diff --git a/.github/workflows/netlify-periodic-build.yml b/.github/workflows/netlify-periodic-build.yml new file mode 100644 index 0000000000..29fef807b6 --- /dev/null +++ b/.github/workflows/netlify-periodic-build.yml @@ -0,0 +1,15 @@ +--- +name: Scheduled Netlify site build +on: + schedule: # Build twice daily: shortly after midnight and noon (UTC) + # Offset is to be nice to the build service + - cron: '4 0,12 * * *' +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Trigger build on Netlify + env: + TOKEN: ${{ secrets.NETLIFY_BUILD_HOOK_KEY }} + run: >- + curl -s -H "Accept: application/json" -H "Content-Type: application/json" -X POST -d "{}" "https://api.netlify.com/build_hooks/${TOKEN}" diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES index 3d1ae50afa..61228e592e 100644 --- a/OWNERS_ALIASES +++ b/OWNERS_ALIASES @@ -7,12 +7,9 @@ aliases: - mrbobbytables sig-docs-blog-reviewers: # Reviewers for blog content - castrojo - - cody-clark - kbarnard10 - mrbobbytables - onlydole - - parispittman - - vonguard sig-docs-de-owners: # Admins for German content - bene2k1 - mkorbi @@ -215,3 +212,12 @@ aliases: - idvoretskyi - MaxymVlasov - Potapy4 + # authoritative source: git.k8s.io/community/OWNERS_ALIASES + committee-steering: # provide PR approvals for announcements + - cblecker + - derekwaynecarr + - dims + - liggitt + - mrbobbytables + - nikhita + - parispittman diff --git a/README.md b/README.md index 31e5fb65d0..291106d09c 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,9 @@ This repository contains the assets required to build the [Kubernetes website and documentation](https://kubernetes.io/). We're glad that you want to contribute! ++ [Contributing to the docs](#contributing-to-the-docs) ++ [Localization ReadMes](#localization-readmemds) + # Using this repository You can run the website locally using Hugo (Extended version), or you can run it in a container runtime. We strongly recommend using the container runtime, as it gives deployment consistency with the live website. diff --git a/assets/scss/_custom.scss b/assets/scss/_custom.scss index 5eb26c2e54..568a258a1c 100644 --- a/assets/scss/_custom.scss +++ b/assets/scss/_custom.scss @@ -578,3 +578,64 @@ body.td-documentation { color: black; text-decoration: none !important; } + +@media print { + /* Do not print announcements */ + #announcement, section#announcement, #fp-announcement, section#fp-announcement { + display: none; + } +} + +#announcement, #fp-announcement { + > * { + color: inherit; + background: inherit; + } + + a { + color: inherit; + border-bottom: 1px solid #fff; + } + + a:hover { + color: inherit; + border-bottom: none; + } +} + +#announcement { + padding-top: 105px; + padding-bottom: 25px; +} + +.header-hero { + padding-top: 40px; +} + +/* Extra announcement height only for landscape viewports */ +@media (min-aspect-ratio: 8/9) { + #fp-announcement { + min-height: 25vh; + } +} + +#fp-announcement aside { + padding-top: 115px; + padding-bottom: 25px; +} + +.announcement { + .content { + margin-bottom: 0px; + } + + + > p { + .gridPage #announcement .content p, + .announcement > h4, + .announcement > h3 { + color: #ffffff; + } + } +} + diff --git a/config.toml b/config.toml index c0fdb72acf..d77c315331 100644 --- a/config.toml +++ b/config.toml @@ -13,7 +13,7 @@ disableBrowserError = true disableKinds = ["taxonomy", "taxonomyTerm"] -ignoreFiles = [ "^OWNERS$", "README[-]+[a-z]*\\.md", "^node_modules$", "content/en/docs/doc-contributor-tools" ] +ignoreFiles = [ "(?:^|/)OWNERS$", "README[-]+[a-z]*\\.md", "^node_modules$", "content/en/docs/doc-contributor-tools" ] timeout = 3000 @@ -154,11 +154,6 @@ githubWebsiteRaw = "raw.githubusercontent.com/kubernetes/website" # GitHub repository link for editing a page and opening issues. github_repo = "https://github.com/kubernetes/website" -# param for displaying an announcement block on every page. -# See /i18n/en.toml for message text and title. -announcement = true -announcement_bg = "#000000" #choose a dark color – text is white - #Searching k8s_search = true diff --git a/content/en/blog/_posts/2020-12-02-dockershim-faq.md b/content/en/blog/_posts/2020-12-02-dockershim-faq.md index b9676fc742..f8dbe7f7c7 100644 --- a/content/en/blog/_posts/2020-12-02-dockershim-faq.md +++ b/content/en/blog/_posts/2020-12-02-dockershim-faq.md @@ -55,7 +55,7 @@ All your existing images will still work exactly the same. ### What about private images? -Also yes. All CRI runtimes support the same pull secrets configuration used in +Yes. All CRI runtimes support the same pull secrets configuration used in Kubernetes, either via the PodSpec or ServiceAccount. @@ -82,7 +82,7 @@ usability of other container runtimes. As an example, OpenShift 4.x has been using the [CRI-O] runtime in production since June 2019. For other examples and references you can look at the adopters of containerd and -cri-o, two container runtimes under the Cloud Native Computing Foundation ([CNCF]). +CRI-O, two container runtimes under the Cloud Native Computing Foundation ([CNCF]). - [containerd](https://github.com/containerd/containerd/blob/master/ADOPTERS.md) - [CRI-O](https://github.com/cri-o/cri-o/blob/master/ADOPTERS.md) @@ -110,7 +110,7 @@ provide an end-to-end standard for managing containers. That’s a complex question and it depends on a lot of factors. If Docker is working for you, moving to containerd should be a relatively easy swap and -has have strictly better performance and less overhead. However we encourage you +will have strictly better performance and less overhead. However, we encourage you to explore all the options from the [CNCF landscape] in case another would be an even better fit for your environment. @@ -129,7 +129,7 @@ common things to consider when migrating are: - Kubectl plugins that require docker CLI or the control socket - Kubernetes tools that require direct access to Docker (e.g. kube-imagepuller) - Configuration of functionality like `registry-mirrors` and insecure registries -- Other support scripts or daemons that expect docker to be available and are run +- Other support scripts or daemons that expect Docker to be available and are run outside of Kubernetes (e.g. monitoring or security agents) - GPUs or special hardware and how they integrate with your runtime and Kubernetes diff --git a/content/en/blog/_posts/2020-12-02-dont-panic-kubernetes-and-docker.md b/content/en/blog/_posts/2020-12-02-dont-panic-kubernetes-and-docker.md index e6df8971a6..944704967b 100644 --- a/content/en/blog/_posts/2020-12-02-dont-panic-kubernetes-and-docker.md +++ b/content/en/blog/_posts/2020-12-02-dont-panic-kubernetes-and-docker.md @@ -13,8 +13,8 @@ as a container runtime after v1.20. **You do not need to panic. It’s not as dramatic as it sounds.** -tl;dr Docker as an underlying runtime is being deprecated in favor of runtimes -that use the [Container Runtime Interface(CRI)](https://kubernetes.io/blog/2016/12/container-runtime-interface-cri-in-kubernetes/) +TL;DR Docker as an underlying runtime is being deprecated in favor of runtimes +that use the [Container Runtime Interface (CRI)](https://kubernetes.io/blog/2016/12/container-runtime-interface-cri-in-kubernetes/) created for Kubernetes. Docker-produced images will continue to work in your cluster with all runtimes, as they always have. @@ -48,7 +48,7 @@ is a popular choice for that runtime (other common options include containerd and CRI-O), but Docker was not designed to be embedded inside Kubernetes, and that causes a problem. -You see, the thing we call “Docker” isn’t actually one thing -- it’s an entire +You see, the thing we call “Docker” isn’t actually one thing—it’s an entire tech stack, and one part of it is a thing called “containerd,” which is a high-level container runtime by itself. Docker is cool and useful because it has a lot of UX enhancements that make it really easy for humans to interact with @@ -66,11 +66,11 @@ does Kubernetes need the Dockershim? Docker isn’t compliant with CRI, the [Container Runtime Interface](https://kubernetes.io/blog/2016/12/container-runtime-interface-cri-in-kubernetes/). If it were, we wouldn’t need the shim, and this wouldn’t be a thing. But it’s -not the end of the world, and you don’t need to panic -- you just need to change +not the end of the world, and you don’t need to panic—you just need to change your container runtime from Docker to another supported container runtime. One thing to note: If you are relying on the underlying docker socket -(/var/run/docker.sock) as part of a workflow within your cluster today, moving +(`/var/run/docker.sock`) as part of a workflow within your cluster today, moving to a different runtime will break your ability to use it. This pattern is often called Docker in Docker. There are lots of options out there for this specific use case including things like @@ -82,10 +82,10 @@ use case including things like This change addresses a different environment than most folks use to interact with Docker. The Docker installation you’re using in development is unrelated to -the Docker runtime inside your Kubernetes cluster. It’s confusing, I know. As a -developer, Docker is still useful to you in all the ways it was before this +the Docker