kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'master' into fedCaveats

reviewable/pr2022/r4
Andrew Chen 2017-01-27 16:03:25 -08:00 committed by GitHub
parent b4f87d17df 2eb5430dea
commit acc078f17b
1727 changed files with 8051 additions and 118232 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.travis.yml
View File

@ -16,8 +16,10 @@ install:
- cp -r $GOPATH/src/k8s.io/kubernetes/vendor/* $GOPATH/src/
- rm -rf $GOPATH/src/k8s.io/kubernetes/vendor/*
- cp -r $GOPATH/src/k8s.io/kubernetes/staging/src/* $GOPATH/src/
- go get -v k8s.io/kubernetes/cmd/mungedocs
script:
- go test -v k8s.io/kubernetes.github.io/test
- $GOPATH/bin/md-check --root-dir=$HOME/gopath/src/k8s.io/kubernetes.github.io
- ./verify-docs-format.sh
- $GOPATH/bin/mungedocs --verbose --verify --upstream=origin --root-dir=$HOME/gopath/src/k8s.io/kubernetes.github.io/docs/ --repo-root=$HOME/gopath/src/k8s.io/kubernetes.github.io --skip-munges=remove-whitespace,blank-lines-surround-preformatted,header-lines,sync-examples,analytics,analytics,kubectl-dash-f,table-of-contents,md-links,kubectl-dash-f

2
Makefile
View File

@ -1,4 +1,4 @@
.PONY: all build build-preview help serve
.PHONY: all build build-preview help serve
help: ## Show this help.
@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)

5
_data/concepts.yml
View File

@ -2,7 +2,9 @@ bigheader: "Concepts"
abstract: "Detailed explanations of Kubernetes system concepts and abstractions."
toc:
- docs/concepts/index.md
- title: Kubectl Command Line
section:
- docs/concepts/tools/kubectl/object-management-overview.md
- title: Kubernetes Objects
section:
- docs/concepts/abstractions/overview.md
@ -10,7 +12,6 @@ toc:
- title: Controllers
section:
- docs/concepts/abstractions/controllers/statefulsets.md
- title: Object Metadata
section:
- docs/concepts/object-metadata/annotations.md

6
_data/guides.yml
View File

@ -8,6 +8,7 @@ toc:
- docs/whatisk8s.md
- docs/getting-started-guides/kubeadm.md
- docs/getting-started-guides/kops.md
- docs/getting-started-guides/kargo.md
- docs/hellonode.md
- docs/getting-started-guides/kubectl.md
- docs/getting-started-guides/binary_release.md
@ -92,7 +93,7 @@ toc:
- docs/user-guide/connecting-to-applications-proxy.md
- docs/user-guide/connecting-to-applications-port-forward.md
- title: Using Explorer to Examine the Runtime Environment
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/explorer
path: https://github.com/kubernetes/kubernetes/tree/release-1.5/examples/explorer
- title: Creating a Cluster
section:
@ -188,6 +189,7 @@ toc:
- docs/admin/disruptions.md
- docs/admin/resourcequota/index.md
- docs/admin/resourcequota/walkthrough.md
- docs/admin/resourcequota/limitstorageconsumption.md
- docs/admin/rescheduler.md
- docs/admin/sysctls.md
- docs/admin/cluster-components.md
@ -199,7 +201,7 @@ toc:
- docs/admin/networking.md
- docs/admin/dns.md
- title: Setting Up and Configuring DNS
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/cluster-dns
path: https://github.com/kubernetes/kubernetes/tree/release-1.5/examples/cluster-dns
- docs/admin/master-node-communication.md
- docs/admin/network-plugins.md
- docs/admin/static-pods.md

10
_data/reference.yml
View File

@ -188,13 +188,13 @@ toc:
- title: Kubernetes Design Docs
section:
- title: Kubernetes Architecture
path: https://github.com/kubernetes/kubernetes/blob/release-1.3/docs/design/architecture.md
path: https://github.com/kubernetes/kubernetes/blob/release-1.5/docs/design/architecture.md
- title: Kubernetes Design Overview
path: https://github.com/kubernetes/kubernetes/blob/release-1.3/docs/design/
path: https://github.com/kubernetes/kubernetes/blob/release-1.5/docs/design/
- title: Kubernetes Identity and Access Management
path: https://github.com/kubernetes/kubernetes/blob/release-1.3/docs/design/access.md
path: https://github.com/kubernetes/kubernetes/blob/release-1.5/docs/design/access.md
- docs/admin/ovs-networking.md
- title: Security Contexts
path: https://github.com/kubernetes/kubernetes/blob/release-1.3/docs/design/security_context.md
path: https://github.com/kubernetes/kubernetes/blob/release-1.5/docs/design/security_context.md
- title: Security in Kubernetes
path: https://github.com/kubernetes/kubernetes/blob/release-1.3/docs/design/security.md
path: https://github.com/kubernetes/kubernetes/blob/release-1.5/docs/design/security.md

52
_data/samples.yml
View File

@ -6,72 +6,70 @@ toc:
- title: Storage / Database / KV
section:
- title: Apache Cassandra Database
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/cassandra
path: https://github.com/kubernetes/kubernetes/tree/release-1.5/examples/storage/cassandra
- title: Ceph
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/rbd/
path: https://github.com/kubernetes/kubernetes/tree/release-1.5/examples/volumes/rbd/
- title: CephFS
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/cephfs/
path: https://github.com/kubernetes/kubernetes/tree/release-1.5/examples/volumes/cephfs/
- title: CockroachDB
path: https://github.com/kubernetes/kubernetes/tree/release-1.4/examples/cockroachdb/
- title: GlusterFS
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/glusterfs/
path: https://github.com/kubernetes/kubernetes/tree/release-1.5/examples/volumes/glusterfs/
- title: Hazelcast
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/hazelcast
path: https://github.com/kubernetes/kubernetes/tree/release-1.5/examples/storage/hazelcast
- title: iSCSI
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/iscsi/
path: https://github.com/kubernetes/kubernetes/tree/release-1.5/examples/volumes/iscsi/
- title: MySQL Galera
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/mysql-galera
path: https://github.com/kubernetes/kubernetes/tree/release-1.5/examples/storage/mysql-galera
- title: NFS
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/nfs/
path: https://github.com/kubernetes/kubernetes/tree/release-1.5/examples/volumes/nfs/
- title: Redis
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/redis/
path: https://github.com/kubernetes/kubernetes/tree/release-1.5/examples/storage/redis/
- title: RethinkDB
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/rethinkdb/
path: https://github.com/kubernetes/kubernetes/tree/release-1.5/examples/storage/rethinkdb/
- title: Vitess
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/vitess/
path: https://github.com/kubernetes/kubernetes/tree/release-1.5/examples/storage/vitess/
- title: Big Data
section:
- title: Apache Spark
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/spark
path: https://github.com/kubernetes/kubernetes/tree/release-1.5/examples/spark
- title: Apache Storm
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/storm
path: https://github.com/kubernetes/kubernetes/tree/release-1.5/examples/storm
- title: Messaging / Queueing
section:
- title: Celery + RabbitMQ
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/celery-rabbitmq
- title: Hazelcast
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/hazelcast
path: https://github.com/kubernetes/kubernetes/tree/release-1.5/examples/storage/hazelcast
- title: Miscellaneous
section:
- title: Meteor Applications
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/meteor/
path: https://github.com/kubernetes/kubernetes/tree/release-1.5/examples/meteor/
- title: OpenShift Origin
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/openshift-origin/
path: https://github.com/kubernetes/kubernetes/tree/release-1.5/examples/openshift-origin/
- title: Selenium
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/selenium/
path: https://github.com/kubernetes/kubernetes/tree/release-1.5/examples/selenium/
- title: Monitoring and Logging
section:
- title: Elasticsearch
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/elasticsearch/
path: https://github.com/kubernetes/kubernetes/tree/release-1.5/examples/elasticsearch/
- title: NewRelic
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/newrelic
path: https://github.com/kubernetes/kubernetes/tree/release-1.5/examples/newrelic
- title: Multi-tier Applications
section:
- title: Guestbook - Go Server
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/guestbook-go/
path: https://github.com/kubernetes/kubernetes/tree/release-1.5/examples/guestbook-go/
- title: GuestBook - PHP Server
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/guestbook/
path: https://github.com/kubernetes/kubernetes/tree/release-1.5/examples/guestbook/
- docs/getting-started-guides/meanstack.md
- title: MySQL + Wordpress
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/mysql-wordpress-pd/
path: https://github.com/kubernetes/kubernetes/tree/release-1.5/examples/mysql-wordpress-pd/
- title: MySQL + Phabricator Server
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/phabricator/
path: https://github.com/kubernetes/kubernetes/tree/release-1.5/examples/phabricator/
- title: Nodejs + Mongo
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/nodesjs-mongodb
path: https://github.com/kubernetes/kubernetes/tree/release-1.5/examples/nodesjs-mongodb
- title: Petstore
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/k8petstore/
path: https://github.com/kubernetes/kubernetes/tree/release-1.5/examples/k8petstore/

23
_data/support.yml
View File

@ -3,17 +3,6 @@ abstract: "Troubleshooting resources, frequently asked questions, and community
toc:
- docs/troubleshooting.md
- title: Contributing to the Kubernetes Docs
section:
- editdocs.md
- docs/contribute/create-pull-request.md
- docs/contribute/write-new-topic.md
- docs/contribute/stage-documentation-changes.md
- docs/contribute/page-templates.md
- docs/contribute/review-issues.md
- docs/contribute/style-guide.md
- title: Troubleshooting
section:
- docs/user-guide/debugging-pods-and-replication-controllers.md
@ -31,6 +20,16 @@ toc:
- title: Services FAQ
path: https://github.com/kubernetes/kubernetes/wiki/Services-FAQ/
- title: Contributing to the Kubernetes Docs
section:
- editdocs.md
- docs/contribute/create-pull-request.md
- docs/contribute/write-new-topic.md
- docs/contribute/stage-documentation-changes.md
- docs/contribute/page-templates.md
- docs/contribute/review-issues.md
- docs/contribute/style-guide.md
- title: Other Resources
section:
- title: Kubernetes Issue Tracker on GitHub
@ -40,6 +39,6 @@ toc:
path: https://github.com/kubernetes/kubernetes/releases/
- title: Release Roadmap
path: https://github.com/kubernetes/kubernetes/milestones/
- title: Deprecation Policy
path: /docs/deprecation-policy.md

2
_data/tasks.yml
View File

@ -1,5 +1,5 @@
bigheader: "Tasks"
abstract: "Step-by-step instructions for performing operations with Kuberentes."
abstract: "Step-by-step instructions for performing operations with Kubernetes."
toc:
- docs/tasks/index.md

2
_data/tools.yml
View File

@ -7,6 +7,8 @@ toc:
section:
- title: Kubectl
path: /docs/user-guide/kubectl/
- title: Kubeadm
path: /docs/getting-started-guides/kubeadm
- title: Kubefed
path: /docs/admin/federation/kubefed/
- title: Kubernetes Dashboard

3
_data/tutorials.yml
View File

@ -41,6 +41,9 @@ toc:
- docs/tutorials/stateful-application/run-stateful-application.md
- docs/tutorials/stateful-application/run-replicated-stateful-application.md
- docs/tutorials/stateful-application/zookeeper.md
- title: Connecting Applications
section:
- docs/tutorials/connecting-apps/connecting-frontend-backend.md
- title: Services
section:
- docs/tutorials/services/source-ip.md

313
_includes/case-study-styles.html
View File

@ -1,313 +0,0 @@
<style>
#caseStudyTitle {
margin-top: 1em !important;
}
.gridPage p {
color: rgb(26,26,26) !important;
margin-left: 0 !important;
padding-left: 0 !important;
font-weight: 300 !important;
}
.gridPage #mainContent {
padding: 0;
}
.gridPage #mainContent .content {
padding-top: 0;
}
.gridPage main {
max-width: 1100px !important;
}
.gridPage .content {
position: relative;
margin: 0 auto 50px;
max-width: 90%;
}
.gridPage .content p {
line-height: 24px !important;
}
.gridPage .content h3 {
padding: 0 !important;
}
.gridPage #hero h5 {
padding-left: 20px;
margin: 0;
}
.case-studies {
position: relative;
display: flex;
justify-content: space-between;
flex-wrap: wrap;
margin-top: 50px;
}
.case-study {
position: relative;
width: 50%;
padding: 0 40px 0 242px;
margin-bottom: 60px;
min-height: 152px;
}
.case-study:nth-child(3), .case-study:nth-child(4) {
margin-bottom: 0;
}
.case-study img {
position: absolute;
top: 0;
left: 0;
}
.gridPage #mainContent .content .case-study p {
font-family: "Roboto", sans-serif;
font-size: 16px;
padding: 0;
}
p.attrib {
font-style: italic;
}
.gridPage #video {
background: #f9f9f9;
height: auto;
/*height: 340px;*/
}
.gridPage #video main {
position: relative;
max-width: 900px !important;
height: 100%;
display: flex;
justify-content: center;
align-items: center;
padding: 50px 20px;
}
.gridPage #video main > div {
width: 50%;
}
.gridPage #video main #zulilyLogo {
width: 100px;
}
.gridPage #video main img {
max-width: 100%;
}
.gridPage #video h3 {
font-size: 32px;
font-weight: 300;
line-height: 38px;
max-width: 80%;
margin: 0 0 1em 0;
}
.gridPage #video p {
margin: 0;
}
.gridPage #video p.attrib {
margin-bottom: 20px;
}
.gridPage #video button > h6 {
font-size: 18px;
font-weight: 500;
margin: 1em 0;
color: #326de6;
}
.gridPage #users {
padding: 50px;
}
.gridPage #users main {
max-width: 1150px !important;
}
.gridPage #users main h3 {
padding-left: 20px;
margin-bottom: 20px;
}
.gridPage #usersGrid {
position: relative;
display: flex;
flex-wrap: wrap;
justify-content: center;
}
.gridPage #usersGrid a {
display: inline-block;
margin: 5px;
}
.gridPage #usersGrid a img {
box-shadow: 1px 1px 2px transparent;
transition: box-shadow 0.25s;
}
.gridPage #usersGrid a img:hover {
box-shadow: 1px 1px 2px #cccccc;
}
.gridPage #usersGrid a:last-child img,
.gridPage #usersGrid a:last-child img:hover {
box-shadow: 1px 1px 2px transparent;
}
.tell-your-story {
border: 1px solid #dddddd;
border-radius: 6px;
box-shadow: 1px 2px 2px #dddddd;
}
.gridPage .feature {
position: relative;
padding: 20px 0 20px 242px;
}
.gridPage .feature img {
position: absolute;
top: 20px;
left: 0;
}
section.bullets {
background-color: #eeeeee;
margin-bottom: 50px;
}
section.bullets main {
position: relative;
max-width: 1100px;
padding: 50px 0;
}
section.bullets .content {
position: relative;
display: flex;
flex-wrap: wrap;
margin-bottom: 0 !important;
}
.bullet {
position: relative;
width: 50%;
padding: 15px 30px;
}
.bullet h4 {
margin-bottom: 0.5em;
}
.bullet li {
margin-left: 1.25em;
list-style: disc;
font-weight: 300;
color: rgb(26,26,26);
line-height: 1.5em;
margin-bottom: 0.5em;
}
.details h4, p {
margin-bottom: 0.5em;
}
.gridPage .feature p.quote {
font-size: 20px;
line-height: 28px !important;
}
@media screen and (max-width: 1024px){
.case-study {
padding: 0 10%;
margin-bottom: 50px;
}
.case-study img {
position: relative;
}
.case-study p.quote {
margin-top: 20px !important;
}
.case-study p.attrib {
font-style: italic;
}
}
@media screen and (max-width: 900px){
.gridPage #video main {
flex-direction: column;
align-items: center;
}
.gridPage #video main > div {
width: 400px;
}
.gridPage #video main > div + div {
margin-top: 30px;
}
.gridPage #video h3 {
max-width: 100%;
}
}
@media screen and (max-width: 640px){
.case-study {
width: 100%;
}
.case-study:nth-child(3) {
margin-bottom: 60px;
}
.case-study img {
left: 50%;
transform: translateX(-50%);
}
.gridPage .feature {
margin-top: 50px;
padding: 180px 0 0;
}
.gridPage .feature img {
top: 0;
left: 50%;
transform: translateX(-50%);
}
}
@media screen and (max-width: 480px){
.gridPage #hero {
padding-right: 20px;
padding-left: 20px;
}
.gridPage #video main > div {
width: 80%;
min-width: 280px;
}
.bullet {
width: 100%;
}
}
</style>

