aecc20f0ad
Merge main into dev-1.31 to keep in sync
2024-06-10 10:28:02 +01:00
f5360ceeeb
Add tab layout for "etcdutl" and "etcdctl" restore options ( #46748 )
...
* Update configure-upgrade-etcd.md
* Update configure-upgrade-etcd.md
Co-authored-by: Dipesh Rawat <rawat.dipesh@gmail.com>
* Update configure-upgrade-etcd.md
---------
Co-authored-by: Dipesh Rawat <rawat.dipesh@gmail.com>
2024-06-09 21:25:20 -07:00
6bba180fe7
Increase readability by refining the wording in cpu-management-policies.md
2024-06-06 14:40:40 +08:00
bc35539293
Improve "Reserve Compute Resources for System Daemons" doc ( #45771 )
...
* Improve "Reserve Compute Resources for System Daemons" doc
Remove deprecated CLI flags and replace by KubeletConfiguration settings
* Apply suggestions from code review
Co-authored-by: Qiming Teng <tengqm@outlook.com>
* keep the heading
---------
Co-authored-by: Qiming Teng <tengqm@outlook.com>
2024-06-03 18:39:22 -07:00
d989445929
resolved conflict as discussed, accepted current change with CRICTL_VERSION=v1.31.0
2024-06-03 18:26:28 -04:00
9249e6ff5e
Merge pull request #46498 from KrappRamiro/patch-1
...
Correct alignment in kubectl get pods dnsutils
2024-06-01 14:12:26 -07:00
73cd6a24f5
docs: fix the link for kubelet config directory merging doc
...
Signed-off-by: Sohan Kunkerkar <sohank2602@gmail.com>
2024-05-31 10:36:17 -04:00
3b28042ce2
Merge remote-tracking branch 'upstream/main' into dev-1.31
2024-05-29 08:38:12 +01:00
17c52782c7
Merge pull request #44050 from adityasamant25/etcd-restore
...
Use etcdutl instead of etcdctl for restoring an etcd cluster
2024-05-28 10:20:33 -07:00
022af4767a
Correct alignment in kubectl get pods dnsutils
2024-05-22 14:28:37 -03:00
e941a6ab1d
Merge main into dev-1.31 to keep in sync
2024-05-22 16:16:00 +01:00
160690c13a
Merge pull request #46360 from sohankunkerkar/fix-drop-in-dir-docs
...
[main] Fix drop-in dir logic explaination
2024-05-20 17:31:15 -07:00
82348a64ea
kubeadm: update docs for removed UpgradeAddonsBeforeControlPlane feature gate
...
Co-authored-by: Lubomir I. Ivanov <neolit123@gmail.com>
2024-05-17 10:14:00 +08:00
81e6c94293
Fix example KMS configuration documentation
...
Updated example configuration to specify separate unix domain socket
paths.
Signed-off-by: Micah Hausler <mhausler@amazon.com>
2024-05-16 15:32:39 -05:00
e823cf9e5c
Fix drop-in dir logic explaination
...
Signed-off-by: Sohan Kunkerkar <sohank2602@gmail.com>
2024-05-15 10:17:23 -04:00
8901aa537e
Merge pull request #46113 from nilekhc/clarify-automatic-reloading
...
docs: updates automatics reloading behaviour.
2024-05-14 10:19:11 -07:00
0144870f60
- Removed .md typo formatting to render the webpage.
2024-05-09 17:27:46 +05:30
87a912068c
docs: updates automatics reloading behaviour.
...
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
2024-05-08 16:10:19 +00:00
085c4cd168
Reword advice about replicated encryption configuration
2024-05-01 12:29:11 +01:00
47f15991d9
Revise callouts in encryption-at-rest task page
2024-05-01 12:29:11 +01:00
9647701853
Clean up a task: kubelet-config-file
2024-04-29 22:01:31 +08:00
305078d22e
Merge pull request #45778 from mrgiles/45539_shell_access_to_node_before_upgrade
...
