kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master' into concepts-root

reviewable/pr1611/r4
Devin Donnelly 2017-01-03 11:43:09 -08:00
parent 80bd66bef4 94aafc061a
commit c560d90504
484 changed files with 96359 additions and 16536 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -5,3 +5,4 @@ _site/**
.sass-cache/**
CNAME
.travis.yml
.idea/

1
404.md
View File

@ -3,6 +3,7 @@ layout: docwithnav
title: 404 Error!
permalink: /404.html
no_canonical: true
sitemap: false
---
<script src="/js/redirects.js"></script>

2
CONTRIBUTING.md
View File

@ -33,4 +33,4 @@ Note that code issues should be filed against the main kubernetes repository, wh
### Submitting Documentation Pull Requests
If youre fixing an issue in the existing documentation, you should submit a PR against the master branch. Follow [these instructions to create a documentation pull request against the kubernetes.io repository](http://kubernetes.io/docs/contribute/create-pull-request/).
If you're fixing an issue in the existing documentation, you should submit a PR against the master branch. Follow [these instructions to create a documentation pull request against the kubernetes.io repository](http://kubernetes.io/docs/contribute/create-pull-request/).

20
Gemfile
View File

@ -1,20 +1,4 @@
source "https://rubygems.org"
gem "jekyll", "3.2.1"
gem "jekyll-sass-converter", "1.3.0"
gem "minima", "1.1.0"
gem "kramdown", "1.11.1"
gem "liquid", "3.0.6"
gem "rouge", "1.11.1"
gem "jemoji", "0.7.0"
gem "jekyll-mentions", "1.2.0"
gem "jekyll-redirect-from", "0.11.0"
gem "jekyll-sitemap", "0.10.0"
gem "jekyll-feed", "0.5.1"
gem "jekyll-gist", "1.4.0"
gem "jekyll-paginate", "1.1.0"
gem "jekyll-coffeescript", "1.0.1"
gem "jekyll-seo-tag", "2.0.0"
gem "jekyll-github-metadata", "2.0.2"
gem "listen", "3.0.6"
gem "activesupport", "4.2.7"
gem "github-pages", group: :jekyll_plugins
gem "jekyll-include-cache", "~> 0.1"

166
Gemfile.lock
View File

@ -7,23 +7,75 @@ GEM
minitest (~> 5.1)
thread_safe (~> 0.3, >= 0.3.4)
tzinfo (~> 1.1)
addressable (2.4.0)
addressable (2.5.0)
public_suffix (~> 2.0, >= 2.0.2)
coffee-script (2.4.1)
coffee-script-source
execjs
coffee-script-source (1.10.0)
coffee-script-source (1.12.2)
colorator (1.1.0)
ethon (0.10.1)
ffi (>= 1.3.0)
execjs (2.7.0)
faraday (0.9.2)
faraday (0.10.0)
multipart-post (>= 1.2, < 3)
ffi (1.9.14)
forwardable-extended (2.6.0)
gemoji (2.1.0)
github-pages (112)
activesupport (= 4.2.7)
github-pages-health-check (= 1.3.0)
jekyll (= 3.3.1)
jekyll-avatar (= 0.4.2)
jekyll-coffeescript (= 1.0.1)
jekyll-default-layout (= 0.1.4)
jekyll-feed (= 0.8.0)
jekyll-gist (= 1.4.0)
jekyll-github-metadata (= 2.2.0)
jekyll-mentions (= 1.2.0)
jekyll-optional-front-matter (= 0.1.2)
jekyll-paginate (= 1.1.0)
jekyll-readme-index (= 0.0.3)
jekyll-redirect-from (= 0.11.0)
jekyll-relative-links (= 0.2.1)
jekyll-sass-converter (= 1.3.0)
jekyll-seo-tag (= 2.1.0)
jekyll-sitemap (= 0.12.0)
jekyll-swiss (= 0.4.0)
jekyll-theme-architect (= 0.0.3)
jekyll-theme-cayman (= 0.0.3)
jekyll-theme-dinky (= 0.0.3)
jekyll-theme-hacker (= 0.0.3)
jekyll-theme-leap-day (= 0.0.3)
jekyll-theme-merlot (= 0.0.3)
jekyll-theme-midnight (= 0.0.3)
jekyll-theme-minimal (= 0.0.3)
jekyll-theme-modernist (= 0.0.3)
jekyll-theme-primer (= 0.1.5)
jekyll-theme-slate (= 0.0.3)
jekyll-theme-tactile (= 0.0.3)
jekyll-theme-time-machine (= 0.0.3)
jekyll-titles-from-headings (= 0.1.3)
jemoji (= 0.7.0)
kramdown (= 1.11.1)
liquid (= 3.0.6)
listen (= 3.0.6)
mercenary (~> 0.3)
minima (= 2.0.0)
rouge (= 1.11.1)
terminal-table (~> 1.4)
github-pages-health-check (1.3.0)
addressable (~> 2.3)
net-dns (~> 0.8)
octokit (~> 4.0)
public_suffix (~> 2.0)
typhoeus (~> 0.7)
html-pipeline (2.4.2)
activesupport (>= 2)
nokogiri (>= 1.4)
i18n (0.7.0)
jekyll (3.2.1)
jekyll (3.3.1)
addressable (~> 2.4)
colorator (~> 1.0)
jekyll-sass-converter (~> 1.0)
jekyll-watch (~> 1.1)
@ -33,26 +85,69 @@ GEM
pathutil (~> 0.9)
rouge (~> 1.7)
safe_yaml (~> 1.0)
jekyll-avatar (0.4.2)
jekyll (~> 3.0)
jekyll-coffeescript (1.0.1)
coffee-script (~> 2.2)
jekyll-feed (0.5.1)
jekyll-default-layout (0.1.4)
jekyll (~> 3.0)
jekyll-feed (0.8.0)
jekyll (~> 3.3)
jekyll-gist (1.4.0)
octokit (~> 4.2)
jekyll-github-metadata (2.0.2)
jekyll-github-metadata (2.2.0)
jekyll (~> 3.1)
octokit (~> 4.0)
octokit (~> 4.0, != 4.4.0)
jekyll-include-cache (0.1.0)
jekyll (~> 3.3)
jekyll-mentions (1.2.0)
activesupport (~> 4.0)
html-pipeline (~> 2.3)
jekyll (~> 3.0)
jekyll-optional-front-matter (0.1.2)
jekyll (~> 3.0)
jekyll-paginate (1.1.0)
jekyll-readme-index (0.0.3)
jekyll (~> 3.0)
jekyll-redirect-from (0.11.0)
jekyll (>= 2.0)
jekyll-relative-links (0.2.1)
jekyll (~> 3.3)
jekyll-sass-converter (1.3.0)
sass (~> 3.2)
jekyll-seo-tag (2.0.0)
jekyll (~> 3.1)
jekyll-sitemap (0.10.0)
jekyll-seo-tag (2.1.0)
jekyll (~> 3.3)
jekyll-sitemap (0.12.0)
jekyll (~> 3.3)
jekyll-swiss (0.4.0)
jekyll-theme-architect (0.0.3)
jekyll (~> 3.3)
jekyll-theme-cayman (0.0.3)
jekyll (~> 3.3)
jekyll-theme-dinky (0.0.3)
jekyll (~> 3.3)
jekyll-theme-hacker (0.0.3)
jekyll (~> 3.3)
jekyll-theme-leap-day (0.0.3)
jekyll (~> 3.3)
jekyll-theme-merlot (0.0.3)
jekyll (~> 3.3)
jekyll-theme-midnight (0.0.3)
jekyll (~> 3.3)
jekyll-theme-minimal (0.0.3)
jekyll (~> 3.3)
jekyll-theme-modernist (0.0.3)
jekyll (~> 3.3)
jekyll-theme-primer (0.1.5)
jekyll (~> 3.3)
jekyll-theme-slate (0.0.3)
jekyll (~> 3.3)
jekyll-theme-tactile (0.0.3)
jekyll (~> 3.3)
jekyll-theme-time-machine (0.0.3)
jekyll (~> 3.3)
jekyll-titles-from-headings (0.1.3)
jekyll (~> 3.3)
jekyll-watch (1.5.0)
listen (~> 3.0, < 3.1)
jemoji (0.7.0)
@ -68,52 +163,41 @@ GEM
rb-inotify (>= 0.9.7)
mercenary (0.3.6)
mini_portile2 (2.1.0)
minima (1.1.0)
minitest (5.9.0)
minima (2.0.0)
minitest (5.10.1)
multipart-post (2.0.0)
nokogiri (1.6.8)
net-dns (0.8.0)
nokogiri (1.6.8.1)
mini_portile2 (~> 2.1.0)
pkg-config (~> 1.1.7)
octokit (4.3.0)
sawyer (~> 0.7.0, >= 0.5.3)
octokit (4.6.2)
sawyer (~> 0.8.0, >= 0.5.3)
pathutil (0.14.0)
forwardable-extended (~> 2.6)
pkg-config (1.1.7)
rb-fsevent (0.9.7)
public_suffix (2.0.4)
rb-fsevent (0.9.8)
rb-inotify (0.9.7)
ffi (>= 0.5.0)
rouge (1.11.1)
safe_yaml (1.0.4)
sass (3.4.22)
sawyer (0.7.0)
addressable (>= 2.3.5, < 2.5)
faraday (~> 0.8, < 0.10)
sass (3.4.23)
sawyer (0.8.1)
addressable (>= 2.3.5, < 2.6)
faraday (~> 0.8, < 1.0)
terminal-table (1.7.3)
unicode-display_width (~> 1.1.1)
thread_safe (0.3.5)
typhoeus (0.8.0)
ethon (>= 0.8.0)
tzinfo (1.2.2)
thread_safe (~> 0.1)
unicode-display_width (1.1.2)
PLATFORMS
ruby
DEPENDENCIES
activesupport (= 4.2.7)
jekyll (= 3.2.1)
jekyll-coffeescript (= 1.0.1)
jekyll-feed (= 0.5.1)
jekyll-gist (= 1.4.0)
jekyll-github-metadata (= 2.0.2)
jekyll-mentions (= 1.2.0)
jekyll-paginate (= 1.1.0)
jekyll-redirect-from (= 0.11.0)
jekyll-sass-converter (= 1.3.0)
jekyll-seo-tag (= 2.0.0)
jekyll-sitemap (= 0.10.0)
jemoji (= 0.7.0)
kramdown (= 1.11.1)
liquid (= 3.0.6)
listen (= 3.0.6)
minima (= 1.1.0)
rouge (= 1.11.1)
github-pages
jekyll-include-cache (~> 0.1)
BUNDLED WITH
1.11.2
1.13.6

532
LICENSE
View File

@ -1,201 +1,395 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
Attribution 4.0 International
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
=======================================================================
1. Definitions.
Creative Commons Corporation ("Creative Commons") is not a law firm and
does not provide legal services or legal advice. Distribution of
Creative Commons public licenses does not create a lawyer-client or
other relationship. Creative Commons makes its licenses and related
information available on an "as-is" basis. Creative Commons gives no
warranties regarding its licenses, any material licensed under their
terms and conditions, or any related information. Creative Commons
disclaims all liability for damages resulting from their use to the
fullest extent possible.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
Using Creative Commons Public Licenses
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
Creative Commons public licenses provide a standard set of terms and
conditions that creators and other rights holders may use to share
original works of authorship and other material subject to copyright
and certain other rights specified in the public license below. The
following considerations are for informational purposes only, are not
exhaustive, and do not form part of our licenses.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
Considerations for licensors: Our public licenses are
intended for use by those authorized to give the public
permission to use material in ways otherwise restricted by
copyright and certain other rights. Our licenses are
irrevocable. Licensors should read and understand the terms
and conditions of the license they choose before applying it.
Licensors should also secure all rights necessary before
applying our licenses so that the public can reuse the
material as expected. Licensors should clearly mark any
material not subject to the license. This includes other CC-
licensed material, or material used under an exception or
limitation to copyright. More considerations for licensors:
wiki.creativecommons.org/Considerations_for_licensors
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
Considerations for the public: By using one of our public
licenses, a licensor grants the public permission to use the
licensed material under specified terms and conditions. If
the licensor's permission is not necessary for any reason--for
example, because of any applicable exception or limitation to
copyright--then that use is not regulated by the license. Our
licenses grant only permissions under copyright and certain
other rights that a licensor has authority to grant. Use of
the licensed material may still be restricted for other
reasons, including because others have copyright or other
rights in the material. A licensor may make special requests,
such as asking that all changes be marked or described.
Although not required by our licenses, you are encouraged to
respect those requests where reasonable. More_considerations
for the public:
wiki.creativecommons.org/Considerations_for_licensees
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
=======================================================================
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
Creative Commons Attribution 4.0 International Public License
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
By exercising the Licensed Rights (defined below), You accept and agree
to be bound by the terms and conditions of this Creative Commons
Attribution 4.0 International Public License ("Public License"). To the
extent this Public License may be interpreted as a contract, You are
granted the Licensed Rights in consideration of Your acceptance of
these terms and conditions, and the Licensor grants You such rights in
consideration of benefits the Licensor receives from making the
Licensed Material available under these terms and conditions.
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
Section 1 -- Definitions.
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
a. Adapted Material means material subject to Copyright and Similar
Rights that is derived from or based upon the Licensed Material
and in which the Licensed Material is translated, altered,
arranged, transformed, or otherwise modified in a manner requiring
permission under the Copyright and Similar Rights held by the
Licensor. For purposes of this Public License, where the Licensed
Material is a musical work, performance, or sound recording,
Adapted Material is always produced where the Licensed Material is
synched in timed relation with a moving image.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
b. Adapter's License means the license You apply to Your Copyright
and Similar Rights in Your contributions to Adapted Material in
accordance with the terms and conditions of this Public License.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
c. Copyright and Similar Rights means copyright and/or similar rights
closely related to copyright including, without limitation,
performance, broadcast, sound recording, and Sui Generis Database
Rights, without regard to how the rights are labeled or
categorized. For purposes of this Public License, the rights
specified in Section 2(b)(1)-(2) are not Copyright and Similar
Rights.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
d. Effective Technological Measures means those measures that, in the
absence of proper authority, may not be circumvented under laws
fulfilling obligations under Article 11 of the WIPO Copyright
Treaty adopted on December 20, 1996, and/or similar international
agreements.
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
e. Exceptions and Limitations means fair use, fair dealing, and/or
any other exception or limitation to Copyright and Similar Rights
that applies to Your use of the Licensed Material.
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
f. Licensed Material means the artistic or literary work, database,
or other material to which the Licensor applied this Public
License.
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
g. Licensed Rights means the rights granted to You subject to the
terms and conditions of this Public License, which are limited to
all Copyright and Similar Rights that apply to Your use of the
Licensed Material and that the Licensor has authority to license.
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
h. Licensor means the individual(s) or entity(ies) granting rights
under this Public License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
i. Share means to provide material to the public by any means or
process that requires permission under the Licensed Rights, such
as reproduction, public display, public performance, distribution,
dissemination, communication, or importation, and to make material
available to the public including in ways that members of the
public may access the material from a place and at a time
individually chosen by them.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
j. Sui Generis Database Rights means rights other than copyright
resulting from Directive 96/9/EC of the European Parliament and of
the Council of 11 March 1996 on the legal protection of databases,
as amended and/or succeeded, as well as other essentially
equivalent rights anywhere in the world.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
k. You means the individual or entity exercising the Licensed Rights
under this Public License. Your has a corresponding meaning.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
Section 2 -- Scope.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
a. License grant.
END OF TERMS AND CONDITIONS
1. Subject to the terms and conditions of this Public License,
the Licensor hereby grants You a worldwide, royalty-free,
non-sublicensable, non-exclusive, irrevocable license to
exercise the Licensed Rights in the Licensed Material to:
APPENDIX: How to apply the Apache License to your work.
a. reproduce and Share the Licensed Material, in whole or
in part; and
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
b. produce, reproduce, and Share Adapted Material.
Copyright 2016 The Kubernetes Authors
2. Exceptions and Limitations. For the avoidance of doubt, where
Exceptions and Limitations apply to Your use, this Public
License does not apply, and You do not need to comply with
its terms and conditions.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
3. Term. The term of this Public License is specified in Section
6(a).
http://www.apache.org/licenses/LICENSE-2.0
4. Media and formats; technical modifications allowed. The
Licensor authorizes You to exercise the Licensed Rights in
all media and formats whether now known or hereafter created,
and to make technical modifications necessary to do so. The
Licensor waives and/or agrees not to assert any right or
authority to forbid You from making technical modifications
necessary to exercise the Licensed Rights, including
technical modifications necessary to circumvent Effective
Technological Measures. For purposes of this Public License,
simply making modifications authorized by this Section 2(a)
(4) never produces Adapted Material.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
5. Downstream recipients.
a. Offer from the Licensor -- Licensed Material. Every
recipient of the Licensed Material automatically
receives an offer from the Licensor to exercise the
Licensed Rights under the terms and conditions of this
Public License.
b. No downstream restrictions. You may not offer or impose
any additional or different terms or conditions on, or
apply any Effective Technological Measures to, the
Licensed Material if doing so restricts exercise of the
Licensed Rights by any recipient of the Licensed
Material.
6. No endorsement. Nothing in this Public License constitutes or
may be construed as permission to assert or imply that You
are, or that Your use of the Licensed Material is, connected
with, or sponsored, endorsed, or granted official status by,
the Licensor or others designated to receive attribution as
provided in Section 3(a)(1)(A)(i).
b. Other rights.
1. Moral rights, such as the right of integrity, are not
licensed under this Public License, nor are publicity,
privacy, and/or other similar personality rights; however, to
the extent possible, the Licensor waives and/or agrees not to
assert any such rights held by the Licensor to the limited
extent necessary to allow You to exercise the Licensed
Rights, but not otherwise.
2. Patent and trademark rights are not licensed under this
Public License.
3. To the extent possible, the Licensor waives any right to
collect royalties from You for the exercise of the Licensed
Rights, whether directly or through a collecting society
under any voluntary or waivable statutory or compulsory
licensing scheme. In all other cases the Licensor expressly
reserves any right to collect such royalties.
Section 3 -- License Conditions.
Your exercise of the Licensed Rights is expressly made subject to the
following conditions.
a. Attribution.
1. If You Share the Licensed Material (including in modified
form), You must:
a. retain the following if it is supplied by the Licensor
with the Licensed Material:
i. identification of the creator(s) of the Licensed
Material and any others designated to receive
attribution, in any reasonable manner requested by
the Licensor (including by pseudonym if
designated);
ii. a copyright notice;
iii. a notice that refers to this Public License;
iv. a notice that refers to the disclaimer of
warranties;
v. a URI or hyperlink to the Licensed Material to the
extent reasonably practicable;
b. indicate if You modified the Licensed Material and
retain an indication of any previous modifications; and
c. indicate the Licensed Material is licensed under this
Public License, and include the text of, or the URI or
hyperlink to, this Public License.
2. You may satisfy the conditions in Section 3(a)(1) in any
reasonable manner based on the medium, means, and context in
which You Share the Licensed Material. For example, it may be
reasonable to satisfy the conditions by providing a URI or
hyperlink to a resource that includes the required
information.
3. If requested by the Licensor, You must remove any of the
information required by Section 3(a)(1)(A) to the extent
reasonably practicable.
4. If You Share Adapted Material You produce, the Adapter's
License You apply must not prevent recipients of the Adapted
Material from complying with this Public License.
Section 4 -- Sui Generis Database Rights.
Where the Licensed Rights include Sui Generis Database Rights that
apply to Your use of the Licensed Material:
a. for the avoidance of doubt, Section 2(a)(1) grants You the right
to extract, reuse, reproduce, and Share all or a substantial
portion of the contents of the database;
b. if You include all or a substantial portion of the database
contents in a database in which You have Sui Generis Database
Rights, then the database in which You have Sui Generis Database
Rights (but not its individual contents) is Adapted Material; and
c. You must comply with the conditions in Section 3(a) if You Share
all or a substantial portion of the contents of the database.
For the avoidance of doubt, this Section 4 supplements and does not
replace Your obligations under this Public License where the Licensed
Rights include other Copyright and Similar Rights.
Section 5 -- Disclaimer of Warranties and Limitation of Liability.
a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE
EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS
AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF
ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS,
IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION,
WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS,
ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT
KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT
ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU.
b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE
TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION,
NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES,
COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR
USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR
DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR
IN PART, THIS LIMITATION MAY NOT APPLY TO YOU.
c. The disclaimer of warranties and limitation of liability provided
above shall be interpreted in a manner that, to the extent
possible, most closely approximates an absolute disclaimer and
waiver of all liability.
Section 6 -- Term and Termination.
a. This Public License applies for the term of the Copyright and
Similar Rights licensed here. However, if You fail to comply with
this Public License, then Your rights under this Public License
terminate automatically.
b. Where Your right to use the Licensed Material has terminated under
Section 6(a), it reinstates:
1. automatically as of the date the violation is cured, provided
it is cured within 30 days of Your discovery of the
violation; or
2. upon express reinstatement by the Licensor.
For the avoidance of doubt, this Section 6(b) does not affect any
right the Licensor may have to seek remedies for Your violations
of this Public License.
c. For the avoidance of doubt, the Licensor may also offer the
Licensed Material under separate terms or conditions or stop
distributing the Licensed Material at any time; however, doing so
will not terminate this Public License.
d. Sections 1, 5, 6, 7, and 8 survive termination of this Public
License.
Section 7 -- Other Terms and Conditions.
a. The Licensor shall not be bound by any additional or different
terms or conditions communicated by You unless expressly agreed.
b. Any arrangements, understandings, or agreements regarding the
Licensed Material not stated herein are separate from and
independent of the terms and conditions of this Public License.
Section 8 -- Interpretation.
a. For the avoidance of doubt, this Public License does not, and
shall not be interpreted to, reduce, limit, restrict, or impose
conditions on any use of the Licensed Material that could lawfully
be made without permission under this Public License.
b. To the extent possible, if any provision of this Public License is
deemed unenforceable, it shall be automatically reformed to the
minimum extent necessary to make it enforceable. If the provision
cannot be reformed, it shall be severed from this Public License
without affecting the enforceability of the remaining terms and
conditions.
c. No term or condition of this Public License will be waived and no
failure to comply consented to unless expressly agreed to by the
Licensor.
d. Nothing in this Public License constitutes or may be interpreted
as a limitation upon, or waiver of, any privileges and immunities
that apply to the Licensor or You, including from the legal
processes of any jurisdiction or authority.
=======================================================================
Creative Commons is not a party to its public
licenses. Notwithstanding, Creative Commons may elect to apply one of
its public licenses to material it publishes and in those instances
will be considered the "Licensor." The text of the Creative Commons
public licenses is dedicated to the public domain under the CC0 Public
Domain Dedication. Except for the limited purpose of indicating that
material is shared under a Creative Commons public license or as
otherwise permitted by the Creative Commons policies published at
creativecommons.org/policies, Creative Commons does not authorize the
use of the trademark "Creative Commons" or any other trademark or logo
of Creative Commons without its prior written consent including,
without limitation, in connection with any unauthorized modifications
to any of its public licenses or any other arrangements,
understandings, or agreements concerning use of licensed material. For
the avoidance of doubt, this paragraph does not form part of the
public licenses.
Creative Commons may be contacted at creativecommons.org.

175
README.md
View File

@ -1,182 +1,19 @@
## Instructions for Contributing to the Docs/Website
## Instructions for Contributing to the Kubernetes Documentation
Welcome! We are very pleased you want to contribute to the documentation and/or website for Kubernetes.
Welcome! We are very pleased you want to contribute to the Kubernetes documentation.
You can click the "Fork" button in the upper-right area of the screen to create a copy of our site on your GitHub account called a "fork." Make any changes you want in your fork, and when you are ready to send those changes to us, go to the index page for your fork and click "New Pull Request" to let us know about it.
You can click the **Fork** button in the upper-right area of the screen to create a copy of this repository in your GitHub account called a *fork*. Make any changes you want in your fork, and when you are ready to send those changes to us, go to your fork and create a new pull request to let us know about it.
For more information about contributing to the Kubernetes documentation, see:
* [Contributing to the Kubernetes Documentation](http://kubernetes.io/editdocs/)
* [Creating a Documentation Pull Request](http://kubernetes.io/docs/contribute/create-pull-request/)
* [Writing a New Topic](http://kubernetes.io/docs/contribute/write-new-topic/)
* [Staging Your Documentation Changes](http://kubernetes.io/docs/contribute/stage-documentation-changes/)
* [Using Page Templates](http://kubernetes.io/docs/contribute/page-templates/)
## Automatic Staging for Pull Requests
When you create a pull request (either against master or the upcoming release), your changes are staged in a custom subdomain on Netlify so that you can see your changes in rendered form before the PR is merged. You can use this to verify that everything is correct before the PR gets merged. To view your changes:
- Scroll down to the PR's list of Automated Checks
- Click "Show All Checks"
- Look for "deploy/netlify"; you'll see "Deploy Preview Ready!" if staging was successful
- Click "Details" to bring up the staged site and navigate to your changes
## Branch structure and staging
The current version of the website is served out of the `master` branch. To make changes to the live docs, such as bug fixes, broken links, typos, etc, **target your pull request to the master branch**
The `release-1.x` branch stores changes for **upcoming releases of Kubernetes**. For example, the `release-1.5` branch has changes for the 1.5 release. These changes target branches (and *not* master) to avoid publishing documentation updates prior to the release for which they're relevant. If you have a change for an upcoming release of Kubernetes, **target your pull request to the appropriate release branch**.
The staging site for the next upcoming Kubernetes release is here: [http://kubernetes-io-vnext-staging.netlify.com/](http://kubernetes-io-vnext-staging.netlify.com/). The staging site reflects the current state of what's been merged in the release branch, or in other words, what the docs will look like for the next upcoming release. It's automatically updated as new PRs get merged.
## Staging the site locally (using Docker)
Don't like installing stuff? Download and run a local staging server with a single `docker run` command.
git clone https://github.com/kubernetes/kubernetes.github.io.git
cd kubernetes.github.io
docker run -ti --rm -v "$PWD":/k8sdocs -p 4000:4000 gcr.io/google-samples/k8sdocs:1.0
Then visit [http://localhost:4000](http://localhost:4000) to see our site. Any changes you make on your local machine will be automatically staged.
If you're interested you can view [the Dockerfile for this image](https://github.com/kubernetes/kubernetes.github.io/blob/master/staging-container/Dockerfile).
## Staging the site locally (from scratch setup)
The below commands to setup your environment for running GitHub pages locally. Then, any edits you make will be viewable
on a lightweight webserver that runs on your local machine.
This will typically be the fastest way (by far) to iterate on docs changes and see them staged, once you get this set up, but it does involve several install steps that take awhile to complete, and makes system-wide modifications.
Install Ruby 2.2 or higher. If you're on Linux, run these commands:
apt-get install software-properties-common
apt-add-repository ppa:brightbox/ruby-ng
apt-get install ruby2.2
apt-get install ruby2.2-dev
* If you're on a Mac, follow [these instructions](https://gorails.com/setup/osx/).
* If you're on a Windows machine you can use the [Ruby Installer](http://rubyinstaller.org/downloads/). During the installation make sure to check the option for *Add Ruby executables to your PATH*.
The remainder of the steps should work the same across operating systems.
To confirm you've installed Ruby correctly, at the command prompt run `gem --version` and you should get a response with your version number. Likewise you can confirm you have Git installed properly by running `git --version`, which will respond with your version of Git.
Install the GitHub Pages package, which includes Jekyll:
gem install github-pages
Clone our site:
git clone https://github.com/kubernetes/kubernetes.github.io.git
Make any changes you want. Then, to see your changes locally:
cd kubernetes.github.io
jekyll serve
Your copy of the site will then be viewable at: [http://localhost:4000](http://localhost:4000)
(or wherever Jekyll tells you).
## GitHub help
If you're a bit rusty with git/GitHub, you might want to read
[this](http://readwrite.com/2013/10/02/github-for-beginners-part-2) for a refresher.
## Common Tasks
### Edit Page Titles or Change the Left Navigation
Edit the yaml files in `/_data/` for the Guides, Reference, Samples, or Support areas.
You may have to exit and `jekyll clean` before restarting the `jekyll serve` to
get changes to files in `/_data/` to show up.
### Add Images
Put the new image in `/images/docs/` if it's for the documentation, and just `/images/` if it's for the website.
**For diagrams, we greatly prefer SVG files!**
### Include code from another file
To include a file that is hosted on this GitHub repo, insert this code:
<pre>&#123;% include code.html language="&lt;LEXERVALUE&gt;" file="&lt;RELATIVEPATH&gt;" ghlink="&lt;PATHFROMROOT&gt;" %&#125;</pre>
* `LEXERVALUE`: The language in which the file was written; must be [a value supported by Rouge](https://github.com/jneen/rouge/wiki/list-of-supported-languages-and-lexers).
* `RELATIVEPATH`: The path to the file you're including, relative to the current file.
* `PATHFROMROOT`: The path to the file relative to root, e.g. `/docs/admin/foo.yaml`
To include a file that is hosted in the external, main Kubernetes repo, make sure it's added to [/update-imported-docs.sh](https://github.com/kubernetes/kubernetes.github.io/blob/master/update-imported-docs.sh), and run it so that the file gets downloaded, then enter:
<pre>&#123;% include code.html language="&lt;LEXERVALUE&gt;" file="&lt;RELATIVEPATH&gt;" k8slink="&lt;PATHFROMK8SROOT&gt;" %&#125;</pre>
* `PATHFROMK8SROOT`: The path to the file relative to the root of [the Kubernetes repo](https://github.com/kubernetes/kubernetes/tree/release-1.2), e.g. `/examples/rbd/foo.yaml`
## Using tabs for multi-language examples
By specifying some inline CSV in a varable called `tabspec`, you can include a file
called `tabs.html` that generates tabs showing code examples in multiple langauges.
<pre>&#123;% capture tabspec %&#125;servicesample
JSON,json,service-sample.json,/docs/user-guide/services/service-sample.json
YAML,yaml,service-sample.yaml,/docs/user-guide/services/service-sample.yaml&#123;% endcapture %&#125;
&#123;% include tabs.html %&#125;</pre>
In English, this would read: "Create a set of tabs with the alias `servicesample`,
and have tabs visually labeled "JSON" and "YAML" that use `json` and `yaml` Rouge syntax highlighting, which display the contents of
`service-sample.{extension}` on the page, and link to the file in GitHub at (full path)."
Example file: [Pods: Multi-Container](http://kubernetes.io/docs/user-guide/pods/multi-container/).
## Use a global variable
The `/_config.yml` file defines some useful variables you can use when editing docs.
* `page.githubbranch`: The name of the GitHub branch on the Kubernetes repo that is associated with this branch of the docs. e.g. `release-1.2`
* `page.version` The version of Kubernetes associated with this branch of the docs. e.g. `v1.2`
* `page.docsbranch` The name of the GitHub branch on the Docs/Website repo that you are currently using. e.g. `release-1.1` or `master`
This keeps the docs you're editing aligned with the Kubernetes version you're talking about. For example, if you define a link like so, you'll never have to worry about it going stale in future doc branches:
<pre>View the README [here](http://releases.k8s.io/&#123;&#123;page.githubbranch&#125;&#125;/cluster/addons/README.md).</pre>
That, of course, will send users to:
[http://releases.k8s.io/release-1.2/cluster/addons/README.md](http://releases.k8s.io/release-1.2/cluster/addons/README.md)
(Or whatever Kubernetes release that docs branch is associated with.)
## Config yaml guidelines
Guidelines for config yamls that are included in the site docs. These
are the yaml or json files that contain Kubernetes object
configuration to be used with `kubectl create -f` Config yamls should
be:
* Separate deployable files, not embedded in the document, unless very
small variations of a full config.
* Included in the doc with the include code
[above.](#include-code-from-another-file)
* In the same directory as the doc that they are being used in
* If you are re-using a yaml from another doc, that is OK, just
leave it there, don't move it up to a higher level directory.
* Tested in
[test/examples_test.go](https://github.com/kubernetes/kubernetes.github.io/blob/master/test/examples_test.go)
* Follows
[best practices.](http://kubernetes.io/docs/user-guide/config-best-practices/)
Don't assume the reader has this repository checked out, use `kubectl
create -f https://github...` in example commands. For Docker images
used in config yamls, try to use an image from an existing Kubernetes
example. If creating an image for a doc, follow the
[example guidelines](https://github.com/kubernetes/kubernetes/blob/master/examples/guidelines.md#throughout)
section on "Docker images" from the Kubernetes repository.
## Partners
Kubernetes partners refers to the companies who contribute to the Kubernetes core codebase, extend their platform to support Kubernetes or provide managed services to users centered around the Kubernetes platform. Partners can get their services and offerings added to the [partner page](https://k8s.io/partners) by completing and submitting the [partner request form](https://goo.gl/qcSnZF). Once the information and assets are verified, the partner product/services will be listed in the partner page. This would typically take 7-10 days.
* [Documentation Style Guide](http://kubernetes.io/docs/contribute/style-guide/)
## Thank you!
Kubernetes thrives on community participation and we really appreciate your
Kubernetes thrives on community participation, and we really appreciate your
contributions to our site and our documentation!

26
_config.yml
View File

@ -1,11 +1,12 @@
name: Kubernetes
title: Kubernetes
description: Production-Grade Container Orchestration
markdown: kramdown
kramdown:
input: GFM
html_to_native: true
hard_wrap: false
syntax_highlighter: rouge
baseurl: /
incremental: true
safe: false
@ -16,7 +17,7 @@ defaults:
scope:
path: ""
values:
version: "v1.3"
version: "v1.5.1"
githubbranch: "master"
docsbranch: "master"
-
@ -30,3 +31,24 @@ permalink: pretty
gems:
- jekyll-redirect-from
- jekyll-feed
- jekyll-sitemap
- jekyll-seo-tag
- jekyll-include-cache
# SEO
logo: /images/favicon.png
twitter:
username: kubernetesio
# Tables of contents, stored in the _data folder, that control the sidebar nav
tocs:
- docs-home
- guides
- tutorials
- tasks
- concepts
- reference
- tools
- samples
- support

9
_data/concepts.yml
View File

@ -1,9 +1,10 @@
bigheader: "Concepts"
abstract: "Detailed explanations of Kubernetes system concepts and abstractions."
toc:
- title: Concepts
path: /docs/concepts/
- docs/concepts/index.md
- title: Object Metadata
section:
- title: Annotations
path: /docs/concepts/object-metadata/annotations/
- docs/concepts/object-metadata/annotations.md
- title: Controllers
section:
- docs/concepts/abstractions/controllers/statefulsets.md

3
_data/docs-home.yml
View File

@ -1,5 +1,4 @@
bigheader: "Kubernetes Documentation"
abstract: "Documentation for using and learning about Kubernetes."
toc:
- title: Kubernetes Documentation
path: /docs/
- docs/index.md

372
_data/guides.yml
View File

@ -1,302 +1,190 @@
bigheader: "Guides"
abstract: "How to get started, and accomplish tasks, using Kubernetes."
toc:
- title: Guides
path: /docs/user-guide/
- docs/user-guide/index.md
- title: Getting Started
section:
- title: What is Kubernetes?
path: /docs/whatisk8s/
- title: Installing Kubernetes on Linux with kubeadm
path: /docs/getting-started-guides/kubeadm/
- title: Installing Kubernetes on AWS with kops
path: /docs/getting-started-guides/kops/
- title: Hello World on Google Container Engine
path: /docs/hellonode/
- title: Installing kubectl
path: /docs/getting-started-guides/kubectl/
- title: Downloading or Building Kubernetes
path: /docs/getting-started-guides/binary_release/
- docs/whatisk8s.md
- docs/getting-started-guides/kubeadm.md
- docs/getting-started-guides/kops.md
- docs/hellonode.md
- docs/getting-started-guides/kubectl.md
- docs/getting-started-guides/binary_release.md
- title: Online Training Course
path: https://www.udacity.com/course/scalable-microservices-with-kubernetes--ud615
- title: Accessing the Cluster
section:
- title: Installing and Setting up kubectl
path: /docs/user-guide/prereqs/
- title: Accessing Clusters
path: /docs/user-guide/accessing-the-cluster/
- title: Sharing Cluster Access with kubeconfig
path: /docs/user-guide/sharing-clusters/
- title: Authenticating Across Clusters with kubeconfig
path: /docs/user-guide/kubeconfig-file/
- docs/user-guide/prereqs.md
- docs/user-guide/accessing-the-cluster.md
- docs/user-guide/sharing-clusters.md
- docs/user-guide/kubeconfig-file.md
- title: User Guide
path: /docs/user-guide/
- docs/user-guide/index.md
- title: Web UI (Dashboard)
path: /docs/user-guide/ui/
- docs/user-guide/ui.md
- title: Workload Deployment and Management
section:
- title: Launching, Exposing, and Killing Applications
path: /docs/user-guide/quick-start/
- title: Deploying Applications
path: /docs/user-guide/deploying-applications/
- title: Managing Resources
path: /docs/user-guide/managing-deployments/
- title: Replication Controller Operations
path: /docs/user-guide/replication-controller/operations/
- title: Resizing a Replication Controller
path: /docs/user-guide/resizing-a-replication-controller/
- title: Rolling Updates
path: /docs/user-guide/rolling-updates/
- title: Rolling Update Demo
path: /docs/user-guide/update-demo/
- title: Secrets Walkthrough
path: /docs/user-guide/secrets/walkthrough/
- title: Using ConfigMap
path: /docs/user-guide/configmap/
- title: Horizontal Pod Autoscaling
path: /docs/user-guide/horizontal-pod-autoscaling/walkthrough/
- title: Best Practices for Configuration
path: /docs/user-guide/config-best-practices/
- title: Using kubectl to Manage Resources
path: /docs/user-guide/working-with-resources/
- title: Garbage Collection (Beta)
path: /docs/user-guide/garbage-collection/
- docs/user-guide/quick-start.md
- docs/user-guide/deploying-applications.md
- docs/user-guide/managing-deployments.md
- docs/user-guide/replication-controller/operations.md
- docs/user-guide/resizing-a-replication-controller.md
- docs/user-guide/rolling-updates.md
- docs/user-guide/update-demo/index.md
- docs/user-guide/secrets/walkthrough.md
- docs/user-guide/configmap/index.md
- docs/user-guide/horizontal-pod-autoscaling/walkthrough.md
- docs/user-guide/config-best-practices.md
- docs/user-guide/working-with-resources.md
- docs/user-guide/garbage-collection.md
- title: Using NetworkPolicy
section:
- title: Example Walkthrough
path: /docs/getting-started-guides/network-policy/walkthrough/
- title: Using Calico for NetworkPolicy
path: /docs/getting-started-guides/network-policy/calico/
- title: Using Romana for NetworkPolicy
path: /docs/getting-started-guides/network-policy/romana/
- docs/getting-started-guides/network-policy/walkthrough.md
- docs/getting-started-guides/network-policy/calico.md
- docs/getting-started-guides/network-policy/romana.md
- title: Batch Jobs
section:
- title: Jobs
path: /docs/user-guide/jobs/
- title: Parallel Processing using Expansions
path: /docs/user-guide/jobs/expansions/
- title: Coarse Parallel Processing using a Work Queue
path: /docs/user-guide/jobs/work-queue-1/
- title: Fine Parallel Processing using a Work Queue
path: /docs/user-guide/jobs/work-queue-2/
- docs/user-guide/jobs.md
- docs/user-guide/jobs/expansions/index.md
- docs/user-guide/jobs/work-queue-1/index.md
- docs/user-guide/jobs/work-queue-2/index.md
- docs/user-guide/cron-jobs.md
- title: Service Discovery and Load Balancing
section:
- title: Connecting Applications with Services
path: /docs/user-guide/connecting-applications/
- title: Service Operations
path: /docs/user-guide/services/operations/
- title: Creating an External Load Balancer
path: /docs/user-guide/load-balancer/
- title: Configuring Your Cloud Provider's Firewalls
path: /docs/user-guide/services-firewalls/
- title: Cross-cluster Service Discovery using Federated Services
path: /docs/user-guide/federation/federated-services/
- docs/user-guide/connecting-applications.md
- docs/user-guide/services/operations.md
- docs/user-guide/load-balancer.md
- docs/user-guide/services-firewalls.md
- docs/user-guide/federation/federated-services.md
- title: Containers and Pods
section:
- title: Running Your First Containers
path: /docs/user-guide/simple-nginx/
- title: Creating Single-Container Pods
path: /docs/user-guide/pods/single-container/
- title: Creating Multi-Container Pods
path: /docs/user-guide/pods/multi-container/
- title: Configuring Containers
path: /docs/user-guide/configuring-containers/
- title: Working with Containers in Production
path: /docs/user-guide/production-pods/
- title: Commands and Capabilities
path: /docs/user-guide/containers/
- title: Using Environment Variables
path: /docs/user-guide/environment-guide/
- title: Managing Compute Resources
path: /docs/user-guide/compute-resources/
- title: The Lifecycle of a Pod
path: /docs/user-guide/pod-states/
- title: Checking Pod Health
path: /docs/user-guide/liveness/
- title: Container Lifecycle Hooks
path: /docs/user-guide/container-environment/
- title: Assigning Pods to Nodes
path: /docs/user-guide/node-selection/
- title: Using the Downward API to Convey Pod Properties
path: /docs/user-guide/downward-api/
- title: Downward API Volumes
path: /docs/user-guide/downward-api/volume
- title: Persistent Volumes Walkthrough
path: /docs/user-guide/persistent-volumes/walkthrough/
- title: Bootstrapping Pet Sets
path: /docs/user-guide/petset/bootstrapping/
- docs/user-guide/simple-nginx.md
- docs/user-guide/pods/single-container.md
- docs/user-guide/pods/multi-container.md
- docs/user-guide/configuring-containers.md
- docs/user-guide/production-pods.md
- docs/user-guide/containers.md
- docs/user-guide/environment-guide/index.md
- docs/user-guide/compute-resources.md
- docs/user-guide/pod-states.md
- docs/user-guide/liveness/index.md
- docs/user-guide/container-environment.md
- docs/user-guide/node-selection/index.md
- docs/user-guide/downward-api/index.md
- docs/user-guide/downward-api/volume/index.md
- docs/user-guide/persistent-volumes/walkthrough.md
- docs/user-guide/petset/bootstrapping/index.md
- title: Monitoring, Logging, and Debugging Containers
section:
- title: Resource Usage Monitoring
path: /docs/user-guide/monitoring/
- title: Logging
path: /docs/getting-started-guides/logging/
- title: Logging with Elasticsearch and Kibana
path: /docs/getting-started-guides/logging-elasticsearch/
- title: Running Commands in a Container with kubectl exec
path: /docs/user-guide/getting-into-containers/
- title: Connect with Proxies
path: /docs/user-guide/connecting-to-applications-proxy/
- title: Connect with Port Forwarding
path: /docs/user-guide/connecting-to-applications-port-forward/
- docs/user-guide/monitoring.md
- docs/getting-started-guides/logging.md
- docs/getting-started-guides/logging-elasticsearch.md
- docs/user-guide/getting-into-containers.md
- docs/user-guide/connecting-to-applications-proxy.md
- docs/user-guide/connecting-to-applications-port-forward.md
- title: Using Explorer to Examine the Runtime Environment
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/explorer
- title: Creating a Cluster
section:
- title: Picking the Right Solution
path: /docs/getting-started-guides/
- docs/getting-started-guides/index.md
- title: Running Kubernetes on Your Local Machine
section:
- title: Running Kubernetes Locally via Minikube
path: /docs/getting-started-guides/minikube/
- title: Deprecated Alternatives
path: /docs/getting-started-guides/alternatives/
- docs/getting-started-guides/minikube.md
- docs/getting-started-guides/alternatives.md
- title: Running Kubernetes on Turn-key Cloud Solutions
section:
- title: Running Kubernetes on Google Container Engine
path: https://cloud.google.com/container-engine/docs/before-you-begin/
- title: Running Kubernetes on Google Compute Engine
path: /docs/getting-started-guides/gce/
- title: Running Kubernetes on AWS EC2
path: /docs/getting-started-guides/aws/
- title: Running Kubernetes on Azure
path: /docs/getting-started-guides/azure/
- title: Running Kubernetes on Azure (Weave-based)
path: /docs/getting-started-guides/coreos/azure/
- title: Running Kubernetes on CenturyLink Cloud
path: /docs/getting-started-guides/clc/
- docs/getting-started-guides/gce.md
- docs/getting-started-guides/aws.md
- title: Running Kubernetes on Azure Container Service
path: https://docs.microsoft.com/en-us/azure/container-service/container-service-kubernetes-walkthrough
- docs/getting-started-guides/azure.md
- docs/getting-started-guides/clc.md
- title: Running Kubernetes on IBM SoftLayer
path: https://github.com/patrocinio/kubernetes-softlayer
- title: Running Kubernetes on Multiple Clouds with Stackpoint.io
path: /docs/getting-started-guides/stackpoint/
- title: Running Kubernetes on Custom Solutions
section:
- title: Creating a Custom Cluster from Scratch
path: /docs/getting-started-guides/scratch/
- docs/getting-started-guides/scratch.md
- title: Custom Cloud Solutions
section:
- title: CoreOS on AWS or GCE
path: /docs/getting-started-guides/coreos/
- title: Ubuntu on AWS or Joyent
path: /docs/getting-started-guides/juju/
- title: CoreOS on Rackspace
path: /docs/getting-started-guides/rackspace/
- docs/getting-started-guides/coreos/index.md
- /docs/getting-started-guides/juju/
- docs/getting-started-guides/rackspace.md
- title: On-Premise VMs
section:
- title: CoreOS on Vagrant
path: /docs/getting-started-guides/coreos/
- title: Cloudstack
path: /docs/getting-started-guides/cloudstack/
- title: VMware vSphere
path: /docs/getting-started-guides/vsphere/
- title: VMware Photon Controller
path: /docs/getting-started-guides/photon-controller/
- title: Juju
path: /docs/getting-started-guides/juju/
- title: DCOS
path: /docs/getting-started-guides/dcos/
- title: CoreOS on libvirt
path: /docs/getting-started-guides/libvirt-coreos/
- title: oVirt
path: /docs/getting-started-guides/ovirt/
- title: OpenStack Heat
path: /docs/getting-started-guides/openstack-heat/
- docs/getting-started-guides/coreos/index.md
- docs/getting-started-guides/cloudstack.md
- docs/getting-started-guides/vsphere.md
- docs/getting-started-guides/photon-controller.md
- /docs/getting-started-guides/juju/
- docs/getting-started-guides/dcos.md
- docs/getting-started-guides/libvirt-coreos.md
- docs/getting-started-guides/ovirt.md
- docs/getting-started-guides/openstack-heat.md
- title: rkt
section:
- title: Running Kubernetes with rkt
path: /docs/getting-started-guides/rkt/
- title: Known Issues when Using rkt
path: /docs/getting-started-guides/rkt/notes/
- title: Kubernetes on Mesos
path: /docs/getting-started-guides/mesos/
- title: Kubernetes on Mesos on Docker
path: /docs/getting-started-guides/mesos-docker/
- docs/getting-started-guides/rkt/index.md
- docs/getting-started-guides/rkt/notes.md
- docs/getting-started-guides/mesos/index.md
- docs/getting-started-guides/mesos-docker.md
- title: Bare Metal
section:
- title: Offline
path: /docs/getting-started-guides/coreos/bare_metal_offline/
- title: Fedora via Ansible
path: /docs/getting-started-guides/fedora/fedora_ansible_config/
- title: Fedora (Single Node)
path: /docs/getting-started-guides/fedora/fedora_manual_config/
- title: Fedora (Multi Node)
path: /docs/getting-started-guides/fedora/flannel_multi_node_cluster/
- title: CentOS
path: /docs/getting-started-guides/centos/centos_manual_config/
- title: CoreOS
path: /docs/getting-started-guides/coreos
- title: Ubuntu
path: /docs/getting-started-guides/ubuntu/
- title: Validate Node Setup
path: /docs/admin/node-conformance
- title: Portable Multi-Node Cluster
path: /docs/getting-started-guides/docker-multinode/
- title: Building Large Clusters
path: /docs/admin/cluster-large/
- title: Running in Multiple Zones
path: /docs/admin/multiple-zones/
- title: Building High-Availability Clusters
path: /docs/admin/high-availability/
- docs/getting-started-guides/coreos/bare_metal_offline.md
- docs/getting-started-guides/fedora/fedora_ansible_config.md
- docs/getting-started-guides/fedora/fedora_manual_config.md
- docs/getting-started-guides/fedora/flannel_multi_node_cluster.md
- docs/getting-started-guides/centos/centos_manual_config.md
- docs/getting-started-guides/coreos/index.md
- /docs/getting-started-guides/ubuntu/
- docs/getting-started-guides/windows/index.md
- docs/admin/node-conformance.md
- docs/getting-started-guides/docker-multinode.md
- docs/admin/cluster-large.md
- docs/admin/multiple-zones.md
- docs/admin/high-availability/index.md
- title: Administering Clusters
section:
- title: Admin Guide
path: /docs/admin/
- title: Cluster Management Guide
path: /docs/admin/cluster-management/
- title: kubeadm reference
path: /docs/admin/kubeadm/
- title: Installing Addons
path: /docs/admin/addons/
- title: Sharing a Cluster with Namespaces
path: /docs/admin/namespaces/
- title: Namespaces Walkthrough
path: /docs/admin/namespaces/walkthrough/
- title: Setting Pod CPU and Memory Limits
path: /docs/admin/limitrange/
- title: Understanding Resource Quotas
path: /docs/admin/resourcequota/
- title: Applying Resource Quotas and Limits
path: /docs/admin/resourcequota/walkthrough/
- title: Kubernetes Components
path: /docs/admin/cluster-components/
- title: Configuring Kubernetes Use of etcd
path: /docs/admin/etcd/
- title: Federating Clusters
path: /docs/admin/federation/
- title: Using Multiple Clusters
path: /docs/admin/multi-cluster/
- docs/admin/index.md
- docs/admin/cluster-management.md
- docs/admin/kubeadm.md
- docs/admin/addons.md
- docs/admin/namespaces/index.md
- docs/admin/namespaces/walkthrough.md
- docs/admin/limitrange/index.md
- docs/admin/resourcequota/index.md
- docs/admin/resourcequota/walkthrough.md
- docs/admin/cluster-components.md
- docs/admin/etcd.md
- docs/admin/multi-cluster.md
- title: Changing Cluster Size
path: https://github.com/kubernetes/kubernetes/wiki/User-FAQ#how-do-i-change-the-size-of-my-cluster/
- title: Configuring Multiple Schedulers
path: /docs/admin/multiple-schedulers/
- title: Networking in Kubernetes
path: /docs/admin/networking/
- title: Using DNS Pods and Services
path: /docs/admin/dns/
- docs/admin/multiple-schedulers.md
- docs/admin/networking.md
- docs/admin/dns.md
- title: Setting Up and Configuring DNS
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/cluster-dns
- title: Master <-> Node Communication
path: /docs/admin/master-node-communication/
- title: Network Plugins
path: /docs/admin/network-plugins/
- title: Static Pods
path: /docs/admin/static-pods/
- title: Configuring kubelet Garbage Collection
path: /docs/admin/garbage-collection/
- title: Configuring Out Of Resource Handling
path: /docs/admin/out-of-resource/
- title: Configuring Kubernetes with Salt
path: /docs/admin/salt/
- title: Monitoring Node Health
path: /docs/admin/node-problem/
- title: AppArmor
path: /docs/admin/apparmor/
- docs/admin/master-node-communication.md
- docs/admin/network-plugins.md
- docs/admin/static-pods.md
- docs/admin/garbage-collection.md
- docs/admin/out-of-resource.md
- docs/admin/salt.md
- docs/admin/node-problem.md
- docs/admin/apparmor/index.md
- title: Administering Federation
section:
- /docs/admin/federation/kubfed/
- docs/admin/federation/index.md

