From 04163e9a7c45aa447581bc567e9c86e555f7dab1 Mon Sep 17 00:00:00 2001 From: MengZeLee Date: Fri, 26 Oct 2018 02:02:31 +0800 Subject: [PATCH] removing toc shortcode. (#10720) --- .../concepts/architecture/cloud-controller.md | 29 +++++---- .../architecture/master-node-communication.md | 5 +- .../en/docs/concepts/architecture/nodes.md | 11 ++-- .../concepts/cluster-administration/addons.md | 3 +- .../cluster-administration/certificates.md | 11 ++-- .../cluster-administration/cloud-providers.md | 11 ++-- .../kubelet-garbage-collection.md | 1 - .../cluster-administration/logging.md | 1 - .../manage-deployment.md | 1 - .../cluster-administration/networking.md | 17 +++-- .../concepts/configuration/assign-pod-node.md | 17 +++-- .../en/docs/concepts/configuration/secret.md | 7 +-- .../configuration/taint-and-toleration.md | 1 - .../container-environment-variables.md | 3 - .../containers/container-lifecycle-hooks.md | 3 - content/en/docs/concepts/containers/images.md | 1 - .../docs/concepts/containers/runtime-class.md | 1 - .../compute-storage-net/network-plugins.md | 1 - .../docs/concepts/overview/kubernetes-api.md | 1 - .../overview/working-with-objects/labels.md | 3 +- .../overview/working-with-objects/names.md | 3 +- .../working-with-objects/namespaces.md | 1 - .../concepts/policy/pod-security-policy.md | 17 +++-- .../docs/concepts/policy/resource-quotas.md | 1 - .../connect-applications-service.md | 2 - .../concepts/services-networking/service.md | 8 +-- .../concepts/storage/dynamic-provisioning.md | 3 - .../concepts/storage/persistent-volumes.md | 3 +- .../storage/volume-snapshot-classes.md | 3 +- .../docs/concepts/storage/volume-snapshots.md | 5 +- content/en/docs/concepts/storage/volumes.md | 19 +++--- .../workloads/controllers/cron-jobs.md | 5 +- .../workloads/controllers/daemonset.md | 3 +- .../controllers/jobs-run-to-completion.md | 13 ++-- .../workloads/controllers/ttlafterfinished.md | 3 +- .../concepts/workloads/pods/disruptions.md | 4 -- .../workloads/pods/init-containers.md | 4 -- .../concepts/workloads/pods/pod-overview.md | 3 - .../en/docs/concepts/workloads/pods/pod.md | 1 - .../docs/concepts/workloads/pods/podpreset.md | 9 +-- content/en/docs/contribute/localization.md | 1 - .../contribute/style/content-organization.md | 6 +- .../docs/contribute/style/page-templates.md | 62 +++++++++---------- .../access-cluster.md | 19 +++--- .../configure-cloud-provider-firewall.md | 1 - .../web-ui-dashboard.md | 1 - .../administer-cluster/cluster-management.md | 1 - .../configure-multiple-schedulers.md | 1 - .../configure-upgrade-etcd.md | 1 - .../cpu-management-policies.md | 7 +-- .../developing-cloud-controller-manager.md | 1 - ...aranteed-scheduling-critical-addon-pods.md | 3 +- .../highly-available-master.md | 1 - .../namespaces-walkthrough.md | 1 - .../administer-cluster/out-of-resource.md | 13 ++-- .../reserve-compute-resources.md | 1 - .../running-cloud-controller.md | 1 - .../tasks/administer-cluster/static-pod.md | 3 +- .../tasks/administer-federation/events.md | 1 - .../tasks/administer-federation/secret.md | 1 - .../configure-service-account.md | 5 +- .../translate-compose-kubernetes.md | 47 +++++++------- .../tasks/debug-application-cluster/audit.md | 1 - .../core-metrics-pipeline.md | 1 - .../tasks/debug-application-cluster/crictl.md | 3 +- .../debug-application-introspection.md | 1 - .../debug-application.md | 1 - .../debug-cluster.md | 1 - .../debug-service.md | 1 - .../events-stackdriver.md | 1 - .../logging-stackdriver.md | 5 +- .../troubleshooting.md | 3 +- .../set-up-cluster-federation-kubefed.md | 23 ++++--- .../coarse-parallel-processing-work-queue.md | 4 +- .../fine-parallel-processing-work-queue.md | 1 - .../job/parallel-processing-expansion.md | 1 - .../docs/tasks/manage-gpus/scheduling-gpus.md | 3 +- .../horizontal-pod-autoscale-walkthrough.md | 1 - .../horizontal-pod-autoscale.md | 3 +- .../rolling-update-replication-controller.md | 1 - .../tasks/tls/managing-tls-in-a-cluster.md | 1 - 81 files changed, 183 insertions(+), 289 deletions(-) diff --git a/content/en/docs/concepts/architecture/cloud-controller.md b/content/en/docs/concepts/architecture/cloud-controller.md index c2eb94f6cf..191b954645 100644 --- a/content/en/docs/concepts/architecture/cloud-controller.md +++ b/content/en/docs/concepts/architecture/cloud-controller.md @@ -18,7 +18,6 @@ Here's the architecture of a Kubernetes cluster without the cloud controller man {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -46,16 +45,16 @@ The CCM breaks away some of the functionality of Kubernetes controller manager ( In version 1.9, the CCM runs the following controllers from the preceding list: * Node controller -* Route controller +* Route controller * Service controller -Additionally, it runs another controller called the PersistentVolumeLabels controller. This controller is responsible for setting the zone and region labels on PersistentVolumes created in GCP and AWS clouds. +Additionally, it runs another controller called the PersistentVolumeLabels controller. This controller is responsible for setting the zone and region labels on PersistentVolumes created in GCP and AWS clouds. {{< note >}} -**Note:** Volume controller was deliberately chosen to not be a part of CCM. Due to the complexity involved and due to the existing efforts to abstract away vendor specific volume logic, it was decided that volume controller will not be moved to CCM. +**Note:** Volume controller was deliberately chosen to not be a part of CCM. Due to the complexity involved and due to the existing efforts to abstract away vendor specific volume logic, it was decided that volume controller will not be moved to CCM. {{< /note >}} -The original plan to support volumes using CCM was to use Flex volumes to support pluggable volumes. However, a competing effort known as CSI is being planned to replace Flex. +The original plan to support volumes using CCM was to use Flex volumes to support pluggable volumes. However, a competing effort known as CSI is being planned to replace Flex. Considering these dynamics, we decided to have an intermediate stop gap measure until CSI becomes ready. @@ -68,7 +67,7 @@ The CCM inherits its functions from components of Kubernetes that are dependent The majority of the CCM's functions are derived from the KCM. As mentioned in the previous section, the CCM runs the following control loops: * Node controller -* Route controller +* Route controller * Service controller * PersistentVolumeLabels controller @@ -92,7 +91,7 @@ The Service controller is responsible for listening to service create, update, a #### PersistentVolumeLabels controller -The PersistentVolumeLabels controller applies labels on AWS EBS/GCE PD volumes when they are created. This removes the need for users to manually set the labels on these volumes. +The PersistentVolumeLabels controller applies labels on AWS EBS/GCE PD volumes when they are created. This removes the need for users to manually set the labels on these volumes. These labels are essential for the scheduling of pods as these volumes are constrained to work only within the region/zone that they are in. Any Pod using these volumes needs to be scheduled in the same region/zone. @@ -100,7 +99,7 @@ The PersistentVolumeLabels controller was created specifically for the CCM; that ### 2. Kubelet -The Node controller contains the cloud-dependent functionality of the kubelet. Prior to the introduction of the CCM, the kubelet was responsible for initializing a node with cloud-specific details such as IP addresses, region/zone labels and instance type information. The introduction of the CCM has moved this initialization operation from the kubelet into the CCM. +The Node controller contains the cloud-dependent functionality of the kubelet. Prior to the introduction of the CCM, the kubelet was responsible for initializing a node with cloud-specific details such as IP addresses, region/zone labels and instance type information. The introduction of the CCM has moved this initialization operation from the kubelet into the CCM. In this new model, the kubelet initializes a node without cloud-specific information. However, it adds a taint to the newly created node that makes the node unschedulable until the CCM initializes the node with cloud-specific information. It then removes this taint. @@ -118,13 +117,13 @@ For more information about developing plugins, see [Developing Cloud Controller ## Authorization -This section breaks down the access required on various API objects by the CCM to perform its operations. +This section breaks down the access required on various API objects by the CCM to perform its operations. ### Node Controller The Node controller only works with Node objects. It requires full access to get, list, create, update, patch, watch, and delete Node objects. -v1/Node: +v1/Node: - Get - List @@ -136,17 +135,17 @@ v1/Node: ### Route controller -The route controller listens to Node object creation and configures routes appropriately. It requires get access to Node objects. +The route controller listens to Node object creation and configures routes appropriately. It requires get access to Node objects. -v1/Node: +v1/Node: - Get ### Service controller -The service controller listens to Service object create, update and delete events and then configures endpoints for those Services appropriately. +The service controller listens to Service object create, update and delete events and then configures endpoints for those Services appropriately. -To access Services, it requires list, and watch access. To update Services, it requires patch and update access. +To access Services, it requires list, and watch access. To update Services, it requires patch and update access. To set up endpoints for the Services, it requires access to create, list, get, watch, and update. @@ -249,7 +248,7 @@ rules: ## Vendor Implementations -The following cloud providers have implemented CCMs: +The following cloud providers have implemented CCMs: * [Digital Ocean](https://github.com/digitalocean/digitalocean-cloud-controller-manager) * [Oracle](https://github.com/oracle/oci-cloud-controller-manager) diff --git a/content/en/docs/concepts/architecture/master-node-communication.md b/content/en/docs/concepts/architecture/master-node-communication.md index 9c1064cfcc..0314197bc4 100644 --- a/content/en/docs/concepts/architecture/master-node-communication.md +++ b/content/en/docs/concepts/architecture/master-node-communication.md @@ -18,7 +18,6 @@ cloud provider). {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -67,9 +66,9 @@ The connections from the apiserver to the kubelet are used for: * Fetching logs for pods. * Attaching (through kubectl) to running pods. - * Providing the kubelet's port-forwarding functionality. + * Providing the kubelet's port-forwarding functionality. -These connections terminate at the kubelet's HTTPS endpoint. By default, +These connections terminate at the kubelet's HTTPS endpoint. By default, the apiserver does not verify the kubelet's serving certificate, which makes the connection subject to man-in-the-middle attacks, and **unsafe** to run over untrusted and/or public networks. diff --git a/content/en/docs/concepts/architecture/nodes.md b/content/en/docs/concepts/architecture/nodes.md index 222a21c020..f5bb11bf37 100644 --- a/content/en/docs/concepts/architecture/nodes.md +++ b/content/en/docs/concepts/architecture/nodes.md @@ -18,7 +18,6 @@ architecture design doc for more details. {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -76,18 +75,18 @@ the `Terminating` or `Unknown` state. In cases where Kubernetes cannot deduce fr permanently left a cluster, the cluster administrator may need to delete the node object by hand. Deleting the node object from Kubernetes causes all the Pod objects running on the node to be deleted from the apiserver, and frees up their names. -In version 1.12, `TaintNodesByCondition` feature is promoted to beta,so node lifecycle controller automatically creates +In version 1.12, `TaintNodesByCondition` feature is promoted to beta,so node lifecycle controller automatically creates [taints](/docs/concepts/configuration/taint-and-toleration/) that represent conditions. Similarly the scheduler ignores conditions when considering a Node; instead it looks at the Node's taints and a Pod's tolerations. Now users can choose between the old scheduling model and a new, more flexible scheduling model. -A Pod that does not have any tolerations gets scheduled according to the old model. But a Pod that +A Pod that does not have any tolerations gets scheduled according to the old model. But a Pod that tolerates the taints of a particular Node can be scheduled on that Node. {{< caution >}} -**Caution:** Enabling this feature creates a small delay between the -time when a condition is observed and when a taint is created. This delay is usually less than one second, but it can increase the number of Pods that are successfully scheduled but rejected by the kubelet. +**Caution:** Enabling this feature creates a small