Automatic merge from submit-queue.
add readOnly use case to raw block device proposal
This PR is an addendum to the #1265 to dictate the behavior of the container runtime for read-only devices as specified in the PVCVolumeSource. The precedence already exists for filesystems thus having a consistent behavior for the user. UC9 was added to illustrate the usage.
Automatic merge from submit-queue.
removed deprecated munge script instructions
There is no `hack/update-munge-docs.sh` script. Documentation should not refer to it.
Automatic merge from submit-queue.
add clusterrole aggregation doc
In order to support easy RBAC integration for CustomResources and Extension
APIServers, we need to have a way for API extenders to add permissions to the
"normal" roles for admin, edit, and view.
A doc form of https://github.com/kubernetes/kubernetes/pull/54005
@kubernetes/sig-auth-feature-requests
Automatic merge from submit-queue.
Remove Disk Allocatable Evictions
After https://github.com/kubernetes/kubernetes/issues/52336, which uncovered a bug in disk accounting, I have struggled to see why ephemeral-storage allocatable evictions are necessary.
For CPU and Memory allocatable, enforcing allocatable through cgroups provides protection from being starved of compute resources by user pods.
However, for ephemeral-storage it seems that the node-level enforcement mechanisms are able to prevent the node from running out of disk, and thus prevent impact to system daemons.
Additionally, memory usage metrics read from cgroups or statfs are far more reliable than an aggregation of `du` calls which may be collected at different times (as https://github.com/kubernetes/kubernetes/issues/52336 demonstrated).
(As a side note, we should read from the /kubepods cgroup to determine allocatable memory usage)
We should still keep the scheduling aspects of node allocatable for ephemeral storage, as this allows for proper accounting. But I would like to remove enforcement of node allocatable for ephemeral storage.
cc @dchen1107 @derekwaynecarr @jingxu97 @vishh @saad-ali
@kubernetes/sig-node-proposals
Automatic merge from submit-queue.
Update ResourceQuota design doc
**What this PR does:**
1. Update the admission_control_resource_quota.md according to @derekwaynecarr 's PR [Ability to do object count quota for all namespaced resources #54320](https://github.com/kubernetes/kubernetes/pull/54320)
2. fix two nil links
Jago Macleod
Kubernetes Submit Queue
Ryan
Erin A Boyd
Dr. Stefan Schimanski
Tim Hockin
yanting
Derek Carr
Joe Beda
Matt Farina
Phinoceslee
Garrett Rodrigues
David Eads
wangxinxu
xuhuilong
陈宏
Gin
paul
Casey Davenport
Joe Betz