📘 Kubernetes Docs — Personal Reference (CKA Focused)¶
A curated collection of official Kubernetes documentation links for quick navigation and CKA prep. Grouped by topic, sorted by importance.
📌 General Docs¶
🚀 Getting Started¶
Concepts¶
- Overview
- Kubernetes Components
- Objects In Kubernetes
- Kubernetes Object Management
- Object Names and IDs
- Labels and Selectors
- Namespaces
- Annotations
- Field Selectors
- Finalizers
- Owners and Dependents
- Recommended Labels
- The Kubernetes API
- Cluster Architecture
- Nodes
- Communication between Nodes and the Control Plane
- Controllers
- Leases
- Cloud Controller Manager
- About cgroup v2
- Kubernetes Self-Healing
- Container Runtime Interface (CRI)
- Garbage Collection
- Mixed Version Proxy
- Containers
- Images
- Container Environment
- Runtime Class
- Container Lifecycle Hooks
- Workloads
- Pods
- Pod Lifecycle
- Init Containers
- Sidecar Containers
- Ephemeral Containers
- Disruptions
- Pod Quality of Service Classes
- User Namespaces
- Downward API
- Workload Management
- Deployments
- ReplicaSet
- StatefulSets
- DaemonSet
- Jobs
- Automatic Cleanup for Finished Jobs
- CronJob
- ReplicationController
- Autoscaling Workloads
- Managing Workloads
- Pods
- Services, Load Balancing, and Networking
- Service
- Ingress
- Ingress Controllers
- Gateway API
- EndpointSlices
- Network Policies
- DNS for Services and Pods
- IPv4/IPv6 dual-stack
- Topology Aware Routing
- Networking on Windows
- Service ClusterIP allocation
- Service Internal Traffic Policy
- Storage
- Volumes
- Persistent Volumes
- Projected Volumes
- Ephemeral Volumes
- Storage Classes
- Volume Attributes Classes
- Dynamic Volume Provisioning
- Volume Snapshots
- Volume Snapshot Classes
- CSI Volume Cloning
- Storage Capacity
- Node-specific Volume Limits
- Volume Health Monitoring
- Windows Storage
- Configuration
- Configuration Best Practices
- ConfigMaps
- Secrets
- Liveness, Readiness, and Startup Probes
- Resource Management for Pods and Containers
- Organizing Cluster Access Using kubeconfig Files
- Resource Management for Windows nodes
- Security
- Cloud Native Security
- Pod Security Standards
- Pod Security Admission
- Service Accounts
- Pod Security Policies
- Security For Windows Nodes
- Controlling Access to the Kubernetes API
- Role Based Access Control Good Practices
- Good practices for Kubernetes Secrets
- Multi-tenancy
- Hardening Guide - Authentication Mechanisms
- Kubernetes API Server Bypass Risks
- Linux kernel security constraints for Pods and containers
- Security Checklist
- Application Security Checklist
- Policies
- Limit Ranges
- Resource Quotas
- Process ID Limits And Reservations
- Node Resource Managers
- Scheduling, Preemption and Eviction
- Kubernetes Scheduler
- Assigning Pods to Nodes
- Pod Overhead
- Pod Scheduling Readiness
- Pod Topology Spread Constraints
- Taints and Tolerations
- Scheduling Framework
- Dynamic Resource Allocation
- Scheduler Performance Tuning
- Resource Bin Packing
- Pod Priority and Preemption
- Node-pressure Eviction
- API-initiated Eviction
- Cluster Administration
- Node Shutdowns
- Node Autoscaling
- Certificates
- Cluster Networking
- Admission Webhook Good Practices
- Logging Architecture
- Compatibility Version For Kubernetes Control Plane Components
- Metrics For Kubernetes System Components
- Metrics for Kubernetes Object States
- System Logs
- Traces For Kubernetes System Components
- Proxies in Kubernetes
- API Priority and Fairness
- Installing Addons
- Coordinated Leader Election
- Windows in Kubernetes
- Windows containers in Kubernetes
- Guide for Running Windows Containers in Kubernetes
- Extending Kubernetes