delay between the +time when a condition is observed and when a taint is created. This delay is usually less than one second, but it can increase the number of Pods that are successfully scheduled but rejected by the kubelet. {{< /caution >}} ### Capacity @@ -127,7 +126,7 @@ a node from the following content: Kubernetes creates a node object internally (the representation), and validates the node by health checking based on the `metadata.name` field. If the node is valid -- that is, if all necessary services are running -- it is eligible to run a pod. Otherwise, it is -ignored for any cluster activity until it becomes valid. +ignored for any cluster activity until it becomes valid. {{< note >}} **Note:** Kubernetes keeps the object for the invalid node and keeps checking to see whether it becomes valid. diff --git a/content/en/docs/concepts/cluster-administration/addons.md b/content/en/docs/concepts/cluster-administration/addons.md index fc6bf0b6c5..dd12e76074 100644 --- a/content/en/docs/concepts/cluster-administration/addons.md +++ b/content/en/docs/concepts/cluster-administration/addons.md @@ -14,7 +14,6 @@ Add-ons in each section are sorted alphabetically - the ordering does not imply {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -30,7 +29,7 @@ Add-ons in each section are sorted alphabetically - the ordering does not imply * [Flannel](https://github.com/coreos/flannel/blob/master/Documentation/kubernetes.md) is an overlay network provider that can be used with Kubernetes. * [Knitter](https://github.com/ZTE/Knitter/) is a network solution supporting multiple networking in Kubernetes. * [Multus](https://github.com/Intel-Corp/multus-cni) is a Multi plugin for multiple network support in Kubernetes to support all CNI plugins (e.g. Calico, Cilium, Contiv, Flannel), in addition to SRIOV, DPDK, OVS-DPDK and VPP based workloads in Kubernetes. -* [NSX-T](https://docs.vmware.com/en/VMware-NSX-T/2.0/nsxt_20_ncp_kubernetes.pdf) Container Plug-in (NCP) provides integration between VMware NSX-T and container orchestrators such as Kubernetes, as well as integration between NSX-T and container-based CaaS/PaaS platforms such as Pivotal Container Service (PKS) and Openshift. +* [NSX-T](https://docs.vmware.com/en/VMware-NSX-T/2.0/nsxt_20_ncp_kubernetes.pdf) Container Plug-in (NCP) provides integration between VMware NSX-T and container orchestrators such as Kubernetes, as well as integration between NSX-T and container-based CaaS/PaaS platforms such as Pivotal Container Service (PKS) and Openshift. * [Nuage](https://github.com/nuagenetworks/nuage-kubernetes/blob/v5.1.1-1/docs/kubernetes-1-installation.rst) is an SDN platform that provides policy-based networking between Kubernetes Pods and non-Kubernetes environments with visibility and security monitoring. * [Romana](http://romana.io) is a Layer 3 networking solution for pod networks that also supports the [NetworkPolicy API](/docs/concepts/services-networking/network-policies/). Kubeadm add-on installation details available [here](https://github.com/romana/romana/tree/master/containerize). * [Weave Net](https://www.weave.works/docs/net/latest/kube-addon/) provides networking and network policy, will carry on working on both sides of a network partition, and does not require an external database. diff --git a/content/en/docs/concepts/cluster-administration/certificates.md b/content/en/docs/concepts/cluster-administration/certificates.md index 129470ddf0..48592dc7c3 100644 --- a/content/en/docs/concepts/cluster-administration/certificates.md +++ b/content/en/docs/concepts/cluster-administration/certificates.md @@ -12,7 +12,6 @@ manually through `easyrsa`, `openssl` or `cfssl`. {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -81,7 +80,7 @@ manually through `easyrsa`, `openssl` or `cfssl`. default_md = sha256 req_extensions = req_ext distinguished_name = dn - + [ dn ] C = ST = @@ -89,10 +88,10 @@ manually through `easyrsa`, `openssl` or `cfssl`. O = OU = CN = - + [ req_ext ] subjectAltName = @alt_names - + [ alt_names ] DNS.1 = kubernetes DNS.2 = kubernetes.default @@ -101,7 +100,7 @@ manually through `easyrsa`, `openssl` or `cfssl`. DNS.5 = kubernetes.default.svc.cluster.local IP.1 = IP.2 = - + [ v3_ext ] authorityKeyIdentifier=keyid,issuer:always basicConstraints=CA:FALSE @@ -213,7 +212,7 @@ Finally, add the same parameters into the API server start parameters. "O": "", "OU": "" }] - } + } 1. Generate the key and certificate for the API server, which are by default saved into file `server-key.pem` and `server.pem` respectively: diff --git a/content/en/docs/concepts/cluster-administration/cloud-providers.md b/content/en/docs/concepts/cluster-administration/cloud-providers.md index f87b567ca3..e3c7f153af 100644 --- a/content/en/docs/concepts/cluster-administration/cloud-providers.md +++ b/content/en/docs/concepts/cluster-administration/cloud-providers.md @@ -9,12 +9,11 @@ This page explains how to manage Kubernetes running on a specific cloud provider. {{% /capture %}} -{{< toc >}} {{% capture body %}} ### kubeadm -[kubeadm](/docs/reference/setup-tools/kubeadm/kubeadm/) is a popular option for creating kubernetes clusters. -kubeadm has configuration options to specify configuration information for cloud providers. For example a typical +[kubeadm](/docs/reference/setup-tools/kubeadm/kubeadm/) is a popular option for creating kubernetes clusters. +kubeadm has configuration options to specify configuration information for cloud providers. For example a typical in-tree cloud provider can be configured using kubeadm as shown below: ```yaml @@ -214,7 +213,7 @@ file: connotation, a deployment can use a geographical name for a region identifier such as `us-east`. Available regions are found under the `/v3/regions` endpoint of the Keystone API. -* `ca-file` (Optional): Used to specify the path to your custom CA file. +* `ca-file` (Optional): Used to specify the path to your custom CA file. When using Keystone V3 - which changes tenant to project - the `tenant-id` value @@ -361,12 +360,12 @@ Note that the Kubernetes Node name must match the Photon VM name (or if `overrid The VSphere cloud provider uses the hostname of the node (as determined by the kubelet or overridden with `--hostname-override`) as the name of the Kubernetes Node object. -## IBM Cloud Kubernetes Service +## IBM Cloud Kubernetes Service ### Compute nodes By using the IBM Cloud Kubernetes Service provider, you can create clusters with a mixture of virtual and physical (bare metal) nodes in a single zone or across multiple zones in a region. For more information, see [Planning your cluster and worker node setup](https://console.bluemix.net/docs/containers/cs_clusters_planning.html#plan_clusters). -The name of the Kubernetes Node object is the private IP address of the IBM Cloud Kubernetes Service worker node instance. +The name of the Kubernetes Node object is the private IP address of the IBM Cloud Kubernetes Service worker node instance. ### Networking The IBM Cloud Kubernetes Service provider provides VLANs for quality network performance and network isolation for nodes. You can set up custom firewalls and Calico network policies to add an extra layer of security for your cluster, or connect your cluster to your on-prem data center via VPN. For more information, see [Planning in-cluster and private networking](https://console.bluemix.net/docs/containers/cs_network_cluster.html#planning). diff --git a/content/en/docs/concepts/cluster-administration/kubelet-garbage-collection.md b/content/en/docs/concepts/cluster-administration/kubelet-garbage-collection.md index 99364fc56e..1d3c42bac3 100644 --- a/content/en/docs/concepts/cluster-administration/kubelet-garbage-collection.md +++ b/content/en/docs/concepts/cluster-administration/kubelet-garbage-collection.md @@ -14,7 +14,6 @@ External garbage collection tools are not recommended as these tools can potenti {{% /capture %}} -{{< toc >}} {{% capture body %}} diff --git a/content/en/docs/concepts/cluster-administration/logging.md b/content/en/docs/concepts/cluster-administration/logging.md index 731efcf9e9..f64e0e0aa3 100644 --- a/content/en/docs/concepts/cluster-administration/logging.md +++ b/content/en/docs/concepts/cluster-administration/logging.md @@ -15,7 +15,6 @@ However, the native functionality provided by a container engine or runtime is u {{% /capture %}} -{{< toc >}} {{% capture body %}} diff --git a/content/en/docs/concepts/cluster-administration/manage-deployment.md b/content/en/docs/concepts/cluster-administration/manage-deployment.md index c50f54ce23..e32fe5b8fb 100644 --- a/content/en/docs/concepts/cluster-administration/manage-deployment.md +++ b/content/en/docs/concepts/cluster-administration/manage-deployment.md @@ -14,7 +14,6 @@ You've deployed your application and exposed it via a service. Now what? Kuberne {{% /capture %}} -{{< toc >}} {{% capture body %}} diff --git a/content/en/docs/concepts/cluster-administration/networking.md b/content/en/docs/concepts/cluster-administration/networking.md index e1e16ea47a..58521895f3 100644 --- a/content/en/docs/concepts/cluster-administration/networking.md +++ b/content/en/docs/concepts/cluster-administration/networking.md @@ -18,7 +18,6 @@ default. There are 4 distinct networking problems to solve: {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -123,10 +122,10 @@ AOS supports the use of common vendor equipment from manufacturers including Cis Details on how the AOS system works can be accessed here: http://www.apstra.com/products/how-it-works/ ### Big Cloud Fabric from Big Switch Networks - -[Big Cloud Fabric](https://www.bigswitch.com/container-network-automation) is a cloud native networking architecture, designed to run Kubernetes in private cloud/on-premises environments. Using unified physical & virtual SDN, Big Cloud Fabric tackles inherent container networking problems such as load balancing, visibility, troubleshooting, security policies & container traffic monitoring. -With the help of the Big Cloud Fabric's virtual pod multi-tenant architecture, container orchestration systems such as Kubernetes, RedHat Openshift, Mesosphere DC/OS & Docker Swarm will be natively integrated along side with VM orchestration systems such as VMware, OpenStack & Nutanix. Customers will be able to securely inter-connect any number of these clusters and enable inter-tenant communication between them if needed. +[Big Cloud Fabric](https://www.bigswitch.com/container-network-automation) is a cloud native networking architecture, designed to run Kubernetes in private cloud/on-premises environments. Using unified physical & virtual SDN, Big Cloud Fabric tackles inherent container networking problems such as load balancing, visibility, troubleshooting, security policies & container traffic monitoring. + +With the help of the Big Cloud Fabric's virtual pod multi-tenant architecture, container orchestration systems such as Kubernetes, RedHat Openshift, Mesosphere DC/OS & Docker Swarm will be natively integrated along side with VM orchestration systems such as VMware, OpenStack & Nutanix. Customers will be able to securely inter-connect any number of these clusters and enable inter-tenant communication between them if needed. BCF was recognized by Gartner as a visionary in the latest [Magic Quadrant](http://go.bigswitch.com/17GatedDocuments-MagicQuadrantforDataCenterNetworking_Reg.html). One of the BCF Kubernetes on-premises deployments (which includes Kubernetes, DC/OS & VMware running on multiple DCs across different geographic regions) is also referenced [here](https://portworx.com/architects-corner-kubernetes-satya-komala-nio/). @@ -182,7 +181,7 @@ each other and `Nodes` over the `cbr0` bridge. Those IPs are all routable within the GCE project network. GCE itself does not know anything about these IPs, though, so it will not NAT -them for outbound internet traffic. To achieve that an iptables rule is used +them for outbound internet traffic. To achieve that an iptables rule is used to masquerade (aka SNAT - to make it seem as if packets came from the `Node` itself) traffic that is bound for IPs outside the GCE project network (10.0.0.0/8). @@ -203,7 +202,7 @@ traffic to the internet. ### Jaguar -[Jaguar](https://gitlab.com/sdnlab/jaguar) is an open source solution for Kubernetes's network based on OpenDaylight. Jaguar provides overlay network using vxlan and Jaguar CNIPlugin provides one IP address per pod. +[Jaguar](https://gitlab.com/sdnlab/jaguar) is an open source solution for Kubernetes's network based on OpenDaylight. Jaguar provides overlay network using vxlan and Jaguar CNIPlugin provides one IP address per pod. ### Knitter @@ -232,10 +231,10 @@ Lars Kellogg-Stedman. Multus supports all [reference plugins](https://github.com/containernetworking/plugins) (eg. [Flannel](https://github.com/containernetworking/plugins/tree/master/plugins/meta/flannel), [DHCP](https://github.com/containernetworking/plugins/tree/master/plugins/ipam/dhcp), [Macvlan](https://github.com/containernetworking/plugins/tree/master/plugins/main/macvlan)) that