10
_data/overrides.yml
View File

@ -8,12 +8,10 @@ overrides:
- path: docs/admin/kube-proxy.md
- path: docs/admin/kube-scheduler.md
- path: docs/admin/kubelet.md
- changedpath: docs/api-reference/extensions/v1beta1/definitions.html _includes/v1.4/extensions-v1beta1-definitions.html
- changedpath: docs/api-reference/extensions/v1beta1/operations.html _includes/v1.4/extensions-v1beta1-operations.html
- changedpath: docs/api-reference/v1/definitions.html _includes/v1.4/v1-definitions.html
- changedpath: docs/api-reference/v1/operations.html _includes/v1.4/v1-operations.html
- changedpath: docs/api-reference/extensions/v1beta1/definitions.html _includes/v1.5/extensions-v1beta1-definitions.html
- changedpath: docs/api-reference/extensions/v1beta1/operations.html _includes/v1.5/extensions-v1beta1-operations.html
- changedpath: docs/api-reference/v1/definitions.html _includes/v1.5/v1-definitions.html
- changedpath: docs/api-reference/v1/operations.html _includes/v1.5/v1-operations.html
- copypath: k8s/federation/docs/api-reference/ docs/federation/
- copypath: k8s/cluster/saltbase/salt/fluentd-gcp/fluentd-gcp.yaml docs/getting-started-guides/fluentd-gcp.yaml
- copypath: k8s/examples/blog-logging/counter-pod.yaml docs/getting-started-guides/counter-pod.yaml
- copypath: k8s/examples/blog-logging/counter-pod.yaml docs/user-guide/counter-pod.yaml

378
_data/reference.yml
View File

@ -1,239 +1,173 @@
bigheader: "Reference Documentation"
abstract: "Design docs, concept definitions, and references for APIs and CLIs."
toc:
- title: Reference Documentation
path: /docs/reference/
- docs/reference.md
- title: Kubernetes API
section:
- title: Kubernetes API Overview
path: /docs/api/
- docs/api.md
- title: Accessing the API
section:
- title: Overview
path: /docs/admin/accessing-the-api/
- title: Authenticating
path: /docs/admin/authentication/
- title: Using Authorization Plugins
path: /docs/admin/authorization/
- title: Using Admission Controllers
path: /docs/admin/admission-controllers/
- title: Managing Service Accounts
path: /docs/admin/service-accounts-admin/
- title: Kubernetes API Operations
path: /docs/api-reference/v1/operations/
- title: Kubernetes API Definitions
path: /docs/api-reference/v1/definitions/
- title: Kubernetes API Swagger Spec
path: /kubernetes/third_party/swagger-ui/
- docs/admin/accessing-the-api.md
- docs/admin/authentication.md
- docs/admin/authorization.md
- docs/admin/admission-controllers.md
- docs/admin/service-accounts-admin.md
- docs/api-reference/v1/operations.html
- docs/api-reference/v1/definitions.html
- kubernetes/third_party/swagger-ui/index.md
- title: Autoscaling API
section:
- title: Autoscaling API Operations
path: /docs/api-reference/autoscaling/v1/operations/
- title: Autoscaling API Definitions
path: /docs/api-reference/autoscaling/v1/definitions/
- docs/api-reference/autoscaling/v1/operations.html
- docs/api-reference/autoscaling/v1/definitions.html
- title: Batch API
section:
- title: Batch API Operations
path: /docs/api-reference/batch/v1/operations/
- title: Batch API Definitions
path: /docs/api-reference/batch/v1/definitions/
- docs/api-reference/batch/v1/operations.html
- docs/api-reference/batch/v1/definitions.html
- title: Apps API
section:
- title: Apps API Operations
path: /docs/api-reference/apps/v1beta1/operations/
- title: Apps API Definitions
path: /docs/api-reference/apps/v1beta1/definitions/
- title: Extensions API
section:
- title: Extensions API Operations
path: /docs/api-reference/extensions/v1beta1/operations/
- title: Extensions API Definitions
path: /docs/api-reference/extensions/v1beta1/definitions/
- docs/api-reference/extensions/v1beta1/operations.html
- docs/api-reference/extensions/v1beta1/definitions.html
- title: kubectl CLI
section:
- title: kubectl Overview
path: /docs/user-guide/kubectl-overview/
- title: kubectl for Docker Users
path: /docs/user-guide/docker-cli-to-kubectl/
- title: kubectl Usage Conventions
path: /docs/user-guide/kubectl-conventions/
- title: JSONpath Support
path: /docs/user-guide/jsonpath/
- title: kubectl Cheat Sheet
path: /docs/user-guide/kubectl-cheatsheet/
- docs/user-guide/kubectl-overview.md
- docs/user-guide/docker-cli-to-kubectl.md
- docs/user-guide/kubectl-conventions.md
- docs/user-guide/jsonpath.md
- docs/user-guide/kubectl-cheatsheet.md
- title: kubectl Commands
section:
- title: kubectl
path: /docs/user-guide/kubectl/
- title: kubectl annotate
path: /docs/user-guide/kubectl/kubectl_annotate/
- title: kubectl api-versions
path: /docs/user-guide/kubectl/kubectl_api-versions/
- title: kubectl apply
path: /docs/user-guide/kubectl/kubectl_apply/
- title: kubectl attach
path: /docs/user-guide/kubectl/kubectl_attach/
- title: kubectl autoscale
path: /docs/user-guide/kubectl/kubectl_autoscale/
- title: kubectl cluster-info
path: /docs/user-guide/kubectl/kubectl_cluster-info/
- title: kubectl config
path: /docs/user-guide/kubectl/kubectl_config/
- title: kubectl config current-context
path: /docs/user-guide/kubectl/kubectl_config_current-context/
- title: kubectl config set-cluster
path: /docs/user-guide/kubectl/kubectl_config_set-cluster/
- title: kubectl config set-context
path: /docs/user-guide/kubectl/kubectl_config_set-context/
- title: kubectl config set-credentials
path: /docs/user-guide/kubectl/kubectl_config_set-credentials/
- title: kubectl config set
path: /docs/user-guide/kubectl/kubectl_config_set/
- title: kubectl config unset
path: /docs/user-guide/kubectl/kubectl_config_unset/
- title: kubectl config use-context
path: /docs/user-guide/kubectl/kubectl_config_use-context/
- title: kubectl config view
path: /docs/user-guide/kubectl/kubectl_config_view/
- title: kubectl convert
path: /docs/user-guide/kubectl/kubectl_convert/
- title: kubectl cordon
path: /docs/user-guide/kubectl/kubectl_cordon/
- title: kubectl create
path: /docs/user-guide/kubectl/kubectl_create/
- title: kubectl create configmap
path: /docs/user-guide/kubectl/kubectl_create_configmap/
- title: kubectl create namespace
path: /docs/user-guide/kubectl/kubectl_create_namespace/
- title: kubectl create secret docker-registry
path: /docs/user-guide/kubectl/kubectl_create_secret_docker-registry/
- title: kubectl create secret
path: /docs/user-guide/kubectl/kubectl_create_secret/
- title: kubectl create secret generic
path: /docs/user-guide/kubectl/kubectl_create_secret_generic/
- title: kubectl create serviceaccount
path: /docs/user-guide/kubectl/kubectl_create_serviceaccount/
- title: kubectl delete
path: /docs/user-guide/kubectl/kubectl_delete/
- title: kubectl describe
path: /docs/user-guide/kubectl/kubectl_describe/
- title: kubectl drain
path: /docs/user-guide/kubectl/kubectl_drain/
- title: kubectl edit
path: /docs/user-guide/kubectl/kubectl_edit/
- title: kubectl exec
path: /docs/user-guide/kubectl/kubectl_exec/
- title: kubectl explain
path: /docs/user-guide/kubectl/kubectl_explain/
- title: kubectl expose
path: /docs/user-guide/kubectl/kubectl_expose/
- title: kubectl get
path: /docs/user-guide/kubectl/kubectl_get/
- title: kubectl label
path: /docs/user-guide/kubectl/kubectl_label/
- title: kubectl logs
path: /docs/user-guide/kubectl/kubectl_logs/
- title: kubectl patch
path: /docs/user-guide/kubectl/kubectl_patch/
- title: kubectl port-forward
path: /docs/user-guide/kubectl/kubectl_port-forward/
- title: kubectl proxy
path: /docs/user-guide/kubectl/kubectl_proxy/
- title: kubectl replace
path: /docs/user-guide/kubectl/kubectl_replace/
- title: kubectl rolling-update
path: /docs/user-guide/kubectl/kubectl_rolling-update/
- title: kubectl rollout
path: /docs/user-guide/kubectl/kubectl_rollout/
- title: kubectl rollout history
path: /docs/user-guide/kubectl/kubectl_rollout_history/
- title: kubectl rollout pause
path: /docs/user-guide/kubectl/kubectl_rollout_pause/
- title: kubectl rollout resume
path: /docs/user-guide/kubectl/kubectl_rollout_resume/
- title: kubectl rollout undo
path: /docs/user-guide/kubectl/kubectl_rollout_undo/
- title: kubectl run
path: /docs/user-guide/kubectl/kubectl_run/
- title: kubectl scale
path: /docs/user-guide/kubectl/kubectl_scale/
- title: kubectl uncordon
path: /docs/user-guide/kubectl/kubectl_uncordon/
- title: kubectl version
path: /docs/user-guide/kubectl/kubectl_version/
- docs/user-guide/kubectl/index.md
- docs/user-guide/kubectl/kubectl_annotate.md
- docs/user-guide/kubectl/kubectl_api-versions.md
- docs/user-guide/kubectl/kubectl_apply.md
- docs/user-guide/kubectl/kubectl_attach.md
- docs/user-guide/kubectl/kubectl_autoscale.md
- docs/user-guide/kubectl/kubectl_certificate.md
- docs/user-guide/kubectl/kubectl_certificate_approve.md
- docs/user-guide/kubectl/kubectl_certificate_deny.md
- docs/user-guide/kubectl/kubectl_cluster-info.md
- docs/user-guide/kubectl/kubectl_cluster-info_dump.md
- docs/user-guide/kubectl/kubectl_completion.md
- docs/user-guide/kubectl/kubectl_config.md
- docs/user-guide/kubectl/kubectl_config_current-context.md
- docs/user-guide/kubectl/kubectl_config_delete-cluster.md
- docs/user-guide/kubectl/kubectl_config_delete-context.md
- docs/user-guide/kubectl/kubectl_config_get-clusters.md
- docs/user-guide/kubectl/kubectl_config_get-contexts.md
- docs/user-guide/kubectl/kubectl_config_set-cluster.md
- docs/user-guide/kubectl/kubectl_config_set-context.md
- docs/user-guide/kubectl/kubectl_config_set-credentials.md
- docs/user-guide/kubectl/kubectl_config_set.md
- docs/user-guide/kubectl/kubectl_config_unset.md
- docs/user-guide/kubectl/kubectl_config_use-context.md
- docs/user-guide/kubectl/kubectl_config_view.md
- docs/user-guide/kubectl/kubectl_convert.md
- docs/user-guide/kubectl/kubectl_cordon.md
- docs/user-guide/kubectl/kubectl_cp.md
- docs/user-guide/kubectl/kubectl_create.md
- docs/user-guide/kubectl/kubectl_create_configmap.md
- docs/user-guide/kubectl/kubectl_create_deployment.md
- docs/user-guide/kubectl/kubectl_create_namespace.md
- docs/user-guide/kubectl/kubectl_create_quota.md
- docs/user-guide/kubectl/kubectl_create_secret_docker-registry.md
- docs/user-guide/kubectl/kubectl_create_secret.md
- docs/user-guide/kubectl/kubectl_create_secret_generic.md
- docs/user-guide/kubectl/kubectl_create_secret_tls.md
- docs/user-guide/kubectl/kubectl_create_serviceaccount.md
- docs/user-guide/kubectl/kubectl_create_service_clusterip.md
- docs/user-guide/kubectl/kubectl_create_service_loadbalancer.md
- docs/user-guide/kubectl/kubectl_create_service_nodeport.md
- docs/user-guide/kubectl/kubectl_delete.md
- docs/user-guide/kubectl/kubectl_describe.md
- docs/user-guide/kubectl/kubectl_drain.md
- docs/user-guide/kubectl/kubectl_edit.md
- docs/user-guide/kubectl/kubectl_exec.md
- docs/user-guide/kubectl/kubectl_explain.md
- docs/user-guide/kubectl/kubectl_expose.md
- docs/user-guide/kubectl/kubectl_get.md
- docs/user-guide/kubectl/kubectl_label.md
- docs/user-guide/kubectl/kubectl_logs.md
- docs/user-guide/kubectl/kubectl_options.md
- docs/user-guide/kubectl/kubectl_patch.md
- docs/user-guide/kubectl/kubectl_port-forward.md
- docs/user-guide/kubectl/kubectl_proxy.md
- docs/user-guide/kubectl/kubectl_replace.md
- docs/user-guide/kubectl/kubectl_rolling-update.md
- docs/user-guide/kubectl/kubectl_rollout.md
- docs/user-guide/kubectl/kubectl_rollout_history.md
- docs/user-guide/kubectl/kubectl_rollout_pause.md
- docs/user-guide/kubectl/kubectl_rollout_resume.md
- docs/user-guide/kubectl/kubectl_rollout_status.md
- docs/user-guide/kubectl/kubectl_rollout_undo.md
- docs/user-guide/kubectl/kubectl_run.md
- docs/user-guide/kubectl/kubectl_scale.md
- docs/user-guide/kubectl/kubectl_set.md
- docs/user-guide/kubectl/kubectl_set_image.md
- docs/user-guide/kubectl/kubectl_set_resources.md
- docs/user-guide/kubectl/kubectl_taint.md
- docs/user-guide/kubectl/kubectl_top.md
- docs/user-guide/kubectl/kubectl_top_node.md
- docs/user-guide/kubectl/kubectl_top_pod.md
- docs/user-guide/kubectl/kubectl_uncordon.md
- docs/user-guide/kubectl/kubectl_version.md
- title: Superseded and Deprecated Commands
section:
- title: kubectl namespace
path: /docs/user-guide/kubectl/kubectl_namespace/
- title: kubectl stop
path: /docs/user-guide/kubectl/kubectl_stop/
- /docs/user-guide/kubectl/kubectl_namespace/
- docs/user-guide/kubectl/kubectl_stop.md
- title: Kubernetes Components
section:
- title: kube-apiserver
path: /docs/admin/kube-apiserver/
- title: kube-controller-manager
path: /docs/admin/kube-controller-manager/
- title: kube-proxy
path: /docs/admin/kube-proxy/
- title: kube-scheduler
path: /docs/admin/kube-scheduler/
- docs/admin/kube-apiserver.md
- docs/admin/kube-controller-manager.md
- docs/admin/kube-proxy.md
- docs/admin/kube-scheduler.md
- title: kubelet
path: /docs/admin/kubelet/
section:
- docs/admin/kubelet.md
- docs/admin/master-node-communication.md
- docs/admin/kubelet-tls-bootstrapping.md
- docs/admin/kubelet-authentication-authorization.md
- title: Glossary
section:
- title: Annotations
path: /docs/user-guide/annotations/
- title: Daemon Sets
path: /docs/admin/daemons/
- title: Deployments
path: /docs/user-guide/deployments/
- title: Horizontal Pod Autoscaling
path: /docs/user-guide/horizontal-pod-autoscaling/
- title: Images
path: /docs/user-guide/images/
- title: Ingress Resources
path: /docs/user-guide/ingress/
- title: Jobs
path: /docs/user-guide/jobs/
- title: Labels and Selectors
path: /docs/user-guide/labels/
- title: Names
path: /docs/user-guide/identifiers/
- title: Namespaces
path: /docs/user-guide/namespaces/
- title: Network Policies
path: /docs/user-guide/networkpolicies/
- title: Nodes
path: /docs/admin/node/
- title: Persistent Volumes
path: /docs/user-guide/persistent-volumes/
- title: Pet Sets
path: /docs/user-guide/petset/
- title: Pods
path: /docs/user-guide/pods/
- title: Pod Security Policies
path: /docs/user-guide/pod-security-policy/
- title: Replica Sets
path: /docs/user-guide/replicasets/
- title: Replication Controller
path: /docs/user-guide/replication-controller/
- title: Resource Quotas
path: /docs/admin/resourcequota/
- title: Scheduled Jobs
path: /docs/user-guide/scheduled-jobs/
- title: Secrets
path: /docs/user-guide/secrets/
- title: Security Context
path: /docs/user-guide/security-context/
- title: Services
path: /docs/user-guide/services/
- title: Service Accounts
path: /docs/user-guide/service-accounts/
- title: Third Party Resources
path: /docs/user-guide/thirdpartyresources/
- title: Volumes
path: /docs/user-guide/volumes/
- docs/user-guide/annotations.md
- docs/admin/daemons.md
- docs/user-guide/deployments.md
- docs/user-guide/horizontal-pod-autoscaling/index.md
- docs/user-guide/images.md
- docs/user-guide/ingress.md
- docs/user-guide/jobs.md
- docs/user-guide/labels.md
- docs/user-guide/identifiers.md
- docs/user-guide/namespaces.md
- docs/user-guide/networkpolicies.md
- docs/admin/node.md
- docs/user-guide/persistent-volumes/index.md
- docs/user-guide/petset.md
- docs/user-guide/pods/index.md
- docs/user-guide/pod-security-policy/index.md
- docs/user-guide/replicasets.md
- docs/user-guide/replication-controller/index.md
- docs/admin/resourcequota/index.md
- docs/user-guide/cron-jobs.md
- docs/user-guide/secrets/index.md
- docs/user-guide/security-context.md
- docs/user-guide/services/index.md
- docs/user-guide/service-accounts.md
- docs/user-guide/thirdpartyresources.md
- docs/user-guide/volumes.md
- title: Kubernetes Design Docs
section:
@ -243,32 +177,26 @@ toc:
path: https://github.com/kubernetes/kubernetes/blob/release-1.3/docs/design/
- title: Kubernetes Identity and Access Management
path: https://github.com/kubernetes/kubernetes/blob/release-1.3/docs/design/access.md
- title: Kubernetes OpenVSwitch GRE/VxLAN networking
path: /docs/admin/ovs-networking/
- docs/admin/ovs-networking.md
- title: Security Contexts
path: https://github.com/kubernetes/kubernetes/blob/release-1.3/docs/design/security_context.md
- title: Security in Kubernetes
path: https://github.com/kubernetes/kubernetes/blob/release-1.3/docs/design/security.md
path: https://github.com/kubernetes/kubernetes/blob/release-1.3/docs/design/security.md
- title: Federation
section:
- title: Federation User Guide
path: /docs/user-guide/federation/
- title: Federated Events
path: /docs/user-guide/federation/events/
- title: Federated Ingress
path: /docs/user-guide/federation/federated-ingress/
- title: Federated Namespaces
path: /docs/user-guide/federation/namespaces/
- title: Federated ReplicaSets
path: /docs/user-guide/federation/replicasets/
- title: Federated Secrets
path: /docs/user-guide/federation/secrets/
- title: Federation API
path: /docs/federation/api-reference/README/
- docs/user-guide/federation/index.md
- docs/user-guide/federation/configmap.md
- docs/user-guide/federation/daemonsets.md
- docs/user-guide/federation/deployment.md
- docs/user-guide/federation/events.md
- docs/user-guide/federation/federated-ingress.md
- docs/user-guide/federation/namespaces.md
- docs/user-guide/federation/replicasets.md
- docs/user-guide/federation/secrets.md
- docs/federation/api-reference/README.md
- title: Federation Components
section:
- title: federation-apiserver
path: /docs/admin/federation-apiserver
- docs/admin/federation-apiserver.md
- title : federation-controller-mananger
path: /docs/admin/federation-controller-manager

6
_data/samples.yml
View File

@ -1,8 +1,7 @@
bigheader: "Samples"
abstract: "A collection of example applications that show how to use Kubernetes."
toc:
- title: Samples
path: /docs/samples/
- docs/samples.md
- title: Storage / Database / KV
section:
@ -67,8 +66,7 @@ toc:
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/guestbook-go/
- title: GuestBook - PHP Server
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/guestbook/
- title: MEAN stack on Google Cloud Platform
path: /docs/getting-started-guides/meanstack/
- docs/getting-started-guides/meanstack.md
- title: MySQL + Wordpress
path: https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/mysql-wordpress-pd/
- title: MySQL + Phabricator Server

44
_data/support.yml
View File

@ -1,36 +1,25 @@
bigheader: "Support"
abstract: "Troubleshooting resources, frequently asked questions, and community support channels."
toc:
- title: Support
path: /docs/troubleshooting/
- docs/troubleshooting.md
- title: Contributing to the Kubernetes Docs
section:
- title: Creating a Documentation Pull Request
path: /docs/contribute/create-pull-request/
- title: Writing a New Topic
path: /docs/contribute/write-new-topic/
- title: Staging Your Documentation Changes
path: /docs/contribute/stage-documentation-changes/
- title: Using Page Templates
path: /docs/contribute/page-templates/
- title: Documentation Style Guide
path: /docs/contribute/style-guide/
- editdocs.md
- docs/contribute/create-pull-request.md
- docs/contribute/write-new-topic.md
- docs/contribute/stage-documentation-changes.md
- docs/contribute/page-templates.md
- docs/contribute/style-guide.md
- title: Troubleshooting
section:
- title: Debugging Pods and Replication Controllers
path: /docs/user-guide/debugging-pods-and-replication-controllers/
- title: Application Introspection and Debugging
path: /docs/user-guide/introspection-and-debugging/
- title: Retrieving Logs
path: /docs/user-guide/logging/
- title: Troubleshooting Applications
path: /docs/user-guide/application-troubleshooting/
- title: Troubleshooting Clusters
path: /docs/admin/cluster-troubleshooting/
- title: Debugging Services
path: /docs/user-guide/debugging-services/
- docs/user-guide/debugging-pods-and-replication-controllers.md
- docs/user-guide/introspection-and-debugging.md
- docs/user-guide/logging.md
- docs/user-guide/application-troubleshooting.md
- docs/admin/cluster-troubleshooting.md
- docs/user-guide/debugging-services.md
- title: Frequently Asked Questions
section:
@ -45,13 +34,8 @@ toc:
section:
- title: Kubernetes Issue Tracker on GitHub
path: https://github.com/kubernetes/kubernetes/issues/
- title: Report a Security Vulnerability
path: /docs/reporting-security-issues/
- docs/reporting-security-issues.md
- title: Release Notes
path: https://github.com/kubernetes/kubernetes/releases/
- title: Release Roadmap
path: https://github.com/kubernetes/kubernetes/milestones/
- title: Contributing to Kubernetes Documentation
path: /editdocs/
- title: New Template Instructions
path: /docs/templatedemos/

46
_data/tasks.yml
View File

@ -1,34 +1,44 @@
bigheader: "Tasks"
abstract: "Step-by-step instructions for performing operations with Kuberentes."
toc:
- title: Tasks
path: /docs/tasks/
- docs/tasks/index.md
- title: Configuring Pods and Containers
section:
- title: Defining Environment Variables for a Container
path: /docs/tasks/configure-pod-container/define-environment-variable-container/
- title: Defining a Command and Arguments for a Container
path: /docs/tasks/configure-pod-container/define-command-argument-container/
- title: Assigning CPU and RAM Resources to a Container
path: /docs/tasks/configure-pod-container/assign-cpu-ram-container/
- docs/tasks/configure-pod-container/define-environment-variable-container.md
- docs/tasks/configure-pod-container/define-command-argument-container.md
- docs/tasks/configure-pod-container/assign-cpu-ram-container.md
- docs/tasks/configure-pod-container/configure-volume-storage.md
- docs/tasks/configure-pod-container/distribute-credentials-secure.md
- title: Accessing Applications in a Cluster
section:
- title: Using Port Forwarding to Access Applications in a Cluster
path: /docs/tasks/access-application-cluster/port-forward-access-application-cluster/
- docs/tasks/access-application-cluster/port-forward-access-application-cluster.md
- title: Debugging Applications in a Cluster
section:
- title: Determining the Reason for Pod Failure
path: /docs/tasks/debug-application-cluster/determine-reason-pod-failure/
- docs/tasks/debug-application-cluster/determine-reason-pod-failure.md
- title: Accessing the Kubernetes API
section:
- title: Using an HTTP Proxy to Access the Kubernetes API
path: /docs/tasks/access-kubernetes-api/http-proxy-access-api/
- docs/tasks/access-kubernetes-api/http-proxy-access-api.md
- title: Administering a Cluster
section:
- title: Assigning Pods to Nodes
path: /docs/tasks/administer-cluster/assign-pods-nodes/
- docs/tasks/administer-cluster/assign-pods-nodes.md
- docs/tasks/administer-cluster/dns-horizontal-autoscaling.md
- docs/tasks/administer-cluster/safely-drain-node.md
- title: Managing Stateful Applications
section:
- docs/tasks/manage-stateful-set/upgrade-pet-set-to-stateful-set.md
- docs/tasks/manage-stateful-set/scale-stateful-set.md
- docs/tasks/manage-stateful-set/deleting-a-statefulset.md
- docs/tasks/manage-stateful-set/debugging-a-statefulset.md
- docs/tasks/manage-stateful-set/delete-pods.md
- title: Troubleshooting
section:
- docs/tasks/troubleshoot/debug-init-containers.md
- /docs/tasks/administer-cluster/access-control-identity-management/

20
_data/tools.yml
View File

@ -1,5 +1,21 @@
bigheader: "Tools"
abstract: "Tools to help you use and enhance Kubernetes."
toc:
- title: Tools
path: /docs/tools/
- docs/tools/index.md
- title: Native Tools
section:
- title: Kubectl
path: /docs/user-guide/kubectl/
- title: Kubefed
path: /docs/admin/federation/kubefed/
- title: Kubernetes Dashboard
path: /docs/user-guide/ui/
- title: Third-Party Tools
section:
- title: Helm
path: https://github.com/kubernetes/helm
- title: Kompose
path: https://github.com/kubernetes-incubator/kompose

58
_data/tutorials.yml
View File

@ -1,57 +1,43 @@
bigheader: "Tutorials"
abstract: "Detailed walkthroughs of common Kubernetes operations and workflows."
toc:
- title: Tutorials
path: /docs/tutorials/
- docs/tutorials/index.md
- title: Kubernetes Basics
section:
- title: Overview
path: /docs/tutorials/kubernetes-basics/
- docs/tutorials/kubernetes-basics/index.html
- title: 1. Create a Cluster
section:
- title: Using Minikube to Create a Cluster
path: /docs/tutorials/kubernetes-basics/cluster-intro/
- title: Interactive Tutorial - Creating a Cluster
path: /docs/tutorials/kubernetes-basics/cluster-interactive/
- docs/tutorials/kubernetes-basics/cluster-intro.html
- docs/tutorials/kubernetes-basics/cluster-interactive.html
- title: 2. Deploy an App
section:
- title: Using kubectl to Create a Deployment
path: /docs/tutorials/kubernetes-basics/deploy-intro/
- title: Interactive Tutorial - Deploying an App
path: /docs/tutorials/kubernetes-basics/deploy-interactive/
- docs/tutorials/kubernetes-basics/deploy-intro.html
- docs/tutorials/kubernetes-basics/deploy-interactive.html
- title: 3. Explore Your App
section:
- title: Viewing Pods and Nodes
path: /docs/tutorials/kubernetes-basics/explore-intro/
- title: Interactive Tutorial - Exploring Your App
path: /docs/tutorials/kubernetes-basics/explore-interactive/
- docs/tutorials/kubernetes-basics/explore-intro.html
- docs/tutorials/kubernetes-basics/explore-interactive.html
- title: 4. Expose Your App Publicly
section:
- title: Using a Service to Expose Your App
path: /docs/tutorials/kubernetes-basics/expose-intro/
- title: Interactive Tutorial - Exposing Your App
path: /docs/tutorials/kubernetes-basics/expose-interactive/
- docs/tutorials/kubernetes-basics/expose-intro.html
- docs/tutorials/kubernetes-basics/expose-interactive.html
- title: 5. Scale Your App
section:
- title: Running Multiple Instances of Your App
path: /docs/tutorials/kubernetes-basics/scale-intro/
- title: Interactive Tutorial - Scaling Your App
path: /docs/tutorials/kubernetes-basics/scale-interactive/
- docs/tutorials/kubernetes-basics/scale-intro.html
- docs/tutorials/kubernetes-basics/scale-interactive.html
- title: 6. Update Your App
section:
- title: Performing a Rolling Update
path: /docs/tutorials/kubernetes-basics/update-intro/
- title: Interactive Tutorial - Updating Your App
path: /docs/tutorials/kubernetes-basics/update-interactive/
- docs/tutorials/kubernetes-basics/update-intro.html
- docs/tutorials/kubernetes-basics/update-interactive.html
- title: Stateless Applications
section:
- title: Running a Stateless Application Using a Deployment
path: /docs/tutorials/stateless-application/run-stateless-application-deployment/
- title: Using a Service to Access an Application in a Cluster
path: /docs/tutorials/stateless-application/expose-external-ip-address-service/
- title: Exposing an External IP Address to Access an Application in a Cluster
path: /docs/tutorials/stateless-application/expose-external-ip-address/
- docs/tutorials/stateless-application/hello-minikube.md
- docs/tutorials/stateless-application/run-stateless-application-deployment.md
- docs/tutorials/stateless-application/expose-external-ip-address-service.md
- docs/tutorials/stateless-application/expose-external-ip-address.md
- title: Stateful Applications
section:
- title: Running a Single-Instance Stateful Application
path: /docs/tutorials/stateful-application/run-stateful-application/
- docs/tutorials/stateful-application/basic-stateful-set.md
- docs/tutorials/stateful-application/run-stateful-application.md
- docs/tutorials/stateful-application/run-replicated-stateful-application.md
- docs/tutorials/stateful-application/zookeeper.md

6
_includes/default-storage-class-prereqs.md Normal file
View File

@ -0,0 +1,6 @@
You need to either have a dynamic PersistentVolume provisioner with a default
[StorageClass](/docs/user-guide/persistent-volumes/#storageclasses),
or [statically provision PersistentVolumes](/docs/user-guide/persistent-volumes/#provisioning)
yourself to satisfy the [PersistentVolumeClaims](/docs/user-guide/persistent-volumes/#persistentvolumeclaims)
used here.

7
_includes/footer.html
View File

@ -24,6 +24,11 @@
<a href="https://github.com/kubernetes/kubernetes" class="button">Contribute to the K8s codebase</a>
</div>
</div>
<div id="miceType" class="center">&copy; {{ 'now' | date: "%Y" }} Kubernetes</div>
<div id="miceType" class="center">
&copy; {{ 'now' | date: "%Y" }} The Kubernetes Authors | Documentation Distributed under <a href="https://github.com/kubernetes/kubernetes.github.io/blob/master/LICENSE" class="light-text">CC BY 4.0</a>
</div>
<div id="miceType" class="center">
Copyright &copy; {{ 'now' | date: "%Y" }} The Linux Foundation&reg;. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page: <a href="https://www.linuxfoundation.org/trademark-usage" class="light-text">https://www.linuxfoundation.org/trademark-usage</a>
</div>
</main>
</footer>

17
_includes/head-header.html
View File

@ -1,8 +1,6 @@
{% if page.title %}{% assign title=page.title %}{% endif %}
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
{% if !page.no_canonical %}<link rel="canonical" href="http://kubernetes.io{{page.url}}" />{% endif %}
<link rel="shortcut icon" type="image/png" href="/images/favicon.png">
<link href='https://fonts.googleapis.com/css?family=Roboto:400,100,100italic,300,300italic,400italic,500,500italic,700,700italic,900,900italic' rel='stylesheet' type='text/css'>
<link rel="stylesheet" href='https://fonts.googleapis.com/css?family=Roboto+Mono' type='text/css'>
@ -13,15 +11,24 @@
<script src="/js/jquery-ui.min.js"></script>
<script src="/js/script.js"></script>
<script src="/js/sweetalert.min.js"></script>
<title>Kubernetes - {{ title }}</title>
<script src="/js/bootstrap.min.js"></script>
{% seo %}
</head>
<body>
<div id="cellophane" onclick="kub.toggleMenu()"></div>
<header>
<a href="/" class="logo"></a>
<div class="nav-buttons" data-auto-burger="primary">
<a href="/docs/" class="button" id="viewDocs" data-auto-burger-exclude>View Documentation</a>
<a href="/docs/hellonode/" class="button" id="tryKubernetes" data-auto-burger-exclude>Try Kubernetes</a>
<ul class="global-nav">
<li><a href="/docs/">Documentation</a></li>
<li><a href="http://blog.kubernetes.io/">Blog</a></li>
<li><a href="/partners/">Partners</a></li>
<li><a href="/community/">Community</a></li>
<li><a href="/case-studies/">Case Studies</a></li>
</ul>
<!-- <a href="/docs/" class="button" id="viewDocs" data-auto-burger-exclude>View Documentation</a> -->
<a href="/docs/tutorials/kubernetes-basics/" class="button" id="tryKubernetes" data-auto-burger-exclude>Try Kubernetes</a>
<button id="hamburger" onclick="kub.toggleMenu()" data-auto-burger-exclude><div></div></button>
</div>

14
_includes/partner-script.js
View File

@ -196,6 +196,13 @@
link: 'https://content.mirantis.com/Containerizing-OpenStack-on-Kubernetes-Video-Landing-Page.html',
blurb: 'Mirantis builds and manages private clouds with open source software such as OpenStack, deployed as containers orchestrated by Kubernetes.'
},
{
type: 0,
name: 'Kubernetic',
logo: 'kubernetic',
link: 'https://kubernetic.com/',
blurb: 'Kubernetic is a Kubernetes Desktop client that simplifies and democratizes cluster management for DevOps.'
},
{
type: 1,
name: 'Apprenda',
@ -266,6 +273,13 @@
link: 'http://www.skippbox.com/services/',
blurb: 'Skippbox brings its Kubernetes expertise to help companies embrace Kubernetes on their way to digital transformation. Skippbox offers both professional services and expert training.'
},
{
type: 1,
name: 'Harbur',
logo: 'harbur',
link: 'https://harbur.io/',
blurb: 'Based in Barcelona, Harbur is a consulting firm that helps companies deploy self-healing solutions empowered by Container technologies'
},
{
type: 1,
name: 'Endocode',

16
_includes/tocsearch.html
View File

@ -1 +1,15 @@
{% for item in tree %}{% if item.section %}{% assign tree = item.section %}{% include tocsearch.html %}{% else %}{% if item.path == page.url %}{% assign foundTOC = thistoc %}{% assign title = item.title %}{% break %}{% endif %}{% endif %}{% endfor %}
{% capture whitespace %}
{% for item in include.tree %}
{% if found_toc %}
{% break %}
{% endif %}
{% if item.section %}
{% include tocsearch.html tree=item.section toc=include.toc %}
{% else %}
{% if item == page.path %}
{% assign found_toc = include.toc %}
{% break %}
{% endif %}
{% endif %}
{% endfor %}
{% endcapture %}

31
_includes/tree.html
View File

@ -1,6 +1,25 @@
{% for item in tree %}{% if item.section %}
<div class="item" data-title="{{ item.title }}">
<div class="container">{% assign tree = item.section %}{% include tree.html %}
</div>
</div>{% else %}{% assign prefix = item.path | slice: 0, 4 %}{% if prefix == "http" %}{% assign target=" target='_blank'" %}{% else %}{% assign target="" %}{% endif %}
<a class="item" data-title="{{ item.title }}" href="{{ item.path }}"{{ target }}></a>{% endif %}{% endfor %}
{% for item in include.tree %}
{% if item.section %}
<div class="item" data-title="{{ item.title }}">
<div class="container">
{% include_cached tree.html tree=item.section %}
</div>
</div>
{% else %}
{% capture whitespace %}
{% if item.path %}
{% assign path = item.path %}
{% assign title = item.title %}
{% else %}
{% assign found_page = site.pages | where: "path", item | first %}
{% assign title = found_page.title %}
{% assign path = found_page.url %}
{% endif %}
{% endcapture %}
{% if path %}
<a class="item" data-title="{{ title }}" href="{{ path }}"></a>
{% endif %}
{% endif %}
{% endfor %}

6
_includes/v1.3/extensions-v1beta1-definitions.html
View File

@ -2079,7 +2079,7 @@ Populated by the system when a graceful deletion is requested. Read-only. More i
<div class="sect2">
<h3 id="_v1_flexvolumesource">v1.FlexVolumeSource</h3>
<div class="paragraph">
<p>FlexVolume represents a generic volume resource that is provisioned/attached using a exec based plugin. This is an alpha feature and may change in future.</p>
<p>FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. This is an alpha feature and may change in future.</p>
</div>
<table class="tableblock frame-all grid-all" style="width:100%; ">
<colgroup>
@ -2535,7 +2535,7 @@ Populated by the system when a graceful deletion is requested. Read-only. More i
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">flexVolume</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">FlexVolume represents a generic volume resource that is provisioned/attached using a exec based plugin. This is an alpha feature and may change in future.</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. This is an alpha feature and may change in future.</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="#_v1_flexvolumesource">v1.FlexVolumeSource</a></p></td>
<td class="tableblock halign-left valign-top"></td>
@ -5867,7 +5867,7 @@ Both these may change in the future. Incoming requests are matched against the h
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">path</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Path is a extended POSIX regex as defined by IEEE Std 1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax) matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a <em>/</em>. If unspecified, the path defaults to a catch all sending traffic to the backend.</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Path is an extended POSIX regex as defined by IEEE Std 1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax) matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a <em>/</em>. If unspecified, the path defaults to a catch all sending traffic to the backend.</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
<td class="tableblock halign-left valign-top"></td>