- Compute, Storage, and Networking Extensions
- Network Plugins
- Device Plugins
- Extending the Kubernetes API
- Custom Resources
- Kubernetes API Aggregation Layer
- Operator pattern
- Compute, Storage, and Networking Extensions
Tasks¶
- Install Tools
- Install and Set Up kubectl on Linux
- Install and Set Up kubectl on macOS
- Install and Set Up kubectl on Windows
- Administer a Cluster
- Administration with kubeadm
- Adding Linux worker nodes
- Adding Windows worker nodes
- Upgrading kubeadm clusters
- Upgrading Linux nodes
- Upgrading Windows nodes
- Configuring a cgroup driver
- Certificate Management with kubeadm
- Reconfiguring a kubeadm cluster
- Changing The Kubernetes Package Repository
- Overprovision Node Capacity For A Cluster
- Migrating from dockershim
- Changing the Container Runtime on a Node from Docker Engine to containerd
- Find Out What Container Runtime is Used on a Node
- Troubleshooting CNI plugin-related errors
- Check whether dockershim removal affects you
- Migrating telemetry and security agents from dockershim
- Generate Certificates Manually
- Manage Memory, CPU, and API Resources
- Configure Default Memory Requests and Limits for a Namespace
- Configure Default CPU Requests and Limits for a Namespace
- Configure Minimum and Maximum Memory Constraints for a Namespace
- Configure Minimum and Maximum CPU Constraints for a Namespace
- Configure Memory and CPU Quotas for a Namespace
- Configure a Pod Quota for a Namespace
- Install a Network Policy Provider
- Use Antrea for NetworkPolicy
- Use Calico for NetworkPolicy
- Use Cilium for NetworkPolicy
- Use Kube-router for NetworkPolicy
- Romana for NetworkPolicy
- Weave Net for NetworkPolicy
- Access Clusters Using the Kubernetes API
- Advertise Extended Resources for a Node
- Autoscale the DNS Service in a Cluster
- Change the Access Mode of a PersistentVolume to ReadWriteOncePod
- Change the default StorageClass
- Switching from Polling to CRI Event-based Updates to Container Status
- Change the Reclaim Policy of a PersistentVolume
- Cloud Controller Manager Administration
- Configure a kubelet image credential provider
- Configure Quotas for API Objects
- Control CPU Management Policies on the Node
- Control Topology Management Policies on a node
- Customizing DNS Service
- Debugging DNS Resolution
- Declare Network Policy
- Developing Cloud Controller Manager
- Enable Or Disable A Kubernetes API
- Encrypting Confidential Data at Rest
- Decrypt Confidential Data that is Already Encrypted at Rest
- Guaranteed Scheduling For Critical Add-On Pods
- IP Masquerade Agent User Guide
- Limit Storage Consumption
- Migrate Replicated Control Plane To Use Cloud Controller Manager
- Namespaces Walkthrough
- Operating etcd clusters for Kubernetes
- Reserve Compute Resources for System Daemons
- Running Kubernetes Node Components as a Non-root User
- Safely Drain a Node
- Securing a Cluster
- Set Kubelet Parameters Via A Configuration File
- Share a Cluster with Namespaces
- Upgrade A Cluster
- Use Cascading Deletion in a Cluster
- Using a KMS provider for data encryption
- Using CoreDNS for Service Discovery
- Using NodeLocal DNSCache in Kubernetes Clusters
- Using sysctls in a Kubernetes Cluster
- Utilizing the NUMA-aware Memory Manager
- Verify Signed Kubernetes Artifacts
- Administration with kubeadm
- Configure Pods and Containers
- Assign Memory Resources to Containers and Pods
- Assign CPU Resources to Containers and Pods
- Assign Pod-level CPU and memory resources
- Configure GMSA for Windows Pods and containers
- Resize CPU and Memory Resources assigned to Containers
- Configure RunAsUserName for Windows pods and containers