runtime inside your Kubernetes cluster. It’s confusing, we understand. +As a developer, Docker is still useful to you in all the ways it was before this change was announced. The image that Docker produces isn’t really a -Docker-specific image -- it’s an OCI ([Open Container Initiative](https://opencontainers.org/)) image. +Docker-specific image—it’s an OCI ([Open Container Initiative](https://opencontainers.org/)) image. Any OCI-compliant image, regardless of the tool you use to build it, will look the same to Kubernetes. Both [containerd](https://containerd.io/) and [CRI-O](https://cri-o.io/) know how to pull those images and run them. This is @@ -95,10 +95,10 @@ So, this change is coming. It’s going to cause issues for some, but it isn’t catastrophic, and generally it’s a good thing. Depending on how you interact with Kubernetes, this could mean nothing to you, or it could mean a bit of work. In the long run, it’s going to make things easier. If this is still confusing -for you, that’s okay -- there’s a lot going on here, Kubernetes has a lot of +for you, that’s okay—there’s a lot going on here; Kubernetes has a lot of moving parts, and nobody is an expert in 100% of it. We encourage any and all questions regardless of experience level or complexity! Our goal is to make sure -everyone is educated as much as possible on the upcoming changes. `<3` We hope -this has answered most of your questions and soothed some anxieties! +everyone is educated as much as possible on the upcoming changes. We hope +this has answered most of your questions and soothed some anxieties! ❤️ Looking for more answers? Check out our accompanying [Dockershim Deprecation FAQ](/blog/2020/12/02/dockershim-faq/). diff --git a/content/en/docs/concepts/architecture/nodes.md b/content/en/docs/concepts/architecture/nodes.md index a9abf48856..7bd4b355b6 100644 --- a/content/en/docs/concepts/architecture/nodes.md +++ b/content/en/docs/concepts/architecture/nodes.md @@ -242,7 +242,7 @@ checks the state of each node every `--node-monitor-period` seconds. Heartbeats, sent by Kubernetes nodes, help determine the availability of a node. There are two forms of heartbeats: updates of `NodeStatus` and the -[Lease object](/docs/reference/generated/kubernetes-api/{{< latest-version >}}/#lease-v1-coordination-k8s-io). +[Lease object](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#lease-v1-coordination-k8s-io). Each Node has an associated Lease object in the `kube-node-lease` {{< glossary_tooltip term_id="namespace" text="namespace">}}. Lease is a lightweight resource, which improves the performance diff --git a/content/en/docs/concepts/cluster-administration/flow-control.md b/content/en/docs/concepts/cluster-administration/flow-control.md index 9c1bcb817a..6cb4c386d3 100644 --- a/content/en/docs/concepts/cluster-administration/flow-control.md +++ b/content/en/docs/concepts/cluster-administration/flow-control.md @@ -527,5 +527,5 @@ When you enable the API Priority and Fairness feature, the kube-apiserver serves For background information on design details for API priority and fairness, see the [enhancement proposal](https://github.com/kubernetes/enhancements/blob/master/keps/sig-api-machinery/20190228-priority-and-fairness.md). -You can make suggestions and feature requests via [SIG API -Machinery](https://github.com/kubernetes/community/tree/master/sig-api-machinery). +You can make suggestions and feature requests via [SIG API Machinery](https://github.com/kubernetes/community/tree/master/sig-api-machinery) +or the feature's [slack channel](http://kubernetes.slack.com/messages/api-priority-and-fairness). diff --git a/content/en/docs/concepts/configuration/overview.md b/content/en/docs/concepts/configuration/overview.md index 5882ce95dc..2239fe08ac 100644 --- a/content/en/docs/concepts/configuration/overview.md +++ b/content/en/docs/concepts/configuration/overview.md @@ -69,6 +69,8 @@ A Service can be made to span multiple Deployments by omitting release-specific A desired state of an object is described by a Deployment, and if changes to that spec are _applied_, the deployment controller changes the actual state to the desired state at a controlled rate. +- Use the [Kubernetes common labels](/docs/concepts/overview/working-with-objects/common-labels/) for common use cases. These standardized labels enrich the metadata in a way that allows tools, including `kubectl` and [dashboard](/docs/tasks/access-application-cluster/web-ui-dashboard), to work in an interoperable way. + - You can manipulate labels for debugging. Because Kubernetes controllers (such as ReplicaSet) and Services match to Pods using selector labels, removing the relevant labels from a Pod will stop it from being considered by a controller or from being served traffic by a Service. If you remove the labels of an existing Pod, its controller will create a new Pod to take its place. This is a useful way to debug a previously "live" Pod in a "quarantine" environment. To interactively remove or add labels, use [`kubectl label`](/docs/reference/generated/kubectl/kubectl-commands#label). ## Container Images diff --git a/content/en/docs/concepts/configuration/secret.md b/content/en/docs/concepts/configuration/secret.md index 3674c3ce4c..fbaf0c1a29 100644 --- a/content/en/docs/concepts/configuration/secret.md +++ b/content/en/docs/concepts/configuration/secret.md @@ -776,7 +776,7 @@ these pods. The `imagePullSecrets` field is a list of references to secrets in the same namespace. You can use an `imagePullSecrets` to pass a secret that contains a Docker (or other) image registry password to the kubelet. The kubelet uses this information to pull a private image on behalf of your Pod. -See the [PodSpec API](/docs/reference/generated/kubernetes-api/{{< latest-version >}}/#podspec-v1-core) for more information about the `imagePullSecrets` field. +See the [PodSpec API](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podspec-v1-core) for more information about the `imagePullSecrets` field. #### Manually specifying an imagePullSecret diff --git a/content/en/docs/concepts/containers/runtime-class.md b/content/en/docs/concepts/containers/runtime-class.md index 1ba631e350..ace905c657 100644 --- a/content/en/docs/concepts/containers/runtime-class.md +++ b/content/en/docs/concepts/containers/runtime-class.md @@ -37,10 +37,10 @@ but with different settings. Ensure the RuntimeClass feature gate is enabled (it is by default). See [Feature Gates](/docs/reference/command-line-tools-reference/feature-gates/) for an explanation of enabling -feature gates. The `RuntimeClass` feature gate must be enabled on apiservers _and_ kubelets. +feature gates. The `RuntimeClass` feature gate must be enabled on API server _and_ kubelets. -1. Configure the CRI implementation on nodes (runtime dependent) -2. Create the corresponding RuntimeClass resources +1. Configure the CRI implementation on nodes (runtime dependent). +2. Create the corresponding RuntimeClass resources. ### 1. Configure the CRI implementation on nodes @@ -51,7 +51,7 @@ CRI implementation for how to configure. {{< note >}} RuntimeClass assumes a homogeneous node configuration across the cluster by default (which means that all nodes are configured the same way with respect to container runtimes). To support -heterogenous node configurations, see [Scheduling](#scheduling) below. +heterogeneous node configurations, see [Scheduling](#scheduling) below. {{< /note >}} The configurations have a corresponding `handler` name, referenced by the RuntimeClass. The @@ -98,7 +98,7 @@ spec: # ... ``` -This will instruct the Kubelet to use the named RuntimeClass to run this pod. If the named +This will instruct the kubelet to use the named RuntimeClass to run this pod. If the named RuntimeClass does not exist, or the CRI cannot run the corresponding handler, the pod will enter the `Failed` terminal [phase](/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase). Look for a corresponding [event](/docs/tasks/debug-application-cluster/debug-application-introspection/) for an @@ -144,7 +144,7 @@ See CRI-O's [config documentation](https://raw.githubusercontent.com/cri-o/cri-o {{< feature-state for_k8s_version="v1.16" state="beta" >}} -As of Kubernetes v1.16, RuntimeClass includes support for heterogenous clusters through its +As of Kubernetes v1.16, RuntimeClass includes support for heterogeneous clusters through its `scheduling` fields. Through the use of these fields, you can ensure that pods running with this RuntimeClass are scheduled to nodes that support it. To use the scheduling support, you must have the [RuntimeClass admission controller](/docs/reference/access-authn-authz/admission-controllers/#runtimeclass) diff --git a/content/en/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md b/content/en/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md index e2b7ab1f34..8b1747b857 100644 --- a/content/en/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md +++ b/content/en/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md @@ -201,7 +201,7 @@ Monitoring agents for device plugin resources can be deployed as a daemon, or as The canonical directory `/var/lib/kubelet/pod-resources` requires privileged