From 3e6ebb348eac385ff7daa2c5ed62e5e806eb1a4c Mon Sep 17 00:00:00 2001 From: Qiming Teng Date: Mon, 11 Sep 2023 17:54:41 +0800 Subject: [PATCH] Fix stars in the generated configuration APIs The upstream source comments are not quite strict at using `*`s, `<`s or `>`s. These characters, when not enclosed in backtiqs, are interpreted as Markdown emphasize markers or HTML tags. Hacking the generator code is not the right solution. We should attempt to fix them in the source code instead. Before that, let's keep fixing the generated outputs manually. --- .../docs/reference/config-api/apiserver-audit.v1.md | 12 ++++++------ .../reference/config-api/apiserver-encryption.v1.md | 12 ++++++------ .../docs/reference/config-api/kubelet-config.v1.md | 12 ++++++------ .../reference/config-api/kubelet-config.v1beta1.md | 10 +++++----- .../config-api/kubelet-credentialprovider.v1.md | 12 ++++++------ .../kubelet-credentialprovider.v1alpha1.md | 12 ++++++------ .../config-api/kubelet-credentialprovider.v1beta1.md | 12 ++++++------ 7 files changed, 41 insertions(+), 41 deletions(-) diff --git a/content/en/docs/reference/config-api/apiserver-audit.v1.md b/content/en/docs/reference/config-api/apiserver-audit.v1.md index 4d36f5d2182..abab04f1bd2 100644 --- a/content/en/docs/reference/config-api/apiserver-audit.v1.md +++ b/content/en/docs/reference/config-api/apiserver-audit.v1.md @@ -325,9 +325,9 @@ The empty string represents the core API group.

For example: 'pods' matches pods. 'pods/log' matches the log subresource of pods. -'' matches all resources and their subresources. -'pods/' matches all subresources of pods. -'*/scale' matches all scale subresources.

+'*' matches all resources and their subresources. +'pods/*' matches all subresources of pods. +'*/scale' matches all scale subresources.

If wildcard is present, the validation rule will ensure resources do not overlap with each other.

An empty list implies all resources and subresources in this API groups apply.

@@ -501,10 +501,10 @@ An empty list implies every namespace.

NonResourceURLs is a set of URL paths that should be audited. -s are allowed, but only as the full, final step in the path. +*s are allowed, but only as the full, final step in the path. Examples: "/metrics" - Log requests for apiserver metrics -"/healthz" - Log all health checks

+"/healthz*" - Log all health checks

omitStages
@@ -552,4 +552,4 @@ Policy.OmitManagedFields will stand. - \ No newline at end of file + diff --git a/content/en/docs/reference/config-api/apiserver-encryption.v1.md b/content/en/docs/reference/config-api/apiserver-encryption.v1.md index ecc82b7db7c..148dc374e8c 100644 --- a/content/en/docs/reference/config-api/apiserver-encryption.v1.md +++ b/content/en/docs/reference/config-api/apiserver-encryption.v1.md @@ -20,8 +20,8 @@ auto_generated: true

EncryptionConfiguration stores the complete configuration for encryption providers. It also allows the use of wildcards to specify the resources that should be encrypted. -Use '.' to encrypt all resources within a group or '.' to encrypt all resources. -'.' can be used to encrypt all resource in the core group. '.' will encrypt all +Use '*.<group>' to encrypt all resources within a group or '*.*' to encrypt all resources. +'*.' can be used to encrypt all resource in the core group. '*.*' will encrypt all resources, even custom resources that are added after API server start. Use of wildcards that overlap within the same resource list or across multiple entries are not allowed since part of the configuration would be ineffective. @@ -283,9 +283,9 @@ Set to a negative value to disable caching. This field is only allowed for KMS v

resources is a list of kubernetes resources which have to be encrypted. The resource names are derived from resource or resource.group of the group/version/resource. eg: pandas.awesome.bears.example is a custom resource with 'group': awesome.bears.example, 'resource': pandas. -Use '.' to encrypt all resources and '.' to encrypt all resources in a specific group. -eg: '.awesome.bears.example' will encrypt all resources in the group 'awesome.bears.example'. -eg: '*.' will encrypt all resources in the core group (such as pods, configmaps, etc).

+Use '*.*' to encrypt all resources and '*.<group>' to encrypt all resources in a specific group. +eg: '*.awesome.bears.example' will encrypt all resources in the group 'awesome.bears.example'. +eg: '*.' will encrypt all resources in the core group (such as pods, configmaps, etc).

providers [Required]
@@ -325,4 +325,4 @@ Each key has to be 32 bytes long.

- \ No newline at end of file + diff --git a/content/en/docs/reference/config-api/kubelet-config.v1.md b/content/en/docs/reference/config-api/kubelet-config.v1.md index 407ce5f1a9d..cd7d676e072 100644 --- a/content/en/docs/reference/config-api/kubelet-config.v1.md +++ b/content/en/docs/reference/config-api/kubelet-config.v1.md @@ -81,9 +81,9 @@ to provide credentials. Images are expected to contain the registry domain and URL path.

Each entry in matchImages is a pattern which can optionally contain a port and a path. Globs can be used in the domain, but not in the port or the path. Globs are supported -as subdomains like '.k8s.io' or 'k8s..io', and top-level-domains such as 'k8s.'. -Matching partial subdomains like 'app.k8s.io' is also supported. Each glob can only match -a single subdomain segment, so *.io does not match *.k8s.io.

+as subdomains like '*.k8s.io' or 'k8s.*.io', and top-level-domains such as 'k8s.*'. +Matching partial subdomains like 'app*.k8s.io' is also supported. Each glob can only match +a single subdomain segment, so *.io does not match *.k8s.io.

A match exists between an image and a matchImage when all of the below are true: