific expertise</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="role-categories-and-requirements">
Role Categories and Requirements
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#role-categories-and-requirements" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Role Categories and Requirements" href="#role-categories-and-requirements">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Entry-Level Kubernetes Engineer:</strong></p>
<ul>
<li>Basic Kubernetes concepts and kubectl usage</li>
<li>Understanding of Pods, Services, and Deployments</li>
<li>Experience with container technologies (Docker)</li>
<li>Familiarity with YAML and basic troubleshooting</li>
</ul>
<p><strong>Mid-Level Kubernetes Engineer:</strong></p>
<ul>
<li>Deep understanding of Kubernetes architecture</li>
<li>Experience with advanced concepts (StatefulSets, Operators)</li>
<li>Knowledge of networking, storage, and security</li>
<li>Practical experience with production clusters</li>
</ul>
<p><strong>Senior Kubernetes Engineer:</strong></p>
<ul>
<li>Expert-level knowledge of Kubernetes internals</li>
<li>Experience with multi-cluster management</li>
<li>Deep understanding of performance optimization</li>
<li>Leadership and architectural skills</li>
</ul>
<p><strong>Kubernetes Platform Engineer:</strong></p>
<ul>
<li>Focus on developer experience and tooling</li>
<li>Experience with GitOps and CI/CD integration</li>
<li>Knowledge of service mesh and observability</li>
<li>Platform design and implementation skills</li>
</ul>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/overview/"
>Learn more about Kubernetes roles</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="crafting-effective-job-descriptions">
Crafting Effective Job Descriptions
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#crafting-effective-job-descriptions" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Crafting Effective Job Descriptions" href="#crafting-effective-job-descriptions">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="essential-components">
Essential Components
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#essential-components" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Essential Components" href="#essential-components">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Clear Role Definition:</strong></p>
<pre tabindex="0"><code>Senior Kubernetes Engineer
We're looking for a Kubernetes expert to help us scale our containerized applications and build robust, self-healing infrastructure. You'll work with our platform team to design, implement, and maintain our Kubernetes clusters across multiple environments.
</code></pre><p><strong>Specific Technical Requirements:</strong></p>
<ul>
<li><strong>Core Skills</strong>: Kubernetes 1.28+, Docker, Linux administration</li>
<li><strong>Advanced Concepts</strong>: Operators, CRDs, admission controllers</li>
<li><strong>Infrastructure</strong>: Terraform, Ansible, or similar IaC tools</li>
<li><strong>Monitoring</strong>: Prometheus, Grafana, or similar observability stack</li>
<li><strong>Networking</strong>: CNI plugins, service mesh (Istio/Linkerd)</li>
<li><strong>Security</strong>: RBAC, network policies, pod security standards</li>
</ul>
<p><strong>Experience Levels:</strong></p>
<ul>
<li><strong>Junior</strong>: 1-2 years of Kubernetes experience</li>
<li><strong>Mid-level</strong>: 3-5 years with production experience</li>
<li><strong>Senior</strong>: 5+ years with large-scale deployments</li>
<li><strong>Lead</strong>: 7+ years with team leadership experience</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="red-flags-to-avoid">
Red Flags to Avoid
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#red-flags-to-avoid" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Red Flags to Avoid" href="#red-flags-to-avoid">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Vague Requirements:</strong></p>
<ul>
<li>“Kubernetes experience” (too broad)</li>
<li>“Cloud experience” (not specific enough)</li>
<li>“DevOps skills” (overly generic)</li>
</ul>
<p><strong>Unrealistic Expectations:</strong></p>
<ul>
<li>Requiring 5+ years of experience for entry-level roles</li>
<li>Expecting expertise in every Kubernetes ecosystem tool</li>
<li>Demanding experience with specific versions that are too new</li>
</ul>
<p><strong>Poor Compensation:</strong></p>
<ul>
<li>Below-market salaries for specialized skills</li>
<li>No mention of benefits or growth opportunities</li>
<li>Unclear career progression paths</li>
</ul>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/overview/"
>Learn more about Kubernetes career paths</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="sourcing-strategies">
Sourcing Strategies
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#sourcing-strategies" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Sourcing Strategies" href="#sourcing-strategies">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="traditional-channels">
Traditional Channels
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#traditional-channels" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Traditional Channels" href="#traditional-channels">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Job Boards:</strong></p>
<ul>
<li>LinkedIn, Indeed, Glassdoor</li>
<li>Specialized DevOps job boards</li>
<li>Kubernetes community job boards</li>
</ul>
<p><strong>Professional Networks:</strong></p>
<ul>
<li>LinkedIn connections and referrals</li>
<li>Industry conferences and meetups</li>
<li>Professional associations</li>
</ul>
<p><strong>Recruitment Agencies:</strong></p>
<ul>
<li>Specialized DevOps recruiters</li>
<li>Technical recruitment firms</li>
<li>Executive search for senior roles</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="emerging-channels">
Emerging Channels
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#emerging-channels" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Emerging Channels" href="#emerging-channels">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Open Source Contributions:</strong></p>
<ul>
<li>GitHub activity and contributions</li>
<li>Kubernetes community participation</li>
<li>Open source project maintainers</li>
</ul>
<p><strong>Community Engagement:</strong></p>
<ul>
<li>Kubernetes meetups and conferences</li>
<li>Online forums and discussion groups</li>
<li>Technical blogs and publications</li>
</ul>
<p><strong>Social Media:</strong></p>
<ul>
<li>Twitter/X for technical discussions</li>
<li>Reddit communities (r/kubernetes, r/devops)</li>
<li>YouTube channels and podcasts</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="passive-candidate-outreach">
Passive Candidate Outreach
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#passive-candidate-outreach" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Passive Candidate Outreach" href="#passive-candidate-outreach">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Content Marketing:</strong></p>
<ul>
<li>Technical blog posts and tutorials</li>
<li>Conference presentations and workshops</li>
<li>Open source contributions and projects</li>
</ul>
<p><strong>Employer Branding:</strong></p>
<ul>
<li>Showcase Kubernetes projects and challenges</li>
<li>Highlight learning and development opportunities</li>
<li>Demonstrate commitment to open source</li>
</ul>
<p><a
class="gblog-markdown__link"
href="https://github.com/topics/kubernetes"
>Find Kubernetes talent on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="assessment-and-evaluation">
Assessment and Evaluation
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#assessment-and-evaluation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Assessment and Evaluation" href="#assessment-and-evaluation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="technical-screening">
Technical Screening
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#technical-screening" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Technical Screening" href="#technical-screening">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Initial Assessment:</strong></p>
<ul>
<li><strong>Online Coding Tests</strong>: Kubernetes-specific scenarios</li>
<li><strong>Take-home Projects</strong>: Real-world cluster setup challenges</li>
<li><strong>Technical Interviews</strong>: Deep-dive into Kubernetes concepts</li>
</ul>
<p><strong>Sample Technical Questions:</strong></p>
<p><strong>Architecture and Design:</strong></p>
<ul>
<li>“How would you design a multi-tenant Kubernetes cluster?”</li>
<li>“What’s your approach to implementing zero-downtime deployments?”</li>
<li>“How do you handle secrets management in Kubernetes?”</li>
</ul>
<p><strong>Troubleshooting Scenarios:</strong></p>
<ul>
<li>“A Pod is stuck in Pending state. Walk me through your debugging process.”</li>
<li>“How would you investigate high memory usage across your cluster?”</li>
<li>“What steps would you take if a service is unreachable?”</li>
</ul>
<p><strong>Advanced Concepts:</strong></p>
<ul>
<li>“Explain the difference between Init Containers and Sidecar Containers.”</li>
<li>“How do you implement custom admission controllers?”</li>
<li>“What’s your experience with Kubernetes operators?”</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="practical-assessments">
Practical Assessments
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#practical-assessments" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Practical Assessments" href="#practical-assessments">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Cluster Setup Challenge:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># Sample assessment: Multi-tier application deployment</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># Candidates must create:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># - Namespace with resource quotas</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># - Frontend deployment with 3 replicas</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># - Backend deployment with database</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># - Services and ingress configuration</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># - Network policies for security</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># - Monitoring and logging setup</span><span class="w">
</span></span></span></code></pre></div><p><strong>Troubleshooting Exercise:</strong></p>
<ul>
<li>Provide a “broken” cluster configuration</li>
<li>Ask candidates to identify and fix issues</li>
<li>Evaluate debugging methodology and approach</li>
</ul>
<p><strong>Architecture Design:</strong></p>
<ul>
<li>Present a business requirement</li>
<li>Ask for Kubernetes architecture design</li>
<li>Evaluate trade-offs and decision-making</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="behavioral-assessment">
Behavioral Assessment
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#behavioral-assessment" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Behavioral Assessment" href="#behavioral-assessment">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Leadership and Collaboration:</strong></p>
<ul>
<li>Experience mentoring junior engineers</li>
<li>Cross-functional team collaboration</li>
<li>Conflict resolution and communication</li>
</ul>
<p><strong>Problem-solving Approach:</strong></p>
<ul>
<li>How they handle complex technical challenges</li>
<li>Learning and adaptation strategies</li>
<li>Documentation and knowledge sharing</li>
</ul>
<p><strong>Cultural Fit:</strong></p>
<ul>
<li>Alignment with company values</li>
<li>Work style and preferences</li>
<li>Growth and development goals</li>
</ul>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/"
>Learn more about Kubernetes best practices</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="interview-process-design">
Interview Process Design
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#interview-process-design" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Interview Process Design" href="#interview-process-design">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="multi-stage-approach">
Multi-stage Approach
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#multi-stage-approach" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Multi-stage Approach" href="#multi-stage-approach">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Stage 1: Initial Screening (30 minutes)</strong></p>
<ul>
<li>High-level technical discussion</li>
<li>Experience overview and career goals</li>
<li>Cultural fit assessment</li>
</ul>
<p><strong>Stage 2: Technical Deep-dive (60-90 minutes)</strong></p>
<ul>
<li>Detailed technical questions</li>
<li>Architecture discussions</li>
<li>Problem-solving scenarios</li>
</ul>
<p><strong>Stage 3: Practical Assessment (2-4 hours)</strong></p>
<ul>
<li>Take-home project or live coding</li>
<li>Real-world scenario simulation</li>
<li>Tool and technology evaluation</li>
</ul>
<p><strong>Stage 4: Team Interview (60 minutes)</strong></p>
<ul>
<li>Collaboration with potential teammates</li>
<li>Code review and pair programming</li>
<li>Team dynamics assessment</li>
</ul>
<p><strong>Stage 5: Leadership/Culture (30-60 minutes)</strong></p>
<ul>
<li>Meeting with engineering leadership</li>
<li>Company culture and values discussion</li>
<li>Career growth and opportunities</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="interview-best-practices">
Interview Best Practices
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#interview-best-practices" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Interview Best Practices" href="#interview-best-practices">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Structured Questions:</strong></p>
<ul>
<li>Use consistent evaluation criteria</li>
<li>Document responses and observations</li>
<li>Provide clear feedback and next steps</li>
</ul>
<p><strong>Inclusive Design:</strong></p>
<ul>
<li>Avoid biased or exclusionary language</li>
<li>Provide accommodations for different needs</li>
<li>Focus on skills and potential rather than background</li>
</ul>
<p><strong>Candidate Experience:</strong></p>
<ul>
<li>Clear communication about process and timeline</li>
<li>Respect for candidate’s time and preparation</li>
<li>Constructive feedback regardless of outcome</li>
</ul>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/community/"
>Learn more about inclusive hiring practices</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="compensation-and-benefits">
Compensation and Benefits
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#compensation-and-benefits" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Compensation and Benefits" href="#compensation-and-benefits">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="market-research">
Market Research
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#market-research" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Market Research" href="#market-research">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Salary Benchmarks:</strong></p>
<ul>
<li>Research local and remote market rates</li>
<li>Consider experience level and specialization</li>
<li>Factor in cost of living and market conditions</li>
</ul>
<p><strong>Compensation Components:</strong></p>
<ul>
<li><strong>Base Salary</strong>: Competitive market rate</li>
<li><strong>Equity/Stock Options</strong>: Long-term incentives</li>
<li><strong>Performance Bonuses</strong>: Achievement-based rewards</li>
<li><strong>Benefits</strong>: Health, retirement, professional development</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="non-monetary-benefits">
Non-monetary Benefits
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#non-monetary-benefits" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Non-monetary Benefits" href="#non-monetary-benefits">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Professional Development:</strong></p>
<ul>
<li>Conference attendance and training budgets</li>
<li>Certification programs and courses</li>
<li>Mentorship and career development</li>
</ul>
<p><strong>Work Environment:</strong></p>
<ul>
<li>Flexible work arrangements</li>
<li>Modern development tools and infrastructure</li>
<li>Collaborative and supportive culture</li>
</ul>
<p><strong>Growth Opportunities:</strong></p>
<ul>
<li>Clear career progression paths</li>
<li>Leadership and management opportunities</li>
<li>Technical specialization tracks</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="onboarding-and-retention">
Onboarding and Retention
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#onboarding-and-retention" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Onboarding and Retention" href="#onboarding-and-retention">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="effective-onboarding">
Effective Onboarding
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#effective-onboarding" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Effective Onboarding" href="#effective-onboarding">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Technical Setup:</strong></p>
<ul>
<li>Access to development environments</li>
<li>Documentation and runbooks</li>
<li>Mentorship and pair programming</li>
</ul>
<p><strong>Knowledge Transfer:</strong></p>
<ul>
<li>Architecture and design decisions</li>
<li>Operational procedures and tools</li>
<li>Team processes and communication</li>
</ul>
<p><strong>Integration:</strong></p>
<ul>
<li>Team introductions and relationships</li>
<li>Project assignments and responsibilities</li>
<li>Performance expectations and feedback</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="retention-strategies">
Retention Strategies
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#retention-strategies" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Retention Strategies" href="#retention-strategies">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Continuous Learning:</strong></p>
<ul>
<li>Regular training and skill development</li>
<li>Conference attendance and speaking opportunities</li>
<li>Open source contribution support</li>
</ul>
<p><strong>Career Growth:</strong></p>
<ul>
<li>Clear promotion criteria and timelines</li>
<li>Leadership and management opportunities</li>
<li>Technical specialization and expertise development</li>
</ul>
<p><strong>Work-Life Balance:</strong></p>
<ul>
<li>Flexible scheduling and remote work options</li>
<li>Reasonable workload and expectations</li>
<li>Support for personal and professional development</li>
</ul>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/community/"
>Learn more about Kubernetes community</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="common-hiring-mistakes">
Common Hiring Mistakes
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#common-hiring-mistakes" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Common Hiring Mistakes" href="#common-hiring-mistakes">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="what-to-avoid">
What to Avoid
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#what-to-avoid" class="gblog-post__anchor clip flex align-center" aria-label="Anchor What to Avoid" href="#what-to-avoid">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Over-emphasizing Certifications:</strong></p>
<ul>
<li>While certifications show commitment, they don’t guarantee practical skills</li>
<li>Focus on real-world experience and problem-solving abilities</li>
<li>Use certifications as one data point, not the primary criteria</li>
</ul>
<p><strong>Ignoring Soft Skills:</strong></p>
<ul>
<li>Technical expertise is important, but collaboration and communication matter</li>
<li>Evaluate ability to work in teams and mentor others</li>
<li>Consider cultural fit and alignment with company values</li>
</ul>
<p><strong>Rushing the Process:</strong></p>
<ul>
<li>Take time to thoroughly evaluate candidates</li>
<li>Don’t compromise on quality for speed</li>
<li>Ensure all stakeholders are involved in decision-making</li>
</ul>
<p><strong>Poor Candidate Experience:</strong></p>
<ul>
<li>Communicate clearly about process and timeline</li>
<li>Provide constructive feedback regardless of outcome</li>
<li>Respect candidate’s time and preparation</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="red-flags-in-candidates">
Red Flags in Candidates
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#red-flags-in-candidates" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Red Flags in Candidates" href="#red-flags-in-candidates">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Lack of Practical Experience:</strong></p>
<ul>
<li>Theoretical knowledge without real-world application</li>
<li>No experience with production environments</li>
<li>Unable to discuss specific challenges and solutions</li>
</ul>
<p><strong>Poor Problem-solving Skills:</strong></p>
<ul>
<li>Unable to think through complex scenarios</li>
<li>Lack of systematic debugging approach</li>
<li>No experience with troubleshooting and optimization</li>
</ul>
<p><strong>Communication Issues:</strong></p>
<ul>
<li>Difficulty explaining technical concepts</li>
<li>Poor documentation and knowledge sharing</li>
<li>Inability to collaborate effectively</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="building-a-kubernetes-talent-pipeline">
Building a Kubernetes Talent Pipeline
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#building-a-kubernetes-talent-pipeline" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Building a Kubernetes Talent Pipeline" href="#building-a-kubernetes-talent-pipeline">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="long-term-strategies">
Long-term Strategies
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#long-term-strategies" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Long-term Strategies" href="#long-term-strategies">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>University Partnerships:</strong></p>
<ul>
<li>Internship and co-op programs</li>
<li>Curriculum development and guest lectures</li>
<li>Research collaborations and projects</li>
</ul>
<p><strong>Community Engagement:</strong></p>
<ul>
<li>Sponsorship of Kubernetes meetups and conferences</li>
<li>Open source contributions and projects</li>
<li>Technical blog posts and tutorials</li>
</ul>
<p><strong>Internal Development:</strong></p>
<ul>
<li>Training programs for existing employees</li>
<li>Mentorship and knowledge sharing</li>
<li>Career development and specialization tracks</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="employer-branding">
Employer Branding
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#employer-branding" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Employer Branding" href="#employer-branding">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p><strong>Technical Excellence:</strong></p>
<ul>
<li>Showcase challenging and interesting projects</li>
<li>Highlight use of cutting-edge technologies</li>
<li>Demonstrate commitment to best practices</li>
</ul>
<p><strong>Learning and Growth:</strong></p>
<ul>
<li>Clear career progression paths</li>
<li>Support for continuous learning</li>
<li>Opportunities for specialization and leadership</li>
</ul>
<p><strong>Work Environment:</strong></p>
<ul>
<li>Collaborative and supportive culture</li>
<li>Modern tools and infrastructure</li>
<li>Work-life balance and flexibility</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="conclusion">
Conclusion
<a data-clipboard-text="https://k8s-ops.net/posts/how-to-hire-kubernetes-experts-2025/#conclusion" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Conclusion" href="#conclusion">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>Hiring Kubernetes experts in 2025 requires a strategic approach that balances technical expertise with cultural fit and growth potential. Success depends on understanding the market, crafting compelling job descriptions, implementing effective assessment processes, and creating an environment that attracts and retains top talent.</p>
<p>Key success factors include:</p>
<ul>
<li><strong>Clear role definition</strong> and realistic requirements</li>
<li><strong>Comprehensive assessment</strong> of technical and soft skills</li>
<li><strong>Competitive compensation</strong> and benefits packages</li>
<li><strong>Effective onboarding</strong> and retention strategies</li>
<li><strong>Long-term talent pipeline</strong> development</li>
</ul>
<p>Remember that Kubernetes expertise is valuable and in high demand. Focus on creating an environment where talented engineers want to work and grow, rather than just filling immediate needs. Invest in your team’s development and create opportunities for advancement and specialization.</p>
<p>The most successful organizations in the Kubernetes space are those that view hiring as a long-term investment in their team and culture, not just a short-term staffing need.</p>
<p>For more information about Kubernetes careers and community involvement, visit the <a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/"
>official Kubernetes documentation</a> and the <a
class="gblog-markdown__link"
href="https://kubernetes.io/community/"
>Kubernetes community resources</a>.</p>Kubernetes v1.34 Release Preview: What to Expecthttps://k8s-ops.net/posts/kubernetes-v1-34-release-preview/2025-06-15T00:00:00+00:002025-07-04T14:28:58-04:00
<p>As the Kubernetes community prepares for the v1.34 release cycle, scheduled for early 2026, developers and operators are eagerly anticipating the new features, improvements, and enhancements that will shape the future of container orchestration. Based on ongoing development work, community discussions, and SIG (Special Interest Group) roadmaps, here’s a comprehensive preview of what to expect in Kubernetes v1.34.</p>
<div class="gblog-post__anchorwrap">
<h2 id="release-timeline-and-planning">
Release Timeline and Planning
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#release-timeline-and-planning" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Release Timeline and Planning" href="#release-timeline-and-planning">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="development-schedule">
Development Schedule
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#development-schedule" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Development Schedule" href="#development-schedule">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The v1.34 release cycle follows the established Kubernetes release cadence:</p>
<ul>
<li><strong>Feature Freeze</strong>: December 2025</li>
<li><strong>Code Freeze</strong>: January 2026</li>
<li><strong>Release Candidate</strong>: February 2026</li>
<li><strong>General Availability</strong>: March 2026</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="release-team">
Release Team
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#release-team" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Release Team" href="#release-team">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The v1.34 release team, led by experienced community members, is focusing on:</p>
<ul>
<li><strong>Stability Improvements</strong>: Enhanced reliability and performance</li>
<li><strong>Developer Experience</strong>: Better tooling and debugging capabilities</li>
<li><strong>Security Enhancements</strong>: Advanced security features and compliance</li>
<li><strong>Edge Computing</strong>: Improved support for edge and IoT workloads</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="expected-major-features">
Expected Major Features
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#expected-major-features" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Expected Major Features" href="#expected-major-features">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-enhanced-webassembly-support">
1. Enhanced WebAssembly Support
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#1-enhanced-webassembly-support" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Enhanced WebAssembly Support" href="#1-enhanced-webassembly-support">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>WebAssembly (Wasm) support is expected to graduate from alpha to beta in v1.34, providing more mature capabilities for running Wasm workloads in Kubernetes.</p>
<p><strong>Anticipated Features:</strong></p>
<ul>
<li><strong>Improved Performance</strong>: Better integration with container runtime</li>
<li><strong>Enhanced Security</strong>: Sandboxed execution with better isolation</li>
<li><strong>Developer Tools</strong>: Better debugging and monitoring capabilities</li>
<li><strong>Ecosystem Integration</strong>: Improved support for Wasm toolchains</li>
</ul>
<p><strong>Use Cases:</strong></p>
<ul>
<li>Serverless functions</li>
<li>Edge computing workloads</li>
<li>Plugin systems</li>
<li>Cross-platform applications</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="2-advanced-resource-management">
2. Advanced Resource Management
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#2-advanced-resource-management" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Advanced Resource Management" href="#2-advanced-resource-management">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Resource management capabilities are expected to receive significant enhancements, particularly around GPU and specialized hardware support.</p>
<p><strong>Expected Improvements:</strong></p>
<ul>
<li><strong>Dynamic Resource Allocation</strong>: More sophisticated resource sharing</li>
<li><strong>GPU Scheduling</strong>: Enhanced GPU-aware scheduling algorithms</li>
<li><strong>Memory Optimization</strong>: Better memory pressure handling</li>
<li><strong>Storage Management</strong>: Improved storage resource allocation</li>
</ul>
<p><strong>Implementation Examples:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Pod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">gpu-workload</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">gpu-container</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">nvidia/cuda:latest</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">resources</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">limits</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">nvidia.com/gpu</span><span class="p">:</span><span class="w"> </span><span class="m">1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="s2">"4Gi"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="s2">"2"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">requests</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">nvidia.com/gpu</span><span class="p">:</span><span class="w"> </span><span class="m">1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="s2">"2Gi"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="s2">"1"</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="3-enhanced-observability">
3. Enhanced Observability
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#3-enhanced-observability" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Enhanced Observability" href="#3-enhanced-observability">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Observability features are expected to receive major updates, building on the structured logging improvements from previous releases.</p>
<p><strong>Anticipated Features:</strong></p>
<ul>
<li><strong>Distributed Tracing</strong>: Native support for request tracing</li>
<li><strong>Metrics Collection</strong>: Enhanced performance metrics</li>
<li><strong>Log Aggregation</strong>: Improved log management capabilities</li>
<li><strong>Custom Observability</strong>: Better support for custom observability tools</li>
</ul>
<p><strong>Configuration Examples:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ConfigMap</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">observability-config</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">data</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">tracing.yaml</span><span class="p">:</span><span class="w"> </span><span class="p">|</span><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> sampling:
</span></span></span><span class="line"><span class="cl"><span class="sd"> rate: 0.1
</span></span></span><span class="line"><span class="cl"><span class="sd"> exporters:
</span></span></span><span class="line"><span class="cl"><span class="sd"> - jaeger
</span></span></span><span class="line"><span class="cl"><span class="sd"> - zipkin
</span></span></span><span class="line"><span class="cl"><span class="sd"> processors:
</span></span></span><span class="line"><span class="cl"><span class="sd"> - batch
</span></span></span><span class="line"><span class="cl"><span class="sd"> - memory_limiter</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="4-improved-security-features">
4. Improved Security Features
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#4-improved-security-features" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 4. Improved Security Features" href="#4-improved-security-features">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Security continues to be a top priority, with several enhancements expected in v1.34.</p>
<p><strong>Expected Security Improvements:</strong></p>
<ul>
<li><strong>Enhanced RBAC</strong>: More granular permission controls</li>
<li><strong>Network Policies</strong>: Advanced network security features</li>
<li><strong>Pod Security</strong>: Improved pod security standards</li>
<li><strong>Supply Chain Security</strong>: Better container image security</li>
</ul>
<p><strong>Security Context Enhancements:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Pod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">secure-pod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">securityContext</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">runAsNonRoot</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">runAsUser</span><span class="p">:</span><span class="w"> </span><span class="m">1000</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">runAsGroup</span><span class="p">:</span><span class="w"> </span><span class="m">3000</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">fsGroup</span><span class="p">:</span><span class="w"> </span><span class="m">2000</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">seccompProfile</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">RuntimeDefault</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">capabilities</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">drop</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">ALL</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">main</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">nginx:latest</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">securityContext</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">allowPrivilegeEscalation</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">readOnlyRootFilesystem</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">capabilities</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">drop</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">ALL</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="5-edge-computing-enhancements">
5. Edge Computing Enhancements
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#5-edge-computing-enhancements" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 5. Edge Computing Enhancements" href="#5-edge-computing-enhancements">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Edge computing support is expected to mature significantly in v1.34, with better support for resource-constrained environments.</p>
<p><strong>Anticipated Edge Features:</strong></p>
<ul>
<li><strong>Lightweight Components</strong>: Optimized for edge devices</li>
<li><strong>Offline Operation</strong>: Better support for intermittent connectivity</li>
<li><strong>Local Processing</strong>: Reduced dependency on centralized resources</li>
<li><strong>Multi-cluster Management</strong>: Coordinated edge deployments</li>
</ul>
<p><strong>Edge Configuration Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Node</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">edge-node-1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">labels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">node-type</span><span class="p">:</span><span class="w"> </span><span class="l">edge</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">location</span><span class="p">:</span><span class="w"> </span><span class="l">factory-floor</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">config</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">edge</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">offlineMode</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">localStorage</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">resourceOptimization</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h2 id="beta-features-moving-to-stable">
Beta Features Moving to Stable
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#beta-features-moving-to-stable" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Beta Features Moving to Stable" href="#beta-features-moving-to-stable">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-enhanced-api-server-performance">
1. Enhanced API Server Performance
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#1-enhanced-api-server-performance" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Enhanced API Server Performance" href="#1-enhanced-api-server-performance">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>API server performance improvements that have been in beta are expected to graduate to stable, providing better scalability and reliability.</p>
<p><strong>Expected Improvements:</strong></p>
<ul>
<li><strong>Reduced Latency</strong>: Faster request processing</li>
<li><strong>Better Memory Management</strong>: More efficient memory utilization</li>
<li><strong>Improved Caching</strong>: Enhanced caching mechanisms</li>
<li><strong>Connection Optimization</strong>: Better connection pooling</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="2-advanced-scheduling-features">
2. Advanced Scheduling Features
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#2-advanced-scheduling-features" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Advanced Scheduling Features" href="#2-advanced-scheduling-features">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Scheduling enhancements are expected to graduate to stable, providing more sophisticated workload placement capabilities.</p>
<p><strong>Expected Features:</strong></p>
<ul>
<li><strong>Resource-aware Scheduling</strong>: Better resource utilization</li>
<li><strong>Cost-aware Placement</strong>: Consideration of resource costs</li>
<li><strong>Network-aware Scheduling</strong>: Network topology consideration</li>
<li><strong>Storage-aware Placement</strong>: Optimized storage allocation</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="3-improved-storage-management">
3. Improved Storage Management
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#3-improved-storage-management" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Improved Storage Management" href="#3-improved-storage-management">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Storage features that have been evolving through beta are expected to reach stable status.</p>
<p><strong>Expected Improvements:</strong></p>
<ul>
<li><strong>Volume Snapshots</strong>: Enhanced backup capabilities</li>
<li><strong>Dynamic Provisioning</strong>: Better storage class support</li>
<li><strong>Storage Capacity Tracking</strong>: More accurate resource management</li>
<li><strong>Multi-attach Volumes</strong>: Support for shared storage access</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="alpha-features-to-watch">
Alpha Features to Watch
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#alpha-features-to-watch" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Alpha Features to Watch" href="#alpha-features-to-watch">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-quantum-computing-support">
1. Quantum Computing Support
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#1-quantum-computing-support" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Quantum Computing Support" href="#1-quantum-computing-support">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Early support for quantum computing workloads may enter alpha, preparing Kubernetes for future quantum computing integration.</p>
<p><strong>Potential Features:</strong></p>
<ul>
<li><strong>Quantum Resource Management</strong>: Basic quantum resource allocation</li>
<li><strong>Quantum Workload Scheduling</strong>: Preliminary quantum workload support</li>
<li><strong>Hybrid Classical-Quantum</strong>: Support for mixed workloads</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="2-advanced-aiml-workload-support">
2. Advanced AI/ML Workload Support
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#2-advanced-aiml-workload-support" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Advanced AI/ML Workload Support" href="#2-advanced-aiml-workload-support">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Enhanced support for artificial intelligence and machine learning workloads is expected to continue evolving.</p>
<p><strong>Anticipated Features:</strong></p>
<ul>
<li><strong>Model Serving</strong>: Better support for ML model deployment</li>
<li><strong>Training Optimization</strong>: Enhanced training workload management</li>
<li><strong>Resource Scheduling</strong>: AI/ML-aware resource allocation</li>
<li><strong>Monitoring</strong>: Specialized monitoring for ML workloads</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="3-sustainability-features">
3. Sustainability Features
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#3-sustainability-features" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Sustainability Features" href="#3-sustainability-features">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Environmental impact considerations may enter alpha, reflecting the industry’s focus on green computing.</p>
<p><strong>Potential Features:</strong></p>
<ul>
<li><strong>Carbon-aware Scheduling</strong>: Consideration of environmental impact</li>
<li><strong>Energy-efficient Placement</strong>: Optimized for energy consumption</li>
<li><strong>Sustainability Metrics</strong>: Environmental impact tracking</li>
<li><strong>Green Computing Policies</strong>: Sustainability-focused policies</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="deprecations-and-removals">
Deprecations and Removals
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#deprecations-and-removals" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Deprecations and Removals" href="#deprecations-and-removals">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="expected-deprecations">
Expected Deprecations
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#expected-deprecations" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Expected Deprecations" href="#expected-deprecations">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Several features are expected to be deprecated in v1.34:</p>
<ul>
<li><strong>Legacy API Versions</strong>: Older API versions that have been deprecated for multiple releases</li>
<li><strong>Deprecated Flags</strong>: Command-line flags that are no longer recommended</li>
<li><strong>Obsolete Configurations</strong>: Configuration options with better alternatives</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="planned-removals">
Planned Removals
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#planned-removals" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Planned Removals" href="#planned-removals">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Features that may be removed in v1.34:</p>
<ul>
<li><strong>Unused Components</strong>: Components that are no longer maintained</li>
<li><strong>Deprecated APIs</strong>: APIs that have been deprecated for multiple releases</li>
<li><strong>Legacy Tools</strong>: Tools that have been replaced by newer alternatives</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="performance-improvements">
Performance Improvements
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#performance-improvements" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Performance Improvements" href="#performance-improvements">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="scheduler-enhancements">
Scheduler Enhancements
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#scheduler-enhancements" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Scheduler Enhancements" href="#scheduler-enhancements">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The Kubernetes scheduler is expected to receive significant performance improvements:</p>
<ul>
<li><strong>Faster Algorithms</strong>: Improved scheduling algorithms</li>
<li><strong>Parallel Processing</strong>: Better utilization of multiple cores</li>
<li><strong>Memory Efficiency</strong>: Reduced memory footprint</li>
<li><strong>Scalability</strong>: Better performance at scale</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="etcd-optimizations">
etcd Optimizations
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#etcd-optimizations" class="gblog-post__anchor clip flex align-center" aria-label="Anchor etcd Optimizations" href="#etcd-optimizations">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>etcd, the backing store for Kubernetes, is expected to receive optimizations:</p>
<ul>
<li><strong>Reduced Storage Requirements</strong>: More efficient data storage</li>
<li><strong>Faster Operations</strong>: Improved read and write performance</li>
<li><strong>Better Compression</strong>: Enhanced data compression algorithms</li>
<li><strong>Improved Reliability</strong>: Better fault tolerance and recovery</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="community-and-ecosystem-impact">
Community and Ecosystem Impact
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#community-and-ecosystem-impact" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Community and Ecosystem Impact" href="#community-and-ecosystem-impact">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="developer-experience">
Developer Experience
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#developer-experience" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Developer Experience" href="#developer-experience">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>v1.34 is expected to focus heavily on improving developer experience:</p>
<ul>
<li><strong>Better Tooling</strong>: Enhanced development tools and utilities</li>
<li><strong>Simplified Configuration</strong>: Easier configuration management</li>
<li><strong>Improved Documentation</strong>: Better documentation and examples</li>
<li><strong>Enhanced Debugging</strong>: Better debugging and troubleshooting capabilities</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="operator-experience">
Operator Experience
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#operator-experience" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Operator Experience" href="#operator-experience">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Operators can expect improvements in:</p>
<ul>
<li><strong>Monitoring</strong>: Better monitoring and alerting capabilities</li>
<li><strong>Troubleshooting</strong>: Enhanced troubleshooting tools</li>
<li><strong>Automation</strong>: Improved automation and orchestration</li>
<li><strong>Compliance</strong>: Better compliance and governance features</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="migration-and-upgrade-considerations">
Migration and Upgrade Considerations
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#migration-and-upgrade-considerations" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Migration and Upgrade Considerations" href="#migration-and-upgrade-considerations">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="pre-upgrade-preparation">
Pre-upgrade Preparation
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#pre-upgrade-preparation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Pre-upgrade Preparation" href="#pre-upgrade-preparation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Organizations should prepare for v1.34 by:</p>
<ul>
<li><strong>Reviewing Deprecations</strong>: Understanding what features will be deprecated</li>
<li><strong>Testing Applications</strong>: Ensuring applications work with new features</li>
<li><strong>Updating Tools</strong>: Updating kubectl and other client tools</li>
<li><strong>Planning Migration</strong>: Creating migration plans for deprecated features</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="upgrade-strategy">
Upgrade Strategy
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#upgrade-strategy" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Upgrade Strategy" href="#upgrade-strategy">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Recommended upgrade approach:</p>
<ol>
<li><strong>Staging Environment</strong>: Test upgrades in staging first</li>
<li><strong>Gradual Rollout</strong>: Use rolling upgrades for production</li>
<li><strong>Monitoring</strong>: Closely monitor during and after upgrades</li>
<li><strong>Rollback Plan</strong>: Have rollback procedures ready</li>
<li><strong>Documentation</strong>: Document any issues and solutions</li>
</ol>
<div class="gblog-post__anchorwrap">
<h2 id="looking-ahead-beyond-v134">
Looking Ahead: Beyond v1.34
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#looking-ahead-beyond-v134" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Looking Ahead: Beyond v1.34" href="#looking-ahead-beyond-v134">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="future-directions">
Future Directions
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#future-directions" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Future Directions" href="#future-directions">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The Kubernetes community is already planning beyond v1.34:</p>
<ul>
<li><strong>Simplification</strong>: Making Kubernetes easier to use and operate</li>
<li><strong>Edge Computing</strong>: Expanding edge and IoT capabilities</li>
<li><strong>AI/ML Integration</strong>: Better support for AI/ML workloads</li>
<li><strong>Sustainability</strong>: Environmental impact considerations</li>
<li><strong>Cross-platform</strong>: Better support for diverse architectures</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="community-evolution">
Community Evolution
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#community-evolution" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Community Evolution" href="#community-evolution">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The community continues to evolve:</p>
<ul>
<li><strong>Diversity</strong>: Increasing diversity in contributors and leadership</li>
<li><strong>Education</strong>: Better educational resources and training</li>
<li><strong>Sustainability</strong>: Ensuring long-term project sustainability</li>
<li><strong>Global Reach</strong>: Expanding to new regions and markets</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="conclusion">
Conclusion
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-34-release-preview/#conclusion" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Conclusion" href="#conclusion">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>Kubernetes v1.34 promises to be an exciting release with significant improvements in performance, security, observability, and developer experience. The focus on edge computing, WebAssembly support, and enhanced resource management reflects the evolving needs of the cloud-native ecosystem.</p>
<p>Organizations should start preparing now by:</p>
<ul>
<li><strong>Monitoring Development</strong>: Following SIG discussions and proposals</li>
<li><strong>Testing Features</strong>: Experimenting with alpha and beta features</li>
<li><strong>Planning Upgrades</strong>: Creating upgrade strategies and timelines</li>
<li><strong>Training Teams</strong>: Ensuring teams are ready for new features</li>
</ul>
<p>The Kubernetes community’s commitment to innovation, stability, and user experience ensures that v1.34 will continue the platform’s evolution as the foundation of modern cloud computing. As always, the best approach is to stay engaged with the community, test new features early, and plan upgrades carefully to maximize the benefits of the new release.</p>
<p>For the latest information on v1.34 development, follow the <a
class="gblog-markdown__link"
href="https://github.com/kubernetes/sig-release"
>Kubernetes SIG-Release discussions</a> and <a
class="gblog-markdown__link"
href="https://kubernetes.io/community/"
>community meetings</a>.</p>Basic Kubernetes Interview Questions (2025 Edition)https://k8s-ops.net/posts/basic-kubernetes-interview-questions-2025/2025-06-01T00:00:00+00:002025-07-04T14:53:10-04:00
<p>Kubernetes has become the de facto standard for container orchestration, making it an essential skill for anyone entering the DevOps, cloud engineering, or platform engineering space. Whether you’re a hiring manager evaluating entry-level candidates or a professional preparing for your first Kubernetes interview, this guide covers the fundamental concepts that demonstrate core understanding.</p>
<div class="gblog-post__anchorwrap">
<h2 id="what-is-kubernetes-and-what-problems-does-it-solve">
What is Kubernetes and what problems does it solve?