19
_includes/code.html
View File

@ -7,5 +7,20 @@
```
{: id="{{include.file | handleize}}"}
{% endcapture %}
<table class="includecode"><thead><tr><th>{% if ghlink %}<a href="{{ghlink}}" download="{{include.file}}">{% endif %}<code>{{include.file}}</code></a><img src="/images/copycode.svg" style="max-height:24px" onClick="copyCode('{{include.file | handleize}}')" title="Copy {{include.file}} to clipboard"></th></tr></thead>
<tr><td>{{ mysample | markdownify }}</td></tr></table>
<table class="includecode">
<thead>
<tr>
<th>
{% if ghlink %}<a href="{{ghlink}}" download="{{include.file}}">{% endif %}
<code>{{include.file}}</code>
{% if ghlink %}</a>{% endif %}
<img src="/images/copycode.svg" style="max-height:24px" onClick="copyCode('{{include.file | handleize}}')" title="Copy {{include.file}} to clipboard">
</th>
</tr>
</thead>
<tbody>
<tr>
<td>{{ mysample | markdownify }}</td>
</tr>
</tbody>
</table>

53
_includes/footer-scripts.html Normal file
View File

@ -0,0 +1,53 @@
<button class="flyout-button" onclick="kub.toggleToc()"></button>
<style>
.cse .gsc-control-cse, .gsc-control-cse, {
padding: 0;
}
.gsc-control-cse table, .gsc-control-cse-en table {
margin:0px !important;
}
.gsc-above-wrapper-area {
border-bottom: 0;
}
</style>
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-36037335-10', 'auto');
ga('send', 'pageview');
// hide docs nav area if no nav is present, or if nav only contains a link to the current page
(function () {
window.addEventListener('DOMContentLoaded', init)
// play nice with our neighbors
function init() {
window.removeEventListener('DOMContentLoaded', init)
hideNav()
}
function hideNav(toc){
if (!toc) toc = document.querySelector('#docsToc')
var container = toc.querySelector('.container')
// container is built dynamically, so it may not be present on the first runloop
if (container) {
if (container.childElementCount === 0 || toc.querySelectorAll('a.item').length === 1) {
toc.style.display = 'none'
document.getElementById('docsContent').style.width = '100%'
}
} else {
requestAnimationFrame(function () {
hideNav(toc)
})
}
}
})();
</script>
<!-- Commenting out AnswerDash for now; we need to work on our list of questions/answers/design first
<!-- Start of AnswerDash script <script>var AnswerDash;!function(e,t,n,s,a){if(!t.getElementById(s)){var i,r=t.createElement(n),c=t.getElementsByTagName(n)[0];e[a]||(i=e[a]=function(){i.__oninit.push(arguments)},i.__oninit=[]),r.type="text/javascript",r.async=!0,r.src="https://p1.answerdash.com/answerdash.min.js?siteid=756",r.setAttribute("id",s),c.parentNode.insertBefore(r,c)}}(window,document,"script","answerdash-script","AnswerDash");</script> <!-- End of AnswerDash script -->

74
_includes/head-header.html
View File

@ -1,74 +0,0 @@
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="shortcut icon" type="image/png" href="/images/favicon.png">
<link href='https://fonts.googleapis.com/css?family=Roboto:400,100,100italic,300,300italic,400italic,500,500italic,700,700italic,900,900italic' rel='stylesheet' type='text/css'>
<link rel="stylesheet" href='https://fonts.googleapis.com/css?family=Roboto+Mono' type='text/css'>
<link rel="stylesheet" href="/css/styles.css"/>
<link rel="stylesheet" href="/css/jquery-ui.min.css">
<link rel="stylesheet" href="/css/sweetalert.css">
<script src="/js/jquery-2.2.0.min.js"></script>
<script src="/js/jquery-ui.min.js"></script>
<script src="/js/script.js"></script>
<script src="/js/sweetalert.min.js"></script>
<script src="/js/bootstrap.min.js"></script>
{% seo %}
</head>
<body>
<div id="cellophane" onclick="kub.toggleMenu()"></div>
<header>
<a href="/" class="logo"></a>
<div class="nav-buttons" data-auto-burger="primary">
<ul class="global-nav">
<li><a href="/docs/">Documentation</a></li>
<li><a href="http://blog.kubernetes.io/">Blog</a></li>
<li><a href="/partners/">Partners</a></li>
<li><a href="/community/">Community</a></li>
<li><a href="/case-studies/">Case Studies</a></li>
</ul>
<!-- <a href="/docs/" class="button" id="viewDocs" data-auto-burger-exclude>View Documentation</a> -->
<a href="/docs/tutorials/kubernetes-basics/" class="button" id="tryKubernetes" data-auto-burger-exclude>Try Kubernetes</a>
<button id="hamburger" onclick="kub.toggleMenu()" data-auto-burger-exclude><div></div></button>
</div>
<nav id="mainNav">
<main data-auto-burger="primary">
<div class="nav-box">
<h3><a href="/docs/hellonode/">Get Started</a></h3>
<p>Ready to get your hands dirty? Build a simple Kubernetes cluster that runs "Hello World" for Node.js.</p>
</div>
<div class="nav-box">
<h3><a href="/docs/">Documentation</a></h3>
<p>Learn how to use Kubernetes with the use of walkthroughs, samples, and reference documentation. You can even <a href="/editdocs/" data-auto-burger-exclude>help contribute to the docs</a>!</p>
</div>
<div class="nav-box">
<h3><a href="/community/">Community</a></h3>
<p>If you need help, you can connect with other Kubernetes users and the Kubernetes authors, attend community events, and watch video presentations from around the web.</p>
</div>
<div class="nav-box">
<h3><a href="http://blog.kubernetes.io">Blog</a></h3>
<p>Read the latest news for Kubernetes and the containers space in general, and get technical how-tos hot off the presses.</p>
</div>
</main>
<main data-auto-burger="primary">
<div class="left">
<h5 class="github-invite">Interested in hacking on the core Kubernetes code base?</h5>
<a href="https://github.com/kubernetes/kubernetes" class="button" data-auto-burger-exclude>View On Github</a>
</div>
<div class="right">
<h5 class="github-invite">Explore the community</h5>
<div class="social">
<a href="https://twitter.com/kubernetesio" class="twitter"><span>Twitter</span></a>
<a href="https://github.com/kubernetes/kubernetes" class="github"><span>Github</span></a>
<a href="http://slack.k8s.io/" class="slack"><span>Slack</span></a>
<a href="http://stackoverflow.com/questions/tagged/kubernetes" class="stack-overflow"><span>Stack Overflow</span></a>
<a href="https://groups.google.com/forum/#!forum/kubernetes-users" class="mailing-list"><span>Mailing List</span></a>
<a href="https://calendar.google.com/calendar/embed?src=nt2tcnbtbied3l6gi2h29slvc0%40group.calendar.google.com" class="calendar"><span>Events Calendar</span></a>
</div>
</div>
<div class="clear" style="clear: both"></div>
</main>
</nav>
</header>

17
_includes/head.html Normal file
View File

@ -0,0 +1,17 @@
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="shortcut icon" type="image/png" href="/images/favicon.png">
<link href='https://fonts.googleapis.com/css?family=Roboto:400,100,100italic,300,300italic,400italic,500,500italic,700,700italic,900,900italic' rel='stylesheet' type='text/css'>
<link rel="stylesheet" href='https://fonts.googleapis.com/css?family=Roboto+Mono' type='text/css'>
<link rel="stylesheet" href="/css/styles.css"/>
<link rel="stylesheet" href="/css/jquery-ui.min.css">
<link rel="stylesheet" href="/css/sweetalert.css">
{% if page.class == "gridPage" %}<link rel="stylesheet" href="/css/gridpage.css">{% endif %}
<script src="/js/jquery-2.2.0.min.js"></script>
<script src="/js/jquery-ui.min.js"></script>
<script src="/js/script.js"></script>
<script src="/js/sweetalert.min.js"></script>
<script src="/js/bootstrap.min.js"></script>
{% seo %}
</head>

58
_includes/header.html Normal file
View File

@ -0,0 +1,58 @@
<div id="cellophane" onclick="kub.toggleMenu()"></div>
<header>
<a href="/" class="logo"></a>
<div class="nav-buttons" data-auto-burger="primary">
<ul class="global-nav">
<li><a href="/docs/">Documentation</a></li>
<li><a href="http://blog.kubernetes.io/">Blog</a></li>
<li><a href="/partners/">Partners</a></li>
<li><a href="/community/">Community</a></li>
<li><a href="/case-studies/">Case Studies</a></li>
</ul>
<!-- <a href="/docs/" class="button" id="viewDocs" data-auto-burger-exclude>View Documentation</a> -->
<a href="/docs/tutorials/kubernetes-basics/" class="button" id="tryKubernetes" data-auto-burger-exclude>Try Kubernetes</a>
<button id="hamburger" onclick="kub.toggleMenu()" data-auto-burger-exclude><div></div></button>
</div>
<nav id="mainNav">
<main data-auto-burger="primary">
<div class="nav-box">
<h3><a href="/docs/hellonode/">Get Started</a></h3>
<p>Ready to get your hands dirty? Build a simple Kubernetes cluster that runs "Hello World" for Node.js.</p>
</div>
<div class="nav-box">
<h3><a href="/docs/">Documentation</a></h3>
<p>Learn how to use Kubernetes with the use of walkthroughs, samples, and reference documentation. You can even <a href="/editdocs/" data-auto-burger-exclude>help contribute to the docs</a>!</p>
</div>
<div class="nav-box">
<h3><a href="/community/">Community</a></h3>
<p>If you need help, you can connect with other Kubernetes users and the Kubernetes authors, attend community events, and watch video presentations from around the web.</p>
</div>
<div class="nav-box">
<h3><a href="http://blog.kubernetes.io">Blog</a></h3>
<p>Read the latest news for Kubernetes and the containers space in general, and get technical how-tos hot off the presses.</p>
</div>
</main>
<main data-auto-burger="primary">
<div class="left">
<h5 class="github-invite">Interested in hacking on the core Kubernetes code base?</h5>
<a href="https://github.com/kubernetes/kubernetes" class="button" data-auto-burger-exclude>View On Github</a>
</div>
<div class="right">
<h5 class="github-invite">Explore the community</h5>
<div class="social">
<a href="https://twitter.com/kubernetesio" class="twitter"><span>Twitter</span></a>
<a href="https://github.com/kubernetes/kubernetes" class="github"><span>Github</span></a>
<a href="http://slack.k8s.io/" class="slack"><span>Slack</span></a>
<a href="http://stackoverflow.com/questions/tagged/kubernetes" class="stack-overflow"><span>Stack Overflow</span></a>
<a href="https://groups.google.com/forum/#!forum/kubernetes-users" class="mailing-list"><span>Mailing List</span></a>
<a href="https://calendar.google.com/calendar/embed?src=nt2tcnbtbied3l6gi2h29slvc0%40group.calendar.google.com" class="calendar"><span>Events Calendar</span></a>
</div>
</div>
<div class="clear" style="clear: both"></div>
</main>
</nav>
</header>

2
_includes/templates/concept.md
View File

@ -24,7 +24,7 @@
{% if whatsnext %}
### What's next
## What's next
{{ whatsnext }}

4
_includes/templates/task.md
View File

@ -15,7 +15,7 @@
{% if prerequisites %}
### Before you begin
## Before you begin
{{ prerequisites }}
@ -48,7 +48,7 @@
{% if whatsnext %}
### What's next
## What's next
{{ whatsnext }}

8
_includes/templates/tutorial.md
View File

@ -15,7 +15,7 @@
{% if objectives %}
### Objectives
## Objectives
{{ objectives }}
@ -28,7 +28,7 @@
{% if prerequisites %}
### Before you begin
## Before you begin
{{ prerequisites }}
@ -52,7 +52,7 @@
{% if cleanup %}
### Cleaning up
## Cleaning up
{{ cleanup }}
@ -61,7 +61,7 @@
{% if whatsnext %}
### What's next
## What's next
{{ whatsnext }}

15
_layouts/basic.html Normal file
View File

@ -0,0 +1,15 @@
<!DOCTYPE html>
<html id="{{ page.cid }}" lang="en" class="{{ page.class }}">
{% include head.html %}
<body>
{% include header.html %}
{{ content }}
{% include footer.html %}
{% include footer-scripts.html %}
</body>
</html>

59
_layouts/docwithnav.html
View File

@ -10,7 +10,11 @@
<!Doctype html>
<html id="docs" class="{{ toc.bigheader }}">
{% include head-header.html %}
{% include head.html %}
<body>
{% include header.html %}
<!-- HERO -->
<section id="hero" class="light-text">
@ -43,6 +47,7 @@
</div> <!-- /pi-accordion -->
<button class="push-menu-close-button" onclick="kub.toggleToc()"></button>
</div> <!-- /docsToc -->
<div id="docsContent">
<p><a href="/editdocs#{{ page.path }}" id="editPageButton">Edit This Page</a></p>
@ -71,57 +76,7 @@
</section>
{% include_cached footer.html %}
{% include footer-scripts.html %}
<button class="flyout-button" onclick="kub.toggleToc()"></button>
<style>
.cse .gsc-control-cse, .gsc-control-cse, {
padding: 0;
}
.gsc-control-cse table, .gsc-control-cse-en table {
margin:0px !important;
}
.gsc-above-wrapper-area {
border-bottom: 0;
}
</style>
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-36037335-10', 'auto');
ga('send', 'pageview');
// hide docs nav area if no nav is present, or if nav only contains a link to the current page
(function () {
window.addEventListener('DOMContentLoaded', init)
// play nice with our neighbors
function init() {
window.removeEventListener('DOMContentLoaded', init)
hideNav()
}
function hideNav(toc){
if (!toc) toc = document.querySelector('#docsToc')
var container = toc.querySelector('.container')
// container is built dynamically, so it may not be present on the first runloop
if (container) {
if (container.childElementCount === 0 || toc.querySelectorAll('a.item').length === 1) {
toc.style.display = 'none'
document.getElementById('docsContent').style.width = '100%'
}
} else {
requestAnimationFrame(function () {
hideNav(toc)
})
}
}
})();
</script>
<!-- Commenting out AnswerDash for now; we need to work on our list of questions/answers/design first
<!-- Start of AnswerDash script <script>var AnswerDash;!function(e,t,n,s,a){if(!t.getElementById(s)){var i,r=t.createElement(n),c=t.getElementsByTagName(n)[0];e[a]||(i=e[a]=function(){i.__oninit.push(arguments)},i.__oninit=[]),r.type="text/javascript",r.async=!0,r.src="https://p1.answerdash.com/answerdash.min.js?siteid=756",r.setAttribute("id",s),c.parentNode.insertBefore(r,c)}}(window,document,"script","answerdash-script","AnswerDash");</script> <!-- End of AnswerDash script -->
</body>
</html>

12
case-studies/index.html
View File

@ -1,11 +1,10 @@
---
title: Case Studies
layout: basic
class: gridPage
cid: caseStudies
---
<!Doctype html>
<html id="caseStudies" class="gridPage">
{% include head-header.html %}
<section id="hero" class="light-text">
<h1>Kubernetes User Case Studies</h1>
<h5>A collection of users running Kubernetes in production.</h5>
@ -98,8 +97,3 @@ title: Case Studies
<iframe data-url="https://www.youtube.com/embed/4gyeixJLabo?autoplay=1" frameborder="0" allowfullscreen></iframe>
<button id="closeButton"></button>
</div>
{% include footer.html %}
{% include case-study-styles.html %}
</body>
</html>

13
case-studies/pearson.html
View File

@ -1,11 +1,10 @@
---
title: Pearson Case Study
layout: basic
class: gridPage
cid: caseStudies
---
<!Doctype html>
<html id="caseStudies" class="gridPage">
{% include head-header.html %}
<section id="hero" class="light-text">
<h1> Pearson Case Study</h1>
</section>
@ -80,9 +79,3 @@ title: Pearson Case Study
</div>
</main>
</section>
{% include footer.html %}
{% include case-study-styles.html %}
</body>
</html>

13
case-studies/wikimedia.html
View File

@ -1,11 +1,10 @@
---
title: Wikimedia Case Study
layout: basic
class: gridPage
cid: caseStudies
---
<!Doctype html>
<html id="caseStudies" class="gridPage">
{% include head-header.html %}
<section id="hero" class="light-text">
<h1> Wikimedia Case Study</h1>
</section>
@ -95,9 +94,3 @@ title: Wikimedia Case Study
</div>
</main>
</section>
{% include footer.html %}
{% include case-study-styles.html %}
</body>
</html>

18
community.html → community/index.html
View File

@ -1,13 +1,11 @@
---
title: Community
layout: basic
cid: community
---
<!Doctype html>
<html id="community">
{% include head-header.html %}
<section id="hero" class="light-text">
<h1>Community</h1>
<h1>Community</h1>
</section>
<section id="mainContent">
@ -19,9 +17,12 @@ title: Community
community meeting takes place via video conference to discuss the state of affairs,
<a href="https://groups.google.com/forum/#!forum/kubernetes-community-video-chat">get a calendar invite</a>
to participate.</p>
<p>You can also join Kubernauts all around the world through our
<a href="https://www.meetup.com/topics/kubernetes/">Kubernetes Meetup Community</a> and the
<a href="https://www.meetup.com/Kubernetes-Cloud-Native-Online-Meetup/">Kubernetes Cloud Native Meetup Community</a>.</p>
</div>
<div class="content">
<h3>SIGs</h3>
<h3>Special Interest Groups (SIGs)</h3>
<p>Have a special interest in how Kubernetes works with another technology? See our ever growing
<a href="https://github.com/kubernetes/kubernetes/wiki/Special-Interest-Groups-(SIGs)">lists of SIGs</a>,
from AWS and Openstack to Big Data and Scalability, there's a place for you to contribute and instructions
@ -61,8 +62,3 @@ title: Community
</div>
</main>
</section>
{% include footer.html %}
</body>
</html>

310
css/gridpage.css Normal file
View File

@ -0,0 +1,310 @@
#caseStudyTitle {
margin-top: 1em !important;
}
.gridPage p {
color: rgb(26,26,26) !important;
margin-left: 0 !important;
padding-left: 0 !important;
font-weight: 300 !important;
}
.gridPage #mainContent {
padding: 0;
}
.gridPage #mainContent .content {
padding-top: 0;
}
.gridPage main {
max-width: 1100px !important;
}
.gridPage .content {
position: relative;
margin: 0 auto 50px;
max-width: 90%;
}
.gridPage .content p {
line-height: 24px !important;
}
.gridPage .content h3 {
padding: 0 !important;
}
.gridPage #hero h5 {
padding-left: 20px;
margin: 0;
}
.case-studies {
position: relative;
display: flex;
justify-content: space-between;
flex-wrap: wrap;
margin-top: 50px;
}
.case-study {
position: relative;
width: 50%;
padding: 0 40px 0 242px;
margin-bottom: 60px;
min-height: 152px;
}
.case-study:nth-child(3), .case-study:nth-child(4) {
margin-bottom: 0;
}
.case-study img {
position: absolute;
top: 0;
left: 0;
}
.gridPage #mainContent .content .case-study p {
font-family: "Roboto", sans-serif;
font-size: 16px;
padding: 0;
}
p.attrib {
font-style: italic;
}
.gridPage #video {
background: #f9f9f9;
height: auto;
/*height: 340px;*/
}
.gridPage #video main {
position: relative;
max-width: 900px !important;
height: 100%;
display: flex;
justify-content: center;
align-items: center;
padding: 50px 20px;
}
.gridPage #video main > div {
width: 50%;
}
.gridPage #video main #zulilyLogo {
width: 100px;
}
.gridPage #video main img {
max-width: 100%;
}
.gridPage #video h3 {
font-size: 32px;
font-weight: 300;
line-height: 38px;
max-width: 80%;
margin: 0 0 1em 0;
}
.gridPage #video p {
margin: 0;
}
.gridPage #video p.attrib {
margin-bottom: 20px;
}
.gridPage #video button > h6 {
font-size: 18px;
font-weight: 500;
margin: 1em 0;
color: #326de6;
}
.gridPage #users {
padding: 50px;
}
.gridPage #users main {
max-width: 1150px !important;
}
.gridPage #users main h3 {
padding-left: 20px;
margin-bottom: 20px;
}
.gridPage #usersGrid {
position: relative;
display: flex;
flex-wrap: wrap;
justify-content: center;
}
.gridPage #usersGrid a {
display: inline-block;
margin: 5px;
}
.gridPage #usersGrid a img {
box-shadow: 1px 1px 2px transparent;
transition: box-shadow 0.25s;
}
.gridPage #usersGrid a img:hover {
box-shadow: 1px 1px 2px #cccccc;
}
.gridPage #usersGrid a:last-child img,
.gridPage #usersGrid a:last-child img:hover {
box-shadow: 1px 1px 2px transparent;
}
.tell-your-story {
border: 1px solid #dddddd;
border-radius: 6px;
box-shadow: 1px 2px 2px #dddddd;
}
.gridPage .feature {
position: relative;
padding: 20px 0 20px 242px;
}
.gridPage .feature img {
position: absolute;
top: 20px;
left: 0;
}
section.bullets {
background-color: #eeeeee;
margin-bottom: 50px;
}
section.bullets main {
position: relative;
max-width: 1100px;
padding: 50px 0;
}
section.bullets .content {
position: relative;
display: flex;
flex-wrap: wrap;
margin-bottom: 0 !important;
}
.bullet {
position: relative;
width: 50%;
padding: 15px 30px;
}
.bullet h4 {
margin-bottom: 0.5em;
}
.bullet li {
margin-left: 1.25em;
list-style: disc;
font-weight: 300;
color: rgb(26,26,26);
line-height: 1.5em;
margin-bottom: 0.5em;
}
.details h4, p {
margin-bottom: 0.5em;
}
.gridPage .feature p.quote {
font-size: 20px;
line-height: 28px !important;
}
@media screen and (max-width: 1024px){
.case-study {
padding: 0 10%;
margin-bottom: 50px;
}
.case-study img {
position: relative;
}
.case-study p.quote {
margin-top: 20px !important;
}
.case-study p.attrib {
font-style: italic;
}
}
@media screen and (max-width: 900px){
.gridPage #video main {
flex-direction: column;
align-items: center;
}
.gridPage #video main > div {
width: 400px;
}
.gridPage #video main > div + div {
margin-top: 30px;
}
.gridPage #video h3 {
max-width: 100%;
}
}
@media screen and (max-width: 640px){
.case-study {
width: 100%;
}
.case-study:nth-child(3) {
margin-bottom: 60px;
}
.case-study img {
left: 50%;
transform: translateX(-50%);
}
.gridPage .feature {
margin-top: 50px;
padding: 180px 0 0;
}
.gridPage .feature img {
top: 0;
left: 50%;
transform: translateX(-50%);
}
}
@media screen and (max-width: 480px){
.gridPage #hero {
padding-right: 20px;
padding-left: 20px;
}
.gridPage #video main > div {
width: 80%;
min-width: 280px;
}
.bullet {
width: 100%;
}
}

150
docs/admin/authentication.md
View File

@ -29,9 +29,9 @@ stored as `Secrets`, which are mounted into pods allowing in cluster processes
to talk to the Kubernetes API.
API requests are tied to either a normal user or a service account, or are treated
as anonymous requests. This means every process inside or outside the cluster, from
a human user typing `kubectl` on a workstation, to `kubelets` on nodes, to members
of the control plane, must authenticate when making requests to the API server,
as anonymous requests. This means every process inside or outside the cluster, from
a human user typing `kubectl` on a workstation, to `kubelets` on nodes, to members
of the control plane, must authenticate when making requests to the API server,
or be treated as an anonymous user.
## Authentication strategies
@ -58,7 +58,7 @@ When multiple are enabled, the first authenticator module
to successfully authenticate the request short-circuits evaluation.
The API server does not guarantee the order authenticators run in.
The `system:authenticated` group is included in the list of groups for all authenticated users.
The `system:authenticated` group is included in the list of groups for all authenticated users.
### X509 Client Certs
@ -116,10 +116,11 @@ authentication is currently supported for convenience while we finish making the
more secure modes described above easier to use.
The basic auth file format is implemented in `plugin/pkg/auth/authenticator/password/passwordfile/...`
and is a csv file with 3 columns: password, user name, user id.
and is a csv file with a minimum of 3 columns: password, user name, user id, followed by
optional group names. Note, if you have more than one group the column must be double quoted e.g.
```conf
password,user,uid
password,user,uid,"group1,group2,group3"
```
When using basic authentication from an http client, the API server expects an `Authorization` header
@ -222,44 +223,121 @@ from the OAuth2 [token response](https://openid.net/specs/openid-connect-core-1_
as a bearer token. See [above](#putting-a-bearer-token-in-a-request) for how the token
is included in a request.
To enable the plugin, pass the following required flags:
![Kubernetes OpenID Connect Flow](/images/docs/admin/k8s_oidc_login.svg)
* `--oidc-issuer-url` URL of the provider which allows the API server to discover
public signing keys. Only URLs which use the `https://` scheme are accepted. This is typically
the provider's URL without a path, for example "https://accounts.google.com" or "https://login.salesforce.com".
1. Login to your identity provider
2. Your identity provider will provide you with an `access_token`, `id_token` and a `refresh_token`
3. When using `kubectl`, use your `id_token` with the `--token` flag or add it directly to your `kubeconfig`
4. `kubectl` sends your `id_token` in a header called Authorization to the API server
5. The API server will make sure the JWT signature is valid by checking against the certificate named in the configuration
6. Check to make sure the `id_token` hasn't expired
7. Make sure the user is authorized
8. Once authorized the API server returns a response to `kubectl`
9. `kubectl` provides feedback to the user
* `--oidc-client-id` A client id that all tokens must be issued for.
Since all of the data needed to validate who you are is in the `id_token`, Kubernetes doesn't need to
"phone home" to the identity provider. In a model where every request is stateless this provides a very scalable
solution for authentication. It does offer a few challenges:
1. Kubernetes has no "web interface" to trigger the authentication process. There is no browser or interface to collect credentials which is why you need to authenticate to your identity provider first.
2. The `id_token` can't be revoked, its like a certificate so it should be short-lived (only a few minutes) so it can be very annoying to have to get a new token every few minutes
3. There's no easy way to authenticate to the Kubernetes dashboard without using the `kubectl -proxy` command or a reverse proxy that injects the `id_token`