4
_includes/v1.3/extensions-v1beta1-operations.html
View File

@ -5578,7 +5578,7 @@
</div>
</div>
<div class="sect2">
<h3 id="_create_a_ingress">create a Ingress</h3>
<h3 id="_create_a_ingress">create an Ingress</h3>
<div class="listingblock">
<div class="content">
<pre>POST /apis/extensions/v1beta1/namespaces/{namespace}/ingresses</pre>
@ -5959,7 +5959,7 @@
</div>
</div>
<div class="sect2">
<h3 id="_delete_a_ingress">delete a Ingress</h3>
<h3 id="_delete_a_ingress">delete an Ingress</h3>
<div class="listingblock">
<div class="content">
<pre>DELETE /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}</pre>

6
_includes/v1.3/v1-definitions.html
View File

@ -2560,7 +2560,7 @@ The resulting set of endpoints can be viewed as:<br>
<div class="sect2">
<h3 id="_v1_flexvolumesource">v1.FlexVolumeSource</h3>
<div class="paragraph">
<p>FlexVolume represents a generic volume resource that is provisioned/attached using a exec based plugin. This is an alpha feature and may change in future.</p>
<p>FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. This is an alpha feature and may change in future.</p>
</div>
<table class="tableblock frame-all grid-all" style="width:100%; ">
<colgroup>
@ -3268,7 +3268,7 @@ The resulting set of endpoints can be viewed as:<br>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">flexVolume</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">FlexVolume represents a generic volume resource that is provisioned/attached using a exec based plugin. This is an alpha feature and may change in future.</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. This is an alpha feature and may change in future.</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="#_v1_flexvolumesource">v1.FlexVolumeSource</a></p></td>
<td class="tableblock halign-left valign-top"></td>
@ -5555,7 +5555,7 @@ The resulting set of endpoints can be viewed as:<br>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">flexVolume</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">FlexVolume represents a generic volume resource that is provisioned/attached using a exec based plugin. This is an alpha feature and may change in future.</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. This is an alpha feature and may change in future.</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="#_v1_flexvolumesource">v1.FlexVolumeSource</a></p></td>
<td class="tableblock halign-left valign-top"></td>

8
_includes/v1.3/v1-operations.html
View File

@ -2676,7 +2676,7 @@
</div>
</div>
<div class="sect2">
<h3 id="_create_a_endpoints">create a Endpoints</h3>
<h3 id="_create_a_endpoints">create an Endpoints</h3>
<div class="listingblock">
<div class="content">
<pre>POST /api/v1/namespaces/{namespace}/endpoints</pre>
@ -3057,7 +3057,7 @@
</div>
</div>
<div class="sect2">
<h3 id="_delete_a_endpoints">delete a Endpoints</h3>
<h3 id="_delete_a_endpoints">delete an Endpoints</h3>
<div class="listingblock">
<div class="content">
<pre>DELETE /api/v1/namespaces/{namespace}/endpoints/{name}</pre>
@ -3619,7 +3619,7 @@
</div>
</div>
<div class="sect2">
<h3 id="_create_a_event">create a Event</h3>
<h3 id="_create_a_event">create an Event</h3>
<div class="listingblock">
<div class="content">
<pre>POST /api/v1/namespaces/{namespace}/events</pre>
@ -4000,7 +4000,7 @@
</div>
</div>
<div class="sect2">
<h3 id="_delete_a_event">delete a Event</h3>
<h3 id="_delete_a_event">delete an Event</h3>
<div class="listingblock">
<div class="content">
<pre>DELETE /api/v1/namespaces/{namespace}/events/{name}</pre>

2
_includes/v1.4/extensions-v1beta1-definitions.html
View File

@ -6054,7 +6054,7 @@ Both these may change in the future. Incoming requests are matched against the h
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">path</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Path is an extended POSIX regex as defined by IEEE Std 1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax) matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a <em>/</em>. If unspecified, the path defaults to a catch all sending traffic to the backend.</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Path is an extended POSIX regex as defined by IEEE Std 1003.1, (i.e. this follows the egrep/unix syntax, not the perl syntax) matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a <em>/</em>. If unspecified, the path defaults to a catch all sending traffic to the backend.</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
<td class="tableblock halign-left valign-top"></td>

4
_includes/v1.4/extensions-v1beta1-operations.html
View File

@ -5578,7 +5578,7 @@
</div>
</div>
<div class="sect2">
<h3 id="_create_a_ingress">create a Ingress</h3>
<h3 id="_create_a_ingress">create an Ingress</h3>
<div class="listingblock">
<div class="content">
<pre>POST /apis/extensions/v1beta1/namespaces/{namespace}/ingresses</pre>
@ -5959,7 +5959,7 @@
</div>
</div>
<div class="sect2">
<h3 id="_delete_a_ingress">delete a Ingress</h3>
<h3 id="_delete_a_ingress">delete an Ingress</h3>
<div class="listingblock">
<div class="content">
<pre>DELETE /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}</pre>

10
_includes/v1.4/v1-operations.html
View File

@ -2676,7 +2676,7 @@
</div>
</div>
<div class="sect2">
<h3 id="_create_a_endpoints">create a Endpoints</h3>
<h3 id="_create_a_endpoints">create an Endpoints</h3>
<div class="listingblock">
<div class="content">
<pre>POST /api/v1/namespaces/{namespace}/endpoints</pre>
@ -3057,7 +3057,7 @@
</div>
</div>
<div class="sect2">
<h3 id="_delete_a_endpoints">delete a Endpoints</h3>
<h3 id="_delete_a_endpoints">delete an Endpoints</h3>
<div class="listingblock">
<div class="content">
<pre>DELETE /api/v1/namespaces/{namespace}/endpoints/{name}</pre>
@ -3619,7 +3619,7 @@
</div>
</div>
<div class="sect2">
<h3 id="_create_a_event">create a Event</h3>
<h3 id="_create_a_event">create an Event</h3>
<div class="listingblock">
<div class="content">
<pre>POST /api/v1/namespaces/{namespace}/events</pre>
@ -4000,7 +4000,7 @@
</div>
</div>
<div class="sect2">
<h3 id="_delete_a_event">delete a Event</h3>
<h3 id="_delete_a_event">delete an Event</h3>
<div class="listingblock">
<div class="content">
<pre>DELETE /api/v1/namespaces/{namespace}/events/{name}</pre>
@ -7885,7 +7885,7 @@
</div>
</div>
<div class="sect2">
<h3 id="_create_eviction_of_a_eviction">create eviction of a Eviction</h3>
<h3 id="_create_eviction_of_a_eviction">create eviction of an Eviction</h3>
<div class="listingblock">
<div class="content">
<pre>POST /api/v1/namespaces/{namespace}/pods/{name}/eviction</pre>

6471
_includes/v1.5/extensions-v1beta1-definitions.html Executable file
View File

File diff suppressed because it is too large Load Diff

15948
_includes/v1.5/extensions-v1beta1-operations.html Executable file
View File

File diff suppressed because it is too large Load Diff

8266
_includes/v1.5/v1-definitions.html Executable file
View File

File diff suppressed because it is too large Load Diff

32969
_includes/v1.5/v1-operations.html Executable file
View File

File diff suppressed because it is too large Load Diff

64
_layouts/docwithnav.html
View File

@ -1,25 +1,32 @@
{% for thistoc in site.data.globals.tocs %}{% if foundTOC %}{% break %}{% else %}{% assign tree = site.data[thistoc].toc %}{% include tocsearch.html %}{% endif %}{% endfor %}
{% for override in site.data.overrides.overrides %}{% if page.path contains override.path %}{% assign notitle = "true" %}{% endif %}{% endfor %}
{% for current_toc in site.tocs %}
{% if found_toc %}
{% break %}
{% else %}
{% assign toc=site.data[current_toc] %}
{% include tocsearch.html tree=toc.toc toc=toc %}
{% endif %}
{% endfor %}
<!Doctype html>
<html id="docs" class="{{site.data[foundTOC].bigheader}}">
<html id="docs" class="{{ toc.bigheader }}">
{% include head-header.html %}
<!-- HERO -->
<section id="hero" class="light-text">
<h1>{{ site.data[foundTOC].bigheader }}</h1>
<h5>{{ site.data[foundTOC].abstract }}</h5>
<h1>{{ toc.bigheader }}</h1>
<h5>{{ toc.abstract }}</h5>
<div id="vendorStrip" class="light-text">
<ul>
<li><a href="/docs/" {% if site.data[foundTOC].bigheader == "Kubernetes Documentation" %}class="YAH"{% endif %}>DOCS HOME</a></li>
<li><a href="/docs/user-guide/" {% if site.data[foundTOC].bigheader == "Guides" %}class="YAH"{% endif %}>GUIDES</a></li>
<li><a href="/docs/tutorials/" {% if site.data[foundTOC].bigheader == "Tutorials" %}class="YAH"{% endif %}>TUTORIALS</a></li>
<li><a href="/docs/tasks/" {% if site.data[foundTOC].bigheader == "Tasks" %}class="YAH"{% endif %}>TASKS</a></li>
<li><a href="/docs/concepts/" {% if site.data[foundTOC].bigheader == "Concepts" %}class="YAH"{% endif %}>CONCEPTS</a></li>
<li><a href="/docs/reference/" {% if site.data[foundTOC].bigheader == "Reference Documentation" %}class="YAH"{% endif %}>REFERENCE</a></li>
<li><a href="/docs/tools/" {% if site.data[foundTOC].bigheader == "Tools" %}class="YAH"{% endif %}>TOOLS</a></li>
<li><a href="/docs/samples/" {% if site.data[foundTOC].bigheader == "Samples" %}class="YAH"{% endif %}>SAMPLES</a></li>
<li><a href="/docs/troubleshooting/" {% if site.data[foundTOC].bigheader == "Support" %}class="YAH"{% endif %}>SUPPORT</a></li>
<li><a href="/docs/" {% if toc.bigheader == "Kubernetes Documentation" %}class="YAH"{% endif %}>DOCS HOME</a></li>
<li><a href="/docs/user-guide/" {% if toc.bigheader == "Guides" %}class="YAH"{% endif %}>GUIDES</a></li>
<li><a href="/docs/tutorials/" {% if toc.bigheader == "Tutorials" %}class="YAH"{% endif %}>TUTORIALS</a></li>
<li><a href="/docs/tasks/" {% if toc.bigheader == "Tasks" %}class="YAH"{% endif %}>TASKS</a></li>
<li><a href="/docs/concepts/" {% if toc.bigheader == "Concepts" %}class="YAH"{% endif %}>CONCEPTS</a></li>
<li><a href="/docs/reference/" {% if toc.bigheader == "Reference Documentation" %}class="YAH"{% endif %}>REFERENCE</a></li>
<li><a href="/docs/tools/" {% if toc.bigheader == "Tools" %}class="YAH"{% endif %}>TOOLS</a></li>
<li><a href="/docs/samples/" {% if toc.bigheader == "Samples" %}class="YAH"{% endif %}>SAMPLES</a></li>
<li><a href="/docs/troubleshooting/" {% if toc.bigheader == "Support" %}class="YAH"{% endif %}>SUPPORT</a></li>
</ul>
<div id="searchBox">
<input type="text" id="search" placeholder="Search" onkeydown="if (event.keyCode==13) window.location.replace('/docs/search/?q=' + this.value)">
@ -30,24 +37,29 @@
<section id="encyclopedia">
<div id="docsToc">
<div class="pi-accordion">
{% if site.data[foundTOC].bigheader != "Kubernetes Documentation" %}
{% assign tree = site.data[foundTOC].toc %}{% include tree.html %}
{% if toc.bigheader != "Kubernetes Documentation" %}
{% include_cached tree.html tree=toc.toc %}
{% endif %}
</div> <!-- /pi-accordion -->
<button class="push-menu-close-button" onclick="kub.toggleToc()"></button>
</div> <!-- /docsToc -->
<div id="docsContent">
<p><a href="/editdocs#{{ page.path }}" id="editPageButton">Edit This Page</a></p>
{% if notitle != "true" %}<h1>{{ title }}</h1>{% endif %}
{{ content }}
{% unless page.notitle %}
<h1>{{ page.title }}</h1>
{% endunless %}
{{ content }}
<p><a href=""><img src="https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/{{ page.path }}?pixel" alt="Analytics" /></a>
{% if page.url != "/404.html" and page.url != "/docs/search/" %}
<script type="text/javascript">
PDRTJS_settings_8345992 = {
"id" : "8345992",
"unique_id" : "{{page.url}}",
"title" : "{{title}}",
"permalink" : "http://kubernetes.github.io{{page.url}}"
"unique_id" : "{{ page.url }}",
"title" : "{{ page.title }}",
"permalink" : "http://kubernetes.github.io{{ page.url }}"
};
(function(d,c,j){if(!document.getElementById(j)){var pd=d.createElement(c),s;pd.id=j;pd.src=('https:'==document.location.protocol)?'https://polldaddy.com/js/rating/rating.js':'http://i0.poll.fm/js/rating/rating.js';s=document.getElementsByTagName(c)[0];s.parentNode.insertBefore(pd,s);}}(document,'script','pd-rating-js'));
</script>
@ -58,7 +70,7 @@
</div>
</section>
{% include footer.html %}
{% include_cached footer.html %}
<button class="flyout-button" onclick="kub.toggleToc()"></button>
@ -80,21 +92,21 @@
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-36037335-10', 'auto');
ga('send', 'pageview');
// hide docs nav area if no nav is present, or if nav only contains a link to the current page
(function () {
window.addEventListener('DOMContentLoaded', init)
// play nice with our neighbors
function init() {
window.removeEventListener('DOMContentLoaded', init)
hideNav()
}
function hideNav(toc){
if (!toc) toc = document.querySelector('#docsToc')
var container = toc.querySelector('.container')
// container is built dynamically, so it may not be present on the first runloop
if (container) {
if (container.childElementCount === 0 || toc.querySelectorAll('a.item').length === 1) {

82
_sass/_base.sass
View File

@ -234,6 +234,40 @@ header
color: $blue
text-decoration: none
// Global Nav - 12/9/2016 Update
ul.global-nav
display: none
li
display: inline-block
margin-right: 14px
a
color: #fff
font-weight: 400
padding: 0
position: relative
&.active:after
position: absolute
width: 100%
height: 2px
content: ''
bottom: -4px
left: 0
background: #fff
.flip-nav ul.global-nav li a,
.open-nav ul.global-nav li a,
color: #333
.flip-nav ul.global-nav li a.active:after,
.open-nav ul.global-nav li a.active:after,
background: $blue
// FLIP NAV
.flip-nav
header
@ -301,6 +335,26 @@ header
padding-left: 0
padding-right: 0
margin-bottom: 0
position: relative
&.bot-bar:after
display: block
margin-bottom: -20px
height: 8px
width: 100%
background-color: transparentize(white, 0.9)
content: ''
&.no-sub
h5
display: none
h1
margin-bottom: 20px
#home #hero:after
display: none
// VENDOR STRIP
#vendorStrip
@ -482,6 +536,19 @@ section
margin: 0 auto
height: 44px
line-height: 44px
position: relative
&:before
position: absolute
width: 15px
height: 15px
content: ''
right: 8px
top: 7px
background-image: url(/images/search-icon.svg)
background-repeat: no-repeat
background-size: 100% 100%
z-index: 1
#search
width: 100%
@ -490,6 +557,10 @@ section
line-height: 30px
font-size: 16px
vertical-align: top
background: #fff
border: none
border-radius: 4px
position: relative
#encyclopedia
@ -712,7 +783,6 @@ dd
font-weight: 500
margin-bottom: 30px
padding-bottom: 10px
border-bottom: 1px solid #cccccc
// Make sure anchor links aren't hidden by the header
&:before
@ -722,6 +792,9 @@ dd
height: $header-clearance
visibility: hidden
h1,h2
border-bottom: 1px solid #cccccc
h1
font-size: 32px
padding-right: 60px
@ -731,9 +804,12 @@ dd
h3
font-size: 24px
font-weight: 300
margin-bottom: 5px
h4
font-size: 20px
margin-bottom: 0px
h5, h6
font-size: 16px
@ -753,7 +829,7 @@ dd
background-color: $light-grey
color: $dark-grey
font-family: $mono-font
vertical-align: bottom
vertical-align: baseline
font-size: 14px
font-weight: bold
padding: 2px 4px
@ -1008,7 +1084,7 @@ $feature-box-div-margin-bottom: 40px
#video
width: 100%
position: relative
background-image: url(/images/kub_video_thm.jpg)
background-image: url(/images/kub_video_banner.jpg)
background-position: center center
background-size: cover

22
_sass/_desktop.sass
View File

@ -3,6 +3,15 @@ $vendor-strip-height: 44px
$video-section-height: 550px
@media screen and (min-width: 1025px)
#hamburger
display: none
ul.global-nav
display: inline-block
#docs #vendorStrip #searchBox:before
top: 15px
#vendorStrip
height: $vendor-strip-height
line-height: $vendor-strip-height
@ -40,7 +49,7 @@ $video-section-height: 550px
#searchBox
float: right
width: 30%
width: 320px
#search
vertical-align: middle
@ -65,7 +74,7 @@ $video-section-height: 550px
#encyclopedia
padding: 50px 50px 20px 20px
padding: 50px 50px 100px 100px
clear: both
#docsToc
@ -88,6 +97,11 @@ $video-section-height: 550px
section, header, footer
main
max-width: $main-max-width
header, #vendorStrip, #encyclopedia, #hero h1, #hero h5, #docs #hero h1, #docs #hero h5,
#community #hero h1, .gridPage #hero h1, #community #hero h5, .gridPage #hero h5
padding-left: 100px
padding-right: 100px
#home
section, header, footer
@ -121,7 +135,7 @@ $video-section-height: 550px
#video
height: $video-section-height
position: relative
background-image: url(../images/kub_video_thm.jpg)
background-image: url(../images/kub_video_banner.jpg)
background-position: center center
background-size: cover
@ -276,7 +290,7 @@ $video-section-height: 550px
text-align: left
h1
padding: 20px
padding: 20px 100px
#tryKubernetes
width: auto

15
case-studies/index.html
View File

@ -17,19 +17,19 @@ title: Case Studies
<div class="case-studies">
<div class="case-study">
<img src="/images/case_studies/pearson.png" alt="Pearson">
<p class="quote">We chose Kubernetes because of its flexibility, ease of management and the way it improves our engineers productivity.”</p>
<p class="quote">"We chose Kubernetes because of its flexibility, ease of management and the way it improves our engineers' productivity."</p>
<!--<p class="attrib">— Chris Jackson, Director for Cloud Product Engineering, Pearson</p>-->
<a href="./pearson/">Read about Pearson</a>
</div>
<div class="case-study">
<img src="/images/case_studies/wikimedia.png" alt="Wikimedia">
<p class="quote">“With Kubernetes, were simplifying our environment and making it easier for developers to build the tools that make wikis run better.</p>
<p class="quote">"With Kubernetes, we're simplifying our environment and making it easier for developers to build the tools that make wikis run better."</p>
<!--<p class="attrib">— Yuvi Panda, Operations Engineer, Wikimedia Foundation</p>-->
<a href="./wikimedia/">Read about Wikimedia</a>
</div>
<div class="case-study">
<img src="/images/case_studies/ebay.png" alt="eBay">
<p class="quote">Inside eBays shift to Kubernetes and containers atop OpenStack</p>
<p class="quote">Inside eBay's shift to Kubernetes and containers atop OpenStack</p>
<a href="http://www.nextplatform.com/2015/11/12/inside-ebays-shift-to-kubernetes-and-containers-atop-openstack/">Read about eBay</a>
</div>
<div class="case-study">
@ -45,7 +45,7 @@ title: Case Studies
<section id="video">
<main>
<!--<div>-->
<!--<h3>“I dont want to deploy software the old way ever again”</h3>-->
<!--<h3>"I don't want to deploy software the old way ever again"</h3>-->
<!--<p class="attrib">— Dylan Carney, Lead Software Engineer, Zulily</p>-->
<!--<img src="/images/case_studies/zulily.png" id="zulilyLogo" alt="zulily">-->
<!--</div>-->
@ -76,8 +76,13 @@ title: Case Studies
<a target="_blank" href="http://superuser.openstack.org/articles/how-ancestry-com-s-open-source-strategy-combines-kubernetes-and-openstack"><img src="/images/case_studies/ancestry.png" alt="Ancestry.com"></a>
<a target="_blank" href="https://cloud.google.com/customers/ccp-games/"><img src="/images/case_studies/ccp.png" alt="CCP Games"></a>
<a target="_blank" href="https://www.openstack.org/videos/video/running-kubernetes-on-openstack-at-liveperson"><img src="/images/case_studies/liveperson.png" alt="LivePerson"></a>
<a target="_blank" href="http://techblog.yahoo.co.jp/infrastructure/os_n_k8s/"><img src="/images/case_studies/yahooJapan_logo.png" alt="Yahoo! Japan"></a>
<a target="_blank" href="https://youtu.be/YkOY7DgXKyw"><img src="/images/case_studies/monzo_logo.png" alt="monzo"></a>
<a target="_blank" href="https://blog.box.com/blog/kubernetes-box-microservices-maximum-velocity/"><img src="/images/case_studies/box_logo.png" alt="Box"></a>
<a target="_blank" href="https://cloudplatform.googleblog.com/2016/09/bringing-Pokemon-GO-to-life-on-Google-Cloud.html"><img src="/images/case_studies/pokemon_go_logo.png" alt="Pokemon GO"></a>
<a target="_blank" href="http://blog.kubernetes.io/2016/10/kubernetes-and-openstack-at-yahoo-japan.html"><img src="/images/case_studies/yahooJapan_logo.png" alt="Yahoo! Japan"></a>
<a target="_blank" href="https://cloud.google.com/customers/philips/"><img src="/images/case_studies/philips_logo.png" alt="Philips"></a>
<a target="_blank" href="https://youtu.be/EC_ZRLsw58M"><img src="/images/case_studies/buffer_logo.png" alt="buffer"></a>
<a target="_blank" href="https://youtu.be/lmeFkH-rHII"><img src="/images/case_studies/comcast_logo.png" alt="Comcast"></a>
<a href="./wikimedia/"><img src="/images/case_studies/wikimedia_logo.png" alt="Wikimedia"></a>
<a href="./pearson/"><img src="/images/case_studies/pearson_logo.png" alt="Pearson"></a>
<a target="_blank" href="#" onclick="event.preventDefault(); kub.showVideo()"><img src="/images/case_studies/zulily_logo.png" alt="zulily"></a>

20
case-studies/pearson.html
View File

@ -13,13 +13,13 @@ title: Pearson Case Study
<section id="mainContent">
<main>
<div class="content">
<h3 id="caseStudyTitle">Using Kubernetes to reinvent the worlds largest educational company</h3>
<h3 id="caseStudyTitle">Using Kubernetes to reinvent the world's largest educational company</h3>
<p>
Pearson, the worlds education company, serving 75 million learners worldwide, set a goal to more than double that number to 200 million by 2025. A key part of this growth is in digital learning experiences, and that requires an infrastructure platform that is able to scale quickly and deliver products to market faster. So Pearsons Cloud Technology team chose Kubernetes to help build a platform to meet the business requirements. </p>
Pearson, the world's education company, serving 75 million learners worldwide, set a goal to more than double that number to 200 million by 2025. A key part of this growth is in digital learning experiences, and that requires an infrastructure platform that is able to scale quickly and deliver products to market faster. So Pearson's Cloud Technology team chose Kubernetes to help build a platform to meet the business requirements. </p>
<div class="feature">
<img src="/images/case_studies/pearson.png" alt="Pearson">
<p class="quote">
To transform our infrastructure, we had to think beyond simply enabling automated provisioning, we realized we had to build a platform that would allow Pearson developers to build manage and deploy applications in a completely different way. We chose Kubernetes because of its flexibility, ease of management and the way it would improve our engineers productivity.” </p>
"To transform our infrastructure, we had to think beyond simply enabling automated provisioning, we realized we had to build a platform that would allow Pearson developers to build manage and deploy applications in a completely different way. We chose Kubernetes because of its flexibility, ease of management and the way it would improve our engineers' productivity." </p>
<p class="attrib">— Chris Jackson, Director for Cloud Product Engineering, Pearson</p>
</div>
</div>
@ -38,7 +38,7 @@ title: Pearson Case Study
<div class="bullet">
<h4>Why Kubernetes:</h4>
<ul>
<li>Kubernetes will allow Pearsons teams to develop their apps in a consistent manner, saving time and minimizing complexity.</li>
<li>Kubernetes will allow Pearson's teams to develop their apps in a consistent manner, saving time and minimizing complexity.</li>
</ul>
</div>
<div class="bullet">
@ -52,7 +52,7 @@ title: Pearson Case Study
<div class="bullet">
<h4>Results:</h4>
<ul>
<li>Pearson is building an enterprise-wide platform for delivering innovative, web-based educational content. They expect engineers productivity to increase by up to 20 percent.</li>
<li>Pearson is building an enterprise-wide platform for delivering innovative, web-based educational content. They expect engineers' productivity to increase by up to 20 percent.</li>
</ul>
</div>
</div>
@ -63,9 +63,9 @@ title: Pearson Case Study
<main>
<div class="content">
<h4>Kubernetes powers a comprehensive developer experience</h4>
<p>Pearson wanted to use as much open source technology as possible for the platform given that it provides both technical and commercial benefits over the duration of the project. Jackson says, Building an infrastructure platform based on open source technology in Pearson was a no-brainer, the sharing of technical challenges and advanced use cases in a community of people with talent far beyond what we could hire independently allows us to innovate at a level we could not reach on our own. Our engineers enjoy returning code to the community and participating in talks, blogs and meetings, its a great way for us to allow our team to express themselves and share the pride they have in their work.</p>
<p>It also wanted to use a container-focused platform. Pearson has 400 development groups and diverse brands with varying business and technical needs. With containers, each brand could experiment with building new types of content using their preferred technologies, and then deliver it using containers. Pearson chose Kubernetes because it believes that is the best technology for managing containers, has the widest community support and offers the most flexible and powerful tools.</p>
<p>Kubernetes is at the core of the platform weve built for developers. After we get our big spike in back-to-school in traffic, much of Pearsons traffic will interact with Kubernetes. It is proving to be as effective as we had hoped,” Jackson says.</p>
<p>Pearson wanted to use as much open source technology as possible for the platform given that it provides both technical and commercial benefits over the duration of the project. Jackson says, "Building an infrastructure platform based on open source technology in Pearson was a no-brainer, the sharing of technical challenges and advanced use cases in a community of people with talent far beyond what we could hire independently allows us to innovate at a level we could not reach on our own. Our engineers enjoy returning code to the community and participating in talks, blogs and meetings, it's a great way for us to allow our team to express themselves and share the pride they have in their work."</p>
<p>It also wanted to use a container-focused platform. Pearson has 400 development groups and diverse brands with varying business and technical needs. With containers, each brand could experiment with building new types of content using their preferred technologies, and then deliver it using containers. Pearson chose Kubernetes because it believes that is the best technology for managing containers, has the widest community support and offers the most flexible and powerful tools."</p>
<p>Kubernetes is at the core of the platform we've built for developers. After we get our big spike in back-to-school in traffic, much of Pearson's traffic will interact with Kubernetes. It is proving to be as effective as we had hoped," Jackson says.</p>
</div>
</main>
</section>
@ -74,9 +74,9 @@ title: Pearson Case Study
<main>
<div class="content">
<h4>Encouraging experimentation, saving engineers time</h4>
<p>With the new platform, Pearson will increase stability and performance, and to bring products to market more quickly. The company says its engineers will also get a productivity boost because they wont spend time managing infrastructure. Jackson estimates 15 to 20 percent in productivity savings.</p>
<p>With the new platform, Pearson will increase stability and performance, and to bring products to market more quickly. The company says its engineers will also get a productivity boost because they won't spend time managing infrastructure. Jackson estimates 15 to 20 percent in productivity savings.</p>
<p>Beyond that, Pearson says the platform will encourage innovation because of the ease with which new applications can be developed, and because applications will be deployed far more quickly than in the past. It expects that will help the company meet its goal of reaching 200 million learners within the next 10 years.</p>
<p>“Were already seeing tremendous benefits with Kubernetes — improved engineering productivity, faster delivery of applications and a simplified infrastructure. But this is just the beginning. Kubernetes will help transform the way that educational content is delivered online, says Jackson.</p>
<p>"We're already seeing tremendous benefits with Kubernetes — improved engineering productivity, faster delivery of applications and a simplified infrastructure. But this is just the beginning. Kubernetes will help transform the way that educational content is delivered online," says Jackson.</p>
</div>
</main>
</section>

12
case-studies/wikimedia.html
View File

@ -20,7 +20,7 @@ title: Wikimedia Case Study
<div class="feature">
<img src="/images/case_studies/wikimedia.png" alt="Wikimedia">
<p class="quote">
Wikimedia Tool Labs is vital for making sure wikis all around the world work as well as they possibly can. Because its grown organically for almost 10 years, it has become an extremely challenging environment and difficult to maintain. Its like a big ball of mud — you really cant see through it. With Kubernetes, were simplifying the environment and making it easier for developers to build the tools that make wikis run better.
"Wikimedia Tool Labs is vital for making sure wikis all around the world work as well as they possibly can. Because it's grown organically for almost 10 years, it has become an extremely challenging environment and difficult to maintain. It's like a big ball of mud — you really can't see through it. With Kubernetes, we're simplifying the environment and making it easier for developers to build the tools that make wikis run better."
</p>
<p class="attrib">— Yuvi Panda, operations engineer at Wikimedia Foundation and Wikimedia Tool Labs</p>
</div>
@ -67,13 +67,13 @@ title: Wikimedia Case Study
<div class="content">
<h4>Using Kubernetes to provide tools for maintaining wikis</h4>
<p>
Wikimedia Tool Labs is run by a staff of four-and-a-half paid employees and two volunteers. The infrastructure didn't make it easy or intuitive for developers to build bots and other tools to make wikis work more easily. Yuvi says, “Its incredibly chaotic. We have lots of Perl and Bash duct tape on top of it. Everything is super fragile.
Wikimedia Tool Labs is run by a staff of four-and-a-half paid employees and two volunteers. The infrastructure didn't make it easy or intuitive for developers to build bots and other tools to make wikis work more easily. Yuvi says, "It's incredibly chaotic. We have lots of Perl and Bash duct tape on top of it. Everything is super fragile."
</p>
<p>
To solve the problem, Wikimedia Tool Labs migrated parts of its infrastructure to Kubernetes, in preparation for eventually moving its entire system. Yuvi said Kubernetes greatly simplifies maintenance. The goal is to allow developers creating bots and other tools to use whatever development methods they want, but make it easier for the Wikimedia Tool Labs to maintain the required infrastructure for hosting and sharing them.
</p>
<p>
“With Kubernetes, Ive been able to remove a lot of our custom-made code, which makes everything easier to maintain. Our users code also runs in a more stable way than previously,” says Yuvi.
"With Kubernetes, I've been able to remove a lot of our custom-made code, which makes everything easier to maintain. Our users' code also runs in a more stable way than previously," says Yuvi.
</p>
</div>
</main>
@ -84,13 +84,13 @@ title: Wikimedia Case Study
<div class="content">
<h4>Simplifying infrastructure and keeping wikis running better</h4>
<p>
Wikimedia Tool Labs has seen great success with the initial Kubernetes deployment. Old code is being simplified and eliminated, contributing developers dont have to change the way they write their tools and bots, and those tools and bots run in a more stable fashion than they have in the past. The paid staff and volunteers are able to better keep up with fixing issues.
Wikimedia Tool Labs has seen great success with the initial Kubernetes deployment. Old code is being simplified and eliminated, contributing developers don't have to change the way they write their tools and bots, and those tools and bots run in a more stable fashion than they have in the past. The paid staff and volunteers are able to better keep up with fixing issues.
</p>
<p>
In the future, with a more complete migration to Kubernetes, Wikimedia Tool Labs expects to make it even easier to host and maintain the bots and tools that help run wikis across the world. The tool labs already host approximately 1,300 tools and bots from 800 volunteers, with many more being submitted every day. Twenty percent of the tool labs web tools that account for more than 60 percent of web traffic now run on Kubernetes. The tool labs has a 25-node cluster that keeps up with each new Kubernetes release. Many existing web tools are migrating to Kubernetes.
In the future, with a more complete migration to Kubernetes, Wikimedia Tool Labs expects to make it even easier to host and maintain the bots and tools that help run wikis across the world. The tool labs already host approximately 1,300 tools and bots from 800 volunteers, with many more being submitted every day. Twenty percent of the tool labs' web tools that account for more than 60 percent of web traffic now run on Kubernetes. The tool labs has a 25-node cluster that keeps up with each new Kubernetes release. Many existing web tools are migrating to Kubernetes.
</p>
<p>
Our goal is to make sure that people all over the world can share knowledge as easily as possible. Kubernetes helps with that, by making it easier for wikis everywhere to have the tools they need to thrive, says Yuvi.
"Our goal is to make sure that people all over the world can share knowledge as easily as possible. Kubernetes helps with that, by making it easier for wikis everywhere to have the tools they need to thrive," says Yuvi.
</p>
</div>
</main>

4
community.html
View File

@ -24,8 +24,8 @@ title: Community
<h3>SIGs</h3>
<p>Have a special interest in how Kubernetes works with another technology? See our ever growing
<a href="https://github.com/kubernetes/kubernetes/wiki/Special-Interest-Groups-(SIGs)">lists of SIGs</a>,
from AWS and Openstack to Big Data and Scalability, theres a place for you to contribute and instructions
for forming a new SIG if your special interest isnt covered (yet).</p>
from AWS and Openstack to Big Data and Scalability, there's a place for you to contribute and instructions
for forming a new SIG if your special interest isn't covered (yet).</p>
</div>
<div class="content">
<h3>Events</h3>

8
docs/admin/accessing-the-api.md
View File

@ -3,7 +3,7 @@ assignees:
- bgrant0607
- erictune
- lavalamp
title: Overview
---
This document describes how access to the Kubernetes API is controlled.
@ -24,7 +24,7 @@ following diagram:
In a typical Kubernetes cluster, the API served on port 443. A TLS connection is
established. The API server presents a certificate. This certificate is
often self-signed, so `$USER/.kube/config` on the user's machine typically
contains the root certficate for the API server's certificate, which when specified
contains the root certificate for the API server's certificate, which when specified
is used in place of the system default root certificates. This certificate is typically
automatically written into your `$USER/.kube/config` when you create a cluster yourself
using `kube-up.sh`. If the cluster has multiple users, then the creator needs to share
@ -86,7 +86,7 @@ For version 1.2, clusters created by `kube-up.sh` are configured so that no auth
required for any request.
As of version 1.3, clusters created by `kube-up.sh` are configured so that the ABAC authorization
modules is enabled. However, its input file is initially set to allow all users to do all
modules are enabled. However, its input file is initially set to allow all users to do all
operations. The cluster administrator needs to edit that file, or configure a different authorizer
to restrict what users can do.
@ -148,7 +148,7 @@ By default the Kubernetes APIserver serves HTTP on 2 ports:
- default IP is first non-localhost network interface, change with `--bind-address` flag.
- request handled by authentication and authorization modules.
- request handled by admission control module(s).
- authentication and authoriation modules run.
- authentication and authorisation modules run.
When the cluster is created by `kube-up.sh`, on Google Compute Engine (GCE),
and on several other cloud providers, the API server serves on port 443. On

5
docs/admin/addons.md
View File

@ -1,4 +1,5 @@
---
title: Installing Addons
---
## Overview
@ -11,9 +12,9 @@ Add-ons in each section are sorted alphabetically - the ordering does not imply
## Networking and Network Policy
* [Calico](http://docs.projectcalico.org/v1.6/getting-started/kubernetes/installation/hosted/) is a secure L3 networking and network policy provider.
* [Calico](http://docs.projectcalico.org/v2.0/getting-started/kubernetes/installation/hosted/) is a secure L3 networking and network policy provider.
* [Canal](https://github.com/tigera/canal/tree/master/k8s-install/kubeadm) unites Flannel and Calico, providing networking and network policy.
* [Flannel](https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel.yml) is a overlay network provider that can be used with Kubernetes.
* [Flannel](https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel.yml) is an overlay network provider that can be used with Kubernetes.
* [Romana](http://romana.io) is a Layer 3 networking solution for pod networks that also supports the [NetworkPolicy API](/docs/user-guide/networkpolicies/). Kubeadm add-on installation details available [here](https://github.com/romana/romana/tree/master/containerize).
* [Weave Net](https://www.weave.works/docs/net/latest/kube-addon/) provides networking and network policy, will carry on working on both sides of a network partition, and does not require an external database.

6
docs/admin/admission-controllers.md
View File

@ -6,7 +6,7 @@ assignees:
- erictune
- janetkuo
- thockin
title: Using Admission Controllers
---
* TOC
@ -126,7 +126,7 @@ For additional HTTP configuration, refer to the [kubeconfig](/docs/user-guide/ku
When faced with an admission decision, the API Server POSTs a JSON serialized api.imagepolicy.v1alpha1.ImageReview object describing the action. This object contains fields describing the containers being admitted, as well as any pod annotations that match `*.image-policy.k8s.io/*`.
Note that webhook API objects are subject to the same versioning compatibility rules as other Kubernetes API objects. Implementers should be aware of looser compatibility promises for alpha objects and check the “apiVersion” field of the request to ensure correct deserialization. Additionally, the API Server must enable the imagepolicy.k8s.io/v1alpha1 API extensions group (`--runtime-config=imagepolicy.k8s.io/v1alpha1=true`).
Note that webhook API objects are subject to the same versioning compatibility rules as other Kubernetes API objects. Implementers should be aware of looser compatibility promises for alpha objects and check the "apiVersion" field of the request to ensure correct deserialization. Additionally, the API Server must enable the imagepolicy.k8s.io/v1alpha1 API extensions group (`--runtime-config=imagepolicy.k8s.io/v1alpha1=true`).
An example request body:
@ -151,7 +151,7 @@ An example request body:
}
```
The remote service is expected to fill the ImageReviewStatus field of the request and respond to either allow or disallow access. The response bodys “spec” field is ignored and may be omitted. A permissive response would return:
The remote service is expected to fill the ImageReviewStatus field of the request and respond to either allow or disallow access. The response body's "spec" field is ignored and may be omitted. A permissive response would return:
```
{

4
docs/admin/apparmor/index.md
View File

@ -1,7 +1,7 @@
---
assignees:
- stclair
title: AppArmor
---
AppArmor is a Linux kernel enhancement that can reduce the potential attack surface of an
@ -384,7 +384,7 @@ Specifying the default profile to apply to containers when none is provided:
- **key**: `apparmor.security.beta.kubernetes.io/defaultProfileName`
- **value**: a profile reference, described above
Specifying the list of profiles Pod containers are allowed to specify:
Specifying the list of profiles Pod containers is allowed to specify:
- **key**: `apparmor.security.beta.kubernetes.io/allowedProfileNames`
- **value**: a comma-separated list of profile references (described above)

2
docs/admin/audit.md
View File

@ -23,7 +23,7 @@ answer the following questions:
- to where was it going?
NOTE: Currently, Kubernetes provides only basic audit capabilities, there is still a lot
of work going on to provide fully featured auditing capabilities (see https://github.com/kubernetes/features/issues/22).
of work going on to provide fully featured auditing capabilities (see [this issue](https://github.com/kubernetes/features/issues/22)).
Kubernetes audit is part of [kube-apiserver](/docs/admin/kube-apiserver) logging all requests
coming to the server. Each audit log contains two entries:

23
docs/admin/authentication.md
View File

@ -4,8 +4,10 @@ assignees:
- lavalamp
- ericchiang
- deads2k
- liggitt
title: Authenticating
---
* TOC
{:toc}
@ -29,14 +31,14 @@ to talk to the Kubernetes API.
API requests are tied to either a normal user or a service account, or are treated
as anonymous requests. This means every process inside or outside the cluster, from
a human user typing `kubectl` on a workstation, to `kubelets` on nodes, to members
of the control plane, must authenticate when making requests to the the API server,
of the control plane, must authenticate when making requests to the API server,
or be treated as an anonymous user.
## Authentication strategies
Kubernetes uses client certificates, bearer tokens, an authenticating proxy, or HTTP basic auth to
authenticate API requests through authentication plugins. As HTTP request are
made to the API server plugins attempts to associate the following attributes
authenticate API requests through authentication plugins. As HTTP requests are
made to the API server, plugins attempt to associate the following attributes
with the request:
* Username: a string which identifies the end user. Common values might be `kube-admin` or `jane@example.com`.
@ -382,6 +384,13 @@ option to the API server during startup. The plugin is implemented in
`plugin/pkg/auth/authenticator/password/keystone/keystone.go` and currently uses
basic auth to verify used by username and password.
If you have configured self-signed certificates for the Keystone server,
you may need to set the `--experimental-keystone-ca-file=SOMEFILE` option when
starting the Kubernetes API server. If you set the option, the Keystone
server's certificate is verified by one of the authorities in the
`experimental-keystone-ca-file`. Otherwise, the certificate is verified by
the host's root Certificate Authority.
For details on how to use keystone to manage projects and users, refer to the
[Keystone documentation](http://docs.openstack.org/developer/keystone/). Please
note that this plugin is still experimental, under active development, and likely
@ -420,7 +429,7 @@ enterprise directory, kerberos, etc.)
### Creating Certificates
When using client certificate authentication, you can generate certificates
using an existing deployment script or manually through `easyrsa` or `openssl.``
using an existing deployment script or manually through `easyrsa` or `openssl.`
#### Using an Existing Deployment Script
@ -435,7 +444,7 @@ The script will generate three files: `ca.crt`, `server.crt`, and `server.key`.
Finally, add the following parameters into API server start parameters:
- `--client-ca-file=/srv/kubernetes/ca.crt`
- `--tls-cert-file=/srv/kubernetes/server.cert`
- `--tls-cert-file=/srv/kubernetes/server.crt`
- `--tls-private-key-file=/srv/kubernetes/server.key`
#### easyrsa
@ -459,7 +468,7 @@ Finally, add the following parameters into API server start parameters:
1. Fill in and add the following parameters into the API server start parameters:
--client-ca-file=/yourdirectory/ca.crt
--tls-cert-file=/yourdirectory/server.cert
--tls-cert-file=/yourdirectory/server.crt
--tls-private-key-file=/yourdirectory/server.key
#### openssl

25
docs/admin/authorization.md
View File

@ -2,7 +2,9 @@
assignees:
- erictune
- lavalamp
- deads2k
- liggitt
title: Using Authorization Plugins
---
In Kubernetes, authorization happens as a separate step from authentication.
@ -297,9 +299,8 @@ subjects:
name: jane
roleRef:
kind: Role
namespace: default
name: pod-reader
apiVersion: rbac.authorization.k8s.io/v1alpha1
apiGroup: rbac.authorization.k8s.io
```
`RoleBindings` may also refer to a `ClusterRole`. However, a `RoleBinding` that
@ -324,26 +325,26 @@ subjects:
roleRef:
kind: ClusterRole
name: secret-reader
apiVersion: rbac.authorization.k8s.io/v1alpha1
apiGroup: rbac.authorization.k8s.io
```
Finally a `ClusterRoleBinding` may be used to grant permissions in all
namespaces. The following `ClusterRoleBinding` allows any user in the group
"manager" to read secrets in any namepsace.
"manager" to read secrets in any namespace.
```yaml
# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace.
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1alpha1
metadata:
name: read-secrets
name: read-secrets-global
subjects:
- kind: Group # May be "User", "Group" or "ServiceAccount"
name: manager
roleRef:
kind: ClusterRole
name: secret-reader
apiVersion: rbac.authorization.k8s.io/v1alpha1
 name: secret-reader
apiGroup: rbac.authorization.k8s.io
```
### Referring to Resources
@ -565,10 +566,10 @@ Access to non-resource paths are sent as:
Non-resource paths include: `/api`, `/apis`, `/metrics`, `/resetMetrics`,
`/logs`, `/debug`, `/healthz`, `/swagger-ui/`, `/swaggerapi/`, `/ui`, and
`/version.` Clients require access to `/api`, `/api/*/`, `/apis/`, `/apis/*`,
`/apis/*/*`, and `/version` to discover what resources and versions are present
on the server. Access to other non-resource paths can be disallowed without
restricting access to the REST api.
`/version.` Clients require access to `/api`, `/api/*`, `/apis`, `/apis/*`,
and `/version` to discover what resources and versions are present on the server.
Access to other non-resource paths can be disallowed without restricting access
to the REST api.
For further documentation refer to the authorization.v1beta1 API objects and
plugin/pkg/auth/authorizer/webhook/webhook.go.