access, so monitoring agents must run in a privileged security context. If a device monitoring agent is running as a DaemonSet, `/var/lib/kubelet/pod-resources` must be mounted as a -{{< glossary_tooltip term_id="volume" >}} in the plugin's +{{< glossary_tooltip term_id="volume" >}} in the device monitoring agent's [PodSpec](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podspec-v1-core). Support for the "PodResources service" requires `KubeletPodResources` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) to be enabled. diff --git a/content/en/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins.md b/content/en/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins.md index 0384754e35..7b53fa326f 100644 --- a/content/en/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins.md +++ b/content/en/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins.md @@ -159,7 +159,7 @@ This option is provided to the network-plugin; currently **only kubenet supports ## Usage Summary * `--network-plugin=cni` specifies that we use the `cni` network plugin with actual CNI plugin binaries located in `--cni-bin-dir` (default `/opt/cni/bin`) and CNI plugin configuration located in `--cni-conf-dir` (default `/etc/cni/net.d`). -* `--network-plugin=kubenet` specifies that we use the `kubenet` network plugin with CNI `bridge` and `host-local` plugins placed in `/opt/cni/bin` or `cni-bin-dir`. +* `--network-plugin=kubenet` specifies that we use the `kubenet` network plugin with CNI `bridge`, `lo` and `host-local` plugins placed in `/opt/cni/bin` or `cni-bin-dir`. * `--network-plugin-mtu=9001` specifies the MTU to use, currently only used by the `kubenet` network plugin. ## {{% heading "whatsnext" %}} diff --git a/content/en/docs/concepts/scheduling-eviction/assign-pod-node.md b/content/en/docs/concepts/scheduling-eviction/assign-pod-node.md index e684b6ea60..abe4f4b9eb 100644 --- a/content/en/docs/concepts/scheduling-eviction/assign-pod-node.md +++ b/content/en/docs/concepts/scheduling-eviction/assign-pod-node.md @@ -246,7 +246,7 @@ as at least one already-running pod that has a label with key "security" and val on node N if node N has a label with key `topology.kubernetes.io/zone` and some value V such that there is at least one node in the cluster with key `topology.kubernetes.io/zone` and value V that is running a pod that has a label with key "security" and value "S1".) The pod anti-affinity -rule says that the pod cannot be scheduled onto a node if that node is in the same zone as a pod with +rule says that the pod should not be scheduled onto a node if that node is in the same zone as a pod with label having key "security" and value "S2". See the [design doc](https://git.k8s.io/community/contributors/design-proposals/scheduling/podaffinity.md) for many more examples of pod affinity and anti-affinity, both the `requiredDuringSchedulingIgnoredDuringExecution` diff --git a/content/en/docs/concepts/scheduling-eviction/pod-overhead.md b/content/en/docs/concepts/scheduling-eviction/pod-overhead.md index cb3ad94241..15992126f9 100644 --- a/content/en/docs/concepts/scheduling-eviction/pod-overhead.md +++ b/content/en/docs/concepts/scheduling-eviction/pod-overhead.md @@ -194,4 +194,4 @@ from source in the meantime. * [RuntimeClass](/docs/concepts/containers/runtime-class/) -* [PodOverhead Design](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/20190226-pod-overhead.md) +* [PodOverhead Design](https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/688-pod-overhead) diff --git a/content/en/docs/concepts/scheduling-eviction/resource-bin-packing.md b/content/en/docs/concepts/scheduling-eviction/resource-bin-packing.md index 0679e1fd8b..a327f1de24 100644 --- a/content/en/docs/concepts/scheduling-eviction/resource-bin-packing.md +++ b/content/en/docs/concepts/scheduling-eviction/resource-bin-packing.md @@ -82,7 +82,7 @@ requested the score value must be reversed as follows. ```yaml shape: - utilization: 0 - score: 100 + score: 10 - utilization: 100 score: 0 ``` diff --git a/content/en/docs/concepts/services-networking/ingress-controllers.md b/content/en/docs/concepts/services-networking/ingress-controllers.md index df0e3ffd22..3f04bfa009 100644 --- a/content/en/docs/concepts/services-networking/ingress-controllers.md +++ b/content/en/docs/concepts/services-networking/ingress-controllers.md @@ -26,6 +26,7 @@ Kubernetes as a project supports and maintains [AWS](https://github.com/kubernet * [AKS Application Gateway Ingress Controller](https://azure.github.io/application-gateway-kubernetes-ingress/) is an ingress controller that configures the [Azure Application Gateway](https://docs.microsoft.com/azure/application-gateway/overview). * [Ambassador](https://www.getambassador.io/) API Gateway is an [Envoy](https://www.envoyproxy.io)-based ingress controller. +* [Avi Kubernetes Operator](https://github.com/vmware/load-balancer-and-ingress-services-for-kubernetes) provides L4-L7 load-balancing using [VMware NSX Advanced Load Balancer](https://avinetworks.com/). * The [Citrix ingress controller](https://github.com/citrix/citrix-k8s-ingress-controller#readme) works with Citrix Application Delivery Controller. * [Contour](https://projectcontour.io/) is an [Envoy](https://www.envoyproxy.io/) based ingress controller. diff --git a/content/en/docs/concepts/services-networking/network-policies.md b/content/en/docs/concepts/services-networking/network-policies.md index 7d417e4df1..2000d838b4 100644 --- a/content/en/docs/concepts/services-networking/network-policies.md +++ b/content/en/docs/concepts/services-networking/network-policies.md @@ -35,6 +35,8 @@ Pods become isolated by having a NetworkPolicy that selects them. Once there is Network policies do not conflict; they are additive. If any policy or policies select a pod, the pod is restricted to what is allowed by the union of those policies' ingress/egress rules. Thus, order of evaluation does not affect the policy result. +For a network flow between two pods to be allowed, both the egress policy on the source pod and the ingress policy on the destination pod need to allow the traffic. If either the egress policy on the source, or the ingress policy on the destination denies the traffic, the traffic will be denied. + ## The NetworkPolicy resource {#networkpolicy-resource} See the [NetworkPolicy](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#networkpolicy-v1-networking-k8s-io) reference for a full definition of the resource. diff --git a/content/en/docs/concepts/storage/persistent-volumes.md b/content/en/docs/concepts/storage/persistent-volumes.md index 2d1064ed7c..5cf08f7ffc 100644 --- a/content/en/docs/concepts/storage/persistent-volumes.md +++ b/content/en/docs/concepts/storage/persistent-volumes.md @@ -311,7 +311,7 @@ If expanding underlying storage fails, the cluster administrator can manually re PersistentVolume types are implemented as plugins. Kubernetes currently supports the following plugins: * [`awsElasticBlockStore`](/docs/concepts/storage/volumes/#awselasticblockstore) - AWS Elastic Block Store (EBS) -* [`azureDisk`](/docs/concepts/sotrage/volumes/#azuredisk) - Azure Disk +* [`azureDisk`](/docs/concepts/storage/volumes/#azuredisk) - Azure Disk * [`azureFile`](/docs/concepts/storage/volumes/#azurefile) - Azure File * [`cephfs`](/docs/concepts/storage/volumes/#cephfs) - CephFS volume * [`cinder`](/docs/concepts/storage/volumes/#cinder) - Cinder (OpenStack block storage) diff --git a/content/en/docs/concepts/storage/volume-snapshot-classes.md b/content/en/docs/concepts/storage/volume-snapshot-classes.md index 06382e5fba..ee781d665f 100644 --- a/content/en/docs/concepts/storage/volume-snapshot-classes.md +++ b/content/en/docs/concepts/storage/volume-snapshot-classes.md @@ -72,7 +72,7 @@ used for provisioning VolumeSnapshots. This field must be specified. ### DeletionPolicy -Volume snapshot classes have a deletionPolicy. It enables you to configure what happens to a VolumeSnapshotContent when the VolumeSnapshot object it is bound to is to be deleted. The deletionPolicy of a volume snapshot can either be `Retain` or `Delete`. This field must be specified. +Volume snapshot classes have a deletionPolicy. It enables you to configure what happens to a VolumeSnapshotContent when the VolumeSnapshot object it is bound to is to be deleted. The deletionPolicy of a volume snapshot class can either be `Retain` or `Delete`. This field must be specified. If the deletionPolicy is `Delete`, then the underlying storage snapshot will be deleted along with the VolumeSnapshotContent object. If the deletionPolicy is `Retain`, then both the underlying snapshot and VolumeSnapshotContent remain. diff --git a/content/en/docs/concepts/workloads/controllers/garbage-collection.md b/content/en/docs/concepts/workloads/controllers/garbage-collection.md index 0e9b4f746a..1b1de5d0a4 100644 --- a/content/en/docs/concepts/workloads/controllers/garbage-collection.md +++ b/content/en/docs/concepts/workloads/controllers/garbage-collection.md @@ -150,14 +150,17 @@ curl -X DELETE localhost:8080/apis/apps/v1/namespaces/default/replicasets/my-rep ``` kubectl also supports cascading deletion. -To delete dependents automatically using kubectl, set `--cascade` to true. To -orphan dependents, set `--cascade` to false. The default value for `--cascade` -is true. + +To delete dependents in the foreground using kubectl, set `--cascade=foreground`. To +orphan dependents, set `--cascade=orphan`. + +The default behavior is to delete the dependents in the background which is the +behavior when `--cascade` is omitted or explicitly set to `background`. Here's an example that orphans the dependents of a ReplicaSet: ```shell -kubectl delete replicaset my-repset --cascade=false +kubectl delete replicaset my-repset --cascade=orphan ``` ### Additional note on Deployments diff --git a/content/en/docs/concepts/workloads/controllers/replicaset.md b/content/en/docs/concepts/workloads/controllers/replicaset.md index ba0270b573..e45d20c8f7 100644 --- a/content/en/docs/concepts/workloads/controllers/replicaset.md +++ b/content/en/docs/concepts/workloads/controllers/replicaset.md @@ -283,7 +283,7 @@ curl -X DELETE 'localhost:8080/apis/apps/v1/namespaces/default/replicasets/fron ### Deleting just a ReplicaSet -You can delete a ReplicaSet without affecting any of its Pods using [`kubectl delete`](/docs/reference/generated/kubectl/kubectl-commands#delete) with the `--cascade=false` option. +You can delete a ReplicaSet without affecting any of its Pods using [`kubectl delete`](/docs/reference/generated/kubectl/kubectl-commands#delete) with the `--cascade=orphan` option. When using the REST API or the `client-go` library, you must set `propagationPolicy` to `Orphan`. For example: ```shell diff --git a/content/en/docs/concepts/workloads/pods/_index.md b/content/en/docs/concepts/workloads/pods/_index.md index af548a79cb..5dd6bac9de 100644 --- a/content/en/docs/concepts/workloads/pods/_index.md +++ b/content/en/docs/concepts/workloads/pods/_index.md @@ -15,8 +15,7 @@ card: _Pods_ are the smallest deployable units of computing that you can create and manage in Kubernetes. A _Pod_ (as in a pod of whales or pea pod) is a group of one or more -{{< glossary_tooltip text="containers" term_id="container" >}}, with shared storage/network resources, and a specification -for how to run the containers. A Pod's contents are always co-located and +{{< glossary_tooltip text="containers" term_id="container" >}}, with shared storage and network resources, and a specification for how to run the containers. A Pod's contents are always co-located and co-scheduled, and run in a shared context. A Pod models an application-specific "logical host": it contains one or more application containers which are relatively tightly coupled. @@ -295,9 +294,10 @@ but cannot be controlled from there. object definition describes the object in detail. * [The Distributed System Toolkit: Patterns for Composite Containers](https://kubernetes.io/blog/2015/06/the-distributed-system-toolkit-patterns) explains common layouts for Pods with more than one container. -To understand the context for why Kubernetes wraps a common Pod API in other resources (such as {{< glossary_tooltip text="StatefulSets" term_id="statefulset" >}} or {{< glossary_tooltip text="Deployments" term_id="deployment" >}}, you can read about the prior art, including: - * [Aurora](https://aurora.apache.org/documentation/latest/reference/configuration/#job-schema) - * [Borg](https://research.google.com/pubs/pub43438.html) - * [Marathon](https://mesosphere.github.io/marathon/docs/rest-api.html) - * [Omega](https://research.google/pubs/pub41684/) - * [Tupperware](https://engineering.fb.com/data-center-engineering/tupperware/). +To understand the context for why Kubernetes wraps a common Pod API in other resources (such as {{< glossary_tooltip text="StatefulSets" term_id="statefulset" >}} or {{< glossary_tooltip text="Deployments" term_id="deployment" >}}), you can read about the prior art, including: + +* [Aurora](https://aurora.apache.org/documentation/latest/reference/configuration/#job-schema) +* [Borg](https://research.google.com/pubs/pub43438.html) +* [Marathon](https://mesosphere.github.io/marathon/docs/rest-api.html) +* [Omega](https://research.google/pubs/pub41684/) +* [Tupperware](https://engineering.fb.com/data-center-engineering/tupperware/). diff --git a/content/en/docs/concepts/workloads/pods/disruptions.md b/content/en/docs/concepts/workloads/pods/disruptions.md index 78e8b39a47..3d4248443d 100644 --- a/content/en/docs/concepts/workloads/pods/disruptions.md +++ b/content/en/docs/concepts/workloads/pods/disruptions.md @@ -49,7 +49,7 @@ Cluster administrator actions include: - [Draining a node](/docs/tasks/administer-cluster/safely-drain-node/) for repair or upgrade. - Draining a node from a cluster to scale the cluster down (learn about -[Cluster Autoscaling](/docs/tasks/administer-cluster/cluster-management/#cluster-autoscaler) +[Cluster Autoscaling](https://github.com/kubernetes/autoscaler/#readme) ). - Removing a pod from a node to permit something else to fit on that node. diff --git a/content/en/docs/concepts/workloads/pods/init-containers.md b/content/en/docs/concepts/workloads/pods/init-containers.md index 869ba66f66..363c38a39b 100644 --- a/content/en/docs/concepts/workloads/pods/init-containers.md +++ b/content/en/docs/concepts/workloads/pods/init-containers.md @@ -133,6 +133,7 @@ You can start this Pod by running: ```shell kubectl apply -f myapp.yaml ``` +The output is similar to this: ``` pod/myapp-pod created ``` @@ -141,6 +142,7 @@ And check on its status with: ```shell kubectl get -f myapp.yaml ``` +The output is similar to this: ``` NAME READY STATUS RESTARTS AGE myapp-pod 0/1 Init:0/2 0 6m @@ -150,6 +152,7 @@ or for more details: ```shell kubectl describe -f myapp.yaml ``` +The output is similar to this: ``` Name: myapp-pod Namespace: default @@ -224,6 +227,7 @@ To create the `mydb` and `myservice` services: ```shell kubectl apply -f services.yaml ``` +The output is similar to this: ``` service/myservice created service/mydb created @@ -235,6 +239,7 @@ Pod moves into the Running state: ```shell kubectl get -f myapp.yaml ``` +The output is similar to this: ``` NAME READY STATUS RESTARTS AGE myapp-pod 1/1 Running 0 9m @@ -319,11 +324,9 @@ reasons: - ## {{% heading "whatsnext" %}} * Read about [creating a Pod that has an init container](/docs/tasks/configure-pod-container/configure-pod-initialization/#create-a-pod-that-has-an-init-container) * Learn how to [debug init containers](/docs/tasks/debug-application-cluster/debug-init-containers/) - diff --git a/content/en/docs/concepts/workloads/pods/pod-lifecycle.md b/content/en/docs/concepts/workloads/pods/pod-lifecycle.md index 81822a7f17..df83f7c5f3 100644 --- a/content/en/docs/concepts/workloads/pods/pod-lifecycle.md +++ b/content/en/docs/concepts/workloads/pods/pod-lifecycle.md @@ -85,6 +85,13 @@ Value | Description `Failed` | All containers in the Pod have terminated, and at least one container has terminated in failure. That is, the container either exited with non-zero status or was terminated by the system. `Unknown` | For some reason the state of the Pod could not be obtained. This phase typically occurs due to an error in communicating with the node where the Pod should be running. +{{< note >}} +When a Pod is being deleted, it is shown as `Terminating` by some kubectl commands. +This `Terminating` status is not one of the Pod phases. +A Pod is granted a term to terminate gracefully, which defaults to 30 seconds. +You can use the flag `--force` to [terminate a Pod by force](/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination-forced). +{{< /note >}} + If a node dies or is disconnected from the rest of the cluster, Kubernetes applies a policy for setting the `phase` of all Pods on the lost node to Failed. @@ -325,7 +332,7 @@ a time longer than the liveness interval would allow. If your container usually starts in more than `initialDelaySeconds + failureThreshold × periodSeconds`, you should specify a startup probe that checks the same endpoint as the liveness probe. The default for -`periodSeconds` is 30s. You should then set its `failureThreshold` high enough to +`periodSeconds` is 10s. You should then set its `failureThreshold` high enough to allow the container to start, without changing the default values of the liveness probe. This helps to protect against deadlocks. diff --git a/content/en/docs/contribute/style/hugo-shortcodes/example1.md b/content/en/docs/contribute/style/hugo-shortcodes/example1.md index fbe21a1457..9e9f45b0a6 100644 --- a/content/en/docs/contribute/style/hugo-shortcodes/example1.md +++ b/content/en/docs/contribute/style/hugo-shortcodes/example1.md @@ -6,4 +6,4 @@ This is an **example** content file inside the **includes** leaf bundle. {{< note >}} Included content files can also contain shortcodes. -{{< /note >}} \ No newline at end of file +{{< /note >}} diff --git a/content/en/docs/contribute/style/hugo-shortcodes/index.md b/content/en/docs/contribute/style/hugo-shortcodes/index.md index dd9ed06c31..fa25966e45 100644 --- a/content/en/docs/contribute/style/hugo-shortcodes/index.md +++ b/content/en/docs/contribute/style/hugo-shortcodes/index.md @@ -1,33 +1,30 @@ --- -approvers: -- chenopis title: Custom Hugo Shortcodes content_type: concept --- -This page explains the custom Hugo shortcodes that can