* initial commit for IPv4/IPv6 dual stack docs
Signed-off-by: Lachlan Evenson <lachlan.evenson@microsoft.com>
* Apply suggestions from code review
Co-Authored-By: Tim Bannister <tim@scalefactory.com>
* Remove warning, Add What's next section
Signed-off-by: Lachlan Evenson <lachlan.evenson@microsoft.com>
* Add Service section
Add Provising a dual stack Kubernetes cluster section
Add Ecosystem tooling section
Update prerequisites
Update flags
Update supported features
Move validation to task
Add Service validation
Signed-off-by: Lachlan Evenson <lachlan.evenson@microsoft.com>
* Apply suggestions from code review
Co-Authored-By: Tim Bannister <tim@scalefactory.com>
* Remove ecosystem tooling
Remove provisioning tools
Add backtics to ipFamily values
Update loadbalancer section
Signed-off-by: Lachlan Evenson <lachlan.evenson@microsoft.com>
* Fix feature gate link typo
Co-Authored-By: Tim Bannister <tim@scalefactory.com>
* Update to dual-stack
Add default use-case to Service validation
Add note to default Service behaviour
Add default Service example
Update egress routing description
Signed-off-by: Lachlan Evenson <lachlan.evenson@microsoft.com>
* Update api-server to the API server
Fix small typo based on feedback
Co-Authored-By: Tim Bannister <tim@scalefactory.com>
Signed-off-by: Lachlan Evenson <lachlan.evenson@microsoft.com>
* Add for_k8s_version feature state
Signed-off-by: Lachlan Evenson <lachlan.evenson@microsoft.com>
* Update service IP address verbiage to be more concise
Co-Authored-By: Tim Bannister <tim@scalefactory.com>
* Move to tasks/network
Signed-off-by: Lachlan Evenson <lachlan.evenson@microsoft.com>
* Move dual-stack under services-networking
Signed-off-by: Lachlan Evenson <lachlan.evenson@microsoft.com>
* Remove dual-stack from glossary
Add codenew blocks
Split command from output
Renamed pod name
Created subheading to validate node and pod addressing
Signed-off-by: Lachlan Evenson <lachlan.evenson@microsoft.com>
* Apply suggestions from code review
Co-Authored-By: Tim Bannister <tim@scalefactory.com>
* Verbiage update based on review
Co-Authored-By: Tim Bannister <tim@scalefactory.com>
Signed-off-by: Lachlan Evenson <lachlan.evenson@microsoft.com>
* Apply suggestions from code review
Co-Authored-By: Tim Bannister <tim@scalefactory.com>
* Added documentation to support Topology Manager feature in Kubelet.
* Added new document outlining feature
* Updated feature-gates.md to include feature gate for feature
* Update kubelet.md to include kubelet flags for feature
* Added Topology Manager reference to relevant pages
Co-authored-by: Tim Bannister <tim@scalefactory.com>
* Update Topology Manager Policies section
* Add comprehensive CRD versioning flow to documentation
* Break down CRD versioning upgrade processes into steps, apply review feedback
* Reference doc section about custom resource storage migration in workflow documentation
* Add step to find any clients still on old version during CRD version migration
* Fix indentation in list in conversion end-to-end flow doc
* Fix spacing before lists in docs about conversion webhooks
* Fix two typos
- Sample CRD will not work due to apiextensions.k8s.io/v1beta1 setting preserveUnknownFields to true by default. Set to `false`.
- Provide required `type: object` at `openAPIV3Schema` root for both versions to avoid `schema.openAPIV3Schema.type: Required value: must not be empty at the root` error.
* Add link references which were removed with #16011
Signed-off-by: David Schneider <schneider@puzzle.ch>
* Move link references into correct capture block
In nginx ingress controller Version 0.22.0 and beyond, any substrings within the request URI that need to be passed to the rewritten path must explicitly be defined in a capture group. Please refer doc here :
* `https://kubernetes.github.io/ingress-nginx/examples/rewrite/#rewrite-target`
* `https://stackoverflow.com/a/55193468/5527839 `
Currently, what was mentioned in the docs, didnt work for me. I was using minikube version `1.2.0` which uses ingress above v0.21.0. After reading the docs provided in above two links, was able to figure out where it was lacking. Have mentioned the changes in the proposed file change.
* Fix links into Audit with Falco section
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
* Fix typo in audit docs
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
Co-Authored-By: Tim Bannister <tim@scalefactory.com>
Recently, the RunAsUserName feature has been added, allowing users to
run Windows containers with custom usernames, different from the image
default usernames.
Adds documentation regarding its prerequisites, feature gate, usage,
restrictions, and samples.
* Improvement for kubectl patch command
This command does not work in Powershell. A specific note would help the developers to take care of the same.
* Fixed review comments
Added different tabs for bash and PowerShell.
* Removing note for PowerShell
Hugo is not able to add note along with shortcode. Hence removing note.
* Update device plugin docs for Kubernetes 1.14
& related pages
This change is mainly about feature-state shortcodes & similar.
(if there's a way to get the short version string, eg "1.14" rather
than "v1.14", then that could go in place of the hard coded value
in this commit).
* Fix code block formatting
eg code blocks incorrectly marked as:
```shell
* Use glossary shortcodes where appropriate
* Hyperlink to Prometheus
* Tidy Markdown formatting
* Change example vendor domain name
Use a name inside ".example" to highlight that this is a DNS
domain name.
* Reword device plugins documentation
* Tweak headings for device plugins
* Add "what's next" to device plugins docs
* Tweak wording for device plugins docs
* Add KubeVirt device plugins
- tested on macOS with BSD's grep and GNU's. same flags, same output.
- there are some 55 CPU flags on mac, so highlighting VMX makes it
easier to grasp
- using `egrep` on linux and `grep` on mac, not necessary
- precision: the VT-x feature is NOT an OS feature...
because with busybox/0.log it fails as shown below (unless you mkdir busybox,
with the correct permission, which is an extra step we can avoid for a tutorial like this)
FATA[0000] Starting the container "3c71f8c3abfcac0f8357fa25be896062f05f88e1d9acbd7a033afeee9a54f3c4" failed: rpc error: code = Unknown desc = failed to create containerd task: failed to create container loggers: failed to create and open log file: open busybox/0.log: no such file or directory
CSR API isn't guaranteed to use the cluster CA. The CA used to sign
certs using the CSR API depends on the specific cluster stup. Admins can
use a separate CA if they choose to.
Users shouldn't rely on verifying those certs using the CA bundle
mounted with service account secrets.
The doc page is reworded to remove most mentions of cluster CA and
instead focus on API usage specifics.
When upgrading controlplane nodes, upgrading the kubelets should be done
as the last step after "kubeadm upgrade" was run on all of the control
plane nodes already.
Also apply consistency related cleanup to sections and section names.
Ubuntu 16.04.5 LTS
apt-mark unhold kubeadm && apt-get update && apt-get install -y kubeadm=1.14.x-00 && apt-mark hold kubeadm gives the below error
The following packages have unmet dependencies:
kubelet : Depends: kubernetes-cni (= 0.6.0) but 0.7.5-00 is to be installed
E: Error, pkgProblemResolver::Resolve generated breaks, this may be caused by held packages.
Unholding the kubelet with kubeadm fixes the problem.
lose apt-mark unhold kubectl when apt-get install kubectl. If not unhold kubectl, it would return the error follows:
``` shell
root@ecs-k8s-master:~# apt-mark unhold kubelet && apt-get update && apt-get install -y kubelet=1.15.0-00 kubectl=1.15.0-00 && apt-mark hold kubelet
kubelet was already not hold.
Hit:1 https://download.docker.com/linux/ubuntu xenial InRelease
Hit:2 https://mirrors.tuna.tsinghua.edu.cn/ubuntu xenial InRelease
Hit:3 https://mirrors.tuna.tsinghua.edu.cn/ubuntu xenial-updates InRelease
Get:4 https://mirrors.tuna.tsinghua.edu.cn/ubuntu xenial-backports InRelease [107 kB]
Hit:4 https://mirrors.tuna.tsinghua.edu.cn/ubuntu xenial-backports InRelease
Hit:5 https://mirrors.tuna.tsinghua.edu.cn/ubuntu xenial-security InRelease
Hit:6 https://packages.cloud.google.com/apt kubernetes-xenial InRelease
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
linux-headers-4.4.0-145 linux-headers-4.4.0-145-generic linux-image-4.4.0-145-generic linux-modules-4.4.0-145-generic
Use 'apt autoremove' to remove them.
