kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

v1.22 beta.0

pull/29217/head
Philippe Martin 2021-06-26 11:28:10 +02:00
parent ba8c8d4238
commit 02d18a3ce1
13 changed files with 138 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
api-ref-assets/api/swagger.json
View File

@ -1182,7 +1182,7 @@
},
"maxUnavailable": {
"$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString",
"description": "The maximum number of DaemonSet pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding down to a minimum of one. This cannot be 0 if MaxSurge is 0 Default value is 1. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their pods stopped for an update at any given time. The update starts by stopping at most 30% of those DaemonSet pods and then brings up new DaemonSet pods in their place. Once the new pods are available, it then proceeds onto other DaemonSet pods, thus ensuring that at least 70% of original number of DaemonSet pods are available at all times during the update."
"description": "The maximum number of DaemonSet pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up. This cannot be 0 if MaxSurge is 0 Default value is 1. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their pods stopped for an update at any given time. The update starts by stopping at most 30% of those DaemonSet pods and then brings up new DaemonSet pods in their place. Once the new pods are available, it then proceeds onto other DaemonSet pods, thus ensuring that at least 70% of original number of DaemonSet pods are available at all times during the update."
}
},
"type": "object"
@ -3610,7 +3610,7 @@
"description": "A label query over pods that should match the pod count. Normally, the system sets this field for you. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors"
},
"suspend": {
"description": "Suspend specifies whether the Job controller should create Pods or not. If a Job is created with suspend set to true, no Pods are created by the Job controller. If a Job is suspended after creation (i.e. the flag goes from false to true), the Job controller will delete all active Pods associated with this Job. Users must design their workload to gracefully handle this. Suspending a Job will reset the StartTime field of the Job, effectively resetting the ActiveDeadlineSeconds timer too. This is an alpha field and requires the SuspendJob feature gate to be enabled; otherwise this field may not be set to true. Defaults to false.",
"description": "Suspend specifies whether the Job controller should create Pods or not. If a Job is created with suspend set to true, no Pods are created by the Job controller. If a Job is suspended after creation (i.e. the flag goes from false to true), the Job controller will delete all active Pods associated with this Job. Users must design their workload to gracefully handle this. Suspending a Job will reset the StartTime field of the Job, effectively resetting the ActiveDeadlineSeconds timer too. Defaults to false.\n\nThis field is beta-level, gated by SuspendJob feature flag (enabled by default).",
"type": "boolean"
},
"template": {
@ -3667,6 +3667,10 @@
"description": "The number of pods which reached phase Succeeded.",
"format": "int32",
"type": "integer"
},
"uncountedTerminatedPods": {
"$ref": "#/definitions/io.k8s.api.batch.v1.UncountedTerminatedPods",
"description": "UncountedTerminatedPods holds the UIDs of Pods that have terminated but the job controller hasn't yet accounted for in the status counters.\n\nThe job controller creates pods with a finalizer. When a pod terminates (succeeded or failed), the controller does three steps to account for it in the job status: (1) Add the pod UID to the arrays in this field. (2) Remove the pod finalizer. (3) Remove the pod UID from the arrays while increasing the corresponding\n counter.\n\nThis field is alpha-level. The job controller only makes use of this field when the feature gate PodTrackingWithFinalizers is enabled. Old jobs might not be tracked using this field, in which case the field remains null."
}
},
"type": "object"
@ -3685,6 +3689,28 @@
},
"type": "object"
},
"io.k8s.api.batch.v1.UncountedTerminatedPods": {
"description": "UncountedTerminatedPods holds UIDs of Pods that have terminated but haven't been accounted in Job status counters.",
"properties": {
"failed": {
"description": "Failed holds UIDs of failed Pods.",
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "set"
},
"succeeded": {
"description": "Succeeded holds UIDs of succeeded Pods.",
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "set"
}
},
"type": "object"
},
"io.k8s.api.batch.v1beta1.CronJob": {
"description": "CronJob represents the configuration of a single cron job.",
"properties": {
@ -3846,7 +3872,7 @@
},
"spec": {
"$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequestSpec",
"description": "spec contains the certificate request, and is immutable after creation. Only the request, signerName, and usages fields can be set on creation. Other fields are derived by Kubernetes and cannot be modified by users."
