2017-04-03 19:31:32 +00:00
---
2018-02-18 19:29:37 +00:00
reviewers:
2017-04-03 19:31:32 +00:00
- bprashanth
- liggitt
- thockin
2017-06-08 18:48:28 +00:00
title: Configure Service Accounts for Pods
2018-06-22 18:20:04 +00:00
content_template: templates/task
2018-05-20 04:43:52 +00:00
weight: 90
2017-04-03 19:31:32 +00:00
---
2018-06-22 18:20:04 +00:00
{{% capture overview %}}
2017-04-03 19:31:32 +00:00
A service account provides an identity for processes that run in a Pod.
2019-03-12 19:38:39 +00:00
*This is a user introduction to Service Accounts. See also the
2018-07-18 22:25:38 +00:00
[Cluster Admin Guide to Service Accounts ](/docs/reference/access-authn-authz/service-accounts-admin/ ).*
2017-04-03 19:31:32 +00:00
2018-05-05 16:00:51 +00:00
{{< note > }}
2018-11-06 19:33:04 +00:00
This document describes how service accounts behave in a cluster set up
2019-03-12 19:38:39 +00:00
as recommended by the Kubernetes project. Your cluster administrator may have
2017-04-03 19:31:32 +00:00
customized the behavior in your cluster, in which case this documentation may
2017-08-17 23:19:24 +00:00
not apply.
2018-05-05 16:00:51 +00:00
{{< / note > }}
2017-04-03 19:31:32 +00:00
2017-10-13 08:23:07 +00:00
When you (a human) access the cluster (for example, using `kubectl` ), you are
2017-04-03 19:31:32 +00:00
authenticated by the apiserver as a particular User Account (currently this is
2019-03-12 19:38:39 +00:00
usually `admin` , unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver.
When they do, they are authenticated as a particular Service Account (for example, `default` ).
2017-04-03 19:31:32 +00:00
2018-06-22 18:20:04 +00:00
{{% /capture %}}
{{% capture prerequisites %}}
{{< include " task-tutorial-prereqs . md " > }} {{< version-check > }}
{{% /capture %}}
{{% capture steps %}}
2017-06-08 18:48:28 +00:00
## Use the Default Service Account to access the API server.
2017-04-03 19:31:32 +00:00
2017-04-04 20:24:15 +00:00
When you create a pod, if you do not specify a service account, it is
automatically assigned the `default` service account in the same namespace.
2019-03-12 19:38:39 +00:00
If you get the raw json or yaml for a pod you have created (for example, `kubectl get pods/<podname> -o yaml` ), you can see the `spec.serviceAccountName` field has been [automatically set ](/docs/user-guide/working-with-resources/#resources-are-automatically-modified ).
2017-04-03 19:31:32 +00:00
2019-03-12 19:38:39 +00:00
You can access the API from inside a pod using automatically mounted service account credentials, as described in [Accessing the Cluster ](/docs/user-guide/accessing-the-cluster/#accessing-the-api-from-a-pod ).
2018-07-18 22:07:24 +00:00
The API permissions of the service account depend on the [authorization plugin and policy ](/docs/reference/access-authn-authz/authorization/#authorization-modules ) in use.
2017-04-04 20:24:15 +00:00
2019-03-12 19:38:39 +00:00
In version 1.6+, you can opt out of automounting API credentials for a service account by setting `automountServiceAccountToken: false` on the service account:
2017-04-04 20:24:15 +00:00
```yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: build-robot
automountServiceAccountToken: false
...
```
In version 1.6+, you can also opt out of automounting API credentials for a particular pod:
```yaml
apiVersion: v1
kind: Pod
metadata:
name: my-pod
spec:
serviceAccountName: build-robot
automountServiceAccountToken: false
...
```
The pod spec takes precedence over the service account if both specify a `automountServiceAccountToken` value.
2017-04-03 19:31:32 +00:00
2017-06-08 18:48:28 +00:00
## Use Multiple Service Accounts.
2017-04-03 19:31:32 +00:00
Every namespace has a default service account resource called `default` .
You can list this and any other serviceAccount resources in the namespace with this command:
```shell
2018-07-20 23:04:57 +00:00
kubectl get serviceAccounts
2019-03-12 19:38:39 +00:00
```
The output is similar to this:
```
2017-04-03 19:31:32 +00:00
NAME SECRETS AGE
default 1 1d
```
2017-04-04 20:24:15 +00:00
You can create additional ServiceAccount objects like this:
2017-04-03 19:31:32 +00:00
```shell
2018-07-20 23:04:57 +00:00
kubectl create -f - < < EOF
2017-04-03 19:31:32 +00:00
apiVersion: v1
kind: ServiceAccount
metadata:
name: build-robot
EOF
```
If you get a complete dump of the service account object, like this:
```shell
2018-07-20 23:04:57 +00:00
kubectl get serviceaccounts/build-robot -o yaml
2019-03-12 19:38:39 +00:00
```
The output is similar to this:
```
2017-04-03 19:31:32 +00:00
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: 2015-06-16T00:12:59Z
name: build-robot
namespace: default
resourceVersion: "272500"
selfLink: /api/v1/namespaces/default/serviceaccounts/build-robot
uid: 721ab723-13bc-11e5-aec2-42010af0021e
secrets:
- name: build-robot-token-bvbk5
```
then you will see that a token has automatically been created and is referenced by the service account.
2018-07-27 19:12:56 +00:00
You may use authorization plugins to [set permissions on service accounts ](/docs/reference/access-authn-authz/rbac/#service-account-permissions ).
2017-04-03 19:31:32 +00:00
2017-04-04 20:24:15 +00:00
To use a non-default service account, simply set the `spec.serviceAccountName`
2017-04-03 19:31:32 +00:00
field of a pod to the name of the service account you wish to use.
The service account has to exist at the time the pod is created, or it will be rejected.
You cannot update the service account of an already created pod.
You can clean up the service account from this example like this:
```shell
2018-07-20 23:04:57 +00:00
kubectl delete serviceaccount/build-robot
2017-04-03 19:31:32 +00:00
```
## Manually create a service account API token.
Suppose we have an existing service account named "build-robot" as mentioned above, and we create
a new secret manually.
```shell
2018-07-20 23:04:57 +00:00
kubectl create -f - < < EOF
2017-04-03 19:31:32 +00:00
apiVersion: v1
kind: Secret
metadata:
name: build-robot-secret
2017-07-28 15:23:11 +00:00
annotations:
2017-04-03 19:31:32 +00:00
kubernetes.io/service-account.name: build-robot
type: kubernetes.io/service-account-token
EOF
```
Now you can confirm that the newly built secret is populated with an API token for the "build-robot" service account.
Any tokens for non-existent service accounts will be cleaned up by the token controller.
```shell
2018-07-20 23:04:57 +00:00
kubectl describe secrets/build-robot-secret
2019-03-12 19:38:39 +00:00
```
The output is similar to this:
```
2017-09-26 18:40:39 +00:00
Name: build-robot-secret
Namespace: default
Labels: < none >
Annotations: kubernetes.io/service-account.name=build-robot
kubernetes.io/service-account.uid=da68f9c6-9d26-11e7-b84e-002dc52800da
2017-04-03 19:31:32 +00:00
2017-09-26 18:40:39 +00:00
Type: kubernetes.io/service-account-token
2017-04-03 19:31:32 +00:00
Data
====
2017-09-26 18:40:39 +00:00
ca.crt: 1338 bytes
namespace: 7 bytes
token: ...
2017-04-03 19:31:32 +00:00
```
2018-05-05 16:00:51 +00:00
{{< note > }}
2018-11-06 19:33:04 +00:00
The content of `token` is elided here.
2018-05-05 16:00:51 +00:00
{{< / note > }}
2017-04-03 19:31:32 +00:00
2017-06-08 18:48:28 +00:00
## Add ImagePullSecrets to a service account
2017-04-03 19:31:32 +00:00
2018-10-25 18:02:31 +00:00
First, create an imagePullSecret, as described [here ](/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod ).