be used in Kubernetes markdown documentation. +This page explains the custom Hugo shortcodes that can be used in Kubernetes Markdown documentation. Read more about shortcodes in the [Hugo documentation](https://gohugo.io/content-management/shortcodes). - ## Feature state -In a markdown page (`.md` file) on this site, you can add a shortcode to display version and state of the documented feature. +In a Markdown page (`.md` file) on this site, you can add a shortcode to display version and state of the documented feature. ### Feature state demo -Below is a demo of the feature state snippet, which displays the feature as stable in Kubernetes version 1.10. +Below is a demo of the feature state snippet, which displays the feature as stable in the latest Kubernetes version. ``` -{{}} +{{}} ``` Renders to: -{{< feature-state for_k8s_version="v1.10" state="stable" >}} +{{< feature-state state="stable" >}} The valid values for `state` are: @@ -38,62 +35,22 @@ The valid values for `state` are: ### Feature state code -The displayed Kubernetes version defaults to that of the page or the site. This can be changed by passing the for_k8s_version shortcode parameter. +The displayed Kubernetes version defaults to that of the page or the site. You can change the +feature state version by passing the `for_k8s_version` shortcode parameter. For example: ``` -{{}} +{{}} ``` Renders to: -{{< feature-state for_k8s_version="v1.10" state="stable" >}} - -#### Alpha feature - -``` -{{}} -``` - -Renders to: - -{{< feature-state state="alpha" >}} - -#### Beta feature - -``` -{{}} -``` - -Renders to: - -{{< feature-state state="beta" >}} - -#### Stable feature - -``` -{{}} -``` - -Renders to: - -{{< feature-state state="stable" >}} - -#### Deprecated feature - -``` -{{}} -``` - -Renders to: - -{{< feature-state state="deprecated" >}} +{{< feature-state for_k8s_version="v1.10" state="beta" >}} ## Glossary -There are two glossary tooltips. +There are two glossary shortcodes: `glossary_tooltip` and `glossary_definition`. -You can reference glossary terms with an inclusion that automatically updates and replaces content with the relevant links from [our glossary](/docs/reference/glossary/). When the term is moused-over by someone -using the online documentation, the glossary entry displays a tooltip. +You can reference glossary terms with an inclusion that automatically updates and replaces content with the relevant links from [our glossary](/docs/reference/glossary/). When the glossary term is moused-over, the glossary entry displays a tooltip. The glossary term also displays as a link. As well as inclusions with tooltips, you can reuse the definitions from the glossary in page content. @@ -102,7 +59,7 @@ The raw data for glossary terms is stored at [https://github.com/kubernetes/webs ### Glossary demo -For example, the following include within the markdown renders to {{< glossary_tooltip text="cluster" term_id="cluster" >}} with a tooltip: +For example, the following include within the Markdown renders to {{< glossary_tooltip text="cluster" term_id="cluster" >}} with a tooltip: ``` {{}} @@ -113,13 +70,16 @@ Here's a short glossary definition: ``` {{}} ``` + which renders as: {{< glossary_definition prepend="A cluster is" term_id="cluster" length="short" >}} You can also include a full definition: + ``` {{}} ``` + which renders as: {{< glossary_definition term_id="cluster" length="all" >}} @@ -255,7 +215,63 @@ Renders to: {{< tab name="JSON File" include="podtemplate.json" />}} {{< /tabs >}} +## Version strings +To generate a version string for inclusion in the documentation, you can choose from +several version shortcodes. Each version shortcode displays a version string derived from +the value of a version parameter found in the site configuration file, `config.toml`. +The two most commonly used version parameters are `latest` and `version`. + +### `{{}}` + +The `{{}}` shortcode generates the value of the current version of +the Kubernetes documentation from the `version` site parameter. The `param` shortcode accepts the name of one site parameter, in this case: `version`. + +{{< note >}} +In previously released documentation, `latest` and `version` parameter values are not equivalent. +After a new version is released, `latest` is incremented and the value of `version` for the documentation set remains unchanged. For example, a previously released version of the documentation displays `version` as +`v1.19` and `latest` as `v1.20`. +{{< /note >}} + +Renders to: + +{{< param "version" >}} + +### `{{}}` + +The `{{}}` shortcode returns the value of the `latest` site parameter. +The `latest` site parameter is updated when a new version of the documentation is released. +This parameter does not always match the value of `version` in a documentation set. + +Renders to: + +{{< latest-version >}} + +### `{{}}` + +The `{{}}` shortcode generates the value of `latest` without the "v" prefix. + +Renders to: + +{{< latest-semver >}} + +### `{{}}` + +The `{{}}` shortcode checks if the `min-kubernetes-server-version` +page parameter is present and then uses this value to compare to `version`. + +Renders to: + +{{< version-check >}} + +### `{{}}` + +The `{{}}` shortcode generates a version string from `latest` and removes +the "v" prefix. The shortcode prints a new URL for the release note CHANGELOG page with the modified version string. + +Renders to: + +{{< latest-release-notes >}} ## {{% heading "whatsnext" %}} @@ -264,4 +280,3 @@ Renders to: * Learn about [page content types](/docs/contribute/style/page-content-types/). * Learn about [opening a pull request](/docs/contribute/new-content/open-a-pr/). * Learn about [advanced contributing](/docs/contribute/advanced/). - diff --git a/content/en/docs/reference/access-authn-authz/admission-controllers.md b/content/en/docs/reference/access-authn-authz/admission-controllers.md index e57813ec12..8d01b1d20c 100644 --- a/content/en/docs/reference/access-authn-authz/admission-controllers.md +++ b/content/en/docs/reference/access-authn-authz/admission-controllers.md @@ -792,25 +792,8 @@ versions 1.9 and later). ## Is there a recommended set of admission controllers to use? -Yes. For Kubernetes version 1.10 and later, the recommended admission controllers are enabled by default (shown [here](/docs/reference/command-line-tools-reference/kube-apiserver/#options)), so you do not need to explicitly specify them. You can enable additional admission controllers beyond the default set using the `--enable-admission-plugins` flag (**order doesn't matter**). +Yes. The recommended admission controllers are enabled by default (shown [here](/docs/reference/command-line-tools-reference/kube-apiserver/#options)), so you do not need to explicitly specify them. You can enable additional admission controllers beyond the default set using the `--enable-admission-plugins` flag (**order doesn't matter**). {{< note >}} `--admission-control` was deprecated in 1.10 and replaced with `--enable-admission-plugins`. {{< /note >}} - -For Kubernetes 1.9 and earlier, we recommend running the following set of admission controllers using the `--admission-control` flag (**order matters**). - -* v1.9 - - ```shell - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota - ``` - - * It's worth reiterating that in 1.9, these happen in a mutating phase -and a validating phase, and that for example `ResourceQuota` runs in the validating -phase, and therefore is the last admission controller to run. -`MutatingAdmissionWebhook` appears before it in this list, because it runs -in the mutating phase. - - For earlier versions, there was no concept of validating versus mutating and the -admission controllers ran in the exact order specified. diff --git a/content/en/docs/reference/access-authn-authz/rbac.md b/content/en/docs/reference/access-authn-authz/rbac.md index d3e6dc118e..783f25621f 100644 --- a/content/en/docs/reference/access-authn-authz/rbac.md +++ b/content/en/docs/reference/access-authn-authz/rbac.md @@ -87,7 +87,7 @@ Because ClusterRoles are cluster-scoped, you can also use them to grant access t * non-resource endpoints (like `/healthz`) * namespaced resources (like Pods), across all namespaces For example: you can use a ClusterRole to allow a particular user to run - `kubectl get pods --all-namespaces`. + `kubectl get pods --all-namespaces` Here is an example of a ClusterRole that can be used to grant read access to {{< glossary_tooltip text="secrets" term_id="secret" >}} in any particular namespace, diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates.md b/content/en/docs/reference/command-line-tools-reference/feature-gates.md index 4f4d0fda94..ed18f36c77 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates.md @@ -166,7 +166,8 @@ different Kubernetes components. | `StorageVersionHash` | `true` | Beta | 1.15 | | | `Sysctls` | `true` | Beta | 1.11 | | | `TTLAfterFinished` | `false` | Alpha | 1.12 | | -| `TopologyManager` | `false` | Alpha | 1.16 | | +| `TopologyManager` | `false` | Alpha | 1.16 | 1.17 | +| `TopologyManager` | `true` | Beta | 1.18 | | | `ValidateProxyRedirects` | `false` | Alpha | 1.12 | 1.13 | | `ValidateProxyRedirects` | `true` | Beta | 1.14 | | | `WindowsEndpointSliceProxying` | `false` | Alpha | 1.19 | | diff --git a/content/en/docs/reference/command-line-tools-reference/kubelet.md b/content/en/docs/reference/command-line-tools-reference/kubelet.md index e56e84bc57..b569177dda 100644 --- a/content/en/docs/reference/command-line-tools-reference/kubelet.md +++ b/content/en/docs/reference/command-line-tools-reference/kubelet.md @@ -351,7 +351,7 @@ kubelet [flags] --eviction-hard mapStringString     Default: `imagefs.available<15%,memory.available<100Mi,nodefs.available<10%` -A set of eviction thresholds (e.g. `memory.available<1Gi`) that if met would trigger a pod eviction. (DEPRECATED: This parameter should be set via the config file specified by the Kubelet's `--config` flag. See https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/ for more information.) +A set of eviction thresholds (e.g. `memory.available<1Gi`) that if met would trigger a pod eviction. On a Linux node, the default value also includes `nodefs.inodesFree<5%`. (DEPRECATED: This parameter should be set via the config file specified by the Kubelet's `--config` flag. See https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/ for more information.) diff --git a/content/en/docs/reference/kubectl/cheatsheet.md b/content/en/docs/reference/kubectl/cheatsheet.md index 8a5d15b0b2..2ed62c2e2a 100644 --- a/content/en/docs/reference/kubectl/cheatsheet.md +++ b/content/en/docs/reference/kubectl/cheatsheet.md @@ -194,6 +194,9 @@ kubectl get pods --show-labels JSONPATH='{range .items[*]}{@.metadata.name}:{range @.status.conditions[*]}{@.type}={@.status};{end}{end}' \ && kubectl get nodes -o jsonpath="$JSONPATH" | grep "Ready=True" +# Output decoded secrets without external tools +kubectl get secret ${secret_name} -o go-template='{{range $k,$v := .data}}{{$k}}={{$v|base64decode}}{{"\n"}}{{end}}' + # List all Secrets currently in use by a pod kubectl get pods -o json | jq '.items[].spec.containers[].env[]?.valueFrom.secretKeyRef.name' | grep -v null | sort | uniq @@ -314,6 +317,7 @@ kubectl exec my-pod -- ls / # Run command in existing po kubectl exec --stdin --tty my-pod -- /bin/sh # Interactive shell access to a running pod (1 container case) kubectl exec my-pod -c my-container -- ls / # Run command in existing pod (multi-container case) kubectl top pod POD_NAME --containers # Show metrics for a given pod and its containers +kubectl top pod POD_NAME --sort-by=cpu # Show metrics for a given pod and sort it by 'cpu' or 'memory' ``` ## Interacting with Nodes and cluster diff --git a/content/en/docs/reference/kubectl/conventions.md b/content/en/docs/reference/kubectl/conventions.md index 8b5ab20cdb..c8016453cd 100644 --- a/content/en/docs/reference/kubectl/conventions.md +++ b/content/en/docs/reference/kubectl/conventions.md @@ -37,23 +37,22 @@ All `kubectl run` generators are deprecated. See the Kubernetes v1.17 documentat #### Generators You can generate the following resources with a kubectl command, `kubectl create --dry-run=client -o yaml`: -``` - clusterrole Create a ClusterRole. - clusterrolebinding Create a ClusterRoleBinding for a particular ClusterRole. - configmap Create a configmap from a local file, directory or literal value. - cronjob Create a cronjob with the specified name. - deployment Create a deployment with the specified name. - job Create a job with the specified name. - namespace Create a namespace with the specified name. - poddisruptionbudget Create a pod disruption budget with the specified name. - priorityclass Create a priorityclass with the specified name. - quota Create a quota with the specified name. - role Create a role with single rule. - rolebinding Create a RoleBinding for a particular Role or ClusterRole. - secret Create a secret using specified subcommand. - service Create a service using specified subcommand. - serviceaccount Create a service account with the specified name. -``` + +* `clusterrole`: Create a ClusterRole. +* `clusterrolebinding`: Create a ClusterRoleBinding for a particular ClusterRole. +* `configmap`: Create a ConfigMap from a local file, directory or literal value. +* `cronjob`: Create a CronJob with the specified name. +* `deployment`: Create a Deployment with the specified name. +* `job`: Create a Job with the specified name. +* `namespace`: Create a Namespace with the specified name. +* `poddisruptionbudget`: Create a PodDisruptionBudget with the specified name. +* `priorityclass`: Create a PriorityClass with the specified name. +* `quota`: Create a Quota with the specified name. +* `role`: Create a Role with single rule. +* `rolebinding`: Create a RoleBinding for a particular Role or ClusterRole. +* `secret`: Create a Secret using specified subcommand. +* `service`: Create a Service using specified subcommand. +* `serviceaccount`: Create a ServiceAccount with the specified name. ### `kubectl apply` diff --git a/content/en/docs/reference/kubectl/docker-cli-to-kubectl.md b/content/en/docs/reference/kubectl/docker-cli-to-kubectl.md index 5afdebd557..6c214513a0 100644 --- a/content/en/docs/reference/kubectl/docker-cli-to-kubectl.md +++ b/content/en/docs/reference/kubectl/docker-cli-to-kubectl.md @@ -37,16 +37,11 @@ kubectl: # start the pod running nginx kubectl create deployment --image=nginx nginx-app ``` - -```shell -# add env to nginx-app -kubectl set env deployment/nginx-app DOMAIN=cluster -``` ``` deployment.apps/nginx-app created ``` -``` +```shell # add env to nginx-app kubectl set env deployment/nginx-app DOMAIN=cluster ``` diff --git a/content/en/docs/reference/scheduling/config.md b/content/en/docs/reference/scheduling/config.md index 0dca862fb9..7754d7cb7d 100644 --- a/content/en/docs/reference/scheduling/config.md +++ b/content/en/docs/reference/scheduling/config.md @@ -108,7 +108,7 @@ extension points: - `SelectorSpread`: Favors spreading across nodes for Pods that belong to {{< glossary_tooltip text="Services" term_id="service" >}}, {{< glossary_tooltip text="ReplicaSets" term_id="replica-set" >}} and - {{< glossary_tooltip text="StatefulSets" term_id="statefulset" >}} + {{< glossary_tooltip text="StatefulSets" term_id="statefulset" >}}. Extension points: `PreScore`, `Score`. - `ImageLocality`: Favors nodes that already have the container images that the Pod runs. diff --git a/content/en/docs/reference/using-api/server-side-apply.md b/content/en/docs/reference/using-api/server-side-apply.md index c945765d76..c281eb9400 100644 --- a/content/en/docs/reference/using-api/server-side-apply.md +++ b/content/en/docs/reference/using-api/server-side-apply.md @@ -71,7 +71,7 @@ the appliers, results in a conflict. Shared field owners may give up ownership of a field by removing it from their configuration. Field management is stored in a`managedFields` field that is part of an object's -[`metadata`](/docs/reference/generated/kubernetes-api/{{< latest-version >}}/#objectmeta-v1-meta). +[`metadata`](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#objectmeta-v1-meta). A simple example of an object created by Server Side Apply could look like this: diff --git a/content/en/docs/setup/production-environment/container-runtimes.md b/content/en/docs/setup/production-environment/container-runtimes.md index fdc7214d00..4c69e0b9b2 100644 --- a/content/en/docs/setup/production-environment/container-runtimes.md +++ b/content/en/docs/setup/production-environment/container-runtimes.md @@ -143,6 +143,44 @@ sudo mkdir -p /etc/containerd sudo containerd config default | sudo tee /etc/containerd/config.toml ``` +```shell +# Restart containerd +sudo systemctl restart containerd +``` +{{% /tab %}} +{{% tab name="Debian 9+" %}} + +```shell +# (Install containerd) +## Set up the repository +### Install packages to allow apt to use a repository over HTTPS +sudo apt-get update && sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common +``` + +```shell +## Add Docker's official GPG key +curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key --keyring /etc/apt/trusted.gpg.d/docker.gpg add - +``` + +```shell +## Add Docker apt repository. +sudo add-apt-repository \ + "deb [arch=amd64] https://download.docker.com/linux/debian \ + $(lsb_release -cs) \ + stable" +``` + +```shell +## Install containerd +sudo apt-get update && sudo apt-get install -y containerd.io +``` + +```shell +# Set default containerd configuration +sudo mkdir -p /etc/containerd +containerd config default | sudo tee /etc/containerd/config.toml +``` + ```shell # Restart containerd sudo systemctl restart containerd @@ -432,6 +470,11 @@ sudo apt-get update && sudo apt-get install -y \ docker-ce-cli=5:19.03.11~3-0~ubuntu-$(lsb_release -cs) ``` +```shell +## Create /etc/docker +sudo mkdir /etc/docker +``` + ```shell # Set up the Docker daemon cat <}} ## Configuration -{{< note >}} The local listen IP address for NodeLocal DNSCache can be any IP in the 169.254.20.0/16 space or any other IP address that can be guaranteed to not collide with any existing IP. This document uses 169.254.20.10 as an example. +{{< note >}} The local listen IP address for NodeLocal DNSCache can be any address that can be guaranteed to not collide with any existing IP in your cluster. It's recommended to use an address with a local scope, per example, from the link-local range 169.254.0.0/16 for IPv4 or from the Unique Local Address range in IPv6 fd00::/8. {{< /note >}} This feature can be enabled using the following steps: * Prepare a manifest similar to the sample [`nodelocaldns.yaml`](https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml) and save it as `nodelocaldns.yaml.