- Create a Windows HostProcess Pod
- Configure Quality of Service for Pods
- Assign Extended Resources to a Container
- Configure a Pod to Use a Volume for Storage
- Configure a Pod to Use a PersistentVolume for Storage
- Configure a Pod to Use a Projected Volume for Storage
- Configure a Security Context for a Pod or Container
- Configure Service Accounts for Pods
- Pull an Image from a Private Registry
- Configure Liveness, Readiness and Startup Probes
- Assign Pods to Nodes
- Assign Pods to Nodes using Node Affinity
- Configure Pod Initialization
- Attach Handlers to Container Lifecycle Events
- Configure a Pod to Use a ConfigMap
- Share Process Namespace between Containers in a Pod
- Use a User Namespace With a Pod
- Use an Image Volume With a Pod
- Create static Pods
- Translate a Docker Compose File to Kubernetes Resources
- Enforce Pod Security Standards by Configuring the Built-in Admission Controller
- Enforce Pod Security Standards with Namespace Labels
- Migrate from PodSecurityPolicy to the Built-In PodSecurity Admission Controller
- Monitoring, Logging, and Debugging
- Troubleshooting Applications
- Debug Pods
- Debug Services
- Debug a StatefulSet
- Determine the Reason for Pod Failure
- Debug Init Containers
- Debug Running Pods
- Get a Shell to a Running Container
- Troubleshooting Clusters
- Troubleshooting kubectl
- Resource metrics pipeline
- Tools for Monitoring Resources
- Monitor Node Health
- Debugging Kubernetes nodes with crictl
- Auditing
- Debugging Kubernetes Nodes With Kubectl
- Developing and debugging services locally using telepresence
- Windows debugging tips
- Troubleshooting Applications
- Manage Kubernetes Objects
- Declarative Management of Kubernetes Objects Using Configuration Files
- Declarative Management of Kubernetes Objects Using Kustomize
- Managing Kubernetes Objects Using Imperative Commands
- Imperative Management of Kubernetes Objects Using Configuration Files
- Update API Objects in Place Using kubectl patch
- Migrate Kubernetes Objects Using Storage Version Migration
- Managing Secrets
- Managing Secrets using kubectl
- Managing Secrets using Configuration File
- Managing Secrets using Kustomize
- Inject Data Into Applications
- Define a Command and Arguments for a Container
- Define Dependent Environment Variables
- Define Environment Variables for a Container
- Expose Pod Information to Containers Through Environment Variables
- Expose Pod Information to Containers Through Files
- Distribute Credentials Securely Using Secrets
- Run Applications
- Run a Stateless Application Using a Deployment
- Run a Single-Instance Stateful Application
- Run a Replicated Stateful Application
- Scale a StatefulSet
- Delete a StatefulSet
- Force Delete StatefulSet Pods
- Horizontal Pod Autoscaling
- HorizontalPodAutoscaler Walkthrough
- Specifying a Disruption Budget for your Application
- Accessing the Kubernetes API from a Pod
- Run Jobs
- Running Automated Tasks with a CronJob
- Coarse Parallel Processing Using a Work Queue
- Fine Parallel Processing Using a Work Queue
- Indexed Job for Parallel Processing with Static Work Assignment
- Job with Pod-to-Pod Communication
- Parallel Processing using Expansions
- Handling retriable and non-retriable pod failures with Pod failure policy
- Access Applications in a Cluster
- Deploy and Access the Kubernetes Dashboard
- Accessing Clusters
- Configure Access to Multiple Clusters
- Use Port Forwarding to Access Applications in a Cluster
- Use a Service to Access an Application in a Cluster
- Connect a Frontend to a Backend Using Services
- Create an External Load Balancer
- List All Container Images Running in a Cluster