2019-03-12 19:38:39 +00:00
Next, verify it has been created. For example:
2017-04-03 19:31:32 +00:00
```shell
2018-07-20 23:04:57 +00:00
kubectl get secrets myregistrykey
2019-03-12 19:38:39 +00:00
```
The output is similar to this:
```
2017-04-03 19:31:32 +00:00
NAME TYPE DATA AGE
myregistrykey
```
2017-06-14 14:26:47 +00:00
Next, modify the default service account for the namespace to use this secret as an imagePullSecret.
2017-04-03 19:31:32 +00:00
```shell
2018-09-20 11:53:38 +00:00
kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "myregistrykey"}]}'
2017-04-03 19:31:32 +00:00
```
2019-03-12 19:38:39 +00:00
Interactive version requires manual edit:
2017-08-17 23:19:24 +00:00
2017-04-03 19:31:32 +00:00
```shell
2018-07-20 23:04:57 +00:00
kubectl get serviceaccounts default -o yaml > ./sa.yaml
2019-03-12 19:38:39 +00:00
```
The output of the `sa.yaml` file is similar to this:
2018-07-20 23:04:57 +00:00
2019-03-12 19:38:39 +00:00
```shell
2017-04-03 19:31:32 +00:00
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: 2015-08-07T22:02:39Z
name: default
namespace: default
resourceVersion: "243024"
selfLink: /api/v1/namespaces/default/serviceaccounts/default
uid: 052fb0f4-3d50-11e5-b066-42010af0d7b6
secrets:
- name: default-token-uudge
2019-03-12 19:38:39 +00:00
```
2018-07-20 23:04:57 +00:00
2019-03-12 19:38:39 +00:00
Using your editor of choice (for example `vi` ), open the `sa.yaml` file, delete line with key `resourceVersion` , add lines with `imagePullSecrets:` and save.
2018-07-20 23:04:57 +00:00
2019-03-12 19:38:39 +00:00
The output of the `sa.yaml` file is similar to this:
```shell
2017-04-03 19:31:32 +00:00
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: 2015-08-07T22:02:39Z
name: default
namespace: default
selfLink: /api/v1/namespaces/default/serviceaccounts/default
uid: 052fb0f4-3d50-11e5-b066-42010af0d7b6
secrets:
- name: default-token-uudge
imagePullSecrets:
- name: myregistrykey
2019-03-12 19:38:39 +00:00
```
Finally replace the serviceaccount with the new updated `sa.yaml` file
2018-07-20 23:04:57 +00:00
2019-03-12 19:38:39 +00:00
```shell
2018-07-20 23:04:57 +00:00
kubectl replace serviceaccount default -f ./sa.yaml
2017-04-03 19:31:32 +00:00
```
Now, any new pods created in the current namespace will have this added to their spec:
```yaml
spec:
imagePullSecrets:
- name: myregistrykey
```
<!-- ## Adding Secrets to a service account.
TODO: Test and explain how to use additional non-K8s secrets with an existing service account.
2017-04-11 04:09:31 +00:00
-->
2018-06-22 18:20:04 +00:00
[Do Not Merge] Release 1.12 (#10292)
* Update docs for fields allowed at root of CRD schema (#9973)
* add plugin docs and examples (#10053)
* docs update to promote TaintNodesByCondition to beta (#9626)
* HPA Specificity Improvements (#8757)
Updated the HPA docs to reference the `autoscaling/v2beta2` API version,
and added documentation about the new fields.
* adjust docs for pod ready++ (#10049)
* Remove --cadvisor-port - has been deprecated since v1.10 (#10023)
Change-Id: Id2a685473a243aef492a98ff450759f39e362557
* Add Documentation for Snapshot Feature (#9948)
* Add documentation for snapshot feature
* Update volume-snapshots.md
* Add dry-run to api-concepts (#10033)
* kubeadm-init: Update the offline support section (#10062)
The update includes the following things (in mind with Kubernetes 1.12):
- Remove the 1.8 image versions
- Add the 1.10 image versions that were missing until now
- Include a comment for the missing arch suffixes in 1.12
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
* Say bye to `DynamicProvisioningScheduling` (#10157)
The mentioned feature gate is now collapsed into `VolumeScheduling`.
xref: kubernetes/kubernetes#67432
* Update ResourceQuota per PriorityClass state for 1.12 (#10229)
* TokenRequest and TokenRequestProjection now beta (#10161)
xref: kubernetes/kubernetes#67349
* Change feature state for kms provider to beta. (#10230)
KMS Provider will be graduating to beta in v1.12, reflecting this change on the website.
* coredns default (#10200)
* Promote ShareProcessNamespace to beta in docs (#9996)
* Add CoreDNS details to DNS Debug docs (#10201)
* add coredns details
* address nits, add query logging section
* Update docs with topology aware dynamic provisioning (#9939)
* Document topology aware volume binding feature
* update for readability
* Update storage-classes.md
* comma splice
* don't abbreviate
* HPA Algorithm Information Improvements (#9780)
* Update HPA docs with more algorithm details
The HPA docs pointed to an out-of-date document for information on the
algorithm details, which users were finding confusing. This sticks a
section on the algorithm in the HPA docs instead, documenting both
general behavior and corner cases.
* Add glossary info, HPA docs on quantities
People often ask about the quantity notation when working with the
metrics APIs, so this adds a glossary entry on quantities (since they're
used elsewhere in the system), and a short explantation in the HPA walkthough.
* Information about HPA readiness and stabilization
This adds information about the new changes to HPA readiness and
stabilization from kubernetes/features#591, and other minor changes that
landed in Kubernetes 1.12.
* Update horizontal-pod-autoscale.md
* Audit 1.12 doc (#9953)
* audit 1.12 document
* remove legacy audit feature
https://github.com/kubernetes/kubernetes/pull/65862
* update feature gate doc
* MountPropagation is now GA (#10090)
* RuntimeClass documentation (#10102)
* RuntimeClass documentation
* Update runtime-class.md
* Add documentation for Scheduler performance tuning (#10048)
* Add documentation for Scheduler performance tuning
* Update scheduler-perf-tuning.md
* TTL controller for cleaning up finished resources (#10064)
* TTL controller for cleaning up finished resources
* Address comments
* Update ttlafterfinished.md
* Bump quota configuration api version (#10217)
* Incremental update from master (#10278)
* fix invalid href of cloud controller manager (#10240)
* fix invalid yaml format (#10238)
* update storage-limits doc with Azure disk part (#10224)
update storage-limits doc with Azure disk part
fix comments
* Update kubelet-config-file.md (#10222)
Update link to KubeletConfiguration struct.
* fix a trivial misspelling (#10244)
* Fix cassandra-statefulset.yaml indent level (#10243)
* Mention minimum etcd versions (#10208)
Source: https://groups.google.com/d/msg/kubernetes-dev/jMPA4JzKiY4/HIx2ugvLBAAJ
* fix 404 error (#10250)
* Small verb tweak (#10190)
Present participle, ftw.
* Add AnchorJS logic for header links (#10155)
* Add AnchorJS JavaScript
* Remove existing inpage_heading logic
* Remove underline from anchor tags
* Use single icon and add touch visibility
* Use paragraph link icon for AnchorJS
* Update Sass to use code formatting in docsContent headers
* Update header size coverage to H3-H6
* fix broken link in kubefed.md (#10254)
* Update the version numbers for the X-Remote-Extra- and Impersonate-Extra- key fixes (#9827)
The fix was cherry picked into 1.11.3, 1.10.7, and 1.9.11:
https://github.com/kubernetes/kubernetes/pull/67162
https://github.com/kubernetes/kubernetes/pull/67163
https://github.com/kubernetes/kubernetes/pull/67164
* fix typo (#10168)
* fix typo
* addressing comments.