"description": "spec contains the certificate request, and is immutable after creation. Only the request, signerName, expirationSeconds, and usages fields can be set on creation. Other fields are derived by Kubernetes and cannot be modified by users."
},
"status": {
"$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequestStatus",
@ -3936,6 +3962,11 @@
"io.k8s.api.certificates.v1.CertificateSigningRequestSpec": {
"description": "CertificateSigningRequestSpec contains the certificate request.",
"properties": {
"expirationSeconds": {
"description": "expirationSeconds is the requested duration of validity of the issued certificate. The certificate signer may issue a certificate with a different validity duration so a client must check the delta between the notBefore and and notAfter fields in the issued certificate to determine the actual duration.\n\nThe v1.22+ in-tree implementations of the well-known Kubernetes signers will honor this field as long as the requested duration is not greater than the maximum duration they will honor per the --cluster-signing-duration CLI flag to the Kubernetes controller manager.\n\nCertificate signers may not honor this field for various reasons:\n\n 1. Old signer that is unaware of the field (such as the in-tree\n implementations prior to v1.22)\n 2. Signer whose configured maximum is shorter than the requested duration\n 3. Signer whose configured minimum is longer than the requested duration\n\nThe minimum valid value for expirationSeconds is 600, i.e. 10 minutes.\n\nAs of v1.22, this field is beta and is controlled via the CSRDuration feature gate.",
"format": "int32",
"type": "integer"
},
"extra": {
"additionalProperties": {
"items": {
@ -4723,7 +4754,7 @@
]
},
"io.k8s.api.core.v1.ConfigMapNodeConfigSource": {
"description": "ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node.",
"description": "ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration",
"properties": {
"kubeletConfigKey": {
"description": "KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure This field is required in all cases.",
@ -5226,7 +5257,7 @@
"description": "EndpointPort is a tuple that describes a single port.",
"properties": {
"appProtocol": {
"description": "The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. This is a beta field that is guarded by the ServiceAppProtocol feature gate and enabled by default.",
"description": "The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.",
"type": "string"
},
"name": {
@ -5474,7 +5505,7 @@
},
"securityContext": {
"$ref": "#/definitions/io.k8s.api.core.v1.SecurityContext",
"description": "SecurityContext is not allowed for ephemeral containers."
"description": "Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext."
},
"startupProbe": {
"$ref": "#/definitions/io.k8s.api.core.v1.Probe",
@ -6611,7 +6642,7 @@
"type": "object"
},
"io.k8s.api.core.v1.NodeConfigSource": {
"description": "NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil.",
"description": "NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22",
"properties": {
"configMap": {
"$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapNodeConfigSource",
@ -6755,7 +6786,7 @@
"properties": {
"configSource": {
"$ref": "#/definitions/io.k8s.api.core.v1.NodeConfigSource",
"description": "If specified, the source to get node configuration from The DynamicKubeletConfig feature gate must be enabled for the Kubelet to use this field"
"description": "Deprecated. If specified, the source of the node's configuration. The DynamicKubeletConfig feature gate must be enabled for the Kubelet to use this field. This field is deprecated as of 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration"
},
"externalID": {
"description": "Deprecated. Not all kubelets will set this field. Remove field after 1.13. see: https://issues.k8s.io/61966",
@ -7122,7 +7153,11 @@
},
"dataSource": {
"$ref": "#/definitions/io.k8s.api.core.v1.TypedLocalObjectReference",
"description": "This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source."
"description": "This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field."
},
"dataSourceRef": {
"$ref": "#/definitions/io.k8s.api.core.v1.TypedLocalObjectReference",
"description": "Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While DataSource ignores disallowed values (dropping them), DataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n(Alpha) Using this field requires the AnyVolumeDataSource feature gate to be enabled."
},
"resources": {
"$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements",
@ -8166,7 +8201,7 @@
"description": "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported"
},
"terminationGracePeriodSeconds": {
"description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is an alpha field and requires enabling ProbeTerminationGracePeriod feature gate.",
"description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.",
"format": "int64",