implement the CNI specification and 3rd party plugins (eg. [Calico](https://github.com/projectcalico/cni-plugin), [Weave](https://github.com/weaveworks/weave), [Cilium](https://github.com/cilium/cilium), [Contiv](https://github.com/contiv/netplugin)). In addition to it, Multus supports [SRIOV](https://github.com/hustcat/sriov-cni), [DPDK](https://github.com/Intel-Corp/sriov-cni), [OVS-DPDK & VPP](https://github.com/intel/vhost-user-net-plugin) workloads in Kubernetes with both cloud native and NFV based applications in Kubernetes. ### NSX-T - + [VMware NSX-T](https://docs.vmware.com/en/VMware-NSX-T/index.html) is a network virtualization and security platform. NSX-T can provide network virtualization for a multi-cloud and multi-hypervisor environment and is focused on emerging application frameworks and architectures that have heterogeneous endpoints and technology stacks. In addition to vSphere hypervisors, these environments include other hypervisors such as KVM, containers, and bare metal. - -[NSX-T Container Plug-in (NCP)](https://docs.vmware.com/en/VMware-NSX-T/2.0/nsxt_20_ncp_kubernetes.pdf) provides integration between NSX-T and container orchestrators such as Kubernetes, as well as integration between NSX-T and container-based CaaS/PaaS platforms such as Pivotal Container Service (PKS) and Openshift. + +[NSX-T Container Plug-in (NCP)](https://docs.vmware.com/en/VMware-NSX-T/2.0/nsxt_20_ncp_kubernetes.pdf) provides integration between NSX-T and container orchestrators such as Kubernetes, as well as integration between NSX-T and container-based CaaS/PaaS platforms such as Pivotal Container Service (PKS) and Openshift. ### Nuage Networks VCS (Virtualized Cloud Services) diff --git a/content/en/docs/concepts/configuration/assign-pod-node.md b/content/en/docs/concepts/configuration/assign-pod-node.md index 1bb887fa52..d1d9cffc53 100644 --- a/content/en/docs/concepts/configuration/assign-pod-node.md +++ b/content/en/docs/concepts/configuration/assign-pod-node.md @@ -8,7 +8,6 @@ content_template: templates/concept weight: 30 --- -{{< toc >}} {{% capture overview %}} @@ -144,7 +143,7 @@ among nodes that meet that criteria, nodes with a label whose key is `another-no value is `another-node-label-value` should be preferred. You can see the operator `In` being used in the example. The new node affinity syntax supports the following operators: `In`, `NotIn`, `Exists`, `DoesNotExist`, `Gt`, `Lt`. -You can use `NotIn` and `DoesNotExist` to achieve node anti-affinity behavior, or use +You can use `NotIn` and `DoesNotExist` to achieve node anti-affinity behavior, or use [node taints](/docs/concepts/configuration/taint-and-toleration/) to repel pods from specific nodes. If you specify both `nodeSelector` and `nodeAffinity`, *both* must be satisfied for the pod @@ -158,7 +157,7 @@ If you remove or change the label of the node where the pod is scheduled, the po The `weight` field in `preferredDuringSchedulingIgnoredDuringExecution` is in the range 1-100. For each node that meets all of the scheduling requirements (resource request, RequiredDuringScheduling affinity expressions, etc.), the scheduler will compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding MatchExpressions. This score is then combined with the scores of other priority functions for the node. The node(s) with the highest total score are the most preferred. -For more information on node affinity, see the +For more information on node affinity, see the [design doc](https://git.k8s.io/community/contributors/design-proposals/scheduling/nodeaffinity.md). ### Inter-pod affinity and anti-affinity (beta feature) @@ -174,7 +173,7 @@ like node, rack, cloud provider zone, cloud provider region, etc. You express it key for the node label that the system uses to denote such a topology domain, e.g. see the label keys listed above in the section [Interlude: built-in node labels](#interlude-built-in-node-labels). -**Note:** Inter-pod affinity and anti-affinity require substantial amount of +**Note:** Inter-pod affinity and anti-affinity require substantial amount of processing which can slow down scheduling in large clusters significantly. We do not recommend using them in clusters larger than several hundred nodes. @@ -206,7 +205,7 @@ value V that is running a pod that has a label with key "security" and value "S1 rule says that the pod prefers not to be scheduled onto a node if that node is already running a pod with label having key "security" and value "S2". (If the `topologyKey` were `failure-domain.beta.kubernetes.io/zone` then it would mean that the pod cannot be scheduled onto a node if that node is in the same zone as a pod with -label having key "security" and value "S2".) See the +label having key "security" and value "S2".) See the [design doc](https://git.k8s.io/community/contributors/design-proposals/scheduling/podaffinity.md) for many more examples of pod affinity and anti-affinity, both the `requiredDuringSchedulingIgnoredDuringExecution` flavor and the `preferredDuringSchedulingIgnoredDuringExecution` flavor. @@ -333,12 +332,12 @@ web-server-1287567482-s330j 1/1 Running 0 7m 10.192.3 ##### Never co-located in the same node -The above example uses `PodAntiAffinity` rule with `topologyKey: "kubernetes.io/hostname"` to deploy the redis cluster so that -no two instances are located on the same host. -See [ZooKeeper tutorial](/docs/tutorials/stateful-application/zookeeper/#tolerating-node-failure) +The above example uses `PodAntiAffinity` rule with `topologyKey: "kubernetes.io/hostname"` to deploy the redis cluster so that +no two instances are located on the same host. +See [ZooKeeper tutorial](/docs/tutorials/stateful-application/zookeeper/#tolerating-node-failure) for an example of a StatefulSet configured with anti-affinity for high availability, using the same technique. -For more information on inter-pod affinity/anti-affinity, see the +For more information on inter-pod affinity/anti-affinity, see the [design doc](https://git.k8s.io/community/contributors/design-proposals/scheduling/podaffinity.md). You may want to check [Taints](/docs/concepts/configuration/taint-and-toleration/) diff --git a/content/en/docs/concepts/configuration/secret.md b/content/en/docs/concepts/configuration/secret.md index 13a319fc71..b98137b871 100644 --- a/content/en/docs/concepts/configuration/secret.md +++ b/content/en/docs/concepts/configuration/secret.md @@ -10,7 +10,6 @@ feature: weight: 50 --- -{{< toc >}} {{% capture overview %}} @@ -546,10 +545,10 @@ secret "test-db-secret" created ``` {{< note >}} **Note:** Special characters such as `$`, `\*`, and `!` require escaping. -If the password you are using has special characters, you need to escape them using the `\\` character. For example, if your actual password is `S!B\*d$zDsb`, you should execute the command this way: +If the password you are using has special characters, you need to escape them using the `\\` character. For example, if your actual password is `S!B\*d$zDsb`, you should execute the command this way: kubectl create secret generic dev-db-secret --from-literal=username=devuser --from-literal=password=S\\!B\\\*d\\$zDsb - + You do not need to escape special characters in passwords from files (`--from-file`). {{< /note >}} @@ -773,7 +772,7 @@ Pod level](#use-case-secret-visible-to-one-container-in-a-pod). by impersonating the kubelet. It is a planned feature to only send secrets to nodes that actually require them, to restrict the impact of a root exploit on a single node. - + {{< note >}} **Note:** As of 1.7 [encryption of secret data at rest is supported](/docs/tasks/administer-cluster/encrypt-data/). {{< /note >}} diff --git a/content/en/docs/concepts/configuration/taint-and-toleration.md b/content/en/docs/concepts/configuration/taint-and-toleration.md index ceab0e271a..bb41dca5f0 100644 --- a/content/en/docs/concepts/configuration/taint-and-toleration.md +++ b/content/en/docs/concepts/configuration/taint-and-toleration.md @@ -8,7 +8,6 @@ content_template: templates/concept weight: 40 --- -{{< toc >}} {{% capture overview %}} Node affinity, described [here](/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature), diff --git a/content/en/docs/concepts/containers/container-environment-variables.md b/content/en/docs/concepts/containers/container-environment-variables.md index cefa41c50a..b8b3c28a6b 100644 --- a/content/en/docs/concepts/containers/container-environment-variables.md +++ b/content/en/docs/concepts/containers/container-environment-variables.md @@ -13,7 +13,6 @@ This page describes the resources available to Containers in the Container envir {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -63,5 +62,3 @@ if [DNS addon](http://releases.k8s.io/{{< param "githubbranch" >}}/cluster/addon [attaching handlers to Container lifecycle events](/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/). {{% /capture %}} - - diff --git a/content/en/docs/concepts/containers/container-lifecycle-hooks.md b/content/en/docs/concepts/containers/container-lifecycle-hooks.md index 633170db63..f85569032b 100644 --- a/content/en/docs/concepts/containers/container-lifecycle-hooks.md +++ b/content/en/docs/concepts/containers/container-lifecycle-hooks.md @@ -14,7 +14,6 @@ to run code triggered by events during their management lifecycle. {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -122,5 +121,3 @@ Events: [attaching handlers to Container lifecycle events](/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/). {{% /capture %}} - - diff --git a/content/en/docs/concepts/containers/images.md b/content/en/docs/concepts/containers/images.md index 045529d5b8..23763279c8 100644 --- a/content/en/docs/concepts/containers/images.md +++ b/content/en/docs/concepts/containers/images.md @@ -15,7 +15,6 @@ The `image` property of a container supports the same syntax as the `docker` com {{% /capture %}} -{{< toc >}} {{% capture body %}} diff --git a/content/en/docs/concepts/containers/runtime-class.md b/content/en/docs/concepts/containers/runtime-class.md index 5ff9802980..7d0484c256 100644 --- a/content/en/docs/concepts/containers/runtime-class.md +++ b/content/en/docs/concepts/containers/runtime-class.md @@ -15,7 +15,6 @@ This page describes the RuntimeClass resource and runtime selection mechanism. {{% /capture %}} -{{< toc >}} {{% capture body %}} diff --git a/content/en/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins.md b/content/en/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins.md index e2f521a806..64954f2dfe 100644 --- a/content/en/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins.md +++ b/content/en/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins.md @@ -8,7 +8,6 @@ content_template: templates/concept weight: 10 --- -{{< toc >}} {{% capture overview %}} diff --git a/content/en/docs/concepts/overview/kubernetes-api.md b/content/en/docs/concepts/overview/kubernetes-api.md index 464799628b..8bf6b92bfa 100644 --- a/content/en/docs/concepts/overview/kubernetes-api.md +++ b/content/en/docs/concepts/overview/kubernetes-api.md @@ -22,7 +22,6 @@ Kubernetes itself is decomposed into multiple components, which interact through {{% /capture %}} -{{< toc >}} {{% capture body %}} diff --git a/content/en/docs/concepts/overview/working-with-objects/labels.md b/content/en/docs/concepts/overview/working-with-objects/labels.md index b4fb6959cc..65b6430ed2 100644 --- a/content/en/docs/concepts/overview/working-with-objects/labels.md +++ b/content/en/docs/concepts/overview/working-with-objects/labels.md @@ -26,7 +26,6 @@ We'll eventually index and reverse-index labels for efficient queries and watche {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -202,4 +201,4 @@ selector: One use case for selecting over labels is to constrain the set of nodes onto which a pod can schedule. See the documentation on [node selection](/docs/concepts/configuration/assign-pod-node/) for more information. -{{% /capture %}} \ No newline at end of file +{{% /capture %}} diff --git a/content/en/docs/concepts/overview/working-with-objects/names.md b/content/en/docs/concepts/overview/working-with-objects/names.md index 2c3cbec15d..7499a96a66 100644 --- a/content/en/docs/concepts/overview/working-with-objects/names.md +++ b/content/en/docs/concepts/overview/working-with-objects/names.md @@ -17,7 +17,6 @@ See the [identifiers design doc](https://git.k8s.io/community/contributors/desig {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -31,4 +30,4 @@ By convention, the names of Kubernetes resources should be up to maximum length {{< glossary_definition term_id="uid" length="all" >}} -{{% /capture %}} \ No newline at end of file +{{% /capture %}} diff --git a/content/en/docs/concepts/overview/working-with-objects/namespaces.md b/content/en/docs/concepts/overview/working-with-objects/namespaces.md index 86ac5c3573..eb10f1067b 100644 --- a/content/en/docs/concepts/overview/working-with-objects/namespaces.md +++ b/content/en/docs/concepts/overview/working-with-objects/namespaces.md @@ -15,7 +15,6 @@ These virtual clusters are called