* Update setup-ha-etcd-with-kubeadm.md
* fix typos (#10252)
* fix description of contribute guide (#10253)
* describe truncate feature about advanced audit (#10236)
* describe truncate feature about advanced audit
* Update audit.md
* docs update to promote ScheduleDaemonSetPods to beta (#9923)
* Dynamic volume limit updates for 1.12 (#10211)
* add a placeholder commit
* Update docs for csi volume limits
* Update storage-limits.md
* Add "MayRunAs" value among other GroupStrategies (#9888)
* Add CoreDNS details to the customize DNS doc (#10228)
* Add CoreDNS details to the customize DNS doc
Rewrite the document to include more details about CoreDNS, since it's now the default from v1.12
* Address comments
* Improve doc wording
* Fix link
* Update dns-custom-nameservers.md
* Update dns-custom-nameservers.md
* Fix secrets docs in 1.12 branch (#10056)
* Fix secrets docs
* Update secret.md
* Revert CoreDNS Docs (#10319)
* Revert "Add CoreDNS details to DNS Debug docs (#10201)"
This reverts commit 462817a67479fcc3481648981a4b90df35b86fdc.
* Revert "Add CoreDNS details to the customize DNS doc (#10228)"
This reverts commit e7319eeb8cde914d06cad039867e6213ecef1001.
* Revert "coredns default (#10200)"
This reverts commit 698e93b4415600d1a67f117132d8b09713282aa4.
* Add CRI installation instructions page
Added cri-installation page with CRI installation instructions
Referenced it from kubeadm-init and install-kubeadm pages.
* kubeadm: update API types documentation for 1.12 (#10283)
v1alpha2 -> v1alpha3
MasterConfiguration -> [new-api-types]
* TokenRequest feature documentation (#10295)
* AdvancedAuditing is now GA (#10156)
xref: kubernetes/kubernetes#65862
`AdvancedAuditing` feature is GA in 1.12. This PR adjusts the related
docs.
* update runtime-class.md (#10332)
* update runtime-class.md
* Update runtime-class.md
* Document cross-authorizer permissions for creating RBAC roles (#10015)
* Document cross-authorizer permissions for creating RBAC roles
* Update rbac.md
* kubeadm: update authored content for 1.12 (reference docs and cluster creation) (#10348)
* kubeadm: update authored content in reference docs for 1.12
* kubeadm: add time frame in create-cluster-kubeadm for 1.12
* add AllowedProcMountTypes and ProcMountType to docs (#9911)
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
* kubeadm: add new command line reference (#10306)
Add:
- placeholder files
- include place holder files
- include "renew" sub command
- add missing tabs for "alpha phase kubelet"
* Documenting SCTP support in Kubernetes (#10279)
* Documenting SCTP support in Kubernetes Service, Endpoint, NetworkPolicy and Pod
* Updates based on comments on the PR
* kubectl expose update with SCTP support
* Updated according to comments in the PR
* Revert "kubectl expose update with SCTP support"
This reverts commit 0d5a1e6720a012390cf100c83e16b4a8c0782356.
* TLS Bootstrap and Server Cert Rotation feature documentation (#10232)
* TokenRequest feature documentation
* line wrapping to make review not insane
* update content for GA without major refactor
* Update kubelet-tls-bootstrapping.md
* Add clarifications for volume snapshots (#10296)
* Update kubadm ha installation for 1.12 (#10264)
* Update kubadm ha installation for 1.12
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* update stable version
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* Update stacked control plane for v1.12 (#2)
* use v1alpha3
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* more v1alpha3 (#4)
* updates
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* Document how to run in-tree cloud providers with kubeadm (#10357)
Change-Id: Iab6b996a830503d74a6eb0c507c5f8ca7a39235b
* kubeadm reference doc for release 1.12 (#10359)
* Revert "Revert "Add CoreDNS details to DNS Debug docs (#10201)""
This reverts commit bb30f4d1fcd6fba2fe6190778ead99f8010033b7.
* Revert "Revert "Add CoreDNS details to the customize DNS doc (#10228)""
This reverts commit bc23d45c09d7b83cac130fe22a0bd91e72435862.
* Revert "Revert "coredns default (#10200)""
This reverts commit 7f4350d6ab7fc554ee53126d3875e845d2e43d1f.
* add missing instruction for ha guide (#10374)
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* kubeadm - Ha upgrade updates (#10340)
* Update HA upgrade docs
* Adds external etcd HA upgrade guide
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* copyedit
* more edits
* add runasgroup in psp (#10076)
* update KubeletPluginsWatcher feature gate (#10205)
* generated 1.12 docs
* Building Multi-arch images with Manifests (#10379)
In 1.12, a variety of images used in a typical kubernetes installation
have started to using manifests to better support environments with arm
or ppc64le architectures. For example all images used with kubeadm by
default have manifests, another would be all the tests in the
conformance test suite. Here we capture the best practices for everyone
to start using manifests in their own workflows.
Change-Id: I5ba4c5fe55ffc9486a8251760f3352be4f2e1494
* Upgrade docs for v1.12 (#10344)
* generated assets and docs
* remove 1.7
* update 1.12
* update plugin documentation under docs>tasks>extend-kubectl (#10259)
* update plugin documentation under docs>tasks>extend-kubectl
* Update kubectl-plugins.md
2018-09-27 23:41:39 +00:00
## Service Account Token Volume Projection
2018-06-29 01:48:20 +00:00
[Do Not Merge] Release 1.12 (#10292)
* Update docs for fields allowed at root of CRD schema (#9973)
* add plugin docs and examples (#10053)
* docs update to promote TaintNodesByCondition to beta (#9626)
* HPA Specificity Improvements (#8757)
Updated the HPA docs to reference the `autoscaling/v2beta2` API version,
and added documentation about the new fields.
* adjust docs for pod ready++ (#10049)
* Remove --cadvisor-port - has been deprecated since v1.10 (#10023)
Change-Id: Id2a685473a243aef492a98ff450759f39e362557
* Add Documentation for Snapshot Feature (#9948)
* Add documentation for snapshot feature
* Update volume-snapshots.md
* Add dry-run to api-concepts (#10033)
* kubeadm-init: Update the offline support section (#10062)
The update includes the following things (in mind with Kubernetes 1.12):
- Remove the 1.8 image versions
- Add the 1.10 image versions that were missing until now
- Include a comment for the missing arch suffixes in 1.12
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
* Say bye to `DynamicProvisioningScheduling` (#10157)
The mentioned feature gate is now collapsed into `VolumeScheduling`.
xref: kubernetes/kubernetes#67432
* Update ResourceQuota per PriorityClass state for 1.12 (#10229)
* TokenRequest and TokenRequestProjection now beta (#10161)
xref: kubernetes/kubernetes#67349
* Change feature state for kms provider to beta. (#10230)
KMS Provider will be graduating to beta in v1.12, reflecting this change on the website.
* coredns default (#10200)
* Promote ShareProcessNamespace to beta in docs (#9996)
* Add CoreDNS details to DNS Debug docs (#10201)
* add coredns details
* address nits, add query logging section
* Update docs with topology aware dynamic provisioning (#9939)
* Document topology aware volume binding feature
* update for readability
* Update storage-classes.md
* comma splice
* don't abbreviate
* HPA Algorithm Information Improvements (#9780)
* Update HPA docs with more algorithm details
The HPA docs pointed to an out-of-date document for information on the
algorithm details, which users were finding confusing. This sticks a
section on the algorithm in the HPA docs instead, documenting both
general behavior and corner cases.
* Add glossary info, HPA docs on quantities
People often ask about the quantity notation when working with the
metrics APIs, so this adds a glossary entry on quantities (since they're
used elsewhere in the system), and a short explantation in the HPA walkthough.