12
docs/admin/cluster-components.md
View File

@ -1,7 +1,7 @@
---
assignees:
- lavalamp
title: Kubernetes Components
---
This document outlines the various binary components that need to run to
@ -61,12 +61,12 @@ selects a node for them to run on.
### addons
Addons are pods and services that implement cluster features. They don't run on
the master VM, but currently the default setup scripts that make the API calls
to create these pods and services does run on the master VM. See:
[kube-master-addons](http://releases.k8s.io/HEAD/cluster/saltbase/salt/kube-master-addons/kube-master-addons.sh)
Addons are pods and services that implement cluster features. The pods may be managed
by Deployments, ReplicationContollers, etc. Namespaced addon objects are created in
the "kube-system" namespace.
Addon objects are created in the "kube-system" namespace.
Addon manager takes the responsibility for creating and maintaining addon resources.
See [here](http://releases.k8s.io/HEAD/cluster/addons) for more details.
#### DNS

15
docs/admin/cluster-large.md
View File

@ -1,11 +1,10 @@
---
assignees:
- davidopp
- lavalamp
---
---
assignees:
- davidopp
- lavalamp
title: Building Large Clusters
---
## Support
At {{page.version}}, Kubernetes supports clusters with up to 1000 nodes. More specifically, we support configurations that meet *all* of the following criteria:

6
docs/admin/cluster-management.md
View File

@ -2,7 +2,7 @@
assignees:
- lavalamp
- thockin
title: Cluster Management Guide
---
* TOC
@ -92,7 +92,7 @@ an extended period of time (10min but it may change in the future).
Cluster autoscaler is configured per instance group (GCE) or node pool (GKE).
If you are using GCE then you can either enable it while creating a cluster with kube-up.sh script.
To configure cluser autoscaler you have to set 3 environment variables:
To configure cluster autoscaler you have to set 3 environment variables:
* `KUBE_ENABLE_CLUSTER_AUTOSCALER` - it enables cluster autoscaler if set to true.
* `KUBE_AUTOSCALER_MIN_NODES` - minimum number of nodes in the cluster.
@ -180,7 +180,7 @@ For the purposes of these flags, _legacy_ APIs are those APIs which have been ex
The objects that are stored to disk for a cluster's internal representation of the Kubernetes resources active in the cluster are written using a particular version of the API.
When the supported API changes, these objects may need to be rewritten in the newer API. Failure to do this will eventually result in resources that are no longer decodable or usable
by the kubernetes API server.
by the Kubernetes API server.
`KUBE_API_VERSIONS` environment variable for the `kube-apiserver` binary which controls the API versions that are supported in the cluster. The first version in the list is used as the cluster's storage version. Hence, to set a specific version as the storage version, bring it to the front of list of versions in the value of `KUBE_API_VERSIONS`. You need to restart the `kube-apiserver` binary
for changes to this variable to take effect.

4
docs/admin/cluster-troubleshooting.md
View File

@ -1,7 +1,7 @@
---
assignees:
- davidopp
title: Troubleshooting Clusters
---
This doc is about cluster troubleshooting; we assume you have already ruled out your application as the root cause of the
@ -89,7 +89,7 @@ Mitigations:
- Mitigates: Apiserver VM shutdown or apiserver crashing
- Mitigates: Supporting services VM shutdown or crashes
- Action use IaaS providers reliable storage (e.g GCE PD or AWS EBS volume) for VMs with apiserver+etcd
- Action use IaaS providers reliable storage (e.g. GCE PD or AWS EBS volume) for VMs with apiserver+etcd
- Mitigates: Apiserver backing storage lost
- Action: Use (experimental) [high-availability](/docs/admin/high-availability) configuration

33
docs/admin/daemons.md
View File

@ -1,26 +1,26 @@
---
assignees:
- erictune
title: Daemon Sets
---
* TOC
{:toc}
## What is a _Daemon Set_?
## What is a DaemonSet?
A _Daemon Set_ ensures that all (or some) nodes run a copy of a pod. As nodes are added to the
A _DaemonSet_ ensures that all (or some) nodes run a copy of a pod. As nodes are added to the
cluster, pods are added to them. As nodes are removed from the cluster, those pods are garbage
collected. Deleting a Daemon Set will clean up the pods it created.
collected. Deleting a DaemonSet will clean up the pods it created.
Some typical uses of a Daemon Set are:
Some typical uses of a DaemonSet are:
- running a cluster storage daemon, such as `glusterd`, `ceph`, on each node.
- running a logs collection daemon on every node, such as `fluentd` or `logstash`.
- running a node monitoring daemon on every node, such as [Prometheus Node Exporter](
https://github.com/prometheus/node_exporter), `collectd`, New Relic agent, or Ganglia `gmond`.
In a simple case, one Daemon Set, covering all nodes, would be used for each type of daemon.
In a simple case, one DaemonSet, covering all nodes, would be used for each type of daemon.
A more complex setup might use multiple DaemonSets would be used for a single type of daemon,
but with different flags and/or different memory and cpu requests for different hardware types.
@ -74,7 +74,7 @@ a node for testing.
If you specify a `.spec.template.spec.nodeSelector`, then the DaemonSet controller will
create pods on nodes which match that [node
selector](https://github.com/kubernetes/kubernetes.github.io/tree/{{page.docsbranch}}/docs/user-guide/node-selection).
selector](/docs/user-guide/node-selection/).
If you specify a `scheduler.alpha.kubernetes.io/affinity` annotation in `.spec.template.metadata.annotations`,
then DaemonSet controller will create pods on nodes which match that [node affinity](../../user-guide/node-selection/#alpha-feature-in-kubernetes-v12-node-affinity).
@ -88,18 +88,17 @@ created by the Daemon controller have the machine already selected (`.spec.nodeN
when the pod is created, so it is ignored by the scheduler). Therefore:
- the [`unschedulable`](/docs/admin/node/#manual-node-administration) field of a node is not respected
by the daemon set controller.
- daemon set controller can make pods even when the scheduler has not been started, which can help cluster
by the DaemonSet controller.
- DaemonSet controller can make pods even when the scheduler has not been started, which can help cluster
bootstrap.
## Communicating with DaemonSet Pods
Some possible patterns for communicating with pods in a DaemonSet are:
- **Push**: Pods in the Daemon Set are configured to send updates to another service, such
- **Push**: Pods in the DaemonSet are configured to send updates to another service, such
as a stats database. They do not have clients.
- **NodeIP and Known Port**: Pods in the Daemon Set use a `hostPort`, so that the pods are reachable
via the node IPs. Clients knows the the list of nodes ips somehow, and know the port by convention.
- **NodeIP and Known Port**: Pods in the DaemonSet use a `hostPort`, so that the pods are reachable via the node IPs. Clients know the list of nodes ips somehow, and know the port by convention.
- **DNS**: Create a [headless service](/docs/user-guide/services/#headless-services) with the same pod selector,
and then discover DaemonSets using the `endpoints` resource or retrieve multiple A records from
DNS.
@ -126,11 +125,11 @@ You cannot update a DaemonSet.
Support for updating DaemonSets and controlled updating of nodes is planned.
## Alternatives to Daemon Set
## Alternatives to DaemonSet
### Init Scripts
It is certainly possible to run daemon processes by directly starting them on a node (e.g using
It is certainly possible to run daemon processes by directly starting them on a node (e.g. using
`init`, `upstartd`, or `systemd`). This is perfectly fine. However, there are several advantages to
running such processes via a DaemonSet:
@ -145,9 +144,9 @@ running such processes via a DaemonSet:
### Bare Pods
It is possible to create pods directly which specify a particular node to run on. However,
a Daemon Set replaces pods that are deleted or terminated for any reason, such as in the case of
a DaemonSet replaces pods that are deleted or terminated for any reason, such as in the case of
node failure or disruptive node maintenance, such as a kernel upgrade. For this reason, you should
use a Daemon Set rather than creating individual pods.
use a DaemonSet rather than creating individual pods.
### Static Pods
@ -159,7 +158,7 @@ in cluster bootstrapping cases. Also, static pods may be deprecated in the futu
### Replication Controller
Daemon Set are similar to [Replication Controllers](/docs/user-guide/replication-controller) in that
DaemonSet are similar to [Replication Controllers](/docs/user-guide/replication-controller) in that
they both create pods, and those pods have processes which are not expected to terminate (e.g. web servers,
storage servers).

