diff --git a/contributors/design-proposals/apps/deployment.md b/contributors/design-proposals/apps/deployment.md index 16c35dfe2..d1d52660a 100644 --- a/contributors/design-proposals/apps/deployment.md +++ b/contributors/design-proposals/apps/deployment.md @@ -143,7 +143,7 @@ For each creation or update for a Deployment, it will: is the one that the new RS uses and collisionCount is a counter in the DeploymentStatus that increments every time a [hash collision](#hashing-collisions) happens (hash collisions should be rare with fnv). - - If the RSs and pods dont already have this label and selector: + - If the RSs and pods don't already have this label and selector: - We will first add this to RS.PodTemplateSpec.Metadata.Labels for all RSs to ensure that all new pods that they create will have this label. - Then we will add this label to their existing pods diff --git a/contributors/design-proposals/node/node-usernamespace-remapping.md b/contributors/design-proposals/node/node-usernamespace-remapping.md index 75cb0888a..37f228364 100644 --- a/contributors/design-proposals/node/node-usernamespace-remapping.md +++ b/contributors/design-proposals/node/node-usernamespace-remapping.md @@ -190,7 +190,7 @@ Docker API does not provide user-namespace mapping. Therefore to handle `GetRunt ## Future Work ### Namespace-Level/Pod-Level user-namespace support There is no runtime today which supports creating containers with a specified user namespace configuration. For example here is the discussion related to this support in Docker https://github.com/moby/moby/issues/28593 -Once user-namespace feature in the runtimes has evolved to support container’s request for a specific user-namespace mapping(UID and GID range), we can extend current Node-Level user-namespace support in Kubernetes to support Namespace-level isolation(or if desired even pod-level isolation) by dividing and allocating learned mapping from runtime among Kubernetes namespaces (or pods, if desired). From end-user UI perspective, we dont expect any change in the UI related to user namespaces support. +Once user-namespace feature in the runtimes has evolved to support container’s request for a specific user-namespace mapping(UID and GID range), we can extend current Node-Level user-namespace support in Kubernetes to support Namespace-level isolation(or if desired even pod-level isolation) by dividing and allocating learned mapping from runtime among Kubernetes namespaces (or pods, if desired). From end-user UI perspective, we don't expect any change in the UI related to user namespaces support. ### Remote Volumes Remote Volumes support should be investigated and should be targeted in future once support is there at lower infra layers.