If you have a specific goal, but are already familiar with Kubernetes, our How-to guides are more specific and contain less background information. They’ll help you achieve an end result but may require you to understand and adapt the steps to fit your specific requirements.
There are a large number of guides, so we list them here by the same categories used in the navigation.
There are also two 'special case' scenarios we provide guidance for:
CNI and networking
Charmed Kubernetes supports a wide variety of network options for your cluster, provided by additional charms.
- Kube OVN
- Tigera Secure EE
- Using multiple networks
In addition to the standard runtime, Charmed Kubernetes supports a variety of container runtime options.
These guides demonstrate the common tasks any user is likely to need:
- Basic operations
- Configure ingress
- Add storage
- Scale your cluster
- Make an etcd backup
- Upgrade to a new version
- Decommission a cluster
- Perform audit Logging
There are additional services supported by the Charmed Kubernetes team, which can be added to your cluster, or further configuration made to the default setup which are covered in these guides:
- Configure and use CDK addons
- Monitor with Grafana/Prometheus
- Use K8s Operator Charms
- Schedule containers with Volcano
- Use the cluster autoscaler
- Validate your cluster with e2e
- Use a private Docker Registry
- Configuring proxies
If you run into trouble, please see the troubleshooting guide:
Charmed Kubernetes supports enhancement for High Availability through a variety of approaches. Follow the links below for more information:
Securing your cluster
The term 'security' covers a great many subtopics related to running a Kubernetes cluster, ranging from aspects of the workloads to the underlying OS. Please see the overview of security page for a better understanding of the approach to securing your cluster.
The guides in this section contain How tos for pursuing specific security goals:
- Authorisation and authentication
- Use Vault as a CA
- Authenticate with LDAP
- Use the OPA Gatekeeper
- Use encryption-at-rest