6
docs/admin/disruptions.md
View File

@ -1,7 +1,7 @@
---
assignees:
- mml
- davidopp
title: Pod Disruption Budget
---
This guide is for anyone wishing to specify safety constraints on pods or anyone
wishing to write software (typically automation software) that respects those
@ -59,7 +59,7 @@ itself. To attempt an eviction (perhaps more REST-precisely, to attempt to
```json
{
"apiVersion": "policy/v1alpha1",
"apiVersion": "policy/v1beta1",
"kind": "Eviction",
"metadata": {
"name": "quux",

72
docs/admin/dns.md
View File

@ -3,7 +3,7 @@ assignees:
- ArtfulCoder
- davidopp
- lavalamp
title: Using DNS Pods and Services
---
## Introduction
@ -60,7 +60,7 @@ of the form `auto-generated-name.my-svc.my-namespace.svc.cluster.local`.
### Backwards compatibility
Previous versions of kube-dns made names of the for
Previous versions of kube-dns made names of the form
`my-svc.my-namespace.cluster.local` (the 'svc' level was added later). This
is no longer supported.
@ -70,14 +70,14 @@ is no longer supported.
When enabled, pods are assigned a DNS A record in the form of `pod-ip-address.my-namespace.pod.cluster.local`.
For example, a pod with ip `1.2.3.4` in the namespace `default` with a dns name of `cluster.local` would have an entry: `1-2-3-4.default.pod.cluster.local`.
For example, a pod with ip `1.2.3.4` in the namespace `default` with a DNS name of `cluster.local` would have an entry: `1-2-3-4.default.pod.cluster.local`.
#### A Records and hostname based on Pod's hostname and subdomain fields
Currently when a pod is created, its hostname is the Pod's `metadata.name` value.
With v1.2, users can specify a Pod annotation, `pod.beta.kubernetes.io/hostname`, to specify what the Pod's hostname should be.
The Pod annotation, if specified, takes precendence over the Pod's name, to be the hostname of the pod.
The Pod annotation, if specified, takes precedence over the Pod's name, to be the hostname of the pod.
For example, given a Pod with annotation `pod.beta.kubernetes.io/hostname: my-pod-name`, the Pod will have its hostname set to "my-pod-name".
With v1.3, the PodSpec has a `hostname` field, which can be used to specify the Pod's hostname. This field value takes precedence over the
@ -94,13 +94,43 @@ Example:
```yaml
apiVersion: v1
kind: Service
metadata:
name: default-subdomain
spec:
selector:
name: busybox
clusterIP: None
ports:
- name: foo # Actually, no port is needed.
port: 1234
targetPort: 1234
---
apiVersion: v1
kind: Pod
metadata:
name: busybox
namespace: default
name: busybox1
labels:
name: busybox
spec:
hostname: busybox-1
subdomain: default
subdomain: default-subdomain
containers:
- image: busybox
command:
- sleep
- "3600"
name: busybox
---
apiVersion: v1
kind: Pod
metadata:
name: busybox2
labels:
name: busybox
spec:
hostname: busybox-2
subdomain: default-subdomain
containers:
- image: busybox
command:
@ -110,11 +140,11 @@ spec:
```
If there exists a headless service in the same namespace as the pod and with the same name as the subdomain, the cluster's KubeDNS Server also returns an A record for the Pod's fully qualified hostname.
Given a Pod with the hostname set to "foo" and the subdomain set to "bar", and a headless Service named "bar" in the same namespace, the pod will see it's own FQDN as "foo.bar.my-namespace.svc.cluster.local". DNS serves an A record at that name, pointing to the Pod's IP.
Given a Pod with the hostname set to "busybox-1" and the subdomain set to "default-subdomain", and a headless Service named "default-subdomain" in the same namespace, the pod will see it's own FQDN as "busybox-1.default-subdomain.my-namespace.svc.cluster.local". DNS serves an A record at that name, pointing to the Pod's IP. Both pods "busybox1" and "busybox2" can have their distinct A records.
With v1.2, the Endpoints object also has a new annotation `endpoints.beta.kubernetes.io/hostnames-map`. Its value is the json representation of map[string(IP)][endpoints.HostRecord], for example: '{"10.245.1.6":{HostName: "my-webserver"}}'.
As of Kubernetes v1.2, the Endpoints object also has the annotation `endpoints.beta.kubernetes.io/hostnames-map`. Its value is the json representation of map[string(IP)][endpoints.HostRecord], for example: '{"10.245.1.6":{HostName: "my-webserver"}}'.
If the Endpoints are for a headless service, an A record is created with the format <hostname>.<service name>.<pod namespace>.svc.<cluster domain>
For the example json, if endpoints are for a headless service named "bar", and one of the endpoints has IP "10.245.1.6", an A is created with the name "my-webserver.bar.my-namespace.svc.cluster.local" and the A record lookup would return "10.245.1.6".
For the example json, if endpoints are for a headless service named "bar", and one of the endpoints has IP "10.245.1.6", an A record is created with the name "my-webserver.bar.my-namespace.svc.cluster.local" and the A record lookup would return "10.245.1.6".
This endpoints annotation generally does not need to be specified by end-users, but can used by the internal service controller to deliver the aforementioned feature.
With v1.3, The Endpoints object can specify the `hostname` for any endpoint, along with its IP. The hostname field takes precedence over the hostname value
@ -171,7 +201,7 @@ busybox 1/1 Running 0 <some-time>
Once that pod is running, you can exec nslookup in that environment:
```
kubectl exec busybox -- nslookup kubernetes.default
kubectl exec -ti busybox -- nslookup kubernetes.default
```
You should see something like:
@ -194,10 +224,10 @@ If the nslookup command fails, check the following:
Take a look inside the resolv.conf file. (See "Inheriting DNS from the node" and "Known issues" below for more information)
```
cat /etc/resolv.conf
kubectl exec busybox cat /etc/resolv.conf
```
Verify that the search path and name server are set up like the following (note that seach path may vary for different cloud providers):
Verify that the search path and name server are set up like the following (note that search path may vary for different cloud providers):
```
search default.svc.cluster.local svc.cluster.local cluster.local google.internal c.gce_project_id.internal
@ -210,7 +240,7 @@ options ndots:5
Errors such as the following indicate a problem with the kube-dns add-on or associated Services:
```
$ kubectl exec busybox -- nslookup kubernetes.default
$ kubectl exec -ti busybox -- nslookup kubernetes.default
Server: 10.0.0.10
Address 1: 10.0.0.10
@ -220,7 +250,7 @@ nslookup: can't resolve 'kubernetes.default'
or
```
$ kubectl exec busybox -- nslookup kubernetes.default
$ kubectl exec -ti busybox -- nslookup kubernetes.default
Server: 10.0.0.10
Address 1: 10.0.0.10 kube-dns.kube-system.svc.cluster.local
@ -244,21 +274,21 @@ kube-dns-v19-ezo1y 3/3 Running 0
...
```
If you see that no pod is running or that the pod has failed/completed, the dns add-on may not be deployed by default in your current environment and you will have to deploy it manually.
If you see that no pod is running or that the pod has failed/completed, the DNS add-on may not be deployed by default in your current environment and you will have to deploy it manually.
#### Check for Errors in the DNS pod
Use `kubectl logs` command to see logs for the DNS daemons.
```
kubectl logs --namespace=kube-system $(kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o name) -c kubedns
kubectl logs --namespace=kube-system $(kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o name) -c kube-dns
kubectl logs --namespace=kube-system $(kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o name) -c dnsmasq
kubectl logs --namespace=kube-system $(kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o name) -c healthz
```
See if there is any suspicious log. W, E, F letter at the beginning represent Warning, Error and Failure. Please search for entries that have these as the logging level and use [kubernetes issues](https://github.com/kubernetes/kubernetes/issues) to report unexpected errors.
#### Is dns service up?
#### Is DNS service up?
Verify that the DNS service is up by using the `kubectl get service` command.
@ -277,7 +307,7 @@ kube-dns 10.0.0.10 <none> 53/UDP,53/TCP 1h
If you have created the service or in the case it should be created by default but it does not appear, see this [debugging services page](http://kubernetes.io/docs/user-guide/debugging-services/) for more information.
#### Are dns endpoints exposed?
#### Are DNS endpoints exposed?
You can verify that dns endpoints are exposed by using the `kubectl get endpoints` command.
@ -348,7 +378,7 @@ some of those settings will be lost. As a partial workaround, the node can run
`dnsmasq` which will provide more `nameserver` entries, but not more `search`
entries. You can also use kubelet's `--resolv-conf` flag.
If you are using Alpine version 3.3 or earlier as your base image, dns may not
If you are using Alpine version 3.3 or earlier as your base image, DNS may not
work properly owing to a known issue with Alpine. Check [here](https://github.com/kubernetes/kubernetes/issues/30215)
for more information.
@ -356,3 +386,5 @@ for more information.
- [Docs for the DNS cluster addon](http://releases.k8s.io/{{page.githubbranch}}/build-tools/kube-dns/README.md)
## What's next
- [Autoscaling the DNS Service in a Cluster](/docs/tasks/administer-cluster/dns-horizontal-autoscaling/).

3
docs/admin/etcd.md
View File

@ -1,10 +1,9 @@
---
assignees:
- lavalamp
title: Configuring Kubernetes Use of etcd
---
[etcd](https://coreos.com/etcd/docs/2.2.1/) is a highly-available key value
store which Kubernetes uses for persistent storage of all of its REST API
objects.

58
docs/admin/federation-apiserver.md
View File

@ -1,4 +1,6 @@
---
title: federation-apiserver
notitle: true
---
## federation-apiserver
@ -20,10 +22,11 @@ federation-apiserver
### Options
```
--admission-control string Ordered list of plug-ins to do admission control of resources into cluster. Comma-delimited list of: AlwaysAdmit, AlwaysDeny, NamespaceLifecycle. (default "AlwaysAdmit")
--admission-control string Ordered list of plug-ins to do admission control of resources into cluster. Comma-delimited list of: AlwaysAdmit, AlwaysDeny, NamespaceLifecycle, OwnerReferencesPermissionEnforcement. (default "AlwaysAdmit")
--admission-control-config-file string File with admission control configuration.
--advertise-address value The IP address on which to advertise the apiserver to members of the cluster. This address must be reachable by the rest of the cluster. If blank, the --bind-address will be used. If --bind-address is unspecified, the host's default interface will be used.
--apiserver-count int The number of apiservers running in the cluster. (default 1)
--advertise-address ip The IP address on which to advertise the apiserver to members of the cluster. This address must be reachable by the rest of the cluster. If blank, the --bind-address will be used. If --bind-address is unspecified, the host's default interface will be used.
--anonymous-auth Enables anonymous requests to the secure port of the API server. Requests that are not rejected by another authentication method are treated as anonymous requests. Anonymous requests have a username of system:anonymous, and a group name of system:unauthenticated. (default true)
--apiserver-count int The number of apiservers running in the cluster. Must be a positive number. (default 1)
--audit-log-maxage int The maximum number of days to retain old audit log files based on the timestamp encoded in their filename.
--audit-log-maxbackup int The maximum number of old audit log files to retain.
--audit-log-maxsize int The maximum size in megabytes of the audit log file before it gets rotated. Defaults to 100MB.
@ -35,64 +38,71 @@ federation-apiserver
--authorization-webhook-cache-unauthorized-ttl duration The duration to cache 'unauthorized' responses from the webhook authorizer. Default is 30s. (default 30s)
--authorization-webhook-config-file string File with webhook configuration in kubeconfig format, used with --authorization-mode=Webhook. The API server will query the remote service to determine access on the API server's secure port.
--basic-auth-file string If set, the file that will be used to admit requests to the secure port of the API server via http basic authentication.
--bind-address value The IP address on which to listen for the --secure-port port. The associated interface(s) must be reachable by the rest of the cluster, and by CLI/web clients. If blank, all interfaces will be used (0.0.0.0). (default 0.0.0.0)
--bind-address ip The IP address on which to listen for the --secure-port port. The associated interface(s) must be reachable by the rest of the cluster, and by CLI/web clients. If blank, all interfaces will be used (0.0.0.0). (default 0.0.0.0)
--cert-dir string The directory where the TLS certs are located (by default /var/run/kubernetes). If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored. (default "/var/run/kubernetes")
--client-ca-file string If set, any request presenting a client certificate signed by one of the authorities in the client-ca-file is authenticated with an identity corresponding to the CommonName of the client certificate.
--cloud-config string The path to the cloud provider configuration file. Empty string for no configuration file.
--cloud-provider string The provider for cloud services. Empty string for no provider.
--cors-allowed-origins value List of allowed origins for CORS, comma separated. An allowed origin can be a regular expression to support subdomain matching. If this list is empty CORS will not be enabled. (default [])
--contention-profiling Enable contention profiling. Requires --profiling to be set to work.
--cors-allowed-origins stringSlice List of allowed origins for CORS, comma separated. An allowed origin can be a regular expression to support subdomain matching. If this list is empty CORS will not be enabled.
--delete-collection-workers int Number of workers spawned for DeleteCollection call. These are used to speed up namespace cleanup. (default 1)
--deserialization-cache-size int Number of deserialized json objects to cache in memory.
--enable-garbage-collector Enables the generic garbage collector. MUST be synced with the corresponding flag of the kube-controller-manager. (default true)
--enable-swagger-ui Enables swagger ui on the apiserver at /swagger-ui
--etcd-cafile string SSL Certificate Authority file used to secure etcd communication.
--etcd-certfile string SSL certification file used to secure etcd communication.
--etcd-keyfile string SSL key file used to secure etcd communication.
--etcd-prefix string The prefix for all resource paths in etcd. (default "/registry")
--etcd-quorum-read If true, enable quorum read.
--etcd-servers value List of etcd servers to connect with (http://ip:port), comma separated. (default [])
--etcd-servers-overrides value Per-resource etcd servers overrides, comma separated. The individual override format: group/resource#servers, where servers are http://ip:port, semicolon separated. (default [])
--etcd-servers stringSlice List of etcd servers to connect with (scheme://ip:port), comma separated.
--etcd-servers-overrides stringSlice Per-resource etcd servers overrides, comma separated. The individual override format: group/resource#servers, where servers are http://ip:port, semicolon separated.
--event-ttl duration Amount of time to retain events. Default is 1h. (default 1h0m0s)
--experimental-keystone-ca-file string If set, the Keystone server's certificate will be verified by one of the authorities in the experimental-keystone-ca-file, otherwise the host's root CA set will be used.
--experimental-keystone-url string If passed, activates the keystone authentication plugin.
--external-hostname string The hostname to use when generating externalized URLs for this master (e.g. Swagger API Docs).
--feature-gates value A set of key=value pairs that describe feature gates for alpha/experimental features. Options are:
--feature-gates mapStringBool A set of key=value pairs that describe feature gates for alpha/experimental features. Options are:
AllAlpha=true|false (ALPHA - default=false)
AllowExtTrafficLocalEndpoints=true|false (ALPHA - default=false)
AllowExtTrafficLocalEndpoints=true|false (BETA - default=true)
AppArmor=true|false (BETA - default=true)
DynamicKubeletConfig=true|false (ALPHA - default=false)
DynamicVolumeProvisioning=true|false (ALPHA - default=true)
--insecure-bind-address value The IP address on which to serve the --insecure-port (set to 0.0.0.0 for all interfaces). Defaults to localhost. (default 127.0.0.1)
ExperimentalHostUserNamespaceDefaulting=true|false (ALPHA - default=false)
StreamingProxyRedirects=true|false (ALPHA - default=false)
--insecure-allow-any-token username/group1,group2 If set, your server will be INSECURE. Any token will be allowed and user information will be parsed from the token as username/group1,group2
--insecure-bind-address ip The IP address on which to serve the --insecure-port (set to 0.0.0.0 for all interfaces). Defaults to localhost. (default 127.0.0.1)
--insecure-port int The port on which to serve unsecured, unauthenticated access. Default 8080. It is assumed that firewall rules are set up such that this port is not reachable from outside of the cluster and that port 443 on the cluster's public address is proxied to this port. This is performed by nginx in the default setup. (default 8080)
--kubernetes-service-node-port int If non-zero, the Kubernetes master service (which apiserver creates/maintains) will be of type NodePort, using this as the value of the port. If zero, the Kubernetes master service will be of type ClusterIP.
--long-running-request-regexp string A regular expression matching long running requests which should be excluded from maximum inflight request handling. (default "(/|^)((watch|proxy)(/|$)|(logs?|portforward|exec|attach)/?$)")
--master-service-namespace string The namespace from which the kubernetes master services should be injected into pods. (default "default")
--master-service-namespace string DEPRECATED: the namespace from which the kubernetes master services should be injected into pods. (default "default")
--max-requests-inflight int The maximum number of requests in flight at a given time. When the server exceeds this, it rejects requests. Zero for no limit. (default 400)
--min-request-timeout int An optional field indicating the minimum number of seconds a handler must keep a request open before timing it out. Currently only honored by the watch request handler, which picks a randomized value above this number as the connection timeout, to spread out load. (default 1800)
--oidc-ca-file string If set, the OpenID server's certificate will be verified by one of the authorities in the oidc-ca-file, otherwise the host's root CA set will be used.
--oidc-client-id string The client ID for the OpenID Connect client, must be set if oidc-issuer-url is set.
--oidc-groups-claim string If provided, the name of a custom OpenID Connect claim for specifying user groups. The claim value is expected to be an array of strings. This flag is experimental, please see the authentication documentation for further details.
--oidc-groups-claim string If provided, the name of a custom OpenID Connect claim for specifying user groups. The claim value is expected to be a string or array of strings. This flag is experimental, please see the authentication documentation for further details.
--oidc-issuer-url string The URL of the OpenID issuer, only HTTPS scheme will be accepted. If set, it will be used to verify the OIDC JSON Web Token (JWT).
--oidc-username-claim string The OpenID claim to use as the user name. Note that claims other than the default ('sub') is not guaranteed to be unique and immutable. This flag is experimental, please see the authentication documentation for further details. (default "sub")
--profiling Enable profiling via web interface host:port/debug/pprof/ (default true)
--runtime-config value A set of key=value pairs that describe runtime configuration that may be passed to apiserver. apis/<groupVersion> key can be used to turn on/off specific api versions. apis/<groupVersion>/<resource> can be used to turn on/off specific resources. api/all and api/legacy are special keys to control all and legacy api versions respectively.
--requestheader-allowed-names stringSlice List of client certificate common names to allow to provide usernames in headers specified by --requestheader-username-headers. If empty, any client certificate validated by the authorities in --requestheader-client-ca-file is allowed.
--requestheader-client-ca-file string Root certificate bundle to use to verify client certificates on incoming requests before trusting usernames in headers specified by --requestheader-username-headers
--requestheader-username-headers stringSlice List of request headers to inspect for usernames. X-Remote-User is common.
--runtime-config mapStringString A set of key=value pairs that describe runtime configuration that may be passed to apiserver. apis/<groupVersion> key can be used to turn on/off specific api versions. apis/<groupVersion>/<resource> can be used to turn on/off specific resources. api/all and api/legacy are special keys to control all and legacy api versions respectively.
--secure-port int The port on which to serve HTTPS with authentication and authorization. If 0, don't serve HTTPS at all. (default 6443)
--service-cluster-ip-range value A CIDR notation IP range from which to assign service cluster IPs. This must not overlap with any IP ranges assigned to nodes for pods.
--service-node-port-range value A port range to reserve for services with NodePort visibility. Example: '30000-32767'. Inclusive at both ends of the range. (default 30000-32767)
--service-cluster-ip-range ipNet A CIDR notation IP range from which to assign service cluster IPs. This must not overlap with any IP ranges assigned to nodes for pods.
--service-node-port-range portRange A port range to reserve for services with NodePort visibility. Example: '30000-32767'. Inclusive at both ends of the range. (default 30000-32767)
--storage-backend string The storage backend for persistence. Options: 'etcd2' (default), 'etcd3'.
--storage-media-type string The media type to use to store objects in storage. Defaults to application/json. Some resources may only support a specific media type and will ignore this setting. (default "application/json")
--storage-versions string The per-group version to store resources in. Specified in the format "group1/version1,group2/version2,...". In the case where objects are moved from one group to the other, you may specify the format "group1=group2/v1beta1,group3/v1beta1,...". You only need to pass the groups you wish to change from the defaults. It defaults to a list of preferred versions of all registered groups, which is derived from the KUBE_API_VERSIONS environment variable. (default "apps/v1alpha1,authentication.k8s.io/v1beta1,authorization.k8s.io/v1beta1,autoscaling/v1,batch/v1,certificates.k8s.io/v1alpha1,componentconfig/v1alpha1,extensions/v1beta1,federation/v1beta1,policy/v1alpha1,rbac.authorization.k8s.io/v1alpha1,storage.k8s.io/v1beta1,v1")
--storage-versions string The per-group version to store resources in. Specified in the format "group1/version1,group2/version2,...". In the case where objects are moved from one group to the other, you may specify the format "group1=group2/v1beta1,group3/v1beta1,...". You only need to pass the groups you wish to change from the defaults. It defaults to a list of preferred versions of all registered groups, which is derived from the KUBE_API_VERSIONS environment variable. (default "apps/v1beta1,authentication.k8s.io/v1beta1,authorization.k8s.io/v1beta1,autoscaling/v1,batch/v1,certificates.k8s.io/v1alpha1,componentconfig/v1alpha1,extensions/v1beta1,federation/v1beta1,policy/v1beta1,rbac.authorization.k8s.io/v1alpha1,storage.k8s.io/v1beta1,v1")
--target-ram-mb int Memory limit for apiserver in MB (used to configure sizes of caches, etc.)
--tls-cert-file string File containing x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). If HTTPS serving is enabled, and --tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate and key are generated for the public address and saved to /var/run/kubernetes.
--tls-private-key-file string File containing x509 private key matching --tls-cert-file.
--tls-ca-file string If set, this certificate authority will used for secure access from Admission Controllers. This must be a valid PEM-encoded CA bundle.
--tls-cert-file string File containing the default x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). If HTTPS serving is enabled, and --tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate and key are generated for the public address and saved to /var/run/kubernetes.
--tls-private-key-file string File containing the default x509 private key matching --tls-cert-file.
--tls-sni-cert-key namedCertKey A pair of x509 certificate and private key file paths, optionally suffixed with a list of domain patterns which are fully qualified domain names, possibly with prefixed wildcard segments. If no domain patterns are provided, the names of the certificate are extracted. Non-wildcard matches trump over wildcard matches, explicit domain patterns trump over extracted names. For multiple key/certificate pairs, use the --tls-sni-cert-key multiple times. Examples: "example.key,example.crt" or "*.foo.com,foo.com:foo.key,foo.crt". (default [])
--token-auth-file string If set, the file that will be used to secure the secure port of the API server via token authentication.
--watch-cache Enable watch caching in the apiserver (default true)
--watch-cache-sizes value List of watch cache sizes for every resource (pods, nodes, etc.), comma separated. The individual override format: resource#size, where size is a number. It takes effect when watch-cache is enabled. (default [])
--watch-cache-sizes stringSlice List of watch cache sizes for every resource (pods, nodes, etc.), comma separated. The individual override format: resource#size, where size is a number. It takes effect when watch-cache is enabled.
```
###### Auto generated by spf13/cobra on 24-Oct-2016
###### Auto generated by spf13/cobra on 13-Dec-2016
<!-- BEGIN MUNGE: GENERATED_ANALYTICS -->

16
docs/admin/federation-controller-manager.md
View File

@ -1,4 +1,6 @@
---
title: federation-controller-mananger
notitle: true
---
## federation-controller-manager
@ -23,14 +25,14 @@ federation-controller-manager
### Options
```
--address value The IP address to serve on (set to 0.0.0.0 for all interfaces) (default 0.0.0.0)
--address ip The IP address to serve on (set to 0.0.0.0 for all interfaces) (default 0.0.0.0)
--cluster-monitor-period duration The period for syncing ClusterStatus in ClusterController. (default 40s)
--concurrent-replicaset-syncs int The number of ReplicaSets syncing operations that will be done concurrently. Larger number = faster endpoint updating, but more CPU (and network) load (default 10)
--concurrent-service-syncs int The number of service syncing operations that will be done concurrently. Larger number = faster endpoint updating, but more CPU (and network) load (default 10)
--dns-provider string DNS provider. Valid values are: ["aws-route53" "google-clouddns"]
--dns-provider string DNS provider. Valid values are: ["google-clouddns" "aws-route53"]
--dns-provider-config string Path to config file for configuring DNS provider.
--federated-api-burst int Burst to use while talking with federation apiserver (default 30)
--federated-api-qps value QPS to use while talking with federation apiserver (default 20)
--federated-api-qps float32 QPS to use while talking with federation apiserver (default 20)
--federation-name string Federation name.
--kube-api-content-type string ContentType of requests sent to apiserver. Passing application/vnd.kubernetes.protobuf is an experimental feature now.
--kubeconfig string Path to kubeconfig file with authorization and master location information.
@ -41,14 +43,12 @@ federation-controller-manager
--master string The address of the federation API server (overrides any value in kubeconfig)
--port int The port that the controller-manager's http service runs on (default 10253)
--profiling Enable profiling via web interface host:port/debug/pprof/ (default true)
--service-dns-suffix string DNS Suffix to use when publishing federated service names. Defaults to zone-name
--zone-id string Zone ID, needed if the zone name is not unique.
--zone-name string Zone name, like example.com.
```
###### Auto generated by spf13/cobra on 24-Oct-2016
###### Auto generated by spf13/cobra on 13-Dec-2016
<!-- BEGIN MUNGE: GENERATED_ANALYTICS -->

83
docs/admin/federation/index.md
View File

@ -3,8 +3,9 @@ assignees:
- madhusudancs
- mml
- nikhiljindal
title: Using `federation-up` and `deploy.sh`
---
This guide explains how to set up cluster federation that lets us control multiple Kubernetes clusters.
@ -14,11 +15,11 @@ This guide explains how to set up cluster federation that lets us control multip
## Prerequisites
This guide assumes that you have a running Kubernetes cluster.
If not, then head over to the [getting started guides](/docs/getting-started-guides/) to bring up a cluster.
If you need to start a new cluster, see the [getting started guides](/docs/getting-started-guides/) for instructions on bringing a cluster up.
This guide also assumes that you have a Kubernetes release
[downloaded from here](/docs/getting-started-guides/binary_release/),
extracted into a directory and all the commands in this guide are run from
To use the commands in this guide, you must download a Kubernetes release from the
[getting started binary releases](/docs/getting-started-guides/binary_release/) and
extract into a directory; all the commands in this guide are run from
that directory.
```shell
@ -26,8 +27,8 @@ $ curl -L https://github.com/kubernetes/kubernetes/releases/download/v1.4.0/kube
$ cd kubernetes
```
This guide also assumes that you have an installation of Docker running
locally, i.e. on the machine where you run the commands described in this
You must also have a Docker installation running
locally--meaning on the machine where you run the commands described in this
guide.
## Setting up a federation control plane
@ -109,7 +110,7 @@ $ KUBE_REGISTRY="gcr.io/myrepository" federation/develop/develop.sh build_image
$ KUBE_REGISTRY="gcr.io/myrepository" federation/develop/develop.sh push
```
Note: This is going to overwite the values you might have set for
Note: This is going to overwrite the values you might have set for
`apiserverRegistry`, `apiserverVersion`, `controllerManagerRegistry` and
`controllerManagerVersion` in your `${FEDERATION_OUTPUT_ROOT}/values.yaml`
file. Hence, it is not recommend to customize these values in
@ -212,47 +213,81 @@ cluster1 Ready 3m
## Updating KubeDNS
Once the cluster is registered with the federation, you are all set to use it.
But for the cluster to be able to route federation service requests, you need to restart
KubeDNS and pass it a `--federations` flag which tells it about valid federation DNS hostnames.
Format of the flag is like this:
Once you've registered your cluster with the federation, you'll need to update KubeDNS so that your cluster can route federation service requests. The update method varies depending on your Kubernetes version; on Kubernetes 1.5 or later, you must pass the
`--federations` flag to kube-dns via the kube-dns config map. In version 1.4 or earlier, you must set the `--federations` flag directly on kube-dns-rc on other clusters.
### Kubernetes 1.5+: Passing federations flag via config map to kube-dns
For Kubernetes clusters of version 1.5+, you can pass the
`--federations` flag to kube-dns via the kube-dns config map.
The flag uses the following format:
```
--federations=${FEDERATION_NAME}=${DNS_DOMAIN_NAME}
```
To update KubeDNS with federations flag, you can edit the existing kubedns replication controller to
include that flag in pod template spec and then delete the existing pod. Replication controller will
recreate the pod with updated template.
To pass this flag to KubeDNS, create a config-map with name `kube-dns` in
namespace `kube-system`. The configmap should look like the following:
To find the name of existing kubedns replication controller, run
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: kube-dns
namespace: kube-system
data:
federations: <federation-name>=<dns-domain-name>
```
where `<federation-name>` should be replaced by the name you want to give to your
federation, and
`federation-domain-name` should be replaced by the domain name you want to use
in your federation DNS.
You can find more details about config maps in general at
http://kubernetes.io/docs/user-guide/configmap/.
### Kubernetes 1.4 and earlier: Setting federations flag on kube-dns-rc
If your cluster is running Kubernetes version 1.4 or earlier, you must to restart
KubeDNS and pass it a `--federations` flag, which tells it about valid federation DNS hostnames.
The flag uses the following format:
```
--federations=${FEDERATION_NAME}=${DNS_DOMAIN_NAME}
```
To update KubeDNS with the `--federations` flag, you can edit the existing kubedns replication controller to
include that flag in pod template spec, and then delete the existing pod. The replication controller then
recreates the pod with updated template.
To find the name of existing kubedns replication controller, run the following command:
```shell
$ kubectl get rc --namespace=kube-system
```
This will list all the replication controllers. Name of the kube-dns replication
controller will look like `kube-dns-v18`. You can then edit it by running:
You should see a list of all the replication controllers on the cluster. The kube-dns replication
controller should have a name similar to `kube-dns-v18`. To edit the replication controller, specify it by name as follows:
```shell
$ kubectl edit rc <rc-name> --namespace=kube-system
```
Add the `--federations` flag as args to kube-dns container in the YAML file that
pops up after running the above command.
In the resulting YAML file for the kube-dns replication controller, add the `--federations` flag as an argument to kube-dns container.
To delete the existing kube dns pod, you can first find it by running:
Then, you must delete the existing kube dns pod. You can find the pod by running:
```shell
$ kubectl get pods --namespace=kube-system
```
And then delete it by running:
And then delete the appropriate pod by running:
```shell
$ kubectl delete pods <pod-name> --namespace=kube-system
```
You are now all set to start using federation.
Once you've completed the kube-dns configuration, your federation is ready for use.
## Turn down
@ -317,7 +352,7 @@ $ KUBERNETES_PROVIDER=gce FEDERATION_DNS_PROVIDER=google-clouddns FEDERATION_NAM
set appropriately if it is missing and `KUBERNETES_PROVIDER` is one of `gce`, `gke` and `aws`.
This is used to resolve DNS requests for federation services. The service
controller keeps DNS records with the provider updated as services/pods are
updated in underlying kubernetes clusters.
updated in underlying Kubernetes clusters.
`FEDERATION_NAME` is a name you can choose for your federation. This is the name that will appear in DNS routes.

194
docs/admin/federation/kubefed.md Normal file
View File

@ -0,0 +1,194 @@
---
assignees:
- madhusudancs
---
* TOC
{:toc}
Kubernetes version 1.5 includes a new command line tool called
`kubefed` to help you administrate your federated clusters.
`kubefed` helps you to deploy a new Kubernetes cluster federation
control plane, and to add clusters to or remove clusters from an
existing federation control plane.
This guide explains how to administer a Kubernetes Cluster Federation
using `kubefed`.
> Note: `kubefed` is an alpha feature in Kubernetes 1.5.
## Prerequisites
This guide assumes that you have a running Kubernetes cluster. Please
see one of the [getting started](/docs/getting-started-guides/) guides
for installation instructions for your platform.
## Getting `kubefed`
Download the client tarball corresponding to Kubernetes version 1.5
or later
[from the release page](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG.md),
extract the binaries in the tarball to one of the directories
in your `$PATH` and set the executable permission on those binaries.
```shell
curl -O https://storage.googleapis.com/kubernetes-release/release/v1.5.0/kubernetes-client-linux-amd64.tar.gz
tar -xzvf kubernetes-client-linux-amd64.tar.gz
sudo cp kubernetes/client/bin/kubefed /usr/local/bin
sudo chmod +x /usr/local/bin/kubefed
sudo cp kubernetes/client/bin/kubectl /usr/local/bin
sudo chmod +x /usr/local/bin/kubectl
```
## Choosing a host cluster.
You'll need to choose one of your Kubernetes clusters to be the
*host cluster*. The host cluster hosts the components that make up
your federation control plane. Ensure that you have a `kubeconfig`
entry in your local `kubeconfig` that corresponds to the host cluster.
You can verify that you have the required `kubeconfig` entry by
running:
```shell
kubectl config get-contexts
```
The output should contain an entry corresponding to your host cluster,
similar to the following:
```
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
gke_myproject_asia-east1-b_gce-asia-east1 gke_myproject_asia-east1-b_gce-asia-east1 gke_myproject_asia-east1-b_gce-asia-east1
```
You'll need to provide the `kubeconfig` context (called name in the
entry above) for your host cluster when you deploy your federation
control plane.
## Deploying a federation control plane.
"To deploy a federation control plane on your host cluster, run
`kubefed init` command. When you use `kubefed init`, you must provide
the following:
* Federation name
* `--host-cluster-context`, the `kubeconfig` context for the host cluster
* `--dns-zone-name`, a domain name suffix for your federated services
The following example command deploys a federation control plane with
the name `fellowship`, a host cluster context `rivendell`, and the
domain suffix `example.com`:
```shell
kubefed init fellowship --host-cluster-context=rivendell --dns-zone-name="example.com"
```
The domain suffix you specify in `--dns-zone-name` must be an existing
domain that you control, and that is programmable by your DNS provider.
`kubefed init` sets up the federation control plane in the host
cluster and also adds an entry for the federation API server in your
local kubeconfig. Note that in the alpha release in Kubernetes 1.5,
`kubefed init` does not automatically set the current context to the
newly deployed federation. You can set the current context manually by
running:
```shell
kubectl config use-context fellowship
```
where `fellowship` is the name of your federation.
## Adding a cluster to a federation
Once you've deployed a federation control plane, you'll need to make
that control plane aware of the clusters it should manage. You can add
a cluster to your federation by using the `kubefed join` command.
To use `kubefed join`, you'll need to provide the name of the cluster
you want to add to the federation, and the `--host-cluster-context`
for the federation control plane's host cluster.
The following example command adds the cluster `gondor` to the
federation with host cluster `rivendell`:
```
kubefed join gondor --host-cluster-context=rivendell
```
> Note: Kubernetes requires that you manually join clusters to a
federation because the federation control plane manages only those
clusters that it is responsible for managing. Adding a cluster tells
the federation control plane that it is responsible for managing that
cluster.
### Naming rules and customization
The cluster name you supply to `kubefed join` must be a valid RFC 1035
label.
Furthermore, federation control plane requires credentials of the
joined clusters to operate on them. These credentials are obtained
from the local kubeconfig. `kubefed join` uses the cluster name
specified as the argument to look for the cluster's context in the
local kubeconfig. If it fails to find a matching context, it exits
with an error.
This might cause issues in cases where context names for each cluster
in the federation don't follow RFC 1035 label naming rules. In such
cases, you can specify a cluster name that conforms to the RFC 1035
label naming rules and specify the cluster context using the
`--cluster-context` flag. For example, if context of the cluster your
are joining is `gondor_needs-no_king`, then you can
join the cluster by running:
```shell
kubefed join gondor --host-cluster-context=rivendell --cluster-context=gondor_needs-no_king
```
#### Secret name
Cluster credentials required by the federation control plane as
described above are stored as a secret in the host cluster. The name
of the secret is also derived from the cluster name.
However, the name of a secret object in Kubernetes should conform
to the subdomain name specification described in RFC 1123. If this
isn't case, you can pass the secret name to `kubefed join` using the
`--secret-name` flag. For example, if the cluster name is `noldor` and
the secret name is `11kingdom`, you can join the cluster by
running:
```shell
kubefed join noldor --host-cluster-context=rivendell --secret-name=11kingdom
```
## Removing a cluster from a federation
To remove a cluster from a federation, run the `kubefed unjoin`
command with the cluster name and the federation's
`--host-cluster-context`:
```
kubefed unjoin gondor --host-cluster-context=rivendell
```
## Turning down the federation control plane:
Proper cleanup of federation control plane is not fully implemented in
this alpha release of `kubefed`. However, for the time being, deleting
the federation system namespace should remove all the resources except
the persistent storage volume dynamically provisioned for the
federation control plane's etcd. You can delete the federation
namespace by running the following command:
```
$ kubectl delete ns federation-system
```

6
docs/admin/garbage-collection.md
View File

@ -1,7 +1,7 @@
---
assignees:
- mikedanese
title: Configuring kubelet Garbage Collection
---
* TOC
@ -13,11 +13,11 @@ External garbage collection tools are not recommended as these tools can potenti
### Image Collection
kubernetes manages lifecycle of all images through imageManager, with the cooperation
Kubernetes manages lifecycle of all images through imageManager, with the cooperation
of cadvisor.
The policy for garbage collecting images takes two factors into consideration:
`HighThresholdPercent` and `LowThresholdPercent`. Disk usage above the the high threshold
`HighThresholdPercent` and `LowThresholdPercent`. Disk usage above the high threshold
will trigger garbage collection. The garbage collection will delete least recently used images until the low
threshold has been met.

160
docs/admin/ha-master-gce.md Normal file
View File

@ -0,0 +1,160 @@
---
assignees:
- jszczepkowski
---
* TOC
{:toc}
## Introduction
Kubernetes version 1.5 adds alpha support for replicating Kubernetes masters in `kube-up` or `kube-down` scripts for Google Compute Engine.
This document describes how to use kube-up/down scripts to manage highly available (HA) masters and how HA masters are implemented for use with GCE.
## Starting an HA-compatible cluster
To create a new HA-compatible cluster, you must set the following flags in your `kube-up` script:
* `MULTIZONE=true` - to prevent removal of master replicas kubelets from zones different than server's default zone.
Required if you want to run master replicas in different zones, which is recommended.
* `ENABLE_ETCD_QUORUM_READS=true` - to ensure that reads from all API servers will return most up-to-date data.
If true, reads will be directed to leader etcd replica.
Setting this value to true is optional: reads will be more reliable but will also be slower.
Optionally, you can specify a GCE zone where the first master replica is to be created.
Set the following flag:
* `KUBE_GCE_ZONE=zone` - zone where the first master replica will run.
The following sample command sets up a HA-compatible cluster in the GCE zone europe-west1-b:
```shell
$ MULTIZONE=true KUBE_GCE_ZONE=europe-west1-b ENABLE_ETCD_QUORUM_READS=true ./cluster/kube-up.sh
```
Note that the commands above create a cluster with one master;
however, you can add new master replicas to the cluster with subsequent commands.
## Adding a new master replica
After you have created an HA-compatible cluster, you can add master replicas to it.
You add master replicas by using a `kube-up` script with the following flags:
* `KUBE_REPLICATE_EXISTING_MASTER=true` - to create a replica of an existing
master.
* `KUBE_GCE_ZONE=zone` - zone where the master replica will run.
Must be in the same region as other replicas' zones.
You don't need to set the `MULTIZONE` or `ENABLE_ETCD_QUORUM_READS` flags,
as those are inherited from when you started your HA-compatible cluster.
The following sample command replicates the master on an existing HA-compatible cluster:
```shell
$ KUBE_GCE_ZONE=europe-west1-c KUBE_REPLICATE_EXISTING_MASTER=true ./cluster/kube-up.sh
```
## Removing a master replica
You can remove a master replica from an HA cluster by using a `kube-down` script with the following flags:
* `KUBE_DELETE_NODES=false` - to restrain deletion of kubelets.
* `KUBE_GCE_ZONE=zone` - the zone from where master replica will be removed.
* `KUBE_REPLICA_NAME=replica_name` - (optional) the name of master replica to remove.
If empty: any replica from the given zone will be removed.
The following sample command removes a master replica from an existing HA cluster:
```shell
$ KUBE_DELETE_NODES=false KUBE_GCE_ZONE=europe-west1-c ./cluster/kube-down.sh
```
## Handling master replica failures
If one of the master replicas in your HA cluster fails,
the best practice is to remove the replica from your cluster and add a new replica in the same zone.
The following sample commands demonstrate this process:
1. Remove the broken replica:
```shell
$ KUBE_DELETE_NODES=false KUBE_GCE_ZONE=replica_zone KUBE_REPLICA_NAME=replica_name ./cluster/kube-down.sh
```
2. Add a new replica in place of the old one:
```shell
$ KUBE_GCE_ZONE=replica-zone KUBE_REPLICATE_EXISTING_MASTER=true ./cluster/kube-up.sh
```
## Best practices for replicating masters for HA clusters
* Try to place masters replicas in different zones. During a zone failure, all master placed inside the zone will fail.
To survive zone failure, also place nodes in multiple zones
(see [multiple-zones](http://kubernetes.io/docs/admin/multiple-zones/) for details).
* Do not use a cluster with two master replicas. Consensus on a two replica cluster requires both replicas running when changing persistent state.
As a result, both replicas are needed and a failure of any replica turns cluster into majority failure state.
A two-replica cluster is thus inferior, in terms of HA, to a single replica cluster.
* When you add a master replica, cluster state (etcd) is copied to a new instance.
If the cluster is large, it may take a long time to duplicate its state.
This operation may be speed up by migrating etcd data directory, as described [here](https://coreos.com/etcd/docs/latest/admin_guide.html#member-migration) here
(we are considering adding support for etcd data dir migration in future).
## Implementation notes
![](ha-master-gce.png)
### Overview
Each of master replicas will run the following components in the following mode:
* etcd instance: all instances will be clustered together using consensus;
* API server: each server will talk to local etcd - all API servers in the cluster will be available;
* controllers, scheduler, and cluster auto-scaler: will use lease mechanism - only one instance of each of them will be active in the cluster;
* add-on manager: each manager will work independently trying to keep add-ons in sync.
In addition, there will be a load balancer in front of API servers that will route external and internal traffic to them.
### Load balancing
When starting the second master replica, a load balancer containing the two replicas will be created
and the IP address of the first replica will be promoted to IP address of load balancer.
Similarly, after removal of the penultimate master replica, the load balancer will be removed and its IP address will be assigned to the last remaining replica.
Please note that creation and removal of load balancer are complex operations and it may take some time (~20 minutes) for them to propagate.
### Master service & kubelets
Instead of trying to keep an up-to-date list of Kubernetes apiserver in the Kubernetes service,
the system directs all traffic to the external IP:
* in one master cluster the IP points to the single master,
* in multi-master cluster the IP points to the load balancer in-front of the masters.
Similarly, the external IP will be used by kubelets to communicate with master.
### Master certificates
Kubernetes generates Master TLS certificates for the external public IP and local IP for each replica.
There are no certificates for the ephemeral public IP for replicas;
to access a replica via its ephemeral public IP, you must skip TLS verification.
### Clustering etcd
To allow etcd clustering, ports needed to communicate between etcd instances will be opened (for inside cluster communication).
To make such deployment secure, communication between etcd instances is authorized using SSL.
## Additional reading
[Automated HA master deployment - design doc](https://github.com/kubernetes/kubernetes/blob/master/docs/design/ha_master.md)

BIN
docs/admin/ha-master-gce.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB

8
docs/admin/high-availability/index.md
View File

@ -1,7 +1,7 @@
---
---
---
title: Building High-Availability Clusters
---
## Introduction
This document describes how to build a high-availability (HA) Kubernetes cluster. This is a fairly advanced topic.

13
docs/admin/index.md
View File

@ -2,7 +2,7 @@
assignees:
- davidopp
- lavalamp
title: Admin Guide
---
The cluster admin guide is for anyone creating or administering a Kubernetes cluster.
@ -13,7 +13,7 @@ It assumes some familiarity with concepts in the [User Guide](/docs/user-guide/)
## Planning a cluster
There are many different examples of how to setup a kubernetes cluster. Many of them are listed in this
There are many different examples of how to setup a Kubernetes cluster. Many of them are listed in this
[matrix](/docs/getting-started-guides/). We call each of the combinations in this matrix a *distro*.
Before choosing a particular guide, here are some things to consider:
@ -25,12 +25,12 @@ Before choosing a particular guide, here are some things to consider:
- Will your cluster be on-premises, or in the cloud (IaaS)? Kubernetes does not directly support hybrid clusters. We
recommend setting up multiple clusters rather than spanning distant locations.
- Will you be running Kubernetes on "bare metal" or virtual machines? Kubernetes supports both, via different distros.
- Do you just want to run a cluster, or do you expect to do active development of kubernetes project code? If the
- Do you just want to run a cluster, or do you expect to do active development of Kubernetes project code? If the
latter, it is better to pick a distro actively used by other developers. Some distros only use binary releases, but
offer is a greater variety of choices.
- Not all distros are maintained as actively. Prefer ones which are listed as tested on a more recent version of
Kubernetes.
- If you are configuring kubernetes on-premises, you will need to consider what [networking
- If you are configuring Kubernetes on-premises, you will need to consider what [networking
model](/docs/admin/networking) fits best.
- If you are designing for very high-availability, you may want [clusters in multiple zones](/docs/admin/multi-cluster).
- You may want to familiarize yourself with the various
@ -84,3 +84,8 @@ project](/docs/admin/salt).
* **Sysctls** [sysctls](/docs/admin/sysctls.md)
* **Audit** [audit](/docs/admin/audit)
* **Securing the kubelet**
* [Master-Node communication](/docs/admin/master-node-communication/)
* [TLS bootstrapping](/docs/admin/kubelet-tls-bootstrapping/)
* [Kubelet authentication/authorization](/docs/admin/kubelet-authentication-authorization/)

60
docs/admin/kube-apiserver.md
View File

@ -1,4 +1,6 @@
---
title: kube-apiserver
notitle: true
---
## kube-apiserver
@ -20,11 +22,12 @@ kube-apiserver
### Options
```
--admission-control string Ordered list of plug-ins to do admission control of resources into cluster. Comma-delimited list of: AlwaysAdmit, AlwaysDeny, AlwaysPullImages, DefaultStorageClass, DenyEscalatingExec, DenyExecOnPrivileged, ImagePolicyWebhook, InitialResources, LimitPodHardAntiAffinityTopology, LimitRanger, NamespaceAutoProvision, NamespaceExists, NamespaceLifecycle, PersistentVolumeLabel, PodSecurityPolicy, ResourceQuota, SecurityContextDeny, ServiceAccount. (default "AlwaysAdmit")
--admission-control string Ordered list of plug-ins to do admission control of resources into cluster. Comma-delimited list of: AlwaysAdmit, AlwaysDeny, AlwaysPullImages, DefaultStorageClass, DenyEscalatingExec, DenyExecOnPrivileged, ImagePolicyWebhook, InitialResources, LimitPodHardAntiAffinityTopology, LimitRanger, NamespaceAutoProvision, NamespaceExists, NamespaceLifecycle, OwnerReferencesPermissionEnforcement, PersistentVolumeLabel, PodNodeSelector, PodSecurityPolicy, ResourceQuota, SecurityContextDeny, ServiceAccount. (default "AlwaysAdmit")
--admission-control-config-file string File with admission control configuration.
--advertise-address value The IP address on which to advertise the apiserver to members of the cluster. This address must be reachable by the rest of the cluster. If blank, the --bind-address will be used. If --bind-address is unspecified, the host's default interface will be used.
--advertise-address ip The IP address on which to advertise the apiserver to members of the cluster. This address must be reachable by the rest of the cluster. If blank, the --bind-address will be used. If --bind-address is unspecified, the host's default interface will be used.
--allow-privileged If true, allow privileged containers.
--apiserver-count int The number of apiservers running in the cluster. (default 1)
--anonymous-auth Enables anonymous requests to the secure port of the API server. Requests that are not rejected by another authentication method are treated as anonymous requests. Anonymous requests have a username of system:anonymous, and a group name of system:unauthenticated. (default true)
--apiserver-count int The number of apiservers running in the cluster. Must be a positive number. (default 1)
--audit-log-maxage int The maximum number of days to retain old audit log files based on the timestamp encoded in their filename.
--audit-log-maxbackup int The maximum number of old audit log files to retain.
--audit-log-maxsize int The maximum size in megabytes of the audit log file before it gets rotated. Defaults to 100MB.
@ -38,12 +41,13 @@ kube-apiserver
--authorization-webhook-cache-unauthorized-ttl duration The duration to cache 'unauthorized' responses from the webhook authorizer. Default is 30s. (default 30s)
--authorization-webhook-config-file string File with webhook configuration in kubeconfig format, used with --authorization-mode=Webhook. The API server will query the remote service to determine access on the API server's secure port.
--basic-auth-file string If set, the file that will be used to admit requests to the secure port of the API server via http basic authentication.
--bind-address value The IP address on which to listen for the --secure-port port. The associated interface(s) must be reachable by the rest of the cluster, and by CLI/web clients. If blank, all interfaces will be used (0.0.0.0). (default 0.0.0.0)
--bind-address ip The IP address on which to listen for the --secure-port port. The associated interface(s) must be reachable by the rest of the cluster, and by CLI/web clients. If blank, all interfaces will be used (0.0.0.0). (default 0.0.0.0)
--cert-dir string The directory where the TLS certs are located (by default /var/run/kubernetes). If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored. (default "/var/run/kubernetes")
--client-ca-file string If set, any request presenting a client certificate signed by one of the authorities in the client-ca-file is authenticated with an identity corresponding to the CommonName of the client certificate.
--cloud-config string The path to the cloud provider configuration file. Empty string for no configuration file.
--cloud-provider string The provider for cloud services. Empty string for no provider.
--cors-allowed-origins value List of allowed origins for CORS, comma separated. An allowed origin can be a regular expression to support subdomain matching. If this list is empty CORS will not be enabled. (default [])
--contention-profiling Enable contention profiling. Requires --profiling to be set to work.
--cors-allowed-origins stringSlice List of allowed origins for CORS, comma separated. An allowed origin can be a regular expression to support subdomain matching. If this list is empty CORS will not be enabled.
--delete-collection-workers int Number of workers spawned for DeleteCollection call. These are used to speed up namespace cleanup. (default 1)
--deserialization-cache-size int Number of deserialized json objects to cache in memory.
--enable-garbage-collector Enables the generic garbage collector. MUST be synced with the corresponding flag of the kube-controller-manager. (default true)
@ -53,62 +57,68 @@ kube-apiserver
--etcd-keyfile string SSL key file used to secure etcd communication.
--etcd-prefix string The prefix for all resource paths in etcd. (default "/registry")
--etcd-quorum-read If true, enable quorum read.
--etcd-servers value List of etcd servers to connect with (http://ip:port), comma separated. (default [])
--etcd-servers-overrides value Per-resource etcd servers overrides, comma separated. The individual override format: group/resource#servers, where servers are http://ip:port, semicolon separated. (default [])
--etcd-servers stringSlice List of etcd servers to connect with (scheme://ip:port), comma separated.
--etcd-servers-overrides stringSlice Per-resource etcd servers overrides, comma separated. The individual override format: group/resource#servers, where servers are http://ip:port, semicolon separated.
--event-ttl duration Amount of time to retain events. Default is 1h. (default 1h0m0s)
--experimental-keystone-ca-file string If set, the Keystone server's certificate will be verified by one of the authorities in the experimental-keystone-ca-file, otherwise the host's root CA set will be used.
--experimental-keystone-url string If passed, activates the keystone authentication plugin.
--external-hostname string The hostname to use when generating externalized URLs for this master (e.g. Swagger API Docs).
--feature-gates value A set of key=value pairs that describe feature gates for alpha/experimental features. Options are:
--feature-gates mapStringBool A set of key=value pairs that describe feature gates for alpha/experimental features. Options are:
AllAlpha=true|false (ALPHA - default=false)
AllowExtTrafficLocalEndpoints=true|false (ALPHA - default=false)
AllowExtTrafficLocalEndpoints=true|false (BETA - default=true)
AppArmor=true|false (BETA - default=true)
DynamicKubeletConfig=true|false (ALPHA - default=false)
DynamicVolumeProvisioning=true|false (ALPHA - default=true)
ExperimentalHostUserNamespaceDefaulting=true|false (ALPHA - default=false)
StreamingProxyRedirects=true|false (ALPHA - default=false)
--google-json-key string The Google Cloud Platform Service Account JSON Key to use for authentication.
--insecure-bind-address value The IP address on which to serve the --insecure-port (set to 0.0.0.0 for all interfaces). Defaults to localhost. (default 127.0.0.1)
--insecure-allow-any-token username/group1,group2 If set, your server will be INSECURE. Any token will be allowed and user information will be parsed from the token as username/group1,group2
--insecure-bind-address ip The IP address on which to serve the --insecure-port (set to 0.0.0.0 for all interfaces). Defaults to localhost. (default 127.0.0.1)
--insecure-port int The port on which to serve unsecured, unauthenticated access. Default 8080. It is assumed that firewall rules are set up such that this port is not reachable from outside of the cluster and that port 443 on the cluster's public address is proxied to this port. This is performed by nginx in the default setup. (default 8080)
--kubelet-certificate-authority string Path to a cert file for the certificate authority.
--kubelet-client-certificate string Path to a client cert file for TLS.
--kubelet-client-key string Path to a client key file for TLS.
--kubelet-https Use https for kubelet connections. (default true)
--kubelet-preferred-address-types stringSlice List of the preferred NodeAddressTypes to use for kubelet connections. (default [Hostname,InternalIP,ExternalIP,LegacyHostIP])
--kubelet-timeout duration Timeout for kubelet operations. (default 5s)
--kubernetes-service-node-port int If non-zero, the Kubernetes master service (which apiserver creates/maintains) will be of type NodePort, using this as the value of the port. If zero, the Kubernetes master service will be of type ClusterIP.
--long-running-request-regexp string A regular expression matching long running requests which should be excluded from maximum inflight request handling. (default "(/|^)((watch|proxy)(/|$)|(logs?|portforward|exec|attach)/?$)")
--master-service-namespace string The namespace from which the kubernetes master services should be injected into pods. (default "default")
--master-service-namespace string DEPRECATED: the namespace from which the kubernetes master services should be injected into pods. (default "default")
--max-connection-bytes-per-sec int If non-zero, throttle each user connection to this number of bytes/sec. Currently only applies to long-running requests.
--max-requests-inflight int The maximum number of requests in flight at a given time. When the server exceeds this, it rejects requests. Zero for no limit. (default 400)
--min-request-timeout int An optional field indicating the minimum number of seconds a handler must keep a request open before timing it out. Currently only honored by the watch request handler, which picks a randomized value above this number as the connection timeout, to spread out load. (default 1800)
--oidc-ca-file string If set, the OpenID server's certificate will be verified by one of the authorities in the oidc-ca-file, otherwise the host's root CA set will be used.
--oidc-client-id string The client ID for the OpenID Connect client, must be set if oidc-issuer-url is set.
--oidc-groups-claim string If provided, the name of a custom OpenID Connect claim for specifying user groups. The claim value is expected to be an array of strings. This flag is experimental, please see the authentication documentation for further details.
--oidc-groups-claim string If provided, the name of a custom OpenID Connect claim for specifying user groups. The claim value is expected to be a string or array of strings. This flag is experimental, please see the authentication documentation for further details.
--oidc-issuer-url string The URL of the OpenID issuer, only HTTPS scheme will be accepted. If set, it will be used to verify the OIDC JSON Web Token (JWT).
--oidc-username-claim string The OpenID claim to use as the user name. Note that claims other than the default ('sub') is not guaranteed to be unique and immutable. This flag is experimental, please see the authentication documentation for further details. (default "sub")
--profiling Enable profiling via web interface host:port/debug/pprof/ (default true)
--repair-malformed-updates If true, server will do its best to fix the update request to pass the validation, e.g., setting empty UID in update request to its existing value. This flag can be turned off after we fix all the clients that send malformed updates. (default true)
--runtime-config value A set of key=value pairs that describe runtime configuration that may be passed to apiserver. apis/<groupVersion> key can be used to turn on/off specific api versions. apis/<groupVersion>/<resource> can be used to turn on/off specific resources. api/all and api/legacy are special keys to control all and legacy api versions respectively.
--requestheader-allowed-names stringSlice List of client certificate common names to allow to provide usernames in headers specified by --requestheader-username-headers. If empty, any client certificate validated by the authorities in --requestheader-client-ca-file is allowed.
--requestheader-client-ca-file string Root certificate bundle to use to verify client certificates on incoming requests before trusting usernames in headers specified by --requestheader-username-headers
--requestheader-username-headers stringSlice List of request headers to inspect for usernames. X-Remote-User is common.
--runtime-config mapStringString A set of key=value pairs that describe runtime configuration that may be passed to apiserver. apis/<groupVersion> key can be used to turn on/off specific api versions. apis/<groupVersion>/<resource> can be used to turn on/off specific resources. api/all and api/legacy are special keys to control all and legacy api versions respectively.
--secure-port int The port on which to serve HTTPS with authentication and authorization. If 0, don't serve HTTPS at all. (default 6443)
--service-account-key-file string File containing PEM-encoded x509 RSA private or public key, used to verify ServiceAccount tokens. If unspecified, --tls-private-key-file is used.
--service-account-key-file stringArray File containing PEM-encoded x509 RSA or ECDSA private or public keys, used to verify ServiceAccount tokens. If unspecified, --tls-private-key-file is used. The specified file can contain multiple keys, and the flag can be specified multiple times with different files.
--service-account-lookup If true, validate ServiceAccount tokens exist in etcd as part of authentication.
--service-cluster-ip-range value A CIDR notation IP range from which to assign service cluster IPs. This must not overlap with any IP ranges assigned to nodes for pods.
--service-node-port-range value A port range to reserve for services with NodePort visibility. Example: '30000-32767'. Inclusive at both ends of the range. (default 30000-32767)
--service-cluster-ip-range ipNet A CIDR notation IP range from which to assign service cluster IPs. This must not overlap with any IP ranges assigned to nodes for pods.
--service-node-port-range portRange A port range to reserve for services with NodePort visibility. Example: '30000-32767'. Inclusive at both ends of the range. (default 30000-32767)
--ssh-keyfile string If non-empty, use secure SSH proxy to the nodes, using this user keyfile
--ssh-user string If non-empty, use secure SSH proxy to the nodes, using this user name
--storage-backend string The storage backend for persistence. Options: 'etcd2' (default), 'etcd3'.
--storage-media-type string The media type to use to store objects in storage. Defaults to application/json. Some resources may only support a specific media type and will ignore this setting. (default "application/json")
--storage-versions string The per-group version to store resources in. Specified in the format "group1/version1,group2/version2,...". In the case where objects are moved from one group to the other, you may specify the format "group1=group2/v1beta1,group3/v1beta1,...". You only need to pass the groups you wish to change from the defaults. It defaults to a list of preferred versions of all registered groups, which is derived from the KUBE_API_VERSIONS environment variable. (default "apps/v1alpha1,authentication.k8s.io/v1beta1,authorization.k8s.io/v1beta1,autoscaling/v1,batch/v1,certificates.k8s.io/v1alpha1,componentconfig/v1alpha1,extensions/v1beta1,imagepolicy.k8s.io/v1alpha1,policy/v1alpha1,rbac.authorization.k8s.io/v1alpha1,storage.k8s.io/v1beta1,v1")
--storage-versions string The per-group version to store resources in. Specified in the format "group1/version1,group2/version2,...". In the case where objects are moved from one group to the other, you may specify the format "group1=group2/v1beta1,group3/v1beta1,...". You only need to pass the groups you wish to change from the defaults. It defaults to a list of preferred versions of all registered groups, which is derived from the KUBE_API_VERSIONS environment variable. (default "apps/v1beta1,authentication.k8s.io/v1beta1,authorization.k8s.io/v1beta1,autoscaling/v1,batch/v1,certificates.k8s.io/v1alpha1,componentconfig/v1alpha1,extensions/v1beta1,imagepolicy.k8s.io/v1alpha1,policy/v1beta1,rbac.authorization.k8s.io/v1alpha1,storage.k8s.io/v1beta1,v1")
--target-ram-mb int Memory limit for apiserver in MB (used to configure sizes of caches, etc.)
--tls-cert-file string File containing x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). If HTTPS serving is enabled, and --tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate and key are generated for the public address and saved to /var/run/kubernetes.
--tls-private-key-file string File containing x509 private key matching --tls-cert-file.
--tls-ca-file string If set, this certificate authority will used for secure access from Admission Controllers. This must be a valid PEM-encoded CA bundle.
--tls-cert-file string File containing the default x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). If HTTPS serving is enabled, and --tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate and key are generated for the public address and saved to /var/run/kubernetes.
--tls-private-key-file string File containing the default x509 private key matching --tls-cert-file.
--tls-sni-cert-key namedCertKey A pair of x509 certificate and private key file paths, optionally suffixed with a list of domain patterns which are fully qualified domain names, possibly with prefixed wildcard segments. If no domain patterns are provided, the names of the certificate are extracted. Non-wildcard matches trump over wildcard matches, explicit domain patterns trump over extracted names. For multiple key/certificate pairs, use the --tls-sni-cert-key multiple times. Examples: "example.key,example.crt" or "*.foo.com,foo.com:foo.key,foo.crt". (default [])
--token-auth-file string If set, the file that will be used to secure the secure port of the API server via token authentication.
--watch-cache Enable watch caching in the apiserver (default true)
--watch-cache-sizes value List of watch cache sizes for every resource (pods, nodes, etc.), comma separated. The individual override format: resource#size, where size is a number. It takes effect when watch-cache is enabled. (default [])
--watch-cache-sizes stringSlice List of watch cache sizes for every resource (pods, nodes, etc.), comma separated. The individual override format: resource#size, where size is a number. It takes effect when watch-cache is enabled.
```
###### Auto generated by spf13/cobra on 24-Oct-2016
###### Auto generated by spf13/cobra on 13-Dec-2016
<!-- BEGIN MUNGE: GENERATED_ANALYTICS -->

73
docs/admin/kube-controller-manager.md
View File

@ -1,4 +1,6 @@
---
title: kube-controller-manager
notitle: true
---
## kube-controller-manager
@ -24,7 +26,7 @@ kube-controller-manager
### Options
```
--address value The IP address to serve on (set to 0.0.0.0 for all interfaces) (default 0.0.0.0)
--address ip The IP address to serve on (set to 0.0.0.0 for all interfaces) (default 0.0.0.0)
--allocate-node-cidrs Should CIDRs for Pods be allocated and set on the cloud provider.
--cloud-config string The path to the cloud provider configuration file. Empty string for no configuration file.
--cloud-provider string The provider for cloud services. Empty string for no provider.
@ -32,37 +34,39 @@ kube-controller-manager
--cluster-name string The instance prefix for the cluster (default "kubernetes")
--cluster-signing-cert-file string Filename containing a PEM-encoded X509 CA certificate used to issue cluster-scoped certificates (default "/etc/kubernetes/ca/ca.pem")
--cluster-signing-key-file string Filename containing a PEM-encoded RSA or ECDSA private key used to sign cluster-scoped certificates (default "/etc/kubernetes/ca/ca.key")
--concurrent-deployment-syncs value The number of deployment objects that are allowed to sync concurrently. Larger number = more responsive deployments, but more CPU (and network) load (default 5)
--concurrent-endpoint-syncs value The number of endpoint syncing operations that will be done concurrently. Larger number = faster endpoint updating, but more CPU (and network) load (default 5)
--concurrent-gc-syncs value The number of garbage collector workers that are allowed to sync concurrently. (default 20)
--concurrent-namespace-syncs value The number of namespace objects that are allowed to sync concurrently. Larger number = more responsive namespace termination, but more CPU (and network) load (default 2)
--concurrent-replicaset-syncs value The number of replica sets that are allowed to sync concurrently. Larger number = more responsive replica management, but more CPU (and network) load (default 5)
--concurrent-resource-quota-syncs value The number of resource quotas that are allowed to sync concurrently. Larger number = more responsive quota management, but more CPU (and network) load (default 5)
--concurrent-service-syncs value The number of services that are allowed to sync concurrently. Larger number = more responsive service management, but more CPU (and network) load (default 1)
--concurrent-serviceaccount-token-syncs value The number of service account token objects that are allowed to sync concurrently. Larger number = more responsive token generation, but more CPU (and network) load (default 5)
--concurrent_rc_syncs value The number of replication controllers that are allowed to sync concurrently. Larger number = more responsive replica management, but more CPU (and network) load (default 5)
--concurrent-deployment-syncs int32 The number of deployment objects that are allowed to sync concurrently. Larger number = more responsive deployments, but more CPU (and network) load (default 5)
--concurrent-endpoint-syncs int32 The number of endpoint syncing operations that will be done concurrently. Larger number = faster endpoint updating, but more CPU (and network) load (default 5)
--concurrent-gc-syncs int32 The number of garbage collector workers that are allowed to sync concurrently. (default 20)
--concurrent-namespace-syncs int32 The number of namespace objects that are allowed to sync concurrently. Larger number = more responsive namespace termination, but more CPU (and network) load (default 2)
--concurrent-replicaset-syncs int32 The number of replica sets that are allowed to sync concurrently. Larger number = more responsive replica management, but more CPU (and network) load (default 5)
--concurrent-resource-quota-syncs int32 The number of resource quotas that are allowed to sync concurrently. Larger number = more responsive quota management, but more CPU (and network) load (default 5)
--concurrent-service-syncs int32 The number of services that are allowed to sync concurrently. Larger number = more responsive service management, but more CPU (and network) load (default 1)
--concurrent-serviceaccount-token-syncs int32 The number of service account token objects that are allowed to sync concurrently. Larger number = more responsive token generation, but more CPU (and network) load (default 5)
--concurrent_rc_syncs int32 The number of replication controllers that are allowed to sync concurrently. Larger number = more responsive replica management, but more CPU (and network) load (default 5)
--configure-cloud-routes Should CIDRs allocated by allocate-node-cidrs be configured on the cloud provider. (default true)
--controller-start-interval duration Interval between starting controller managers. (default 0s)
--daemonset-lookup-cache-size value The the size of lookup cache for daemonsets. Larger number = more responsive daemonsets, but more MEM load. (default 1024)
--controller-start-interval duration Interval between starting controller managers.
--daemonset-lookup-cache-size int32 The size of lookup cache for daemonsets. Larger number = more responsive daemonsets, but more MEM load. (default 1024)
--deployment-controller-sync-period duration Period for syncing the deployments. (default 30s)
--enable-dynamic-provisioning Enable dynamic provisioning for environments that support it. (default true)
--enable-garbage-collector Enables the generic garbage collector. MUST be synced with the corresponding flag of the kube-apiserver. (default true)
--enable-hostpath-provisioner Enable HostPath PV provisioning when running without a cloud provider. This allows testing and development of provisioning features. HostPath provisioning is not supported in any way, won't work in a multi-node cluster, and should not be used for anything other than testing or development.
--feature-gates value A set of key=value pairs that describe feature gates for alpha/experimental features. Options are:
--feature-gates mapStringBool A set of key=value pairs that describe feature gates for alpha/experimental features. Options are:
AllAlpha=true|false (ALPHA - default=false)
AllowExtTrafficLocalEndpoints=true|false (ALPHA - default=false)
AllowExtTrafficLocalEndpoints=true|false (BETA - default=true)
AppArmor=true|false (BETA - default=true)
DynamicKubeletConfig=true|false (ALPHA - default=false)
DynamicVolumeProvisioning=true|false (ALPHA - default=true)
ExperimentalHostUserNamespaceDefaulting=true|false (ALPHA - default=false)
StreamingProxyRedirects=true|false (ALPHA - default=false)
--flex-volume-plugin-dir string Full path of the directory in which the flex volume plugin should search for additional third party volume plugins. (default "/usr/libexec/kubernetes/kubelet-plugins/volume/exec/")
--google-json-key string The Google Cloud Platform Service Account JSON Key to use for authentication.
--horizontal-pod-autoscaler-sync-period duration The period for syncing the number of pods in horizontal pod autoscaler. (default 30s)
--insecure-experimental-approve-all-kubelet-csrs-for-group string The group for which the controller-manager will auto approve all CSRs for kubelet client certificates.
--kube-api-burst value Burst to use while talking with kubernetes apiserver (default 30)
--kube-api-burst int32 Burst to use while talking with Kubernetes apiserver (default 30)
--kube-api-content-type string Content type of requests sent to apiserver. (default "application/vnd.kubernetes.protobuf")
--kube-api-qps value QPS to use while talking with kubernetes apiserver (default 20)
--kube-api-qps float32 QPS to use while talking with Kubernetes apiserver (default 20)
--kubeconfig string Path to kubeconfig file with authorization and master location information.
--large-cluster-size-threshold value Number of nodes from which NodeController treats the cluster as large for the eviction logic purposes. --secondary-node-eviction-rate is implicitly overridden to 0 for clusters this size or smaller. (default 50)
--large-cluster-size-threshold int32 Number of nodes from which NodeController treats the cluster as large for the eviction logic purposes. --secondary-node-eviction-rate is implicitly overridden to 0 for clusters this size or smaller. (default 50)
--leader-elect Start a leader election client and gain leadership before executing the main loop. Enable this when running replicated components for high availability. (default true)
--leader-elect-lease-duration duration The duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate. This is only applicable if leader election is enabled. (default 15s)
--leader-elect-renew-deadline duration The interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. This is only applicable if leader election is enabled. (default 10s)
@ -70,39 +74,36 @@ DynamicVolumeProvisioning=true|false (ALPHA - default=true)
--master string The address of the Kubernetes API server (overrides any value in kubeconfig)
--min-resync-period duration The resync period in reflectors will be random between MinResyncPeriod and 2*MinResyncPeriod (default 12h0m0s)
--namespace-sync-period duration The period for syncing namespace life-cycle updates (default 5m0s)
--node-cidr-mask-size value Mask size for node cidr in cluster. (default 24)
--node-eviction-rate value Number of nodes per second on which pods are deleted in case of node failure when a zone is healthy (see --unhealthy-zone-threshold for definition of healthy/unhealthy). Zone refers to entire cluster in non-multizone clusters. (default 0.1)
--node-cidr-mask-size int32 Mask size for node cidr in cluster. (default 24)
--node-eviction-rate float32 Number of nodes per second on which pods are deleted in case of node failure when a zone is healthy (see --unhealthy-zone-threshold for definition of healthy/unhealthy). Zone refers to entire cluster in non-multizone clusters. (default 0.1)
--node-monitor-grace-period duration Amount of time which we allow running Node to be unresponsive before marking it unhealthy. Must be N times more than kubelet's nodeStatusUpdateFrequency, where N means number of retries allowed for kubelet to post node status. (default 40s)
--node-monitor-period duration The period for syncing NodeStatus in NodeController. (default 5s)
--node-startup-grace-period duration Amount of time which we allow starting Node to be unresponsive before marking it unhealthy. (default 1m0s)
--node-sync-period duration The period for syncing nodes from cloudprovider. Longer periods will result in fewer calls to cloud provider, but may delay addition of new nodes to cluster. (default 10s)
--pod-eviction-timeout duration The grace period for deleting pods on failed nodes. (default 5m0s)
--port value The port that the controller-manager's http service runs on (default 10252)
--port int32 The port that the controller-manager's http service runs on (default 10252)
--profiling Enable profiling via web interface host:port/debug/pprof/ (default true)
--pv-recycler-increment-timeout-nfs value the increment of time added per Gi to ActiveDeadlineSeconds for an NFS scrubber pod (default 30)
--pv-recycler-minimum-timeout-hostpath value The minimum ActiveDeadlineSeconds to use for a HostPath Recycler pod. This is for development and testing only and will not work in a multi-node cluster. (default 60)
--pv-recycler-minimum-timeout-nfs value The minimum ActiveDeadlineSeconds to use for an NFS Recycler pod (default 300)
--pv-recycler-increment-timeout-nfs int32 the increment of time added per Gi to ActiveDeadlineSeconds for an NFS scrubber pod (default 30)
--pv-recycler-minimum-timeout-hostpath int32 The minimum ActiveDeadlineSeconds to use for a HostPath Recycler pod. This is for development and testing only and will not work in a multi-node cluster. (default 60)
--pv-recycler-minimum-timeout-nfs int32 The minimum ActiveDeadlineSeconds to use for an NFS Recycler pod (default 300)
--pv-recycler-pod-template-filepath-hostpath string The file path to a pod definition used as a template for HostPath persistent volume recycling. This is for development and testing only and will not work in a multi-node cluster.
--pv-recycler-pod-template-filepath-nfs string The file path to a pod definition used as a template for NFS persistent volume recycling
--pv-recycler-timeout-increment-hostpath value the increment of time added per Gi to ActiveDeadlineSeconds for a HostPath scrubber pod. This is for development and testing only and will not work in a multi-node cluster. (default 30)
--pv-recycler-timeout-increment-hostpath int32 the increment of time added per Gi to ActiveDeadlineSeconds for a HostPath scrubber pod. This is for development and testing only and will not work in a multi-node cluster. (default 30)
--pvclaimbinder-sync-period duration The period for syncing persistent volumes and persistent volume claims (default 15s)
--replicaset-lookup-cache-size value The the size of lookup cache for replicatsets. Larger number = more responsive replica management, but more MEM load. (default 4096)
--replication-controller-lookup-cache-size value The the size of lookup cache for replication controllers. Larger number = more responsive replica management, but more MEM load. (default 4096)
--replicaset-lookup-cache-size int32 The size of lookup cache for replicatsets. Larger number = more responsive replica management, but more MEM load. (default 4096)
--replication-controller-lookup-cache-size int32 The size of lookup cache for replication controllers. Larger number = more responsive replica management, but more MEM load. (default 4096)
--resource-quota-sync-period duration The period for syncing quota usage status in the system (default 5m0s)
--root-ca-file string If set, this root certificate authority will be included in service account's token secret. This must be a valid PEM-encoded CA bundle.
--secondary-node-eviction-rate value Number of nodes per second on which pods are deleted in case of node failure when a zone is unhealthy (see --unhealthy-zone-threshold for definition of healthy/unhealthy). Zone refers to entire cluster in non-multizone clusters. This value is implicitly overridden to 0 if the cluster size is smaller than --large-cluster-size-threshold. (default 0.01)
--service-account-private-key-file string Filename containing a PEM-encoded private RSA key used to sign service account tokens.
--route-reconciliation-period duration The period for reconciling routes created for Nodes by cloud provider. (default 10s)
--secondary-node-eviction-rate float32 Number of nodes per second on which pods are deleted in case of node failure when a zone is unhealthy (see --unhealthy-zone-threshold for definition of healthy/unhealthy). Zone refers to entire cluster in non-multizone clusters. This value is implicitly overridden to 0 if the cluster size is smaller than --large-cluster-size-threshold. (default 0.01)
--service-account-private-key-file string Filename containing a PEM-encoded private RSA or ECDSA key used to sign service account tokens.
--service-cluster-ip-range string CIDR Range for Services in cluster.
--service-sync-period duration The period for syncing services with their external load balancers (default 5m0s)
--terminated-pod-gc-threshold value Number of terminated pods that can exist before the terminated pod garbage collector starts deleting terminated pods. If <= 0, the terminated pod garbage collector is disabled. (default 12500)
--unhealthy-zone-threshold value Fraction of Nodes in a zone which needs to be not Ready (minimum 3) for zone to be treated as unhealthy. (default 0.55)
--terminated-pod-gc-threshold int32 Number of terminated pods that can exist before the terminated pod garbage collector starts deleting terminated pods. If <= 0, the terminated pod garbage collector is disabled. (default 12500)
--unhealthy-zone-threshold float32 Fraction of Nodes in a zone which needs to be not Ready (minimum 3) for zone to be treated as unhealthy. (default 0.55)
--use-service-account-credentials If true, use individual service account credentials for each controller.
```
###### Auto generated by spf13/cobra on 24-Oct-2016
###### Auto generated by spf13/cobra on 13-Dec-2016
<!-- BEGIN MUNGE: GENERATED_ANALYTICS -->

40
docs/admin/kube-proxy.md
View File

@ -1,4 +1,6 @@
---
title: kube-proxy
notitle: true
---
## kube-proxy
@ -23,42 +25,42 @@ kube-proxy
### Options
```
--bind-address value The IP address for the proxy server to serve on (set to 0.0.0.0 for all interfaces) (default 0.0.0.0)
--bind-address ip The IP address for the proxy server to serve on (set to 0.0.0.0 for all interfaces) (default 0.0.0.0)
--cleanup-iptables If true cleanup iptables rules and exit.
--cluster-cidr string The CIDR range of pods in the cluster. It is used to bridge traffic coming from outside of the cluster. If not provided, no off-cluster bridging will be performed.
--config-sync-period duration How often configuration from the apiserver is refreshed. Must be greater than 0. (default 15m0s)
--conntrack-max-per-core value Maximum number of NAT connections to track per CPU core (0 to leave the limit as-is and ignore conntrack-min). (default 32768)
--conntrack-min value Minimum number of conntrack entries to allocate, regardless of conntrack-max-per-core (set conntrack-max-per-core=0 to leave the limit as-is). (default 131072)
--conntrack-max-per-core int32 Maximum number of NAT connections to track per CPU core (0 to leave the limit as-is and ignore conntrack-min). (default 32768)
--conntrack-min int32 Minimum number of conntrack entries to allocate, regardless of conntrack-max-per-core (set conntrack-max-per-core=0 to leave the limit as-is). (default 131072)
--conntrack-tcp-timeout-close-wait duration NAT timeout for TCP connections in the CLOSE_WAIT state (default 1h0m0s)
--conntrack-tcp-timeout-established duration Idle timeout for established TCP connections (0 to leave as-is) (default 24h0m0s)
--feature-gates value A set of key=value pairs that describe feature gates for alpha/experimental features. Options are:
--feature-gates mapStringBool A set of key=value pairs that describe feature gates for alpha/experimental features. Options are:
AllAlpha=true|false (ALPHA - default=false)
AllowExtTrafficLocalEndpoints=true|false (ALPHA - default=false)
AllowExtTrafficLocalEndpoints=true|false (BETA - default=true)
AppArmor=true|false (BETA - default=true)
DynamicKubeletConfig=true|false (ALPHA - default=false)
DynamicVolumeProvisioning=true|false (ALPHA - default=true)
ExperimentalHostUserNamespaceDefaulting=true|false (ALPHA - default=false)
StreamingProxyRedirects=true|false (ALPHA - default=false)
--google-json-key string The Google Cloud Platform Service Account JSON Key to use for authentication.
--healthz-bind-address value The IP address for the health check server to serve on, defaulting to 127.0.0.1 (set to 0.0.0.0 for all interfaces) (default 127.0.0.1)
--healthz-port value The port to bind the health check server. Use 0 to disable. (default 10249)
--healthz-bind-address ip The IP address for the health check server to serve on, defaulting to 127.0.0.1 (set to 0.0.0.0 for all interfaces) (default 127.0.0.1)
--healthz-port int32 The port to bind the health check server. Use 0 to disable. (default 10249)
--hostname-override string If non-empty, will use this string as identification instead of the actual hostname.
--iptables-masquerade-bit value If using the pure iptables proxy, the bit of the fwmark space to mark packets requiring SNAT with. Must be within the range [0, 31]. (default 14)
--iptables-sync-period duration How often iptables rules are refreshed (e.g. '5s', '1m', '2h22m'). Must be greater than 0. (default 30s)
--kube-api-burst value Burst to use while talking with kubernetes apiserver (default 10)
--iptables-masquerade-bit int32 If using the pure iptables proxy, the bit of the fwmark space to mark packets requiring SNAT with. Must be within the range [0, 31]. (default 14)
--iptables-min-sync-period duration The minimum interval of how often the iptables rules can be refreshed as endpoints and services change (e.g. '5s', '1m', '2h22m').
--iptables-sync-period duration The maximum interval of how often iptables rules are refreshed (e.g. '5s', '1m', '2h22m'). Must be greater than 0. (default 30s)
--kube-api-burst int32 Burst to use while talking with Kubernetes apiserver (default 10)
--kube-api-content-type string Content type of requests sent to apiserver. (default "application/vnd.kubernetes.protobuf")
--kube-api-qps value QPS to use while talking with kubernetes apiserver (default 5)
--kube-api-qps float32 QPS to use while talking with Kubernetes apiserver (default 5)
--kubeconfig string Path to kubeconfig file with authorization information (the master location is set by the master flag).
--masquerade-all If using the pure iptables proxy, SNAT everything
--master string The address of the Kubernetes API server (overrides any value in kubeconfig)
--oom-score-adj value The oom-score-adj value for kube-proxy process. Values must be within the range [-1000, 1000] (default -999)
--proxy-mode value Which proxy mode to use: 'userspace' (older) or 'iptables' (faster). If blank, look at the Node object on the Kubernetes API and respect the 'net.experimental.kubernetes.io/proxy-mode' annotation if provided. Otherwise use the best-available proxy (currently iptables). If the iptables proxy is selected, regardless of how, but the system's kernel or iptables versions are insufficient, this always falls back to the userspace proxy.
--proxy-port-range value Range of host ports (beginPort-endPort, inclusive) that may be consumed in order to proxy service traffic. If unspecified (0-0) then ports will be randomly chosen.
--oom-score-adj int32 The oom-score-adj value for kube-proxy process. Values must be within the range [-1000, 1000] (default -999)
--proxy-mode ProxyMode Which proxy mode to use: 'userspace' (older) or 'iptables' (faster). If blank, look at the Node object on the Kubernetes API and respect the 'net.experimental.kubernetes.io/proxy-mode' annotation if provided. Otherwise use the best-available proxy (currently iptables). If the iptables proxy is selected, regardless of how, but the system's kernel or iptables versions are insufficient, this always falls back to the userspace proxy.
--proxy-port-range port-range Range of host ports (beginPort-endPort, inclusive) that may be consumed in order to proxy service traffic. If unspecified (0-0) then ports will be randomly chosen.
--udp-timeout duration How long an idle UDP connection will be kept open (e.g. '250ms', '2s'). Must be greater than 0. Only applicable for proxy-mode=userspace (default 250ms)
```
###### Auto generated by spf13/cobra on 24-Oct-2016
###### Auto generated by spf13/cobra on 13-Dec-2016
<!-- BEGIN MUNGE: GENERATED_ANALYTICS -->

22
docs/admin/kube-scheduler.md
View File

@ -1,4 +1,6 @@
---
title: kube-scheduler
notitle: true
---
## kube-scheduler
@ -24,19 +26,21 @@ kube-scheduler
```
--address string The IP address to serve on (set to 0.0.0.0 for all interfaces) (default "0.0.0.0")
--algorithm-provider string The scheduling algorithm provider to use, one of: DefaultProvider | ClusterAutoscalerProvider (default "DefaultProvider")
--algorithm-provider string The scheduling algorithm provider to use, one of: ClusterAutoscalerProvider | DefaultProvider (default "DefaultProvider")
--failure-domains string Indicate the "all topologies" set for an empty topologyKey when it's used for PreferredDuringScheduling pod anti-affinity. (default "kubernetes.io/hostname,failure-domain.beta.kubernetes.io/zone,failure-domain.beta.kubernetes.io/region")
--feature-gates value A set of key=value pairs that describe feature gates for alpha/experimental features. Options are:
--feature-gates mapStringBool A set of key=value pairs that describe feature gates for alpha/experimental features. Options are:
AllAlpha=true|false (ALPHA - default=false)
AllowExtTrafficLocalEndpoints=true|false (ALPHA - default=false)
AllowExtTrafficLocalEndpoints=true|false (BETA - default=true)
AppArmor=true|false (BETA - default=true)
DynamicKubeletConfig=true|false (ALPHA - default=false)
DynamicVolumeProvisioning=true|false (ALPHA - default=true)
ExperimentalHostUserNamespaceDefaulting=true|false (ALPHA - default=false)
StreamingProxyRedirects=true|false (ALPHA - default=false)
--google-json-key string The Google Cloud Platform Service Account JSON Key to use for authentication.
--hard-pod-affinity-symmetric-weight int RequiredDuringScheduling affinity is not symmetric, but there is an implicit PreferredDuringScheduling affinity rule corresponding to every RequiredDuringScheduling affinity rule. --hard-pod-affinity-symmetric-weight represents the weight of implicit PreferredDuringScheduling affinity rule. (default 1)
--kube-api-burst value Burst to use while talking with kubernetes apiserver (default 100)
--kube-api-burst int32 Burst to use while talking with Kubernetes apiserver (default 100)
--kube-api-content-type string Content type of requests sent to apiserver. (default "application/vnd.kubernetes.protobuf")
--kube-api-qps value QPS to use while talking with kubernetes apiserver (default 50)
--kube-api-qps float32 QPS to use while talking with Kubernetes apiserver (default 50)
--kubeconfig string Path to kubeconfig file with authorization and master location information.
--leader-elect Start a leader election client and gain leadership before executing the main loop. Enable this when running replicated components for high availability. (default true)
--leader-elect-lease-duration duration The duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate. This is only applicable if leader election is enabled. (default 15s)
@ -44,16 +48,12 @@ DynamicVolumeProvisioning=true|false (ALPHA - default=true)
--leader-elect-retry-period duration The duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable if leader election is enabled. (default 2s)
--master string The address of the Kubernetes API server (overrides any value in kubeconfig)
--policy-config-file string File with scheduler policy configuration
--port value The port that the scheduler's http service runs on (default 10251)
--port int32 The port that the scheduler's http service runs on (default 10251)
--profiling Enable profiling via web interface host:port/debug/pprof/ (default true)
--scheduler-name string Name of the scheduler, used to select which pods will be processed by this scheduler, based on pod's annotation with key 'scheduler.alpha.kubernetes.io/name' (default "default-scheduler")
```
###### Auto generated by spf13/cobra on 24-Oct-2016
###### Auto generated by spf13/cobra on 13-Dec-2016
<!-- BEGIN MUNGE: GENERATED_ANALYTICS -->

102
docs/admin/kubeadm.md
View File

@ -4,10 +4,9 @@ assignees:
- luxas
- errordeveloper
- jbeda
title: kubeadm reference
---
This document provides information on how to use kubeadm's advanced options.
Running `kubeadm init` bootstraps a Kubernetes cluster. This consists of the
@ -82,7 +81,7 @@ of the box. You can specify a cloud provider using `--cloud-provider`.
Valid values are the ones supported by `controller-manager`, namely `"aws"`,
`"azure"`, `"cloudstack"`, `"gce"`, `"mesos"`, `"openstack"`, `"ovirt"`,
`"rackspace"`, `"vsphere"`. In order to provide additional configuration for
the cloud provider, you should create a `/etc/kubernetes/cloud-config.json`
the cloud provider, you should create a `/etc/kubernetes/cloud-config`
file manually, before running `kubeadm init`. `kubeadm` automatically
picks those settings up and ensures other nodes are configured correctly.
You must also set the `--cloud-provider` and `--cloud-config` parameters
@ -141,10 +140,10 @@ By default, `kubeadm init` automatically generates the token used to initialise
each new node. If you would like to manually specify this token, you can use the
`--token` flag. The token must be of the format `<6 character string>.<16 character string>`.
- `--use-kubernetes-version` (default 'v1.4.4') the kubernetes version to initialise
- `--use-kubernetes-version` (default 'v1.5.1') the kubernetes version to initialise
`kubeadm` was originally built for Kubernetes version **v1.4.0**, older versions are not
supported. With this flag you can try any future version, e.g. **v1.5.0-beta.1**
supported. With this flag you can try any future version, e.g. **v1.6.0-beta.1**
whenever it comes out (check [releases page](https://github.com/kubernetes/kubernetes/releases)
for a full list of available versions).
@ -168,6 +167,59 @@ necessary.
By default, when `kubeadm init` runs, a token is generated and revealed in the output.
That's the token you should use here.
## Using kubeadm with a configuration file
WARNING: kubeadm is in alpha and the configuration API syntax will likely change before GA.
It's possible to configure kubeadm with a configuration file instead of command line flags, and some more advanced features may only be
available as configuration file options.
### Sample Master Configuration
```yaml
apiVersion: kubeadm.k8s.io/v1alpha1
kind: MasterConfiguration
api:
advertiseAddresses:
- <address1|string>
- <address2|string>
bindPort: <int>
externalDNSNames:
- <dnsname1|string>
- <dnsname2|string>
cloudProvider: <string>
discovery:
bindPort: <int>
etcd:
endpoints:
- <endpoint1|string>
- <endpoint2|string>
caFile: <path|string>
certFile: <path|string>
keyFile: <path|string>
kubernetesVersion: <string>
networking:
dnsDomain: <string>
serviceSubnet: <cidr>
podSubnet: <cidr>
secrets:
givenToken: <token|string>
```
### Sample Node Configuration
```yaml
apiVersion: kubeadm.k8s.io/v1alpha1
kind: NodeConfiguration
apiPort: <int>
discoveryPort: <int>
masterAddresses:
- <master1>
secrets:
givenToken: <token|string>
```
## Automating kubeadm
Rather than copying the token you obtained from `kubeadm init` to each node, as
@ -175,13 +227,12 @@ in the basic `kubeadm` tutorials, you can parallelize the token distribution for
easier automation. To implement this automation, you must know the IP address
that the master will have after it is started.
1. Generate a token. This token must have the form `<6 character string>.<16
character string>`
1. Generate a token. This token must have the form `<6 character string>.<16 character string>`.
Here is a simple python one-liner for this:
Kubeadm can pre-generate a token for you:
```
python -c 'import random; print "%0x.%0x" % (random.SystemRandom().getrandbits(3*8), random.SystemRandom().getrandbits(8*8))'
```console
$ kubeadm token generate
```
1. Start both the master node and the worker nodes concurrently with this token. As they come up they should find each other and form the cluster.
@ -191,6 +242,7 @@ Once the cluster is up, you can grab the admin credentials from the master node
## Environment variables
There are some environment variables that modify the way that `kubeadm` works. Most users will have no need to set these.
These environment variables are a short-term solution, eventually they will be integrated in the kubeadm configuration file.
| Variable | Default | Description |
| --- | --- | --- |
@ -200,36 +252,10 @@ There are some environment variables that modify the way that `kubeadm` works.
| `KUBE_HYPERKUBE_IMAGE` | `` | If set, use a single hyperkube image with this name. If not set, individual images per server component will be used. |
| `KUBE_DISCOVERY_IMAGE` | `gcr.io/google_containers/kube-discovery-<arch>:1.0` | The bootstrap discovery helper image to use. |
| `KUBE_ETCD_IMAGE` | `gcr.io/google_containers/etcd-<arch>:2.2.5` | The etcd container image to use. |
| `KUBE_COMPONENT_LOGLEVEL` | `--v=4` | Logging configuration for all Kubernetes components |
| `KUBE_REPO_PREFIX` | `gcr.io/google_containers` | The image prefix for all images that are used. |
## Releases and release notes
If you already have kubeadm installed and want to upgrade, run `apt-get update && apt-get upgrade` or `yum update` to get the latest version of kubeadm.
- Second release between v1.4 and v1.5: `v1.5.0-alpha.2.421+a6bea3d79b8bba`
- Switch to the 10.96.0.0/12 subnet: [#35290](https://github.com/kubernetes/kubernetes/pull/35290)
- Fix kubeadm on AWS by including /etc/ssl/certs in the controller-manager [#33681](https://github.com/kubernetes/kubernetes/pull/33681)
- The API was refactored and is now componentconfig: [#33728](https://github.com/kubernetes/kubernetes/pull/33728), [#34147](https://github.com/kubernetes/kubernetes/pull/34147) and [#34555](https://github.com/kubernetes/kubernetes/pull/34555)
- Allow kubeadm to get config options from a file: [#34501](https://github.com/kubernetes/kubernetes/pull/34501), [#34885](https://github.com/kubernetes/kubernetes/pull/34885) and [#34891](https://github.com/kubernetes/kubernetes/pull/34891)
- Implement preflight checks: [#34341](https://github.com/kubernetes/kubernetes/pull/34341) and [#35843](https://github.com/kubernetes/kubernetes/pull/35843)
- Using kubernetes v1.4.4 by default: [#34419](https://github.com/kubernetes/kubernetes/pull/34419) and [#35270](https://github.com/kubernetes/kubernetes/pull/35270)
- Make api and discovery ports configurable and default to 6443: [#34719](https://github.com/kubernetes/kubernetes/pull/34719)
- Implement kubeadm reset: [#34807](https://github.com/kubernetes/kubernetes/pull/34807)
- Make kubeadm poll/wait for endpoints instead of directly fail when the master isn't available [#34703](https://github.com/kubernetes/kubernetes/pull/34703) and [#34718](https://github.com/kubernetes/kubernetes/pull/34718)
- Allow empty directories in the directory preflight check: [#35632](https://github.com/kubernetes/kubernetes/pull/35632)
- Started adding unit tests: [#35231](https://github.com/kubernetes/kubernetes/pull/35231), [#35326](https://github.com/kubernetes/kubernetes/pull/35326) and [#35332](https://github.com/kubernetes/kubernetes/pull/35332)
- Various enhancements: [#35075](https://github.com/kubernetes/kubernetes/pull/35075), [#35111](https://github.com/kubernetes/kubernetes/pull/35111), [#35119](https://github.com/kubernetes/kubernetes/pull/35119), [#35124](https://github.com/kubernetes/kubernetes/pull/35124), [#35265](https://github.com/kubernetes/kubernetes/pull/35265) and [#35777](https://github.com/kubernetes/kubernetes/pull/35777)
- Bug fixes: [#34352](https://github.com/kubernetes/kubernetes/pull/34352), [#34558](https://github.com/kubernetes/kubernetes/pull/34558), [#34573](https://github.com/kubernetes/kubernetes/pull/34573), [#34834](https://github.com/kubernetes/kubernetes/pull/34834), [#34607](https://github.com/kubernetes/kubernetes/pull/34607), [#34907](https://github.com/kubernetes/kubernetes/pull/34907) and [#35796](https://github.com/kubernetes/kubernetes/pull/35796)
- Initial v1.4 release: `v1.5.0-alpha.0.1534+cf7301f16c0363`
## Troubleshooting
* Some users on RHEL/CentOS 7 have reported issues with traffic being routed incorrectly due to iptables being bypassed. You should ensure `net.bridge.bridge-nf-call-iptables` is set to 1 in your sysctl config, eg.
```
# cat /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
```
Refer to the [CHANGELOG.md](https://github.com/kubernetes/kubeadm/blob/master/CHANGELOG.md) for more information.