` +* If using IPv6, the CoreDNS configuration file need to enclose all the IPv6 addresses into square brackets if used in IP:Port format. +If you are using the sample manifest from the previous point, this will require to modify [the configuration line L70](https://github.com/kubernetes/kubernetes/blob/b2ecd1b3a3192fbbe2b9e348e095326f51dc43dd/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml#L70) like this `health [__PILLAR__LOCAL__DNS__]:8080` * Substitute the variables in the manifest with the right values: * kubedns=`kubectl get svc kube-dns -n kube-system -o jsonpath={.spec.clusterIP}` diff --git a/content/en/docs/tasks/configure-pod-container/configure-service-account.md b/content/en/docs/tasks/configure-pod-container/configure-service-account.md index 4cd5eaa905..ca3d0b2966 100644 --- a/content/en/docs/tasks/configure-pod-container/configure-service-account.md +++ b/content/en/docs/tasks/configure-pod-container/configure-service-account.md @@ -82,6 +82,7 @@ You can list this and any other serviceAccount resources in the namespace with t ```shell kubectl get serviceaccounts ``` + The output is similar to this: ``` @@ -108,9 +109,10 @@ If you get a complete dump of the service account object, like this: ```shell kubectl get serviceaccounts/build-robot -o yaml ``` + The output is similar to this: -``` +```yaml apiVersion: v1 kind: ServiceAccount metadata: @@ -164,6 +166,7 @@ Any tokens for non-existent service accounts will be cleaned up by the token con ```shell kubectl describe secrets/build-robot-secret ``` + The output is similar to this: ``` @@ -227,7 +230,7 @@ kubectl get serviceaccounts default -o yaml > ./sa.yaml The output of the `sa.yaml` file is similar to this: -```shell +```yaml apiVersion: v1 kind: ServiceAccount metadata: @@ -244,7 +247,7 @@ Using your editor of choice (for example `vi`), open the `sa.yaml` file, delete The output of the `sa.yaml` file is similar to this: -```shell +```yaml apiVersion: v1 kind: ServiceAccount metadata: @@ -319,7 +322,8 @@ kubectl create -f https://k8s.io/examples/pods/pod-projected-svc-token.yaml ``` The kubelet will request and store the token on behalf of the pod, make the -token available to the pod at a configurable file path, and refresh the token as it approaches expiration. Kubelet proactively rotates the token if it is older than 80% of its total TTL, or if the token is older than 24 hours. +token available to the pod at a configurable file path, and refresh the token as it approaches expiration. +The kubelet proactively rotates the token if it is older than 80% of its total TTL, or if the token is older than 24 hours. The application is responsible for reloading the token when it rotates. Periodic reloading (e.g. once every 5 minutes) is sufficient for most use cases. @@ -380,7 +384,6 @@ JWKS URI is required to use the `https` scheme. ## {{% heading "whatsnext" %}} - See also: - [Cluster Admin Guide to Service Accounts](/docs/reference/access-authn-authz/service-accounts-admin/) diff --git a/content/en/docs/tasks/debug-application-cluster/debug-running-pod.md b/content/en/docs/tasks/debug-application-cluster/debug-running-pod.md index c0dc2ebf69..54e474429c 100644 --- a/content/en/docs/tasks/debug-application-cluster/debug-running-pod.md +++ b/content/en/docs/tasks/debug-application-cluster/debug-running-pod.md @@ -192,7 +192,7 @@ this scenario using `kubectl run`: kubectl run myapp --image=busybox --restart=Never -- sleep 1d ``` -Run this command to create a copy of `myapp` named `myapp-copy` that adds a +Run this command to create a copy of `myapp` named `myapp-debug` that adds a new Ubuntu container for debugging: ```shell diff --git a/content/en/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch.md b/content/en/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch.md index 2613579ccf..b4d7b11a7e 100644 --- a/content/en/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch.md +++ b/content/en/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch.md @@ -445,6 +445,9 @@ and [kubectl apply](/docs/reference/generated/kubectl/kubectl-commands/#apply). +{{< note >}} +Strategic merge patch is not supported for custom resources. +{{< /note >}} ## {{% heading "whatsnext" %}} diff --git a/content/en/docs/test.md b/content/en/docs/test.md index c052cb5f9c..aadfc9a9e3 100644 --- a/content/en/docs/test.md +++ b/content/en/docs/test.md @@ -337,7 +337,7 @@ sequenceDiagram Alice->John: Yes... John, how are you? {{}} -
More [examples](https://mermaid-js.github.io/mermaid/#/examples) from the offical docs. +
More [examples](https://mermaid-js.github.io/mermaid/#/examples) from the official docs. ## Sidebars and Admonitions diff --git a/content/en/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro.html b/content/en/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro.html index 6d8e43ebfc..2ee67382fd 100644 --- a/content/en/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro.html +++ b/content/en/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro.html @@ -92,9 +92,7 @@ weight: 10

- For your first Deployment, you'll use a Node.js application packaged in a Docker container. (If you didn't already try creating a - Node.js application and deploying it using a container, you can do that first by following the - instructions from the Hello Minikube tutorial). + For your first Deployment, you'll use a hello-node application packaged in a Docker container that uses NGINX to echo back all the requests. (If you didn't already try creating a hello-node application and deploying it using a container, you can do that first by following the instructions from the Hello Minikube tutorial).

Now that you know what Deployments are, let's go to the online tutorial and deploy our first app!

diff --git a/content/en/examples/application/deployment-patch.yaml b/content/en/examples/application/deployment-patch.yaml index 7b32e2fcae..af12f4cb0c 100644 --- a/content/en/examples/application/deployment-patch.yaml +++ b/content/en/examples/application/deployment-patch.yaml @@ -1,4 +1,4 @@ -apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 +apiVersion: apps/v1 kind: Deployment metadata: name: patch-demo diff --git a/content/en/examples/application/deployment-retainkeys.yaml b/content/en/examples/application/deployment-retainkeys.yaml index b5e04f0cc1..af63f46d37 100644 --- a/content/en/examples/application/deployment-retainkeys.yaml +++ b/content/en/examples/application/deployment-retainkeys.yaml @@ -1,4 +1,4 @@ -apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 +apiVersion: apps/v1 kind: Deployment metadata: name: retainkeys-demo diff --git a/content/en/examples/application/deployment-scale.yaml b/content/en/examples/application/deployment-scale.yaml index 68801c971d..01fe96d845 100644 --- a/content/en/examples/application/deployment-scale.yaml +++ b/content/en/examples/application/deployment-scale.yaml @@ -1,4 +1,4 @@ -apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 +apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment diff --git a/content/en/examples/application/deployment-update.yaml b/content/en/examples/application/deployment-update.yaml index 18e8be65fb..1c0b9d1ab8 100644 --- a/content/en/examples/application/deployment-update.yaml +++ b/content/en/examples/application/deployment-update.yaml @@ -1,4 +1,4 @@ -apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 +apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment diff --git a/content/en/examples/application/deployment.yaml b/content/en/examples/application/deployment.yaml index 2cd599218d..dbed8bc72b 100644 --- a/content/en/examples/application/deployment.yaml +++ b/content/en/examples/application/deployment.yaml @@ -1,4 +1,4 @@ -apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 +apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment diff --git a/content/en/examples/application/guestbook/frontend-deployment.yaml b/content/en/examples/application/guestbook/frontend-deployment.yaml index 50d6e1f0d4..23d64be644 100644 --- a/content/en/examples/application/guestbook/frontend-deployment.yaml +++ b/content/en/examples/application/guestbook/frontend-deployment.yaml @@ -1,4 +1,4 @@ -apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 +apiVersion: apps/v1 kind: Deployment metadata: name: frontend diff --git a/content/en/examples/application/guestbook/redis-master-deployment.yaml b/content/en/examples/application/guestbook/redis-master-deployment.yaml index fc6f418c39..478216d1ac 100644 --- a/content/en/examples/application/guestbook/redis-master-deployment.yaml +++ b/content/en/examples/application/guestbook/redis-master-deployment.yaml @@ -1,4 +1,4 @@ -apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 +apiVersion: apps/v1 kind: Deployment metadata: name: redis-master diff --git a/content/en/examples/application/guestbook/redis-slave-deployment.yaml b/content/en/examples/application/guestbook/redis-slave-deployment.yaml