Kubernetes ships binaries for each component as well as a standard set of client applications to bootstrap or interact with a cluster. Components like the API server are capable of running within container images inside of a cluster. Those components are also shipped in container images as part of the official release process. All binaries as well as container images are available for multiple operating systems as well as hardware architectures.
The Kubernetes command-line tool, kubectl, allows you to run commands against Kubernetes clusters.
You can use kubectl to deploy applications, inspect and manage cluster resources,
and view logs. For more information including a complete list of kubectl operations, see the
kubectl reference documentation.
kubectl is installable on a variety of Linux platforms, macOS and Windows. Find your preferred operating system below.
All Kubernetes container images are deployed to the
registry.k8s.io container image registry.
|Container Image||Supported Architectures|
|registry.k8s.io/kube-apiserver:v1.28.4||amd64, arm, arm64, ppc64le, s390x|
|registry.k8s.io/kube-controller-manager:v1.28.4||amd64, arm, arm64, ppc64le, s390x|
|registry.k8s.io/kube-proxy:v1.28.4||amd64, arm, arm64, ppc64le, s390x|
|registry.k8s.io/kube-scheduler:v1.28.4||amd64, arm, arm64, ppc64le, s390x|
|registry.k8s.io/conformance:v1.28.4||amd64, arm, arm64, ppc64le, s390x|
Container image architectures
All container images are available for multiple architectures, whereas the
container runtime should choose the correct one based on the underlying
platform. It is also possible to pull a dedicated architecture by suffixing the
container image name, for example
Container image signatures
Kubernetes v1.26 [beta]
For Kubernetes v1.28, container images are signed using sigstore signatures:
The Kubernetes project publishes a list of signed Kubernetes container images in SPDX 2.3 format. You can fetch that list using:
curl -Ls "https://sbom.k8s.io/$(curl -Ls https://dl.k8s.io/release/stable.txt)/release" | grep "SPDXID: SPDXRef-Package-registry.k8s.io" | grep -v sha256 | cut -d- -f3- | sed 's/-/\//' | sed 's/-v1/:v1/'
To manually verify signed container images of Kubernetes core components, refer to Verify Signed Container Images.
If you pull a container image for a specific architecture, the single-architecture image is signed in the same way as for the multi-architecture manifest lists.