Documentation
Blog
Training
Partners
Community
Case Studies
English
- 中文 Chinese
- 한국어 Korean
v1.18
- v1.18
- v1.17
- v1.16
- v1.15
- v1.14

Learn Kubernetes Basics

Get Started

Ready to get your hands dirty? Build a simple Kubernetes cluster that runs "Hello World" for Node.js.

Documentation

Learn how to use Kubernetes with conceptual, tutorial, and reference documentation. You can even help contribute to the docs!

Blog

Read the latest news for Kubernetes and the containers space in general, and get technical how-tos hot off the presses.

Interested in hacking on the core Kubernetes code base?

View On GitHub

Explore the community

Tasks

Install Tools

Install and Set Up kubectl

Install Minikube

Administer a Cluster

Administration with kubeadm

Certificate Management with kubeadm

Upgrading kubeadm clusters

Adding Windows nodes

Upgrading Windows nodes

Manage Memory, CPU, and API Resources

Configure Default Memory Requests and Limits for a Namespace

Configure Default CPU Requests and Limits for a Namespace

Configure Minimum and Maximum Memory Constraints for a Namespace

Configure Minimum and Maximum CPU Constraints for a Namespace

Configure Memory and CPU Quotas for a Namespace

Configure a Pod Quota for a Namespace

Install a Network Policy Provider

Use Calico for NetworkPolicy

Use Cilium for NetworkPolicy

Use Kube-router for NetworkPolicy

Romana for NetworkPolicy

Weave Net for NetworkPolicy

Access Clusters Using the Kubernetes API

Access Services Running on Clusters

Advertise Extended Resources for a Node

Autoscale the DNS Service in a Cluster

Change the default StorageClass

Change the Reclaim Policy of a PersistentVolume

Cluster Management

Configure Multiple Schedulers

Configure Out of Resource Handling

Configure Quotas for API Objects

Control CPU Management Policies on the Node

Control Topology Management Policies on a node

Customizing DNS Service

Debugging DNS Resolution

Declare Network Policy

Developing Cloud Controller Manager

Enabling EndpointSlices

Enabling Service Topology

Encrypting Secret Data at Rest

Guaranteed Scheduling For Critical Add-On Pods

IP Masquerade Agent User Guide

Kubernetes Cloud Controller Manager

Limit Storage Consumption

Namespaces Walkthrough

Operating etcd clusters for Kubernetes

Reconfigure a Node's Kubelet in a Live Cluster

Reserve Compute Resources for System Daemons

Safely Drain a Node while Respecting the PodDisruptionBudget

Securing a Cluster

Set Kubelet parameters via a config file

Set up High-Availability Kubernetes Masters

Share a Cluster with Namespaces

Using a KMS provider for data encryption

Using CoreDNS for Service Discovery

Using NodeLocal DNSCache in Kubernetes clusters

Using sysctls in a Kubernetes Cluster

Configure Pods and Containers

Assign Memory Resources to Containers and Pods

Assign CPU Resources to Containers and Pods

Configure GMSA for Windows Pods and containers

Configure RunAsUserName for Windows pods and containers

Configure Quality of Service for Pods

Assign Extended Resources to a Container

Configure a Pod to Use a Volume for Storage

Configure a Pod to Use a PersistentVolume for Storage

Configure a Pod to Use a Projected Volume for Storage

Configure a Security Context for a Pod or Container

Configure Service Accounts for Pods

Pull an Image from a Private Registry

Configure Liveness, Readiness and Startup Probes

Assign Pods to Nodes

Assign Pods to Nodes using Node Affinity

Configure Pod Initialization

Attach Handlers to Container Lifecycle Events

Configure a Pod to Use a ConfigMap

Share Process Namespace between Containers in a Pod

Create static Pods

Translate a Docker Compose File to Kubernetes Resources

Manage Kubernetes Objects

Declarative Management of Kubernetes Objects Using Configuration Files

Declarative Management of Kubernetes Objects Using Kustomize

Managing Kubernetes Objects Using Imperative Commands

Imperative Management of Kubernetes Objects Using Configuration Files

Inject Data Into Applications

Define a Command and Arguments for a Container

Define Environment Variables for a Container

Expose Pod Information to Containers Through Environment Variables

Expose Pod Information to Containers Through Files

Distribute Credentials Securely Using Secrets

Inject Information into Pods Using a PodPreset

Run Applications

Run a Stateless Application Using a Deployment

Run a Single-Instance Stateful Application

Run a Replicated Stateful Application

Update API Objects in Place Using kubectl patch

Scale a StatefulSet

Delete a StatefulSet

Force Delete StatefulSet Pods

Perform Rolling Update Using a Replication Controller

Horizontal Pod Autoscaler

Horizontal Pod Autoscaler Walkthrough

Specifying a Disruption Budget for your Application

Run Jobs

Running Automated Tasks with a CronJob

Parallel Processing using Expansions

Coarse Parallel Processing Using a Work Queue

Fine Parallel Processing Using a Work Queue

Access Applications in a Cluster

Web UI (Dashboard)

