The docs previously referred to the reader to the now defunct PodSecurityPolicy
page to explain how PersistentVolumes can be a path of privilege escalation,
burrying the lede.
Now that PodSecurityPolicy is gone, update this bit to actually explain that it
it is unfettered access to creating hostPath-typed PersistentVolumes that are
a problem. Some words lifted from the 1.24 PodSecurityPolicy docs.
Signed-off-by: Mike Waychison <mike@waychison.com>
Based on kubelet device manager refactoring done in 1.25 release,
there is stricter ordering requirements where the device plugin
MUST start a gRPC service before registering itself to kubelet.
In case this ordering is not followed, the plugin registration
will fail.
Signed-off-by: Swati Sehgal <swsehgal@redhat.com>
To enture that this page is rendered correctly on the Kubernetes
website, the caution tag needs to be closed.
This was missed during the doc write up and review process.
Signed-off-by: Swati Sehgal <swsehgal@redhat.com>
* Update kube-scheduler.md
A clearer way to write this paragraph explaining the scheduler.
Previous version: For every newly created pod or other unscheduled pods, kube-scheduler selects an optimal node for them to run on. However, every container in pods has different requirements for resources and every pod also has different requirements. Therefore, existing nodes need to be filtered according to the specific scheduling requirements.
Proposed version: Kube-scheduler selects an optimal node to run newly created or not yet scheduled (unscheduled) pods. Since containers in pods, and pods themselves have different requirements, existing nodes need to be filtered according to the specific scheduling requirements.
* Update kube-scheduler.md
I tried merging both our versions to make it a bit more concise, since feasibility is discussed in the subsequent paragraphs.
* Update Job docs to include info about using a headless service to enable pod communication via pod hostnames
* Change section title
* fix phrasing
* update yaml example
* update label selector
* more specific phrasing
* address comments and add new example
* add note about pod dns policies
* minor fixes
* add link to job patterns
* Update content/en/docs/tasks/job/intra-job-pod-networking-using-pod-hostnames.md
Co-authored-by: Aldo Culquicondor <1299064+alculquicondor@users.noreply.github.com>
* Update content/en/docs/tasks/job/intra-job-pod-networking-using-pod-hostnames.md
Co-authored-by: Aldo Culquicondor <1299064+alculquicondor@users.noreply.github.com>
* Update content/en/docs/tasks/job/intra-job-pod-networking-using-pod-hostnames.md
Co-authored-by: Aldo Culquicondor <1299064+alculquicondor@users.noreply.github.com>
* Update content/en/docs/tasks/job/intra-job-pod-networking-using-pod-hostnames.md
Co-authored-by: Aldo Culquicondor <1299064+alculquicondor@users.noreply.github.com>
* Update content/en/docs/concepts/workloads/controllers/job.md
Co-authored-by: Aldo Culquicondor <1299064+alculquicondor@users.noreply.github.com>
* address comments
* clarify sentence
* move minikube note to prereqs
* address comments
* captitalize all instances of Job
* move minikube notes to bottom of prereqs
* address comments
* update example
* fix typo
* update phrasing
* link to this from the completion modes section of the job docs
* address phrasing comments
* add newlines to break up block of text
* update phrasing
* update phrasing
* Update content/en/docs/concepts/workloads/controllers/job.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
* Update content/en/docs/tasks/job/job-with-pod-to-pod-communication.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
* Update content/en/docs/tasks/job/job-with-pod-to-pod-communication.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
* Update content/en/docs/tasks/job/job-with-pod-to-pod-communication.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
* Update content/en/docs/tasks/job/job-with-pod-to-pod-communication.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
* Update content/en/docs/tasks/job/job-with-pod-to-pod-communication.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
* Update content/en/docs/tasks/job/job-with-pod-to-pod-communication.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
* Update content/en/docs/tasks/job/job-with-pod-to-pod-communication.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
* Update content/en/docs/tasks/job/job-with-pod-to-pod-communication.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
Co-authored-by: Aldo Culquicondor <1299064+alculquicondor@users.noreply.github.com>
Co-authored-by: Qiming Teng <tengqm@outlook.com>
Be more explicit on the "duplicate endpoints" sections about what are the consumers expectations and the need to parse all the list of slices and remove only the duplicates
Tim Bannister
Kubernetes Prow Robot
Mike Waychison
Kundan Kumar
Thomas Güttler
shubham82
Swati Sehgal
Marcin Karkocha
lakshmi
Daniel Shebib
Mathieu Benoit
nurayko
Harold Cheng
stepan-3
Qiming Teng
SphinxKnight
Jai Govindani
Yi-Han Chen
Michael
Vladimir Varankin
Tim Hockin
Jiacheng Cheng
Mengjiao Liu
SaumyaBhushan
Oscar Utbult
Maximilian Ralser
carolina valencia
Mike Spreitzer
Dixita
Hamza Sheikh
Johnny Lim
Akihito INOH
Humble Devassy Chirammal
Andrew Sy Kim
Daniel Vega-Myhre
Antonio Ojea