<a data-clipboard-text="https://k8s-ops.net/posts/basic-kubernetes-interview-questions-2025/#what-is-kubernetes-and-what-problems-does-it-solve" class="gblog-post__anchor clip flex align-center" aria-label="Anchor What is Kubernetes and what problems does it solve?" href="#what-is-kubernetes-and-what-problems-does-it-solve">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Expected Answer:</strong>
Kubernetes is an open-source container orchestration platform that automates the deployment, scaling, and management of containerized applications. It solves several critical problems in modern application deployment:</p>
<p><strong>Problems it solves:</strong></p>
<ul>
<li><strong>Container Orchestration</strong>: Manages thousands of containers across multiple hosts</li>
<li><strong>Service Discovery</strong>: Automatically finds and connects services</li>
<li><strong>Load Balancing</strong>: Distributes traffic across multiple instances</li>
<li><strong>Self-healing</strong>: Automatically replaces failed containers</li>
<li><strong>Horizontal Scaling</strong>: Scales applications up or down based on demand</li>
<li><strong>Rolling Updates</strong>: Updates applications without downtime</li>
<li><strong>Resource Management</strong>: Efficiently allocates CPU, memory, and storage</li>
</ul>
<p><strong>Key Concepts to Mention:</strong></p>
<ul>
<li>Declarative configuration (desired state vs. current state)</li>
<li>API-driven architecture</li>
<li>Cloud-native design principles</li>
<li>Multi-cloud and hybrid cloud support</li>
</ul>
<p><strong>Example Response:</strong>
“Kubernetes is a container orchestration platform that solves the complexity of managing containerized applications at scale. Instead of manually deploying containers on individual servers, Kubernetes provides automation for deployment, scaling, load balancing, and self-healing. It’s like having an intelligent system that ensures your applications are always running, properly distributed, and automatically recover from failures.”</p>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/overview/"
>Learn more about Kubernetes</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="describe-the-function-of-a-pod">
Describe the function of a Pod.
<a data-clipboard-text="https://k8s-ops.net/posts/basic-kubernetes-interview-questions-2025/#describe-the-function-of-a-pod" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Describe the function of a Pod." href="#describe-the-function-of-a-pod">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Expected Answer:</strong>
A Pod is the smallest deployable unit in Kubernetes. It represents a single instance of a running process in your cluster and can contain one or more containers.</p>
<p><strong>Key Points:</strong></p>
<ul>
<li><strong>Atomic Unit</strong>: Pods are the basic building blocks</li>
<li><strong>Shared Resources</strong>: Containers in a Pod share network namespace and storage</li>
<li><strong>Lifecycle</strong>: Pods are ephemeral and can be created, destroyed, and recreated</li>
<li><strong>IP Address</strong>: Each Pod gets its own IP address</li>
<li><strong>Scheduling</strong>: Pods are scheduled to nodes by the scheduler</li>
</ul>
<p><strong>Container Relationship:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Pod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">my-pod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">main-app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">nginx:latest</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">containerPort</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">sidecar</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">busybox:latest</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">command</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s1">'sh'</span><span class="p">,</span><span class="w"> </span><span class="s1">'-c'</span><span class="p">,</span><span class="w"> </span><span class="s1">'while true; do echo "sidecar running"; sleep 30; done'</span><span class="p">]</span><span class="w">
</span></span></span></code></pre></div><p><strong>Example Response:</strong>
“A Pod is the smallest unit in Kubernetes that can be deployed. Think of it as a wrapper around one or more containers that share the same network namespace, storage, and lifecycle. For example, if you have a web application that needs a logging sidecar, both containers would run in the same Pod so they can communicate via localhost and share the same network identity.”</p>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/workloads/pods/"
>Learn more about Pods</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="whats-the-difference-between-a-deployment-and-a-statefulset">
What’s the difference between a Deployment and a StatefulSet?
<a data-clipboard-text="https://k8s-ops.net/posts/basic-kubernetes-interview-questions-2025/#whats-the-difference-between-a-deployment-and-a-statefulset" class="gblog-post__anchor clip flex align-center" aria-label="Anchor What’s the difference between a Deployment and a StatefulSet?" href="#whats-the-difference-between-a-deployment-and-a-statefulset">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Expected Answer:</strong>
Deployments and StatefulSets are both controllers that manage Pods, but they serve different purposes based on the application’s state requirements.</p>
<p><strong>Deployment:</strong></p>
<ul>
<li><strong>Stateless Applications</strong>: Designed for applications that don’t need persistent state</li>
<li><strong>Random Names</strong>: Pods get random names (e.g., <code>app-abc123</code>, <code>app-def456</code>)</li>
<li><strong>Interchangeable</strong>: Any Pod can replace any other Pod</li>
<li><strong>Rolling Updates</strong>: Supports rolling updates and rollbacks</li>
<li><strong>Scaling</strong>: Easy horizontal scaling</li>
</ul>
<p><strong>StatefulSet:</strong></p>
<ul>
<li><strong>Stateful Applications</strong>: Designed for applications that need stable, unique identities</li>
<li><strong>Ordered Names</strong>: Pods get predictable names (e.g., <code>app-0</code>, <code>app-1</code>, <code>app-2</code>)</li>
<li><strong>Stable Network</strong>: Each Pod gets a stable network identity</li>
<li><strong>Ordered Operations</strong>: Creates and deletes Pods in order</li>
<li><strong>Persistent Storage</strong>: Each Pod can have its own persistent volume</li>
</ul>
<p><strong>Example Response:</strong>
“Deployments are for stateless applications where any instance can handle any request. Think of a web server - you can have 10 instances and it doesn’t matter which one serves a request. StatefulSets are for applications like databases where each instance has a specific role, needs stable network identity, and requires persistent storage. For example, in a Redis cluster, each node needs to know its position and maintain its data.”</p>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/workloads/controllers/deployment/"
>Learn more about Deployments</a>
<a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/"
>Learn more about StatefulSets</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="how-does-a-service-work-in-kubernetes">
How does a Service work in Kubernetes?
<a data-clipboard-text="https://k8s-ops.net/posts/basic-kubernetes-interview-questions-2025/#how-does-a-service-work-in-kubernetes" class="gblog-post__anchor clip flex align-center" aria-label="Anchor How does a Service work in Kubernetes?" href="#how-does-a-service-work-in-kubernetes">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Expected Answer:</strong>
A Service provides a stable network endpoint for accessing a set of Pods. It abstracts the underlying Pod IPs and provides load balancing.</p>
<p><strong>Key Functions:</strong></p>
<ul>
<li><strong>Service Discovery</strong>: Provides a stable IP address and DNS name</li>
<li><strong>Load Balancing</strong>: Distributes traffic across multiple Pods</li>
<li><strong>Abstraction</strong>: Hides Pod lifecycle from clients</li>
<li><strong>Port Mapping</strong>: Maps service ports to container ports</li>
</ul>
<p><strong>Service Types:</strong></p>
<ul>
<li><strong>ClusterIP</strong>: Internal access only (default)</li>
<li><strong>NodePort</strong>: External access via node IP and port</li>
<li><strong>LoadBalancer</strong>: External access via cloud load balancer</li>
<li><strong>ExternalName</strong>: Maps service to external DNS name</li>
</ul>
<p><strong>Example Configuration:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">my-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">my-app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l">TCP</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">targetPort</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">ClusterIP</span><span class="w">
</span></span></span></code></pre></div><p><strong>Example Response:</strong>
“A Service acts as a stable frontend for your Pods. When Pods are created or destroyed, the Service automatically updates its endpoints to route traffic to the available Pods. It provides load balancing and service discovery. For example, if you have 3 Pods running your web application, the Service will distribute incoming requests across all three Pods and automatically handle Pod failures by routing traffic to healthy Pods.”</p>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/services-networking/service/"
>Learn more about Services</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="what-is-a-configmap-vs-a-secret">
What is a ConfigMap vs. a Secret?
<a data-clipboard-text="https://k8s-ops.net/posts/basic-kubernetes-interview-questions-2025/#what-is-a-configmap-vs-a-secret" class="gblog-post__anchor clip flex align-center" aria-label="Anchor What is a ConfigMap vs. a Secret?" href="#what-is-a-configmap-vs-a-secret">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Expected Answer:</strong>
Both ConfigMaps and Secrets are used to store configuration data, but they serve different purposes based on the sensitivity of the data.</p>
<p><strong>ConfigMap:</strong></p>
<ul>
<li><strong>Non-sensitive Data</strong>: Configuration files, environment variables, command-line arguments</li>
<li><strong>Plain Text</strong>: Data is stored in plain text</li>
<li><strong>Examples</strong>: Database URLs, feature flags, application settings</li>
<li><strong>Use Cases</strong>: Configuration that can be shared or version controlled</li>
</ul>
<p><strong>Secret:</strong></p>
<ul>
<li><strong>Sensitive Data</strong>: Passwords, API keys, certificates, tokens</li>
<li><strong>Base64 Encoded</strong>: Data is base64 encoded (not encrypted)</li>
<li><strong>Examples</strong>: Database passwords, OAuth tokens, TLS certificates</li>
<li><strong>Use Cases</strong>: Credentials and sensitive configuration</li>
</ul>
<p><strong>ConfigMap Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ConfigMap</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">app-config</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">data</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">database_url</span><span class="p">:</span><span class="w"> </span><span class="s2">"postgresql://db.example.com:5432/mydb"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">log_level</span><span class="p">:</span><span class="w"> </span><span class="s2">"INFO"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">feature_flags</span><span class="p">:</span><span class="w"> </span><span class="p">|</span><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> enable_cache=true
</span></span></span><span class="line"><span class="cl"><span class="sd"> debug_mode=false</span><span class="w">
</span></span></span></code></pre></div><p><strong>Secret Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Secret</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">app-secrets</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">Opaque</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">data</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">db_password</span><span class="p">:</span><span class="w"> </span><span class="l">cGFzc3dvcmQxMjM= </span><span class="w"> </span><span class="c"># base64 encoded</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">api_key</span><span class="p">:</span><span class="w"> </span><span class="l">YXBpLWtleS1oZXJl</span><span class="w">
</span></span></span></code></pre></div><p><strong>Example Response:</strong>
“ConfigMaps store non-sensitive configuration like database URLs, log levels, or feature flags. Secrets store sensitive data like passwords, API keys, or certificates. The main difference is that Secrets are base64 encoded and treated with more care by Kubernetes. You’d use a ConfigMap for something like ‘database_url’ and a Secret for ‘database_password’. Both can be mounted as environment variables or files in your Pods.”</p>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/configuration/configmap/"
>Learn more about ConfigMaps</a>
<a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/configuration/secret/"
>Learn more about Secrets</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="how-does-kubernetes-handle-rolling-updates">
How does Kubernetes handle rolling updates?
<a data-clipboard-text="https://k8s-ops.net/posts/basic-kubernetes-interview-questions-2025/#how-does-kubernetes-handle-rolling-updates" class="gblog-post__anchor clip flex align-center" aria-label="Anchor How does Kubernetes handle rolling updates?" href="#how-does-kubernetes-handle-rolling-updates">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Expected Answer:</strong>
Rolling updates allow you to update an application without downtime by gradually replacing old Pods with new ones.</p>
<p><strong>Process:</strong></p>
<ol>
<li><strong>Gradual Replacement</strong>: Updates Pods one by one or in small batches</li>
<li><strong>Health Checks</strong>: Verifies new Pods are healthy before continuing</li>
<li><strong>Rollback Capability</strong>: Can rollback to previous version if issues occur</li>
<li><strong>Zero Downtime</strong>: Ensures service availability throughout the update</li>
</ol>
<p><strong>Configuration:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">apps/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Deployment</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">my-app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">replicas</span><span class="p">:</span><span class="w"> </span><span class="m">3</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">strategy</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">RollingUpdate</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rollingUpdate</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">maxSurge</span><span class="p">:</span><span class="w"> </span><span class="m">1</span><span class="w"> </span><span class="c"># Maximum extra Pods during update</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">maxUnavailable</span><span class="p">:</span><span class="w"> </span><span class="m">1</span><span class="w"> </span><span class="c"># Maximum unavailable Pods during update</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">my-app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">template</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">labels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">my-app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">my-app:v2</span><span class="w">
</span></span></span></code></pre></div><p><strong>Example Response:</strong>
“Rolling updates work by gradually replacing old Pods with new ones. If you have 3 replicas, Kubernetes might update them one at a time. It creates a new Pod with the updated image, waits for it to be healthy, then terminates an old Pod. This continues until all Pods are updated. The key is that there are always enough Pods running to handle traffic, ensuring zero downtime. If something goes wrong, you can quickly rollback to the previous version.”</p>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment"
>Learn more about Rolling Updates</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="what-are-liveness-and-readiness-probes">
What are liveness and readiness probes?
<a data-clipboard-text="https://k8s-ops.net/posts/basic-kubernetes-interview-questions-2025/#what-are-liveness-and-readiness-probes" class="gblog-post__anchor clip flex align-center" aria-label="Anchor What are liveness and readiness probes?" href="#what-are-liveness-and-readiness-probes">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Expected Answer:</strong>
Probes are health checks that help Kubernetes determine the health and readiness of your application.</p>
<p><strong>Liveness Probe:</strong></p>
<ul>
<li><strong>Purpose</strong>: Determines if the application is alive and running</li>
<li><strong>Action</strong>: Restarts the Pod if the probe fails</li>
<li><strong>Use Case</strong>: Detects deadlocks, infinite loops, or stuck states</li>
<li><strong>Frequency</strong>: Runs periodically throughout the Pod’s lifecycle</li>
</ul>
<p><strong>Readiness Probe:</strong></p>
<ul>
<li><strong>Purpose</strong>: Determines if the application is ready to receive traffic</li>
<li><strong>Action</strong>: Removes Pod from service endpoints if probe fails</li>
<li><strong>Use Case</strong>: Ensures application is fully initialized and ready</li>
<li><strong>Frequency</strong>: Runs before the Pod receives traffic</li>
</ul>
<p><strong>Example Configuration:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Pod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">my-app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">my-app:latest</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">livenessProbe</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">httpGet</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l">/health</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">initialDelaySeconds</span><span class="p">:</span><span class="w"> </span><span class="m">30</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">periodSeconds</span><span class="p">:</span><span class="w"> </span><span class="m">10</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">readinessProbe</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">httpGet</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l">/ready</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">initialDelaySeconds</span><span class="p">:</span><span class="w"> </span><span class="m">5</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">periodSeconds</span><span class="p">:</span><span class="w"> </span><span class="m">5</span><span class="w">
</span></span></span></code></pre></div><p><strong>Example Response:</strong>
“Liveness probes check if your application is alive and should restart the Pod if it fails. For example, if your app gets stuck in a deadlock, the liveness probe would detect this and restart it. Readiness probes check if your app is ready to receive traffic. For example, if your app needs to load configuration or connect to a database, the readiness probe ensures it’s fully initialized before receiving requests. Liveness probes restart Pods, while readiness probes just remove them from the load balancer.”</p>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/"
>Learn more about Probes</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="explain-the-role-of-kubelet-kube-apiserver-and-etcd">
Explain the role of kubelet, kube-apiserver, and etcd.
<a data-clipboard-text="https://k8s-ops.net/posts/basic-kubernetes-interview-questions-2025/#explain-the-role-of-kubelet-kube-apiserver-and-etcd" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Explain the role of kubelet, kube-apiserver, and etcd." href="#explain-the-role-of-kubelet-kube-apiserver-and-etcd">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Expected Answer:</strong>
These are core components of the Kubernetes control plane that work together to manage the cluster.</p>
<p><strong>kubelet:</strong></p>
<ul>
<li><strong>Role</strong>: Primary node agent that runs on each node</li>
<li><strong>Responsibilities</strong>:
<ul>
<li>Manages Pod lifecycle on the node</li>
<li>Reports node and Pod status to API server</li>
<li>Executes Pod specifications</li>
<li>Handles container runtime communication</li>
</ul>
</li>
<li><strong>Location</strong>: Runs on every worker node</li>
</ul>
<p><strong>kube-apiserver:</strong></p>
<ul>
<li><strong>Role</strong>: Frontend for the Kubernetes control plane</li>
<li><strong>Responsibilities</strong>:
<ul>
<li>Exposes the Kubernetes API</li>
<li>Validates and processes API requests</li>
<li>Manages authentication and authorization</li>
<li>Coordinates all cluster operations</li>
</ul>
</li>
<li><strong>Location</strong>: Runs on control plane nodes</li>
</ul>
<p><strong>etcd:</strong></p>
<ul>
<li><strong>Role</strong>: Distributed key-value store that stores all cluster data</li>
<li><strong>Responsibilities</strong>:
<ul>
<li>Stores cluster state and configuration</li>
<li>Provides consistency and reliability</li>
<li>Handles leader election</li>
<li>Maintains cluster data integrity</li>
</ul>
</li>
<li><strong>Location</strong>: Runs on control plane nodes</li>
</ul>
<p><strong>Example Response:</strong>
“kubelet is like a supervisor on each worker node - it makes sure Pods are running correctly and reports back to the control plane. kube-apiserver is the front door to the cluster - all requests go through it, and it validates and processes them. etcd is the cluster’s memory - it stores all the configuration and state information. Think of it like this: you send a request to create a Pod to the API server, it validates it and stores the information in etcd, then kubelet on the appropriate node reads the information and creates the Pod.”</p>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/overview/components/"
>Learn more about Kubernetes Components</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="how-do-you-scale-an-application-in-kubernetes">
How do you scale an application in Kubernetes?
<a data-clipboard-text="https://k8s-ops.net/posts/basic-kubernetes-interview-questions-2025/#how-do-you-scale-an-application-in-kubernetes" class="gblog-post__anchor clip flex align-center" aria-label="Anchor How do you scale an application in Kubernetes?" href="#how-do-you-scale-an-application-in-kubernetes">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Expected Answer:</strong>
Kubernetes provides multiple ways to scale applications, both manually and automatically.</p>
<p><strong>Manual Scaling:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Scale deployment to 5 replicas</span>
</span></span><span class="line"><span class="cl">kubectl scale deployment my-app --replicas<span class="o">=</span><span class="m">5</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Scale using YAML</span>
</span></span><span class="line"><span class="cl">kubectl apply -f - <span class="s"><<EOF
</span></span></span><span class="line"><span class="cl"><span class="s">apiVersion: apps/v1
</span></span></span><span class="line"><span class="cl"><span class="s">kind: Deployment
</span></span></span><span class="line"><span class="cl"><span class="s">metadata:
</span></span></span><span class="line"><span class="cl"><span class="s"> name: my-app
</span></span></span><span class="line"><span class="cl"><span class="s">spec:
</span></span></span><span class="line"><span class="cl"><span class="s"> replicas: 5
</span></span></span><span class="line"><span class="cl"><span class="s">EOF</span>
</span></span></code></pre></div><p><strong>Automatic Scaling (HPA):</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">autoscaling/v2</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">HorizontalPodAutoscaler</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">my-app-hpa</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">scaleTargetRef</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">apps/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Deployment</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">my-app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">minReplicas</span><span class="p">:</span><span class="w"> </span><span class="m">2</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">maxReplicas</span><span class="p">:</span><span class="w"> </span><span class="m">10</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">metrics</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">Resource</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">resource</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">cpu</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">target</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">Utilization</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">averageUtilization</span><span class="p">:</span><span class="w"> </span><span class="m">70</span><span class="w">
</span></span></span></code></pre></div><p><strong>Scaling Types:</strong></p>
<ul>
<li><strong>Horizontal Scaling</strong>: Add more Pod instances</li>
<li><strong>Vertical Scaling</strong>: Increase resource limits (VPA)</li>
<li><strong>Cluster Scaling</strong>: Add more nodes to the cluster</li>
</ul>
<p><strong>Example Response:</strong>
“You can scale applications manually using kubectl scale or by updating the YAML. For automatic scaling, you use HorizontalPodAutoscaler (HPA) which monitors metrics like CPU or memory usage and automatically adjusts the number of replicas. For example, if CPU usage goes above 70%, HPA might scale from 3 to 5 replicas. You can also use VerticalPodAutoscaler (VPA) to adjust resource requests and limits automatically.”</p>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/workloads/controllers/horizontalpodautoscaler/"
>Learn more about Scaling</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="whats-the-difference-between-kubectl-get-and-kubectl-describe">
What’s the difference between kubectl get and kubectl describe?
<a data-clipboard-text="https://k8s-ops.net/posts/basic-kubernetes-interview-questions-2025/#whats-the-difference-between-kubectl-get-and-kubectl-describe" class="gblog-post__anchor clip flex align-center" aria-label="Anchor What’s the difference between kubectl get and kubectl describe?" href="#whats-the-difference-between-kubectl-get-and-kubectl-describe">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Expected Answer:</strong>
Both commands provide information about Kubernetes resources, but they serve different purposes and provide different levels of detail.</p>
<p><strong>kubectl get:</strong></p>
<ul>
<li><strong>Purpose</strong>: Lists resources with basic information</li>
<li><strong>Output</strong>: Tabular format with key fields</li>
<li><strong>Use Case</strong>: Quick overview, checking status, listing resources</li>
<li><strong>Example</strong>: <code>kubectl get pods</code> shows Pod name, ready status, restart count, age</li>
</ul>
<p><strong>kubectl describe:</strong></p>
<ul>
<li><strong>Purpose</strong>: Provides detailed information about a specific resource</li>
<li><strong>Output</strong>: Detailed YAML-like format with all fields and events</li>
<li><strong>Use Case</strong>: Debugging, troubleshooting, understanding resource state</li>
<li><strong>Example</strong>: <code>kubectl describe pod my-pod</code> shows full Pod specification, events, conditions</li>
</ul>
<p><strong>Example Output Comparison:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># kubectl get pods</span>
</span></span><span class="line"><span class="cl">NAME READY STATUS RESTARTS AGE
</span></span><span class="line"><span class="cl">my-pod-abc123 1/1 Running <span class="m">0</span> 5m
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># kubectl describe pod my-pod-abc123</span>
</span></span><span class="line"><span class="cl">Name: my-pod-abc123
</span></span><span class="line"><span class="cl">Namespace: default
</span></span><span class="line"><span class="cl">Priority: <span class="m">0</span>
</span></span><span class="line"><span class="cl">Node: worker-1/10.0.1.5
</span></span><span class="line"><span class="cl">Start Time: Mon, <span class="m">01</span> Jan <span class="m">2025</span> 10:00:00 +0000
</span></span><span class="line"><span class="cl">Labels: <span class="nv">app</span><span class="o">=</span>my-app
</span></span><span class="line"><span class="cl">Annotations: kubernetes.io/psp: restricted
</span></span><span class="line"><span class="cl">Status: Running
</span></span><span class="line"><span class="cl">IP: 10.244.1.5
</span></span><span class="line"><span class="cl">Containers:
</span></span><span class="line"><span class="cl"> app:
</span></span><span class="line"><span class="cl"> Container ID: docker://abc123...
</span></span><span class="line"><span class="cl"> Image: nginx:latest
</span></span><span class="line"><span class="cl"> State: Running
</span></span><span class="line"><span class="cl"> Started: Mon, <span class="m">01</span> Jan <span class="m">2025</span> 10:00:01 +0000
</span></span><span class="line"><span class="cl"> Ready: True
</span></span><span class="line"><span class="cl"> Restart Count: <span class="m">0</span>
</span></span><span class="line"><span class="cl"> Limits:
</span></span><span class="line"><span class="cl"> cpu: 500m
</span></span><span class="line"><span class="cl"> memory: 512Mi
</span></span><span class="line"><span class="cl"> Requests:
</span></span><span class="line"><span class="cl"> cpu: 250m
</span></span><span class="line"><span class="cl"> memory: 256Mi
</span></span><span class="line"><span class="cl">Events:
</span></span><span class="line"><span class="cl"> Type Reason Age From Message
</span></span><span class="line"><span class="cl"> ---- ------ ---- ---- -------
</span></span><span class="line"><span class="cl"> Normal Scheduled 5m default-scheduler Successfully assigned default/my-pod-abc123 to worker-1
</span></span><span class="line"><span class="cl"> Normal Pulling 5m kubelet Pulling image <span class="s2">"nginx:latest"</span>
</span></span><span class="line"><span class="cl"> Normal Pulled 5m kubelet Successfully pulled image <span class="s2">"nginx:latest"</span>
</span></span><span class="line"><span class="cl"> Normal Created 5m kubelet Created container app
</span></span><span class="line"><span class="cl"> Normal Started 5m kubelet Started container app
</span></span></code></pre></div><p><strong>Example Response:</strong>
“kubectl get gives you a quick overview - like a table showing the basic status of resources. It’s great for checking if things are running or seeing how many replicas you have. kubectl describe gives you the full story - all the details about a specific resource including its configuration, events, and current state. I use get for quick checks and describe when I need to debug something or understand what’s happening with a resource.”</p>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/reference/kubectl/overview/"
>Learn more about kubectl</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="additional-tips-for-interview-success">
Additional Tips for Interview Success
<a data-clipboard-text="https://k8s-ops.net/posts/basic-kubernetes-interview-questions-2025/#additional-tips-for-interview-success" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Additional Tips for Interview Success" href="#additional-tips-for-interview-success">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="understanding-vs-memorization">
Understanding vs. Memorization
<a data-clipboard-text="https://k8s-ops.net/posts/basic-kubernetes-interview-questions-2025/#understanding-vs-memorization" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Understanding vs. Memorization" href="#understanding-vs-memorization">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Focus on understanding concepts rather than memorizing commands. Interviewers want to see that you understand the “why” behind Kubernetes design decisions.</p>
<div class="gblog-post__anchorwrap">
<h3 id="practical-experience">
Practical Experience
<a data-clipboard-text="https://k8s-ops.net/posts/basic-kubernetes-interview-questions-2025/#practical-experience" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Practical Experience" href="#practical-experience">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Be prepared to discuss:</p>
<ul>
<li>Real-world scenarios you’ve encountered</li>
<li>How you’ve solved specific problems</li>
<li>Trade-offs you’ve considered in your decisions</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="common-follow-up-questions">
Common Follow-up Questions
<a data-clipboard-text="https://k8s-ops.net/posts/basic-kubernetes-interview-questions-2025/#common-follow-up-questions" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Common Follow-up Questions" href="#common-follow-up-questions">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li>“What would you do if a Pod keeps crashing?”</li>
<li>“How would you troubleshoot a service that’s not accessible?”</li>
<li>“What’s the difference between a Pod and a container?”</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="red-flags-to-avoid">
Red Flags to Avoid
<a data-clipboard-text="https://k8s-ops.net/posts/basic-kubernetes-interview-questions-2025/#red-flags-to-avoid" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Red Flags to Avoid" href="#red-flags-to-avoid">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li><strong>Over-reliance on managed services</strong>: Show understanding of underlying concepts</li>
<li><strong>Inability to explain basic concepts</strong>: Demonstrate fundamental knowledge</li>
<li><strong>No practical experience</strong>: Be ready to discuss real scenarios</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="conclusion">
Conclusion
<a data-clipboard-text="https://k8s-ops.net/posts/basic-kubernetes-interview-questions-2025/#conclusion" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Conclusion" href="#conclusion">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>These basic Kubernetes interview questions test fundamental understanding of core concepts. Success depends not just on knowing the answers, but on demonstrating practical understanding and the ability to apply concepts to real-world scenarios.</p>
<p>For candidates: Focus on understanding the “why” behind Kubernetes design decisions and be prepared to discuss practical applications.</p>
<p>For interviewers: Look for candidates who can explain concepts clearly, discuss trade-offs, and demonstrate practical problem-solving skills rather than just memorized answers.</p>
<p>Remember, Kubernetes is a complex system, and no one expects entry-level candidates to know everything. Focus on demonstrating solid foundational knowledge, eagerness to learn, and practical problem-solving abilities.</p>
<p>For more information about Kubernetes concepts and best practices, visit the <a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/"
>official Kubernetes documentation</a> and the <a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/tutorials/"
>Kubernetes.io tutorials</a>.</p>Kubernetes v1.33 'Octarine' Release on April 23https://k8s-ops.net/posts/kubernetes-v1-33-release/2025-04-23T00:00:00+00:002025-07-04T14:01:11-04:00
<p>On April 23, 2025, the Kubernetes community released v1.33, codenamed “Octarine,” marking the first major release of 2025. This release brings 46 enhancements with 13 moving to stable, 20 entering beta, and 13 remaining in alpha. The v1.33 release focuses on enhanced security, improved performance, and new capabilities for emerging workloads.</p>
<div class="gblog-post__anchorwrap">
<h2 id="release-overview">
Release Overview
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#release-overview" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Release Overview" href="#release-overview">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="key-statistics">
Key Statistics
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#key-statistics" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Key Statistics" href="#key-statistics">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The v1.33 release represents the collective effort of:</p>
<ul>
<li><strong>1,400+ Contributors</strong>: From around the world</li>
<li><strong>75+ Organizations</strong>: Contributing code and resources</li>
<li><strong>35+ Special Interest Groups</strong>: Coordinating development</li>
<li><strong>6 Months</strong>: Of active development and testing</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="release-name-octarine">
Release Name: Octarine
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#release-name-octarine" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Release Name: Octarine" href="#release-name-octarine">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The codename “Octarine” continues Kubernetes’ tradition of naming releases after notable figures in computing history, honoring contributions to the field of computer science and technology.</p>
<div class="gblog-post__anchorwrap">
<h2 id="major-features-moving-to-stable">
Major Features Moving to Stable
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#major-features-moving-to-stable" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Major Features Moving to Stable" href="#major-features-moving-to-stable">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-enhanced-security-context">
1. Enhanced Security Context
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#1-enhanced-security-context" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Enhanced Security Context" href="#1-enhanced-security-context">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Security context features graduate to stable, providing improved security controls:</p>
<div class="gblog-post__anchorwrap">
<h4 id="advanced-security-controls">
Advanced Security Controls
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#advanced-security-controls" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Advanced Security Controls" href="#advanced-security-controls">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Fine-grained Permissions</strong>: More granular control over container capabilities</li>
<li><strong>Seccomp Profiles</strong>: Enhanced system call filtering</li>
<li><strong>SELinux Integration</strong>: Better integration with SELinux policies</li>
<li><strong>Capability Management</strong>: Improved Linux capability controls</li>
</ul>
<div class="gblog-post__anchorwrap">
<h4 id="implementation-example">
Implementation Example
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#implementation-example" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Implementation Example" href="#implementation-example">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Pod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">secure-pod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">securityContext</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">runAsNonRoot</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">runAsUser</span><span class="p">:</span><span class="w"> </span><span class="m">1000</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">runAsGroup</span><span class="p">:</span><span class="w"> </span><span class="m">3000</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">fsGroup</span><span class="p">:</span><span class="w"> </span><span class="m">2000</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">seccompProfile</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">RuntimeDefault</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">main</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">nginx:latest</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">securityContext</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">allowPrivilegeEscalation</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">readOnlyRootFilesystem</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">capabilities</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">drop</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">ALL</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="2-advanced-resource-management">
2. Advanced Resource Management
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#2-advanced-resource-management" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Advanced Resource Management" href="#2-advanced-resource-management">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Resource management capabilities receive significant improvements:</p>
<div class="gblog-post__anchorwrap">
<h4 id="dynamic-resource-allocation">
Dynamic Resource Allocation
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#dynamic-resource-allocation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Dynamic Resource Allocation" href="#dynamic-resource-allocation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>GPU Sharing</strong>: Multiple pods can share GPU resources</li>
<li><strong>Memory Optimization</strong>: Better memory allocation and management</li>
<li><strong>Storage-aware Scheduling</strong>: Optimized storage resource allocation</li>
<li><strong>Network Resource Management</strong>: Enhanced network resource allocation</li>
</ul>
<div class="gblog-post__anchorwrap">
<h4 id="performance-benefits">
Performance Benefits
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#performance-benefits" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Performance Benefits" href="#performance-benefits">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Better Resource Utilization</strong>: More efficient use of available resources</li>
<li><strong>Cost Optimization</strong>: Reduced resource waste</li>
<li><strong>Improved Scalability</strong>: Better performance at scale</li>
<li><strong>Enhanced Reliability</strong>: More stable resource allocation</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="3-enhanced-api-server-performance">
3. Enhanced API Server Performance
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#3-enhanced-api-server-performance" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Enhanced API Server Performance" href="#3-enhanced-api-server-performance">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The API server receives major performance improvements:</p>
<div class="gblog-post__anchorwrap">
<h4 id="optimizations">
Optimizations
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#optimizations" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Optimizations" href="#optimizations">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Reduced Latency</strong>: Faster request processing</li>
<li><strong>Better Memory Management</strong>: More efficient memory utilization</li>
<li><strong>Improved Caching</strong>: Enhanced caching mechanisms</li>
<li><strong>Connection Optimization</strong>: Better connection pooling and management</li>
</ul>
<div class="gblog-post__anchorwrap">
<h4 id="impact-on-users">
Impact on Users
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#impact-on-users" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Impact on Users" href="#impact-on-users">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Faster Operations</strong>: Reduced response times for all API operations</li>
<li><strong>Better Scalability</strong>: Improved performance at scale</li>
<li><strong>Resource Efficiency</strong>: Lower resource consumption</li>
<li><strong>Enhanced Reliability</strong>: More stable API server operation</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="beta-features">
Beta Features
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#beta-features" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Beta Features" href="#beta-features">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-enhanced-rbac-system">
1. Enhanced RBAC System
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#1-enhanced-rbac-system" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Enhanced RBAC System" href="#1-enhanced-rbac-system">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The Role-Based Access Control system receives major updates:</p>
<div class="gblog-post__anchorwrap">
<h4 id="fine-grained-permissions">
Fine-grained Permissions
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#fine-grained-permissions" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Fine-grained Permissions" href="#fine-grained-permissions">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Resource-level Permissions</strong>: Granular control over specific resources</li>
<li><strong>Conditional Access</strong>: Context-aware authorization decisions</li>
<li><strong>Dynamic Policy Evaluation</strong>: Real-time policy enforcement</li>
<li><strong>Audit Trail Enhancement</strong>: Comprehensive security event tracking</li>
</ul>
<div class="gblog-post__anchorwrap">
<h4 id="implementation-examples">
Implementation Examples
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#implementation-examples" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Implementation Examples" href="#implementation-examples">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">rbac.authorization.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ClusterRole</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">advanced-pod-reader</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span>- <span class="nt">apiGroups</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">""</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">resources</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"pods"</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">verbs</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"get"</span><span class="p">,</span><span class="w"> </span><span class="s2">"list"</span><span class="p">,</span><span class="w"> </span><span class="s2">"watch"</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">conditions</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">expression</span><span class="p">:</span><span class="w"> </span><span class="s1">'object.metadata.namespace == "production" && object.status.phase == "Running"'</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="2-advanced-network-policies">
2. Advanced Network Policies
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#2-advanced-network-policies" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Advanced Network Policies" href="#2-advanced-network-policies">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Network policy capabilities are significantly enhanced:</p>
<div class="gblog-post__anchorwrap">
<h4 id="protocol-level-filtering">
Protocol-level Filtering
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#protocol-level-filtering" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Protocol-level Filtering" href="#protocol-level-filtering">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Layer 7 Policies</strong>: Application-layer traffic filtering</li>
<li><strong>Advanced Port Management</strong>: Sophisticated port-based rules</li>
<li><strong>Service Mesh Integration</strong>: Better integration with service meshes</li>
<li><strong>Performance Optimization</strong>: Faster policy enforcement</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="3-improved-storage-management">
3. Improved Storage Management
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#3-improved-storage-management" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Improved Storage Management" href="#3-improved-storage-management">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Storage features receive comprehensive updates:</p>
<div class="gblog-post__anchorwrap">
<h4 id="volume-management">
Volume Management
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#volume-management" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Volume Management" href="#volume-management">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Dynamic Provisioning</strong>: Enhanced storage class support</li>
<li><strong>Volume Snapshots</strong>: Improved backup and recovery capabilities</li>
<li><strong>Storage Capacity Tracking</strong>: More accurate resource management</li>
<li><strong>Multi-attach Volumes</strong>: Support for shared storage access</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="alpha-features">
Alpha Features
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#alpha-features" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Alpha Features" href="#alpha-features">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-webassembly-support">
1. WebAssembly Support
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#1-webassembly-support" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. WebAssembly Support" href="#1-webassembly-support">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Early support for WebAssembly workloads continues to evolve:</p>
<div class="gblog-post__anchorwrap">
<h4 id="cross-platform-compatibility">
Cross-platform Compatibility
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#cross-platform-compatibility" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Cross-platform Compatibility" href="#cross-platform-compatibility">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Architecture Independence</strong>: Same code across different platforms</li>
<li><strong>Security Sandboxing</strong>: Isolated execution environment</li>
<li><strong>Performance Optimization</strong>: Near-native performance</li>
<li><strong>Use Case Expansion</strong>: Serverless functions, edge computing</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="2-enhanced-observability">
2. Enhanced Observability
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#2-enhanced-observability" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Enhanced Observability" href="#2-enhanced-observability">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>New observability capabilities:</p>
<div class="gblog-post__anchorwrap">
<h4 id="distributed-tracing">
Distributed Tracing
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#distributed-tracing" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Distributed Tracing" href="#distributed-tracing">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>End-to-end Tracing</strong>: Complete request flow tracking</li>
<li><strong>Performance Analysis</strong>: Detailed performance insights</li>
<li><strong>Debugging Support</strong>: Enhanced troubleshooting capabilities</li>
<li><strong>Integration</strong>: Better integration with existing tools</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="3-edge-computing-support">
3. Edge Computing Support
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#3-edge-computing-support" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Edge Computing Support" href="#3-edge-computing-support">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Edge computing features continue to evolve:</p>
<div class="gblog-post__anchorwrap">
<h4 id="lightweight-components">
Lightweight Components
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#lightweight-components" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Lightweight Components" href="#lightweight-components">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Resource Optimization</strong>: Reduced resource requirements</li>
<li><strong>Offline Operation</strong>: Better support for intermittent connectivity</li>
<li><strong>Local Processing</strong>: Reduced dependency on centralized resources</li>
<li><strong>Multi-cluster Management</strong>: Coordinated edge deployments</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="security-enhancements">
Security Enhancements
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#security-enhancements" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Security Enhancements" href="#security-enhancements">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-enhanced-authentication">
1. Enhanced Authentication
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#1-enhanced-authentication" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Enhanced Authentication" href="#1-enhanced-authentication">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Authentication system improvements:</p>
<div class="gblog-post__anchorwrap">
<h4 id="multi-factor-authentication">
Multi-factor Authentication
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#multi-factor-authentication" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Multi-factor Authentication" href="#multi-factor-authentication">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>MFA Support</strong>: Enhanced authentication security</li>
<li><strong>Certificate Management</strong>: Improved certificate lifecycle</li>
<li><strong>Token Security</strong>: Enhanced service account token security</li>
<li><strong>Identity Federation</strong>: Better integration with external identity providers</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="2-supply-chain-security">
2. Supply Chain Security
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#2-supply-chain-security" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Supply Chain Security" href="#2-supply-chain-security">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Software supply chain security features:</p>
<div class="gblog-post__anchorwrap">
<h4 id="artifact-verification">
Artifact Verification
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#artifact-verification" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Artifact Verification" href="#artifact-verification">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Digital Signatures</strong>: Ensuring artifact integrity</li>
<li><strong>Vulnerability Scanning</strong>: Automated security scanning</li>
<li><strong>Policy Enforcement</strong>: Automated security policy compliance</li>
<li><strong>Audit Trail</strong>: Comprehensive security event logging</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="3-zero-trust-architecture">
3. Zero Trust Architecture
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#3-zero-trust-architecture" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Zero Trust Architecture" href="#3-zero-trust-architecture">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Zero trust principles implementation:</p>
<div class="gblog-post__anchorwrap">
<h4 id="identity-based-access">
Identity-based Access
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#identity-based-access" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Identity-based Access" href="#identity-based-access">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Continuous Verification</strong>: Ongoing authentication and authorization</li>
<li><strong>Least Privilege Access</strong>: Minimal required permissions</li>
<li><strong>Micro-segmentation</strong>: Granular network security policies</li>
<li><strong>Context-aware Security</strong>: Security decisions based on context</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="performance-improvements">
Performance Improvements
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#performance-improvements" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Performance Improvements" href="#performance-improvements">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-etcd-optimizations">
1. etcd Optimizations
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#1-etcd-optimizations" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. etcd Optimizations" href="#1-etcd-optimizations">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>etcd, the backing store, receives optimizations:</p>
<div class="gblog-post__anchorwrap">
<h4 id="storage-efficiency">
Storage Efficiency
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#storage-efficiency" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Storage Efficiency" href="#storage-efficiency">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Compression</strong>: Enhanced data compression</li>
<li><strong>Indexing</strong>: Improved data indexing</li>
<li><strong>Garbage Collection</strong>: Better cleanup of old data</li>
<li><strong>Backup Optimization</strong>: Faster and more reliable backups</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="2-scheduler-performance">
2. Scheduler Performance
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#2-scheduler-performance" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Scheduler Performance" href="#2-scheduler-performance">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Scheduler performance improvements:</p>
<div class="gblog-post__anchorwrap">
<h4 id="algorithm-optimization">
Algorithm Optimization
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#algorithm-optimization" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Algorithm Optimization" href="#algorithm-optimization">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Faster Algorithms</strong>: Improved scheduling algorithms</li>
<li><strong>Parallel Processing</strong>: Better utilization of multiple cores</li>
<li><strong>Memory Efficiency</strong>: Reduced memory footprint</li>
<li><strong>Scalability</strong>: Better performance at scale</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="3-controller-performance">
3. Controller Performance
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#3-controller-performance" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Controller Performance" href="#3-controller-performance">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Controller performance improvements:</p>
<div class="gblog-post__anchorwrap">
<h4 id="reconciliation-optimization">
Reconciliation Optimization
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#reconciliation-optimization" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Reconciliation Optimization" href="#reconciliation-optimization">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Faster Reconciliation</strong>: Improved reconciliation algorithms</li>
<li><strong>Parallel Processing</strong>: Better utilization of multiple cores</li>
<li><strong>Memory Efficiency</strong>: Reduced memory footprint</li>
<li><strong>Scalability</strong>: Better performance at scale</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="new-capabilities">
New Capabilities
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#new-capabilities" class="gblog-post__anchor clip flex align-center" aria-label="Anchor New Capabilities" href="#new-capabilities">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-aiml-workload-support">
1. AI/ML Workload Support
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#1-aiml-workload-support" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. AI/ML Workload Support" href="#1-aiml-workload-support">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Enhanced support for artificial intelligence and machine learning workloads:</p>
<div class="gblog-post__anchorwrap">
<h4 id="gpu-management">
GPU Management
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#gpu-management" class="gblog-post__anchor clip flex align-center" aria-label="Anchor GPU Management" href="#gpu-management">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Multi-GPU Support</strong>: Better management of multiple GPUs</li>
<li><strong>GPU Sharing</strong>: Multiple pods can share GPU resources</li>
<li><strong>GPU Scheduling</strong>: Enhanced GPU-aware scheduling</li>
<li><strong>GPU Monitoring</strong>: Better monitoring of GPU utilization</li>
</ul>
<div class="gblog-post__anchorwrap">
<h4 id="model-serving">
Model Serving
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#model-serving" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Model Serving" href="#model-serving">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Model Deployment</strong>: Simplified model deployment</li>
<li><strong>Auto-scaling</strong>: Automatic scaling based on demand</li>
<li><strong>Version Management</strong>: Better model version management</li>
<li><strong>A/B Testing</strong>: Support for model A/B testing</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="2-quantum-computing-preparation">
2. Quantum Computing Preparation
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#2-quantum-computing-preparation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Quantum Computing Preparation" href="#2-quantum-computing-preparation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Early preparation for quantum computing:</p>
<div class="gblog-post__anchorwrap">
<h4 id="quantum-ready-infrastructure">
Quantum-ready Infrastructure
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#quantum-ready-infrastructure" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Quantum-ready Infrastructure" href="#quantum-ready-infrastructure">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Quantum Algorithm Support</strong>: Infrastructure for quantum algorithms</li>
<li><strong>Hybrid Classical-Quantum</strong>: Support for hybrid computing</li>
<li><strong>Quantum Security</strong>: Preparation for quantum-resistant cryptography</li>
<li><strong>Resource Management</strong>: Management of quantum computing resources</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="3-sustainability-features">
3. Sustainability Features
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#3-sustainability-features" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Sustainability Features" href="#3-sustainability-features">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Environmental impact considerations:</p>
<div class="gblog-post__anchorwrap">
<h4 id="green-computing">
Green Computing
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#green-computing" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Green Computing" href="#green-computing">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Energy-efficient Scheduling</strong>: Optimizing for energy consumption</li>
<li><strong>Carbon-aware Computing</strong>: Considering environmental impact</li>
<li><strong>Resource Optimization</strong>: Better resource utilization</li>
<li><strong>Sustainable Practices</strong>: Promoting sustainable computing practices</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="deprecations-and-removals">
Deprecations and Removals
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#deprecations-and-removals" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Deprecations and Removals" href="#deprecations-and-removals">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="deprecated-features">
Deprecated Features
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#deprecated-features" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Deprecated Features" href="#deprecated-features">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Several features are deprecated in v1.33:</p>
<ul>
<li><strong>Legacy API Versions</strong>: Older API versions being phased out</li>
<li><strong>Deprecated Flags</strong>: Command-line flags no longer recommended</li>
<li><strong>Obsolete Configurations</strong>: Configuration options with better alternatives</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="removed-features">
Removed Features
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#removed-features" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Removed Features" href="#removed-features">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Features removed in this release:</p>
<ul>
<li><strong>Unused Components</strong>: Components no longer maintained</li>
<li><strong>Deprecated APIs</strong>: APIs deprecated for multiple releases</li>
<li><strong>Legacy Tools</strong>: Tools replaced by newer alternatives</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="upgrade-considerations">
Upgrade Considerations
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#upgrade-considerations" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Upgrade Considerations" href="#upgrade-considerations">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="pre-upgrade-preparation">
Pre-upgrade Preparation
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#pre-upgrade-preparation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Pre-upgrade Preparation" href="#pre-upgrade-preparation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Before upgrading to v1.33:</p>
<ul>
<li><input disabled="" type="checkbox"> Review deprecation notices</li>
<li><input disabled="" type="checkbox"> Test applications in staging environment</li>
<li><input disabled="" type="checkbox"> Update client tools (kubectl, etc.)</li>
<li><input disabled="" type="checkbox"> Backup cluster configurations</li>
<li><input disabled="" type="checkbox"> Verify third-party tool compatibility</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="upgrade-process">
Upgrade Process
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#upgrade-process" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Upgrade Process" href="#upgrade-process">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Recommended upgrade steps:</p>
<ol>
<li><strong>Backup</strong>: Create comprehensive backups</li>
<li><strong>Test</strong>: Upgrade staging environment first</li>
<li><strong>Plan</strong>: Schedule production upgrade during maintenance window</li>
<li><strong>Execute</strong>: Perform rolling upgrade</li>
<li><strong>Validate</strong>: Verify all applications and services</li>
<li><strong>Monitor</strong>: Watch for any issues post-upgrade</li>
</ol>
<div class="gblog-post__anchorwrap">
<h3 id="rollback-strategy">
Rollback Strategy
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#rollback-strategy" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Rollback Strategy" href="#rollback-strategy">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>In case of issues:</p>
<ul>
<li><strong>Immediate Rollback</strong>: Have previous version ready</li>
<li><strong>Data Recovery</strong>: Ensure backup restoration procedures</li>
<li><strong>Communication Plan</strong>: Notify stakeholders of any issues</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="community-impact">
Community Impact
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#community-impact" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Community Impact" href="#community-impact">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="contributor-recognition">
Contributor Recognition
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#contributor-recognition" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Contributor Recognition" href="#contributor-recognition">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The v1.33 release highlights:</p>
<ul>
<li><strong>Global Collaboration</strong>: Contributors from around the world</li>
<li><strong>Organizational Diversity</strong>: Companies of all sizes contributing</li>
<li><strong>Skill Development</strong>: Opportunities for learning and growth</li>
<li><strong>Community Building</strong>: Strengthening the Kubernetes ecosystem</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="ecosystem-updates">
Ecosystem Updates
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#ecosystem-updates" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Ecosystem Updates" href="#ecosystem-updates">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The broader ecosystem responds:</p>
<ul>
<li><strong>Cloud Providers</strong>: Update managed Kubernetes services</li>
<li><strong>Tools and Platforms</strong>: Update compatibility matrices</li>
<li><strong>Documentation</strong>: Comprehensive documentation updates</li>
<li><strong>Training Materials</strong>: Updated certification programs</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="looking-forward">
Looking Forward
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#looking-forward" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Looking Forward" href="#looking-forward">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="v134-preview">
v1.34 Preview
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#v134-preview" class="gblog-post__anchor clip flex align-center" aria-label="Anchor v1.34 Preview" href="#v134-preview">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The community is already working on v1.34, which will include:</p>
<ul>
<li><strong>Continued Performance Improvements</strong>: Further optimizations</li>
<li><strong>New Alpha Features</strong>: Experimental capabilities</li>
<li><strong>Enhanced Security</strong>: Additional security features</li>
<li><strong>Better Usability</strong>: Improved developer and operator experience</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="long-term-roadmap">
Long-term Roadmap
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#long-term-roadmap" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Long-term Roadmap" href="#long-term-roadmap">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Future releases will focus on:</p>
<ul>
<li><strong>Simplification</strong>: Making Kubernetes easier to use</li>
<li><strong>Edge Computing</strong>: Better support for edge environments</li>
<li><strong>AI/ML Workloads</strong>: Enhanced support for machine learning</li>
<li><strong>Sustainability</strong>: Reducing resource consumption</li>
<li><strong>Quantum Computing</strong>: Preparation for quantum computing era</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="conclusion">
Conclusion
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-33-release/#conclusion" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Conclusion" href="#conclusion">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>The release of Kubernetes v1.33 “Octarine” represents another significant step forward in the platform’s evolution. With 46 enhancements, improved security, enhanced performance, and new capabilities for emerging workloads, this release continues Kubernetes’ tradition of innovation and stability.</p>
<p>Key highlights include:</p>
<ul>
<li><strong>Enhanced Security</strong>: Advanced security context and zero trust architecture</li>
<li><strong>Performance Improvements</strong>: Better API server, scheduler, and controller performance</li>
<li><strong>AI/ML Support</strong>: Enhanced support for artificial intelligence and machine learning workloads</li>
<li><strong>Sustainability Focus</strong>: Environmental considerations in computing</li>
<li><strong>Community Collaboration</strong>: Global effort involving thousands of contributors</li>
</ul>
<p>The community’s commitment to backward compatibility, comprehensive testing, and user feedback ensures that upgrades are smooth and reliable. As organizations plan their upgrades to v1.33, they can be confident in the platform’s maturity and the community’s support.</p>
<p>The success of this release demonstrates the power of open-source collaboration and the strength of the Kubernetes ecosystem. With continued innovation and community support, Kubernetes remains the foundation of modern cloud-native computing, now extending into emerging areas like AI/ML and quantum computing preparation.</p>
<hr>
<p><em>For more information about Kubernetes v1.33, visit the <a
class="gblog-markdown__link"
href="https://kubernetes.io/blog/2025/04/23/kubernetes-v1-33-release/"
>official release blog post</a> and the <a
class="gblog-markdown__link"
href="https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html"
>AWS EKS documentation</a>.</em></p>Top 10 Kubernetes CLI Tools Every DevOps Engineer Should Knowhttps://k8s-ops.net/posts/top-10-kubernetes-cli-tools/2025-04-10T00:00:00+00:002025-07-04T14:46:07-04:00
<p>As Kubernetes continues to dominate the container orchestration landscape, DevOps engineers need powerful command-line tools to efficiently manage production workloads. While <code>kubectl</code> remains the foundation, the ecosystem has evolved with specialized tools that enhance productivity, provide better visibility, and streamline troubleshooting. Here are the top 10 Kubernetes CLI tools that every DevOps engineer should have in their toolkit.</p>
<div class="gblog-post__anchorwrap">
<h2 id="1-kubectl---the-foundation">
1. kubectl - The Foundation
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-cli-tools/#1-kubectl---the-foundation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. kubectl - The Foundation" href="#1-kubectl---the-foundation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>The official Kubernetes CLI</strong> - Required for interacting with cluster resources.</p>
<p><code>kubectl</code> is the essential starting point for any Kubernetes interaction. It provides the core functionality for managing resources, viewing logs, executing commands in pods, and more. While powerful, it can be verbose and complex for daily operations.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Resource management (create, update, delete)</li>
<li>Log viewing and debugging</li>
<li>Port forwarding and proxy access</li>
<li>Resource inspection and validation</li>
</ul>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/reference/kubectl/overview/"
>Learn more about kubectl</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="2-k9s---terminal-ui-for-real-time-cluster-management">
2. k9s - Terminal UI for Real-time Cluster Management
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-cli-tools/#2-k9s---terminal-ui-for-real-time-cluster-management" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. k9s - Terminal UI for Real-time Cluster Management" href="#2-k9s---terminal-ui-for-real-time-cluster-management">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Terminal UI to interact with your cluster in real-time. Lightweight and intuitive.</strong></p>
<p>k9s transforms the terminal into an interactive dashboard, providing real-time views of pods, services, deployments, and other resources. It’s perfect for monitoring cluster health and quickly identifying issues.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Real-time resource monitoring</li>
<li>Interactive pod log viewing</li>
<li>Resource scaling and management</li>
<li>Custom views and filters</li>
<li>Keyboard shortcuts for efficiency</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># macOS</span>
</span></span><span class="line"><span class="cl">brew install k9s
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Linux</span>
</span></span><span class="line"><span class="cl">wget https://github.com/derailed/k9s/releases/latest/download/k9s_Linux_amd64.tar.gz
</span></span><span class="line"><span class="cl">tar -xzf k9s_Linux_amd64.tar.gz
</span></span><span class="line"><span class="cl">sudo mv k9s /usr/local/bin/
</span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://github.com/derailed/k9s"
>Get k9s on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="3-kubectx--kubens---context-and-namespace-management">
3. kubectx + kubens - Context and Namespace Management
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-cli-tools/#3-kubectx--kubens---context-and-namespace-management" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. kubectx + kubens - Context and Namespace Management" href="#3-kubectx--kubens---context-and-namespace-management">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Switch contexts and namespaces quickly from the CLI.</strong></p>
<p>Managing multiple clusters and namespaces can be cumbersome with standard kubectl commands. kubectx and kubens provide simple, fast switching between Kubernetes contexts and namespaces.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Quick context switching</li>
<li>Namespace switching</li>
<li>Tab completion support</li>
<li>Interactive selection mode</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># macOS</span>
</span></span><span class="line"><span class="cl">brew install kubectx
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Linux</span>
</span></span><span class="line"><span class="cl">sudo git clone https://github.com/ahmetb/kubectx /opt/kubectx
</span></span><span class="line"><span class="cl">sudo ln -s /opt/kubectx/kubectx /usr/local/bin/kubectx
</span></span><span class="line"><span class="cl">sudo ln -s /opt/kubectx/kubens /usr/local/bin/kubens
</span></span></code></pre></div><p><strong>Usage:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Switch contexts</span>
</span></span><span class="line"><span class="cl">kubectx minikube
</span></span><span class="line"><span class="cl">kubectx production-cluster
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Switch namespaces</span>
</span></span><span class="line"><span class="cl">kubens default
</span></span><span class="line"><span class="cl">kubens monitoring
</span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://github.com/ahmetb/kubectx"
>Get kubectx on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="4-kube-ps1---shell-prompt-enhancement">
4. kube-ps1 - Shell Prompt Enhancement
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-cli-tools/#4-kube-ps1---shell-prompt-enhancement" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 4. kube-ps1 - Shell Prompt Enhancement" href="#4-kube-ps1---shell-prompt-enhancement">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Adds current context and namespace info to your shell prompt.</strong></p>
<p>Never lose track of which cluster and namespace you’re working in. kube-ps1 enhances your shell prompt to display the current Kubernetes context and namespace, preventing costly mistakes.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Context and namespace display</li>
<li>Customizable prompt format</li>
<li>Color coding for different environments</li>
<li>Easy enable/disable toggle</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Add to your shell profile (.bashrc, .zshrc, etc.)</span>
</span></span><span class="line"><span class="cl"><span class="nb">source</span> <<span class="o">(</span>kubectl completion bash<span class="o">)</span>
</span></span><span class="line"><span class="cl"><span class="nb">source</span> ~/.kube-ps1.sh
</span></span><span class="line"><span class="cl"><span class="nv">PS1</span><span class="o">=</span><span class="s1">'[\u@\h \W $(kube_ps1)]\$ '</span>
</span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://github.com/jonmosco/kube-ps1"
>Get kube-ps1 on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="5-stern---multi-pod-log-tailing">
5. stern - Multi-pod Log Tailing
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-cli-tools/#5-stern---multi-pod-log-tailing" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 5. stern - Multi-pod Log Tailing" href="#5-stern---multi-pod-log-tailing">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Multi-pod log tailing with filters and coloring — ideal for debugging live systems.</strong></p>
<p>When debugging distributed applications, you need to monitor logs from multiple pods simultaneously. stern makes this easy with intelligent filtering and color-coded output.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Multi-pod log streaming</li>
<li>Regex-based pod selection</li>
<li>Color-coded output by pod</li>
<li>Real-time filtering</li>
<li>Support for multiple containers</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># macOS</span>
</span></span><span class="line"><span class="cl">brew install stern
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Linux</span>
</span></span><span class="line"><span class="cl">wget https://github.com/stern/stern/releases/latest/download/stern_linux_amd64.tar.gz
</span></span><span class="line"><span class="cl">tar -xzf stern_linux_amd64.tar.gz
</span></span><span class="line"><span class="cl">sudo mv stern /usr/local/bin/
</span></span></code></pre></div><p><strong>Usage:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Follow logs from all pods with "api" in the name</span>
</span></span><span class="line"><span class="cl">stern api
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Follow logs with specific label</span>
</span></span><span class="line"><span class="cl">stern -l <span class="nv">app</span><span class="o">=</span>frontend
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Follow logs from specific namespace</span>
</span></span><span class="line"><span class="cl">stern -n production api
</span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://github.com/stern/stern"
>Get stern on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="6-kubectl-neat---clean-output-formatting">
6. kubectl-neat - Clean Output Formatting
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-cli-tools/#6-kubectl-neat---clean-output-formatting" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 6. kubectl-neat - Clean Output Formatting" href="#6-kubectl-neat---clean-output-formatting">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Clean up verbose <code>kubectl</code> output for human-readable inspection.</strong></p>
<p>kubectl output can be overwhelming with default fields and metadata. kubectl-neat removes unnecessary fields and formats output for better readability.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Removes default fields and metadata</li>
<li>Preserves important information</li>
<li>YAML and JSON output support</li>
<li>Customizable field filtering</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Using krew</span>
</span></span><span class="line"><span class="cl">kubectl krew install neat
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Manual installation</span>
</span></span><span class="line"><span class="cl">wget https://github.com/itaysk/kubectl-neat/releases/latest/download/kubectl-neat_linux_amd64.tar.gz
</span></span><span class="line"><span class="cl">tar -xzf kubectl-neat_linux_amd64.tar.gz
</span></span><span class="line"><span class="cl">sudo mv kubectl-neat /usr/local/bin/
</span></span></code></pre></div><p><strong>Usage:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Clean up pod output</span>
</span></span><span class="line"><span class="cl">kubectl get pod my-pod -o yaml <span class="p">|</span> kubectl neat
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Clean up deployment output</span>
</span></span><span class="line"><span class="cl">kubectl get deployment my-deployment -o yaml <span class="p">|</span> kubectl neat
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Clean up service output</span>
</span></span><span class="line"><span class="cl">kubectl get service my-service -o yaml <span class="p">|</span> kubectl neat
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Clean up configmap output</span>
</span></span><span class="line"><span class="cl">kubectl get configmap my-config -o yaml <span class="p">|</span> kubectl neat
</span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://github.com/itaysk/kubectl-neat"
>Get kubectl-neat on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="7-popeye---cluster-sanitizer">
7. popeye - Cluster Sanitizer
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-cli-tools/#7-popeye---cluster-sanitizer" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 7. popeye - Cluster Sanitizer" href="#7-popeye---cluster-sanitizer">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Cluster sanitizer that scans for misconfigurations and hygiene issues.</strong></p>
<p>popeye performs comprehensive cluster scans to identify potential issues, misconfigurations, and best practice violations. It’s essential for maintaining cluster health and security.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Comprehensive cluster scanning</li>
<li>Security best practice checks</li>
<li>Resource utilization analysis</li>
<li>Detailed reporting with scores</li>
<li>Custom rule configuration</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># macOS</span>
</span></span><span class="line"><span class="cl">brew install popeye
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Linux</span>
</span></span><span class="line"><span class="cl">wget https://github.com/derailed/popeye/releases/latest/download/popeye_Linux_amd64.tar.gz
</span></span><span class="line"><span class="cl">tar -xzf popeye_Linux_amd64.tar.gz
</span></span><span class="line"><span class="cl">sudo mv popeye /usr/local/bin/
</span></span></code></pre></div><p><strong>Usage:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Scan entire cluster</span>
</span></span><span class="line"><span class="cl">popeye
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Scan specific namespace</span>
</span></span><span class="line"><span class="cl">popeye -n production
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Generate HTML report</span>
</span></span><span class="line"><span class="cl">popeye --out html --output-file report.html
</span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://github.com/derailed/popeye"
>Get popeye on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="8-kubectl-tree---resource-hierarchy-visualization">
8. kubectl-tree - Resource Hierarchy Visualization
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-cli-tools/#8-kubectl-tree---resource-hierarchy-visualization" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 8. kubectl-tree - Resource Hierarchy Visualization" href="#8-kubectl-tree---resource-hierarchy-visualization">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>View hierarchical ownership relationships between Kubernetes resources.</strong></p>
<p>Understanding resource relationships in Kubernetes can be complex. kubectl-tree visualizes the ownership hierarchy, making it easier to understand dependencies and troubleshoot issues.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Hierarchical resource display</li>
<li>Owner reference tracking</li>
<li>Custom resource support</li>
<li>Multiple output formats</li>
<li>Dependency visualization</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Using krew</span>
</span></span><span class="line"><span class="cl">kubectl krew install tree
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Manual installation</span>
</span></span><span class="line"><span class="cl">wget https://github.com/ahmetb/kubectl-tree/releases/latest/download/kubectl-tree_linux_amd64.tar.gz
</span></span><span class="line"><span class="cl">tar -xzf kubectl-tree_linux_amd64.tar.gz
</span></span><span class="line"><span class="cl">sudo mv kubectl-tree /usr/local/bin/
</span></span></code></pre></div><p><strong>Usage:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Show pod ownership tree</span>
</span></span><span class="line"><span class="cl">kubectl tree pod my-pod
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Show deployment tree</span>
</span></span><span class="line"><span class="cl">kubectl tree deployment my-deployment
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Show all resources in namespace</span>
</span></span><span class="line"><span class="cl">kubectl tree all -n production
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Show tree with custom format</span>
</span></span><span class="line"><span class="cl">kubectl tree pod my-pod --graphviz
</span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://github.com/ahmetb/kubectl-tree"
>Get kubectl-tree on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="9-kubectl-cost---resource-cost-estimation">
9. kubectl-cost - Resource Cost Estimation
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-cli-tools/#9-kubectl-cost---resource-cost-estimation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 9. kubectl-cost - Resource Cost Estimation" href="#9-kubectl-cost---resource-cost-estimation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Estimate resource cost by namespace or pod using OpenCost metrics.</strong></p>
<p>Understanding the cost implications of your Kubernetes workloads is crucial for budget management. kubectl-cost provides cost estimates based on resource usage and pricing data.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Cost estimation by namespace/pod</li>
<li>Historical cost analysis</li>
<li>Resource allocation insights</li>
<li>Integration with OpenCost</li>
<li>Custom pricing configuration</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Using krew</span>
</span></span><span class="line"><span class="cl">kubectl krew install cost
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Manual installation</span>
</span></span><span class="line"><span class="cl">wget https://github.com/kubecost/kubectl-cost/releases/latest/download/kubectl-cost_linux_amd64.tar.gz
</span></span><span class="line"><span class="cl">tar -xzf kubectl-cost_linux_amd64.tar.gz
</span></span><span class="line"><span class="cl">sudo mv kubectl-cost /usr/local/bin/
</span></span></code></pre></div><p><strong>Usage:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Show costs by namespace</span>
</span></span><span class="line"><span class="cl">kubectl cost namespace
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Show costs by pod</span>
</span></span><span class="line"><span class="cl">kubectl cost pod
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Show historical costs</span>
</span></span><span class="line"><span class="cl">kubectl cost namespace --historical
</span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://github.com/kubecost/kubectl-cost"
>Get kubectl-cost on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="10-kubeapply---smart-kubectl-apply-wrapper">
10. kubeapply - Smart kubectl Apply Wrapper
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-cli-tools/#10-kubeapply---smart-kubectl-apply-wrapper" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 10. kubeapply - Smart kubectl Apply Wrapper" href="#10-kubeapply---smart-kubectl-apply-wrapper">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Smart wrapper around <code>kubectl apply</code> with templating, config reuse, and dry-run.</strong></p>
<p>kubeapply enhances the standard <code>kubectl apply</code> command with advanced features like templating, configuration reuse, and improved dry-run capabilities.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Template rendering</li>
<li>Configuration inheritance</li>
<li>Enhanced dry-run mode</li>
<li>Environment-specific configs</li>
<li>Validation and linting</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Using Go</span>
</span></span><span class="line"><span class="cl">go install github.com/creasty/kubeapply@latest
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Manual installation</span>
</span></span><span class="line"><span class="cl">wget https://github.com/creasty/kubeapply/releases/latest/download/kubeapply_linux_amd64.tar.gz
</span></span><span class="line"><span class="cl">tar -xzf kubeapply_linux_amd64.tar.gz
</span></span><span class="line"><span class="cl">sudo mv kubeapply /usr/local/bin/
</span></span></code></pre></div><p><strong>Usage:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Apply with templating</span>
</span></span><span class="line"><span class="cl">kubeapply -f manifests/ -e production
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Dry run with validation</span>
</span></span><span class="line"><span class="cl">kubeapply -f manifests/ --dry-run --validate
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Apply with specific config</span>
</span></span><span class="line"><span class="cl">kubeapply -f manifests/ -c config.yaml
</span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://github.com/creasty/kubeapply"
>Get kubeapply on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="getting-started-with-krew">
Getting Started with krew
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-cli-tools/#getting-started-with-krew" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Getting Started with krew" href="#getting-started-with-krew">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>Many of these tools can be installed using krew, the kubectl plugin manager:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Install krew</span>
</span></span><span class="line"><span class="cl"><span class="o">(</span>
</span></span><span class="line"><span class="cl"> <span class="nb">set</span> -x<span class="p">;</span> <span class="nb">cd</span> <span class="s2">"</span><span class="k">$(</span>mktemp -d<span class="k">)</span><span class="s2">"</span> <span class="o">&&</span>
</span></span><span class="line"><span class="cl"> <span class="nv">OS</span><span class="o">=</span><span class="s2">"</span><span class="k">$(</span>uname <span class="p">|</span> tr <span class="s1">'[:upper:]'</span> <span class="s1">'[:lower:]'</span><span class="k">)</span><span class="s2">"</span> <span class="o">&&</span>
</span></span><span class="line"><span class="cl"> <span class="nv">ARCH</span><span class="o">=</span><span class="s2">"</span><span class="k">$(</span>uname -m <span class="p">|</span> sed -e <span class="s1">'s/x86_64/amd64/'</span> -e <span class="s1">'s/\(arm\)\(64\)\?.*/\1\2/'</span> -e <span class="s1">'s/aarch64$/arm64/'</span><span class="k">)</span><span class="s2">"</span> <span class="o">&&</span>
</span></span><span class="line"><span class="cl"> <span class="nv">KREW</span><span class="o">=</span><span class="s2">"krew-</span><span class="si">${</span><span class="nv">OS</span><span class="si">}</span><span class="s2">_</span><span class="si">${</span><span class="nv">ARCH</span><span class="si">}</span><span class="s2">"</span> <span class="o">&&</span>
</span></span><span class="line"><span class="cl"> curl -fsSLO <span class="s2">"https://github.com/kubernetes-sigs/krew/releases/latest/download/</span><span class="si">${</span><span class="nv">KREW</span><span class="si">}</span><span class="s2">.tar.gz"</span> <span class="o">&&</span>
</span></span><span class="line"><span class="cl"> tar zxvf <span class="s2">"</span><span class="si">${</span><span class="nv">KREW</span><span class="si">}</span><span class="s2">.tar.gz"</span> <span class="o">&&</span>
</span></span><span class="line"><span class="cl"> ./<span class="s2">"</span><span class="si">${</span><span class="nv">KREW</span><span class="si">}</span><span class="s2">"</span> install krew
</span></span><span class="line"><span class="cl"><span class="o">)</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Add krew to PATH</span>
</span></span><span class="line"><span class="cl"><span class="nb">export</span> <span class="nv">PATH</span><span class="o">=</span><span class="s2">"</span><span class="si">${</span><span class="nv">KREW_ROOT</span><span class="k">:-</span><span class="nv">$HOME</span><span class="p">/.krew</span><span class="si">}</span><span class="s2">/bin:</span><span class="nv">$PATH</span><span class="s2">"</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Install plugins</span>
</span></span><span class="line"><span class="cl">kubectl krew install neat
</span></span><span class="line"><span class="cl">kubectl krew install tree
</span></span><span class="line"><span class="cl">kubectl krew install cost
</span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://krew.sigs.k8s.io/"
>Learn more about krew</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="best-practices-for-cli-tool-usage">
Best Practices for CLI Tool Usage
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-cli-tools/#best-practices-for-cli-tool-usage" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Best Practices for CLI Tool Usage" href="#best-practices-for-cli-tool-usage">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-environment-separation">
1. Environment Separation
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-cli-tools/#1-environment-separation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Environment Separation" href="#1-environment-separation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Use different contexts and namespaces to separate development, staging, and production environments.</p>
<div class="gblog-post__anchorwrap">
<h3 id="2-automation-integration">
2. Automation Integration
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-cli-tools/#2-automation-integration" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Automation Integration" href="#2-automation-integration">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Integrate these tools into your CI/CD pipelines for automated health checks and cost monitoring.</p>
<div class="gblog-post__anchorwrap">
<h3 id="3-team-standardization">
3. Team Standardization
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-cli-tools/#3-team-standardization" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Team Standardization" href="#3-team-standardization">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Establish team standards for which tools to use and how to configure them consistently.</p>
<div class="gblog-post__anchorwrap">
<h3 id="4-security-considerations">
4. Security Considerations
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-cli-tools/#4-security-considerations" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 4. Security Considerations" href="#4-security-considerations">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Ensure tools with elevated permissions are used carefully and audited regularly.</p>
<div class="gblog-post__anchorwrap">
<h3 id="5-regular-updates">
5. Regular Updates
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-cli-tools/#5-regular-updates" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 5. Regular Updates" href="#5-regular-updates">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Keep tools updated to benefit from new features and security patches.</p>
<div class="gblog-post__anchorwrap">
<h2 id="conclusion">
Conclusion
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-cli-tools/#conclusion" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Conclusion" href="#conclusion">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>These CLI tools significantly enhance kubectl’s functionality, transforming it from a basic CLI tool into a powerful, extensible platform for Kubernetes management. The plugins outlined above provide essential capabilities for context management, resource analysis, security auditing, and productivity enhancement.</p>
<p>Start with the core plugins (ctx, ns, neat) and gradually expand your toolkit based on your specific needs and workflows. Remember that the best tool is the one that fits your workflow and helps you solve real problems efficiently.</p>
<p>For teams managing multiple clusters or complex environments, consider creating standardized plugin configurations and documentation to ensure consistency across your organization. The Krew ecosystem continues to grow, so stay updated with new plugins that might benefit your workflow.</p>
<p>For more information about Kubernetes CLI tools and best practices, visit the <a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/tasks/tools/"
>official Kubernetes documentation</a>.</p>Top 10 Kubernetes Monitoring & Observability Toolshttps://k8s-ops.net/posts/top-10-kubernetes-monitoring-tools/2025-02-15T00:00:00+00:002025-07-04T14:46:07-04:00
<p>Effective monitoring and observability are critical for running Kubernetes clusters in production. The cloud-native ecosystem offers a rich set of tools for collecting metrics, visualizing data, and gaining insights into cluster and application performance. Here are the top 10 monitoring and observability tools that every Kubernetes operator should know.</p>
<div class="gblog-post__anchorwrap">
<h2 id="1-prometheus---the-metrics-foundation">
1. Prometheus - The Metrics Foundation
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-monitoring-tools/#1-prometheus---the-metrics-foundation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Prometheus - The Metrics Foundation" href="#1-prometheus---the-metrics-foundation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>The de facto standard for collecting metrics in Kubernetes clusters.</strong></p>
<p>Prometheus is the cornerstone of Kubernetes monitoring, providing a powerful time-series database and query language for collecting and analyzing metrics. Its pull-based architecture and service discovery make it ideal for dynamic container environments.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Time-series data collection</li>
<li>Powerful query language (PromQL)</li>
<li>Service discovery integration</li>
<li>Alerting capabilities</li>
<li>High availability support</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Using Helm</span>
</span></span><span class="line"><span class="cl">helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
</span></span><span class="line"><span class="cl">helm install prometheus prometheus-community/kube-prometheus-stack
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Using kubectl</span>
</span></span><span class="line"><span class="cl">kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/setup/
</span></span><span class="line"><span class="cl">kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/
</span></span></code></pre></div><p><strong>Configuration Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ConfigMap</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">prometheus-config</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">data</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">prometheus.yml</span><span class="p">:</span><span class="w"> </span><span class="p">|</span><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> global:
</span></span></span><span class="line"><span class="cl"><span class="sd"> scrape_interval: 15s
</span></span></span><span class="line"><span class="cl"><span class="sd"> scrape_configs:
</span></span></span><span class="line"><span class="cl"><span class="sd"> - job_name: 'kubernetes-pods'
</span></span></span><span class="line"><span class="cl"><span class="sd"> kubernetes_sd_configs:
</span></span></span><span class="line"><span class="cl"><span class="sd"> - role: pod</span><span class="w">
</span></span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://prometheus.io/"
>Learn more about Prometheus</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="2-grafana---visualization-and-dashboards">
2. Grafana - Visualization and Dashboards
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-monitoring-tools/#2-grafana---visualization-and-dashboards" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Grafana - Visualization and Dashboards" href="#2-grafana---visualization-and-dashboards">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Visualization layer commonly paired with Prometheus and Loki.</strong></p>
<p>Grafana transforms raw metrics data into actionable insights through beautiful dashboards and visualizations. It supports multiple data sources and provides powerful querying capabilities.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Rich dashboard creation</li>
<li>Multiple data source support</li>
<li>Alerting and notifications</li>
<li>User management and permissions</li>
<li>Plugin ecosystem</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Using Helm</span>
</span></span><span class="line"><span class="cl">helm repo add grafana https://grafana.github.io/helm-charts
</span></span><span class="line"><span class="cl">helm install grafana grafana/grafana
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Using kubectl</span>
</span></span><span class="line"><span class="cl">kubectl apply -f https://raw.githubusercontent.com/grafana/helm-charts/main/charts/grafana/templates/deployment.yaml
</span></span></code></pre></div><p><strong>Dashboard Configuration:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ConfigMap</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">grafana-dashboards</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">data</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kubernetes-cluster.json</span><span class="p">:</span><span class="w"> </span><span class="p">|</span><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> {
</span></span></span><span class="line"><span class="cl"><span class="sd"> "dashboard": {
</span></span></span><span class="line"><span class="cl"><span class="sd"> "title": "Kubernetes Cluster",
</span></span></span><span class="line"><span class="cl"><span class="sd"> "panels": [
</span></span></span><span class="line"><span class="cl"><span class="sd"> {
</span></span></span><span class="line"><span class="cl"><span class="sd"> "title": "CPU Usage",
</span></span></span><span class="line"><span class="cl"><span class="sd"> "type": "graph",
</span></span></span><span class="line"><span class="cl"><span class="sd"> "targets": [
</span></span></span><span class="line"><span class="cl"><span class="sd"> {
</span></span></span><span class="line"><span class="cl"><span class="sd"> "expr": "sum(rate(container_cpu_usage_seconds_total{container!=\"\"}[5m]))"
</span></span></span><span class="line"><span class="cl"><span class="sd"> }
</span></span></span><span class="line"><span class="cl"><span class="sd"> ]
</span></span></span><span class="line"><span class="cl"><span class="sd"> }
</span></span></span><span class="line"><span class="cl"><span class="sd"> ]
</span></span></span><span class="line"><span class="cl"><span class="sd"> }
</span></span></span><span class="line"><span class="cl"><span class="sd"> }</span><span class="w">
</span></span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://grafana.com/"
>Explore Grafana</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="3-loki---log-aggregation-system">
3. Loki - Log Aggregation System
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-monitoring-tools/#3-loki---log-aggregation-system" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Loki - Log Aggregation System" href="#3-loki---log-aggregation-system">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>A log aggregation system by Grafana Labs, designed to integrate with Prometheus.</strong></p>
<p>Loki provides efficient log aggregation and querying capabilities, designed to work seamlessly with Prometheus and Grafana. It’s optimized for Kubernetes environments and provides cost-effective log storage.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Efficient log storage</li>
<li>PromQL-like query language (LogQL)</li>
<li>Kubernetes-native design</li>
<li>Cost-effective scaling</li>
<li>Integration with Grafana</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Using Helm</span>
</span></span><span class="line"><span class="cl">helm repo add grafana https://grafana.github.io/helm-charts
</span></span><span class="line"><span class="cl">helm install loki grafana/loki
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Using kubectl</span>
</span></span><span class="line"><span class="cl">kubectl apply -f https://raw.githubusercontent.com/grafana/loki/main/production/helm/loki/templates/
</span></span></code></pre></div><p><strong>Configuration Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ConfigMap</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">loki-config</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">data</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">loki.yaml</span><span class="p">:</span><span class="w"> </span><span class="p">|</span><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> auth_enabled: false
</span></span></span><span class="line"><span class="cl"><span class="sd"> server:
</span></span></span><span class="line"><span class="cl"><span class="sd"> http_listen_port: 3100
</span></span></span><span class="line"><span class="cl"><span class="sd"> ingester:
</span></span></span><span class="line"><span class="cl"><span class="sd"> lifecycler:
</span></span></span><span class="line"><span class="cl"><span class="sd"> address: 127.0.0.1
</span></span></span><span class="line"><span class="cl"><span class="sd"> ring:
</span></span></span><span class="line"><span class="cl"><span class="sd"> kvstore:
</span></span></span><span class="line"><span class="cl"><span class="sd"> store: inmemory
</span></span></span><span class="line"><span class="cl"><span class="sd"> replication_factor: 1
</span></span></span><span class="line"><span class="cl"><span class="sd"> final_sleep: 0s
</span></span></span><span class="line"><span class="cl"><span class="sd"> chunk_idle_period: 5m
</span></span></span><span class="line"><span class="cl"><span class="sd"> chunk_retain_period: 30s
</span></span></span><span class="line"><span class="cl"><span class="sd"> schema_config:
</span></span></span><span class="line"><span class="cl"><span class="sd"> configs:
</span></span></span><span class="line"><span class="cl"><span class="sd"> - from: 2020-05-15
</span></span></span><span class="line"><span class="cl"><span class="sd"> store: boltdb-shipper
</span></span></span><span class="line"><span class="cl"><span class="sd"> object_store: filesystem
</span></span></span><span class="line"><span class="cl"><span class="sd"> schema: v11
</span></span></span><span class="line"><span class="cl"><span class="sd"> index:
</span></span></span><span class="line"><span class="cl"><span class="sd"> prefix: index_
</span></span></span><span class="line"><span class="cl"><span class="sd"> period: 24h</span><span class="w">
</span></span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://grafana.com/oss/loki/"
>Discover Loki</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="4-thanos---long-term-metrics-storage">
4. Thanos - Long-term Metrics Storage
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-monitoring-tools/#4-thanos---long-term-metrics-storage" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 4. Thanos - Long-term Metrics Storage" href="#4-thanos---long-term-metrics-storage">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Long-term, highly available Prometheus setup for global metrics.</strong></p>
<p>Thanos extends Prometheus with long-term storage capabilities and global querying across multiple clusters. It’s essential for organizations running multiple Kubernetes clusters or requiring long-term metric retention.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Long-term metric storage</li>
<li>Global querying</li>
<li>High availability</li>
<li>Multi-cluster support</li>
<li>Cost-effective storage</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Using Helm</span>
</span></span><span class="line"><span class="cl">helm repo add thanos https://charts.bitnami.com/bitnami
</span></span><span class="line"><span class="cl">helm install thanos thanos/thanos
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Using kubectl</span>
</span></span><span class="line"><span class="cl">kubectl apply -f https://raw.githubusercontent.com/thanos-io/thanos/main/examples/k8s/
</span></span></code></pre></div><p><strong>Configuration Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ConfigMap</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">thanos-query-config</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">data</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">thanos-query.yaml</span><span class="p">:</span><span class="w"> </span><span class="p">|</span><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> type: s3
</span></span></span><span class="line"><span class="cl"><span class="sd"> config:
</span></span></span><span class="line"><span class="cl"><span class="sd"> bucket: "thanos-metrics"
</span></span></span><span class="line"><span class="cl"><span class="sd"> endpoint: "s3.amazonaws.com"
</span></span></span><span class="line"><span class="cl"><span class="sd"> access_key: "your-access-key"
</span></span></span><span class="line"><span class="cl"><span class="sd"> secret_key: "your-secret-key"</span><span class="w">
</span></span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://thanos.io/"
>Learn about Thanos</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="5-victoriametrics---high-performance-alternative">
5. VictoriaMetrics - High-performance Alternative
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-monitoring-tools/#5-victoriametrics---high-performance-alternative" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 5. VictoriaMetrics - High-performance Alternative" href="#5-victoriametrics---high-performance-alternative">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Fast, scalable alternative to Prometheus with long-term storage.</strong></p>
<p>VictoriaMetrics provides a high-performance, cost-effective alternative to Prometheus with built-in long-term storage and enhanced query performance.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>High-performance storage</li>
<li>Built-in long-term retention</li>
<li>Prometheus compatibility</li>
<li>Cost-effective scaling</li>
<li>Enhanced query performance</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Using Helm</span>
</span></span><span class="line"><span class="cl">helm repo add vm https://victoriametrics.github.io/helm-charts/
</span></span><span class="line"><span class="cl">helm install victoria-metrics vm/victoria-metrics-single
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Using kubectl</span>
</span></span><span class="line"><span class="cl">kubectl apply -f https://raw.githubusercontent.com/VictoriaMetrics/helm-charts/main/charts/victoria-metrics-single/templates/
</span></span></code></pre></div><p><strong>Configuration Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ConfigMap</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">victoria-metrics-config</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">data</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">victoria-metrics.yaml</span><span class="p">:</span><span class="w"> </span><span class="p">|</span><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> global:
</span></span></span><span class="line"><span class="cl"><span class="sd"> scrape_interval: 15s
</span></span></span><span class="line"><span class="cl"><span class="sd"> scrape_configs:
</span></span></span><span class="line"><span class="cl"><span class="sd"> - job_name: 'kubernetes-pods'
</span></span></span><span class="line"><span class="cl"><span class="sd"> kubernetes_sd_configs:
</span></span></span><span class="line"><span class="cl"><span class="sd"> - role: pod
</span></span></span><span class="line"><span class="cl"><span class="sd"> relabel_configs:
</span></span></span><span class="line"><span class="cl"><span class="sd"> - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
</span></span></span><span class="line"><span class="cl"><span class="sd"> action: keep
</span></span></span><span class="line"><span class="cl"><span class="sd"> regex: true</span><span class="w">
</span></span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://victoriametrics.com/"
>Explore VictoriaMetrics</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="6-opentelemetry-collector---unified-observability">
6. OpenTelemetry Collector - Unified Observability
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-monitoring-tools/#6-opentelemetry-collector---unified-observability" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 6. OpenTelemetry Collector - Unified Observability" href="#6-opentelemetry-collector---unified-observability">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Foundation for tracing and metrics instrumentation.</strong></p>
<p>OpenTelemetry Collector provides a unified approach to collecting traces, metrics, and logs. It’s becoming the standard for observability data collection in cloud-native environments.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Unified data collection</li>
<li>Multiple format support</li>
<li>Flexible processing</li>
<li>Vendor-agnostic</li>
<li>High performance</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Using Helm</span>
</span></span><span class="line"><span class="cl">helm repo add open-telemetry https://open-telemetry.github.io/opentelemetry-helm-charts
</span></span><span class="line"><span class="cl">helm install otel-collector open-telemetry/opentelemetry-collector
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Using kubectl</span>
</span></span><span class="line"><span class="cl">kubectl apply -f https://raw.githubusercontent.com/open-telemetry/opentelemetry-helm-charts/main/charts/opentelemetry-collector/templates/
</span></span></code></pre></div><p><strong>Configuration Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ConfigMap</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">otel-collector-config</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">data</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">config.yaml</span><span class="p">:</span><span class="w"> </span><span class="p">|</span><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> receivers:
</span></span></span><span class="line"><span class="cl"><span class="sd"> otlp:
</span></span></span><span class="line"><span class="cl"><span class="sd"> protocols:
</span></span></span><span class="line"><span class="cl"><span class="sd"> grpc:
</span></span></span><span class="line"><span class="cl"><span class="sd"> endpoint: 0.0.0.0:4317
</span></span></span><span class="line"><span class="cl"><span class="sd"> http:
</span></span></span><span class="line"><span class="cl"><span class="sd"> endpoint: 0.0.0.0:4318
</span></span></span><span class="line"><span class="cl"><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> processors:
</span></span></span><span class="line"><span class="cl"><span class="sd"> batch:
</span></span></span><span class="line"><span class="cl"><span class="sd"> timeout: 1s
</span></span></span><span class="line"><span class="cl"><span class="sd"> send_batch_size: 1024
</span></span></span><span class="line"><span class="cl"><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> exporters:
</span></span></span><span class="line"><span class="cl"><span class="sd"> prometheus:
</span></span></span><span class="line"><span class="cl"><span class="sd"> endpoint: "0.0.0.0:9464"
</span></span></span><span class="line"><span class="cl"><span class="sd"> otlp:
</span></span></span><span class="line"><span class="cl"><span class="sd"> endpoint: "tempo:4317"
</span></span></span><span class="line"><span class="cl"><span class="sd"> tls:
</span></span></span><span class="line"><span class="cl"><span class="sd"> insecure: true
</span></span></span><span class="line"><span class="cl"><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> service:
</span></span></span><span class="line"><span class="cl"><span class="sd"> pipelines:
</span></span></span><span class="line"><span class="cl"><span class="sd"> traces:
</span></span></span><span class="line"><span class="cl"><span class="sd"> receivers: [otlp]
</span></span></span><span class="line"><span class="cl"><span class="sd"> processors: [batch]
</span></span></span><span class="line"><span class="cl"><span class="sd"> exporters: [otlp]
</span></span></span><span class="line"><span class="cl"><span class="sd"> metrics:
</span></span></span><span class="line"><span class="cl"><span class="sd"> receivers: [otlp]
</span></span></span><span class="line"><span class="cl"><span class="sd"> processors: [batch]
</span></span></span><span class="line"><span class="cl"><span class="sd"> exporters: [prometheus]</span><span class="w">
</span></span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://opentelemetry.io/docs/collector/"
>Learn about OpenTelemetry</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="7-kube-state-metrics---cluster-state-metrics">
7. kube-state-metrics - Cluster State Metrics
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-monitoring-tools/#7-kube-state-metrics---cluster-state-metrics" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 7. kube-state-metrics - Cluster State Metrics" href="#7-kube-state-metrics---cluster-state-metrics">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Exposes cluster state as metrics for Prometheus.</strong></p>
<p>kube-state-metrics translates Kubernetes objects into Prometheus metrics, providing insights into cluster state, resource usage, and object lifecycle.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Kubernetes object metrics</li>
<li>Resource state tracking</li>
<li>Custom resource support</li>
<li>Prometheus integration</li>
<li>Real-time updates</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Using Helm</span>
</span></span><span class="line"><span class="cl">helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
</span></span><span class="line"><span class="cl">helm install kube-state-metrics prometheus-community/kube-state-metrics
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Using kubectl</span>
</span></span><span class="line"><span class="cl">kubectl apply -f https://raw.githubusercontent.com/kubernetes/kube-state-metrics/main/examples/standard/
</span></span></code></pre></div><p><strong>Configuration Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">apps/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Deployment</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">kube-state-metrics</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">replicas</span><span class="p">:</span><span class="w"> </span><span class="m">1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">kube-state-metrics</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">template</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">labels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">kube-state-metrics</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">kube-state-metrics</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.8.0</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">metrics</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containerPort</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">livenessProbe</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">httpGet</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l">/healthz</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">initialDelaySeconds</span><span class="p">:</span><span class="w"> </span><span class="m">5</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">timeoutSeconds</span><span class="p">:</span><span class="w"> </span><span class="m">5</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">readinessProbe</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">httpGet</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l">/</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">initialDelaySeconds</span><span class="p">:</span><span class="w"> </span><span class="m">5</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">timeoutSeconds</span><span class="p">:</span><span class="w"> </span><span class="m">5</span><span class="w">
</span></span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://github.com/kubernetes/kube-state-metrics"
>Get kube-state-metrics on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="8-metrics-server---resource-usage-metrics">
8. Metrics Server - Resource Usage Metrics
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-monitoring-tools/#8-metrics-server---resource-usage-metrics" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 8. Metrics Server - Resource Usage Metrics" href="#8-metrics-server---resource-usage-metrics">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Lightweight aggregator of resource usage for HPA and dashboarding.</strong></p>
<p>Metrics Server provides core resource usage metrics (CPU and memory) for Kubernetes objects, enabling Horizontal Pod Autoscaler (HPA) and resource monitoring dashboards.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Resource usage metrics</li>
<li>HPA support</li>
<li>Lightweight design</li>
<li>Real-time data</li>
<li>Kubernetes-native</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Using kubectl</span>
</span></span><span class="line"><span class="cl">kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Using Helm</span>
</span></span><span class="line"><span class="cl">helm repo add metrics-server https://kubernetes-sigs.github.io/metrics-server/
</span></span><span class="line"><span class="cl">helm install metrics-server metrics-server/metrics-server
</span></span></code></pre></div><p><strong>Configuration Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ServiceAccount</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">metrics-server</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">kube-system</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nn">---</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">apps/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Deployment</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">metrics-server</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">kube-system</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">replicas</span><span class="p">:</span><span class="w"> </span><span class="m">1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">metrics-server</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">template</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">labels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">metrics-server</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">serviceAccountName</span><span class="p">:</span><span class="w"> </span><span class="l">metrics-server</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">metrics-server</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">registry.k8s.io/metrics-server/metrics-server:v0.6.4</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">args</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- --<span class="l">kubelet-insecure-tls</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- --<span class="l">kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">main-port</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containerPort</span><span class="p">:</span><span class="w"> </span><span class="m">4443</span><span class="w">
</span></span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://github.com/kubernetes-sigs/metrics-server"
>Get Metrics Server on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="9-kubewatch---real-time-notifications">
9. Kubewatch - Real-time Notifications
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-monitoring-tools/#9-kubewatch---real-time-notifications" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 9. Kubewatch - Real-time Notifications" href="#9-kubewatch---real-time-notifications">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Real-time resource change notifications via Slack or webhooks.</strong></p>
<p>Kubewatch monitors Kubernetes events and sends real-time notifications to various channels, helping teams stay informed about cluster changes and potential issues.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Real-time event monitoring</li>
<li>Multiple notification channels</li>
<li>Customizable filters</li>
<li>Webhook support</li>
<li>Slack integration</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Using Helm</span>
</span></span><span class="line"><span class="cl">helm repo add kubewatch https://charts.bitnami.com/bitnami
</span></span><span class="line"><span class="cl">helm install kubewatch kubewatch/kubewatch
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Using kubectl</span>
</span></span><span class="line"><span class="cl">kubectl apply -f https://raw.githubusercontent.com/bitnami-labs/kubewatch/main/deploy/
</span></span></code></pre></div><p><strong>Configuration Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ConfigMap</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">kubewatch-config</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">data</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">.kubewatch.yaml</span><span class="p">:</span><span class="w"> </span><span class="p">|</span><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> handler:
</span></span></span><span class="line"><span class="cl"><span class="sd"> slack:
</span></span></span><span class="line"><span class="cl"><span class="sd"> token: "your-slack-token"
</span></span></span><span class="line"><span class="cl"><span class="sd"> channel: "#kubernetes"
</span></span></span><span class="line"><span class="cl"><span class="sd"> title: "Kubernetes Event"
</span></span></span><span class="line"><span class="cl"><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> resources:
</span></span></span><span class="line"><span class="cl"><span class="sd"> - deployment
</span></span></span><span class="line"><span class="cl"><span class="sd"> - pod
</span></span></span><span class="line"><span class="cl"><span class="sd"> - service
</span></span></span><span class="line"><span class="cl"><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> events:
</span></span></span><span class="line"><span class="cl"><span class="sd"> - create
</span></span></span><span class="line"><span class="cl"><span class="sd"> - update
</span></span></span><span class="line"><span class="cl"><span class="sd"> - delete</span><span class="w">
</span></span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://github.com/bitnami-labs/kubewatch"
>Get Kubewatch on GitHub</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="10-weave-scope---visual-cluster-exploration">
10. Weave Scope - Visual Cluster Exploration
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-monitoring-tools/#10-weave-scope---visual-cluster-exploration" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 10. Weave Scope - Visual Cluster Exploration" href="#10-weave-scope---visual-cluster-exploration">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p><strong>Visualizes processes, containers, and services in real-time.</strong></p>
<p>Weave Scope provides a visual interface for exploring and monitoring Kubernetes clusters, making it easier to understand application topology and troubleshoot issues.</p>
<p><strong>Key Features:</strong></p>
<ul>
<li>Visual cluster exploration</li>
<li>Real-time topology mapping</li>
<li>Container and process monitoring</li>
<li>Interactive debugging</li>
<li>Performance insights</li>
</ul>
<p><strong>Installation:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Using kubectl</span>
</span></span><span class="line"><span class="cl">kubectl apply -f <span class="s2">"https://cloud.weave.works/k8s/scope.yaml?k8s-version=</span><span class="k">$(</span>kubectl version <span class="p">|</span> base64 <span class="p">|</span> tr -d <span class="s1">'\n'</span><span class="k">)</span><span class="s2">"</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Using Helm</span>
</span></span><span class="line"><span class="cl">helm repo add weaveworks https://weaveworks.github.io/helm-charts
</span></span><span class="line"><span class="cl">helm install weave-scope weaveworks/weave-scope
</span></span></code></pre></div><p><strong>Configuration Example:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">apps/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Deployment</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">weave-scope-app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l">weave</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">replicas</span><span class="p">:</span><span class="w"> </span><span class="m">1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">weave-scope-app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">template</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">labels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">weave-scope-app</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">scope</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">weaveworks/scope:latest</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">containerPort</span><span class="p">:</span><span class="w"> </span><span class="m">4040</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">env</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">WEAVE_SCOPE_DISCOVERY_URL</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s2">"weave-scope-app.weave.svc.cluster.local:4040"</span><span class="w">
</span></span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://www.weave.works/oss/scope/"
>Explore Weave Scope</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="building-a-complete-monitoring-stack">
Building a Complete Monitoring Stack
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-monitoring-tools/#building-a-complete-monitoring-stack" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Building a Complete Monitoring Stack" href="#building-a-complete-monitoring-stack">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="recommended-architecture">
Recommended Architecture
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-monitoring-tools/#recommended-architecture" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Recommended Architecture" href="#recommended-architecture">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ol>
<li><strong>Metrics Collection</strong>: Prometheus + kube-state-metrics + Metrics Server</li>
<li><strong>Logging</strong>: Loki + Promtail</li>
<li><strong>Tracing</strong>: Jaeger or Zipkin with OpenTelemetry</li>
<li><strong>Visualization</strong>: Grafana</li>
<li><strong>Alerting</strong>: Prometheus Alertmanager + Grafana Alerts</li>
<li><strong>Long-term Storage</strong>: Thanos or VictoriaMetrics</li>
</ol>
<div class="gblog-post__anchorwrap">
<h3 id="implementation-steps">
Implementation Steps
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-monitoring-tools/#implementation-steps" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Implementation Steps" href="#implementation-steps">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ol>
<li><strong>Start with Core Metrics</strong>: Deploy Prometheus and kube-state-metrics</li>
<li><strong>Add Visualization</strong>: Install Grafana and create basic dashboards</li>
<li><strong>Implement Logging</strong>: Deploy Loki and configure log collection</li>
<li><strong>Set Up Alerting</strong>: Configure Alertmanager with meaningful alerts</li>
<li><strong>Add Tracing</strong>: Implement OpenTelemetry for distributed tracing</li>
<li><strong>Scale and Optimize</strong>: Add long-term storage and optimize performance</li>
</ol>
<div class="gblog-post__anchorwrap">
<h3 id="best-practices">
Best Practices
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-monitoring-tools/#best-practices" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Best Practices" href="#best-practices">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ol>
<li><strong>Resource Planning</strong>: Allocate sufficient resources for monitoring components</li>
<li><strong>Security</strong>: Implement proper RBAC and network policies</li>
<li><strong>Retention Policies</strong>: Configure appropriate data retention periods</li>
<li><strong>Alert Fatigue</strong>: Design meaningful alerts to avoid notification overload</li>
<li><strong>Documentation</strong>: Maintain clear documentation for dashboards and alerts</li>
<li><strong>Testing</strong>: Regularly test monitoring and alerting systems</li>
</ol>
<div class="gblog-post__anchorwrap">
<h2 id="conclusion">
Conclusion
<a data-clipboard-text="https://k8s-ops.net/posts/top-10-kubernetes-monitoring-tools/#conclusion" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Conclusion" href="#conclusion">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>A comprehensive monitoring and observability strategy is essential for running Kubernetes clusters in production. The tools outlined above provide the foundation for understanding cluster health, application performance, and user experience.</p>
<p>Start with the core tools (Prometheus, Grafana, kube-state-metrics) and gradually expand your observability stack based on your specific needs. Remember that effective monitoring is not just about collecting data—it’s about providing actionable insights that help you maintain reliable, performant applications.</p>
<p>For organizations running multiple clusters or requiring enterprise-grade features, consider managed solutions that build upon these open-source tools while providing additional features like global aggregation, advanced analytics, and professional support.</p>
<p>For more information about Kubernetes monitoring and observability, visit the <a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/tasks/debug/debug-cluster/resource-usage-monitoring/"
>official Kubernetes documentation</a> and the <a
class="gblog-markdown__link"
href="https://landscape.cncf.io/card-mode?category=observability-and-analysis&grouping=category"
>CNCF observability landscape</a>.</p>Kubernetes v1.32 'Penelope' Official Releasehttps://k8s-ops.net/posts/kubernetes-v1-32-release/2024-12-11T00:00:00+00:002025-07-04T14:01:11-04:00
<p>On December 11, 2024, the Kubernetes community released v1.32, codenamed “Penelope,” marking the final major release of the year. This release brings 44 enhancements with 12 moving to stable, 18 entering beta, and 14 remaining in alpha. The v1.32 release focuses on API cleanup, new field selectors, and continued improvements to the platform’s stability and performance.</p>
<div class="gblog-post__anchorwrap">
<h2 id="release-overview">
Release Overview
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#release-overview" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Release Overview" href="#release-overview">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="key-statistics">
Key Statistics
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#key-statistics" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Key Statistics" href="#key-statistics">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The v1.32 release represents the collective effort of:</p>
<ul>
<li><strong>1,300+ Contributors</strong>: From around the world</li>
<li><strong>70+ Organizations</strong>: Contributing code and resources</li>
<li><strong>30+ Special Interest Groups</strong>: Coordinating development</li>
<li><strong>6 Months</strong>: Of active development and testing</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="release-name-penelope">
Release Name: Penelope
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#release-name-penelope" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Release Name: Penelope" href="#release-name-penelope">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The codename “Penelope” continues Kubernetes’ tradition of naming releases after notable figures in computing history, honoring contributions to the field of computer science and technology.</p>
<div class="gblog-post__anchorwrap">
<h2 id="major-features-moving-to-stable">
Major Features Moving to Stable
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#major-features-moving-to-stable" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Major Features Moving to Stable" href="#major-features-moving-to-stable">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-field-based-crd-selectors">
1. Field-based CRD Selectors
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#1-field-based-crd-selectors" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Field-based CRD Selectors" href="#1-field-based-crd-selectors">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Custom Resource Definition (CRD) field selectors graduate to stable, providing enhanced querying capabilities:</p>
<div class="gblog-post__anchorwrap">
<h4 id="enhanced-querying">
Enhanced Querying
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#enhanced-querying" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Enhanced Querying" href="#enhanced-querying">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Field-based Filtering</strong>: Query custom resources by specific field values</li>
<li><strong>Complex Queries</strong>: Support for multiple field conditions</li>
<li><strong>Performance Optimization</strong>: Efficient filtering at the API level</li>
<li><strong>Standardized Interface</strong>: Consistent querying across all resource types</li>
</ul>
<div class="gblog-post__anchorwrap">
<h4 id="implementation-example">
Implementation Example
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#implementation-example" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Implementation Example" href="#implementation-example">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">apiextensions.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">CustomResourceDefinition</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">applications.example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">group</span><span class="p">:</span><span class="w"> </span><span class="l">example.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">names</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Application</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">listKind</span><span class="p">:</span><span class="w"> </span><span class="l">ApplicationList</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">plural</span><span class="p">:</span><span class="w"> </span><span class="l">applications</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">singular</span><span class="p">:</span><span class="w"> </span><span class="l">application</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">scope</span><span class="p">:</span><span class="w"> </span><span class="l">Namespaced</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">versions</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">served</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">storage</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">schema</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">openAPIV3Schema</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">object</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">properties</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">object</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">properties</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">environment</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">string</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enum</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="l">development, staging, production]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">priority</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">integer</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">minimum</span><span class="p">:</span><span class="w"> </span><span class="m">1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">maximum</span><span class="p">:</span><span class="w"> </span><span class="m">10</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h4 id="querying-examples">
Querying Examples
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#querying-examples" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Querying Examples" href="#querying-examples">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Query by environment</span>
</span></span><span class="line"><span class="cl">kubectl get applications --field-selector spec.environment<span class="o">=</span>production
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Query by priority range</span>
</span></span><span class="line"><span class="cl">kubectl get applications --field-selector spec.priority><span class="o">=</span><span class="m">5</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Complex queries</span>
</span></span><span class="line"><span class="cl">kubectl get applications --field-selector spec.environment<span class="o">=</span>production,spec.priority><span class="o">=</span><span class="m">8</span>
</span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="2-enhanced-api-server-performance">
2. Enhanced API Server Performance
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#2-enhanced-api-server-performance" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Enhanced API Server Performance" href="#2-enhanced-api-server-performance">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The API server receives significant performance improvements:</p>
<div class="gblog-post__anchorwrap">
<h4 id="optimizations">
Optimizations
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#optimizations" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Optimizations" href="#optimizations">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Reduced Latency</strong>: Faster request processing</li>
<li><strong>Better Memory Management</strong>: More efficient memory utilization</li>
<li><strong>Improved Caching</strong>: Enhanced caching mechanisms</li>
<li><strong>Connection Optimization</strong>: Better connection pooling and management</li>
</ul>
<div class="gblog-post__anchorwrap">
<h4 id="impact-on-users">
Impact on Users
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#impact-on-users" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Impact on Users" href="#impact-on-users">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Faster Operations</strong>: Reduced response times for all API operations</li>
<li><strong>Better Scalability</strong>: Improved performance at scale</li>
<li><strong>Resource Efficiency</strong>: Lower resource consumption</li>
<li><strong>Enhanced Reliability</strong>: More stable API server operation</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="3-advanced-scheduling-features">
3. Advanced Scheduling Features
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#3-advanced-scheduling-features" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Advanced Scheduling Features" href="#3-advanced-scheduling-features">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The scheduler continues to evolve with new capabilities:</p>
<div class="gblog-post__anchorwrap">