The following held packages will be changed:
kubectl
The following packages will be upgraded:
kubectl kubelet
2 upgraded, 0 newly installed, 0 to remove and 9 not upgraded.
E: Held packages were changed and -y was used without --allow-change-held-packages.
```
1. Replace net.ipv4.route.min_pmtu with net.core.somaxconn in the
example of using unsafe sysctls in containers, since the former is not
accessible within container namespace at all.
2. Not all net.* sysctls are namespaced. Explain the correct way to
identify the namespaced networking sysctls.
* fix path of game.properties file
It has been dowloaded to configure-pod-container/configmap/game.properties
* fix typo: kustomization instead of kusotmization
There's been a number of questions around the difference between the external.metrics.k8s.io and custom.metrics.k8s.io in #sig-autoscaling referring back to the HPA docs recently. Added links out to the design proposals for each and the relevant sections of the existing walkthrough docs.
* Updated IP Address for /etc/hosts
Tested on Minikube for macOS.
When using Minikube, the IP address listed in `kubectl get ingress` is the internal Minikube IP address and is not available on the web browser.
Added advice to the user that when using Minikube, add the Minikube IP address to the Hosts file instead of the IP address displayed in `kubectl get ingress`.
* Update ingress-minikube.md
* Adding alternative command to create namespace
As this is first place user look to find details to create a namespace, added an alternative command to create a namespace. Also, this is mostly used way to create namepsace instead of YAML.
* Correcting Formatting
Correcting formatting for changes
* Update namespaces.md
* Add Ref to shared process namespaces
The article talking about ways container can talk to each other should include shared process namespace as a method
* Drop note on kube version in reference
* Put minikube install steps in per-OS tabs
* Work around nested <li> formatting issue
Using Markdown unordered lists inside tabs doesn't seem to work. These
changes are my work-around for that.
* Reword "laptop" to personal computer
Some computers aren't laptops
* Drop trailing whitespace
* Drop warning about removing other Mac hypervisors
* Move examples ahead of commands that use them
In support of https://github.com/kubernetes/website/issues/12740
The aim is to adopt a consistent style around providing downloadable
examples for use with kubectl, etc.
* Tweak wording for stateful app pod example
* Adopt formatting conventions for code blocks
* Move ReplicationController sample YAML to examples
In aid of https://github.com/kubernetes/website/issues/12740
* Move PodDisruptionBudget sample YAML to examples
In aid of https://github.com/kubernetes/website/issues/12740
* Update test schema for new examples
* Use Unicode ellipsis in example
Aim here is to make the elision more obvious
* Add comment about where to run probe
Add comment about where to run probe
Signed-off-by: Xiang Dai <764524258@qq.com>
* Update language
Signed-off-by: Xiang Dai <764524258@qq.com>
* Update language
Signed-off-by: Xiang Dai <764524258@qq.com>
* Update language
Signed-off-by: Xiang Dai <764524258@qq.com>
* fix grammar nits
Signed-off-by: Xiang Dai <764524258@qq.com>
* Add recommendation to use kms provider
Add a warning to encrypting secrets documentation that if using a provider with secrets encryption, kms provider is preferred as it materially changes the threat model.
* Update encrypt-data.md
* Update encrypt-data.md
Updated to include kms provider is Beta sice 1.12
* Update encrypt-data.md
**your.private.registry.example.com** is a better choice of domain name for a non-existing sample domain name than calling it **yourprivateregistry.com**
refer #14283
Using `rm -Rf ~/.minikube` is not necessary in modern (v1.x) versions of minikube, and is highly discouraged as may can leave dangling VM's running, which minikube will fail to recover from.
