From 72a66b696911d6839d8b28844c4c03fd76b5dde9 Mon Sep 17 00:00:00 2001 From: Sergey Kanzhelev Date: Fri, 23 Oct 2020 20:57:54 +0000 Subject: [PATCH 1/6] RuntimeClass GA --- content/en/docs/concepts/containers/runtime-class.md | 4 ++-- .../en/docs/concepts/scheduling-eviction/pod-overhead.md | 2 +- .../reference/access-authn-authz/admission-controllers.md | 2 +- .../reference/command-line-tools-reference/feature-gates.md | 6 ++++-- .../windows/user-guide-windows-containers.md | 2 +- 5 files changed, 9 insertions(+), 7 deletions(-) diff --git a/content/en/docs/concepts/containers/runtime-class.md b/content/en/docs/concepts/containers/runtime-class.md index 6589590bc4..06fc69e336 100644 --- a/content/en/docs/concepts/containers/runtime-class.md +++ b/content/en/docs/concepts/containers/runtime-class.md @@ -9,7 +9,7 @@ weight: 20 -{{< feature-state for_k8s_version="v1.14" state="beta" >}} +{{< feature-state for_k8s_version="v1.20" state="GA" >}} This page describes the RuntimeClass resource and runtime selection mechanism. @@ -66,7 +66,7 @@ The RuntimeClass resource currently only has 2 significant fields: the RuntimeCl (`metadata.name`) and the handler (`handler`). The object definition looks like this: ```yaml -apiVersion: node.k8s.io/v1beta1 # RuntimeClass is defined in the node.k8s.io API group +apiVersion: node.k8s.io/v1 # RuntimeClass is defined in the node.k8s.io API group kind: RuntimeClass metadata: name: myclass # The name the RuntimeClass will be referenced by diff --git a/content/en/docs/concepts/scheduling-eviction/pod-overhead.md b/content/en/docs/concepts/scheduling-eviction/pod-overhead.md index 5eced7954f..989db38a7f 100644 --- a/content/en/docs/concepts/scheduling-eviction/pod-overhead.md +++ b/content/en/docs/concepts/scheduling-eviction/pod-overhead.md @@ -48,7 +48,7 @@ that uses around 120MiB per Pod for the virtual machine and the guest OS: ```yaml --- kind: RuntimeClass -apiVersion: node.k8s.io/v1beta1 +apiVersion: node.k8s.io/v1 metadata: name: kata-fc handler: kata-fc diff --git a/content/en/docs/reference/access-authn-authz/admission-controllers.md b/content/en/docs/reference/access-authn-authz/admission-controllers.md index b4823245d3..8ea7e1accd 100644 --- a/content/en/docs/reference/access-authn-authz/admission-controllers.md +++ b/content/en/docs/reference/access-authn-authz/admission-controllers.md @@ -725,7 +725,7 @@ See the [resourceQuota design doc](https://git.k8s.io/community/contributors/des ### RuntimeClass {#runtimeclass} -{{< feature-state for_k8s_version="v1.16" state="alpha" >}} +{{< feature-state for_k8s_version="v1.18" state="beta" >}} For [RuntimeClass](/docs/concepts/containers/runtime-class/) definitions which describe an overhead associated with running a pod, this admission controller will set the pod.Spec.Overhead field accordingly. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates.md b/content/en/docs/reference/command-line-tools-reference/feature-gates.md index bdd1850694..0d441ffb98 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates.md @@ -128,14 +128,13 @@ different Kubernetes components. | `PodDisruptionBudget` | `false` | Alpha | 1.3 | 1.4 | | `PodDisruptionBudget` | `true` | Beta | 1.5 | | | `PodOverhead` | `false` | Alpha | 1.16 | - | +| `PodOverhead` | `true` | Beta | 1.18 | - | | `ProcMountType` | `false` | Alpha | 1.12 | | | `QOSReserved` | `false` | Alpha | 1.11 | | | `RemainingItemCount` | `false` | Alpha | 1.15 | | | `RotateKubeletServerCertificate` | `false` | Alpha | 1.7 | 1.11 | | `RotateKubeletServerCertificate` | `true` | Beta | 1.12 | | | `RunAsGroup` | `true` | Beta | 1.14 | | -| `RuntimeClass` | `false` | Alpha | 1.12 | 1.13 | -| `RuntimeClass` | `true` | Beta | 1.14 | | | `ServiceAppProtocol` | `false` | Alpha | 1.18 | 1.18 | | `ServiceAppProtocol` | `true` | Beta | 1.19 | | | `ServerSideApply` | `false` | Alpha | 1.14 | 1.15 | @@ -269,6 +268,9 @@ different Kubernetes components. | `ResourceQuotaScopeSelectors` | `true` | GA | 1.17 | - | | `RotateKubeletClientCertificate` | `true` | Beta | 1.8 | 1.18 | | `RotateKubeletClientCertificate` | `true` | GA | 1.19 | - | +| `RuntimeClass` | `false` | Alpha | 1.12 | 1.13 | +| `RuntimeClass` | `true` | Beta | 1.14 | 1.19 | +| `RuntimeClass` | `true` | GA | 1.20 | - | | `ScheduleDaemonSetPods` | `false` | Alpha | 1.11 | 1.11 | | `ScheduleDaemonSetPods` | `true` | Beta | 1.12 | 1.16 | | `ScheduleDaemonSetPods` | `true` | GA | 1.17 | - | diff --git a/content/en/docs/setup/production-environment/windows/user-guide-windows-containers.md b/content/en/docs/setup/production-environment/windows/user-guide-windows-containers.md index e28afeb9f2..4ea12f5ca2 100644 --- a/content/en/docs/setup/production-environment/windows/user-guide-windows-containers.md +++ b/content/en/docs/setup/production-environment/windows/user-guide-windows-containers.md @@ -177,7 +177,7 @@ This label reflects the Windows major, minor, and build number that need to matc 1. Save this file to `runtimeClasses.yml`. It includes the appropriate `nodeSelector` for the Windows OS, architecture, and version. ```yaml -apiVersion: node.k8s.io/v1beta1 +apiVersion: node.k8s.io/v1 kind: RuntimeClass metadata: name: windows-2019 From ca7cb78cab9157d16ac8e858c8ab4870332b7c0e Mon Sep 17 00:00:00 2001 From: Sergey Kanzhelev Date: Mon, 26 Oct 2020 15:27:38 -0700 Subject: [PATCH 2/6] Update content/en/docs/concepts/containers/runtime-class.md Co-authored-by: Tim Bannister --- content/en/docs/concepts/containers/runtime-class.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/content/en/docs/concepts/containers/runtime-class.md b/content/en/docs/concepts/containers/runtime-class.md index 06fc69e336..1ba631e350 100644 --- a/content/en/docs/concepts/containers/runtime-class.md +++ b/content/en/docs/concepts/containers/runtime-class.md @@ -9,7 +9,7 @@ weight: 20 -{{< feature-state for_k8s_version="v1.20" state="GA" >}} +{{< feature-state for_k8s_version="v1.20" state="stable" >}} This page describes the RuntimeClass resource and runtime selection mechanism. @@ -186,4 +186,3 @@ are accounted for in Kubernetes. - Read about the [Pod Overhead](/docs/concepts/scheduling-eviction/pod-overhead/) concept - [PodOverhead Feature Design](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/20190226-pod-overhead.md) - From 6d51948652450024fa5dc120c32457805efaa650 Mon Sep 17 00:00:00 2001 From: Sergey Kanzhelev Date: Thu, 29 Oct 2020 17:19:11 -0700 Subject: [PATCH 3/6] Update content/en/docs/reference/access-authn-authz/admission-controllers.md Co-authored-by: Tim Bannister --- .../access-authn-authz/admission-controllers.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/content/en/docs/reference/access-authn-authz/admission-controllers.md b/content/en/docs/reference/access-authn-authz/admission-controllers.md index 8ea7e1accd..3cfd7543d8 100644 --- a/content/en/docs/reference/access-authn-authz/admission-controllers.md +++ b/content/en/docs/reference/access-authn-authz/admission-controllers.md @@ -727,8 +727,13 @@ See the [resourceQuota design doc](https://git.k8s.io/community/contributors/des {{< feature-state for_k8s_version="v1.18" state="beta" >}} -For [RuntimeClass](/docs/concepts/containers/runtime-class/) definitions which describe an overhead associated with running a pod, -this admission controller will set the pod.Spec.Overhead field accordingly. +If you enable the `PodOverhead` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/), and define a RuntimeClass with [Pod overhead](/docs/concepts/scheduling-eviction/pod-overhead/) configured, this admission controller checks incoming +Pods. When enabled, this