87
docs/admin/kubelet-authentication-authorization.md Normal file
View File

@ -0,0 +1,87 @@
---
assignees:
- liggitt
title: Kubelet authentication/authorization
---
* TOC
{:toc}
## Overview
A kubelet's HTTPS endpoint exposes APIs which give access to data of varying sensitivity,
and allow you to perform operations with varying levels of power on the node and within containers.
This document describes how to authenticate and authorize access to the kubelet's HTTPS endpoint.
## Kubelet authentication
By default, requests to the kubelet's HTTPS endpoint that are not rejected by other configured
authentication methods are treated as anonymous requests, and given a username of `system:anonymous`
and a group of `system:unauthenticated`.
To disable anonymous access and send `401 Unauthorized` responses to unauthenticated requests:
* start the kubelet with the `--anonymous-auth=false` flag
To enable X509 client certificate authentication to the kubelet's HTTPS endpoint:
* start the kubelet with the `--client-ca-file` flag, providing a CA bundle to verify client certificates with
* start the apiserver with `--kubelet-client-certificate` and `--kubelet-client-key` flags
* see the [apiserver authentication documentation](/docs/admin/authentication/#x509-client-certs) for more details
To enable API bearer tokens (including service account tokens) to be used to authenticate to the kubelet's HTTPS endpoint:
* ensure the `authentication.k8s.io/v1beta1` API group is enabled in the API server
* start the kubelet with the `--authentication-token-webhook`, `--kubeconfig`, and `--require-kubeconfig` flags
* the kubelet calls the `TokenReview` API on the configured API server to determine user information from bearer tokens
## Kubelet authorization
Any request that is successfully authenticated (including an anonymous request) is then authorized. The default authorization mode is `AlwaysAllow`, which allows all requests.
There are many possible reasons to subdivide access to the kubelet API:
* anonymous auth is enabled, but anonymous users' ability to call the kubelet API should be limited
* bearer token auth is enabled, but arbitrary API users' (like service accounts) ability to call the kubelet API should be limited
* client certificate auth is enabled, but only some of the client certificates signed by the configured CA should be allowed to use the kubelet API
To subdivide access to the kubelet API, delegate authorization to the API server:
* ensure the `authorization.k8s.io/v1beta1` API group is enabled in the API server
* start the kubelet with the `--authorization-mode=Webhook`, `--kubeconfig`, and `--require-kubeconfig` flags
* the kubelet calls the `SubjectAccessReview` API on the configured API server to determine whether each request is authorized
The kubelet authorizes API requests using the same [request attributes](/docs/admin/authorization/#request-attributes) approach as the apiserver.
The verb is determined from the incoming request's HTTP verb:
HTTP verb | request verb
----------|---------------
POST | create
GET, HEAD | get
PUT | update
PATCH | patch
DELETE | delete
The resource and subresource is determined from the incoming request's path:
Kubelet API | resource | subresource
-------------|----------|------------
/stats/\* | nodes | stats
/metrics/\* | nodes | metrics
/logs/\* | nodes | log
/spec/\* | nodes | spec
*all others* | nodes | proxy
The namespace and API group attributes are always an empty string, and
the resource name is always the name of the kubelet's `Node` API object.
When running in this mode, ensure the user identified by the `--kubelet-client-certificate` and `--kubelet-client-key`
flags passed to the apiserver is authorized for the following attributes:
* verb=\*, resource=nodes, subresource=proxy
* verb=\*, resource=nodes, subresource=stats
* verb=\*, resource=nodes, subresource=log
* verb=\*, resource=nodes, subresource=spec
* verb=\*, resource=nodes, subresource=metrics

96
docs/admin/kubelet-tls-bootstrapping.md Normal file
View File

@ -0,0 +1,96 @@
---
assignees:
- mikedanese
title: TLS bootstrapping
---
* TOC
{:toc}
## Overview
This document describes how to set up TLS client certificate bootstrapping for kubelets.
Kubernetes 1.4 introduces an experimental API for requesting certificates from a cluster-level
Certificate Authority (CA). The first supported use of this API is the provisioning of TLS client
certificates for kubelets. The proposal can be found [here](https://github.com/kubernetes/kubernetes/pull/20439)
and progress on the feature is being tracked as [feature #43](https://github.com/kubernetes/features/issues/43).
## apiserver configuration
You must provide a token file which specifies at least one "bootstrap token" assigned to a kubelet bootstrap-specific group.
This group will later be used in the controller-manager configuration to scope approvals in the default approval
controller. As this feature matures, you should ensure tokens are bound to an RBAC policy which limits requests
using the bootstrap token to only be able to make requests related to certificate provisioning. When RBAC policy
is in place, scoping the tokens to a group will allow great flexibility (e.g. you could disable a particular
bootstrap group's access when you are done provisioning the nodes).
### Token auth file
Tokens are arbitrary but should represent at least 128 bits of entropy derived from a secure random number
generator (such as /dev/urandom on most modern systems). There are multiple ways you can generate a token. For example:
`head -c 16 /dev/urandom | od -An -t x | tr -d ' '`
will generate tokens that look like `02b50b05283e98dd0fd71db496ef01e8`
The token file will look like the following example, where the first three values can be anything and the quoted group
name should be as depicted:
```
02b50b05283e98dd0fd71db496ef01e8,kubelet-bootstrap,10001,"system:kubelet-bootstrap"
```
Add the `--token-auth-file=FILENAME` flag to the apiserver command to enable the token file.
See docs at http://kubernetes.io/docs/admin/authentication/#static-token-file for further details.
### Client certificate CA bundle
Add the `--client-ca-file=FILENAME` flag to the apiserver command to enable client certificate authentication,
referencing a certificate authority bundle containing the signing certificate.
## controller-manager configuration
The API for requesting certificates adds a certificate-issuing control loop to the KCM. This takes the form of a
[cfssl](https://blog.cloudflare.com/introducing-cfssl/) local signer using assets on disk.
Currently, all certificates issued have one year validity and a default set of key usages.
### Signing assets
You must provide a Certificate Authority in order to provide the cryptographic materials necessary to issue certificates.
This CA should be trusted by the apiserver for authentication with the `--client-ca-file=SOMEFILE` flag. The management
of the CA is beyond the scope of this document but it is recommended that you generate a dedicated CA for Kubernetes.
Both certificate and key are assumed to be PEM-encoded.
The new controller-manager flags are:
```
--cluster-signing-cert-file="/etc/path/to/kubernetes/ca/ca.crt" --cluster-signing-key-file="/etc/path/to/kubernetes/ca/ca.key"
```
### Auto-approval
To ease deployment and testing, the alpha version of the certificate request API includes a flag to approve all certificate
requests made by users in a certain group. The intended use of this is to whitelist only the group corresponding to the bootstrap
token in the token file above. Use of this flag circumvents makes the "approval" process described below and is not recommended
for production use.
The flag is:
```
--insecure-experimental-approve-all-kubelet-csrs-for-group="system:kubelet-bootstrap"
```
## kubelet configuration
To use request a client cert from the certificate request API, the kubelet needs a path to a kubeconfig file that contains the
bootstrap auth token. If the file specified by `--kubeconfig` does not exist, the bootstrap kubeconfig is used to request a
client certificate from the API server. On success, a kubeconfig file referencing the generated key and obtained certificate
is written to the path specified by `--kubeconfig`. The certificate and key file will be stored in the directory pointed
by `--cert-dir`. The new flag is:
```
--experimental-bootstrap-kubeconfig="/path/to/bootstrap/kubeconfig"
```
## kubectl approval
The signing controller does not immediately sign all certificate requests. Instead, it waits until they have been flagged with an
"Approved" status by an appropriately-privileged user. This is intended to eventually be an automated process handled by an external
approval controller, but for the alpha version of the API it can be done manually by a cluster administrator using kubectl.
An administrator can list CSRs with `kubectl get csr`, describe one in detail with `kubectl describe <name>`. There are
[currently no direct approve/deny commands](https://github.com/kubernetes/kubernetes/issues/30163) so an approver will need to update
the Status field directly. A rough example of how to do this in bash which should only be used until the porcelain merges is available
at [https://github.com/gtank/csrctl](https://github.com/gtank/csrctl).

237
docs/admin/kubelet.md
View File

@ -1,4 +1,6 @@
---
title: Overview
notitle: true
---
## kubelet
@ -15,7 +17,7 @@ various mechanisms (primarily through the apiserver) and ensures that the contai
described in those PodSpecs are running and healthy. The kubelet doesn't manage
containers which were not created by Kubernetes.
Other than from an PodSpec from the apiserver, there are three ways that a container
Other than from a PodSpec from the apiserver, there are three ways that a container
manifest can be provided to the Kubelet.
File: Path passed as a flag on the command line. This file is rechecked every 20
@ -34,123 +36,134 @@ kubelet
### Options
```
--address value The IP address for the Kubelet to serve on (set to 0.0.0.0 for all interfaces) (default 0.0.0.0)
--allow-privileged If true, allow containers to request privileged mode. [default=false]
--cadvisor-port value The port of the localhost cAdvisor endpoint (default 4194)
--cert-dir string The directory where the TLS certs are located (by default /var/run/kubernetes). If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored. (default "/var/run/kubernetes")
--cgroup-root string Optional root cgroup to use for pods. This is handled by the container runtime on a best effort basis. Default: '', which means use the container runtime default.
--chaos-chance float If > 0.0, introduce random client errors and latency. Intended for testing. [default=0.0]
--cloud-config string The path to the cloud provider configuration file. Empty string for no configuration file.
--cloud-provider string The provider for cloud services. By default, kubelet will attempt to auto-detect the cloud provider. Specify empty string for running with no cloud provider. [default=auto-detect] (default "auto-detect")
--cluster-dns string IP address for a cluster DNS server. This value is used for containers' DNS server in case of Pods with "dnsPolicy=ClusterFirst"
--cluster-domain string Domain for this cluster. If set, kubelet will configure all containers to search this domain in addition to the host's search domains
--cni-bin-dir string <Warning: Alpha feature> The full path of the directory in which to search for CNI plugin binaries. Default: /opt/cni/bin
--cni-conf-dir string <Warning: Alpha feature> The full path of the directory in which to search for CNI config files. Default: /etc/cni/net.d
--container-runtime string The container runtime to use. Possible values: 'docker', 'rkt'. Default: 'docker'. (default "docker")
--container-runtime-endpoint string The unix socket endpoint of remote runtime service. If not empty, this option will override --container-runtime. This is an experimental feature. Intended for testing only.
--containerized Experimental support for running kubelet in a container. Intended for testing. [default=false]
--cpu-cfs-quota Enable CPU CFS quota enforcement for containers that specify CPU limits (default true)
--docker-endpoint string Use this for the docker endpoint to communicate with (default "unix:///var/run/docker.sock")
--docker-exec-handler string Handler to use when executing a command in a container. Valid values are 'native' and 'nsenter'. Defaults to 'native'. (default "native")
--enable-controller-attach-detach Enables the Attach/Detach controller to manage attachment/detachment of volumes scheduled to this node, and disables kubelet from executing any attach/detach operations (default true)
--enable-custom-metrics Support for gathering custom metrics.
--enable-debugging-handlers Enables server endpoints for log collection and local running of containers and commands (default true)
--enable-server Enable the Kubelet's server (default true)
--event-burst value Maximum size of a bursty event records, temporarily allows event records to burst to this number, while still not exceeding event-qps. Only used if --event-qps > 0 (default 10)
--event-qps value If > 0, limit event creations per second to this value. If 0, unlimited. (default 5)
--eviction-hard string A set of eviction thresholds (e.g. memory.available<1Gi) that if met would trigger a pod eviction. (default "memory.available<100Mi")
--eviction-max-pod-grace-period value Maximum allowed grace period (in seconds) to use when terminating pods in response to a soft eviction threshold being met. If negative, defer to pod specified value.
--eviction-minimum-reclaim string A set of minimum reclaims (e.g. imagefs.available=2Gi) that describes the minimum amount of resource the kubelet will reclaim when performing a pod eviction if that resource is under pressure.
--eviction-pressure-transition-period duration Duration for which the kubelet has to wait before transitioning out of an eviction pressure condition. (default 5m0s)
--eviction-soft string A set of eviction thresholds (e.g. memory.available<1.5Gi) that if met over a corresponding grace period would trigger a pod eviction.
--eviction-soft-grace-period string A set of eviction grace periods (e.g. memory.available=1m30s) that correspond to how long a soft eviction threshold must hold before triggering a pod eviction.
--exit-on-lock-contention Whether kubelet should exit upon lock-file contention.
--experimental-allowed-unsafe-sysctls value Comma-separated whitelist of unsafe sysctls or unsafe sysctl patterns (ending in *). Use these at your own risk. (default [])
--experimental-bootstrap-kubeconfig string <Warning: Experimental feature> Path to a kubeconfig file that will be used to get client certificate for kubelet. If the file specified by --kubeconfig does not exist, the bootstrap kubeconfig is used to request a client certificate from the API server. On success, a kubeconfig file referencing the generated key and obtained certificate is written to the path specified by --kubeconfig. The certificate and key file will be stored in the directory pointed by --cert-dir.
--experimental-nvidia-gpus value Number of NVIDIA GPU devices on this node. Only 0 (default) and 1 are currently supported.
--feature-gates value A set of key=value pairs that describe feature gates for alpha/experimental features. Options are:
--address ip The IP address for the Kubelet to serve on (set to 0.0.0.0 for all interfaces) (default 0.0.0.0)
--allow-privileged If true, allow containers to request privileged mode. [default=false]
--anonymous-auth Enables anonymous requests to the Kubelet server. Requests that are not rejected by another authentication method are treated as anonymous requests. Anonymous requests have a username of system:anonymous, and a group name of system:unauthenticated. (default true)
--authentication-token-webhook Use the TokenReview API to determine authentication for bearer tokens.
--authentication-token-webhook-cache-ttl duration The duration to cache responses from the webhook token authenticator. (default 2m0s)
--authorization-mode string Authorization mode for Kubelet server. Valid options are AlwaysAllow or Webhook. Webhook mode uses the SubjectAccessReview API to determine authorization. (default "AlwaysAllow")
--authorization-webhook-cache-authorized-ttl duration The duration to cache 'authorized' responses from the webhook authorizer. (default 5m0s)
--authorization-webhook-cache-unauthorized-ttl duration The duration to cache 'unauthorized' responses from the webhook authorizer. (default 30s)
--cadvisor-port int32 The port of the localhost cAdvisor endpoint (default 4194)
--cert-dir string The directory where the TLS certs are located (by default /var/run/kubernetes). If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored. (default "/var/run/kubernetes")
--cgroup-driver string Driver that the kubelet uses to manipulate cgroups on the host. Possible values: 'cgroupfs', 'systemd' (default "cgroupfs")
--cgroup-root string Optional root cgroup to use for pods. This is handled by the container runtime on a best effort basis. Default: '', which means use the container runtime default.
--chaos-chance float If > 0.0, introduce random client errors and latency. Intended for testing. [default=0.0]
--client-ca-file string If set, any request presenting a client certificate signed by one of the authorities in the client-ca-file is authenticated with an identity corresponding to the CommonName of the client certificate.
--cloud-config string The path to the cloud provider configuration file. Empty string for no configuration file.
--cloud-provider string The provider for cloud services. By default, kubelet will attempt to auto-detect the cloud provider. Specify empty string for running with no cloud provider. [default=auto-detect] (default "auto-detect")
--cluster-dns string IP address for a cluster DNS server. This value is used for containers' DNS server in case of Pods with "dnsPolicy=ClusterFirst"
--cluster-domain string Domain for this cluster. If set, kubelet will configure all containers to search this domain in addition to the host's search domains
--cni-bin-dir string <Warning: Alpha feature> The full path of the directory in which to search for CNI plugin binaries. Default: /opt/cni/bin
--cni-conf-dir string <Warning: Alpha feature> The full path of the directory in which to search for CNI config files. Default: /etc/cni/net.d
--container-runtime string The container runtime to use. Possible values: 'docker', 'rkt'. Default: 'docker'. (default "docker")
--container-runtime-endpoint string [Experimental] The unix socket endpoint of remote runtime service. The endpoint is used only when CRI integration is enabled (--experimental-cri)
--containerized Experimental support for running kubelet in a container. Intended for testing. [default=false]
--cpu-cfs-quota Enable CPU CFS quota enforcement for containers that specify CPU limits (default true)
--docker-endpoint string Use this for the docker endpoint to communicate with (default "unix:///var/run/docker.sock")
--docker-exec-handler string Handler to use when executing a command in a container. Valid values are 'native' and 'nsenter'. Defaults to 'native'. (default "native")
--enable-controller-attach-detach Enables the Attach/Detach controller to manage attachment/detachment of volumes scheduled to this node, and disables kubelet from executing any attach/detach operations (default true)
--enable-custom-metrics Support for gathering custom metrics.
--enable-debugging-handlers Enables server endpoints for log collection and local running of containers and commands (default true)
--enable-server Enable the Kubelet's server (default true)
--event-burst int32 Maximum size of a bursty event records, temporarily allows event records to burst to this number, while still not exceeding event-qps. Only used if --event-qps > 0 (default 10)
--event-qps int32 If > 0, limit event creations per second to this value. If 0, unlimited. (default 5)
--eviction-hard string A set of eviction thresholds (e.g. memory.available<1Gi) that if met would trigger a pod eviction. (default "memory.available<100Mi")
--eviction-max-pod-grace-period int32 Maximum allowed grace period (in seconds) to use when terminating pods in response to a soft eviction threshold being met. If negative, defer to pod specified value.
--eviction-minimum-reclaim string A set of minimum reclaims (e.g. imagefs.available=2Gi) that describes the minimum amount of resource the kubelet will reclaim when performing a pod eviction if that resource is under pressure.
--eviction-pressure-transition-period duration Duration for which the kubelet has to wait before transitioning out of an eviction pressure condition. (default 5m0s)
--eviction-soft string A set of eviction thresholds (e.g. memory.available<1.5Gi) that if met over a corresponding grace period would trigger a pod eviction.
--eviction-soft-grace-period string A set of eviction grace periods (e.g. memory.available=1m30s) that correspond to how long a soft eviction threshold must hold before triggering a pod eviction.
--exit-on-lock-contention Whether kubelet should exit upon lock-file contention.
--experimental-allowed-unsafe-sysctls stringSlice Comma-separated whitelist of unsafe sysctls or unsafe sysctl patterns (ending in *). Use these at your own risk.
--experimental-bootstrap-kubeconfig string <Warning: Experimental feature> Path to a kubeconfig file that will be used to get client certificate for kubelet. If the file specified by --kubeconfig does not exist, the bootstrap kubeconfig is used to request a client certificate from the API server. On success, a kubeconfig file referencing the generated key and obtained certificate is written to the path specified by --kubeconfig. The certificate and key file will be stored in the directory pointed by --cert-dir.
--experimental-cgroups-per-qos Enable creation of QoS cgroup hierarchy, if true top level QoS and pod cgroups are created.
--experimental-check-node-capabilities-before-mount [Experimental] if set true, the kubelet will check the underlying node for required components (binaries, etc.) before performing the mount
--experimental-cri [Experimental] Enable the Container Runtime Interface (CRI) integration. If --container-runtime is set to "remote", Kubelet will communicate with the runtime/image CRI server listening on the endpoint specified by --remote-runtime-endpoint/--remote-image-endpoint. If --container-runtime is set to "docker", Kubelet will launch a in-process CRI server on behalf of docker, and communicate over a default endpoint.
--experimental-fail-swap-on Makes the Kubelet fail to start if swap is enabled on the node. This is a temporary option to maintain legacy behavior, failing due to swap enabled will happen by default in v1.6.
--experimental-kernel-memcg-notification If enabled, the kubelet will integrate with the kernel memcg notification to determine if memory eviction thresholds are crossed rather than polling.
--experimental-mounter-path string [Experimental] Path of mounter binary. Leave empty to use the default mount.
--experimental-nvidia-gpus int32 Number of NVIDIA GPU devices on this node. Only 0 (default) and 1 are currently supported.
--feature-gates string A set of key=value pairs that describe feature gates for alpha/experimental features. Options are:
AllAlpha=true|false (ALPHA - default=false)
AllowExtTrafficLocalEndpoints=true|false (ALPHA - default=false)
AllowExtTrafficLocalEndpoints=true|false (BETA - default=true)
AppArmor=true|false (BETA - default=true)
DynamicKubeletConfig=true|false (ALPHA - default=false)
DynamicVolumeProvisioning=true|false (ALPHA - default=true)
--file-check-frequency duration Duration between checking config files for new data (default 20s)
--google-json-key string The Google Cloud Platform Service Account JSON Key to use for authentication.
--hairpin-mode string How should the kubelet setup hairpin NAT. This allows endpoints of a Service to loadbalance back to themselves if they should try to access their own Service. Valid values are "promiscuous-bridge", "hairpin-veth" and "none". (default "promiscuous-bridge")
--healthz-bind-address value The IP address for the healthz server to serve on, defaulting to 127.0.0.1 (set to 0.0.0.0 for all interfaces) (default 127.0.0.1)
--healthz-port value The port of the localhost healthz endpoint (default 10248)
--host-ipc-sources value Comma-separated list of sources from which the Kubelet allows pods to use the host ipc namespace. [default="*"] (default [*])
--host-network-sources value Comma-separated list of sources from which the Kubelet allows pods to use of host network. [default="*"] (default [*])
--host-pid-sources value Comma-separated list of sources from which the Kubelet allows pods to use the host pid namespace. [default="*"] (default [*])
--hostname-override string If non-empty, will use this string as identification instead of the actual hostname.
--http-check-frequency duration Duration between checking http for new data (default 20s)
--image-gc-high-threshold value The percent of disk usage after which image garbage collection is always run. Default: 90% (default 90)
--image-gc-low-threshold value The percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. Default: 80% (default 80)
--image-service-endpoint string The unix socket endpoint of remote image service. If not specified, it will be the same with container-runtime-endpoint by default. This is an experimental feature. Intended for testing only.
--iptables-drop-bit value The bit of the fwmark space to mark packets for dropping. Must be within the range [0, 31]. (default 15)
--iptables-masquerade-bit value The bit of the fwmark space to mark packets for SNAT. Must be within the range [0, 31]. Please match this parameter with corresponding parameter in kube-proxy. (default 14)
--kube-api-burst value Burst to use while talking with kubernetes apiserver (default 10)
--kube-api-content-type string Content type of requests sent to apiserver. (default "application/vnd.kubernetes.protobuf")
--kube-api-qps value QPS to use while talking with kubernetes apiserver (default 5)
--kube-reserved value A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs that describe resources reserved for kubernetes system components. Currently only cpu and memory are supported. See http://releases.k8s.io/release-1.4/docs/user-guide/compute-resources.md for more detail. [default=none]
--kubeconfig value Path to a kubeconfig file, specifying how to connect to the API server. --api-servers will be used for the location unless --require-kubeconfig is set. (default "/var/lib/kubelet/kubeconfig")
--kubelet-cgroups string Optional absolute name of cgroups to create and run the Kubelet in.
--lock-file string <Warning: Alpha feature> The path to file for kubelet to use as a lock file.
--low-diskspace-threshold-mb value The absolute free disk space, in MB, to maintain. When disk space falls below this threshold, new pods would be rejected. Default: 256 (default 256)
--make-iptables-util-chains If true, kubelet will ensure iptables utility rules are present on host. (default true)
--manifest-url string URL for accessing the container manifest
--manifest-url-header string HTTP header to use when accessing the manifest URL, with the key separated from the value with a ':', as in 'key:value'
--master-service-namespace string The namespace from which the kubernetes master services should be injected into pods (default "default")
--max-open-files int Number of files that can be opened by Kubelet process. [default=1000000] (default 1000000)
--max-pods value Number of Pods that can run on this Kubelet. (default 110)
--minimum-image-ttl-duration duration Minimum age for an unused image before it is garbage collected. Examples: '300ms', '10s' or '2h45m'. Default: '2m' (default 2m0s)
--network-plugin string <Warning: Alpha feature> The name of the network plugin to be invoked for various events in kubelet/pod lifecycle
--network-plugin-dir string <Warning: Alpha feature> The full path of the directory in which to search for network plugins or CNI config
--network-plugin-mtu value <Warning: Alpha feature> The MTU to be passed to the network plugin, to override the default. Set to 0 to use the default 1460 MTU.
--node-ip string IP address of the node. If set, kubelet will use this IP address for the node
--node-labels value <Warning: Alpha feature> Labels to add when registering the node in the cluster. Labels must be key=value pairs separated by ','.
--node-status-update-frequency duration Specifies how often kubelet posts node status to master. Note: be cautious when changing the constant, it must work with nodeMonitorGracePeriod in nodecontroller. Default: 10s (default 10s)
--non-masquerade-cidr string Traffic to IPs outside this range will use IP masquerade. (default "10.0.0.0/8")
--oom-score-adj value The oom-score-adj value for kubelet process. Values must be within the range [-1000, 1000] (default -999)
--outofdisk-transition-frequency duration Duration for which the kubelet has to wait before transitioning out of out-of-disk node condition status. Default: 5m0s (default 5m0s)
--pod-cidr string The CIDR to use for pod IP addresses, only used in standalone mode. In cluster mode, this is obtained from the master.
--pod-infra-container-image string The image whose network/ipc namespaces containers in each pod will use. (default "gcr.io/google_containers/pause-amd64:3.0")
--pod-manifest-path string Path to to the directory containing pod manifest files to run, or the path to a single pod manifest file.
--pods-per-core value Number of Pods per core that can run on this Kubelet. The total number of Pods on this Kubelet cannot exceed max-pods, so max-pods will be used if this calculation results in a larger number of Pods allowed on the Kubelet. A value of 0 disables this limit.
--port value The port for the Kubelet to serve on. (default 10250)
--protect-kernel-defaults Default kubelet behaviour for kernel tuning. If set, kubelet errors if any of kernel tunables is different than kubelet defaults.
--read-only-port value The read-only port for the Kubelet to serve on with no authentication/authorization (set to 0 to disable) (default 10255)
--really-crash-for-testing If true, when panics occur crash. Intended for testing.
--reconcile-cidr Reconcile node CIDR with the CIDR specified by the API server. No-op if register-node or configure-cbr0 is false. [default=true] (default true)
--register-node Register the node with the apiserver (defaults to true if --api-servers is set) (default true)
--register-schedulable Register the node as schedulable. No-op if register-node is false. [default=true] (default true)
--registry-burst value Maximum size of a bursty pulls, temporarily allows pulls to burst to this number, while still not exceeding registry-qps. Only used if --registry-qps > 0 (default 10)
--registry-qps value If > 0, limit registry pull QPS to this value. If 0, unlimited. [default=5.0] (default 5)
--require-kubeconfig If true the Kubelet will exit if there are configuration errors, and will ignore the value of --api-servers in favor of the server defined in the kubeconfig file.
--resolv-conf string Resolver configuration file used as the basis for the container DNS resolution configuration. (default "/etc/resolv.conf")
--rkt-api-endpoint string The endpoint of the rkt API service to communicate with. Only used if --container-runtime='rkt'. (default "localhost:15441")
--rkt-path string Path of rkt binary. Leave empty to use the first rkt in $PATH. Only used if --container-runtime='rkt'.
--root-dir string Directory path for managing kubelet files (volume mounts,etc). (default "/var/lib/kubelet")
--runonce If true, exit after spawning pods from local manifests or remote urls. Exclusive with --api-servers, and --enable-server
--runtime-cgroups string Optional absolute name of cgroups to create and run the runtime in.
--runtime-request-timeout duration Timeout of all runtime requests except long running request - pull, logs, exec and attach. When timeout exceeded, kubelet will cancel the request, throw out an error and retry later. Default: 2m0s (default 2m0s)
--seccomp-profile-root string Directory path for seccomp profiles.
--serialize-image-pulls Pull images one at a time. We recommend *not* changing the default value on nodes that run docker daemon with version < 1.9 or an Aufs storage backend. Issue #10959 has more details. [default=true] (default true)
--streaming-connection-idle-timeout duration Maximum time a streaming connection can be idle before the connection is automatically closed. 0 indicates no timeout. Example: '5m' (default 4h0m0s)
--sync-frequency duration Max period between synchronizing running containers and config (default 1m0s)
--system-cgroups / Optional absolute name of cgroups in which to place all non-kernel processes that are not already inside a cgroup under /. Empty for no container. Rolling back the flag requires a reboot. (Default: "").
--system-reserved value A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs that describe resources reserved for non-kubernetes components. Currently only cpu and memory are supported. See http://releases.k8s.io/release-1.4/docs/user-guide/compute-resources.md for more detail. [default=none]
--tls-cert-file string File containing x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). If --tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate and key are generated for the public address and saved to the directory passed to --cert-dir.
--tls-private-key-file string File containing x509 private key matching --tls-cert-file.
--volume-plugin-dir string <Warning: Alpha feature> The full path of the directory in which to search for additional third party volume plugins (default "/usr/libexec/kubernetes/kubelet-plugins/volume/exec/")
--volume-stats-agg-period duration Specifies interval for kubelet to calculate and cache the volume disk usage for all pods and volumes. To disable volume calculations, set to 0. Default: '1m' (default 1m0s)
ExperimentalHostUserNamespaceDefaulting=true|false (ALPHA - default=false)
StreamingProxyRedirects=true|false (ALPHA - default=false)
--file-check-frequency duration Duration between checking config files for new data (default 20s)
--google-json-key string The Google Cloud Platform Service Account JSON Key to use for authentication.
--hairpin-mode string How should the kubelet setup hairpin NAT. This allows endpoints of a Service to loadbalance back to themselves if they should try to access their own Service. Valid values are "promiscuous-bridge", "hairpin-veth" and "none". (default "promiscuous-bridge")
--healthz-bind-address ip The IP address for the healthz server to serve on, defaulting to 127.0.0.1 (set to 0.0.0.0 for all interfaces) (default 127.0.0.1)
--healthz-port int32 The port of the localhost healthz endpoint (default 10248)
--host-ipc-sources stringSlice Comma-separated list of sources from which the Kubelet allows pods to use the host ipc namespace. [default="*"] (default [*])
--host-network-sources stringSlice Comma-separated list of sources from which the Kubelet allows pods to use of host network. [default="*"] (default [*])
--host-pid-sources stringSlice Comma-separated list of sources from which the Kubelet allows pods to use the host pid namespace. [default="*"] (default [*])
--hostname-override string If non-empty, will use this string as identification instead of the actual hostname.
--http-check-frequency duration Duration between checking http for new data (default 20s)
--image-gc-high-threshold int32 The percent of disk usage after which image garbage collection is always run. Default: 90% (default 90)
--image-gc-low-threshold int32 The percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. Default: 80% (default 80)
--image-service-endpoint string [Experimental] The unix socket endpoint of remote image service. If not specified, it will be the same with container-runtime-endpoint by default. The endpoint is used only when CRI integration is enabled (--experimental-cri)
--iptables-drop-bit int32 The bit of the fwmark space to mark packets for dropping. Must be within the range [0, 31]. (default 15)
--iptables-masquerade-bit int32 The bit of the fwmark space to mark packets for SNAT. Must be within the range [0, 31]. Please match this parameter with corresponding parameter in kube-proxy. (default 14)
--kube-api-burst int32 Burst to use while talking with Kubernetes apiserver (default 10)
--kube-api-content-type string Content type of requests sent to apiserver. (default "application/vnd.kubernetes.protobuf")
--kube-api-qps int32 QPS to use while talking with Kubernetes apiserver (default 5)
--kube-reserved mapStringString A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs that describe resources reserved for kubernetes system components. Currently only cpu and memory are supported. See http://kubernetes.io/docs/user-guide/compute-resources for more detail. [default=none]
--kubeconfig string Path to a kubeconfig file, specifying how to connect to the API server. --api-servers will be used for the location unless --require-kubeconfig is set. (default "/var/lib/kubelet/kubeconfig")
--kubelet-cgroups string Optional absolute name of cgroups to create and run the Kubelet in.
--lock-file string <Warning: Alpha feature> The path to file for kubelet to use as a lock file.
--low-diskspace-threshold-mb int32 The absolute free disk space, in MB, to maintain. When disk space falls below this threshold, new pods would be rejected. Default: 256 (default 256)
--make-iptables-util-chains If true, kubelet will ensure iptables utility rules are present on host. (default true)
--manifest-url string URL for accessing the container manifest
--manifest-url-header string HTTP header to use when accessing the manifest URL, with the key separated from the value with a ':', as in 'key:value'
--master-service-namespace string The namespace from which the Kubernetes master services should be injected into pods (default "default")
--max-open-files int Number of files that can be opened by Kubelet process. [default=1000000] (default 1000000)
--max-pods int32 Number of Pods that can run on this Kubelet. (default 110)
--minimum-image-ttl-duration duration Minimum age for an unused image before it is garbage collected. Examples: '300ms', '10s' or '2h45m'. Default: '2m' (default 2m0s)
--network-plugin string <Warning: Alpha feature> The name of the network plugin to be invoked for various events in kubelet/pod lifecycle
--network-plugin-dir string <Warning: Alpha feature> The full path of the directory in which to search for network plugins or CNI config
--network-plugin-mtu int32 <Warning: Alpha feature> The MTU to be passed to the network plugin, to override the default. Set to 0 to use the default 1460 MTU.
--node-ip string IP address of the node. If set, kubelet will use this IP address for the node
--node-labels mapStringString <Warning: Alpha feature> Labels to add when registering the node in the cluster. Labels must be key=value pairs separated by ','.
--node-status-update-frequency duration Specifies how often kubelet posts node status to master. Note: be cautious when changing the constant, it must work with nodeMonitorGracePeriod in nodecontroller. Default: 10s (default 10s)
--non-masquerade-cidr string Traffic to IPs outside this range will use IP masquerade. (default "10.0.0.0/8")
--oom-score-adj int32 The oom-score-adj value for kubelet process. Values must be within the range [-1000, 1000] (default -999)
--outofdisk-transition-frequency duration Duration for which the kubelet has to wait before transitioning out of out-of-disk node condition status. Default: 5m0s (default 5m0s)
--pod-cidr string The CIDR to use for pod IP addresses, only used in standalone mode. In cluster mode, this is obtained from the master.
--pod-infra-container-image string The image whose network/ipc namespaces containers in each pod will use. (default "gcr.io/google_containers/pause-amd64:3.0")
--pod-manifest-path string Path to to the directory containing pod manifest files to run, or the path to a single pod manifest file.
--pods-per-core int32 Number of Pods per core that can run on this Kubelet. The total number of Pods on this Kubelet cannot exceed max-pods, so max-pods will be used if this calculation results in a larger number of Pods allowed on the Kubelet. A value of 0 disables this limit.
--port int32 The port for the Kubelet to serve on. (default 10250)
--protect-kernel-defaults Default kubelet behaviour for kernel tuning. If set, kubelet errors if any of kernel tunables is different than kubelet defaults.
--read-only-port int32 The read-only port for the Kubelet to serve on with no authentication/authorization (set to 0 to disable) (default 10255)
--really-crash-for-testing If true, when panics occur crash. Intended for testing.
--register-node Register the node with the apiserver (defaults to true if --api-servers is set) (default true)
--register-schedulable Register the node as schedulable. Won't have any effect if register-node is false. [default=true] (default true)
--registry-burst int32 Maximum size of a bursty pulls, temporarily allows pulls to burst to this number, while still not exceeding registry-qps. Only used if --registry-qps > 0 (default 10)
--registry-qps int32 If > 0, limit registry pull QPS to this value. If 0, unlimited. [default=5.0] (default 5)
--require-kubeconfig If true the Kubelet will exit if there are configuration errors, and will ignore the value of --api-servers in favor of the server defined in the kubeconfig file.
--resolv-conf string Resolver configuration file used as the basis for the container DNS resolution configuration. (default "/etc/resolv.conf")
--rkt-api-endpoint string The endpoint of the rkt API service to communicate with. Only used if --container-runtime='rkt'. (default "localhost:15441")
--rkt-path string Path of rkt binary. Leave empty to use the first rkt in $PATH. Only used if --container-runtime='rkt'.
--root-dir string Directory path for managing kubelet files (volume mounts,etc). (default "/var/lib/kubelet")
--runonce If true, exit after spawning pods from local manifests or remote urls. Exclusive with --api-servers, and --enable-server
--runtime-cgroups string Optional absolute name of cgroups to create and run the runtime in.
--runtime-request-timeout duration Timeout of all runtime requests except long running request - pull, logs, exec and attach. When timeout exceeded, kubelet will cancel the request, throw out an error and retry later. Default: 2m0s (default 2m0s)
--seccomp-profile-root string Directory path for seccomp profiles. (default "/var/lib/kubelet/seccomp")
--serialize-image-pulls Pull images one at a time. We recommend *not* changing the default value on nodes that run docker daemon with version < 1.9 or an Aufs storage backend. Issue #10959 has more details. [default=true] (default true)
--streaming-connection-idle-timeout duration Maximum time a streaming connection can be idle before the connection is automatically closed. 0 indicates no timeout. Example: '5m' (default 4h0m0s)
--sync-frequency duration Max period between synchronizing running containers and config (default 1m0s)
--system-cgroups / Optional absolute name of cgroups in which to place all non-kernel processes that are not already inside a cgroup under /. Empty for no container. Rolling back the flag requires a reboot. (Default: "").
--system-reserved mapStringString A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs that describe resources reserved for non-kubernetes components. Currently only cpu and memory are supported. See http://kubernetes.io/docs/user-guide/compute-resources for more detail. [default=none]
--tls-cert-file string File containing x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). If --tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate and key are generated for the public address and saved to the directory passed to --cert-dir.
--tls-private-key-file string File containing x509 private key matching --tls-cert-file.
--volume-plugin-dir string <Warning: Alpha feature> The full path of the directory in which to search for additional third party volume plugins (default "/usr/libexec/kubernetes/kubelet-plugins/volume/exec/")
--volume-stats-agg-period duration Specifies interval for kubelet to calculate and cache the volume disk usage for all pods and volumes. To disable volume calculations, set to 0. Default: '1m' (default 1m0s)
```
###### Auto generated by spf13/cobra on 24-Oct-2016
###### Auto generated by spf13/cobra on 13-Dec-2016
<!-- BEGIN MUNGE: GENERATED_ANALYTICS -->