Example issue: https://github.com/kubernetes/minikube/issues/4377
without specifying registry details for `image` value, You will get following error if you are using a private registry even when your private images are hosted in docker.hub and you have valid credentials configured for the same.
Failed to pull image "xxx/xxx-app:0.0.1": rpc error: code = Unknown desc = Error response from daemon: pull access denied for xxx/xxx-app, repository does not exist or may require 'docker login'
* document version changes of critical pod
* document system priority class name version requirement
* Update guaranteed-scheduling-critical-addon-pods.md
* Link to 'Add image pull secret to service account'
This page does not mention the fact that image pull secrets can be specified through a service account. So adding link to the section which gives details about 'adding image pull secret to service account'.
* Correcting link url
Correcting link url
* Corrects procedure to get tab completion on Mac
Tab completion only requires the installation of bash-completion and sourcing the bash_completion script.
Installing bash-completion@2 doesn't work and source <(kubectl completion bash) is no longer necessary in the .bash_profile.
* Removed reference to other methods that don't work
* Update install-kubectl.md
The link https://github.com/kubernetes/minikube#other-ways-to-install doesn't exist anymore.
So either we remove the link to it or we fix the minikube README and add a new section for alternative ways to install minikube.
What do you think?
* Link upgrade to skewed version page
It provides the order of upgrade and shows which versions are supported.
Solves (at least partially ) #14420
* Update cluster-management.md
* Update cluster-management.md
* document pod downwardAPI fieldRef & resourceRef values of en version
* document pod downwardAPI fieldRef & resourceRef values of zh version
* typo correction
Both local and pod port number are same i.e. 6379 which causes confusion to first time reader. This can be easily avoided by using two different port number.
* Correcting order of display for daemon set tasks
Correcting order of display for daemon set tasks
* Correcting display order of daemon set task
Correcting display order of daemon set task
here apt installs both kubelet and kubectl but just holds kubelet. I think kubectl should alse be held by apt-mark.
```
# replace x in 1.14.x-00 with the latest patch version
apt-mark unhold kubelet && \
apt-get update && apt-get install -y kubelet=1.14.x-00 kubectl=1.14.x-00 && \
apt-mark hold kubelet
```
This patch swaps all uses with extensions/v1beta1 with the new
networking.k8s.io/v1beta1 apiVersion for the Ingress resource.
Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
* Define SLO acronym
Save people from having to search for the translation of SLO to Service-Level Objectives.
* replace SLO with direct PodDisruptionBudget reference
*minikube ssh* logs into the cluster as user 'docker'. The user 'docker' (uid=1000) does not have write permissions in /mnt to create a new directory and/or the example's HTML file. Use sudo(8) to create the directory as well as the HTML file nginx will ultimately serve.
Added steps to find out if virtualization in installed on the users OS.
Minor improvement
Capitalized Windows
Removed the shell from the command.
Update install-minikube.md
Added a step under the sections that guide the user to install the binary using curl on the OS. This is the same format maintained by the other section on this page.
I thought this organization would give the users a better idea of what method to select based on the OS they use.
Initially, I was a wee bit confused when I saw how to Install kubectl binary with curl on the Mac OS and then another section on how to install Kubectl on the Mac OS.
Now, I moved the content under the $subject to the respective OS section.
P.S: I am still in the process of testing out the steps. :)
* updated link for framework file
Fixed the invalid link referred by "framework file" in "Most of the common code are located in the framework file that leaves only one function to be implemented for different conversions.".
This fix is for the issue #13759 .
* updated framework file link reference to v1.14
changed docs version from v1.13.0 to v1.14.0 in the link reference
"framework file" -> https://github.com/kubernetes/kubernetes/tree/v1.14.0/test/images/crd-conversion-webhook/converter/framework.go
These statement was intended to specify environment variable values available in the container but word 'environment variable' was missing so corrected these statements for better clarity.
* [WIP] Clean up kubectl install page
Fixes issue #13577
* Update install-kubectl.md
Addresses @zacharaysarah and @jaredbhatti's comments.