namespaces. {{% /capture %}} -{{< toc >}} {{% capture body %}} diff --git a/content/en/docs/concepts/policy/pod-security-policy.md b/content/en/docs/concepts/policy/pod-security-policy.md index eb51921e56..08cec73817 100644 --- a/content/en/docs/concepts/policy/pod-security-policy.md +++ b/content/en/docs/concepts/policy/pod-security-policy.md @@ -16,7 +16,6 @@ updates. {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -145,7 +144,7 @@ For a complete example of authorizing a PodSecurityPolicy, see ### Troubleshooting - The [Controller Manager](/docs/admin/kube-controller-manager/) must be run -against [the secured API port](/docs/reference/access-authn-authz/controlling-access/), +against [the secured API port](/docs/reference/access-authn-authz/controlling-access/), and must not have superuser permissions. Otherwise requests would bypass authentication and authorization modules, all PodSecurityPolicy objects would be allowed, and users would be able to create privileged containers. For more details @@ -375,7 +374,7 @@ several security mechanisms. ### Privileged **Privileged** - determines if any container in a pod can enable privileged mode. -By default a container is not allowed to access any devices on the host, but a +By default a container is not allowed to access any devices on the host, but a "privileged" container is given access to all devices on the host. This allows the container nearly all the same access as processes running on the host. This is useful for containers that want to use linux capabilities like @@ -443,11 +442,11 @@ allowedHostPaths: readOnly: true # only allow read-only mounts ``` -{{< warning >}}**Warning:** There are many ways a container with unrestricted access to the host +{{< warning >}}**Warning:** There are many ways a container with unrestricted access to the host filesystem can escalate privileges, including reading data from other containers, and abusing the credentials of system services, such as Kubelet. -Writeable hostPath directory volumes allow containers to write +Writeable hostPath directory volumes allow containers to write to the filesystem in ways that let them traverse the host filesystem outside the `pathPrefix`. `readOnly: true`, available in Kubernetes 1.11+, must be used on **all** `allowedHostPaths` to effectively limit access to the specified `pathPrefix`. @@ -474,7 +473,7 @@ spec: # ... other spec fields volumes: - flexVolume - allowedFlexVolumes: + allowedFlexVolumes: - driver: example/lvm - driver: example/cifs ``` @@ -569,15 +568,15 @@ specified. ### AllowedProcMountTypes `allowedProcMountTypes` is a whitelist of allowed ProcMountTypes. -Empty or nil indicates that only the `DefaultProcMountType` may be used. +Empty or nil indicates that only the `DefaultProcMountType` may be used. `DefaultProcMount` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information. This is denoted as the string `Default`. -The only other ProcMountType is `UnmaskedProcMount`, which bypasses the -default masking behavior of the container runtime and ensures the newly +The only other ProcMountType is `UnmaskedProcMount`, which bypasses the +default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications. This is denoted as the string `Unmasked`. diff --git a/content/en/docs/concepts/policy/resource-quotas.md b/content/en/docs/concepts/policy/resource-quotas.md index 9ee1c54ddb..087961b418 100644 --- a/content/en/docs/concepts/policy/resource-quotas.md +++ b/content/en/docs/concepts/policy/resource-quotas.md @@ -15,7 +15,6 @@ Resource quotas are a tool for administrators to address this concern. {{% /capture %}} -{{< toc >}} {{% capture body %}} diff --git a/content/en/docs/concepts/services-networking/connect-applications-service.md b/content/en/docs/concepts/services-networking/connect-applications-service.md index 0de0619a79..c01eb8c68f 100644 --- a/content/en/docs/concepts/services-networking/connect-applications-service.md +++ b/content/en/docs/concepts/services-networking/connect-applications-service.md @@ -8,7 +8,6 @@ content_template: templates/concept weight: 30 --- -{{< toc >}} {{% capture overview %}} @@ -375,4 +374,3 @@ the [Federated Services User Guide](/docs/concepts/cluster-administration/federa for further information. {{% /capture %}} - diff --git a/content/en/docs/concepts/services-networking/service.md b/content/en/docs/concepts/services-networking/service.md index f57f1c534a..9fc2bb79b4 100644 --- a/content/en/docs/concepts/services-networking/service.md +++ b/content/en/docs/concepts/services-networking/service.md @@ -11,7 +11,6 @@ content_template: templates/concept weight: 10 --- -{{< toc >}} {{% capture overview %}} @@ -88,7 +87,7 @@ Kubernetes `Services` support `TCP`, `UDP` and `SCTP` for protocols. The defaul is `TCP`. {{< note >}} -**Note:** SCTP support is an alpha feature since Kubernetes 1.12 +**Note:** SCTP support is an alpha feature since Kubernetes 1.12 {{< /note >}} ### Services without selectors @@ -461,7 +460,7 @@ group of the other automatically created resources of the cluster. For example, {{< note >}} **Note:** The support of SCTP in the cloud provider's load balancer is up to the cloud provider's -load balancer implementation. If SCTP is not supported by the cloud provider's load balancer the +load balancer implementation. If SCTP is not supported by the cloud provider's load balancer the Service creation request is accepted but the creation of the load balancer fails. {{< /note >}} @@ -938,7 +937,7 @@ Kubernetes supports SCTP as a `protocol` value in `Service`, `Endpoint`, `Networ #### The support of multihomed SCTP associations -The support of multihomed SCTP associations requires that the CNI plugin can support the assignment of multiple interfaces and IP addresses to a `Pod`. +The support of multihomed SCTP associations requires that the CNI plugin can support the assignment of multiple interfaces and IP addresses to a `Pod`. NAT for multihomed SCTP associations requires special logic in the corresponding kernel modules. @@ -961,4 +960,3 @@ The kube-proxy does not support the management of SCTP associations when it is i Read [Connecting a Front End to a Back End Using a Service](/docs/tasks/access-application-cluster/connecting-frontend-backend/). {{% /capture %}} - diff --git a/content/en/docs/concepts/storage/dynamic-provisioning.md b/content/en/docs/concepts/storage/dynamic-provisioning.md index cb180fb706..0a30dc447b 100644 --- a/content/en/docs/concepts/storage/dynamic-provisioning.md +++ b/content/en/docs/concepts/storage/dynamic-provisioning.md @@ -21,7 +21,6 @@ automatically provisions storage when it is requested by users. {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -132,5 +131,3 @@ Pods are scheduled. This can be accomplished by setting the [Volume Binding Mode](/docs/concepts/storage/storage-classes/#volume-binding-mode). {{% /capture %}} - - diff --git a/content/en/docs/concepts/storage/persistent-volumes.md b/content/en/docs/concepts/storage/persistent-volumes.md index 2baa9d7f8b..28fc8b4f1a 100644 --- a/content/en/docs/concepts/storage/persistent-volumes.md +++ b/content/en/docs/concepts/storage/persistent-volumes.md @@ -20,7 +20,6 @@ This document describes the current state of `PersistentVolumes` in Kubernetes. {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -674,7 +673,7 @@ and need persistent storage, we recommend that you use the following pattern: `persistentVolumeClaim.storageClassName` field. This will cause the PVC to match the right storage class if the cluster has StorageClasses enabled by the admin. - - If the user does not provide a storage class name, leave the + - If the user does not provide a storage class name, leave the `persistentVolumeClaim.storageClassName` field as nil. - This will cause a PV to be automatically provisioned for the user with the default StorageClass in the cluster. Many cluster environments have diff --git a/content/en/docs/concepts/storage/volume-snapshot-classes.md b/content/en/docs/concepts/storage/volume-snapshot-classes.md index 5ad05107eb..fcc16d4ef3 100644 --- a/content/en/docs/concepts/storage/volume-snapshot-classes.md +++ b/content/en/docs/concepts/storage/volume-snapshot-classes.md @@ -4,7 +4,7 @@ reviewers: - saad-ali - thockin - msau42 -title: Volume Snapshot Classes +title: Volume Snapshot Classes content_template: templates/concept weight: 30 --- @@ -17,7 +17,6 @@ with [volume snapshots](/docs/concepts/storage/volume-snapshots/) and {{% /capture %}} -{{< toc >}} {{% capture body %}} diff --git a/content/en/docs/concepts/storage/volume-snapshots.md b/content/en/docs/concepts/storage/volume-snapshots.md index 73647b7825..6b57db96aa 100644 --- a/content/en/docs/concepts/storage/volume-snapshots.md +++ b/content/en/docs/concepts/storage/volume-snapshots.md @@ -15,7 +15,6 @@ This document describes the current state of `VolumeSnapshots` in Kubernetes. Fa {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -23,7 +22,7 @@ This document describes the current state of `VolumeSnapshots` in Kubernetes. Fa Similar to how API resources `PersistentVolume` and `PersistentVolumeClaim` are used to provision volumes for users and administrators, `VolumeSnapshotContent` and `VolumeSnapshot` API resources are provided to create volume snapshots for users and administrators. -A `VolumeSnapshotContent` is a snapshot taken from a volume in the cluster that has been provisioned by an administrator. It is a resource in the cluster just like a PersistentVolume is a cluster resource. +A `VolumeSnapshotContent` is a snapshot taken from a volume in the cluster that has been provisioned by an administrator. It is a resource in the cluster just like a PersistentVolume is a cluster resource. A `VolumeSnapshot` is a request for snapshot of a volume by a user. It is similar to a PersistentVolumeClaim. @@ -81,7 +80,7 @@ metadata: spec: snapshotClassName: csi-hostpath-snapclass source: - name: pvc-test + name: pvc-test kind: PersistentVolumeClaim volumeSnapshotSource: csiVolumeSnapshotSource: diff --git a/content/en/docs/concepts/storage/volumes.md b/content/en/docs/concepts/storage/volumes.md index 5ad6ec22c2..5f16c2b464 100644 --- a/content/en/docs/concepts/storage/volumes.md +++ b/content/en/docs/concepts/storage/volumes.md @@ -22,7 +22,6 @@ Familiarity with [Pods](/docs/user-guide/pods) is suggested. {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -925,7 +924,7 @@ A `storageos` volume allows an existing [StorageOS](https://www.storageos.com) volume to be mounted into your Pod. StorageOS runs as a Container within your Kubernetes environment, making local -or attached storage accessible from any node within the Kubernetes cluster. +or attached storage accessible from any node within the Kubernetes cluster. Data can be replicated to protect against node failure. Thin provisioning and compression can improve utilization and reduce cost. @@ -1053,7 +1052,7 @@ spec: image: mysql env: - name: MYSQL_ROOT_PASSWORD - value: "rootpasswd" + value: "rootpasswd" volumeMounts: - mountPath: /var/lib/mysql name: site-data @@ -1103,7 +1102,7 @@ spec: restartPolicy: Never volumes: - name: workdir1 - hostPath: + hostPath: path: /var/log/pods ``` @@ -1123,7 +1122,7 @@ several media types. ## Out-of-Tree Volume Plugins The Out-of-tree volume plugins include the Container Storage Interface (CSI) and Flexvolume. They enable storage vendors to create custom storage plugins -without adding them to the Kubernetes repository. +without adding them to the Kubernetes repository. Before the introduction of CSI and Flexvolume, all volume plugins (like volume types listed above) were "in-tree" meaning they were built, linked, @@ -1210,8 +1209,8 @@ persistent volume: {{< feature-state for_k8s_version="v1.11" state="alpha" >}} Starting with version 1.11, CSI introduced support for raw block volumes, which -relies on the raw block volume feature that was introduced in a previous version of -Kubernetes. This feature will make it possible for vendors with external CSI drivers to +relies on the raw block volume feature that was introduced in a previous version of +Kubernetes. This feature will make it possible for vendors with external CSI drivers to implement raw block volumes support in Kubernetes workloads. CSI block volume support is feature-gated and turned off by default. To run CSI with @@ -1222,7 +1221,7 @@ Kubernetes component using the following feature gate flags: --feature-gates=BlockVolume=true,CSIBlockVolume=true ``` -Learn how to +Learn how to [setup your PV/PVC with raw block volume support](/docs/concepts/storage/persistent-volumes/#raw-block-volume-support). ### Flexvolume @@ -1283,7 +1282,7 @@ In addition, any volume mounts created by Containers in Pods must be destroyed {{< /caution >}} ### Configuration -Before mount propagation can work properly on some deployments (CoreOS, +Before mount propagation can work properly on some deployments (CoreOS, RedHat/Centos, Ubuntu) mount share must be configured correctly in Docker as shown below. @@ -1302,5 +1301,3 @@ $ sudo systemctl restart docker {{% capture whatsnext %}} * Follow an example of [deploying WordPress and MySQL with Persistent Volumes](/docs/tutorials/stateful-application/mysql-wordpress-persistent-volume/). {{% /capture %}} - - diff --git a/content/en/docs/concepts/workloads/controllers/cron-jobs.md b/content/en/docs/concepts/workloads/controllers/cron-jobs.md index 1c4e53ff95..3169cb13bf 100644 --- a/content/en/docs/concepts/workloads/controllers/cron-jobs.md +++ b/content/en/docs/concepts/workloads/controllers/cron-jobs.md @@ -16,13 +16,12 @@ One CronJob object is like one line of a _crontab_ (cron table) file. It runs a on a given schedule, written in [Cron](https://en.wikipedia.org/wiki/Cron) format. {{< note >}} **Note:** All **CronJob** `schedule:` times are denoted in UTC. -{{< /note >}} +{{< /note >}} For instructions on creating and working with cron jobs, and for an example of a spec file for a cron job, see [Running automated tasks with cron jobs](/docs/tasks/job/automated-tasks-with-cron-jobs). {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -42,7 +41,7 @@ For every CronJob, the CronJob controller checks how many schedules it missed in Cannot determine if job needs to be started. Too many missed start time (> 100). Set or decrease .spec.startingDeadlineSeconds or check clock skew. ```` -It is important to note that if the `startingDeadlineSeconds` field is set (not `nil`), the controller counts how many missed jobs occurred from the value of `startingDeadlineSeconds` until now rather than from the last scheduled time until now. For example, if `startingDeadlineSeconds` is `200`, the controller counts how many missed jobs occurred in the last 200 seconds. +It is important to note that if the `startingDeadlineSeconds` field is set (not `nil`), the controller counts how many missed jobs occurred from the value of `startingDeadlineSeconds` until now rather than from the last scheduled time until now. For example, if `startingDeadlineSeconds` is `200`, the controller counts how many missed jobs occurred in the last 200 seconds. A CronJob is counted as missed if it has failed to be created at its scheduled time. For example, If `concurrencyPolicy` is set to `Forbid` and a CronJob was attempted to be scheduled when there was a previous schedule still running, then it would count as missed. diff --git a/content/en/docs/concepts/workloads/controllers/daemonset.md b/content/en/docs/concepts/workloads/controllers/daemonset.md index 92a995b042..004dfe4923 100644 --- a/content/en/docs/concepts/workloads/controllers/daemonset.md +++ b/content/en/docs/concepts/workloads/controllers/daemonset.md @@ -29,7 +29,6 @@ different flags and/or different memory and cpu requests for different hardware {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -130,7 +129,7 @@ That introduces the following issues: * [Pod preemption](/docs/concepts/configuration/pod-priority-preemption/) is handled by default scheduler. When preemption is enabled, the DaemonSet controller will make scheduling decisions without considering pod priority and preemption. - + `ScheduleDaemonSetPods` allows you to schedule DaemonSets using the default scheduler instead of the DaemonSet controller, by adding the `NodeAffinity` term to the DaemonSet pods, instead of the `.spec.nodeName` term. The default diff --git a/content/en/docs/concepts/workloads/controllers/jobs-run-to-completion.md b/content/en/docs/concepts/workloads/controllers/jobs-run-to-completion.md index 6c387861e5..0fc09ad537 100644 --- a/content/en/docs/concepts/workloads/controllers/jobs-run-to-completion.md +++ b/content/en/docs/concepts/workloads/controllers/jobs-run-to-completion.md @@ -26,7 +26,6 @@ A Job can also be used to run multiple pods in parallel. {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -223,7 +222,7 @@ Do this by setting the `.spec.activeDeadlineSeconds` field of the Job to a numbe The `activeDeadlineSeconds` applies to the duration of the job, no matter how many Pods are created. Once a Job reaches `activeDeadlineSeconds`, the Job and all of its Pods are terminated. -The result is that the job has a status with `reason: DeadlineExceeded`. +The result is that the job has a status with `reason: DeadlineExceeded`. Note that a Job's `.spec.activeDeadlineSeconds` takes precedence over its `.spec.backoffLimit`. Therefore, a Job that is retrying one or more failed Pods will not deploy additional Pods once it reaches the time limit specified by `activeDeadlineSeconds`, even if the `backoffLimit` is not yet reached. @@ -252,7 +251,7 @@ Note that both the Job Spec and the [Pod Template Spec](https://kubernetes.io/do Finished Jobs are usually no longer needed in the system. Keeping them around in the system will put pressure on the API server. If the Jobs are managed directly -by a higher level controller, such as +by a higher level controller, such as [CronJobs](/docs/concepts/workloads/controllers/cron-jobs/), the Jobs can be cleaned up by CronJobs based on the specified capacity-based cleanup policy. @@ -261,7 +260,7 @@ cleaned up by CronJobs based on the specified capacity-based cleanup policy. {{< feature-state for_k8s_version="v1.12" state="alpha" >}} Another way to clean up finished Jobs (either `Complete` or `Failed`) -automatically is to use a TTL mechanism provided by a +automatically is to use a TTL mechanism provided by a [TTL controller](/docs/concepts/workloads/controllers/ttlafterfinished/) for finished resources, by specifying the `.spec.ttlSecondsAfterFinished` field of the Job. @@ -290,16 +289,16 @@ spec: ``` The Job `pi-with-ttl` will be eligible to be automatically deleted, `100` -seconds after it finishes. +seconds after it finishes. If the field is set to `0`, the Job will be eligible to be automatically deleted immediately after it finishes. If the field is unset, this Job won't be cleaned up by the TTL controller after it finishes. Note that this TTL mechanism is alpha, with feature gate `TTLAfterFinished`. For -more information, see the documentation for +more information, see the documentation for [TTL controller](/docs/concepts/workloads/controllers/ttlafterfinished/) for -finished resources. +finished resources. ## Job Patterns diff --git a/content/en/docs/concepts/workloads/controllers/ttlafterfinished.md b/content/en/docs/concepts/workloads/controllers/ttlafterfinished.md index 1f8e355ff8..3ee76015f6 100644 --- a/content/en/docs/concepts/workloads/controllers/ttlafterfinished.md +++ b/content/en/docs/concepts/workloads/controllers/ttlafterfinished.md @@ -24,7 +24,6 @@ Alpha Disclaimer: this feature is currently alpha, and can be enabled with {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -34,7 +33,7 @@ Alpha Disclaimer: this feature is currently alpha, and can be enabled with The TTL controller only supports Jobs for now. A cluster operator can use this feature to clean up finished Jobs (either `Complete` or `Failed`) automatically by specifying the `.spec.ttlSecondsAfterFinished` field of a Job, as in this -[example](/docs/concepts/workloads/controllers/jobs-run-to-completion/#clean-up-finished-jobs-automatically). +[example](/docs/concepts/workloads/controllers/jobs-run-to-completion/#clean-up-finished-jobs-automatically). The TTL controller will assume that a resource is eligible to be cleaned up TTL seconds after the resource has finished, in other words, when the TTL has expired. When the TTL controller cleans up a resource, it will delete it cascadingly, i.e. delete diff --git a/content/en/docs/concepts/workloads/pods/disruptions.md b/content/en/docs/concepts/workloads/pods/disruptions.md index 1a620c9b75..79b0ac00d9 100644 --- a/content/en/docs/concepts/workloads/pods/disruptions.md +++ b/content/en/docs/concepts/workloads/pods/disruptions.md @@ -18,7 +18,6 @@ cluster actions, like upgrading and autoscaling clusters. {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -266,6 +265,3 @@ the nodes in your cluster, such as a node or system software upgrade, here are s * Learn more about [draining nodes](/docs/tasks/administer-cluster/safely-drain-node/) {{% /capture %}} - - - diff --git a/content/en/docs/concepts/workloads/pods/init-containers.md b/content/en/docs/concepts/workloads/pods/init-containers.md index 4fb114f66c..6ee6dd45ce 100644 --- a/content/en/docs/concepts/workloads/pods/init-containers.md +++ b/content/en/docs/concepts/workloads/pods/init-containers.md @@ -12,7 +12,6 @@ Containers that run before app Containers and can contain utilities or setup scripts not present in an app image. {{% /capture %}} -{{< toc >}} This feature has exited beta in 1.6. Init Containers can be specified in the PodSpec alongside the app `containers` array. The beta annotation value will still be respected @@ -329,6 +328,3 @@ is removed, requiring a conversion from the deprecated annotations to the * [Creating a Pod that has an Init Container](/docs/tasks/configure-pod-container/configure-pod-initialization/#creating-a-pod-that-has-an-init-container) {{% /capture %}} - - - diff --git a/content/en/docs/concepts/workloads/pods/pod-overview.md b/content/en/docs/concepts/workloads/pods/pod-overview.md index 3a467b6674..d08433ef39 100644 --- a/content/en/docs/concepts/workloads/pods/pod-overview.md +++ b/content/en/docs/concepts/workloads/pods/pod-overview.md @@ -10,7 +10,6 @@ weight: 10 This page provides an overview of `Pod`, the smallest deployable object in the Kubernetes object model. {{% /capture %}} -{{< toc >}} {{% capture body %}} ## Understanding Pods @@ -104,5 +103,3 @@ Rather than specifying the current desired state of all replicas, pod templates * [Pod Termination](/docs/concepts/workloads/pods/pod/#termination-of-pods) * Other Pod Topics {{% /capture %}} - - diff --git a/content/en/docs/concepts/workloads/pods/pod.md b/content/en/docs/concepts/workloads/pods/pod.md index 7b000b4768..d468102304 100644 --- a/content/en/docs/concepts/workloads/pods/pod.md +++ b/content/en/docs/concepts/workloads/pods/pod.md @@ -12,7 +12,6 @@ managed in Kubernetes. {{% /capture %}} -{{< toc >}} {{% capture body %}} diff --git a/content/en/docs/concepts/workloads/pods/podpreset.md b/content/en/docs/concepts/workloads/pods/podpreset.md index f6e2ec494c..6711ba2ffe 100644 --- a/content/en/docs/concepts/workloads/pods/podpreset.md +++ b/content/en/docs/concepts/workloads/pods/podpreset.md @@ -12,7 +12,6 @@ certain information into pods at creation time. The information can include secrets, volumes, volume mounts, and environment variables. {{% /capture %}} -{{< toc >}} {{% capture body %}} ## Understanding Pod Presets @@ -22,7 +21,7 @@ into a Pod at creation time. You use [label selectors](/docs/concepts/overview/working-with-objects/labels/#label-selectors) to specify the Pods to which a given Pod Preset applies. -Using a Pod Preset allows pod template authors to not have to explicitly provide +Using a Pod Preset allows pod template authors to not have to explicitly provide all information for every pod. This way, authors of pod templates consuming a specific service do not need to know all the details about that service. @@ -53,7 +52,7 @@ the Pod; for changes to `Volume`, Kubernetes modifies the Pod Spec. {{< note >}} **Note:** A Pod Preset is capable of modifying the `.spec.containers` field in a -Pod spec when appropriate. *No* resource definition from the Pod Preset will be +Pod spec when appropriate. *No* resource definition from the Pod Preset will be applied to the `initContainers` field. {{< /note >}} @@ -69,7 +68,7 @@ In order to use Pod Presets in your cluster you must ensure the following: 1. You have enabled the API type `settings.k8s.io/v1alpha1/podpreset`. For example, this can be done by including `settings.k8s.io/v1alpha1=true` in - the `--runtime-config` option for the API server. + the `--runtime-config` option for the API server. 