#### Configuring the API Server
To enable the plugin, configure the following flags on the API server:
| Parameter | Description | Example | Required |
| --------- | ----------- | ------- | ------- |
| --oidc-issuer-url | URL of the provider which allows the API server to discover public signing keys. Only URLs which use the `https://` scheme are accepted. This is typically the provider's discovery URL without a path, for example "https://accounts.google.com" or "https://login.salesforce.com". This URL should point to the level below .well-known/openid-configuration | If the discovery URL is https://accounts.google.com/.well-known/openid-configuration the value should be https://accounts.google.com | Yes |
| --oidc-client-id | A client id that all tokens must be issued for. | kubernetes | Yes |
| --oidc-username-claim | JWT claim to use as the user name. By default `sub`, which is expected to be a unique identifier of the end user. Admins can choose other claims, such as `email`, depending on their provider. | sub | No |
| --oidc-groups-claim | JWT claim to use as the user's group. If the claim is present it must be an array of strings. | groups | No |
| --oidc-ca-file | The path to the certificate for the CA that signed your identity provider's web certificate. Defaults to the host's root CAs. | `/etc/kubernetes/ssl/kc-ca.pem` | No |
Importantly, the API server is not an OAuth2 client, rather it can only be
configured to trust a single client. This allows the use of public providers,
configured to trust a single issuer. This allows the use of public providers,
such as Google, without trusting credentials issued to third parties. Admins who
wish utilize multiple OAuth clients should explore providers which support the
wish to utilize multiple OAuth clients should explore providers which support the
`azp` (authorized party) claim, a mechanism for allowing one client to issue
tokens on behalf of another.
The plugin also accepts the following optional flags:
* `--oidc-ca-file` Used by the API server to establish and verify the secure
connection to the issuer. Defaults to the host's root CAs.
And experimental flags:
* `--oidc-username-claim` JWT claim to use as the user name. By default `sub`,
which is expected to be a unique identifier of the end user. Admins can choose
other claims, such as `email`, depending on their provider.
* `--oidc-groups-claim` JWT claim to use as the user's group. If the claim is present
it must be an array of strings.
Kubernetes does not provide an OpenID Connect Identity Provider.
You can use an existing public OpenID Connect Identity Provider (such as Google, or [others](http://connect2id.com/products/nimbus-oauth-openid-connect-sdk/openid-connect-providers)).
Or, you can run your own Identity Provider, such as CoreOS [dex](https://github.com/coreos/dex), [Keycloak](https://github.com/keycloak/keycloak) or CloudFoundry [UAA](https://github.com/cloudfoundry/uaa).
Or, you can run your own Identity Provider, such as CoreOS [dex](https://github.com/coreos/dex), [Keycloak](https://github.com/keycloak/keycloak), CloudFoundry [UAA](https://github.com/cloudfoundry/uaa), or Tremolo Security's [OpenUnison](https://github.com/tremolosecurity/openunison).
The provider needs to support [OpenID connect discovery](https://openid.net/specs/openid-connect-discovery-1_0.html); not all do.
For an identity provider to work with Kubernetes it must:
1. Support [OpenID connect discovery](https://openid.net/specs/openid-connect-discovery-1_0.html); not all do.
2. Run in TLS with non-obsolete ciphers
3. Have a CA signed certificate (even if the CA is not a commercial CA or is self signed)
A note about requirement #3 above, requiring a CA signed certificate. If you deploy your own identity provider (as opposed to one of the cloud providers like Google or Microsoft) you MUST have your identity provider's web server certificate signed by a certificate with the `CA` flag set to `TRUE`, even if it is self signed. This is due to GoLang's TLS client implementation being very strict to the standards around certificate validation. If you don't have a CA handy, you can use this script from the CoreOS team to create a simple CA and a signed certificate and key pair - https://github.com/coreos/dex/blob/1ee5920c54f5926d6468d2607c728b71cfe98092/examples/k8s/gencert.sh or this script based on it that will generate SHA256 certs with a longer life and larger key size https://raw.githubusercontent.com/TremoloSecurity/openunison-qs-kubernetes/master/makecerts.sh.
Setup instructions for specific systems:
- [UAA](http://apigee.com/about/blog/engineering/kubernetes-authentication-enterprise)
- [Dex](https://speakerdeck.com/ericchiang/kubernetes-access-control-with-dex)
- [OpenUnison](https://github.com/TremoloSecurity/openunison-qs-kubernetes)
#### Using kubectl
##### Option 1 - OIDC Authenticator
The first option is to use the `oidc` authenticator. This authenticator takes your `id_token`, `refresh_token` and your OIDC `client_secret` and will refresh your token automatically. Once you have authenticated to your identity provider:
```bash
kubectl config set-credentials USER_NAME \
--auth-provider=oidc
--auth-provider-arg=idp-issuer-url=( issuer url ) \
--auth-provider-arg=client-id=( your client id ) \
--auth-provider-arg=client-secret=( your client secret ) \
--auth-provider-arg=refresh-token=( your refresh token ) \
--auth-provider-arg=idp-certificate-authority=( path to your ca certificate ) \
--auth-provider-arg=id-token=( your id_token )
```
As an example, running the below command after authenticating to your identity provider:
```bash
kubectl config set-credentials mmosley \
--auth-provider=oidc \
--auth-provider-arg=idp-issuer-url=https://oidcidp.tremolo.lan:8443/auth/idp/OidcIdP \
--auth-provider-arg=client-id=kubernetes \
--auth-provider-arg=client-secret=1db158f6-177d-4d9c-8a8b-d36869918ec5 \
--auth-provider-arg=refresh-token=q1bKLFOyUiosTfawzA93TzZIDzH2TNa2SMm0zEiPKTUwME6BkEo6Sql5yUWVBSWpKUGphaWpxSVAfekBOZbBhaEW+VlFUeVRGcluyVF5JT4+haZmPsluFoFu5XkpXk5BXqHega4GAXlF+ma+vmYpFcHe5eZR+slBFpZKtQA= \
--auth-provider-arg=idp-certificate-authority=/root/ca.pem \
--auth-provider-arg=id-token=eyJraWQiOiJDTj1vaWRjaWRwLnRyZW1vbG8ubGFuLCBPVT1EZW1vLCBPPVRybWVvbG8gU2VjdXJpdHksIEw9QXJsaW5ndG9uLCBTVD1WaXJnaW5pYSwgQz1VUy1DTj1rdWJlLWNhLTEyMDIxNDc5MjEwMzYwNzMyMTUyIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL29pZGNpZHAudHJlbW9sby5sYW46ODQ0My9hdXRoL2lkcC9PaWRjSWRQIiwiYXVkIjoia3ViZXJuZXRlcyIsImV4cCI6MTQ4MzU0OTUxMSwianRpIjoiMm96US15TXdFcHV4WDlHZUhQdy1hZyIsImlhdCI6MTQ4MzU0OTQ1MSwibmJmIjoxNDgzNTQ5MzMxLCJzdWIiOiI0YWViMzdiYS1iNjQ1LTQ4ZmQtYWIzMC0xYTAxZWU0MWUyMTgifQ.w6p4J_6qQ1HzTG9nrEOrubxIMb9K5hzcMPxc9IxPx2K4xO9l-oFiUw93daH3m5pluP6K7eOE6txBuRVfEcpJSwlelsOsW8gb8VJcnzMS9EnZpeA0tW_p-mnkFc3VcfyXuhe5R3G7aa5d8uHv70yJ9Y3-UhjiN9EhpMdfPAoEB9fYKKkJRzF7utTTIPGrSaSU6d2pcpfYKaxIwePzEkT4DfcQthoZdy9ucNvvLoi1DIC-UocFD8HLs8LYKEqSxQvOcvnThbObJ9af71EwmuE21fO5KzMW20KtAeget1gnldOosPtz1G5EwvaQ401-RPQzPGMVBld0_zMCAwZttJ4knw
```
Which would produce the below configuration:
```yaml
users:
- name: mmosley
user:
auth-provider:
config:
client-id: kubernetes
client-secret: 1db158f6-177d-4d9c-8a8b-d36869918ec5
id-token: eyJraWQiOiJDTj1vaWRjaWRwLnRyZW1vbG8ubGFuLCBPVT1EZW1vLCBPPVRybWVvbG8gU2VjdXJpdHksIEw9QXJsaW5ndG9uLCBTVD1WaXJnaW5pYSwgQz1VUy1DTj1rdWJlLWNhLTEyMDIxNDc5MjEwMzYwNzMyMTUyIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL29pZGNpZHAudHJlbW9sby5sYW46ODQ0My9hdXRoL2lkcC9PaWRjSWRQIiwiYXVkIjoia3ViZXJuZXRlcyIsImV4cCI6MTQ4MzU0OTUxMSwianRpIjoiMm96US15TXdFcHV4WDlHZUhQdy1hZyIsImlhdCI6MTQ4MzU0OTQ1MSwibmJmIjoxNDgzNTQ5MzMxLCJzdWIiOiI0YWViMzdiYS1iNjQ1LTQ4ZmQtYWIzMC0xYTAxZWU0MWUyMTgifQ.w6p4J_6qQ1HzTG9nrEOrubxIMb9K5hzcMPxc9IxPx2K4xO9l-oFiUw93daH3m5pluP6K7eOE6txBuRVfEcpJSwlelsOsW8gb8VJcnzMS9EnZpeA0tW_p-mnkFc3VcfyXuhe5R3G7aa5d8uHv70yJ9Y3-UhjiN9EhpMdfPAoEB9fYKKkJRzF7utTTIPGrSaSU6d2pcpfYKaxIwePzEkT4DfcQthoZdy9ucNvvLoi1DIC-UocFD8HLs8LYKEqSxQvOcvnThbObJ9af71EwmuE21fO5KzMW20KtAeget1gnldOosPtz1G5EwvaQ401-RPQzPGMVBld0_zMCAwZttJ4knw
idp-certificate-authority: /root/ca.pem
idp-issuer-url: https://oidcidp.tremolo.lan:8443/auth/idp/OidcIdP
refresh-token: q1bKLFOyUiosTfawzA93TzZIDzH2TNa2SMm0zEiPKTUwME6BkEo6Sql5yUWVBSWpKUGphaWpxSVAfekBOZbBhaEW+VlFUeVRGcluyVF5JT4+haZmPsluFoFu5XkpXk5BXq
name: oidc
```
Once your `id_token` expires, `kubectl` will attempt to refresh your `id_token` using your `refresh_token` and `client_secret` storing the new values for the `refresh_token` and `id_token` in your `kube/.config`.
##### Option 2 - Use the `--token` Option
The `kubectl` command lets you pass in a token using the `--token` option. Simply copy and paste the `id_token` into this option:
```
kubectl --token=eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL21sYi50cmVtb2xvLmxhbjo4MDQzL2F1dGgvaWRwL29pZGMiLCJhdWQiOiJrdWJlcm5ldGVzIiwiZXhwIjoxNDc0NTk2NjY5LCJqdGkiOiI2RDUzNXoxUEpFNjJOR3QxaWVyYm9RIiwiaWF0IjoxNDc0NTk2MzY5LCJuYmYiOjE0NzQ1OTYyNDksInN1YiI6Im13aW5kdSIsInVzZXJfcm9sZSI6WyJ1c2VycyIsIm5ldy1uYW1lc3BhY2Utdmlld2VyIl0sImVtYWlsIjoibXdpbmR1QG5vbW9yZWplZGkuY29tIn0.f2As579n9VNoaKzoF-dOQGmXkFKf1FMyNV0-va_B63jn-_n9LGSCca_6IVMP8pO-Zb4KvRqGyTP0r3HkHxYy5c81AnIh8ijarruczl-TK_yF5akjSTHFZD-0gRzlevBDiH8Q79NAr-ky0P4iIXS8lY9Vnjch5MF74Zx0c3alKJHJUnnpjIACByfF2SCaYzbWFMUNat-K1PaUk5-ujMBG7yYnr95xD-63n8CO8teGUAAEMx6zRjzfhnhbzX-ajwZLGwGUBT4WqjMs70-6a7_8gZmLZb2az1cZynkFRj2BaCkVT3A2RrjeEwZEtGXlMqKJ1_I2ulrOVsYx01_yD35-rw get nodes
```
### Webhook Token Authentication
@ -369,12 +447,12 @@ HTTP status codes can be used to supply additional error context.
The API server can be configured to identify users from request header values, such as `X-Remote-User`.
It is designed for use in combination with an authenticating proxy, which sets the request header value.
In order to prevent header spoofing, the authenticating proxy is required to present a valid client
certificate to the API server for validation against the specified CA before the request headers are
certificate to the API server for validation against the specified CA before the request headers are
checked.
* `--requestheader-username-headers` Required, case-insensitive. Header names to check, in order, for the user identity. The first header containing a value is used as the identity.
* `--requestheader-client-ca-file` Required. PEM-encoded certificate bundle. A valid client certificate must be presented and validated against the certificate authorities in the specified file before the request headers are checked for user names.
* `--requestheader-allowed-names` Optional. List of common names (cn). If set, a valid client certificate with a Common Name (cn) in the specified list must be presented before the request headers are checked for user names. If empty, any Common Name is allowed.
* `--requestheader-allowed-names` Optional. List of common names (cn). If set, a valid client certificate with a Common Name (cn) in the specified list must be presented before the request headers are checked for user names. If empty, any Common Name is allowed.
### Keystone Password
@ -402,18 +480,18 @@ changes](https://github.com/kubernetes/kubernetes/pull/25536) for more details.
## Anonymous requests
Anonymous access is enabled by default, and can be disabled by passing `--anonymous-auth=false`
Anonymous access is enabled by default, and can be disabled by passing `--anonymous-auth=false`
option to the API server during startup.
When enabled, requests that are not rejected by other configured authentication methods are
treated as anonymous requests, and given a username of `system:anonymous` and a group of
When enabled, requests that are not rejected by other configured authentication methods are
treated as anonymous requests, and given a username of `system:anonymous` and a group of
`system:unauthenticated`.
For example, on a server with token authentication configured, and anonymous access enabled,
a request providing an invalid bearer token would receive a `401 Unauthorized` error.
A request providing no bearer token would be treated as an anonymous request.
a request providing an invalid bearer token would receive a `401 Unauthorized` error.
A request providing no bearer token would be treated as an anonymous request.
If you rely on authentication alone to authorize access, either change to use an
If you rely on authentication alone to authorize access, either change to use an
authorization mode other than `AlwaysAllow`, or set `--anonymous-auth=false`.
## Plugin Development

43
docs/admin/authorization.md
View File

@ -85,8 +85,8 @@ properties:
- `kind`, type string: valid values are "Policy". Allows versioning and conversion of the policy format.
- `spec` property set to a map with the following properties:
- Subject-matching properties:
- `user`, type string; the user-string from `--token-auth-file`. If you specify `user`, it must match the username of the authenticated user. `*` matches all requests.
- `group`, type string; if you specify `group`, it must match one of the groups of the authenticated user. `*` matches all requests.
- `user`, type string; the user-string from `--token-auth-file`. If you specify `user`, it must match the username of the authenticated user.
- `group`, type string; if you specify `group`, it must match one of the groups of the authenticated user. `system:authenticated` matches all authenticated requests. `system:unauthenticated` matches all unauthenticated requests.
- `readonly`, type boolean, when true, means that the policy only applies to get, list, and watch operations.
- Resource-matching properties:
- `apiGroup`, type string; an API group, such as `extensions`. `*` matches all API groups.
@ -115,8 +115,11 @@ The tuple of attributes is checked for a match against every policy in the
policy file. If at least one line matches the request attributes, then the
request is authorized (but may fail later validation).
To permit any user to do something, write a policy with the user property set to
`"*"`.
To permit any authenticated user to do something, write a policy with the
group property set to `"system:authenticated"`.
To permit any unauthenticated user to do something, write a policy with the
group property set to `"system:unauthenticated"`.
To permit a user to do anything, write a policy with the apiGroup, namespace,
resource, and nonResourcePath properties set to `"*"`.
@ -165,7 +168,8 @@ up the verbosity:
5. Anyone can make read-only requests to all non-resource paths:
```json
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user": "*", "readonly": true, "nonResourcePath": "*"}}
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"group": "system:authenticated", "readonly": true, "nonResourcePath": "*"}}
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"group": "system:unauthenticated", "readonly": true, "nonResourcePath": "*"}}
```
[Complete file example](http://releases.k8s.io/{{page.githubbranch}}/pkg/auth/authorizer/abac/example_policy_file.jsonl)
@ -440,6 +444,29 @@ subjects:
name: system:serviceaccounts
```
For all authenticated users:
```yaml
subjects:
- kind: Group
name: system:authenticated
```
For all unauthenticated users:
```yaml
subjects:
- kind: Group
name: system:unauthenticated
```
For all users:
```yaml
subjects:
- kind: Group
name: system:authenticated
- kind: Group
name: system:unauthenticated
```
## Webhook Mode
When specified, mode `Webhook` causes Kubernetes to query an outside REST
@ -489,7 +516,7 @@ request, and either details about the resource being accessed or requests
attributes.
Note that webhook API objects are subject to the same [versioning compatibility rules](/docs/api/)
as other Kubernetes API objects. Implementers should be aware of loser
as other Kubernetes API objects. Implementers should be aware of looser
compatibility promises for beta objects and check the "apiVersion" field of the
request to ensure correct deserialization. Additionally, the API Server must
enable the `authorization.k8s.io/v1beta1` API extensions group (`--runtime-config=authorization.k8s.io/v1beta1=true`).
@ -504,7 +531,7 @@ An example request body:
"resourceAttributes": {
"namespace": "kittensandponies",
"verb": "GET",
"group": "*",
"group": "unicorn.example.org",
"resource": "pods"
},
"user": "jane",
@ -627,7 +654,7 @@ __EOF__
--- snip lots of output ---
I0913 08:12:31.362873 27425 request.go:908] Response Body: {"kind":"SubjectAccessReview","apiVersion":"authorization.k8s.io/v1beta1","metadata":{"creationTimestamp":null},"spec":{"resourceAttributes":{"namespace":"kittensandponies","verb":"GET","group":"*","resource":"pods"},"user":"jane","group":["group1","group2"]},"status":{"allowed":true}}
I0913 08:12:31.362873 27425 request.go:908] Response Body: {"kind":"SubjectAccessReview","apiVersion":"authorization.k8s.io/v1beta1","metadata":{"creationTimestamp":null},"spec":{"resourceAttributes":{"namespace":"kittensandponies","verb":"GET","group":"unicorn.example.org","resource":"pods"},"user":"jane","group":["group1","group2"]},"status":{"allowed":true}}
subjectaccessreview "" created
```

2
docs/admin/cluster-components.md
View File

@ -107,7 +107,7 @@ the Kubernetes runtime environment.
or via local configuration file) and:
* Mounts the pod's required volumes
* Downloads the pod's secrets
* Run the pod's containers via docker (or, experimentally, rkt).
* Runs the pod's containers via docker (or, experimentally, rkt).
* Periodically executes any requested container liveness probes.
* Reports the status of the pod back to the rest of the system, by creating a
"mirror pod" if necessary.

6
docs/admin/cluster-large.md
View File

@ -99,13 +99,13 @@ To avoid running into cluster addon resource issues, when creating a cluster wit
* Scale memory and CPU limits for each of the following addons, if used, as you scale up the size of cluster (there is one replica of each handling the entire cluster so memory and CPU usage tends to grow proportionally with size/load on cluster):
* [InfluxDB and Grafana](http://releases.k8s.io/{{page.githubbranch}}/cluster/addons/cluster-monitoring/influxdb/influxdb-grafana-controller.yaml)
* [skydns, kube2sky, and dns etcd](http://releases.k8s.io/{{page.githubbranch}}/cluster/addons/dns/skydns-rc.yaml.in)
* [kubedns, dnsmasq, and sidecar](http://releases.k8s.io/{{page.githubbranch}}/cluster/addons/dns/kubedns-controller.yaml.in)
* [Kibana](http://releases.k8s.io/{{page.githubbranch}}/cluster/addons/fluentd-elasticsearch/kibana-controller.yaml)
* Scale number of replicas for the following addons, if used, along with the size of cluster (there are multiple replicas of each so increasing replicas should help handle increased load, but, since load per replica also increases slightly, also consider increasing CPU/memory limits):
* [elasticsearch](http://releases.k8s.io/{{page.githubbranch}}/cluster/addons/fluentd-elasticsearch/es-controller.yaml)
* Increase memory and CPU limits slightly for each of the following addons, if used, along with the size of cluster (there is one replica per node but CPU/memory usage increases slightly along with cluster load/size as well):
* [FluentD with ElasticSearch Plugin](http://releases.k8s.io/{{page.githubbranch}}/cluster/saltbase/salt/fluentd-es/fluentd-es.yaml)
* [FluentD with GCP Plugin](http://releases.k8s.io/{{page.githubbranch}}/cluster/saltbase/salt/fluentd-gcp/fluentd-gcp.yaml)
* [FluentD with ElasticSearch Plugin](http://releases.k8s.io/{{page.githubbranch}}/cluster/addons/fluentd-elasticsearch/fluentd-es-ds.yaml)
* [FluentD with GCP Plugin](http://releases.k8s.io/{{page.githubbranch}}/cluster/addons/fluentd-gcp/fluentd-gcp-ds.yaml)
Heapster's resource limits are set dynamically based on the initial size of your cluster (see [#16185](http://issue.k8s.io/16185)
and [#22940](http://issue.k8s.io/22940)). If you find that Heapster is running

8
docs/admin/cluster-management.md
View File

@ -159,11 +159,11 @@ node discovery; currently this is only Google Compute Engine, not including Core
### Upgrading to a different API version
When a new API version is released, you may need to upgrade a cluster to support the new API version (e.g. switching from 'v1' to 'v2' when 'v2' is launched)
When a new API version is released, you may need to upgrade a cluster to support the new API version (e.g. switching from 'v1' to 'v2' when 'v2' is launched).
This is an infrequent event, but it requires careful management. There is a sequence of steps to upgrade to a new API version.
1. Turn on the new api version.
1. Turn on the new API version.
1. Upgrade the cluster's storage to use the new version.
1. Upgrade all config files. Identify users of the old API version endpoints.
1. Update existing objects in the storage to new version by running `cluster/update-storage-objects.sh`.
@ -171,9 +171,9 @@ This is an infrequent event, but it requires careful management. There is a sequ
### Turn on or off an API version for your cluster
Specific API versions can be turned on or off by passing --runtime-config=api/<version> flag while bringing up the API server. For example: to turn off v1 API, pass `--runtime-config=api/v1=false`.
Specific API versions can be turned on or off by passing `--runtime-config=api/<version>` flag while bringing up the API server. For example: to turn off v1 API, pass `--runtime-config=api/v1=false`.
runtime-config also supports 2 special keys: api/all and api/legacy to control all and legacy APIs respectively.
For example, for turning off all api versions except v1, pass `--runtime-config=api/all=false,api/v1=true`.
For example, for turning off all API versions except v1, pass `--runtime-config=api/all=false,api/v1=true`.
For the purposes of these flags, _legacy_ APIs are those APIs which have been explicitly deprecated (e.g. `v1beta3`).
### Switching your cluster's storage API version

4
docs/admin/cluster-troubleshooting.md
View File

@ -89,7 +89,7 @@ Mitigations:
- Mitigates: Apiserver VM shutdown or apiserver crashing
- Mitigates: Supporting services VM shutdown or crashes
- Action use IaaS providers reliable storage (e.g. GCE PD or AWS EBS volume) for VMs with apiserver+etcd
- Action: Use IaaS providers reliable storage (e.g. GCE PD or AWS EBS volume) for VMs with apiserver+etcd
- Mitigates: Apiserver backing storage lost
- Action: Use (experimental) [high-availability](/docs/admin/high-availability) configuration
@ -112,4 +112,4 @@ Mitigations:
- Mitigates: Kubelet software fault
- Action: [Multiple independent clusters](/docs/admin/multi-cluster) (and avoid making risky changes to all clusters at once)
- Mitigates: Everything listed above.
- Mitigates: Everything listed above.

10
docs/admin/dns.md
View File

@ -47,8 +47,8 @@ selection from the set.
### SRV records
SRV Records are created for named ports that are part of normal or Headless
Services.
SRV Records are created for named ports that are part of normal or [Headless
Services](http://releases.k8s.io/docs/user-guide/services/#headless-services).
For each named port, the SRV record would have the form
`_my-port-name._my-port-protocol.my-svc.my-namespace.svc.cluster.local`.
For a regular service, this resolves to the port number and the CNAME:
@ -69,7 +69,7 @@ is no longer supported.
When enabled, pods are assigned a DNS A record in the form of `pod-ip-address.my-namespace.pod.cluster.local`.
For example, a pod with ip `1.2.3.4` in the namespace `default` with a DNS name of `cluster.local` would have an entry: `1-2-3-4.default.pod.cluster.local`.
For example, a pod with IP `1.2.3.4` in the namespace `default` with a DNS name of `cluster.local` would have an entry: `1-2-3-4.default.pod.cluster.local`.
#### A Records and hostname based on Pod's hostname and subdomain fields
@ -280,7 +280,7 @@ If you see that no pod is running or that the pod has failed/completed, the DNS
Use `kubectl logs` command to see logs for the DNS daemons.
```
kubectl logs --namespace=kube-system $(kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o name) -c kube-dns
kubectl logs --namespace=kube-system $(kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o name) -c kubedns
kubectl logs --namespace=kube-system $(kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o name) -c dnsmasq
kubectl logs --namespace=kube-system $(kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o name) -c healthz
```
@ -308,7 +308,7 @@ If you have created the service or in the case it should be created by default b
#### Are DNS endpoints exposed?
You can verify that dns endpoints are exposed by using the `kubectl get endpoints` command.
You can verify that DNS endpoints are exposed by using the `kubectl get endpoints` command.
```
kubectl get ep kube-dns --namespace=kube-system