<h4 id="resource-aware-scheduling">
Resource-aware Scheduling
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#resource-aware-scheduling" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Resource-aware Scheduling" href="#resource-aware-scheduling">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>GPU-aware Placement</strong>: Better GPU resource management</li>
<li><strong>Storage-aware Scheduling</strong>: Optimized storage resource allocation</li>
<li><strong>Network-aware Placement</strong>: Consideration of network topology</li>
<li><strong>Cost-aware Scheduling</strong>: Consideration of resource costs</li>
</ul>
<div class="gblog-post__anchorwrap">
<h4 id="performance-improvements">
Performance Improvements
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#performance-improvements" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Performance Improvements" href="#performance-improvements">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Faster Algorithms</strong>: Improved scheduling algorithms</li>
<li><strong>Parallel Processing</strong>: Better utilization of multiple cores</li>
<li><strong>Memory Efficiency</strong>: Reduced memory footprint</li>
<li><strong>Scalability</strong>: Better performance at scale</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="beta-features">
Beta Features
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#beta-features" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Beta Features" href="#beta-features">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-enhanced-rbac-system">
1. Enhanced RBAC System
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#1-enhanced-rbac-system" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Enhanced RBAC System" href="#1-enhanced-rbac-system">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The Role-Based Access Control system receives major updates:</p>
<div class="gblog-post__anchorwrap">
<h4 id="fine-grained-permissions">
Fine-grained Permissions
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#fine-grained-permissions" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Fine-grained Permissions" href="#fine-grained-permissions">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Resource-level Permissions</strong>: Granular control over specific resources</li>
<li><strong>Conditional Access</strong>: Context-aware authorization decisions</li>
<li><strong>Dynamic Policy Evaluation</strong>: Real-time policy enforcement</li>
<li><strong>Audit Trail Enhancement</strong>: Comprehensive security event tracking</li>
</ul>
<div class="gblog-post__anchorwrap">
<h4 id="implementation-examples">
Implementation Examples
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#implementation-examples" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Implementation Examples" href="#implementation-examples">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">rbac.authorization.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ClusterRole</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">conditional-pod-reader</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">rules</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span>- <span class="nt">apiGroups</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">""</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">resources</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"pods"</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">verbs</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"get"</span><span class="p">,</span><span class="w"> </span><span class="s2">"list"</span><span class="p">,</span><span class="w"> </span><span class="s2">"watch"</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">conditions</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">expression</span><span class="p">:</span><span class="w"> </span><span class="s1">'object.metadata.namespace == "production"'</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="2-advanced-network-policies">
2. Advanced Network Policies
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#2-advanced-network-policies" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Advanced Network Policies" href="#2-advanced-network-policies">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Network policy capabilities are significantly enhanced:</p>
<div class="gblog-post__anchorwrap">
<h4 id="protocol-level-filtering">
Protocol-level Filtering
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#protocol-level-filtering" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Protocol-level Filtering" href="#protocol-level-filtering">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Layer 7 Policies</strong>: Application-layer traffic filtering</li>
<li><strong>Advanced Port Management</strong>: Sophisticated port-based rules</li>
<li><strong>Service Mesh Integration</strong>: Better integration with service meshes</li>
<li><strong>Performance Optimization</strong>: Faster policy enforcement</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="3-improved-storage-management">
3. Improved Storage Management
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#3-improved-storage-management" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Improved Storage Management" href="#3-improved-storage-management">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Storage features receive comprehensive updates:</p>
<div class="gblog-post__anchorwrap">
<h4 id="volume-management">
Volume Management
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#volume-management" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Volume Management" href="#volume-management">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Dynamic Provisioning</strong>: Enhanced storage class support</li>
<li><strong>Volume Snapshots</strong>: Improved backup and recovery capabilities</li>
<li><strong>Storage Capacity Tracking</strong>: More accurate resource management</li>
<li><strong>Multi-attach Volumes</strong>: Support for shared storage access</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="alpha-features">
Alpha Features
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#alpha-features" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Alpha Features" href="#alpha-features">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-webassembly-support">
1. WebAssembly Support
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#1-webassembly-support" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. WebAssembly Support" href="#1-webassembly-support">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Early support for WebAssembly workloads continues to evolve:</p>
<div class="gblog-post__anchorwrap">
<h4 id="cross-platform-compatibility">
Cross-platform Compatibility
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#cross-platform-compatibility" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Cross-platform Compatibility" href="#cross-platform-compatibility">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Architecture Independence</strong>: Same code across different platforms</li>
<li><strong>Security Sandboxing</strong>: Isolated execution environment</li>
<li><strong>Performance Optimization</strong>: Near-native performance</li>
<li><strong>Use Case Expansion</strong>: Serverless functions, edge computing</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="2-enhanced-observability">
2. Enhanced Observability
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#2-enhanced-observability" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Enhanced Observability" href="#2-enhanced-observability">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>New observability capabilities:</p>
<div class="gblog-post__anchorwrap">
<h4 id="distributed-tracing">
Distributed Tracing
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#distributed-tracing" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Distributed Tracing" href="#distributed-tracing">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>End-to-end Tracing</strong>: Complete request flow tracking</li>
<li><strong>Performance Analysis</strong>: Detailed performance insights</li>
<li><strong>Debugging Support</strong>: Enhanced troubleshooting capabilities</li>
<li><strong>Integration</strong>: Better integration with existing tools</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="3-edge-computing-support">
3. Edge Computing Support
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#3-edge-computing-support" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Edge Computing Support" href="#3-edge-computing-support">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Edge computing features continue to evolve:</p>
<div class="gblog-post__anchorwrap">
<h4 id="lightweight-components">
Lightweight Components
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#lightweight-components" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Lightweight Components" href="#lightweight-components">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Resource Optimization</strong>: Reduced resource requirements</li>
<li><strong>Offline Operation</strong>: Better support for intermittent connectivity</li>
<li><strong>Local Processing</strong>: Reduced dependency on centralized resources</li>
<li><strong>Multi-cluster Management</strong>: Coordinated edge deployments</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="api-cleanup-and-deprecations">
API Cleanup and Deprecations
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#api-cleanup-and-deprecations" class="gblog-post__anchor clip flex align-center" aria-label="Anchor API Cleanup and Deprecations" href="#api-cleanup-and-deprecations">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="major-api-cleanup">
Major API Cleanup
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#major-api-cleanup" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Major API Cleanup" href="#major-api-cleanup">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The v1.32 release includes significant API cleanup efforts:</p>
<div class="gblog-post__anchorwrap">
<h4 id="deprecated-api-removal">
Deprecated API Removal
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#deprecated-api-removal" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Deprecated API Removal" href="#deprecated-api-removal">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Legacy APIs</strong>: Removal of long-deprecated API versions</li>
<li><strong>Unused Endpoints</strong>: Cleanup of unused API endpoints</li>
<li><strong>Redundant Resources</strong>: Removal of redundant resource types</li>
<li><strong>Simplified Interfaces</strong>: Streamlined API interfaces</li>
</ul>
<div class="gblog-post__anchorwrap">
<h4 id="impact-on-users-1">
Impact on Users
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#impact-on-users-1" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Impact on Users" href="#impact-on-users-1">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Cleaner API</strong>: More consistent and maintainable API</li>
<li><strong>Better Performance</strong>: Reduced API server overhead</li>
<li><strong>Improved Security</strong>: Reduced attack surface</li>
<li><strong>Enhanced Maintainability</strong>: Easier to maintain and extend</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="migration-guide">
Migration Guide
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#migration-guide" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Migration Guide" href="#migration-guide">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>For users affected by API changes:</p>
<div class="gblog-post__anchorwrap">
<h4 id="pre-upgrade-preparation">
Pre-upgrade Preparation
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#pre-upgrade-preparation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Pre-upgrade Preparation" href="#pre-upgrade-preparation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><input disabled="" type="checkbox"> Review deprecation notices</li>
<li><input disabled="" type="checkbox"> Update API client code</li>
<li><input disabled="" type="checkbox"> Test with new API versions</li>
<li><input disabled="" type="checkbox"> Update automation scripts</li>
<li><input disabled="" type="checkbox"> Verify third-party tool compatibility</li>
</ul>
<div class="gblog-post__anchorwrap">
<h4 id="migration-tools">
Migration Tools
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#migration-tools" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Migration Tools" href="#migration-tools">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>kubectl convert</strong>: Automatic API version conversion</li>
<li><strong>Migration Scripts</strong>: Community-provided migration tools</li>
<li><strong>Documentation</strong>: Comprehensive migration guides</li>
<li><strong>Support</strong>: Community support for migration issues</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="security-enhancements">
Security Enhancements
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#security-enhancements" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Security Enhancements" href="#security-enhancements">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-enhanced-authentication">
1. Enhanced Authentication
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#1-enhanced-authentication" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Enhanced Authentication" href="#1-enhanced-authentication">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Authentication system improvements:</p>
<div class="gblog-post__anchorwrap">
<h4 id="multi-factor-authentication">
Multi-factor Authentication
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#multi-factor-authentication" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Multi-factor Authentication" href="#multi-factor-authentication">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>MFA Support</strong>: Enhanced authentication security</li>
<li><strong>Certificate Management</strong>: Improved certificate lifecycle</li>
<li><strong>Token Security</strong>: Enhanced service account token security</li>
<li><strong>Identity Federation</strong>: Better integration with external identity providers</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="2-supply-chain-security">
2. Supply Chain Security
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#2-supply-chain-security" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Supply Chain Security" href="#2-supply-chain-security">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Software supply chain security features:</p>
<div class="gblog-post__anchorwrap">
<h4 id="artifact-verification">
Artifact Verification
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#artifact-verification" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Artifact Verification" href="#artifact-verification">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Digital Signatures</strong>: Ensuring artifact integrity</li>
<li><strong>Vulnerability Scanning</strong>: Automated security scanning</li>
<li><strong>Policy Enforcement</strong>: Automated security policy compliance</li>
<li><strong>Audit Trail</strong>: Comprehensive security event logging</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="performance-improvements-1">
Performance Improvements
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#performance-improvements-1" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Performance Improvements" href="#performance-improvements-1">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-etcd-optimizations">
1. etcd Optimizations
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#1-etcd-optimizations" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. etcd Optimizations" href="#1-etcd-optimizations">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>etcd, the backing store, receives optimizations:</p>
<div class="gblog-post__anchorwrap">
<h4 id="storage-efficiency">
Storage Efficiency
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#storage-efficiency" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Storage Efficiency" href="#storage-efficiency">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Compression</strong>: Enhanced data compression</li>
<li><strong>Indexing</strong>: Improved data indexing</li>
<li><strong>Garbage Collection</strong>: Better cleanup of old data</li>
<li><strong>Backup Optimization</strong>: Faster and more reliable backups</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="2-controller-performance">
2. Controller Performance
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#2-controller-performance" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Controller Performance" href="#2-controller-performance">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Controller performance improvements:</p>
<div class="gblog-post__anchorwrap">
<h4 id="algorithm-optimization">
Algorithm Optimization
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#algorithm-optimization" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Algorithm Optimization" href="#algorithm-optimization">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<ul>
<li><strong>Faster Reconciliation</strong>: Improved reconciliation algorithms</li>
<li><strong>Parallel Processing</strong>: Better utilization of multiple cores</li>
<li><strong>Memory Efficiency</strong>: Reduced memory footprint</li>
<li><strong>Scalability</strong>: Better performance at scale</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="community-impact">
Community Impact
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#community-impact" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Community Impact" href="#community-impact">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="contributor-recognition">
Contributor Recognition
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#contributor-recognition" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Contributor Recognition" href="#contributor-recognition">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The v1.32 release highlights:</p>
<ul>
<li><strong>Global Collaboration</strong>: Contributors from around the world</li>
<li><strong>Organizational Diversity</strong>: Companies of all sizes contributing</li>
<li><strong>Skill Development</strong>: Opportunities for learning and growth</li>
<li><strong>Community Building</strong>: Strengthening the Kubernetes ecosystem</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="ecosystem-updates">
Ecosystem Updates
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#ecosystem-updates" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Ecosystem Updates" href="#ecosystem-updates">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The broader ecosystem responds:</p>
<ul>
<li><strong>Cloud Providers</strong>: Update managed Kubernetes services</li>
<li><strong>Tools and Platforms</strong>: Update compatibility matrices</li>
<li><strong>Documentation</strong>: Comprehensive documentation updates</li>
<li><strong>Training Materials</strong>: Updated certification programs</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="looking-forward">
Looking Forward
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#looking-forward" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Looking Forward" href="#looking-forward">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="v133-preview">
v1.33 Preview
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#v133-preview" class="gblog-post__anchor clip flex align-center" aria-label="Anchor v1.33 Preview" href="#v133-preview">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The community is already working on v1.33, which will include:</p>
<ul>
<li><strong>Continued Performance Improvements</strong>: Further optimizations</li>
<li><strong>New Alpha Features</strong>: Experimental capabilities</li>
<li><strong>Enhanced Security</strong>: Additional security features</li>
<li><strong>Better Usability</strong>: Improved developer and operator experience</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="long-term-roadmap">
Long-term Roadmap
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#long-term-roadmap" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Long-term Roadmap" href="#long-term-roadmap">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Future releases will focus on:</p>
<ul>
<li><strong>Simplification</strong>: Making Kubernetes easier to use</li>
<li><strong>Edge Computing</strong>: Better support for edge environments</li>
<li><strong>AI/ML Workloads</strong>: Enhanced support for machine learning</li>
<li><strong>Sustainability</strong>: Reducing resource consumption</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="conclusion">
Conclusion
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-32-release/#conclusion" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Conclusion" href="#conclusion">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>The release of Kubernetes v1.32 “Penelope” represents another significant step forward in the platform’s evolution. With 44 enhancements, API cleanup, improved performance, and enhanced security, this release continues Kubernetes’ tradition of innovation and stability.</p>
<p>Key highlights include:</p>
<ul>
<li><strong>API Cleanup</strong>: Significant cleanup of deprecated and unused APIs</li>
<li><strong>Field-based Selectors</strong>: Enhanced querying capabilities for custom resources</li>
<li><strong>Performance Improvements</strong>: Better API server and scheduler performance</li>
<li><strong>Community Collaboration</strong>: Global effort involving thousands of contributors</li>
</ul>
<p>The community’s commitment to backward compatibility, comprehensive testing, and user feedback ensures that upgrades are smooth and reliable. As organizations plan their upgrades to v1.32, they can be confident in the platform’s maturity and the community’s support.</p>
<p>The success of this release demonstrates the power of open-source collaboration and the strength of the Kubernetes ecosystem. With continued innovation and community support, Kubernetes remains the foundation of modern cloud-native computing.</p>
<hr>
<p><em>For more information about Kubernetes v1.32, visit the <a
class="gblog-markdown__link"
href="https://kubernetes.io/blog/2024/12/11/kubernetes-v1-32-release/"
>official release blog post</a> and the <a
class="gblog-markdown__link"
href="https://www.perfectscale.io/blog/kubernetes-v1-32-penelope"
>PerfectScale blog post</a>.</em></p>Kubernetes v1.30 'Uwubernetes' Official Releasehttps://k8s-ops.net/posts/kubernetes-v1-30-release/2024-04-17T00:00:00+00:002025-07-04T14:01:11-04:00
<p>On April 17, 2024, the Kubernetes community celebrated the official release of Kubernetes v1.30, codenamed “Uwubernetes.” This release represents a significant milestone in the platform’s evolution, bringing 45 enhancements with 11 moving to stable, 19 entering beta, and 15 remaining in alpha. The release demonstrates the community’s continued commitment to innovation, stability, and user experience improvements.</p>
<div class="gblog-post__anchorwrap">
<h2 id="release-highlights">
Release Highlights
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#release-highlights" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Release Highlights" href="#release-highlights">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="major-features-moving-to-stable">
Major Features Moving to Stable
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#major-features-moving-to-stable" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Major Features Moving to Stable" href="#major-features-moving-to-stable">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="gblog-post__anchorwrap">
<h4 id="1-structured-logging">
1. Structured Logging
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#1-structured-logging" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Structured Logging" href="#1-structured-logging">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>One of the most anticipated features graduating to stable is structured logging. This enhancement transforms Kubernetes logs from plain text to structured JSON format, making them:</p>
<ul>
<li><strong>Machine-readable</strong>: Easier to parse and analyze programmatically</li>
<li><strong>Searchable</strong>: Better indexing capabilities for log aggregation systems</li>
<li><strong>Consistent</strong>: Standardized format across all Kubernetes components</li>
<li><strong>Extensible</strong>: Additional metadata can be easily added</li>
</ul>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json"><span class="line"><span class="cl"><span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="nt">"level"</span><span class="p">:</span> <span class="s2">"info"</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nt">"timestamp"</span><span class="p">:</span> <span class="s2">"2024-04-17T10:30:00Z"</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nt">"component"</span><span class="p">:</span> <span class="s2">"kube-scheduler"</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nt">"message"</span><span class="p">:</span> <span class="s2">"Pod scheduled successfully"</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nt">"pod"</span><span class="p">:</span> <span class="s2">"nginx-deployment-abc123"</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nt">"node"</span><span class="p">:</span> <span class="s2">"worker-node-1"</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nt">"namespace"</span><span class="p">:</span> <span class="s2">"default"</span>
</span></span><span class="line"><span class="cl"><span class="p">}</span>
</span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h4 id="2-node-swap-support">
2. Node Swap Support
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#2-node-swap-support" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Node Swap Support" href="#2-node-swap-support">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Node swap support graduates to stable, allowing Kubernetes to work with systems that have swap memory enabled. This feature provides:</p>
<ul>
<li><strong>Configurable Swap Behavior</strong>: Admins can control swap usage per node</li>
<li><strong>Memory Pressure Handling</strong>: Better management of memory-constrained environments</li>
<li><strong>Development Flexibility</strong>: Easier local development setups</li>
<li><strong>Resource Optimization</strong>: More efficient use of available memory</li>
</ul>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Node</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">worker-node-1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">config</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">swapBehavior</span><span class="p">:</span><span class="w"> </span><span class="s2">"NoSwap"</span><span class="w"> </span><span class="c"># or "LimitedSwap", "UnlimitedSwap"</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h4 id="3-dynamic-resource-allocation-dra">
3. Dynamic Resource Allocation (DRA)
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#3-dynamic-resource-allocation-dra" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Dynamic Resource Allocation (DRA)" href="#3-dynamic-resource-allocation-dra">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>DRA moves to stable, enabling sophisticated resource allocation beyond traditional CPU and memory:</p>
<ul>
<li><strong>Specialized Hardware</strong>: GPUs, FPGAs, specialized accelerators</li>
<li><strong>Dynamic Management</strong>: Runtime allocation and deallocation</li>
<li><strong>Resource Sharing</strong>: Multiple pods can share expensive hardware</li>
<li><strong>Custom Resource Types</strong>: Support for vendor-specific resources</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="beta-features">
Beta Features
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#beta-features" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Beta Features" href="#beta-features">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="gblog-post__anchorwrap">
<h4 id="1-enhanced-rbac">
1. Enhanced RBAC
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#1-enhanced-rbac" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Enhanced RBAC" href="#1-enhanced-rbac">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>The enhanced RBAC system provides:</p>
<ul>
<li><strong>Fine-grained Permissions</strong>: More granular access control</li>
<li><strong>Conditional Access</strong>: Context-aware authorization</li>
<li><strong>Audit Improvements</strong>: Better security event tracking</li>
</ul>
<div class="gblog-post__anchorwrap">
<h4 id="2-advanced-network-policies">
2. Advanced Network Policies
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#2-advanced-network-policies" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Advanced Network Policies" href="#2-advanced-network-policies">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Network policy enhancements include:</p>
<ul>
<li><strong>Protocol Support</strong>: Enhanced protocol-level filtering</li>
<li><strong>Performance Optimizations</strong>: Faster policy enforcement</li>
<li><strong>Advanced Traffic Control</strong>: More sophisticated network rules</li>
</ul>
<div class="gblog-post__anchorwrap">
<h4 id="3-improved-storage-management">
3. Improved Storage Management
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#3-improved-storage-management" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Improved Storage Management" href="#3-improved-storage-management">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Storage improvements feature:</p>
<ul>
<li><strong>Volume Snapshots</strong>: Better backup and recovery capabilities</li>
<li><strong>Storage Capacity Tracking</strong>: More accurate resource management</li>
<li><strong>Dynamic Provisioning</strong>: Enhanced storage class support</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="whats-new-in-alpha">
What’s New in Alpha
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#whats-new-in-alpha" class="gblog-post__anchor clip flex align-center" aria-label="Anchor What’s New in Alpha" href="#whats-new-in-alpha">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-webassembly-support">
1. WebAssembly Support
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#1-webassembly-support" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. WebAssembly Support" href="#1-webassembly-support">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Early support for WebAssembly workloads:</p>
<ul>
<li><strong>Cross-platform Compatibility</strong>: Run the same code across different architectures</li>
<li><strong>Security</strong>: Sandboxed execution environment</li>
<li><strong>Performance</strong>: Near-native performance for interpreted languages</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="2-enhanced-observability">
2. Enhanced Observability
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#2-enhanced-observability" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Enhanced Observability" href="#2-enhanced-observability">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>New observability features include:</p>
<ul>
<li><strong>Distributed Tracing</strong>: Better request flow tracking</li>
<li><strong>Metrics Collection</strong>: Enhanced performance monitoring</li>
<li><strong>Log Aggregation</strong>: Improved log management capabilities</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="3-edge-computing-support">
3. Edge Computing Support
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#3-edge-computing-support" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Edge Computing Support" href="#3-edge-computing-support">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Edge computing enhancements:</p>
<ul>
<li><strong>Lightweight Components</strong>: Optimized for resource-constrained environments</li>
<li><strong>Offline Operation</strong>: Better support for intermittent connectivity</li>
<li><strong>Local Processing</strong>: Reduced dependency on centralized resources</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="deprecations-and-removals">
Deprecations and Removals
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#deprecations-and-removals" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Deprecations and Removals" href="#deprecations-and-removals">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="deprecated-features">
Deprecated Features
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#deprecated-features" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Deprecated Features" href="#deprecated-features">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Several features have been deprecated in v1.30:</p>
<ul>
<li><strong>Legacy API Versions</strong>: Some older API versions are being phased out</li>
<li><strong>Deprecated Flags</strong>: Command-line flags that are no longer recommended</li>
<li><strong>Obsolete Configurations</strong>: Configuration options that have better alternatives</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="removed-features">
Removed Features
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#removed-features" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Removed Features" href="#removed-features">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Features removed in this release:</p>
<ul>
<li><strong>Unused Components</strong>: Components that are no longer maintained</li>
<li><strong>Deprecated APIs</strong>: APIs that have been deprecated for multiple releases</li>
<li><strong>Legacy Tools</strong>: Tools that have been replaced by newer alternatives</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="performance-improvements">
Performance Improvements
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#performance-improvements" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Performance Improvements" href="#performance-improvements">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="scheduler-enhancements">
Scheduler Enhancements
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#scheduler-enhancements" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Scheduler Enhancements" href="#scheduler-enhancements">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The Kubernetes scheduler has received significant improvements:</p>
<ul>
<li><strong>Faster Scheduling</strong>: Reduced scheduling latency</li>
<li><strong>Better Resource Utilization</strong>: More efficient resource allocation</li>
<li><strong>Enhanced Affinity Rules</strong>: Improved pod placement logic</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="api-server-optimizations">
API Server Optimizations
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#api-server-optimizations" class="gblog-post__anchor clip flex align-center" aria-label="Anchor API Server Optimizations" href="#api-server-optimizations">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>API server performance improvements:</p>
<ul>
<li><strong>Reduced Memory Usage</strong>: More efficient memory management</li>
<li><strong>Faster Request Processing</strong>: Improved response times</li>
<li><strong>Better Caching</strong>: Enhanced caching mechanisms</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="etcd-improvements">
etcd Improvements
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#etcd-improvements" class="gblog-post__anchor clip flex align-center" aria-label="Anchor etcd Improvements" href="#etcd-improvements">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>etcd, the backing store for Kubernetes, has been optimized:</p>
<ul>
<li><strong>Reduced Storage Requirements</strong>: More efficient data storage</li>
<li><strong>Faster Operations</strong>: Improved read and write performance</li>
<li><strong>Better Compression</strong>: Enhanced data compression algorithms</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="security-enhancements">
Security Enhancements
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#security-enhancements" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Security Enhancements" href="#security-enhancements">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="enhanced-authentication">
Enhanced Authentication
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#enhanced-authentication" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Enhanced Authentication" href="#enhanced-authentication">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>New authentication features include:</p>
<ul>
<li><strong>Multi-factor Authentication</strong>: Support for MFA in authentication flows</li>
<li><strong>Certificate Management</strong>: Improved certificate lifecycle management</li>
<li><strong>Token Security</strong>: Enhanced security for service account tokens</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="network-security">
Network Security
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#network-security" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Network Security" href="#network-security">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Network security improvements:</p>
<ul>
<li><strong>Encrypted Communication</strong>: Enhanced encryption for inter-component communication</li>
<li><strong>Network Policies</strong>: More sophisticated network policy enforcement</li>
<li><strong>Security Context</strong>: Improved security context handling</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="upgrade-considerations">
Upgrade Considerations
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#upgrade-considerations" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Upgrade Considerations" href="#upgrade-considerations">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="pre-upgrade-checklist">
Pre-upgrade Checklist
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#pre-upgrade-checklist" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Pre-upgrade Checklist" href="#pre-upgrade-checklist">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Before upgrading to v1.30:</p>
<ul>
<li><input disabled="" type="checkbox"> Review deprecation notices</li>
<li><input disabled="" type="checkbox"> Test applications in staging environment</li>
<li><input disabled="" type="checkbox"> Update client tools (kubectl, etc.)</li>
<li><input disabled="" type="checkbox"> Backup cluster configurations</li>
<li><input disabled="" type="checkbox"> Verify third-party tool compatibility</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="upgrade-process">
Upgrade Process
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#upgrade-process" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Upgrade Process" href="#upgrade-process">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The recommended upgrade process:</p>
<ol>
<li><strong>Backup</strong>: Create backups of all cluster data</li>
<li><strong>Test</strong>: Upgrade staging environment first</li>
<li><strong>Plan</strong>: Schedule production upgrade during maintenance window</li>
<li><strong>Execute</strong>: Perform rolling upgrade of control plane and nodes</li>
<li><strong>Validate</strong>: Verify all applications and services</li>
<li><strong>Monitor</strong>: Watch for any issues post-upgrade</li>
</ol>
<div class="gblog-post__anchorwrap">
<h3 id="rollback-plan">
Rollback Plan
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#rollback-plan" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Rollback Plan" href="#rollback-plan">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>In case of issues:</p>
<ul>
<li><strong>Immediate Rollback</strong>: Have previous version ready</li>
<li><strong>Data Recovery</strong>: Ensure backup restoration procedures</li>
<li><strong>Communication Plan</strong>: Notify stakeholders of any issues</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="community-impact">
Community Impact
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#community-impact" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Community Impact" href="#community-impact">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="contributor-statistics">
Contributor Statistics
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#contributor-statistics" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Contributor Statistics" href="#contributor-statistics">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The v1.30 release involved:</p>
<ul>
<li><strong>1,000+ Contributors</strong>: From around the world</li>
<li><strong>50+ Organizations</strong>: Contributing code and resources</li>
<li><strong>20+ Special Interest Groups</strong>: Coordinating development</li>
<li><strong>6 Months</strong>: Of active development</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="ecosystem-updates">
Ecosystem Updates
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#ecosystem-updates" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Ecosystem Updates" href="#ecosystem-updates">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The broader ecosystem has been updated:</p>
<ul>
<li><strong>Cloud Providers</strong>: Updated their managed Kubernetes services</li>
<li><strong>Tools and Platforms</strong>: Updated compatibility matrices</li>
<li><strong>Documentation</strong>: Comprehensive updates to official docs</li>
<li><strong>Training Materials</strong>: Updated certification and training programs</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="looking-forward">
Looking Forward
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#looking-forward" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Looking Forward" href="#looking-forward">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="v131-preview">
v1.31 Preview
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#v131-preview" class="gblog-post__anchor clip flex align-center" aria-label="Anchor v1.31 Preview" href="#v131-preview">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The community is already working on v1.31, which will include:</p>
<ul>
<li><strong>Continued Performance Improvements</strong>: Further optimizations</li>
<li><strong>New Alpha Features</strong>: Experimental capabilities</li>
<li><strong>Enhanced Security</strong>: Additional security features</li>
<li><strong>Better Usability</strong>: Improved developer and operator experience</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="long-term-roadmap">
Long-term Roadmap
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#long-term-roadmap" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Long-term Roadmap" href="#long-term-roadmap">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Future releases will focus on:</p>
<ul>
<li><strong>Simplification</strong>: Making Kubernetes easier to use</li>
<li><strong>Edge Computing</strong>: Better support for edge environments</li>
<li><strong>AI/ML Workloads</strong>: Enhanced support for machine learning</li>
<li><strong>Sustainability</strong>: Reducing resource consumption</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="conclusion">
Conclusion
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release/#conclusion" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Conclusion" href="#conclusion">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>The release of Kubernetes v1.30 “Uwubernetes” represents another significant step forward in the platform’s evolution. With 45 enhancements, improved performance, enhanced security, and better usability, this release continues Kubernetes’ tradition of innovation and stability.</p>
<p>The community’s commitment to backward compatibility, comprehensive testing, and user feedback ensures that upgrades are smooth and reliable. As organizations plan their upgrades to v1.30, they can be confident in the platform’s maturity and the community’s support.</p>
<p>The success of this release demonstrates the power of open-source collaboration and the strength of the Kubernetes ecosystem. With thousands of contributors, hundreds of organizations, and millions of users worldwide, Kubernetes continues to be the foundation of modern cloud-native computing.</p>
<hr>
<p><em>For more information about Kubernetes v1.30, visit the <a
class="gblog-markdown__link"
href="https://kubernetes.io/blog/2024/04/17/kubernetes-v1-30-release/"
>official release blog post</a> and the <a
class="gblog-markdown__link"
href="https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html"
>AWS EKS documentation</a>.</em></p>KubeCon Europe 2024: Key Themes and Trendshttps://k8s-ops.net/posts/kubecon-europe-2024-themes/2024-04-10T00:00:00+00:002025-07-04T14:01:11-04:00
<p>KubeCon + CloudNativeCon Europe 2024, held from March 19-22 in Paris, France, brought together thousands of cloud-native enthusiasts, developers, operators, and industry leaders. The event served as a showcase for the latest innovations in the Kubernetes ecosystem and provided insights into the direction of cloud-native computing. Here’s a comprehensive look at the key themes and trends that emerged from this landmark event.</p>
<div class="gblog-post__anchorwrap">
<h2 id="event-overview">
Event Overview
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#event-overview" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Event Overview" href="#event-overview">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="attendance-and-participation">
Attendance and Participation
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#attendance-and-participation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Attendance and Participation" href="#attendance-and-participation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The 2024 European edition of KubeCon attracted:</p>
<ul>
<li><strong>Over 8,000 Attendees</strong>: From 80+ countries</li>
<li><strong>300+ Sessions</strong>: Including keynotes, breakout sessions, and workshops</li>
<li><strong>200+ Sponsors</strong>: Representing the full spectrum of the cloud-native ecosystem</li>
<li><strong>50+ Special Interest Groups</strong>: Hosting meetings and discussions</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="venue-and-experience">
Venue and Experience
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#venue-and-experience" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Venue and Experience" href="#venue-and-experience">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Held at the Paris Expo Porte de Versailles, the event featured:</p>
<ul>
<li><strong>Multiple Tracks</strong>: Covering various aspects of cloud-native computing</li>
<li><strong>Interactive Workshops</strong>: Hands-on learning opportunities</li>
<li><strong>Networking Events</strong>: Community building and collaboration</li>
<li><strong>Exhibition Hall</strong>: Showcasing the latest tools and technologies</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="key-themes">
Key Themes
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#key-themes" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Key Themes" href="#key-themes">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-platform-engineering-evolution">
1. Platform Engineering Evolution
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#1-platform-engineering-evolution" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Platform Engineering Evolution" href="#1-platform-engineering-evolution">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Platform engineering emerged as a dominant theme, reflecting the industry’s shift toward internal developer platforms (IDPs):</p>
<div class="gblog-post__anchorwrap">
<h4 id="self-service-infrastructure">
Self-Service Infrastructure
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#self-service-infrastructure" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Self-Service Infrastructure" href="#self-service-infrastructure">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Organizations are increasingly adopting self-service approaches:</p>
<ul>
<li><strong>Developer Portals</strong>: Centralized interfaces for infrastructure access</li>
<li><strong>Automated Provisioning</strong>: Streamlined resource allocation</li>
<li><strong>Policy as Code</strong>: Automated compliance and governance</li>
<li><strong>Cost Optimization</strong>: Built-in cost management and monitoring</li>
</ul>
<div class="gblog-post__anchorwrap">
<h4 id="platform-teams">
Platform Teams