* Information about HPA readiness and stabilization
This adds information about the new changes to HPA readiness and
stabilization from kubernetes/features#591, and other minor changes that
landed in Kubernetes 1.12.
* Update horizontal-pod-autoscale.md
* Audit 1.12 doc (#9953)
* audit 1.12 document
* remove legacy audit feature
https://github.com/kubernetes/kubernetes/pull/65862
* update feature gate doc
* MountPropagation is now GA (#10090)
* RuntimeClass documentation (#10102)
* RuntimeClass documentation
* Update runtime-class.md
* Add documentation for Scheduler performance tuning (#10048)
* Add documentation for Scheduler performance tuning
* Update scheduler-perf-tuning.md
* TTL controller for cleaning up finished resources (#10064)
* TTL controller for cleaning up finished resources
* Address comments
* Update ttlafterfinished.md
* Bump quota configuration api version (#10217)
* Incremental update from master (#10278)
* fix invalid href of cloud controller manager (#10240)
* fix invalid yaml format (#10238)
* update storage-limits doc with Azure disk part (#10224)
update storage-limits doc with Azure disk part
fix comments
* Update kubelet-config-file.md (#10222)
Update link to KubeletConfiguration struct.
* fix a trivial misspelling (#10244)
* Fix cassandra-statefulset.yaml indent level (#10243)
* Mention minimum etcd versions (#10208)
Source: https://groups.google.com/d/msg/kubernetes-dev/jMPA4JzKiY4/HIx2ugvLBAAJ
* fix 404 error (#10250)
* Small verb tweak (#10190)
Present participle, ftw.
* Add AnchorJS logic for header links (#10155)
* Add AnchorJS JavaScript
* Remove existing inpage_heading logic
* Remove underline from anchor tags
* Use single icon and add touch visibility
* Use paragraph link icon for AnchorJS
* Update Sass to use code formatting in docsContent headers
* Update header size coverage to H3-H6
* fix broken link in kubefed.md (#10254)
* Update the version numbers for the X-Remote-Extra- and Impersonate-Extra- key fixes (#9827)
The fix was cherry picked into 1.11.3, 1.10.7, and 1.9.11:
https://github.com/kubernetes/kubernetes/pull/67162
https://github.com/kubernetes/kubernetes/pull/67163
https://github.com/kubernetes/kubernetes/pull/67164
* fix typo (#10168)
* fix typo
* addressing comments.
* Update setup-ha-etcd-with-kubeadm.md
* fix typos (#10252)
* fix description of contribute guide (#10253)
* describe truncate feature about advanced audit (#10236)
* describe truncate feature about advanced audit
* Update audit.md
* docs update to promote ScheduleDaemonSetPods to beta (#9923)
* Dynamic volume limit updates for 1.12 (#10211)
* add a placeholder commit
* Update docs for csi volume limits
* Update storage-limits.md
* Add "MayRunAs" value among other GroupStrategies (#9888)
* Add CoreDNS details to the customize DNS doc (#10228)
* Add CoreDNS details to the customize DNS doc
Rewrite the document to include more details about CoreDNS, since it's now the default from v1.12
* Address comments
* Improve doc wording
* Fix link
* Update dns-custom-nameservers.md
* Update dns-custom-nameservers.md
* Fix secrets docs in 1.12 branch (#10056)
* Fix secrets docs
* Update secret.md
* Revert CoreDNS Docs (#10319)
* Revert "Add CoreDNS details to DNS Debug docs (#10201)"
This reverts commit 462817a67479fcc3481648981a4b90df35b86fdc.
* Revert "Add CoreDNS details to the customize DNS doc (#10228)"
This reverts commit e7319eeb8cde914d06cad039867e6213ecef1001.
* Revert "coredns default (#10200)"
This reverts commit 698e93b4415600d1a67f117132d8b09713282aa4.
* Add CRI installation instructions page
Added cri-installation page with CRI installation instructions
Referenced it from kubeadm-init and install-kubeadm pages.
* kubeadm: update API types documentation for 1.12 (#10283)
v1alpha2 -> v1alpha3
MasterConfiguration -> [new-api-types]
* TokenRequest feature documentation (#10295)
* AdvancedAuditing is now GA (#10156)
xref: kubernetes/kubernetes#65862
`AdvancedAuditing` feature is GA in 1.12. This PR adjusts the related
docs.
* update runtime-class.md (#10332)
* update runtime-class.md
* Update runtime-class.md
* Document cross-authorizer permissions for creating RBAC roles (#10015)
* Document cross-authorizer permissions for creating RBAC roles
* Update rbac.md
* kubeadm: update authored content for 1.12 (reference docs and cluster creation) (#10348)
* kubeadm: update authored content in reference docs for 1.12
* kubeadm: add time frame in create-cluster-kubeadm for 1.12
* add AllowedProcMountTypes and ProcMountType to docs (#9911)
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
* kubeadm: add new command line reference (#10306)
Add:
- placeholder files
- include place holder files
- include "renew" sub command
- add missing tabs for "alpha phase kubelet"
* Documenting SCTP support in Kubernetes (#10279)
* Documenting SCTP support in Kubernetes Service, Endpoint, NetworkPolicy and Pod
* Updates based on comments on the PR
* kubectl expose update with SCTP support
* Updated according to comments in the PR
* Revert "kubectl expose update with SCTP support"
This reverts commit 0d5a1e6720a012390cf100c83e16b4a8c0782356.
* TLS Bootstrap and Server Cert Rotation feature documentation (#10232)
* TokenRequest feature documentation
* line wrapping to make review not insane
* update content for GA without major refactor
* Update kubelet-tls-bootstrapping.md
* Add clarifications for volume snapshots (#10296)
* Update kubadm ha installation for 1.12 (#10264)
* Update kubadm ha installation for 1.12
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* update stable version
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* Update stacked control plane for v1.12 (#2)
* use v1alpha3
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* more v1alpha3 (#4)
* updates
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* Document how to run in-tree cloud providers with kubeadm (#10357)
Change-Id: Iab6b996a830503d74a6eb0c507c5f8ca7a39235b
* kubeadm reference doc for release 1.12 (#10359)
* Revert "Revert "Add CoreDNS details to DNS Debug docs (#10201)""
This reverts commit bb30f4d1fcd6fba2fe6190778ead99f8010033b7.
* Revert "Revert "Add CoreDNS details to the customize DNS doc (#10228)""
This reverts commit bc23d45c09d7b83cac130fe22a0bd91e72435862.
* Revert "Revert "coredns default (#10200)""
This reverts commit 7f4350d6ab7fc554ee53126d3875e845d2e43d1f.
* add missing instruction for ha guide (#10374)
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* kubeadm - Ha upgrade updates (#10340)
* Update HA upgrade docs
* Adds external etcd HA upgrade guide
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* copyedit
* more edits
* add runasgroup in psp (#10076)
* update KubeletPluginsWatcher feature gate (#10205)
* generated 1.12 docs
* Building Multi-arch images with Manifests (#10379)
In 1.12, a variety of images used in a typical kubernetes installation
have started to using manifests to better support environments with arm
or ppc64le architectures. For example all images used with kubeadm by
default have manifests, another would be all the tests in the
conformance test suite. Here we capture the best practices for everyone
to start using manifests in their own workflows.
Change-Id: I5ba4c5fe55ffc9486a8251760f3352be4f2e1494
* Upgrade docs for v1.12 (#10344)
* generated assets and docs
* remove 1.7
* update 1.12
* update plugin documentation under docs>tasks>extend-kubectl (#10259)
* update plugin documentation under docs>tasks>extend-kubectl
* Update kubectl-plugins.md
2018-09-27 23:41:39 +00:00
{{< feature-state for_k8s_version = "v1.12" state = "beta" > }}
{{< note > }}
2018-11-06 19:33:04 +00:00
This ServiceAccountTokenVolumeProjection is __beta__ in 1.12 and
[Do Not Merge] Release 1.12 (#10292)
* Update docs for fields allowed at root of CRD schema (#9973)
* add plugin docs and examples (#10053)
* docs update to promote TaintNodesByCondition to beta (#9626)
* HPA Specificity Improvements (#8757)
Updated the HPA docs to reference the `autoscaling/v2beta2` API version,
and added documentation about the new fields.