4
docs/admin/federation/index.md
View File

@ -236,7 +236,7 @@ metadata:
name: kube-dns
namespace: kube-system
data:
federations: <federation-name>=<dns-domain-name>
federations: <federation-name>=<federation-domain-name>
```
where `<federation-name>` should be replaced by the name you want to give to your
@ -249,7 +249,7 @@ http://kubernetes.io/docs/user-guide/configmap/.
### Kubernetes 1.4 and earlier: Setting federations flag on kube-dns-rc
If your cluster is running Kubernetes version 1.4 or earlier, you must to restart
If your cluster is running Kubernetes version 1.4 or earlier, you must restart
KubeDNS and pass it a `--federations` flag, which tells it about valid federation DNS hostnames.
The flag uses the following format:

30
docs/admin/federation/kubefed.md
View File

@ -33,6 +33,12 @@ or later
extract the binaries in the tarball to one of the directories
in your `$PATH` and set the executable permission on those binaries.
Note: The URL in the curl command below downloads the binaries for
Linux amd64. If you are on a different platform, please use the URL
for the binaries appropriate for your platform. You can find the list
of available binaries on the [release page](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG.md#client-binaries-3)
```shell
curl -O https://storage.googleapis.com/kubernetes-release/release/v1.5.0/kubernetes-client-linux-amd64.tar.gz
tar -xzvf kubernetes-client-linux-amd64.tar.gz
@ -141,12 +147,13 @@ local kubeconfig. If it fails to find a matching context, it exits
with an error.
This might cause issues in cases where context names for each cluster
in the federation don't follow RFC 1035 label naming rules. In such
cases, you can specify a cluster name that conforms to the RFC 1035
label naming rules and specify the cluster context using the
`--cluster-context` flag. For example, if context of the cluster your
are joining is `gondor_needs-no_king`, then you can
join the cluster by running:
in the federation don't follow
[RFC 1035](https://www.ietf.org/rfc/rfc1035.txt) label naming rules.
In such cases, you can specify a cluster name that conforms to the
[RFC 1035](https://www.ietf.org/rfc/rfc1035.txt) label naming rules
and specify the cluster context using the `--cluster-context` flag.
For example, if context of the cluster your are joining is
`gondor_needs-no_king`, then you can join the cluster by running:
```shell
kubefed join gondor --host-cluster-context=rivendell --cluster-context=gondor_needs-no_king
@ -159,8 +166,9 @@ described above are stored as a secret in the host cluster. The name
of the secret is also derived from the cluster name.
However, the name of a secret object in Kubernetes should conform
to the subdomain name specification described in RFC 1123. If this
isn't case, you can pass the secret name to `kubefed join` using the
to the DNS subdomain name specification described in
[RFC 1123](https://tools.ietf.org/html/rfc1123). If this isn't the
case, you can pass the secret name to `kubefed join` using the
`--secret-name` flag. For example, if the cluster name is `noldor` and
the secret name is `11kingdom`, you can join the cluster by
running:
@ -169,6 +177,12 @@ running:
kubefed join noldor --host-cluster-context=rivendell --secret-name=11kingdom
```
Note: If your cluster name does not conform to the DNS subdomain name
specification, all you need to do is supply the secret name via the
`--secret-name` flag. `kubefed join` automatically creates the secret
for you.
## Removing a cluster from a federation
To remove a cluster from a federation, run the `kubefed unjoin`

4
docs/admin/garbage-collection.md
View File

@ -7,7 +7,7 @@ title: Configuring kubelet Garbage Collection
* TOC
{:toc}
Garbage collection is a helpful function of kubelet that will clean up unused images and unused containers. kubelet will perform garbage collection for containers every minute and garbage collection for images every five minutes.
Garbage collection is a helpful function of kubelet that will clean up unused images and unused containers. Kubelet will perform garbage collection for containers every minute and garbage collection for images every five minutes.
External garbage collection tools are not recommended as these tools can potentially break the behavior of kubelet by removing containers expected to exist.
@ -24,7 +24,7 @@ threshold has been met.
### Container Collection
The policy for garbage collecting containers considers three user-defined variables. `MinAge` is the minimum age at which a container can be garbage collected. `MaxPerPodContainer` is the maximum number of dead containers any single
pod (UID, container name) pair is allowed to have. `MaxContainers` is the maximum number of total dead containers. These variables can be individually disabled by setting 'Min Age' to zero and setting 'MaxPerPodContainer' and 'MaxContainers' respectively to less than zero.
pod (UID, container name) pair is allowed to have. `MaxContainers` is the maximum number of total dead containers. These variables can be individually disabled by setting 'MinAge' to zero and setting 'MaxPerPodContainer' and 'MaxContainers' respectively to less than zero.
Kubelet will act on containers that are unidentified, deleted, or outside of the boundaries set by the previously mentioned flags. The oldest containers will generally be removed first. 'MaxPerPodContainer' and 'MaxContainer' may potentially conflict with each other in situations where retaining the maximum number of containers per pod ('MaxPerPodContainer') would go outside the allowable range of global dead containers ('MaxContainers'). 'MaxPerPodContainer' would be adjusted in this situation: A worst case scenario would be to downgrade 'MaxPerPodContainer' to 1 and evict the oldest containers. Additionally, containers owned by pods that have been deleted are removed once they are older than `MinAge`.

4
docs/admin/ha-master-gce.md
View File

@ -84,7 +84,7 @@ The following sample commands demonstrate this process:
$ KUBE_DELETE_NODES=false KUBE_GCE_ZONE=replica_zone KUBE_REPLICA_NAME=replica_name ./cluster/kube-down.sh
```
2. Add a new replica in place of the old one:
<ol start="2"><li>Add a new replica in place of the old one:</li></ol>
```shell
$ KUBE_GCE_ZONE=replica-zone KUBE_REPLICATE_EXISTING_MASTER=true ./cluster/kube-up.sh
@ -102,7 +102,7 @@ A two-replica cluster is thus inferior, in terms of HA, to a single replica clus
* When you add a master replica, cluster state (etcd) is copied to a new instance.
If the cluster is large, it may take a long time to duplicate its state.
This operation may be speed up by migrating etcd data directory, as described [here](https://coreos.com/etcd/docs/latest/admin_guide.html#member-migration) here
This operation may be sped up by migrating etcd data directory, as described [here](https://coreos.com/etcd/docs/latest/admin_guide.html#member-migration)
(we are considering adding support for etcd data dir migration in future).
## Implementation notes

2
docs/admin/index.md
View File

@ -61,7 +61,7 @@ project](/docs/admin/salt).
* **DNS Integration with SkyDNS** ([dns.md](/docs/admin/dns)):
Resolving a DNS name directly to a Kubernetes service.
* [**Cluster-level logging**](/docs/user-guide/logging/overview)
* [**Cluster-level logging**](/docs/user-guide/logging/overview):
Saving container logs to a central log store with search/browsing interface.
## Multi-tenant support

8
docs/admin/limitrange/index.md
View File

@ -23,7 +23,7 @@ to 512MB of memory. The cluster operator creates a separate namespace for each
each namespace.
3. Users may create a pod which consumes resources just below the capacity of a machine. The left over space
may be too small to be useful, but big enough for the waste to be costly over the entire cluster. As a result,
the cluster operator may want to set limits that a pod must consume at least 20% of the memory and cpu of their
the cluster operator may want to set limits that a pod must consume at least 20% of the memory and CPU of their
average node size in order to provide for more uniform scheduling and to limit waste.
This example demonstrates how limits can be applied to a Kubernetes [namespace](/docs/admin/namespaces/walkthrough/) to control
@ -101,7 +101,7 @@ The limits enumerated in a namespace are only enforced when a pod is created or
the cluster. If you change the limits to a different value range, it does not affect pods that
were previously created in a namespace.
If a resource (cpu or memory) is being restricted by a limit, the user will get an error at time
If a resource (CPU or memory) is being restricted by a limit, the user will get an error at time
of creation explaining why.
Let's first spin up a [Deployment](/docs/user-guide/deployments) that creates a single container Pod to demonstrate
@ -145,9 +145,9 @@ spec:
volumeMounts:
```
Note that our nginx container has picked up the namespace default cpu and memory resource *limits* and *requests*.
Note that our nginx container has picked up the namespace default CPU and memory resource *limits* and *requests*.
Let's create a pod that exceeds our allowed limits by having it have a container that requests 3 cpu cores.
Let's create a pod that exceeds our allowed limits by having it have a container that requests 3 CPU cores.
```shell
$ kubectl create -f docs/admin/limitrange/invalid-pod.yaml --namespace=limit-example

2
docs/admin/master-node-communication.md
View File

@ -91,7 +91,7 @@ HTTP connections and are therefore neither authenticated nor encrypted. They
can be run over a secure HTTPS connection by prefixing `https:` to the node,
pod, or service name in the API URL, but they will not validate the certificate
provided by the HTTPS endpoint nor provide client credentials so while the
connection will by encrypted, it will not provide any guarantees of integrity.
connection will be encrypted, it will not provide any guarantees of integrity.
These connections **are not currently safe** to run over untrusted and/or
public networks.