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#platform-teams" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Platform Teams" href="#platform-teams">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>The rise of dedicated platform teams:</p>
<ul>
<li><strong>Cross-functional Collaboration</strong>: Developers, operators, and security working together</li>
<li><strong>Developer Experience Focus</strong>: Prioritizing developer productivity</li>
<li><strong>Standardization</strong>: Consistent patterns and practices across organizations</li>
<li><strong>Tool Integration</strong>: Seamless integration of development tools</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="2-security-and-compliance">
2. Security and Compliance
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#2-security-and-compliance" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Security and Compliance" href="#2-security-and-compliance">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Security remained a top priority, with several sessions focusing on:</p>
<div class="gblog-post__anchorwrap">
<h4 id="zero-trust-architecture">
Zero Trust Architecture
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#zero-trust-architecture" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Zero Trust Architecture" href="#zero-trust-architecture">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Implementing zero trust principles in Kubernetes:</p>
<ul>
<li><strong>Identity-based Access</strong>: Moving beyond network-based security</li>
<li><strong>Continuous Verification</strong>: Ongoing authentication and authorization</li>
<li><strong>Least Privilege Access</strong>: Minimal required permissions</li>
<li><strong>Micro-segmentation</strong>: Granular network security policies</li>
</ul>
<div class="gblog-post__anchorwrap">
<h4 id="supply-chain-security">
Supply Chain Security
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#supply-chain-security" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Supply Chain Security" href="#supply-chain-security">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Addressing software supply chain vulnerabilities:</p>
<ul>
<li><strong>SBOM Integration</strong>: Software bill of materials for transparency</li>
<li><strong>Container Scanning</strong>: Automated vulnerability detection</li>
<li><strong>Signing and Verification</strong>: Ensuring artifact integrity</li>
<li><strong>Policy Enforcement</strong>: Automated security policy compliance</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="3-observability-and-monitoring">
3. Observability and Monitoring
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#3-observability-and-monitoring" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Observability and Monitoring" href="#3-observability-and-monitoring">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Observability took center stage with discussions on:</p>
<div class="gblog-post__anchorwrap">
<h4 id="unified-observability">
Unified Observability
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#unified-observability" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Unified Observability" href="#unified-observability">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Integrating monitoring, logging, and tracing:</p>
<ul>
<li><strong>OpenTelemetry</strong>: Standardizing observability data collection</li>
<li><strong>Distributed Tracing</strong>: End-to-end request tracking</li>
<li><strong>Metrics Aggregation</strong>: Centralized performance monitoring</li>
<li><strong>Alert Management</strong>: Intelligent alerting and incident response</li>
</ul>
<div class="gblog-post__anchorwrap">
<h4 id="aiml-observability">
AI/ML Observability
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#aiml-observability" class="gblog-post__anchor clip flex align-center" aria-label="Anchor AI/ML Observability" href="#aiml-observability">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Specialized monitoring for machine learning workloads:</p>
<ul>
<li><strong>Model Performance</strong>: Tracking ML model metrics</li>
<li><strong>Data Drift Detection</strong>: Monitoring input data changes</li>
<li><strong>Resource Utilization</strong>: Optimizing GPU and CPU usage</li>
<li><strong>Pipeline Monitoring</strong>: End-to-end ML pipeline visibility</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="4-edge-computing-and-iot">
4. Edge Computing and IoT
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#4-edge-computing-and-iot" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 4. Edge Computing and IoT" href="#4-edge-computing-and-iot">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Edge computing gained significant attention:</p>
<div class="gblog-post__anchorwrap">
<h4 id="kubernetes-at-the-edge">
Kubernetes at the Edge
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#kubernetes-at-the-edge" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Kubernetes at the Edge" href="#kubernetes-at-the-edge">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Extending Kubernetes to edge environments:</p>
<ul>
<li><strong>Lightweight Distributions</strong>: Optimized for resource-constrained devices</li>
<li><strong>Offline Operation</strong>: Functionality during connectivity issues</li>
<li><strong>Local Processing</strong>: Reduced dependency on centralized resources</li>
<li><strong>Multi-cluster Management</strong>: Coordinating distributed deployments</li>
</ul>
<div class="gblog-post__anchorwrap">
<h4 id="iot-integration">
IoT Integration
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#iot-integration" class="gblog-post__anchor clip flex align-center" aria-label="Anchor IoT Integration" href="#iot-integration">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Connecting IoT devices with Kubernetes:</p>
<ul>
<li><strong>Device Management</strong>: Automated device provisioning and updates</li>
<li><strong>Data Processing</strong>: Local and cloud-based data analytics</li>
<li><strong>Security</strong>: Secure communication and data handling</li>
<li><strong>Scalability</strong>: Managing thousands of connected devices</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="5-sustainability-and-green-computing">
5. Sustainability and Green Computing
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#5-sustainability-and-green-computing" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 5. Sustainability and Green Computing" href="#5-sustainability-and-green-computing">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Environmental impact became a prominent discussion topic:</p>
<div class="gblog-post__anchorwrap">
<h4 id="resource-optimization">
Resource Optimization
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#resource-optimization" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Resource Optimization" href="#resource-optimization">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Reducing the environmental footprint:</p>
<ul>
<li><strong>Energy-efficient Scheduling</strong>: Optimizing workload placement</li>
<li><strong>Resource Right-sizing</strong>: Matching resources to actual needs</li>
<li><strong>Idle Resource Management</strong>: Automatically scaling down unused resources</li>
<li><strong>Carbon-aware Computing</strong>: Considering environmental impact in decisions</li>
</ul>
<div class="gblog-post__anchorwrap">
<h4 id="sustainable-practices">
Sustainable Practices
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#sustainable-practices" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Sustainable Practices" href="#sustainable-practices">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Implementing green computing practices:</p>
<ul>
<li><strong>Renewable Energy</strong>: Using green energy sources</li>
<li><strong>Efficient Algorithms</strong>: Optimizing computational efficiency</li>
<li><strong>Lifecycle Management</strong>: Reducing electronic waste</li>
<li><strong>Carbon Tracking</strong>: Measuring and reporting environmental impact</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="technical-innovations">
Technical Innovations
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#technical-innovations" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Technical Innovations" href="#technical-innovations">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-webassembly-wasm-integration">
1. WebAssembly (Wasm) Integration
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#1-webassembly-wasm-integration" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. WebAssembly (Wasm) Integration" href="#1-webassembly-wasm-integration">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>WebAssembly emerged as a significant trend:</p>
<div class="gblog-post__anchorwrap">
<h4 id="wasm-in-kubernetes">
Wasm in Kubernetes
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#wasm-in-kubernetes" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Wasm in Kubernetes" href="#wasm-in-kubernetes">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Running WebAssembly workloads:</p>
<ul>
<li><strong>Cross-platform Compatibility</strong>: Same code across different architectures</li>
<li><strong>Security</strong>: Sandboxed execution environment</li>
<li><strong>Performance</strong>: Near-native performance for interpreted languages</li>
<li><strong>Use Cases</strong>: Serverless functions, edge computing, plugin systems</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="2-gitops-and-git-based-operations">
2. GitOps and Git-based Operations
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#2-gitops-and-git-based-operations" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. GitOps and Git-based Operations" href="#2-gitops-and-git-based-operations">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>GitOps continued to gain momentum:</p>
<div class="gblog-post__anchorwrap">
<h4 id="advanced-gitops-patterns">
Advanced GitOps Patterns
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#advanced-gitops-patterns" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Advanced GitOps Patterns" href="#advanced-gitops-patterns">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Evolving GitOps practices:</p>
<ul>
<li><strong>Multi-environment Management</strong>: Coordinating across environments</li>
<li><strong>Policy Enforcement</strong>: Automated compliance checking</li>
<li><strong>Rollback Strategies</strong>: Quick and reliable rollback mechanisms</li>
<li><strong>Security Integration</strong>: Secure Git-based workflows</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="3-service-mesh-evolution">
3. Service Mesh Evolution
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#3-service-mesh-evolution" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Service Mesh Evolution" href="#3-service-mesh-evolution">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Service mesh technology matured:</p>
<div class="gblog-post__anchorwrap">
<h4 id="next-generation-service-meshes">
Next-generation Service Meshes
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#next-generation-service-meshes" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Next-generation Service Meshes" href="#next-generation-service-meshes">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Advanced service mesh capabilities:</p>
<ul>
<li><strong>Performance Optimization</strong>: Reduced latency and overhead</li>
<li><strong>Security Enhancements</strong>: Advanced authentication and authorization</li>
<li><strong>Observability Integration</strong>: Built-in monitoring and tracing</li>
<li><strong>Multi-cluster Support</strong>: Cross-cluster communication</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="community-and-ecosystem">
Community and Ecosystem
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#community-and-ecosystem" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Community and Ecosystem" href="#community-and-ecosystem">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-diversity-and-inclusion">
1. Diversity and Inclusion
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#1-diversity-and-inclusion" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Diversity and Inclusion" href="#1-diversity-and-inclusion">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The community emphasized diversity:</p>
<div class="gblog-post__anchorwrap">
<h4 id="inclusive-practices">
Inclusive Practices
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#inclusive-practices" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Inclusive Practices" href="#inclusive-practices">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Building inclusive communities:</p>
<ul>
<li><strong>Diverse Representation</strong>: Ensuring diverse speaker lineups</li>
<li><strong>Accessibility</strong>: Making events accessible to all</li>
<li><strong>Mentorship Programs</strong>: Supporting new contributors</li>
<li><strong>Code of Conduct</strong>: Maintaining welcoming environments</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="2-education-and-training">
2. Education and Training
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#2-education-and-training" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Education and Training" href="#2-education-and-training">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Education remained a priority:</p>
<div class="gblog-post__anchorwrap">
<h4 id="learning-resources">
Learning Resources
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#learning-resources" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Learning Resources" href="#learning-resources">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Comprehensive educational offerings:</p>
<ul>
<li><strong>Certification Programs</strong>: Kubernetes and cloud-native certifications</li>
<li><strong>Hands-on Workshops</strong>: Practical learning experiences</li>
<li><strong>Documentation</strong>: Comprehensive and accessible documentation</li>
<li><strong>Community Support</strong>: Peer learning and support networks</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="3-open-source-sustainability">
3. Open Source Sustainability
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#3-open-source-sustainability" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Open Source Sustainability" href="#3-open-source-sustainability">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Ensuring long-term sustainability:</p>
<div class="gblog-post__anchorwrap">
<h4 id="project-maintenance">
Project Maintenance
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#project-maintenance" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Project Maintenance" href="#project-maintenance">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Maintaining open source projects:</p>
<ul>
<li><strong>Funding Models</strong>: Sustainable funding for open source</li>
<li><strong>Contributor Recognition</strong>: Acknowledging and rewarding contributors</li>
<li><strong>Governance</strong>: Transparent and inclusive governance</li>
<li><strong>Succession Planning</strong>: Ensuring project continuity</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="industry-impact">
Industry Impact
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#industry-impact" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Industry Impact" href="#industry-impact">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-enterprise-adoption">
1. Enterprise Adoption
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#1-enterprise-adoption" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Enterprise Adoption" href="#1-enterprise-adoption">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Enterprise Kubernetes adoption trends:</p>
<div class="gblog-post__anchorwrap">
<h4 id="production-deployments">
Production Deployments
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#production-deployments" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Production Deployments" href="#production-deployments">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Large-scale production use:</p>
<ul>
<li><strong>Multi-cluster Management</strong>: Managing hundreds of clusters</li>
<li><strong>Hybrid Cloud</strong>: Seamless cloud and on-premises integration</li>
<li><strong>Legacy Modernization</strong>: Migrating traditional applications</li>
<li><strong>Compliance</strong>: Meeting regulatory requirements</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="2-startup-innovation">
2. Startup Innovation
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#2-startup-innovation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Startup Innovation" href="#2-startup-innovation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Startup ecosystem growth:</p>
<div class="gblog-post__anchorwrap">
<h4 id="new-tools-and-platforms">
New Tools and Platforms
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#new-tools-and-platforms" class="gblog-post__anchor clip flex align-center" aria-label="Anchor New Tools and Platforms" href="#new-tools-and-platforms">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Innovative solutions emerging:</p>
<ul>
<li><strong>Developer Experience</strong>: Tools improving developer productivity</li>
<li><strong>Operations Automation</strong>: Reducing operational overhead</li>
<li><strong>Security Solutions</strong>: Addressing emerging security challenges</li>
<li><strong>Specialized Workloads</strong>: Domain-specific optimizations</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="looking-forward">
Looking Forward
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#looking-forward" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Looking Forward" href="#looking-forward">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-emerging-technologies">
1. Emerging Technologies
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#1-emerging-technologies" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Emerging Technologies" href="#1-emerging-technologies">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Future technology trends:</p>
<div class="gblog-post__anchorwrap">
<h4 id="quantum-computing">
Quantum Computing
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#quantum-computing" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Quantum Computing" href="#quantum-computing">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Preparing for quantum computing:</p>
<ul>
<li><strong>Quantum-ready Applications</strong>: Building quantum-compatible systems</li>
<li><strong>Hybrid Classical-Quantum</strong>: Integrating quantum and classical computing</li>
<li><strong>Security Implications</strong>: Addressing quantum security challenges</li>
<li><strong>Resource Management</strong>: Managing quantum computing resources</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="2-autonomous-operations">
2. Autonomous Operations
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#2-autonomous-operations" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Autonomous Operations" href="#2-autonomous-operations">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Moving toward autonomous systems:</p>
<div class="gblog-post__anchorwrap">
<h4 id="self-healing-systems">
Self-healing Systems
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#self-healing-systems" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Self-healing Systems" href="#self-healing-systems">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h4>
</div>
<p>Automated problem resolution:</p>
<ul>
<li><strong>Predictive Maintenance</strong>: Anticipating and preventing issues</li>
<li><strong>Automated Remediation</strong>: Self-correcting systems</li>
<li><strong>Intelligent Scaling</strong>: Automatic resource optimization</li>
<li><strong>Continuous Optimization</strong>: Ongoing performance improvement</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="conclusion">
Conclusion
<a data-clipboard-text="https://k8s-ops.net/posts/kubecon-europe-2024-themes/#conclusion" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Conclusion" href="#conclusion">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>KubeCon Europe 2024 demonstrated the continued evolution and maturity of the cloud-native ecosystem. The event highlighted the community’s commitment to innovation, security, sustainability, and inclusivity while showcasing the practical applications of Kubernetes and related technologies.</p>
<p>Key takeaways include:</p>
<ul>
<li><strong>Platform Engineering</strong>: The rise of internal developer platforms</li>
<li><strong>Security Focus</strong>: Continued emphasis on security and compliance</li>
<li><strong>Observability</strong>: Unified approaches to monitoring and debugging</li>
<li><strong>Edge Computing</strong>: Extending Kubernetes to edge environments</li>
<li><strong>Sustainability</strong>: Environmental considerations in cloud-native computing</li>
<li><strong>Community</strong>: Strong focus on diversity, inclusion, and education</li>
</ul>
<p>As the cloud-native ecosystem continues to evolve, events like KubeCon Europe provide valuable opportunities for learning, networking, and collaboration. The insights and trends from this event will shape the direction of cloud-native computing in the coming year and beyond.</p>
<p>The success of KubeCon Europe 2024 reflects the strength and vitality of the cloud-native community, demonstrating that Kubernetes and related technologies continue to be at the forefront of modern application development and deployment.</p>
<hr>
<p><em>For more information about KubeCon Europe 2024, visit the <a
class="gblog-markdown__link"
href="https://events.linuxfoundation.org/archive/2024/kubecon-cloudnativecon-europe/"
>official event archive</a>.</em></p>Ten Years of Kubernetes: Reflections from Jan 2024https://k8s-ops.net/posts/kubernetes-ten-years-reflections/2024-01-30T00:00:00+00:002025-07-04T14:01:11-04:00
<p>As Kubernetes entered its 10th year in January 2024, the community took a moment to reflect on the incredible journey that transformed container orchestration from a Google internal project into the de facto standard for cloud-native applications. This milestone represents not just technological achievement, but a testament to the power of open-source collaboration and community-driven innovation.</p>
<div class="gblog-post__anchorwrap">
<h2 id="the-genesis-from-borg-to-kubernetes">
The Genesis: From Borg to Kubernetes
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-ten-years-reflections/#the-genesis-from-borg-to-kubernetes" class="gblog-post__anchor clip flex align-center" aria-label="Anchor The Genesis: From Borg to Kubernetes" href="#the-genesis-from-borg-to-kubernetes">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>Kubernetes was born from Google’s internal container orchestration system, Borg, which had been managing Google’s massive infrastructure for over a decade. In 2014, Google open-sourced the technology, releasing it as Kubernetes 1.0 in July 2015. The name “Kubernetes” comes from the Greek word for “helmsman” or “pilot,” reflecting its role in steering containerized applications.</p>
<div class="gblog-post__anchorwrap">
<h3 id="early-days-and-challenges">
Early Days and Challenges
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-ten-years-reflections/#early-days-and-challenges" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Early Days and Challenges" href="#early-days-and-challenges">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The initial years were marked by:</p>
<ul>
<li><strong>Complexity</strong>: Early versions required deep expertise to operate</li>
<li><strong>Ecosystem Development</strong>: Building the surrounding tools and practices</li>
<li><strong>Community Building</strong>: Establishing governance and contribution processes</li>
<li><strong>Adoption Challenges</strong>: Convincing organizations to embrace containers</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="evolution-through-the-years">
Evolution Through the Years
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-ten-years-reflections/#evolution-through-the-years" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Evolution Through the Years" href="#evolution-through-the-years">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="2015-2017-foundation-building">
2015-2017: Foundation Building
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-ten-years-reflections/#2015-2017-foundation-building" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2015-2017: Foundation Building" href="#2015-2017-foundation-building">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The first few years focused on establishing core functionality:</p>
<ul>
<li><strong>Basic Orchestration</strong>: Pod scheduling, service discovery, load balancing</li>
<li><strong>API Stability</strong>: Establishing the Kubernetes API as the foundation</li>
<li><strong>Community Growth</strong>: Building the initial contributor base</li>
<li><strong>Cloud Provider Integration</strong>: Working with major cloud providers</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="2018-2020-enterprise-adoption">
2018-2020: Enterprise Adoption
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-ten-years-reflections/#2018-2020-enterprise-adoption" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2018-2020: Enterprise Adoption" href="#2018-2020-enterprise-adoption">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>This period saw Kubernetes become mainstream:</p>
<ul>
<li><strong>Enterprise Features</strong>: RBAC, network policies, storage classes</li>
<li><strong>Ecosystem Explosion</strong>: Helm, Istio, Prometheus, and countless other tools</li>
<li><strong>Cloud-Native Foundation</strong>: Establishment of the CNCF</li>
<li><strong>Production Readiness</strong>: Major enterprises adopting Kubernetes</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="2021-2023-maturity-and-scale">
2021-2023: Maturity and Scale
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-ten-years-reflections/#2021-2023-maturity-and-scale" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2021-2023: Maturity and Scale" href="#2021-2023-maturity-and-scale">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Recent years have focused on:</p>
<ul>
<li><strong>Performance</strong>: Optimizing for large-scale deployments</li>
<li><strong>Security</strong>: Enhanced security features and best practices</li>
<li><strong>Usability</strong>: Improving developer and operator experience</li>
<li><strong>Edge Computing</strong>: Extending Kubernetes to edge environments</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="key-milestones-and-achievements">
Key Milestones and Achievements
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-ten-years-reflections/#key-milestones-and-achievements" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Key Milestones and Achievements" href="#key-milestones-and-achievements">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="community-growth">
Community Growth
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-ten-years-reflections/#community-growth" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Community Growth" href="#community-growth">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li><strong>Contributors</strong>: From a handful to thousands of active contributors</li>
<li><strong>Organizations</strong>: From Google to hundreds of companies contributing</li>
<li><strong>Geographic Diversity</strong>: Global community with contributors from around the world</li>
<li><strong>Governance</strong>: Mature governance structure with multiple SIGs and working groups</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="technical-achievements">
Technical Achievements
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-ten-years-reflections/#technical-achievements" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Technical Achievements" href="#technical-achievements">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li><strong>API Stability</strong>: Backward compatibility maintained across major versions</li>
<li><strong>Performance</strong>: Handles millions of containers across thousands of nodes</li>
<li><strong>Security</strong>: Comprehensive security model with RBAC, network policies, and more</li>
<li><strong>Extensibility</strong>: Rich ecosystem of operators, CRDs, and custom resources</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="industry-impact">
Industry Impact
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-ten-years-reflections/#industry-impact" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Industry Impact" href="#industry-impact">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li><strong>Standardization</strong>: De facto standard for container orchestration</li>
<li><strong>Ecosystem</strong>: Trillion-dollar ecosystem of tools and services</li>
<li><strong>Skills</strong>: New job roles and career paths in cloud-native technologies</li>
<li><strong>Innovation</strong>: Enabling new application architectures and deployment patterns</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="lessons-learned">
Lessons Learned
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-ten-years-reflections/#lessons-learned" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Lessons Learned" href="#lessons-learned">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="community-driven-development">
Community-Driven Development
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-ten-years-reflections/#community-driven-development" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Community-Driven Development" href="#community-driven-development">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The success of Kubernetes demonstrates the power of:</p>
<ul>
<li><strong>Open Governance</strong>: Transparent decision-making processes</li>
<li><strong>Inclusive Community</strong>: Welcoming contributors from all backgrounds</li>
<li><strong>Meritocracy</strong>: Contributions valued over organizational affiliation</li>
<li><strong>Long-term Vision</strong>: Balancing immediate needs with long-term sustainability</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="technical-excellence">
Technical Excellence
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-ten-years-reflections/#technical-excellence" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Technical Excellence" href="#technical-excellence">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Key technical principles that guided development:</p>
<ul>
<li><strong>API-First Design</strong>: Everything exposed through consistent APIs</li>
<li><strong>Declarative Configuration</strong>: Desired state over imperative commands</li>
<li><strong>Extensibility</strong>: Plugin architecture for custom functionality</li>
<li><strong>Backward Compatibility</strong>: Careful evolution without breaking changes</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="operational-excellence">
Operational Excellence
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-ten-years-reflections/#operational-excellence" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Operational Excellence" href="#operational-excellence">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Operational insights gained:</p>
<ul>
<li><strong>Automation</strong>: Automate everything possible</li>
<li><strong>Observability</strong>: Comprehensive monitoring and logging</li>
<li><strong>Security</strong>: Security by design, not as an afterthought</li>
<li><strong>Documentation</strong>: Clear, comprehensive documentation</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="current-state-and-challenges">
Current State and Challenges
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-ten-years-reflections/#current-state-and-challenges" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Current State and Challenges" href="#current-state-and-challenges">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="success-metrics">
Success Metrics
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-ten-years-reflections/#success-metrics" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Success Metrics" href="#success-metrics">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>As of January 2024, Kubernetes has achieved:</p>
<ul>
<li><strong>Widespread Adoption</strong>: Used by 96% of organizations surveyed</li>
<li><strong>Production Deployments</strong>: Running critical workloads worldwide</li>
<li><strong>Vendor Support</strong>: Supported by all major cloud providers</li>
<li><strong>Ecosystem Maturity</strong>: Rich tooling and best practices</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="ongoing-challenges">
Ongoing Challenges
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-ten-years-reflections/#ongoing-challenges" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Ongoing Challenges" href="#ongoing-challenges">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Despite success, challenges remain:</p>
<ul>
<li><strong>Complexity</strong>: Still complex for new users and small teams</li>
<li><strong>Learning Curve</strong>: Steep learning curve for operators and developers</li>
<li><strong>Resource Requirements</strong>: Significant resources needed for production deployments</li>
<li><strong>Security</strong>: Ongoing security challenges in distributed systems</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="looking-forward-the-next-decade">
Looking Forward: The Next Decade
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-ten-years-reflections/#looking-forward-the-next-decade" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Looking Forward: The Next Decade" href="#looking-forward-the-next-decade">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="emerging-trends">
Emerging Trends
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-ten-years-reflections/#emerging-trends" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Emerging Trends" href="#emerging-trends">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The community is focused on:</p>
<ul>
<li><strong>Simplification</strong>: Making Kubernetes easier to use and operate</li>
<li><strong>Edge Computing</strong>: Extending to edge and IoT environments</li>
<li><strong>AI/ML Workloads</strong>: Better support for machine learning workloads</li>
<li><strong>Sustainability</strong>: Reducing resource consumption and environmental impact</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="technology-evolution">
Technology Evolution
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-ten-years-reflections/#technology-evolution" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Technology Evolution" href="#technology-evolution">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Future directions include:</p>
<ul>
<li><strong>WebAssembly</strong>: Integration with WebAssembly for new workload types</li>
<li><strong>Quantum Computing</strong>: Preparing for quantum computing workloads</li>
<li><strong>Autonomous Operations</strong>: Self-healing and self-optimizing clusters</li>
<li><strong>Cross-Platform</strong>: Better support for diverse hardware architectures</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="community-evolution">
Community Evolution
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-ten-years-reflections/#community-evolution" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Community Evolution" href="#community-evolution">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>The community continues to evolve:</p>
<ul>
<li><strong>Diversity</strong>: Increasing diversity in contributors and leadership</li>
<li><strong>Education</strong>: Better educational resources and training programs</li>
<li><strong>Sustainability</strong>: Ensuring long-term project sustainability</li>
<li><strong>Global Reach</strong>: Expanding to new regions and markets</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="personal-reflections">
Personal Reflections
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-ten-years-reflections/#personal-reflections" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Personal Reflections" href="#personal-reflections">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="from-contributors">
From Contributors
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-ten-years-reflections/#from-contributors" class="gblog-post__anchor clip flex align-center" aria-label="Anchor From Contributors" href="#from-contributors">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Long-time contributors reflect on:</p>
<ul>
<li><strong>Growth</strong>: Personal and professional growth through contribution</li>
<li><strong>Friendships</strong>: Lifelong friendships formed through collaboration</li>
<li><strong>Impact</strong>: Satisfaction from building technology used by millions</li>
<li><strong>Learning</strong>: Continuous learning and skill development</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="from-users">
From Users
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-ten-years-reflections/#from-users" class="gblog-post__anchor clip flex align-center" aria-label="Anchor From Users" href="#from-users">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Organizations share:</p>
<ul>
<li><strong>Transformation</strong>: How Kubernetes transformed their operations</li>
<li><strong>Innovation</strong>: New capabilities and business opportunities</li>
<li><strong>Challenges</strong>: Lessons learned from adoption and migration</li>
<li><strong>Success</strong>: Measurable improvements in efficiency and reliability</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="the-kubernetes-effect">
The Kubernetes Effect
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-ten-years-reflections/#the-kubernetes-effect" class="gblog-post__anchor clip flex align-center" aria-label="Anchor The Kubernetes Effect" href="#the-kubernetes-effect">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>Kubernetes has had a profound impact on:</p>
<div class="gblog-post__anchorwrap">
<h3 id="software-development">
Software Development
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-ten-years-reflections/#software-development" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Software Development" href="#software-development">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li><strong>Microservices</strong>: Enabled widespread adoption of microservices architecture</li>
<li><strong>DevOps</strong>: Accelerated DevOps practices and culture</li>
<li><strong>Cloud-Native</strong>: Defined the cloud-native computing paradigm</li>
<li><strong>Open Source</strong>: Demonstrated the power of open-source collaboration</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="industry-transformation">
Industry Transformation
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-ten-years-reflections/#industry-transformation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Industry Transformation" href="#industry-transformation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li><strong>Digital Transformation</strong>: Enabled organizations to modernize their infrastructure</li>
<li><strong>Competitive Advantage</strong>: Provided tools for faster innovation</li>
<li><strong>Cost Optimization</strong>: Reduced infrastructure costs through better resource utilization</li>
<li><strong>Talent Development</strong>: Created new career opportunities and skill requirements</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="conclusion">
Conclusion
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-ten-years-reflections/#conclusion" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Conclusion" href="#conclusion">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>As Kubernetes enters its second decade, the project stands as a testament to what’s possible when talented people collaborate on solving real-world problems. The journey from a Google internal project to the foundation of modern cloud computing has been remarkable, but the best may still be ahead.</p>
<p>The community’s commitment to innovation, inclusivity, and excellence ensures that Kubernetes will continue to evolve and adapt to meet the changing needs of the technology landscape. The next decade promises even more exciting developments as Kubernetes continues to shape the future of computing.</p>
<p>The success of Kubernetes is not just about the technology—it’s about the people, the community, and the shared vision of making computing more accessible, efficient, and powerful for everyone.</p>
<hr>
<p><em>For more reflections on Kubernetes’ 10-year journey, check out the <a
class="gblog-markdown__link"
href="https://kubernetes.io/blog/2024/06/06/10-years-of-kubernetes/"
>official anniversary blog post</a>.</em></p>Kubernetes v1.30 Alpha Features Unveiledhttps://k8s-ops.net/posts/kubernetes-v1-30-alpha-features-unveiled/2024-01-25T00:00:00+00:002025-07-04T14:01:11-04:00
<p>As the Kubernetes v1.30 release cycle gained momentum in January 2024, the community unveiled several exciting alpha features that would shape the future of container orchestration. These early-stage features represent the cutting edge of Kubernetes development, offering glimpses into the platform’s evolution and the community’s vision for improved container management.</p>
<div class="gblog-post__anchorwrap">
<h2 id="structured-logging-a-new-era-of-debugging">
Structured Logging: A New Era of Debugging
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-alpha-features-unveiled/#structured-logging-a-new-era-of-debugging" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Structured Logging: A New Era of Debugging" href="#structured-logging-a-new-era-of-debugging">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>One of the most anticipated alpha features in v1.30 is the enhanced structured logging capabilities. This feature addresses a long-standing challenge in Kubernetes: making logs more machine-readable and easier to parse for monitoring and debugging purposes.</p>
<div class="gblog-post__anchorwrap">
<h3 id="what-is-structured-logging">
What is Structured Logging?
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-alpha-features-unveiled/#what-is-structured-logging" class="gblog-post__anchor clip flex align-center" aria-label="Anchor What is Structured Logging?" href="#what-is-structured-logging">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Structured logging transforms traditional text-based logs into structured data formats (typically JSON), making them:</p>
<ul>
<li><strong>Machine-readable</strong>: Easier to parse and analyze programmatically</li>
<li><strong>Searchable</strong>: Better indexing and querying capabilities</li>
<li><strong>Consistent</strong>: Standardized format across all Kubernetes components</li>
<li><strong>Extensible</strong>: Additional metadata can be easily added</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="benefits-for-operators">
Benefits for Operators
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-alpha-features-unveiled/#benefits-for-operators" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Benefits for Operators" href="#benefits-for-operators">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json"><span class="line"><span class="cl"><span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="nt">"level"</span><span class="p">:</span> <span class="s2">"info"</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nt">"timestamp"</span><span class="p">:</span> <span class="s2">"2024-01-25T10:30:00Z"</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nt">"component"</span><span class="p">:</span> <span class="s2">"kube-scheduler"</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nt">"message"</span><span class="p">:</span> <span class="s2">"Pod scheduled successfully"</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nt">"pod"</span><span class="p">:</span> <span class="s2">"nginx-deployment-abc123"</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nt">"node"</span><span class="p">:</span> <span class="s2">"worker-node-1"</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nt">"namespace"</span><span class="p">:</span> <span class="s2">"default"</span>
</span></span><span class="line"><span class="cl"><span class="p">}</span>
</span></span></code></pre></div><p>This structured format enables:</p>
<ul>
<li><strong>Better Monitoring</strong>: Integration with log aggregation systems</li>
<li><strong>Faster Debugging</strong>: Quick identification of issues</li>
<li><strong>Automated Analysis</strong>: Machine learning-based anomaly detection</li>
<li><strong>Compliance</strong>: Easier audit trail generation</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="node-swap-support-memory-management-evolution">
Node Swap Support: Memory Management Evolution
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-alpha-features-unveiled/#node-swap-support-memory-management-evolution" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Node Swap Support: Memory Management Evolution" href="#node-swap-support-memory-management-evolution">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>Another significant alpha feature is the introduction of swap support on Linux nodes. This feature allows Kubernetes to work with systems that have swap memory enabled, providing more flexible memory management options.</p>
<div class="gblog-post__anchorwrap">
<h3 id="understanding-node-swap">
Understanding Node Swap
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-alpha-features-unveiled/#understanding-node-swap" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Understanding Node Swap" href="#understanding-node-swap">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Traditionally, Kubernetes has discouraged swap usage due to performance and predictability concerns. However, the new swap support feature provides:</p>
<ul>
<li><strong>Configurable Swap Behavior</strong>: Admins can control swap usage per node</li>
<li><strong>Memory Pressure Handling</strong>: Better management of memory-constrained environments</li>
<li><strong>Development Flexibility</strong>: Easier local development setups</li>
<li><strong>Resource Optimization</strong>: More efficient use of available memory</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="implementation-considerations">
Implementation Considerations
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-alpha-features-unveiled/#implementation-considerations" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Implementation Considerations" href="#implementation-considerations">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Node</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">worker-node-1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">config</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">swapBehavior</span><span class="p">:</span><span class="w"> </span><span class="s2">"NoSwap"</span><span class="w"> </span><span class="c"># or "LimitedSwap", "UnlimitedSwap"</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="use-cases">
Use Cases
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-alpha-features-unveiled/#use-cases" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Use Cases" href="#use-cases">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li><strong>Development Environments</strong>: Local clusters with limited RAM</li>
<li><strong>Edge Computing</strong>: Resource-constrained edge nodes</li>
<li><strong>Legacy Systems</strong>: Integration with existing infrastructure</li>
<li><strong>Cost Optimization</strong>: Better resource utilization in cloud environments</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="dynamic-resource-allocation-dra-advanced-resource-management">
Dynamic Resource Allocation (DRA): Advanced Resource Management
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-alpha-features-unveiled/#dynamic-resource-allocation-dra-advanced-resource-management" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Dynamic Resource Allocation (DRA): Advanced Resource Management" href="#dynamic-resource-allocation-dra-advanced-resource-management">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>The Dynamic Resource Allocation feature represents a significant advancement in how Kubernetes handles specialized hardware resources. This alpha feature enables more sophisticated resource allocation beyond the traditional CPU and memory model.</p>
<div class="gblog-post__anchorwrap">
<h3 id="what-is-dra">
What is DRA?