* adjust docs for pod ready++ (#10049)
* Remove --cadvisor-port - has been deprecated since v1.10 (#10023)
Change-Id: Id2a685473a243aef492a98ff450759f39e362557
* Add Documentation for Snapshot Feature (#9948)
* Add documentation for snapshot feature
* Update volume-snapshots.md
* Add dry-run to api-concepts (#10033)
* kubeadm-init: Update the offline support section (#10062)
The update includes the following things (in mind with Kubernetes 1.12):
- Remove the 1.8 image versions
- Add the 1.10 image versions that were missing until now
- Include a comment for the missing arch suffixes in 1.12
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
* Say bye to `DynamicProvisioningScheduling` (#10157)
The mentioned feature gate is now collapsed into `VolumeScheduling`.
xref: kubernetes/kubernetes#67432
* Update ResourceQuota per PriorityClass state for 1.12 (#10229)
* TokenRequest and TokenRequestProjection now beta (#10161)
xref: kubernetes/kubernetes#67349
* Change feature state for kms provider to beta. (#10230)
KMS Provider will be graduating to beta in v1.12, reflecting this change on the website.
* coredns default (#10200)
* Promote ShareProcessNamespace to beta in docs (#9996)
* Add CoreDNS details to DNS Debug docs (#10201)
* add coredns details
* address nits, add query logging section
* Update docs with topology aware dynamic provisioning (#9939)
* Document topology aware volume binding feature
* update for readability
* Update storage-classes.md
* comma splice
* don't abbreviate
* HPA Algorithm Information Improvements (#9780)
* Update HPA docs with more algorithm details
The HPA docs pointed to an out-of-date document for information on the
algorithm details, which users were finding confusing. This sticks a
section on the algorithm in the HPA docs instead, documenting both
general behavior and corner cases.
* Add glossary info, HPA docs on quantities
People often ask about the quantity notation when working with the
metrics APIs, so this adds a glossary entry on quantities (since they're
used elsewhere in the system), and a short explantation in the HPA walkthough.
* Information about HPA readiness and stabilization
This adds information about the new changes to HPA readiness and
stabilization from kubernetes/features#591, and other minor changes that
landed in Kubernetes 1.12.
* Update horizontal-pod-autoscale.md
* Audit 1.12 doc (#9953)
* audit 1.12 document
* remove legacy audit feature
https://github.com/kubernetes/kubernetes/pull/65862
* update feature gate doc
* MountPropagation is now GA (#10090)
* RuntimeClass documentation (#10102)
* RuntimeClass documentation
* Update runtime-class.md
* Add documentation for Scheduler performance tuning (#10048)
* Add documentation for Scheduler performance tuning
* Update scheduler-perf-tuning.md
* TTL controller for cleaning up finished resources (#10064)
* TTL controller for cleaning up finished resources
* Address comments
* Update ttlafterfinished.md
* Bump quota configuration api version (#10217)
* Incremental update from master (#10278)
* fix invalid href of cloud controller manager (#10240)
* fix invalid yaml format (#10238)
* update storage-limits doc with Azure disk part (#10224)
update storage-limits doc with Azure disk part
fix comments
* Update kubelet-config-file.md (#10222)
Update link to KubeletConfiguration struct.
* fix a trivial misspelling (#10244)
* Fix cassandra-statefulset.yaml indent level (#10243)
* Mention minimum etcd versions (#10208)
Source: https://groups.google.com/d/msg/kubernetes-dev/jMPA4JzKiY4/HIx2ugvLBAAJ
* fix 404 error (#10250)
* Small verb tweak (#10190)
Present participle, ftw.
* Add AnchorJS logic for header links (#10155)
* Add AnchorJS JavaScript
* Remove existing inpage_heading logic
* Remove underline from anchor tags
* Use single icon and add touch visibility
* Use paragraph link icon for AnchorJS
* Update Sass to use code formatting in docsContent headers
* Update header size coverage to H3-H6
* fix broken link in kubefed.md (#10254)
* Update the version numbers for the X-Remote-Extra- and Impersonate-Extra- key fixes (#9827)
The fix was cherry picked into 1.11.3, 1.10.7, and 1.9.11:
https://github.com/kubernetes/kubernetes/pull/67162
https://github.com/kubernetes/kubernetes/pull/67163
https://github.com/kubernetes/kubernetes/pull/67164
* fix typo (#10168)
* fix typo
* addressing comments.
* Update setup-ha-etcd-with-kubeadm.md
* fix typos (#10252)
* fix description of contribute guide (#10253)
* describe truncate feature about advanced audit (#10236)
* describe truncate feature about advanced audit
* Update audit.md
* docs update to promote ScheduleDaemonSetPods to beta (#9923)
* Dynamic volume limit updates for 1.12 (#10211)
* add a placeholder commit
* Update docs for csi volume limits
* Update storage-limits.md
* Add "MayRunAs" value among other GroupStrategies (#9888)
* Add CoreDNS details to the customize DNS doc (#10228)
* Add CoreDNS details to the customize DNS doc
Rewrite the document to include more details about CoreDNS, since it's now the default from v1.12
* Address comments
* Improve doc wording
* Fix link
* Update dns-custom-nameservers.md
* Update dns-custom-nameservers.md
* Fix secrets docs in 1.12 branch (#10056)
* Fix secrets docs
* Update secret.md
* Revert CoreDNS Docs (#10319)
* Revert "Add CoreDNS details to DNS Debug docs (#10201)"
This reverts commit 462817a67479fcc3481648981a4b90df35b86fdc.
* Revert "Add CoreDNS details to the customize DNS doc (#10228)"
This reverts commit e7319eeb8cde914d06cad039867e6213ecef1001.
* Revert "coredns default (#10200)"
This reverts commit 698e93b4415600d1a67f117132d8b09713282aa4.
* Add CRI installation instructions page
Added cri-installation page with CRI installation instructions
Referenced it from kubeadm-init and install-kubeadm pages.
* kubeadm: update API types documentation for 1.12 (#10283)
v1alpha2 -> v1alpha3
MasterConfiguration -> [new-api-types]
* TokenRequest feature documentation (#10295)
* AdvancedAuditing is now GA (#10156)
xref: kubernetes/kubernetes#65862
`AdvancedAuditing` feature is GA in 1.12. This PR adjusts the related
docs.
* update runtime-class.md (#10332)
* update runtime-class.md
* Update runtime-class.md
* Document cross-authorizer permissions for creating RBAC roles (#10015)
* Document cross-authorizer permissions for creating RBAC roles
* Update rbac.md
* kubeadm: update authored content for 1.12 (reference docs and cluster creation) (#10348)
* kubeadm: update authored content in reference docs for 1.12
* kubeadm: add time frame in create-cluster-kubeadm for 1.12
* add AllowedProcMountTypes and ProcMountType to docs (#9911)
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
* kubeadm: add new command line reference (#10306)
Add:
- placeholder files
- include place holder files
- include "renew" sub command
- add missing tabs for "alpha phase kubelet"
* Documenting SCTP support in Kubernetes (#10279)
* Documenting SCTP support in Kubernetes Service, Endpoint, NetworkPolicy and Pod
* Updates based on comments on the PR
* kubectl expose update with SCTP support
* Updated according to comments in the PR
* Revert "kubectl expose update with SCTP support"
This reverts commit 0d5a1e6720a012390cf100c83e16b4a8c0782356.