4
docs/admin/limitrange/index.md
View File

@ -2,7 +2,7 @@
assignees:
- derekwaynecarr
- janetkuo
title: Setting Pod CPU and Memory Limits
---
By default, pods run with unbounded CPU and memory limits. This means that any pod in the
@ -184,7 +184,7 @@ Note that this pod specifies explicit resource *limits* and *requests* so it did
default values.
Note: The *limits* for CPU resource are enforced in the default Kubernetes setup on the physical node
that runs the container unless the administrator deploys the kubelet with the folllowing flag:
that runs the container unless the administrator deploys the kubelet with the following flag:
```shell
$ kubelet --help

129
docs/admin/master-node-communication.md
View File

@ -2,13 +2,14 @@
assignees:
- dchen1107
- roberthbailey
- liggitt
title: Master-Node communication
---
* TOC
{:toc}
## Summary
## Overview
This document catalogs the communication paths between the master (really the
apiserver) and the Kubernetes cluster. The intent is to allow users to
@ -22,14 +23,21 @@ All communication paths from the cluster to the master terminate at the
apiserver (none of the other master components are designed to expose remote
services). In a typical deployment, the apiserver is configured to listen for
remote connections on a secure HTTPS port (443) with one or more forms of
client [authentication](/docs/admin/authentication/) enabled.
client [authentication](/docs/admin/authentication/) enabled. One or more forms
of [authorization](/docs/admin/authorization/) should be enabled, especially
if [anonymous requests](/docs/admin/authentication/#anonymous-requests) or
[service account tokens](/docs/admin/authentication/#service-account-tokens)
are allowed.
Nodes should be provisioned with the public root certificate for the cluster
such that they can connect securely to the apiserver along with valid client
credentials. For example, on a default GCE deployment, the client credentials
provided to the kubelet are in the form of a client certificate. Pods that
wish to connect to the apiserver can do so securely by leveraging a service
account so that Kubernetes will automatically inject the public root
provided to the kubelet are in the form of a client certificate. See
[kubelet TLS bootstrapping](/docs/admin/kubelet-tls-bootstrapping/) for
automated provisioning of kubelet client certificates.
Pods that wish to connect to the apiserver can do so securely by leveraging a
service account so that Kubernetes will automatically inject the public root
certificate and a valid bearer token into the pod when it is instantiated.
The `kubernetes` service (in all namespaces) is configured with a virtual IP
address that is redirected (via kube-proxy) to the HTTPS endpoint on the
@ -54,16 +62,29 @@ cluster. The first is from the apiserver to the kubelet process which runs on
each node in the cluster. The second is from the apiserver to any node, pod,
or service through the apiserver's proxy functionality.
### apiserver -> kubelet
The connections from the apiserver to the kubelet are used for fetching logs
for pods, attaching (through kubectl) to running pods, and using the kubelet's
port-forwarding functionality. These connections terminate at the kubelet's
HTTPS endpoint, which is typically using a self-signed certificate, and
ignore the certificate presented by the kubelet (although you can override this
behavior by specifying the `--kubelet-certificate-authority`,
`--kubelet-client-certificate`, and `--kubelet-client-key` flags when starting
the cluster apiserver). By default, these connections **are not currently safe**
to run over untrusted and/or public networks as they are subject to
man-in-the-middle attacks.
port-forwarding functionality. These connections terminate at the kubelet's
HTTPS endpoint.
By default, the apiserver does not verify the kubelet's serving certificate,
which makes the connection subject to man-in-the-middle attacks, and
**unsafe** to run over untrusted and/or public networks.
To verify this connection, use the `--kubelet-certificate-authority` flag to
provide the apiserver with a root certificates bundle to use to verify the
kubelet's serving certificate.
If that is not possible, use [SSH tunneling](/docs/admin/master-node-communication/#ssh-tunnels)
between the apiserver and kubelet if required to avoid connecting over an
untrusted or public network.
Finally, [Kubelet authentication and/or authorization](/docs/admin/kubelet-authentication-authorization/)
should be enabled to secure the kubelet API.
### apiserver -> nodes, pods, and services
The connections from the apiserver to a node, pod, or service default to plain
HTTP connections and are therefore neither authenticated nor encrypted. They
@ -83,83 +104,3 @@ cluster (connecting to the ssh server listening on port 22) and passes all
traffic destined for a kubelet, node, pod, or service through the tunnel.
This tunnel ensures that the traffic is not exposed outside of the private
GCE network in which the cluster is running.
### Kubelet TLS Bootstrap
Kubernetes 1.4 introduces an experimental API for requesting certificates from a cluster-level
Certificate Authority (CA). The first supported use of this API is the provisioning of TLS client
certificates for kubelets. The proposal can be found [here](https://github.com/kubernetes/kubernetes/pull/20439)
and progress on the feature is being tracked as [feature #43](https://github.com/kubernetes/features/issues/43).
##### apiserver configuration
You must provide a token file which specifies at least one "bootstrap token" assigned to a kubelet boostrap-specific group.
This group will later be used in the controller-manager configuration to scope approvals in the default approval
controller. As this feature matures, you should ensure tokens are bound to an RBAC policy which limits requests
using the bootstrap token to only be able to make requests related to certificate provisioning. When RBAC policy
is in place, scoping the tokens to a group will allow great flexibility (e.g. you could disable a particular
bootstrap group's access when you are done provisioning the nodes).
##### Token auth file
Tokens are arbitrary but should represent at least 128 bits of entropy derived from a secure random number
generator (such as /dev/urandom on most modern systems). There are multiple ways you can generate a token. For example:
`head -c 16 /dev/urandom | od -An -t x | tr -d ' '`
will generate tokens that look like `02b50b05283e98dd0fd71db496ef01e8`
The token file will look like the following example, where the first three values can be anything and the quoted group
name should be as depicted:
```
02b50b05283e98dd0fd71db496ef01e8,kubelet-bootstrap,10001,"system:kubelet-bootstrap"
```
Add the `--token-auth-file=FILENAME` flag to the apiserver command to enable the token file.
See docs at http://kubernetes.io/docs/admin/authentication/#static-token-file for further details.
#### controller-manager configuration
The API for requesting certificates adds a certificate-issuing control loop to the KCM. This takes the form of a
[cfssl](https://blog.cloudflare.com/introducing-cfssl/) local signer using assets on disk.
Currently, all certificates issued have one year validity and a default set of key usages.
##### Signing assets
You must provide a Certificate Authority in order to provide the cryptographic materials necessary to issue certificates.
This CA should be trusted by the apiserver for authentication with the `--client-ca-file=SOMEFILE` flag. The management
of the CA is beyond the scope of this document but it is recommended that you generate a dedicated CA for Kubernetes.
Both certificate and key are assumed to be PEM-encoded.
The new controller-manager flags are:
```
--cluster-signing-cert-file="/etc/path/to/kubernetes/ca/ca.crt" --cluster-signing-key-file="/etc/path/to/kubernetes/ca/ca.key"
```
##### Auto-approval
To ease deployment and testing, the alpha version of the certificate request API includes a flag to approve all certificate
requests made by users in a certain group. The intended use of this is to whitelist only the group corresponding to the bootstrap
token in the token file above. Use of this flag circumvents makes the "approval" process described below and is not recommended
for production use.
The flag is:
```
--insecure-experimental-approve-all-kubelet-csrs-for-group="system:kubelet-bootstrap"
```
#### kubelet configuration
To use request a client cert from the certificate request API, the kubelet needs a path to a kubeconfig file that contains the
bootstrap auth token. If the file specified by `--kubeconfig` does not exist, the bootstrap kubeconfig is used to request a
client certificate from the API server. On success, a kubeconfig file referencing the generated key and obtained certificate
is written to the path specified by `--kubeconfig`. The certificate and key file will be stored in the directory pointed
by `--cert-dir`. The new flag is:
```
--experimental-bootstrap-kubeconfig="/path/to/bootstrap/kubeconfig"
```
#### kubectl approval
The signing controller does not immediately sign all certificate requests. Instead, it waits until they have been flagged with an
"Approved" status by an appropriately-privileged user. This is intended to eventually be an automated process handled by an external
approval controller, but for the alpha version of the API it can be done manually by a cluster administrator using kubectl.
An administrator can list CSRs with `kubectl get csr`, describe one in detail with `kubectl describe <name>`. There are
[currently no direct approve/deny commands](https://github.com/kubernetes/kubernetes/issues/30163) so an approver will need to update
the Status field directly. A rough example of how to do this in bash which should only be used until the porcelain merges is available
at https://github.com/gtank/csrctl.

6
docs/admin/multi-cluster.md
View File

@ -1,14 +1,14 @@
---
assignees:
- davidopp
title: Using Multiple Clusters
---
You may want to set up multiple Kubernetes clusters, both to
have clusters in different regions to be nearer to your users, and to tolerate failures and/or invasive maintenance.
This document describes some of the issues to consider when making a decision about doing so.
If you decide to have multiple clusters, kubernetes provides a way to [federate them](/docs/admin/federation/)
If you decide to have multiple clusters, Kubernetes provides a way to [federate them](/docs/admin/federation/)
## Scope of a single cluster
@ -52,7 +52,7 @@ Second, decide how many clusters should be able to be unavailable at the same ti
the number that can be unavailable `U`. If you are not sure, then 1 is a fine choice.
If it is allowable for load-balancing to direct traffic to any region in the event of a cluster failure, then
you need at least the larger of `R` or `U + 1` clusters. If it is not (e.g you want to ensure low latency for all
you need at least the larger of `R` or `U + 1` clusters. If it is not (e.g. you want to ensure low latency for all
users in the event of a cluster failure), then you need to have `R * (U + 1)` clusters
(`U + 1` in each of `R` regions). In any case, try to put each cluster in a different zone.

2
docs/admin/multiple-schedulers.md
View File

@ -2,7 +2,7 @@
assignees:
- davidopp
- madhusudancs
title: Configuring Multiple Schedulers
---
Kubernetes ships with a default scheduler that is described [here](/docs/admin/kube-scheduler/).

2
docs/admin/multiple-zones.md
View File

@ -3,7 +3,7 @@ assignees:
- jlowdermilk
- justinsb
- quinton-hoole
title: Running in Multiple Zones
---
## Introduction

2
docs/admin/namespaces/index.md
View File

@ -2,7 +2,7 @@
assignees:
- derekwaynecarr
- janetkuo
title: Sharing a Cluster with Namespaces
---
A Namespace is a mechanism to partition resources created by users into

4
docs/admin/namespaces/walkthrough.md
View File

@ -2,7 +2,7 @@
assignees:
- derekwaynecarr
- janetkuo
title: Namespaces Walkthrough
---
Kubernetes _namespaces_ help different projects, teams, or customers to share a Kubernetes cluster.
@ -151,7 +151,7 @@ Let's create some content.
$ kubectl run snowflake --image=kubernetes/serve_hostname --replicas=2
```
We have just created a deployment whose replica size is 2 that is running the pod called snowflake with a basic container that just serves the hostname.
Note that `kubectl run` creates deployments only on kubernetes cluster >= v1.2. If you are running older versions, it creates replication controllers instead.
Note that `kubectl run` creates deployments only on Kubernetes cluster >= v1.2. If you are running older versions, it creates replication controllers instead.
If you want to obtain the old behavior, use `--generator=run/v1` to create replication controllers. See [`kubectl run`](/docs/user-guide/kubectl/kubectl_run/) for more details.
```shell

10
docs/admin/network-plugins.md
View File

@ -3,7 +3,7 @@ assignees:
- dcbw
- freehan
- thockin
title: Network Plugins
---
* TOC
@ -26,13 +26,13 @@ The kubelet has a single default network plugin, and a default network common to
## Network Plugin Requirements
Besides providing the [`NetworkPlugin` interface](https://github.com/kubernetes/kubernetes/tree/{{page.version}}.0/pkg/kubelet/network/plugins.go) to configure and clean up pod networking, the plugin may also need specific support for kube-proxy. The iptables proxy obviously depends on iptables, and the plugin may need to ensure that container traffic is made available to iptables. For example, if the plugin connects containers to a Linux bridge, the plugin must set the `net/bridge/bridge-nf-call-iptables` sysctl to `1` to ensure that the iptables proxy functions correctly. If the plugin does not use a Linux bridge (but instead something like Open vSwitch or some other mechanism) it should ensure container traffic is appropriately routed for the proxy.
Besides providing the [`NetworkPlugin` interface](https://github.com/kubernetes/kubernetes/tree/{{page.version}}/pkg/kubelet/network/plugins.go) to configure and clean up pod networking, the plugin may also need specific support for kube-proxy. The iptables proxy obviously depends on iptables, and the plugin may need to ensure that container traffic is made available to iptables. For example, if the plugin connects containers to a Linux bridge, the plugin must set the `net/bridge/bridge-nf-call-iptables` sysctl to `1` to ensure that the iptables proxy functions correctly. If the plugin does not use a Linux bridge (but instead something like Open vSwitch or some other mechanism) it should ensure container traffic is appropriately routed for the proxy.
By default if no kubelet network plugin is specified, the `noop` plugin is used, which sets `net/bridge/bridge-nf-call-iptables=1` to ensure simple configurations (like docker with a bridge) work correctly with the iptables proxy.
### Exec
Place plugins in `network-plugin-dir/plugin-name/plugin-name`, i.e if you have a bridge plugin and `network-plugin-dir` is `/usr/lib/kubernetes`, you'd place the bridge plugin executable at `/usr/lib/kubernetes/bridge/bridge`. See [this comment](https://github.com/kubernetes/kubernetes/tree/{{page.version}}.0/pkg/kubelet/network/exec/exec.go) for more details.
Place plugins in `network-plugin-dir/plugin-name/plugin-name`, i.e. if you have a bridge plugin and `network-plugin-dir` is `/usr/lib/kubernetes`, you'd place the bridge plugin executable at `/usr/lib/kubernetes/bridge/bridge`. See [this comment](https://github.com/kubernetes/kubernetes/tree/{{page.version}}/pkg/kubelet/network/exec/exec.go) for more details.
### CNI
@ -50,13 +50,11 @@ Kubenet is a very basic, simple network plugin, on Linux only. It does not, of
Kubenet creates a Linux bridge named `cbr0` and creates a veth pair for each pod with the host end of each pair connected to `cbr0`. The pod end of the pair is assigned an IP address allocated from a range assigned to the node either through configuration or by the controller-manager. `cbr0` is assigned an MTU matching the smallest MTU of an enabled normal interface on the host.
The kubenet plugin is mutually exclusive with the --configure-cbr0 option.
The plugin requires a few things:
* The standard CNI `bridge`, `lo` and `host-local` plugins are required, at minimum version 0.2.0. Kubenet will first search for them in `/opt/cni/bin`. Specify `network-plugin-dir` to supply additional search path. The first found match will take effect.
* Kubelet must be run with the `--network-plugin=kubenet` argument to enable the plugin
* Kubelet must also be run with the `--reconcile-cidr` argument to ensure the IP subnet assigned to the node by configuration or the controller-manager is propagated to the plugin
* Kubelet should also be run with the `--non-masquerade-cidr=<clusterCidr>` argumment to ensure traffic to IPs outside this range will use IP masquerade.
* The node must be assigned an IP subnet through either the `--pod-cidr` kubelet command-line option or the `--allocate-node-cidrs=true --cluster-cidr=<cidr>` controller-manager command-line options.
### Customizing the MTU (with kubenet)

16
docs/admin/networking.md
View File

@ -2,7 +2,7 @@
assignees:
- lavalamp
- thockin
title: Networking in Kubernetes
---
Kubernetes approaches networking somewhat differently than Docker does by
@ -169,12 +169,26 @@ Follow the "With Linux Bridge devices" section of [this very nice
tutorial](http://blog.oddbit.com/2014/08/11/four-ways-to-connect-a-docker/) from
Lars Kellogg-Stedman.
### Nuage Networks VCS (Virtualized Cloud Services)
[Nuage](http://www.nuagenetworks.net) provides a highly scalable policy-based Software-Defined Networking (SDN) platform. Nuage uses the open source Open vSwitch for the data plane along with a feature rich SDN Controller built on open standards.
The Nuage platform uses overlays to provide seamless policy-based networking between Kubernetes Pods and non-Kubernetes environments (VMs and bare metal servers). Nuage's policy abstraction model is designed with applications in mind and makes it easy to declare fine-grained policies for applications.The platform's real-time analytics engine enables visibility and security monitoring for Kubernetes applications.
### OpenVSwitch
[OpenVSwitch](/docs/admin/ovs-networking) is a somewhat more mature but also
complicated way to build an overlay network. This is endorsed by several of the
"Big Shops" for networking.
### OVN (Open Virtual Networking)
OVN is an opensource network virtualization solution developed by the
Open vSwitch community. It lets one create logical switches, logical routers,
stateful ACLs, load-balancers etc to build different virtual networking
topologies. The project has a specific Kubernetes plugin and documentation
at [ovn-kubernetes](https://github.com/openvswitch/ovn-kubernetes).
### Project Calico
[Project Calico](http://docs.projectcalico.org/) is an open source container networking provider and network policy engine.

100
docs/admin/node-conformance.md
View File

@ -1,7 +1,7 @@
---
assignees:
- Random-Liu
title: Validate Node Setup
---
* TOC
@ -9,54 +9,52 @@ assignees:
## Node Conformance Test
*Node conformance test* is a test framework validating whether a node meets the
minimum requirement of Kubernetes with a set of system verification and
functionality test. A node which passes the tests is qualified to join a
Kubernetes cluster.
*Node conformance test* is a containerized test framework that provides a system
verification and functionality test for a node. The test validates whether the
node meets the minimum requirements for Kubernetes; a node that passes the test
is qualified to join a Kubernetes cluster.
## Limitations
There are following limitations in the current implementation of node
conformance test. They'll be improved in future version.
In Kubernetes version 1.5, node conformance test has the following limitations:
* Node conformance test only supports Docker as the container runtime.
* Node conformance test doesn't validate network related system configurations
and functionalities.
## Prerequisite
## Node Prerequisite
Node conformance test is used to test whether a node is ready to join a
Kubernetes cluster, so the prerequisite is the same with a standard Kubernetes
node. At least, the node should have properly installed:
To run node conformance test, a node must satisfy the same prerequisites as a
standard Kubernetes node. At a minimum, the node should have the following
daemons installed:
* Container Runtime (Docker)
* Kubelet
Node conformance test validates kernel configurations. If the kenrel module
`configs` is built as module in your environment, it must be loaded before the
test. (See [Caveats #3](#caveats) for more information)
## Running Node Conformance Test
## Usage
To run the node conformance test, perform the following steps:
### Run Node Conformance Test
1. Point your Kubelet to localhost `--api-servers="http://localhost:8080"`,
because the test framework starts a local master to test Kubelet. There are some
other Kubelet flags you may care:
* `--pod-cidr`: If you are using `kubenet`, you should specify an arbitrary CIDR
to Kubelet, for example `--pod-cidr=10.180.0.0/24`.
* `--cloud-provider`: If you are using `--cloud-provider=gce`, you should
remove the flag to run the test.
* **Step 1:** Point your Kubelet to localhost `--api-servers="http://localhost:8080"`,
because the test framework starts a local master to test Kubelet.
* **Step 2:** Run the node conformance test with command:
2. Run the node conformance test with command:
```shell
# $CONFIG_DIR is the pod manifest path of your kubelet.
# $CONFIG_DIR is the pod manifest path of your Kubelet.
# $LOG_DIR is the test output path.
sudo docker run -it --rm --privileged --net=host \
-v /:/rootfs:ro -v /var/run:/var/run \
-v $CONFIG_DIR:/etc/manifest -v $LOG_DIR:/var/result \
gcr.io/google_containers/node-test-amd64:v0.1
-v /:/rootfs -v $CONFIG_DIR:$CONFIG_DIR -v $LOG_DIR:/var/result \
gcr.io/google_containers/node-test:0.2
```
### Run Node Conformance Test for Other Architectures
## Running Node Conformance Test for Other Architectures
We also build node conformance test docker images for other architectures:
Kubernetes also provides node conformance test docker images for other
architectures:
Arch | Image |
--------|:-----------------:|
@ -64,25 +62,16 @@ We also build node conformance test docker images for other architectures:
arm | node-test-arm |
arm64 | node-test-arm64 |
### Run Selected Test
In fact, Node conformance test is a containerized version of [node e2e
test](https://github.com/kubernetes/kubernetes/blob/release-1.4/docs/devel/e2e-node-tests.md).
By default, it runs all conformance test.
Theoretically, you can run any node e2e test if you configure the container and
mount required volumes properly. But **it is strongly recommended to only run conformance
test**, because the non-conformance test needs much more complex framework configuration.
## Running Selected Test
To run specific tests, overwrite the environment variable `FOCUS` with the
regular expression of tests you want to run.
```shell
sudo docker run -it --rm --privileged --net=host \
-v /:/rootfs:ro -v /var/run:/var/run \
-v $CONFIG_DIR:/etc/manifest -v $LOG_DIR:/var/result \
-v /:/rootfs:ro -v $CONFIG_DIR:$CONFIG_DIR -v $LOG_DIR:/var/result \
-e FOCUS=MirrorPod \ # Only run MirrorPod test
gcr.io/google_containers/node-test-amd64:v0.1
gcr.io/google_containers/node-test:0.2
```
To skip specific tests, overwrite the environment variable `SKIP` with the
@ -90,25 +79,22 @@ regular expression of tests you want to skip.
```shell
sudo docker run -it --rm --privileged --net=host \
-v /:/rootfs:ro -v /var/run:/var/run \
-v $CONFIG_DIR:/etc/manifest -v $LOG_DIR:/var/result \
-e SKIP=MirrorPod \ # Run all conformance test and skip MirrorPod test
gcr.io/google_containers/node-test-amd64:v0.1
-v /:/rootfs:ro -v $CONFIG_DIR:$CONFIG_DIR -v $LOG_DIR:/var/result \
-e SKIP=MirrorPod \ # Run all conformance tests but skip MirrorPod test
gcr.io/google_containers/node-test:0.2
```
### Caveats
Node conformance test is a containerized version of [node e2e test](https://github.com/kubernetes/kubernetes/blob/release-1.5/docs/devel/e2e-node-tests.md).
By default, it runs all conformance tests.
* The test will leave some docker images on the node, including the node
conformance test image and images of containers used in the functionality
Theoretically, you can run any node e2e test if you configure the container and
mount required volumes properly. But **it is strongly recommended to only run conformance
test**, because it requires much more complex configuration to run non-conformance test.
## Caveats
* The test leaves some docker images on the node, including the node conformance
test image and images of containers used in the functionality
test.
* The test will leave dead containers on the node, these containers are created
* The test leaves dead containers on the node. These containers are created
during the functionality test.
* Node conformance test validates kernel configuration. However, in some os
distro the kernel module `configs` may not be loaded by default, and you will get
the error `no config path in [POSSIBLE KERNEL CONFIG FILE PATHS] is
available`. In that case please do either of the followings:
* Manually load/unload `configs` kernel module: run `sudo modprobe configs` to
load the kernel module, and `sudo modprobe -r configs` to unload it after the test.
* Mount `modprobe` into the container: Add option `-v /bin/kmod:/bin/kmod
-v /sbin/modprobe:/sbin/modprobe -v /lib/modules:/lib/modules` when starting
the test container.

6
docs/admin/node-problem.md
View File

@ -2,7 +2,7 @@
assignees:
- Random-Liu
- dchen1107
title: Monitoring Node Health
---
* TOC
@ -49,7 +49,7 @@ either `kubectl` or addon pod.
### Kubectl
This is the recommanded way to start node problem detector outside of GCE. It
This is the recommended way to start node problem detector outside of GCE. It
provides more flexible management, such as overwriting the default
configuration to fit it into your environment or detect
customized node problems.
@ -238,7 +238,7 @@ implement a new translator for a new log format.
## Caveats
It is recommanded to run the node problem detector in your cluster to monitor
It is recommended to run the node problem detector in your cluster to monitor
the node health. However, you should be aware that this will introduce extra
resource overhead on each node. Usually this is fine, because:

213
docs/admin/node.md
View File

@ -3,7 +3,7 @@ assignees:
- caesarxuchao
- dchen1107
- lavalamp
title: Nodes
---
* TOC
@ -11,44 +11,47 @@ assignees:
## What is a node?
`Node` is a worker machine in Kubernetes, previously known as `Minion`. Node
A `node` is a worker machine in Kubernetes, previously known as a `minion`. A node
may be a VM or physical machine, depending on the cluster. Each node has
the services necessary to run [Pods](/docs/user-guide/pods) and is managed by the master
components. The services on a node include docker, kubelet and network proxy. See
the services necessary to run [pods](/docs/user-guide/pods) and is managed by the master
components. The services on a node include Docker, kubelet and kube-proxy. See
[The Kubernetes Node](https://github.com/kubernetes/kubernetes/blob/{{page.githubbranch}}/docs/design/architecture.md#the-kubernetes-node) section in the
architecture design doc for more details.
## Node Status
Node status describes current status of a node. For now, there are the following
pieces of information:
A node's status contains the following information:
### Node Addresses
* [Addresses](#Addresses)
* ~~[Phase](#Phase)~~ **deprecated**
* [Condition](#Condition)
* [Capacity](#Capacity)
* [Info](#Info)
Each section is described in detail below.
### Addresses
The usage of these fields varies depending on your cloud provider or bare metal configuration.
* HostName: The hostname as reported by the node's kernel. Can be overridden via the kubelet `--hostname-override` parameter.
* ExternalIP: Typically the IP address of the node that is externally routable (available from outside the cluster).
* InternalIP: Typically the IP address of the node that is routable only within the cluster.
* ExternalIP: Generally the IP address of the node that is externally routable (available from outside the cluster)
### Phase
* InternalIP: Generally the IP address of the node that is routable only within the cluster
Deprecated: node phase is no longer used.
### Node Phase
Deprecated: Node Phase is no longer used
### Node Condition
### Condition
The `conditions` field describes the status of all `Running` nodes.
| Node Condition | Description |
|----------------|-------------|
| `OutOfDisk` | `True` if insufficient free space on the node for adding new pods, otherwise `False` |
| `Ready` | `True` if the node is healthy ready to accept pods, `False` if the node is not healthy and is not accepting pods, and `Unknown` if the Node Controller has not heard from the node in the last 40 seconds |
| `OutOfDisk` | `True` if there is insufficient free space on the node for adding new pods, otherwise `False` |
| `Ready` | `True` if the node is healthy and ready to accept pods, `False` if the node is not healthy and is not accepting pods, and `Unknown` if the node controller has not heard from the node in the last 40 seconds |
Node condition is represented as a JSON object. For example, the following response describes a healthy node:
conditions mean the node is in sane state:
The node condition is represented as a JSON object. For example, the following response describes a healthy node.
```json
"conditions": [
@ -59,28 +62,30 @@ conditions mean the node is in sane state:
]
```
If the Status of the Ready condition
is Unknown or False for more than five minutes, then all of the Pods on the node are terminated by the Node Controller.
If the Status of the Ready condition is "Unknown" or "False" for longer than the `pod-eviction-timeout`, an argument passed to the [kube-controller-manager](docs/admin/kube-controller-manager/), all of the Pods on the node are scheduled for deletion by the Node Controller. The default eviction timeout duration is **five minutes**. In some cases when the node is unreachable, the apiserver is unable to communicate with the kubelet on it. The decision to delete the pods cannot be communicated to the kubelet until it re-establishes communication with the apiserver. In the meantime, the pods which are scheduled for deletion may continue to run on the partitioned node.
### Node Capacity
In versions of Kubernetes prior to 1.5, the node controller would [force delete](/docs/user-guide/pods/#force-deletion-of-pods) these unreachable pods from the apiserver. However, in 1.5 and higher, the node controller does not force delete pods until it is confirmed that they have stopped running in the cluster. One can see these pods which may be running on an unreachable node as being in the "Terminating" or "Unknown" states. In cases where Kubernetes cannot deduce from the underlying infrastructure if a node has permanently left a cluster, the cluster administrator may need to delete the node object by hand. Deleting the node object from Kubernetes causes all the Pod objects running on it to be deleted from the apiserver, freeing up their names.
Describes the resources available on the node: CPUs, memory and the maximum
### Capacity
Describes the resources available on the node: CPU, memory and the maximum
number of pods that can be scheduled onto the node.
### Node Info
### Info
General information about the node, for instance kernel version, Kubernetes version
(kubelet version, kube-proxy version), docker version (if used), OS name.
General information about the node, such as kernel version, Kubernetes version
(kubelet and kube-proxy version), Docker version (if used), OS name.
The information is gathered by Kubelet from the node.
## Node Management
## Management
Unlike [Pods](/docs/user-guide/pods) and [Services](/docs/user-guide/services), a Node is not inherently
created by Kubernetes: it is either taken from cloud providers like Google Compute Engine,
or from your pool of physical or virtual machines. What this means is that when
Kubernetes creates a node, it is really just creating an object that represents the node in its internal state.
After creation, Kubernetes will check whether the node is valid or not.
For example, if you try to create a node from the following content:
Unlike [pods](/docs/user-guide/pods) and [services](/docs/user-guide/services),
a node is not inherently created by Kubernetes: it is created externally by cloud
providers like Google Compute Engine, or exists in your pool of physical or virtual
machines. What this means is that when Kubernetes creates a node, it is really
just creating an object that represents the node. After creation, Kubernetes
will check whether the node is valid or not. For example, if you try to create
a node from the following content:
```json
{
@ -95,117 +100,127 @@ For example, if you try to create a node from the following content:
}
```
Kubernetes will create a Node object internally (the representation), and
validate the node by health checking based on the `metadata.name` field: we
assume `metadata.name` can be resolved. If the node is valid, i.e. all necessary
services are running, it is eligible to run a Pod; otherwise, it will be
ignored for any cluster activity, until it becomes valid. Note that Kubernetes
will keep the object for the invalid node unless it is explicitly deleted by the client, and it will keep
checking to see if it becomes valid.
Kubernetes will create a node object internally (the representation), and
validate the node by health checking based on the `metadata.name` field (we
assume `metadata.name` can be resolved). If the node is valid, i.e. all necessary
services are running, it is eligible to run a pod; otherwise, it will be
ignored for any cluster activity until it becomes valid. Note that Kubernetes
will keep the object for the invalid node unless it is explicitly deleted by
the client, and it will keep checking to see if it becomes valid.
Currently, there are three components that interact with the Kubernetes node interface: Node Controller, Kubelet, and kubectl.
Currently, there are three components that interact with the Kubernetes node
interface: node controller, kubelet, and kubectl.
### Node Controller
Node controller is a component in Kubernetes master which manages Node
objects.
The node controller is a Kubernetes master component which manages various
aspects of nodes.
Node controller has mutliple roles in Node's life. First is assigning a CIDR block to
the Node when it is registered (if CIDR assignment is turned on). Second is keeping the
node controller's list of nodes up to date with the cloud provider's list of available
machines. When running in cloud environment whenever a node is unhealthy node controller
asks cloud provider if the VM for that node is still available. If not, the node
The node controller has multiple roles in a node's life. The first is assigning a
CIDR block to the node when it is registered (if CIDR assignment is turned on).
The second is keeping the node controller's internal list of nodes up to date with
the cloud provider's list of available machines. When running in a cloud
environment, whenever a node is unhealthy the node controller asks the cloud
provider if the VM for that node is still available. If not, the node
controller deletes the node from its list of nodes.
Third responsibiliy is monitoring Node's health. Node controller is responsible for updating
the NodeReady condition of NodeStatus to ConditionUnknown when a node becomes unreachable
(i.e. node controller stops receiving heartbeats e.g. due to the node being down), and then
later evicting all the pods from the node (using graceful termination) if the node continues
to be unreachable (the current timeouts are 40s to start reporting ConditionUnknown and 5m
after that to start evicting pods). Node controller checks the state of each node every
`--node-monitor-period` seconds.
The third is monitoring the nodes' health. The node controller is
responsible for updating the NodeReady condition of NodeStatus to
ConditionUnknown when a node becomes unreachable (i.e. the node controller stops
receiving heartbeats for some reason, e.g. due to the node being down), and then later evicting
all the pods from the node (using graceful termination) if the node continues
to be unreachable. (The default timeouts are 40s to start reporting
ConditionUnknown and 5m after that to start evicting pods.) The node controller
checks the state of each node every `--node-monitor-period` seconds.
In 1.4 release we updated the logic of node controller to better handle cases when a
big number of Nodes have problems with reaching the master machine (e.g. because
master machine has networking problem). Starting with 1.4 node controller will look at the
state of all Nodes in the cluster when making a decision about pod eviction.
In Kubernetes 1.4, we updated the logic of the node controller to better handle
cases when a big number of nodes have problems with reaching the master
(e.g. because the master has networking problem). Starting with 1.4, the node
controller will look at the state of all nodes in the cluster when making a
decision about pod eviction.
In most cases, node controller limits the eviction rate to `--node-eviction-rate` (default 0.1)
per second, meaning it won't evict pods from more than 1 node per 10 seconds.
In most cases, node controller limits the eviction rate to
`--node-eviction-rate` (default 0.1) per second, meaning it won't evict pods
from more than 1 node per 10 seconds.
The node eviction behavior changes when a node in a given availability zone becomes unhealthy,
node controller checks what percentage of nodes in the zone are unhealthy (NodeReady condition
is ConditionUnknown or ConditionFalse) at the same time. If the fraction of unhealthy nodes is
at least `--unhealthy-zone-threshold` (default 0.55) then the eviction rate is reduced: if
the cluster is small (i.e. has less than or equal to `--large-cluster-size-threshold`
nodes - default 50) then evictions are stopped, otherwise the eviction rate is reduced to
`--secondary-node-eviction-rate` (default 0.01) per second. The reason these policies are
implemented per availability zone is because one availability zone might become partitioned
from the master while the others remain connected. If your cluster does not span multiple cloud
provider availability zones, then there is only one availability zone, namely the whole cluster.
The node eviction behavior changes when a node in a given availability zone
becomes unhealthy. The node controller checks what percentage of nodes in the zone
are unhealthy (NodeReady condition is ConditionUnknown or ConditionFalse) at
the same time. If the fraction of unhealthy nodes is at least
`--unhealthy-zone-threshold` (default 0.55) then the eviction rate is reduced:
if the cluster is small (i.e. has less than or equal to
`--large-cluster-size-threshold` nodes - default 50) then evictions are
stopped, otherwise the eviction rate is reduced to
`--secondary-node-eviction-rate` (default 0.01) per second. The reason these
policies are implemented per availability zone is because one availability zone
might become partitioned from the master while the others remain connected. If
your cluster does not span multiple cloud provider availability zones, then
there is only one availability zone (the whole cluster).
A key reason for spreading your nodes across availability zones is so that workload can be
shifted to healthy zones when one entire zone goes down. To enable this behavior, if all
nodes in a zone are unhealthy then node controller evicts at the normal rate `--node-eviction-rate`.
The corner case for that is when all zones are completely unhealthy (i.e. there's no healthy node in
the cluster). In such case node controller assumes that there's some problem with master machine
connectivity and stops all evictions until any connectivity is restored.
A key reason for spreading your nodes across availability zones is so that the
workload can be shifted to healthy zones when one entire zone goes down.
Therefore, if all nodes in a zone are unhealthy then node controller evicts at
the normal rate `--node-eviction-rate`. The corner case is when all zones are
completely unhealthy (i.e. there are no healthy nodes in the cluster). In such
case, the node controller assumes that there's some problem with master
connectivity and stops all evictions until some connectivity is restored.
### Self-Registration of Nodes
When kubelet flag `--register-node` is true (the default), the kubelet will attempt to
When the kubelet flag `--register-node` is true (the default), the kubelet will attempt to
register itself with the API server. This is the preferred pattern, used by most distros.
For self-registration, the kubelet is started with the following options:
- `--api-servers=` tells the kubelet the location of the apiserver.
- `--kubeconfig` tells kubelet where to find credentials to authenticate itself to the apiserver.
- `--cloud-provider=` tells the kubelet how to talk to a cloud provider to read metadata about itself.
- `--register-node` tells the kubelet to create its own node resource.
- `--api-servers=` - Location of the apiservers.
- `--kubeconfig=` - Path to credentials to authenticate itself to the apiserver.
- `--cloud-provider=` - How to talk to a cloud provider to read metadata about itself.
- `--register-node` - Automatically register with the API server.
Currently, any kubelet is authorized to create/modify any node resource, but in practice it only creates/modifies
its own. (In the future, we plan to limit authorization to only allow a kubelet to modify its own Node resource.)
its own. (In the future, we plan to only allow a kubelet to modify its own node resource.)
#### Manual Node Administration
A cluster administrator can create and modify Node objects.
A cluster administrator can create and modify node objects.
If the administrator wishes to create node objects manually, set kubelet flag
If the administrator wishes to create node objects manually, set the kubelet flag
`--register-node=false`.
The administrator can modify Node resources (regardless of the setting of `--register-node`).
Modifications include setting labels on the Node, and marking it unschedulable.
The administrator can modify node resources (regardless of the setting of `--register-node`).
Modifications include setting labels on the node and marking it unschedulable.
Labels on nodes can be used in conjunction with node selectors on pods to control scheduling,
e.g. to constrain a Pod to only be eligible to run on a subset of the nodes.
e.g. to constrain a pod to only be eligible to run on a subset of the nodes.
Making a node unscheduleable will prevent new pods from being scheduled to that
node, but will not affect any existing pods on the node. This is useful as a
preparatory step before a node reboot, etc. For example, to mark a node
Marking a node as unschedulable will prevent new pods from being scheduled to that
node, but will not affect any existing pods on the node. This is useful as a
preparatory step before a node reboot, etc. For example, to mark a node
unschedulable, run this command:
```shell
kubectl patch nodes $NODENAME -p '{"spec": {"unschedulable": true}}'
kubectl cordon $NODENAME
```
Note that pods which are created by a daemonSet controller bypass the Kubernetes scheduler,
and do not respect the unschedulable attribute on a node. The assumption is that daemons belong on
and do not respect the unschedulable attribute on a node. The assumption is that daemons belong on
the machine even if it is being drained of applications in preparation for a reboot.
### Node capacity
The capacity of the node (number of cpus and amount of memory) is part of the node resource.
Normally, nodes register themselves and report their capacity when creating the node resource. If
The capacity of the node (number of cpus and amount of memory) is part of the node object.
Normally, nodes register themselves and report their capacity when creating the node object. If
you are doing [manual node administration](#manual-node-administration), then you need to set node
capacity when adding a node.
The Kubernetes scheduler ensures that there are enough resources for all the pods on a node. It
checks that the sum of the limits of containers on the node is no greater than the node capacity. It
includes all containers started by kubelet, but not containers started directly by docker, nor
includes all containers started by the kubelet, but not containers started directly by Docker nor
processes not in containers.
If you want to explicitly reserve resources for non-Pod processes, you can create a placeholder
pod. Use the following template:
If you want to explicitly reserve resources for non-pod processes, you can create a placeholder
pod. Use the following template:
```yaml
apiVersion: v1
@ -229,6 +244,6 @@ on each kubelet where you want to reserve resources.
## API Object
Node is a top-level resource in the kubernetes REST API. More details about the
Node is a top-level resource in the Kubernetes REST API. More details about the
API object can be found at: [Node API
object](/docs/api-reference/v1/definitions/#_v1_node).

