This patch refactors the admin/admission-controllers section:
- Reorder the built-in controllers based on their names
- Added controllers that were not documented:
* GenericAdmissionWebhook
* Initializers
* LimitPodHardAntiAffinity
* NamespaceAutoProvision
* NamespaceExists
* OwnerReferencesPermissionEnforcement
* PersistenVolumeLabel
* PodPreset
* PodTolerationRestriction
Remove the custom modules description in the authorization and
authentication docs. While we could add more later, we probably
don't want to advertise them to end users.
Also note that the authentication webhook and authenticating proxy
can be used to integrate with unsupported auth protocols.
Initial PR to reflect new scalability limits. I have assumed the new number of total containers from the previous relationship but would prefer Wojciech to confirm
* Update the reference docs for kubefed
* fix syntax typos
* add period
* fix ToC links
* fix kubefed link
* revert to Kubefed title as link
* Add kubefed reference docs for the first time
* Add link for base kubefed command also
* Fix Typo - "TokenAccessReviewStatus" -> "status"
"TokenAccessReview" is the value of the "kind" field of the request and response. The webhook has to fill in the "status" field to indicate authenticate pass/fail status.
* Use back ticks for spec
For consistency highlight spec better using back ticks
* Fix typos and add a paragraph for initializers doc
- Fixed a few consistency issues and typos in the doc
- Also fixed an username typo in assignees
- Added a paragraph explaining how the example initializerconfiguration will
be applied once it is created.
Signed-off-by: Ahmet Alp Balkan <ahmetb@google.com>
* Add .pending to metadata.initializers, re-wording
Signed-off-by: Ahmet Alp Balkan <ahmetb@google.com>
- "SubjectAccessReview" is the value of the "kind" field of the request and response. The webhook has to fill in the "status" field to indicate authorization passed or failed.
- For consistency highlight spec better using back ticks
* Remove self-links with domain names in docs
Fixes#4191. Skipping the tutorials we import from kubernetes/examples.
Signed-off-by: Ahmet Alp Balkan <ahmetb@google.com>
* update federation/index.md user-guide links
* update assign-pod-node.md links
* update dns-pod-service.md link
* update link in jobs-run-to-completion.md
* update link in minikube.md
* update PS link in minikube.md
* update links in stackpoint.md
* update links in storage.md
* fix link in vsphere.md
* fix links in deprecation-policy.md
* Update pick-right-solution.md
* Update web-ui-dashboard.md
* Update ingress.md
* Update federation-service-discovery.md
* Update user-guide.md
* Update expose-external-ip-address.md
* Update README.md
* Update README.md
There is no "kubectl" section in this page. And non-resource urls do not
have too much relationship with kubectl(At least I think so), so we
don't need "see kubectl"
* Minor fixes in the Deployment doc
Signed-off-by: Michail Kargakis <mkargaki@redhat.com>
* add NodeRestriction to admission-controllers (#3842)
* Admins Can Configure Zones in Storage Class
The PR #38505 (https://github.com/kubernetes/kubernetes/pull/38505) added zones optional parameter to Storage Class for AWS and GCE provisioners.
That's why documentation needs to be updated accordingly.
* document custom resource definitions
* add host paths to psp (#3971)
* add host paths to psp
* add italics
* Update ConfigMap doc to explain TTL-based cache updates (#3989)
* Update ConfigMap doc to explain TTL-based cache updates
* swap word order
Change "When a ConfigMap being already consumed..." to "When a ConfigMap already being consumed..."
* Update NetworkPolicy docs for v1
* StorageOS Volume plugin
* Update GPU docs
* docs: HPA autoscaling/v2alpha1 status conditions
This commit documents the new status conditions feature for HPA
autoscaling/v2alpha1. It demonstrates how to get the status conditions
using `kubectl describe`, and how to interpret them.
* Update description about NodeRestriction
kubelet node can alse create mirror pods for their own static pods.