"type": "integer"
},
@ -9238,7 +9273,7 @@
"description": "ServicePort contains information on service's port.",
"properties": {
"appProtocol": {
"description": "The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. This is a beta field that is guarded by the ServiceAppProtocol feature gate and enabled by default.",
"description": "The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.",
"type": "string"
},
"name": {
@ -9273,7 +9308,7 @@
"description": "ServiceSpec describes the attributes that a user creates on a service.",
"properties": {
"allocateLoadBalancerNodePorts": {
"description": "allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is \"true\". It may be set to \"false\" if the cluster load-balancer does not rely on NodePorts. allocateLoadBalancerNodePorts may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type. This field is alpha-level and is only honored by servers that enable the ServiceLBNodePortControl feature.",
"description": "allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is \"true\". It may be set to \"false\" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type. This field is beta-level and is only honored by servers that enable the ServiceLBNodePortControl feature.",
"type": "boolean"
},
"clusterIP": {
@ -11098,17 +11133,20 @@
"description": "Subject matches the originator of a request, as identified by the request authentication system. There are three ways of matching an originator; by user, group, or service account.",
"properties": {
"group": {
"$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.GroupSubject"
"$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.GroupSubject",
"description": "`group` matches based on user group name."
},
"kind": {
"description": "Required",
"description": "`kind` indicates which one of the other fields is non-empty. Required",
"type": "string"
},
"serviceAccount": {
"$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.ServiceAccountSubject"
"$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.ServiceAccountSubject",
"description": "`serviceAccount` matches ServiceAccounts."
},
"user": {
"$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.UserSubject"
"$ref": "#/definitions/io.k8s.api.flowcontrol.v1beta1.UserSubject",
"description": "`user` matches based on username."
}
},
"required": [
@ -11156,6 +11194,7 @@
}
},
"required": [
"pathType",
"backend"
],
"type": "object"
@ -13750,7 +13789,7 @@
"type": "boolean"
},
"requiresRepublish": {
"description": "RequiresRepublish indicates the CSI driver wants `NodePublishVolume` being periodically called to reflect any possible change in the mounted volume. This field defaults to false.\n\nNote: After a successful initial NodePublishVolume call, subsequent calls to NodePublishVolume should only update the contents of the volume. New mount points will not be seen by a running container.\n\nThis is a beta feature and only available when the CSIServiceAccountToken feature is enabled.",
"description": "RequiresRepublish indicates the CSI driver wants `NodePublishVolume` being periodically called to reflect any possible change in the mounted volume. This field defaults to false.\n\nNote: After a successful initial NodePublishVolume call, subsequent calls to NodePublishVolume should only update the contents of the volume. New mount points will not be seen by a running container.",
"type": "boolean"
},
"storageCapacity": {
@ -13758,7 +13797,7 @@
"type": "boolean"
},
"tokenRequests": {
"description": "TokenRequests indicates the CSI driver needs pods' service account tokens it is mounting volume for to do necessary authentication. Kubelet will pass the tokens in VolumeContext in the CSI NodePublishVolume calls. The CSI driver should parse and validate the following VolumeContext: \"csi.storage.k8s.io/serviceAccount.tokens\": {\n \"<audience>\": {\n \"token\": <token>,\n \"expirationTimestamp\": <expiration timestamp in RFC3339>,\n },\n ...\n}\n\nNote: Audience in each TokenRequest should be different and at most one token is empty string. To receive a new token after expiry, RequiresRepublish can be used to trigger NodePublishVolume periodically.\n\nThis is a beta feature and only available when the CSIServiceAccountToken feature is enabled.",
"description": "TokenRequests indicates the CSI driver needs pods' service account tokens it is mounting volume for to do necessary authentication. Kubelet will pass the tokens in VolumeContext in the CSI NodePublishVolume calls. The CSI driver should parse and validate the following VolumeContext: \"csi.storage.k8s.io/serviceAccount.tokens\": {\n \"<audience>\": {\n \"token\": <token>,\n \"expirationTimestamp\": <expiration timestamp in RFC3339>,\n },\n ...\n}\n\nNote: Audience in each TokenRequest should be different and at most one token is empty string. To receive a new token after expiry, RequiresRepublish can be used to trigger NodePublishVolume periodically.",
"items": {
"$ref": "#/definitions/io.k8s.api.storage.v1.TokenRequest"
},