6
docs/admin/out-of-resource.md
View File

@ -3,7 +3,7 @@ assignees:
- derekwaynecarr
- vishh
- timstclair
title: Configuring Out Of Resource Handling
---
* TOC
@ -330,7 +330,7 @@ for eviction. Instead `DaemonSet` should ideally launch `Guaranteed` pods.
`kubelet` has been freeing up disk space on demand to keep the node stable.
As disk based eviction matures, the following `kubelet` flags will be marked for deprecation
in favor of the simpler configuation supported around eviction.
in favor of the simpler configuration supported around eviction.
| Existing Flag | New Flag |
| ------------- | -------- |
@ -349,7 +349,7 @@ in favor of the simpler configuation supported around eviction.
The `kubelet` currently polls `cAdvisor` to collect memory usage stats at a regular interval. If memory usage
increases within that window rapidly, the `kubelet` may not observe `MemoryPressure` fast enough, and the `OOMKiller`
will still be invoked. We intend to integrate with the `memcg` notification API in a future release to reduce this
latency, and instead have the kernel tell us when a threshold has been crossed immmediately.
latency, and instead have the kernel tell us when a threshold has been crossed immediately.
If you are not trying to achieve extreme utilization, but a sensible measure of overcommit, a viable workaround for
this issue is to set eviction thresholds at approximately 75% capacity. This increases the ability of this feature

2
docs/admin/ovs-networking.md
View File

@ -2,7 +2,7 @@
assignees:
- lavalamp
- thockin
title: Kubernetes OpenVSwitch GRE/VxLAN networking
---
This document describes how OpenVSwitch is used to setup networking between pods across nodes.

9
docs/admin/rescheduler.md
View File

@ -30,29 +30,30 @@ given the pods that are already running in the cluster
the rescheduler tries to free up space for the add-on by evicting some pods; then the scheduler will schedule the add-on pod.
To avoid situation when another pod is scheduled into the space prepared for the critical add-on,
the chosen node gets a temporary taint “CriticalAddonsOnly” before the eviction(s)
the chosen node gets a temporary taint "CriticalAddonsOnly" before the eviction(s)
(see [more details](https://github.com/kubernetes/kubernetes/blob/master/docs/design/taint-toleration-dedicated.md)).
Each critical add-on has to tolerate it,
the other pods shouldn't tolerate the taint. The tain is removed once the add-on is successfully scheduled.
*Warning:* currently there is no guarantee which node is chosen and which pods are being killed
in order to schedule crical pod, so if rescheduler is enabled you pods might be occasionally
in order to schedule critical pods, so if rescheduler is enabled you pods might be occasionally
killed for this purpose.
## Config
Rescheduler doesn't have any user facing configuration (component config) or API.
It's enabled by default. It can be disabled:
* during cluster setup by setting `ENABLE_RESCHEDULER` flag to `false`
* on running cluster by deleting its manifest from master node
(default path `/etc/kubernetes/manifests/rescheduler.manifest`)
### Marking add-on as critical
To be critical an add-on has to run in `kube-system` namespace (cofigurable via flag)
To be critical an add-on has to run in `kube-system` namespace (configurable via flag)
and have the following annotations specified:
* `scheduler.alpha.kubernetes.io/critical-pod` set to empty string
* `scheduler.alpha.kubernetes.io/tolerations` set to `[{"key":"CriticalAddonsOnly", "operator":"Exists"}]`
The first one marks a pod a critical. The second one is required by Rescheduler algorithm.

25
docs/admin/resourcequota/index.md
View File

@ -1,7 +1,7 @@
---
assignees:
- derekwaynecarr
title: Resource Quotas
---
When several users or teams share a cluster with a fixed number of nodes,
@ -52,8 +52,7 @@ Resource Quota is enforced in a particular namespace when there is a
## Compute Resource Quota
You can limit the total sum of [compute resources](/docs/user-guide/compute-resources) and [storage resources](/docs/user-guide/persistent-volumes)
that can be requested in a given namespace.
You can limit the total sum of [compute resources](/docs/user-guide/compute-resources) that can be requested in a given namespace.
The following resource types are supported:
@ -65,7 +64,25 @@ The following resource types are supported:
| `memory` | Across all pods in a non-terminal state, the sum of memory requests cannot exceed this value. |
| `requests.cpu` | Across all pods in a non-terminal state, the sum of CPU requests cannot exceed this value. |
| `requests.memory` | Across all pods in a non-terminal state, the sum of memory requests cannot exceed this value. |
## Storage Resource Quota
You can limit the total sum of [storage resources](/docs/user-guide/persistent-volumes) that can be requested in a given namespace.
In addition, you can limit consumption of storage resources based on associated storage-class.
| Resource Name | Description |
| --------------------- | ----------------------------------------------------------- |
| `requests.storage` | Across all persistent volume claims, the sum of storage requests cannot exceed this value. |
| `persistentvolumeclaims` | The total number of [persistent volume claims](/docs/user-guide/persistent-volumes/#persistentvolumeclaims) that can exist in the namespace. |
| `<storage-class-name>.storageclass.storage.k8s.io/requests.storage` | Across all persistent volume claims associated with the storage-class-name, the sum of storage requests cannot exceed this value. |
| `<storage-class-name>.storageclass.storage.k8s.io/persistentvolumeclaims` | Across all persistent volume claims associated with the storage-class-name, the total number of [persistent volume claims](/docs/user-guide/persistent-volumes/#persistentvolumeclaims) that can exist in the namespace. |
For example, if an operator wants to quota storage with `gold` storage class separate from `bronze` storage class, the operator can
define a quota as follows:
* `gold.storageclass.storage.k8s.io/requests.storage: 500Gi`
* `bronze.storageclass.storage.k8s.io/requests.storage: 100Gi`
## Object Count Quota
@ -125,7 +142,7 @@ The quota can be configured to quota either value.
If the quota has a value specified for `requests.cpu` or `requests.memory`, then it requires that every incoming
container makes an explicit request for those resources. If the quota has a value specified for `limits.cpu` or `limits.memory`,
then it requires that every incoming container specifies an explict limit for those resources.
then it requires that every incoming container specifies an explicit limit for those resources.
## Viewing and Setting Quotas

4
docs/admin/resourcequota/walkthrough.md
View File

@ -2,7 +2,7 @@
assignees:
- derekwaynecarr
- janetkuo
title: Applying Resource Quotas and Limits
---
This example demonstrates a typical setup to control for resource usage in a namespace.
@ -232,7 +232,7 @@ services.loadbalancers 0 2
services.nodeports 0 0
```
As you can see, the pod that was created is consuming explict amounts of compute resources, and the usage is being
As you can see, the pod that was created is consuming explicit amounts of compute resources, and the usage is being
tracked by Kubernetes properly.
## Step 5: Advanced quota scopes

2
docs/admin/salt.md
View File

@ -2,7 +2,7 @@
assignees:
- davidopp
- lavalamp
title: Configuring Kubernetes with Salt
---
The Kubernetes cluster can be configured using Salt.

2
docs/admin/service-accounts-admin.md
View File

@ -4,7 +4,7 @@ assignees:
- davidopp
- lavalamp
- liggitt
title: Managing Service Accounts
---
*This is a Cluster Administrator guide to service accounts. It assumes knowledge of

12
docs/admin/static-pods.md
View File

@ -1,7 +1,7 @@
---
assignees:
- jsafrane
title: Static Pods
---
**If you are running clustered Kubernetes and are using static pods to run a pod on every node, you should probably be using a [DaemonSet](/docs/admin/daemons/)!**
@ -16,7 +16,7 @@ Static pod can be created in two ways: either by using configuration file(s) or
### Configuration files
The configuration files are just standard pod definition in json or yaml format in specific directory. Use `kubelet --config=<the directory>` to start kubelet daemon, which periodically scans the directory and creates/deletes static pods as yaml/json files appear/disappear there.
The configuration files are just standard pod definition in json or yaml format in specific directory. Use `kubelet --pod-manifest-path=<the directory>` to start kubelet daemon, which periodically scans the directory and creates/deletes static pods as yaml/json files appear/disappear there.
For example, this is how to start a simple web server as a static pod:
@ -48,10 +48,10 @@ For example, this is how to start a simple web server as a static pod:
EOF
```
2. Configure your kubelet daemon on the node to use this directory by running it with `--config=/etc/kubelet.d/` argument. On Fedora edit `/etc/kubernetes/kubelet` to include this line:
2. Configure your kubelet daemon on the node to use this directory by running it with `--pod-manifest-path=/etc/kubelet.d/` argument. On Fedora edit `/etc/kubernetes/kubelet` to include this line:
```conf
KUBELET_ARGS="--cluster-dns=10.254.0.10 --cluster-domain=kube.local --config=/etc/kubelet.d/"
KUBELET_ARGS="--cluster-dns=10.254.0.10 --cluster-domain=kube.local --pod-manifest-path=/etc/kubelet.d/"
```
Instructions for other distributions or Kubernetes installations may vary.
@ -64,11 +64,11 @@ For example, this is how to start a simple web server as a static pod:
## Pods created via HTTP
Kubelet periodically downloads a file specified by `--manifest-url=<URL>` argument and interprets it as a json/yaml file with a pod definition. It works the same as `--config=<directory>`, i.e. it's reloaded every now and then and changes are applied to running static pods (see below).
Kubelet periodically downloads a file specified by `--manifest-url=<URL>` argument and interprets it as a json/yaml file with a pod definition. It works the same as `--pod-manifest-path=<directory>`, i.e. it's reloaded every now and then and changes are applied to running static pods (see below).
## Behavior of static pods
When kubelet starts, it automatically starts all pods defined in directory specified in `--config=` or `--manifest-url=` arguments, i.e. our static-web. (It may take some time to pull nginx image, be patient…):
When kubelet starts, it automatically starts all pods defined in directory specified in `--pod-manifest-path=` or `--manifest-url=` arguments, i.e. our static-web. (It may take some time to pull nginx image, be patient…):
```shell
[joe@my-node1 ~] $ docker ps

2
docs/admin/sysctls.md
View File

@ -9,7 +9,7 @@ assignees:
This document describes how sysctls are used within a Kubernetes cluster.
## What is a _Sysctl_?
## What is a Sysctl?
In Linux, the sysctl interface allows an administrator to modify kernel
parameters at runtime. Parameters are available via the `/proc/sys/` virtual

8
docs/api-reference/README.md
View File

@ -1,18 +1,14 @@
---
---
# API Reference
Use the following reference docs to understand the kubernetes REST API for various API group versions:
Use the following reference docs to understand the Kubernetes REST API for various API group versions:
* v1: [operations](/docs/api-reference/v1/operations.html), [model definitions](/docs/api-reference/v1/definitions.html)
* extensions/v1beta1: [operations](/docs/api-reference/extensions/v1beta1/operations.html), [model definitions](/docs/api-reference/extensions/v1beta1/definitions.html)
* batch/v1: [operations](/docs/api-reference/batch/v1/operations.html), [model definitions](/docs/api-reference/batch/v1/definitions.html)
* autoscaling/v1: [operations](/docs/api-reference/autoscaling/v1/operations.html), [model definitions](/docs/api-reference/autoscaling/v1/definitions.html)
* apps/v1beta1: [operations](/docs/api-reference/apps/v1beta1/operations.html), [model definitions](/docs/api-reference/apps/v1beta1/definitions.html)
<!-- BEGIN MUNGE: GENERATED_ANALYTICS -->

787
docs/api-reference/apps/v1alpha1/definitions.html → docs/api-reference/apps/v1beta1/definitions.html
View File

File diff suppressed because it is too large Load Diff

237
docs/api-reference/apps/v1alpha1/operations.html → docs/api-reference/apps/v1beta1/operations.html
View File

@ -19,7 +19,7 @@
<h3 id="_get_available_resources">get available resources</h3>
<div class="listingblock">
<div class="content">
<pre>GET /apis/apps/v1alpha1</pre>
<pre>GET /apis/apps/v1beta1</pre>
</div>
</div>
<div class="sect3">
@ -28,7 +28,7 @@
<colgroup>
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
</colgroup>
<thead>
<tr>
@ -84,17 +84,17 @@
<div class="ulist">
<ul>
<li>
<p>apisappsv1alpha1</p>
<p>apisappsv1beta1</p>
</li>
</ul>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_list_or_watch_objects_of_kind_petset">list or watch objects of kind PetSet</h3>
<h3 id="_list_or_watch_objects_of_kind_statefulset">list or watch objects of kind StatefulSet</h3>
<div class="listingblock">
<div class="content">
<pre>GET /apis/apps/v1alpha1/namespaces/{namespace}/petsets</pre>
<pre>GET /apis/apps/v1beta1/namespaces/{namespace}/statefulsets</pre>
</div>
</div>
<div class="sect3">
@ -106,7 +106,7 @@
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
</colgroup>
<thead>
<tr>
@ -185,7 +185,7 @@
<colgroup>
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
</colgroup>
<thead>
<tr>
@ -198,7 +198,7 @@
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">200</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">success</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_v1alpha1_petsetlist">v1alpha1.PetSetList</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_v1beta1_statefulsetlist">v1beta1.StatefulSetList</a></p></td>
</tr>
</tbody>
</table>
@ -227,6 +227,12 @@
<li>
<p>application/vnd.kubernetes.protobuf</p>
</li>
<li>
<p>application/json;stream=watch</p>
</li>
<li>
<p>application/vnd.kubernetes.protobuf;stream=watch</p>
</li>
</ul>
</div>
</div>
@ -235,17 +241,17 @@
<div class="ulist">
<ul>
<li>
<p>apisappsv1alpha1</p>
<p>apisappsv1beta1</p>
</li>
</ul>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_delete_collection_of_petset">delete collection of PetSet</h3>
<h3 id="_delete_collection_of_statefulset">delete collection of StatefulSet</h3>
<div class="listingblock">
<div class="content">
<pre>DELETE /apis/apps/v1alpha1/namespaces/{namespace}/petsets</pre>
<pre>DELETE /apis/apps/v1beta1/namespaces/{namespace}/statefulsets</pre>
</div>
</div>
<div class="sect3">
@ -257,7 +263,7 @@
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
</colgroup>
<thead>
<tr>
@ -336,7 +342,7 @@
<colgroup>
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
</colgroup>
<thead>
<tr>
@ -386,17 +392,17 @@
<div class="ulist">
<ul>
<li>
<p>apisappsv1alpha1</p>
<p>apisappsv1beta1</p>
</li>
</ul>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_create_a_petset">create a PetSet</h3>
<h3 id="_create_a_statefulset">create a StatefulSet</h3>
<div class="listingblock">
<div class="content">
<pre>POST /apis/apps/v1alpha1/namespaces/{namespace}/petsets</pre>
<pre>POST /apis/apps/v1beta1/namespaces/{namespace}/statefulsets</pre>
</div>
</div>
<div class="sect3">
@ -408,7 +414,7 @@
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
</colgroup>
<thead>
<tr>
@ -434,7 +440,7 @@
<td class="tableblock halign-left valign-top"><p class="tableblock">body</p></td>
<td class="tableblock halign-left valign-top"></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">true</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_v1alpha1_petset">v1alpha1.PetSet</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_v1beta1_statefulset">v1beta1.StatefulSet</a></p></td>
<td class="tableblock halign-left valign-top"></td>
</tr>
<tr>
@ -455,7 +461,7 @@
<colgroup>
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
</colgroup>
<thead>
<tr>
@ -468,7 +474,7 @@
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">200</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">success</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_v1alpha1_petset">v1alpha1.PetSet</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_v1beta1_statefulset">v1beta1.StatefulSet</a></p></td>
</tr>
</tbody>
</table>
@ -505,17 +511,17 @@
<div class="ulist">
<ul>
<li>
<p>apisappsv1alpha1</p>
<p>apisappsv1beta1</p>
</li>
</ul>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_read_the_specified_petset">read the specified PetSet</h3>
<h3 id="_read_the_specified_statefulset">read the specified StatefulSet</h3>
<div class="listingblock">
<div class="content">
<pre>GET /apis/apps/v1alpha1/namespaces/{namespace}/petsets/{name}</pre>
<pre>GET /apis/apps/v1beta1/namespaces/{namespace}/statefulsets/{name}</pre>
</div>
</div>
<div class="sect3">
@ -527,7 +533,7 @@
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
</colgroup>
<thead>
<tr>
@ -575,7 +581,7 @@
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">PathParameter</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">name of the PetSet</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">name of the StatefulSet</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">true</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
<td class="tableblock halign-left valign-top"></td>
@ -590,7 +596,7 @@
<colgroup>
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
</colgroup>
<thead>
<tr>
@ -603,7 +609,7 @@
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">200</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">success</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_v1alpha1_petset">v1alpha1.PetSet</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_v1beta1_statefulset">v1beta1.StatefulSet</a></p></td>
</tr>
</tbody>
</table>
@ -640,17 +646,17 @@
<div class="ulist">
<ul>
<li>
<p>apisappsv1alpha1</p>
<p>apisappsv1beta1</p>
</li>
</ul>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_replace_the_specified_petset">replace the specified PetSet</h3>
<h3 id="_replace_the_specified_statefulset">replace the specified StatefulSet</h3>
<div class="listingblock">
<div class="content">
<pre>PUT /apis/apps/v1alpha1/namespaces/{namespace}/petsets/{name}</pre>
<pre>PUT /apis/apps/v1beta1/namespaces/{namespace}/statefulsets/{name}</pre>
</div>
</div>
<div class="sect3">
@ -662,7 +668,7 @@
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
</colgroup>
<thead>
<tr>
@ -688,7 +694,7 @@
<td class="tableblock halign-left valign-top"><p class="tableblock">body</p></td>
<td class="tableblock halign-left valign-top"></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">true</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_v1alpha1_petset">v1alpha1.PetSet</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_v1beta1_statefulset">v1beta1.StatefulSet</a></p></td>
<td class="tableblock halign-left valign-top"></td>
</tr>
<tr>
@ -702,7 +708,7 @@
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">PathParameter</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">name of the PetSet</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">name of the StatefulSet</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">true</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
<td class="tableblock halign-left valign-top"></td>
@ -717,7 +723,7 @@
<colgroup>
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
</colgroup>
<thead>
<tr>
@ -730,7 +736,7 @@
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">200</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">success</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_v1alpha1_petset">v1alpha1.PetSet</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_v1beta1_statefulset">v1beta1.StatefulSet</a></p></td>
</tr>
</tbody>
</table>
@ -767,17 +773,17 @@
<div class="ulist">
<ul>
<li>
<p>apisappsv1alpha1</p>
<p>apisappsv1beta1</p>
</li>
</ul>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_delete_a_petset">delete a PetSet</h3>
<h3 id="_delete_a_statefulset">delete a StatefulSet</h3>
<div class="listingblock">
<div class="content">
<pre>DELETE /apis/apps/v1alpha1/namespaces/{namespace}/petsets/{name}</pre>
<pre>DELETE /apis/apps/v1beta1/namespaces/{namespace}/statefulsets/{name}</pre>
</div>
</div>
<div class="sect3">
@ -789,7 +795,7 @@
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
</colgroup>
<thead>
<tr>
@ -819,6 +825,22 @@
<td class="tableblock halign-left valign-top"></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">QueryParameter</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">gracePeriodSeconds</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">integer (int32)</p></td>
<td class="tableblock halign-left valign-top"></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">QueryParameter</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">orphanDependents</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object&#8217;s finalizers list.</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
<td class="tableblock halign-left valign-top"></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">PathParameter</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">namespace</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">object name and auth scope, such as for teams and projects</p></td>
@ -829,7 +851,7 @@
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">PathParameter</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">name of the PetSet</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">name of the StatefulSet</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">true</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
<td class="tableblock halign-left valign-top"></td>
@ -844,7 +866,7 @@
<colgroup>
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
</colgroup>
<thead>
<tr>
@ -894,17 +916,17 @@
<div class="ulist">
<ul>
<li>
<p>apisappsv1alpha1</p>
<p>apisappsv1beta1</p>
</li>
</ul>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_partially_update_the_specified_petset">partially update the specified PetSet</h3>
<h3 id="_partially_update_the_specified_statefulset">partially update the specified StatefulSet</h3>
<div class="listingblock">
<div class="content">
<pre>PATCH /apis/apps/v1alpha1/namespaces/{namespace}/petsets/{name}</pre>
<pre>PATCH /apis/apps/v1beta1/namespaces/{namespace}/statefulsets/{name}</pre>
</div>
</div>
<div class="sect3">
@ -916,7 +938,7 @@
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
</colgroup>
<thead>
<tr>
@ -956,7 +978,7 @@
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">PathParameter</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">name of the PetSet</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">name of the StatefulSet</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">true</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
<td class="tableblock halign-left valign-top"></td>
@ -971,7 +993,7 @@
<colgroup>
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
</colgroup>
<thead>
<tr>
@ -984,7 +1006,7 @@
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">200</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">success</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_v1alpha1_petset">v1alpha1.PetSet</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_v1beta1_statefulset">v1beta1.StatefulSet</a></p></td>
</tr>
</tbody>
</table>
@ -1027,17 +1049,17 @@
<div class="ulist">
<ul>
<li>
<p>apisappsv1alpha1</p>
<p>apisappsv1beta1</p>
</li>
</ul>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_read_status_of_the_specified_petset">read status of the specified PetSet</h3>
<h3 id="_read_status_of_the_specified_statefulset">read status of the specified StatefulSet</h3>
<div class="listingblock">
<div class="content">
<pre>GET /apis/apps/v1alpha1/namespaces/{namespace}/petsets/{name}/status</pre>
<pre>GET /apis/apps/v1beta1/namespaces/{namespace}/statefulsets/{name}/status</pre>
</div>
</div>
<div class="sect3">
@ -1049,7 +1071,7 @@
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
</colgroup>
<thead>
<tr>
@ -1081,7 +1103,7 @@
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">PathParameter</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">name of the PetSet</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">name of the StatefulSet</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">true</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
<td class="tableblock halign-left valign-top"></td>
@ -1096,7 +1118,7 @@
<colgroup>
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
</colgroup>
<thead>
<tr>
@ -1109,7 +1131,7 @@
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">200</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">success</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_v1alpha1_petset">v1alpha1.PetSet</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_v1beta1_statefulset">v1beta1.StatefulSet</a></p></td>
</tr>
</tbody>
</table>
@ -1146,17 +1168,17 @@
<div class="ulist">
<ul>
<li>
<p>apisappsv1alpha1</p>
<p>apisappsv1beta1</p>
</li>
</ul>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_replace_status_of_the_specified_petset">replace status of the specified PetSet</h3>
<h3 id="_replace_status_of_the_specified_statefulset">replace status of the specified StatefulSet</h3>
<div class="listingblock">
<div class="content">
<pre>PUT /apis/apps/v1alpha1/namespaces/{namespace}/petsets/{name}/status</pre>
<pre>PUT /apis/apps/v1beta1/namespaces/{namespace}/statefulsets/{name}/status</pre>
</div>
</div>
<div class="sect3">
@ -1168,7 +1190,7 @@
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
</colgroup>
<thead>
<tr>
@ -1194,7 +1216,7 @@
<td class="tableblock halign-left valign-top"><p class="tableblock">body</p></td>
<td class="tableblock halign-left valign-top"></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">true</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_v1alpha1_petset">v1alpha1.PetSet</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_v1beta1_statefulset">v1beta1.StatefulSet</a></p></td>
<td class="tableblock halign-left valign-top"></td>
</tr>
<tr>
@ -1208,7 +1230,7 @@
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">PathParameter</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">name of the PetSet</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">name of the StatefulSet</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">true</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
<td class="tableblock halign-left valign-top"></td>
@ -1223,7 +1245,7 @@
<colgroup>
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
</colgroup>
<thead>
<tr>
@ -1236,7 +1258,7 @@
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">200</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">success</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_v1alpha1_petset">v1alpha1.PetSet</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_v1beta1_statefulset">v1beta1.StatefulSet</a></p></td>
</tr>
</tbody>
</table>
@ -1273,17 +1295,17 @@
<div class="ulist">
<ul>
<li>
<p>apisappsv1alpha1</p>
<p>apisappsv1beta1</p>
</li>
</ul>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_partially_update_status_of_the_specified_petset">partially update status of the specified PetSet</h3>
<h3 id="_partially_update_status_of_the_specified_statefulset">partially update status of the specified StatefulSet</h3>
<div class="listingblock">
<div class="content">
<pre>PATCH /apis/apps/v1alpha1/namespaces/{namespace}/petsets/{name}/status</pre>
<pre>PATCH /apis/apps/v1beta1/namespaces/{namespace}/statefulsets/{name}/status</pre>
</div>
</div>
<div class="sect3">
@ -1295,7 +1317,7 @@
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
</colgroup>
<thead>
<tr>
@ -1335,7 +1357,7 @@
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">PathParameter</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">name of the PetSet</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">name of the StatefulSet</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">true</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
<td class="tableblock halign-left valign-top"></td>
@ -1350,7 +1372,7 @@
<colgroup>
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
</colgroup>
<thead>
<tr>
@ -1363,7 +1385,7 @@
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">200</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">success</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_v1alpha1_petset">v1alpha1.PetSet</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_v1beta1_statefulset">v1beta1.StatefulSet</a></p></td>
</tr>
</tbody>
</table>
@ -1406,17 +1428,17 @@
<div class="ulist">
<ul>
<li>
<p>apisappsv1alpha1</p>
<p>apisappsv1beta1</p>
</li>
</ul>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_list_or_watch_objects_of_kind_petset_2">list or watch objects of kind PetSet</h3>
<h3 id="_list_or_watch_objects_of_kind_statefulset_2">list or watch objects of kind StatefulSet</h3>
<div class="listingblock">
<div class="content">
<pre>GET /apis/apps/v1alpha1/petsets</pre>
<pre>GET /apis/apps/v1beta1/statefulsets</pre>
</div>
</div>
<div class="sect3">
@ -1428,7 +1450,7 @@
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
</colgroup>
<thead>
<tr>
@ -1499,7 +1521,7 @@
<colgroup>
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
</colgroup>
<thead>
<tr>
@ -1512,7 +1534,7 @@
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">200</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">success</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_v1alpha1_petsetlist">v1alpha1.PetSetList</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_v1beta1_statefulsetlist">v1beta1.StatefulSetList</a></p></td>
</tr>
</tbody>
</table>
@ -1541,6 +1563,12 @@
<li>
<p>application/vnd.kubernetes.protobuf</p>
</li>
<li>
<p>application/json;stream=watch</p>
</li>
<li>
<p>application/vnd.kubernetes.protobuf;stream=watch</p>
</li>
</ul>
</div>
</div>
@ -1549,17 +1577,17 @@
<div class="ulist">
<ul>
<li>
<p>apisappsv1alpha1</p>
<p>apisappsv1beta1</p>
</li>
</ul>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_watch_individual_changes_to_a_list_of_petset">watch individual changes to a list of PetSet</h3>
<h3 id="_watch_individual_changes_to_a_list_of_statefulset">watch individual changes to a list of StatefulSet</h3>
<div class="listingblock">
<div class="content">
<pre>GET /apis/apps/v1alpha1/watch/namespaces/{namespace}/petsets</pre>
<pre>GET /apis/apps/v1beta1/watch/namespaces/{namespace}/statefulsets</pre>
</div>
</div>
<div class="sect3">
@ -1571,7 +1599,7 @@
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
</colgroup>
<thead>
<tr>
@ -1650,7 +1678,7 @@
<colgroup>
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
</colgroup>
<thead>
<tr>
@ -1663,7 +1691,7 @@
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">200</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">success</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_*versioned_event">*versioned.Event</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_versioned_event">versioned.Event</a></p></td>
</tr>
</tbody>
</table>
@ -1687,12 +1715,15 @@
<p>application/json</p>
</li>
<li>
<p>application/json;stream=watch</p>
<p>application/yaml</p>
</li>
<li>
<p>application/vnd.kubernetes.protobuf</p>
</li>
<li>
<p>application/json;stream=watch</p>
</li>
<li>
<p>application/vnd.kubernetes.protobuf;stream=watch</p>
</li>
</ul>
@ -1703,17 +1734,17 @@
<div class="ulist">
<ul>
<li>
<p>apisappsv1alpha1</p>
<p>apisappsv1beta1</p>
</li>
</ul>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_watch_changes_to_an_object_of_kind_petset">watch changes to an object of kind PetSet</h3>
<h3 id="_watch_changes_to_an_object_of_kind_statefulset">watch changes to an object of kind StatefulSet</h3>
<div class="listingblock">
<div class="content">
<pre>GET /apis/apps/v1alpha1/watch/namespaces/{namespace}/petsets/{name}</pre>
<pre>GET /apis/apps/v1beta1/watch/namespaces/{namespace}/statefulsets/{name}</pre>
</div>
</div>
<div class="sect3">
@ -1725,7 +1756,7 @@
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
</colgroup>
<thead>
<tr>
@ -1797,7 +1828,7 @@
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">PathParameter</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">name of the PetSet</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">name of the StatefulSet</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">true</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
<td class="tableblock halign-left valign-top"></td>
@ -1812,7 +1843,7 @@
<colgroup>
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
</colgroup>
<thead>
<tr>
@ -1825,7 +1856,7 @@
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">200</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">success</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_*versioned_event">*versioned.Event</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_versioned_event">versioned.Event</a></p></td>
</tr>
</tbody>
</table>
@ -1849,12 +1880,15 @@
<p>application/json</p>
</li>
<li>
<p>application/json;stream=watch</p>
<p>application/yaml</p>
</li>
<li>
<p>application/vnd.kubernetes.protobuf</p>
</li>
<li>
<p>application/json;stream=watch</p>
</li>
<li>
<p>application/vnd.kubernetes.protobuf;stream=watch</p>
</li>
</ul>
@ -1865,17 +1899,17 @@
<div class="ulist">
<ul>
<li>
<p>apisappsv1alpha1</p>
<p>apisappsv1beta1</p>
</li>
</ul>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_watch_individual_changes_to_a_list_of_petset_2">watch individual changes to a list of PetSet</h3>
<h3 id="_watch_individual_changes_to_a_list_of_statefulset_2">watch individual changes to a list of StatefulSet</h3>
<div class="listingblock">
<div class="content">
<pre>GET /apis/apps/v1alpha1/watch/petsets</pre>
<pre>GET /apis/apps/v1beta1/watch/statefulsets</pre>
</div>
</div>
<div class="sect3">
@ -1887,7 +1921,7 @@
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
</colgroup>
<thead>
<tr>
@ -1958,7 +1992,7 @@
<colgroup>
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
</colgroup>
<thead>
<tr>
@ -1971,7 +2005,7 @@
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">200</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">success</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_*versioned_event">*versioned.Event</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="../definitions#_versioned_event">versioned.Event</a></p></td>
</tr>
</tbody>
</table>
@ -1995,12 +2029,15 @@
<p>application/json</p>
</li>
<li>
<p>application/json;stream=watch</p>
<p>application/yaml</p>
</li>
<li>
<p>application/vnd.kubernetes.protobuf</p>
</li>
<li>
<p>application/json;stream=watch</p>
</li>
<li>
<p>application/vnd.kubernetes.protobuf;stream=watch</p>
</li>
</ul>
@ -2011,7 +2048,7 @@
<div class="ulist">
<ul>
<li>
<p>apisappsv1alpha1</p>
<p>apisappsv1beta1</p>
</li>
</ul>
</div>
@ -2022,7 +2059,7 @@
</div>
<div id="footer">
<div id="footer-text">
Last updated 2016-10-21 20:04:10 UTC
Last updated 2016-11-03 18:44:40 UTC
</div>
</div>
</body>

52
docs/api-reference/authentication.k8s.io/v1beta1/definitions.html
View File

@ -38,7 +38,7 @@
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
</colgroup>
<thead>
<tr>
@ -93,7 +93,7 @@
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
</colgroup>
<thead>
<tr>
@ -114,21 +114,21 @@
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">kind</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Kind of the referent. More info: <a href="http://releases.k8s.io/release-1.4/docs/devel/api-conventions.md#types-kinds">http://releases.k8s.io/release-1.4/docs/devel/api-conventions.md#types-kinds</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Kind of the referent. More info: <a href="http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds">http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">true</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
<td class="tableblock halign-left valign-top"></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Name of the referent. More info: <a href="http://releases.k8s.io/release-1.4/docs/user-guide/identifiers.md#names">http://releases.k8s.io/release-1.4/docs/user-guide/identifiers.md#names</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Name of the referent. More info: <a href="http://kubernetes.io/docs/user-guide/identifiers#names">http://kubernetes.io/docs/user-guide/identifiers#names</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">true</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
<td class="tableblock halign-left valign-top"></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">uid</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">UID of the referent. More info: <a href="http://releases.k8s.io/release-1.4/docs/user-guide/identifiers.md#uids">http://releases.k8s.io/release-1.4/docs/user-guide/identifiers.md#uids</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">UID of the referent. More info: <a href="http://kubernetes.io/docs/user-guide/identifiers#uids">http://kubernetes.io/docs/user-guide/identifiers#uids</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">true</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
<td class="tableblock halign-left valign-top"></td>
@ -155,7 +155,7 @@
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
</colgroup>
<thead>
<tr>
@ -169,7 +169,7 @@
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: <a href="http://releases.k8s.io/release-1.4/docs/user-guide/identifiers.md#names">http://releases.k8s.io/release-1.4/docs/user-guide/identifiers.md#names</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: <a href="http://kubernetes.io/docs/user-guide/identifiers#names">http://kubernetes.io/docs/user-guide/identifiers#names</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
<td class="tableblock halign-left valign-top"></td>
@ -180,7 +180,7 @@
<br>
If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).<br>
<br>
Applied only if Name is not specified. More info: <a href="http://releases.k8s.io/release-1.4/docs/devel/api-conventions.md#idempotency">http://releases.k8s.io/release-1.4/docs/devel/api-conventions.md#idempotency</a></p></td>
Applied only if Name is not specified. More info: <a href="http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#idempotency">http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#idempotency</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
<td class="tableblock halign-left valign-top"></td>
@ -189,7 +189,7 @@ Applied only if Name is not specified. More info: <a href="http://releases.k8s.i
<td class="tableblock halign-left valign-top"><p class="tableblock">namespace</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.<br>
<br>
Must be a DNS_LABEL. Cannot be updated. More info: <a href="http://releases.k8s.io/release-1.4/docs/user-guide/namespaces.md">http://releases.k8s.io/release-1.4/docs/user-guide/namespaces.md</a></p></td>
Must be a DNS_LABEL. Cannot be updated. More info: <a href="http://kubernetes.io/docs/user-guide/namespaces">http://kubernetes.io/docs/user-guide/namespaces</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
<td class="tableblock halign-left valign-top"></td>
@ -205,7 +205,7 @@ Must be a DNS_LABEL. Cannot be updated. More info: <a href="http://releases.k8s.
<td class="tableblock halign-left valign-top"><p class="tableblock">uid</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.<br>
<br>
Populated by the system. Read-only. More info: <a href="http://releases.k8s.io/release-1.4/docs/user-guide/identifiers.md#uids">http://releases.k8s.io/release-1.4/docs/user-guide/identifiers.md#uids</a></p></td>
Populated by the system. Read-only. More info: <a href="http://kubernetes.io/docs/user-guide/identifiers#uids">http://kubernetes.io/docs/user-guide/identifiers#uids</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
<td class="tableblock halign-left valign-top"></td>
@ -214,7 +214,7 @@ Populated by the system. Read-only. More info: <a href="http://releases.k8s.io/r
<td class="tableblock halign-left valign-top"><p class="tableblock">resourceVersion</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.<br>
<br>
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: <a href="http://releases.k8s.io/release-1.4/docs/devel/api-conventions.md#concurrency-control-and-consistency">http://releases.k8s.io/release-1.4/docs/devel/api-conventions.md#concurrency-control-and-consistency</a></p></td>
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: <a href="http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#concurrency-control-and-consistency">http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#concurrency-control-and-consistency</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
<td class="tableblock halign-left valign-top"></td>
@ -230,16 +230,16 @@ Populated by the system. Read-only. Value must be treated as opaque by clients a
<td class="tableblock halign-left valign-top"><p class="tableblock">creationTimestamp</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.<br>
<br>
Populated by the system. Read-only. Null for lists. More info: <a href="http://releases.k8s.io/release-1.4/docs/devel/api-conventions.md#metadata">http://releases.k8s.io/release-1.4/docs/devel/api-conventions.md#metadata</a></p></td>
Populated by the system. Read-only. Null for lists. More info: <a href="http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata">http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string (date-time)</p></td>
<td class="tableblock halign-left valign-top"></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">deletionTimestamp</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource will be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field. Once set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. Once the resource is deleted in the API, the Kubelet will send a hard termination signal to the container. If not set, graceful deletion of the object has not been requested.<br>
<td class="tableblock halign-left valign-top"><p class="tableblock">DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field. Once set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.<br>
<br>
Populated by the system when a graceful deletion is requested. Read-only. More info: <a href="http://releases.k8s.io/release-1.4/docs/devel/api-conventions.md#metadata">http://releases.k8s.io/release-1.4/docs/devel/api-conventions.md#metadata</a></p></td>
Populated by the system when a graceful deletion is requested. Read-only. More info: <a href="http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata">http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string (date-time)</p></td>
<td class="tableblock halign-left valign-top"></td>
@ -253,14 +253,14 @@ Populated by the system when a graceful deletion is requested. Read-only. More i
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">labels</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: <a href="http://releases.k8s.io/release-1.4/docs/user-guide/labels.md">http://releases.k8s.io/release-1.4/docs/user-guide/labels.md</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: <a href="http://kubernetes.io/docs/user-guide/labels">http://kubernetes.io/docs/user-guide/labels</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">object</p></td>
<td class="tableblock halign-left valign-top"></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">annotations</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: <a href="http://releases.k8s.io/release-1.4/docs/user-guide/annotations.md">http://releases.k8s.io/release-1.4/docs/user-guide/annotations.md</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: <a href="http://kubernetes.io/docs/user-guide/annotations">http://kubernetes.io/docs/user-guide/annotations</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">object</p></td>
<td class="tableblock halign-left valign-top"></td>
@ -301,7 +301,7 @@ Populated by the system when a graceful deletion is requested. Read-only. More i
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
</colgroup>
<thead>
<tr>
@ -349,7 +349,7 @@ Populated by the system when a graceful deletion is requested. Read-only. More i
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
</colgroup>
<thead>
<tr>
@ -383,7 +383,7 @@ Populated by the system when a graceful deletion is requested. Read-only. More i
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
</colgroup>
<thead>
<tr>
@ -397,14 +397,14 @@ Populated by the system when a graceful deletion is requested. Read-only. More i
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">kind</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: <a href="http://releases.k8s.io/release-1.4/docs/devel/api-conventions.md#types-kinds">http://releases.k8s.io/release-1.4/docs/devel/api-conventions.md#types-kinds</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: <a href="http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds">http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
<td class="tableblock halign-left valign-top"></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">apiVersion</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: <a href="http://releases.k8s.io/release-1.4/docs/devel/api-conventions.md#resources">http://releases.k8s.io/release-1.4/docs/devel/api-conventions.md#resources</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: <a href="http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources">http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
<td class="tableblock halign-left valign-top"></td>
@ -445,7 +445,7 @@ Populated by the system when a graceful deletion is requested. Read-only. More i
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
</colgroup>
<thead>
<tr>
@ -459,14 +459,14 @@ Populated by the system when a graceful deletion is requested. Read-only. More i
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">kind</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: <a href="http://releases.k8s.io/release-1.4/docs/devel/api-conventions.md#types-kinds">http://releases.k8s.io/release-1.4/docs/devel/api-conventions.md#types-kinds</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: <a href="http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds">http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
<td class="tableblock halign-left valign-top"></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">apiVersion</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: <a href="http://releases.k8s.io/release-1.4/docs/devel/api-conventions.md#resources">http://releases.k8s.io/release-1.4/docs/devel/api-conventions.md#resources</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: <a href="http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources">http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources</a></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
<td class="tableblock halign-left valign-top"></td>
@ -500,7 +500,7 @@ Populated by the system when a graceful deletion is requested. Read-only. More i
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
</colgroup>
<thead>
<tr>
@ -548,7 +548,7 @@ Populated by the system when a graceful deletion is requested. Read-only. More i
</div>
<div id="footer">
<div id="footer-text">
Last updated 2016-10-21 20:04:14 UTC
Last updated 2016-11-03 15:09:42 UTC
</div>
</div>
</body>

8
docs/api-reference/authentication.k8s.io/v1beta1/operations.html
View File

@ -28,7 +28,7 @@
<colgroup>
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
</colgroup>
<thead>
<tr>
@ -106,7 +106,7 @@
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
<col style="width:16%;">
</colgroup>
<thead>
<tr>
@ -145,7 +145,7 @@
<colgroup>
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
<col style="width:33%;">
</colgroup>
<thead>
<tr>
@ -206,7 +206,7 @@
</div>
<div id="footer">
<div id="footer-text">
Last updated 2016-10-21 20:04:14 UTC
Last updated 2016-09-09 20:01:23 UTC
</div>
</div>
</body>

Some files were not shown because too many files have changed in this diff Show More