- Set up Ingress on Minikube with the NGINX Ingress Controller
- Communicate Between Containers in the Same Pod Using a Shared Volume
- Configure DNS for a Cluster
- Access Services Running on Clusters
- Extend Kubernetes
- Configure the Aggregation Layer
- Use Custom Resources
- Extend the Kubernetes API with CustomResourceDefinitions
- Versions in CustomResourceDefinitions
- Set up an Extension API Server
- Configure Multiple Schedulers
- Use an HTTP Proxy to Access the Kubernetes API
- Use a SOCKS5 Proxy to Access the Kubernetes API
- Set up Konnectivity service
- TLS
- Issue a Certificate for a Kubernetes API Client Using A CertificateSigningRequest
- Configure Certificate Rotation for the Kubelet
- Manage TLS Certificates in a Cluster
- Manual Rotation of CA Certificates
- Manage Cluster Daemons
- Building a Basic DaemonSet
- Perform a Rolling Update on a DaemonSet
- Perform a Rollback on a DaemonSet
- Running Pods on Only Some Nodes
- Networking
- Adding entries to Pod /etc/hosts with HostAliases
- Extend Service IP Ranges
- Validate IPv4/IPv6 dual-stack
- Extend kubectl with plugins
- Manage HugePages
- Schedule GPUs
Tutorials¶
- Hello Minikube
- Learn Kubernetes Basics
- Create a Cluster
- Using Minikube to Create a Cluster
- Deploy an App
- Using kubectl to Create a Deployment
- Explore Your App
- Viewing Pods and Nodes
- Expose Your App Publicly
- Using a Service to Expose Your App
- Scale Your App
- Running Multiple Instances of Your App
- Update Your App
- Performing a Rolling Update
- Create a Cluster
- Configuration
- Updating Configuration via a ConfigMap
- Configuring Redis using a ConfigMap
- Adopting Sidecar Containers
- Security
- Apply Pod Security Standards at the Cluster Level
- Apply Pod Security Standards at the Namespace Level
- Restrict a Container's Access to Resources with AppArmor
- Restrict a Container's Syscalls with seccomp
- Stateless Applications
- Exposing an External IP Address to Access an Application in a Cluster
- Example: Deploying PHP Guestbook application with Redis
- Stateful Applications
- StatefulSet Basics
- Example: Deploying WordPress and MySQL with Persistent Volumes
- Example: Deploying Cassandra with a StatefulSet
- Running ZooKeeper, A Distributed System Coordinator
- Cluster Management
- Running Kubelet in Standalone Mode
- Services
- Connecting Applications with Services
- Using Source IP
- Explore Termination Behavior for Pods And Their Endpoints
Reference¶
- Glossary
- API Overview
- Kubernetes API Concepts
- Server-Side Apply
- Client Libraries
- Common Expression Language in Kubernetes
- Kubernetes Deprecation Policy
- Deprecated API Migration Guide
- Kubernetes API health endpoints
- API Access Control
- Authenticating
- Authenticating with Bootstrap Tokens
- Authorization
- Using RBAC Authorization
- Using Node Authorization
- Webhook Mode
- Using ABAC Authorization
- Admission Control
- Dynamic Admission Control
- Managing Service Accounts
- Certificates and Certificate Signing Requests
- Mapping PodSecurityPolicies to Pod Security Standards
- Kubelet authentication/authorization
- TLS bootstrapping
- Mutating Admission Policy
- Validating Admission Policy
- Well-Known Labels, Annotations and Taints
- Audit Annotations
- Kubernetes API
- Workload Resources
- Pod
- Binding
- PodTemplate
- ReplicationController
- ReplicaSet
- Deployment
- StatefulSet
- ControllerRevision
- DaemonSet
- Job
- CronJob
- HorizontalPodAutoscaler
- HorizontalPodAutoscaler
- PriorityClass
- PodSchedulingContext v1alpha3
- ResourceClaim v1alpha3
- ResourceClaim v1beta1
- ResourceClaimTemplate v1alpha3
- ResourceClaimTemplate v1beta1
- ResourceSlice v1alpha3