4
docs/admin/multi-cluster.md
View File

@ -8,7 +8,7 @@ You may want to set up multiple Kubernetes clusters, both to
have clusters in different regions to be nearer to your users, and to tolerate failures and/or invasive maintenance.
This document describes some of the issues to consider when making a decision about doing so.
If you decide to have multiple clusters, Kubernetes provides a way to [federate them](/docs/admin/federation/)
If you decide to have multiple clusters, Kubernetes provides a way to [federate them](/docs/admin/federation/).
## Scope of a single cluster
@ -40,7 +40,7 @@ Reasons to have multiple clusters include:
## Selecting the right number of clusters
The selection of the number of Kubernetes clusters may be a relatively static choice, only revisited occasionally.
By contrast, the number of nodes in a cluster and the number of pods in a service may be change frequently according to
By contrast, the number of nodes in a cluster and the number of pods in a service may change frequently according to
load and growth.
To pick the number of clusters, first, decide which regions you need to be in to have adequate latency to all your end users, for services that will run

4
docs/admin/multiple-schedulers.md
View File

@ -26,7 +26,7 @@ and build the source.
```shell
git clone https://github.com/kubernetes/kubernetes.git
cd kubernetes
hack/build-go.sh
make
```
Create a container image containing the kube-scheduler binary. Here is the `Dockerfile`
@ -107,6 +107,7 @@ scheduler as an annotation in that pod spec. Let's look at three examples.
```shell
kubectl create -f pod1.yaml
```
2. Pod spec with `default-scheduler` annotation
{% include code.html language="yaml" file="multiple-schedulers/pod2.yaml" ghlink="/docs/admin/multiple-schedulers/pod2.yaml" %}
@ -120,6 +121,7 @@ scheduler as an annotation in that pod spec. Let's look at three examples.
```shell
kubectl create -f pod2.yaml
```
3. Pod spec with `my-scheduler` annotation
{% include code.html language="yaml" file="multiple-schedulers/pod3.yaml" ghlink="/docs/admin/multiple-schedulers/pod3.yaml" %}

17
docs/admin/multiple-zones.md
View File

@ -51,7 +51,7 @@ admission controller automatically adds zone labels to them. The scheduler (via
`VolumeZonePredicate` predicate) will then ensure that pods that claim a
given volume are only placed into the same zone as that volume, as volumes
cannot be attached across zones.
## Limitations
There are some important limitations of the multizone support:
@ -158,8 +158,7 @@ kubernetes-minion-wf8i Ready 2m beta.kubernetes.io
### Volume affinity
Create a volume (only PersistentVolumes are supported for zone
affinity), using the new dynamic volume creation:
Create a volume using the dynamic volume creation (only PersistentVolumes are supported for zone affinity):
```json
kubectl create -f - <<EOF
@ -186,10 +185,14 @@ kubectl create -f - <<EOF
EOF
```
The PV is also labeled with the zone & region it was created in. For
version 1.2, dynamic persistent volumes are always created in the zone
of the cluster master (here us-central1-a / us-west-2a); this will
be improved in a future version (issue [#23330](https://github.com/kubernetes/kubernetes/issues/23330).)
**NOTE:** For version 1.3+ Kubernetes will distribute dynamic PV claims across
the configured zones. For version 1.2, dynamic persistent volumes were
always created in the zone of the cluster master
(here us-central1-a / us-west-2a); that issue
([#23330](https://github.com/kubernetes/kubernetes/issues/23330))
was addressed in 1.3+.
Now lets validate that Kubernetes automatically labeled the zone & region the PV was created in.
```shell
> kubectl get pv --show-labels

1
docs/admin/namespaces/index.md
View File

@ -87,6 +87,7 @@ a *Namespace*.
See [Admission control: Limit Range](https://github.com/kubernetes/kubernetes/blob/{{page.githubbranch}}/docs/design/admission_control_limit_range.md)
A namespace can be in one of two phases:
* `Active` the namespace is in use
* `Terminating` the namespace is being deleted, and can not be used for new objects

2
docs/admin/namespaces/walkthrough.md
View File

@ -63,7 +63,7 @@ Create the development namespace using kubectl.
$ kubectl create -f docs/admin/namespaces/namespace-dev.json
```
And then lets create the production namespace using kubectl.
And then let's create the production namespace using kubectl.
```shell
$ kubectl create -f docs/admin/namespaces/namespace-prod.json

6
docs/admin/network-plugins.md
View File

@ -13,7 +13,6 @@ __Disclaimer__: Network plugins are in alpha. Its contents will change rapidly.
Network plugins in Kubernetes come in a few flavors:
* Plain vanilla exec plugins - deprecated in favor of CNI plugins.
* CNI plugins: adhere to the appc/CNI specification, designed for interoperability.
* Kubenet plugin: implements basic `cbr0` using the `bridge` and `host-local` CNI plugins
@ -30,10 +29,6 @@ Besides providing the [`NetworkPlugin` interface](https://github.com/kubernetes/
By default if no kubelet network plugin is specified, the `noop` plugin is used, which sets `net/bridge/bridge-nf-call-iptables=1` to ensure simple configurations (like docker with a bridge) work correctly with the iptables proxy.
### Exec
Place plugins in `network-plugin-dir/plugin-name/plugin-name`, i.e. if you have a bridge plugin and `network-plugin-dir` is `/usr/lib/kubernetes`, you'd place the bridge plugin executable at `/usr/lib/kubernetes/bridge/bridge`. See [this comment](https://github.com/kubernetes/kubernetes/tree/{{page.version}}/pkg/kubelet/network/exec/exec.go) for more details.
### CNI
The CNI plugin is selected by passing Kubelet the `--network-plugin=cni` command-line option. Kubelet reads a file from `--cni-conf-dir` (default `/etc/cni/net.d`) and uses the CNI configuration from that file to set up each pod's network. The CNI configuration file must match the [CNI specification](https://github.com/containernetworking/cni/blob/master/SPEC.md#network-configuration), and any required CNI plugins referenced by the configuration must be present in `--cni-bin-dir` (default `/opt/cni/bin`).
@ -73,7 +68,6 @@ This option is provided to the network-plugin; currently **only kubenet supports
## Usage Summary
* `--network-plugin=exec` specifies that we use the `exec` plugin, with executables located in `--network-plugin-dir`.
* `--network-plugin=cni` specifies that we use the `cni` network plugin with actual CNI plugin binaries located in `--cni-bin-dir` (default `/opt/cni/bin`) and CNI plugin configuration located in `--cni-conf-dir` (default `/etc/cni/net.d`).
* `--network-plugin=kubenet` specifies that we use the `kubenet` network plugin with CNI `bridge` and `host-local` plugins placed in `/opt/cni/bin` or `network-plugin-dir`.
* `--network-plugin-mtu=9001` specifies the MTU to use, currently only used by the `kubenet` network plugin.

2
docs/admin/networking.md
View File

@ -129,7 +129,7 @@ We start Docker with:
DOCKER_OPTS="--bridge=cbr0 --iptables=false --ip-masq=false"
```
This bridge is created by Kubelet (controlled by the `--configure-cbr0=true`
This bridge is created by Kubelet (controlled by the `--network-plugin=kubenet`
flag) according to the `Node`'s `spec.podCIDR`.
Docker will now allocate IPs from the `cbr-cidr` block. Containers can reach