* TLS Bootstrap and Server Cert Rotation feature documentation (#10232)
* TokenRequest feature documentation
* line wrapping to make review not insane
* update content for GA without major refactor
* Update kubelet-tls-bootstrapping.md
* Add clarifications for volume snapshots (#10296)
* Update kubadm ha installation for 1.12 (#10264)
* Update kubadm ha installation for 1.12
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* update stable version
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* Update stacked control plane for v1.12 (#2)
* use v1alpha3
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* more v1alpha3 (#4)
* updates
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* Document how to run in-tree cloud providers with kubeadm (#10357)
Change-Id: Iab6b996a830503d74a6eb0c507c5f8ca7a39235b
* kubeadm reference doc for release 1.12 (#10359)
* Revert "Revert "Add CoreDNS details to DNS Debug docs (#10201)""
This reverts commit bb30f4d1fcd6fba2fe6190778ead99f8010033b7.
* Revert "Revert "Add CoreDNS details to the customize DNS doc (#10228)""
This reverts commit bc23d45c09d7b83cac130fe22a0bd91e72435862.
* Revert "Revert "coredns default (#10200)""
This reverts commit 7f4350d6ab7fc554ee53126d3875e845d2e43d1f.
* add missing instruction for ha guide (#10374)
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* kubeadm - Ha upgrade updates (#10340)
* Update HA upgrade docs
* Adds external etcd HA upgrade guide
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* copyedit
* more edits
* add runasgroup in psp (#10076)
* update KubeletPluginsWatcher feature gate (#10205)
* generated 1.12 docs
* Building Multi-arch images with Manifests (#10379)
In 1.12, a variety of images used in a typical kubernetes installation
have started to using manifests to better support environments with arm
or ppc64le architectures. For example all images used with kubeadm by
default have manifests, another would be all the tests in the
conformance test suite. Here we capture the best practices for everyone
to start using manifests in their own workflows.
Change-Id: I5ba4c5fe55ffc9486a8251760f3352be4f2e1494
* Upgrade docs for v1.12 (#10344)
* generated assets and docs
* remove 1.7
* update 1.12
* update plugin documentation under docs>tasks>extend-kubectl (#10259)
* update plugin documentation under docs>tasks>extend-kubectl
* Update kubectl-plugins.md
2018-09-27 23:41:39 +00:00
enabled by passing all of the following flags to the API server:
* `--service-account-issuer`
* `--service-account-signing-key-file`
* `--service-account-api-audiences`
{{< / note > }}
The kubelet can also project a service account token into a Pod. You can
specify desired properties of the token, such as the audience and the validity
duration. These properties are not configurable on the default service account
token. The service account token will also become invalid against the API when
the Pod or the ServiceAccount is deleted.
This behavior is configured on a PodSpec using a ProjectedVolume type called
[ServiceAccountToken ](/docs/concepts/storage/volumes/#projected ). To provide a
pod with a token with an audience of "vault" and a validity duration of two
hours, you would configure the following in your PodSpec:
2019-03-12 19:38:39 +00:00
{{< codenew file = "pods/pod-projected-svc-token.yaml" > }}
Create the Pod:
```shell
kubectl create -f https://k8s.io/examples/pods/pod-projected-svc-token.yaml
[Do Not Merge] Release 1.12 (#10292)
* Update docs for fields allowed at root of CRD schema (#9973)
* add plugin docs and examples (#10053)
* docs update to promote TaintNodesByCondition to beta (#9626)
* HPA Specificity Improvements (#8757)
Updated the HPA docs to reference the `autoscaling/v2beta2` API version,
and added documentation about the new fields.
* adjust docs for pod ready++ (#10049)
* Remove --cadvisor-port - has been deprecated since v1.10 (#10023)
Change-Id: Id2a685473a243aef492a98ff450759f39e362557
* Add Documentation for Snapshot Feature (#9948)
* Add documentation for snapshot feature
* Update volume-snapshots.md
* Add dry-run to api-concepts (#10033)
* kubeadm-init: Update the offline support section (#10062)
The update includes the following things (in mind with Kubernetes 1.12):
- Remove the 1.8 image versions
- Add the 1.10 image versions that were missing until now
- Include a comment for the missing arch suffixes in 1.12
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
* Say bye to `DynamicProvisioningScheduling` (#10157)
The mentioned feature gate is now collapsed into `VolumeScheduling`.
xref: kubernetes/kubernetes#67432
* Update ResourceQuota per PriorityClass state for 1.12 (#10229)
* TokenRequest and TokenRequestProjection now beta (#10161)
xref: kubernetes/kubernetes#67349
* Change feature state for kms provider to beta. (#10230)
KMS Provider will be graduating to beta in v1.12, reflecting this change on the website.
* coredns default (#10200)
* Promote ShareProcessNamespace to beta in docs (#9996)
* Add CoreDNS details to DNS Debug docs (#10201)
* add coredns details
* address nits, add query logging section
* Update docs with topology aware dynamic provisioning (#9939)
* Document topology aware volume binding feature
* update for readability
* Update storage-classes.md
* comma splice
* don't abbreviate
* HPA Algorithm Information Improvements (#9780)
* Update HPA docs with more algorithm details
The HPA docs pointed to an out-of-date document for information on the
algorithm details, which users were finding confusing. This sticks a
section on the algorithm in the HPA docs instead, documenting both
general behavior and corner cases.
* Add glossary info, HPA docs on quantities
People often ask about the quantity notation when working with the
metrics APIs, so this adds a glossary entry on quantities (since they're
used elsewhere in the system), and a short explantation in the HPA walkthough.
* Information about HPA readiness and stabilization
This adds information about the new changes to HPA readiness and
stabilization from kubernetes/features#591, and other minor changes that
landed in Kubernetes 1.12.
* Update horizontal-pod-autoscale.md
* Audit 1.12 doc (#9953)
* audit 1.12 document
* remove legacy audit feature
https://github.com/kubernetes/kubernetes/pull/65862
* update feature gate doc
* MountPropagation is now GA (#10090)
* RuntimeClass documentation (#10102)
* RuntimeClass documentation
* Update runtime-class.md
* Add documentation for Scheduler performance tuning (#10048)
* Add documentation for Scheduler performance tuning
* Update scheduler-perf-tuning.md
* TTL controller for cleaning up finished resources (#10064)
* TTL controller for cleaning up finished resources
* Address comments
* Update ttlafterfinished.md
* Bump quota configuration api version (#10217)
* Incremental update from master (#10278)
* fix invalid href of cloud controller manager (#10240)
* fix invalid yaml format (#10238)
* update storage-limits doc with Azure disk part (#10224)
update storage-limits doc with Azure disk part
fix comments
* Update kubelet-config-file.md (#10222)
Update link to KubeletConfiguration struct.
* fix a trivial misspelling (#10244)
* Fix cassandra-statefulset.yaml indent level (#10243)
* Mention minimum etcd versions (#10208)
Source: https://groups.google.com/d/msg/kubernetes-dev/jMPA4JzKiY4/HIx2ugvLBAAJ
* fix 404 error (#10250)
* Small verb tweak (#10190)
Present participle, ftw.
* Add AnchorJS logic for header links (#10155)
* Add AnchorJS JavaScript
* Remove existing inpage_heading logic
* Remove underline from anchor tags
* Use single icon and add touch visibility
* Use paragraph link icon for AnchorJS
* Update Sass to use code formatting in docsContent headers
* Update header size coverage to H3-H6
* fix broken link in kubefed.md (#10254)
* Update the version numbers for the X-Remote-Extra- and Impersonate-Extra- key fixes (#9827)
The fix was cherry picked into 1.11.3, 1.10.7, and 1.9.11:
https://github.com/kubernetes/kubernetes/pull/67162
https://github.com/kubernetes/kubernetes/pull/67163
https://github.com/kubernetes/kubernetes/pull/67164
* fix typo (#10168)
* fix typo
* addressing comments.