admission controller rejects any Pod create requests that have the overhead already set. +For Pods that have a RuntimeClass is configured and selected in their `.spec`, this admission controller sets `.spec.overhead` in the Pod based on the value defined in the corresponding RuntimeClass. + +{{< note >}} +The `.spec.overhead` field for Pod and the `.overhead` field for RuntimeClass are both in beta. If you do not enable the `PodOverhead` feature gate, all Pods are treated as if `.spec.overhead` is unset. +{{< /note >}} See also [Pod Overhead](/docs/concepts/scheduling-eviction/pod-overhead/) for more information. From 63283f5c310e5cc5cd884f2e431a46c251e6f4df Mon Sep 17 00:00:00 2001 From: Sergey Kanzhelev Date: Thu, 29 Oct 2020 17:22:26 -0700 Subject: [PATCH 4/6] Update content/en/docs/reference/access-authn-authz/admission-controllers.md --- .../docs/reference/access-authn-authz/admission-controllers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/reference/access-authn-authz/admission-controllers.md b/content/en/docs/reference/access-authn-authz/admission-controllers.md index 3cfd7543d8..ee7984c025 100644 --- a/content/en/docs/reference/access-authn-authz/admission-controllers.md +++ b/content/en/docs/reference/access-authn-authz/admission-controllers.md @@ -725,7 +725,7 @@ See the [resourceQuota design doc](https://git.k8s.io/community/contributors/des ### RuntimeClass {#runtimeclass} -{{< feature-state for_k8s_version="v1.18" state="beta" >}} +{{< feature-state for_k8s_version="v1.20" state="stable" >}} If you enable the `PodOverhead` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/), and define a RuntimeClass with [Pod overhead](/docs/concepts/scheduling-eviction/pod-overhead/) configured, this admission controller checks incoming Pods. When enabled, this admission controller rejects any Pod create requests that have the overhead already set. From 06fda8221a5613f69dc839c8e9987146c043e757 Mon Sep 17 00:00:00 2001 From: Sergey Kanzhelev Date: Thu, 29 Oct 2020 17:23:43 -0700 Subject: [PATCH 5/6] Update content/en/docs/reference/command-line-tools-reference/feature-gates.md --- .../reference/command-line-tools-reference/feature-gates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates.md b/content/en/docs/reference/command-line-tools-reference/feature-gates.md index 0d441ffb98..f289a0bb51 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates.md @@ -127,7 +127,7 @@ different Kubernetes components. | `NonPreemptingPriority` | `true` | Beta | 1.19 | | | `PodDisruptionBudget` | `false` | Alpha | 1.3 | 1.4 | | `PodDisruptionBudget` | `true` | Beta | 1.5 | | -| `PodOverhead` | `false` | Alpha | 1.16 | - | +| `PodOverhead` | `false` | Alpha | 1.16 | 1.17 | | `PodOverhead` | `true` | Beta | 1.18 | - | | `ProcMountType` | `false` | Alpha | 1.12 | | | `QOSReserved` | `false` | Alpha | 1.11 | | From 21362d8e4c77a1a98899b40338111dd5c6b77acc Mon Sep 17 00:00:00 2001 From: Sergey Kanzhelev Date: Thu, 29 Oct 2020 17:24:02 -0700 Subject: [PATCH 6/6] Update content/en/docs/reference/command-line-tools-reference/feature-gates.md --- .../reference/command-line-tools-reference/feature-gates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates.md b/content/en/docs/reference/command-line-tools-reference/feature-gates.md index f289a0bb51..a1082be6e6 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates.md @@ -128,7 +128,7 @@ different Kubernetes components. | `PodDisruptionBudget` | `false` | Alpha | 1.3 | 1.4 | | `PodDisruptionBudget` | `true` | Beta | 1.5 | | | `PodOverhead` | `false` | Alpha | 1.16 | 1.17 | -| `PodOverhead` | `true` | Beta | 1.18 | - | +| `PodOverhead` | `true` | Beta | 1.18 | | | `ProcMountType` | `false` | Alpha | 1.12 | | | `QOSReserved` | `false` | Alpha | 1.11 | | | `RemainingItemCount` | `false` | Alpha | 1.15 | |