2
docs/admin/node-conformance.md
View File

@ -84,7 +84,7 @@ sudo docker run -it --rm --privileged --net=host \
gcr.io/google_containers/node-test:0.2
```
Node conformance test is a containerized version of [node e2e test](https://github.com/kubernetes/kubernetes/blob/release-1.5/docs/devel/e2e-node-tests.md).
Node conformance test is a containerized version of [node e2e test](https://github.com/kubernetes/kubernetes/blob/{{page.version}}/docs/devel/e2e-node-tests.md).
By default, it runs all conformance tests.
Theoretically, you can run any node e2e test if you configure the container and

4
docs/admin/node-problem.md
View File

@ -31,7 +31,7 @@ See more information
kernel log now. It doesn't support log tools like journald.
* The kernel issue detection of node problem detector has assumption on kernel
log format, now it only works on Ubuntu and Debian. However, it is easy to extend
log format, and now it only works on Ubuntu and Debian. However, it is easy to extend
it to [support other log format](/docs/admin/node-problem/#support-other-log-format).
## Enable/Disable in GCE cluster
@ -194,7 +194,7 @@ and detects known kernel issues following predefined rules.
The Kernel Monitor matches kernel issues according to a set of predefined rule list in
[`config/kernel-monitor.json`](https://github.com/kubernetes/node-problem-detector/blob/v0.1/config/kernel-monitor.json).
The rule list is extensible, you can always extend it by [overwriting the
The rule list is extensible, and you can always extend it by [overwriting the
configuration](/docs/admin/node-problem/#overwrite-the-configuration).
### Add New NodeConditions

4
docs/admin/rescheduler.md
View File

@ -31,10 +31,10 @@ To avoid situation when another pod is scheduled into the space prepared for the
the chosen node gets a temporary taint "CriticalAddonsOnly" before the eviction(s)
(see [more details](https://github.com/kubernetes/kubernetes/blob/master/docs/design/taint-toleration-dedicated.md)).
Each critical add-on has to tolerate it,
the other pods shouldn't tolerate the taint. The tain is removed once the add-on is successfully scheduled.
while the other pods shouldn't tolerate the taint. The taint is removed once the add-on is successfully scheduled.
*Warning:* currently there is no guarantee which node is chosen and which pods are being killed
in order to schedule critical pods, so if rescheduler is enabled you pods might be occasionally
in order to schedule critical pods, so if rescheduler is enabled your pods might be occasionally
killed for this purpose.
## Config

78
docs/admin/resourcequota/limitstorageconsumption.md Normal file
View File

@ -0,0 +1,78 @@
---
assignees:
- derekwaynecarr
- janetkuo
title: Limiting Storage Consumption
---
This example demonstrates an easy way to limit the amount of storage consumed in a namespace.
The following resources are used in the demonstration:
* [Resource Quota](/docs/admin/resourcequota/)
* [Limit Range](/docs/admin/limitrange/)
* [Persistent Volume Claim](/docs/user-guide/persistent-volumes/)
This example assumes you have a functional Kubernetes setup.
## Limiting Storage Consumption
The cluster-admin is operating a cluster on behalf of a user population and the admin wants to control
how much storage a single namespace can consume in order to control cost.
The admin would like to limit:
1. The number of persistent volume claims in a namespace
2. The amount of storage each claim can request
3. The amount of cumulative storage the namespace can have
## LimitRange to limit requests for storage
Adding a `LimitRange` to a namespace enforces storage request sizes to a minimum and maximum. Storage is requested
via `PersistentVolumeClaim`. The admission controller that enforces limit ranges will reject any PVC that is above or below
the values set by the admin.
In this example, a PVC requesting 10Gi of storage would be rejected because it exceeds the 2Gi max.
```
apiVersion: v1
kind: LimitRange
metadata:
name: storagelimits
spec:
limits:
- type: PersistentVolumeClaim
max:
storage: 2Gi
min:
storage: 1Gi
```
Minimum storage requests are used when the underlying storage provider requires certain minimums. For example,
AWS EBS volumes have a 1Gi minimum requirement.
## StorageQuota to limit PVC count and cumulative storage capacity
Admins can limit the number of PVCs in a namespace as well as the cumulative capacity of those PVCs. New PVCs that exceed
either maximum value will be rejected.
In this example, a 6th PVC in the namespace would be rejected because it exceeds the maximum count of 5. Alternatively,
a 5Gi maximum quota when combined with the 2Gi max limit above, cannot have 3 PVCs where each has 2Gi. That would be 6Gi requested
for a namespace capped at 5Gi.
```
apiVersion: v1
kind: ResourceQuota
metadata:
name: storagequota
spec:
hard:
persistentvolumeclaims: "5"
requests.storage: "5Gi"
```
## Summary
A limit range can put a ceiling on how much storage is requested while a resource quota can effectively cap the storage
consumed by a namespace through claim counts and cumulative storage capacity. The allows a cluster-admin to plan their
cluster's storage budget without risk of any one project going over their allotment.

2
docs/admin/salt.md
View File

@ -92,7 +92,7 @@ In addition, a cluster may be running a Debian based operating system or Red Hat
## Best Practices
1. When configuring default arguments for processes, it's best to avoid the use of EnvironmentFiles (Systemd in Red Hat environments) or init.d files (Debian distributions) to hold default values that should be common across operating system environments. This helps keep our Salt template files easy to understand for editors who may not be familiar with the particulars of each distribution.
When configuring default arguments for processes, it's best to avoid the use of EnvironmentFiles (Systemd in Red Hat environments) or init.d files (Debian distributions) to hold default values that should be common across operating system environments. This helps keep our Salt template files easy to understand for editors who may not be familiar with the particulars of each distribution.
## Future enhancements (Networking)

56
docs/admin/static-pods.md
View File

@ -22,45 +22,45 @@ For example, this is how to start a simple web server as a static pod:
1. Choose a node where we want to run the static pod. In this example, it's `my-node1`.
```shell
[joe@host ~] $ ssh my-node1
```
```shell
[joe@host ~] $ ssh my-node1
```
2. Choose a directory, say `/etc/kubelet.d` and place a web server pod definition there, e.g. `/etc/kubernetes.d/static-web.yaml`:
```shell
[root@my-node1 ~] $ mkdir /etc/kubernetes.d/
[root@my-node1 ~] $ cat <<EOF >/etc/kubernetes.d/static-web.yaml
apiVersion: v1
kind: Pod
metadata:
name: static-web
labels:
role: myrole
spec:
containers:
```shell
[root@my-node1 ~] $ mkdir /etc/kubernetes.d/
[root@my-node1 ~] $ cat <<EOF >/etc/kubernetes.d/static-web.yaml
apiVersion: v1
kind: Pod
metadata:
name: static-web
labels:
role: myrole
spec:
containers:
- name: web
image: nginx
ports:
- name: web
image: nginx
ports:
- name: web
containerPort: 80
protocol: tcp
EOF
```
containerPort: 80
protocol: TCP
EOF
```
2. Configure your kubelet daemon on the node to use this directory by running it with `--pod-manifest-path=/etc/kubelet.d/` argument. On Fedora edit `/etc/kubernetes/kubelet` to include this line:
```conf
KUBELET_ARGS="--cluster-dns=10.254.0.10 --cluster-domain=kube.local --pod-manifest-path=/etc/kubelet.d/"
```
```conf
KUBELET_ARGS="--cluster-dns=10.254.0.10 --cluster-domain=kube.local --pod-manifest-path=/etc/kubelet.d/"
```
Instructions for other distributions or Kubernetes installations may vary.
Instructions for other distributions or Kubernetes installations may vary.
3. Restart kubelet. On Fedora, this is:
```shell
[root@my-node1 ~] $ systemctl restart kubelet
```
```shell
[root@my-node1 ~] $ systemctl restart kubelet
```
## Pods created via HTTP

5
docs/api-reference/v1.5/documents/_cluster.md
View File

@ -1,5 +0,0 @@
# <strong>CLUSTER</strong>
Cluster resources are responsible for defining configuration of the cluster itself, and are generally only used by cluster operators.
------------

11
docs/api-reference/v1.5/documents/_config.md
View File

@ -1,11 +0,0 @@
# <strong>CONFIG & STORAGE</strong>
Config and Storage resources are responsible for injecting data into your applications and persisting data externally to your container.
Common resource types:
- [ConfigMaps](#configmap-v1) for providing text key value pairs injected into the application through environment variables, command line arguments, or files
- [Secrets](#secret-v1) for providing binary data injected into the application through files
- [Volumes](#volume-v1) for providing a filesystem external to the Container. Maybe shared across Containers within the same Pod and have a lifetime persisting beyond a Container or Pod.
------------

3
docs/api-reference/v1.5/documents/_definitions.md
View File

@ -1,3 +0,0 @@
# <strong>DEFINITIONS</strong>
This section contains definitions for objects used in the Kubernetes APIs.

46
docs/api-reference/v1.5/documents/_generated_apigroup_unversioned_concept.md
View File

@ -1,46 +0,0 @@
-----------
# APIGroup unversioned
Group | Version | Kind
------------ | ---------- | -----------
Core | unversioned | APIGroup
APIGroup contains the name, the supported versions, and the preferred version of a group.
<aside class="notice">
Appears In <a href="#apigrouplist-unversioned">APIGroupList</a> </aside>
Field | Description
------------ | -----------
apiVersion <br /> *string* | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
kind <br /> *string* | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
name <br /> *string* | name is the name of the group.
preferredVersion <br /> *[GroupVersionForDiscovery](#groupversionfordiscovery-unversioned)* | preferredVersion is the version preferred by the API server, which probably is the storage version.
serverAddressByClientCIDRs <br /> *[ServerAddressByClientCIDR](#serveraddressbyclientcidr-unversioned) array* | a map of client CIDR to server address that is serving this group. This is to help clients reach servers in the most network-efficient way possible. Clients can use the appropriate server address as per the CIDR that they match. In case of multiple matches, clients should use the longest matching CIDR. The server returns only those CIDRs that it thinks that the client can match. For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP.
versions <br /> *[GroupVersionForDiscovery](#groupversionfordiscovery-unversioned) array* | versions are the versions supported in this group.
### APIGroupList unversioned
Field | Description
------------ | -----------
apiVersion <br /> *string* | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
groups <br /> *[APIGroup](#apigroup-unversioned) array* | groups is a list of APIGroup.
kind <br /> *string* | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds

22
docs/api-reference/v1.5/documents/_generated_apigroup_unversioned_definition.md
View File

@ -1,22 +0,0 @@
## APIGroup unversioned
Group | Version | Kind
------------ | ---------- | -----------
Core | unversioned | APIGroup
APIGroup contains the name, the supported versions, and the preferred version of a group.
<aside class="notice">
Appears In <a href="#apigrouplist-unversioned">APIGroupList</a> </aside>
Field | Description
------------ | -----------
apiVersion <br /> *string* | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
kind <br /> *string* | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
name <br /> *string* | name is the name of the group.
preferredVersion <br /> *[GroupVersionForDiscovery](#groupversionfordiscovery-unversioned)* | preferredVersion is the version preferred by the API server, which probably is the storage version.
serverAddressByClientCIDRs <br /> *[ServerAddressByClientCIDR](#serveraddressbyclientcidr-unversioned) array* | a map of client CIDR to server address that is serving this group. This is to help clients reach servers in the most network-efficient way possible. Clients can use the appropriate server address as per the CIDR that they match. In case of multiple matches, clients should use the longest matching CIDR. The server returns only those CIDRs that it thinks that the client can match. For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP.
versions <br /> *[GroupVersionForDiscovery](#groupversionfordiscovery-unversioned) array* | versions are the versions supported in this group.

32
docs/api-reference/v1.5/documents/_generated_apigrouplist_unversioned_concept.md
View File

@ -1,32 +0,0 @@
-----------
# APIGroupList unversioned
Group | Version | Kind
------------ | ---------- | -----------
Core | unversioned | APIGroupList
APIGroupList is a list of APIGroup, to allow clients to discover the API at /apis.
Field | Description
------------ | -----------
apiVersion <br /> *string* | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
groups <br /> *[APIGroup](#apigroup-unversioned) array* | groups is a list of APIGroup.
kind <br /> *string* | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds

18
docs/api-reference/v1.5/documents/_generated_apigrouplist_unversioned_definition.md
View File

@ -1,18 +0,0 @@
## APIGroupList unversioned
Group | Version | Kind
------------ | ---------- | -----------
Core | unversioned | APIGroupList
APIGroupList is a list of APIGroup, to allow clients to discover the API at /apis.
Field | Description
------------ | -----------
apiVersion <br /> *string* | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
groups <br /> *[APIGroup](#apigroup-unversioned) array* | groups is a list of APIGroup.
kind <br /> *string* | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds

44
docs/api-reference/v1.5/documents/_generated_apiresource_unversioned_concept.md
View File

@ -1,44 +0,0 @@
-----------
# APIResource unversioned
Group | Version | Kind
------------ | ---------- | -----------
Core | unversioned | APIResource
APIResource specifies the name of a resource and whether it is namespaced.
<aside class="notice">
Appears In <a href="#apiresourcelist-unversioned">APIResourceList</a> </aside>
Field | Description
------------ | -----------
kind <br /> *string* | kind is the kind for the resource (e.g. 'Foo' is the kind for a resource 'foo')
name <br /> *string* | name is the name of the resource.
namespaced <br /> *boolean* | namespaced indicates if a resource is namespaced or not.
### APIResourceList unversioned
Field | Description
------------ | -----------
apiVersion <br /> *string* | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
groupVersion <br /> *string* | groupVersion is the group and version this APIResourceList is for.
kind <br /> *string* | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
resources <br /> *[APIResource](#apiresource-unversioned) array* | resources contains the name of the resources and if they are namespaced.

19
docs/api-reference/v1.5/documents/_generated_apiresource_unversioned_definition.md
View File

@ -1,19 +0,0 @@
## APIResource unversioned
Group | Version | Kind
------------ | ---------- | -----------
Core | unversioned | APIResource
APIResource specifies the name of a resource and whether it is namespaced.
<aside class="notice">
Appears In <a href="#apiresourcelist-unversioned">APIResourceList</a> </aside>
Field | Description
------------ | -----------
kind <br /> *string* | kind is the kind for the resource (e.g. 'Foo' is the kind for a resource 'foo')
name <br /> *string* | name is the name of the resource.
namespaced <br /> *boolean* | namespaced indicates if a resource is namespaced or not.

33
docs/api-reference/v1.5/documents/_generated_apiresourcelist_unversioned_concept.md
View File

@ -1,33 +0,0 @@
-----------
# APIResourceList unversioned
Group | Version | Kind
------------ | ---------- | -----------
Core | unversioned | APIResourceList
APIResourceList is a list of APIResource, it is used to expose the name of the resources supported in a specific group and version, and if the resource is namespaced.
Field | Description
------------ | -----------
apiVersion <br /> *string* | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
groupVersion <br /> *string* | groupVersion is the group and version this APIResourceList is for.
kind <br /> *string* | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
resources <br /> *[APIResource](#apiresource-unversioned) array* | resources contains the name of the resources and if they are namespaced.

19
docs/api-reference/v1.5/documents/_generated_apiresourcelist_unversioned_definition.md
View File

@ -1,19 +0,0 @@
## APIResourceList unversioned
Group | Version | Kind
------------ | ---------- | -----------
Core | unversioned | APIResourceList
APIResourceList is a list of APIResource, it is used to expose the name of the resources supported in a specific group and version, and if the resource is namespaced.
Field | Description
------------ | -----------
apiVersion <br /> *string* | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
groupVersion <br /> *string* | groupVersion is the group and version this APIResourceList is for.
kind <br /> *string* | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
resources <br /> *[APIResource](#apiresource-unversioned) array* | resources contains the name of the resources and if they are namespaced.

31
docs/api-reference/v1.5/documents/_generated_apiversion_v1beta1_concept.md
View File

@ -1,31 +0,0 @@
-----------
# APIVersion v1beta1
Group | Version | Kind
------------ | ---------- | -----------
Core | v1beta1 | APIVersion
An APIVersion represents a single concrete version of an object model.
<aside class="notice">
Appears In <a href="#thirdpartyresource-v1beta1">ThirdPartyResource</a> </aside>
Field | Description
------------ | -----------
name <br /> *string* | Name of this version (e.g. 'v1').

17
docs/api-reference/v1.5/documents/_generated_apiversion_v1beta1_definition.md
View File

@ -1,17 +0,0 @@
## APIVersion v1beta1
Group | Version | Kind
------------ | ---------- | -----------
Core | v1beta1 | APIVersion
An APIVersion represents a single concrete version of an object model.
<aside class="notice">
Appears In <a href="#thirdpartyresource-v1beta1">ThirdPartyResource</a> </aside>
Field | Description
------------ | -----------
name <br /> *string* | Name of this version (e.g. 'v1').

33
docs/api-reference/v1.5/documents/_generated_apiversions_unversioned_concept.md
View File

@ -1,33 +0,0 @@
-----------
# APIVersions unversioned
Group | Version | Kind
------------ | ---------- | -----------
Core | unversioned | APIVersions
APIVersions lists the versions that are available, to allow clients to discover the API at /api, which is the root path of the legacy v1 API.
Field | Description
------------ | -----------
apiVersion <br /> *string* | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
kind <br /> *string* | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
serverAddressByClientCIDRs <br /> *[ServerAddressByClientCIDR](#serveraddressbyclientcidr-unversioned) array* | a map of client CIDR to server address that is serving this group. This is to help clients reach servers in the most network-efficient way possible. Clients can use the appropriate server address as per the CIDR that they match. In case of multiple matches, clients should use the longest matching CIDR. The server returns only those CIDRs that it thinks that the client can match. For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP.
versions <br /> *string array* | versions are the api versions that are available.

19
docs/api-reference/v1.5/documents/_generated_apiversions_unversioned_definition.md
View File

@ -1,19 +0,0 @@
## APIVersions unversioned
Group | Version | Kind
------------ | ---------- | -----------
Core | unversioned | APIVersions
APIVersions lists the versions that are available, to allow clients to discover the API at /api, which is the root path of the legacy v1 API.
Field | Description
------------ | -----------
apiVersion <br /> *string* | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
kind <br /> *string* | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
serverAddressByClientCIDRs <br /> *[ServerAddressByClientCIDR](#serveraddressbyclientcidr-unversioned) array* | a map of client CIDR to server address that is serving this group. This is to help clients reach servers in the most network-efficient way possible. Clients can use the appropriate server address as per the CIDR that they match. In case of multiple matches, clients should use the longest matching CIDR. The server returns only those CIDRs that it thinks that the client can match. For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP.
versions <br /> *string array* | versions are the api versions that are available.

32
docs/api-reference/v1.5/documents/_generated_attachedvolume_v1_concept.md
View File

@ -1,32 +0,0 @@
-----------
# AttachedVolume v1
Group | Version | Kind
------------ | ---------- | -----------
Core | v1 | AttachedVolume
AttachedVolume describes a volume attached to a node
<aside class="notice">
Appears In <a href="#nodestatus-v1">NodeStatus</a> </aside>
Field | Description
------------ | -----------
devicePath <br /> *string* | DevicePath represents the device path where the volume should be available
name <br /> *string* | Name of the attached volume

18
docs/api-reference/v1.5/documents/_generated_attachedvolume_v1_definition.md
View File

@ -1,18 +0,0 @@
## AttachedVolume v1
Group | Version | Kind
------------ | ---------- | -----------
Core | v1 | AttachedVolume
AttachedVolume describes a volume attached to a node
<aside class="notice">
Appears In <a href="#nodestatus-v1">NodeStatus</a> </aside>
Field | Description
------------ | -----------
devicePath <br /> *string* | DevicePath represents the device path where the volume should be available
name <br /> *string* | Name of the attached volume

36
docs/api-reference/v1.5/documents/_generated_awselasticblockstorevolumesource_v1_concept.md
View File

@ -1,36 +0,0 @@
-----------
# AWSElasticBlockStoreVolumeSource v1
Group | Version | Kind
------------ | ---------- | -----------
Core | v1 | AWSElasticBlockStoreVolumeSource
Represents a Persistent Disk resource in AWS.
An AWS EBS disk must exist before mounting to a container. The disk must also be in the same AWS zone as the kubelet. An AWS EBS disk can only be mounted as read/write once. AWS EBS volumes support ownership management and SELinux relabeling.
<aside class="notice">
Appears In <a href="#persistentvolumespec-v1">PersistentVolumeSpec</a> <a href="#volume-v1">Volume</a> </aside>
Field | Description
------------ | -----------
fsType <br /> *string* | Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: http://kubernetes.io/docs/user-guide/volumes#awselasticblockstore
partition <br /> *integer* | The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
readOnly <br /> *boolean* | Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: http://kubernetes.io/docs/user-guide/volumes#awselasticblockstore
volumeID <br /> *string* | Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: http://kubernetes.io/docs/user-guide/volumes#awselasticblockstore

22
docs/api-reference/v1.5/documents/_generated_awselasticblockstorevolumesource_v1_definition.md
View File

@ -1,22 +0,0 @@
## AWSElasticBlockStoreVolumeSource v1
Group | Version | Kind
------------ | ---------- | -----------
Core | v1 | AWSElasticBlockStoreVolumeSource
Represents a Persistent Disk resource in AWS.
An AWS EBS disk must exist before mounting to a container. The disk must also be in the same AWS zone as the kubelet. An AWS EBS disk can only be mounted as read/write once. AWS EBS volumes support ownership management and SELinux relabeling.
<aside class="notice">
Appears In <a href="#persistentvolumespec-v1">PersistentVolumeSpec</a> <a href="#volume-v1">Volume</a> </aside>
Field | Description
------------ | -----------
fsType <br /> *string* | Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: http://kubernetes.io/docs/user-guide/volumes#awselasticblockstore
partition <br /> *integer* | The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
readOnly <br /> *boolean* | Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: http://kubernetes.io/docs/user-guide/volumes#awselasticblockstore
volumeID <br /> *string* | Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: http://kubernetes.io/docs/user-guide/volumes#awselasticblockstore

35
docs/api-reference/v1.5/documents/_generated_azurediskvolumesource_v1_concept.md
View File

@ -1,35 +0,0 @@
-----------
# AzureDiskVolumeSource v1
Group | Version | Kind
------------ | ---------- | -----------
Core | v1 | AzureDiskVolumeSource
AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
<aside class="notice">
Appears In <a href="#persistentvolumespec-v1">PersistentVolumeSpec</a> <a href="#volume-v1">Volume</a> </aside>
Field | Description
------------ | -----------
cachingMode <br /> *string* | Host Caching mode: None, Read Only, Read Write.
diskName <br /> *string* | The Name of the data disk in the blob storage
diskURI <br /> *string* | The URI the data disk in the blob storage
fsType <br /> *string* | Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
readOnly <br /> *boolean* | Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

21
docs/api-reference/v1.5/documents/_generated_azurediskvolumesource_v1_definition.md
View File

@ -1,21 +0,0 @@
## AzureDiskVolumeSource v1
Group | Version | Kind
------------ | ---------- | -----------
Core | v1 | AzureDiskVolumeSource
AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
<aside class="notice">
Appears In <a href="#persistentvolumespec-v1">PersistentVolumeSpec</a> <a href="#volume-v1">Volume</a> </aside>
Field | Description
------------ | -----------
cachingMode <br /> *string* | Host Caching mode: None, Read Only, Read Write.
diskName <br /> *string* | The Name of the data disk in the blob storage
diskURI <br /> *string* | The URI the data disk in the blob storage
fsType <br /> *string* | Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
readOnly <br /> *boolean* | Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

33
docs/api-reference/v1.5/documents/_generated_azurefilevolumesource_v1_concept.md
View File

@ -1,33 +0,0 @@
-----------
# AzureFileVolumeSource v1
Group | Version | Kind
------------ | ---------- | -----------
Core | v1 | AzureFileVolumeSource
AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