Add shell access prereq to node upgrade cluster task
2024-04-22 15:34:40 -07:00
a47f72b372
Merge pull request #45225 from sftim/20240220_auto_calculate_more_feature_states
...
Switch more feature-state shortcodes to be data driven
2024-04-22 13:33:11 -07:00
7b6866063f
Switch more feature-state shortcodes to be data driven
...
When the feature gates graduate (or get deprecated), the associated
shortcode will update automatically.
2024-04-22 13:02:28 +01:00
6fa7b80ae3
Config API reference for v1.30
2024-04-18 19:57:27 +08:00
7a91dcc078
Add shell access prereq to node upgrade cluster task
...
Add shell access prereq to node upgrade task
2024-04-05 11:50:25 -07:00
c306367734
docs: Update KubeletConfigDropinDir doc information
...
Signed-off-by: Sohan Kunkerkar <sohank2602@gmail.com>
Signed-off-by: Peter Hunt <pehunt@redhat.com>
2024-03-26 10:43:27 -04:00
fe501f8bfa
Change cri-dockerd links to official docs in the english content
2024-03-08 11:46:54 -07:00
6d5a60c089
Merge pull request #45307 from eaudetcobello/patch-1
...
Fix wording in configure-upgrade-etcd.md
2024-02-27 13:36:21 -08:00
bb24ce5ab8
Merge pull request #45095 from clementnuss/patch-3
...
docs(kubeadm-upgrade): add consideration on etcd upgrade impact
2024-02-23 21:33:25 -08:00
a8ec490629
Various wording improvements throughout the file.
2024-02-23 16:23:13 +00:00
d6459c1823
Update content/en/docs/tasks/administer-cluster/network-policy-provider/weave-network-policy.md
...
Co-authored-by: Bryan Boreham <bjboreham@gmail.com>
2024-02-22 11:32:53 -06:00
713d621b60
fix: update broken links
2024-02-21 12:56:16 -06:00
51b0ebc934
Merge pull request #45073 from neolit123/1.30-add-external-ca-notes
...
kubeadm-certs: add notes about different external CA approaches
2024-02-16 09:53:39 -08:00
217f88267f
Merge pull request #44832 from adityasamant25/kubeadm-upgrade
...
Use sudo for elevated permissions while upgrading clusters using kubeadm
2024-02-15 12:24:12 -08:00
2dc571df77
docs(kubeadm-upgrade): add consideration on etcd upgrade impact
...
relates to https://github.com/kubernetes/kubeadm/issues/2991#issuecomment-1932337556
Co-authored-by: Lubomir I. Ivanov <neolit123@gmail.com>
Signed-off-by: Clément Nussbaumer <clement.nussbaumer@postfinance.ch>
2024-02-14 08:03:53 +01:00
9593771ee9
kubeadm-certs: add notes about different external CA approaches
...
There are multiple ways to prepare the credentials for use
with "external CA" mode:
- manual
- using kubeadm CSRs
- using kubeadm phases
2024-02-09 12:23:03 +02:00
6d6b17abd1
Reword advice about encryption-at-rest opt outs
...
Co-authored-by: Shannon Kularathna <ax3shannonkularathna@gmail.com>
2024-01-31 15:59:25 +00:00
ede616833a
Changed the context of the remark for the usage of etcdctl for restoring. As per the review comments to the original PR.
...
PR rebased.
2024-01-30 09:12:49 +05:30
7bca5a7297
Used etcdutl instead of etcdctl for restoring an etcd cluster.
2024-01-30 09:06:21 +05:30
54ab2e8149
Merge pull request #44897 from mengjiao-liu/fix-dns-autoscaler-name
...
Fix Deployment and ConfigMap name in the dns-horizontal-autoscaling page
2024-01-26 17:46:31 +01:00
6089916922
Merge pull request #44801 from sftim/20240118_revise_encryption_at_rest
...
Revise introduction to encryption at rest page
2024-01-26 17:27:42 +01:00
54145dd9cb
Merge pull request #43824 from ptrovatelli/patch-1
...