2
api-ref-assets/config/fields.yaml
View File

@ -392,6 +392,7 @@
- succeeded
- completedIndexes
- conditions
- uncountedTerminatedPods
- definition: io.k8s.api.batch.v1.CronJobSpec
field_categories:
@ -570,6 +571,7 @@
- name: Alpha level
fields:
- dataSource
- dataSourceRef
- definition: io.k8s.api.core.v1.PersistentVolumeSpec
field_categories:

19
content/en/docs/reference/kubernetes-api/authentication-resources/certificate-signing-request-v1.md
View File

@ -49,7 +49,7 @@ This API can be used to request client certificates to authenticate to kube-apis
- **spec** (<a href="{{< ref "../authentication-resources/certificate-signing-request-v1#CertificateSigningRequestSpec" >}}">CertificateSigningRequestSpec</a>), required
spec contains the certificate request, and is immutable after creation. Only the request, signerName, and usages fields can be set on creation. Other fields are derived by Kubernetes and cannot be modified by users.
spec contains the certificate request, and is immutable after creation. Only the request, signerName, expirationSeconds, and usages fields can be set on creation. Other fields are derived by Kubernetes and cannot be modified by users.
- **status** (<a href="{{< ref "../authentication-resources/certificate-signing-request-v1#CertificateSigningRequestStatus" >}}">CertificateSigningRequestStatus</a>)
@ -95,6 +95,23 @@ CertificateSigningRequestSpec contains the certificate request.
5. Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin.
6. Whether or not requests for CA certificates are allowed.
- **expirationSeconds** (int32)
expirationSeconds is the requested duration of validity of the issued certificate. The certificate signer may issue a certificate with a different validity duration so a client must check the delta between the notBefore and and notAfter fields in the issued certificate to determine the actual duration.
The v1.22+ in-tree implementations of the well-known Kubernetes signers will honor this field as long as the requested duration is not greater than the maximum duration they will honor per the --cluster-signing-duration CLI flag to the Kubernetes controller manager.
Certificate signers may not honor this field for various reasons:
1. Old signer that is unaware of the field (such as the in-tree
implementations prior to v1.22)
2. Signer whose configured maximum is shorter than the requested duration
3. Signer whose configured minimum is longer than the requested duration
The minimum valid value for expirationSeconds is 600, i.e. 10 minutes.
As of v1.22, this field is beta and is controlled via the CSRDuration feature gate.
- **extra** (map[string][]string)
extra contains extra attributes of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.

5
content/en/docs/reference/kubernetes-api/cluster-resources/flow-schema-v1beta1.md
View File

@ -106,10 +106,11 @@ FlowSchemaSpec describes how the FlowSchema's specification looks like.
- **rules.subjects.kind** (string), required
Required
`kind` indicates which one of the other fields is non-empty. Required
- **rules.subjects.group** (GroupSubject)
`group` matches based on user group name.
<a name="GroupSubject"></a>
*GroupSubject holds detailed information for group-kind subject.*
@ -120,6 +121,7 @@ FlowSchemaSpec describes how the FlowSchema's specification looks like.
- **rules.subjects.serviceAccount** (ServiceAccountSubject)
`serviceAccount` matches ServiceAccounts.
<a name="ServiceAccountSubject"></a>
*ServiceAccountSubject holds detailed information for service-account-kind subject.*
@ -134,6 +136,7 @@ FlowSchemaSpec describes how the FlowSchema's specification looks like.
- **rules.subjects.user** (UserSubject)
`user` matches based on username.
<a name="UserSubject"></a>
*UserSubject holds detailed information for user-kind subject.*