Minor language Improvements:
- Deleted unnecessary adverbs
- Used fewer words where possible
Next pass will include deeper edits, with careful attention to the kubectl autocompletion section
* Update install-kubectl.md
Fixed the broken link for 'kubectl autoscale' in the statement - Now that the server is running, we will create the autoscaler using kubectl autoscaling.
This issue is referenced in #13683
The link for one function in the line "Most of the common code are located in the framework file that leaves only one function to be implemented for different conversions" has been changed.
Resolving issue #13760
* Example for injecting single secret as env variable
Define a container environment variable with data from a single Secret
* Env variable using secret data
* Update pod-single-secret-env-variable.yaml
* Adding example for multiple env variable using secrets
Adding example for multiple env variables using secrets
* Create pod-secret-envFrom.yaml
* Update pod-multiple-secret-env-variable.yaml
* Update pod-multiple-secret-env-variable.yaml
* Update pod-multiple-secret-env-variable.yaml
* Update pod-single-secret-env-variable.yaml
* Update pod-multiple-secret-env-variable.yaml
* Update pod-single-secret-env-variable.yaml
* Different ways to add env variable using secret
Adding different ways to add env variable in pod using secret
* Correcting formatting issues
Correcting formatting issues
* Correcting format issue
Rob Scott
Lachlan Evenson
simplytunde
Louise Daly
Joe Betz
Haowei Cai (Roy)
Deep Debroy
Matthias Bertschy
Lubomir I. Ivanov
Dr. Stefan Schimanski
Zihong Zheng
Matt Dorn
Sebastian Florek
Naoki Oketani
David Schneider
mohamed chiheb ben jemaa
Piyush Kumar
Leo Di Donato
oneoneonepig
aimeeu
Claudiu Belu
praveen-kg
Quan Tian
Jakub Warczarek
Burke Azbill
Soto Sugita
Wojciech Tyczynski
Karen Bradshaw
codyc
Manish Bansal
Tim Bannister
Ori Tzoran
RA489
Michael Vorburger ⛑️
janitha09
Derek
Mans Matulewicz
Andrew Lytvynov
Shivesh Abhishek
Edu Patrocinio
Nicolás Pascual González
Ashutosh Gangwar
George Tseres
Nikita Potapenko
Ismail Alidzhikov
karolflont
devasat
popozy
Brian Grant
Yang Guo
Guoxiang Zu
João Vitor
Ramin Abdollahi
Dawn Foster
prameshj
Pascal Bourdier
zwwhdls
Taylor D. Edmiston
WoOsley
Lennart Jern
Takuya N
Patrick Lussan
839
Barnabas Makonda
Guy Templeton
Julien Brochet
James Woodall
Rajesh Deshpande
MAKOSCAFEE
mhamdi semah
André R. de Miranda
Jarek Strzelecki
Rajakavitha1
so0k
Jingfang Liu
Xiang Dai
Maya Kaczorowski
Jim Angel
Morten Torkildsen
Rostislav M. Georgiev
Jason Gwartz
Seth
Fabrizio Pandini
Raja Anbazhagan
Matthew Gallagher
Thomas Strömberg
Daniel Weibel
Yucheng Wu
icheikhrouhou
wangyamei
Misty Linville
Atif Mahmood
Oussema CHERNI
Christian Rebischke
Steven Sherry
Prankul
好风
Oleksandr Slynko
Byron.wang
Himanshu Pandey
Suhwan Cha
Raj Vaibhav Dubey
Rajesh Deshpande
Neville George
Vitaly R. Samigullin
silenceshell
Vageesha17
Kenichi Omichi
s-ito-ts
Kohei Toyoda
cmluciano
andy stone
Martynas Pumputis
Alexander Sack
Karthik Ravikanti
shavidissa
Damini Satya
Sandeep Rajan
Danny Berger
Lubomir I. Ivanov
shub-asa1
makocchi
Cody Clark
manyatripathi
Shifali-Srivastava
Danny Berger
Song Kun
Subrata Paul
Ricardo Cordeiro
Marc Sensenich
Supriya Sirbi
Abhishek Jaisingh
yanghaichao12
Blade
Taher Bohari
Oleg Atamanenko
Arthur Deschamps