Automatic merge from submit-queue.
removed deprecated munge script instructions
There is no `hack/update-munge-docs.sh` script. Documentation should not refer to it.
Automatic merge from submit-queue.
add clusterrole aggregation doc
In order to support easy RBAC integration for CustomResources and Extension
APIServers, we need to have a way for API extenders to add permissions to the
"normal" roles for admin, edit, and view.
A doc form of https://github.com/kubernetes/kubernetes/pull/54005
@kubernetes/sig-auth-feature-requests
Automatic merge from submit-queue.
Remove Disk Allocatable Evictions
After https://github.com/kubernetes/kubernetes/issues/52336, which uncovered a bug in disk accounting, I have struggled to see why ephemeral-storage allocatable evictions are necessary.
For CPU and Memory allocatable, enforcing allocatable through cgroups provides protection from being starved of compute resources by user pods.
However, for ephemeral-storage it seems that the node-level enforcement mechanisms are able to prevent the node from running out of disk, and thus prevent impact to system daemons.
Additionally, memory usage metrics read from cgroups or statfs are far more reliable than an aggregation of `du` calls which may be collected at different times (as https://github.com/kubernetes/kubernetes/issues/52336 demonstrated).
(As a side note, we should read from the /kubepods cgroup to determine allocatable memory usage)
We should still keep the scheduling aspects of node allocatable for ephemeral storage, as this allows for proper accounting. But I would like to remove enforcement of node allocatable for ephemeral storage.
cc @dchen1107 @derekwaynecarr @jingxu97 @vishh @saad-ali
@kubernetes/sig-node-proposals
Automatic merge from submit-queue.
Update ResourceQuota design doc
**What this PR does:**
1. Update the admission_control_resource_quota.md according to @derekwaynecarr 's PR [Ability to do object count quota for all namespaced resources #54320](https://github.com/kubernetes/kubernetes/pull/54320)
2. fix two nil links
Our meeting is defined in terms of US pacific wall-clock time, which
just jumped ahead an hour thanks to the wonderfully helpful and
productivity-increasing daylight savings time ritual that we follow
in the US.
Tim Hockin