* Update setup-ha-etcd-with-kubeadm.md
* fix typos (#10252)
* fix description of contribute guide (#10253)
* describe truncate feature about advanced audit (#10236)
* describe truncate feature about advanced audit
* Update audit.md
* docs update to promote ScheduleDaemonSetPods to beta (#9923)
* Dynamic volume limit updates for 1.12 (#10211)
* add a placeholder commit
* Update docs for csi volume limits
* Update storage-limits.md
* Add "MayRunAs" value among other GroupStrategies (#9888)
* Add CoreDNS details to the customize DNS doc (#10228)
* Add CoreDNS details to the customize DNS doc
Rewrite the document to include more details about CoreDNS, since it's now the default from v1.12
* Address comments
* Improve doc wording
* Fix link
* Update dns-custom-nameservers.md
* Update dns-custom-nameservers.md
* Fix secrets docs in 1.12 branch (#10056)
* Fix secrets docs
* Update secret.md
* Revert CoreDNS Docs (#10319)
* Revert "Add CoreDNS details to DNS Debug docs (#10201)"
This reverts commit 462817a67479fcc3481648981a4b90df35b86fdc.
* Revert "Add CoreDNS details to the customize DNS doc (#10228)"
This reverts commit e7319eeb8cde914d06cad039867e6213ecef1001.
* Revert "coredns default (#10200)"
This reverts commit 698e93b4415600d1a67f117132d8b09713282aa4.
* Add CRI installation instructions page
Added cri-installation page with CRI installation instructions
Referenced it from kubeadm-init and install-kubeadm pages.
* kubeadm: update API types documentation for 1.12 (#10283)
v1alpha2 -> v1alpha3
MasterConfiguration -> [new-api-types]
* TokenRequest feature documentation (#10295)
* AdvancedAuditing is now GA (#10156)
xref: kubernetes/kubernetes#65862
`AdvancedAuditing` feature is GA in 1.12. This PR adjusts the related
docs.
* update runtime-class.md (#10332)
* update runtime-class.md
* Update runtime-class.md
* Document cross-authorizer permissions for creating RBAC roles (#10015)
* Document cross-authorizer permissions for creating RBAC roles
* Update rbac.md
* kubeadm: update authored content for 1.12 (reference docs and cluster creation) (#10348)
* kubeadm: update authored content in reference docs for 1.12
* kubeadm: add time frame in create-cluster-kubeadm for 1.12
* add AllowedProcMountTypes and ProcMountType to docs (#9911)
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
* kubeadm: add new command line reference (#10306)
Add:
- placeholder files
- include place holder files
- include "renew" sub command
- add missing tabs for "alpha phase kubelet"
* Documenting SCTP support in Kubernetes (#10279)
* Documenting SCTP support in Kubernetes Service, Endpoint, NetworkPolicy and Pod
* Updates based on comments on the PR
* kubectl expose update with SCTP support
* Updated according to comments in the PR
* Revert "kubectl expose update with SCTP support"
This reverts commit 0d5a1e6720a012390cf100c83e16b4a8c0782356.
* TLS Bootstrap and Server Cert Rotation feature documentation (#10232)
* TokenRequest feature documentation
* line wrapping to make review not insane
* update content for GA without major refactor
* Update kubelet-tls-bootstrapping.md
* Add clarifications for volume snapshots (#10296)
* Update kubadm ha installation for 1.12 (#10264)
* Update kubadm ha installation for 1.12
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* update stable version
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* Update stacked control plane for v1.12 (#2)
* use v1alpha3
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* more v1alpha3 (#4)
* updates
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* Document how to run in-tree cloud providers with kubeadm (#10357)
Change-Id: Iab6b996a830503d74a6eb0c507c5f8ca7a39235b
* kubeadm reference doc for release 1.12 (#10359)
* Revert "Revert "Add CoreDNS details to DNS Debug docs (#10201)""
This reverts commit bb30f4d1fcd6fba2fe6190778ead99f8010033b7.
* Revert "Revert "Add CoreDNS details to the customize DNS doc (#10228)""
This reverts commit bc23d45c09d7b83cac130fe22a0bd91e72435862.
* Revert "Revert "coredns default (#10200)""
This reverts commit 7f4350d6ab7fc554ee53126d3875e845d2e43d1f.
* add missing instruction for ha guide (#10374)
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* kubeadm - Ha upgrade updates (#10340)
* Update HA upgrade docs
* Adds external etcd HA upgrade guide
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* copyedit
* more edits
* add runasgroup in psp (#10076)
* update KubeletPluginsWatcher feature gate (#10205)
* generated 1.12 docs
* Building Multi-arch images with Manifests (#10379)
In 1.12, a variety of images used in a typical kubernetes installation
have started to using manifests to better support environments with arm
or ppc64le architectures. For example all images used with kubeadm by
default have manifests, another would be all the tests in the
conformance test suite. Here we capture the best practices for everyone
to start using manifests in their own workflows.
Change-Id: I5ba4c5fe55ffc9486a8251760f3352be4f2e1494
* Upgrade docs for v1.12 (#10344)
* generated assets and docs
* remove 1.7
* update 1.12
* update plugin documentation under docs>tasks>extend-kubectl (#10259)
* update plugin documentation under docs>tasks>extend-kubectl
* Update kubectl-plugins.md
2018-09-27 23:41:39 +00:00
```
The kubelet will request and store the token on behalf of the pod, make the
2019-03-12 19:38:39 +00:00
token available to the pod at a configurable file path, and refresh the token as it approaches expiration. Kubelet proactively rotates the token if it is older than 80% of its total TTL, or if the token is older than 24 hours.
[Do Not Merge] Release 1.12 (#10292)
* Update docs for fields allowed at root of CRD schema (#9973)
* add plugin docs and examples (#10053)
* docs update to promote TaintNodesByCondition to beta (#9626)
* HPA Specificity Improvements (#8757)
Updated the HPA docs to reference the `autoscaling/v2beta2` API version,
and added documentation about the new fields.
* adjust docs for pod ready++ (#10049)
* Remove --cadvisor-port - has been deprecated since v1.10 (#10023)
Change-Id: Id2a685473a243aef492a98ff450759f39e362557
* Add Documentation for Snapshot Feature (#9948)
* Add documentation for snapshot feature
* Update volume-snapshots.md
* Add dry-run to api-concepts (#10033)
* kubeadm-init: Update the offline support section (#10062)
The update includes the following things (in mind with Kubernetes 1.12):
- Remove the 1.8 image versions
- Add the 1.10 image versions that were missing until now
- Include a comment for the missing arch suffixes in 1.12
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
* Say bye to `DynamicProvisioningScheduling` (#10157)
The mentioned feature gate is now collapsed into `VolumeScheduling`.
xref: kubernetes/kubernetes#67432
* Update ResourceQuota per PriorityClass state for 1.12 (#10229)
* TokenRequest and TokenRequestProjection now beta (#10161)
xref: kubernetes/kubernetes#67349
* Change feature state for kms provider to beta. (#10230)
KMS Provider will be graduating to beta in v1.12, reflecting this change on the website.
* coredns default (#10200)
* Promote ShareProcessNamespace to beta in docs (#9996)
* Add CoreDNS details to DNS Debug docs (#10201)
* add coredns details
* address nits, add query logging section
* Update docs with topology aware dynamic provisioning (#9939)
* Document topology aware volume binding feature
* update for readability
* Update storage-classes.md
* comma splice
* don't abbreviate
* HPA Algorithm Information Improvements (#9780)
* Update HPA docs with more algorithm details
The HPA docs pointed to an out-of-date document for information on the
algorithm details, which users were finding confusing. This sticks a
section on the algorithm in the HPA docs instead, documenting both
general behavior and corner cases.
* Add glossary info, HPA docs on quantities
People often ask about the quantity notation when working with the
metrics APIs, so this adds a glossary entry on quantities (since they're
used elsewhere in the system), and a short explantation in the HPA walkthough.