<aside class="notice">
Appears In <a href="#persistentvolumespec-v1">PersistentVolumeSpec</a> <a href="#volume-v1">Volume</a> </aside>
Field | Description
------------ | -----------
readOnly <br /> *boolean* | Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
secretName <br /> *string* | the name of secret that contains Azure Storage Account Name and Key
shareName <br /> *string* | Share Name

19
docs/api-reference/v1.5/documents/_generated_azurefilevolumesource_v1_definition.md
View File

@ -1,19 +0,0 @@
## AzureFileVolumeSource v1
Group | Version | Kind
------------ | ---------- | -----------
Core | v1 | AzureFileVolumeSource
AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
<aside class="notice">
Appears In <a href="#persistentvolumespec-v1">PersistentVolumeSpec</a> <a href="#volume-v1">Volume</a> </aside>
Field | Description
------------ | -----------
readOnly <br /> *boolean* | Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
secretName <br /> *string* | the name of secret that contains Azure Storage Account Name and Key
shareName <br /> *string* | Share Name

104
docs/api-reference/v1.5/documents/_generated_binding_v1_concept.md
View File

@ -1,104 +0,0 @@
-----------
# Binding v1
Group | Version | Kind
------------ | ---------- | -----------
Core | v1 | Binding
Binding ties one object to another. For example, a pod is bound to a node by a scheduler.
Field | Description
------------ | -----------
apiVersion <br /> *string* | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
kind <br /> *string* | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
metadata <br /> *[ObjectMeta](#objectmeta-v1)* | Standard object's metadata. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
target <br /> *[ObjectReference](#objectreference-v1)* | The target object that you want to bind to the standard object.
## <strong>Write Operations</strong>
See supported operations below...
## Create
>bdocs-tab:kubectl `kubectl` Command
```bdocs-tab:kubectl_shell
Coming Soon
```
>bdocs-tab:curl `curl` Command (*requires `kubectl proxy` to be running*)
```bdocs-tab:curl_shell
Coming Soon
```
>bdocs-tab:kubectl Output
```bdocs-tab:kubectl_json
Coming Soon
```
>bdocs-tab:curl Response Body
```bdocs-tab:curl_json
Coming Soon
```
create a Binding
### HTTP Request
`POST /api/v1/namespaces/{namespace}/bindings`
### Path Parameters
Parameter | Description
------------ | -----------
namespace | object name and auth scope, such as for teams and projects
### Query Parameters
Parameter | Description
------------ | -----------
pretty | If 'true', then the output is pretty printed.
### Body Parameters
Parameter | Description
------------ | -----------
body <br /> *[Binding](#binding-v1)* |
### Response
Code | Description
------------ | -----------
200 <br /> *[Binding](#binding-v1)* | OK

19
docs/api-reference/v1.5/documents/_generated_binding_v1_definition.md
View File

@ -1,19 +0,0 @@
## Binding v1
Group | Version | Kind
------------ | ---------- | -----------
Core | v1 | Binding
Binding ties one object to another. For example, a pod is bound to a node by a scheduler.
Field | Description
------------ | -----------
apiVersion <br /> *string* | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
kind <br /> *string* | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
metadata <br /> *[ObjectMeta](#objectmeta-v1)* | Standard object's metadata. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
target <br /> *[ObjectReference](#objectreference-v1)* | The target object that you want to bind to the standard object.

32
docs/api-reference/v1.5/documents/_generated_capabilities_v1_concept.md
View File

@ -1,32 +0,0 @@
-----------
# Capabilities v1
Group | Version | Kind
------------ | ---------- | -----------
Core | v1 | Capabilities
Adds and removes POSIX capabilities from running containers.
<aside class="notice">
Appears In <a href="#securitycontext-v1">SecurityContext</a> </aside>
Field | Description
------------ | -----------
add <br /> *string array* | Added capabilities
drop <br /> *string array* | Removed capabilities

18
docs/api-reference/v1.5/documents/_generated_capabilities_v1_definition.md
View File

@ -1,18 +0,0 @@
## Capabilities v1
Group | Version | Kind
------------ | ---------- | -----------
Core | v1 | Capabilities
Adds and removes POSIX capabilities from running containers.
<aside class="notice">
Appears In <a href="#securitycontext-v1">SecurityContext</a> </aside>
Field | Description
------------ | -----------
add <br /> *string array* | Added capabilities
drop <br /> *string array* | Removed capabilities

36
docs/api-reference/v1.5/documents/_generated_cephfsvolumesource_v1_concept.md
View File

@ -1,36 +0,0 @@
-----------
# CephFSVolumeSource v1
Group | Version | Kind
------------ | ---------- | -----------
Core | v1 | CephFSVolumeSource
Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.
<aside class="notice">
Appears In <a href="#persistentvolumespec-v1">PersistentVolumeSpec</a> <a href="#volume-v1">Volume</a> </aside>
Field | Description
------------ | -----------
monitors <br /> *string array* | Required: Monitors is a collection of Ceph monitors More info: http://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it
path <br /> *string* | Optional: Used as the mounted root, rather than the full Ceph tree, default is /
readOnly <br /> *boolean* | Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: http://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it
secretFile <br /> *string* | Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: http://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it
secretRef <br /> *[LocalObjectReference](#localobjectreference-v1)* | Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: http://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it
user <br /> *string* | Optional: User is the rados user name, default is admin More info: http://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it

22
docs/api-reference/v1.5/documents/_generated_cephfsvolumesource_v1_definition.md
View File

@ -1,22 +0,0 @@
## CephFSVolumeSource v1
Group | Version | Kind
------------ | ---------- | -----------
Core | v1 | CephFSVolumeSource
Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.
<aside class="notice">
Appears In <a href="#persistentvolumespec-v1">PersistentVolumeSpec</a> <a href="#volume-v1">Volume</a> </aside>
Field | Description
------------ | -----------
monitors <br /> *string array* | Required: Monitors is a collection of Ceph monitors More info: http://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it
path <br /> *string* | Optional: Used as the mounted root, rather than the full Ceph tree, default is /
readOnly <br /> *boolean* | Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: http://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it
secretFile <br /> *string* | Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: http://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it
secretRef <br /> *[LocalObjectReference](#localobjectreference-v1)* | Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: http://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it
user <br /> *string* | Optional: User is the rados user name, default is admin More info: http://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it

590
docs/api-reference/v1.5/documents/_generated_certificatesigningrequest_v1alpha1_concept.md
View File

@ -1,590 +0,0 @@
-----------
# CertificateSigningRequest v1alpha1
Group | Version | Kind
------------ | ---------- | -----------
Certificates | v1alpha1 | CertificateSigningRequest
Describes a certificate signing request
<aside class="notice">
Appears In <a href="#certificatesigningrequestlist-v1alpha1">CertificateSigningRequestList</a> </aside>
Field | Description
------------ | -----------
apiVersion <br /> *string* | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
kind <br /> *string* | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
metadata <br /> *[ObjectMeta](#objectmeta-v1)* |
spec <br /> *[CertificateSigningRequestSpec](#certificatesigningrequestspec-v1alpha1)* | The certificate request itself and any additional information.
status <br /> *[CertificateSigningRequestStatus](#certificatesigningrequeststatus-v1alpha1)* | Derived information about the request.
### CertificateSigningRequestSpec v1alpha1
<aside class="notice">
Appears In <a href="#certificatesigningrequest-v1alpha1">CertificateSigningRequest</a> </aside>
Field | Description
------------ | -----------
groups <br /> *string array* |
request <br /> *string* | Base64-encoded PKCS#10 CSR data
uid <br /> *string* |
username <br /> *string* | Information about the requesting user (if relevant) See user.Info interface for details
### CertificateSigningRequestStatus v1alpha1
<aside class="notice">
Appears In <a href="#certificatesigningrequest-v1alpha1">CertificateSigningRequest</a> </aside>
Field | Description
------------ | -----------
certificate <br /> *string* | If request was approved, the controller will place the issued certificate here.
conditions <br /> *[CertificateSigningRequestCondition](#certificatesigningrequestcondition-v1alpha1) array* | Conditions applied to the request, such as approval or denial.
### CertificateSigningRequestList v1alpha1
Field | Description
------------ | -----------
apiVersion <br /> *string* | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
items <br /> *[CertificateSigningRequest](#certificatesigningrequest-v1alpha1) array* |
kind <br /> *string* | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
metadata <br /> *[ListMeta](#listmeta-unversioned)* |
## <strong>Write Operations</strong>
See supported operations below...
## Create
>bdocs-tab:kubectl `kubectl` Command
```bdocs-tab:kubectl_shell
Coming Soon
```
>bdocs-tab:curl `curl` Command (*requires `kubectl proxy` to be running*)
```bdocs-tab:curl_shell
Coming Soon
```
>bdocs-tab:kubectl Output
```bdocs-tab:kubectl_json
Coming Soon
```
>bdocs-tab:curl Response Body
```bdocs-tab:curl_json
Coming Soon
```
create a CertificateSigningRequest
### HTTP Request
`POST /apis/certificates.k8s.io/v1alpha1/certificatesigningrequests`
### Query Parameters
Parameter | Description
------------ | -----------
pretty | If 'true', then the output is pretty printed.
### Body Parameters
Parameter | Description
------------ | -----------
body <br /> *[CertificateSigningRequest](#certificatesigningrequest-v1alpha1)* |
### Response
Code | Description
------------ | -----------
200 <br /> *[CertificateSigningRequest](#certificatesigningrequest-v1alpha1)* | OK
## Replace
>bdocs-tab:kubectl `kubectl` Command
```bdocs-tab:kubectl_shell
Coming Soon
```
>bdocs-tab:curl `curl` Command (*requires `kubectl proxy` to be running*)
```bdocs-tab:curl_shell
Coming Soon
```
>bdocs-tab:kubectl Output
```bdocs-tab:kubectl_json
Coming Soon
```
>bdocs-tab:curl Response Body
```bdocs-tab:curl_json
Coming Soon
```
replace the specified CertificateSigningRequest
### HTTP Request
`PUT /apis/certificates.k8s.io/v1alpha1/certificatesigningrequests/{name}`
### Path Parameters
Parameter | Description
------------ | -----------
name | name of the CertificateSigningRequest
### Query Parameters
Parameter | Description
------------ | -----------
pretty | If 'true', then the output is pretty printed.
### Body Parameters
Parameter | Description
------------ | -----------
body <br /> *[CertificateSigningRequest](#certificatesigningrequest-v1alpha1)* |
### Response
Code | Description
------------ | -----------
200 <br /> *[CertificateSigningRequest](#certificatesigningrequest-v1alpha1)* | OK
## Patch
>bdocs-tab:kubectl `kubectl` Command
```bdocs-tab:kubectl_shell
Coming Soon
```
>bdocs-tab:curl `curl` Command (*requires `kubectl proxy` to be running*)
```bdocs-tab:curl_shell
Coming Soon
```
>bdocs-tab:kubectl Output
```bdocs-tab:kubectl_json
Coming Soon
```
>bdocs-tab:curl Response Body
```bdocs-tab:curl_json
Coming Soon
```
partially update the specified CertificateSigningRequest
### HTTP Request
`PATCH /apis/certificates.k8s.io/v1alpha1/certificatesigningrequests/{name}`
### Path Parameters
Parameter | Description
------------ | -----------
name | name of the CertificateSigningRequest
### Query Parameters
Parameter | Description
------------ | -----------
pretty | If 'true', then the output is pretty printed.
### Body Parameters
Parameter | Description
------------ | -----------
body <br /> *[Patch](#patch-unversioned)* |
### Response
Code | Description
------------ | -----------
200 <br /> *[CertificateSigningRequest](#certificatesigningrequest-v1alpha1)* | OK
## Delete
>bdocs-tab:kubectl `kubectl` Command
```bdocs-tab:kubectl_shell
Coming Soon
```
>bdocs-tab:curl `curl` Command (*requires `kubectl proxy` to be running*)
```bdocs-tab:curl_shell
Coming Soon
```
>bdocs-tab:kubectl Output
```bdocs-tab:kubectl_json
Coming Soon
```
>bdocs-tab:curl Response Body
```bdocs-tab:curl_json
Coming Soon
```
delete a CertificateSigningRequest
### HTTP Request
`DELETE /apis/certificates.k8s.io/v1alpha1/certificatesigningrequests/{name}`
### Path Parameters
Parameter | Description
------------ | -----------
name | name of the CertificateSigningRequest
### Query Parameters
Parameter | Description
------------ | -----------
pretty | If 'true', then the output is pretty printed.
gracePeriodSeconds | The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
orphanDependents | Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list.
### Body Parameters
Parameter | Description
------------ | -----------
body <br /> *[DeleteOptions](#deleteoptions-v1)* |
### Response
Code | Description
------------ | -----------
200 <br /> *[Status](#status-unversioned)* | OK
## Delete Collection
>bdocs-tab:kubectl `kubectl` Command
```bdocs-tab:kubectl_shell
Coming Soon
```
>bdocs-tab:curl `curl` Command (*requires `kubectl proxy` to be running*)
```bdocs-tab:curl_shell
Coming Soon
```
>bdocs-tab:kubectl Output
```bdocs-tab:kubectl_json
Coming Soon
```
>bdocs-tab:curl Response Body
```bdocs-tab:curl_json
Coming Soon
```
delete collection of CertificateSigningRequest
### HTTP Request
`DELETE /apis/certificates.k8s.io/v1alpha1/certificatesigningrequests`
### Query Parameters
Parameter | Description
------------ | -----------
pretty | If 'true', then the output is pretty printed.
fieldSelector | A selector to restrict the list of returned objects by their fields. Defaults to everything.
labelSelector | A selector to restrict the list of returned objects by their labels. Defaults to everything.
resourceVersion | When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history.
timeoutSeconds | Timeout for the list/watch call.
watch | Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
### Response
Code | Description
------------ | -----------
200 <br /> *[Status](#status-unversioned)* | OK
## <strong>Read Operations</strong>
See supported operations below...
## Read
>bdocs-tab:kubectl `kubectl` Command
```bdocs-tab:kubectl_shell
Coming Soon
```
>bdocs-tab:curl `curl` Command (*requires `kubectl proxy` to be running*)
```bdocs-tab:curl_shell
Coming Soon
```
>bdocs-tab:kubectl Output
```bdocs-tab:kubectl_json
Coming Soon
```
>bdocs-tab:curl Response Body
```bdocs-tab:curl_json
Coming Soon
```
read the specified CertificateSigningRequest
### HTTP Request
`GET /apis/certificates.k8s.io/v1alpha1/certificatesigningrequests/{name}`
### Path Parameters
Parameter | Description
------------ | -----------
name | name of the CertificateSigningRequest
### Query Parameters
Parameter | Description
------------ | -----------
pretty | If 'true', then the output is pretty printed.
exact | Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'
export | Should this value be exported. Export strips fields that a user can not specify.
### Response
Code | Description
------------ | -----------
200 <br /> *[CertificateSigningRequest](#certificatesigningrequest-v1alpha1)* | OK
## List
>bdocs-tab:kubectl `kubectl` Command
```bdocs-tab:kubectl_shell
Coming Soon
```
>bdocs-tab:curl `curl` Command (*requires `kubectl proxy` to be running*)
```bdocs-tab:curl_shell
Coming Soon
```
>bdocs-tab:kubectl Output
```bdocs-tab:kubectl_json
Coming Soon
```
>bdocs-tab:curl Response Body
```bdocs-tab:curl_json
Coming Soon
```
list or watch objects of kind CertificateSigningRequest
### HTTP Request
`GET /apis/certificates.k8s.io/v1alpha1/certificatesigningrequests`
### Query Parameters
Parameter | Description
------------ | -----------
pretty | If 'true', then the output is pretty printed.
fieldSelector | A selector to restrict the list of returned objects by their fields. Defaults to everything.
labelSelector | A selector to restrict the list of returned objects by their labels. Defaults to everything.
resourceVersion | When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history.
timeoutSeconds | Timeout for the list/watch call.
watch | Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
### Response
Code | Description
------------ | -----------
200 <br /> *[CertificateSigningRequestList](#certificatesigningrequestlist-v1alpha1)* | OK
## Watch
>bdocs-tab:kubectl `kubectl` Command
```bdocs-tab:kubectl_shell
Coming Soon
```
>bdocs-tab:curl `curl` Command (*requires `kubectl proxy` to be running*)
```bdocs-tab:curl_shell
Coming Soon
```
>bdocs-tab:kubectl Output
```bdocs-tab:kubectl_json
Coming Soon
```
>bdocs-tab:curl Response Body
```bdocs-tab:curl_json
Coming Soon
```
watch changes to an object of kind CertificateSigningRequest
### HTTP Request
`GET /apis/certificates.k8s.io/v1alpha1/watch/certificatesigningrequests/{name}`
### Path Parameters
Parameter | Description
------------ | -----------
name | name of the CertificateSigningRequest
### Query Parameters
Parameter | Description
------------ | -----------
fieldSelector | A selector to restrict the list of returned objects by their fields. Defaults to everything.
labelSelector | A selector to restrict the list of returned objects by their labels. Defaults to everything.
pretty | If 'true', then the output is pretty printed.
resourceVersion | When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history.
timeoutSeconds | Timeout for the list/watch call.
watch | Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
### Response
Code | Description
------------ | -----------
200 <br /> *[Event](#event-versioned)* | OK

21
docs/api-reference/v1.5/documents/_generated_certificatesigningrequest_v1alpha1_definition.md
View File

@ -1,21 +0,0 @@
## CertificateSigningRequest v1alpha1
Group | Version | Kind
------------ | ---------- | -----------
Certificates | v1alpha1 | CertificateSigningRequest
Describes a certificate signing request
<aside class="notice">
Appears In <a href="#certificatesigningrequestlist-v1alpha1">CertificateSigningRequestList</a> </aside>
Field | Description
------------ | -----------
apiVersion <br /> *string* | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
kind <br /> *string* | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
metadata <br /> *[ObjectMeta](#objectmeta-v1)* |
spec <br /> *[CertificateSigningRequestSpec](#certificatesigningrequestspec-v1alpha1)* | The certificate request itself and any additional information.
status <br /> *[CertificateSigningRequestStatus](#certificatesigningrequeststatus-v1alpha1)* | Derived information about the request.

34
docs/api-reference/v1.5/documents/_generated_certificatesigningrequestcondition_v1alpha1_concept.md
View File

@ -1,34 +0,0 @@
-----------
# CertificateSigningRequestCondition v1alpha1
Group | Version | Kind
------------ | ---------- | -----------
Core | v1alpha1 | CertificateSigningRequestCondition
<aside class="notice">
Appears In <a href="#certificatesigningrequeststatus-v1alpha1">CertificateSigningRequestStatus</a> </aside>
Field | Description
------------ | -----------
lastUpdateTime <br /> *[Time](#time-unversioned)* | timestamp for the last update to this condition
message <br /> *string* | human readable message with details about the request state
reason <br /> *string* | brief reason for the request state
type <br /> *string* | request approval state, currently Approved or Denied.

20
docs/api-reference/v1.5/documents/_generated_certificatesigningrequestcondition_v1alpha1_definition.md
View File

@ -1,20 +0,0 @@
## CertificateSigningRequestCondition v1alpha1
Group | Version | Kind
------------ | ---------- | -----------
Core | v1alpha1 | CertificateSigningRequestCondition
<aside class="notice">
Appears In <a href="#certificatesigningrequeststatus-v1alpha1">CertificateSigningRequestStatus</a> </aside>
Field | Description
------------ | -----------
lastUpdateTime <br /> *[Time](#time-unversioned)* | timestamp for the last update to this condition
message <br /> *string* | human readable message with details about the request state
reason <br /> *string* | brief reason for the request state
type <br /> *string* | request approval state, currently Approved or Denied.

99
docs/api-reference/v1.5/documents/_generated_certificatesigningrequestlist_v1alpha1_concept.md
View File

@ -1,99 +0,0 @@
-----------
# CertificateSigningRequestList v1alpha1
Group | Version | Kind
------------ | ---------- | -----------
Certificates | v1alpha1 | CertificateSigningRequestList
Field | Description
------------ | -----------
apiVersion <br /> *string* | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
items <br /> *[CertificateSigningRequest](#certificatesigningrequest-v1alpha1) array* |
kind <br /> *string* | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
metadata <br /> *[ListMeta](#listmeta-unversioned)* |
## <strong>Read Operations</strong>
See supported operations below...
## Watch
>bdocs-tab:kubectl `kubectl` Command
```bdocs-tab:kubectl_shell
Coming Soon
```
>bdocs-tab:curl `curl` Command (*requires `kubectl proxy` to be running*)
```bdocs-tab:curl_shell
Coming Soon
```
>bdocs-tab:kubectl Output
```bdocs-tab:kubectl_json
Coming Soon
```
>bdocs-tab:curl Response Body
```bdocs-tab:curl_json
Coming Soon
```
watch individual changes to a list of CertificateSigningRequest
### HTTP Request
`GET /apis/certificates.k8s.io/v1alpha1/watch/certificatesigningrequests`
### Query Parameters
Parameter | Description
------------ | -----------
fieldSelector | A selector to restrict the list of returned objects by their fields. Defaults to everything.
labelSelector | A selector to restrict the list of returned objects by their labels. Defaults to everything.
pretty | If 'true', then the output is pretty printed.
resourceVersion | When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history.
timeoutSeconds | Timeout for the list/watch call.
watch | Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
### Response
Code | Description
------------ | -----------
200 <br /> *[Event](#event-versioned)* | OK

19
docs/api-reference/v1.5/documents/_generated_certificatesigningrequestlist_v1alpha1_definition.md
View File

@ -1,19 +0,0 @@
## CertificateSigningRequestList v1alpha1
Group | Version | Kind
------------ | ---------- | -----------
Certificates | v1alpha1 | CertificateSigningRequestList
Field | Description
------------ | -----------
apiVersion <br /> *string* | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
items <br /> *[CertificateSigningRequest](#certificatesigningrequest-v1alpha1) array* |
kind <br /> *string* | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
metadata <br /> *[ListMeta](#listmeta-unversioned)* |

34
docs/api-reference/v1.5/documents/_generated_certificatesigningrequestspec_v1alpha1_concept.md
View File

@ -1,34 +0,0 @@
-----------
# CertificateSigningRequestSpec v1alpha1
Group | Version | Kind
------------ | ---------- | -----------
Core | v1alpha1 | CertificateSigningRequestSpec
This information is immutable after the request is created. Only the Request and ExtraInfo fields can be set on creation, other fields are derived by Kubernetes and cannot be modified by users.
<aside class="notice">
Appears In <a href="#certificatesigningrequest-v1alpha1">CertificateSigningRequest</a> </aside>
Field | Description
------------ | -----------
groups <br /> *string array* |
request <br /> *string* | Base64-encoded PKCS#10 CSR data
uid <br /> *string* |
username <br /> *string* | Information about the requesting user (if relevant) See user.Info interface for details

20
docs/api-reference/v1.5/documents/_generated_certificatesigningrequestspec_v1alpha1_definition.md
View File

@ -1,20 +0,0 @@
## CertificateSigningRequestSpec v1alpha1
Group | Version | Kind
------------ | ---------- | -----------
Core | v1alpha1 | CertificateSigningRequestSpec
This information is immutable after the request is created. Only the Request and ExtraInfo fields can be set on creation, other fields are derived by Kubernetes and cannot be modified by users.
<aside class="notice">
Appears In <a href="#certificatesigningrequest-v1alpha1">CertificateSigningRequest</a> </aside>
Field | Description
------------ | -----------
groups <br /> *string array* |
request <br /> *string* | Base64-encoded PKCS#10 CSR data
uid <br /> *string* |
username <br /> *string* | Information about the requesting user (if relevant) See user.Info interface for details

103
docs/api-reference/v1.5/documents/_generated_certificatesigningrequeststatus_v1alpha1_concept.md
View File

@ -1,103 +0,0 @@
-----------
# CertificateSigningRequestStatus v1alpha1
Group | Version | Kind
------------ | ---------- | -----------
Certificates | v1alpha1 | CertificateSigningRequestStatus
<aside class="notice">
Appears In <a href="#certificatesigningrequest-v1alpha1">CertificateSigningRequest</a> </aside>
Field | Description
------------ | -----------
certificate <br /> *string* | If request was approved, the controller will place the issued certificate here.
conditions <br /> *[CertificateSigningRequestCondition](#certificatesigningrequestcondition-v1alpha1) array* | Conditions applied to the request, such as approval or denial.
## <strong>Write Operations</strong>
See supported operations below...
## Replace
>bdocs-tab:kubectl `kubectl` Command
```bdocs-tab:kubectl_shell
Coming Soon
```
>bdocs-tab:curl `curl` Command (*requires `kubectl proxy` to be running*)
```bdocs-tab:curl_shell
Coming Soon
```
>bdocs-tab:kubectl Output
```bdocs-tab:kubectl_json
Coming Soon
```
>bdocs-tab:curl Response Body
```bdocs-tab:curl_json
Coming Soon
```
replace status of the specified CertificateSigningRequest
### HTTP Request
`PUT /apis/certificates.k8s.io/v1alpha1/certificatesigningrequests/{name}/status`
### Path Parameters
Parameter | Description
------------ | -----------