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-alpha-features-unveiled/#what-is-dra" class="gblog-post__anchor clip flex align-center" aria-label="Anchor What is DRA?" href="#what-is-dra">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>DRA allows Kubernetes to:</p>
<ul>
<li><strong>Allocate Specialized Hardware</strong>: GPUs, FPGAs, specialized accelerators</li>
<li><strong>Dynamic Resource Management</strong>: Runtime allocation and deallocation</li>
<li><strong>Resource Sharing</strong>: Multiple pods can share expensive hardware</li>
<li><strong>Custom Resource Types</strong>: Support for vendor-specific resources</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="key-components">
Key Components
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-alpha-features-unveiled/#key-components" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Key Components" href="#key-components">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ol>
<li><strong>Resource Claims</strong>: Pods request specific resources</li>
<li><strong>Resource Drivers</strong>: Plugins that manage specific resource types</li>
<li><strong>Scheduling Integration</strong>: Scheduler considers resource availability</li>
<li><strong>Runtime Management</strong>: Dynamic allocation during pod lifecycle</li>
</ol>
<div class="gblog-post__anchorwrap">
<h3 id="example-implementation">
Example Implementation
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-alpha-features-unveiled/#example-implementation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Example Implementation" href="#example-implementation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">resource.k8s.io/v1alpha2</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ResourceClaim</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">gpu-claim</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">resourceClassName</span><span class="p">:</span><span class="w"> </span><span class="l">nvidia.com/gpu</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">parametersRef</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">apiGroup</span><span class="p">:</span><span class="w"> </span><span class="l">nvidia.com</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">GPUParameters</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">gpu-config</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nn">---</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Pod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">gpu-pod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">resourceClaims</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">gpu-claim</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">resourceClaimName</span><span class="p">:</span><span class="w"> </span><span class="l">gpu-claim</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">gpu-container</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">nvidia/cuda:latest</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h2 id="security-enhancements">
Security Enhancements
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-alpha-features-unveiled/#security-enhancements" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Security Enhancements" href="#security-enhancements">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>The v1.30 alpha release also includes several security-focused improvements:</p>
<div class="gblog-post__anchorwrap">
<h3 id="enhanced-rbac">
Enhanced RBAC
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-alpha-features-unveiled/#enhanced-rbac" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Enhanced RBAC" href="#enhanced-rbac">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li><strong>Fine-grained Permissions</strong>: More granular access control</li>
<li><strong>Conditional Access</strong>: Context-aware authorization</li>
<li><strong>Audit Improvements</strong>: Better security event tracking</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="network-policy-enhancements">
Network Policy Enhancements
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-alpha-features-unveiled/#network-policy-enhancements" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Network Policy Enhancements" href="#network-policy-enhancements">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li><strong>Advanced Traffic Control</strong>: More sophisticated network rules</li>
<li><strong>Protocol Support</strong>: Enhanced protocol-level filtering</li>
<li><strong>Performance Optimizations</strong>: Faster policy enforcement</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="testing-alpha-features">
Testing Alpha Features
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-alpha-features-unveiled/#testing-alpha-features" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Testing Alpha Features" href="#testing-alpha-features">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="enabling-alpha-features">
Enabling Alpha Features
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-alpha-features-unveiled/#enabling-alpha-features" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Enabling Alpha Features" href="#enabling-alpha-features">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>To test these alpha features, you’ll need to:</p>
<ol>
<li><strong>Enable Feature Gates</strong>: Configure the appropriate feature flags</li>
<li><strong>Use Alpha APIs</strong>: Access the alpha API versions</li>
<li><strong>Monitor Stability</strong>: Alpha features may change or be removed</li>
<li><strong>Provide Feedback</strong>: Report issues and suggestions to the community</li>
</ol>
<div class="gblog-post__anchorwrap">
<h3 id="example-configuration">
Example Configuration
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-alpha-features-unveiled/#example-configuration" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Example Configuration" href="#example-configuration">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">kubeadm.k8s.io/v1beta3</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ClusterConfiguration</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">apiServer</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">extraArgs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">feature-gates</span><span class="p">:</span><span class="w"> </span><span class="s2">"StructuredLogging=true,NodeSwap=true,DynamicResourceAllocation=true"</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h2 id="community-impact">
Community Impact
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-alpha-features-unveiled/#community-impact" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Community Impact" href="#community-impact">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>These alpha features demonstrate the Kubernetes community’s commitment to:</p>
<ul>
<li><strong>Innovation</strong>: Pushing the boundaries of container orchestration</li>
<li><strong>User Needs</strong>: Addressing real-world operational challenges</li>
<li><strong>Performance</strong>: Improving system efficiency and resource utilization</li>
<li><strong>Flexibility</strong>: Supporting diverse deployment scenarios</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="looking-forward">
Looking Forward
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-alpha-features-unveiled/#looking-forward" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Looking Forward" href="#looking-forward">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>As these features progress through the alpha, beta, and stable phases, they will:</p>
<ol>
<li><strong>Mature</strong>: Become more stable and production-ready</li>
<li><strong>Evolve</strong>: Incorporate community feedback and improvements</li>
<li><strong>Integrate</strong>: Work seamlessly with existing Kubernetes features</li>
<li><strong>Standardize</strong>: Become part of the core Kubernetes experience</li>
</ol>
<div class="gblog-post__anchorwrap">
<h2 id="getting-involved">
Getting Involved
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-alpha-features-unveiled/#getting-involved" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Getting Involved" href="#getting-involved">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>The alpha phase is the perfect time to:</p>
<ul>
<li><strong>Test Features</strong>: Try them in non-production environments</li>
<li><strong>Provide Feedback</strong>: Report bugs and suggest improvements</li>
<li><strong>Contribute</strong>: Help develop and refine these features</li>
<li><strong>Document</strong>: Share experiences and best practices</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="conclusion">
Conclusion
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-alpha-features-unveiled/#conclusion" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Conclusion" href="#conclusion">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>The alpha features unveiled in Kubernetes v1.30 represent an exciting glimpse into the future of container orchestration. From improved logging and memory management to advanced resource allocation, these features address real-world challenges faced by Kubernetes operators and developers.</p>
<p>While these features are still in alpha and not recommended for production use, they provide valuable insights into the direction of Kubernetes development and offer opportunities for early adopters to shape the future of the platform.</p>
<p>The community’s continued focus on innovation, performance, and usability ensures that Kubernetes remains at the forefront of container orchestration technology, meeting the evolving needs of modern application deployment.</p>
<hr>
<p><em>For more details about upcoming changes in Kubernetes v1.30, check out the <a
class="gblog-markdown__link"
href="https://kubernetes.io/blog/2024/03/12/kubernetes-1-30-upcoming-changes/"
>official preview blog post</a>.</em></p>Kubernetes 1.29 EOL Prephttps://k8s-ops.net/posts/kubernetes-1-29-eol-prep/2024-01-20T00:00:00+00:002025-07-04T14:01:11-04:00
<p>With Kubernetes v1.29 reaching End of Life (EOL) on February 24, 2024, organizations running this version need to plan their upgrade strategy carefully. This milestone represents a critical transition point that requires thoughtful preparation to ensure continued support and security for your Kubernetes clusters.</p>
<div class="gblog-post__anchorwrap">
<h2 id="understanding-eol-implications">
Understanding EOL Implications
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-1-29-eol-prep/#understanding-eol-implications" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Understanding EOL Implications" href="#understanding-eol-implications">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>When a Kubernetes version reaches EOL, it means:</p>
<ul>
<li><strong>No More Security Patches</strong>: Critical security vulnerabilities won’t be patched</li>
<li><strong>No Bug Fixes</strong>: Known issues will remain unresolved</li>
<li><strong>No Feature Updates</strong>: New features and improvements won’t be backported</li>
<li><strong>Reduced Support</strong>: Community support becomes limited</li>
<li><strong>Compliance Risks</strong>: Running EOL software may violate security policies</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="planning-your-upgrade-strategy">
Planning Your Upgrade Strategy
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-1-29-eol-prep/#planning-your-upgrade-strategy" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Planning Your Upgrade Strategy" href="#planning-your-upgrade-strategy">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-assess-your-current-state">
1. Assess Your Current State
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-1-29-eol-prep/#1-assess-your-current-state" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Assess Your Current State" href="#1-assess-your-current-state">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Before planning your upgrade, take inventory of your current setup:</p>
<ul>
<li><strong>Cluster Versions</strong>: Identify all clusters running v1.29</li>
<li><strong>Application Dependencies</strong>: Check if any applications have version-specific requirements</li>
<li><strong>Custom Resources</strong>: Review any custom resource definitions (CRDs) that might be affected</li>
<li><strong>Third-party Tools</strong>: Verify compatibility of monitoring, logging, and other tools</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="2-choose-your-target-version">
2. Choose Your Target Version
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-1-29-eol-prep/#2-choose-your-target-version" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Choose Your Target Version" href="#2-choose-your-target-version">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>For v1.29 clusters, the recommended upgrade path is to v1.30 or v1.31, depending on your timeline:</p>
<ul>
<li><strong>v1.30</strong>: Released in April 2024, offers immediate upgrade path</li>
<li><strong>v1.31</strong>: Released in August 2024, provides longer support window</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="3-create-a-migration-timeline">
3. Create a Migration Timeline
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-1-29-eol-prep/#3-create-a-migration-timeline" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Create a Migration Timeline" href="#3-create-a-migration-timeline">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>A typical upgrade timeline should include:</p>
<ul>
<li><strong>Week 1-2</strong>: Environment preparation and testing</li>
<li><strong>Week 3-4</strong>: Staging environment upgrades</li>
<li><strong>Week 5-6</strong>: Production upgrades (during maintenance windows)</li>
<li><strong>Week 7</strong>: Post-upgrade validation and monitoring</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="pre-upgrade-checklist">
Pre-Upgrade Checklist
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-1-29-eol-prep/#pre-upgrade-checklist" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Pre-Upgrade Checklist" href="#pre-upgrade-checklist">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="infrastructure-preparation">
Infrastructure Preparation
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-1-29-eol-prep/#infrastructure-preparation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Infrastructure Preparation" href="#infrastructure-preparation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li><input disabled="" type="checkbox"> Backup all cluster configurations and data</li>
<li><input disabled="" type="checkbox"> Verify sufficient resources for upgrade process</li>
<li><input disabled="" type="checkbox"> Update kubectl and other client tools</li>
<li><input disabled="" type="checkbox"> Review and update any custom admission controllers</li>
<li><input disabled="" type="checkbox"> Check storage class compatibility</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="application-preparation">
Application Preparation
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-1-29-eol-prep/#application-preparation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Application Preparation" href="#application-preparation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li><input disabled="" type="checkbox"> Review application manifests for deprecated APIs</li>
<li><input disabled="" type="checkbox"> Test applications in staging environment</li>
<li><input disabled="" type="checkbox"> Update any version-specific configurations</li>
<li><input disabled="" type="checkbox"> Verify monitoring and alerting still work</li>
<li><input disabled="" type="checkbox"> Check logging and tracing functionality</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="team-preparation">
Team Preparation
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-1-29-eol-prep/#team-preparation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Team Preparation" href="#team-preparation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li><input disabled="" type="checkbox"> Schedule maintenance windows with stakeholders</li>
<li><input disabled="" type="checkbox"> Prepare rollback procedures</li>
<li><input disabled="" type="checkbox"> Train team on new features and changes</li>
<li><input disabled="" type="checkbox"> Update runbooks and documentation</li>
<li><input disabled="" type="checkbox"> Set up additional monitoring during upgrade</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="upgrade-best-practices">
Upgrade Best Practices
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-1-29-eol-prep/#upgrade-best-practices" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Upgrade Best Practices" href="#upgrade-best-practices">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="1-follow-the-upgrade-path">
1. Follow the Upgrade Path
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-1-29-eol-prep/#1-follow-the-upgrade-path" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Follow the Upgrade Path" href="#1-follow-the-upgrade-path">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Kubernetes requires sequential upgrades. Don’t skip versions:</p>
<pre tabindex="0"><code>v1.29 → v1.30 → v1.31 (if needed)
</code></pre><div class="gblog-post__anchorwrap">
<h3 id="2-test-thoroughly">
2. Test Thoroughly
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-1-29-eol-prep/#2-test-thoroughly" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Test Thoroughly" href="#2-test-thoroughly">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li><strong>Unit Testing</strong>: Test individual components</li>
<li><strong>Integration Testing</strong>: Test component interactions</li>
<li><strong>End-to-End Testing</strong>: Test complete workflows</li>
<li><strong>Performance Testing</strong>: Verify no performance regressions</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="3-use-rolling-updates">
3. Use Rolling Updates
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-1-29-eol-prep/#3-use-rolling-updates" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Use Rolling Updates" href="#3-use-rolling-updates">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>For production clusters, use rolling updates to minimize downtime:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Example rolling update command</span>
</span></span><span class="line"><span class="cl">kubectl rolling-update deployment-name --image<span class="o">=</span>new-image:tag
</span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="4-monitor-during-upgrade">
4. Monitor During Upgrade
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-1-29-eol-prep/#4-monitor-during-upgrade" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 4. Monitor During Upgrade" href="#4-monitor-during-upgrade">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Set up additional monitoring during the upgrade process:</p>
<ul>
<li><strong>Cluster Health</strong>: Monitor API server, etcd, and control plane</li>
<li><strong>Application Health</strong>: Watch application metrics and logs</li>
<li><strong>Resource Usage</strong>: Monitor CPU, memory, and storage</li>
<li><strong>Network Connectivity</strong>: Verify service mesh and networking</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="post-upgrade-validation">
Post-Upgrade Validation
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-1-29-eol-prep/#post-upgrade-validation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Post-Upgrade Validation" href="#post-upgrade-validation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>After completing the upgrade:</p>
<div class="gblog-post__anchorwrap">
<h3 id="1-verify-cluster-health">
1. Verify Cluster Health
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-1-29-eol-prep/#1-verify-cluster-health" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Verify Cluster Health" href="#1-verify-cluster-health">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Check node status</span>
</span></span><span class="line"><span class="cl">kubectl get nodes
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Verify all pods are running</span>
</span></span><span class="line"><span class="cl">kubectl get pods --all-namespaces
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Check API server health</span>
</span></span><span class="line"><span class="cl">kubectl cluster-info
</span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="2-test-critical-workloads">
2. Test Critical Workloads
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-1-29-eol-prep/#2-test-critical-workloads" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Test Critical Workloads" href="#2-test-critical-workloads">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li>Run smoke tests for all applications</li>
<li>Verify data integrity</li>
<li>Test backup and restore procedures</li>
<li>Validate monitoring and alerting</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="3-update-documentation">
3. Update Documentation
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-1-29-eol-prep/#3-update-documentation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Update Documentation" href="#3-update-documentation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li>Update runbooks and procedures</li>
<li>Document any configuration changes</li>
<li>Update team training materials</li>
<li>Record lessons learned</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="common-challenges-and-solutions">
Common Challenges and Solutions
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-1-29-eol-prep/#common-challenges-and-solutions" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Common Challenges and Solutions" href="#common-challenges-and-solutions">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="api-deprecations">
API Deprecations
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-1-29-eol-prep/#api-deprecations" class="gblog-post__anchor clip flex align-center" aria-label="Anchor API Deprecations" href="#api-deprecations">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Some APIs may be deprecated in newer versions:</p>
<ul>
<li><strong>Solution</strong>: Use <code>kubectl convert</code> to update manifests</li>
<li><strong>Prevention</strong>: Regularly review deprecation notices</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="third-party-tool-compatibility">
Third-party Tool Compatibility
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-1-29-eol-prep/#third-party-tool-compatibility" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Third-party Tool Compatibility" href="#third-party-tool-compatibility">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>Some tools may not immediately support new versions:</p>
<ul>
<li><strong>Solution</strong>: Check compatibility matrices before upgrading</li>
<li><strong>Alternative</strong>: Use supported versions or find alternatives</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="performance-issues">
Performance Issues
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-1-29-eol-prep/#performance-issues" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Performance Issues" href="#performance-issues">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>New versions may have different performance characteristics:</p>
<ul>
<li><strong>Solution</strong>: Monitor performance metrics closely</li>
<li><strong>Mitigation</strong>: Adjust resource allocations if needed</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="long-term-planning">
Long-term Planning
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-1-29-eol-prep/#long-term-planning" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Long-term Planning" href="#long-term-planning">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>To avoid future EOL crises:</p>
<div class="gblog-post__anchorwrap">
<h3 id="1-establish-upgrade-cadence">
1. Establish Upgrade Cadence
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-1-29-eol-prep/#1-establish-upgrade-cadence" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 1. Establish Upgrade Cadence" href="#1-establish-upgrade-cadence">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li>Plan upgrades 2-3 months before EOL</li>
<li>Schedule regular maintenance windows</li>
<li>Automate testing where possible</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="2-use-multiple-environments">
2. Use Multiple Environments
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-1-29-eol-prep/#2-use-multiple-environments" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 2. Use Multiple Environments" href="#2-use-multiple-environments">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li>Maintain staging environments for testing</li>
<li>Use canary deployments for production</li>
<li>Implement blue-green deployment strategies</li>
</ul>
<div class="gblog-post__anchorwrap">
<h3 id="3-stay-informed">
3. Stay Informed
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-1-29-eol-prep/#3-stay-informed" class="gblog-post__anchor clip flex align-center" aria-label="Anchor 3. Stay Informed" href="#3-stay-informed">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<ul>
<li>Subscribe to Kubernetes release announcements</li>
<li>Monitor deprecation notices</li>
<li>Participate in community discussions</li>
<li>Follow security advisories</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="conclusion">
Conclusion
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-1-29-eol-prep/#conclusion" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Conclusion" href="#conclusion">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>The EOL of Kubernetes v1.29 serves as a reminder of the importance of proactive upgrade planning. By following these guidelines and best practices, organizations can ensure smooth transitions to supported versions while maintaining the stability and security of their Kubernetes environments.</p>
<p>Remember, the key to successful upgrades is preparation, testing, and having a solid rollback plan. Start your upgrade planning early, and don’t wait until the last minute to address EOL concerns.</p>
<hr>
<p><em>For more information about Kubernetes version support and EOL dates, visit the <a
class="gblog-markdown__link"
href="https://en.wikipedia.org/wiki/Kubernetes#Release_timeline"
>Kubernetes release timeline</a>.</em></p>Kubernetes v1.30 Release Cycle Kicks Offhttps://k8s-ops.net/posts/kubernetes-v1-30-release-cycle-kicks-off/2024-01-15T00:00:00+00:002025-07-04T14:01:11-04:00
<p>The Kubernetes community kicked off the v1.30 release cycle in January 2024, marking the beginning of another exciting development phase for the container orchestration platform. This release cycle represents a significant milestone as Kubernetes approaches its 10th anniversary, bringing with it new features, improvements, and community-driven enhancements.</p>
<div class="gblog-post__anchorwrap">
<h2 id="setting-the-foundation">
Setting the Foundation
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release-cycle-kicks-off/#setting-the-foundation" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Setting the Foundation" href="#setting-the-foundation">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>The v1.30 release cycle began with the establishment of key milestones and timelines that would guide the development process over the coming months. The release team, consisting of volunteers from across the Kubernetes ecosystem, worked diligently to set realistic goals while maintaining the high quality standards that users have come to expect.</p>
<p>Key milestones for the v1.30 cycle included:</p>
<ul>
<li><strong>Code Freeze</strong>: A critical period where new features are locked down to ensure stability</li>
<li><strong>Feature Freeze</strong>: The point at which no new features can be added to the release</li>
<li><strong>Release Candidate Phase</strong>: Multiple release candidates for testing and validation</li>
<li><strong>Final Release</strong>: The official release of Kubernetes v1.30</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="community-planning-and-coordination">
Community Planning and Coordination
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release-cycle-kicks-off/#community-planning-and-coordination" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Community Planning and Coordination" href="#community-planning-and-coordination">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>One of the most impressive aspects of the Kubernetes release process is the level of community involvement and coordination. The release cycle planning involves:</p>
<ul>
<li><strong>SIG (Special Interest Group) Coordination</strong>: Various SIGs work together to prioritize features and improvements</li>
<li><strong>Enhancement Proposals</strong>: Community members submit and review enhancement proposals</li>
<li><strong>Testing and Validation</strong>: Extensive testing across different environments and use cases</li>
<li><strong>Documentation Updates</strong>: Ensuring all changes are properly documented for users</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="what-to-expect-from-v130">
What to Expect from v1.30
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release-cycle-kicks-off/#what-to-expect-from-v130" class="gblog-post__anchor clip flex align-center" aria-label="Anchor What to Expect from v1.30" href="#what-to-expect-from-v130">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>While the full feature set was still being finalized in January, early indicators suggested that v1.30 would include:</p>
<ul>
<li><strong>Structured Logging Improvements</strong>: Enhanced logging capabilities for better debugging and monitoring</li>
<li><strong>Node Swap Support</strong>: Better support for swap memory on Linux nodes</li>
<li><strong>Dynamic Resource Allocation (DRA)</strong>: Advanced resource management capabilities</li>
<li><strong>Security Enhancements</strong>: Continued focus on security improvements and best practices</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="the-release-process">
The Release Process
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release-cycle-kicks-off/#the-release-process" class="gblog-post__anchor clip flex align-center" aria-label="Anchor The Release Process" href="#the-release-process">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>The Kubernetes release process follows a well-established cadence that ensures quality and stability:</p>
<ol>
<li><strong>Planning Phase</strong>: Setting goals, milestones, and timelines</li>
<li><strong>Development Phase</strong>: Implementing features and improvements</li>
<li><strong>Testing Phase</strong>: Comprehensive testing across multiple environments</li>
<li><strong>Release Candidate Phase</strong>: Public testing and feedback collection</li>
<li><strong>Final Release</strong>: Official release with full documentation</li>
</ol>
<div class="gblog-post__anchorwrap">
<h2 id="community-impact">
Community Impact
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release-cycle-kicks-off/#community-impact" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Community Impact" href="#community-impact">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>The v1.30 release cycle kickoff demonstrated the strength and maturity of the Kubernetes community. With thousands of contributors from around the world, the project continues to evolve and improve based on real-world usage and feedback.</p>
<p>The release process also serves as a model for other open-source projects, showing how large-scale collaboration can result in high-quality software that powers critical infrastructure worldwide.</p>
<div class="gblog-post__anchorwrap">
<h2 id="looking-ahead">
Looking Ahead
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-v1-30-release-cycle-kicks-off/#looking-ahead" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Looking Ahead" href="#looking-ahead">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>As the v1.30 release cycle progressed, the community remained focused on maintaining backward compatibility while introducing new capabilities that would benefit users across different industries and use cases. The careful balance between innovation and stability continues to be a hallmark of Kubernetes development.</p>
<p>The successful kickoff of the v1.30 release cycle in January 2024 set the stage for another year of innovation and improvement in the Kubernetes ecosystem, reinforcing its position as the leading container orchestration platform.</p>
<hr>
<p><em>For more information about the Kubernetes v1.30 release cycle, visit the <a
class="gblog-markdown__link"
href="https://github.com/kubernetes/sig-release/blob/master/releases/release-1.30/README.md"
>official release documentation</a>.</em></p>Error: The request you have made requires authenticationhttps://k8s-ops.net/posts/errors/the-request-you-made-requires-authentication/2023-08-01T00:00:00+00:002025-07-04T14:01:11-04:00
<p>This error occurs when you try to access a resource that requires authentication, but you haven’t provided a valid API token. The resolution is to provide a valid API token when making API requests, either through an API client library or by including an API token in the Authorization header.</p>AWS Container Deployment Optionshttps://k8s-ops.net/posts/aws-container-deployment-options/2023-01-29T00:00:00+00:002025-07-04T14:01:11-04:00
<p>Amazon Web Services (AWS) offers two managed container orchestration services, Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS). Both services provide a way to run containers in the AWS cloud, but there are some important differences between them.</p>
<p>ECS is a fully managed service that provides a simple way to run Docker containers. It takes care of the management and scaling of the underlying infrastructure, so you can focus on deploying and managing your applications. ECS supports two deployment methods: EC2 and Fargate. EC2 is a traditional deployment method that runs containers on EC2 instances, while Fargate is a serverless deployment method that eliminates the need to manage the underlying instances.</p>
<p>EKS, on the other hand, is a managed Kubernetes service that makes it easy to run and manage containerized applications using Kubernetes. With EKS, you can run applications on a managed Kubernetes cluster, allowing you to focus on your applications instead of the underlying infrastructure. EKS supports deployment on EC2 instances only.</p>
<p>When deciding between ECS and EKS, consider factors such as your level of experience with Kubernetes and the need for Kubernetes-specific features, such as custom resource definitions (CRDs) and network plugins. ECS may be a better choice for organizations that are just getting started with container orchestration and are looking for a simple, easy-to-use service. On the other hand, EKS may be a better choice for organizations that have already invested in Kubernetes or have more complex requirements for their container orchestration solution.</p>
<p>In terms of deployment methods, EC2 provides more control and customization options, but requires more manual management of the underlying instances. Fargate, on the other hand, eliminates the need to manage the underlying instances, but provides less control and customization. The best deployment method for a particular organization will depend on their specific needs and requirements.</p>Container Orchestration Optionshttps://k8s-ops.net/posts/container-orchestration-options/2023-01-29T00:00:00+00:002025-07-04T14:01:11-04:00
<p>Docker Swarm, Kubernetes, and Rancher are popular options for managing and orchestrating Docker containers.</p>
<p>Docker Swarm is a native orchestration solution for Docker containers. It provides a simple way to manage a large number of containers and ensures high availability of services by automatically distributing containers across nodes in a swarm. Docker Swarm is easy to use and has a small learning curve, making it a good choice for organizations just getting started with container orchestration.</p>
<p>Kubernetes, on the other hand, is a more powerful and feature-rich orchestration platform that is widely adopted in the industry. It provides a wide range of features for managing containers, including automatic scaling, rollouts and rollbacks, and self-healing. Kubernetes is also highly extensible, with a large and growing ecosystem of extensions and tools available.</p>
<p>Rancher is an open-source platform that provides a simple and easy-to-use interface for managing containers and services, both on-premises and in the cloud. It supports a wide range of orchestration engines, including Kubernetes and Docker Swarm, and provides features for managing the entire container lifecycle, from deployment to scaling and monitoring.</p>
<p>Other options for container orchestration include Apache Mesos, Docker Compose, and <a
class="gblog-markdown__link"
href="/posts/aws-container-deployment-options"
>Amazon ECS</a>. Each of these platforms has its own strengths and weaknesses, and the best option for a particular organization will depend on their specific needs and requirements.</p>
<p>When considering which container orchestration solution to use, organizations should consider factors such as the size and complexity of their environment, the level of control and customization required, and the need for support for hybrid and multi-cloud deployments.</p>Docker Compose for Container Orchestrationhttps://k8s-ops.net/posts/docker-compose-for-container-orchestration/2023-01-15T00:00:00+00:002025-07-04T14:01:11-04:00
<p>Docker Compose is a tool for defining and running multi-container Docker applications. It allows you to define the services, networks, and volumes that make up your application in a single file called a docker-compose.yml file. The services defined in this file can be started with a single command, making it easy to manage the entire application stack.</p>
<p>Here is a basic example of a docker-compose.yml file for an application consisting of an Nginx web server, a PHP application, and a Redis database:</p>
<pre tabindex="0"><code>version: '3'
services:
web:
image: nginx
ports:
- "80:80"
app:
image: php:7.3-fpm
redis:
image: redis
</code></pre><p>In this example, there are three services defined: web, app, and redis. Each service is based on a Docker image, with the version specified in the image key. The web service maps port 80 on the host to port 80 in the container, while the other two services do not need to expose any ports to the host.</p>
<p>With this docker-compose.yml file, you can start the entire application stack with <code>docker-compose up</code>.</p>
<p>This will create a new network for the application, start containers for each service, and connect the containers to the network. You can view the logs for each container with the docker-compose logs command, and stop the application with the docker-compose down command.</p>
<p>Docker Compose is a simple and powerful way to define and manage multi-container Docker applications, making it an ideal choice for development and testing.</p>Using Helm for deploymenthttps://k8s-ops.net/posts/using-helm-for-deployment/2023-01-15T00:00:00+00:002025-07-04T14:01:11-04:00
<p>Helm is a package manager for Kubernetes, which simplifies the deployment, scaling and management of applications in the Kubernetes cluster. It allows developers to define, install and upgrade complex application configurations as a single unit, known as a chart. A chart is a collection of files that describe the resources to be deployed, including pods, services, configmaps, and others.</p>
<p>To install the Helm binary, you can follow the instructions for your platform on the Helm GitHub repository. Once installed, you can use the Helm CLI to manage charts and install packages.</p>
<p>Here is an example of how to deploy an Nginx chart using Helm:</p>
<ol>
<li>Initialize Helm: helm init</li>
<li>Create a new chart directory: helm create mychart</li>
<li>Navigate to the chart directory: cd mychart</li>
<li>Edit the values.yaml file to customize the chart as needed</li>
<li>Install the chart: helm install –name myrelease .</li>
</ol>
<p>With these steps, you can deploy an Nginx chart using Helm, and it will automatically manage the resources required for the deployment and keep them up-to-date. You can also use the helm upgrade command to upgrade the chart to a new version, and the helm delete command to delete the chart.</p>
<div class="gblog-post__anchorwrap">
<h2 id="helm-repositories">
Helm Repositories
<a data-clipboard-text="https://k8s-ops.net/posts/using-helm-for-deployment/#helm-repositories" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Helm Repositories" href="#helm-repositories">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>Helm repositories are centralized collections of packaged applications that are used to manage the deployment of Kubernetes applications. The packaged applications are referred to as Charts, which contain all of the necessary configuration files, dependencies, and templates required to deploy an application. A chart can include anything from a simple web server to complex microservice applications.</p>
<p>To add a Helm repository, you can use the helm repo add command followed by the name and URL of the repository you would like to add. For example, to add the stable repository, you could run:</p>
<ul>
<li>
<p>Nginx Ingress Controller: A popular Ingress controller for Kubernetes that provides load balancing and SSL termination features for external traffic to your cluster.</p>
</li>
<li>
<p>MySQL: A production-ready Helm chart for deploying the popular MySQL database server.</p>
</li>
<li>
<p>Jenkins: A highly-configurable Helm chart that helps you deploy and manage a Jenkins continuous integration and continuous delivery (CI/CD) pipeline.</p>
</li>
<li>
<p>Redis: A highly-available Helm chart that deploys Redis with Sentinel to provide automatic failover and high-availability.</p>
</li>
<li>
<p>Traefik: A modern, edge-routing load balancer that makes it easy to deploy and manage applications in a microservices architecture.</p>
</li>
</ul>
<p>These charts help to simplify the deployment process, reduce the time and effort required to get started with common applications, and provide a consistent and reliable deployment experience. Additionally, Helm charts are typically customizable and configurable, so you can tailor the deployment to meet your specific needs.</p>
<p>Once the repository is added, you can use the helm search command to search for charts within the repository. To install a chart, you can use the helm install command followed by the name of the chart you would like to install.</p>
<p>It’s also possible to create your own custom repositories and share them with others. This allows you to share custom charts or even enterprise applications within your organization. To create a repository, you need to set up a web server and create an index file that describes the charts within your repository. The index file is used by Helm to search for charts, and the web server is used to host the charts and the index file.</p>Kubernetes Cluster Monitoringhttps://k8s-ops.net/posts/cluster-monitoring/2023-01-09T00:00:00+00:002025-07-04T14:01:11-04:00
<p>Monitoring is a critical aspect of operating a Kubernetes cluster, as it helps you ensure the health and performance of your applications and services. Monitoring involves collecting and analyzing data from various components of the cluster, including the API server, control plane, and individual apps and services.</p>
<p>To monitor the API server and control plane, it is important to keep track of key metrics such as CPU utilization, memory usage, network traffic, and the number of API requests. This information can be obtained through tools like Prometheus, which can scrape metrics from the Kubernetes API server and other components of the control plane. Additionally, monitoring solutions such as Grafana can help you visualize the collected metrics, making it easier to identify trends and anomalies.</p>
<p>To monitor individual apps and services, it’s important to have visibility into the health and performance of each pod and its containers. This information can be obtained through tools like liveness and readiness probes, which can monitor the status of pods and containers and take appropriate action when failures are detected. Additionally, tools like Nagios and Zabbix can help you monitor the overall health and performance of your applications and services, and alert you when issues arise.</p>
<p>In addition to monitoring individual components, it’s also important to have visibility into the overall state of your cluster. This can be achieved by using tools like Kubernetes Dashboard, which provides a graphical interface for monitoring the cluster and its components. Additionally, tools like Heapster can help you monitor the cluster’s resource utilization, including CPU, memory, and network usage.</p>
<p>Overall, monitoring is a critical aspect of operating a Kubernetes cluster and can help you ensure the health and performance of your applications and services. By having visibility into the API server, control plane, and individual apps and services, you can quickly identify and address any issues that may arise.</p>Kubernetes Operatorshttps://k8s-ops.net/posts/kubernetes-operator/2023-01-01T00:00:00+00:002025-07-04T14:01:11-04:00
<p>A Kubernetes Operator is a software extension to Kubernetes that makes it easier to manage complex, stateful applications on top of Kubernetes. An Operator encapsulates the knowledge and logic required to manage a specific application, making it easier for administrators and developers to manage the application on a Kubernetes cluster. Operators automate tasks such as deployment, scaling, and updates, freeing up resources and reducing the risk of human error.</p>
<p>One of the primary benefits of using a Kubernetes Operator is increased efficiency. With an Operator, administrators can automate tasks that would otherwise require manual intervention, freeing up time and resources to focus on other tasks. Operators also provide a consistent, repeatable process for deploying and managing applications, reducing the risk of errors and improving reliability.</p>
<p>Another benefit of using a Kubernetes Operator is improved collaboration between teams. Operators provide a standardized way of deploying and managing applications, making it easier for teams to work together and share knowledge. This can lead to faster, more efficient application development and deployment, as well as reduced downtime and improved application performance.</p>
<p>In addition, Kubernetes Operators can be customized to meet the specific needs of an organization. This can include adding custom logic or integrating with existing systems and tools. With the ability to customize Operators, organizations can tailor their deployment and management processes to meet their specific needs, resulting in a more efficient and effective application management process.</p>
<p>Overall, Kubernetes Operators provide a powerful way to manage complex, stateful applications on top of Kubernetes. By automating tasks, improving efficiency, and providing a standardized process for deployment and management, Operators can help organizations to improve their application performance, reduce downtime, and improve collaboration between teams.</p>Kubernetes Volumes: A Complete Guidehttps://k8s-ops.net/posts/kubernetes-volumes/2022-12-31T00:00:00+00:002025-07-04T14:53:10-04:00
<p>Kubernetes Volumes are a way to persist data in a containerized environment. They allow data to persist even if the container is deleted or recreated, making it easier to manage stateful applications. There are several types of Volumes that can be used in Kubernetes, each serving different use cases and requirements.</p>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/storage/volumes/"
>Learn more about Kubernetes Volumes</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="emptydir">
EmptyDir
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-volumes/#emptydir" class="gblog-post__anchor clip flex align-center" aria-label="Anchor EmptyDir" href="#emptydir">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>An EmptyDir Volume is created when a Pod is created and exists as long as the Pod is running. When the Pod is deleted, the data in the EmptyDir is deleted. This type of volume is useful for temporary storage, caching, or sharing data between containers in the same Pod.</p>
<p><strong>Use Cases:</strong></p>
<ul>
<li>Temporary storage for applications</li>
<li>Sharing data between containers in a Pod</li>
<li>Caching data that doesn’t need to persist</li>
</ul>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Pod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">mypod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">mycontainer</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">busybox</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">command</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s1">'sh'</span><span class="p">,</span><span class="w"> </span><span class="s1">'-c'</span><span class="p">,</span><span class="w"> </span><span class="s1">'echo Hello Kubernetes! && sleep 3600'</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumeMounts</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">myvol</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mountPath</span><span class="p">:</span><span class="w"> </span><span class="l">/data/</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">myvol</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">emptyDir</span><span class="p">:</span><span class="w"> </span>{}<span class="w">
</span></span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/storage/volumes/#emptydir"
>Learn more about EmptyDir volumes</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="configmaps">
ConfigMaps
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-volumes/#configmaps" class="gblog-post__anchor clip flex align-center" aria-label="Anchor ConfigMaps" href="#configmaps">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>A ConfigMap Volume allows you to mount configuration data as a file in a Pod. The data can be updated dynamically, and changes will be reflected in the file in the Pod. ConfigMaps are perfect for storing non-sensitive configuration data.</p>
<p><strong>Use Cases:</strong></p>
<ul>
<li>Application configuration files</li>
<li>Environment-specific settings</li>
<li>Feature flags and application parameters</li>
</ul>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Pod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">mypod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">mycontainer</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">busybox</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">command</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s1">'sh'</span><span class="p">,</span><span class="w"> </span><span class="s1">'-c'</span><span class="p">,</span><span class="w"> </span><span class="s1">'echo Hello Kubernetes! && sleep 3600'</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumeMounts</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">myconfig</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mountPath</span><span class="p">:</span><span class="w"> </span><span class="l">/config/</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">myconfig</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">configMap</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">myconfigmap</span><span class="w">
</span></span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/configuration/configmap/"
>Learn more about ConfigMaps</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="secrets">
Secrets
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-volumes/#secrets" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Secrets" href="#secrets">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>Secrets are similar to ConfigMaps but are designed to store sensitive data like passwords, API keys, and certificates. They are base64 encoded and should be used for any data that requires security.</p>
<p><strong>Use Cases:</strong></p>
<ul>
<li>Database passwords</li>
<li>API keys and tokens</li>
<li>SSL certificates</li>
<li>SSH keys</li>
</ul>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Pod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">mypod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">mycontainer</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">busybox</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">command</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s1">'sh'</span><span class="p">,</span><span class="w"> </span><span class="s1">'-c'</span><span class="p">,</span><span class="w"> </span><span class="s1">'echo Hello Kubernetes! && sleep 3600'</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumeMounts</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">mysecret</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mountPath</span><span class="p">:</span><span class="w"> </span><span class="l">/secrets/</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">readOnly</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">mysecret</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">secret</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">secretName</span><span class="p">:</span><span class="w"> </span><span class="l">mysecret</span><span class="w">