* Information about HPA readiness and stabilization
This adds information about the new changes to HPA readiness and
stabilization from kubernetes/features#591, and other minor changes that
landed in Kubernetes 1.12.
* Update horizontal-pod-autoscale.md
* Audit 1.12 doc (#9953)
* audit 1.12 document
* remove legacy audit feature
https://github.com/kubernetes/kubernetes/pull/65862
* update feature gate doc
* MountPropagation is now GA (#10090)
* RuntimeClass documentation (#10102)
* RuntimeClass documentation
* Update runtime-class.md
* Add documentation for Scheduler performance tuning (#10048)
* Add documentation for Scheduler performance tuning
* Update scheduler-perf-tuning.md
* TTL controller for cleaning up finished resources (#10064)
* TTL controller for cleaning up finished resources
* Address comments
* Update ttlafterfinished.md
* Bump quota configuration api version (#10217)
* Incremental update from master (#10278)
* fix invalid href of cloud controller manager (#10240)
* fix invalid yaml format (#10238)
* update storage-limits doc with Azure disk part (#10224)
update storage-limits doc with Azure disk part
fix comments
* Update kubelet-config-file.md (#10222)
Update link to KubeletConfiguration struct.
* fix a trivial misspelling (#10244)
* Fix cassandra-statefulset.yaml indent level (#10243)
* Mention minimum etcd versions (#10208)
Source: https://groups.google.com/d/msg/kubernetes-dev/jMPA4JzKiY4/HIx2ugvLBAAJ
* fix 404 error (#10250)
* Small verb tweak (#10190)
Present participle, ftw.
* Add AnchorJS logic for header links (#10155)
* Add AnchorJS JavaScript
* Remove existing inpage_heading logic
* Remove underline from anchor tags
* Use single icon and add touch visibility
* Use paragraph link icon for AnchorJS
* Update Sass to use code formatting in docsContent headers
* Update header size coverage to H3-H6
* fix broken link in kubefed.md (#10254)
* Update the version numbers for the X-Remote-Extra- and Impersonate-Extra- key fixes (#9827)
The fix was cherry picked into 1.11.3, 1.10.7, and 1.9.11:
https://github.com/kubernetes/kubernetes/pull/67162
https://github.com/kubernetes/kubernetes/pull/67163
https://github.com/kubernetes/kubernetes/pull/67164
* fix typo (#10168)
* fix typo
* addressing comments.
* Update setup-ha-etcd-with-kubeadm.md
* fix typos (#10252)
* fix description of contribute guide (#10253)
* describe truncate feature about advanced audit (#10236)
* describe truncate feature about advanced audit
* Update audit.md
* docs update to promote ScheduleDaemonSetPods to beta (#9923)
* Dynamic volume limit updates for 1.12 (#10211)
* add a placeholder commit
* Update docs for csi volume limits
* Update storage-limits.md
* Add "MayRunAs" value among other GroupStrategies (#9888)
* Add CoreDNS details to the customize DNS doc (#10228)
* Add CoreDNS details to the customize DNS doc
Rewrite the document to include more details about CoreDNS, since it's now the default from v1.12
* Address comments
* Improve doc wording
* Fix link
* Update dns-custom-nameservers.md
* Update dns-custom-nameservers.md
* Fix secrets docs in 1.12 branch (#10056)
* Fix secrets docs
* Update secret.md
* Revert CoreDNS Docs (#10319)
* Revert "Add CoreDNS details to DNS Debug docs (#10201)"
This reverts commit 462817a67479fcc3481648981a4b90df35b86fdc.
* Revert "Add CoreDNS details to the customize DNS doc (#10228)"
This reverts commit e7319eeb8cde914d06cad039867e6213ecef1001.
* Revert "coredns default (#10200)"
This reverts commit 698e93b4415600d1a67f117132d8b09713282aa4.
* Add CRI installation instructions page
Added cri-installation page with CRI installation instructions
Referenced it from kubeadm-init and install-kubeadm pages.
* kubeadm: update API types documentation for 1.12 (#10283)
v1alpha2 -> v1alpha3
MasterConfiguration -> [new-api-types]
* TokenRequest feature documentation (#10295)
* AdvancedAuditing is now GA (#10156)
xref: kubernetes/kubernetes#65862
`AdvancedAuditing` feature is GA in 1.12. This PR adjusts the related
docs.
* update runtime-class.md (#10332)
* update runtime-class.md
* Update runtime-class.md
* Document cross-authorizer permissions for creating RBAC roles (#10015)
* Document cross-authorizer permissions for creating RBAC roles
* Update rbac.md
* kubeadm: update authored content for 1.12 (reference docs and cluster creation) (#10348)
* kubeadm: update authored content in reference docs for 1.12
* kubeadm: add time frame in create-cluster-kubeadm for 1.12
* add AllowedProcMountTypes and ProcMountType to docs (#9911)
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
* kubeadm: add new command line reference (#10306)
Add:
- placeholder files
- include place holder files
- include "renew" sub command
- add missing tabs for "alpha phase kubelet"
* Documenting SCTP support in Kubernetes (#10279)
* Documenting SCTP support in Kubernetes Service, Endpoint, NetworkPolicy and Pod
* Updates based on comments on the PR
* kubectl expose update with SCTP support
* Updated according to comments in the PR
* Revert "kubectl expose update with SCTP support"
This reverts commit 0d5a1e6720a012390cf100c83e16b4a8c0782356.
* TLS Bootstrap and Server Cert Rotation feature documentation (#10232)
* TokenRequest feature documentation
* line wrapping to make review not insane
* update content for GA without major refactor
* Update kubelet-tls-bootstrapping.md
* Add clarifications for volume snapshots (#10296)
* Update kubadm ha installation for 1.12 (#10264)
* Update kubadm ha installation for 1.12
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* update stable version
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* Update stacked control plane for v1.12 (#2)
* use v1alpha3
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* more v1alpha3 (#4)
* updates
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* Document how to run in-tree cloud providers with kubeadm (#10357)
Change-Id: Iab6b996a830503d74a6eb0c507c5f8ca7a39235b
* kubeadm reference doc for release 1.12 (#10359)
* Revert "Revert "Add CoreDNS details to DNS Debug docs (#10201)""
This reverts commit bb30f4d1fcd6fba2fe6190778ead99f8010033b7.
* Revert "Revert "Add CoreDNS details to the customize DNS doc (#10228)""
This reverts commit bc23d45c09d7b83cac130fe22a0bd91e72435862.
* Revert "Revert "coredns default (#10200)""
This reverts commit 7f4350d6ab7fc554ee53126d3875e845d2e43d1f.
* add missing instruction for ha guide (#10374)
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* kubeadm - Ha upgrade updates (#10340)
* Update HA upgrade docs
* Adds external etcd HA upgrade guide
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* copyedit
* more edits
* add runasgroup in psp (#10076)
* update KubeletPluginsWatcher feature gate (#10205)
* generated 1.12 docs
* Building Multi-arch images with Manifests (#10379)
In 1.12, a variety of images used in a typical kubernetes installation
have started to using manifests to better support environments with arm
or ppc64le architectures. For example all images used with kubeadm by
default have manifests, another would be all the tests in the
conformance test suite. Here we capture the best practices for everyone
to start using manifests in their own workflows.
Change-Id: I5ba4c5fe55ffc9486a8251760f3352be4f2e1494
* Upgrade docs for v1.12 (#10344)
* generated assets and docs
* remove 1.7
* update 1.12
* update plugin documentation under docs>tasks>extend-kubectl (#10259)
* update plugin documentation under docs>tasks>extend-kubectl
* Update kubectl-plugins.md
2018-09-27 23:41:39 +00:00
2019-03-12 19:38:39 +00:00
The application is responsible for reloading the token when it rotates. Periodic reloading (e.g. once every 5 minutes) is sufficient for most usecases.
2018-06-29 01:48:20 +00:00
{{% /capture %}}
