Production-Grade Container Scheduling and Management
Go to file
Monis Khan cd91e59f7c
csr: add expirationSeconds field to control cert lifetime
This change updates the CSR API to add a new, optional field called
expirationSeconds.  This field is a request to the signer for the
maximum duration the client wishes the cert to have.  The signer is
free to ignore this request based on its own internal policy.  The
signers built-in to KCM will honor this field if it is not set to a
value greater than --cluster-signing-duration.  The minimum allowed
value for this field is 600 seconds (ten minutes).

This change will help enforce safer durations for certificates in
the Kube ecosystem and will help related projects such as
cert-manager with their migration to the Kube CSR API.

Future enhancements may update the Kubelet to take advantage of this
field when it is configured in a way that can tolerate shorter
certificate lifespans with regular rotation.

Signed-off-by: Monis Khan <mok@vmware.com>
2021-07-01 23:38:15 -04:00
.github .github: update enhancement issue template to point to KEPs 2021-02-24 16:03:40 +05:30
api Merge pull request #99378 from mattcary/api 2021-06-30 11:49:03 -07:00
build dependencies: remove go-bindata 2021-06-29 19:16:51 +05:30
CHANGELOG Merge pull request #103093 from songxiao-wang87/run-test22 2021-06-28 01:11:25 -07:00
cluster Merge pull request #103332 from mcshooter/updateNPDVersion 2021-06-30 01:19:02 -07:00
cmd csr: add expirationSeconds field to control cert lifetime 2021-07-01 23:38:15 -04:00
docs hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
hack Merge pull request #99829 from palnabarun/migrate-to-go-embed 2021-06-30 10:37:03 -07:00
LICENSES dependencies: remove go-bindata 2021-06-29 19:16:51 +05:30
logo Create colors.md 2021-01-15 22:15:43 -08:00
pkg csr: add expirationSeconds field to control cert lifetime 2021-07-01 23:38:15 -04:00
plugin PodSecurity: kube-apiserver: admission wiring 2021-06-28 17:45:35 -04:00
staging csr: add expirationSeconds field to control cert lifetime 2021-07-01 23:38:15 -04:00
test csr: add expirationSeconds field to control cert lifetime 2021-07-01 23:38:15 -04:00
third_party remove unused third_party/intemp 2021-03-08 21:17:37 -08:00
vendor Merge pull request #103318 from jpbetz/fix-102749 2021-06-30 14:03:03 -07:00
.generated_files
.gitattributes
.gitignore Rename _examples to examples 2021-01-25 10:20:46 -08:00
CHANGELOG.md
code-of-conduct.md
CONTRIBUTING.md
go.mod Merge pull request #103318 from jpbetz/fix-102749 2021-06-30 14:03:03 -07:00
go.sum Merge pull request #103318 from jpbetz/fix-102749 2021-06-30 14:03:03 -07:00
LICENSE
Makefile
Makefile.generated_files
OWNERS
OWNERS_ALIASES Add lilic as Instrumentation reviewer 2021-06-23 12:08:11 -07:00
README.md Update godoc reference widget to pkg.go.dev 2021-01-26 09:34:07 -05:00
SECURITY_CONTACTS
SUPPORT.md

Kubernetes (K8s)

GoPkg Widget CII Best Practices


Kubernetes, also known as K8s, is an open source system for managing containerized applications across multiple hosts. It provides basic mechanisms for deployment, maintenance, and scaling of applications.

Kubernetes builds upon a decade and a half of experience at Google running production workloads at scale using a system called Borg, combined with best-of-breed ideas and practices from the community.

Kubernetes is hosted by the Cloud Native Computing Foundation (CNCF). If your company wants to help shape the evolution of technologies that are container-packaged, dynamically scheduled, and microservices-oriented, consider joining the CNCF. For details about who's involved and how Kubernetes plays a role, read the CNCF announcement.


To start using K8s

See our documentation on kubernetes.io.

Try our interactive tutorial.

Take a free course on Scalable Microservices with Kubernetes.

To use Kubernetes code as a library in other applications, see the list of published components. Use of the k8s.io/kubernetes module or k8s.io/kubernetes/... packages as libraries is not supported.

To start developing K8s

The community repository hosts all information about building Kubernetes from source, how to contribute code and documentation, who to contact about what, etc.

If you want to build Kubernetes right away there are two options:

You have a working Go environment.
mkdir -p $GOPATH/src/k8s.io
cd $GOPATH/src/k8s.io
git clone https://github.com/kubernetes/kubernetes
cd kubernetes
make
You have a working Docker environment.
git clone https://github.com/kubernetes/kubernetes
cd kubernetes
make quick-release

For the full story, head over to the developer's documentation.

Support

If you need support, start with the troubleshooting guide, and work your way through the process that we've outlined.

That said, if you have questions, reach out to us one way or another.