18
content/en/docs/reference/kubernetes-api/cluster-resources/node-v1.md
View File

@ -62,17 +62,17 @@ NodeSpec describes the attributes that a node is created with.
- **configSource** (NodeConfigSource)
If specified, the source to get node configuration from The DynamicKubeletConfig feature gate must be enabled for the Kubelet to use this field
Deprecated. If specified, the source of the node's configuration. The DynamicKubeletConfig feature gate must be enabled for the Kubelet to use this field. This field is deprecated as of 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration
<a name="NodeConfigSource"></a>
*NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil.*
*NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22*
- **configSource.configMap** (ConfigMapNodeConfigSource)
ConfigMap is a reference to a Node's ConfigMap
<a name="ConfigMapNodeConfigSource"></a>
*ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node.*
*ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration*
- **configSource.configMap.kubeletConfigKey** (string), required
@ -226,14 +226,14 @@ NodeStatus is information about the current status of a node.
Active reports the checkpointed config the node is actively using. Active will represent either the current version of the Assigned config, or the current LastKnownGood config, depending on whether attempting to use the Assigned config results in an error.
<a name="NodeConfigSource"></a>
*NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil.*
*NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22*
- **config.active.configMap** (ConfigMapNodeConfigSource)
ConfigMap is a reference to a Node's ConfigMap
<a name="ConfigMapNodeConfigSource"></a>
*ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node.*
*ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration*
- **config.active.configMap.kubeletConfigKey** (string), required
@ -260,14 +260,14 @@ NodeStatus is information about the current status of a node.
Assigned reports the checkpointed config the node will try to use. When Node.Spec.ConfigSource is updated, the node checkpoints the associated config payload to local disk, along with a record indicating intended config. The node refers to this record to choose its config checkpoint, and reports this record in Assigned. Assigned only updates in the status after the record has been checkpointed to disk. When the Kubelet is restarted, it tries to make the Assigned config the Active config by loading and validating the checkpointed payload identified by Assigned.
<a name="NodeConfigSource"></a>
*NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil.*
*NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22*
- **config.assigned.configMap** (ConfigMapNodeConfigSource)
ConfigMap is a reference to a Node's ConfigMap
<a name="ConfigMapNodeConfigSource"></a>
*ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node.*
*ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration*
- **config.assigned.configMap.kubeletConfigKey** (string), required
@ -298,14 +298,14 @@ NodeStatus is information about the current status of a node.
LastKnownGood reports the checkpointed config the node will fall back to when it encounters an error attempting to use the Assigned config. The Assigned config becomes the LastKnownGood config when the node determines that the Assigned config is stable and correct. This is currently implemented as a 10-minute soak period starting when the local record of Assigned config is updated. If the Assigned config is Active at the end of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil, because the local default config is always assumed good. You should not make assumptions about the node's method of determining config stability and correctness, as this may change or become configurable in the future.
<a name="NodeConfigSource"></a>
*NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil.*
*NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22*
- **config.lastKnownGood.configMap** (ConfigMapNodeConfigSource)
ConfigMap is a reference to a Node's ConfigMap
<a name="ConfigMapNodeConfigSource"></a>
*ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node.*
*ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration*
- **config.lastKnownGood.configMap.kubeletConfigKey** (string), required

4
content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-driver-v1.md
View File