</span></span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/configuration/secret/"
>Learn more about Secrets</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="persistentvolumeclaim">
PersistentVolumeClaim
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-volumes/#persistentvolumeclaim" class="gblog-post__anchor clip flex align-center" aria-label="Anchor PersistentVolumeClaim" href="#persistentvolumeclaim">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>A PersistentVolumeClaim (PVC) is a request for storage by a user. The PVC specifies the desired size and access modes, and the system matches the PVC to a PersistentVolume (PV) that satisfies the claim. This provides persistent storage that survives Pod restarts and deletions.</p>
<p><strong>Use Cases:</strong></p>
<ul>
<li>Database storage</li>
<li>Application data that needs to persist</li>
<li>Shared storage between Pods</li>
<li>Backup and recovery data</li>
</ul>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">PersistentVolumeClaim</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">mypvc</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">accessModes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">ReadWriteOnce</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">resources</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">requests</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">storage</span><span class="p">:</span><span class="w"> </span><span class="l">1Gi</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">storageClassName</span><span class="p">:</span><span class="w"> </span><span class="l">fast-ssd</span><span class="w">
</span></span></span></code></pre></div><p><strong>Using PVC in a Pod:</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Pod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">mypod</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">mycontainer</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">busybox</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">command</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s1">'sh'</span><span class="p">,</span><span class="w"> </span><span class="s1">'-c'</span><span class="p">,</span><span class="w"> </span><span class="s1">'echo Hello Kubernetes! && sleep 3600'</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumeMounts</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">mypvc</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mountPath</span><span class="p">:</span><span class="w"> </span><span class="l">/data/</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">mypvc</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">persistentVolumeClaim</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">claimName</span><span class="p">:</span><span class="w"> </span><span class="l">mypvc</span><span class="w">
</span></span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/storage/persistent-volumes/"
>Learn more about Persistent Volumes</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="storage-classes">
Storage Classes
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-volumes/#storage-classes" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Storage Classes" href="#storage-classes">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>Storage Classes define the type of storage to provision. They allow you to specify different storage types (SSD, HDD, etc.) and provision storage dynamically.</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">storage.k8s.io/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">StorageClass</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">fast-ssd</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">provisioner</span><span class="p">:</span><span class="w"> </span><span class="l">kubernetes.io/aws-ebs</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">parameters</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">gp3</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">iops</span><span class="p">:</span><span class="w"> </span><span class="s2">"3000"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">throughput</span><span class="p">:</span><span class="w"> </span><span class="s2">"125"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">reclaimPolicy</span><span class="p">:</span><span class="w"> </span><span class="l">Delete</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">volumeBindingMode</span><span class="p">:</span><span class="w"> </span><span class="l">WaitForFirstConsumer</span><span class="w">
</span></span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/storage/storage-classes/"
>Learn more about Storage Classes</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="volume-access-modes">
Volume Access Modes
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-volumes/#volume-access-modes" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Volume Access Modes" href="#volume-access-modes">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>Kubernetes supports three access modes for volumes:</p>
<ul>
<li><strong>ReadWriteOnce (RWO)</strong>: The volume can be mounted as read-write by a single node</li>
<li><strong>ReadOnlyMany (ROX)</strong>: The volume can be mounted as read-only by many nodes</li>
<li><strong>ReadWriteMany (RWM)</strong>: The volume can be mounted as read-write by many nodes</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="best-practices">
Best Practices
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-volumes/#best-practices" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Best Practices" href="#best-practices">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<ol>
<li><strong>Use appropriate volume types</strong> for your use case</li>
<li><strong>Implement proper security</strong> for sensitive data using Secrets</li>
<li><strong>Plan for storage capacity</strong> and implement monitoring</li>
<li><strong>Use Storage Classes</strong> for dynamic provisioning</li>
<li><strong>Implement backup strategies</strong> for persistent data</li>
<li><strong>Monitor storage usage</strong> and implement quotas</li>
</ol>
<div class="gblog-post__anchorwrap">
<h2 id="troubleshooting">
Troubleshooting
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-volumes/#troubleshooting" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Troubleshooting" href="#troubleshooting">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>Common issues with Kubernetes volumes include:</p>
<ul>
<li><strong>Permission errors</strong>: Check volume mount permissions</li>
<li><strong>Storage capacity</strong>: Monitor available storage space</li>
<li><strong>Access mode conflicts</strong>: Ensure PVC access modes match requirements</li>
<li><strong>Storage class issues</strong>: Verify storage class configuration</li>
</ul>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/tasks/debug/"
>Learn more about troubleshooting storage issues</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="conclusion">
Conclusion
<a data-clipboard-text="https://k8s-ops.net/posts/kubernetes-volumes/#conclusion" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Conclusion" href="#conclusion">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>Kubernetes Volumes provide a flexible and powerful way to manage and persist data in a containerized environment. By using different types of Volumes, you can customize your data storage and management to meet the specific needs of your applications.</p>
<p>Key takeaways:</p>
<ul>
<li><strong>EmptyDir</strong> for temporary storage</li>
<li><strong>ConfigMaps</strong> for non-sensitive configuration</li>
<li><strong>Secrets</strong> for sensitive data</li>
<li><strong>PersistentVolumeClaims</strong> for persistent storage</li>
<li><strong>Storage Classes</strong> for dynamic provisioning</li>
</ul>
<p>For more information about Kubernetes storage and volumes, visit the <a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/storage/"
>official Kubernetes documentation</a> and the <a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/tutorials/"
>storage tutorials</a>.</p>Prometheushttps://k8s-ops.net/posts/prometheus-overview/2022-12-21T00:00:00+00:002025-07-04T14:01:11-04:00
<p>Prometheus is an open-source monitoring solution that is widely used in the Kubernetes community. It provides a flexible and scalable way to collect, store, and query time-series metrics, making it an ideal choice for monitoring the health and performance of your cluster and applications.</p>
<p>Prometheus works by scraping metrics from various sources, including the Kubernetes API server, individual pods, and other components of the control plane. These metrics are stored in a time-series database, and can be queried using a powerful query language, PromQL. This allows you to easily visualize and analyze the collected metrics, and create alerts based on specific conditions.</p>
<p>To deploy Prometheus in a Kubernetes cluster, you can use a YAML file to create a deployment. The deployment should include a number of resources, including a service, a configMap, and a StatefulSet. The service is used to expose the Prometheus API and allow it to be accessed from outside the cluster, while the configMap is used to store configuration information, such as the scrape interval and target configurations. The StatefulSet is used to manage the pods that run the Prometheus server and ensure that they are rescheduled if they fail.</p>
<p>Prometheus is widely-used and can be deployed easily:</p>
<pre tabindex="0"><code>apiVersion: apps/v1
kind: StatefulSet
metadata:
name: prometheus
spec:
selector:
matchLabels:
app: prometheus
serviceName: prometheus
replicas: 1
template:
metadata:
labels:
app: prometheus
spec:
containers:
- name: prometheus
image: prom/prometheus:v2.24.0
ports:
- containerPort: 9090
volumeMounts:
- name: config
mountPath: /etc/prometheus/
- name: data
mountPath: /prometheus/
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 2Gi
---
apiVersion: v1
kind: Service
metadata:
name: prometheus
labels:
app: prometheus
spec:
selector:
app: prometheus
ports:
- name: http
port: 9090
targetPort: 9090
clusterIP: None
---
apiVersion: v1
kind: ConfigMap
metadata:
name: prometheus-config
data:
prometheus.yml: |-
global:
scrape_interval: 15s
scrape_configs:
- job_name: prometheus
static_configs:
- targets: ['localhost:9090']
</code></pre><p>This YAML file creates a StatefulSet with a single replica, a service to expose the Prometheus API, and a configMap to store configuration information. The Prometheus server runs in a container, and the data and configuration are stored in persistent volumes that are managed by the StatefulSet.</p>
<p>In conclusion, Prometheus is a powerful and flexible monitoring solution that is widely used in the Kubernetes community. By using a YAML file to deploy Prometheus, you can easily monitor the health and performance of your cluster and applications, and quickly identify and address any issues that may arise.</p>Redis StatefulSet Examplehttps://k8s-ops.net/posts/redis-statefulset-example/2022-12-19T00:00:00+00:002025-07-04T14:01:11-04:00
<p>In this example, a ConfigMap redis-config is created with a custom Redis configuration file. A Secrets redis-secret is created with the Redis password. The StatefulSet redis-statefulset is then created, which uses the Redis image, sets the password as an environment variable, and mounts the ConfigMap as a volume at /usr/local/etc/redis/redis.conf. This means that the Redis container will use the custom configuration and password when it starts up.</p>
<pre tabindex="0"><code>apiVersion: v1
kind: ConfigMap
metadata:
name: redis-config
data:
redis.conf: |
bind 0.0.0.0
protected-mode no
</code></pre><pre tabindex="0"><code>apiVersion: v1
kind: Secret
metadata:
name: redis-secret
data:
REDIS_PASSWORD: cGFzc3dvcmQ=
</code></pre><p>Finally, create and apply the StatefulSet:</p>
<pre tabindex="0"><code>apiVersion: apps/v1
kind: StatefulSet
metadata:
name: redis-statefulset
spec:
serviceName: redis
replicas: 1
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
containers:
- name: redis
image: redis
ports:
- containerPort: 6379
env:
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secret
key: REDIS_PASSWORD
volumeMounts:
- name: config-volume
mountPath: /usr/local/etc/redis/redis.conf
subPath: redis.conf
volumes:
- name: config-volume
configMap:
name: redis-config
</code></pre>Deployments, Pods, and StatefulSetshttps://k8s-ops.net/posts/deployments-pods-statefulsets/2022-12-13T00:00:00+00:002025-07-04T14:01:11-04:00
<p>In Kubernetes, a Pod is the smallest and simplest unit in the Kubernetes object model. A Pod represents a single instance of a running process in your cluster. Pods are used to host containers and provide an isolated environment for each container. Each Pod can contain one or multiple containers, and all containers within a Pod share the same network namespace, IP address, and storage volumes.</p>
<div class="gblog-post__anchorwrap">
<h3 id="deployment">
Deployment
<a data-clipboard-text="https://k8s-ops.net/posts/deployments-pods-statefulsets/#deployment" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Deployment" href="#deployment">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>A Deployment is a higher-level Kubernetes object that provides a declarative approach to managing the desired state of Pods. A Deployment ensures that a specified number of replicas of a Pod are running at any given time. If a Pod crashes or is deleted, the Deployment will automatically replace it. Deployments also provide a way to perform rolling updates to the Pods, allowing you to update your application without any downtime.</p>
<pre tabindex="0"><code>apiVersion: apps/v1
kind: Deployment
metadata:
name: mydeployment
spec:
replicas: 3
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
containers:
- name: mycontainer
image: busybox
command: ['sh', '-c', 'echo Hello Kubernetes! && sleep 3600']
</code></pre><div class="gblog-post__anchorwrap">
<h3 id="statefulset">
StatefulSet
<a data-clipboard-text="https://k8s-ops.net/posts/deployments-pods-statefulsets/#statefulset" class="gblog-post__anchor clip flex align-center" aria-label="Anchor StatefulSet" href="#statefulset">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>A StatefulSet is a higher-level Kubernetes object that provides a unique identity and stable storage to each instance of a Pod. StatefulSets are used to manage stateful applications that require stable network identities and persistent storage. Unlike Deployments, StatefulSets guarantee that the Pods they manage will have a unique hostname, preserving the network identity of each Pod even if it is deleted and recreated.</p>
<pre tabindex="0"><code>apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mystatefulset
spec:
replicas: 3
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
containers:
- name: mycontainer
image: busybox
command: ['sh', '-c', 'echo Hello Kubernetes! && sleep 3600']
volumeMounts:
- name: datadir
mountPath: /data/
volumeClaimTemplates:
- metadata:
name: datadir
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 1Gi
</code></pre><p>In conclusion, Pods, Deployments, and StatefulSets provide different levels of abstractions for managing applications in Kubernetes. Pods are the basic unit of deployment and provide isolation for containers. Deployments provide a way to manage the desired state of Pods and perform rolling updates. StatefulSets provide a way to manage stateful applications, providing a unique identity and stable storage to each instance of a Pod. By using these objects together, you can create a scalable and reliable application architecture in Kubernetes.</p>ConfigMaps and Secretshttps://k8s-ops.net/posts/configmaps-secrets/2022-12-10T00:00:00+00:002025-07-04T14:01:11-04:00
<p>ConfigMaps and Secrets are two Kubernetes objects used to store configuration data and secrets, respectively.</p>
<p>ConfigMaps are used to store configuration data in the form of key-value pairs. The data stored in a ConfigMap can be used to configure applications, build and compile applications, or as environment variables.</p>
<pre tabindex="0"><code>apiVersion: v1
kind: ConfigMap
metadata:
name: myconfigmap
data:
KEY1: VALUE1
KEY2: VALUE2
</code></pre><p>To create a <code>ConfigMap</code> with <code>kubectl</code>, run:</p>
<pre><code>kubectl create configmap my-configmap --from-literal=key1=value1 --from-literal=key2=value2
</code></pre>
<p>To edit the <code>ConfigMap</code>: <code>kubectl edit configmap my-configmap</code></p>
<p>This can be mounted in a Pod, either via Deployments or StatefulSets:</p>
<pre tabindex="0"><code>spec:
containers:
- name: mycontainer
image: busybox
env:
- name: KEY1
valueFrom:
configMapKeyRef:
name: myconfigmap
key: KEY1
</code></pre><p>Alternatively, they can be mounted as a file</p>
<pre tabindex="0"><code>spec:
containers:
- name: mycontainer
image: busybox
volumeMounts:
- name: configmap-volume
mountPath: /etc/config/
volumes:
- name: configmap-volume
configMap:
name: myconfigmap
</code></pre><p>Secrets are used to store sensitive information such as passwords, tokens, and certificates. The data stored in a Secret is encrypted and can only be accessed by Pods that have the appropriate permissions.</p>
<pre tabindex="0"><code>apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
KEY1: VALUE1
KEY2: VALUE2
</code></pre><p>Like ConfigMaps, Secrets can be mounted inside a Pod:</p>
<pre tabindex="0"><code>spec:
containers:
- name: mycontainer
image: busybox
env:
- name: KEY1
valueFrom:
secretKeyRef:
name: mysecret
key: KEY1
</code></pre><p>Or as a file:</p>
<pre tabindex="0"><code>spec:
containers:
- name: mycontainer
image: busybox
volumeMounts:
- name: secret-volume
mountPath: /etc/secret/
volumes:
- name: secret-volume
secret:
secretName: mysecret
</code></pre><p>In conclusion, ConfigMaps and Secrets provide a way to store configuration data and secrets in a secure and organized manner in Kubernetes. They can be mounted as environment variables or as files to be used by containers in a Pod.</p>NGINX Deployment Example in Kuberneteshttps://k8s-ops.net/posts/nginx-deployment-example/2022-12-10T00:00:00+00:002025-07-04T14:53:10-04:00
<p>In this example, we’ll create a simple NGINX deployment in Kubernetes using a ConfigMap to serve custom HTML content. This demonstrates how to use ConfigMaps to inject configuration and static content into your containers.</p>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/workloads/controllers/deployment/"
>Learn more about Deployments</a>
<a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/configuration/configmap/"
>Learn more about ConfigMaps</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="overview">
Overview
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-deployment-example/#overview" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Overview" href="#overview">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>The ConfigMap <code>nginx-config</code> is created with the HTML contents of the index page. The Deployment <code>nginx-deployment</code> is then created, which uses the stock nginx image and mounts the ConfigMap as a volume at <code>/usr/share/nginx/html</code>. This means that the contents of the ConfigMap will be available to the nginx container and serve as the index page for the website.</p>
<div class="gblog-post__anchorwrap">
<h2 id="step-1-create-a-configmap">
Step 1: Create a ConfigMap
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-deployment-example/#step-1-create-a-configmap" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Step 1: Create a ConfigMap" href="#step-1-create-a-configmap">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>First, create a ConfigMap with an <code>index.html</code> file. This will be mounted into the nginx static directory.</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">ConfigMap</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-config</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">data</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">index.html</span><span class="p">:</span><span class="w"> </span><span class="p">|</span><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> <html>
</span></span></span><span class="line"><span class="cl"><span class="sd"> <head>
</span></span></span><span class="line"><span class="cl"><span class="sd"> <title>My NGINX Page</title>
</span></span></span><span class="line"><span class="cl"><span class="sd"> </head>
</span></span></span><span class="line"><span class="cl"><span class="sd"> <body>
</span></span></span><span class="line"><span class="cl"><span class="sd"> <h1>Welcome to my NGINX Page</h1>
</span></span></span><span class="line"><span class="cl"><span class="sd"> <p>This page is served from a Kubernetes ConfigMap!</p>
</span></span></span><span class="line"><span class="cl"><span class="sd"> </body>
</span></span></span><span class="line"><span class="cl"><span class="sd"> </html></span><span class="w">
</span></span></span></code></pre></div><p>Apply the ConfigMap with:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">kubectl apply -f configmap.yaml
</span></span></code></pre></div><p><a
class="gblog-markdown__link"
href="https://nginx.org/en/"
>Learn more about NGINX</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="step-2-create-the-deployment">
Step 2: Create the Deployment
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-deployment-example/#step-2-create-the-deployment" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Step 2: Create the Deployment" href="#step-2-create-the-deployment">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>Then, create a <code>Deployment</code> file like so, and apply it with <code>kubectl</code> as above.</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">apps/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Deployment</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-deployment</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">replicas</span><span class="p">:</span><span class="w"> </span><span class="m">1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">nginx</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">template</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">labels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">nginx</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">nginx</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">nginx:latest</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">containerPort</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumeMounts</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">config-volume</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mountPath</span><span class="p">:</span><span class="w"> </span><span class="l">/usr/share/nginx/html</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">config-volume</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">configMap</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-config</span><span class="w">
</span></span></span></code></pre></div><p>Apply the deployment with:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">kubectl apply -f deployment.yaml
</span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h2 id="step-3-create-a-service">
Step 3: Create a Service
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-deployment-example/#step-3-create-a-service" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Step 3: Create a Service" href="#step-3-create-a-service">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>To make the NGINX deployment accessible, create a Service:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">nginx</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l">TCP</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">targetPort</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">ClusterIP</span><span class="w">
</span></span></span></code></pre></div><p>Apply the service with:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">kubectl apply -f service.yaml
</span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h2 id="step-4-verify-the-deployment">
Step 4: Verify the Deployment
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-deployment-example/#step-4-verify-the-deployment" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Step 4: Verify the Deployment" href="#step-4-verify-the-deployment">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>Check that everything is running correctly:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Check the deployment status</span>
</span></span><span class="line"><span class="cl">kubectl get deployments
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Check the pods</span>
</span></span><span class="line"><span class="cl">kubectl get pods
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Check the service</span>
</span></span><span class="line"><span class="cl">kubectl get services
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Test the deployment</span>
</span></span><span class="line"><span class="cl">kubectl port-forward service/nginx-service 8080:80
</span></span></code></pre></div><p>Then visit <code>http://localhost:8080</code> in your browser to see your custom NGINX page.</p>
<div class="gblog-post__anchorwrap">
<h2 id="additional-configuration-options">
Additional Configuration Options
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-deployment-example/#additional-configuration-options" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Additional Configuration Options" href="#additional-configuration-options">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<div class="gblog-post__anchorwrap">
<h3 id="using-loadbalancer-service-type">
Using LoadBalancer Service Type
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-deployment-example/#using-loadbalancer-service-type" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Using LoadBalancer Service Type" href="#using-loadbalancer-service-type">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>For external access, you can change the service type to LoadBalancer:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-service</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">nginx</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l">TCP</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">targetPort</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">LoadBalancer</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h3 id="adding-resource-limits">
Adding Resource Limits
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-deployment-example/#adding-resource-limits" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Adding Resource Limits" href="#adding-resource-limits">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<p>You can add resource requests and limits to your deployment:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l">apps/v1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l">Deployment</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-deployment</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">replicas</span><span class="p">:</span><span class="w"> </span><span class="m">1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">selector</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">nginx</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">template</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">metadata</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">labels</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span><span class="l">nginx</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">spec</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">containers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">nginx</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">nginx:latest</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">containerPort</span><span class="p">:</span><span class="w"> </span><span class="m">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">resources</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">requests</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="s2">"64Mi"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="s2">"250m"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">limits</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="s2">"128Mi"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="s2">"500m"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumeMounts</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">config-volume</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mountPath</span><span class="p">:</span><span class="w"> </span><span class="l">/usr/share/nginx/html</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">config-volume</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">configMap</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">nginx-config</span><span class="w">
</span></span></span></code></pre></div><div class="gblog-post__anchorwrap">
<h2 id="troubleshooting">
Troubleshooting
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-deployment-example/#troubleshooting" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Troubleshooting" href="#troubleshooting">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>If you encounter issues:</p>
<ol>
<li><strong>Check pod status</strong>: <code>kubectl describe pod <pod-name></code></li>
<li><strong>Check pod logs</strong>: <code>kubectl logs <pod-name></code></li>
<li><strong>Verify ConfigMap</strong>: <code>kubectl get configmap nginx-config -o yaml</code></li>
<li><strong>Check service endpoints</strong>: <code>kubectl get endpoints nginx-service</code></li>
</ol>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/tasks/debug/"
>Learn more about troubleshooting</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="next-steps">
Next Steps
<a data-clipboard-text="https://k8s-ops.net/posts/nginx-deployment-example/#next-steps" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Next Steps" href="#next-steps">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>This example demonstrates basic Kubernetes concepts. You can extend it by:</p>
<ul>
<li>Adding an Ingress for external access</li>
<li>Implementing health checks with liveness and readiness probes</li>
<li>Setting up horizontal pod autoscaling</li>
<li>Adding persistent storage for logs</li>
<li>Implementing rolling updates</li>
</ul>
<p>For more examples and tutorials, visit the <a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/tutorials/"
>official Kubernetes documentation</a> and the <a
class="gblog-markdown__link"
href="https://nginx.org/en/docs/"
>NGINX documentation</a>.</p>Exposing services to the webhttps://k8s-ops.net/posts/exposing-services/2022-12-05T00:00:00+00:002025-07-04T14:01:11-04:00
<p>Exposing containers to the internet is a common task in Kubernetes, and there are several ways to accomplish this. The main methods are by using Services and Endpoints.</p>
<p>A Service in Kubernetes provides a single IP address and DNS name for a group of pods. It acts as an intermediary between pods and the outside world, forwarding traffic to the correct pod. There are several types of Services in Kubernetes, including ClusterIP, NodePort, LoadBalancer, and ExternalName.</p>
<p>The ClusterIP Service is the default Service type and is only accessible within the cluster. The NodePort Service opens a specific port on each node in the cluster and maps it to a port on the Service. The LoadBalancer Service creates a load balancer in the cloud provider, providing an external IP address for accessing the Service. The ExternalName Service maps a Service to an external DNS name.</p>
<p>Endpoints are a list of IP addresses and ports for pods that belong to a Service. When a Service receives a request, it uses the Endpoints to determine which pod to forward the request to.</p>
<p>In summary, Services and Endpoints are essential components in exposing containers to the internet in Kubernetes. They provide a way to access containers from outside the cluster and ensure that traffic is routed to the correct pods. The choice of Service type will depend on the specific requirements of the application, including accessibility, load balancing, and security.</p>
<p>Considering the following basic <code>nginx</code> example, here are examples of various Service types that can be used to expose the nginx deployment to the internet.</p>
<pre tabindex="0"><code>apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80
</code></pre><div class="gblog-post__anchorwrap">
<h3 id="nodeport">
NodePort
<a data-clipboard-text="https://k8s-ops.net/posts/exposing-services/#nodeport" class="gblog-post__anchor clip flex align-center" aria-label="Anchor NodePort" href="#nodeport">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<pre tabindex="0"><code>apiVersion: v1
kind: Service
metadata:
name: nginx-node-port
spec:
selector:
app: nginx
ports:
- name: http
port: 80
targetPort: 80
nodePort: 30080
type: NodePort
</code></pre><div class="gblog-post__anchorwrap">
<h3 id="clusterip">
ClusterIP
<a data-clipboard-text="https://k8s-ops.net/posts/exposing-services/#clusterip" class="gblog-post__anchor clip flex align-center" aria-label="Anchor ClusterIP" href="#clusterip">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<pre tabindex="0"><code>apiVersion: v1
kind: Service
metadata:
name: nginx-cluster-ip
spec:
selector:
app: nginx
ports:
- name: http
port: 80
targetPort: 80
type: ClusterIP
</code></pre><div class="gblog-post__anchorwrap">
<h3 id="loadbalancer">
LoadBalancer
<a data-clipboard-text="https://k8s-ops.net/posts/exposing-services/#loadbalancer" class="gblog-post__anchor clip flex align-center" aria-label="Anchor LoadBalancer" href="#loadbalancer">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h3>
</div>
<pre tabindex="0"><code>apiVersion: v1
kind: Service
metadata:
name: nginx-load-balancer
spec:
selector:
app: nginx
ports:
- name: http
port: 80
targetPort: 80
type: LoadBalancer
</code></pre><p>In this example, the nginx deployment creates three replicas of the nginx container. The Service type determines how the deployment can be accessed from outside the cluster. With the NodePort Service, the deployment can be accessed by the node’s IP address and the specified node port (30080). With the ClusterIP Service, the deployment can be accessed within the cluster by the Service’s IP address. With the LoadBalancer Service, the deployment can be accessed by the external IP address provided by the cloud provider.</p>Kubernetes Challengeshttps://k8s-ops.net/posts/kubernetes-challenges/2022-11-05T00:00:00+00:002025-07-04T14:01:11-04:00
<p>Kubernetes has become one of the most popular platforms for container orchestration, and its adoption is rapidly growing among organizations of all sizes. This popularity can be attributed to the benefits that Kubernetes provides, such as improved application uptime, increased deployment velocity, and reduced operational complexity. Despite its many benefits, however, Kubernetes can also come with a significant cost overhead. The platform requires a significant investment in terms of time, resources, and expertise to implement and maintain, and can also be resource-intensive, requiring significant computing power, storage, and memory. Additionally, the cost of training and support can be a major factor, as organizations may need to invest in training existing staff or hiring new personnel with experience in Kubernetes. Despite these challenges, many organizations find that the benefits of Kubernetes far outweigh the costs, making it a valuable investment for their operations.</p>
<p>Some of the challenges organizations may face when implementing Kubernetes include:</p>
<ul>
<li>Complexity: Kubernetes can be complex to set up and manage, requiring significant investment in terms of time, resources, and expertise.</li>
<li>Integration with existing systems: Integrating Kubernetes with existing systems, such as legacy applications and databases, can be challenging.</li>
<li>Security concerns: Kubernetes involves running containers and microservices, which can increase the attack surface and create security risks.</li>
<li>Resource constraints: Kubernetes requires significant computing resources, including storage, memory, and CPU, which can be a challenge for organizations with limited infrastructure.</li>
<li>Compatibility issues: Kubernetes is constantly evolving, and compatibility issues may arise with different versions of the platform, or with other systems and tools.</li>
<li>Staffing and training: Organizations may face challenges in finding skilled staff with experience in Kubernetes, and in providing training to existing staff.</li>
<li>Cost: Implementing Kubernetes can be expensive, both in terms of infrastructure costs and the cost of training and support.</li>
<li>Overall, organizations should carefully consider their needs and resources when implementing Kubernetes, and should plan accordingly to ensure a successful deployment.</li>
</ul>Kubernetes Errorshttps://k8s-ops.net/posts/kubernetes-errors/2022-10-31T00:00:00+00:002025-07-04T14:01:11-04:00
<p>Yes, here are some common errors that can occur when using Kubernetes:</p>
<ul>
<li>Container crashes: If a container in a Pod crashes, Kubernetes will restart the container automatically. However, if the container continues to crash, it may indicate a problem with the application or environment.</li>
<li>Image pull errors: If Kubernetes is unable to pull the image specified in a Pod definition, this could indicate a problem with the image repository, network connectivity, or image name.</li>
<li>Resource constraints: If a Pod requires more resources than are available on a node, the Pod will not be scheduled and will remain in a pending state.</li>
<li>Network connectivity: If Pods are unable to communicate with each other or with the outside world, it may indicate a problem with the network configuration or connectivity.</li>
<li>DNS resolution: If Pods are unable to resolve domain names, it may indicate a problem with the DNS configuration or network connectivity.</li>
<li>Configuration errors: If a Pod or deployment configuration is incorrect, Kubernetes may not be able to create or manage the resources as expected.</li>
<li>Scheduling errors: If a Pod is unable to be scheduled on a node, it may indicate a problem with the node, such as resource constraints or taints.</li>
<li>Permission errors: If a user is unable to perform certain operations in Kubernetes, it may indicate a problem with the user’s permissions.</li>
</ul>
<p>These are just a few examples of the common errors that can occur when using Kubernetes. It’s important to monitor the logs and events in the cluster to quickly detect and resolve any issues that arise.</p>Inspecting Cluster Resourceshttps://k8s-ops.net/posts/inspecting-resources/2022-10-14T00:00:00+00:002025-07-04T14:01:11-04:00
<p>Here are some kubectl commands that can help ensure that a Kubernetes cluster is properly configured. Remember that they must be run with <code>-n <namespace></code>.</p>
<ul>
<li>
<p><code>kubectl get nodes</code>: This command lists all the nodes in the cluster and their status, including their readiness and availability. This can help you identify any nodes that may be offline or not working properly.</p>
</li>
<li>
<p><code>kubectl get pods</code>: This command lists all the pods in the cluster and their status, including their IP addresses, hostnames, and container status. This can help you identify any pods that may be in a crash loop or have failed to start.</p>
</li>
<li>
<p><code>kubectl describe pod <pod_name></code>: This command provides detailed information about a specific pod, including its resource utilization, events, and conditions. This can help you diagnose any issues that may be affecting the pod’s operation.</p>
</li>
<li>
<p><code>kubectl get services</code>: This command lists all the services in the cluster and their status, including their IP addresses, ports, and selector labels. This can help you verify that the services are properly exposed and that the right pods are being targeted.</p>
</li>
<li>
<p><code>kubectl logs <pod_name></code>: This command displays the logs for a specific pod, which can help you diagnose any issues that may be affecting the pod’s operation.</p>
</li>
</ul>
<p>These commands can give you a good overview of the state of your cluster and help you identify any issues that may need to be addressed. Additionally, it’s important to regularly monitor your cluster’s logs, events, and resource utilization to ensure that it’s functioning as expected.</p>Kubernetes Securityhttps://k8s-ops.net/posts/kubernetes-security/2022-10-02T00:00:00+00:002025-07-04T14:01:11-04:00
<p>Yes, here is a discussion of the most common Kubernetes security issues and how to mitigate them:</p>
<ol>
<li>
<p>Cluster security: A misconfigured Kubernetes cluster can leave it vulnerable to attacks. To mitigate this risk, it’s important to follow best practices for securing the control plane, API server, and etcd. This includes using secure authentication and authorization methods, such as Role-Based Access Control (RBAC), and encrypting etcd data.</p>
</li>
<li>
<p>Container security: Containers running in a Kubernetes cluster can pose a security risk if they contain vulnerabilities or malicious code. To mitigate this risk, it’s important to use trusted images from a secure repository and to regularly update and patch containers. You can also use security tools, such as runtime security tools and network segmentation, to monitor and control network traffic between containers.</p>
</li>
<li>
<p>Network security: A poorly configured network in a Kubernetes cluster can leave it vulnerable to attacks. To mitigate this risk, it’s important to use secure networking solutions, such as network segmentation, and to follow best practices for securing the cluster’s network.</p>
</li>
<li>
<p>Resource management: In Kubernetes, it’s possible for a container to consume all the resources of a node, leading to a Denial of Service (DoS) attack. To mitigate this risk, it’s important to limit the resources that a container can consume, using resource constraints and quotas.</p>
</li>
<li>
<p>Secrets management: Storing secrets, such as passwords and API keys, in a Kubernetes cluster can pose a security risk if they are not managed properly. To mitigate this risk, it’s important to use secure methods for storing and accessing secrets, such as Kubernetes Secrets and HashiCorp Vault.</p>
</li>
</ol>
<p>These are just a few of the most common Kubernetes security issues, and it’s important to regularly assess and update your cluster’s security posture to ensure that it’s protected from potential threats.</p>Kubernetes Logginghttps://k8s-ops.net/posts/kubernetes-logs/2022-08-08T00:00:00+00:002025-07-04T14:01:11-04:00
<p>Getting logs from a Kubernetes cluster is an important aspect of monitoring and troubleshooting applications running in the cluster. There are several ways to get logs from a Kubernetes cluster:</p>
<ul>
<li><code>kubectl logs</code>: You can use the kubectl logs command to retrieve the logs from a specific pod in the cluster. For example, <code>kubectl logs <pod_name></code> will display the logs for the pod with the name <pod_name>.</li>
<li>Kubernetes API: You can also retrieve logs by accessing the logs API endpoint, which is exposed by the Kubernetes API server. To do this, you can use tools like curl to make API requests and retrieve logs.</li>
<li>Log Aggregation: Another way to collect logs from a Kubernetes cluster is to use a log aggregation tool such as Fluentd, Logstash, or ELK Stack. These tools can collect logs from pods, parse them, and store them in a central location for analysis.</li>
<li>Sidecar Containers: Another way to collect logs from a pod is to use a sidecar container. A sidecar container is a separate container in the pod that is used to perform specific tasks, such as log collection. For example, you can use a Fluentd container as a sidecar to collect logs from the main application container and send them to a central logging server.</li>
</ul>
<p>Regardless of the method you choose, it’s important to have a centralized log collection solution in place to make it easier to search, analyze, and visualize logs from your Kubernetes cluster.</p>Error from server (Forbidden): error when retrieving current configuration of: Resource is not foundhttps://k8s-ops.net/posts/errors/error-from-server-forbidden-error-when-retrieving-current-configuration-of-resource-is-not-found/2022-08-01T00:00:00+00:002025-07-04T14:01:11-04:00
<p>This error occurs when kubectl does not have sufficient permissions to access a resource in the cluster. Ensure that the user running kubectl has the necessary permissions to access the resource, or use kubectl with a different user that has the necessary permissions.</p>Error: could not find the requested versionhttps://k8s-ops.net/posts/errors/could-not-find-the-requested-version/2022-08-01T00:00:00+00:002025-07-04T14:01:11-04:00
<p>This error occurs when you try to access a resource with an unsupported API version. The resolution is to check the API version of the resource and make sure it is supported by the API server. You can use kubectl api-versions to list the supported API versions.</p>Error: Error from server (NotFound): pods 'example-pod' not foundhttps://k8s-ops.net/posts/errors/error-from-server-notfound-pods-not-found/2022-08-01T00:00:00+00:002025-07-04T14:01:11-04:00
<p>This error occurs when the specified pod does not exist in the cluster. Check the name of the pod and ensure that it has been created and is running.</p>Error: invalid value for field … error: … is invalidhttps://k8s-ops.net/posts/errors/invalid-value-for-field/2022-08-01T00:00:00+00:002025-07-04T14:01:11-04:00
<p>This error occurs when you provide an invalid value for a field in a resource specification. The resolution is to check the field specification and make sure the value you provide is valid. You can use the Kubernetes API documentation or kubectl explain to find the field specification.</p>Error: the connection to the server localhost:8080 was refused - did you specify the right host or port?https://k8s-ops.net/posts/errors/the-connection-to-the-server-was-refused/2022-08-01T00:00:00+00:002025-07-04T14:01:11-04:00
<p>This error occurs when kubectl is not able to connect to a Kubernetes cluster. Check that the cluster is up and running and that the kubectl configuration is pointing to the correct cluster.</p>Error: the requested resource already existshttps://k8s-ops.net/posts/errors/the-requested-resource-already-exists/2022-08-01T00:00:00+00:002025-07-04T14:01:11-04:00
<p>This error occurs when you try to create a resource that already exists. The resolution is to either update the existing resource or delete it and create a new one. You can use kubectl to check if the resource exists and to delete or update it.</p>Error: The requested resource was not found on the serverhttps://k8s-ops.net/posts/errors/the-requested-resource-was-not-found-on-the-server/2022-08-01T00:00:00+00:002025-07-04T14:01:11-04:00
<p>This error occurs when the API server cannot find the requested resource. The resolution is to check the name and namespace of the resource and make sure they are correct. You can also check if the resource was deleted or if there was a network error.</p>Error: the resource you requested was not foundhttps://k8s-ops.net/posts/errors/the-resource-you-requested-was-not-found/2022-08-01T00:00:00+00:002025-07-04T14:01:11-04:00
<p>This error occurs when you try to access a resource that does not exist in the API server. The resolution is to check the name, namespace, and API version of the resource to make sure it exists.</p>Error: Too many requests, rate limit reachedhttps://k8s-ops.net/posts/errors/too-many-requests-rate-limit-reached/2022-08-01T00:00:00+00:002025-07-04T14:01:11-04:00
<p>This error occurs when you make too many API requests in a short period of time and hit a rate limit. The resolution is to reduce the frequency of API requests or wait until the rate limit resets.</p>Error: You do not have enough permissions to perform the requested operationhttps://k8s-ops.net/posts/errors/you-do-not-have-permissions-to-perform-the-requested-operation/2022-08-01T00:00:00+00:002025-07-04T14:01:11-04:00
<p>This error occurs when you try to perform an operation that requires elevated permissions, but you don’t have the necessary role-based access control (RBAC) permissions. The resolution is to check the RBAC permissions of the user or service account making the API request and ensure they have the necessary permissions. You can also use kubectl to check the RBAC permissions for a particular resource.</p>What is Kubernetes?https://k8s-ops.net/posts/what-is-kubernetes/2022-08-01T00:00:00+00:002025-07-04T14:53:10-04:00
<p>Kubernetes is an open-source platform for automating deployment, scaling, and management of containerized applications. It provides a way to orchestrate containers on multiple hosts, and provides features such as self-healing, horizontal scaling, and service discovery. Kubernetes acts as an operating system for containers and helps to manage the entire life cycle of containerized applications.</p>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/overview/"
>Learn more about Kubernetes</a></p>
<p>Kubernetes can help businesses in various ways, including:</p>
<ul>
<li>
<p><strong>Improved application uptime</strong>: Kubernetes provides features such as self-healing, automatic rollbacks, and horizontal scaling, which can help ensure high availability of applications.</p>
</li>
<li>
<p><strong>Increased deployment velocity</strong>: With Kubernetes, developers can rapidly deploy and scale applications, leading to faster time-to-market for new products and features.</p>
</li>
<li>
<p><strong>Improved resource utilization</strong>: Kubernetes allows for efficient utilization of computing resources, reducing costs and increasing efficiency.</p>
</li>
<li>
<p><strong>Easy scaling</strong>: Kubernetes allows you to easily scale your application horizontally, adding more resources as needed, without having to worry about the underlying infrastructure.</p>
</li>
<li>
<p><strong>Reduced operational complexity</strong>: By using Kubernetes, businesses can simplify the management and orchestration of complex, multi-tiered applications, reducing the overall operational complexity.</p>
</li>
<li>
<p><strong>Improved collaboration</strong>: Kubernetes provides a standard platform for teams to work together, making it easier for teams to collaborate and develop applications together.</p>
</li>
</ul>
<div class="gblog-post__anchorwrap">
<h2 id="key-features">
Key Features
<a data-clipboard-text="https://k8s-ops.net/posts/what-is-kubernetes/#key-features" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Key Features" href="#key-features">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>Kubernetes offers several key features that make it essential for modern application deployment:</p>
<ul>
<li><strong>Container Orchestration</strong>: Automatically manages container placement, scaling, and health monitoring</li>
<li><strong>Service Discovery</strong>: Enables applications to find and communicate with each other</li>
<li><strong>Load Balancing</strong>: Distributes traffic across multiple instances of your application</li>
<li><strong>Self-healing</strong>: Automatically replaces failed containers and reschedules them</li>
<li><strong>Horizontal Scaling</strong>: Scale applications up or down based on demand</li>
<li><strong>Rolling Updates</strong>: Update applications without downtime</li>
<li><strong>Resource Management</strong>: Efficiently allocate CPU, memory, and storage resources</li>
</ul>
<p><a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/concepts/"
>Explore Kubernetes features</a></p>
<div class="gblog-post__anchorwrap">
<h2 id="getting-started">
Getting Started
<a data-clipboard-text="https://k8s-ops.net/posts/what-is-kubernetes/#getting-started" class="gblog-post__anchor clip flex align-center" aria-label="Anchor Getting Started" href="#getting-started">
<svg class="gblog-icon gblog_link"><use xlink:href="#gblog_link"></use></svg>
</a>
</h2>
</div>
<p>To get started with Kubernetes, you can:</p>
<ol>
<li><strong>Set up a local cluster</strong> using tools like <a
class="gblog-markdown__link"
href="https://minikube.sigs.k8s.io/"
>Minikube</a> or <a
class="gblog-markdown__link"
href="https://www.docker.com/products/docker-desktop/"
>Docker Desktop</a></li>
<li><strong>Use a managed service</strong> like <a
class="gblog-markdown__link"
href="https://cloud.google.com/kubernetes-engine"
>Google Kubernetes Engine (GKE)</a>, <a
class="gblog-markdown__link"
href="https://aws.amazon.com/eks/"
>Amazon EKS</a>, or <a
class="gblog-markdown__link"
href="https://azure.microsoft.com/services/kubernetes-service/"
>Azure AKS</a></li>
<li><strong>Follow the official tutorials</strong> at <a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/tutorials/"
>kubernetes.io/tutorials</a></li>
</ol>
<p>For more information about Kubernetes and its capabilities, visit the <a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/"
>official Kubernetes documentation</a> and the <a
class="gblog-markdown__link"
href="https://kubernetes.io/docs/tutorials/"
>Kubernetes.io tutorials</a>.</p>