- ResourceSlice v1beta1
- Service Resources
- Service
- Endpoints
- EndpointSlice
- Ingress
- IngressClass
- Config and Storage Resources
- ConfigMap
- Secret
- CSIDriver
- CSINode
- CSIStorageCapacity
- PersistentVolumeClaim
- PersistentVolume
- StorageClass
- StorageVersionMigration v1alpha1
- Volume
- VolumeAttachment
- VolumeAttributesClass v1beta1
- Authentication Resources
- ServiceAccount
- TokenRequest
- TokenReview
- CertificateSigningRequest
- ClusterTrustBundle v1alpha1
- SelfSubjectReview
- Authorization Resources
- LocalSubjectAccessReview
- SelfSubjectAccessReview
- SelfSubjectRulesReview
- SubjectAccessReview
- ClusterRole
- ClusterRoleBinding
- Role
- RoleBinding
- Policy Resources
- FlowSchema
- LimitRange
- ResourceQuota
- NetworkPolicy
- PodDisruptionBudget
- PriorityLevelConfiguration
- ValidatingAdmissionPolicy
- ValidatingAdmissionPolicyBinding
- Extend Resources
- CustomResourceDefinition
- DeviceClass v1alpha3
- DeviceClass v1beta1
- MutatingWebhookConfiguration
- ValidatingWebhookConfiguration
- Cluster Resources
- APIService
- ComponentStatus
- Event
- IPAddress v1beta1
- Lease
- LeaseCandidate v1alpha1
- Namespace
- Node
- RuntimeClass
- ServiceCIDR v1beta1
- Common Definitions
- DeleteOptions
- LabelSelector
- ListMeta
- LocalObjectReference
- NodeSelectorRequirement
- ObjectFieldSelector
- ObjectMeta
- ObjectReference
- Patch
- Quantity
- ResourceFieldSelector
- Status
- TypedLocalObjectReference
- Common Parameters
- Workload Resources
- Instrumentation
- Service Level Indicator Metrics
- CRI Pod & Container Metrics
- Node metrics data
- Kubernetes z-pages
- Kubernetes Metrics Reference
- Kubernetes Issues and Security
- Kubernetes Issue Tracker
- Kubernetes Security and Disclosure Information
- CVE feed
- Node Reference Information
- Kubelet Checkpoint API
- Linux Kernel Version Requirements
- Articles on dockershim Removal and on Using CRI-compatible Runtimes
- Node Labels Populated By The Kubelet
- Local Files And Paths Used By The Kubelet
- Kubelet Configuration Directory Merging
- Kubelet Device Manager API Versions
- Kubelet Systemd Watchdog
- Node Status
- Seccomp and Kubernetes
- Networking Reference
- Protocols for Services
- Ports and Protocols
- Virtual IPs and Service Proxies
- Setup tools
- Kubeadm
- kubeadm init
- kubeadm join
- kubeadm upgrade
- kubeadm upgrade phases
- kubeadm config
- kubeadm reset
- kubeadm token
- kubeadm version
- kubeadm alpha
- kubeadm certs
- kubeadm init phase
- kubeadm join phase
- kubeadm kubeconfig
- kubeadm reset phase
- Implementation details
- Kubeadm
- Command line tool (kubectl)
- Introduction to kubectl
- kubectl Quick Reference
- kubectl reference
- kubectl
- kubectl annotate
- kubectl api-resources
- kubectl api-versions
- kubectl apply
- kubectl apply edit-last-applied
- kubectl apply set-last-applied
- kubectl apply view-last-applied
- kubectl attach
- kubectl auth
- kubectl auth can-i
- kubectl auth reconcile
- kubectl auth whoami
- kubectl autoscale
- kubectl certificate
- kubectl certificate approve
- kubectl certificate deny
- kubectl cluster-info
- kubectl cluster-info dump
- kubectl completion
- kubectl config
- kubectl config current-context
- kubectl config delete-cluster
- kubectl config delete-context
- kubectl config delete-user
- kubectl config get-clusters
- kubectl config get-contexts
- kubectl config get-users
- kubectl config rename-context
- kubectl config set
- kubectl config set-cluster
- kubectl config set-context
- kubectl config set-credentials
- kubectl config unset
- kubectl config use-context
- kubectl config view
- kubectl cordon
- kubectl cp
- kubectl create
- kubectl create clusterrole