Update configure-upgrade-etcd.md
2024-01-26 02:47:03 +01:00
7e2f696572
Fix Deployment and ConfigMap name in the dns-horizontal-autoscaling page
2024-01-25 15:51:03 +08:00
c6e210f8f1
Added sudo permissions as necessary.
2024-01-24 15:32:46 +05:30
fbf9b4fd7c
Merge pull request #44776 from BRONSOLO/patch-1
...
Update encrypt-data.md
2024-01-19 23:22:41 +01:00
dd7e3966ef
Revise introduction to encryption at rest page
...
Help readers check if they need to follow the task.
2024-01-19 00:23:25 +00:00
ef9194bdf3
Merge pull request #44721 from sftim/20240112_revise_encryption_at_rest
...
Recommend replicating encryption key for API data encryption at rest
2024-01-17 16:56:30 +01:00
b1929ab8a8
Update encrypt-data.md
...
Fix as ---> at typo
2024-01-17 10:40:02 -05:00
0f9ab60a3c
Update CoreDNS installation docs
...
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2024-01-14 20:29:41 +05:30
5ee30f167a
fixed installation guide in using CoreDNS for Service Discovery page
2024-01-14 19:41:35 +05:30
0e05396f1b
Recommend replicating encryption key
...
When using API encryption at rest without KMS, the same encryption key
must be securely replicated to all the hosts that run a kube-apiserver.
Document that.
2024-01-12 14:38:25 +00:00
8106c6e092
Add notes on kubeadm clusters version ( #44683 )
...
* Add notes on kubeadm clusters version
Update content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade.md
Co-authored-by: Dipesh Rawat <rawat.dipesh@gmail.com>
move into additional information
* Update content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade.md
Co-authored-by: Tim Bannister <tim@scalefactory.com>
---------
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2024-01-09 18:07:50 +01:00
bfbe2db97b
Highlight initial comment
...
Make the initial comment extra obvious to readers.
2024-01-08 17:55:46 +00:00
ec8a3cb52d
Merge pull request #44532 from sftim/20231226_encryption_at_rest
...
Improve docs around API data encryption at rest
2024-01-08 18:32:23 +01:00
bcc55ae7c9
fix outdated link/anchor
...
Signed-off-by: hunshcn <hunsh.cn@gmail.com>
2024-01-03 15:00:11 +08:00
e2509cb624
Merge pull request #44506 from Takashiidobe/fix-typos
...
fix typos
2024-01-02 19:29:55 +01:00
e17cd06c3d
Revise guidance for rotating a decryption key
2024-01-02 11:14:30 +00:00
b749f91f12
Document avoiding plain text retrieval
...
When you have set up your cluster for encryption at rest, you can take
this defence in depth measure to make sure that anything held without
encryption causes a retrieval error (which is then more likely to flag
that there is a problem).
2024-01-02 11:14:30 +00:00
8b46ec4047
Fix several link errors
2024-01-01 21:15:50 +08:00
c807f97145
Merge pull request #44355 from hunshcn/sysctl
...
update safe sysctls (v1.29)
2023-12-27 12:44:29 +01:00
0f285fd32d
Merge pull request #44085 from sftim/20231125_explain_protection_encryption_keys
...
Explain more about protection for encryption keys (API data encryption at rest)
2023-12-26 07:18:49 +01:00
fc8e79b96c
update safe sysctl
...
Signed-off-by: hunshcn <hunsh.cn@gmail.com>
2023-12-25 10:47:54 +08:00
d536e46dbd
fix typos
2023-12-24 21:00:53 -05:00
ada845e5e1
Link to KMS setup doc
2023-12-22 11:33:36 +00:00
9f8b35d93f
Redo API encryption at rest explanation
...
- Explain importance of protecting keys and other material that can be
used to decrypt data in etcd
- Revise the explanation for a non-KMS setup example
2023-12-22 11:33:36 +00:00
057c9633a3
Merge pull request #44227 from windsonsea/changey
...
Clean up change-default-storage-class and access-cluster-api tasks
2023-12-22 02:21:22 +01:00
242296af2a
Remove extra character
...