1. You have enabled the admission controller `PodPreset`. One way to doing this is to include `PodPreset` in the `--enable-admission-plugins` option value specified for the API server. @@ -83,5 +82,3 @@ In order to use Pod Presets in your cluster you must ensure the following: * [Injecting data into a Pod using PodPreset](/docs/tasks/inject-data-application/podpreset/) {{% /capture %}} - - diff --git a/content/en/docs/contribute/localization.md b/content/en/docs/contribute/localization.md index 716f2279d2..7120607d2e 100644 --- a/content/en/docs/contribute/localization.md +++ b/content/en/docs/contribute/localization.md @@ -20,7 +20,6 @@ We encourage you to add new [localizations](https://blog.mozilla.org/l10n/2011/ {{% /capture %}} -{{< toc >}} {{% capture body %}} diff --git a/content/en/docs/contribute/style/content-organization.md b/content/en/docs/contribute/style/content-organization.md index f14a6432ab..61ee7d9a3b 100644 --- a/content/en/docs/contribute/style/content-organization.md +++ b/content/en/docs/contribute/style/content-organization.md @@ -4,7 +4,6 @@ content_template: templates/concept weight: 40 --- -{{< toc >}} {{% capture overview %}} @@ -62,7 +61,7 @@ linkTitle: Title used in links ### Documentation Side Menu -The documentation side-bar menu is built from the _current section tree_ starting below `docs/`. +The documentation side-bar menu is built from the _current section tree_ starting below `docs/`. It will show all sections and their pages. @@ -86,7 +85,7 @@ toc_hide: true ### The Main Menu -The site links in the top-right menu -- and also in the footer -- are built by page-lookups. This is to make sure that the page actually exists. So, if the `case-studies` section does not exist in a site (language), it will not be linked to. +The site links in the top-right menu -- and also in the footer -- are built by page-lookups. This is to make sure that the page actually exists. So, if the `case-studies` section does not exist in a site (language), it will not be linked to. ## Page Bundles @@ -137,4 +136,3 @@ The `SASS` source of the stylesheets for this site is stored below `src/sass` an * [Style guide](/docs/contribute/style/style-guide) {{% /capture %}} - diff --git a/content/en/docs/contribute/style/page-templates.md b/content/en/docs/contribute/style/page-templates.md index d1a21b83db..147e8f5ec7 100644 --- a/content/en/docs/contribute/style/page-templates.md +++ b/content/en/docs/contribute/style/page-templates.md @@ -23,7 +23,6 @@ template to use for a new topic, start with the {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -51,18 +50,18 @@ To write a new concept page, create a Markdown file in a subdirectory of the The page's body will look like this (remove any optional captures you don't need): - + ``` {{%/* capture overview */%}} - + {{%/* /capture */%}} - + {{%/* capture body */%}} - + {{%/* /capture */%}} - + {{%/* capture whatsnext */%}} - + {{%/* /capture */%}} ``` @@ -101,28 +100,28 @@ To write a new task page, create a Markdown file in a subdirectory of the The page's body will look like this (remove any optional captures you don't need): - + ``` {{%/* capture overview */%}} - + {{%/* /capture */%}} - + {{%/* capture prerequisites */%}} - + {{}} {{}} - + {{%/* /capture */%}} - + {{%/* capture steps */%}} - + {{%/* /capture */%}} - + {{%/* capture discussion */%}} - + {{%/* /capture */%}} - + {{%/* capture whatsnext */%}} - + {{%/* /capture */%}} ``` @@ -167,32 +166,32 @@ To write a new tutorial page, create a Markdown file in a subdirectory of the The page's body will look like this (remove any optional captures you don't need): - + ``` {{%/* capture overview */%}} - + {{%/* /capture */%}} - + {{%/* capture prerequisites */%}} - + {{}} {{}} - + {{%/* /capture */%}} - + {{%/* capture objectives */%}} - + {{%/* /capture */%}} - + {{%/* capture lessoncontent */%}} - + {{%/* /capture */%}} - + {{%/* capture cleanup */%}} - + {{%/* /capture */%}} - + {{%/* capture whatsnext */%}} - + {{%/* /capture */%}} ``` @@ -221,4 +220,3 @@ An example of a published topic that uses the tutorial template is - Learn about [content organization](/docs/contribute/style/content-organization/) {{% /capture %}} - diff --git a/content/en/docs/tasks/access-application-cluster/access-cluster.md b/content/en/docs/tasks/access-application-cluster/access-cluster.md index 5d424af279..1fcd18c10c 100644 --- a/content/en/docs/tasks/access-application-cluster/access-cluster.md +++ b/content/en/docs/tasks/access-application-cluster/access-cluster.md @@ -10,7 +10,6 @@ This topic discusses multiple ways to interact with clusters. {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -285,16 +284,16 @@ The redirect capabilities have been deprecated and removed. Please use a proxy There are several different proxies you may encounter when using Kubernetes: 1. The [kubectl proxy](#directly-accessing-the-rest-api): - + - runs on a user's desktop or in a pod - proxies from a localhost address to the Kubernetes apiserver - client to proxy uses HTTP - proxy to apiserver uses HTTPS - locates apiserver - adds authentication headers - + 1. The [apiserver proxy](#discovering-builtin-services): - + - is a bastion built into the apiserver - connects a user outside of the cluster to cluster IPs which otherwise might not be reachable - runs in the apiserver processes @@ -302,23 +301,23 @@ There are several different proxies you may encounter when using Kubernetes: - proxy to target may use HTTP or HTTPS as chosen by proxy using available information - can be used to reach a Node, Pod, or Service - does load balancing when used to reach a Service - + 1. The [kube proxy](/docs/concepts/services-networking/service/#ips-and-vips): - + - runs on each node - proxies UDP and TCP - does not understand HTTP - provides load balancing - is just used to reach services - + 1. A Proxy/Load-balancer in front of apiserver(s): - + - existence and implementation varies from cluster to cluster (e.g. nginx) - sits between all clients and one or more apiservers - acts as load balancer if there are several apiservers. - + 1. Cloud Load Balancers on external services: - + - are provided by some cloud providers (e.g. AWS ELB, Google Cloud Load Balancer) - are created automatically when the Kubernetes service has type `LoadBalancer` - use UDP/TCP only diff --git a/content/en/docs/tasks/access-application-cluster/configure-cloud-provider-firewall.md b/content/en/docs/tasks/access-application-cluster/configure-cloud-provider-firewall.md index 25f4efc98d..4684387872 100644 --- a/content/en/docs/tasks/access-application-cluster/configure-cloud-provider-firewall.md +++ b/content/en/docs/tasks/access-application-cluster/configure-cloud-provider-firewall.md @@ -16,7 +16,6 @@ well as any provider specific details that may be necessary. {{% /capture %}} -{{< toc >}} {{% capture prerequisites %}} diff --git a/content/en/docs/tasks/access-application-cluster/web-ui-dashboard.md b/content/en/docs/tasks/access-application-cluster/web-ui-dashboard.md index 0e851f85fd..6a4fb2fc18 100644 --- a/content/en/docs/tasks/access-application-cluster/web-ui-dashboard.md +++ b/content/en/docs/tasks/access-application-cluster/web-ui-dashboard.md @@ -18,7 +18,6 @@ Dashboard also provides information on the state of Kubernetes resources in your {{% /capture %}} -{{< toc >}} {{% capture body %}} diff --git a/content/en/docs/tasks/administer-cluster/cluster-management.md b/content/en/docs/tasks/administer-cluster/cluster-management.md index 2871b52d03..2908666dcb 100644 --- a/content/en/docs/tasks/administer-cluster/cluster-management.md +++ b/content/en/docs/tasks/administer-cluster/cluster-management.md @@ -15,7 +15,6 @@ running cluster. {{% /capture %}} -{{< toc >}} {{% capture body %}} diff --git a/content/en/docs/tasks/administer-cluster/configure-multiple-schedulers.md b/content/en/docs/tasks/administer-cluster/configure-multiple-schedulers.md index 95c2150684..b6edeb4bc2 100644 --- a/content/en/docs/tasks/administer-cluster/configure-multiple-schedulers.md +++ b/content/en/docs/tasks/administer-cluster/configure-multiple-schedulers.md @@ -21,7 +21,6 @@ in the Kubernetes source directory for a canonical example. {{% /capture %}} -{{< toc >}} {{% capture prerequisites %}} diff --git a/content/en/docs/tasks/administer-cluster/configure-upgrade-etcd.md b/content/en/docs/tasks/administer-cluster/configure-upgrade-etcd.md index 8101cff681..bd0f59d948 100644 --- a/content/en/docs/tasks/administer-cluster/configure-upgrade-etcd.md +++ b/content/en/docs/tasks/administer-cluster/configure-upgrade-etcd.md @@ -12,7 +12,6 @@ content_template: templates/task {{% /capture %}} -{{< toc >}} {{% capture prerequisites %}} diff --git a/content/en/docs/tasks/administer-cluster/cpu-management-policies.md b/content/en/docs/tasks/administer-cluster/cpu-management-policies.md index 18ba1f3700..c5b2a029d8 100644 --- a/content/en/docs/tasks/administer-cluster/cpu-management-policies.md +++ b/content/en/docs/tasks/administer-cluster/cpu-management-policies.md @@ -20,7 +20,6 @@ directives. {{% /capture %}} -{{< toc >}} {{% capture prerequisites %}} @@ -178,7 +177,7 @@ spec: ``` This pod runs in the `Guaranteed` QoS class because `requests` are equal to `limits`. -And the container's resource limit for the CPU resource is an integer greater than +And the container's resource limit for the CPU resource is an integer greater than or equal to one. The `nginx` container is granted 2 exclusive CPUs. @@ -213,8 +212,8 @@ spec: ``` This pod runs in the `Guaranteed` QoS class because only `limits` are specified -and `requests` are set equal to `limits` when not explicitly specified. And the -container's resource limit for the CPU resource is an integer greater than or +and `requests` are set equal to `limits` when not explicitly specified. And the +container's resource limit for the CPU resource is an integer greater than or equal to one. The `nginx` container is granted 2 exclusive CPUs. {{% /capture %}} diff --git a/content/en/docs/tasks/administer-cluster/developing-cloud-controller-manager.md b/content/en/docs/tasks/administer-cluster/developing-cloud-controller-manager.md index 9769340ced..6f0eaf9662 100644 --- a/content/en/docs/tasks/administer-cluster/developing-cloud-controller-manager.md +++ b/content/en/docs/tasks/administer-cluster/developing-cloud-controller-manager.md @@ -22,7 +22,6 @@ To dive a little deeper into implementation details, all cloud controller manage {{% /capture %}} -{{< toc >}} {{% capture body %}} diff --git a/content/en/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods.md b/content/en/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods.md index 93d0808721..3d6c53e965 100644 --- a/content/en/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods.md +++ b/content/en/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods.md @@ -18,7 +18,6 @@ vacated by the evicted critical add-on pod or the amount of resources available {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -51,7 +50,7 @@ killed for this purpose. Please ensure that rescheduler is not enabled along wit Rescheduler doesn't have any user facing configuration (component config) or API. -### Marking pod as critical when using Rescheduler. +### Marking pod as critical when using Rescheduler. To be considered critical, the pod has to run in the `kube-system` namespace (configurable via flag) and diff --git a/content/en/docs/tasks/administer-cluster/highly-available-master.md b/content/en/docs/tasks/administer-cluster/highly-available-master.md index c3a86e1675..598339a3b1 100644 --- a/content/en/docs/tasks/administer-cluster/highly-available-master.md +++ b/content/en/docs/tasks/administer-cluster/highly-available-master.md @@ -14,7 +14,6 @@ This document describes how to use kube-up/down scripts to manage highly availab {{% /capture %}} -{{< toc >}} {{% capture prerequisites %}} diff --git a/content/en/docs/tasks/administer-cluster/namespaces-walkthrough.md b/content/en/docs/tasks/administer-cluster/namespaces-walkthrough.md index 9d3de79c39..4cd6eba746 100644 --- a/content/en/docs/tasks/administer-cluster/namespaces-walkthrough.md +++ b/content/en/docs/tasks/administer-cluster/namespaces-walkthrough.md @@ -20,7 +20,6 @@ This example demonstrates how to use Kubernetes namespaces to subdivide your clu {{% /capture %}} -{{< toc >}} {{% capture prerequisites %}} diff --git a/content/en/docs/tasks/administer-cluster/out-of-resource.md b/content/en/docs/tasks/administer-cluster/out-of-resource.md index 62c9f8344d..c6f89e88e8 100644 --- a/content/en/docs/tasks/administer-cluster/out-of-resource.md +++ b/content/en/docs/tasks/administer-cluster/out-of-resource.md @@ -18,7 +18,6 @@ nodes become unstable. {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -205,7 +204,7 @@ If `nodefs` filesystem has met eviction thresholds, `kubelet` frees up disk spac If the `kubelet` is unable to reclaim sufficient resource on the node, `kubelet` begins evicting Pods. -The `kubelet` ranks Pods for eviction first by whether or not their usage of the starved resource exceeds requests, +The `kubelet` ranks Pods for eviction first by whether or not their usage of the starved resource exceeds requests, then by [Priority](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/), and then by the consumption of the starved compute resource relative to the Pods' scheduling requests. As a result, `kubelet` ranks and evicts Pods in the following order: @@ -213,15 +212,15 @@ As a result, `kubelet` ranks and evicts Pods in the following order: * `BestEffort` or `Burstable` Pods whose usage of a starved resource exceeds its request. Such pods are ranked by Priority, and then usage above request. * `Guaranteed` pods and `Burstable` pods whose usage is beneath requests are evicted last. -`Guaranteed` Pods are guaranteed only when requests and limits are specified for all -the containers and they are equal. Such pods are guaranteed to never be evicted because +`Guaranteed` Pods are guaranteed only when requests and limits are specified for all +the containers and they are equal. Such pods are guaranteed to never be evicted because of another Pod's resource consumption. If a system daemon (such as `kubelet`, `docker`, and `journald`) is consuming more resources than were reserved via `system-reserved` or -`kube-reserved` allocations, and