index 7dcfb6c263..1a7b04386a 100644 --- a/content/en/examples/application/guestbook/redis-slave-deployment.yaml +++ b/content/en/examples/application/guestbook/redis-slave-deployment.yaml @@ -1,4 +1,4 @@ -apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 +apiVersion: apps/v1 kind: Deployment metadata: name: redis-slave diff --git a/content/en/examples/application/mysql/mysql-deployment.yaml b/content/en/examples/application/mysql/mysql-deployment.yaml index 518457777e..419fbe03d3 100644 --- a/content/en/examples/application/mysql/mysql-deployment.yaml +++ b/content/en/examples/application/mysql/mysql-deployment.yaml @@ -9,7 +9,7 @@ spec: app: mysql clusterIP: None --- -apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 +apiVersion: apps/v1 kind: Deployment metadata: name: mysql diff --git a/content/en/examples/application/wordpress/mysql-deployment.yaml b/content/en/examples/application/wordpress/mysql-deployment.yaml index 8b92b76f54..c6b221512d 100644 --- a/content/en/examples/application/wordpress/mysql-deployment.yaml +++ b/content/en/examples/application/wordpress/mysql-deployment.yaml @@ -25,7 +25,7 @@ spec: requests: storage: 20Gi --- -apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 +apiVersion: apps/v1 kind: Deployment metadata: name: wordpress-mysql diff --git a/content/en/examples/application/wordpress/wordpress-deployment.yaml b/content/en/examples/application/wordpress/wordpress-deployment.yaml index d898474211..c8ed239142 100644 --- a/content/en/examples/application/wordpress/wordpress-deployment.yaml +++ b/content/en/examples/application/wordpress/wordpress-deployment.yaml @@ -25,7 +25,7 @@ spec: requests: storage: 20Gi --- -apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 +apiVersion: apps/v1 kind: Deployment metadata: name: wordpress diff --git a/content/es/community/static/cncf-code-of-conduct.md b/content/es/community/static/cncf-code-of-conduct.md index 440b20ee04..c426e05db6 100644 --- a/content/es/community/static/cncf-code-of-conduct.md +++ b/content/es/community/static/cncf-code-of-conduct.md @@ -22,7 +22,7 @@ Este Código de Conducta se aplica tanto dentro de los espacios relacionados con Los casos de comportamiento abusivo, acosador o de cualquier otro modo inaceptable podrán ser denunciados poniéndose en contacto con el [Comité del Código de Conducta de Kubernetes](https://git.k8s.io/community/committee-code-of-conduct) en . Para otros proyectos, comuníquese con un mantenedor de proyectos de CNCF o con nuestra mediadora, Mishi Choudhary . -Este Código de Conducta está adaptado del Compromiso de Colaboradores (http://contributor-covenant.org), versión 1.2.0, disponible en http://contributor-covenant.org/version/1/2/0/ +Este Código de Conducta está adaptado del Compromiso de Colaboradores (https://contributor-covenant.org), versión 1.2.0, disponible en https://contributor-covenant.org/version/1/2/0/ ### Código de Conducta para la Comunidad de la CNCF diff --git a/content/fr/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md b/content/fr/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md index cc4f3b99e9..bcf325df43 100644 --- a/content/fr/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md +++ b/content/fr/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md @@ -250,13 +250,14 @@ curl -L "https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRICTL Installez `kubeadm`,` kubelet`, `kubectl` et ajoutez un service systemd` kubelet`: +RELEASE_VERSION="v0.6.0" + ```bash RELEASE="$(curl -sSL https://dl.k8s.io/release/stable.txt)" cd $DOWNLOAD_DIR sudo curl -L --remote-name-all https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/amd64/{kubeadm,kubelet,kubectl} sudo chmod +x {kubeadm,kubelet,kubectl} -RELEASE_VERSION="v0.4.0" curl -sSL "https://raw.githubusercontent.com/kubernetes/release/${RELEASE_VERSION}/cmd/kubepkg/templates/latest/deb/kubelet/lib/systemd/system/kubelet.service" | sed "s:/usr/bin:${DOWNLOAD_DIR}:g" | sudo tee /etc/systemd/system/kubelet.service sudo mkdir -p /etc/systemd/system/kubelet.service.d curl -sSL "https://raw.githubusercontent.com/kubernetes/release/${RELEASE_VERSION}/cmd/kubepkg/templates/latest/deb/kubeadm/10-kubeadm.conf" | sed "s:/usr/bin:${DOWNLOAD_DIR}:g" | sudo tee /etc/systemd/system/kubelet.service.d/10-kubeadm.conf diff --git a/content/ja/docs/reference/_index.md b/content/ja/docs/reference/_index.md index 4276875967..0496a730c4 100644 --- a/content/ja/docs/reference/_index.md +++ b/content/ja/docs/reference/_index.md @@ -31,7 +31,7 @@ content_type: concept ## CLIリファレンス * [kubectl](/docs/reference/kubectl/overview/) - コマンドの実行やKubernetesクラスターの管理に使う主要なCLIツールです。 - * [JSONPath](/docs/reference/kubectl/jsonpath/) - kubectlで[JSONPath記法](https://goessner.net/articles/JsonPath/)を使うための構文ガイドです。 + * [JSONPath](/ja/docs/reference/kubectl/jsonpath/) - kubectlで[JSONPath記法](https://goessner.net/articles/JsonPath/)を使うための構文ガイドです。 * [kubeadm](/docs/reference/setup-tools/kubeadm/kubeadm/) - セキュアなKubernetesクラスターを簡単にプロビジョニングするためのCLIツールです。 ## コンポーネントリファレンス diff --git a/content/ja/docs/reference/kubectl/jsonpath.md b/content/ja/docs/reference/kubectl/jsonpath.md new file mode 100644 index 0000000000..9b9caca4bb --- /dev/null +++ b/content/ja/docs/reference/kubectl/jsonpath.md @@ -0,0 +1,112 @@ +--- +title: JSONPathのサポート +content_type: concept +weight: 25 +--- + + +kubectlはJSONPathのテンプレートをサポートしています。 + + + +JSONPathのテンプレートは、波括弧`{}`によって囲まれたJSONPathの式によって構成されています。 +kubectlでは、JSONPathの式を使うことで、JSONオブジェクトの特定のフィールドをフィルターしたり、出力のフォーマットを変更することができます。 +本来のJSONPathのテンプレートの構文に加え、以下の機能と構文が使えます: + +1. JSONPathの式の内部でテキストをクォートするために、ダブルクォーテーションを使用します。 +2. リストを反復するために、`range`、`end`オペレーターを使用します。 +3. リストを末尾側から参照するために、負の数のインデックスを使用します。負の数のインデックスはリストを「周回」せず、`-index + listLength >= 0`が満たされる限りにおいて有効になります。 + +{{< note >}} + +- 式は常にルートのオブジェクトから始まるので、`$`オペレーターの入力は任意になります。 + +- 結果のオブジェクトはString()関数を適用した形で表示されます。 + +{{< /note >}} + +以下のようなJSONの入力が与えられたとします。 + +```json +{ + "kind": "List", + "items":[ + { + "kind":"None", + "metadata":{"name":"127.0.0.1"}, + "status":{ + "capacity":{"cpu":"4"}, + "addresses":[{"type": "LegacyHostIP", "address":"127.0.0.1"}] + } + }, + { + "kind":"None", + "metadata":{"name":"127.0.0.2"}, + "status":{ + "capacity":{"cpu":"8"}, + "addresses":[ + {"type": "LegacyHostIP", "address":"127.0.0.2"}, + {"type": "another", "address":"127.0.0.3"} + ] + } + } + ], + "users":[ + { + "name": "myself", + "user": {} + }, + { + "name": "e2e", + "user": {"username": "admin", "password": "secret"} + } + ] +} +``` + +機能 | 説明 | 例 | 結果 +--------------------|---------------------------|-----------------------------------------------------------------|------------------ +`text` | プレーンテキスト | `kind is {.kind}` | `kind is List` +`@` | 現在のオブジェクト | `{@}` | 入力した値と同じ値 +`.` or `[]` | 子要素 | `{.kind}`, `{['kind']}` or `{['name\.type']}` | `List` +`..` | 子孫要素を再帰的に探す | `{..name}` | `127.0.0.1 127.0.0.2 myself e2e` +`*` | ワイルドカード。すべてのオブジェクトを取得する | `{.items[*].metadata.name}` | `[127.0.0.1 127.0.0.2]` +`[start:end:step]` | 添字 | `{.users[0].name}` | `myself` +`[,]` | 和集合 | `{.items[*]['metadata.name', 'status.capacity']}` | `127.0.0.1 127.0.0.2 map[cpu:4] map[cpu:8]` +`?()` | フィルター | `{.users[?(@.name=="e2e")].user.password}` | `secret` +`range`, `end` | リストの反復 | `{range .items[*]}[{.metadata.name}, {.status.capacity}] {end}` | `[127.0.0.1, map[cpu:4]] [127.0.0.2, map[cpu:8]]` +`''` | 解釈済みの文字列をクォートする | `{range .items[*]}{.metadata.name}{'\t'}{end}` | `127.0.0.1 127.0.0.2` + +`kubectl`とJSONPathの式を使った例: + +```shell +kubectl get pods -o json +kubectl get pods -o=jsonpath='{@}' +kubectl get pods -o=jsonpath='{.items[0]}' +kubectl get pods -o=jsonpath='{.items[0].metadata.name}' +kubectl get pods -o=jsonpath="{.items[*]['metadata.name', 'status.capacity']}" +kubectl get pods -o=jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.status.startTime}{"\n"}{end}' +``` + +{{< note >}} +Windowsでは、空白が含まれるJSONPathのテンプレートをクォートする場合は(上記のようにシングルクォーテーションを使うのではなく)、ダブルクォーテーションを使わなければなりません。 +また、テンプレート内のリテラルをクォートする際には、シングルクォーテーションか、エスケープされたダブルクォーテーションを使わなければなりません。例えば: + +```cmd +kubectl get pods -o=jsonpath="{range .items[*]}{.metadata.name}{'\t'}{.status.startTime}{'\n'}{end}" +kubectl get pods -o=jsonpath="{range .items[*]}{.metadata.name}{\"\t\"}{.status.startTime}{\"\n\"}{end}" +``` +{{< /note >}} + +{{< note >}} + +JSONPathの正規表現はサポートされていません。正規表現を利用した検索を行いたい場合は、`jq`のようなツールを使ってください。 + +```shell +# kubectlはJSONpathの出力として正規表現をサポートしていないので、以下のコマンドは動作しない +kubectl get pods -o jsonpath='{.items[?(@.metadata.name=~/^test$/)].metadata.name}' + +# 上のコマンドに期待される結果が欲しい場合、以下のコマンドを使うとよい +kubectl get pods -o json | jq -r '.items[] | select(.metadata.name | test("test-")).spec.containers[].image' +``` +{{< /note >}} diff --git a/content/ja/docs/reference/kubectl/overview.md b/content/ja/docs/reference/kubectl/overview.md index 71ce1844ec..2ddd60b62e 100644 --- a/content/ja/docs/reference/kubectl/overview.md +++ b/content/ja/docs/reference/kubectl/overview.md @@ -191,8 +191,8 @@ kubectl [command] [TYPE] [NAME] -o `-o custom-columns=` | [カスタムカラム](#custom-columns)のコンマ区切りのリストを使用して、テーブルを表示します。 `-o custom-columns-file=` | ``ファイル内の[カスタムカラム](#custom-columns)のテンプレートを使用して、テーブルを表示します。 `-o json` | JSON形式のAPIオブジェクトを出力します。 -`-o jsonpath=