- kubectl create clusterrolebinding
- kubectl create configmap
- kubectl create cronjob
- kubectl create deployment
- kubectl create ingress
- kubectl create job
- kubectl create namespace
- kubectl create poddisruptionbudget
- kubectl create priorityclass
- kubectl create quota
- kubectl create role
- kubectl create rolebinding
- kubectl create secret
- kubectl create secret docker-registry
- kubectl create secret generic
- kubectl create secret tls
- kubectl create service
- kubectl create service clusterip
- kubectl create service externalname
- kubectl create service loadbalancer
- kubectl create service nodeport
- kubectl create serviceaccount
- kubectl create token
- kubectl debug
- kubectl delete
- kubectl describe
- kubectl diff
- kubectl drain
- kubectl edit
- kubectl events
- kubectl exec
- kubectl explain
- kubectl expose
- kubectl get
- kubectl kustomize
- kubectl label
- kubectl logs
- kubectl options
- kubectl patch
- kubectl plugin
- kubectl plugin list
- kubectl port-forward
- kubectl proxy
- kubectl replace
- kubectl rollout
- kubectl rollout history
- kubectl rollout pause
- kubectl rollout restart
- kubectl rollout resume
- kubectl rollout status
- kubectl rollout undo
- kubectl run
- kubectl scale
- kubectl set
- kubectl set env
- kubectl set image
- kubectl set resources
- kubectl set selector
- kubectl set serviceaccount
- kubectl set subject
- kubectl taint
- kubectl top
- kubectl top node
- kubectl top pod
- kubectl uncordon
- kubectl version
- kubectl wait
- kubectl Commands
- kubectl
- JSONPath Support
- kubectl for Docker Users
- kubectl Usage Conventions
- Component tools
- Feature Gates
- Feature Gates (removed)
- kubelet
- kube-apiserver
- kube-controller-manager
- kube-proxy
- kube-scheduler
- Debug cluster
- Flow control
- Configuration APIs
- Client Authentication (v1)
- Client Authentication (v1beta1)
- Event Rate Limit Configuration (v1alpha1)
- Image Policy API (v1alpha1)
- kube-apiserver Admission (v1)
- kube-apiserver Audit Configuration (v1)
- kube-apiserver Configuration (v1)
- kube-apiserver Configuration (v1alpha1)
- kube-apiserver Configuration (v1beta1)
- kube-controller-manager Configuration (v1alpha1)
- kube-proxy Configuration (v1alpha1)
- kube-scheduler Configuration (v1)
- kubeadm Configuration (v1beta3)
- kubeadm Configuration (v1beta4)
- kubeconfig (v1)
- Kubelet Configuration (v1)
- Kubelet Configuration (v1alpha1)
- Kubelet Configuration (v1beta1)
- Kubelet CredentialProvider (v1)
- WebhookAdmission Configuration (v1)
- External APIs
- Kubernetes Custom Metrics (v1beta2)
- Kubernetes External Metrics (v1beta1)
- Kubernetes Metrics (v1beta1)
- Scheduling
- Scheduler Configuration
- Scheduling Policies
- Other Tools
Contribute¶
- Contribute to Kubernetes Documentation
- Suggesting content improvements
- Contributing new content
- Opening a pull request
- Documenting for a release
- Blogs and case studies
- Reviewing changes
- Reviewing pull requests
- For approvers and reviewers
- Localizing Kubernetes documentation
- Participating in SIG Docs
- Roles and responsibilities
- Issue Wranglers
- PR wranglers
- Documentation style overview
- Content guide
- Style guide
- Diagram guide
- Writing a new topic
- Page content types
- Content organization
- Custom Hugo Shortcodes
- Updating Reference Documentation
- Quickstart
- Contributing to the Upstream Kubernetes Code
- Generating Reference Documentation for the Kubernetes API
- Generating Reference Documentation for kubectl Commands
- Generating Reference Documentation for Metrics
- Generating Reference Pages for Kubernetes Components and Tools
- Advanced contributing
- Viewing Site Analytics