@ -84,8 +84,6 @@ CSIDriverSpec is the specification of a CSIDriver.
RequiresRepublish indicates the CSI driver wants `NodePublishVolume` being periodically called to reflect any possible change in the mounted volume. This field defaults to false.
Note: After a successful initial NodePublishVolume call, subsequent calls to NodePublishVolume should only update the contents of the volume. New mount points will not be seen by a running container.
This is a beta feature and only available when the CSIServiceAccountToken feature is enabled.
- **storageCapacity** (boolean)
@ -112,8 +110,6 @@ CSIDriverSpec is the specification of a CSIDriver.
}
Note: Audience in each TokenRequest should be different and at most one token is empty string. To receive a new token after expiry, RequiresRepublish can be used to trigger NodePublishVolume periodically.
This is a beta feature and only available when the CSIServiceAccountToken feature is enabled.
<a name="TokenRequest"></a>
*TokenRequest contains parameters of a service account token.*

11
content/en/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1.md
View File

@ -102,7 +102,16 @@ PersistentVolumeClaimSpec describes the common attributes of storage devices and
- **dataSource** (<a href="{{< ref "../common-definitions/typed-local-object-reference#TypedLocalObjectReference" >}}">TypedLocalObjectReference</a>)
This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.
This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.
- **dataSourceRef** (<a href="{{< ref "../common-definitions/typed-local-object-reference#TypedLocalObjectReference" >}}">TypedLocalObjectReference</a>)
Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef
allows any non-core object, as well as PersistentVolumeClaim objects.
* While DataSource ignores disallowed values (dropping them), DataSourceRef
preserves all values, and generates an error if a disallowed value is
specified.
(Alpha) Using this field requires the AnyVolumeDataSource feature gate to be enabled.

2
content/en/docs/reference/kubernetes-api/service-resources/endpoints-v1.md
View File

@ -134,7 +134,7 @@ Endpoints is a collection of endpoints that implement the actual service. Exampl
- **subsets.ports.appProtocol** (string)
The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. This is a beta field that is guarded by the ServiceAppProtocol feature gate and enabled by default.
The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.

10
content/en/docs/reference/kubernetes-api/service-resources/ingress-v1.md
View File

@ -107,11 +107,7 @@ IngressSpec describes the Ingress the user wishes to exist.
Backend defines the referenced service endpoint to which the traffic will be forwarded to.
- **rules.http.paths.path** (string)
Path is matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/' and must be present when using PathType with value "Exact" or "Prefix".
- **rules.http.paths.pathType** (string)
- **rules.http.paths.pathType** (string), required
PathType determines the interpretation of the Path matching. PathType can be one of the following values: * Exact: Matches the URL path exactly. * Prefix: Matches based on a URL path prefix split by '/'. Matching is
done on a path element by element basis. A path element refers is the
@ -125,6 +121,10 @@ IngressSpec describes the Ingress the user wishes to exist.
or treat it identically to Prefix or Exact path types.
Implementations are required to support all path types.
- **rules.http.paths.path** (string)
Path is matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/' and must be present when using PathType with value "Exact" or "Prefix".
- **tls** ([]IngressTLS)
*Atomic: will be replaced during a merge*

4
content/en/docs/reference/kubernetes-api/service-resources/service-v1.md
View File

@ -100,7 +100,7 @@ ServiceSpec describes the attributes that a user creates on a service.
- **ports.appProtocol** (string)
The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. This is a beta field that is guarded by the ServiceAppProtocol feature gate and enabled by default.
The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.
- **type** (string)
@ -190,7 +190,7 @@ ServiceSpec describes the attributes that a user creates on a service.
- **allocateLoadBalancerNodePorts** (boolean)
allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. allocateLoadBalancerNodePorts may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type. This field is alpha-level and is only honored by servers that enable the ServiceLBNodePortControl feature.
allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type. This field is beta-level and is only honored by servers that enable the ServiceLBNodePortControl feature.

2
content/en/docs/reference/kubernetes-api/workload-resources/daemon-set-v1.md
View File

@ -99,7 +99,7 @@ DaemonSetSpec is the specification of a daemon set.
- **updateStrategy.rollingUpdate.maxUnavailable** (IntOrString)
The maximum number of DaemonSet pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding down to a minimum of one. This cannot be 0 if MaxSurge is 0 Default value is 1. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their pods stopped for an update at any given time. The update starts by stopping at most 30% of those DaemonSet pods and then brings up new DaemonSet pods in their place. Once the new pods are available, it then proceeds onto other DaemonSet pods, thus ensuring that at least 70% of original number of DaemonSet pods are available at all times during the update.
The maximum number of DaemonSet pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up. This cannot be 0 if MaxSurge is 0 Default value is 1. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their pods stopped for an update at any given time. The update starts by stopping at most 30% of those DaemonSet pods and then brings up new DaemonSet pods in their place. Once the new pods are available, it then proceeds onto other DaemonSet pods, thus ensuring that at least 70% of original number of DaemonSet pods are available at all times during the update.
<a name="IntOrString"></a>
*IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number.*

28
content/en/docs/reference/kubernetes-api/workload-resources/job-v1.md
View File

@ -104,7 +104,9 @@ JobSpec describes how the job execution will look like.
- **suspend** (boolean)
Suspend specifies whether the Job controller should create Pods or not. If a Job is created with suspend set to true, no Pods are created by the Job controller. If a Job is suspended after creation (i.e. the flag goes from false to true), the Job controller will delete all active Pods associated with this Job. Users must design their workload to gracefully handle this. Suspending a Job will reset the StartTime field of the Job, effectively resetting the ActiveDeadlineSeconds timer too. This is an alpha field and requires the SuspendJob feature gate to be enabled; otherwise this field may not be set to true. Defaults to false.
Suspend specifies whether the Job controller should create Pods or not. If a Job is created with suspend set to true, no Pods are created by the Job controller. If a Job is suspended after creation (i.e. the flag goes from false to true), the Job controller will delete all active Pods associated with this Job. Users must design their workload to gracefully handle this. Suspending a Job will reset the StartTime field of the Job, effectively resetting the ActiveDeadlineSeconds timer too. Defaults to false.
This field is beta-level, gated by SuspendJob feature flag (enabled by default).
### Selector
@ -196,6 +198,30 @@ JobStatus represents the current state of a Job.
(brief) reason for the condition's last transition.
- **uncountedTerminatedPods** (UncountedTerminatedPods)
UncountedTerminatedPods holds the UIDs of Pods that have terminated but the job controller hasn't yet accounted for in the status counters.
The job controller creates pods with a finalizer. When a pod terminates (succeeded or failed), the controller does three steps to account for it in the job status: (1) Add the pod UID to the arrays in this field. (2) Remove the pod finalizer. (3) Remove the pod UID from the arrays while increasing the corresponding
counter.
This field is alpha-level. The job controller only makes use of this field when the feature gate PodTrackingWithFinalizers is enabled. Old jobs might not be tracked using this field, in which case the field remains null.
<a name="UncountedTerminatedPods"></a>
*UncountedTerminatedPods holds UIDs of Pods that have terminated but haven't been accounted in Job status counters.*
- **uncountedTerminatedPods.failed** ([]string)
*Set: unique values will be kept during a merge*
Failed holds UIDs of failed Pods.
- **uncountedTerminatedPods.succeeded** ([]string)
*Set: unique values will be kept during a merge*
Succeeded holds UIDs of succeeded Pods.

4
content/en/docs/reference/kubernetes-api/workload-resources/pod-v1.md
View File

@ -1206,7 +1206,7 @@ An EphemeralContainer is a container that may be added temporarily to an existin
- **securityContext** (SecurityContext)
SecurityContext is not allowed for ephemeral containers.
Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
<a name="SecurityContext"></a>
*SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.*
@ -1677,7 +1677,7 @@ Probe describes a health check to be performed against a container to determine
- **terminationGracePeriodSeconds** (int64)
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is an alpha field and requires enabling ProbeTerminationGracePeriod feature gate.
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
- **periodSeconds** (int32)