Accessing Clusters

Configure Access to Multiple Clusters

Use Port Forwarding to Access Applications in a Cluster

Use a Service to Access an Application in a Cluster

Connect a Front End to a Back End Using a Service

Create an External Load Balancer

Configure Your Cloud Provider's Firewalls

List All Container Images Running in a Cluster

Set up Ingress on Minikube with the NGINX Ingress Controller

Communicate Between Containers in the Same Pod Using a Shared Volume

Configure DNS for a Cluster

Monitoring, Logging, and Debugging

Application Introspection and Debugging

Auditing with Falco

Debug a StatefulSet

Debug Init Containers

Debug Pods and ReplicationControllers

Debug Running Pods

Debugging Kubernetes nodes with crictl

Determine the Reason for Pod Failure

Developing and debugging services locally

Events in Stackdriver

Get a Shell to a Running Container

Logging Using Elasticsearch and Kibana

Logging Using Stackdriver

Monitor Node Health

Resource metrics pipeline

Tools for Monitoring Resources

Troubleshoot Applications

Troubleshoot Clusters

Troubleshooting

Extend Kubernetes

Configure the Aggregation Layer

Use Custom Resources

Extend the Kubernetes API with CustomResourceDefinitions

Versions in CustomResourceDefinitions

Setup an Extension API Server

Use an HTTP Proxy to Access the Kubernetes API

TLS

Certificate Rotation

Manage TLS Certificates in a Cluster

Manage Cluster Daemons

Perform a Rolling Update on a DaemonSet

Perform a Rollback on a DaemonSet

Install Service Catalog

Install Service Catalog using Helm

Install Service Catalog using SC

Network

Validate IPv4/IPv6 dual-stack

Extend kubectl with plugins

Manage HugePages

Use Cilium for NetworkPolicy

This page shows how to use Cilium for NetworkPolicy.

For background on Cilium, read the Introduction to Cilium.

Before you begin
Deploying Cilium on Minikube for Basic Testing
Deploying Cilium for Production Use
Understanding Cilium components
What's next

Before you begin

You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using Minikube, or you can use one of these Kubernetes playgrounds:

To check the version, enter kubectl version.

Deploying Cilium on Minikube for Basic Testing

To get familiar with Cilium easily you can follow the Cilium Kubernetes Getting Started Guide to perform a basic DaemonSet installation of Cilium in minikube.

To start minikube, minimal version required is >= v1.3.1, run the with the following arguments:

minikube version

minikube version: v1.3.1

minikube start --network-plugin=cni --memory=4096

Mount the BPF filesystem:

minikube ssh -- sudo mount bpffs -t bpf /sys/fs/bpf

For minikube you can deploy this simple “all-in-one” YAML file that includes DaemonSet configurations for Cilium as well as appropriate RBAC settings:

kubectl create -f https://raw.githubusercontent.com/cilium/cilium/v1.6/install/kubernetes/quick-install.yaml

configmap/cilium-config created
serviceaccount/cilium created
serviceaccount/cilium-operator created
clusterrole.rbac.authorization.k8s.io/cilium created
clusterrole.rbac.authorization.k8s.io/cilium-operator created
clusterrolebinding.rbac.authorization.k8s.io/cilium created
clusterrolebinding.rbac.authorization.k8s.io/cilium-operator created
daemonset.apps/cilium create
deployment.apps/cilium-operator created

The remainder of the Getting Started Guide explains how to enforce both L3/L4 (i.e., IP address + port) security policies, as well as L7 (e.g., HTTP) security policies using an example application.

Deploying Cilium for Production Use

For detailed instructions around deploying Cilium for production, see: Cilium Kubernetes Installation Guide This documentation includes detailed requirements, instructions and example production DaemonSet files.

Understanding Cilium components

Deploying a cluster with Cilium adds Pods to the kube-system namespace. To see this list of Pods run:

kubectl get pods --namespace=kube-system

You’ll see a list of Pods similar to this:

NAME            READY   STATUS    RESTARTS   AGE
cilium-6rxbd    1/1     Running   0          1m
...

A cilium Pod runs on each node in your cluster and enforces network policy on the traffic to/from Pods on that node using Linux BPF.

What's next

Once your cluster is running, you can follow the Declare Network Policy to try out Kubernetes NetworkPolicy with Cilium. Have fun, and if you have questions, contact us using the Cilium Slack Channel.

Feedback

Was this page helpful?

Thanks for the feedback. If you have a specific, answerable question about how to use Kubernetes, ask it on Stack Overflow. Open an issue in the GitHub repo if you want to report a problem or suggest an improvement.