the node only has `Guaranteed` or `Burstable` Pods using -less than requests remaining, then the node must choose to evict such a Pod in order to +`kube-reserved` allocations, and the node only has `Guaranteed` or `Burstable` Pods using +less than requests remaining, then the node must choose to evict such a Pod in order to preserve node stability and to limit the impact of the unexpected consumption to other Pods. In this case, it will choose to evict pods of Lowest Priority first. - + If necessary, `kubelet` evicts Pods one at a time to reclaim disk when `DiskPressure` is encountered. If the `kubelet` is responding to `inode` starvation, it reclaims `inodes` by evicting Pods with the lowest quality of service first. If the `kubelet` diff --git a/content/en/docs/tasks/administer-cluster/reserve-compute-resources.md b/content/en/docs/tasks/administer-cluster/reserve-compute-resources.md index c852413a05..923db9a03c 100644 --- a/content/en/docs/tasks/administer-cluster/reserve-compute-resources.md +++ b/content/en/docs/tasks/administer-cluster/reserve-compute-resources.md @@ -23,7 +23,6 @@ on each node. {{% /capture %}} -{{< toc >}} {{% capture prerequisites %}} diff --git a/content/en/docs/tasks/administer-cluster/running-cloud-controller.md b/content/en/docs/tasks/administer-cluster/running-cloud-controller.md index 3169531a24..3abad0465b 100644 --- a/content/en/docs/tasks/administer-cluster/running-cloud-controller.md +++ b/content/en/docs/tasks/administer-cluster/running-cloud-controller.md @@ -17,7 +17,6 @@ The `cloud-controller-manager` can be linked to any cloud provider that satisfie {{% /capture %}} -{{< toc >}} {{% capture body %}} diff --git a/content/en/docs/tasks/administer-cluster/static-pod.md b/content/en/docs/tasks/administer-cluster/static-pod.md index 958489779c..87dad377cd 100644 --- a/content/en/docs/tasks/administer-cluster/static-pod.md +++ b/content/en/docs/tasks/administer-cluster/static-pod.md @@ -16,7 +16,6 @@ This means that the pods are visible on the API server but cannot be controlled {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -103,7 +102,7 @@ Notice we cannot delete the pod with the API server (e.g. via [`kubectl`](/docs/ {{}} **Note**: Make sure the kubelet has permission to create the mirror pod in the API server. -If not, the creation request is rejected by the API server. See +If not, the creation request is rejected by the API server. See [PodSecurityPolicy](/docs/concepts/policy/pod-security-policy/). {{}} diff --git a/content/en/docs/tasks/administer-federation/events.md b/content/en/docs/tasks/administer-federation/events.md index 3fd06ce194..e855afb3d1 100644 --- a/content/en/docs/tasks/administer-federation/events.md +++ b/content/en/docs/tasks/administer-federation/events.md @@ -13,7 +13,6 @@ This guide explains how to use events in federation control plane to help in deb {{% /capture %}} -{{< toc >}} {{% capture body %}} diff --git a/content/en/docs/tasks/administer-federation/secret.md b/content/en/docs/tasks/administer-federation/secret.md index 40feb9a70f..dc5b0e3d6c 100644 --- a/content/en/docs/tasks/administer-federation/secret.md +++ b/content/en/docs/tasks/administer-federation/secret.md @@ -18,7 +18,6 @@ Creating them in the federation control plane ensures that they are synchronized across all the clusters in federation. {{% /capture %}} -{{< toc >}} {{% capture body %}} diff --git a/content/en/docs/tasks/configure-pod-container/configure-service-account.md b/content/en/docs/tasks/configure-pod-container/configure-service-account.md index f8eab60ebd..d2ff5adb7c 100644 --- a/content/en/docs/tasks/configure-pod-container/configure-service-account.md +++ b/content/en/docs/tasks/configure-pod-container/configure-service-account.md @@ -30,7 +30,6 @@ When they do, they are authenticated as a particular Service Account (for exampl {{% /capture %}} -{{< toc >}} {{% capture prerequisites %}} @@ -181,7 +180,7 @@ token: ... ## Add ImagePullSecrets to a service account -First, create an imagePullSecret, as described [here](/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). +First, create an imagePullSecret, as described [here](/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). Next, verify it has been created. For example: ```shell @@ -304,5 +303,3 @@ The application is responsible for reloading the token when it rotates. Periodic reloading (e.g. once every 5 minutes) is sufficient for most usecases. {{% /capture %}} - - diff --git a/content/en/docs/tasks/configure-pod-container/translate-compose-kubernetes.md b/content/en/docs/tasks/configure-pod-container/translate-compose-kubernetes.md index 918a366c1d..316854b476 100644 --- a/content/en/docs/tasks/configure-pod-container/translate-compose-kubernetes.md +++ b/content/en/docs/tasks/configure-pod-container/translate-compose-kubernetes.md @@ -14,7 +14,6 @@ More information can be found on the Kompose website at [http://kompose.io](http {{% /capture %}} -{{< toc >}} {{% capture prerequisites %}} @@ -33,7 +32,7 @@ We have multiple ways to install Kompose. Our preferred method is downloading th Kompose is released via GitHub on a three-week cycle, you can see all current releases on the [GitHub release page](https://github.com/kubernetes/kompose/releases). ```sh -# Linux +# Linux curl -L https://github.com/kubernetes/kompose/releases/download/v1.1.0/kompose-linux-amd64 -o kompose # macOS @@ -98,7 +97,7 @@ you need is an existing `docker-compose.yml` file. services: redis-master: - image: k8s.gcr.io/redis:e2e + image: k8s.gcr.io/redis:e2e ports: - "6379" @@ -124,8 +123,8 @@ you need is an existing `docker-compose.yml` file. ```bash $ kompose up - We are going to create Kubernetes Deployments, Services and PersistentVolumeClaims for your Dockerized application. - If you need different kind of resources, use the 'kompose convert' and 'kubectl create -f' commands instead. + We are going to create Kubernetes Deployments, Services and PersistentVolumeClaims for your Dockerized application. + If you need different kind of resources, use the 'kompose convert' and 'kubectl create -f' commands instead. INFO Successfully created Service: redis INFO Successfully created Service: web @@ -157,7 +156,7 @@ you need is an existing `docker-compose.yml` file. deployment.apps/redis-master created deployment.apps/redis-slave created ``` - + Your deployments are running in Kubernetes. 4. Access your application. @@ -252,7 +251,7 @@ INFO Kubernetes file "redis-slave-service.yaml" created INFO Kubernetes file "frontend-deployment.yaml" created INFO Kubernetes file "mlbparks-deployment.yaml" created INFO Kubernetes file "mongodb-deployment.yaml" created -INFO Kubernetes file "mongodb-claim0-persistentvolumeclaim.yaml" created +INFO Kubernetes file "mongodb-claim0-persistentvolumeclaim.yaml" created INFO Kubernetes file "redis-master-deployment.yaml" created INFO Kubernetes file "redis-slave-deployment.yaml" created @@ -261,10 +260,10 @@ mlbparks-deployment.yaml mongodb-service.yaml redis-slave frontend-deployment.yaml mongodb-claim0-persistentvolumeclaim.yaml redis-master-service.yaml frontend-service.yaml mongodb-deployment.yaml redis-slave-deployment.yaml redis-master-deployment.yaml -``` +``` When multiple docker-compose files are provided the configuration is merged. Any configuration that is common will be over ridden by subsequent file. - + ### OpenShift ```sh @@ -290,11 +289,11 @@ It also supports creating buildconfig for build directive in a service. By defau ```sh $ kompose --provider openshift --file buildconfig/docker-compose.yml convert -WARN [foo] Service cannot be created because of missing port. -INFO OpenShift Buildconfig using git@github.com:rtnpro/kompose.git::master as source. +WARN [foo] Service cannot be created because of missing port. +INFO OpenShift Buildconfig using git@github.com:rtnpro/kompose.git::master as source. INFO OpenShift file "foo-deploymentconfig.yaml" created INFO OpenShift file "foo-imagestream.yaml" created -INFO OpenShift file "foo-buildconfig.yaml" created +INFO OpenShift file "foo-buildconfig.yaml" created ``` **Note**: If you are manually pushing the Openshift artifacts using ``oc create -f``, you need to ensure that you push the imagestream artifact before the buildconfig artifact, to workaround this Openshift issue: https://github.com/openshift/origin/issues/4518 . @@ -418,15 +417,15 @@ Using `kompose up` with a `build` key: ```none $ kompose up -INFO Build key detected. Attempting to build and push image 'docker.io/foo/bar' -INFO Building image 'docker.io/foo/bar' from directory 'build' -INFO Image 'docker.io/foo/bar' from directory 'build' built successfully -INFO Pushing image 'foo/bar:latest' to registry 'docker.io' -INFO Attempting authentication credentials 'https://index.docker.io/v1/ -INFO Successfully pushed image 'foo/bar:latest' to registry 'docker.io' -INFO We are going to create Kubernetes Deployments, Services and PersistentVolumeClaims for your Dockerized application. If you need different kind of resources, use the 'kompose convert' and 'kubectl create -f' commands instead. - -INFO Deploying application in "default" namespace +INFO Build key detected. Attempting to build and push image 'docker.io/foo/bar' +INFO Building image 'docker.io/foo/bar' from directory 'build' +INFO Image 'docker.io/foo/bar' from directory 'build' built successfully +INFO Pushing image 'foo/bar:latest' to registry 'docker.io' +INFO Attempting authentication credentials 'https://index.docker.io/v1/ +INFO Successfully pushed image 'foo/bar:latest' to registry 'docker.io' +INFO We are going to create Kubernetes Deployments, Services and PersistentVolumeClaims for your Dockerized application. If you need different kind of resources, use the 'kompose convert' and 'kubectl create -f' commands instead. + +INFO Deploying application in "default" namespace INFO Successfully created Service: foo INFO Successfully created Deployment: foo @@ -479,7 +478,7 @@ The `*-daemonset.yaml` files contain the Daemon Set objects If you want to generate a Chart to be used with [Helm](https://github.com/kubernetes/helm) simply do: ```sh -$ kompose convert -c +$ kompose convert -c INFO Kubernetes file "web-svc.yaml" created INFO Kubernetes file "redis-svc.yaml" created INFO Kubernetes file "web-deployment.yaml" created @@ -509,7 +508,7 @@ For example: ```yaml version: "2" -services: +services: nginx: image: nginx dockerfile: foobar @@ -517,7 +516,7 @@ services: cap_add: - ALL container_name: foobar - labels: + labels: kompose.service.type: nodeport ``` diff --git a/content/en/docs/tasks/debug-application-cluster/audit.md b/content/en/docs/tasks/debug-application-cluster/audit.md index d970f5ad86..10f8161f26 100644 --- a/content/en/docs/tasks/debug-application-cluster/audit.md +++ b/content/en/docs/tasks/debug-application-cluster/audit.md @@ -24,7 +24,6 @@ answer the following questions: {{% /capture %}} -{{< toc >}} {{% capture body %}} diff --git a/content/en/docs/tasks/debug-application-cluster/core-metrics-pipeline.md b/content/en/docs/tasks/debug-application-cluster/core-metrics-pipeline.md index 53185780f3..e44f98c90d 100644 --- a/content/en/docs/tasks/debug-application-cluster/core-metrics-pipeline.md +++ b/content/en/docs/tasks/debug-application-cluster/core-metrics-pipeline.md @@ -15,7 +15,6 @@ Horizontal Pod Autoscaler, to make decisions. {{% /capture %}} -{{< toc >}} {{% capture body %}} diff --git a/content/en/docs/tasks/debug-application-cluster/crictl.md b/content/en/docs/tasks/debug-application-cluster/crictl.md index 71ccab81aa..7c8afeee5a 100644 --- a/content/en/docs/tasks/debug-application-cluster/crictl.md +++ b/content/en/docs/tasks/debug-application-cluster/crictl.md @@ -7,7 +7,6 @@ title: Debugging Kubernetes nodes with crictl content_template: templates/task --- -{{< toc >}} {{% capture overview %}} @@ -230,7 +229,7 @@ deleted by the Kubelet. ```bash crictl runp pod-config.json ``` - + The ID of the sandbox is returned. ### Create a container diff --git a/content/en/docs/tasks/debug-application-cluster/debug-application-introspection.md b/content/en/docs/tasks/debug-application-cluster/debug-application-introspection.md index 955164e24a..e64ba4db1d 100644 --- a/content/en/docs/tasks/debug-application-cluster/debug-application-introspection.md +++ b/content/en/docs/tasks/debug-application-cluster/debug-application-introspection.md @@ -14,7 +14,6 @@ your pods. But there are a number of ways to get even more information about you {{% /capture %}} -{{< toc >}} {{% capture body %}} diff --git a/content/en/docs/tasks/debug-application-cluster/debug-application.md b/content/en/docs/tasks/debug-application-cluster/debug-application.md index 0d9dd609b5..c7e1a7a961 100644 --- a/content/en/docs/tasks/debug-application-cluster/debug-application.md +++ b/content/en/docs/tasks/debug-application-cluster/debug-application.md @@ -14,7 +14,6 @@ This is *not* a guide for people who want to debug their cluster. For that you {{% /capture %}} -{{< toc >}} {{% capture body %}} diff --git a/content/en/docs/tasks/debug-application-cluster/debug-cluster.md