Co-authored-by: Dipesh Rawat <rawat.dipesh@gmail.com>
2023-12-20 00:34:51 +00:00
80353185f5
Remove extra character
2023-12-19 23:17:19 +00:00
d1d6eda640
Clean up change-default-storage-class.md
2023-12-19 08:57:48 +08:00
7ffd84798f
Fix broken hyperlink for 'Cosign Keyless Signatures' in "Verify Signed Kubernetes Artifacts" guide ( #44235 )
...
* fix broken links to cosign signing page
* remove changes to zn translation
* change link to https://docs.sigstore.dev/signing/overview/
2023-12-18 11:08:33 +01:00
119a085a55
Merge pull request #44086 from sftim/20231125_link_to_decrypt_task
...
Link to existing task about decrypting at rest
2023-12-14 09:32:58 +01:00
98dcbddc6b
Merge pull request #44322 from adityasamant25/issue-44321
...
Add user guidance comment for executing drain and uncordon on control plane
2023-12-14 03:29:00 +01:00
3a13717a34
Issue 44321 - added comments to emphasize that the drain and uncordon commands must be executed on a control plane node.
...
Apply suggestions from code review
Co-authored-by: Lubomir I. Ivanov <neolit123@gmail.com>
2023-12-13 16:52:08 +05:30
e57cf329a6
Merge 'dev-1.29' with main
2023-12-11 17:11:37 +00:00
0c5cb411ea
Merge pull request #43871 from neolit123/1.29-add-task-for-kubeadm-generate-csr
...
kubeadm: add section on how to use the "generate-csr" command
2023-12-11 17:39:47 +01:00
45fb394ca7
Merge main into dev-1.29 to maintain sync
2023-12-07 15:59:56 +00:00
5e5e9fc252
Merge pull request #44170 from hunshcn/sysctl
...
update safe sysctls
2023-12-07 14:15:01 +01:00
bb2cb5fa86
update sysctl-cluster.md, pod-security-standards.md
...
Signed-off-by: hunshcn <hunsh.cn@gmail.com>
2023-12-01 14:47:36 +08:00
b91eca6be2
Fix rendering issue in tab layout
2023-12-01 01:20:33 +00:00
812e0f8b85
Add details in kubeadm-reconfigure.md for etcd
...
The kubeadm init phase doesn't permit to reconfigure the etcd yaml manifest (when etcd is in local mode)
Adding the right command when etcd needs to be reconfigured
Co-authored-by: Lubomir I. Ivanov <neolit123@gmail.com>
2023-11-30 14:08:05 +01:00
1f082c2e16
Link to existing task about decrypting at rest
2023-11-25 19:17:05 +00:00
d174742c46
kubeadm: add section on how to use the "generate-csr" command
...
The "generate-csr" command is useful in cases users don't
wish to use the default certificate duration that kubeadm has
hardcoded to 1 year. The command can also be used when the
certificate rotation process is done manually, out of bounds
with an external CA.
2023-11-22 08:32:30 +02:00
c07ce392e4
Graduate ReadWriteOncePod to GA
...
Included is a task for migrating existing PersistentVolumes to use
ReadWriteOncePod, taken from the alpha blog post.
2023-11-21 09:35:09 -08:00
92a8fce75d
Merge pull request #43398 from aramase/aramase/d/kep_3299_stable_doc_update
...
[KMSv2] add docs for KMSv2 GA
2023-11-21 11:46:23 +01:00
8b9f3f84aa
review feedback
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2023-11-20 17:25:48 +00:00
8598729e5d
update docs for KMSv2 and KMSv2KDF stable
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2023-11-17 18:19:45 +00:00
fb1bd2217d
Merge main into dev-1.29 to keep in sync
2023-11-14 21:22:12 +00:00
4163d74fa5
Additional clarifications for changing package repository
...
Signed-off-by: Marko Mudrinić <mudrinic.mare@gmail.com>
2023-11-13 13:36:11 +01:00
e5ff980054
Update configure-upgrade-etcd.md
...