* adding storage as a supported resource to node allocatable
Signed-off-by: Vishnu kannan <vishnuk@google.com>
* Add documentation for podpreset opt-out annotation
This adds the annotation for having the podpreset admission controller
to skip (opt-out) manipulating the pod spec.
Also, the annotation format for what presets have acted on a pod has
been modified to add a prefix of "podpreset-". The new naming makes it such
that there is no chance of collision with the newly introduced opt-out
annotation (or future ones yet to be added).
Opt-out annotation PR:
kubernetes/kubernetes#44965
* Update PDB documentation to explain new field (#3885)
* update-docs-pdb
* Addressed erictune@'s comments
* Fix title and add a TOC to the logging concept page
* Patch #4118 for typos
* Describe setting coredns server in nameserver resolv chain
* Address comments in PR #3997.
Comment is in
f6eb59c67e (diff-7a14981f3dd8eb203f897ce6c11d9828)
* Update task for DaemonSet history and rollback (#4098)
* Update task for DaemonSet history and rollback
Also remove mentions of templateGeneration field because it's deprecated
* Address comments
* removed lt and gt as operators (#4152)
* removed lt and gt as operators
* replace lt and gt for node-affinfity
* updated based on bsalamat review
* Initial draft of upgrade guide for kubeadm clusters.
In-place upgrades are supported between 1.6 and 1.7 releases. Rollback
instructions to come in a separate commit.
Fixes https://github.com/kubernetes/kubeadm/issues/278
* Add local volume documentation (#4050)
* Add local volume documentation
* Add PV local volume example
* Patch PR #3999
* Add documentation for Stackdriver event exporter
* Add documentation about controller metrics
* Federation: Add task for setting up placement policies (#4075)
* Add task for setting up placement policies
* Update version of management sidecar in policy engine deployment
* Address @nikhiljindal's comments
- Lower case filenames
- Comments in policy
- Typo fixes
- Removed type LoadBalancer from OPA Service
* Add example that sets cluster selector
Per-@nikhiljindal's suggestion
* Fix wording and templating per @chenopis
* PodDisruptionBudget documentation Improvements (#4140)
* Changes from #3885
Title: Update PDB documentation to explain new field
Author: foxish
* Added Placeholder Disruptions Concept Guide
New file: docs/concepts/workloads/pods/disruptions.md
Intented contents: concept for Pod Disruption Budget,
cross reference to Eviction and Preemption docs.
Linked from: concepts > workloads > pods
* Added placeholder Configuring PDB Task
New file: docs/tasks/run-application/configure-pdb.md
Intented contents: task for writing a Pod Disruption Budget.
Linked from: tasks > configuring-applications > configure pdb.
* Add refs to the "drain a node" task.
* Refactor PDB docs.
Move the "Requesting an eviction" section from:
docs/tasks/administer-cluster/configure-pod-disruption-budget.md
-- which is going away -- to:
docs/tasks/administer-cluster/safely-drain-node.md
The move is verbatim, except for an introductory sentence.
Also added assignees.
* Refactor of PDB docs
Moved the section:
Specifying a PodDisruptionBudget
from:
docs/tasks/administer-cluster/configure-pod-disruption-budget.md
to:
docs/tasks/run-application/configure-pdb.md
because that former file is going away.
Move is verbatim.
* Explain how Eviction tools should handle failures
* Refactor PDB docs
Move text from:
docs/tasks/administer-cluster/configure-pod-disruption-budget.md
to:
docs/concepts/workloads/pods/disruptions.md
Delete the now empty:
docs/tasks/administer-cluster/configure-pod-disruption-budget.md
Added a redirects_from section to the new doc, containing the path
of the now-deleted doc, plus all the redirects from the deleted
doc.
* Expand PDB Concept guide
Building on a little content from the old task,
greatly expanded the Disruptions concept
guide, including an abstract example.
* Update creating a pdb Task.