name | name of the CertificateSigningRequest
### Query Parameters
Parameter | Description
------------ | -----------
pretty | If 'true', then the output is pretty printed.
### Body Parameters
Parameter | Description
------------ | -----------
body <br /> *[CertificateSigningRequest](#certificatesigningrequest-v1alpha1)* |
### Response
Code | Description
------------ | -----------
200 <br /> *[CertificateSigningRequest](#certificatesigningrequest-v1alpha1)* | OK

18
docs/api-reference/v1.5/documents/_generated_certificatesigningrequeststatus_v1alpha1_definition.md
View File

@ -1,18 +0,0 @@
## CertificateSigningRequestStatus v1alpha1
Group | Version | Kind
------------ | ---------- | -----------
Certificates | v1alpha1 | CertificateSigningRequestStatus
<aside class="notice">
Appears In <a href="#certificatesigningrequest-v1alpha1">CertificateSigningRequest</a> </aside>
Field | Description
------------ | -----------
certificate <br /> *string* | If request was approved, the controller will place the issued certificate here.
conditions <br /> *[CertificateSigningRequestCondition](#certificatesigningrequestcondition-v1alpha1) array* | Conditions applied to the request, such as approval or denial.

33
docs/api-reference/v1.5/documents/_generated_cindervolumesource_v1_concept.md
View File

@ -1,33 +0,0 @@
-----------
# CinderVolumeSource v1
Group | Version | Kind
------------ | ---------- | -----------
Core | v1 | CinderVolumeSource
Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.
<aside class="notice">
Appears In <a href="#persistentvolumespec-v1">PersistentVolumeSpec</a> <a href="#volume-v1">Volume</a> </aside>
Field | Description
------------ | -----------
fsType <br /> *string* | Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: http://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md
readOnly <br /> *boolean* | Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: http://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md
volumeID <br /> *string* | volume id used to identify the volume in cinder More info: http://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md

19
docs/api-reference/v1.5/documents/_generated_cindervolumesource_v1_definition.md
View File

@ -1,19 +0,0 @@
## CinderVolumeSource v1
Group | Version | Kind
------------ | ---------- | -----------
Core | v1 | CinderVolumeSource
Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.
<aside class="notice">
Appears In <a href="#persistentvolumespec-v1">PersistentVolumeSpec</a> <a href="#volume-v1">Volume</a> </aside>
Field | Description
------------ | -----------
fsType <br /> *string* | Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: http://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md
readOnly <br /> *boolean* | Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: http://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md
volumeID <br /> *string* | volume id used to identify the volume in cinder More info: http://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md

565
docs/api-reference/v1.5/documents/_generated_clusterrole_v1alpha1_concept.md
View File

@ -1,565 +0,0 @@
-----------
# ClusterRole v1alpha1
Group | Version | Kind
------------ | ---------- | -----------
RbacAuthorization | v1alpha1 | ClusterRole
ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.
<aside class="notice">
Appears In <a href="#clusterrolelist-v1alpha1">ClusterRoleList</a> </aside>
Field | Description
------------ | -----------
apiVersion <br /> *string* | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
kind <br /> *string* | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
metadata <br /> *[ObjectMeta](#objectmeta-v1)* | Standard object's metadata.
rules <br /> *[PolicyRule](#policyrule-v1alpha1) array* | Rules holds all the PolicyRules for this ClusterRole
### ClusterRoleList v1alpha1
Field | Description
------------ | -----------
apiVersion <br /> *string* | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
items <br /> *[ClusterRole](#clusterrole-v1alpha1) array* | Items is a list of ClusterRoles
kind <br /> *string* | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
metadata <br /> *[ListMeta](#listmeta-unversioned)* | Standard object's metadata.
## <strong>Write Operations</strong>
See supported operations below...
## Create
>bdocs-tab:kubectl `kubectl` Command
```bdocs-tab:kubectl_shell
Coming Soon
```
>bdocs-tab:curl `curl` Command (*requires `kubectl proxy` to be running*)
```bdocs-tab:curl_shell
Coming Soon
```
>bdocs-tab:kubectl Output
```bdocs-tab:kubectl_json
Coming Soon
```
>bdocs-tab:curl Response Body
```bdocs-tab:curl_json
Coming Soon
```
create a ClusterRole
### HTTP Request
`POST /apis/rbac.authorization.k8s.io/v1alpha1/clusterroles`
### Query Parameters
Parameter | Description
------------ | -----------
pretty | If 'true', then the output is pretty printed.
### Body Parameters
Parameter | Description
------------ | -----------
body <br /> *[ClusterRole](#clusterrole-v1alpha1)* |
### Response
Code | Description
------------ | -----------
200 <br /> *[ClusterRole](#clusterrole-v1alpha1)* | OK
## Replace
>bdocs-tab:kubectl `kubectl` Command
```bdocs-tab:kubectl_shell
Coming Soon
```
>bdocs-tab:curl `curl` Command (*requires `kubectl proxy` to be running*)
```bdocs-tab:curl_shell
Coming Soon
```
>bdocs-tab:kubectl Output
```bdocs-tab:kubectl_json
Coming Soon
```
>bdocs-tab:curl Response Body
```bdocs-tab:curl_json
Coming Soon
```
replace the specified ClusterRole
### HTTP Request
`PUT /apis/rbac.authorization.k8s.io/v1alpha1/clusterroles/{name}`
### Path Parameters
Parameter | Description
------------ | -----------
name | name of the ClusterRole
### Query Parameters
Parameter | Description
------------ | -----------
pretty | If 'true', then the output is pretty printed.
### Body Parameters
Parameter | Description
------------ | -----------
body <br /> *[ClusterRole](#clusterrole-v1alpha1)* |
### Response
Code | Description
------------ | -----------
200 <br /> *[ClusterRole](#clusterrole-v1alpha1)* | OK
## Patch
>bdocs-tab:kubectl `kubectl` Command
```bdocs-tab:kubectl_shell
Coming Soon
```
>bdocs-tab:curl `curl` Command (*requires `kubectl proxy` to be running*)
```bdocs-tab:curl_shell
Coming Soon
```
>bdocs-tab:kubectl Output
```bdocs-tab:kubectl_json
Coming Soon
```
>bdocs-tab:curl Response Body
```bdocs-tab:curl_json
Coming Soon
```
partially update the specified ClusterRole
### HTTP Request
`PATCH /apis/rbac.authorization.k8s.io/v1alpha1/clusterroles/{name}`
### Path Parameters
Parameter | Description
------------ | -----------
name | name of the ClusterRole
### Query Parameters
Parameter | Description
------------ | -----------
pretty | If 'true', then the output is pretty printed.
### Body Parameters
Parameter | Description
------------ | -----------
body <br /> *[Patch](#patch-unversioned)* |
### Response
Code | Description
------------ | -----------
200 <br /> *[ClusterRole](#clusterrole-v1alpha1)* | OK
## Delete
>bdocs-tab:kubectl `kubectl` Command
```bdocs-tab:kubectl_shell
Coming Soon
```
>bdocs-tab:curl `curl` Command (*requires `kubectl proxy` to be running*)
```bdocs-tab:curl_shell
Coming Soon
```
>bdocs-tab:kubectl Output
```bdocs-tab:kubectl_json
Coming Soon
```
>bdocs-tab:curl Response Body
```bdocs-tab:curl_json
Coming Soon
```
delete a ClusterRole
### HTTP Request
`DELETE /apis/rbac.authorization.k8s.io/v1alpha1/clusterroles/{name}`
### Path Parameters
Parameter | Description
------------ | -----------
name | name of the ClusterRole
### Query Parameters
Parameter | Description
------------ | -----------
pretty | If 'true', then the output is pretty printed.
gracePeriodSeconds | The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
orphanDependents | Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list.
### Body Parameters
Parameter | Description
------------ | -----------
body <br /> *[DeleteOptions](#deleteoptions-v1)* |
### Response
Code | Description
------------ | -----------
200 <br /> *[Status](#status-unversioned)* | OK
## Delete Collection
>bdocs-tab:kubectl `kubectl` Command
```bdocs-tab:kubectl_shell
Coming Soon
```
>bdocs-tab:curl `curl` Command (*requires `kubectl proxy` to be running*)
```bdocs-tab:curl_shell
Coming Soon
```
>bdocs-tab:kubectl Output
```bdocs-tab:kubectl_json
Coming Soon
```
>bdocs-tab:curl Response Body
```bdocs-tab:curl_json
Coming Soon
```
delete collection of ClusterRole
### HTTP Request
`DELETE /apis/rbac.authorization.k8s.io/v1alpha1/clusterroles`
### Query Parameters
Parameter | Description
------------ | -----------
pretty | If 'true', then the output is pretty printed.
fieldSelector | A selector to restrict the list of returned objects by their fields. Defaults to everything.
labelSelector | A selector to restrict the list of returned objects by their labels. Defaults to everything.
resourceVersion | When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history.
timeoutSeconds | Timeout for the list/watch call.
watch | Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
### Response
Code | Description
------------ | -----------
200 <br /> *[Status](#status-unversioned)* | OK
## <strong>Read Operations</strong>
See supported operations below...
## Read
>bdocs-tab:kubectl `kubectl` Command
```bdocs-tab:kubectl_shell
Coming Soon
```
>bdocs-tab:curl `curl` Command (*requires `kubectl proxy` to be running*)
```bdocs-tab:curl_shell
Coming Soon
```
>bdocs-tab:kubectl Output
```bdocs-tab:kubectl_json
Coming Soon
```
>bdocs-tab:curl Response Body
```bdocs-tab:curl_json
Coming Soon
```
read the specified ClusterRole
### HTTP Request
`GET /apis/rbac.authorization.k8s.io/v1alpha1/clusterroles/{name}`
### Path Parameters
Parameter | Description
------------ | -----------
name | name of the ClusterRole
### Query Parameters
Parameter | Description
------------ | -----------
pretty | If 'true', then the output is pretty printed.
### Response
Code | Description
------------ | -----------
200 <br /> *[ClusterRole](#clusterrole-v1alpha1)* | OK
## List
>bdocs-tab:kubectl `kubectl` Command
```bdocs-tab:kubectl_shell
Coming Soon
```
>bdocs-tab:curl `curl` Command (*requires `kubectl proxy` to be running*)
```bdocs-tab:curl_shell
Coming Soon
```
>bdocs-tab:kubectl Output
```bdocs-tab:kubectl_json
Coming Soon
```
>bdocs-tab:curl Response Body
```bdocs-tab:curl_json
Coming Soon
```
list or watch objects of kind ClusterRole
### HTTP Request
`GET /apis/rbac.authorization.k8s.io/v1alpha1/clusterroles`
### Query Parameters
Parameter | Description
------------ | -----------
pretty | If 'true', then the output is pretty printed.
fieldSelector | A selector to restrict the list of returned objects by their fields. Defaults to everything.
labelSelector | A selector to restrict the list of returned objects by their labels. Defaults to everything.
resourceVersion | When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history.
timeoutSeconds | Timeout for the list/watch call.
watch | Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
### Response
Code | Description
------------ | -----------
200 <br /> *[ClusterRoleList](#clusterrolelist-v1alpha1)* | OK
## Watch
>bdocs-tab:kubectl `kubectl` Command
```bdocs-tab:kubectl_shell
Coming Soon
```
>bdocs-tab:curl `curl` Command (*requires `kubectl proxy` to be running*)
```bdocs-tab:curl_shell
Coming Soon
```
>bdocs-tab:kubectl Output
```bdocs-tab:kubectl_json
Coming Soon
```
>bdocs-tab:curl Response Body
```bdocs-tab:curl_json
Coming Soon
```
watch changes to an object of kind ClusterRole
### HTTP Request
`GET /apis/rbac.authorization.k8s.io/v1alpha1/watch/clusterroles/{name}`
### Path Parameters
Parameter | Description
------------ | -----------
name | name of the ClusterRole
### Query Parameters
Parameter | Description
------------ | -----------
fieldSelector | A selector to restrict the list of returned objects by their fields. Defaults to everything.
labelSelector | A selector to restrict the list of returned objects by their labels. Defaults to everything.
pretty | If 'true', then the output is pretty printed.
resourceVersion | When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history.
timeoutSeconds | Timeout for the list/watch call.
watch | Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
### Response
Code | Description
------------ | -----------
200 <br /> *[Event](#event-versioned)* | OK

20
docs/api-reference/v1.5/documents/_generated_clusterrole_v1alpha1_definition.md
View File

@ -1,20 +0,0 @@
## ClusterRole v1alpha1
Group | Version | Kind
------------ | ---------- | -----------
RbacAuthorization | v1alpha1 | ClusterRole
ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.
<aside class="notice">
Appears In <a href="#clusterrolelist-v1alpha1">ClusterRoleList</a> </aside>
Field | Description
------------ | -----------
apiVersion <br /> *string* | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
kind <br /> *string* | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
metadata <br /> *[ObjectMeta](#objectmeta-v1)* | Standard object's metadata.
rules <br /> *[PolicyRule](#policyrule-v1alpha1) array* | Rules holds all the PolicyRules for this ClusterRole

627
docs/api-reference/v1.5/documents/_generated_clusterrolebinding_v1alpha1_concept.md
View File

@ -1,627 +0,0 @@
-----------
# ClusterRoleBinding v1alpha1
Group | Version | Kind
------------ | ---------- | -----------
RbacAuthorization | v1alpha1 | ClusterRoleBinding
ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, and adds who information via Subject.
<aside class="notice">
Appears In <a href="#clusterrolebindinglist-v1alpha1">ClusterRoleBindingList</a> </aside>
Field | Description
------------ | -----------
apiVersion <br /> *string* | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
kind <br /> *string* | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
metadata <br /> *[ObjectMeta](#objectmeta-v1)* | Standard object's metadata.
roleRef <br /> *[RoleRef](#roleref-v1alpha1)* | RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error.
subjects <br /> *[Subject](#subject-v1alpha1) array* | Subjects holds references to the objects the role applies to.
### ClusterRoleBindingList v1alpha1
Field | Description
------------ | -----------
apiVersion <br /> *string* | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
items <br /> *[ClusterRoleBinding](#clusterrolebinding-v1alpha1) array* | Items is a list of ClusterRoleBindings
kind <br /> *string* | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
metadata <br /> *[ListMeta](#listmeta-unversioned)* | Standard object's metadata.
## <strong>Write Operations</strong>
See supported operations below...
## Create
>bdocs-tab:kubectl `kubectl` Command
```bdocs-tab:kubectl_shell
Coming Soon
```
>bdocs-tab:curl `curl` Command (*requires `kubectl proxy` to be running*)
```bdocs-tab:curl_shell
Coming Soon
```
>bdocs-tab:kubectl Output
```bdocs-tab:kubectl_json
Coming Soon
```
>bdocs-tab:curl Response Body
```bdocs-tab:curl_json
Coming Soon
```
create a ClusterRoleBinding
### HTTP Request
`POST /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolebindings`
### Query Parameters
Parameter | Description
------------ | -----------
pretty | If 'true', then the output is pretty printed.
### Body Parameters
Parameter | Description
------------ | -----------
body <br /> *[ClusterRoleBinding](#clusterrolebinding-v1alpha1)* |
### Response
Code | Description
------------ | -----------
200 <br /> *[ClusterRoleBinding](#clusterrolebinding-v1alpha1)* | OK
## Replace
>bdocs-tab:kubectl `kubectl` Command
```bdocs-tab:kubectl_shell
Coming Soon
```
>bdocs-tab:curl `curl` Command (*requires `kubectl proxy` to be running*)
```bdocs-tab:curl_shell
Coming Soon
```
>bdocs-tab:kubectl Output
```bdocs-tab:kubectl_json
Coming Soon
```
>bdocs-tab:curl Response Body
```bdocs-tab:curl_json
Coming Soon
```
replace the specified ClusterRoleBinding
### HTTP Request
`PUT /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolebindings/{name}`
### Path Parameters
Parameter | Description
------------ | -----------
name | name of the ClusterRoleBinding
### Query Parameters
Parameter | Description
------------ | -----------
pretty | If 'true', then the output is pretty printed.
### Body Parameters
Parameter | Description
------------ | -----------
body <br /> *[ClusterRoleBinding](#clusterrolebinding-v1alpha1)* |
### Response
Code | Description
------------ | -----------
200 <br /> *[ClusterRoleBinding](#clusterrolebinding-v1alpha1)* | OK
## Patch
>bdocs-tab:kubectl `kubectl` Command
```bdocs-tab:kubectl_shell
Coming Soon
```
>bdocs-tab:curl `curl` Command (*requires `kubectl proxy` to be running*)
```bdocs-tab:curl_shell
Coming Soon
```
>bdocs-tab:kubectl Output
```bdocs-tab:kubectl_json
Coming Soon
```
>bdocs-tab:curl Response Body
```bdocs-tab:curl_json
Coming Soon
```
partially update the specified ClusterRoleBinding
### HTTP Request
`PATCH /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolebindings/{name}`
### Path Parameters
Parameter | Description
------------ | -----------
name | name of the ClusterRoleBinding
### Query Parameters
Parameter | Description
------------ | -----------
pretty | If 'true', then the output is pretty printed.
### Body Parameters
Parameter | Description
------------ | -----------
body <br /> *[Patch](#patch-unversioned)* |
### Response
Code | Description
------------ | -----------
200 <br /> *[ClusterRoleBinding](#clusterrolebinding-v1alpha1)* | OK
## Delete
>bdocs-tab:kubectl `kubectl` Command
```bdocs-tab:kubectl_shell
Coming Soon
```
>bdocs-tab:curl `curl` Command (*requires `kubectl proxy` to be running*)
```bdocs-tab:curl_shell
Coming Soon
```
>bdocs-tab:kubectl Output
```bdocs-tab:kubectl_json
Coming Soon
```
>bdocs-tab:curl Response Body
```bdocs-tab:curl_json
Coming Soon
```
delete a ClusterRoleBinding
### HTTP Request
`DELETE /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolebindings/{name}`
### Path Parameters
Parameter | Description
------------ | -----------
name | name of the ClusterRoleBinding
### Query Parameters
Parameter | Description
------------ | -----------
pretty | If 'true', then the output is pretty printed.
gracePeriodSeconds | The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
orphanDependents | Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list.
### Body Parameters
Parameter | Description
------------ | -----------
body <br /> *[DeleteOptions](#deleteoptions-v1)* |
### Response
Code | Description
------------ | -----------
200 <br /> *[Status](#status-unversioned)* | OK
## Delete Collection
>bdocs-tab:kubectl `kubectl` Command
```bdocs-tab:kubectl_shell
Coming Soon
```
>bdocs-tab:curl `curl` Command (*requires `kubectl proxy` to be running*)
```bdocs-tab:curl_shell
Coming Soon
```
>bdocs-tab:kubectl Output
```bdocs-tab:kubectl_json
Coming Soon
```
>bdocs-tab:curl Response Body
```bdocs-tab:curl_json
Coming Soon
```
delete collection of ClusterRoleBinding
### HTTP Request
`DELETE /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolebindings`
### Query Parameters
Parameter | Description
------------ | -----------
pretty | If 'true', then the output is pretty printed.
fieldSelector | A selector to restrict the list of returned objects by their fields. Defaults to everything.
labelSelector | A selector to restrict the list of returned objects by their labels. Defaults to everything.
resourceVersion | When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history.
timeoutSeconds | Timeout for the list/watch call.
watch | Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
### Response
Code | Description
------------ | -----------
200 <br /> *[Status](#status-unversioned)* | OK
## <strong>Read Operations</strong>
See supported operations below...
## Read
>bdocs-tab:kubectl `kubectl` Command
```bdocs-tab:kubectl_shell
Coming Soon
```
>bdocs-tab:curl `curl` Command (*requires `kubectl proxy` to be running*)
```bdocs-tab:curl_shell
Coming Soon
```
>bdocs-tab:kubectl Output
```bdocs-tab:kubectl_json
Coming Soon
```
>bdocs-tab:curl Response Body
```bdocs-tab:curl_json
Coming Soon
```
read the specified ClusterRoleBinding
### HTTP Request
`GET /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolebindings/{name}`
### Path Parameters
Parameter | Description
------------ | -----------
name | name of the ClusterRoleBinding
### Query Parameters
Parameter | Description
------------ | -----------
pretty | If 'true', then the output is pretty printed.
### Response
Code | Description
------------ | -----------
200 <br /> *[ClusterRoleBinding](#clusterrolebinding-v1alpha1)* | OK
## List
>bdocs-tab:kubectl `kubectl` Command
```bdocs-tab:kubectl_shell
Coming Soon
```
>bdocs-tab:curl `curl` Command (*requires `kubectl proxy` to be running*)
```bdocs-tab:curl_shell
Coming Soon
```
>bdocs-tab:kubectl Output
```bdocs-tab:kubectl_json
Coming Soon
```
>bdocs-tab:curl Response Body
```bdocs-tab:curl_json
Coming Soon
```
list or watch objects of kind ClusterRoleBinding
### HTTP Request
`GET /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolebindings`
### Query Parameters
Parameter | Description
------------ | -----------
pretty | If 'true', then the output is pretty printed.
fieldSelector | A selector to restrict the list of returned objects by their fields. Defaults to everything.
labelSelector | A selector to restrict the list of returned objects by their labels. Defaults to everything.
resourceVersion | When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history.
timeoutSeconds | Timeout for the list/watch call.
watch | Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
### Response
Code | Description
------------ | -----------
200 <br /> *[ClusterRoleBindingList](#clusterrolebindinglist-v1alpha1)* | OK
## Watch
>bdocs-tab:kubectl `kubectl` Command
```bdocs-tab:kubectl_shell
Coming Soon
```
>bdocs-tab:curl `curl` Command (*requires `kubectl proxy` to be running*)
```bdocs-tab:curl_shell
Coming Soon
```
>bdocs-tab:kubectl Output
```bdocs-tab:kubectl_json
Coming Soon
```
>bdocs-tab:curl Response Body
```bdocs-tab:curl_json
Coming Soon
```
watch changes to an object of kind ClusterRoleBinding
### HTTP Request
`GET /apis/rbac.authorization.k8s.io/v1alpha1/watch/clusterrolebindings/{name}`
### Path Parameters
Parameter | Description
------------ | -----------
name | name of the ClusterRoleBinding
### Query Parameters
Parameter | Description
------------ | -----------
fieldSelector | A selector to restrict the list of returned objects by their fields. Defaults to everything.
labelSelector | A selector to restrict the list of returned objects by their labels. Defaults to everything.
pretty | If 'true', then the output is pretty printed.
resourceVersion | When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history.
timeoutSeconds | Timeout for the list/watch call.
watch | Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
### Response
Code | Description
------------ | -----------
200 <br /> *[Event](#event-versioned)* | OK
## Watch List
>bdocs-tab:kubectl `kubectl` Command
```bdocs-tab:kubectl_shell
Coming Soon
```
>bdocs-tab:curl `curl` Command (*requires `kubectl proxy` to be running*)
```bdocs-tab:curl_shell
Coming Soon
```
>bdocs-tab:kubectl Output
```bdocs-tab:kubectl_json
Coming Soon
```
>bdocs-tab:curl Response Body
```bdocs-tab:curl_json
Coming Soon
```
watch individual changes to a list of ClusterRoleBinding
### HTTP Request
`GET /apis/rbac.authorization.k8s.io/v1alpha1/watch/clusterrolebindings`
### Query Parameters
Parameter | Description
------------ | -----------
fieldSelector | A selector to restrict the list of returned objects by their fields. Defaults to everything.
labelSelector | A selector to restrict the list of returned objects by their labels. Defaults to everything.
pretty | If 'true', then the output is pretty printed.
resourceVersion | When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history.
timeoutSeconds | Timeout for the list/watch call.
watch | Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
### Response
Code | Description
------------ | -----------
200 <br /> *[Event](#event-versioned)* | OK

21
docs/api-reference/v1.5/documents/_generated_clusterrolebinding_v1alpha1_definition.md
View File

@ -1,21 +0,0 @@
## ClusterRoleBinding v1alpha1
Group | Version | Kind
------------ | ---------- | -----------
RbacAuthorization | v1alpha1 | ClusterRoleBinding
ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, and adds who information via Subject.
<aside class="notice">
Appears In <a href="#clusterrolebindinglist-v1alpha1">ClusterRoleBindingList</a> </aside>
Field | Description
------------ | -----------
apiVersion <br /> *string* | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
kind <br /> *string* | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
metadata <br /> *[ObjectMeta](#objectmeta-v1)* | Standard object's metadata.
roleRef <br /> *[RoleRef](#roleref-v1alpha1)* | RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error.
subjects <br /> *[Subject](#subject-v1alpha1) array* | Subjects holds references to the objects the role applies to.

33
docs/api-reference/v1.5/documents/_generated_clusterrolebindinglist_v1alpha1_concept.md
View File

@ -1,33 +0,0 @@
-----------
# ClusterRoleBindingList v1alpha1
Group | Version | Kind
------------ | ---------- | -----------
Core | v1alpha1 | ClusterRoleBindingList
ClusterRoleBindingList is a collection of ClusterRoleBindings
Field | Description
------------ | -----------
apiVersion <br /> *string* | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
items <br /> *[ClusterRoleBinding](#clusterrolebinding-v1alpha1) array* | Items is a list of ClusterRoleBindings
kind <br /> *string* | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
metadata <br /> *[ListMeta](#listmeta-unversioned)* | Standard object's metadata.

19
docs/api-reference/v1.5/documents/_generated_clusterrolebindinglist_v1alpha1_definition.md
View File

@ -1,19 +0,0 @@
## ClusterRoleBindingList v1alpha1
Group | Version | Kind
------------ | ---------- | -----------
Core | v1alpha1 | ClusterRoleBindingList
ClusterRoleBindingList is a collection of ClusterRoleBindings
Field | Description
------------ | -----------
apiVersion <br /> *string* | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
items <br /> *[ClusterRoleBinding](#clusterrolebinding-v1alpha1) array* | Items is a list of ClusterRoleBindings
kind <br /> *string* | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
metadata <br /> *[ListMeta](#listmeta-unversioned)* | Standard object's metadata.

Some files were not shown because too many files have changed in this diff Show More