Precision on --data-dir option when restoring etcd cluster
2023-11-05 15:32:15 +01:00
636f1d8f7e
Merge pull request #43540 from neolit123/1.29-add-super-admin-kubeconfig
...
kubeadm: introduce documentation changes for super-admin.conf
2023-10-31 03:03:57 +01:00
a9478b46ac
kubeadm: introduce documentation changes for super-admin.conf
...
- Update most pages where the kubeadm generated admin.conf
is discussed. Include information about the new file "super-admin.conf".
2023-10-30 11:57:44 +02:00
e4a2ab2bd0
Update upgrade guides to clarify that legacy repos are frozen ( #43472 )
...
* Add legacy-repos-deprecation shortcode and localization
Signed-off-by: Marko Mudrinić <mudrinic.mare@gmail.com>
* Update install/upgrade guides to clarify that legacy repos are frozen
Signed-off-by: Marko Mudrinić <mudrinic.mare@gmail.com>
* Update the legacy repos message
Signed-off-by: Marko Mudrinić <mudrinic.mare@gmail.com>
---------
Signed-off-by: Marko Mudrinić <mudrinic.mare@gmail.com>
2023-10-17 03:37:39 +02:00
cc3ba5be2c
Fix stale advice on changing the Container Runtime on a Node ( #42739 )
...
* Stale advice on changing the Container Runtime on a Node from Docker Engine to containerd
* Update content/en/docs/tasks/administer-cluster/migrating-from-dockershim/migrate-dockershim-dockerd.md
Co-authored-by: Tim Bannister <tim@scalefactory.com>
* Update migrate-dockershim-dockerd.md
---------
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2023-10-15 20:38:55 +02:00
f8161f8f24
Merge pull request #42702 from Affan-7/kubelet-parameters-via-config
...
Add eviction thresholds parameters
2023-10-15 20:34:52 +02:00
f8da02e489
Merge pull request #43407 from xmudrii/remove-legacy-repos
...
Remove instructions for legacy package repos
2023-10-10 19:12:13 +02:00
7d706d9921
Remove instructions for legacy package repos
...
Signed-off-by: Marko Mudrinić <mudrinic.mare@gmail.com>
2023-10-10 18:01:54 +02:00
f9ad24a5d6
doc(etcd-maintenance): add reference to etcd-defrag CronJob ( #43394 )
...
* doc(etcd-maintenance): add reference to etcd-defrag CronJob
* doc: improve style according to style guide
* chore: fix file name
2023-10-10 16:12:13 +02:00
5f4fa22259
Small mistake between sections of the document ( #42089 )
...
* Small mistake between sections of the document
The note for --kube-reserved-cgroup should match formatting for --system-reserved-cgroup. This changes helps those match.
* Update reserve-compute-resources.md
---------
Co-authored-by: Qiming Teng <tengqm@outlook.com>
2023-10-10 08:54:22 +02:00
2668fec5ea
Merge pull request #42131 from mrgiles/36784_etcd_restore_cmd_update
...
Add note after restore cmd to specify that data-dir will be (re)created
2023-10-10 08:22:02 +02:00
hacktivist123
steve-hardman
Joey Chen
Mathieu Parent
Daniel Chan
Kubernetes Prow Robot
Sohan Kunkerkar
Oluebube Princes Egbuna
Krapp
SataQiu
Micah Hausler
Vishal Bidwe
Nilekh Chaudhari
Tim Bannister
windsonsea
Qiming Teng
Marcelo Giles
Nick Neisen
eaudetcobello
cShirley14
Chantal Shirley
Clément Nussbaumer
Lubomir I. Ivanov
Aditya Samant
Kubernetes Prow Robot
Mengjiao Liu
Chuck Bronson
PrashantDesale2004
PrashantDesale2004
John Huang
hunshcn
Takashiidobe
Tobias
Kat Cosgrove
Dipesh Rawat
Denis GERMAIN
Chris Henzie
Anish Ramasekar
Marko Mudrinić
ptrovatelli
Marlow Weston