* Address review comments.
* Fixed for all cody-clark's review comments
* Address review comments from mml
* Address review comments from maisem
* Fix missing backtick
* Api and Kubectl reference docs updates for 1.7 (#4193)
* Fix includes groups
* Generated kubectl docs for 1.7
* Generated references docs for 1.7 api
* Document node authorization mode
* API Aggregator (#4173)
* API Aggregator
* Additional bullet points
* incorporated feedback for apiserver-aggregation.md
* split setup-api-aggregator.md into two docs and address feedback
* fix link
* addressed docs feedback
* incorporate feedback
* integrate feedback
* Add documentation for DNS stub domains (#4063)
* Add documentation for DNS stub domains
* add additional prereq
* fix image path
* review feedback
* minor grammar and style nits
* documentation for using hostAliases to manage hosts file (#4080)
* documentation for using hostAliases to manage hosts file
* add to table of contents
* review comments
* update the right command to see hosts file
* reformat doc based on suggestion and change some wording
* Fix typo for #4080
* Patch PR #4063
* Fix wording in placement policy task introduction
* Add update to statefulset concepts and basic tutorial (#4174)
* Add update to statefulset concpets and basic tutorial
* Address tech comments.
* Update ESIPP docs for new added API fields
* Custom resource docs
* update audit document with advanced audit features added in 1.7
* kubeadm v1.7 documentation updates (#4018)
* v1.7 updates for kubeadm
* Address review comments
* Address Luke's comments
* Encrypting secrets at rest and cluster security guide
* Edits for Custom DNS Documentation (#4207)
* reorganize custom dns doc
* format fixes
* Update version numbers to 1.7
* Patch PR #4140 (#4215)
* Patch PR #4140
* fix link and typos
* Update PR template
* Update TLS bootstrapping with 1.7 features
This includes documenting the new CSR approver built into the
controller manager and the kubelet alpha features for certificate
rotation.
Since the CSR approver changed over the 1.7 release cycle we need
to call out the migration steps for those using the alpha feature.
This document as a whole could probably use some updates, but the
main focus of this PR is just to get these features minimally
documented before the release.
* Federated ClusterSelector
formatting updates from review
* complete PR #4181 (#4223)
* complete PR #4181
* fix security link
* Extensible admission controller (#4092)
* extensible-admission-controllers
* Update extensible-admission-controllers.md
* more on initializers
* fixes
* Expand external admission webhooks documentation
* wrap at 80 chars
* more
* add reference
* Use correct apigroup for network policy
* Docs changes to PR #4092 (#4224)
* Docs changes to PR #4092
* address feedback
* add doc for --as-group in cli
Add doc for this pr:
https://github.com/kubernetes/kubernetes/pull/43696
* Remove spurious cluster-status role description
* Indicate controller-manager must be granted controller roles when not run with --use-service-account-credentials
Weibin Lin
Jennifer Rondeau
Johannes 'fish' Ziemke
Abdullah Al Maruf - Tuhin
lemon-tree
Qiming Teng
Stewart-YU
Andrew Chen
chenhuan12
Justin Santa Barbara
Eric Chiang
Anthony
XsWack
irfanurrehman
lichuqiang
Ti Zhou
TigerXu
Michelle Au
Stewart-YU
Hazim
Charlie R.C
craigbox
Aaron Crickenberger
Luke Heidecke
Cao Shufeng
Lachlan Evenson
Davanum Srinivas
Ahmet Alp Balkan
liyao
MofeLee
ymqytw
jianglingxia
Chao Xu
Mik Vyatskov
Fabrizio Pandini
Lucas Käldström
zhangchaolei
Christoph Blecker
Jamie Hannaford
Selvi K
Murad Korejo
Jonathan MacMillan
Harry Zhang
Jordan Liggitt
Tuna
Karthik Gaekwad
Andrew Chen
Jim Rollenhagen
Rick Sostheim
Steve Perry