b/content/en/docs/tasks/debug-application-cluster/debug-cluster.md index 01c4b86a44..620bfa4e2b 100644 --- a/content/en/docs/tasks/debug-application-cluster/debug-cluster.md +++ b/content/en/docs/tasks/debug-application-cluster/debug-cluster.md @@ -14,7 +14,6 @@ You may also visit [troubleshooting document](/docs/troubleshooting/) for more i {{% /capture %}} -{{< toc >}} {{% capture body %}} diff --git a/content/en/docs/tasks/debug-application-cluster/debug-service.md b/content/en/docs/tasks/debug-application-cluster/debug-service.md index 9c6f25c221..3e470a11e3 100644 --- a/content/en/docs/tasks/debug-application-cluster/debug-service.md +++ b/content/en/docs/tasks/debug-application-cluster/debug-service.md @@ -14,7 +14,6 @@ This document will hopefully help you to figure out what's going wrong. {{% /capture %}} -{{< toc >}} {{% capture body %}} diff --git a/content/en/docs/tasks/debug-application-cluster/events-stackdriver.md b/content/en/docs/tasks/debug-application-cluster/events-stackdriver.md index cc82d0b834..1c612bf526 100644 --- a/content/en/docs/tasks/debug-application-cluster/events-stackdriver.md +++ b/content/en/docs/tasks/debug-application-cluster/events-stackdriver.md @@ -38,7 +38,6 @@ of the potential inaccuracy. {{% /capture %}} -{{< toc >}} {{% capture body %}} diff --git a/content/en/docs/tasks/debug-application-cluster/logging-stackdriver.md b/content/en/docs/tasks/debug-application-cluster/logging-stackdriver.md index b9251fc989..378d5c6b33 100644 --- a/content/en/docs/tasks/debug-application-cluster/logging-stackdriver.md +++ b/content/en/docs/tasks/debug-application-cluster/logging-stackdriver.md @@ -20,7 +20,6 @@ in the Kubernetes logging overview. {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -263,7 +262,7 @@ In this case you need to be able to change the parameters of `DaemonSet` and `Co If you're using GKE and Stackdriver Logging is enabled in your cluster, you cannot change its configuration, because it's managed and supported by GKE. -However, you can disable the default integration and deploy your own. +However, you can disable the default integration and deploy your own. {{< note >}}**Note:** You will have to support and maintain a newly deployed configuration yourself: update the image and configuration, adjust the resources and so on.{{< /note >}} To disable the default logging integration, use the following command: @@ -325,7 +324,7 @@ kubectl get cm fluentd-gcp-config --namespace kube-system -o yaml > fluentd-gcp- ``` Then in the value for the key `containers.input.conf` insert a new filter right after -the `source` section. +the `source` section. {{< note >}}**Note:** Order is important.{{< /note >}} Updating `ConfigMap` in the apiserver is more complicated than updating `DaemonSet`. It's better diff --git a/content/en/docs/tasks/debug-application-cluster/troubleshooting.md b/content/en/docs/tasks/debug-application-cluster/troubleshooting.md index f1c169ea99..4f42e56fcb 100644 --- a/content/en/docs/tasks/debug-application-cluster/troubleshooting.md +++ b/content/en/docs/tasks/debug-application-cluster/troubleshooting.md @@ -19,7 +19,6 @@ you're using. {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -103,4 +102,4 @@ problem, such as: * Cloud provider, OS distro, network configuration, and Docker version * Steps to reproduce the problem -{{% /capture %}} \ No newline at end of file +{{% /capture %}} diff --git a/content/en/docs/tasks/federation/set-up-cluster-federation-kubefed.md b/content/en/docs/tasks/federation/set-up-cluster-federation-kubefed.md index 4791e18f70..e6db7c3c31 100644 --- a/content/en/docs/tasks/federation/set-up-cluster-federation-kubefed.md +++ b/content/en/docs/tasks/federation/set-up-cluster-federation-kubefed.md @@ -23,7 +23,6 @@ using `kubefed`. {{% /capture %}} -{{< toc >}} {{% capture prerequisites %}} @@ -41,14 +40,14 @@ for installation instructions for your platform. ## Getting `kubefed` -Download the client tarball corresponding to the particular release and +Download the client tarball corresponding to the particular release and extract the binaries in the tarball: {{< note >}} -**Note:** Until Kubernetes version `1.8.x` the federation project was +**Note:** Until Kubernetes version `1.8.x` the federation project was maintained as part of the [core kubernetes repo](https://github.com/kubernetes/kubernetes). -Between Kubernetes releases `1.8` and `1.9`, the federation project moved into -a separate [federation repo](https://github.com/kubernetes/federation), where it is +Between Kubernetes releases `1.8` and `1.9`, the federation project moved into +a separate [federation repo](https://github.com/kubernetes/federation), where it is now maintained. Consequently, the federation release information is available on the [release page](https://github.com/kubernetes/federation/releases). {{< /note >}} @@ -60,7 +59,7 @@ curl -LO https://storage.googleapis.com/kubernetes-release/release/${RELEASE-VER tar -xzvf kubernetes-client-linux-amd64.tar.gz ``` {{< note >}} -**Note:** The `RELEASE-VERSION` variable should either be set to or replaced with the actual version needed. +**Note:** The `RELEASE-VERSION` variable should either be set to or replaced with the actual version needed. {{< /note >}} Copy the extracted binary to one of the directories in your `$PATH` @@ -79,7 +78,7 @@ tar -xzvf federation-client-linux-amd64.tar.gz ``` {{< note >}} -**Note:** The `RELEASE-VERSION` variable should be replaced with one of the release versions available at [federation release page](https://github.com/kubernetes/federation/releases). +**Note:** The `RELEASE-VERSION` variable should be replaced with one of the release versions available at [federation release page](https://github.com/kubernetes/federation/releases). {{< /note >}} Copy the extracted binary to one of the directories in your `$PATH` @@ -92,7 +91,7 @@ sudo chmod +x /usr/local/bin/kubefed ### Install kubectl -You can install a matching version of kubectl using the instructions on +You can install a matching version of kubectl using the instructions on the [kubectl install page](https://kubernetes.io/docs/tasks/tools/install-kubectl/). ## Choosing a host cluster. @@ -177,7 +176,7 @@ without the Google Cloud DNS API scope by default. If you want to use a Google Kubernetes Engine cluster as a Federation host, you must create it using the `gcloud` command with the appropriate value in the `--scopes` field. You cannot modify a Google Kubernetes Engine cluster directly to add this scope, but you can create a -new node pool for your cluster and delete the old one. +new node pool for your cluster and delete the old one. {{< note >}} **Note:** This will cause pods in the cluster to be rescheduled. @@ -200,7 +199,7 @@ gcloud container node-pools delete default-pool --cluster gke-cluster `kubefed init` sets up the federation control plane in the host cluster and also adds an entry for the federation API server in your -local kubeconfig. +local kubeconfig. {{< note >}} **Note:** In the beta release of Kubernetes 1.6, `kubefed init` does not automatically set the current context to the newly deployed federation. You can set the current context manually by running: @@ -436,7 +435,7 @@ Where `` is the name of the file you created above. ## Adding a cluster to a federation -After you've deployed a federation control plane, you'll need to make that control plane aware of the clusters it should manage. +After you've deployed a federation control plane, you'll need to make that control plane aware of the clusters it should manage. To join clusters into the federation: @@ -463,7 +462,7 @@ To join clusters into the federation: kubefed join gondor --host-cluster-context=rivendell ``` -A new context has now been added to your kubeconfig named `fellowship` (after the name of your federation). +A new context has now been added to your kubeconfig named `fellowship` (after the name of your federation). {{< note >}} diff --git a/content/en/docs/tasks/job/coarse-parallel-processing-work-queue.md b/content/en/docs/tasks/job/coarse-parallel-processing-work-queue.md index 9381e26c2d..c24790b2f4 100644 --- a/content/en/docs/tasks/job/coarse-parallel-processing-work-queue.md +++ b/content/en/docs/tasks/job/coarse-parallel-processing-work-queue.md @@ -4,12 +4,11 @@ content_template: templates/task weight: 30 --- -{{< toc >}} {{% capture overview %}} In this example, we will run a Kubernetes Job with multiple parallel -worker processes. +worker processes. In this example, as each pod is created, it picks up one unit of work from a task queue, completes it, deletes it from the queue, and exits. @@ -25,7 +24,6 @@ Here is an overview of the steps in this example: {{% /capture %}} -{{< toc >}} {{% capture prerequisites %}} diff --git a/content/en/docs/tasks/job/fine-parallel-processing-work-queue.md b/content/en/docs/tasks/job/fine-parallel-processing-work-queue.md index bf65daa13d..d96f5ed986 100644 --- a/content/en/docs/tasks/job/fine-parallel-processing-work-queue.md +++ b/content/en/docs/tasks/job/fine-parallel-processing-work-queue.md @@ -26,7 +26,6 @@ Here is an overview of the steps in this example: {{% /capture %}} -{{< toc >}} {{% capture prerequisites %}} diff --git a/content/en/docs/tasks/job/parallel-processing-expansion.md b/content/en/docs/tasks/job/parallel-processing-expansion.md index 102844e7aa..b71f1c7c2e 100644 --- a/content/en/docs/tasks/job/parallel-processing-expansion.md +++ b/content/en/docs/tasks/job/parallel-processing-expansion.md @@ -12,7 +12,6 @@ non-parallel, use of [Jobs](/docs/concepts/workloads/controllers/jobs-run-to-com {{% /capture %}} -{{< toc >}} {{% capture body %}} diff --git a/content/en/docs/tasks/manage-gpus/scheduling-gpus.md b/content/en/docs/tasks/manage-gpus/scheduling-gpus.md index a191b4ec92..51f94a255d 100644 --- a/content/en/docs/tasks/manage-gpus/scheduling-gpus.md +++ b/content/en/docs/tasks/manage-gpus/scheduling-gpus.md @@ -17,7 +17,6 @@ and the current limitations. {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -33,7 +32,7 @@ from 1.10. Then you have to install GPU drivers from the corresponding vendor on the nodes and run the corresponding device plugin from the GPU vendor -([AMD](#deploying-amd-gpu-device-plugin), [NVIDIA](#deploying-nvidia-gpu-device-plugin)). +([AMD](#deploying-amd-gpu-device-plugin), [NVIDIA](#deploying-nvidia-gpu-device-plugin)). When the above conditions are true, Kubernetes will expose `nvidia.com/gpu` or `amd.com/gpu` as a schedulable resource. diff --git a/content/en/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md b/content/en/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md index 521b688bb7..a7ca4fb158 100644 --- a/content/en/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md +++ b/content/en/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md @@ -19,7 +19,6 @@ This document walks you through an example of enabling Horizontal Pod Autoscaler {{% /capture %}} -{{< toc >}} {{% capture prerequisites %}} diff --git a/content/en/docs/tasks/run-application/horizontal-pod-autoscale.md b/content/en/docs/tasks/run-application/horizontal-pod-autoscale.md index 1c1cbd0a5e..99713f966d 100644 --- a/content/en/docs/tasks/run-application/horizontal-pod-autoscale.md +++ b/content/en/docs/tasks/run-application/horizontal-pod-autoscale.md @@ -28,7 +28,6 @@ to match the observed average CPU utilization to the target specified by user. {{% /capture %}} -{{< toc >}} {{% capture body %}} @@ -161,7 +160,7 @@ into a desired replica count (e.g. due to an error fetching the metrics from the metrics APIs), scaling is skipped. Finally, just before HPA scales the target, the scale reccomendation is recorded. The -controller considers all recommendations within a configurable window choosing the +controller considers all recommendations within a configurable window choosing the highest recommendation from within that window. This value can be configured using the `--horizontal-pod-autoscaler-downscale-stabilization-window` flag, which defaults to 5 minutes. This means that scaledowns will occur gradually, smoothing out the impact of rapidly fluctuating metric values. diff --git a/content/en/docs/tasks/run-application/rolling-update-replication-controller.md b/content/en/docs/tasks/run-application/rolling-update-replication-controller.md index 5e2e2c0b97..63db0a2ac0 100644 --- a/content/en/docs/tasks/run-application/rolling-update-replication-controller.md +++ b/content/en/docs/tasks/run-application/rolling-update-replication-controller.md @@ -42,7 +42,6 @@ Rolling updates are initiated with the `kubectl rolling-update` command: {{% /capture %}} -{{< toc >}} {{% capture body %}} diff --git a/content/en/docs/tasks/tls/managing-tls-in-a-cluster.md b/content/en/docs/tasks/tls/managing-tls-in-a-cluster.md index 1c3d98e989..dba3f0e142 100644 --- a/content/en/docs/tasks/tls/managing-tls-in-a-cluster.md +++ b/content/en/docs/tasks/tls/managing-tls-in-a-cluster.md @@ -21,7 +21,6 @@ protocol that is similar to the {{% /capture %}} -{{< toc >}} {{% capture prerequisites %}}